From 5924fdebe3683d5afe51cd41407d8493324bd53e Mon Sep 17 00:00:00 2001 From: Daniele Date: Fri, 3 Sep 2021 16:53:46 +0200 Subject: [PATCH 01/79] Refined test circuit for Final Darlin --- proof-systems/src/darlin/benches/accumulate_verify.rs | 4 ++-- proof-systems/src/darlin/benches/batch_verification.rs | 2 +- proof-systems/src/darlin/tests/final_darlin.rs | 5 +++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/proof-systems/src/darlin/benches/accumulate_verify.rs b/proof-systems/src/darlin/benches/accumulate_verify.rs index 411c6ca8a..262d2b30f 100644 --- a/proof-systems/src/darlin/benches/accumulate_verify.rs +++ b/proof-systems/src/darlin/benches/accumulate_verify.rs @@ -42,7 +42,7 @@ fn bench_verify( let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( - num_constraints, + num_constraints - 1, segment_size, ¶ms_g1, ¶ms_g2, @@ -110,7 +110,7 @@ fn bench_accumulate( ); let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( - num_constraints, + num_constraints - 1, segment_size, ¶ms_g1, ¶ms_g2, diff --git a/proof-systems/src/darlin/benches/batch_verification.rs b/proof-systems/src/darlin/benches/batch_verification.rs index cbcbc6fbe..af124e78a 100644 --- a/proof-systems/src/darlin/benches/batch_verification.rs +++ b/proof-systems/src/darlin/benches/batch_verification.rs @@ -41,7 +41,7 @@ fn bench_batch_verification( ) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( - num_constraints, + num_constraints - 1, segment_size, ¶ms_g1, ¶ms_g2, diff --git a/proof-systems/src/darlin/tests/final_darlin.rs b/proof-systems/src/darlin/tests/final_darlin.rs index 0a95bb49a..5c1bf5942 100644 --- a/proof-systems/src/darlin/tests/final_darlin.rs +++ b/proof-systems/src/darlin/tests/final_darlin.rs @@ -17,7 +17,8 @@ use poly_commit::{ ipa_pc::{InnerProductArgPC, CommitterKey, UniversalParams}, Error as PCError }; -use rand::{ Rng, RngCore }; +//use rand::{ Rng, RngCore }; +use rand::RngCore; use digest::Digest; use r1cs_std::{ alloc::AllocGadget, @@ -198,7 +199,7 @@ impl ConstraintSynthesizer for TestCircuit || self.d.ok_or(SynthesisError::AssignmentMissing) )?; - for i in 0..(self.num_variables - 7 - (2 * deferred_len)) { + for i in 0..(self.num_variables - 7 - (4 * deferred_len)) { let _ = cs.alloc( || format!("var {}", i), || self.a.ok_or(SynthesisError::AssignmentMissing), From 623740d00fe0a31e75c82324cd5321746e5297f1 Mon Sep 17 00:00:00 2001 From: Daniele Date: Fri, 3 Sep 2021 17:48:08 +0200 Subject: [PATCH 02/79] Added new benches --- proof-systems/Cargo.toml | 8 + .../benches/batch_verification_detailed.rs | 204 ++++++++++++++++++ proof-systems/src/darlin/proof_aggregator.rs | 2 +- .../src/darlin/tests/final_darlin.rs | 3 +- 4 files changed, 214 insertions(+), 3 deletions(-) create mode 100644 proof-systems/src/darlin/benches/batch_verification_detailed.rs diff --git a/proof-systems/Cargo.toml b/proof-systems/Cargo.toml index 88b92070b..93a7719b7 100644 --- a/proof-systems/Cargo.toml +++ b/proof-systems/Cargo.toml @@ -93,6 +93,14 @@ required-features = [ "darlin", "llvm_asm", "algebra/tweedle", ] +[[bench]] +name = "darlin_batch_verification_detailed_bench" +path = "src/darlin/benches/batch_verification_detailed.rs" +harness = false +required-features = [ + "darlin", "llvm_asm", "algebra/tweedle", +] + [[bench]] name = "darlin_accumulate_verify_bench" path = "src/darlin/benches/accumulate_verify.rs" diff --git a/proof-systems/src/darlin/benches/batch_verification_detailed.rs b/proof-systems/src/darlin/benches/batch_verification_detailed.rs new file mode 100644 index 000000000..a089670d5 --- /dev/null +++ b/proof-systems/src/darlin/benches/batch_verification_detailed.rs @@ -0,0 +1,204 @@ +use algebra::{AffineCurve, ToConstraintField}; +use poly_commit::{ + PolynomialCommitment, + ipa_pc::InnerProductArgPC +}; +use proof_systems::darlin::{ + tests::{ + get_keys, + final_darlin::generate_test_data as generate_final_darlin_test_data + }, + pcd::PCD, +}; +use digest::Digest; +use criterion::*; +use rand::SeedableRng; +use blake2::Blake2s; +use proof_systems::darlin::pcd::{GeneralPCD, DualPCDVerifierKey}; +use rand_xorshift::XorShiftRng; +use rayon::prelude::*; +use proof_systems::darlin::proof_aggregator::get_accumulators; +use proof_systems::darlin::accumulators::dlog::DLogItemAccumulator; +use proof_systems::darlin::accumulators::ItemAccumulator; + +fn bench_succinct_part_batch_verification( + c: &mut Criterion, + bench_name: &str, + segment_size: usize, + num_constraints: Vec, + num_proofs: usize, +) + where + G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +{ + let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); + let mut group = c.benchmark_group(bench_name); + + //Generate DLOG keys + let params_g1 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); + let params_g2 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); + + let ( + _, verifier_key_g1, + _, verifier_key_g2 + ) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); + + // Generate proofs and bench + for num_constraints in num_constraints.into_iter() { + + let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( + num_constraints - 1, + segment_size, + ¶ms_g1, + ¶ms_g2, + 1, + rng + ); + + // Collect PCDs and vks + let pcds = vec![GeneralPCD::FinalDarlin(final_darlin_pcd[0].clone()); num_proofs]; + let vks = vec![index_vk[0].clone(); num_proofs]; + + group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _num_constraints| { + bn.iter(|| { + pcds.clone() + .into_par_iter() + .zip(vks.clone()) + .for_each(|(pcd, vk)| { + // recall that we use FinalDarlinVerifierKeys to handle + // polymorphic verification of final Darlin/simpleM arlin PCDs + let vk = DualPCDVerifierKey::{ + final_darlin_vk: &vk, + dlog_vks: (&verifier_key_g1, &verifier_key_g2) + }; + // No need to trim the vk here to the specific segment size used + // to generate the proof for this pcd, as the IPA succinct_check + // function doesn't use vk.comm_key at all. + pcd.succinct_verify(&vk).unwrap(); + }); + }); + }); + } + group.finish(); +} + +fn bench_hard_part_batch_verification( + c: &mut Criterion, + bench_name: &str, + segment_size: usize, + num_constraints: Vec, + num_proofs: usize, +) + where + G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +{ + let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); + let mut group = c.benchmark_group(bench_name); + + //Generate DLOG keys + let params_g1 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); + let params_g2 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); + + let ( + _, verifier_key_g1, + _, verifier_key_g2 + ) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); + + // Generate proofs and bench + for num_constraints in num_constraints.into_iter() { + + let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( + num_constraints - 1, + segment_size, + ¶ms_g1, + ¶ms_g2, + 1, + rng + ); + + // Collect PCDs and vks + let pcds = vec![GeneralPCD::FinalDarlin(final_darlin_pcd[0].clone()); num_proofs]; + let vks = vec![index_vk[0].clone(); num_proofs]; + + // Get accumulators from pcds + let (accs_g1, accs_g2) = get_accumulators::(&pcds, &vks, &verifier_key_g1, &verifier_key_g2).unwrap(); + + group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _num_constraints| { + bn.iter(|| { + // Verify accumulators (hard part) + assert!( + DLogItemAccumulator::::check_items( + &verifier_key_g1, &accs_g1, rng + ).unwrap() + && + DLogItemAccumulator::::check_items( + &verifier_key_g2, &accs_g2, rng + ).unwrap() + ); + }); + }); + } + group.finish(); +} + +// We want to bench the hard part of the batch verifier, varying +// segment_size and circuit size (num_constraints), and measuring +// the time taken, proof size and vk size. +// Segment size: [1 << 14, ... , 1 << 18] +// Num constraints: [1 << 10, ..., 1 << 20] +fn bench_succinct_part_batch_verification_tweedle(c: &mut Criterion) { + + use algebra::curves::tweedle::{ + dee::Affine as TweedleDee, + dum::Affine as TweedleDum, + }; + + let num_proofs = 100; + let num_constraints = (10..=20).map(|pow| 1 << pow).collect::>(); + + for log_segment_size in 14..=18 { + bench_succinct_part_batch_verification::( + c, + format!("succinct_part, tweedle-dee, segment_size = 1 << {}, num_constraints", log_segment_size).as_str(), + 1 << log_segment_size, + num_constraints.clone(), + num_proofs + ); + } +} + +// We want to bench the hard part of the batch verifier, varying +// segment_size and circuit size (num_constraints), and measuring +// the time taken, proof size and vk size. +// Segment size: [1 << 14, ... , 1 << 18] +// Num constraints: [1 << 10, ..., 1 << 20] +fn bench_hard_part_batch_verification_tweedle(c: &mut Criterion) { + + use algebra::curves::tweedle::{ + dee::Affine as TweedleDee, + dum::Affine as TweedleDum, + }; + + let num_proofs = 100; + let num_constraints = (10..=20).map(|pow| 1 << pow).collect::>(); + + for log_segment_size in 14..=18 { + bench_hard_part_batch_verification::( + c, + format!("hard_part, tweedle-dee, segment_size = 1 << {}, num_constraints", log_segment_size).as_str(), + 1 << log_segment_size, + num_constraints.clone(), + num_proofs + ); + } +} + +criterion_group!( +name = batch_verification; +config = Criterion::default().sample_size(10); +targets = bench_succinct_part_batch_verification_tweedle, bench_hard_part_batch_verification_tweedle +); + +criterion_main!(batch_verification); \ No newline at end of file diff --git a/proof-systems/src/darlin/proof_aggregator.rs b/proof-systems/src/darlin/proof_aggregator.rs index 76115afea..3b2367449 100644 --- a/proof-systems/src/darlin/proof_aggregator.rs +++ b/proof-systems/src/darlin/proof_aggregator.rs @@ -29,7 +29,7 @@ use rayon::prelude::*; /// In case of failure, return the indices of the proofs that have caused the failure (if it's possible /// to establish it). /// The PCDs are allowed to use different size restrictions of the DLogCommitterKey `g1_ck` and `g2_ck`. -pub(crate) fn get_accumulators( +pub fn get_accumulators( pcds: &[GeneralPCD], vks: &[MarlinVerifierKey>], g1_ck: &DLogCommitterKey, diff --git a/proof-systems/src/darlin/tests/final_darlin.rs b/proof-systems/src/darlin/tests/final_darlin.rs index 5c1bf5942..02a2b5bf7 100644 --- a/proof-systems/src/darlin/tests/final_darlin.rs +++ b/proof-systems/src/darlin/tests/final_darlin.rs @@ -17,8 +17,7 @@ use poly_commit::{ ipa_pc::{InnerProductArgPC, CommitterKey, UniversalParams}, Error as PCError }; -//use rand::{ Rng, RngCore }; -use rand::RngCore; +use rand::{ Rng, RngCore }; use digest::Digest; use r1cs_std::{ alloc::AllocGadget, From d3225fa9eab014cab1b67d726e1b030b0fd4614a Mon Sep 17 00:00:00 2001 From: Daniele Date: Fri, 3 Sep 2021 18:31:02 +0200 Subject: [PATCH 03/79] Added proof and vk size prints + other logs --- proof-systems/Cargo.toml | 2 +- .../benches/batch_verification_detailed.rs | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/proof-systems/Cargo.toml b/proof-systems/Cargo.toml index 93a7719b7..5cc3adb72 100644 --- a/proof-systems/Cargo.toml +++ b/proof-systems/Cargo.toml @@ -24,7 +24,7 @@ algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "pro r1cs-core = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization" } bench-utils = { path = "../bench-utils" } -marlin = { git = "https://github.com/HorizenLabs/marlin", branch = "proof_size_optimization", optional = true } +marlin = { git = "https://github.com/HorizenLabs/marlin", branch = "proof_size_optimization_benches", optional = true } poly-commit = { git = "https://github.com/HorizenLabs/poly-commit", branch = "proof_size_optimization", optional = true } r1cs-std = { path = "../r1cs/gadgets/std", optional = true } diff --git a/proof-systems/src/darlin/benches/batch_verification_detailed.rs b/proof-systems/src/darlin/benches/batch_verification_detailed.rs index a089670d5..042d3c164 100644 --- a/proof-systems/src/darlin/benches/batch_verification_detailed.rs +++ b/proof-systems/src/darlin/benches/batch_verification_detailed.rs @@ -1,4 +1,4 @@ -use algebra::{AffineCurve, ToConstraintField}; +use algebra::{AffineCurve, ToConstraintField, serialize::*}; use poly_commit::{ PolynomialCommitment, ipa_pc::InnerProductArgPC @@ -38,6 +38,8 @@ fn bench_succinct_part_batch_verification::setup(segment_size - 1).unwrap(); let params_g2 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); + println!("Key G1 size: {}", params_g1.comm_key.len()); + println!("Key G2 size: {}", params_g2.comm_key.len()); let ( _, verifier_key_g1, @@ -56,15 +58,18 @@ fn bench_succinct_part_batch_verification::setup(segment_size - 1).unwrap(); let params_g2 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); + println!("Key G1 size: {}", params_g1.comm_key.len()); + println!("Key G2 size: {}", params_g2.comm_key.len()); let ( _, verifier_key_g1, @@ -118,6 +125,9 @@ fn bench_hard_part_batch_verification Date: Sat, 4 Sep 2021 11:10:43 +0200 Subject: [PATCH 04/79] Added new bench --- .../benches/batch_verification_detailed.rs | 105 +++++++++++++++--- .../src/darlin/tests/final_darlin.rs | 5 +- 2 files changed, 92 insertions(+), 18 deletions(-) diff --git a/proof-systems/src/darlin/benches/batch_verification_detailed.rs b/proof-systems/src/darlin/benches/batch_verification_detailed.rs index 042d3c164..5949c6663 100644 --- a/proof-systems/src/darlin/benches/batch_verification_detailed.rs +++ b/proof-systems/src/darlin/benches/batch_verification_detailed.rs @@ -13,6 +13,7 @@ use proof_systems::darlin::{ use digest::Digest; use criterion::*; use rand::SeedableRng; +use rand::thread_rng; use blake2::Blake2s; use proof_systems::darlin::pcd::{GeneralPCD, DualPCDVerifierKey}; use rand_xorshift::XorShiftRng; @@ -20,6 +21,7 @@ use rayon::prelude::*; use proof_systems::darlin::proof_aggregator::get_accumulators; use proof_systems::darlin::accumulators::dlog::DLogItemAccumulator; use proof_systems::darlin::accumulators::ItemAccumulator; +use proof_systems::darlin::proof_aggregator::batch_verify_proofs; fn bench_succinct_part_batch_verification( c: &mut Criterion, @@ -67,21 +69,7 @@ fn bench_succinct_part_batch_verification{ - final_darlin_vk: &vk, - dlog_vks: (&verifier_key_g1, &verifier_key_g2) - }; - // No need to trim the vk here to the specific segment size used - // to generate the proof for this pcd, as the IPA succinct_check - // function doesn't use vk.comm_key at all. - pcd.succinct_verify(&vk).unwrap(); - }); + let _ = get_accumulators::(pcds.as_slice(), vks.as_slice(), &verifier_key_g1, &verifier_key_g2).unwrap(); }); }); } @@ -153,6 +141,91 @@ fn bench_hard_part_batch_verification( + c: &mut Criterion, + bench_name: &str, + segment_size: usize, + num_constraints: Vec, + num_proofs: usize, +) + where + G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +{ + let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); + let mut group = c.benchmark_group(bench_name); + + //Generate DLOG keys + let params_g1 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); + let params_g2 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); + println!("Key G1 size: {}", params_g1.comm_key.len()); + println!("Key G2 size: {}", params_g2.comm_key.len()); + + let ( + _, verifier_key_g1, + _, verifier_key_g2 + ) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); + + // Generate proofs and bench + for num_constraints in num_constraints.into_iter() { + + let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( + num_constraints - 1, + segment_size, + ¶ms_g1, + ¶ms_g2, + 1, + rng + ); + + println!("Proof size: {}", final_darlin_pcd[0].final_darlin_proof.serialized_size()); + println!("Vk size: {}", index_vk[0].serialized_size()); + + // Collect PCDs and vks + let pcds = vec![GeneralPCD::FinalDarlin(final_darlin_pcd[0].clone()); num_proofs]; + let vks = vec![index_vk[0].clone(); num_proofs]; + + group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _num_constraints| { + bn.iter(|| { + assert!(batch_verify_proofs::( + pcds.as_slice(), + vks.as_slice(), + &verifier_key_g1, + &verifier_key_g2, + &mut thread_rng() + ).unwrap()); + }); + }); + } + group.finish(); +} + +// We want to bench the batch verifier, varying +// segment_size and circuit size (num_constraints), and measuring +// the time taken, proof size and vk size. +// Segment size: [1 << 14, ... , 1 << 18] +// Num constraints: [1 << 10, ..., 1 << 20] +fn bench_batch_verification_complete_tweedle(c: &mut Criterion) { + + use algebra::curves::tweedle::{ + dee::Affine as TweedleDee, + dum::Affine as TweedleDum, + }; + + let num_proofs = 100; + let num_constraints = (10..=20).map(|pow| 1 << pow).collect::>(); + + for log_segment_size in 14..=18 { + bench_batch_verification_complete::( + c, + format!("tweedle-dee, segment_size = 1 << {}, num_constraints", log_segment_size).as_str(), + 1 << log_segment_size, + num_constraints.clone(), + num_proofs + ); + } +} + // We want to bench the hard part of the batch verifier, varying // segment_size and circuit size (num_constraints), and measuring // the time taken, proof size and vk size. @@ -208,7 +281,7 @@ fn bench_hard_part_batch_verification_tweedle(c: &mut Criterion) { criterion_group!( name = batch_verification; config = Criterion::default().sample_size(10); -targets = bench_succinct_part_batch_verification_tweedle, bench_hard_part_batch_verification_tweedle +targets = bench_batch_verification_complete_tweedle, bench_succinct_part_batch_verification_tweedle, bench_hard_part_batch_verification_tweedle ); criterion_main!(batch_verification); \ No newline at end of file diff --git a/proof-systems/src/darlin/tests/final_darlin.rs b/proof-systems/src/darlin/tests/final_darlin.rs index 02a2b5bf7..9afe0fd3d 100644 --- a/proof-systems/src/darlin/tests/final_darlin.rs +++ b/proof-systems/src/darlin/tests/final_darlin.rs @@ -17,7 +17,8 @@ use poly_commit::{ ipa_pc::{InnerProductArgPC, CommitterKey, UniversalParams}, Error as PCError }; -use rand::{ Rng, RngCore }; +//use rand::{ Rng, RngCore }; +use rand::RngCore; use digest::Digest; use r1cs_std::{ alloc::AllocGadget, @@ -374,7 +375,7 @@ pub fn generate_test_data<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'a, &committer_key_g1, &index_pk, info, - rng.gen(), + true, rng, ); From 2296540389db5f0fffeacaaa4c306e1d89418c74 Mon Sep 17 00:00:00 2001 From: Ulrich Haboeck Date: Sun, 5 Sep 2021 17:18:13 +0000 Subject: [PATCH 05/79] added shell script --- proof-systems/run_bench.sh | 2 ++ 1 file changed, 2 insertions(+) create mode 100755 proof-systems/run_bench.sh diff --git a/proof-systems/run_bench.sh b/proof-systems/run_bench.sh new file mode 100755 index 000000000..1be55093b --- /dev/null +++ b/proof-systems/run_bench.sh @@ -0,0 +1,2 @@ +cargo bench --features "llvm_asm, darlin, algebra/tweedle" --bench darlin_batch_verification_detailed_bench -- --nocapture + From 7d0c10206f6738aab89a82bb927c3273a9630a3e Mon Sep 17 00:00:00 2001 From: Ulrich Date: Tue, 7 Sep 2021 11:16:01 +0200 Subject: [PATCH 06/79] added todo for FinalDarlin test circuit --- proof-systems/src/darlin/tests/final_darlin.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/proof-systems/src/darlin/tests/final_darlin.rs b/proof-systems/src/darlin/tests/final_darlin.rs index 9afe0fd3d..cced2c58e 100644 --- a/proof-systems/src/darlin/tests/final_darlin.rs +++ b/proof-systems/src/darlin/tests/final_darlin.rs @@ -185,7 +185,9 @@ impl ConstraintSynthesizer for TestCircuit test_constraints = cs.num_constraints() - test_constraints; // The following is equal to the SimpleMarlin circuit - + // TODO: although this circuit fortunately does not produce undersized Marlin polynomials, + // let us pad with constraints in a more careful manner (e.g., as in our test circuit 1c + // of Marlin. let a = cs.alloc(|| "a", || self.a.ok_or(SynthesisError::AssignmentMissing))?; let b = cs.alloc(|| "b", || self.b.ok_or(SynthesisError::AssignmentMissing))?; let c_prev = cs.alloc(|| "c_prev", || self.c_prev.ok_or(SynthesisError::AssignmentMissing))?; @@ -380,4 +382,4 @@ pub fn generate_test_data<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'a, ); (vec![final_darlin_pcd; num_proofs], vec![index_vk; num_proofs]) -} \ No newline at end of file +} From 1e93d2f000eafd8815f2451d59e3fed2690df91d Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 12 Sep 2021 23:06:54 +0300 Subject: [PATCH 07/79] Adjusted to the refactored PC --- primitives/Cargo.toml | 4 +- proof-systems/Cargo.toml | 10 +- proof-systems/src/darlin/accumulators/dlog.rs | 92 ++++++------------- proof-systems/src/darlin/data_structures.rs | 17 ++-- proof-systems/src/darlin/mod.rs | 36 ++++---- proof-systems/src/darlin/pcd/final_darlin.rs | 8 +- proof-systems/src/darlin/pcd/mod.rs | 10 +- proof-systems/src/darlin/pcd/simple_marlin.rs | 14 +-- proof-systems/src/darlin/proof_aggregator.rs | 8 +- .../src/darlin/tests/final_darlin.rs | 10 +- proof-systems/src/darlin/tests/mod.rs | 39 ++++---- .../src/darlin/tests/simple_marlin.rs | 12 +-- r1cs/core/Cargo.toml | 2 +- r1cs/gadgets/crypto/Cargo.toml | 6 +- r1cs/gadgets/std/Cargo.toml | 6 +- 15 files changed, 119 insertions(+), 155 deletions(-) diff --git a/primitives/Cargo.toml b/primitives/Cargo.toml index 9d0544b4b..82322e157 100644 --- a/primitives/Cargo.toml +++ b/primitives/Cargo.toml @@ -20,7 +20,7 @@ edition = "2018" ################################# Dependencies ################################ [dependencies] -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization", features = ["parallel"] } +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev", features = ["parallel"] } bench-utils = { path = "../bench-utils" } digest = { version = "0.8", optional = true } @@ -50,7 +50,7 @@ bn_382 = ["algebra/bn_382"] tweedle = ["algebra/tweedle"] [dev-dependencies] -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization", features = ["edwards_sw6", "jubjub", "sw6", "bls12_377"] } +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev", features = ["edwards_sw6", "jubjub", "sw6", "bls12_377"] } primitives = { path = "../primitives", features = ["mnt4_753", "mnt6_753", "bn_382", "tweedle"] } criterion = "0.3.2" diff --git a/proof-systems/Cargo.toml b/proof-systems/Cargo.toml index 5cc3adb72..8d3e5614c 100644 --- a/proof-systems/Cargo.toml +++ b/proof-systems/Cargo.toml @@ -20,12 +20,12 @@ edition = "2018" ################################# Dependencies ################################ [dependencies] -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization", features = [ "parallel", "fft"] } -r1cs-core = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization" } +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev", features = [ "parallel", "fft"] } +r1cs-core = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev" } bench-utils = { path = "../bench-utils" } -marlin = { git = "https://github.com/HorizenLabs/marlin", branch = "proof_size_optimization_benches", optional = true } -poly-commit = { git = "https://github.com/HorizenLabs/poly-commit", branch = "proof_size_optimization", optional = true } +marlin = { git = "https://github.com/HorizenLabs/marlin", branch = "refactor_pc_dev_benches", optional = true } +poly-commit = { git = "https://github.com/HorizenLabs/poly-commit", branch = "refactor_pc_dev", optional = true } r1cs-std = { path = "../r1cs/gadgets/std", optional = true } @@ -43,7 +43,7 @@ criterion = "0.3" rand_xorshift = { version = "0.3.0" } blake2 = { version = "0.8.1", default-features = false } -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization", features = ["full", "parallel", "fft"] } +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev", features = ["full", "parallel", "fft"] } r1cs-crypto = { path = "../r1cs/gadgets/crypto", features = ["nizk"] } [features] diff --git a/proof-systems/src/darlin/accumulators/dlog.rs b/proof-systems/src/darlin/accumulators/dlog.rs index dbc270292..070e2cfcc 100644 --- a/proof-systems/src/darlin/accumulators/dlog.rs +++ b/proof-systems/src/darlin/accumulators/dlog.rs @@ -11,7 +11,7 @@ use poly_commit::{ipa_pc::{ Commitment, VerifierKey, CommitterKey, SuccinctCheckPolynomial, -}, rng::{FiatShamirRng, FiatShamirRngSeed}, LabeledCommitment, Error, PolynomialCommitment}; +}, fiat_shamir_rng::{FiatShamirRng, FiatShamirRngSeed}, LabeledCommitment, Error, PolynomialCommitment}; use crate::darlin::accumulators::{ ItemAccumulator, AccumulationProof, }; @@ -71,7 +71,6 @@ impl CanonicalDeserialize for DLogItem { // GFinal will always be 1 segment and without any shift let g_final = Commitment { comm: vec![CanonicalDeserialize::deserialize(&mut reader)?], - shifted_comm: None }; let xi_s = CanonicalDeserialize::deserialize(&mut reader)?; @@ -86,7 +85,6 @@ impl CanonicalDeserialize for DLogItem { // GFinal will always be 1 segment and without any shift let g_final = Commitment { comm: vec![CanonicalDeserialize::deserialize_unchecked(&mut reader)?], - shifted_comm: None }; let xi_s = CanonicalDeserialize::deserialize_unchecked(&mut reader)?; @@ -102,7 +100,6 @@ impl CanonicalDeserialize for DLogItem { // GFinal will always be 1 segment and without any shift let g_final = Commitment { comm: vec![CanonicalDeserialize::deserialize_uncompressed(&mut reader)?], - shifted_comm: None }; let xi_s = CanonicalDeserialize::deserialize_uncompressed(&mut reader)?; @@ -118,7 +115,6 @@ impl CanonicalDeserialize for DLogItem { // GFinal will always be 1 segment and without any shift let g_final = Commitment { comm: vec![CanonicalDeserialize::deserialize_uncompressed_unchecked(&mut reader)?], - shifted_comm: None }; let xi_s = CanonicalDeserialize::deserialize_uncompressed_unchecked(&mut reader)?; @@ -134,7 +130,6 @@ impl SemanticallyValid for DLogItem { fn is_valid(&self) -> bool { self.g_final.is_valid() && self.g_final.comm.len() == 1 && - self.g_final.shifted_comm.is_none() && self.xi_s.0.is_valid() } } @@ -190,7 +185,7 @@ impl DLogItemAccumulator { // Initialize Fiat-Shamir rng let fs_rng_init_seed = { - let mut seed_builder = < as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); + let mut seed_builder = < as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); seed_builder.add_bytes(&Self::PROTOCOL_NAME)?; seed_builder.add_bytes(&vk.hash)?; @@ -200,7 +195,7 @@ impl DLogItemAccumulator { seed_builder.add_bytes(&previous_accumulators)?; seed_builder.finalize() }; - let mut fs_rng = as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_init_seed); + let mut fs_rng = as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_init_seed); // Sample a new challenge z let z = fs_rng.squeeze_128_bits_challenge::(); @@ -216,13 +211,11 @@ impl DLogItemAccumulator { let labeled_comm = { let comm = Commitment { comm: final_comm_key, - shifted_comm: None }; LabeledCommitment::new( format!("check_poly_{}", i), comm, - None, ) }; @@ -246,7 +239,7 @@ impl DLogItemAccumulator { // Succinctly verify the dlog opening proof, // and get the new reduction polynomial (the new xi's). - let xi_s = InnerProductArgPC::::succinct_check( + let xi_s = InnerProductArgPC::::succinct_single_point_multi_poly_verify( vk, comms.iter(), z, values, &proof.pc_proof, &mut fs_rng ).map_err(|e| { end_timer!(check_time); @@ -259,7 +252,7 @@ impl DLogItemAccumulator { if xi_s.is_some() { Ok(Some(DLogItem::{ - g_final: Commitment::{ comm: vec![proof.pc_proof.final_comm_key.clone()], shifted_comm: None }, + g_final: Commitment::{ comm: vec![proof.pc_proof.final_comm_key.clone()] }, xi_s: xi_s.unwrap(), })) } else { @@ -316,7 +309,7 @@ impl ItemAccumulator for DLogItemAccumulator { // Where combined_h_i = lambda_1 * h_1_i + ... + lambda_n * h_n_i // We do final verification and the batching of the GFin in a single MSM let hard_time = start_timer!(|| "Batch verify hard parts"); - let final_val = InnerProductArgPC::::cm_commit( + let final_val = InnerProductArgPC::::commit( // The vk might be oversized, but the VariableBaseMSM function, will "trim" // the bases in order to be as big as the scalars vector, so no need to explicitly // trim the vk here. @@ -350,14 +343,14 @@ impl ItemAccumulator for DLogItemAccumulator { // Initialize Fiat-Shamir rng let fs_rng_init_seed = { - let mut seed_builder = < as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); + let mut seed_builder = < as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); seed_builder.add_bytes(&Self::PROTOCOL_NAME)?; seed_builder.add_bytes(&ck.hash)?; // TODO: Shall we decompose this further when passing it to the seed builder ? seed_builder.add_bytes(&accumulators)?; seed_builder.finalize() }; - let mut fs_rng = as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_init_seed); + let mut fs_rng = as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_init_seed); // Sample a new challenge z let z = fs_rng.squeeze_128_bits_challenge::(); @@ -371,7 +364,7 @@ impl ItemAccumulator for DLogItemAccumulator { // Compute multi-poly single-point opening proof for the G_f's, i.e. // the commitments of the item polys. - let opening_proof = InnerProductArgPC::::open_check_polys( + let opening_proof = InnerProductArgPC::::open_reduction_polynomials( &ck, xi_s.iter(), z, @@ -540,20 +533,20 @@ impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> mod test { use super::*; use poly_commit::{QuerySet, Evaluations, LabeledPolynomial, ipa_pc::{ - BatchProof, UniversalParams, - }, PolynomialCommitment}; + MultiPointProof, Parameters, + }, PCParameters, PolynomialCommitment}; use rand::{distributions::Distribution, thread_rng, Rng}; use std::marker::PhantomData; use digest::Digest; use blake2::Blake2s; - fn get_test_fs_rng() -> as PolynomialCommitment>::RandomOracle + fn get_test_fs_rng() -> as PolynomialCommitment>::RandomOracle { - let mut seed_builder = < as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); + let mut seed_builder = < as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); seed_builder.add_bytes(b"TEST_SEED").unwrap(); let fs_rng_seed = seed_builder.finalize(); - as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_seed) + as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_seed) } #[derive(Copy, Clone, Default)] @@ -574,7 +567,7 @@ mod test { comms: Vec>>, query_set: QuerySet<'a, G::ScalarField>, values: Evaluations<'a, G::ScalarField>, - proof: BatchProof, + proof: MultiPointProof, polynomials: Vec>, num_polynomials: usize, num_points_in_query_set: usize, @@ -585,7 +578,7 @@ mod test { // specifications in the TestInfo. fn get_data_for_verifier<'a, G, D>( info: TestInfo, - pp: Option> + pp: Option> ) -> Result, Error> where G: AffineCurve, @@ -652,48 +645,15 @@ mod test { } let poly = Polynomial::rand(degree, rng); - let degree_bound = if let Some(degree_bounds) = &mut degree_bounds { - let degree_bound; - if segmented { - degree_bound = degree; - } else { - let range = rand::distributions::Uniform::from(degree..=supported_degree); - degree_bound = range.sample(rng); - } - degree_bounds.push(degree_bound); - Some(degree_bound) - } else { - None - }; - - let hiding_bound = if hiding { - if num_points_in_query_set >= degree { - Some(degree) - } else { - Some(num_points_in_query_set) - } - } else { - None - }; - println!("Hiding bound: {:?}", hiding_bound); - polynomials.push(LabeledPolynomial::new( label, poly, - degree_bound, - hiding_bound, + hiding, )) } - let supported_hiding_bound = polynomials - .iter() - .map(|p| p.hiding_bound().unwrap_or(0)) - .max() - .unwrap_or(0); println!("supported degree: {:?}", supported_degree); - println!("supported hiding bound: {:?}", supported_hiding_bound); println!("num_points_in_query_set: {:?}", num_points_in_query_set); - let (ck, vk) = InnerProductArgPC::::trim( - &pp, + let (ck, vk) = pp.trim( supported_degree, )?; println!("Trimmed"); @@ -701,7 +661,7 @@ mod test { test_canonical_serialize_deserialize(true, &ck); test_canonical_serialize_deserialize(true, &vk); - let (comms, rands) = InnerProductArgPC::::commit(&ck, &polynomials, Some(rng))?; + let (comms, rands) = InnerProductArgPC::::commit_vec(&ck, &polynomials, Some(rng))?; // Construct "symmetric" query set: every polynomial is evaluated at every // point. @@ -719,7 +679,7 @@ mod test { println!("Generated query set"); let mut fs_rng = get_test_fs_rng::(); - let proof = InnerProductArgPC::::batch_open( + let proof = InnerProductArgPC::::multi_point_multi_poly_open( &ck, &polynomials, &comms, @@ -766,7 +726,7 @@ mod test { test_canonical_serialize_deserialize(true, &pp); - let (ck, vk) = InnerProductArgPC::::trim(&pp, max_degree)?; + let (ck, vk) = pp.trim(max_degree)?; test_canonical_serialize_deserialize(true, &ck); test_canonical_serialize_deserialize(true, &vk); @@ -803,7 +763,7 @@ mod test { }); // extract the xi's and G_fin's from the proof - let (xi_s_vec, g_fins) = InnerProductArgPC::::succinct_batch_check( + let (xi_s_vec, g_fins) = InnerProductArgPC::::batch_succinct_verify( &vk, comms.clone(), query_sets.clone(), @@ -816,7 +776,7 @@ mod test { .into_iter() .zip(g_fins) .map(|(xi_s, g_final)| { - let acc = DLogItem:: { g_final: Commitment:: {comm: vec![g_final], shifted_comm: None}, xi_s }; + let acc = DLogItem:: { g_final: Commitment:: {comm: vec![g_final]}, xi_s }; test_canonical_serialize_deserialize(true, &acc); acc }).collect::>(); @@ -866,7 +826,7 @@ mod test { }; let pp = InnerProductArgPC::::setup(max_degree)?; - let (_, vk) = InnerProductArgPC::::trim(&pp, max_degree)?; + let (_, vk) = pp.trim(max_degree)?; test_canonical_serialize_deserialize(true, &pp); test_canonical_serialize_deserialize(true, &vk); @@ -903,7 +863,7 @@ mod test { }); // extract the xi's and G_fin's from the proof - let (xi_s_vec, g_fins) = InnerProductArgPC::::succinct_batch_check( + let (xi_s_vec, g_fins) = InnerProductArgPC::::batch_succinct_verify( &vk, comms.clone(), query_sets.clone(), @@ -916,7 +876,7 @@ mod test { .into_iter() .zip(g_fins) .map(|(xi_s, g_final)| { - let acc = DLogItem:: { g_final: Commitment:: {comm: vec![g_final], shifted_comm: None}, xi_s }; + let acc = DLogItem:: { g_final: Commitment:: {comm: vec![g_final]}, xi_s }; test_canonical_serialize_deserialize(true, &acc); acc }).collect::>(); diff --git a/proof-systems/src/darlin/data_structures.rs b/proof-systems/src/darlin/data_structures.rs index d66eec36f..078add752 100644 --- a/proof-systems/src/darlin/data_structures.rs +++ b/proof-systems/src/darlin/data_structures.rs @@ -8,9 +8,12 @@ use crate::darlin::{ pcd::simple_marlin::MarlinProof, accumulators::dlog::DLogItem }; -use poly_commit::ipa_pc::{ - SuccinctCheckPolynomial, InnerProductArgPC, - CommitterKey as DLogCommitterKey, Commitment, +use poly_commit::{ + PolynomialCommitment, + ipa_pc::{ + SuccinctCheckPolynomial, InnerProductArgPC, + CommitterKey as DLogCommitterKey, Commitment, + } }; use digest::Digest; use rand::RngCore; @@ -52,7 +55,7 @@ impl FinalDarlinDeferredData let random_xi_s_g1 = SuccinctCheckPolynomial::( (0..log_key_len_g1 as usize).map(|_| u128::rand(rng).into()).collect() ); - let g_final_g1 = InnerProductArgPC::::cm_commit( + let g_final_g1 = InnerProductArgPC::::commit( committer_key_g1.comm_key.as_slice(), random_xi_s_g1.compute_coeffs().as_slice(), None, @@ -60,7 +63,7 @@ impl FinalDarlinDeferredData ).unwrap(); let acc_g1 = DLogItem:: { - g_final: Commitment:: {comm: vec![g_final_g1.into_affine()], shifted_comm: None }, + g_final: Commitment:: {comm: vec![g_final_g1.into_affine()] }, xi_s: random_xi_s_g1 }; @@ -70,7 +73,7 @@ impl FinalDarlinDeferredData (0..log_key_len_g2 as usize).map(|_| u128::rand(rng).into()).collect() ); - let g_final_g2 = InnerProductArgPC::::cm_commit( + let g_final_g2 = InnerProductArgPC::::commit( committer_key_g2.comm_key.as_slice(), random_xi_s_g2.compute_coeffs().as_slice(), None, @@ -78,7 +81,7 @@ impl FinalDarlinDeferredData ).unwrap(); let acc_g2 = DLogItem:: { - g_final: Commitment:: {comm: vec![g_final_g2.into_affine()], shifted_comm: None }, + g_final: Commitment:: {comm: vec![g_final_g2.into_affine()] }, xi_s: random_xi_s_g2 }; diff --git a/proof-systems/src/darlin/mod.rs b/proof-systems/src/darlin/mod.rs index 97bbd949f..5cc7e7962 100644 --- a/proof-systems/src/darlin/mod.rs +++ b/proof-systems/src/darlin/mod.rs @@ -22,7 +22,7 @@ pub mod tests; use algebra::{AffineCurve, ToConstraintField}; use poly_commit::{ ipa_pc::{ - UniversalParams, InnerProductArgPC, + Parameters, InnerProductArgPC, CommitterKey as DLogProverKey, VerifierKey as DLogVerifierKey, Commitment @@ -47,8 +47,8 @@ use std::marker::PhantomData; /// FinalDarlin proof system. It is simply a (coboundary) Marlin SNARK of a dedicated /// recursive `PCDCircuit`. -pub type FinalDarlinProverKey = MarlinProverKey; -pub type FinalDarlinVerifierKey = MarlinVerifierKey; +pub type FinalDarlinProverKey = MarlinProverKey; +pub type FinalDarlinVerifierKey = MarlinVerifierKey; // A final Darlin in G1, and the previous node in G2. pub struct FinalDarlin<'a, G1: AffineCurve, G2: AffineCurve, D: Digest>( @@ -71,18 +71,18 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> num_non_zero: usize, zk: bool, ) -> Result<( - UniversalParams, - UniversalParams, + Parameters, + Parameters, ), FinalDarlinError> { - let srs_g1 = Marlin::, D>::universal_setup( + let srs_g1 = Marlin::, D>::universal_setup( num_constraints, num_variables, num_non_zero, zk )?; - let srs_g2 = Marlin::, D>::universal_setup( + let srs_g2 = Marlin::, D>::universal_setup( num_constraints, num_variables, num_non_zero, @@ -99,12 +99,12 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> committer_key: &DLogProverKey, config: C::SetupData, ) -> Result<( - FinalDarlinProverKey>, - FinalDarlinVerifierKey>, + FinalDarlinProverKey>, + FinalDarlinVerifierKey>, ), FinalDarlinError> { let c = C::init(config); - let res = Marlin::, D>::index(committer_key, c)?; + let res = Marlin::, D>::index(committer_key, c)?; Ok(res) } @@ -112,7 +112,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> /// Create and return a FinalDarlinPCD, given previous PCDs and a PCDCircuit /// that (partially) verify them along with some additional data. pub fn prove( - index_pk: &FinalDarlinProverKey>, + index_pk: &FinalDarlinProverKey>, pc_pk: &DLogProverKey, config: C::SetupData, // In future, this will be explicitly a RainbowDarlinPCD @@ -139,7 +139,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> let usr_ins = c.get_usr_ins()?; // run the Marlin prover on the initialized recursive circuit - let proof = Marlin::, D>::prove( + let proof = Marlin::, D>::prove( index_pk, pc_pk, c, zk, zk_rng )?; @@ -154,7 +154,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> /// Fully verify a `FinalDarlinProof` from the PCDCircuit `C`, using the PCD implementation for /// the FinalDarlinPCD. pub fn verify( - index_vk: &FinalDarlinVerifierKey>, + index_vk: &FinalDarlinVerifierKey>, pc_vk_g1: &DLogVerifierKey, pc_vk_g2: &DLogVerifierKey, usr_ins: &[G1::ScalarField], @@ -180,14 +180,14 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> /// for the PCDCircuit with correctly combined system and user inputs. pub fn verify_ahp( pc_vk: &DLogVerifierKey, - index_vk: &FinalDarlinVerifierKey>, + index_vk: &FinalDarlinVerifierKey>, usr_ins: &[G1::ScalarField], proof: &FinalDarlinProof, ) -> Result<( QuerySet<'a, G1::ScalarField>, Evaluations<'a, G1::ScalarField>, Vec>>, - as PolynomialCommitment>::RandomOracle, + as PolynomialCommitment>::RandomOracle, ), FinalDarlinError> { // Get "system inputs" @@ -199,7 +199,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> public_inputs.extend_from_slice(usr_ins); // Verify AHP - let res = Marlin::, D>::verify_ahp( + let res = Marlin::, D>::verify_ahp( pc_vk, index_vk, public_inputs.as_slice(), &proof.proof )?; @@ -214,10 +214,10 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> labeled_comms: Vec>>, query_set: QuerySet<'a, G1::ScalarField>, evaluations: Evaluations<'a, G1::ScalarField>, - fs_rng: &mut as PolynomialCommitment>::RandomOracle, + fs_rng: &mut as PolynomialCommitment>::RandomOracle, ) -> Result { - let res = Marlin::, D>::verify_opening( + let res = Marlin::, D>::verify_opening( pc_vk, &proof.proof, labeled_comms, query_set, evaluations, fs_rng )?; diff --git a/proof-systems/src/darlin/pcd/final_darlin.rs b/proof-systems/src/darlin/pcd/final_darlin.rs index 61f77ca93..9d463cb1f 100644 --- a/proof-systems/src/darlin/pcd/final_darlin.rs +++ b/proof-systems/src/darlin/pcd/final_darlin.rs @@ -9,7 +9,7 @@ use poly_commit::{ VerifierKey as DLogVerifierKey, Commitment, }, - rng::FiatShamirRng, + fiat_shamir_rng::FiatShamirRng, }; use crate::darlin::{ accumulators::dlog::{DLogItem, DualDLogItem, DualDLogItemAccumulator}, @@ -49,7 +49,7 @@ impl<'a, G1, G2, D> FinalDarlinPCD<'a, G1, G2, D> /// To verify the PCD of a final Darlin we only need the `FinalDarlinVerifierKey` (or, the /// IOP verifier key) of the final circuit and the two dlog committer keys for G1 and G2. pub struct FinalDarlinPCDVerifierKey<'a, G1: AffineCurve, G2: AffineCurve, D: Digest> { - pub final_darlin_vk: &'a FinalDarlinVerifierKey>, + pub final_darlin_vk: &'a FinalDarlinVerifierKey>, pub dlog_vks: (&'a DLogVerifierKey, &'a DLogVerifierKey) } @@ -92,7 +92,7 @@ where fs_rng.absorb(&self.final_darlin_proof.proof.evaluations); // Succinct verify DLOG proof - let (xi_s, g_final) = InnerProductArgPC::::succinct_batch_check_individual_opening_challenges( + let (xi_s, g_final) = InnerProductArgPC::::succinct_multi_point_multi_poly_verify( vk.dlog_vks.0, &labeled_comms, &query_set, @@ -106,7 +106,7 @@ where // Verification successfull: return new accumulator let acc = DLogItem:: { - g_final: Commitment:: { comm: vec![g_final], shifted_comm: None}, + g_final: Commitment:: { comm: vec![g_final] }, xi_s, }; diff --git a/proof-systems/src/darlin/pcd/mod.rs b/proof-systems/src/darlin/pcd/mod.rs index 51e1e8c98..7cd3a82b1 100644 --- a/proof-systems/src/darlin/pcd/mod.rs +++ b/proof-systems/src/darlin/pcd/mod.rs @@ -6,11 +6,12 @@ use algebra::{AffineCurve, ToConstraintField, UniformRand}; use r1cs_core::ConstraintSynthesizer; use poly_commit::{ + PCParameters, ipa_pc::{ - InnerProductArgPC, UniversalParams, + Parameters, CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, }, - PolynomialCommitment, Error as PCError + Error as PCError }; use crate::darlin::{ accumulators::{ @@ -44,11 +45,10 @@ impl PCDParameters { /// specified in the config. pub fn universal_setup( &self, - params: &UniversalParams + params: &Parameters ) -> Result<(DLogCommitterKey, DLogVerifierKey), PCError> { - InnerProductArgPC::::trim( - params, + params.trim( self.segment_size - 1, ) } diff --git a/proof-systems/src/darlin/pcd/simple_marlin.rs b/proof-systems/src/darlin/pcd/simple_marlin.rs index 7e0de5729..34530d8f8 100644 --- a/proof-systems/src/darlin/pcd/simple_marlin.rs +++ b/proof-systems/src/darlin/pcd/simple_marlin.rs @@ -6,7 +6,7 @@ use poly_commit::{ ipa_pc::{ InnerProductArgPC, VerifierKey as DLogVerifierKey }, - rng::FiatShamirRng, + fiat_shamir_rng::FiatShamirRng, }; use crate::darlin::{ pcd::{PCD, error::PCDError}, @@ -21,10 +21,10 @@ use std::marker::PhantomData; #[derive(Derivative)] #[derivative(Clone(bound = ""), Debug(bound = ""), Eq(bound = ""), PartialEq(bound = ""))] #[derive(CanonicalSerialize, CanonicalDeserialize)] -pub struct MarlinProof(pub Proof>); +pub struct MarlinProof(pub Proof>); impl Deref for MarlinProof { - type Target = Proof>; + type Target = Proof>; fn deref(&self) -> &Self::Target { &self.0 @@ -92,7 +92,7 @@ impl<'a, G, D> SimpleMarlinPCD<'a, G, D> /// To verify the PCD of a simple Marlin we only need the `MarlinVerifierKey` (or, the /// IOP verifier key) of the circuit, and the two dlog committer keys for G1 and G2. pub struct SimpleMarlinPCDVerifierKey<'a, G: AffineCurve, D: Digest>( - pub &'a MarlinVerifierKey>, + pub &'a MarlinVerifierKey>, pub &'a DLogVerifierKey ); @@ -118,7 +118,7 @@ impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> let succinct_time = start_timer!(|| "Marlin succinct verifier"); // Verify the IOP/AHP - let (query_set, evaluations, labeled_comms, mut fs_rng) = Marlin::, D>::verify_ahp( + let (query_set, evaluations, labeled_comms, mut fs_rng) = Marlin::, D>::verify_ahp( &vk.1, &vk.0, self.usr_ins.as_slice(), @@ -132,7 +132,7 @@ impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> fs_rng.absorb(&self.proof.evaluations); // Succinct verify DLOG proof - let (xi_s, g_final) = InnerProductArgPC::::succinct_batch_check_individual_opening_challenges( + let (xi_s, g_final) = InnerProductArgPC::::succinct_multi_point_multi_poly_verify( &vk.1, &labeled_comms, &query_set, @@ -146,7 +146,7 @@ impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> // Successfull verification: return current accumulator let acc = DLogItem:: { - g_final: Commitment:: { comm: vec![g_final], shifted_comm: None }, + g_final: Commitment:: { comm: vec![g_final] }, xi_s, }; diff --git a/proof-systems/src/darlin/proof_aggregator.rs b/proof-systems/src/darlin/proof_aggregator.rs index 3b2367449..2495a6584 100644 --- a/proof-systems/src/darlin/proof_aggregator.rs +++ b/proof-systems/src/darlin/proof_aggregator.rs @@ -31,7 +31,7 @@ use rayon::prelude::*; /// The PCDs are allowed to use different size restrictions of the DLogCommitterKey `g1_ck` and `g2_ck`. pub fn get_accumulators( pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>], + vks: &[MarlinVerifierKey>], g1_ck: &DLogCommitterKey, g2_ck: &DLogCommitterKey, ) -> Result<(Vec>, Vec>), Option>> @@ -87,7 +87,7 @@ pub fn get_accumulators( /// `g1_ck` and `g2_ck`. pub fn accumulate_proofs( pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>], + vks: &[MarlinVerifierKey>], g1_ck: &DLogCommitterKey, g2_ck: &DLogCommitterKey, ) -> Result< @@ -149,7 +149,7 @@ pub fn accumulate_proofs( /// `g1_ck` and `g2_ck`. pub fn verify_aggregated_proofs( pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>], + vks: &[MarlinVerifierKey>], accumulation_proof_g1: &Option>, accumulation_proof_g2: &Option>, g1_vk: &DLogVerifierKey, @@ -208,7 +208,7 @@ pub fn verify_aggregated_proofs( /// `g1_ck` and `g2_ck`. pub fn batch_verify_proofs( pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>], + vks: &[MarlinVerifierKey>], g1_vk: &DLogVerifierKey, g2_vk: &DLogVerifierKey, rng: &mut R diff --git a/proof-systems/src/darlin/tests/final_darlin.rs b/proof-systems/src/darlin/tests/final_darlin.rs index cced2c58e..2c51ca8c7 100644 --- a/proof-systems/src/darlin/tests/final_darlin.rs +++ b/proof-systems/src/darlin/tests/final_darlin.rs @@ -14,7 +14,7 @@ use crate::darlin::{ FinalDarlinProverKey, FinalDarlinVerifierKey, FinalDarlin, }; use poly_commit::{ - ipa_pc::{InnerProductArgPC, CommitterKey, UniversalParams}, + ipa_pc::{InnerProductArgPC, CommitterKey, Parameters}, Error as PCError }; //use rand::{ Rng, RngCore }; @@ -298,7 +298,7 @@ impl PCDCircuit for TestCircuit #[allow(dead_code)] pub fn generate_test_pcd<'a, G1: AffineCurve, G2:AffineCurve, D: Digest + 'a, R: RngCore>( pc_ck_g1: &CommitterKey, - final_darlin_pk: &FinalDarlinProverKey>, + final_darlin_pk: &FinalDarlinProverKey>, info: CircuitInfo, zk: bool, rng: &mut R, @@ -337,13 +337,13 @@ pub fn generate_test_pcd<'a, G1: AffineCurve, G2:AffineCurve, D: Digest + 'a, R: pub fn generate_test_data<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'a, R: RngCore>( num_constraints: usize, segment_size: usize, - params_g1: &UniversalParams, - params_g2: &UniversalParams, + params_g1: &Parameters, + params_g2: &Parameters, num_proofs: usize, rng: &mut R, ) -> ( Vec>, - Vec>> + Vec>> ) where G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, diff --git a/proof-systems/src/darlin/tests/mod.rs b/proof-systems/src/darlin/tests/mod.rs index 0370e8185..b498e900d 100644 --- a/proof-systems/src/darlin/tests/mod.rs +++ b/proof-systems/src/darlin/tests/mod.rs @@ -1,10 +1,9 @@ //! Test suite for PCD post processing (batch-verification, aggregation) use algebra::AffineCurve; use poly_commit::{ - PCUniversalParams, PolynomialCommitment, + PCParameters, ipa_pc::{ - InnerProductArgPC, - UniversalParams, + Parameters, CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, } }; @@ -14,19 +13,17 @@ pub mod simple_marlin; pub mod final_darlin; #[allow(dead_code)] -/// Extract DLogCommitterKey and DLogVerifierKey from UniversalParams struct +/// Extract DLogCommitterKey and DLogVerifierKey from Parameters struct pub fn get_keys( - params_g1: &UniversalParams, - params_g2: &UniversalParams, + params_g1: &Parameters, + params_g2: &Parameters, ) -> (DLogCommitterKey, DLogVerifierKey, DLogCommitterKey, DLogVerifierKey) { - let (ck_g1, vk_g1) = InnerProductArgPC::::trim( - params_g1, + let (ck_g1, vk_g1) = params_g1.trim( params_g1.max_degree(), ).unwrap(); - let (ck_g2, vk_g2) = InnerProductArgPC::::trim( - params_g2, + let (ck_g2, vk_g2) = params_g2.trim( params_g2.max_degree(), ).unwrap(); @@ -39,6 +36,10 @@ mod test { use algebra::{curves::tweedle::{ dee::Affine as DeeAffine, dum::Affine as DumAffine, }, UniformRand, ToConstraintField, serialize::test_canonical_serialize_deserialize, SemanticallyValid, CanonicalSerialize, CanonicalDeserialize}; + use poly_commit::{ + PolynomialCommitment, + ipa_pc::InnerProductArgPC + }; use marlin::VerifierKey as MarlinVerifierKey; use crate::darlin::{ pcd::GeneralPCD, @@ -70,13 +71,13 @@ mod test { /// Generic test for `accumulate_proofs` and `verify_aggregated_proofs` fn test_accumulation<'a, G1: AffineCurve, G2: AffineCurve, D: Digest, R: RngCore>( pcds: &mut [GeneralPCD<'a, G1, G2, D>], - vks: &mut [MarlinVerifierKey>], + vks: &mut [MarlinVerifierKey>], committer_key_g1: &DLogCommitterKey, committer_key_g2: &DLogCommitterKey, verifier_key_g1: &DLogVerifierKey, verifier_key_g2: &DLogVerifierKey, fake_pcds: Option<&[GeneralPCD<'a, G1, G2, D>]>, - fake_vks: Option<&[MarlinVerifierKey>]>, + fake_vks: Option<&[MarlinVerifierKey>]>, rng: &mut R ) where @@ -206,11 +207,11 @@ mod test { /// Generic test for `batch_verify_proofs` fn test_batch_verification<'a, G1: AffineCurve, G2: AffineCurve, D: Digest, R: RngCore>( pcds: &mut [GeneralPCD<'a, G1, G2, D>], - vks: &mut [MarlinVerifierKey>], + vks: &mut [MarlinVerifierKey>], verifier_key_g1: &DLogVerifierKey, verifier_key_g2: &DLogVerifierKey, fake_pcds: Option<&[GeneralPCD<'a, G1, G2, D>]>, - fake_vks: Option<&[MarlinVerifierKey>]>, + fake_vks: Option<&[MarlinVerifierKey>]>, rng: &mut R ) where @@ -333,7 +334,7 @@ mod test { //Generate fake params let mut params_g1_fake = TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); - params_g1_fake.copy_params(¶ms_g1); + params_g1_fake.ut_copy_params(¶ms_g1); test_canonical_serialize_deserialize(true, &committer_key_g1); test_canonical_serialize_deserialize(true, &committer_key_g2); @@ -439,9 +440,9 @@ mod test { //Generate fake params let mut params_g1_fake = TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); - params_g1_fake.copy_params(¶ms_g1); + params_g1_fake.ut_copy_params(¶ms_g1); let mut params_g2_fake = TestIPAPCDum::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); - params_g2_fake.copy_params(¶ms_g2); + params_g2_fake.ut_copy_params(¶ms_g2); test_canonical_serialize_deserialize(true, &committer_key_g1); test_canonical_serialize_deserialize(true, &committer_key_g2); @@ -549,9 +550,9 @@ mod test { //Generate fake params let mut params_g1_fake = TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); - params_g1_fake.copy_params(¶ms_g1); + params_g1_fake.ut_copy_params(¶ms_g1); let mut params_g2_fake = TestIPAPCDum::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); - params_g2_fake.copy_params(¶ms_g2); + params_g2_fake.ut_copy_params(¶ms_g2); test_canonical_serialize_deserialize(true, &committer_key_g1); test_canonical_serialize_deserialize(true, &committer_key_g2); diff --git a/proof-systems/src/darlin/tests/simple_marlin.rs b/proof-systems/src/darlin/tests/simple_marlin.rs index 209f0a996..f6ce75c87 100644 --- a/proof-systems/src/darlin/tests/simple_marlin.rs +++ b/proof-systems/src/darlin/tests/simple_marlin.rs @@ -2,7 +2,7 @@ //! two public inputs satisfying a simple quadratic relation. use algebra::{Field, AffineCurve, UniformRand}; use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; -use poly_commit::ipa_pc::{InnerProductArgPC, CommitterKey, UniversalParams}; +use poly_commit::ipa_pc::{InnerProductArgPC, CommitterKey, Parameters}; use marlin::{ Marlin, ProverKey as MarlinProverKey, VerifierKey as MarlinVerifierKey, }; @@ -87,7 +87,7 @@ impl ConstraintSynthesizer for Circuit( pc_ck: &CommitterKey, - marlin_pk: &MarlinProverKey>, + marlin_pk: &MarlinProverKey>, num_constraints: usize, zk: bool, rng: &mut R, @@ -107,7 +107,7 @@ pub fn generate_test_pcd<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( num_variables: num_constraints, }; - let proof = Marlin::, D>::prove( + let proof = Marlin::, D>::prove( marlin_pk, pc_ck, circ, @@ -124,12 +124,12 @@ pub fn generate_test_pcd<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( pub fn generate_test_data<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( num_constraints: usize, segment_size: usize, - params: &UniversalParams, + params: &Parameters, num_proofs: usize, rng: &mut R, ) -> ( Vec>, - Vec>> + Vec>> ) { // Trim committer key and verifier key @@ -144,7 +144,7 @@ pub fn generate_test_data<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( num_variables: num_constraints, }; - let (index_pk, index_vk) = Marlin::, D>::index( + let (index_pk, index_vk) = Marlin::, D>::index( &committer_key, circ.clone() ).unwrap(); diff --git a/r1cs/core/Cargo.toml b/r1cs/core/Cargo.toml index f37ae2424..08a79fef2 100644 --- a/r1cs/core/Cargo.toml +++ b/r1cs/core/Cargo.toml @@ -18,5 +18,5 @@ include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"] license = "MIT/Apache-2.0" [dependencies] -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization" } +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev" } smallvec = { version = "1.6.1" } \ No newline at end of file diff --git a/r1cs/gadgets/crypto/Cargo.toml b/r1cs/gadgets/crypto/Cargo.toml index 129e0318c..fcdedddb4 100644 --- a/r1cs/gadgets/crypto/Cargo.toml +++ b/r1cs/gadgets/crypto/Cargo.toml @@ -20,9 +20,9 @@ edition = "2018" ################################# Dependencies ################################ [dependencies] -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization", features = [ "parallel" ] } +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev", features = [ "parallel" ] } primitives = {path = "../../../primitives"} -r1cs-core = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization" } +r1cs-core = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev" } r1cs-std = { path = "../std"} proof-systems = { path = "../../../proof-systems", features = ["groth16", "gm17"], optional = true } bench-utils = { path = "../../../bench-utils" } @@ -52,6 +52,6 @@ llvm_asm = ["algebra/llvm_asm"] [dev-dependencies] rand_xorshift = { version = "0.3.0" } -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization", features = ["bls12_377", "bls12_381", "sw6", "bn_382"] } +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev", features = ["bls12_377", "bls12_381", "sw6", "bn_382"] } r1cs-std = { path = "../std", features = ["jubjub", "edwards_sw6", "bls12_377", "mnt4_753", "mnt6_753", "bn_382", "tweedle"] } r1cs-crypto = { path = "../crypto", features = ["mnt4_753", "mnt6_753", "bn_382", "tweedle"] } \ No newline at end of file diff --git a/r1cs/gadgets/std/Cargo.toml b/r1cs/gadgets/std/Cargo.toml index a839c91ad..cb5b38673 100644 --- a/r1cs/gadgets/std/Cargo.toml +++ b/r1cs/gadgets/std/Cargo.toml @@ -20,8 +20,8 @@ license = "MIT/Apache-2.0" ################################# Dependencies ################################ [dependencies] -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization" } -r1cs-core = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization" } +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev" } +r1cs-core = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev" } derivative = "2.2.0" radix_trie = "0.2.1" rand = { version = "0.8.4" } @@ -42,4 +42,4 @@ tweedle = [ "algebra/tweedle" ] [dev-dependencies] rand_xorshift = { version = "0.3.0" } -algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "proof_size_optimization", features = ["bls12_381", "jubjub"] } \ No newline at end of file +algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev", features = ["bls12_381", "jubjub"] } \ No newline at end of file From b9114739697896e679437f4f35aff9731508f0e1 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 12 Sep 2021 23:12:19 +0300 Subject: [PATCH 08/79] Fix marlin branch name --- proof-systems/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proof-systems/Cargo.toml b/proof-systems/Cargo.toml index 8d3e5614c..88809738c 100644 --- a/proof-systems/Cargo.toml +++ b/proof-systems/Cargo.toml @@ -24,7 +24,7 @@ algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "ref r1cs-core = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "refactor_pc_dev" } bench-utils = { path = "../bench-utils" } -marlin = { git = "https://github.com/HorizenLabs/marlin", branch = "refactor_pc_dev_benches", optional = true } +marlin = { git = "https://github.com/HorizenLabs/marlin", branch = "refactor_pc_dev", optional = true } poly-commit = { git = "https://github.com/HorizenLabs/poly-commit", branch = "refactor_pc_dev", optional = true } r1cs-std = { path = "../r1cs/gadgets/std", optional = true } From d56bd603dc057d54040a9ca52e759d26998b3131 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 12 Sep 2021 23:14:36 +0300 Subject: [PATCH 09/79] Degree bound removed from tests --- proof-systems/src/darlin/accumulators/dlog.rs | 9 --------- 1 file changed, 9 deletions(-) diff --git a/proof-systems/src/darlin/accumulators/dlog.rs b/proof-systems/src/darlin/accumulators/dlog.rs index 070e2cfcc..102bc7520 100644 --- a/proof-systems/src/darlin/accumulators/dlog.rs +++ b/proof-systems/src/darlin/accumulators/dlog.rs @@ -554,7 +554,6 @@ mod test { max_degree: Option, supported_degree: Option, num_polynomials: usize, - enforce_degree_bounds: bool, hiding: bool, max_num_queries: usize, segmented: bool @@ -588,7 +587,6 @@ mod test { max_degree, // maximum degree supported by the dlog commitment scheme supported_degree, // the supported maximum degree after trimming num_polynomials, // number of random polynomials involved in the opening proof - enforce_degree_bounds, // provide degree bound proofs or not max_num_queries, // size of the random query set for the opening proof segmented, // use segmentation or not hiding, // hiding or not @@ -612,11 +610,6 @@ mod test { "max_degree < supported_degree" ); let mut polynomials = Vec::new(); - let mut degree_bounds = if enforce_degree_bounds { - Some(Vec::new()) - } else { - None - }; // random degree multiplier when using segementation let seg_mul = rand::distributions::Uniform::from(5..=15).sample(rng); @@ -738,7 +731,6 @@ mod test { // Generate all proofs and the data needed by the verifier to verify them for _ in 0..num_proofs { // Modify requirements at random - info.enforce_degree_bounds = rng.gen(); info.hiding = rng.gen(); info.segmented = rng.gen(); verifier_data_vec.push(get_data_for_verifier::(info, Some(pp.clone())).unwrap()) @@ -838,7 +830,6 @@ mod test { // Generate all proofs and the data needed by the verifier to verify them for _ in 0..num_proofs { // Modify requirements at random - info.enforce_degree_bounds = rng.gen(); info.hiding = rng.gen(); info.segmented = rng.gen(); verifier_data_vec.push(get_data_for_verifier::(info, Some(pp.clone())).unwrap()) From 6e33192494e6cd22af79b3781a48a03ec6f6a1ce Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 26 Sep 2021 11:14:54 +0300 Subject: [PATCH 10/79] Upated to the poly-commit refactoring phase 2 --- proof-systems/src/darlin/accumulators/dlog.rs | 8 ++++---- proof-systems/src/darlin/accumulators/mod.rs | 4 ++-- proof-systems/src/darlin/benches/accumulate_verify.rs | 2 +- proof-systems/src/darlin/benches/batch_verification.rs | 2 +- .../src/darlin/benches/batch_verification_detailed.rs | 2 +- proof-systems/src/darlin/data_structures.rs | 7 +++---- proof-systems/src/darlin/mod.rs | 6 +++--- proof-systems/src/darlin/pcd/final_darlin.rs | 2 +- proof-systems/src/darlin/pcd/mod.rs | 2 +- proof-systems/src/darlin/pcd/simple_marlin.rs | 4 ++-- proof-systems/src/darlin/proof_aggregator.rs | 2 +- proof-systems/src/darlin/tests/final_darlin.rs | 2 +- proof-systems/src/darlin/tests/mod.rs | 4 ++-- proof-systems/src/darlin/tests/simple_marlin.rs | 2 +- 14 files changed, 24 insertions(+), 25 deletions(-) diff --git a/proof-systems/src/darlin/accumulators/dlog.rs b/proof-systems/src/darlin/accumulators/dlog.rs index 102bc7520..8691b81d4 100644 --- a/proof-systems/src/darlin/accumulators/dlog.rs +++ b/proof-systems/src/darlin/accumulators/dlog.rs @@ -6,7 +6,7 @@ //! where the xi_1,...,xi_d are the challenges of the dlog reduction. use algebra::{SemanticallyValid, Field, AffineCurve, ProjectiveCurve, ToBytes, to_bytes, UniformRand, serialize::*}; use algebra::polynomial::DensePolynomial as Polynomial; -use poly_commit::{ipa_pc::{ +use poly_commit::{ipa_pc_de::{ InnerProductArgPC, Commitment, VerifierKey, CommitterKey, @@ -309,7 +309,7 @@ impl ItemAccumulator for DLogItemAccumulator { // Where combined_h_i = lambda_1 * h_1_i + ... + lambda_n * h_n_i // We do final verification and the batching of the GFin in a single MSM let hard_time = start_timer!(|| "Batch verify hard parts"); - let final_val = InnerProductArgPC::::commit( + let final_val = InnerProductArgPC::::inner_commit( // The vk might be oversized, but the VariableBaseMSM function, will "trim" // the bases in order to be as big as the scalars vector, so no need to explicitly // trim the vk here. @@ -532,7 +532,7 @@ impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> #[cfg(test)] mod test { use super::*; - use poly_commit::{QuerySet, Evaluations, LabeledPolynomial, ipa_pc::{ + use poly_commit::{QuerySet, Evaluations, LabeledPolynomial, ipa_pc_de::{ MultiPointProof, Parameters, }, PCParameters, PolynomialCommitment}; @@ -563,7 +563,7 @@ mod test { #[derivative(Clone(bound = ""))] struct VerifierData<'a, G: AffineCurve> { vk: VerifierKey, - comms: Vec>>, + comms: Vec>>, query_set: QuerySet<'a, G::ScalarField>, values: Evaluations<'a, G::ScalarField>, proof: MultiPointProof, diff --git a/proof-systems/src/darlin/accumulators/mod.rs b/proof-systems/src/darlin/accumulators/mod.rs index 9b3ec84fc..3d34be12d 100644 --- a/proof-systems/src/darlin/accumulators/mod.rs +++ b/proof-systems/src/darlin/accumulators/mod.rs @@ -9,10 +9,10 @@ use algebra::{AffineCurve, serialize::*}; use rand::RngCore; use poly_commit::{ - ipa_pc::Proof, + ipa_pc_de::Proof, Error }; -use poly_commit::ipa_pc::Commitment; +use poly_commit::ipa_pc_de::Commitment; pub mod dlog; diff --git a/proof-systems/src/darlin/benches/accumulate_verify.rs b/proof-systems/src/darlin/benches/accumulate_verify.rs index 262d2b30f..c1c12ecdf 100644 --- a/proof-systems/src/darlin/benches/accumulate_verify.rs +++ b/proof-systems/src/darlin/benches/accumulate_verify.rs @@ -1,7 +1,7 @@ use algebra::{AffineCurve, ToConstraintField}; use poly_commit::{ PolynomialCommitment, - ipa_pc::InnerProductArgPC + ipa_pc_de::InnerProductArgPC }; use proof_systems::darlin::{ tests::{ diff --git a/proof-systems/src/darlin/benches/batch_verification.rs b/proof-systems/src/darlin/benches/batch_verification.rs index af124e78a..ae33a4bce 100644 --- a/proof-systems/src/darlin/benches/batch_verification.rs +++ b/proof-systems/src/darlin/benches/batch_verification.rs @@ -1,7 +1,7 @@ use algebra::{AffineCurve, ToConstraintField}; use poly_commit::{ PolynomialCommitment, - ipa_pc::InnerProductArgPC + ipa_pc_de::InnerProductArgPC }; use proof_systems::darlin::{ tests::{ diff --git a/proof-systems/src/darlin/benches/batch_verification_detailed.rs b/proof-systems/src/darlin/benches/batch_verification_detailed.rs index 5949c6663..04f84124d 100644 --- a/proof-systems/src/darlin/benches/batch_verification_detailed.rs +++ b/proof-systems/src/darlin/benches/batch_verification_detailed.rs @@ -1,7 +1,7 @@ use algebra::{AffineCurve, ToConstraintField, serialize::*}; use poly_commit::{ PolynomialCommitment, - ipa_pc::InnerProductArgPC + ipa_pc_de::InnerProductArgPC }; use proof_systems::darlin::{ tests::{ diff --git a/proof-systems/src/darlin/data_structures.rs b/proof-systems/src/darlin/data_structures.rs index 078add752..ba2235caa 100644 --- a/proof-systems/src/darlin/data_structures.rs +++ b/proof-systems/src/darlin/data_structures.rs @@ -9,8 +9,7 @@ use crate::darlin::{ accumulators::dlog::DLogItem }; use poly_commit::{ - PolynomialCommitment, - ipa_pc::{ + ipa_pc_de::{ SuccinctCheckPolynomial, InnerProductArgPC, CommitterKey as DLogCommitterKey, Commitment, } @@ -55,7 +54,7 @@ impl FinalDarlinDeferredData let random_xi_s_g1 = SuccinctCheckPolynomial::( (0..log_key_len_g1 as usize).map(|_| u128::rand(rng).into()).collect() ); - let g_final_g1 = InnerProductArgPC::::commit( + let g_final_g1 = InnerProductArgPC::::inner_commit( committer_key_g1.comm_key.as_slice(), random_xi_s_g1.compute_coeffs().as_slice(), None, @@ -73,7 +72,7 @@ impl FinalDarlinDeferredData (0..log_key_len_g2 as usize).map(|_| u128::rand(rng).into()).collect() ); - let g_final_g2 = InnerProductArgPC::::commit( + let g_final_g2 = InnerProductArgPC::::inner_commit( committer_key_g2.comm_key.as_slice(), random_xi_s_g2.compute_coeffs().as_slice(), None, diff --git a/proof-systems/src/darlin/mod.rs b/proof-systems/src/darlin/mod.rs index 5cc7e7962..0e2a146dc 100644 --- a/proof-systems/src/darlin/mod.rs +++ b/proof-systems/src/darlin/mod.rs @@ -21,7 +21,7 @@ pub mod error; pub mod tests; use algebra::{AffineCurve, ToConstraintField}; -use poly_commit::{ ipa_pc::{ +use poly_commit::{ ipa_pc_de::{ Parameters, InnerProductArgPC, CommitterKey as DLogProverKey, VerifierKey as DLogVerifierKey, @@ -186,7 +186,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> ) -> Result<( QuerySet<'a, G1::ScalarField>, Evaluations<'a, G1::ScalarField>, - Vec>>, + Vec>>, as PolynomialCommitment>::RandomOracle, ), FinalDarlinError> { @@ -211,7 +211,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> pub fn verify_opening( pc_vk: &DLogVerifierKey, proof: &FinalDarlinProof, - labeled_comms: Vec>>, + labeled_comms: Vec>>, query_set: QuerySet<'a, G1::ScalarField>, evaluations: Evaluations<'a, G1::ScalarField>, fs_rng: &mut as PolynomialCommitment>::RandomOracle, diff --git a/proof-systems/src/darlin/pcd/final_darlin.rs b/proof-systems/src/darlin/pcd/final_darlin.rs index 9d463cb1f..f865f3268 100644 --- a/proof-systems/src/darlin/pcd/final_darlin.rs +++ b/proof-systems/src/darlin/pcd/final_darlin.rs @@ -4,7 +4,7 @@ use algebra::{AffineCurve, ToConstraintField}; use digest::Digest; use poly_commit::{ - ipa_pc::{ + ipa_pc_de::{ InnerProductArgPC, VerifierKey as DLogVerifierKey, Commitment, diff --git a/proof-systems/src/darlin/pcd/mod.rs b/proof-systems/src/darlin/pcd/mod.rs index 7cd3a82b1..4194181c8 100644 --- a/proof-systems/src/darlin/pcd/mod.rs +++ b/proof-systems/src/darlin/pcd/mod.rs @@ -7,7 +7,7 @@ use algebra::{AffineCurve, ToConstraintField, UniformRand}; use r1cs_core::ConstraintSynthesizer; use poly_commit::{ PCParameters, - ipa_pc::{ + ipa_pc_de::{ Parameters, CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, }, diff --git a/proof-systems/src/darlin/pcd/simple_marlin.rs b/proof-systems/src/darlin/pcd/simple_marlin.rs index 34530d8f8..2eb97c261 100644 --- a/proof-systems/src/darlin/pcd/simple_marlin.rs +++ b/proof-systems/src/darlin/pcd/simple_marlin.rs @@ -3,7 +3,7 @@ use algebra::{AffineCurve, SemanticallyValid, serialize::*}; use digest::Digest; use marlin::{VerifierKey as MarlinVerifierKey, Proof, Marlin, AHPForR1CS}; use poly_commit::{ - ipa_pc::{ + ipa_pc_de::{ InnerProductArgPC, VerifierKey as DLogVerifierKey }, fiat_shamir_rng::FiatShamirRng, @@ -14,7 +14,7 @@ use crate::darlin::{ dlog::{DLogItem, DLogItemAccumulator}, ItemAccumulator }, }; -use poly_commit::ipa_pc::Commitment; +use poly_commit::ipa_pc_de::Commitment; use std::ops::{Deref, DerefMut}; use std::marker::PhantomData; diff --git a/proof-systems/src/darlin/proof_aggregator.rs b/proof-systems/src/darlin/proof_aggregator.rs index 2495a6584..c75c706c7 100644 --- a/proof-systems/src/darlin/proof_aggregator.rs +++ b/proof-systems/src/darlin/proof_aggregator.rs @@ -5,7 +5,7 @@ use algebra::{ }; use marlin::VerifierKey as MarlinVerifierKey; use poly_commit::{ - ipa_pc::{ + ipa_pc_de::{ InnerProductArgPC, CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, }, diff --git a/proof-systems/src/darlin/tests/final_darlin.rs b/proof-systems/src/darlin/tests/final_darlin.rs index 2c51ca8c7..605e790d3 100644 --- a/proof-systems/src/darlin/tests/final_darlin.rs +++ b/proof-systems/src/darlin/tests/final_darlin.rs @@ -14,7 +14,7 @@ use crate::darlin::{ FinalDarlinProverKey, FinalDarlinVerifierKey, FinalDarlin, }; use poly_commit::{ - ipa_pc::{InnerProductArgPC, CommitterKey, Parameters}, + ipa_pc_de::{InnerProductArgPC, CommitterKey, Parameters}, Error as PCError }; //use rand::{ Rng, RngCore }; diff --git a/proof-systems/src/darlin/tests/mod.rs b/proof-systems/src/darlin/tests/mod.rs index b498e900d..fbaa2abbc 100644 --- a/proof-systems/src/darlin/tests/mod.rs +++ b/proof-systems/src/darlin/tests/mod.rs @@ -2,7 +2,7 @@ use algebra::AffineCurve; use poly_commit::{ PCParameters, - ipa_pc::{ + ipa_pc_de::{ Parameters, CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, } @@ -38,7 +38,7 @@ mod test { }, UniformRand, ToConstraintField, serialize::test_canonical_serialize_deserialize, SemanticallyValid, CanonicalSerialize, CanonicalDeserialize}; use poly_commit::{ PolynomialCommitment, - ipa_pc::InnerProductArgPC + ipa_pc_de::InnerProductArgPC }; use marlin::VerifierKey as MarlinVerifierKey; use crate::darlin::{ diff --git a/proof-systems/src/darlin/tests/simple_marlin.rs b/proof-systems/src/darlin/tests/simple_marlin.rs index f6ce75c87..301bf93e0 100644 --- a/proof-systems/src/darlin/tests/simple_marlin.rs +++ b/proof-systems/src/darlin/tests/simple_marlin.rs @@ -2,7 +2,7 @@ //! two public inputs satisfying a simple quadratic relation. use algebra::{Field, AffineCurve, UniformRand}; use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; -use poly_commit::ipa_pc::{InnerProductArgPC, CommitterKey, Parameters}; +use poly_commit::ipa_pc_de::{InnerProductArgPC, CommitterKey, Parameters}; use marlin::{ Marlin, ProverKey as MarlinProverKey, VerifierKey as MarlinVerifierKey, }; From f130a13ca026c19cb2929d9b0e00e3a4f4a60ea0 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Tue, 26 Oct 2021 00:32:30 +0300 Subject: [PATCH 11/79] Additional ops for polynomials of PC refactoring --- algebra/src/fft/polynomial/dense.rs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/algebra/src/fft/polynomial/dense.rs b/algebra/src/fft/polynomial/dense.rs index 75303040e..1c0f15643 100644 --- a/algebra/src/fft/polynomial/dense.rs +++ b/algebra/src/fft/polynomial/dense.rs @@ -227,6 +227,12 @@ impl<'a, 'b, F: Field> AddAssign<&'a DensePolynomial> for DensePolynomial } } +impl AddAssign> for DensePolynomial { + fn add_assign(&mut self, other: DensePolynomial) { + self.add_assign(&other); + } +} + impl<'a, 'b, F: Field> AddAssign<(F, &'a DensePolynomial)> for DensePolynomial { fn add_assign(&mut self, (f, other): (F, &'a DensePolynomial)) { if self.is_zero() { @@ -369,6 +375,14 @@ impl<'a, 'b, F: PrimeField> Mul<&'a DensePolynomial> for &'b DensePolynomial< } } +impl Mul for DensePolynomial { + type Output = DensePolynomial; + + fn mul(self, other: F) -> DensePolynomial { + <&DensePolynomial as Mul<&DensePolynomial>>::mul(&self, &DensePolynomial::from_coefficients_slice(&[other])) + } +} + #[cfg(test)] mod tests { use crate::domain::get_best_evaluation_domain; From 5a71322be56b8fff701313e6975049c4aea91ed4 Mon Sep 17 00:00:00 2001 From: Carlo Russo Date: Thu, 28 Oct 2021 17:58:50 +0200 Subject: [PATCH 12/79] Added enforce comparison gadget imported from arkworks with Unit Test --- algebra/src/fields/mod.rs | 4 + r1cs/gadgets/std/src/bits/boolean.rs | 111 ++++++++++++ r1cs/gadgets/std/src/fields/cmp.rs | 261 +++++++++++++++++++++++++++ r1cs/gadgets/std/src/fields/mod.rs | 1 + 4 files changed, 377 insertions(+) create mode 100644 r1cs/gadgets/std/src/fields/cmp.rs diff --git a/algebra/src/fields/mod.rs b/algebra/src/fields/mod.rs index e7b2941d8..2590db138 100644 --- a/algebra/src/fields/mod.rs +++ b/algebra/src/fields/mod.rs @@ -481,6 +481,10 @@ impl> BitIterator { BitIterator { t, n } } + + pub fn without_leading_zeros(s: E) -> impl Iterator { + Self::new(s).skip_while(|b| !b) + } } impl> Iterator for BitIterator { diff --git a/r1cs/gadgets/std/src/bits/boolean.rs b/r1cs/gadgets/std/src/bits/boolean.rs index 6cd3f65c9..b81d46037 100644 --- a/r1cs/gadgets/std/src/bits/boolean.rs +++ b/r1cs/gadgets/std/src/bits/boolean.rs @@ -699,6 +699,67 @@ impl Boolean { Ok(()) } + + /// Enforces that `bits` is less than or equal to `element`, + /// when both are interpreted as (little-endian) integers. + pub fn enforce_smaller_or_equal_than_le( + mut cs: CS, + bits: &[Self], + element: impl AsRef<[u64]>, + ) -> Result, SynthesisError> + where + ConstraintF: Field, + CS: ConstraintSystem, + { + let b: &[u64] = element.as_ref(); + + let mut bits_iter = bits.iter().rev(); // Iterate in big-endian + + // Runs of ones in r + let mut last_run = Boolean::constant(true); + let mut current_run = vec![]; + + let mut element_num_bits = 0; + for _ in BitIterator::without_leading_zeros(b) { + element_num_bits += 1; + } + + if bits.len() > element_num_bits { + let mut or_result = Boolean::constant(false); + for (i, should_be_zero) in bits[element_num_bits..].into_iter().enumerate() { + or_result = Boolean::or(cs.ns(|| format!("or {} {}", should_be_zero.get_value().unwrap(), i)), &or_result, should_be_zero)?; + let _ = bits_iter.next().unwrap(); + } + or_result.enforce_equal(cs.ns(|| "enforce equal"), &Boolean::constant(false))?; + } + + for (i, (b, a)) in BitIterator::without_leading_zeros(b).zip(bits_iter.by_ref()).enumerate() { + if b { + // This is part of a run of ones. + current_run.push(a.clone()); + } else { + if !current_run.is_empty() { + // This is the start of a run of zeros, but we need + // to k-ary AND against `last_run` first. + + current_run.push(last_run.clone()); + last_run = Self::kary_and(cs.ns(|| format!("kary and {}", i)), ¤t_run)?; + current_run.truncate(0); + } + + // If `last_run` is true, `a` must be false, or it would + // not be in the field. + // + // If `last_run` is false, `a` can be true or false. + // + // Ergo, at least one of `last_run` and `a` must be false. + Self::enforce_nand(cs.ns(|| format!("enforce nand {}", i)), &[last_run.clone(), a.clone()])?; + } + } + assert!(bits_iter.next().is_none()); + + Ok(current_run) + } } impl PartialEq for Boolean { @@ -2098,6 +2159,56 @@ mod test { // } } + #[test] + fn test_smaller_than_or_equal_to() { + let mut rng = XorShiftRng::seed_from_u64(1231275789u64); + for i in 0..1000 { + let mut r = Fr::rand(&mut rng); + let mut s = Fr::rand(&mut rng); + if r > s { + core::mem::swap(&mut r, &mut s) + } + + let mut cs = TestConstraintSystem::::new(); + + let native_bits_be: Vec<_> = BitIterator::new(r.into_repr()).collect(); + let native_bits = native_bits_be.into_iter().rev().collect::>(); + //let bits = Vec::alloc(&mut cs.ns(|| "alloc bits"), || Ok(native_bits)).unwrap(); + let bits = Vec::alloc(&mut cs.ns(|| format!("alloc bits {}",i)), || Ok(native_bits)).unwrap(); + Boolean::enforce_smaller_or_equal_than_le(cs.ns(|| format!("enforce_smaller_or_equal_than_le {}",i)), &bits, s.into_repr()).unwrap(); + + if !cs.is_satisfied(){ + println!("{:?}", cs.which_is_unsatisfied()); + } + assert!(cs.is_satisfied()); + } + + for i in 0..1000 { + let r = Fr::rand(&mut rng); + if r == -Fr::one() { + continue; + } + let s = r + Fr::one(); + let s2 = r.double(); + let mut cs = TestConstraintSystem::::new(); + + let native_bits_be: Vec<_> = BitIterator::new(r.into_repr()).collect(); + let native_bits = native_bits_be.into_iter().rev().collect::>(); + let bits = Vec::alloc(&mut cs.ns(|| format!("alloc bits {}",i)), || Ok(native_bits)).unwrap(); + Boolean::enforce_smaller_or_equal_than_le(cs.ns(|| format!("enforce_smaller_or_equal_than_le s {}",i)), &bits, s.into_repr()).unwrap(); + + if r < s2 { + Boolean::enforce_smaller_or_equal_than_le(cs.ns(|| format!("enforce_smaller_or_equal_than_le s2 {}",i)), &bits, s2.into_repr()).unwrap(); + } + + if !cs.is_satisfied(){ + println!("{:?}", cs.which_is_unsatisfied()); + } + assert!(cs.is_satisfied()); + } + } + + #[test] fn test_enforce_nand() { { diff --git a/r1cs/gadgets/std/src/fields/cmp.rs b/r1cs/gadgets/std/src/fields/cmp.rs new file mode 100644 index 000000000..babfb7ae9 --- /dev/null +++ b/r1cs/gadgets/std/src/fields/cmp.rs @@ -0,0 +1,261 @@ +use crate::{ + boolean::Boolean, + fields::fp::FpGadget, + prelude::*, + ToBitsGadget, +}; +use algebra::PrimeField; +use r1cs_core::{ConstraintSystem, SynthesisError}; +use core::cmp::Ordering; + +impl FpGadget { + /// This function enforces the ordering between `self` and `other`. The + /// constraint system will not be satisfied otherwise. If `self` should + /// also be checked for equality, e.g. `self <= other` instead of `self < + /// other`, set `should_also_check_quality` to `true`. This variant + /// verifies `self` and `other` are `<= (p-1)/2`. + pub fn enforce_cmp>( + &self, + mut cs: CS, + other: &FpGadget, + ordering: Ordering, + should_also_check_equality: bool, + ) -> Result<(), SynthesisError> { + let (left, right) = self.process_cmp_inputs(cs.ns(|| "process cmp inputs"), other, ordering, should_also_check_equality)?; + left.enforce_smaller_than(cs.ns(|| "enforce smaller"), &right) + } + + /// This function enforces the ordering between `self` and `other`. The + /// constraint system will not be satisfied otherwise. If `self` should + /// also be checked for equality, e.g. `self <= other` instead of `self < + /// other`, set `should_also_check_quality` to `true`. This variant + /// assumes `self` and `other` are `<= (p-1)/2` and does not generate + /// constraints to verify that. + pub fn enforce_cmp_unchecked>( + &self, + mut cs: CS, + other: &FpGadget, + ordering: Ordering, + should_also_check_equality: bool, + ) -> Result<(), SynthesisError> { + let (left, right) = self.process_cmp_inputs(cs.ns(|| "process cmp inputs"), other, ordering, should_also_check_equality)?; + left.enforce_smaller_than_unchecked(cs.ns(|| "enforce smaller"), &right) + } + + /// This function checks the ordering between `self` and `other`. It outputs + /// self `Boolean` that contains the result - `1` if true, `0` + /// otherwise. The constraint system will be satisfied in any case. If + /// `self` should also be checked for equality, e.g. `self <= other` + /// instead of `self < other`, set `should_also_check_quality` to + /// `true`. This variant verifies `self` and `other` are `<= (p-1)/2`. + pub fn is_cmp>( + &self, + mut cs: CS, + other: &FpGadget, + ordering: Ordering, + should_also_check_equality: bool, + ) -> Result { + let (left, right) = self.process_cmp_inputs(cs.ns(|| "process cmp inputs"), other, ordering, should_also_check_equality)?; + left.is_smaller_than(cs.ns(|| "is smaller"), &right) + } + + /// This function checks the ordering between `self` and `other`. It outputs + /// a `Boolean` that contains the result - `1` if true, `0` otherwise. + /// The constraint system will be satisfied in any case. If `self` + /// should also be checked for equality, e.g. `self <= other` instead of + /// `self < other`, set `should_also_check_quality` to `true`. This + /// variant assumes `self` and `other` are `<= (p-1)/2` and does not + /// generate constraints to verify that. + pub fn is_cmp_unchecked>( + &self, + mut cs: CS, + other: &FpGadget, + ordering: Ordering, + should_also_check_equality: bool, + ) -> Result { + let (left, right) = self.process_cmp_inputs(cs.ns(|| "process cmp inputs"), other, ordering, should_also_check_equality)?; + left.is_smaller_than_unchecked(cs.ns(|| "is smaller"), &right) + } + + fn process_cmp_inputs>( + &self, + mut cs: CS, + other: &Self, + ordering: Ordering, + should_also_check_equality: bool, + ) -> Result<(Self, Self), SynthesisError> { + let (left, right) = match ordering { + Ordering::Less => (self, other), + Ordering::Greater => (other, self), + Ordering::Equal => return Err(SynthesisError::Unsatisfiable), + }; + let one = FpGadget::::from_value(cs.ns(|| "from value"), &F::one()); + let right_for_check = if should_also_check_equality { + right.add(cs.ns(|| "add"),&one)? + } else { + right.clone() + }; + + Ok((left.clone(), right_for_check)) + } + + /// Helper function to enforce that `self <= (p-1)/2`. + pub fn enforce_smaller_or_equal_than_mod_minus_one_div_two>( + &self, + mut cs: CS, + ) -> Result<(), SynthesisError> { + // It's okay to use `to_non_unique_bits` bits here because we're enforcing + // self <= (p-1)/2, which implies self < p. + let bits_be = self.to_bits(cs.ns(|| "to bits"))?; + let bits_le = bits_be.into_iter().rev().collect::>(); + let _ = Boolean::enforce_smaller_or_equal_than_le( + cs.ns(|| "enforce smaller or equal"), + &bits_le, + &F::modulus_minus_one_div_two(), + )?; + Ok(()) + } + + /// Helper function to check `self < other` and output a result bit. This + /// function verifies `self` and `other` are `<= (p-1)/2`. + fn is_smaller_than>(&self, mut cs: CS, other: &FpGadget) -> Result { + self.enforce_smaller_or_equal_than_mod_minus_one_div_two(cs.ns(|| "self smaller or equal mod"))?; + other.enforce_smaller_or_equal_than_mod_minus_one_div_two(cs.ns(|| "other smaller or equal mod"))?; + self.is_smaller_than_unchecked(cs.ns(|| "is smaller unchecked"), other) + } + + /// Helper function to check `self < other` and output a result bit. This + /// function assumes `self` and `other` are `<= (p-1)/2` and does not + /// generate constraints to verify that. + fn is_smaller_than_unchecked>(&self, mut cs: CS, other: &FpGadget) -> Result { + Ok(self.sub(cs.ns(|| "sub"), other)? + .double(cs.ns(|| "double"))? + .to_bits(cs.ns(|| "to bits"))? + .into_iter().rev().collect::>() + .first() + .unwrap() + .clone()) + } + + /// Helper function to enforce `self < other`. This function verifies `self` + /// and `other` are `<= (p-1)/2`. + fn enforce_smaller_than>(&self, mut cs: CS, other: &FpGadget) -> Result<(), SynthesisError> { + self.enforce_smaller_or_equal_than_mod_minus_one_div_two(cs.ns(|| "self smaller or equal mod"))?; + other.enforce_smaller_or_equal_than_mod_minus_one_div_two(cs.ns(|| "other smaller or equal mod"))?; + self.enforce_smaller_than_unchecked(cs.ns(|| "enforce smaller unchecked"), other) + } + + /// Helper function to enforce `self < other`. This function assumes `self` + /// and `other` are `<= (p-1)/2` and does not generate constraints to + /// verify that. + fn enforce_smaller_than_unchecked>(&self, mut cs: CS, other: &FpGadget) -> Result<(), SynthesisError> { + let is_smaller_than = self.is_smaller_than_unchecked(cs.ns(|| "is smaller"), other)?; + //println!("{} Is smaller then {}: {}", self.get_value().unwrap(), other.get_value().unwrap(), is_smaller_than.get_value().unwrap()); + let lc_one = CS::one(); + cs.enforce( + || "Enforce smaller then", + |lc| lc + is_smaller_than.lc(CS::one(), F::one()), + |lc| lc + lc_one.clone(), + |lc| lc + lc_one + ); + Ok(()) + } +} + +#[cfg(test)] +mod test { + use std::cmp::Ordering; + use rand::{Rng, thread_rng}; + + use r1cs_core::ConstraintSystem; + use crate::{algebra::{UniformRand, PrimeField, + fields::bls12_381::Fr, + }, fields::fp::FpGadget, test_constraint_system::TestConstraintSystem}; + use crate::alloc::AllocGadget; + + #[test] + fn test_cmp() { + let mut rng = &mut thread_rng(); + fn rand_in_range(rng: &mut R) -> Fr { + let pminusonedivtwo: Fr = Fr::modulus_minus_one_div_two().into(); + let mut r; + loop { + r = Fr::rand(rng); + if r <= pminusonedivtwo { + break; + } + } + r + } + for i in 0..10 { + let mut cs = TestConstraintSystem::::new(); + + let a = rand_in_range(&mut rng); + let a_var = FpGadget::::alloc(&mut cs.ns(|| "generate_a"), || Ok(a)).unwrap(); + let b = rand_in_range(&mut rng); + let b_var = FpGadget::::alloc(&mut cs.ns(|| "generate_b"), || Ok(b)).unwrap(); + + match a.cmp(&b) { + Ordering::Less => { + a_var.enforce_cmp(cs.ns(|| "enforce less"), &b_var, Ordering::Less, false).unwrap(); + a_var.enforce_cmp(cs.ns(|| "enforce less equal"), &b_var, Ordering::Less, true).unwrap(); + } + Ordering::Greater => { + a_var.enforce_cmp(cs.ns(|| "enforce greater"), &b_var, Ordering::Greater, false).unwrap(); + a_var.enforce_cmp(cs.ns(|| "enforce greater equal"), &b_var, Ordering::Greater, true).unwrap(); + } + _ => {} + } + + if i == 0 { + println!("number of constraints: {}", cs.num_constraints()); + } + if !cs.is_satisfied(){ + println!("{:?}", cs.which_is_unsatisfied()); + } + assert!(cs.is_satisfied()); + } + println!("Finished with satisfaction tests"); + + for _i in 0..10 { + let mut cs = TestConstraintSystem::::new(); + let a = rand_in_range(&mut rng); + let a_var = FpGadget::::alloc(&mut cs.ns(|| "generate_a"), || Ok(a)).unwrap(); + let b = rand_in_range(&mut rng); + let b_var = FpGadget::::alloc(&mut cs.ns(|| "generate_b"), || Ok(b)).unwrap(); + + match b.cmp(&a) { + Ordering::Less => { + a_var.enforce_cmp(cs.ns(|| "enforce less"), &b_var, Ordering::Less, false).unwrap(); + a_var.enforce_cmp(cs.ns(|| "enforce less equal"),&b_var, Ordering::Less, true).unwrap(); + } + Ordering::Greater => { + a_var.enforce_cmp(cs.ns(|| "enforce greater"),&b_var, Ordering::Greater, false).unwrap(); + a_var.enforce_cmp(cs.ns(|| "enforce greater equal"),&b_var, Ordering::Greater, true).unwrap(); + } + _ => {} + } + assert!(!cs.is_satisfied()); + } + + for _i in 0..10 { + let mut cs = TestConstraintSystem::::new(); + let a = rand_in_range(&mut rng); + let a_var = FpGadget::::alloc(&mut cs.ns(|| "generate_a"), || Ok(a)).unwrap(); + a_var.enforce_cmp(cs.ns(|| "enforce less"),&a_var, Ordering::Less, false).unwrap(); + + assert!(!cs.is_satisfied()); + } + + for _i in 0..10 { + let mut cs = TestConstraintSystem::::new(); + let a = rand_in_range(&mut rng); + let a_var = FpGadget::::alloc(&mut cs.ns(|| "generate_a"), || Ok(a)).unwrap(); + a_var.enforce_cmp(cs.ns(|| "enforce less"),&a_var, Ordering::Less, true).unwrap(); + if !cs.is_satisfied(){ + println!("{:?}", cs.which_is_unsatisfied()); + } + assert!(cs.is_satisfied()); + } + } +} \ No newline at end of file diff --git a/r1cs/gadgets/std/src/fields/mod.rs b/r1cs/gadgets/std/src/fields/mod.rs index c5fcd0759..a6b7306d3 100644 --- a/r1cs/gadgets/std/src/fields/mod.rs +++ b/r1cs/gadgets/std/src/fields/mod.rs @@ -14,6 +14,7 @@ pub mod fp6_3over2; pub mod fp6_2over3; pub mod quadratic_extension; pub mod cubic_extension; +pub mod cmp; pub trait FieldGadget: Sized From 47a3d5ad0f8bd796f962145629d741010f67a075 Mon Sep 17 00:00:00 2001 From: Carlo Russo Date: Mon, 1 Nov 2021 21:15:43 +0100 Subject: [PATCH 13/79] Enabled local path dependencie to algebra and r1cs-core --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index c8a9f33b0..a4e715368 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,9 +35,9 @@ debug = true # Uncomment these lines for local development paths # -# [patch.'https://github.com/HorizenOfficial/ginger-lib'] -# algebra = { path = './algebra' } -# r1cs-core = { path = "./r1cs/core" } +[patch.'https://github.com/HorizenOfficial/ginger-lib'] +algebra = { path = './algebra' } +r1cs-core = { path = "./r1cs/core" } #[patch.'https://github.com/HorizenLabs/marlin'] #marlin = { path = '../marlin' } From 3c522fe82ed64e9a22772d53cea3f52b8e44cec4 Mon Sep 17 00:00:00 2001 From: Carlo Russo Date: Thu, 4 Nov 2021 18:04:28 +0100 Subject: [PATCH 14/79] Added CondSelect Gadget for UInt64 --- r1cs/gadgets/std/src/bits/uint64.rs | 123 +++++++++++++++++++++++++++- 1 file changed, 122 insertions(+), 1 deletion(-) diff --git a/r1cs/gadgets/std/src/bits/uint64.rs b/r1cs/gadgets/std/src/bits/uint64.rs index 6d461ee33..697ed535a 100644 --- a/r1cs/gadgets/std/src/bits/uint64.rs +++ b/r1cs/gadgets/std/src/bits/uint64.rs @@ -361,10 +361,48 @@ impl EqGadget for UInt64 { } } +impl CondSelectGadget for UInt64 { + fn conditionally_select>( + mut cs: CS, + cond: &Boolean, + true_value: &Self, + false_value: &Self, + ) -> Result { + let selected_bits = true_value + .bits + .iter() + .zip(&false_value.bits) + .enumerate() + .map(|(i, (t, f))| { + Boolean::conditionally_select(&mut cs.ns(|| format!("bit {}", i)), cond, t, f) + }); + let mut bits = [Boolean::Constant(false); 64]; + for (result, new) in bits.iter_mut().zip(selected_bits) { + *result = new?; + } + + let value = cond.get_value().and_then(|cond| { + if cond { + true_value.get_value() + } else { + false_value.get_value() + } + }); + Ok(Self { + bits: bits.to_vec(), + value, + }) + } + + fn cost() -> usize { + 64 * >::cost() + } +} + #[cfg(test)] mod test { use super::UInt64; - use crate::{bits::boolean::Boolean, test_constraint_system::TestConstraintSystem}; + use crate::{alloc::AllocGadget, bits::boolean::Boolean, boolean::AllocatedBit, select::CondSelectGadget, test_constraint_system::TestConstraintSystem}; use algebra::fields::{bls12_381::Fr, Field}; use r1cs_core::ConstraintSystem; use rand::{Rng, SeedableRng}; @@ -558,4 +596,87 @@ mod test { num = num.rotate_right(1); } } + + #[derive(Copy, Clone, Debug)] + enum OperandType { + True, + False, + AllocatedTrue, + AllocatedFalse, + NegatedAllocatedTrue, + NegatedAllocatedFalse, + } + + #[test] + fn test_uint64_cond_select() { + let variants = [ + OperandType::True, + OperandType::False, + OperandType::AllocatedTrue, + OperandType::AllocatedFalse, + OperandType::NegatedAllocatedTrue, + OperandType::NegatedAllocatedFalse, + ]; + + use rand::thread_rng; + let rng = &mut thread_rng(); + + //random generates a and b numbers and check all the conditions for each couple + for _ in 0..1000 { + for condition in variants.iter().cloned() { + let mut cs = TestConstraintSystem::::new(); + let cond; + let a; + let b; + + { + let mut dyn_construct = |operand, name| { + let cs = cs.ns(|| name); + + match operand { + OperandType::True => Boolean::constant(true), + OperandType::False => Boolean::constant(false), + OperandType::AllocatedTrue => { + Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) + } + OperandType::AllocatedFalse => { + Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) + } + OperandType::NegatedAllocatedTrue => { + Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()).not() + } + OperandType::NegatedAllocatedFalse => { + Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()).not() + } + } + }; + + cond = dyn_construct(condition, "cond"); + a = UInt64::constant(rng.gen()); + b = UInt64::constant(rng.gen()); + } + + let before = cs.num_constraints(); + let c = UInt64::conditionally_select(&mut cs, &cond, &a, &b).unwrap(); + let after = cs.num_constraints(); + + assert!( + cs.is_satisfied(), + "failed with operands: cond: {:?}, a: {:?}, b: {:?}", + condition, + a, + b, + ); + assert_eq!( + c.get_value(), + if cond.get_value().unwrap() { + a.get_value() + } else { + b.get_value() + } + ); + assert!(>::cost() >= after - before); + } + } + } } From e10c4a59fddb69c49aecff9bd9226ed166fdcabc Mon Sep 17 00:00:00 2001 From: Carlo Russo Date: Sat, 13 Nov 2021 18:18:48 +0100 Subject: [PATCH 15/79] Added conditionally_add in FpGadget and UInt64 --- r1cs/gadgets/std/src/bits/uint64.rs | 19 +++++++++++++++++++ .../gadgets/std/src/fields/cubic_extension.rs | 19 +++++++++++++++++++ r1cs/gadgets/std/src/fields/fp.rs | 15 +++++++++++++++ r1cs/gadgets/std/src/fields/mod.rs | 7 +++++++ .../std/src/fields/quadratic_extension.rs | 16 ++++++++++++++++ 5 files changed, 76 insertions(+) diff --git a/r1cs/gadgets/std/src/bits/uint64.rs b/r1cs/gadgets/std/src/bits/uint64.rs index 697ed535a..14203c574 100644 --- a/r1cs/gadgets/std/src/bits/uint64.rs +++ b/r1cs/gadgets/std/src/bits/uint64.rs @@ -277,6 +277,25 @@ impl UInt64 { value: modular_value, }) } + + pub fn conditionally_add( + mut cs: CS, + bit: &Boolean, + first: Self, + second: Self + ) -> Result + where + ConstraintF: PrimeField, + CS: ConstraintSystem, + { + let added_values_g = UInt64::addmany(cs.ns(|| "added values"),&[first.clone(),second])?; + Self::conditionally_select( + cs.ns(|| "select added_values or original value"), + bit, + &added_values_g, + &first + ) + } } impl ToBytesGadget for UInt64 { diff --git a/r1cs/gadgets/std/src/fields/cubic_extension.rs b/r1cs/gadgets/std/src/fields/cubic_extension.rs index 24b369d5e..28e6d3a52 100644 --- a/r1cs/gadgets/std/src/fields/cubic_extension.rs +++ b/r1cs/gadgets/std/src/fields/cubic_extension.rs @@ -131,6 +131,25 @@ impl, ConstraintF: PrimeField + SquareR Ok(Self::new(c0, c1, c2)) } + #[inline] + fn conditionally_add>( + &self, + mut cs: CS, + bit: &Boolean, + other: &Self + ) -> Result { + let c0 = self + .c0 + .conditionally_add(cs.ns(|| "c0"), bit, &other.c0)?; + let c1 = self + .c1 + .conditionally_add(cs.ns(|| "c1"), bit, &other.c1)?; + let c2 = self + .c2 + .conditionally_add(cs.ns(|| "c2"), bit, &other.c2)?; + Ok(Self::new(c0, c1, c2)) + } + #[inline] fn sub>( &self, diff --git a/r1cs/gadgets/std/src/fields/fp.rs b/r1cs/gadgets/std/src/fields/fp.rs index 2765fc0d0..de894d42c 100644 --- a/r1cs/gadgets/std/src/fields/fp.rs +++ b/r1cs/gadgets/std/src/fields/fp.rs @@ -179,6 +179,21 @@ impl FieldGadget for FpGadget { }) } + fn conditionally_add>( + &self, + mut cs: CS, + bit: &Boolean, + other: &Self + ) -> Result { + let added_values_g = self.add(cs.ns(|| "added values"),&other)?; + Self::conditionally_select( + cs.ns(|| "select added_values or original value"), + bit, + &added_values_g, + &self + ) + } + fn double>(&self, _cs: CS) -> Result { let value = self.value.map(|val| val.double()); let mut variable = self.variable.clone(); diff --git a/r1cs/gadgets/std/src/fields/mod.rs b/r1cs/gadgets/std/src/fields/mod.rs index c1a3bb1b3..220e7909a 100644 --- a/r1cs/gadgets/std/src/fields/mod.rs +++ b/r1cs/gadgets/std/src/fields/mod.rs @@ -54,6 +54,13 @@ pub trait FieldGadget: _: CS, _: &Self, ) -> Result; + + fn conditionally_add>( + &self, + _: CS, + _: &Boolean, + _: &Self, + ) -> Result; fn add_in_place>( &mut self, diff --git a/r1cs/gadgets/std/src/fields/quadratic_extension.rs b/r1cs/gadgets/std/src/fields/quadratic_extension.rs index 70638f137..fc5804946 100644 --- a/r1cs/gadgets/std/src/fields/quadratic_extension.rs +++ b/r1cs/gadgets/std/src/fields/quadratic_extension.rs @@ -173,6 +173,22 @@ impl, ConstraintF: PrimeField + SquareRo Ok(Self::new(c0, c1)) } + #[inline] + fn conditionally_add>( + &self, + mut cs: CS, + bit: &Boolean, + other: &Self, + ) -> Result { + let c0 = self + .c0 + .conditionally_add(cs.ns(|| "c0"), bit, &other.c0)?; + let c1 = self + .c1 + .conditionally_add(cs.ns(|| "c1"), bit, &other.c1)?; + Ok(Self::new(c0, c1)) + } + #[inline] fn double>(&self, cs: CS) -> Result { let mut result = self.clone(); From 06e87780772eebcc611c9b4bcc2259f5e73f21b0 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 14 Nov 2021 20:01:49 +0200 Subject: [PATCH 16/79] Adjusted to pc refactored optimizations --- algebra/src/fft/polynomial/dense.rs | 10 ++ proof-systems/Cargo.toml | 2 +- proof-systems/src/darlin/accumulators/dlog.rs | 101 +++++++++--------- proof-systems/src/darlin/accumulators/mod.rs | 4 +- .../src/darlin/benches/accumulate_verify.rs | 2 +- .../src/darlin/benches/batch_verification.rs | 4 +- .../benches/batch_verification_detailed.rs | 14 +-- proof-systems/src/darlin/data_structures.rs | 28 ++--- proof-systems/src/darlin/mod.rs | 38 +++---- proof-systems/src/darlin/pcd/final_darlin.rs | 37 +++++-- proof-systems/src/darlin/pcd/mod.rs | 6 +- proof-systems/src/darlin/pcd/simple_marlin.rs | 37 ++++--- proof-systems/src/darlin/proof_aggregator.rs | 15 +-- .../src/darlin/tests/final_darlin.rs | 7 +- proof-systems/src/darlin/tests/mod.rs | 4 +- .../src/darlin/tests/simple_marlin.rs | 11 +- 16 files changed, 185 insertions(+), 135 deletions(-) diff --git a/algebra/src/fft/polynomial/dense.rs b/algebra/src/fft/polynomial/dense.rs index 1c0f15643..8102a7cdf 100644 --- a/algebra/src/fft/polynomial/dense.rs +++ b/algebra/src/fft/polynomial/dense.rs @@ -383,6 +383,16 @@ impl Mul for DensePolynomial { } } + +impl<'a, F: PrimeField> Mul for &'a DensePolynomial { + type Output = DensePolynomial; + + fn mul(self, other: F) -> DensePolynomial { + <&DensePolynomial as Mul<&DensePolynomial>>::mul(&self, &DensePolynomial::from_coefficients_slice(&[other])) + } +} + + #[cfg(test)] mod tests { use crate::domain::get_best_evaluation_domain; diff --git a/proof-systems/Cargo.toml b/proof-systems/Cargo.toml index 88809738c..05765c1b0 100644 --- a/proof-systems/Cargo.toml +++ b/proof-systems/Cargo.toml @@ -47,7 +47,7 @@ algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "ref r1cs-crypto = { path = "../r1cs/gadgets/crypto", features = ["nizk"] } [features] -print-trace = [ "bench-utils/print-trace" ] +print-trace = [ "bench-utils/print-trace", "poly-commit/print-trace" ] groth16 = [] gm17 = [] darlin = ["marlin", "poly-commit", "digest", "derivative", "r1cs-std"] diff --git a/proof-systems/src/darlin/accumulators/dlog.rs b/proof-systems/src/darlin/accumulators/dlog.rs index 8691b81d4..ffdb382b5 100644 --- a/proof-systems/src/darlin/accumulators/dlog.rs +++ b/proof-systems/src/darlin/accumulators/dlog.rs @@ -6,12 +6,12 @@ //! where the xi_1,...,xi_d are the challenges of the dlog reduction. use algebra::{SemanticallyValid, Field, AffineCurve, ProjectiveCurve, ToBytes, to_bytes, UniformRand, serialize::*}; use algebra::polynomial::DensePolynomial as Polynomial; -use poly_commit::{ipa_pc_de::{ +use poly_commit::{ipa_pc::{ InnerProductArgPC, Commitment, VerifierKey, CommitterKey, SuccinctCheckPolynomial, -}, fiat_shamir_rng::{FiatShamirRng, FiatShamirRngSeed}, LabeledCommitment, Error, PolynomialCommitment}; +}, fiat_shamir_rng::{FiatShamirRng, FiatShamirRngSeed}, LabeledCommitment, Error, PolynomialCommitment, DomainExtendedCommitment, DomainExtendedPolynomialCommitment}; use crate::darlin::accumulators::{ ItemAccumulator, AccumulationProof, }; @@ -24,7 +24,7 @@ use std::marker::PhantomData; #[derive(Clone, Debug, Eq, PartialEq)] pub struct DLogItem { /// Final committer key after the DLOG reduction. - pub(crate) g_final: Commitment, + pub(crate) g_final: DomainExtendedCommitment>, /// Challenges of the DLOG reduction. pub(crate) xi_s: SuccinctCheckPolynomial, @@ -34,18 +34,18 @@ impl CanonicalSerialize for DLogItem { fn serialize(&self, mut writer: W) -> Result<(), SerializationError> { // GFinal will always be 1 segment and without any shift - CanonicalSerialize::serialize(&self.g_final.comm[0], &mut writer)?; + CanonicalSerialize::serialize(&self.g_final.items[0], &mut writer)?; CanonicalSerialize::serialize(&self.xi_s, &mut writer) } fn serialized_size(&self) -> usize { - self.g_final.comm[0].serialized_size() + self.xi_s.serialized_size() + self.g_final.items[0].serialized_size() + self.xi_s.serialized_size() } fn serialize_without_metadata(&self, mut writer: W) -> Result<(), SerializationError> { - CanonicalSerialize::serialize_without_metadata(&self.g_final.comm[0], &mut writer)?; + CanonicalSerialize::serialize_without_metadata(&self.g_final.items[0], &mut writer)?; CanonicalSerialize::serialize_without_metadata(&self.xi_s, &mut writer) } @@ -53,14 +53,14 @@ impl CanonicalSerialize for DLogItem { fn serialize_uncompressed(&self, mut writer: W) -> Result<(), SerializationError> { // GFinal will always be 1 segment and without any shift - CanonicalSerialize::serialize_uncompressed(&self.g_final.comm[0], &mut writer)?; + CanonicalSerialize::serialize_uncompressed(&self.g_final.items[0], &mut writer)?; CanonicalSerialize::serialize_uncompressed(&self.xi_s, &mut writer) } fn uncompressed_size(&self) -> usize { - self.g_final.comm[0].uncompressed_size() + self.xi_s.uncompressed_size() + self.g_final.items[0].uncompressed_size() + self.xi_s.uncompressed_size() } } @@ -69,9 +69,9 @@ impl CanonicalDeserialize for DLogItem { fn deserialize(mut reader: R) -> Result { // GFinal will always be 1 segment and without any shift - let g_final = Commitment { - comm: vec![CanonicalDeserialize::deserialize(&mut reader)?], - }; + let g_final = DomainExtendedCommitment::new( + vec![CanonicalDeserialize::deserialize(&mut reader)?] + ); let xi_s = CanonicalDeserialize::deserialize(&mut reader)?; @@ -83,9 +83,9 @@ impl CanonicalDeserialize for DLogItem { fn deserialize_unchecked(mut reader: R) -> Result { // GFinal will always be 1 segment and without any shift - let g_final = Commitment { - comm: vec![CanonicalDeserialize::deserialize_unchecked(&mut reader)?], - }; + let g_final = DomainExtendedCommitment::new( + vec![CanonicalDeserialize::deserialize_unchecked(&mut reader)?] + ); let xi_s = CanonicalDeserialize::deserialize_unchecked(&mut reader)?; @@ -98,9 +98,9 @@ impl CanonicalDeserialize for DLogItem { #[inline] fn deserialize_uncompressed(mut reader: R) -> Result { // GFinal will always be 1 segment and without any shift - let g_final = Commitment { - comm: vec![CanonicalDeserialize::deserialize_uncompressed(&mut reader)?], - }; + let g_final = DomainExtendedCommitment::new( + vec![CanonicalDeserialize::deserialize_uncompressed(&mut reader)?] + ); let xi_s = CanonicalDeserialize::deserialize_uncompressed(&mut reader)?; @@ -113,9 +113,9 @@ impl CanonicalDeserialize for DLogItem { #[inline] fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { // GFinal will always be 1 segment and without any shift - let g_final = Commitment { - comm: vec![CanonicalDeserialize::deserialize_uncompressed_unchecked(&mut reader)?], - }; + let g_final = DomainExtendedCommitment::new( + vec![CanonicalDeserialize::deserialize_uncompressed_unchecked(&mut reader)?] + ); let xi_s = CanonicalDeserialize::deserialize_uncompressed_unchecked(&mut reader)?; @@ -129,7 +129,7 @@ impl CanonicalDeserialize for DLogItem { impl SemanticallyValid for DLogItem { fn is_valid(&self) -> bool { self.g_final.is_valid() && - self.g_final.comm.len() == 1 && + self.g_final.items.len() == 1 && self.xi_s.0.is_valid() } } @@ -137,7 +137,7 @@ impl SemanticallyValid for DLogItem { impl Default for DLogItem { fn default() -> Self { Self { - g_final: Commitment::::default(), + g_final: DomainExtendedCommitment::>::default(), xi_s: SuccinctCheckPolynomial(vec![]) } } @@ -152,12 +152,12 @@ impl ToBytes for DLogItem { } } -pub struct DLogItemAccumulator { +pub struct DLogItemAccumulator { _digest: PhantomData, _group: PhantomData, } -impl DLogItemAccumulator { +impl DLogItemAccumulator { /// The personalization string for this protocol. Used to personalize the /// Fiat-Shamir rng. @@ -204,14 +204,14 @@ impl DLogItemAccumulator { .into_par_iter() .enumerate() .map(|(i, acc)| { - let final_comm_key = acc.g_final.comm.clone(); + let final_comm_key = acc.g_final.items.clone(); let xi_s = acc.xi_s; // Create a LabeledCommitment out of the g_final let labeled_comm = { - let comm = Commitment { - comm: final_comm_key, - }; + let comm = DomainExtendedCommitment::new( + final_comm_key, + ); LabeledCommitment::new( format!("check_poly_{}", i), @@ -239,7 +239,7 @@ impl DLogItemAccumulator { // Succinctly verify the dlog opening proof, // and get the new reduction polynomial (the new xi's). - let xi_s = InnerProductArgPC::::succinct_single_point_multi_poly_verify( + let verifier_state = DomainExtendedPolynomialCommitment::>::succinct_single_point_multi_poly_verify( vk, comms.iter(), z, values, &proof.pc_proof, &mut fs_rng ).map_err(|e| { end_timer!(check_time); @@ -250,10 +250,13 @@ impl DLogItemAccumulator { end_timer!(check_time); end_timer!(succinct_time); - if xi_s.is_some() { + if verifier_state.is_some() { + let verifier_state = verifier_state.unwrap(); Ok(Some(DLogItem::{ - g_final: Commitment::{ comm: vec![proof.pc_proof.final_comm_key.clone()] }, - xi_s: xi_s.unwrap(), + g_final: DomainExtendedCommitment::>::new( + vec![ Commitment:: { comm: verifier_state.final_comm_key.clone() } ] + ), + xi_s: verifier_state.check_poly.clone(), })) } else { Ok(None) @@ -261,7 +264,7 @@ impl DLogItemAccumulator { } } -impl ItemAccumulator for DLogItemAccumulator { +impl ItemAccumulator for DLogItemAccumulator { type AccumulatorProverKey = CommitterKey; type AccumulatorVerifierKey = VerifierKey; type AccumulationProof = AccumulationProof; @@ -277,7 +280,7 @@ impl ItemAccumulator for DLogItemAccumulator { { let check_time = start_timer!(|| "Check accumulators"); - let final_comm_keys = accumulators.iter().flat_map(|acc| acc.g_final.comm.clone()).collect::>(); + let final_comm_keys = accumulators.iter().flat_map(|acc| acc.g_final.items.clone()).map(|commitment| commitment.comm).collect::>(); let xi_s_vec = accumulators.iter().map(|acc| acc.xi_s.clone()).collect::>(); let batching_time = start_timer!(|| "Combine check polynomials and final comm keys"); @@ -464,7 +467,7 @@ impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> where G1: AffineCurve::ScalarField>, G2: AffineCurve::ScalarField>, - D: Digest, + D: Digest + 'static, { type AccumulatorProverKey = (&'a CommitterKey, &'a CommitterKey); type AccumulatorVerifierKey = (&'a VerifierKey, &'a VerifierKey); @@ -532,9 +535,9 @@ impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> #[cfg(test)] mod test { use super::*; - use poly_commit::{QuerySet, Evaluations, LabeledPolynomial, ipa_pc_de::{ - MultiPointProof, Parameters, - }, PCParameters, PolynomialCommitment}; + use poly_commit::{QuerySet, Evaluations, LabeledPolynomial, ipa_pc::{ + Proof, Parameters, + }, PCParameters, PolynomialCommitment, DomainExtendedMultiPointProof}; use rand::{distributions::Distribution, thread_rng, Rng}; use std::marker::PhantomData; @@ -543,10 +546,10 @@ mod test { fn get_test_fs_rng() -> as PolynomialCommitment>::RandomOracle { - let mut seed_builder = < as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); + let mut seed_builder = <> as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); seed_builder.add_bytes(b"TEST_SEED").unwrap(); let fs_rng_seed = seed_builder.finalize(); - as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_seed) + > as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_seed) } #[derive(Copy, Clone, Default)] @@ -563,10 +566,10 @@ mod test { #[derivative(Clone(bound = ""))] struct VerifierData<'a, G: AffineCurve> { vk: VerifierKey, - comms: Vec>>, + comms: Vec>>>, query_set: QuerySet<'a, G::ScalarField>, values: Evaluations<'a, G::ScalarField>, - proof: MultiPointProof, + proof: DomainExtendedMultiPointProof, Proof>, polynomials: Vec>, num_polynomials: usize, num_points_in_query_set: usize, @@ -596,7 +599,7 @@ mod test { let rng = &mut thread_rng(); let max_degree = max_degree.unwrap_or(rand::distributions::Uniform::from(2..=64).sample(rng)); - let pp = if pp.is_some() { pp.unwrap() } else { InnerProductArgPC::::setup(max_degree)? }; + let pp = if pp.is_some() { pp.unwrap() } else { DomainExtendedPolynomialCommitment::>::setup(max_degree)? }; test_canonical_serialize_deserialize(true, &pp); @@ -654,7 +657,7 @@ mod test { test_canonical_serialize_deserialize(true, &ck); test_canonical_serialize_deserialize(true, &vk); - let (comms, rands) = InnerProductArgPC::::commit_vec(&ck, &polynomials, Some(rng))?; + let (comms, rands) = DomainExtendedPolynomialCommitment::>::commit_vec(&ck, &polynomials, Some(rng))?; // Construct "symmetric" query set: every polynomial is evaluated at every // point. @@ -672,7 +675,7 @@ mod test { println!("Generated query set"); let mut fs_rng = get_test_fs_rng::(); - let proof = InnerProductArgPC::::multi_point_multi_poly_open( + let proof = DomainExtendedPolynomialCommitment::>::multi_point_multi_poly_open( &ck, &polynomials, &comms, @@ -715,7 +718,7 @@ mod test { ..Default::default() }; - let pp = InnerProductArgPC::::setup(max_degree)?; + let pp = DomainExtendedPolynomialCommitment::>::setup(max_degree)?; test_canonical_serialize_deserialize(true, &pp); @@ -755,7 +758,7 @@ mod test { }); // extract the xi's and G_fin's from the proof - let (xi_s_vec, g_fins) = InnerProductArgPC::::batch_succinct_verify( + let (xi_s_vec, g_fins) = DomainExtendedPolynomialCommitment::>::batch_succinct_verify( &vk, comms.clone(), query_sets.clone(), @@ -817,7 +820,7 @@ mod test { ..Default::default() }; - let pp = InnerProductArgPC::::setup(max_degree)?; + let pp = DomainExtendedPolynomialCommitment::>::setup(max_degree)?; let (_, vk) = pp.trim(max_degree)?; test_canonical_serialize_deserialize(true, &pp); @@ -854,7 +857,7 @@ mod test { }); // extract the xi's and G_fin's from the proof - let (xi_s_vec, g_fins) = InnerProductArgPC::::batch_succinct_verify( + let (xi_s_vec, g_fins) = DomainExtendedPolynomialCommitment::>::batch_succinct_verify( &vk, comms.clone(), query_sets.clone(), diff --git a/proof-systems/src/darlin/accumulators/mod.rs b/proof-systems/src/darlin/accumulators/mod.rs index 3d34be12d..9b3ec84fc 100644 --- a/proof-systems/src/darlin/accumulators/mod.rs +++ b/proof-systems/src/darlin/accumulators/mod.rs @@ -9,10 +9,10 @@ use algebra::{AffineCurve, serialize::*}; use rand::RngCore; use poly_commit::{ - ipa_pc_de::Proof, + ipa_pc::Proof, Error }; -use poly_commit::ipa_pc_de::Commitment; +use poly_commit::ipa_pc::Commitment; pub mod dlog; diff --git a/proof-systems/src/darlin/benches/accumulate_verify.rs b/proof-systems/src/darlin/benches/accumulate_verify.rs index c1c12ecdf..262d2b30f 100644 --- a/proof-systems/src/darlin/benches/accumulate_verify.rs +++ b/proof-systems/src/darlin/benches/accumulate_verify.rs @@ -1,7 +1,7 @@ use algebra::{AffineCurve, ToConstraintField}; use poly_commit::{ PolynomialCommitment, - ipa_pc_de::InnerProductArgPC + ipa_pc::InnerProductArgPC }; use proof_systems::darlin::{ tests::{ diff --git a/proof-systems/src/darlin/benches/batch_verification.rs b/proof-systems/src/darlin/benches/batch_verification.rs index ae33a4bce..c9583d34a 100644 --- a/proof-systems/src/darlin/benches/batch_verification.rs +++ b/proof-systems/src/darlin/benches/batch_verification.rs @@ -1,7 +1,7 @@ use algebra::{AffineCurve, ToConstraintField}; use poly_commit::{ PolynomialCommitment, - ipa_pc_de::InnerProductArgPC + ipa_pc::InnerProductArgPC }; use proof_systems::darlin::{ tests::{ @@ -17,7 +17,7 @@ use blake2::Blake2s; use proof_systems::darlin::pcd::GeneralPCD; use rand_xorshift::XorShiftRng; -fn bench_batch_verification( +fn bench_batch_verification( c: &mut Criterion, bench_name: &str, segment_size: usize, diff --git a/proof-systems/src/darlin/benches/batch_verification_detailed.rs b/proof-systems/src/darlin/benches/batch_verification_detailed.rs index 04f84124d..ca022e8cf 100644 --- a/proof-systems/src/darlin/benches/batch_verification_detailed.rs +++ b/proof-systems/src/darlin/benches/batch_verification_detailed.rs @@ -1,7 +1,7 @@ use algebra::{AffineCurve, ToConstraintField, serialize::*}; use poly_commit::{ PolynomialCommitment, - ipa_pc_de::InnerProductArgPC + ipa_pc::InnerProductArgPC }; use proof_systems::darlin::{ tests::{ @@ -23,7 +23,7 @@ use proof_systems::darlin::accumulators::dlog::DLogItemAccumulator; use proof_systems::darlin::accumulators::ItemAccumulator; use proof_systems::darlin::proof_aggregator::batch_verify_proofs; -fn bench_succinct_part_batch_verification( +fn bench_succinct_part_batch_verification( c: &mut Criterion, bench_name: &str, segment_size: usize, @@ -76,7 +76,7 @@ fn bench_succinct_part_batch_verification( +fn bench_hard_part_batch_verification( c: &mut Criterion, bench_name: &str, segment_size: usize, @@ -141,7 +141,7 @@ fn bench_hard_part_batch_verification( +fn bench_batch_verification_complete( c: &mut Criterion, bench_name: &str, segment_size: usize, @@ -213,9 +213,9 @@ fn bench_batch_verification_complete_tweedle(c: &mut Criterion) { }; let num_proofs = 100; - let num_constraints = (10..=20).map(|pow| 1 << pow).collect::>(); + let num_constraints = (18..=18).map(|pow| 1 << pow).collect::>(); - for log_segment_size in 14..=18 { + for log_segment_size in 14..=14 { bench_batch_verification_complete::( c, format!("tweedle-dee, segment_size = 1 << {}, num_constraints", log_segment_size).as_str(), @@ -281,7 +281,7 @@ fn bench_hard_part_batch_verification_tweedle(c: &mut Criterion) { criterion_group!( name = batch_verification; config = Criterion::default().sample_size(10); -targets = bench_batch_verification_complete_tweedle, bench_succinct_part_batch_verification_tweedle, bench_hard_part_batch_verification_tweedle +targets = bench_batch_verification_complete_tweedle // , bench_succinct_part_batch_verification_tweedle, bench_hard_part_batch_verification_tweedle ); criterion_main!(batch_verification); \ No newline at end of file diff --git a/proof-systems/src/darlin/data_structures.rs b/proof-systems/src/darlin/data_structures.rs index ba2235caa..dee56f9b4 100644 --- a/proof-systems/src/darlin/data_structures.rs +++ b/proof-systems/src/darlin/data_structures.rs @@ -8,12 +8,10 @@ use crate::darlin::{ pcd::simple_marlin::MarlinProof, accumulators::dlog::DLogItem }; -use poly_commit::{ - ipa_pc_de::{ - SuccinctCheckPolynomial, InnerProductArgPC, - CommitterKey as DLogCommitterKey, Commitment, - } -}; +use poly_commit::{ipa_pc::{ + SuccinctCheckPolynomial, InnerProductArgPC, + CommitterKey as DLogCommitterKey, Commitment, +}, DomainExtendedCommitment}; use digest::Digest; use rand::RngCore; @@ -62,7 +60,9 @@ impl FinalDarlinDeferredData ).unwrap(); let acc_g1 = DLogItem:: { - g_final: Commitment:: {comm: vec![g_final_g1.into_affine()] }, + g_final: DomainExtendedCommitment::>::new ( + vec! [ Commitment:: { comm: g_final_g1.into_affine() } ] + ), xi_s: random_xi_s_g1 }; @@ -80,7 +80,9 @@ impl FinalDarlinDeferredData ).unwrap(); let acc_g2 = DLogItem:: { - g_final: Commitment:: {comm: vec![g_final_g2.into_affine()] }, + g_final: DomainExtendedCommitment::>::new ( + vec! [ Commitment:: { comm: g_final_g2.into_affine() } ] + ), xi_s: random_xi_s_g2 }; @@ -107,9 +109,9 @@ impl ToConstraintField for FinalDarlinDeferredData ToConstraintField for FinalDarlinDeferredData ToConstraintField for FinalDarlinDeferredData { +pub struct FinalDarlinProof { /// Full Marlin proof without deferred arithmetics in G1. pub proof: MarlinProof, /// Deferred accumulators diff --git a/proof-systems/src/darlin/mod.rs b/proof-systems/src/darlin/mod.rs index 0e2a146dc..03082bd09 100644 --- a/proof-systems/src/darlin/mod.rs +++ b/proof-systems/src/darlin/mod.rs @@ -21,12 +21,12 @@ pub mod error; pub mod tests; use algebra::{AffineCurve, ToConstraintField}; -use poly_commit::{ ipa_pc_de::{ +use poly_commit::{ ipa_pc::{ Parameters, InnerProductArgPC, CommitterKey as DLogProverKey, VerifierKey as DLogVerifierKey, Commitment -}, PolynomialCommitment, QuerySet, LabeledCommitment, Evaluations}; +}, PolynomialCommitment, DomainExtendedPolynomialCommitment, DomainExtendedCommitment, QuerySet, LabeledCommitment, Evaluations}; use marlin::{ Marlin, ProverKey as MarlinProverKey, VerifierKey as MarlinVerifierKey, @@ -51,7 +51,7 @@ pub type FinalDarlinProverKey = MarlinProverKey; pub type FinalDarlinVerifierKey = MarlinVerifierKey; // A final Darlin in G1, and the previous node in G2. -pub struct FinalDarlin<'a, G1: AffineCurve, G2: AffineCurve, D: Digest>( +pub struct FinalDarlin<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'static>( #[doc(hidden)] PhantomData, #[doc(hidden)] PhantomData, #[doc(hidden)] PhantomData, @@ -62,7 +62,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> where G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - D: Digest + 'a, + D: Digest + 'static, { /// Generate the universal prover and verifier keys for Marlin. pub fn universal_setup( @@ -75,14 +75,14 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> Parameters, ), FinalDarlinError> { - let srs_g1 = Marlin::, D>::universal_setup( + let srs_g1 = Marlin::>, D>::universal_setup( num_constraints, num_variables, num_non_zero, zk )?; - let srs_g2 = Marlin::, D>::universal_setup( + let srs_g2 = Marlin::>, D>::universal_setup( num_constraints, num_variables, num_non_zero, @@ -99,12 +99,12 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> committer_key: &DLogProverKey, config: C::SetupData, ) -> Result<( - FinalDarlinProverKey>, - FinalDarlinVerifierKey>, + FinalDarlinProverKey>>, + FinalDarlinVerifierKey>>, ), FinalDarlinError> { let c = C::init(config); - let res = Marlin::, D>::index(committer_key, c)?; + let res = Marlin::>, D>::index(committer_key, c)?; Ok(res) } @@ -112,7 +112,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> /// Create and return a FinalDarlinPCD, given previous PCDs and a PCDCircuit /// that (partially) verify them along with some additional data. pub fn prove( - index_pk: &FinalDarlinProverKey>, + index_pk: &FinalDarlinProverKey>>, pc_pk: &DLogProverKey, config: C::SetupData, // In future, this will be explicitly a RainbowDarlinPCD @@ -139,7 +139,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> let usr_ins = c.get_usr_ins()?; // run the Marlin prover on the initialized recursive circuit - let proof = Marlin::, D>::prove( + let proof = Marlin::>, D>::prove( index_pk, pc_pk, c, zk, zk_rng )?; @@ -154,7 +154,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> /// Fully verify a `FinalDarlinProof` from the PCDCircuit `C`, using the PCD implementation for /// the FinalDarlinPCD. pub fn verify( - index_vk: &FinalDarlinVerifierKey>, + index_vk: &FinalDarlinVerifierKey>>, pc_vk_g1: &DLogVerifierKey, pc_vk_g2: &DLogVerifierKey, usr_ins: &[G1::ScalarField], @@ -180,14 +180,14 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> /// for the PCDCircuit with correctly combined system and user inputs. pub fn verify_ahp( pc_vk: &DLogVerifierKey, - index_vk: &FinalDarlinVerifierKey>, + index_vk: &FinalDarlinVerifierKey>>, usr_ins: &[G1::ScalarField], proof: &FinalDarlinProof, ) -> Result<( QuerySet<'a, G1::ScalarField>, Evaluations<'a, G1::ScalarField>, - Vec>>, - as PolynomialCommitment>::RandomOracle, + Vec>>>, + > as PolynomialCommitment>::RandomOracle, ), FinalDarlinError> { // Get "system inputs" @@ -199,7 +199,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> public_inputs.extend_from_slice(usr_ins); // Verify AHP - let res = Marlin::, D>::verify_ahp( + let res = Marlin::>, D>::verify_ahp( pc_vk, index_vk, public_inputs.as_slice(), &proof.proof )?; @@ -211,13 +211,13 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> pub fn verify_opening( pc_vk: &DLogVerifierKey, proof: &FinalDarlinProof, - labeled_comms: Vec>>, + labeled_comms: Vec>>>, query_set: QuerySet<'a, G1::ScalarField>, evaluations: Evaluations<'a, G1::ScalarField>, - fs_rng: &mut as PolynomialCommitment>::RandomOracle, + fs_rng: &mut > as PolynomialCommitment>::RandomOracle, ) -> Result { - let res = Marlin::, D>::verify_opening( + let res = Marlin::>, D>::verify_opening( pc_vk, &proof.proof, labeled_comms, query_set, evaluations, fs_rng )?; diff --git a/proof-systems/src/darlin/pcd/final_darlin.rs b/proof-systems/src/darlin/pcd/final_darlin.rs index f865f3268..bf73ac3b6 100644 --- a/proof-systems/src/darlin/pcd/final_darlin.rs +++ b/proof-systems/src/darlin/pcd/final_darlin.rs @@ -4,11 +4,13 @@ use algebra::{AffineCurve, ToConstraintField}; use digest::Digest; use poly_commit::{ - ipa_pc_de::{ + ipa_pc::{ InnerProductArgPC, VerifierKey as DLogVerifierKey, Commitment, }, + PolynomialCommitment, + DomainExtendedPolynomialCommitment, DomainExtendedCommitment, fiat_shamir_rng::FiatShamirRng, }; use crate::darlin::{ @@ -23,7 +25,7 @@ use std::marker::PhantomData; /// As every PCD, the `FinalDarlinPCD` comes as a proof plus "statement". #[derive(Derivative)] #[derivative(Clone(bound = ""))] -pub struct FinalDarlinPCD<'a, G1: AffineCurve, G2: AffineCurve, D: Digest> { +pub struct FinalDarlinPCD<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'static> { /// A `FinalDarlinProof` is a Marlin proof plus deferred dlog accumulators pub final_darlin_proof: FinalDarlinProof, /// The user inputs form essentially the "statement" of the recursive proof. @@ -48,8 +50,8 @@ impl<'a, G1, G2, D> FinalDarlinPCD<'a, G1, G2, D> /// To verify the PCD of a final Darlin we only need the `FinalDarlinVerifierKey` (or, the /// IOP verifier key) of the final circuit and the two dlog committer keys for G1 and G2. -pub struct FinalDarlinPCDVerifierKey<'a, G1: AffineCurve, G2: AffineCurve, D: Digest> { - pub final_darlin_vk: &'a FinalDarlinVerifierKey>, +pub struct FinalDarlinPCDVerifierKey<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'static> { + pub final_darlin_vk: &'a FinalDarlinVerifierKey>>, pub dlog_vks: (&'a DLogVerifierKey, &'a DLogVerifierKey) } @@ -68,7 +70,7 @@ impl<'a, G1, G2, D> PCD for FinalDarlinPCD<'a, G1, G2, D> where G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - D: Digest + 'a, + D: Digest + 'static, { type PCDAccumulator = DualDLogItemAccumulator<'a, G1, G2, D>; type PCDVerifierKey = FinalDarlinPCDVerifierKey<'a, G1, G2, D>; @@ -80,19 +82,26 @@ where { let succinct_time = start_timer!(|| "Finalized Darlin succinct verifier"); + // let ahp_verify_time = start_timer!(|| "AHP verify"); + // Verify sumchecks let (query_set, evaluations, labeled_comms, mut fs_rng) = FinalDarlin::::verify_ahp( vk.dlog_vks.0, vk.final_darlin_vk, self.usr_ins.as_slice(), &self.final_darlin_proof ).map_err(|e| { + // end_timer!(ahp_verify_time); end_timer!(succinct_time); PCDError::FailedSuccinctVerification(format!("{:?}", e)) })?; + // end_timer!(ahp_verify_time); + // Absorb evaluations and sample new challenge fs_rng.absorb(&self.final_darlin_proof.proof.evaluations); + // let pc_verify_time = start_timer!(|| "PC succinct verify"); + // Succinct verify DLOG proof - let (xi_s, g_final) = InnerProductArgPC::::succinct_multi_point_multi_poly_verify( + let verifier_state = DomainExtendedPolynomialCommitment::>::succinct_multi_point_multi_poly_verify( vk.dlog_vks.0, &labeled_comms, &query_set, @@ -100,14 +109,26 @@ where &self.final_darlin_proof.proof.pc_proof, &mut fs_rng, ).map_err(|e| { + // end_timer!(pc_verify_time); end_timer!(succinct_time); PCDError::FailedSuccinctVerification(e.to_string()) })?; + // end_timer!(pc_verify_time); + + if verifier_state.is_none() { + end_timer!(succinct_time); + Err(PCDError::FailedSuccinctVerification("Succinct verify failed".to_owned()))? + } + + let verifier_state = verifier_state.unwrap(); + // Verification successfull: return new accumulator let acc = DLogItem:: { - g_final: Commitment:: { comm: vec![g_final] }, - xi_s, + g_final: DomainExtendedCommitment::>::new( + vec![ Commitment:: { comm: verifier_state.final_comm_key.clone() } ] + ), + xi_s: verifier_state.check_poly.clone(), }; end_timer!(succinct_time); diff --git a/proof-systems/src/darlin/pcd/mod.rs b/proof-systems/src/darlin/pcd/mod.rs index 4194181c8..f3e365cf1 100644 --- a/proof-systems/src/darlin/pcd/mod.rs +++ b/proof-systems/src/darlin/pcd/mod.rs @@ -7,7 +7,7 @@ use algebra::{AffineCurve, ToConstraintField, UniformRand}; use r1cs_core::ConstraintSynthesizer; use poly_commit::{ PCParameters, - ipa_pc_de::{ + ipa_pc::{ Parameters, CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, }, @@ -152,7 +152,7 @@ pub trait PCD: Sized + Send + Sync { #[derivative(Clone(bound = ""))] /// Achieve polymorphism for PCD via an enumerable. This provides nice APIs for /// the proof aggregation implementation and testing. -pub enum GeneralPCD<'a, G1: AffineCurve, G2: AffineCurve, D: Digest> { +pub enum GeneralPCD<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'static> { SimpleMarlin(SimpleMarlinPCD<'a, G1, D>), FinalDarlin(FinalDarlinPCD<'a, G1, G2, D>) } @@ -213,7 +213,7 @@ impl<'a, G1, G2, D> PCD for GeneralPCD<'a, G1, G2, D> where G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - D: Digest + 'a, + D: Digest + 'static, { type PCDAccumulator = DualDLogItemAccumulator<'a, G1, G2, D>; type PCDVerifierKey = DualPCDVerifierKey<'a, G1, G2, D>; diff --git a/proof-systems/src/darlin/pcd/simple_marlin.rs b/proof-systems/src/darlin/pcd/simple_marlin.rs index 2eb97c261..911462276 100644 --- a/proof-systems/src/darlin/pcd/simple_marlin.rs +++ b/proof-systems/src/darlin/pcd/simple_marlin.rs @@ -3,8 +3,10 @@ use algebra::{AffineCurve, SemanticallyValid, serialize::*}; use digest::Digest; use marlin::{VerifierKey as MarlinVerifierKey, Proof, Marlin, AHPForR1CS}; use poly_commit::{ - ipa_pc_de::{ - InnerProductArgPC, VerifierKey as DLogVerifierKey + PolynomialCommitment, + DomainExtendedPolynomialCommitment, DomainExtendedCommitment, + ipa_pc::{ + InnerProductArgPC, VerifierKey as DLogVerifierKey, }, fiat_shamir_rng::FiatShamirRng, }; @@ -14,17 +16,17 @@ use crate::darlin::{ dlog::{DLogItem, DLogItemAccumulator}, ItemAccumulator }, }; -use poly_commit::ipa_pc_de::Commitment; +use poly_commit::ipa_pc::Commitment; use std::ops::{Deref, DerefMut}; use std::marker::PhantomData; #[derive(Derivative)] #[derivative(Clone(bound = ""), Debug(bound = ""), Eq(bound = ""), PartialEq(bound = ""))] #[derive(CanonicalSerialize, CanonicalDeserialize)] -pub struct MarlinProof(pub Proof>); +pub struct MarlinProof(pub Proof>>); impl Deref for MarlinProof { - type Target = Proof>; + type Target = Proof>>; fn deref(&self) -> &Self::Target { &self.0 @@ -66,7 +68,7 @@ impl SemanticallyValid for MarlinProof { #[derive(Derivative)] #[derivative(Clone(bound = ""))] -pub struct SimpleMarlinPCD<'a, G: AffineCurve, D: Digest> { +pub struct SimpleMarlinPCD<'a, G: AffineCurve, D: Digest + 'static> { pub proof: MarlinProof, pub usr_ins: Vec, _lifetime: PhantomData<&'a ()>, @@ -91,8 +93,8 @@ impl<'a, G, D> SimpleMarlinPCD<'a, G, D> /// To verify the PCD of a simple Marlin we only need the `MarlinVerifierKey` (or, the /// IOP verifier key) of the circuit, and the two dlog committer keys for G1 and G2. -pub struct SimpleMarlinPCDVerifierKey<'a, G: AffineCurve, D: Digest>( - pub &'a MarlinVerifierKey>, +pub struct SimpleMarlinPCDVerifierKey<'a, G: AffineCurve, D: Digest + 'static>( + pub &'a MarlinVerifierKey>>, pub &'a DLogVerifierKey ); @@ -105,7 +107,7 @@ impl<'a, G: AffineCurve, D: Digest> AsRef> for SimpleMarlinPC impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> where G: AffineCurve, - D: Digest + 'a, + D: Digest + 'static, { type PCDAccumulator = DLogItemAccumulator; type PCDVerifierKey = SimpleMarlinPCDVerifierKey<'a, G, D>; @@ -118,7 +120,7 @@ impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> let succinct_time = start_timer!(|| "Marlin succinct verifier"); // Verify the IOP/AHP - let (query_set, evaluations, labeled_comms, mut fs_rng) = Marlin::, D>::verify_ahp( + let (query_set, evaluations, labeled_comms, mut fs_rng) = Marlin::>, D>::verify_ahp( &vk.1, &vk.0, self.usr_ins.as_slice(), @@ -132,7 +134,7 @@ impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> fs_rng.absorb(&self.proof.evaluations); // Succinct verify DLOG proof - let (xi_s, g_final) = InnerProductArgPC::::succinct_multi_point_multi_poly_verify( + let verifier_state = DomainExtendedPolynomialCommitment::>::succinct_multi_point_multi_poly_verify( &vk.1, &labeled_comms, &query_set, @@ -144,10 +146,19 @@ impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> PCDError::FailedSuccinctVerification(e.to_string()) })?; + if verifier_state.is_none() { + end_timer!(succinct_time); + Err(PCDError::FailedSuccinctVerification("Succinct verify failed".to_owned()))? + } + + let verifier_state = verifier_state.unwrap(); + // Successfull verification: return current accumulator let acc = DLogItem:: { - g_final: Commitment:: { comm: vec![g_final] }, - xi_s, + g_final: DomainExtendedCommitment::>::new( + vec![ Commitment:: { comm: verifier_state.final_comm_key.clone() } ] + ), + xi_s: verifier_state.check_poly.clone(), }; end_timer!(succinct_time); diff --git a/proof-systems/src/darlin/proof_aggregator.rs b/proof-systems/src/darlin/proof_aggregator.rs index c75c706c7..290ba3376 100644 --- a/proof-systems/src/darlin/proof_aggregator.rs +++ b/proof-systems/src/darlin/proof_aggregator.rs @@ -5,7 +5,8 @@ use algebra::{ }; use marlin::VerifierKey as MarlinVerifierKey; use poly_commit::{ - ipa_pc_de::{ + DomainExtendedPolynomialCommitment, + ipa_pc::{ InnerProductArgPC, CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, }, @@ -21,7 +22,7 @@ use crate::darlin::{ }; use rand::RngCore; use digest::Digest; -use rayon::prelude::*; +// use rayon::prelude::*; /// Given a set of PCDs, their corresponding Marlin verification keys, and the DLogCommitterKey(s) /// over two groups of a curve cycle, compute and return the associated accumulators via the @@ -31,7 +32,7 @@ use rayon::prelude::*; /// The PCDs are allowed to use different size restrictions of the DLogCommitterKey `g1_ck` and `g2_ck`. pub fn get_accumulators( pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>], + vks: &[MarlinVerifierKey>>], g1_ck: &DLogCommitterKey, g2_ck: &DLogCommitterKey, ) -> Result<(Vec>, Vec>), Option>> @@ -46,7 +47,7 @@ pub fn get_accumulators( } let (accs, failing_indices): (Vec<_>, Vec<_>) = pcds - .into_par_iter() + .into_iter() .zip(vks) .enumerate() .map(|(i, (pcd, vk))| { @@ -87,7 +88,7 @@ pub fn get_accumulators( /// `g1_ck` and `g2_ck`. pub fn accumulate_proofs( pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>], + vks: &[MarlinVerifierKey>>], g1_ck: &DLogCommitterKey, g2_ck: &DLogCommitterKey, ) -> Result< @@ -149,7 +150,7 @@ pub fn accumulate_proofs( /// `g1_ck` and `g2_ck`. pub fn verify_aggregated_proofs( pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>], + vks: &[MarlinVerifierKey>>], accumulation_proof_g1: &Option>, accumulation_proof_g2: &Option>, g1_vk: &DLogVerifierKey, @@ -208,7 +209,7 @@ pub fn verify_aggregated_proofs( /// `g1_ck` and `g2_ck`. pub fn batch_verify_proofs( pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>], + vks: &[MarlinVerifierKey>>], g1_vk: &DLogVerifierKey, g2_vk: &DLogVerifierKey, rng: &mut R diff --git a/proof-systems/src/darlin/tests/final_darlin.rs b/proof-systems/src/darlin/tests/final_darlin.rs index 605e790d3..5a0bb8b22 100644 --- a/proof-systems/src/darlin/tests/final_darlin.rs +++ b/proof-systems/src/darlin/tests/final_darlin.rs @@ -14,7 +14,8 @@ use crate::darlin::{ FinalDarlinProverKey, FinalDarlinVerifierKey, FinalDarlin, }; use poly_commit::{ - ipa_pc_de::{InnerProductArgPC, CommitterKey, Parameters}, + DomainExtendedPolynomialCommitment, + ipa_pc::{InnerProductArgPC, CommitterKey, Parameters}, Error as PCError }; //use rand::{ Rng, RngCore }; @@ -298,7 +299,7 @@ impl PCDCircuit for TestCircuit #[allow(dead_code)] pub fn generate_test_pcd<'a, G1: AffineCurve, G2:AffineCurve, D: Digest + 'a, R: RngCore>( pc_ck_g1: &CommitterKey, - final_darlin_pk: &FinalDarlinProverKey>, + final_darlin_pk: &FinalDarlinProverKey>>, info: CircuitInfo, zk: bool, rng: &mut R, @@ -343,7 +344,7 @@ pub fn generate_test_data<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'a, rng: &mut R, ) -> ( Vec>, - Vec>> + Vec>>> ) where G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, diff --git a/proof-systems/src/darlin/tests/mod.rs b/proof-systems/src/darlin/tests/mod.rs index fbaa2abbc..b498e900d 100644 --- a/proof-systems/src/darlin/tests/mod.rs +++ b/proof-systems/src/darlin/tests/mod.rs @@ -2,7 +2,7 @@ use algebra::AffineCurve; use poly_commit::{ PCParameters, - ipa_pc_de::{ + ipa_pc::{ Parameters, CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, } @@ -38,7 +38,7 @@ mod test { }, UniformRand, ToConstraintField, serialize::test_canonical_serialize_deserialize, SemanticallyValid, CanonicalSerialize, CanonicalDeserialize}; use poly_commit::{ PolynomialCommitment, - ipa_pc_de::InnerProductArgPC + ipa_pc::InnerProductArgPC }; use marlin::VerifierKey as MarlinVerifierKey; use crate::darlin::{ diff --git a/proof-systems/src/darlin/tests/simple_marlin.rs b/proof-systems/src/darlin/tests/simple_marlin.rs index 301bf93e0..d64d7de5f 100644 --- a/proof-systems/src/darlin/tests/simple_marlin.rs +++ b/proof-systems/src/darlin/tests/simple_marlin.rs @@ -2,7 +2,7 @@ //! two public inputs satisfying a simple quadratic relation. use algebra::{Field, AffineCurve, UniformRand}; use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; -use poly_commit::ipa_pc_de::{InnerProductArgPC, CommitterKey, Parameters}; +use poly_commit::ipa_pc::{InnerProductArgPC, CommitterKey, Parameters}; use marlin::{ Marlin, ProverKey as MarlinProverKey, VerifierKey as MarlinVerifierKey, }; @@ -12,6 +12,7 @@ use crate::darlin::pcd::{ use rand::{ Rng, RngCore }; use digest::Digest; use std::ops::MulAssign; +use poly_commit::DomainExtendedPolynomialCommitment; /// A simple test circuit with two field elements c,d as inputs, enforced to satisfy /// (c,d) = a*(b,b^2), @@ -87,7 +88,7 @@ impl ConstraintSynthesizer for Circuit( pc_ck: &CommitterKey, - marlin_pk: &MarlinProverKey>, + marlin_pk: &MarlinProverKey>>, num_constraints: usize, zk: bool, rng: &mut R, @@ -107,7 +108,7 @@ pub fn generate_test_pcd<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( num_variables: num_constraints, }; - let proof = Marlin::, D>::prove( + let proof = Marlin::>, D>::prove( marlin_pk, pc_ck, circ, @@ -129,7 +130,7 @@ pub fn generate_test_data<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( rng: &mut R, ) -> ( Vec>, - Vec>> + Vec>>> ) { // Trim committer key and verifier key @@ -144,7 +145,7 @@ pub fn generate_test_data<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( num_variables: num_constraints, }; - let (index_pk, index_vk) = Marlin::, D>::index( + let (index_pk, index_vk) = Marlin::>, D>::index( &committer_key, circ.clone() ).unwrap(); From 252db67b6df17983e641de60de79e39340ce7bfd Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 14 Nov 2021 20:03:30 +0200 Subject: [PATCH 17/79] Darlin benchmark restored --- .../src/darlin/benches/batch_verification_detailed.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/proof-systems/src/darlin/benches/batch_verification_detailed.rs b/proof-systems/src/darlin/benches/batch_verification_detailed.rs index ca022e8cf..7c0a18814 100644 --- a/proof-systems/src/darlin/benches/batch_verification_detailed.rs +++ b/proof-systems/src/darlin/benches/batch_verification_detailed.rs @@ -213,9 +213,9 @@ fn bench_batch_verification_complete_tweedle(c: &mut Criterion) { }; let num_proofs = 100; - let num_constraints = (18..=18).map(|pow| 1 << pow).collect::>(); + let num_constraints = (10..=20).map(|pow| 1 << pow).collect::>(); - for log_segment_size in 14..=14 { + for log_segment_size in 14..=18 { bench_batch_verification_complete::( c, format!("tweedle-dee, segment_size = 1 << {}, num_constraints", log_segment_size).as_str(), @@ -281,7 +281,7 @@ fn bench_hard_part_batch_verification_tweedle(c: &mut Criterion) { criterion_group!( name = batch_verification; config = Criterion::default().sample_size(10); -targets = bench_batch_verification_complete_tweedle // , bench_succinct_part_batch_verification_tweedle, bench_hard_part_batch_verification_tweedle +targets = bench_batch_verification_complete_tweedle, bench_succinct_part_batch_verification_tweedle, bench_hard_part_batch_verification_tweedle ); criterion_main!(batch_verification); \ No newline at end of file From ba66f12a94c3f64a931d8dab54ef62ba20dc54ff Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 14 Nov 2021 20:04:12 +0200 Subject: [PATCH 18/79] print-trace for poly-commit removed --- proof-systems/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proof-systems/Cargo.toml b/proof-systems/Cargo.toml index 05765c1b0..88809738c 100644 --- a/proof-systems/Cargo.toml +++ b/proof-systems/Cargo.toml @@ -47,7 +47,7 @@ algebra = { git = "https://github.com/HorizenOfficial/ginger-lib", branch = "ref r1cs-crypto = { path = "../r1cs/gadgets/crypto", features = ["nizk"] } [features] -print-trace = [ "bench-utils/print-trace", "poly-commit/print-trace" ] +print-trace = [ "bench-utils/print-trace" ] groth16 = [] gm17 = [] darlin = ["marlin", "poly-commit", "digest", "derivative", "r1cs-std"] From d927216ab2f0f3b512b0f8eec624b5db89d630f2 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 14 Nov 2021 20:35:18 +0200 Subject: [PATCH 19/79] Cleaning unused curves --- algebra/Cargo.toml | 12 +- algebra/benches/criterion_fft/fft_bn382.rs | 386 --- .../criterion_msm/variable_msm_bn382.rs | 96 - algebra/benches/curves/bls12_377.rs | 23 - algebra/benches/curves/bls12_381.rs | 23 - algebra/benches/curves/mnt4_753.rs | 24 - algebra/benches/curves/mnt6_753.rs | 24 - algebra/benches/curves/mod.rs | 16 +- algebra/benches/curves/sw6.rs | 23 - algebra/benches/curves/tweedle.rs | 19 + algebra/benches/fft/mod.rs | 2 +- algebra/src/curves/bls12_377/g1.rs | 75 - algebra/src/curves/bls12_377/g2.rs | 122 - algebra/src/curves/bls12_377/mod.rs | 39 - algebra/src/curves/bls12_377/tests.rs | 143 - algebra/src/curves/bls12_381/g1.rs | 82 - algebra/src/curves/bls12_381/g2.rs | 120 - algebra/src/curves/bls12_381/mod.rs | 32 - algebra/src/curves/bls12_381/tests.rs | 926 ------- algebra/src/curves/bn_382/g.rs | 91 - algebra/src/curves/bn_382/g1.rs | 87 - algebra/src/curves/bn_382/g2.rs | 140 - algebra/src/curves/bn_382/mod.rs | 73 - algebra/src/curves/bn_382/tests.rs | 199 -- algebra/src/curves/edwards_bls12/mod.rs | 136 - algebra/src/curves/edwards_bls12/tests.rs | 53 - algebra/src/curves/edwards_sw6/mod.rs | 150 - algebra/src/curves/edwards_sw6/tests.rs | 53 - algebra/src/curves/jubjub/mod.rs | 151 -- algebra/src/curves/jubjub/tests.rs | 105 - algebra/src/curves/mnt4753/g1.rs | 109 - algebra/src/curves/mnt4753/g2.rs | 201 -- algebra/src/curves/mnt4753/mod.rs | 115 - algebra/src/curves/mnt4753/tests.rs | 1840 ------------- algebra/src/curves/mnt6/g1.rs | 124 - algebra/src/curves/mnt6/g2.rs | 286 -- algebra/src/curves/mnt6/mod.rs | 327 --- algebra/src/curves/mnt6/tests.rs | 88 - algebra/src/curves/mnt6753/g1.rs | 113 - algebra/src/curves/mnt6753/g2.rs | 274 -- algebra/src/curves/mnt6753/mod.rs | 114 - algebra/src/curves/mnt6753/tests.rs | 2330 ---------------- algebra/src/curves/mod.rs | 30 - algebra/src/curves/models/bls12/g1.rs | 56 - algebra/src/curves/models/bls12/g2.rs | 170 -- algebra/src/curves/models/bls12/mod.rs | 185 -- algebra/src/curves/models/bn/g1.rs | 61 - algebra/src/curves/models/bn/g2.rs | 210 -- algebra/src/curves/models/bn/mod.rs | 218 -- algebra/src/curves/models/mnt4/g1.rs | 55 - algebra/src/curves/models/mnt4/g2.rs | 100 - algebra/src/curves/models/mnt4/mod.rs | 303 --- algebra/src/curves/models/mnt6/g1.rs | 55 - algebra/src/curves/models/mnt6/g2.rs | 102 - algebra/src/curves/models/mnt6/mod.rs | 313 --- algebra/src/curves/models/mod.rs | 4 - algebra/src/curves/sw6/g1.rs | 119 - algebra/src/curves/sw6/g2.rs | 229 -- algebra/src/curves/sw6/mod.rs | 248 -- algebra/src/curves/sw6/tests.rs | 108 - algebra/src/fft/domain/domain_selector.rs | 4 +- algebra/src/fft/domain/mod.rs | 2 +- algebra/src/fft/domain/test.rs | 24 +- algebra/src/fft/polynomial/dense.rs | 2 +- algebra/src/fft/polynomial/sparse.rs | 2 +- algebra/src/fields/bls12_377/fq.rs | 107 - algebra/src/fields/bls12_377/fq12.rs | 166 -- algebra/src/fields/bls12_377/fq2.rs | 75 - algebra/src/fields/bls12_377/fq6.rs | 217 -- algebra/src/fields/bls12_377/fr.rs | 90 - algebra/src/fields/bls12_377/mod.rs | 17 - algebra/src/fields/bls12_377/tests.rs | 556 ---- algebra/src/fields/bls12_381/fq.rs | 103 - algebra/src/fields/bls12_381/fq12.rs | 236 -- algebra/src/fields/bls12_381/fq2.rs | 78 - algebra/src/fields/bls12_381/fq6.rs | 200 -- algebra/src/fields/bls12_381/fr.rs | 1 - algebra/src/fields/bls12_381/mod.rs | 17 - algebra/src/fields/bls12_381/tests.rs | 2412 ----------------- algebra/src/fields/bn_382/fq.rs | 113 - algebra/src/fields/bn_382/fq12.rs | 201 -- algebra/src/fields/bn_382/fq2.rs | 114 - algebra/src/fields/bn_382/fq6.rs | 254 -- algebra/src/fields/bn_382/fr.rs | 94 - algebra/src/fields/bn_382/mod.rs | 18 - algebra/src/fields/bn_382/tests.rs | 1697 ------------ algebra/src/fields/edwards_bls12/fq.rs | 1 - algebra/src/fields/edwards_bls12/fr.rs | 71 - algebra/src/fields/edwards_bls12/mod.rs | 5 - algebra/src/fields/edwards_bls12/tests.rs | 21 - algebra/src/fields/edwards_sw6/fq.rs | 1 - algebra/src/fields/edwards_sw6/fr.rs | 83 - algebra/src/fields/edwards_sw6/mod.rs | 5 - algebra/src/fields/edwards_sw6/tests.rs | 21 - algebra/src/fields/jubjub/fq.rs | 87 - algebra/src/fields/jubjub/fr.rs | 65 - algebra/src/fields/jubjub/mod.rs | 5 - algebra/src/fields/jubjub/tests.rs | 449 --- algebra/src/fields/mnt4753/fq.rs | 190 -- algebra/src/fields/mnt4753/fq2.rs | 104 - algebra/src/fields/mnt4753/fq4.rs | 89 - algebra/src/fields/mnt4753/fr.rs | 1 - algebra/src/fields/mnt4753/mod.rs | 14 - .../fields/mnt4753/test_vec/mnt4753_tobyte | Bin 96 -> 0 bytes algebra/src/fields/mnt4753/tests.rs | 1876 ------------- algebra/src/fields/mnt6/fq.rs | 94 - algebra/src/fields/mnt6/fq3.rs | 104 - algebra/src/fields/mnt6/fq6.rs | 66 - algebra/src/fields/mnt6/fr.rs | 88 - algebra/src/fields/mnt6/mod.rs | 14 - algebra/src/fields/mnt6/tests.rs | 47 - algebra/src/fields/mnt6753/fq.rs | 168 -- algebra/src/fields/mnt6753/fq3.rs | 199 -- algebra/src/fields/mnt6753/fq6.rs | 120 - algebra/src/fields/mnt6753/fr.rs | 1 - algebra/src/fields/mnt6753/mod.rs | 14 - .../fields/mnt6753/test_vec/mnt6753_tobyte | Bin 96 -> 0 bytes algebra/src/fields/mnt6753/tests.rs | 2394 ---------------- algebra/src/fields/mod.rs | 30 - algebra/src/fields/sw6/fq.rs | 161 -- algebra/src/fields/sw6/fq3.rs | 202 -- algebra/src/fields/sw6/fq6.rs | 114 - algebra/src/fields/sw6/fr.rs | 1 - algebra/src/fields/sw6/mod.rs | 14 - algebra/src/fields/sw6/tests.rs | 47 - algebra/src/msm/variable_base.rs | 20 - 126 files changed, 40 insertions(+), 25658 deletions(-) delete mode 100644 algebra/benches/criterion_fft/fft_bn382.rs delete mode 100644 algebra/benches/criterion_msm/variable_msm_bn382.rs delete mode 100644 algebra/benches/curves/bls12_377.rs delete mode 100644 algebra/benches/curves/bls12_381.rs delete mode 100644 algebra/benches/curves/mnt4_753.rs delete mode 100644 algebra/benches/curves/mnt6_753.rs delete mode 100644 algebra/benches/curves/sw6.rs create mode 100644 algebra/benches/curves/tweedle.rs delete mode 100644 algebra/src/curves/bls12_377/g1.rs delete mode 100644 algebra/src/curves/bls12_377/g2.rs delete mode 100644 algebra/src/curves/bls12_377/mod.rs delete mode 100644 algebra/src/curves/bls12_377/tests.rs delete mode 100644 algebra/src/curves/bls12_381/g1.rs delete mode 100644 algebra/src/curves/bls12_381/g2.rs delete mode 100644 algebra/src/curves/bls12_381/mod.rs delete mode 100644 algebra/src/curves/bls12_381/tests.rs delete mode 100644 algebra/src/curves/bn_382/g.rs delete mode 100644 algebra/src/curves/bn_382/g1.rs delete mode 100644 algebra/src/curves/bn_382/g2.rs delete mode 100644 algebra/src/curves/bn_382/mod.rs delete mode 100644 algebra/src/curves/bn_382/tests.rs delete mode 100644 algebra/src/curves/edwards_bls12/mod.rs delete mode 100644 algebra/src/curves/edwards_bls12/tests.rs delete mode 100644 algebra/src/curves/edwards_sw6/mod.rs delete mode 100644 algebra/src/curves/edwards_sw6/tests.rs delete mode 100644 algebra/src/curves/jubjub/mod.rs delete mode 100644 algebra/src/curves/jubjub/tests.rs delete mode 100644 algebra/src/curves/mnt4753/g1.rs delete mode 100644 algebra/src/curves/mnt4753/g2.rs delete mode 100644 algebra/src/curves/mnt4753/mod.rs delete mode 100644 algebra/src/curves/mnt4753/tests.rs delete mode 100644 algebra/src/curves/mnt6/g1.rs delete mode 100644 algebra/src/curves/mnt6/g2.rs delete mode 100644 algebra/src/curves/mnt6/mod.rs delete mode 100644 algebra/src/curves/mnt6/tests.rs delete mode 100644 algebra/src/curves/mnt6753/g1.rs delete mode 100644 algebra/src/curves/mnt6753/g2.rs delete mode 100644 algebra/src/curves/mnt6753/mod.rs delete mode 100644 algebra/src/curves/mnt6753/tests.rs delete mode 100644 algebra/src/curves/models/bls12/g1.rs delete mode 100644 algebra/src/curves/models/bls12/g2.rs delete mode 100644 algebra/src/curves/models/bls12/mod.rs delete mode 100644 algebra/src/curves/models/bn/g1.rs delete mode 100644 algebra/src/curves/models/bn/g2.rs delete mode 100644 algebra/src/curves/models/bn/mod.rs delete mode 100644 algebra/src/curves/models/mnt4/g1.rs delete mode 100644 algebra/src/curves/models/mnt4/g2.rs delete mode 100644 algebra/src/curves/models/mnt4/mod.rs delete mode 100644 algebra/src/curves/models/mnt6/g1.rs delete mode 100644 algebra/src/curves/models/mnt6/g2.rs delete mode 100644 algebra/src/curves/models/mnt6/mod.rs delete mode 100644 algebra/src/curves/sw6/g1.rs delete mode 100644 algebra/src/curves/sw6/g2.rs delete mode 100644 algebra/src/curves/sw6/mod.rs delete mode 100644 algebra/src/curves/sw6/tests.rs delete mode 100644 algebra/src/fields/bls12_377/fq.rs delete mode 100644 algebra/src/fields/bls12_377/fq12.rs delete mode 100644 algebra/src/fields/bls12_377/fq2.rs delete mode 100644 algebra/src/fields/bls12_377/fq6.rs delete mode 100644 algebra/src/fields/bls12_377/fr.rs delete mode 100644 algebra/src/fields/bls12_377/mod.rs delete mode 100644 algebra/src/fields/bls12_377/tests.rs delete mode 100644 algebra/src/fields/bls12_381/fq.rs delete mode 100644 algebra/src/fields/bls12_381/fq12.rs delete mode 100644 algebra/src/fields/bls12_381/fq2.rs delete mode 100644 algebra/src/fields/bls12_381/fq6.rs delete mode 100644 algebra/src/fields/bls12_381/fr.rs delete mode 100644 algebra/src/fields/bls12_381/mod.rs delete mode 100644 algebra/src/fields/bls12_381/tests.rs delete mode 100644 algebra/src/fields/bn_382/fq.rs delete mode 100644 algebra/src/fields/bn_382/fq12.rs delete mode 100644 algebra/src/fields/bn_382/fq2.rs delete mode 100644 algebra/src/fields/bn_382/fq6.rs delete mode 100644 algebra/src/fields/bn_382/fr.rs delete mode 100644 algebra/src/fields/bn_382/mod.rs delete mode 100644 algebra/src/fields/bn_382/tests.rs delete mode 100644 algebra/src/fields/edwards_bls12/fq.rs delete mode 100644 algebra/src/fields/edwards_bls12/fr.rs delete mode 100644 algebra/src/fields/edwards_bls12/mod.rs delete mode 100644 algebra/src/fields/edwards_bls12/tests.rs delete mode 100644 algebra/src/fields/edwards_sw6/fq.rs delete mode 100644 algebra/src/fields/edwards_sw6/fr.rs delete mode 100644 algebra/src/fields/edwards_sw6/mod.rs delete mode 100644 algebra/src/fields/edwards_sw6/tests.rs delete mode 100644 algebra/src/fields/jubjub/fq.rs delete mode 100644 algebra/src/fields/jubjub/fr.rs delete mode 100644 algebra/src/fields/jubjub/mod.rs delete mode 100644 algebra/src/fields/jubjub/tests.rs delete mode 100644 algebra/src/fields/mnt4753/fq.rs delete mode 100644 algebra/src/fields/mnt4753/fq2.rs delete mode 100644 algebra/src/fields/mnt4753/fq4.rs delete mode 100644 algebra/src/fields/mnt4753/fr.rs delete mode 100644 algebra/src/fields/mnt4753/mod.rs delete mode 100644 algebra/src/fields/mnt4753/test_vec/mnt4753_tobyte delete mode 100644 algebra/src/fields/mnt4753/tests.rs delete mode 100644 algebra/src/fields/mnt6/fq.rs delete mode 100644 algebra/src/fields/mnt6/fq3.rs delete mode 100644 algebra/src/fields/mnt6/fq6.rs delete mode 100644 algebra/src/fields/mnt6/fr.rs delete mode 100644 algebra/src/fields/mnt6/mod.rs delete mode 100644 algebra/src/fields/mnt6/tests.rs delete mode 100644 algebra/src/fields/mnt6753/fq.rs delete mode 100644 algebra/src/fields/mnt6753/fq3.rs delete mode 100644 algebra/src/fields/mnt6753/fq6.rs delete mode 100644 algebra/src/fields/mnt6753/fr.rs delete mode 100644 algebra/src/fields/mnt6753/mod.rs delete mode 100644 algebra/src/fields/mnt6753/test_vec/mnt6753_tobyte delete mode 100644 algebra/src/fields/mnt6753/tests.rs delete mode 100644 algebra/src/fields/sw6/fq.rs delete mode 100644 algebra/src/fields/sw6/fq3.rs delete mode 100644 algebra/src/fields/sw6/fq6.rs delete mode 100644 algebra/src/fields/sw6/fr.rs delete mode 100644 algebra/src/fields/sw6/mod.rs delete mode 100644 algebra/src/fields/sw6/tests.rs diff --git a/algebra/Cargo.toml b/algebra/Cargo.toml index 5bbcbe4ac..ce75f17ab 100644 --- a/algebra/Cargo.toml +++ b/algebra/Cargo.toml @@ -51,19 +51,9 @@ n_fold = [] llvm_asm = [] derive = ["algebra-derive"] -bls12_377 = [] -bls12_381 = [] -edwards_bls12 = ["bls12_377"] -edwards_sw6 = ["sw6"] -jubjub = [] -sw6 = ["bls12_377"] -mnt4_753 = ["mnt6_753"] -mnt6_298 = [] -mnt6_753 = ["mnt4_753"] -bn_382 = [] tweedle = [] -full = [ "bls12_377", "bls12_381", "sw6", "mnt4_753", "mnt6_298", "mnt6_753", "edwards_bls12", "edwards_sw6", "jubjub", "bn_382", "tweedle" ] +full = [ "tweedle" ] [build-dependencies] field-assembly = { path = "./field-assembly" } diff --git a/algebra/benches/criterion_fft/fft_bn382.rs b/algebra/benches/criterion_fft/fft_bn382.rs deleted file mode 100644 index 2d11f0d52..000000000 --- a/algebra/benches/criterion_fft/fft_bn382.rs +++ /dev/null @@ -1,386 +0,0 @@ -#[macro_use] -extern crate criterion; - -#[macro_use] -extern crate bench_utils; - -use algebra::{ - fields::bn_382::Fr, - PrimeField, UniformRand, -}; -use algebra::fft::{DensePolynomial, EvaluationDomain, BasicRadix2Domain, get_best_evaluation_domain}; -use rand; - -use std::{ - fs::File, - path::Path, - time::{SystemTime, UNIX_EPOCH}, -}; - -use criterion::{BatchSize, BenchmarkId, Criterion}; - -const DATA_PATH: &'static str = "./coeffs_bn382"; - -fn save_data(num_coeffs: usize) { - - let mut fs = File::create(DATA_PATH).unwrap(); - let rng = &mut rand::thread_rng(); - - for _ in 0..num_coeffs { - let elem:F = UniformRand::rand(rng); - match elem.write(&mut fs) { - Ok(_) => {}, - Err(msg) => { panic!("Cannot save coeffs to file: {}", msg)} - } - } -} - -fn load_data(samples: usize) -> Vec { - - if !Path::new(DATA_PATH).exists() { - save_data::(1 << 23); - } - - let mut fs = File::open(DATA_PATH).unwrap(); - let mut a: Vec = Vec::with_capacity(samples); - - for _i in 0..samples { - let elem1 = F::read(&mut fs).unwrap(); - a.push(elem1); - } - a -} - -fn bench_ffts>( - c: &mut Criterion, - num_coeffs: usize, - name: &'static str, -) { - let mut group = c.benchmark_group(name); - - // We expect the num_coeffs input to be a compatible size for the domain. - let domain = get_best_evaluation_domain::(num_coeffs).unwrap(); - let domain_size = domain.size(); - assert_eq!(num_coeffs, domain_size); - - group.bench_with_input( - BenchmarkId::from_parameter(num_coeffs), - &num_coeffs, - |b, _samples| { - b.iter_batched( - || { - let a: Vec = load_data(num_coeffs); - a - }, - |a| { - add_to_trace!( - || format!("****************{}*******************", domain_size), - || format!( - "--->START TIMESTAMP: {:?}", - SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_secs() - ) - ); - - domain.fft( - &mut a.as_slice(), - ); - - add_to_trace!( - || format!("****************{}*******************", domain_size), - || format!( - "--->END TIMESTAMP: {:?}", - SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_secs() - ) - ); - }, - BatchSize::PerIteration, - ); - }, - ); -} - -fn bench_fft_bn382(c: &mut Criterion) { - bench_ffts::>(c, 1 << 14, "radix-2 FFT - 2^14 - bn382"); - bench_ffts::>(c, 1 << 15, "radix-2 FFT - 2^15 - bn382"); - bench_ffts::>(c, 1 << 16, "radix-2 FFT - 2^16 - bn382"); - bench_ffts::>(c, 1 << 17, "radix-2 FFT - 2^17 - bn382"); - bench_ffts::>(c, 1 << 18, "radix-2 FFT - 2^18 - bn382"); - bench_ffts::>(c, 1 << 19, "radix-2 FFT - 2^19 - bn382"); - bench_ffts::>(c, 1 << 20, "radix-2 FFT - 2^20 - bn382"); - bench_ffts::>(c, 1 << 21, "radix-2 FFT - 2^21 - bn382"); - bench_ffts::>(c, 1 << 22, "radix-2 FFT - 2^22 - bn382"); - bench_ffts::>(c, 1 << 23, "radix-2 FFT - 2^23 - bn382"); -} - -fn bench_iffts>( - c: &mut Criterion, - num_coeffs: usize, - name: &'static str, -) { - let mut group = c.benchmark_group(name); - - // We expect the num_coeffs input to be a compatible size for the domain. - let domain = get_best_evaluation_domain::(num_coeffs).unwrap(); - let domain_size = domain.size(); - assert_eq!(num_coeffs, domain_size); - - group.bench_with_input( - BenchmarkId::from_parameter(num_coeffs), - &num_coeffs, - |b, _samples| { - b.iter_batched( - || { - let a: Vec = load_data(num_coeffs); - a - }, - |mut a| { - add_to_trace!( - || format!("****************{}*******************", domain_size), - || format!( - "--->START TIMESTAMP: {:?}", - SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_secs() - ) - ); - - domain.ifft( - &mut a, - ); - - add_to_trace!( - || format!("****************{}*******************", domain_size), - || format!( - "--->END TIMESTAMP: {:?}", - SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_secs() - ) - ); - }, - BatchSize::PerIteration, - ); - }, - ); -} - -fn bench_ifft_bn382(c: &mut Criterion) { - bench_iffts::>(c, 1 << 14, "radix-2 iFFT - 2^14 - bn382"); - bench_iffts::>(c, 1 << 15, "radix-2 iFFT - 2^15 - bn382"); - bench_iffts::>(c, 1 << 16, "radix-2 iFFT - 2^16 - bn382"); - bench_iffts::>(c, 1 << 17, "radix-2 iFFT - 2^17 - bn382"); - bench_iffts::>(c, 1 << 18, "radix-2 iFFT - 2^18 - bn382"); - bench_iffts::>(c, 1 << 19, "radix-2 iFFT - 2^19 - bn382"); - bench_iffts::>(c, 1 << 20, "radix-2 iFFT - 2^20 - bn382"); - bench_iffts::>(c, 1 << 21, "radix-2 iFFT - 2^21 - bn382"); - bench_iffts::>(c, 1 << 22, "radix-2 iFFT - 2^22 - bn382"); - bench_iffts::>(c, 1 << 23, "radix-2 iFFT - 2^23 - bn382"); -} - -fn bench_dense_poly_muls>( - c: &mut Criterion, - num_degree: usize, - name: &'static str, -) { - // Per benchmark setup - let rng = &mut rand::thread_rng(); - - c.bench_function(name, move |bencher| { - let p1 = DensePolynomial::::rand(num_degree, rng); - let p2 = DensePolynomial::::rand(num_degree, rng); - - bencher.iter(|| { - add_to_trace!( - || format!("****************{}*******************", num_degree), - || format!( - "--->START TIMESTAMP: {:?}", - SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_secs() - ) - ); - - let _ab = (&p1) * (&p2); - - add_to_trace!( - || format!("****************{}*******************", num_degree), - || format!( - "--->END TIMESTAMP: {:?}", - SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_secs() - ) - ); - }) - }); -} - -fn bench_dense_poly_mul_bn382(c: &mut Criterion) { - bench_dense_poly_muls::>( - c, - 1 << 14, - "radix-2 DensePolynomial::mul - 2^14 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 15, - "radix-2 DensePolynomial::mul - 2^15 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 16, - "radix-2 DensePolynomial::mul - 2^16 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 17, - "radix-2 DensePolynomial::mul - 2^17 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 18, - "radix-2 DensePolynomial::mul - 2^18 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 19, - "radix-2 DensePolynomial::mul - 2^19 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 20, - "radix-2 DensePolynomial::mul - 2^20 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 21, - "radix-2 DensePolynomial::mul - 2^21 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 22, - "radix-2 DensePolynomial::mul - 2^22 - bn382", - ); - bench_dense_poly_muls::>( - c, - 1 << 23, - "radix-2 DensePolynomial::mul - 2^23 - bn382", - ); -} - -fn bench_dense_poly_div_by_vanishing_poly>( - c: &mut Criterion, - num_coeffs: usize, - name: &'static str, -) { - // Per benchmark setup - let rng = &mut rand::thread_rng(); - - // We expect the num_coeffs input to be a compatible size for the domain. - let domain = get_best_evaluation_domain::(num_coeffs).unwrap(); - let domain_size = domain.size(); - assert_eq!(num_coeffs, domain_size); - - c.bench_function(name, move |bencher| { - let p = DensePolynomial::::rand(4 * num_coeffs, rng); - - bencher.iter(|| { - add_to_trace!( - || format!("****************{}*******************", num_coeffs), - || format!( - "--->START TIMESTAMP: {:?}", - SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_secs() - ) - ); - - let _ans1 = p.divide_by_vanishing_poly( - &domain.clone(), - ); - - add_to_trace!( - || format!("****************{}*******************", num_coeffs), - || format!( - "--->END TIMESTAMP: {:?}", - SystemTime::now() - .duration_since(UNIX_EPOCH) - .unwrap() - .as_secs() - ) - ); - }) - }); -} - -fn bench_dense_poly_divide_by_vanishing_poly_bn382(c: &mut Criterion) { - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 14, - "radix-2 DensePolynomial::div by vanishing poly - 2^14 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 15, - "radix-2 DensePolynomial::div by vanishing poly - 2^15 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 16, - "radix-2 DensePolynomial::div by vanishing poly - 2^16 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 17, - "radix-2 DensePolynomial::div by vanishing poly - 2^17 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 18, - "radix-2 DensePolynomial::div by vanishing poly - 2^18 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 19, - "radix-2 DensePolynomial::div by vanishing poly - 2^19 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 20, - "radix-2 DensePolynomial::div by vanishing poly - 2^20 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 21, - "radix-2 DensePolynomial::div by vanishing poly - 2^21 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 22, - "radix-2 DensePolynomial::div by vanishing poly - 2^22 - bn382", - ); - bench_dense_poly_div_by_vanishing_poly::>( - c, - 1 << 23, - "radix-2 DensePolynomial::div by vanishing poly - 2^23 - bn382", - ); -} - -criterion_group! { - name = radix_2_fft; - config = Criterion::default().sample_size(10); - targets = bench_fft_bn382, bench_ifft_bn382, bench_dense_poly_mul_bn382, bench_dense_poly_divide_by_vanishing_poly_bn382 -} - -criterion_main!(radix_2_fft); diff --git a/algebra/benches/criterion_msm/variable_msm_bn382.rs b/algebra/benches/criterion_msm/variable_msm_bn382.rs deleted file mode 100644 index d786803c8..000000000 --- a/algebra/benches/criterion_msm/variable_msm_bn382.rs +++ /dev/null @@ -1,96 +0,0 @@ -#[macro_use] -extern crate criterion; - -#[macro_use] -extern crate bench_utils; - -use criterion::{BenchmarkId, Criterion, BatchSize}; - -use algebra::{ - curves::bn_382::{G1Projective, G1Affine}, - BigInteger384, UniformRand, ProjectiveCurve, FromBytes, ToBytes -}; -use algebra::msm::VariableBaseMSM; - -use std::time::{SystemTime, UNIX_EPOCH}; -use std::fs::File; -use std::path::Path; - -const DATA_PATH: &'static str = "./msm_bases_bn382"; - -fn save_data(samples: usize) { - let rng = &mut rand::thread_rng(); - - let mut fs = File::create(DATA_PATH).unwrap(); - - for _ in 0..samples { - let elem1:BigInteger384 = BigInteger384::rand(rng); - let elem2:G1Affine = G1Projective::rand(rng).into_affine(); - match elem1.write(&mut fs) { - Ok(_) => {}, - Err(msg) => { panic!("Cannot save coeffs to file: {}", msg)} - } - match elem2.write(&mut fs) { - Ok(_) => {}, - Err(msg) => { panic!("Cannot save coeffs to file: {}", msg)} - } - } -} - -fn load_data(samples: usize) -> (Vec,Vec) { - - if !Path::new(DATA_PATH).exists() { - save_data(1 << 23); - } - - let mut fs = File::open(DATA_PATH).unwrap(); - let mut v = Vec::with_capacity(samples); - let mut g = Vec::with_capacity(samples); - - for _i in 0..samples { - let elem1 = BigInteger384::read(&mut fs).unwrap(); - let elem2 = G1Affine::read(&mut fs).unwrap(); - v.push(elem1); - g.push(elem2); - } - - (v, g) -} - -fn variable_msm(c: &mut Criterion) { - - let mut group = c.benchmark_group("variable_base_msm_affine-bn382-variable number of bases = number of scalars"); - let samples = (14..=23).map(|i| 2usize.pow(i)).collect::>(); - - for &samples in samples.iter() { - group.bench_with_input(BenchmarkId::from_parameter(samples), &samples, |b, _samples| { - b.iter_batched(|| { - let (v, g) = load_data(samples); - (v, g) - }, - |(v, g)| { - add_to_trace!( - || format!("****************{}*******************", samples), - || format!("--->START TIMESTAMP: {:?}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) - ); - VariableBaseMSM::multi_scalar_mul(g.as_slice(), v.as_slice()).unwrap(); - add_to_trace!( - || format!("****************{}*******************", samples), - || format!("--->END TIMESTAMP: {:?}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) - ); - }, - BatchSize::PerIteration); - }); - } -} - -criterion_group! { - name = variable_msm_eval_bn382; - config = Criterion::default().sample_size(10); - targets = variable_msm, -} - -criterion_main! ( - variable_msm_eval_bn382 -); - diff --git a/algebra/benches/curves/bls12_377.rs b/algebra/benches/curves/bls12_377.rs deleted file mode 100644 index 494ef3e84..000000000 --- a/algebra/benches/curves/bls12_377.rs +++ /dev/null @@ -1,23 +0,0 @@ -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::ops::{AddAssign, MulAssign, SubAssign}; - -use algebra::{ - fields::bls12_377::{ - fq::Fq, fq2::Fq2, fr::Fr, Fq12 - }, - curves::bls12_377::{ - Bls12_377, G1Affine, G1Projective as G1, G2Affine, - G2Projective as G2, Bls12_377Parameters as Parameters, - }, - biginteger::{BigInteger256 as FrRepr, BigInteger384 as FqRepr}, - bls12::{G1Prepared, G2Prepared}, - BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, -}; - -ec_bench!(); -f_bench!(1, Fq2, Fq2, fq2); -f_bench!(2, Fq12, Fq12, fq12); -f_bench!(Fq, Fq, FqRepr, FqRepr, fq); -f_bench!(Fr, Fr, FrRepr, FrRepr, fr); -pairing_bench!(Bls12_377, Fq12, prepared_v); diff --git a/algebra/benches/curves/bls12_381.rs b/algebra/benches/curves/bls12_381.rs deleted file mode 100644 index 759784bfc..000000000 --- a/algebra/benches/curves/bls12_381.rs +++ /dev/null @@ -1,23 +0,0 @@ -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::ops::{AddAssign, MulAssign, SubAssign}; - -use algebra::{ - fields::bls12_381::{ - fq::Fq, fq2::Fq2, fr::Fr, Fq12 - }, - curves::bls12_381::{ - Bls12_381, G1Affine, G1Projective as G1, G2Affine, - G2Projective as G2, Bls12_381Parameters as Parameters, - }, - biginteger::{BigInteger256 as FrRepr, BigInteger384 as FqRepr}, - bls12::{G1Prepared, G2Prepared}, - BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, -}; - -ec_bench!(); -f_bench!(1, Fq2, Fq2, fq2); -f_bench!(2, Fq12, Fq12, fq12); -f_bench!(Fq, Fq, FqRepr, FqRepr, fq); -f_bench!(Fr, Fr, FrRepr, FrRepr, fr); -pairing_bench!(Bls12_381, Fq12, prepared_v); diff --git a/algebra/benches/curves/mnt4_753.rs b/algebra/benches/curves/mnt4_753.rs deleted file mode 100644 index 88116111f..000000000 --- a/algebra/benches/curves/mnt4_753.rs +++ /dev/null @@ -1,24 +0,0 @@ -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::ops::{AddAssign, MulAssign, SubAssign}; - -use algebra::{ - fields::mnt4753::{ - fq::Fq, fq2::Fq2, fr::Fr, Fq4 - }, - curves::{ - mnt4753::{ - MNT4, G1Affine, G1Projective as G1, G2Affine, - G2Projective as G2, MNT4_753Parameters as Parameters, - }, - models::mnt4::{G1Prepared, G2Prepared}, - }, - biginteger::BigInteger768 as FqRepr, - BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, -}; - -ec_bench!(); -f_bench!(1, Fq2, Fq2, fq2); -f_bench!(2, Fq4, Fq4, fq4); -f_bench!(Fq, Fq, FqRepr, FqRepr, fq); -pairing_bench!(MNT4, Fq4, prepared_v); diff --git a/algebra/benches/curves/mnt6_753.rs b/algebra/benches/curves/mnt6_753.rs deleted file mode 100644 index e15bdb669..000000000 --- a/algebra/benches/curves/mnt6_753.rs +++ /dev/null @@ -1,24 +0,0 @@ -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::ops::{AddAssign, MulAssign, SubAssign}; - -use algebra::{ - fields::mnt6753::{ - fq::Fq, fq3::Fq3, fr::Fr, Fq6 - }, - curves::{ - mnt6753::{ - MNT6, G1Affine, G1Projective as G1, G2Affine, - G2Projective as G2, MNT6_753Parameters as Parameters, - }, - models::mnt6::{G1Prepared, G2Prepared}, - }, - biginteger::BigInteger768 as FqRepr, - BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, -}; - -ec_bench!(); -f_bench!(1, Fq3, Fq3, fq3); -f_bench!(2, Fq6, Fq6, fq6); -f_bench!(Fq, Fq, FqRepr, FqRepr, fq); -pairing_bench!(MNT6, Fq6, prepared_v); diff --git a/algebra/benches/curves/mod.rs b/algebra/benches/curves/mod.rs index 411f79155..011a3083a 100644 --- a/algebra/benches/curves/mod.rs +++ b/algebra/benches/curves/mod.rs @@ -1,14 +1,2 @@ -#[cfg(feature = "bls12_377")] -mod bls12_377; - -#[cfg(feature = "bls12_381")] -mod bls12_381; - -#[cfg(feature = "sw6")] -mod sw6; - -#[cfg(feature = "mnt4_753")] -mod mnt4_753; - -#[cfg(feature = "mnt6_753")] -mod mnt6_753; +#[cfg(feature = "tweedle")] +mod tweedle; diff --git a/algebra/benches/curves/sw6.rs b/algebra/benches/curves/sw6.rs deleted file mode 100644 index d84eedf83..000000000 --- a/algebra/benches/curves/sw6.rs +++ /dev/null @@ -1,23 +0,0 @@ -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::ops::{AddAssign, MulAssign, SubAssign}; - -use algebra::{ - biginteger::{BigInteger384 as FrRepr, BigInteger832 as FqRepr}, - fields::sw6::{ - fq::Fq, fq3::Fq3, fr::Fr, Fq6, - }, - curves::sw6::{ - G1Affine, G1Projective as G1, - G2Affine, G2Projective as G2, - SW6, - }, - BigInteger, Field, PairingEngine, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, -}; - -ec_bench!(); -f_bench!(1, Fq3, Fq3, fq3); -f_bench!(2, Fq6, Fq6, fq6); -f_bench!(Fq, Fq, FqRepr, FqRepr, fq); -f_bench!(Fr, Fr, FrRepr, FrRepr, fr); -pairing_bench!(SW6, Fq6, affine_v); diff --git a/algebra/benches/curves/tweedle.rs b/algebra/benches/curves/tweedle.rs new file mode 100644 index 000000000..a06c8e85b --- /dev/null +++ b/algebra/benches/curves/tweedle.rs @@ -0,0 +1,19 @@ +use rand::SeedableRng; +use rand_xorshift::XorShiftRng; +use std::ops::{AddAssign, MulAssign, SubAssign}; + +use algebra::{ + biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr}, + fields::tweedle::{ + fq::Fq, fr::Fr, + }, + // curves::tweedle::{ + // G1Affine, G1Projective as G1, + // G2Affine, G2Projective as G2, + // }, + BigInteger, Field, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, +}; + +// ec_bench!(); +f_bench!(Fq, Fq, FqRepr, FqRepr, fq); +f_bench!(Fr, Fr, FrRepr, FrRepr, fr); diff --git a/algebra/benches/fft/mod.rs b/algebra/benches/fft/mod.rs index 0f8b966d3..f3a59ba83 100644 --- a/algebra/benches/fft/mod.rs +++ b/algebra/benches/fft/mod.rs @@ -1,5 +1,5 @@ use algebra::{ - fields::mnt6753::Fr, + fields::tweedle::Fr, fft::get_best_evaluation_domain, UniformRand, }; diff --git a/algebra/src/curves/bls12_377/g1.rs b/algebra/src/curves/bls12_377/g1.rs deleted file mode 100644 index 3805e6c8e..000000000 --- a/algebra/src/curves/bls12_377/g1.rs +++ /dev/null @@ -1,75 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::{BigInteger256, BigInteger384}, - curves::models::{ModelParameters, SWModelParameters}, - fields::{ - bls12_377::{Fq, Fr}, - Field, - }, -}; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct Bls12_377G1Parameters; - -impl ModelParameters for Bls12_377G1Parameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl SWModelParameters for Bls12_377G1Parameters { - /// COEFF_A = 0 - const COEFF_A: Fq = field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])); - - /// COEFF_B = 1 - const COEFF_B: Fq = field_new!(Fq, BigInteger384([ - 0x2cdffffffffff68, - 0x51409f837fffffb1, - 0x9f7db3a98a7d3ff2, - 0x7b4e97b76e7c6305, - 0x4cf495bf803c84e8, - 0x8d6661e2fdf49a, - ])); - - /// COFACTOR = (x - 1)^2 / 3 = 30631250834960419227450344600217059328 - const COFACTOR: &'static [u64] = &[0x0, 0x170b5d4430000000]; - - /// COFACTOR_INV = COFACTOR^{-1} mod r - /// = 5285428838741532253824584287042945485047145357130994810877 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([ - 2013239619100046060, - 4201184776506987597, - 2526766393982337036, - 1114629510922847535, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G1_GENERATOR_X, G1_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(_: &Self::BaseField) -> Self::BaseField { - Self::BaseField::zero() - } -} - -/// G1_GENERATOR_X = -/// 81937999373150964239938255573465948239988671502647976594219695644855304257327692006745978603320413799295628339695 -pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger384([ - 0x260f33b9772451f4, - 0xc54dd773169d5658, - 0x5c1551c469a510dd, - 0x761662e4425e1698, - 0xc97d78cc6f065272, - 0xa41206b361fd4d, -])); - -/// G1_GENERATOR_Y = -/// 241266749859715473739788878240585681733927191168601896383759122102112907357779751001206799952863815012735208165030 -pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger384([ - 0x8193961fb8cb81f3, - 0x638d4c5f44adb8, - 0xfafaf3dad4daf54a, - 0xc27849e2d655cd18, - 0x2ec3ddb401d52814, - 0x7da93326303c71, -])); diff --git a/algebra/src/curves/bls12_377/g2.rs b/algebra/src/curves/bls12_377/g2.rs deleted file mode 100644 index c1a613772..000000000 --- a/algebra/src/curves/bls12_377/g2.rs +++ /dev/null @@ -1,122 +0,0 @@ -use crate::field_new; -use super::g1::Bls12_377G1Parameters; -use crate::{ - biginteger::{BigInteger256, BigInteger384}, - curves::models::{ModelParameters, SWModelParameters}, - fields::{ - bls12_377::{Fq, Fq2, Fr}, - Field, - }, -}; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct Bls12_377G2Parameters; - -impl ModelParameters for Bls12_377G2Parameters { - type BaseField = Fq2; - type ScalarField = Fr; -} - -impl SWModelParameters for Bls12_377G2Parameters { - /// COEFF_A = [0, 0] - const COEFF_A: Fq2 = field_new!(Fq2, - Bls12_377G1Parameters::COEFF_A, - Bls12_377G1Parameters::COEFF_A, - ); - - // As per https://eprint.iacr.org/2012/072.pdf, - // this curve has b' = b/i, where b is the COEFF_B of G1, and x^6 -i is - // the irreducible poly used to extend from Fp2 to Fp12. - // In our case, i = u (App A.3, T_6). - /// COEFF_B = [0, - /// 155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906] - const COEFF_B: Fq2 = field_new!(Fq2, - field_new!(Fq, BigInteger384([0, 0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger384([ - 9255502405446297221, - 10229180150694123945, - 9215585410771530959, - 13357015519562362907, - 5437107869987383107, - 16259554076827459, - ])), - ); - - /// COFACTOR = - /// 7923214915284317143930293550643874566881017850177945424769256759165301436616933228209277966774092486467289478618404761412630691835764674559376407658497 - const COFACTOR: &'static [u64] = &[ - 0x0000000000000001, - 0x452217cc90000000, - 0xa0f3622fba094800, - 0xd693e8c36676bd09, - 0x8c505634fae2e189, - 0xfbb36b00e1dcc40c, - 0xddd88d99a6f6a829, - 0x26ba558ae9562a, - ]; - - /// COFACTOR_INV = COFACTOR^{-1} mod r - /// = 6764900296503390671038341982857278410319949526107311149686707033187604810669 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([ - 15499857013495546999, - 4613531467548868169, - 14546778081091178013, - 549402535258503313, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G2_GENERATOR_X, G2_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(_: &Self::BaseField) -> Self::BaseField { - Self::BaseField::zero() - } -} - -pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1); -pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1); - -/// G2_GENERATOR_X_C0 = -/// 233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294 -pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger384([ - 0x68904082f268725b, - 0x668f2ea74f45328b, - 0xebca7a65802be84f, - 0x1e1850f4c1ada3e6, - 0x830dc22d588ef1e9, - 0x1862a81767c0982, -])); - -/// G2_GENERATOR_X_C1 = -/// 140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118 -pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger384([ - 0x5f02a915c91c7f39, - 0xf8c553ba388da2a7, - 0xd51a416dbd198850, - 0xe943c6f38ae3073a, - 0xffe24aa8259a4981, - 0x11853391e73dfdd, -])); - -/// G2_GENERATOR_Y_C0 = -/// 63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423 -pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger384([ - 0xd5b19b897881430f, - 0x5be9118a5b371ed, - 0x6063f91f86c131ee, - 0x3244a61be8f4ec19, - 0xa02e425b9f9a3a12, - 0x18af8c04f3360d2, -])); - -/// G2_GENERATOR_Y_C1 = -/// 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491 -pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger384([ - 0x57601ac71a5b96f5, - 0xe99acc1714f2440e, - 0x2339612f10118ea9, - 0x8321e68a3b1cd722, - 0x2b543b050cc74917, - 0x590182b396c112, -])); diff --git a/algebra/src/curves/bls12_377/mod.rs b/algebra/src/curves/bls12_377/mod.rs deleted file mode 100644 index 47e3c5ce1..000000000 --- a/algebra/src/curves/bls12_377/mod.rs +++ /dev/null @@ -1,39 +0,0 @@ -use crate::{ - curves::{ - bls12::{ - Bls12, Bls12Parameters, G1Affine as Bls12G1Affine, - G1Projective as Bls12G1Projective, G2Affine as Bls12G2Affine, - G2Projective as Bls12G2Projective, TwistType, - }, - }, - fields::bls12_377::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters}, -}; - -pub mod g1; -pub mod g2; -#[cfg(test)] -mod tests; - -use self::{g1::Bls12_377G1Parameters, g2::Bls12_377G2Parameters}; - -pub struct Bls12_377Parameters; - -impl Bls12Parameters for Bls12_377Parameters { - const X: &'static [u64] = &[0x8508c00000000001]; - /// `x` is positive. - const X_IS_NEGATIVE: bool = false; - const TWIST_TYPE: TwistType = TwistType::D; - type Fp = Fq; - type Fp2Params = Fq2Parameters; - type Fp6Params = Fq6Parameters; - type Fp12Params = Fq12Parameters; - type G1Parameters = Bls12_377G1Parameters; - type G2Parameters = Bls12_377G2Parameters; -} - -pub type Bls12_377 = Bls12; - -pub type G1Affine = Bls12G1Affine; -pub type G1Projective = Bls12G1Projective; -pub type G2Affine = Bls12G2Affine; -pub type G2Projective = Bls12G2Projective; diff --git a/algebra/src/curves/bls12_377/tests.rs b/algebra/src/curves/bls12_377/tests.rs deleted file mode 100644 index 71ebc6ec4..000000000 --- a/algebra/src/curves/bls12_377/tests.rs +++ /dev/null @@ -1,143 +0,0 @@ -#![allow(unused_imports)] -use crate::{curves::{ - bls12_377::{ - g1::Bls12_377G1Parameters, g2::Bls12_377G2Parameters, - Bls12_377, G1Affine, G1Projective, G2Affine, G2Projective, - }, - models::SWModelParameters, - tests::{curve_tests, sw_jacobian_tests}, - AffineCurve, PairingEngine, ProjectiveCurve, -}, fields::{ - bls12_377::{Fq, Fq12, Fq2, Fr}, - Field, FpParameters, PrimeField, SquareRootField, -}, groups::tests::group_test, SemanticallyValid}; -use std::ops::{AddAssign, MulAssign}; - -#[test] -fn test_g1_projective_curve() { - curve_tests::(); - sw_jacobian_tests::() -} - -#[test] -fn test_g1_projective_group() { - let a: G1Projective = rand::random(); - let b: G1Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g1_generator() { - let generator = G1Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_g2_projective_curve() { - curve_tests::(); - sw_jacobian_tests::() -} - -#[test] -fn test_g2_projective_group() { - let a: G2Projective = rand::random(); - let b: G2Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g2_generator() { - let generator = G2Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -// #[test] -// fn test_bilinearity() { -// let a: G1Projective = rand::random(); -// let b: G2Projective = rand::random(); -// let s: Fr = rand::random(); -// -// let sa = a * &s; -// let sb = b * &s; -// -// let ans1 = Bls12_377::pairing(sa, b); -// let ans2 = Bls12_377::pairing(a, sb); -// let ans3 = Bls12_377::pairing(a, b).pow(s.into_repr()); -// -// assert_eq!(ans1, ans2); -// assert_eq!(ans2, ans3); -// -// assert_ne!(ans1, Fq12::one()); -// assert_ne!(ans2, Fq12::one()); -// assert_ne!(ans3, Fq12::one()); -// -// assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one()); -// assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one()); -// assert_eq!(ans3.pow(Fr::characteristic()), Fq12::one()); -// } - -#[test] -fn test_bilinearity() { - let a: G1Projective = G1Projective::prime_subgroup_generator(); - let b: G2Projective = G2Projective::prime_subgroup_generator(); - let s: Fr = Fr::one() + &Fr::one(); - - let sa = a * &s; - let sb = b * &s; - - println!("a\n{:?}\n", a.into_affine()); - println!("b\n{:?}\n", b.into_affine()); - println!("s\n{:?}\n", s); - println!("sa\n{:?}\n", sa.into_affine()); - println!("sb\n{:?}\n", sb.into_affine()); - - let ans1 = Bls12_377::pairing(sa, b).unwrap(); - let ans2 = Bls12_377::pairing(a, sb).unwrap(); - - assert_eq!(ans1, ans2); - - assert_ne!(ans1, Fq12::one()); - assert_ne!(ans2, Fq12::one()); - assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one()); - assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one()); -} - -#[test] -fn test_g1_generator_raw() { - let mut x = Fq::zero(); - let mut i = 0; - loop { - // y^2 = x^3 + b - let mut rhs = x; - rhs.square_in_place(); - rhs.mul_assign(&x); - rhs.add_assign(&Bls12_377G1Parameters::COEFF_B); - - if let Some(y) = rhs.sqrt() { - let p = G1Affine::new(x, if y < -y { y } else { -y }, false); - assert!(!p.is_in_correct_subgroup_assuming_on_curve()); - - let g1 = p.scale_by_cofactor(); - if !g1.is_zero() { - assert_eq!(i, 1); - let g1 = G1Affine::from(g1); - - assert!(g1.is_in_correct_subgroup_assuming_on_curve()); - - assert_eq!(g1, G1Affine::prime_subgroup_generator()); - break; - } - } - - i += 1; - x.add_assign(&Fq::one()); - } -} - -#[test] -fn bls12_377_unique() { - use crate::fields::bls12_377::fq::Fq; - - use std::str::FromStr; - println!("{}", Fq::from_str("155198655607781456406391640216936120121836107652948796323930557600032281009004493664981332883744016074664192874906").unwrap()); -} diff --git a/algebra/src/curves/bls12_381/g1.rs b/algebra/src/curves/bls12_381/g1.rs deleted file mode 100644 index 1c5eb42b9..000000000 --- a/algebra/src/curves/bls12_381/g1.rs +++ /dev/null @@ -1,82 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::{BigInteger256, BigInteger384}, - curves::{ - bls12::{G1Affine as Bls12G1Affine, G1Projective as Bls12G1Projective}, - bls12_381::Bls12_381Parameters, - models::{ModelParameters, SWModelParameters}, - }, - fields::{ - bls12_381::{Fq, Fr}, - Field, - }, -}; - -pub type G1Affine = Bls12G1Affine; -pub type G1Projective = Bls12G1Projective; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct Bls12_381G1Parameters; - -impl ModelParameters for Bls12_381G1Parameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl SWModelParameters for Bls12_381G1Parameters { - /// COEFF_A = 0 - const COEFF_A: Fq = field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])); - - /// COEFF_B = 4 - const COEFF_B: Fq = field_new!(Fq, BigInteger384([ - 0xaa270000000cfff3, - 0x53cc0032fc34000a, - 0x478fe97a6b0a807f, - 0xb1d37ebee6ba24d7, - 0x8ec9733bbf78ab2f, - 0x9d645513d83de7e, - ])); - - /// COFACTOR = (x - 1)^2 / 3 = 76329603384216526031706109802092473003 - const COFACTOR: &'static [u64] = &[0x8c00aaab0000aaab, 0x396c8c005555e156]; - - /// COFACTOR_INV = COFACTOR^{-1} mod r - /// = 52435875175126190458656871551744051925719901746859129887267498875565241663483 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([ - 288839107172787499, - 1152722415086798946, - 2612889808468387987, - 5124657601728438008, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G1_GENERATOR_X, G1_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(_: &Self::BaseField) -> Self::BaseField { - Self::BaseField::zero() - } -} - -/// G1_GENERATOR_X = -/// 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507 -pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger384([ - 0x5cb38790fd530c16, - 0x7817fc679976fff5, - 0x154f95c7143ba1c1, - 0xf0ae6acdf3d0e747, - 0xedce6ecc21dbf440, - 0x120177419e0bfb75, -])); - -/// G1_GENERATOR_Y = -/// 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569 -pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger384([ - 0xbaac93d50ce72271, - 0x8c22631a7918fd8e, - 0xdd595f13570725ce, - 0x51ac582950405194, - 0xe1c8c3fad0059c0, - 0xbbc3efc5008a26a, -])); diff --git a/algebra/src/curves/bls12_381/g2.rs b/algebra/src/curves/bls12_381/g2.rs deleted file mode 100644 index b15ab412b..000000000 --- a/algebra/src/curves/bls12_381/g2.rs +++ /dev/null @@ -1,120 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::{BigInteger256, BigInteger384}, - curves::{ - bls12::{G2Affine as Bls12G2Affine, G2Projective as Bls12G2Projective}, - bls12_381::{ - g1::Bls12_381G1Parameters, - Bls12_381Parameters, - }, - models::{ModelParameters, SWModelParameters}, - }, - fields::{ - bls12_381::{Fq, Fq2, Fr}, - Field, - }, -}; - -pub type G2Affine = Bls12G2Affine; -pub type G2Projective = Bls12G2Projective; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct Bls12_381G2Parameters; - -impl ModelParameters for Bls12_381G2Parameters { - type BaseField = Fq2; - type ScalarField = Fr; -} - -impl SWModelParameters for Bls12_381G2Parameters { - /// COEFF_A = [0, 0] - const COEFF_A: Fq2 = field_new!(Fq2, - Bls12_381G1Parameters::COEFF_A, - Bls12_381G1Parameters::COEFF_A, - ); - - /// COEFF_B = [4, 4] - const COEFF_B: Fq2 = field_new!(Fq2, - Bls12_381G1Parameters::COEFF_B, - Bls12_381G1Parameters::COEFF_B, - ); - - /// COFACTOR = (x^8 - 4 x^7 + 5 x^6) - (4 x^4 + 6 x^3 - 4 x^2 - 4 x + 13) // - /// 9 - /// = 305502333931268344200999753193121504214466019254188142667664032982267604182971884026507427359259977847832272839041616661285803823378372096355777062779109 - const COFACTOR: &'static [u64] = &[ - 0xcf1c38e31c7238e5, - 0x1616ec6e786f0c70, - 0x21537e293a6691ae, - 0xa628f1cb4d9e82ef, - 0xa68a205b2e5a7ddf, - 0xcd91de4547085aba, - 0x91d50792876a202, - 0x5d543a95414e7f1, - ]; - - /// COFACTOR_INV = COFACTOR^{-1} mod r - /// 26652489039290660355457965112010883481355318854675681319708643586776743290055 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([ - 6746407649509787816, - 1304054119431494378, - 2461312685643913071, - 5956596749362435284, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G2_GENERATOR_X, G2_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(_: &Self::BaseField) -> Self::BaseField { - Self::BaseField::zero() - } -} - -pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1); -pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1); - -/// G2_GENERATOR_X_C0 = -/// 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160 -pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger384([ - 0xf5f28fa202940a10, - 0xb3f5fb2687b4961a, - 0xa1a893b53e2ae580, - 0x9894999d1a3caee9, - 0x6f67b7631863366b, - 0x58191924350bcd7, -])); - -/// G2_GENERATOR_X_C1 = -/// 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758 -pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger384([ - 0xa5a9c0759e23f606, - 0xaaa0c59dbccd60c3, - 0x3bb17e18e2867806, - 0x1b1ab6cc8541b367, - 0xc2b6ed0ef2158547, - 0x11922a097360edf3, -])); - -/// G2_GENERATOR_Y_C0 = -/// 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905 -pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger384([ - 0x4c730af860494c4a, - 0x597cfa1f5e369c5a, - 0xe7e6856caa0a635a, - 0xbbefb5e96e0d495f, - 0x7d3a975f0ef25a2, - 0x83fd8e7e80dae5, -])); - -/// G2_GENERATOR_Y_C1 = -/// 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582 -pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger384([ - 0xadc0fc92df64b05d, - 0x18aa270a2b1461dc, - 0x86adac6a3be4eba0, - 0x79495c4ec93da33a, - 0xe7175850a43ccaed, - 0xb2bc2a163de1bf2, -])); diff --git a/algebra/src/curves/bls12_381/mod.rs b/algebra/src/curves/bls12_381/mod.rs deleted file mode 100644 index 013f8c6b8..000000000 --- a/algebra/src/curves/bls12_381/mod.rs +++ /dev/null @@ -1,32 +0,0 @@ -use crate::{ - curves::bls12::{Bls12, Bls12Parameters, TwistType}, - fields::bls12_381::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters}, -}; - -pub mod g1; -pub mod g2; -#[cfg(test)] -mod tests; - -use self::{g1::Bls12_381G1Parameters, g2::Bls12_381G2Parameters}; - -pub use self::{ - g1::{G1Affine, G1Projective}, - g2::{G2Affine, G2Projective}, -}; - -pub type Bls12_381 = Bls12; - -pub struct Bls12_381Parameters; - -impl Bls12Parameters for Bls12_381Parameters { - const X: &'static [u64] = &[0xd201000000010000]; - const X_IS_NEGATIVE: bool = true; - const TWIST_TYPE: TwistType = TwistType::M; - type Fp = Fq; - type Fp2Params = Fq2Parameters; - type Fp6Params = Fq6Parameters; - type Fp12Params = Fq12Parameters; - type G1Parameters = Bls12_381G1Parameters; - type G2Parameters = Bls12_381G2Parameters; -} diff --git a/algebra/src/curves/bls12_381/tests.rs b/algebra/src/curves/bls12_381/tests.rs deleted file mode 100644 index 3222404bd..000000000 --- a/algebra/src/curves/bls12_381/tests.rs +++ /dev/null @@ -1,926 +0,0 @@ -use crate::{biginteger::BigInteger384, curves::{ - bls12_381::{ - g1::{Bls12_381G1Parameters, G1Affine, G1Projective}, - g2::{Bls12_381G2Parameters, G2Affine, G2Projective}, - Bls12_381, - }, - models::SWModelParameters, - tests::{curve_tests, sw_jacobian_tests}, - AffineCurve, PairingEngine, ProjectiveCurve, -}, fields::{ - bls12_381::{Fq, Fq12, Fq2, Fr}, - Field, PrimeField, SquareRootField, -}, groups::tests::group_test, SemanticallyValid}; -use rand; -use std::ops::{AddAssign, MulAssign}; - -#[test] -fn test_g1_projective_curve() { - curve_tests::(); - sw_jacobian_tests::(); -} - -#[test] -fn test_g1_projective_group() { - let a: G1Projective = rand::random(); - let b: G1Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g1_generator() { - let generator = G1Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_g2_projective_curve() { - curve_tests::(); - sw_jacobian_tests::(); -} - -#[test] -fn test_g2_projective_group() { - let a: G2Projective = rand::random(); - let b: G2Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g2_generator() { - let generator = G2Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_bilinearity() { - let a: G1Projective = rand::random(); - let b: G2Projective = rand::random(); - let s: Fr = rand::random(); - - let sa = a * &s; - let sb = b * &s; - - let ans1 = Bls12_381::pairing(sa, b).unwrap(); - let ans2 = Bls12_381::pairing(a, sb).unwrap(); - let ans3 = Bls12_381::pairing(a, b).unwrap().pow(s.into_repr()); - - assert_eq!(ans1, ans2); - assert_eq!(ans2, ans3); - - assert_ne!(ans1, Fq12::one()); - assert_ne!(ans2, Fq12::one()); - assert_ne!(ans3, Fq12::one()); - - assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one()); - assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one()); - assert_eq!(ans3.pow(Fr::characteristic()), Fq12::one()); -} - -#[test] -fn test_g1_generator_raw() { - let mut x = Fq::zero(); - let mut i = 0; - loop { - // y^2 = x^3 + b - let mut rhs = x; - rhs.square_in_place(); - rhs.mul_assign(&x); - rhs.add_assign(&Bls12_381G1Parameters::COEFF_B); - - if let Some(y) = rhs.sqrt() { - let p = G1Affine::new(x, if y < -y { y } else { -y }, false); - assert!(!p.is_in_correct_subgroup_assuming_on_curve()); - - let g1 = p.scale_by_cofactor(); - if !g1.is_zero() { - assert_eq!(i, 4); - let g1 = G1Affine::from(g1); - - assert!(g1.is_in_correct_subgroup_assuming_on_curve()); - - assert_eq!(g1, G1Affine::prime_subgroup_generator()); - break; - } - } - - i += 1; - x.add_assign(&Fq::one()); - } -} - -#[test] -fn test_g1_is_valid() { - - // Reject point with invalid x coordinate - let p = G1Affine::new( - Fq::new(BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - Fq::from_repr(BigInteger384([ - 0xd0de9d65292b7710, - 0xf6a05f2bcf1d9ca7, - 0x1040e27012f20b64, - 0xeec8d1a5b7466c58, - 0x4bc362649dce6376, - 0x430cbdc5455b00a, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.x.is_valid()); - - // Reject point with invalid y coordinate - let p = G1Affine::new( - Fq::from_repr(BigInteger384([ - 0x6dd3098f22235df, - 0xe865d221c8090260, - 0xeb96bb99fa50779f, - 0xc4f9a52a428e23bb, - 0xd178b28dd4f407ef, - 0x17fb8905e9183c69, - ])), - Fq::new(BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.y.is_valid()); - - - // Accept valid point - let p: G1Projective = rand::random(); - let p_affine = p.into_affine(); - assert!(p_affine.is_valid()); - - // Reject point on isomorphic twist (b = 24) - { - let p = G1Affine::new( - Fq::from_repr(BigInteger384([ - 0xc58d887b66c035dc, - 0x10cbfd301d553822, - 0xaf23e064f1131ee5, - 0x9fe83b1b4a5d648d, - 0xf583cc5a508f6a40, - 0xc3ad2aefde0bb13, - ])), - Fq::from_repr(BigInteger384([ - 0x60aa6f9552f03aae, - 0xecd01d5181300d35, - 0x8af1cdb8aa8ce167, - 0xe760f57922998c9d, - 0x953703f5795a39e5, - 0xfe3ae0922df702c, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.is_on_curve()); - } - - // Reject point on a twist (b = 3) - { - let p = G1Affine::new( - Fq::from_repr(BigInteger384([ - 0xee6adf83511e15f5, - 0x92ddd328f27a4ba6, - 0xe305bd1ac65adba7, - 0xea034ee2928b30a8, - 0xbd8833dc7c79a7f7, - 0xe45c9f0c0438675, - ])), - Fq::from_repr(BigInteger384([ - 0x3b450eb1ab7b5dad, - 0xa65cb81e975e8675, - 0xaa548682b21726e5, - 0x753ddf21a2601d20, - 0x532d0b640bd3ff8b, - 0x118d2c543f031102, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.is_on_curve()); - assert!(!p.is_in_correct_subgroup_assuming_on_curve()); - } - - // Reject point in an invalid subgroup - // There is only one r-order subgroup, as r does not divide the cofactor. - { - let p = G1Affine::new( - Fq::from_repr(BigInteger384([ - 0x76e1c971c6db8fe8, - 0xe37e1a610eff2f79, - 0x88ae9c499f46f0c0, - 0xf35de9ce0d6b4e84, - 0x265bddd23d1dec54, - 0x12a8778088458308, - ])), - Fq::from_repr(BigInteger384([ - 0x8a22defa0d526256, - 0xc57ca55456fcb9ae, - 0x1ba194e89bab2610, - 0x921beef89d4f29df, - 0x5b6fda44ad85fa78, - 0xed74ab9f302cbe0, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.is_in_correct_subgroup_assuming_on_curve()); - } -} - -#[test] -fn test_g1_addition_correctness() { - let mut p = G1Projective::new( - Fq::from_repr(BigInteger384([ - 0x47fd1f891d6e8bbf, - 0x79a3b0448f31a2aa, - 0x81f3339e5f9968f, - 0x485e77d50a5df10d, - 0x4c6fcac4b55fd479, - 0x86ed4d9906fb064, - ])), - Fq::from_repr(BigInteger384([ - 0xd25ee6461538c65, - 0x9f3bbb2ecd3719b9, - 0xa06fd3f1e540910d, - 0xcefca68333c35288, - 0x570c8005f8573fa6, - 0x152ca696fe034442, - ])), - Fq::one(), - ); - - p.add_assign(&G1Projective::new( - Fq::from_repr(BigInteger384([ - 0xeec78f3096213cbf, - 0xa12beb1fea1056e6, - 0xc286c0211c40dd54, - 0x5f44314ec5e3fb03, - 0x24e8538737c6e675, - 0x8abd623a594fba8, - ])), - Fq::from_repr(BigInteger384([ - 0x6b0528f088bb7044, - 0x2fdeb5c82917ff9e, - 0x9a5181f2fac226ad, - 0xd65104c6f95a872a, - 0x1f2998a5a9c61253, - 0xe74846154a9e44, - ])), - Fq::one(), - )); - - let p = G1Affine::from(p); - - assert_eq!( - p, - G1Affine::new( - Fq::from_repr(BigInteger384([ - 0x6dd3098f22235df, - 0xe865d221c8090260, - 0xeb96bb99fa50779f, - 0xc4f9a52a428e23bb, - 0xd178b28dd4f407ef, - 0x17fb8905e9183c69, - ])), - Fq::from_repr(BigInteger384([ - 0xd0de9d65292b7710, - 0xf6a05f2bcf1d9ca7, - 0x1040e27012f20b64, - 0xeec8d1a5b7466c58, - 0x4bc362649dce6376, - 0x430cbdc5455b00a, - ])), - false, - ) - ); -} - -#[test] -fn test_g1_doubling_correctness() { - let mut p = G1Projective::new( - Fq::from_repr(BigInteger384([ - 0x47fd1f891d6e8bbf, - 0x79a3b0448f31a2aa, - 0x81f3339e5f9968f, - 0x485e77d50a5df10d, - 0x4c6fcac4b55fd479, - 0x86ed4d9906fb064, - ])), - Fq::from_repr(BigInteger384([ - 0xd25ee6461538c65, - 0x9f3bbb2ecd3719b9, - 0xa06fd3f1e540910d, - 0xcefca68333c35288, - 0x570c8005f8573fa6, - 0x152ca696fe034442, - ])), - Fq::one(), - ); - - p.double_in_place(); - - let p = G1Affine::from(p); - - assert_eq!( - p, - G1Affine::new( - Fq::from_repr(BigInteger384([ - 0xf939ddfe0ead7018, - 0x3b03942e732aecb, - 0xce0e9c38fdb11851, - 0x4b914c16687dcde0, - 0x66c8baf177d20533, - 0xaf960cff3d83833, - ])), - Fq::from_repr(BigInteger384([ - 0x3f0675695f5177a8, - 0x2b6d82ae178a1ba0, - 0x9096380dd8e51b11, - 0x1771a65b60572f4e, - 0x8b547c1313b27555, - 0x135075589a687b1e, - ])), - false, - ) - ); -} - -#[test] -fn test_g1_same_y() { - // Test the addition of two points with different x coordinates - // but the same y coordinate. - - // x1 = 128100205326445210408953809171070606737678357140298133325128175840781723996595026100005714405541449960643523234125 - // x2 = 3821408151224848222394078037104966877485040835569514006839342061575586899845797797516352881516922679872117658572470 - // y = 2291134451313223670499022936083127939567618746216464377735567679979105510603740918204953301371880765657042046687078 - - let a = G1Affine::new( - Fq::from_repr(BigInteger384([ - 0xea431f2cc38fc94d, - 0x3ad2354a07f5472b, - 0xfe669f133f16c26a, - 0x71ffa8021531705, - 0x7418d484386d267, - 0xd5108d8ff1fbd6, - ])), - Fq::from_repr(BigInteger384([ - 0xa776ccbfe9981766, - 0x255632964ff40f4a, - 0xc09744e650b00499, - 0x520f74773e74c8c3, - 0x484c8fc982008f0, - 0xee2c3d922008cc6, - ])), - false, - ); - - let b = G1Affine::new( - Fq::from_repr(BigInteger384([ - 0xe06cdb156b6356b6, - 0xd9040b2d75448ad9, - 0xe702f14bb0e2aca5, - 0xc6e05201e5f83991, - 0xf7c75910816f207c, - 0x18d4043e78103106, - ])), - Fq::from_repr(BigInteger384([ - 0xa776ccbfe9981766, - 0x255632964ff40f4a, - 0xc09744e650b00499, - 0x520f74773e74c8c3, - 0x484c8fc982008f0, - 0xee2c3d922008cc6, - ])), - false, - ); - - // Expected - // x = 52901198670373960614757979459866672334163627229195745167587898707663026648445040826329033206551534205133090753192 - // y = 1711275103908443722918766889652776216989264073722543507596490456144926139887096946237734327757134898380852225872709 - let c = G1Affine::new( - Fq::from_repr(BigInteger384([ - 0xef4f05bdd10c8aa8, - 0xad5bf87341a2df9, - 0x81c7424206b78714, - 0x9676ff02ec39c227, - 0x4c12c15d7e55b9f3, - 0x57fd1e317db9bd, - ])), - Fq::from_repr(BigInteger384([ - 0x1288334016679345, - 0xf955cd68615ff0b5, - 0xa6998dbaa600f18a, - 0x1267d70db51049fb, - 0x4696deb9ab2ba3e7, - 0xb1e4e11177f59d4, - ])), - false, - ); - - assert!(a.is_on_curve() && a.is_in_correct_subgroup_assuming_on_curve()); - assert!(b.is_on_curve() && b.is_in_correct_subgroup_assuming_on_curve()); - assert!(c.is_on_curve() && c.is_in_correct_subgroup_assuming_on_curve()); - - let mut tmp1 = a.into_projective(); - tmp1.add_assign(&b.into_projective()); - assert_eq!(tmp1.into_affine(), c); - assert_eq!(tmp1, c.into_projective()); - - let mut tmp2 = a.into_projective(); - tmp2.add_assign_mixed(&b); - assert_eq!(tmp2.into_affine(), c); - assert_eq!(tmp2, c.into_projective()); -} - -#[test] -fn test_g2_generator_raw() { - let mut x = Fq2::zero(); - let mut i = 0; - loop { - // y^2 = x^3 + b - let rhs = (x.square() * &x) + &Bls12_381G2Parameters::COEFF_B; - if let Some(y) = rhs.sqrt() { - let p = G2Affine::new(x, if y < -y { y } else { -y }, false); - - assert!(!p.is_in_correct_subgroup_assuming_on_curve()); - - let g2 = p.scale_by_cofactor(); - if !g2.is_zero() { - assert_eq!(i, 2); - let g2 = G2Affine::from(g2); - - assert!(g2.is_in_correct_subgroup_assuming_on_curve()); - assert_eq!(g2, G2Affine::prime_subgroup_generator()); - break; - } - } - - i += 1; - x += &Fq2::one(); - } -} - -#[test] -fn test_g2_is_valid() { - - // Reject point with invalid x coordinate - let p = G2Affine::new( - Fq2::new( - Fq::new(BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - Fq::from_repr(BigInteger384([ - 0xd1a50b8572cbd2b8, - 0x238f0ac6119d07df, - 0x4dbe924fe5fd6ac2, - 0x8b203284c51edf6b, - 0xc8a0b730bbb21f5e, - 0x1a3b59d29a31274, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x9e709e78a8eaa4c9, - 0xd30921c93ec342f4, - 0x6d1ef332486f5e34, - 0x64528ab3863633dc, - 0x159384333d7cba97, - 0x4cb84741f3cafe8, - ])), - Fq::from_repr(BigInteger384([ - 0x242af0dc3640e1a4, - 0xe90a73ad65c66919, - 0x2bd7ca7f4346f9ec, - 0x38528f92b689644d, - 0xb6884deec59fb21f, - 0x3c075d3ec52ba90, - ])), - ), - false, - ); - assert!(!p.is_valid()); - assert!(!p.x.is_valid()); - - // Reject point with invalid x coordinate - let p = G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xcde7ee8a3f2ac8af, - 0xfc642eb35975b069, - 0xa7de72b7dd0e64b7, - 0xf1273e6406eef9cc, - 0xababd760ff05cb92, - 0xd7c20456617e89, - ])), - Fq::from_repr(BigInteger384([ - 0xd1a50b8572cbd2b8, - 0x238f0ac6119d07df, - 0x4dbe924fe5fd6ac2, - 0x8b203284c51edf6b, - 0xc8a0b730bbb21f5e, - 0x1a3b59d29a31274, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x9e709e78a8eaa4c9, - 0xd30921c93ec342f4, - 0x6d1ef332486f5e34, - 0x64528ab3863633dc, - 0x159384333d7cba97, - 0x4cb84741f3cafe8, - ])), - Fq::new(BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - ), - false, - ); - assert!(!p.is_valid()); - assert!(!p.y.is_valid()); - - // Accept valid point - - let p: G2Projective = rand::random(); - let p_affine = p.into_affine(); - assert!(p_affine.is_valid()); - - // Reject point on isomorphic twist (b = 3 * (u + 1)) - { - let p = G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xa757072d9fa35ba9, - 0xae3fb2fb418f6e8a, - 0xc1598ec46faa0c7c, - 0x7a17a004747e3dbe, - 0xcc65406a7c2e5a73, - 0x10b8c03d64db4d0c, - ])), - Fq::from_repr(BigInteger384([ - 0xd30e70fe2f029778, - 0xda30772df0f5212e, - 0x5b47a9ff9a233a50, - 0xfb777e5b9b568608, - 0x789bac1fec71a2b9, - 0x1342f02e2da54405, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xfe0812043de54dca, - 0xe455171a3d47a646, - 0xa493f36bc20be98a, - 0x663015d9410eb608, - 0x78e82a79d829a544, - 0x40a00545bb3c1e, - ])), - Fq::from_repr(BigInteger384([ - 0x4709802348e79377, - 0xb5ac4dc9204bcfbd, - 0xda361c97d02f42b2, - 0x15008b1dc399e8df, - 0x68128fd0548a3829, - 0x16a613db5c873aaa, - ])), - ), - false, - ); - assert!(!p.is_on_curve()); - assert!(p.is_in_correct_subgroup_assuming_on_curve()); - } - - // Reject point on a twist (b = 2 * (u + 1)) - { - let p = G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xf4fdfe95a705f917, - 0xc2914df688233238, - 0x37c6b12cca35a34b, - 0x41abba710d6c692c, - 0xffcc4b2b62ce8484, - 0x6993ec01b8934ed, - ])), - Fq::from_repr(BigInteger384([ - 0xb94e92d5f874e26, - 0x44516408bc115d95, - 0xe93946b290caa591, - 0xa5a0c2b7131f3555, - 0x83800965822367e7, - 0x10cf1d3ad8d90bfa, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xbf00334c79701d97, - 0x4fe714f9ff204f9a, - 0xab70b28002f3d825, - 0x5a9171720e73eb51, - 0x38eb4fd8d658adb7, - 0xb649051bbc1164d, - ])), - Fq::from_repr(BigInteger384([ - 0x9225814253d7df75, - 0xc196c2513477f887, - 0xe05e2fbd15a804e0, - 0x55f2b8efad953e04, - 0x7379345eda55265e, - 0x377f2e6208fd4cb, - ])), - ), - false, - ); - assert!(!p.is_on_curve()); - assert!(!p.is_in_correct_subgroup_assuming_on_curve()); - } - - // Reject point in an invalid subgroup - // There is only one r-order subgroup, as r does not divide the cofactor. - { - let p = G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x262cea73ea1906c, - 0x2f08540770fabd6, - 0x4ceb92d0a76057be, - 0x2199bc19c48c393d, - 0x4a151b732a6075bf, - 0x17762a3b9108c4a7, - ])), - Fq::from_repr(BigInteger384([ - 0x26f461e944bbd3d1, - 0x298f3189a9cf6ed6, - 0x74328ad8bc2aa150, - 0x7e147f3f9e6e241, - 0x72a9b63583963fff, - 0x158b0083c000462, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x91fb0b225ecf103b, - 0x55d42edc1dc46ba0, - 0x43939b11997b1943, - 0x68cad19430706b4d, - 0x3ccfb97b924dcea8, - 0x1660f93434588f8d, - ])), - Fq::from_repr(BigInteger384([ - 0xaaed3985b6dcb9c7, - 0xc1e985d6d898d9f4, - 0x618bd2ac3271ac42, - 0x3940a2dbb914b529, - 0xbeb88137cf34f3e7, - 0x1699ee577c61b694, - ])), - ), - false, - ); - assert!(p.is_on_curve()); - assert!(!p.is_in_correct_subgroup_assuming_on_curve()); - } -} - -#[test] -fn test_g2_addition_correctness() { - let mut p = G2Projective::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x6c994cc1e303094e, - 0xf034642d2c9e85bd, - 0x275094f1352123a9, - 0x72556c999f3707ac, - 0x4617f2e6774e9711, - 0x100b2fe5bffe030b, - ])), - Fq::from_repr(BigInteger384([ - 0x7a33555977ec608, - 0xe23039d1fe9c0881, - 0x19ce4678aed4fcb5, - 0x4637c4f417667e2e, - 0x93ebe7c3e41f6acc, - 0xde884f89a9a371b, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xe073119472e1eb62, - 0x44fb3391fe3c9c30, - 0xaa9b066d74694006, - 0x25fd427b4122f231, - 0xd83112aace35cae, - 0x191b2432407cbb7f, - ])), - Fq::from_repr(BigInteger384([ - 0xf68ae82fe97662f5, - 0xe986057068b50b7d, - 0x96c30f0411590b48, - 0x9eaa6d19de569196, - 0xf6a03d31e2ec2183, - 0x3bdafaf7ca9b39b, - ])), - ), - Fq2::one(), - ); - - p.add_assign(&G2Projective::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xa8c763d25910bdd3, - 0x408777b30ca3add4, - 0x6115fcc12e2769e, - 0x8e73a96b329ad190, - 0x27c546f75ee1f3ab, - 0xa33d27add5e7e82, - ])), - Fq::from_repr(BigInteger384([ - 0x93b1ebcd54870dfe, - 0xf1578300e1342e11, - 0x8270dca3a912407b, - 0x2089faf462438296, - 0x828e5848cd48ea66, - 0x141ecbac1deb038b, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xf5d2c28857229c3f, - 0x8c1574228757ca23, - 0xe8d8102175f5dc19, - 0x2767032fc37cc31d, - 0xd5ee2aba84fd10fe, - 0x16576ccd3dd0a4e8, - ])), - Fq::from_repr(BigInteger384([ - 0x4da9b6f6a96d1dd2, - 0x9657f7da77f1650e, - 0xbc150712f9ffe6da, - 0x31898db63f87363a, - 0xabab040ddbd097cc, - 0x11ad236b9ba02990, - ])), - ), - Fq2::one(), - )); - - let p = G2Affine::from(p); - - assert_eq!( - p, - G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xcde7ee8a3f2ac8af, - 0xfc642eb35975b069, - 0xa7de72b7dd0e64b7, - 0xf1273e6406eef9cc, - 0xababd760ff05cb92, - 0xd7c20456617e89, - ])), - Fq::from_repr(BigInteger384([ - 0xd1a50b8572cbd2b8, - 0x238f0ac6119d07df, - 0x4dbe924fe5fd6ac2, - 0x8b203284c51edf6b, - 0xc8a0b730bbb21f5e, - 0x1a3b59d29a31274, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x9e709e78a8eaa4c9, - 0xd30921c93ec342f4, - 0x6d1ef332486f5e34, - 0x64528ab3863633dc, - 0x159384333d7cba97, - 0x4cb84741f3cafe8, - ])), - Fq::from_repr(BigInteger384([ - 0x242af0dc3640e1a4, - 0xe90a73ad65c66919, - 0x2bd7ca7f4346f9ec, - 0x38528f92b689644d, - 0xb6884deec59fb21f, - 0x3c075d3ec52ba90, - ])), - ), - false, - ) - ); -} - -#[test] -fn test_g2_doubling_correctness() { - let mut p = G2Projective::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x6c994cc1e303094e, - 0xf034642d2c9e85bd, - 0x275094f1352123a9, - 0x72556c999f3707ac, - 0x4617f2e6774e9711, - 0x100b2fe5bffe030b, - ])), - Fq::from_repr(BigInteger384([ - 0x7a33555977ec608, - 0xe23039d1fe9c0881, - 0x19ce4678aed4fcb5, - 0x4637c4f417667e2e, - 0x93ebe7c3e41f6acc, - 0xde884f89a9a371b, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xe073119472e1eb62, - 0x44fb3391fe3c9c30, - 0xaa9b066d74694006, - 0x25fd427b4122f231, - 0xd83112aace35cae, - 0x191b2432407cbb7f, - ])), - Fq::from_repr(BigInteger384([ - 0xf68ae82fe97662f5, - 0xe986057068b50b7d, - 0x96c30f0411590b48, - 0x9eaa6d19de569196, - 0xf6a03d31e2ec2183, - 0x3bdafaf7ca9b39b, - ])), - ), - Fq2::one(), - ); - - p.double_in_place(); - - let p = G2Affine::from(p); - - assert_eq!( - p, - G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x91ccb1292727c404, - 0x91a6cb182438fad7, - 0x116aee59434de902, - 0xbcedcfce1e52d986, - 0x9755d4a3926e9862, - 0x18bab73760fd8024, - ])), - Fq::from_repr(BigInteger384([ - 0x4e7c5e0a2ae5b99e, - 0x96e582a27f028961, - 0xc74d1cf4ef2d5926, - 0xeb0cf5e610ef4fe7, - 0x7b4c2bae8db6e70b, - 0xf136e43909fca0, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x954d4466ab13e58, - 0x3ee42eec614cf890, - 0x853bb1d28877577e, - 0xa5a2a51f7fde787b, - 0x8b92866bc6384188, - 0x81a53fe531d64ef, - ])), - Fq::from_repr(BigInteger384([ - 0x4c5d607666239b34, - 0xeddb5f48304d14b3, - 0x337167ee6e8e3cb6, - 0xb271f52f12ead742, - 0x244e6c2015c83348, - 0x19e2deae6eb9b441, - ])), - ), - false, - ) - ); -} diff --git a/algebra/src/curves/bn_382/g.rs b/algebra/src/curves/bn_382/g.rs deleted file mode 100644 index 49f336d94..000000000 --- a/algebra/src/curves/bn_382/g.rs +++ /dev/null @@ -1,91 +0,0 @@ -use crate::{ - biginteger::BigInteger384, - curves::{ - models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - ModelParameters, SWModelParameters - }, - Field, field_new, - fields::bn_382::* -}; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct Bn382GParameters; - -impl ModelParameters for Bn382GParameters { - type BaseField = Fr; - type ScalarField = Fq; -} - -pub type Affine = GroupAffine; -pub type Projective = GroupProjective; - -impl SWModelParameters for Bn382GParameters { - /// COEFF_A = 0 - const COEFF_A: Fr = field_new!(Fr, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])); - - /// COEFF_B = 7 - const COEFF_B: Fr = field_new!( - Fr, - BigInteger384([ - 0xffffffffffffffcf, - 0xffffffb67daf6367, - 0xdc87071c715188df, - 0x718ba6243a5346c8, - 0x4fa46fc531ce56d5, - 0x1b21bac71c8e0dbc - ]) - ); - - /// COFACTOR = 1 - const COFACTOR: &'static [u64] = &[0x1]; - - /// COFACTOR_INV = 1 - const COFACTOR_INV: Fq = field_new!( - Fq, - BigInteger384([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x7f56ac056aeaf57f, - 0x10388572e3c2c0f5, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) - ); - - /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G_GENERATOR_X, G_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(_: &Self::BaseField) -> Self::BaseField { - Self::BaseField::zero() - } -} - -/// G_GENERATOR_X = -/// 1 -pub const G_GENERATOR_X: Fr = field_new!( - Fr, - BigInteger384([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x1f8101041030381f, - 0x10388572e3c2c0f8, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) -); - -/// G1_GENERATOR_Y = -/// 1587713460471950740217388326193312024737041813752165827005856534245539019723616944862168333942330219466268138558982 -pub const G_GENERATOR_Y: Fr = field_new!( - Fr, - BigInteger384([ - 0x7bbbac48dff48e8a, - 0x7f0b69a418192817, - 0x91be699f8043e89b, - 0xb9a47acffcccc09c, - 0xbd7a048e12f9984f, - 0x16e7846105853ac1 - ]) -); \ No newline at end of file diff --git a/algebra/src/curves/bn_382/g1.rs b/algebra/src/curves/bn_382/g1.rs deleted file mode 100644 index 264503a5e..000000000 --- a/algebra/src/curves/bn_382/g1.rs +++ /dev/null @@ -1,87 +0,0 @@ -use crate::{ - biginteger::BigInteger384, - fields::bn_382::*, - curves::{ - models::{ModelParameters, SWModelParameters}, - }, - Field, field_new, -}; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct Bn382G1Parameters; - -impl ModelParameters for Bn382G1Parameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl SWModelParameters for Bn382G1Parameters { - /// COEFF_A = 0 - const COEFF_A: Fq = field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])); - - /// COEFF_B = 14 - const COEFF_B: Fq = field_new!( - Fq, - BigInteger384([ - 0xffffffffffffff9d, - 0xffffff6b7b52aeb7, - 0x76a537ba55d66b7f, - 0x2e8d16344c0b846b, - 0x2df8a320b2feee22, - 0x123eec4e5e4393ea - ]) - ); - - /// COFACTOR = 1 - const COFACTOR: &'static [u64] = &[0x1]; - - /// COFACTOR_INV = 1 - const COFACTOR_INV: Fr = field_new!( - Fr, - BigInteger384([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x1f8101041030381f, - 0x10388572e3c2c0f8, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) - ); - - /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G1_GENERATOR_X, G1_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(_: &Self::BaseField) -> Self::BaseField { - Self::BaseField::zero() - } -} - -/// G1_GENERATOR_X = -/// 1 -pub const G1_GENERATOR_X: Fq = field_new!( - Fq, - BigInteger384([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x7f56ac056aeaf57f, - 0x10388572e3c2c0f5, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) -); - -/// G1_GENERATOR_Y = -/// 93360544046129830094757569027791679210844519762232758194920967606984287664392872848607365449491441272860487554919 -pub const G1_GENERATOR_Y: Fq = field_new!( - Fq, - BigInteger384([ - 0x9dfafa6eb6e5986a, - 0x320ae00a19eea8eb, - 0x740e245a3411fca8, - 0x7ad3304e255f5799, - 0x310b3464a5ff421d, - 0x12713e4c3440dde - ]) -); diff --git a/algebra/src/curves/bn_382/g2.rs b/algebra/src/curves/bn_382/g2.rs deleted file mode 100644 index 2b9234cf6..000000000 --- a/algebra/src/curves/bn_382/g2.rs +++ /dev/null @@ -1,140 +0,0 @@ -use crate::{ - biginteger::BigInteger384 as BigInteger, - curves::models::{ModelParameters, SWModelParameters}, - Field, field_new, - fields::bn_382::* -}; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct Bn382G2Parameters; - -impl ModelParameters for Bn382G2Parameters { - type BaseField = Fq2; - type ScalarField = Fr; -} - -impl SWModelParameters for Bn382G2Parameters { - // y^2 = x^3 + 14 / ((2*sqrt(7))^5) = x^3 + sqrt(7) - - /// COEFF_A = [0, 0] - const COEFF_A: Fq2 = field_new!( - Fq2, - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])), - ); - - // (14 / (2*sqrt(7))^5 - // == 0 + sqrt7 * - // 671741409037656549287655731709824109253980562797465531047568917158473772953357661607607074171171789249425365013734 - const COEFF_B: Fq2 = field_new!( - Fq2, - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])), - field_new!( - Fq, - BigInteger([ - 0xaaaaaaaaaaaaaaa6, - 0xaaaaaaa3aa723a3a, - 0xaa39c8039c9ca3aa, - 0xb57b03a1ed2c80a3, - 0x99dee612c7ca822c, - 0x2957f80ad62dcbc - ]) - ), - ); - - /// COFACTOR = - /// 5543634365110765627805495722742127385843376434033820803594923240297849259333798279370015902197046673895926135783425 - const COFACTOR: &'static [u64] = &[ - 1, - 6443243544, - 16149412065705181664, - 13009269933821593857, - 8165092549055070088, - 2595350192619816846, - ]; - - /// COFACTOR_INV = COFACTOR^{-1} mod r - /// 2771817182555382813902747861510987483969025170954974114210393735761260242342976119835350290882788898215364334190594 - const COFACTOR_INV: Fr = field_new!( - Fr, - BigInteger([ - 0x30f31f7dc6e0f46c, - 0x77ea8678846f2b23, - 0x1391dd7fdcdaa32, - 0xf3afdcd2c5fbcc02, - 0xf9573d5af51e891e, - 0x1580839fc48bbede - ]) - ); - - /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G2_GENERATOR_X, G2_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(_: &Self::BaseField) -> Self::BaseField { - Self::BaseField::zero() - } -} - -pub const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1); -pub const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1); - -// Generator: -// (3519382844713541579002133617775236000337302709092053889907196608497211512910083011998063983635946531824025900302318*sqrt7 + 5091479006341624589567896397635435258574014748076809289641574502625108749078943401554928186045022840715545119724980, -// 4780208203968490754926961189497985186234872265999339695883768193648752722495923801951744797689497641942946290071424*sqrt7 + 3934462613855637686263305666415197064493526818650772586512345121679314757894509046665527945441022114959626478116310) -/// G2_GENERATOR_X_C0 = -/// 5091479006341624589567896397635435258574014748076809289641574502625108749078943401554928186045022840715545119724980 -pub const G2_GENERATOR_X_C0: Fq = field_new!( - Fq, - BigInteger([ - 0x2761a83ee6ccb6c6, - 0x681d8b2b656ce886, - 0x3540fb52bab89b4, - 0x81e6427c08680553, - 0xa9ccf8c26dcf6e1, - 0x1851476ea8077fc6 - ]) -); - -/// G2_GENERATOR_X_C1 = -/// 3519382844713541579002133617775236000337302709092053889907196608497211512910083011998063983635946531824025900302318 -pub const G2_GENERATOR_X_C1: Fq = field_new!( - Fq, - BigInteger([ - 0x14498e69e5b53113, - 0xee8cd774d8d88e77, - 0xc6f3b5ce2ace1aef, - 0x3502bb8b846944a9, - 0xc95e755dd7927cae, - 0x7c0beebd73ab8f5 - ]) -); - -/// G2_GENERATOR_Y_C0 = -/// 3934462613855637686263305666415197064493526818650772586512345121679314757894509046665527945441022114959626478116310 -pub const G2_GENERATOR_Y_C0: Fq = field_new!( - Fq, - BigInteger([ - 0xe8028a161e1bbc9a, - 0x266bd5d118d75d9b, - 0xacc76640f1e4baa9, - 0xa70bd81b6be756f4, - 0x5161ebf3eef9a86e, - 0x657061a71f10b07 - ]) -); - -/// G2_GENERATOR_Y_C1 = -/// 4780208203968490754926961189497985186234872265999339695883768193648752722495923801951744797689497641942946290071424 -pub const G2_GENERATOR_Y_C1: Fq = field_new!( - Fq, - BigInteger([ - 0xc981004fff54161b, - 0x12540e2eb9d55972, - 0xf89981d85302a29a, - 0xb69dcab62945321d, - 0x841115a42fc75e00, - 0x65c141e4b7455c1 - ]) -); diff --git a/algebra/src/curves/bn_382/mod.rs b/algebra/src/curves/bn_382/mod.rs deleted file mode 100644 index 99538bf2b..000000000 --- a/algebra/src/curves/bn_382/mod.rs +++ /dev/null @@ -1,73 +0,0 @@ -pub mod g1; -pub mod g2; -pub mod g; -#[cfg(test)] -mod tests; - -use crate::{ - biginteger::BigInteger384 as BigInteger, - fields::bn_382::*, - curves::bn::{Bn, BnParameters, TwistType, - g1::{G1Affine as BnG1Affine, G1Projective as BnG1Projective}, - g2::{G2Affine as BnG2Affine, G2Projective as BnG2Projective}, - }, - field_new, -}; - -pub type Bn382 = Bn; -pub type G1Affine = BnG1Affine; -pub type G1Projective = BnG1Projective; -pub type G2Affine = BnG2Affine; -pub type G2Projective = BnG2Projective; - -pub struct Bn382Parameters; - -impl BnParameters for Bn382Parameters { - const X: &'static [u64] = &[0, 1073873924]; - const X_IS_NEGATIVE: bool = false; - const ATE_LOOP_COUNT: &'static [i8] = - &[ - 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, -1, 0, 1, - ]; - const ATE_LOOP_COUNT_IS_NEGATIVE: bool = false; - const TWIST_TYPE: TwistType = TwistType::D; - const TWIST_MUL_BY_Q_X: Fq2 = field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0x43ac10f69cd0866e, - 0xb67658d4844670fa, - 0x64500aac20e3e056, - 0xe69857d69abfc002, - 0x521ddf42ec5832c5, - 0xee09eba205fe5d8 - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ); - const TWIST_MUL_BY_Q_Y: Fq2 = field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0x16b744a7d72fb912, - 0x8db76da14b98776d, - 0xd7d0fda03758326c, - 0x9a05f3af0ce04699, - 0x1c8a66ecb161efb2, - 0x13a9f1d5f1261bfe - ]) - ), - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])), - ); - type Fp = Fq; - type Fp2Params = Fq2Parameters; - type Fp6Params = Fq6Parameters; - type Fp12Params = Fq12Parameters; - type G1Parameters = self::g1::Bn382G1Parameters; - type G2Parameters = self::g2::Bn382G2Parameters; -} \ No newline at end of file diff --git a/algebra/src/curves/bn_382/tests.rs b/algebra/src/curves/bn_382/tests.rs deleted file mode 100644 index faf27deaa..000000000 --- a/algebra/src/curves/bn_382/tests.rs +++ /dev/null @@ -1,199 +0,0 @@ -use crate::{ - biginteger::BigInteger384, - curves::{ - models::SWModelParameters, bn_382::*, - tests::{curve_tests, sw_jacobian_tests}, - AffineCurve, PairingEngine, ProjectiveCurve, - }, - groups::tests::group_test, - fields::{Field, SquareRootField, bn_382::*}, - field_new, -}; -use std::ops::{AddAssign, MulAssign}; - -use rand::{ - Rng, SeedableRng -}; -use rand_xorshift::XorShiftRng; - -#[test] -fn test_g1_projective_curve() { - curve_tests::(); - sw_jacobian_tests::() -} - -#[test] -fn test_g1_projective_group() { - let mut rng = XorShiftRng::seed_from_u64(1234567890u64); - let a: G1Projective = rng.gen(); - let b: G1Projective = rng.gen(); - group_test(a, b); -} - -#[test] -fn test_g1_generator() { - let generator = G1Affine::prime_subgroup_generator(); - assert!(generator.is_on_curve()); - assert!(generator.is_in_correct_subgroup_assuming_on_curve()); -} - -#[test] -fn test_g2_projective_curve() { - curve_tests::(); - sw_jacobian_tests::() -} - -#[test] -fn test_g2_projective_group() { - let mut rng = XorShiftRng::seed_from_u64(1234567890u64); - let a: G2Projective = rng.gen(); - let b: G2Projective = rng.gen(); - group_test(a, b); -} - -#[test] -fn test_g2_generator() { - let generator = G2Affine::prime_subgroup_generator(); - assert!(generator.is_on_curve()); - assert!(generator.is_in_correct_subgroup_assuming_on_curve()); -} - -#[test] -fn test_bilinearity() { - let a: G1Projective = G1Projective::prime_subgroup_generator(); - let b: G2Projective = G2Projective::prime_subgroup_generator(); - let s: Fr = Fr::one() + &Fr::one(); - - let sa = a * &s; - let sb = b * &s; - - let ans1 = Bn382::pairing(sa, b).unwrap(); - let ans2 = Bn382::pairing(a, sb).unwrap(); - - assert_eq!(ans1, ans2); - - assert_ne!(ans1, Fq12::one()); - assert_ne!(ans2, Fq12::one()); - assert_eq!(ans1.pow(Fr::characteristic()), Fq12::one()); - assert_eq!(ans2.pow(Fr::characteristic()), Fq12::one()); -} - -#[test] -fn test_g1_generator_raw() { - let mut x = Fq::zero(); - let mut i = 0; - loop { - // y^2 = x^3 + b - let mut rhs = x; - rhs.square_in_place(); - rhs.mul_assign(&x); - rhs.add_assign(&g1::Bn382G1Parameters::COEFF_B); - - if let Some(y) = rhs.sqrt() { - let p = G1Affine::new(x, if y < -y { y } else { -y }, false); - assert!(p.is_in_correct_subgroup_assuming_on_curve()); - - let g1 = p.scale_by_cofactor(); - assert_eq!(g1.into_affine(), p); - - if !g1.is_zero() { - assert_eq!(i, 1); - let g1 = G1Affine::from(g1); - - assert!(g1.is_in_correct_subgroup_assuming_on_curve()); - - assert_eq!(g1, G1Affine::prime_subgroup_generator()); - break; - } - } - - i += 1; - x.add_assign(&Fq::one()); - } -} - -#[test] -fn test_g1_addition_correctness() { - let mut p = G1Projective::new( - field_new!( - Fq, - BigInteger384([ - 0xb93d80f690db69d0, - 0x4f067992e8332718, - 0x34158a73ed82a5b5, - 0x76579a71fa073da3, - 0xd18af844d8e19090, - 0x132f6baaf304be2d - ]) - ), - field_new!( - Fq, - BigInteger384([ - 0x94fa65a8bcfb4667, - 0x40c1a252a0ebcd03, - 0xb015731e87b1e56d, - 0x48ddb455fce53c8b, - 0x927dd51c6d8710d9, - 0x180205df8eb25b6f - ]) - ), - Fq::one(), - ); - - p.add_assign(&G1Projective::new( - field_new!( - Fq, - BigInteger384([ - 0x83e3f6c6d507009e, - 0x117f1d6b6a8e8015, - 0x8b35968a3723188c, - 0xb0fb67dcdd7acad3, - 0x7b7c13f80f311614, - 0xa98bd8574ae9bc0 - ]) - ), - field_new!( - Fq, - BigInteger384([ - 0x16da0a94ca80a05d, - 0x21b711d1e0aab153, - 0xbc6aad515f9d2f13, - 0x61338d9dd736bbbf, - 0x46993eca6ea17f51, - 0x1905aa15a2782887 - ]) - ), - Fq::one(), - )); - - let p = G1Affine::from(p); - - assert_eq!( - p, - G1Affine::new( - field_new!( - Fq, - BigInteger384([ - 0x66938afc964e6bb1, - 0x404f672ef202544c, - 0xd134de56fd2929da, - 0xb36a988806affd22, - 0x778395d12bfa7bb3, - 0x1c7c8ce70cc8e6ba - ]) - ), - field_new!( - Fq, - BigInteger384([ - 0x2ac6ee03d57352e1, - 0xa1797851137cedaf, - 0x77c6655d51aa0e5f, - 0x7b110de6353a0c7a, - 0xf2838e6295889402, - 0x1322f26a63efe9e4 - ]) - ), - false, - ) - ); -} diff --git a/algebra/src/curves/edwards_bls12/mod.rs b/algebra/src/curves/edwards_bls12/mod.rs deleted file mode 100644 index 6674936be..000000000 --- a/algebra/src/curves/edwards_bls12/mod.rs +++ /dev/null @@ -1,136 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger256, - curves::{ - models::{ModelParameters, TEModelParameters, MontgomeryModelParameters}, - twisted_edwards_extended::{GroupAffine, GroupProjective}, - }, - fields::edwards_bls12::{fq::Fq, fr::Fr}, -}; -use std::str::FromStr; - -#[cfg(test)] -mod tests; - -pub type EdwardsAffine = GroupAffine; -pub type EdwardsProjective = GroupProjective; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct EdwardsParameters; - -impl ModelParameters for EdwardsParameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl TEModelParameters for EdwardsParameters { - /// COEFF_A = -1 - const COEFF_A: Fq = field_new!(Fq, BigInteger256([ - 0x8cf500000000000e, - 0xe75281ef6000000e, - 0x49dc37a90b0ba012, - 0x55f8b2c6e710ab9, - ])); - - /// COEFF_D = 3021 - const COEFF_D: Fq = field_new!(Fq, BigInteger256([ - 0xd047ffffffff5e30, - 0xf0a91026ffff57d2, - 0x9013f560d102582, - 0x9fd242ca7be5700, - ])); - - /// COFACTOR = 4 - const COFACTOR: &'static [u64] = &[4]; - - /// COFACTOR_INV = - /// 527778859339273151515551558673846658209717731602102048798421311598680340096 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([ - 10836190823041854989, - 14880086764632731920, - 5023208332782666747, - 239524813690824359, - ])); - - /// Generated randomly - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y); - - type MontgomeryModelParameters = EdwardsParameters; - - /// Multiplication by `a` is just negation. - /// Is `a` 1 or -1? - #[inline(always)] - fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { - -*elem - } -} - -impl MontgomeryModelParameters for EdwardsParameters { - /// COEFF_A = 0x8D26E3FADA9010A26949031ECE3971B93952AD84D4753DDEDB748DA37E8F552 - const COEFF_A: Fq = field_new!(Fq, BigInteger256([ - 13800168384327121454u64, - 6841573379969807446u64, - 12529593083398462246u64, - 853978956621483129u64, - ])); - /// COEFF_B = 0x9D8F71EEC83A44C3A1FBCEC6F5418E5C6154C2682B8AC231C5A3725C8170AAD - const COEFF_B: Fq = field_new!(Fq, BigInteger256([ - 7239382437352637935u64, - 14509846070439283655u64, - 5083066350480839936u64, - 1265663645916442191u64, - ])); - - type TEModelParameters = EdwardsParameters; -} - -impl FromStr for EdwardsAffine { - type Err = (); - - fn from_str(mut s: &str) -> Result { - s = s.trim(); - if s.is_empty() { - return Err(()); - } - if s.len() < 3 { - return Err(()); - } - if !(s.starts_with('(') && s.ends_with(')')) { - return Err(()); - } - let mut point = Vec::new(); - for substr in s.split(|c| c == '(' || c == ')' || c == ',' || c == ' ') { - if !substr.is_empty() { - point.push(Fq::from_str(substr)?); - } - } - if point.len() != 2 { - return Err(()); - } - let point = EdwardsAffine::new(point[0], point[1]); - - if !point.is_on_curve() { - Err(()) - } else { - Ok(point) - } - } -} - -/// GENERATOR_X = -/// 7810607721416582242904415504650443951498042435501746664987470571546413371306 -const GENERATOR_X: Fq = field_new!(Fq, BigInteger256([ - 0x5bbc9878d817221d, - 0xd2b03489424e720, - 0x6b66f128c16bb3c9, - 0xdd3bff78733576d, -])); - -/// GENERATOR_Y = -/// 1867362672570137759132108893390349941423731440336755218616442213142473202417 -const GENERATOR_Y: Fq = field_new!(Fq, BigInteger256([ - 0x471517ae5e5e979e, - 0xd9c97f6a73a7ff83, - 0x85a95b45a5494402, - 0xfad27c9b545b1f0, -])); diff --git a/algebra/src/curves/edwards_bls12/tests.rs b/algebra/src/curves/edwards_bls12/tests.rs deleted file mode 100644 index 36cd20c4b..000000000 --- a/algebra/src/curves/edwards_bls12/tests.rs +++ /dev/null @@ -1,53 +0,0 @@ -use crate::{curves::{edwards_bls12::*, tests::curve_tests, AffineCurve, ProjectiveCurve, models::twisted_edwards_extended::tests::montgomery_conversion_test}, groups::tests::group_test, SemanticallyValid}; -use rand; -use crate::curves::tests::edwards_tests; - -#[test] -fn test_projective_curve() { - curve_tests::(); - edwards_tests::() -} - -#[test] -fn test_projective_group() { - let a = rand::random(); - let b = rand::random(); - for _i in 0..100 { - group_test::(a, b); - } -} - -#[test] -fn test_affine_group() { - let a: EdwardsAffine = rand::random(); - let b: EdwardsAffine = rand::random(); - for _i in 0..100 { - group_test::(a, b); - } -} - -#[test] -fn test_generator() { - let generator = EdwardsAffine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_conversion() { - let a: EdwardsAffine = rand::random(); - let b: EdwardsAffine = rand::random(); - let a_b = { - use crate::groups::Group; - (a + &b).double().double() - }; - let a_b2 = (a.into_projective() + &b.into_projective()) - .double() - .double(); - assert_eq!(a_b, a_b2.into_affine()); - assert_eq!(a_b.into_projective(), a_b2); -} - -#[test] -fn test_montgomery_conversion() { - montgomery_conversion_test::(); -} diff --git a/algebra/src/curves/edwards_sw6/mod.rs b/algebra/src/curves/edwards_sw6/mod.rs deleted file mode 100644 index 13c899a6d..000000000 --- a/algebra/src/curves/edwards_sw6/mod.rs +++ /dev/null @@ -1,150 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger384 as BigInteger, - curves::{ - models::{ModelParameters, TEModelParameters, MontgomeryModelParameters}, - twisted_edwards_extended::{GroupAffine, GroupProjective}, - }, - fields::edwards_sw6::{fq::Fq, fr::Fr}, -}; -use std::str::FromStr; - -#[cfg(test)] -mod tests; - -pub type EdwardsAffine = GroupAffine; -pub type EdwardsProjective = GroupProjective; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct EdwardsParameters; - -impl ModelParameters for EdwardsParameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl TEModelParameters for EdwardsParameters { - /// COEFF_A = -1 = - /// 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458176 - const COEFF_A: Fq = field_new!(Fq, BigInteger([ - 9384023879812382873, - 14252412606051516495, - 9184438906438551565, - 11444845376683159689, - 8738795276227363922, - 81297770384137296, - ])); - - /// COEFF_D = 79743 - const COEFF_D: Fq = field_new!(Fq, BigInteger([ - 0x4669ffffff46a638, - 0xa56bbe0a7f9fae05, - 0x403b425466a710b4, - 0xf6648db6ea4e988b, - 0x74d51b5923d35a8d, - 0xf8ed90b17fe903, - ])); - - /// COFACTOR = 8 - const COFACTOR: &'static [u64] = &[8]; - - /// COFACTOR^(-1) mod r = - /// 12124894969357926281749346891948134384518445910386624712788431705725441736421489799867521238554906438478484045560 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger([ - 7353538464571651976, - 2030910049503177537, - 16726103313845754033, - 1110650741117127777, - 5304838729792721053, - 4975067790294675, - ])); - - /// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y); - - type MontgomeryModelParameters = EdwardsParameters; - - /// Multiplication by `a` is just negation. - #[inline(always)] - fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { - -*elem - } -} - -impl MontgomeryModelParameters for EdwardsParameters { - /// COEFF_A = 0x95D53EB3F6AC3F7A53C26020144439DC6073BCAE513E03FD06B6B3BAA390F25E51534B26719E33F4CD906D4DA9B535 - const COEFF_A: Fq = field_new!(Fq, BigInteger([ - 7594254284108454966u64, - 14287343397973578077u64, - 6490358977072726023u64, - 8023375322051995268u64, - 8242802613686040715u64, - 100541941146122331u64, - ])); - /// COEFF_B = 0x118650763CE64AB4BE743604C8D05013DC2663652A3D58B21ECAB7BFF65B70DB8BA09F9098E61CC903B2F92B2564ACA - const COEFF_B: Fq = field_new!(Fq, BigInteger([ - 11173793475516310780u64, - 14217481814129454913u64, - 11878518835804377107u64, - 14866315431314324110u64, - 9234787938768687129u64, - 62053599622152261u64, - ])); - - type TEModelParameters = EdwardsParameters; -} - -impl FromStr for EdwardsAffine { - type Err = (); - - fn from_str(mut s: &str) -> Result { - s = s.trim(); - if s.is_empty() { - return Err(()); - } - if s.len() < 3 { - return Err(()); - } - if !(s.starts_with('(') && s.ends_with(')')) { - return Err(()); - } - let mut point = Vec::new(); - for substr in s.split(|c| c == '(' || c == ')' || c == ',' || c == ' ') { - if !substr.is_empty() { - point.push(Fq::from_str(substr)?); - } - } - if point.len() != 2 { - return Err(()); - } - let point = EdwardsAffine::new(point[0], point[1]); - - if !point.is_on_curve() { - Err(()) - } else { - Ok(point) - } - } -} - -/// GENERATOR_X = -/// 174701772324485506941690903512423551998294352968833659960042362742684869862495746426366187462669992073196420267127 -const GENERATOR_X: Fq = field_new!(Fq, BigInteger([ - 3737364149926089590, - 13002967008679663837, - 9954144214462864555, - 3365719140389487049, - 8643066672427471196, - 120355578793479865, -])); - -/// GENERATOR_Y = -/// 208487200052258845495340374451540775445408439654930191324011635560142523886549663106522691296420655144190624954833 -const GENERATOR_Y: Fq = field_new!(Fq, BigInteger([ - 6027299446526298157, - 12854429557810467099, - 11207279014226687864, - 17040621363687352702, - 6112671509202865855, - 44040319652922447, -])); diff --git a/algebra/src/curves/edwards_sw6/tests.rs b/algebra/src/curves/edwards_sw6/tests.rs deleted file mode 100644 index eced32691..000000000 --- a/algebra/src/curves/edwards_sw6/tests.rs +++ /dev/null @@ -1,53 +0,0 @@ -use crate::{curves::{edwards_sw6::*, tests::curve_tests, AffineCurve, ProjectiveCurve, models::twisted_edwards_extended::tests::montgomery_conversion_test}, groups::tests::group_test, SemanticallyValid}; -use rand; -use crate::curves::tests::edwards_tests; - -#[test] -fn test_projective_curve() { - curve_tests::(); - edwards_tests::() -} - -#[test] -fn test_projective_group() { - let a = rand::random(); - let b = rand::random(); - for _i in 0..100 { - group_test::(a, b); - } -} - -#[test] -fn test_affine_group() { - let a: EdwardsAffine = rand::random(); - let b: EdwardsAffine = rand::random(); - for _i in 0..100 { - group_test::(a, b); - } -} - -#[test] -fn test_generator() { - let generator = EdwardsAffine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_conversion() { - let a: EdwardsAffine = rand::random(); - let b: EdwardsAffine = rand::random(); - let a_b = { - use crate::groups::Group; - (a + &b).double().double() - }; - let a_b2 = (a.into_projective() + &b.into_projective()) - .double() - .double(); - assert_eq!(a_b, a_b2.into_affine()); - assert_eq!(a_b.into_projective(), a_b2); -} - -#[test] -fn test_montgomery_conversion() { - montgomery_conversion_test::(); -} diff --git a/algebra/src/curves/jubjub/mod.rs b/algebra/src/curves/jubjub/mod.rs deleted file mode 100644 index 2fcf4caf5..000000000 --- a/algebra/src/curves/jubjub/mod.rs +++ /dev/null @@ -1,151 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger256, - curves::{ - models::{ModelParameters, TEModelParameters, MontgomeryModelParameters}, - twisted_edwards_extended::{GroupAffine, GroupProjective}, - }, - fields::jubjub::{fq::Fq, fr::Fr}, -}; -use std::str::FromStr; - -#[cfg(test)] -mod tests; - -pub type JubJubAffine = GroupAffine; -pub type JubJubProjective = GroupProjective; - -const GENERATOR_X: Fq = field_new!(Fq, BigInteger256([ - 14080349899812819339, - 4104857150246327429, - 8293216003873356624, - 7400363483732984990, -])); -const GENERATOR_Y: Fq = field_new!(Fq, BigInteger256([ - 13388310974700241893, - 7654361511478576605, - 8037907163910805792, - 5188938133920569885, -])); - -/// `JubJub` is a twisted Edwards curve. These curves have equations of the -/// form: ax² + y² = 1 - dx²y². -/// over some base finite field Fq. -/// -/// JubJub's curve equation: -x² + y² = 1 - (10240/10241)x²y² -/// -/// q = 52435875175126190479447740508185965837690552500527637822603658699938581184513. -/// -/// a = -1. -/// d = (10240/10241) mod q -/// = 19257038036680949359750312669786877991949435402254120286184196891950884077233. -/// -/// Sage script to calculate these: -/// -/// ```text -/// q = 52435875175126190479447740508185965837690552500527637822603658699938581184513 -/// Fq = GF(q) -/// d = -(Fq(10240)/Fq(10241)) -/// ``` -/// These parameters and the sage script obtained from: -/// -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct JubJubParameters; - -impl ModelParameters for JubJubParameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl TEModelParameters for JubJubParameters { - /// COEFF_A = -1 - const COEFF_A: Fq = field_new!(Fq, BigInteger256([ - 18446744060824649731, - 18102478225614246908, - 11073656695919314959, - 6613806504683796440, - ])); - - /// COEFF_D = (10240/10241) mod q - const COEFF_D: Fq = field_new!(Fq, BigInteger256([ - 3049539848285517488, - 18189135023605205683, - 8793554888777148625, - 6339087681201251886, - ])); - - /// COFACTOR = 8 - const COFACTOR: &'static [u64] = &[8]; - - /// COFACTOR^(-1) mod r = - /// 819310549611346726241370945440405716213240158234039660170669895299022906775 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger256([ - 6832491983681988242, - 12911748493335322362, - 17523939349049608702, - 217463794347581613, - ])); - - /// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y); - - type MontgomeryModelParameters = JubJubParameters; - - /// Multiplication by `a` is simply negation here. - #[inline(always)] - fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField { - -(*elem) - } -} - -impl MontgomeryModelParameters for JubJubParameters { - /// COEFF_A = 0xA002 - const COEFF_A: Fq = field_new!(Fq, BigInteger256([ - 388496971701930u64, - 6855257088226130262u64, - 553476580979119549u64, - 6516741293351590684u64, - ])); - /// COEFF_B = 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFEFFFF5FFD - const COEFF_B: Fq = field_new!(Fq, BigInteger256([ - 18446355550968045916u64, - 10902955289292811939u64, - 3147092737149958754u64, - 6710871716016002197u64, - ])); - - type TEModelParameters = JubJubParameters; -} - -impl FromStr for JubJubAffine { - type Err = (); - - fn from_str(mut s: &str) -> Result { - s = s.trim(); - if s.is_empty() { - return Err(()); - } - if s.len() < 3 { - return Err(()); - } - if !(s.starts_with('(') && s.ends_with(')')) { - return Err(()); - } - let mut point = Vec::new(); - for substr in s.split(|c| c == '(' || c == ')' || c == ',' || c == ' ') { - if !substr.is_empty() { - point.push(Fq::from_str(substr)?); - } - } - if point.len() != 2 { - return Err(()); - } - let point = JubJubAffine::new(point[0], point[1]); - - if !point.is_on_curve() { - Err(()) - } else { - Ok(point) - } - } -} diff --git a/algebra/src/curves/jubjub/tests.rs b/algebra/src/curves/jubjub/tests.rs deleted file mode 100644 index 84e1574db..000000000 --- a/algebra/src/curves/jubjub/tests.rs +++ /dev/null @@ -1,105 +0,0 @@ -use crate::{bytes::{FromBytes, ToBytes}, curves::{jubjub::*, tests::curve_tests, AffineCurve, ProjectiveCurve, models::twisted_edwards_extended::tests::montgomery_conversion_test}, fields::jubjub::fr::Fr, groups::tests::group_test, SemanticallyValid}; -use rand; -use std::str::FromStr; -use crate::curves::tests::edwards_tests; - -#[test] -fn test_projective_curve() { - curve_tests::(); - edwards_tests::() -} - -#[test] -fn test_projective_group() { - let a = rand::random(); - let b = rand::random(); - for _i in 0..100 { - group_test::(a, b); - } -} - -#[test] -fn test_affine_group() { - let a: JubJubAffine = rand::random(); - let b: JubJubAffine = rand::random(); - for _i in 0..100 { - group_test::(a, b); - } -} - -#[test] -fn test_generator() { - let generator = JubJubAffine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_conversion() { - let a: JubJubAffine = rand::random(); - let b: JubJubAffine = rand::random(); - let a_b = { - use crate::groups::Group; - (a + &b).double().double() - }; - let a_b2 = (a.into_projective() + &b.into_projective()) - .double() - .double(); - assert_eq!(a_b, a_b2.into_affine()); - assert_eq!(a_b.into_projective(), a_b2); -} - -#[test] -fn test_scalar_multiplication() { - println!("Started getting field elements"); - let f1 = Fr::from_str( - "4691331900926794624732159288782398864809513177368446695323460897088210774597", - ) - .unwrap(); - let f2 = Fr::from_str( - "1305028103380024953477151132159456965337646722479526711736847301646466538045", - ) - .unwrap(); - - println!("Finished getting field elements"); - let g = JubJubAffine::from_str( - "(1158870117176967269192899343636553522971009777237254192973081388797299308391, \ - 36933624999642413792569726058244472742169727126562409632889593958355839948294)", - ) - .unwrap(); - let f1f2g = JubJubAffine::from_str( - "(12638652891150111215300246576936483137884466359309882317048163368620501191944, \ - 38385045634663742820428406709832518145724237919360177362175527604556651918148)", - ) - .unwrap(); - - println!("Finished getting group elements"); - - assert!(!g.is_zero()); - assert!(!f1f2g.is_zero()); - - let f1g = g * &f1; - println!("f1: {:?}", f1); - println!("f2: {:?}", f2); - println!("g: {:?}", g); - println!("f1f2g: {:?}", f1f2g); - assert_eq!(g * &(f1 * &f2), f1f2g); - assert_eq!(f1g * &f2, f1f2g); -} - -#[test] -fn test_bytes() { - let g_from_repr = JubJubAffine::from_str( - "(1158870117176967269192899343636553522971009777237254192973081388797299308391, \ - 36933624999642413792569726058244472742169727126562409632889593958355839948294)", - ) - .unwrap(); - - let g_bytes = to_bytes![g_from_repr].unwrap(); - let g = JubJubAffine::read(g_bytes.as_slice()).unwrap(); - assert_eq!(g_from_repr, g); -} - -#[test] -fn test_montgomery_conversion() { - montgomery_conversion_test::(); -} diff --git a/algebra/src/curves/mnt4753/g1.rs b/algebra/src/curves/mnt4753/g1.rs deleted file mode 100644 index 75f498761..000000000 --- a/algebra/src/curves/mnt4753/g1.rs +++ /dev/null @@ -1,109 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger768, - curves::{ - models::{ModelParameters, SWModelParameters}, - }, - fields::mnt4753::{Fq, Fr}, -}; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct MNT4G1Parameters; - -impl ModelParameters for MNT4G1Parameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl SWModelParameters for MNT4G1Parameters { - // a = 2, in Montgomery representation - const COEFF_A: Fq = field_new!(Fq, BigInteger768([ - 3553860551672651396, - 2565472393707818253, - 3424927325234966109, - 17487811826058095619, - 15730291918544907998, - 4332070408724822737, - 7212646118208244402, - 12904649141092619460, - 9289117987390442562, - 2254330573517213976, - 3065472942259520298, - 271095073719429, - ])); - - // b = 28798803903456388891410036793299405764940372360099938340752576406393880372126970068421383312482853541572780087363938442377933706865252053507\077543420534380486492786626556269083255657125025963825610840222568694137138741554679540, - // in Montgomery representation - const COEFF_B: Fq = field_new!(Fq, BigInteger768([ - 2672638521926201442, - 17587766986973859626, - 1309143029066506763, - 1756412671449422902, - 5395165286423163724, - 589638022240022974, - 7360845090332416697, - 9829497896347590557, - 9341553552113883496, - 5888515763059971584, - 10173739464651404689, - 456607542322059, - ])); - - // COFACTOR = 1 - const COFACTOR: &'static [u64] = &[1]; - - // cofactor inverse mod group order r - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger768([ - 0xb99680147fff6f42, - 0x4eb16817b589cea8, - 0xa1ebd2d90c79e179, - 0x0f725caec549c0da, - 0xab0c4ee6d3e6dad4, - 0x9fbca908de0ccb62, - 0x320c3bb713338498, - 0x598b4302d2f00a62, - 0x4074c9cbfd8ca621, - 0x0fa47edb3865e88c, - 0x95455fb31ff9a195, - 0x7b479ec8e242, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G1_GENERATOR_X, G1_GENERATOR_Y); -} - -// generator of prime order r -// x = 7790163481385331313124631546957228376128961350185262705123068027727518350362064426002432450801002268747950550964579198552865939244360469674540925037890082678099826733417900510086646711680891516503232107232083181010099241949569 -// in Montgomery rep. -pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger768([ - 8680369219962409717, - 12497683146525997170, - 15236963532390397985, - 105054743605190980, - 11580223711797947725, - 5964558218084543687, - 1974179831852844611, - 13386218610606908614, - 9905737029079781539, - 3769381095189112747, - 1226496298859043045, - 409264833279765, -])); - -// y = 6913648190367314284606685101150155872986263667483624713540251048208073654617802840433842931301128643140890502238233930290161632176167186761333725658542781350626799660920481723757654531036893265359076440986158843531053720994648 -// in Montgomery rep. -pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger768([ - 8458069647833709466, - 16863815841372543189, - 7230518365128572001, - 17250077086581959530, - 15519583030873909149, - 3465247978511199450, - 5738818931561455055, - 12688417287395938373, - 3681991682605141223, - 10698656566578986929, - 10160396483421745615, - 127251255182962, -])); diff --git a/algebra/src/curves/mnt4753/g2.rs b/algebra/src/curves/mnt4753/g2.rs deleted file mode 100644 index 7086d2ade..000000000 --- a/algebra/src/curves/mnt4753/g2.rs +++ /dev/null @@ -1,201 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger768, - curves::{ - models::{ModelParameters, SWModelParameters}, - }, - fields::mnt4753::{Fq, Fq2, Fr}, -}; -use crate::curves::mnt4753::MNT4_753Parameters; -use crate::curves::models::mnt4::MNT4Parameters; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct MNT4G2Parameters; - -impl ModelParameters for MNT4G2Parameters { - type BaseField = Fq2; - type ScalarField = Fr; -} - -/// MUL_BY_A_C0 = NONRESIDUE * COEFF_A -pub const MUL_BY_A_C0: Fq = field_new!(Fq, BigInteger768([ - 0xeb354e6121cdccad, - 0x9589bfe5ea49ae4f, - 0xb12cc53998b3d124, - 0x7883d83c06c22baa, - 0xd828782cb96edc7, - 0x35e68bd867a8d558, - 0xe0860ea489bec5bd, - 0xe034be400ffa8f19, - 0xf4d51fe5c821f43d, - 0x8ee1bf11396bcec0, - 0xb819c73cb726c963, - 0x23dae1639e4b, -])); - - -/// MUL_BY_A_C1 = NONRESIDUE * COEFF_A -pub const MUL_BY_A_C1: Fq = field_new!(Fq, BigInteger768([ - 0xeb354e6121cdccad, - 0x9589bfe5ea49ae4f, - 0xb12cc53998b3d124, - 0x7883d83c06c22baa, - 0xd828782cb96edc7, - 0x35e68bd867a8d558, - 0xe0860ea489bec5bd, - 0xe034be400ffa8f19, - 0xf4d51fe5c821f43d, - 0x8ee1bf11396bcec0, - 0xb819c73cb726c963, - 0x23dae1639e4b, -])); - -impl SWModelParameters for MNT4G2Parameters { - // quadratic twist E' of the G1-curve E: y^2= x^3 + a + b - // E': y^2 = x^3 + a*alpha*x + b*alpha*X. - // over F2 = Fq[X]/(X^2-alpha), - const COEFF_A: Fq2 = MNT4_753Parameters::TWIST_COEFF_A; - const COEFF_B: Fq2 = field_new!(Fq2, - field_new!(Fq, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger768([ - 0xd1f842ef859c74ef, - 0x9d45480c3873434a, - 0xa5566d8d8d841941, - 0xc0f99a3682ad8bae, - 0xe4b39f099a706e70, - 0xce59a66ebad048e2, - 0x93fe1794e855b79e, - 0x957322b9044da5e8, - 0x836b3c49c9f33d5d, - 0x3ea13c16b209ced3, - 0x79f8ca52b73621ea, - 0x1a2270165e15a, - ])), - ); - - /// cofactor of G2, native integer representation - /// COFACTOR = 41898490967918953402344214791240637128170709919953949071783502921025352812571106773058893763790338921418070971888049094905534395567574915333486969589229856772141392370549616644545554517640527237829320384324374366385444967219201 - const COFACTOR: &'static [u64] = &[ - 0xe41950da08bd0001, - 0x789a0f8d4a18e8ee, - 0xf04c9f26f687f44a, - 0x16d5a05cb84b6ea3, - 0x313250b76d85d63a, - 0xafc372c51bd661a0, - 0x99d124d9a15af79d, - 0x7fdb925e8a0ed8d, - 0x5eb7e8f96c97d873, - 0xb7f997505b8fafed, - 0x10229022eee2cdad, - 0x1c4c62d92c411, - ]; - /// cofactor^{-1} mod r, for projection of curve onto G2, - /// MG representation - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger768([ - 0x1a14ef94372dbc2a, - 0x6e01a14d0f55ad00, - 0x5955ab3920afde4d, - 0xe7982fd78cbf4332, - 0xecbf393ce1701610, - 0xd111cd07a49d61b4, - 0xe58145271adb10a9, - 0x2e22af0c3ca18713, - 0x35d277c2206aed22, - 0xfb6c4c412f6bacd0, - 0x68e1c109cfc51649, - 0x4747058a5c42, - ])); - - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G2_GENERATOR_X, G2_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(elt: &Fq2) -> Fq2 { - field_new!(Fq2, - MUL_BY_A_C0 * &elt.c0, - MUL_BY_A_C1 * &elt.c1, - ) - } -} - -const G2_GENERATOR_X: Fq2 = field_new!(Fq2, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1); -const G2_GENERATOR_Y: Fq2 = field_new!(Fq2, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1); - -// generator of prime order r -// x = (c0+ c1*X) -// c0 =2948396511084314467570336474470883652464396010553860807886250839750244\ -// 7349913068434941060515343254862580437318493682762113105361632548148204\ -// 8060521140087313727573896453838919822112450139651752134560664525878695\ -// 19098351487925167 -// c1=1970601131963017239107607962479975394815850677122214748623799532192544\ -// 3331396169656568431378974558350664383559981183980668976846806019030432\ -// 3891691379539889908020005810789940082839677683482759739215981662748576\ -// 31001635633631000 -pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger768([ - 0x64cd9e87e5f14e2d, - 0x6a123355ee938785, - 0xdb197417e1887231, - 0xf5199b0d7e333053, - 0x397da434e85b78a7, - 0xd1117417b290f004, - 0x3f8ccbdf316d6964, - 0x1ea26a53c24e4162, - 0x4fa40c8be29a9276, - 0x3c355554caad2580, - 0x5b05c21a27b7acc7, - 0x13635a0d01b78, -])); - -pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger768([ - 0xb56fc312dc34c98b, - 0x2b8029c87df25f6, - 0x9217aa6ceb0cf808, - 0xe67355775c8eb87e, - 0x90eb471ebb74c1b1, - 0x6bebff63e88338c2, - 0xde8489295782a103, - 0xf1e11281b99054d1, - 0x71e05664c68aa32, - 0x6ec60806cb661af7, - 0x31facd7fa4614cca, - 0x16aea1ba33dc0, -])); - -// y = (c0+ c1*Y) -// c0 =3994015267076051965394032031482732794199314140370833866692520428208447\ -// 7074754642625849927569427860786384998614863651207257467076192649385174\ -// 1080858031687438034917805685033693170931911017795340353772663001850993\ -// 18717465441820654, -// c1=1760863742496439573704129137375665713960730644019373180410245701172669\ -// 0702169238966996114255971643893157857311132388792357391583164125870757\ -// 5410090350414694633665287985939528847459876974030564887446038294374489\ -// 27398468360797245 -pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger768([ - 0x438d727bf4c5002e, - 0x220b34b2b9daee2f, - 0xa567a1375a9e2a27, - 0x36739870b33ba70f, - 0xb058c55679b63f3e, - 0xdb048df87997b3b7, - 0xf64a68ade535340f, - 0xe526639d49ef3eff, - 0xd52be2d6e4bee8fd, - 0x8e46b4ca897b87bb, - 0x4f6af38904883c28, - 0x1202d1e47ccef, -])); - -pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger768([ - 0xf06781d5bec3ed74, - 0xa41dbc2a99750c11, - 0x6a393d84e066ddfc, - 0xbbf8387b3a74937a, - 0xecb6da0ba28e9879, - 0x380c74d14f4e2d84, - 0x5c089d226f9c345d, - 0x92e8c3c2f8040454, - 0xdebf6ce50f1d3555, - 0xe659a934e501a154, - 0xa35de638cd06f1c4, - 0x11e7b5c581f, -])); \ No newline at end of file diff --git a/algebra/src/curves/mnt4753/mod.rs b/algebra/src/curves/mnt4753/mod.rs deleted file mode 100644 index 7233baf75..000000000 --- a/algebra/src/curves/mnt4753/mod.rs +++ /dev/null @@ -1,115 +0,0 @@ -use crate::field_new; -use crate::{ - fields::{ - mnt4753::{ - fq::{Fq, FqParameters}, - fq2::Fq2Parameters, fq4::Fq4Parameters, - Fq2, - Fr, - }, - FpParameters, - }, - BigInteger768 as BigInteger -}; -use crate::curves::models::mnt4::{MNT4Parameters, MNT4p, - G1Affine as MNT4G1Affine, G1Projective as MNT4G1Projective, - G2Affine as MNT4G2Affine, G2Projective as MNT4G2Projective, -}; -use self::{g1::MNT4G1Parameters, g2::MNT4G2Parameters}; - -pub mod g1; -pub mod g2; -#[cfg(test)] -mod tests; - -pub struct MNT4_753Parameters; - -impl MNT4Parameters for MNT4_753Parameters { - /// The Frobenius trace of the MNT4 curve is - /// t = -204691208819330962009469868104636132783269696790011977400223898462431810102935615891307667367766898917669754470399 - /// Our Ate pairing Miller loop count is the absolute value of the Frobenius trace minus 1 - const ATE_LOOP_COUNT: &'static [u64] = &[ - 0x7a7713041ba18000, - 0x6b0344c4e2c428b0, - 0x733b714aa43c31a6, - 0x51852c8cbe26e600, - 0x86dcbcee5dcda7fe, - 0x15474b1d641a3fd, - ]; - - /// Output of find_wnaf(ate_loop_count), already trimmed of leading zeros and MSB, - /// starting with least significant bit - const WNAF: &'static [i32] = &[ - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1,0,1,0,0,0,1,0,-1,0,0,-1,0,0,1,0,0,0,0,1,0,0,0,0,0,-1,0,1,0, - 1,0,0,0,-1,0,0,-1,0,0,0,1,0,1,0,-1,0,0,0,1,0,0,0,0,-1,0,-1,0,1,0,0,1,0,1,0,0,0,0,1,0,0,0,-1, - 0,-1,0,1,0,0,-1,0,0,1,0,1,0,0,0,-1,0,1,0,1,0,0,0,1,0,-1,0,1,0,0,0,0,0,-1,0,-1,0,-1,0,0,1,0, - -1,0,1,0,1,0,-1,0,1,0,0,-1,0,1,0,0,0,-1,0,0,0,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,0,0, - -1,0,0,-1,0,0,-1,0,0,0,1,0,-1,0,1,0,-1,0,0,1,0,0,0,0,0,0,0,0,0,-1,0,1,0,-1,0,0,-1,0,0,1,0,1, - 0,0,0,-1,0,0,0,0,-1,0,1,0,-1,0,1,0,0,1,0,0,-1,0,-1,0,1,0,1,0,1,0,0,0,0,-1,0,1,0,0,1,0,1,0,0, - -1,0,0,0,0,0,0,0,0,0,1,0,1,0,-1,0,-1,0,0,1,0,-1,0,0,-1,0,0,0,-1,0,1,0,-1,0,0,-1,0,0,0,1,0, - -1,0,0,0,-1,0,1,0,-1,0,0,-1,0,0,-1,0,0,1,0,0,0,-1,0,-1,0,0,0,0,0,0,0,0,1,0,0,1,0,-1,0,1,0,0, - 0,0,1,0,0,-1,0,-1,0,-1,0,0,0,1,0,0,-1,0,-1,0,1,0,1,0,-1,0,0,1,0,0,1,0,1,0,1,0 - ]; - - /// Frobenius trace of this curve is negative - const ATE_IS_LOOP_COUNT_NEG: bool = true; - - const TWIST: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ONE); - - // I would do the hard coded definition inside G2, and just refer to from here. - const TWIST_COEFF_A: Fq2 = field_new!(Fq2, - field_new!(Fq, BigInteger([ // = COEFF_A - 0xeb354e6121cdccad, - 0x9589bfe5ea49ae4f, - 0xb12cc53998b3d124, - 0x7883d83c06c22baa, - 0xd828782cb96edc7, - 0x35e68bd867a8d558, - 0xe0860ea489bec5bd, - 0xe034be400ffa8f19, - 0xf4d51fe5c821f43d, - 0x8ee1bf11396bcec0, - 0xb819c73cb726c963, - 0x23dae1639e4b, - ])), - FQ_ZERO, - ); - - // m_1 = 1 - const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger = BigInteger([0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]); - // |m_0| = 204691208819330962009469868104636132783269696790011977400223898462431810102935615891307667367766898917669754470399 - const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger = BigInteger([ - 0x7a7713041ba17fff, - 0x6b0344c4e2c428b0, - 0x733b714aa43c31a6, - 0x51852c8cbe26e600, - 0x86dcbcee5dcda7fe, - 0x15474b1d641a3fd, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - ]); - //sign of m_0 is negative - const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = true; - - type Fp = Fq; - type Fr = Fr; - type Fp2Params = Fq2Parameters; - type Fp4Params = Fq4Parameters; - type G1Parameters = MNT4G1Parameters; - type G2Parameters = MNT4G2Parameters; -} - -pub type MNT4 = MNT4p; -pub type G1Affine = MNT4G1Affine; -pub type G1Projective = MNT4G1Projective; -pub type G2Affine = MNT4G2Affine; -pub type G2Projective = MNT4G2Projective; - -// field element 0 in Montgomery representation -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])); -// field element 1 in Montgomery representation -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); \ No newline at end of file diff --git a/algebra/src/curves/mnt4753/tests.rs b/algebra/src/curves/mnt4753/tests.rs deleted file mode 100644 index ac10088fc..000000000 --- a/algebra/src/curves/mnt4753/tests.rs +++ /dev/null @@ -1,1840 +0,0 @@ -use crate::{curves::{ - mnt4753::{ - G1Affine, G1Projective, G2Affine, G2Projective, - MNT4, - g1::MNT4G1Parameters, g2::MNT4G2Parameters, - }, - tests::curve_tests, - AffineCurve, PairingEngine, -}, biginteger::BigInteger768, fields::mnt4753::{fq::Fq, fq2::Fq2, fq4::Fq4, fr::Fr}, groups::tests::{ - group_test, compression_test, gt_compression_test -}, ProjectiveCurve, Field, PrimeField, ToBits, FromCompressedBits, SemanticallyValid}; -use rand; -use std::ops::AddAssign; -use crate::curves::tests::sw_projective_tests; - -#[test] -fn test_g1_projective_curve() { - curve_tests::(); - sw_projective_tests::() -} - -#[test] -fn test_g1_projective_group() { - let a: G1Projective = rand::random(); - let b: G1Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g1_generator() { - let generator = G1Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_g1_is_valid(){ - - // Reject point with invalid x coordinate - let p = G1Affine::new( - Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - Fq::from_repr(BigInteger768([ - 0x717e3ffa2193697, - 0x411a81406abf8fc7, - 0x6c3f0710357570d0, - 0x9d999acc5cf81a11, - 0x81b6bf821df14a35, - 0x31135663344492a8, - 0x6da16e1624afd3a0, - 0x1c9a4d2e8eda6ba8, - 0xabe3b7346ad95eee, - 0xe39afac6814ca651, - 0xe0da6a8c4eb633d9, - 0xeed8b99aecdc, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.x.is_valid()); - - // Reject point with invalid y coordinate - let p = G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x4c0019d20f21bf0a, - 0x2412bb7c69103f8c, - 0xd837c81e51c23d86, - 0x25863118bf7cfccd, - 0xe33772d47fca8100, - 0xce263b8a45563538, - 0xd6d598765ee2b934, - 0x34e9e3c25ccc604f, - 0x4e3fdafc45d53a68, - 0xc92e2e4e5131ab8e, - 0x6da3e8856ccf21c3, - 0x89821510d8c7, - ])), - Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.y.is_valid()); - - //Reject point not belonging to curve - let p = G1Affine::new( - Fq::zero(), - Fq::zero(), - false, - ); - assert!(!p.is_valid()); - assert!(!p.is_on_curve()); - - // Accept valid point - let p: G1Projective = rand::random(); - let p_affine = p.into_affine(); - assert!(p_affine.is_valid()); -} - -#[test] -fn test_g1_compression_decompression() { - - let even = G1Affine::new( - Fq::from_repr(BigInteger768([ - 0xf99bff3c256c04f0, - 0x3d6b06f9ad2e719d, - 0x23caf1a099fbff57, - 0x59b1d95d29ee4cab, - 0x5c68c6de94f80482, - 0x2f12567b30d1126b, - 0x52b9d710c49cf61e, - 0x3c57acbc06859f69, - 0xf2cbfbae4cca808a, - 0xe1ec5c19bd98638f, - 0x5a775231b500fd64, - 0x19beee8aae2b2, - ])), - Fq::from_repr(BigInteger768([ - 0xe6a2ad4104991832, - 0x9d99a4bca7d41736, - 0x96cfdc5ffae430dc, - 0xbd0297adbec2c786, - 0xb04eed37d0cb1c3f, - 0xac2aeb03526fbe8a, - 0xf4f0d1e54394c0bb, - 0xeb93e7580b95e418, - 0x9d69ba42d9ea76bf, - 0x8a62f65f3500ebc7, - 0x56eb7a49f46d67e4, - 0x7ab01471e643, - ])), - false, - ); - - let odd = G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x298807222674fefc, - 0x1242813cb96b8094, - 0x126d5a0db1b30eb, - 0xd8a19d8ffbf363c0, - 0x57e7610c00fb5761, - 0xabd86702edb9d1c8, - 0xd6539f3f7eb86f31, - 0x69fab29265443f1, - 0x2aec1c11b3d3c762, - 0x7f631cf6705e788f, - 0x575c4dc43a5a94ab, - 0x9ee12ac4d254, - ])), - Fq::from_repr(BigInteger768([ - 0xf6ef0806b16c5e35, - 0xf895037990d4a025, - 0xad848aeca8a1b8, - 0x7aad4408b6befc89, - 0xd444a6fd3d7c8b1b, - 0x4b2be1c3b85792a9, - 0x2241ee1ddda9f812, - 0x6b9795fa6e987d16, - 0xe8e90d3fef6b271b, - 0x177df03c3274af1c, - 0xe71c5eac354f659e, - 0xdeca535c5f2f, - ])), - false, - ); - - compression_test::(even, odd); - - //Test correct compression/decompression of a point with x = 0 coordinate - let mut zero_bits = Fq::zero().write_bits(); - zero_bits.push(false); //Set infinity - zero_bits.push(true); //Set parity - assert!(G1Affine::decompress(zero_bits.clone()).is_ok()); - - zero_bits.pop(); - zero_bits.push(false); //Change parity - assert!(G1Affine::decompress(zero_bits.clone()).is_ok()); -} - -#[test] -fn test_g2_projective_curve() { - curve_tests::(); - sw_projective_tests::() -} - -#[test] -fn test_g2_projective_group() { - let a: G2Projective = rand::random(); - let b: G2Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g2_generator() { - let generator = G2Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_g2_is_valid(){ - - // Reject point with invalid x coordinate - let p = G2Affine::new( - Fq2::new( - Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - Fq::from_repr(BigInteger768([ - 0x786b46445f82e73c, - 0x7f65e493fad0e8b4, - 0x72f9e2017edbd8a0, - 0xa962e30713eac14b, - 0x4ff84799b321a106, - 0x8edd421b3377e583, - 0xaba7726f60af7957, - 0x333613a05885fc6b, - 0x6566cb2720173f7, - 0x2fbd93f05fb4aafb, - 0x5c36413ccc1c397b, - 0x101e0d7f5c50b, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe7542befc7c77e7e, - 0x3d532adf08c50ee, - 0x7931d21d45cf5b88, - 0xf3facf495cde403, - 0x6cb921a14e9a4f4f, - 0xa2c6fa913de0db27, - 0x9cd5563862ee6b52, - 0x609c608ee22298d1, - 0xc61a7826940542f7, - 0xa62753b7c5522ed8, - 0x8944940494f84bd9, - 0x134882728983e, - ])), - Fq::from_repr(BigInteger768([ - 0xd5ae2443316eca5e, - 0x1e5d2cab9ea75b61, - 0x9c598bb3764d1f4a, - 0x8664602317bb85ca, - 0xeeb80880a81b30dd, - 0x7fa2cb7313ad08af, - 0xb8fa25436f268402, - 0xd0b2fb568b2db00, - 0xf85d0eda012e353e, - 0xddcd8a006eaad8b1, - 0x22349e5f59a72ea6, - 0x147db456d4e50, - ])), - ), - false, - ); - assert!(!p.is_valid()); - assert!(!p.x.is_valid()); - - // Reject point with invalid y coordinate - let p = G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xcd3192cf5e7bfd5f, - 0x6cbe38e97527e8af, - 0xdd06c276b9a60b50, - 0xcba1ce70e3002cf2, - 0x4585e29519699027, - 0xd3a145616a69bffe, - 0xd00683c57b1918c2, - 0xf186e5d5c72154c0, - 0xa2d24f00463b7065, - 0xba25111f5a5085f3, - 0xcc0093f39b311579, - 0xaac25dd8a401, - ])), - Fq::from_repr(BigInteger768([ - 0x786b46445f82e73c, - 0x7f65e493fad0e8b4, - 0x72f9e2017edbd8a0, - 0xa962e30713eac14b, - 0x4ff84799b321a106, - 0x8edd421b3377e583, - 0xaba7726f60af7957, - 0x333613a05885fc6b, - 0x6566cb2720173f7, - 0x2fbd93f05fb4aafb, - 0x5c36413ccc1c397b, - 0x101e0d7f5c50b, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe7542befc7c77e7e, - 0x3d532adf08c50ee, - 0x7931d21d45cf5b88, - 0xf3facf495cde403, - 0x6cb921a14e9a4f4f, - 0xa2c6fa913de0db27, - 0x9cd5563862ee6b52, - 0x609c608ee22298d1, - 0xc61a7826940542f7, - 0xa62753b7c5522ed8, - 0x8944940494f84bd9, - 0x134882728983e, - ])), - Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - ), - false, - ); - assert!(!p.is_valid()); - assert!(!p.y.is_valid()); - - //Reject point not belonging to curve - let p = G2Affine::new( - Fq2::zero(), - Fq2::zero(), - false, - ); - assert!(!p.is_valid()); - assert!(!p.is_on_curve()); - - // Accept valid point - let p: G2Projective = rand::random(); - let p_affine = p.into_affine(); - assert!(p_affine.is_valid()); - -} - -#[test] -fn test_g2_compression_decompression() { - let even = G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xcd3192cf5e7bfd5f, - 0x6cbe38e97527e8af, - 0xdd06c276b9a60b50, - 0xcba1ce70e3002cf2, - 0x4585e29519699027, - 0xd3a145616a69bffe, - 0xd00683c57b1918c2, - 0xf186e5d5c72154c0, - 0xa2d24f00463b7065, - 0xba25111f5a5085f3, - 0xcc0093f39b311579, - 0xaac25dd8a401, - ])), - Fq::from_repr(BigInteger768([ - 0x786b46445f82e73c, - 0x7f65e493fad0e8b4, - 0x72f9e2017edbd8a0, - 0xa962e30713eac14b, - 0x4ff84799b321a106, - 0x8edd421b3377e583, - 0xaba7726f60af7957, - 0x333613a05885fc6b, - 0x6566cb2720173f7, - 0x2fbd93f05fb4aafb, - 0x5c36413ccc1c397b, - 0x101e0d7f5c50b, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe7542befc7c77e7e, - 0x3d532adf08c50ee, - 0x7931d21d45cf5b88, - 0xf3facf495cde403, - 0x6cb921a14e9a4f4f, - 0xa2c6fa913de0db27, - 0x9cd5563862ee6b52, - 0x609c608ee22298d1, - 0xc61a7826940542f7, - 0xa62753b7c5522ed8, - 0x8944940494f84bd9, - 0x134882728983e, - ])), - Fq::from_repr(BigInteger768([ - 0xd5ae2443316eca5e, - 0x1e5d2cab9ea75b61, - 0x9c598bb3764d1f4a, - 0x8664602317bb85ca, - 0xeeb80880a81b30dd, - 0x7fa2cb7313ad08af, - 0xb8fa25436f268402, - 0xd0b2fb568b2db00, - 0xf85d0eda012e353e, - 0xddcd8a006eaad8b1, - 0x22349e5f59a72ea6, - 0x147db456d4e50, - ])), - ), - false, - ); - - let odd = G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x456744b2be8dbb17, - 0xecd53f9445858509, - 0xc8ef07e1ef24874b, - 0xe58bd001c96adf30, - 0xf5013e562055d5c4, - 0x91bcc876c246b01a, - 0xe99bac985d37109d, - 0xecc18710b80145ea, - 0xf81630b88849765d, - 0xf973901c825a4c9, - 0xf4065981d8af931e, - 0xc8c242e8774d, - ])), - Fq::from_repr(BigInteger768([ - 0xbbe4e0cfa71026bc, - 0x7e57a663d9e42af9, - 0x5723ecf7d136bfe3, - 0x3d12606f04e325ba, - 0x2e9974c843fbd1e5, - 0x74186977f70f1557, - 0x274833a0fefcdc64, - 0xaa1029956b28c037, - 0xece7ab101af54218, - 0x712c615c6e235a04, - 0xd41e5306f6127f87, - 0x1b27e4bd7cbb7, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xb8965e86840dd0e3, - 0x508bd0abf330deda, - 0x47376bb9625954f7, - 0x6ec582aa92574a15, - 0x2a1199db2cc4c995, - 0x59d0ce26672bf02c, - 0x1ae2ef282425bb0e, - 0xb08ad562cdac85e2, - 0x4ed8fb35c6197948, - 0x57f6c2a8d65b8391, - 0xc1f697c75d1415d6, - 0x126d1d01813f6, - ])), - Fq::from_repr(BigInteger768([ - 0xd1914aadaa004e87, - 0x224c5a1af4b9d12a, - 0x28e91e3b461f0fa9, - 0xf71648756c554581, - 0xc37b9d797f44c663, - 0xb2e3e3b0ccdec02c, - 0x81fe2d79a55ee92, - 0xa0d16f9d5fdb5171, - 0x52f8c2e0c3fc5d06, - 0xdda69e868f2d328f, - 0x21ea99caf9bd207c, - 0x884a49271323, - ])), - ), - false, - ); - - compression_test::(even, odd); -} - -#[test] -fn test_bilinearity() { - - let a = G1Projective::new( - Fq::from_repr(BigInteger768([ - 0x73aa4fa8b4cf832e, - 0xf6a20073ec5337fe, - 0xe8f3e58577abc4e7, - 0x36d61a68c4cbb95b, - 0x40416854fa978685, - 0x265af69871df33f4, - 0x93f9daa280d7b196, - 0xb61de76c321e6bb5, - 0xda4f508f7c892c6a, - 0x6280bfaf4e4d70c8, - 0x175c61d672e9ab0, - 0x161c781730586, - ])), - Fq::from_repr(BigInteger768([ - 0x7db80364f4b2d45d, - 0xb4773092c4dacfd9, - 0xfd3b9f2004d1378a, - 0x5f83ad886a4eb74b, - 0x53a78ceeba4bb2d7, - 0x997db9f866f9cc86, - 0xac73f4c804bf252f, - 0xf39219de12f4e5de, - 0x260331a4c801f26d, - 0x6316779797551fc5, - 0xad8b27a570e82575, - 0x713c9a5182c1, - ])), - Fq::from_repr(BigInteger768([ - 0x5182eb8a2e38a933, - 0x197bf6c58c637f58, - 0x326ad45b0bbe5faa, - 0x1e87ae4a69a5b392, - 0x9fb398ee38569f3b, - 0x7c03785f38cd16c8, - 0x39cedf3d32acdf65, - 0x962167ddaadc4b35, - 0x507438bea3186c81, - 0xc1b816ee9214a3da, - 0xb2c6f0be99d43f9f, - 0xfb8ad6448db7, - ])), - ); - - let b = G2Projective::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x212bdee61bd64c25, - 0x6ef4a70acdfe2aed, - 0x13ad51950a78e9e, - 0x3f83dc4f1763db79, - 0xc0543ff37a10b092, - 0xb181f3a2f30bc152, - 0x29d5b7838de2b79b, - 0xc806a8572bbc221b, - 0x10388571f57a4081, - 0x272c506912f798ec, - 0x725303c28efb0b6c, - 0x73bef63b2450, - ])), - Fq::from_repr(BigInteger768([ - 0x87b373d53c256b5c, - 0xb396a4fd859f1b5d, - 0x45723ec8ed69e363, - 0x8a870ee7aace411e, - 0xd921d6bcbce1594, - 0xcc3901ac91e0dbb6, - 0xef9cd7649614736b, - 0x5f5058c458c88789, - 0x872a7982eaab973, - 0x9372416d55a496b3, - 0x12b2f8dc6b2a3e1b, - 0x1735779cd8f93, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xa938f18b73bd1d69, - 0xd74d8abbd25a19ef, - 0xfa8c7ad66be6bdc3, - 0xdf3328985023ba38, - 0xe00973ba49f07643, - 0xc70e3a623e1d5a5a, - 0xc3f49b792a0f3ac7, - 0x61b0a35f16db9042, - 0xa64b33362f4086c, - 0x4b0d657a5bbbf785, - 0x1ea422bebb1bb410, - 0x900b0408c3bb, - ])), - Fq::from_repr(BigInteger768([ - 0x16b615452dd8a39a, - 0x67cd711e41b41b08, - 0xab19d17d0a9f47c3, - 0xbfaec25d8b254c11, - 0x79f31dfb7014c0ff, - 0x872d08e7dd566561, - 0xbd835abc04a17c47, - 0xc70bc09268bdce30, - 0x257cfaf12aef6552, - 0xd7b3aff45481cf0c, - 0x51ae5460f82450e4, - 0x1746155d1e10a, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x5faea8d460c40219, - 0x985aec5e84a6e671, - 0x5a3532d4108bdc01, - 0xbad727383937b154, - 0x3f4223fd6a99cfe4, - 0x65444db13d524378, - 0x7eecc8b800abd16d, - 0x31151f62e2fd9878, - 0x9a3f7924d3736709, - 0x9ccd668b736771b1, - 0xf8776b699d97c58d, - 0xc5347f83cb35, - ])), - Fq::from_repr(BigInteger768([ - 0x295e890f3b121ffd, - 0x6589a8e773911a99, - 0xce3c6ef5ae53eb60, - 0x74584e98e49bfc03, - 0x49b32063feb1a1d7, - 0xa068fafa575e98a7, - 0x3906e36283b23e2, - 0xb58dfeca3f436e12, - 0x1f79b6a80b0a45ae, - 0xaf49bcd6812cac4d, - 0xbb2e388cd1b712a6, - 0x186d11afaedeb, - ])), - ), - ); - - assert_eq!(MNT4::pairing(a, b).unwrap(), Fq4::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x402c1cfcda2faf66, - 0xf6c7304f2122f8aa, - 0xd4b9967cb518343c, - 0x9e53b3e7641ef2f1, - 0x19a50acd733e1d2a, - 0xd6379b98506bfec0, - 0x8c62f80413fb292d, - 0x2abbeaf72d4d0ae3, - 0x4371afba748f7323, - 0xfb1dc6fe5f878bd9, - 0xecba1152795ccec9, - 0x17a073784408e, - ])), - Fq::from_repr(BigInteger768([ - 0xc8f0d77ac269818d, - 0x16159718aaddf6b4, - 0x836adebc2c3dca80, - 0x9e62cb6d0ea92d11, - 0xe3c1623bfe8be7d3, - 0x93effa98bfdcd840, - 0x924f8243ccd9777, - 0xc01752ae12a2226b, - 0xa0c91443314f26ba, - 0x4b86b7727bfeb5cf, - 0xbe176e053bb5f896, - 0x18ea90d330e30, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe6eb9d8b79c51b25, - 0x315aa673f71bdbdd, - 0xddf71960cc943d17, - 0xbe9b960873b6ec40, - 0x344eb4c7b642a2cc, - 0x5e15749faf046966, - 0xf2f068f5c06bf7bd, - 0xeb244db2d00ca3d, - 0xf24560453af9e6b0, - 0x7313e48f2b23e781, - 0xdee9567a39adb3b6, - 0x5c91032a5add, - ])), - Fq::from_repr(BigInteger768([ - 0x7ef5c16eb20441d4, - 0xc360b3e98c43be1c, - 0xabe5ab03d478dc53, - 0x18354f21b0af5d09, - 0xabec396659da3195, - 0xb8a4594f91bf03b2, - 0x3619f92f87324038, - 0xe725218241105863, - 0xcc03bdd0d8f636c4, - 0x6db6695c012d9c5e, - 0x5c14cdb35a6edd8f, - 0x1406d4fd7fcd0, - ])), - ), - )); - - let a: G1Projective = rand::random(); - let b: G2Projective = rand::random(); - let s: Fr = rand::random(); - - let sa = a * &s; - let sb = b * &s; - - let ans1 = MNT4::pairing(sa, b).unwrap(); - let ans2 = MNT4::pairing(a, sb).unwrap(); - let ans3 = MNT4::pairing(a, b).unwrap().pow(s.into_repr()); - - assert_eq!(ans1, ans2); - assert_eq!(ans2, ans3); - - assert_ne!(ans1, Fq4::one()); - assert_ne!(ans2, Fq4::one()); - assert_ne!(ans3, Fq4::one()); - - assert_eq!(ans1.pow(Fr::characteristic()), Fq4::one()); - assert_eq!(ans2.pow(Fr::characteristic()), Fq4::one()); - assert_eq!(ans3.pow(Fr::characteristic()), Fq4::one()); -} - -#[test] -fn test_gt_compression(){ - let even = Fq4::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xd96a230bc7704e70, - 0xa72f0322390e389a, - 0xa21eaf1d7b0bd422, - 0xdafa420c44e8fc7f, - 0xa86860e419cf404, - 0x90b13c03cd5adc5d, - 0x5de378e3fa270986, - 0x9f61f6d2c77e51eb, - 0x4b66e983144a9cd7, - 0x5636ef040a8f76f2, - 0x9ce9f6d852eb88d4, - 0x1b370b90e36dc, - ])), - Fq::from_repr(BigInteger768([ - 0xff11ebd7b4b68af2, - 0x821c77749ea7d163, - 0x66d9f563048ccd41, - 0x896ffff75e0497c6, - 0xbb79afca8f854a5d, - 0x2454181dd568edde, - 0x4e99f7708b4609ac, - 0xed0d14da98b5a6fb, - 0x9a9e76fd9ba121e, - 0xd0995d3c899c6720, - 0xeb1206daf656d48f, - 0x159e65acb07ab, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x4d22f2ba0c1b60cf, - 0xee8f48b783eb56c2, - 0x7cca465ac7f4714e, - 0xa5558ed13cd5f825, - 0x61a7def725192a30, - 0xa924dd42cb05517a, - 0x5a10987421894de3, - 0xc6a7abc1af1a3a5e, - 0xa5aca857fd6d5b0b, - 0x20f08311cd3d2876, - 0x4e573b3035b9241, - 0x1c8e6b81fae, - ])), - Fq::from_repr(BigInteger768([ - 0x81e5374e0c7b19b8, - 0xfa684c0a6d680b83, - 0x1f4004e7cb96abe3, - 0x4ed0bab266d80e67, - 0x773f99be7632257d, - 0xb1a80406a8d3a44d, - 0xb771cd7a1bf6591b, - 0x5e21a2060462025b, - 0xcb6492fc43cd56f3, - 0xc1be58f7b8353e41, - 0x7ae25e9d427abd05, - 0x6961b23e2c13, - ])), - ), - ); - - let odd = Fq4::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x748e5389bec85d58, - 0x1a20edc17fb399dd, - 0xd83c1c41d58d9ca1, - 0x235f6338741f6571, - 0x2d547f893dca1fc1, - 0xef690dee9a29f09b, - 0x19c9504943555934, - 0x3ca188eac4f6f913, - 0xa33ac3632da47eaf, - 0x9b59580f494a8248, - 0x585ba26820ef9787, - 0xd5ef38abeb86, - ])), - Fq::from_repr(BigInteger768([ - 0x5e3d21535ca78e93, - 0x1c9a46335817b761, - 0xc52c570a95e424b1, - 0xe8f37867cab6fef, - 0x65bc27c56f08d449, - 0xb523c446e6117eeb, - 0x8cc83ec1ea1b1d86, - 0xeb87b331e37696c9, - 0xada589e8e2d3b724, - 0x9940a3041c066a49, - 0x6e10bac06013fc45, - 0x13f291e853add, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xdb52b0436e0860e0, - 0x9592684b4b1643d2, - 0xcbd8aa405ba3e87b, - 0xe992d731003be6a8, - 0x9461ba77684fc1bf, - 0x1b5e74c0fe5e3ac4, - 0xd18d96a0d1afa659, - 0xce0e2da0a8c409a3, - 0x4394347b9ced1dbd, - 0x7a41b0c133f1d2f6, - 0x984cf0632afc9ba, - 0x18be95e126b67, - ])), - Fq::from_repr(BigInteger768([ - 0x45cf724c7263f1ea, - 0xe4c3de5bf1f4685f, - 0xae6a4f38a7b0504a, - 0xece95374c1d73fa, - 0x716f172d5df9c8c3, - 0xcac39a53ea8a67d, - 0x8a0871212b90ed0a, - 0xb1555262cab7c2be, - 0xeb199d08585d401d, - 0xc746bd450cd53e2a, - 0xc189c8ca7056ddd6, - 0x11c5ffcecd4cc, - ])), - ), - ); - - gt_compression_test::(even, odd); -} - -#[test] -fn test_g1_addition_correctness() { - let mut p = G1Projective::new( - Fq::from_repr(BigInteger768([ - 0xdfc2b7cbc7c68dd3, - 0xda35f108daf8530a, - 0xed1046ac66215fc2, - 0x456d3bec410beaa6, - 0x83c63b83fe368eb7, - 0x7f3cf1cdbb8d1853, - 0x3e750f1448b7d6d1, - 0x73c851e84a248dd4, - 0x54c871325cf89d71, - 0xb12d77db967730e8, - 0x6c13fdb8114e2ee5, - 0x178dc471842c9, - ])), - Fq::from_repr(BigInteger768([ - 0xd4d304c070359df4, - 0x5adaedd2f9769957, - 0x9de60988567a0d8c, - 0x1597b5a2f48619ed, - 0xf12ac0e35580012b, - 0xec8d60978bf1abf3, - 0xfef31c938dc5e3ec, - 0x92afc1446830abca, - 0xbf2f83c9f917e43b, - 0x989cd6d6e7be1543, - 0xa0f2fcb4e8bbdaf0, - 0xf93208b6420f, - ])), - Fq::from_repr(BigInteger768([ - 0xda8eb0b8eef48fac, - 0x87b1d0180184f6c0, - 0xe6a04246ed619d42, - 0x501ee89d33c211de, - 0xcfe58f6f87258b40, - 0x742345656f9fd427, - 0xe8f4d82210ea7d4e, - 0xa51004b4f76e2fc2, - 0xc87d9dae17bfc00c, - 0x9e38fcd739c6212d, - 0x7c5aa6a69ea22272, - 0x134d799c12c4e, - ])), - ); - - p.add_assign(&G1Projective::new( - Fq::from_repr(BigInteger768([ - 0xd8b796054c3c07aa, - 0x7a2d262560ad2558, - 0xe9fb791faa62f5e4, - 0x5efb0ed78efd43c4, - 0xe7b524c5b6e01e61, - 0x526a03896c7f0c9f, - 0x5a9f513428a2d469, - 0xe27368abe47ec9e6, - 0xc1b7389ed619aac1, - 0x549f36555acde762, - 0xf7a4799366140f73, - 0xb530c14e43de, - ])), - Fq::from_repr(BigInteger768([ - 0xcab7d6b352fa4d19, - 0xe9f3586d0007f1a6, - 0xdd1eb2c0c9af5d0, - 0x1361a6325decd10a, - 0x6e4f39f933bc89d5, - 0xe601021834b48b43, - 0x6f34ae367a105a4d, - 0xf1d34502f2a97dae, - 0x9c21874f2ddb6af9, - 0xf6cafeb3010bb13f, - 0x53566dd8c94a881, - 0x1d645de11625, - ])), - Fq::from_repr(BigInteger768([ - 0xfb60f671d178d6e7, - 0xb785b67ab21fea76, - 0xfcb57401fe0ffe84, - 0xa12d2ea0964e19a5, - 0x2fab37c250e2a2fa, - 0x868711fb5eaad3f, - 0xb1868139f022ff77, - 0xa1b225670e5bdcdd, - 0x6dcdf5cfbcec9f85, - 0xbbcf4300efa53b07, - 0x695973d4beef9e99, - 0x6d46f5bcabde, - ])), - )); - - let p = G1Affine::from(p); - - assert_eq!( - p, - G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x4c0019d20f21bf0a, - 0x2412bb7c69103f8c, - 0xd837c81e51c23d86, - 0x25863118bf7cfccd, - 0xe33772d47fca8100, - 0xce263b8a45563538, - 0xd6d598765ee2b934, - 0x34e9e3c25ccc604f, - 0x4e3fdafc45d53a68, - 0xc92e2e4e5131ab8e, - 0x6da3e8856ccf21c3, - 0x89821510d8c7, - ])), - Fq::from_repr(BigInteger768([ - 0x717e3ffa2193697, - 0x411a81406abf8fc7, - 0x6c3f0710357570d0, - 0x9d999acc5cf81a11, - 0x81b6bf821df14a35, - 0x31135663344492a8, - 0x6da16e1624afd3a0, - 0x1c9a4d2e8eda6ba8, - 0xabe3b7346ad95eee, - 0xe39afac6814ca651, - 0xe0da6a8c4eb633d9, - 0xeed8b99aecdc, - ])), - false, - ) - ); -} - -#[test] -fn test_g1_doubling_correctness() { - let mut p = G1Projective::new( - Fq::from_repr(BigInteger768([ - 0x6064ee639b9adce5, - 0x1149f14300102ddd, - 0x395f28b5c8101bd0, - 0xa764e4bdd6b33c5a, - 0x51e645dfb580ecac, - 0x2ca75c22f9d5b856, - 0x4314a9a2a058df54, - 0x75886b456ad32bfa, - 0x3f4c758a65245bdb, - 0x49129d70da6fe6a8, - 0xbc4dac6eb4f07c3b, - 0x47acb9975aa8, - ])), - Fq::from_repr(BigInteger768([ - 0xaa39a144b0311d5e, - 0x89f04b3a9adebdaf, - 0xd32e9cc742b76970, - 0x6672d161ca75793e, - 0x6e8c03b3f80c227c, - 0xc32a6f51615d8fba, - 0xcbad4d6317f1cf55, - 0x1eafa5de19fc6007, - 0xfd55c1cf34af1159, - 0xb2522dd8a5b9e91b, - 0x540709a8841364c3, - 0x50e2d88b5db9, - ])), - Fq::from_repr(BigInteger768([ - 0x624f5f5b6e628648, - 0xb43340d2bb9406b4, - 0xd997cb8475d5b4cf, - 0xc22fdbdc06ba16e8, - 0x92220503c51b8328, - 0x42916d7ff8dd732, - 0x6d3df7f377a02d2c, - 0x5b3e1058294a7493, - 0x653fd02a7f2ab972, - 0x111806291f570f83, - 0x800bce7fd996bb00, - 0x938c7238a9a7, - ])), - ); - - p.double_in_place(); - - let p = G1Affine::from(p); - - assert_eq!( - p, - G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x7548af158fa3fc51, - 0x6cd80c3910403c9e, - 0x6c9f15e06b5ba60d, - 0xb6a754b513529f07, - 0x23c496e83a606680, - 0x21ce1759ba83590c, - 0xb407ab047a9edef1, - 0x6fd97e8ab8d36ab6, - 0x6d82dcd641f777e4, - 0x6caf6c3a77a44722, - 0xbbfc52c0db6b150f, - 0x1b5aab811e031, - ])), - Fq::from_repr(BigInteger768([ - 0xb23c84ab63b585ed, - 0xefb84ff2c341b21, - 0x86b0efe06b5887f1, - 0x49b1982bc6146cea, - 0x72c68986a18645ae, - 0x7eee2d44d74827a9, - 0xe03d44233741d59d, - 0x285deaac6cec108d, - 0xe4aea4c6b9967a8d, - 0x9c83e0356b9eeedd, - 0xbbeb2089d3321306, - 0x1bffa53113921, - ])), - false, - ) - ); -} - -#[test] -fn test_g1_scalar_multiplication(){ - - let a = G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x925c1f040aed511c, - 0x5a855427a50c739e, - 0x7ab9b2e57d5f3a13, - 0x513a6ec73171e05b, - 0x6b6a8244ed00762e, - 0x87d0a8427d0e5d36, - 0x417a733b306444eb, - 0xcaae9edbde381d27, - 0x5124f71e848677c3, - 0x47f710cb2a44cc08, - 0x637820bb0dbcadc4, - 0xeb54b306da09, - ])), - Fq::from_repr(BigInteger768([ - 0x1228573b93928314, - 0xbef47d91a144ae9c, - 0x896dd71c348196f9, - 0x769373819a2cef8a, - 0x65cee2c1ca362519, - 0x1603c65c14b30c1d, - 0x8b56003559d55972, - 0x9f4e3fe9dbbd6220, - 0x213fcc2184a77813, - 0xe56d2370e454f40c, - 0xc190214c5f7852d2, - 0xfa70dc17467, - ])), - false - ); - - let scalar = Fr::from_repr(BigInteger768([ - 0x56d6335b0db8aabc, - 0xead28ee558ffe882, - 0x1d5d812f693d85e, - 0x6a8759a07487aefa, - 0xc0c017fad83d37d8, - 0xdd1d91c4f3e3e08a, - 0xb430af48b77f22b4, - 0x4542b11e681a7fba, - 0x8bc1c9779783bcb0, - 0x12a9272e34a41ef6, - 0x3d2a16c493861827, - 0x1ae02b26d23fc, - ])); - - - assert_eq!((a.mul(scalar)).into_affine(), - G1Affine::new( - Fq::from_repr(BigInteger768([ - 0xa3d0ff067624b1d0, - 0x72664096e2577c12, - 0xa5c0016be5fb83df, - 0x5588f243586b074c, - 0x396f6f744d0f68c8, - 0xdaee682fe15fee44, - 0xacd54a6087292adf, - 0x5332945f07fe151e, - 0x1bebf1a88348a53f, - 0x7587d62f9ac2bf4f, - 0x71d34fed05742694, - 0xc20022e36488, - ])), - Fq::from_repr(BigInteger768([ - 0x672f790a2f76b3c, - 0x7cb36ead4c6fc730, - 0x2d61577762e758c8, - 0xe7750a8d982c291a, - 0x9fa3e61e2f101365, - 0x861251642d4c395e, - 0x84a9c031a9904727, - 0x18b5e27eb7de60e8, - 0x26c981935aa683db, - 0x3b9efd259ef81353, - 0x17f763c20d5ac84b, - 0x127cf79606e7c, - ])), - false - ) - ); -} - -#[test] -fn test_g1_affine_projective_conversion() { - - let a = G1Projective::new( - Fq::from_repr(BigInteger768([ - 0xb0ed63c4d24e8a1c, - 0x50bb6ed9a0862dcb, - 0x8c6c55ec0725bb6f, - 0x7a6117f051cd5547, - 0x64d4b0df25a12962, - 0x91ab55890e2526e7, - 0x428f5f3aada89b, - 0xbb4a3b186aba610a, - 0x36700cb6f89b3ee1, - 0x930d401e36897ef5, - 0x906ff098de3c93f2, - 0x19e3e488e71ab, - ])), - Fq::from_repr(BigInteger768([ - 0xc50ad9cddc4166f4, - 0xde424a828125a247, - 0x1e305c4683b1b04, - 0x82956035d685ec86, - 0xe7f3d4aa35f3f260, - 0x3d0c86f95c30e08b, - 0xc81563979c73ac11, - 0xdaa4b524232f3b91, - 0xb82d239f07291d52, - 0x3af3efc3be33fa0d, - 0x5e32f03921ce21e9, - 0x1c0e5725f0478, - ])), - Fq::from_repr(BigInteger768([ - 0x8b4fd5b8fd427b06, - 0x7d96a019653440df, - 0xd1939b3e70a64dfe, - 0x1c76c8553d664fe6, - 0xcf97c439c6627269, - 0x9732c7d39d91a667, - 0x8189ec69de56614c, - 0x1689e27635db4a89, - 0x97327af8bdad4b4, - 0xc3c8289fdb7b8219, - 0xb69d9535a1a29db4, - 0x28d4d4d8cd89, - ])), - ); - - let a_a = a.into_affine(); - assert_eq!(a_a, G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x39dd21ca6cbfad4e, - 0x64377a8f5a31e9f8, - 0xe6e7270485da014e, - 0x1a6f5a1fbe80813a, - 0x60a9a80a0e3a087, - 0x7b3c779f982b8c98, - 0x6179fcdf7893edd4, - 0x605b3e41f254b925, - 0x4d1e2d030ab467e3, - 0xa9283d87bf549304, - 0xe34151514840f804, - 0x1436619e846e, - ])), - Fq::from_repr(BigInteger768([ - 0xf06f708098de8eea, - 0xfdb4381ac7c97df, - 0x3275b4aed28fc16, - 0x3dae26a63f5f2fc0, - 0xf88932458695b60b, - 0x5406864079c3a5b3, - 0x757d70bd6d0d4ee, - 0xa3b5eb573b241e0e, - 0x9874335300ece9bd, - 0xe1dd8f781c582459, - 0xe981c3e4590b9847, - 0x1bdf789b4fc48, - ])), - false, - )); - - assert_eq!(a_a.into_projective(), a); -} - -#[test] -fn test_g2_addition_correctness() { - let mut p = G2Projective::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x5f3223a07f366969, - 0x2a2ec7caeb288ce9, - 0x17aab769f779b5a9, - 0x6f6b3a2e08d4bac9, - 0xfb76d77ef5383397, - 0x25a4a9f1ad927d94, - 0x8205c8e3dda818b9, - 0xefbd0dfae72f83da, - 0x7cb4a2c1e95a3983, - 0xdc890797f8f6a8de, - 0x14a99e12c4d27d9a, - 0x2f65a6298d59, - ])), - Fq::from_repr(BigInteger768([ - 0x9dda0049bcccf9e1, - 0xac33968d1278a69b, - 0x7f4303a18cf004ec, - 0xef41161159848b35, - 0x933cbd1c68fc9d0b, - 0x3fe12e20b4c2a325, - 0x4429d610856b837d, - 0xb1eaffd8ff610f97, - 0x84b431125114b908, - 0x5c5bc1e9a819fdf0, - 0x4e4e397f9b60e231, - 0x420182fa92d7, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x2a14a07b3d0962bf, - 0x2b7404e772f171f5, - 0x91328236e6f1dfde, - 0xa2be3582f495644a, - 0xe52f9290022d5951, - 0x843f9dbae42c5516, - 0xf3ce2874cef213fc, - 0xc7489756fd8113bb, - 0xb09f441361ccba15, - 0x396eaa5d408cf7c0, - 0xb0549a62b72c843f, - 0x1201e9d6f45a1, - ])), - Fq::from_repr(BigInteger768([ - 0x6b5dcd0342cb246c, - 0x6a09c0652a930527, - 0x52beee975dbcf334, - 0x1482fb6099dabbff, - 0xaf7eddad9b94d175, - 0xc9e04d335418f722, - 0xf8898c485e3d9b62, - 0x28a9fc8bc11d7856, - 0x970e355586c80574, - 0x522a2ba8b915b44d, - 0x13f25db5c37781cb, - 0x1310d7455f527, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xb6c5438c398dc5b5, - 0x765fe8bc45be7fd3, - 0x1888f1b043abd0a1, - 0x6bf47d2a4b3392bc, - 0xec8fe6ef04f43e2a, - 0x9e563d0212d9a354, - 0xdfa676efdde075fa, - 0xe988084473414e23, - 0x150aecfcf5bca982, - 0xb8774a87351a6201, - 0x8cc7d9e981ec47a1, - 0xa12b0732ee24, - ])), - Fq::from_repr(BigInteger768([ - 0xaafe130792fe06bb, - 0x700c8597e952d601, - 0xb15f43a7e4d87969, - 0x78f05db77378cc99, - 0x55d396b58085226c, - 0x5298e867ba29a1ed, - 0xc9edc458f424011a, - 0xfedc50815794d7ed, - 0x42797a89a59438b8, - 0x37f39ada55c7e491, - 0x2a39ff4d684b01bc, - 0xfb7c17dfb44d, - ])), - ), - ); - - p.add_assign(&G2Projective::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x45fb0732a6c84ada, - 0x2e7c2e9ea5ec6921, - 0x5f1f798bce840d83, - 0x97624337427f53e7, - 0x68f307a776fa7bb3, - 0x61cdfcd212665871, - 0x21943d55f30ca2ed, - 0x43fa4af2b8e9c1df, - 0xd53bbe66937b8340, - 0x970cf1de31d22d6a, - 0xed583dfe60140adf, - 0x1a81651f3172d, - ])), - Fq::from_repr(BigInteger768([ - 0x6bbeef6b976ce3d0, - 0xe2beddce175ce60e, - 0x24ba4828635b47ff, - 0x5fbae617c3d3a41a, - 0xf43e46048c3362c, - 0xdc9212692ae366fd, - 0x7425689634949157, - 0xb0350d06d8eb14, - 0x26f6162693ee53f0, - 0x247ffc8a08d0326f, - 0x442163eed14df0b6, - 0x1596b9e069e1b, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x8bf03470c8761245, - 0xfd4c6a213c2e80ee, - 0x3eac3a8da5ce68a8, - 0xf85b55e6d1028607, - 0xf70934fbe031ea56, - 0x90acf0ed9ed61fbf, - 0xd075f31aeba31fa8, - 0x96c8f7b8e4ad20de, - 0xcd407824ffa80456, - 0xdb0f203e63ad4b61, - 0xe2407d2665b7ea7, - 0x162cee712acd3, - ])), - Fq::from_repr(BigInteger768([ - 0x4a8ff1bedf602009, - 0x19d7078a858fd86e, - 0x7b88a3bb30864a03, - 0x8cf9c0d90bb5cb68, - 0xc8eb7d7daf652a9, - 0x7ef37490f02bae3d, - 0xc045597defd4fafb, - 0xe308eb734ec6c080, - 0x56f7b9443ae5e509, - 0x66ff5b397f7678ca, - 0x507aa8b2df44b17f, - 0x8a7672103f13, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x7bdb96501b9b12e9, - 0x9877ce67a2f665be, - 0x785f5fab9a28f03e, - 0x2ccf7053154f270, - 0x4f5ca680d79d29f3, - 0xacfd8bc9a2162519, - 0xb064537370fa10f3, - 0xdf123bdce608fa85, - 0x7678c535ab141901, - 0x71901bd3d399070f, - 0xb131e7f825642b39, - 0x109f0e1d55344, - ])), - Fq::from_repr(BigInteger768([ - 0xa2feeb9ecf8e0085, - 0x224a188ba1aa12d9, - 0xa943620d53b7c16d, - 0x5a0d2e8bb9df45f, - 0x65573960d81635fb, - 0x2c6dbdbdfe722263, - 0xb491103d1f674f2e, - 0xfb5fd8bb11ee2518, - 0xe8f5eefd11529803, - 0x8917c5743ceb6aea, - 0x72ca88afa56ad808, - 0x174b6340e1393, - ])), - ), - )); - - let p = G2Affine::from(p); - - assert_eq!( - p, - G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x81afa3f2e095a548, - 0x1d233cbfbc96f4a8, - 0xacc72730733b0e92, - 0x80830b5a5a6bcf9e, - 0x814d391aeec16ef0, - 0x9c9b9c6f85cdae39, - 0x4df6b22be49d121a, - 0x798e1285b4ff1b33, - 0xd22abf08d04dbd78, - 0x8c4095bb1095d0ef, - 0x2361e29860806199, - 0xb4c036809237, - ])), - Fq::from_repr(BigInteger768([ - 0x754d967161dad549, - 0x503e83d0fb16205c, - 0xd66b0bd4d2f8db2, - 0xed04664800e94ad5, - 0xaac6baadf12e5efd, - 0x17b479ec52ec9bad, - 0x3c9cd37b95b13d3d, - 0x60b83e345b25ac21, - 0x7da690b79d66995d, - 0xccdc2b8310f5c481, - 0xe1cb3674dce5cd88, - 0x58e7be595a24, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xb7cc519ce14c8548, - 0x978896cb456af97, - 0x87e8d77b39ec791c, - 0xfb1e3b1a85794506, - 0x397bafff7c713104, - 0xa3759c57f871b6e5, - 0xd60343332d7b9a6c, - 0x76c209f8c4b60fb7, - 0x750c0c62e37bee2, - 0x67f988ae7c3b298d, - 0x4fad31acd3b9c7fb, - 0x169bfaa14a886, - ])), - Fq::from_repr(BigInteger768([ - 0xb0f3874c4be6112b, - 0x4490e35f292e7a55, - 0x88a51f802f39f7a8, - 0xba0637f553c02028, - 0xb475a8a7fe3471a9, - 0x3833219058c068bf, - 0x341445c4e97c313f, - 0x87369d1b2d55de24, - 0xa2b1d2c4f5c71864, - 0xf1cafc8965e5dd80, - 0xa1847d2918041e2d, - 0x39aaeaabf80f, - ])), - ), - false, - ) - ); -} - -#[test] -fn test_g2_doubling_correctness() { - let mut p = G2Projective::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x4f40460199b4834d, - 0x5f13a81656e63624, - 0xc9b5774fef6a5b45, - 0xf69a1d904ecdb9c6, - 0xd475ae04f25c898a, - 0xdd439d0bbac3ee1f, - 0xc674397c800da350, - 0x4a8bd6c9959f5a04, - 0xdc606d932a17dab3, - 0xf529b1c08a8ca04e, - 0x12cbb4f27d2f2dbe, - 0x13aa136103c0d, - ])), - Fq::from_repr(BigInteger768([ - 0x74b1b24ef7988b3a, - 0xf823faebf3cd5b33, - 0xda3de11b2b871de, - 0x9d21221b5e17c092, - 0xbd5820eb76f3d488, - 0x6d66d6b27c131e7d, - 0x4e4b786c56fd3da9, - 0x47cf2a55976d24bb, - 0x668aa26f2dd3e782, - 0xb0a3a87f483667e, - 0xebbd0b140f04e57e, - 0xe6b4e63d455e, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x637ef9ea147a4c03, - 0xa8fc73bcfc582623, - 0xa1c12c0fc93087d, - 0x407d5057d43dc90c, - 0x990d3319259da38f, - 0xc22ed48c3b862e15, - 0xb65dbbe810a78712, - 0x4b16691b2c3eb26b, - 0x5a4f9d16d225c5b5, - 0x2247175b0d774cb3, - 0x3ee630223b2e489a, - 0x9b7361aa7381, - ])), - Fq::from_repr(BigInteger768([ - 0xd88252aa57e34bdc, - 0x1416281f76b6922a, - 0xf9d41eaddb006404, - 0x35c6a06cd179abb9, - 0xfecdb61450f1c4d7, - 0xe82bdc33c1370bff, - 0xc8e36d1922b03f6, - 0x4265e1e317b13ee8, - 0x6f7addbf20e8747f, - 0x11c2c233802d2a84, - 0x793dddc05dfb999c, - 0x40c8f7776907, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x64761e7c2d7698f0, - 0x21464f8f08c310a1, - 0xcd1b5bd49bfc070e, - 0xaee4099e6c3753aa, - 0x85394420ca7fc44a, - 0x66694b77b451834a, - 0xbd3d99a5aa3de6f6, - 0xefa977a4c353b40, - 0x20ec15e36ccc7cb6, - 0x4eca29c075ed9a03, - 0x6db651b7e135ebdc, - 0x98676f95f7cd, - ])), - Fq::from_repr(BigInteger768([ - 0x1a052cc63d15f94b, - 0x81b3051f30815a82, - 0x6fd5819cf1233c1, - 0xd5288b77c0f9d105, - 0x6d054bc7e4f84516, - 0xf3d516571b0f15b5, - 0x4163c185cbbcaf78, - 0x2b18fd0db4b13133, - 0x432aff4610ea17a2, - 0x723c9c7d37db54c9, - 0xa469b46b4f0ca07d, - 0xc1a82c632ac4, - ])), - ), - ); - - p.double_in_place(); - - let p = G2Affine::from(p); - - assert_eq!( - p, - G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xfa9d19d05f0fcb30, - 0x35ef65f448fd74c7, - 0x452a45cce7143629, - 0x5eb658ad07f48209, - 0x4bb52a1b39c75349, - 0xa6f4b4e3171e3d24, - 0x88360caed283a31e, - 0x6161974d011ff77, - 0x440bf0726c0fc78, - 0x9ba482526fd1e06b, - 0x9d091d638a429c28, - 0xb53974cd6fd5, - ])), - Fq::from_repr(BigInteger768([ - 0x828e3600d9e9e99f, - 0xa4b09f6a31cd95dd, - 0xf672fa14094c4e6a, - 0xf2a745418b1e2722, - 0x7d8965fadd4e72e9, - 0xbd6f5b375067ce7a, - 0xb4ad0babc4ae06f6, - 0xecf2bf5923189248, - 0xf982e77f2aee625d, - 0x1a4a4607d1f43a15, - 0xf06f7b40491a6213, - 0xe05064ac8aea, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x50a100953e6ddb72, - 0x7e1424572299d433, - 0x8ba470def85b95cc, - 0x8a93418009e30f2f, - 0x5ad6f1e4231ff0c6, - 0xbb0321bc2b9c54c3, - 0xfaa3134fc5a57ac3, - 0x71deb0d9e8179afc, - 0xa01189be17e9091f, - 0xe4098264273ff21e, - 0x8a4ca544ceb6fdf7, - 0x4c7276b0c360, - ])), - Fq::from_repr(BigInteger768([ - 0x9b4f763e35aa7b1f, - 0x82abc1fb1a0a4671, - 0x3fff7a3076437911, - 0x685007b9ec68ff41, - 0x419d48a4a4cfc31e, - 0x17b0c54de6b4c534, - 0x242b5d772462a3ad, - 0x47ea3a4b867eb3d3, - 0xcdebcc18e5135841, - 0xca5456362461a90e, - 0xcae0297c67cb3270, - 0x1b8f568cd253e, - ])), - ), - false, - ) - ); -} - -#[test] -fn test_g2_affine_projective_conversion() { - - let a = G2Projective::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xf2a5dc098a75141e, - 0x23e6010de81b1668, - 0xcf749d3de9dbac71, - 0x198cfe64bd15408b, - 0xd6a461232ae70ec, - 0x37da582333e0dd48, - 0x4692c548619682e1, - 0xdcf86b2373460657, - 0x8a63dfaf59522b0d, - 0x2ecccef78efe391d, - 0x291e1e8e9096bbfa, - 0xd12343ac117a, - ])), - Fq::from_repr(BigInteger768([ - 0xb4347f94cead299c, - 0x62c1a0d3a10e614, - 0x598e1b728540aa39, - 0x2a9e5b0071b768b9, - 0x7781c132d4925830, - 0x62fa7a31076423b9, - 0x2cda45f2c7c17478, - 0x64e950040cdd1e3b, - 0x504d2a8f249d1730, - 0xdd8aa3964168cd9e, - 0x27f7ce59797fb9b9, - 0x5e829c4ba10d, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x28ff71b89ad333bd, - 0x32f298aaf5c75f05, - 0xc0be59fcccc3ec6, - 0x68a5f1cfb7784d73, - 0x60ce7df7d47d7b18, - 0x708684767f52e7c8, - 0x511555c106b2dad5, - 0x44508a6d07b9d2c2, - 0x69f4a1a65236af9c, - 0xef20df852b68b2f3, - 0x85e6da13301e6537, - 0x9cefa79553e7, - ])), - Fq::from_repr(BigInteger768([ - 0x5ecb638625bf6572, - 0xd6ebe33e03362964, - 0xcdff1885b5fe7622, - 0x3bae49ce59768add, - 0xcd48445976684e71, - 0x1984ab71f16c3ebb, - 0x5dcdbd43ad37c101, - 0x2b82d68e7010cce4, - 0xde51df0827df1efb, - 0x94dbc6a585b24210, - 0xab4a0d495b2cbe85, - 0x54b5d1249ad2, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xfcf7b07c5f392ac8, - 0x7e0cac31ef62e976, - 0xb66ba07a1174b4b6, - 0xd819e6cec2ba35c, - 0x8c054919779b1228, - 0x9ca9907c610b2e6c, - 0x69c1a21a59b2b3e0, - 0x18500f2cc25c9b75, - 0x82c005e8f5530076, - 0x9ae7dacaec161449, - 0x283d0dcb795334c7, - 0x2b4d22ee7e0a, - ])), - Fq::from_repr(BigInteger768([ - 0x154115eeb1f386d9, - 0x1966fe1637cca523, - 0x4835a7b4829f5c6c, - 0xfd91d8850839987, - 0x36aec3c30210af0e, - 0x77854447f9fa701, - 0x52fd8ca1f007cedd, - 0xe1bb226c005c3546, - 0xec1ccf3b5c08e477, - 0xbba94ca96e78ad7f, - 0xbf0d58106a40bebb, - 0x182e1c643a30a, - ])), - ), - ); - - let a_a = a.into_affine(); - assert_eq!(a_a, G2Affine::new( - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xd04d1b2e84cfcb48, - 0xa4b0b52c7f856e71, - 0x99add11528f69820, - 0x4f6bf1a726e1f2d3, - 0x28c510ea93c63174, - 0x5bb4ad702d20871b, - 0xc2c1f4140d92e3d8, - 0xac9942226f48234b, - 0xa2a1c4acdb3a9b4c, - 0x6d4a504ee9c8b817, - 0x9cf836fd234056a9, - 0x1701959f3f8df, - ])), - Fq::from_repr(BigInteger768([ - 0xc5e4764c1e8d6b74, - 0x2ad093258e415ddf, - 0xda887f4bb02ec9cb, - 0x980eb36f879aecb0, - 0xfa49fc664df35b69, - 0xfe883323415d099c, - 0x82e3ac700ed10768, - 0x53aee549d42c7f6f, - 0xaf89293052476fbd, - 0xf8bd3561759d5edc, - 0x7d2b808b4d7796c5, - 0xfbad1bbe2f75, - ])), - ), - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x82499dc3a36723b, - 0x4e50d135b7f54d4e, - 0xdc5f9d26b1632dba, - 0x9cc203059dadfae6, - 0xbad176ed8ce683, - 0x2f13b62bf9447515, - 0x51a60d8f9878ee38, - 0xd0da6a9c191e9932, - 0x7771fda59ea50910, - 0xebb8ee07d88f2a4c, - 0x30a30d31e8371130, - 0x1bc18c8417eb, - ])), - Fq::from_repr(BigInteger768([ - 0xd00b7ab48a75abe1, - 0x83ff0033936859cd, - 0xab0f91ffc2138a10, - 0x2316611e3c365b00, - 0xe8a21b050527b787, - 0xd30f4581baa3bea0, - 0x59dbf53e112a427b, - 0xe688fc5ea40e5708, - 0xdfbde864b9df0b91, - 0x98b7d79934e7c524, - 0xdca7e75740c36f0e, - 0x1bc31e18981b, - ])), - ), - false - )); - - assert_eq!(a_a.into_projective(), a); -} \ No newline at end of file diff --git a/algebra/src/curves/mnt6/g1.rs b/algebra/src/curves/mnt6/g1.rs deleted file mode 100644 index d0d133d53..000000000 --- a/algebra/src/curves/mnt6/g1.rs +++ /dev/null @@ -1,124 +0,0 @@ -use crate::{field_new, FromBytes}; -use crate::{ - biginteger::BigInteger320, - bytes::ToBytes, - curves::{ - mnt6::MNT6, - models::{ModelParameters, SWModelParameters}, - short_weierstrass_projective::{GroupAffine, GroupProjective}, - AffineCurve, - }, - fields::mnt6::{Fq, Fq3, Fr}, -}; -use std::io::{Result as IoResult, Write, Read}; -use std::io; -use serde::{Serialize, Deserialize}; - -pub type G1Affine = GroupAffine; -pub type G1Projective = GroupProjective; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct MNT6G1Parameters; - -impl ModelParameters for MNT6G1Parameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl SWModelParameters for MNT6G1Parameters { - /// COEFF_A = - const COEFF_A: Fq = field_new!(Fq, BigInteger320([ - 0xb9b2411bfd0eafef, - 0xc61a10fadd9fecbd, - 0x89f128e59811f3fb, - 0x980c0f780adadabb, - 0x9ba1f11320, - ])); - - /// COEFF_B = - const COEFF_B: Fq = field_new!(Fq, BigInteger320([ - 0xa94cb16ed8e733b, - 0xe1ed15e8119bae6, - 0xae927592157c8121, - 0x990dbcbc6661cf95, - 0xecff0892ef, - ])); - - /// COFACTOR = 1 - const COFACTOR: &'static [u64] = &[1]; - - /// COFACTOR^(-1) mod r = - /// 1 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger320([ - 1784298994435064924, - 16852041090100268533, - 14258261760832875328, - 2961187778261111191, - 1929014752195, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G1_GENERATOR_X, G1_GENERATOR_Y); -} - -/// G1_GENERATOR_X = -pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger320([ - 0x1a663562f74e1d24, - 0xc1d1d583fccd1b79, - 0xda077538a9763df2, - 0x70c4a4ea36aa01d9, - 0x86537578a8, -])); - -/// G1_GENERATOR_Y = -pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger320([ - 0x7ad5bfd16dcfffb2, - 0x88dd739252215070, - 0x43f137a8b517b339, - 0x9a7fac709a8c463c, - 0x3140fbc3593, -])); - -#[derive(Eq, PartialEq, Copy, Clone, Debug, Serialize, Deserialize)] -pub struct G1Prepared { - pub x: Fq, - pub y: Fq, - pub x_twist: Fq3, - pub y_twist: Fq3, -} - -impl ToBytes for G1Prepared { - fn write(&self, mut writer: W) -> IoResult<()> { - self.x.write(&mut writer)?; - self.y.write(&mut writer)?; - self.x_twist.write(&mut writer)?; - self.y_twist.write(&mut writer) - } -} - -impl FromBytes for G1Prepared { - fn read(mut reader: R) -> IoResult { - let x = Fq::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let y = Fq::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let x_twist = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let y_twist = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(G1Prepared{x, y, x_twist, y_twist}) - } -} - -impl From for G1Prepared { - fn from(other: G1Affine) -> Self { - MNT6::ate_precompute_g1(&other.into_projective()) - } -} - -impl Default for G1Prepared { - fn default() -> Self { - Self::from(G1Affine::prime_subgroup_generator()) - } -} diff --git a/algebra/src/curves/mnt6/g2.rs b/algebra/src/curves/mnt6/g2.rs deleted file mode 100644 index 010c9f7b0..000000000 --- a/algebra/src/curves/mnt6/g2.rs +++ /dev/null @@ -1,286 +0,0 @@ -use crate::{field_new, FromBytes}; -use crate::{ - biginteger::BigInteger320, - bytes::ToBytes, - curves::{ - mnt6::{g1::MNT6G1Parameters, MNT6, TWIST_COEFF_A}, - models::{ModelParameters, SWModelParameters}, - short_weierstrass_projective::{GroupAffine, GroupProjective}, - AffineCurve, - }, - fields::mnt6::{Fq, Fq3, Fr}, -}; -use std::io::{Result as IoResult, Write, Read}; -use std::io; -use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; -use serde::{Serialize, Deserialize}; - -pub type G2Affine = GroupAffine; -pub type G2Projective = GroupProjective; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct MNT6G2Parameters; - -impl ModelParameters for MNT6G2Parameters { - type BaseField = Fq3; - type ScalarField = Fr; -} - -/// MUL_BY_A_C0 = NONRESIDUE * COEFF_A -pub const MUL_BY_A_C0: Fq = field_new!(Fq, BigInteger320([ - 0xa07b458bf1496fab, - 0xde8254e6541f9fb4, - 0xb1b5cc7bf859c3ea, - 0xf83c4d58364645a9, - 0x30a29b55fa2, -])); - -/// MUL_BY_A_C1 = NONRESIDUE * COEFF_A -pub const MUL_BY_A_C1: Fq = field_new!(Fq, BigInteger320([ - 0xa07b458bf1496fab, - 0xde8254e6541f9fb4, - 0xb1b5cc7bf859c3ea, - 0xf83c4d58364645a9, - 0x30a29b55fa2, -])); - -/// MUL_BY_A_C2 = COEFF_A -pub const MUL_BY_A_C2: Fq = MNT6G1Parameters::COEFF_A; - -impl SWModelParameters for MNT6G2Parameters { - const COEFF_A: Fq3 = TWIST_COEFF_A; - const COEFF_B: Fq3 = field_new!(Fq3, - field_new!(Fq, BigInteger320([ - 0x79a4c2cea3c84026, - 0x4b50cad0f3233baa, - 0x9ded82770e7a4410, - 0x5ade8b105838b95d, - 0xe4036e0a3a, - ])), - field_new!(Fq, BigInteger320([0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger320([0, 0, 0, 0, 0])), - ); - - /// COFACTOR = - /// 226502022472576270196498690498308461791828762732602586162207535351960270082712694977333372361549082214519252261735048131889018501404377856786623430385820659037970876666767495659520 - const COFACTOR: &'static [u64] = &[ - 15308190245346869248, - 10669098443577192943, - 4561413759929581409, - 3680089780298582849, - 17336300687782721465, - 10745756320947240891, - 17479264233688728128, - 16828697388537672097, - 4184034152442024798, - 915787, - ]; - - /// COFACTOR^(-1) mod r = - /// 79320381028210220958891541608841408590854146655427655872973753568875979721417185067925504 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger320([ - 5837598184463018016, - 7845868194417674836, - 12170332588914158076, - 6950611683754678431, - 102280178745, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G2_GENERATOR_X, G2_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(elt: &Fq3) -> Fq3 { - field_new!(Fq3, - MUL_BY_A_C0 * &elt.c1, - MUL_BY_A_C1 * &elt.c2, - MUL_BY_A_C2 * &elt.c0, - ) - } -} - -const G2_GENERATOR_X: Fq3 = field_new!(Fq3, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1, G2_GENERATOR_X_C2); -const G2_GENERATOR_Y: Fq3 = field_new!(Fq3, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1, G2_GENERATOR_Y_C2); - -pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger320([ - 0x15ca12fc5d551ea7, - 0x9e0b2b2b2bb8b979, - 0xe6e66283ad5a786a, - 0x46ba0aedcc383c07, - 0x243853463ed, -])); - -pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger320([ - 0x2c0e3dd7be176130, - 0x27a15d879495904b, - 0x6f1f0d2dd1502a82, - 0x9782ee3c70834da, - 0x2c28bb71862, -])); - -pub const G2_GENERATOR_X_C2: Fq = field_new!(Fq, BigInteger320([ - 0xf3e5f4eb9631e1f1, - 0x657801e80c50778, - 0x2d2abb128fee90f3, - 0x72e58e4c3aa3598c, - 0x100b8026b9d, -])); - -pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger320([ - 0xb1cddd6c64a67c5f, - 0xa01e90d89aa5d2ba, - 0x39e9a733be49ed1, - 0x9438f46f63d3264f, - 0x12cc928ef10, -])); - -pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger320([ - 0xa1529b7265ad4be7, - 0x21c5e827cf309306, - 0x9b3d647bd8c70b22, - 0x42835bf373e4b213, - 0xd3c77c9ff9, -])); - -pub const G2_GENERATOR_Y_C2: Fq = field_new!(Fq, BigInteger320([ - 0x610557ec4b58b8df, - 0x51a23865b52045f1, - 0x9dcfd915a09da608, - 0x6d65c95f69adb700, - 0x2d3c3d195a1, -])); - -#[derive(Eq, PartialEq, Clone, Debug, Serialize, Deserialize)] -pub struct G2Prepared { - pub x: Fq3, - pub y: Fq3, - pub x_over_twist: Fq3, - pub y_over_twist: Fq3, - pub double_coefficients: Vec, - pub addition_coefficients: Vec, -} - -impl ToBytes for G2Prepared { - fn write(&self, mut writer: W) -> IoResult<()> { - self.x.write(&mut writer)?; - self.y.write(&mut writer)?; - self.x_over_twist.write(&mut writer)?; - self.y_over_twist.write(&mut writer)?; - writer.write_u32::(self.double_coefficients.len() as u32)?; - for dc in self.double_coefficients.clone() { - dc.write(&mut writer)?; - } - writer.write_u32::(self.addition_coefficients.len() as u32)?; - for ac in self.addition_coefficients.clone(){ - ac.write(&mut writer)?; - } - Ok(()) - } -} - -impl FromBytes for G2Prepared { - fn read(mut reader: R) -> IoResult { - let x = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let y = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let x_over_twist = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let y_over_twist = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - - let double_coeffs_len = reader.read_u32::()? as usize; - let mut double_coefficients = vec![]; - for _ in 0..double_coeffs_len { - let dc = AteDoubleCoefficients::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - double_coefficients.push(dc); - } - - let add_coeffs_len = reader.read_u32::()? as usize; - let mut addition_coefficients = vec![]; - for _ in 0..add_coeffs_len { - let ac = AteAdditionCoefficients::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - addition_coefficients.push(ac); - } - - Ok(G2Prepared{x, y, x_over_twist, y_over_twist, double_coefficients, addition_coefficients}) - } -} - -impl From for G2Prepared { - fn from(point: G2Affine) -> Self { - MNT6::ate_precompute_g2(&point.into_projective()) - } -} - -impl Default for G2Prepared { - fn default() -> Self { - Self::from(G2Affine::prime_subgroup_generator()) - } -} - -pub(super) struct G2ProjectiveExtended { - pub(crate) x: Fq3, - pub(crate) y: Fq3, - pub(crate) z: Fq3, - pub(crate) t: Fq3, -} - -#[derive(Eq, PartialEq, Copy, Clone, Debug)] -pub struct AteDoubleCoefficients { - pub(crate) c_h: Fq3, - pub(crate) c_4c: Fq3, - pub(crate) c_j: Fq3, - pub(crate) c_l: Fq3, -} - -impl FromBytes for AteDoubleCoefficients{ - fn read(mut reader: R) -> IoResult { - let c_h = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let c_4c = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let c_j = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let c_l = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(AteDoubleCoefficients{c_h, c_4c, c_j, c_l}) - } -} - -impl ToBytes for AteDoubleCoefficients{ - fn write(&self, mut writer: W) -> IoResult<()> { - self.c_h.write(&mut writer)?; - self.c_4c.write(&mut writer)?; - self.c_j.write(&mut writer)?; - self.c_l.write(&mut writer)?; - Ok(()) - } -} - -#[derive(Eq, PartialEq, Copy, Clone, Debug)] -pub struct AteAdditionCoefficients { - pub(crate) c_l1: Fq3, - pub(crate) c_rz: Fq3, -} - -impl FromBytes for AteAdditionCoefficients{ - fn read(mut reader: R) -> IoResult { - let c_l1 = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let c_rz = Fq3::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(AteAdditionCoefficients{c_l1, c_rz}) - } -} - -impl ToBytes for AteAdditionCoefficients{ - fn write(&self, mut writer: W) -> IoResult<()> { - self.c_l1.write(&mut writer)?; - self.c_rz.write(&mut writer)?; - Ok(()) - } -} diff --git a/algebra/src/curves/mnt6/mod.rs b/algebra/src/curves/mnt6/mod.rs deleted file mode 100644 index 17f3bf9da..000000000 --- a/algebra/src/curves/mnt6/mod.rs +++ /dev/null @@ -1,327 +0,0 @@ -use crate::field_new; -use crate::{ - Error, - biginteger::BigInteger320, - curves::{PairingEngine, ProjectiveCurve}, - fields::{ - mnt6::{ - fq::{Fq, FqParameters}, - Fq3, Fq6, Fr, - }, - BitIterator, Field, FpParameters, - }, -}; - -pub mod g1; -pub mod g2; -#[cfg(test)] -mod tests; - -use self::g2::{AteAdditionCoefficients, AteDoubleCoefficients, G2ProjectiveExtended}; -pub use self::{ - g1::{G1Affine, G1Prepared, G1Projective}, - g2::{G2Affine, G2Prepared, G2Projective}, -}; - -pub type GT = Fq6; - -#[derive(Copy, Clone, Eq, PartialEq, Debug)] -pub struct MNT6; - -impl PairingEngine for MNT6 { - type Fr = Fr; - type G1Projective = G1Projective; - type G1Affine = G1Affine; - type G1Prepared = G1Prepared; - type G2Projective = G2Projective; - type G2Affine = G2Affine; - type G2Prepared = G2Prepared; - type Fq = Fq; - type Fqe = Fq3; - type Fqk = Fq6; - - fn miller_loop<'a, I>(i: I) -> Self::Fqk - where - I: IntoIterator, - { - let mut result = Self::Fqk::one(); - for &(ref p, ref q) in i { - result *= &MNT6::ate_miller_loop(p, q); - } - result - } - - fn final_exponentiation(r: &Self::Fqk) -> Option { - Some(MNT6::final_exponentiation(r)) - } -} - -impl MNT6 { - /// Takes as input a point in G1 in projective coordinates, and outputs a - /// precomputed version of it for pairing purposes. - fn ate_precompute_g1(value: &G1Projective) -> G1Prepared { - let g1 = value.into_affine(); - - let mut x_twist = TWIST.clone(); - x_twist.mul_assign_by_fp(&g1.x); - - let mut y_twist = TWIST.clone(); - y_twist.mul_assign_by_fp(&g1.y); - - G1Prepared { - x: g1.x, - y: g1.y, - x_twist, - y_twist, - } - } - - /// Takes as input a point in `G2` in projective coordinates, and outputs a - /// precomputed version of it for pairing purposes. - fn ate_precompute_g2(value: &G2Projective) -> G2Prepared { - let g2 = value.into_affine(); - - let twist_inv = TWIST.inverse().unwrap(); - - let mut g2p = G2Prepared { - x: g2.x, - y: g2.y, - x_over_twist: g2.x * &twist_inv, - y_over_twist: g2.y * &twist_inv, - double_coefficients: vec![], - addition_coefficients: vec![], - }; - - let mut r = G2ProjectiveExtended { - x: g2.x, - y: g2.y, - z: Fq3::one(), - t: Fq3::one(), - }; - - for (idx, value) in ATE_LOOP_COUNT.iter().rev().enumerate() { - let mut tmp = *value; - let skip_extraneous_bits = 64 - value.leading_zeros(); - let mut v = Vec::with_capacity(16); - for i in 0..64 { - if idx == 0 && (i == 0 || i >= skip_extraneous_bits) { - continue; - } - v.push(tmp & 1 == 1); - tmp >>= 1; - } - - for bit in v.iter().rev() { - let (r2, coeff) = MNT6::doubling_step_for_flipped_miller_loop(&r); - g2p.double_coefficients.push(coeff); - r = r2; - - if *bit { - let (r2, coeff) = - MNT6::mixed_addition_step_for_flipped_miller_loop(&g2.x, &g2.y, &r); - g2p.addition_coefficients.push(coeff); - r = r2; - } - - tmp >>= 1; - } - } - - if ATE_IS_LOOP_COUNT_NEG { - let rz_inv = r.z.inverse().unwrap(); - let rz2_inv = rz_inv.square(); - let rz3_inv = rz_inv * &rz2_inv; - - let minus_r_affine_x = r.x * &rz2_inv; - let minus_r_affine_y = -r.y * &rz3_inv; - - let add_result = MNT6::mixed_addition_step_for_flipped_miller_loop( - &minus_r_affine_x, - &minus_r_affine_y, - &r, - ); - g2p.addition_coefficients.push(add_result.1); - } - - g2p - } - - fn doubling_step_for_flipped_miller_loop( - r: &G2ProjectiveExtended, - ) -> (G2ProjectiveExtended, AteDoubleCoefficients) { - let a = r.t.square(); - let b = r.x.square(); - let c = r.y.square(); - let d = c.square(); - let e = (r.x + &c).square() - &b - &d; - let f = (b + &b + &b) + &(TWIST_COEFF_A * &a); - let g = f.square(); - - let d_eight = d.double().double().double(); - - let x = -(e + &e + &e + &e) + &g; - let y = -d_eight + &(f * &(e + &e - &x)); - let z = (r.y + &r.z).square() - &c - &r.z.square(); - let t = z.square(); - - let r2 = G2ProjectiveExtended { x, y, z, t }; - let coeff = AteDoubleCoefficients { - c_h: (r2.z + &r.t).square() - &r2.t - &a, - c_4c: c + &c + &c + &c, - c_j: (f + &r.t).square() - &g - &a, - c_l: (f + &r.x).square() - &g - &b, - }; - - (r2, coeff) - } - - fn mixed_addition_step_for_flipped_miller_loop( - x: &Fq3, - y: &Fq3, - r: &G2ProjectiveExtended, - ) -> (G2ProjectiveExtended, AteAdditionCoefficients) { - let a = y.square(); - let b = r.t * x; - let d = ((r.z + y).square() - &a - &r.t) * &r.t; - let h = b - &r.x; - let i = h.square(); - let e = i + &i + &i + &i; - let j = h * &e; - let v = r.x * &e; - let l1 = d - &(r.y + &r.y); - - let x = l1.square() - &j - &(v + &v); - let y = l1 * &(v - &x) - &(j * &(r.y + &r.y)); - let z = (r.z + &h).square() - &r.t - &i; - let t = z.square(); - - let r2 = G2ProjectiveExtended { x, y, z, t }; - let coeff = AteAdditionCoefficients { c_l1: l1, c_rz: z }; - - (r2, coeff) - } - - pub fn ate_miller_loop(p: &G1Prepared, q: &G2Prepared) -> Fq6 { - let l1_coeff = field_new!(Fq3, p.x, Fq::zero(), Fq::zero()) - &q.x_over_twist; - - let mut f = Fq6::one(); - - let mut dbl_idx: usize = 0; - let mut add_idx: usize = 0; - - let mut found_one = false; - - for bit in BitIterator::new(ATE_LOOP_COUNT) { - // code below gets executed for all bits (EXCEPT the MSB itself) of - // mnt6_param_p (skipping leading zeros) in MSB to LSB order - if !found_one && bit { - found_one = true; - continue; - } else if !found_one { - continue; - } - - let dc = &q.double_coefficients[dbl_idx]; - dbl_idx += 1; - - let g_rr_at_p = Fq6::new( - -dc.c_4c - &(dc.c_j * &p.x_twist) + &dc.c_l, - dc.c_h * &p.y_twist, - ); - - f = f.square() * &g_rr_at_p; - - if bit { - let ac = &q.addition_coefficients[add_idx]; - add_idx += 1; - - let g_rq_at_p = Fq6::new( - ac.c_rz * &p.y_twist, - -(q.y_over_twist * &ac.c_rz + &(l1_coeff * &ac.c_l1)), - ); - f = f * &g_rq_at_p; - } - } - - if ATE_IS_LOOP_COUNT_NEG { - let ac = &q.addition_coefficients[add_idx]; - - let g_rnegr_at_p = Fq6::new( - ac.c_rz * &p.y_twist, - -(q.y_over_twist * &ac.c_rz + &(l1_coeff * &ac.c_l1)), - ); - f = (f * &g_rnegr_at_p).inverse().unwrap(); - } - - f - } - - pub fn final_exponentiation(value: &Fq6) -> Result { - if value.is_zero() { - Err(format!("Invalid exponentiation value: 0"))? - } - let value_inv = value.inverse().unwrap(); - let value_to_first_chunk = MNT6::final_exponentiation_first_chunk(value, &value_inv); - let value_inv_to_first_chunk = MNT6::final_exponentiation_first_chunk(&value_inv, value); - Ok(MNT6::final_exponentiation_last_chunk(&value_to_first_chunk, &value_inv_to_first_chunk)) - } - - fn final_exponentiation_first_chunk(elt: &Fq6, elt_inv: &Fq6) -> Fq6 { - // (q^3-1)*(q+1) - - // elt_q3 = elt^(q^3) - let mut elt_q3 = elt.clone(); - elt_q3.frobenius_map(3); - // elt_q3_over_elt = elt^(q^3-1) - let elt_q3_over_elt = elt_q3 * elt_inv; - // alpha = elt^((q^3-1) * q) - let mut alpha = elt_q3_over_elt.clone(); - alpha.frobenius_map(1); - // beta = elt^((q^3-1)*(q+1) - alpha * &elt_q3_over_elt - } - - fn final_exponentiation_last_chunk(elt: &Fq6, elt_inv: &Fq6) -> Fq6 { - let elt_clone = elt.clone(); - let elt_inv_clone = elt_inv.clone(); - - let mut elt_q = elt.clone(); - elt_q.frobenius_map(1); - - let w1_part = elt_q.cyclotomic_exp(&FINAL_EXPONENT_LAST_CHUNK_1); - let w0_part; - if FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG { - w0_part = elt_inv_clone.cyclotomic_exp(&FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0); - } else { - w0_part = elt_clone.cyclotomic_exp(&FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0); - } - - w1_part * &w0_part - } -} - -pub const TWIST: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO); -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger320([0, 0, 0, 0, 0])); -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); -pub const TWIST_COEFF_A: Fq3 = field_new!(Fq3, - FQ_ZERO, - FQ_ZERO, - field_new!(Fq, BigInteger320([ - 0xb9b2411bfd0eafef, - 0xc61a10fadd9fecbd, - 0x89f128e59811f3fb, - 0x980c0f780adadabb, - 0x9ba1f11320, - ])), -); - -pub const ATE_LOOP_COUNT: [u64; 3] = [0xdc9a1b671660000, 0x46609756bec2a33f, 0x1eef55]; - -pub const ATE_IS_LOOP_COUNT_NEG: bool = true; - -pub const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger320 = BigInteger320([0x1, 0x0, 0x0, 0x0, 0x0]); - -pub const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = true; - -pub const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger320 = - BigInteger320([0xdc9a1b671660000, 0x46609756bec2a33f, 0x1eef55, 0x0, 0x0]); diff --git a/algebra/src/curves/mnt6/tests.rs b/algebra/src/curves/mnt6/tests.rs deleted file mode 100644 index 6df59e70b..000000000 --- a/algebra/src/curves/mnt6/tests.rs +++ /dev/null @@ -1,88 +0,0 @@ -use crate::{curves::{ - mnt6::{G1Affine, G1Projective, G2Affine, G2Projective, MNT6, g1::MNT6G1Parameters, g2::MNT6G2Parameters}, - tests::curve_tests, - AffineCurve, PairingEngine, -}, fields::mnt6::fr::Fr, groups::tests::group_test, SemanticallyValid}; -use rand; -use crate::curves::tests::sw_projective_tests; - -#[test] -fn test_g1_projective_curve() { - curve_tests::(); - sw_projective_tests::() -} - -#[test] -fn test_g1_projective_group() { - let a: G1Projective = rand::random(); - let b: G1Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g1_generator() { - let generator = G1Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_g2_projective_curve() { - curve_tests::(); - sw_projective_tests::() -} - -#[test] -fn test_g2_projective_group() { - let a: G2Projective = rand::random(); - let b: G2Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g2_generator() { - let generator = G2Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_bilinearity() { - use crate::fields::{mnt6::fq6::Fq6, Field, PrimeField}; - - let a: G1Projective = rand::random(); - let b: G2Projective = rand::random(); - let s: Fr = rand::random(); - - let sa = a * &s; - let sb = b * &s; - - let ans1 = MNT6::pairing(sa, b); - let ans2 = MNT6::pairing(a, sb); - let ans3 = MNT6::pairing(a, b).pow(s.into_repr()); - - assert_eq!(ans1, ans2); - assert_eq!(ans2, ans3); - - assert_ne!(ans1, Fq6::one()); - assert_ne!(ans2, Fq6::one()); - assert_ne!(ans3, Fq6::one()); - - assert_eq!(ans1.pow(Fr::characteristic()), Fq6::one()); - assert_eq!(ans2.pow(Fr::characteristic()), Fq6::one()); - assert_eq!(ans3.pow(Fr::characteristic()), Fq6::one()); -} - -#[test] -fn test_product_of_pairings() { - use crate::{ - ProjectiveCurve, UniformRand - }; - let rng = &mut rand::thread_rng(); - - let a = G1Projective::rand(rng).into_affine(); - let b = G2Projective::rand(rng).into_affine(); - let c = G1Projective::rand(rng).into_affine(); - let d = G2Projective::rand(rng).into_affine(); - let ans1 = MNT6::pairing(a, b) * &MNT6::pairing(c, d); - let ans2 = MNT6::product_of_pairings(&[(a.into(), b.into()), (c.into(), d.into())]); - assert_eq!(ans1, ans2); -} diff --git a/algebra/src/curves/mnt6753/g1.rs b/algebra/src/curves/mnt6753/g1.rs deleted file mode 100644 index 734a860a4..000000000 --- a/algebra/src/curves/mnt6753/g1.rs +++ /dev/null @@ -1,113 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger768, - curves::{ - models::{ModelParameters, SWModelParameters}, - }, - fields::mnt6753::{Fq, Fr}, -}; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct MNT6G1Parameters; - -impl ModelParameters for MNT6G1Parameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl SWModelParameters for MNT6G1Parameters { - // a=11, Montgomery rep. - const COEFF_A: Fq = field_new!(Fq, BigInteger768([ - 0x4768931cfff9c7d4, - 0xc45e46d6ada96ca0, - 0x479b0bdb0b3c0107, - 0x362a089610f8d41b, - 0xdbafcec2c8a91aaf, - 0x78428b0ff9d96a06, - 0xf2e4472a9080c353, - 0xc9006ed33f0e971c, - 0x0794d9d10bdb7288, - 0x3c1e44cab5419e2c, - 0x49b5fc6c81f4560c, - 0x1c287777c30ba, - ])); - // b= 1162590899954132115202734022401037471684116770178358464833890823541085\ - // 9267060079819722747939267925389062611062156601938166010098747920378738\ - // 9278326581336254542601154090758161875550558594902533757047280279443155\ - // 01122723426879114 - // Montgom. rep. - const COEFF_B: Fq = field_new!(Fq, BigInteger768([ - 0x7a85e23c6984298a, - 0xb08f89f10deb6f43, - 0x1ff8d652bcdd2b90, - 0x6fe8b22127f7f097, - 0x57007df447700e3e, - 0x2f8aca277da9258d, - 0x14385d51ca5422fb, - 0x47d8f3de65c79d1d, - 0xfa9ac2fe4bd09711, - 0x9175a8b5ef915920, - 0xf83fa70b67d17c00, - 0x10804126ecf16, - ])); - - const COFACTOR: &'static [u64] = &[1]; - - // inverse of cofactor mod group order r - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger768([ - 0x98A8ECABD9DC6F42, - 0x91CD31C65A034686, - 0x97C3E4A0CD14572E, - 0x79589819C788B601, - 0xED269C942108976F, - 0x1E0F4D8ACF031D68, - 0x320C3BB713338559, - 0x598B4302D2F00A62, - 0x4074C9CBFD8CA621, - 0x0FA47EDB3865E88C, - 0x95455FB31FF9A195, - 0x7B479EC8E242, - ])); - - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G1_GENERATOR_X, G1_GENERATOR_Y); -} - -//generator of prime order r -//x =3458420969484235708806261200128850544017070333833944116801482064540723\ -// 2681492354777628704146649173606059496596309331847515262279936470308751\ -// 6768749271405287219577008822518325905140308790615870178675844188974261\ -// 8916006546636728 -pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger768([ - 0xe3a856605652f582, - 0xea2ad6adb232d3cc, - 0x006917a62cf94e5d, - 0xb0cf88593f1f8d9c, - 0xdf4294279d098622, - 0xd1805f5f25762cae, - 0x0ce84eed156d448a, - 0x092939a0aaa29f11, - 0x4851f2bd56e6d412, - 0xd6a3f94887cc2c08, - 0xa3870d376b51b4de, - 0x1262a0793b60, -])); - -//y=2746050840233196514962660022438213725450297597916837111164092472158912\ -// 7725376473514838234361114855175488242007431439074223827742813911899817\ -// 9307281122977634480108147641177014035402987649704695003396465633446808\ -// 68495474127850569 -pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger768([ - 0xa17be03d3de9993a, - 0xd23d47f834d6e6a7, - 0xc835b816dad2a400, - 0xb067d33661cbda12, - 0x34917ee69c71eaa3, - 0x69dcbdab27c304e6, - 0xeea1a2a6d6c76015, - 0x5e60253078c4f3e3, - 0x1eee46f45880e189, - 0xd8de606656eb5e1c, - 0xbf48f43a878dac3a, - 0x37d7e759d51c, -])); \ No newline at end of file diff --git a/algebra/src/curves/mnt6753/g2.rs b/algebra/src/curves/mnt6753/g2.rs deleted file mode 100644 index 085c1f176..000000000 --- a/algebra/src/curves/mnt6753/g2.rs +++ /dev/null @@ -1,274 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger768, - curves::{ - models::{ModelParameters, SWModelParameters, mnt6::MNT6Parameters}, - }, - fields::mnt6753::{Fq, Fq3, Fr}, -}; -use crate::curves::mnt6753::MNT6_753Parameters; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct MNT6G2Parameters; - -impl ModelParameters for MNT6G2Parameters { - type BaseField = Fq3; - type ScalarField = Fr; -} - -/// MUL_BY_A_C0 = NONRESIDUE * COEFF_A -pub const MUL_BY_A_C0: Fq = field_new!(Fq, BigInteger768([ - 0x9733ad687fbb9612, - 0x5dc71052d9fb63c4, - 0xb006710f05909f6c, - 0x110e9fd4acb4d2bb, - 0xfb57f89503f8a764, - 0x32a06017e8d6ee3a, - 0x6da39e53e7fab86d, - 0x531b87989f5736b6, - 0xa036423d447f7762, - 0x658d0b923634ec9e, - 0x8978374c40a3a9bd, - 0x1ac145a9a6f56, -])); - -/// MUL_BY_A_C1 = NONRESIDUE * COEFF_A -pub const MUL_BY_A_C1: Fq = field_new!(Fq, BigInteger768([ - 0x9733ad687fbb9612, - 0x5dc71052d9fb63c4, - 0xb006710f05909f6c, - 0x110e9fd4acb4d2bb, - 0xfb57f89503f8a764, - 0x32a06017e8d6ee3a, - 0x6da39e53e7fab86d, - 0x531b87989f5736b6, - 0xa036423d447f7762, - 0x658d0b923634ec9e, - 0x8978374c40a3a9bd, - 0x1ac145a9a6f56, -])); - -/// MUL_BY_A_C2 = COEFF_A -pub const MUL_BY_A_C2: Fq = field_new!(Fq, BigInteger768([ - 0x4768931cfff9c7d4, - 0xc45e46d6ada96ca0, - 0x479b0bdb0b3c0107, - 0x362a089610f8d41b, - 0xdbafcec2c8a91aaf, - 0x78428b0ff9d96a06, - 0xf2e4472a9080c353, - 0xc9006ed33f0e971c, - 0x794d9d10bdb7288, - 0x3c1e44cab5419e2c, - 0x49b5fc6c81f4560c, - 0x1c287777c30ba, -])); - -impl SWModelParameters for MNT6G2Parameters { - // quadratic twist E' of the G1-curve E: y^2= x^3 + a + b - // E': y^2 = x^3 + (a*X^2) x + (b*alpha) - // over F3 = Fq[X]/(X^3-alpha), - const COEFF_A: Fq3 = MNT6_753Parameters::TWIST_COEFF_A; - // b* alpha = 2189526091197672465268098090392210500740714959757583916377481826443393\ - // 4999475576977735460405761625154345087680572458878565919137523426009191\ - // 1743367508069149969702052378378473869436004085359172391620115020774601\ - // 9687604267190251 - // Montg. rep. - const COEFF_B: Fq3 = field_new!(Fq3, - field_new!(Fq, BigInteger768([ - 0x2d93ef4b08adc8e8, - 0xbe6756d13b566a07, - 0x571c2b24a37ed1ab, - 0x73bfcea77c0ff6a1, - 0x437eaa061b09b766, - 0xdc6c86bdb42aa36f, - 0x43852569e97bb318, - 0xe66023aaebce2eee, - 0x8c56eb14b6676b0b, - 0xf034b3ef25e0b4da, - 0x49ecccabdcaf81f3, - 0xbb87b9524d96, - ])), - field_new!(Fq, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - ); - - // cofactor = 1755483545388786116744270475466687259186947712032004459714210070280389\ - // 5001169874961240985748233894662859781511401555086387657290191745995271\ - // 8360037209476002314439828532586355066457864392458454194946617950222723\ - // 2245309952839189635010671372908411609248348904807785904229403747495114\ - // 4366602558669320604723696296925021984231384299228757926352367299297802\ - // 9833305569825723096364550982696371728790220584262712101152604816309704\ - // 2046361575549171961352924692480000 - const COFACTOR: &'static [u64] = &[ - 0xf791c4a6c0000000, - 0x6f2920fb3d823ec, - 0x1d491f05951364e8, - 0x14d431154f3deeb0, - 0xb22ff5f7a2d737ff, - 0x7c9a2c218777f2a9, - 0xbfee11b09da07297, - 0x69d6d25c051da042, - 0xce73086230450ba5, - 0x20263932a197b6eb, - 0x24193d3622676e8d, - 0xfdf90b0a130158dc, - 0xf06212969fa553ca, - 0xaeab6a88d8766394, - 0xb367861ecb8a3fa, - 0xb59bf579e2771844, - 0xe655d99477c1a210, - 0x4d6ae2386a6cc1eb, - 0xe4add8dcc2b66488, - 0xa80fe42e26865a9f, - 0x51e513f8f3102a9c, - 0x2f48ca819e99ddc4, - 0xcb8078713bbf018b, - 0x320cc6a58, - ]; - - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger768([ - 0x82b3d2d2e7467187, - 0x30153d6ae73f0d65, - 0x6d3f936a7e253292, - 0xf30f5f7211e53371, - 0x14c41dc7045f7bbf, - 0xeb6421cf7999b27a, - 0xd6168bfe7bc42088, - 0x801a97b2485a7407, - 0xa2d037ce6f8ac1ba, - 0xe44d9966a694b385, - 0x5fe7a77550c0744, - 0x561283152c84, - ])); - - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G2_GENERATOR_X, G2_GENERATOR_Y); - - #[inline(always)] - fn mul_by_a(elt: &Fq3) -> Fq3 { - field_new!(Fq3, - MUL_BY_A_C0 * &elt.c1, - MUL_BY_A_C1 * &elt.c2, - MUL_BY_A_C2 * &elt.c0, - ) - } -} - -const G2_GENERATOR_X: Fq3 = field_new!(Fq3, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1, G2_GENERATOR_X_C2); -const G2_GENERATOR_Y: Fq3 = field_new!(Fq3, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1, G2_GENERATOR_Y_C2); - -//x = (c0+c1*X+c2*X^2) -//c0 = 2732253602648953344624478630481134389854426309287260381813146560359006\ -// 9331973821612500698419261543669511220572659263550447471303048489049051\ -// 0199526827215693926133219026957321065299814211748351335415031844412028\ -// 76663016315008842 -pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger768([ - 0xb14220caee543428, - 0x27dfb31106118698, - 0xde083979f2c359b2, - 0x493c3c21ffed0366, - 0xaa1fd9a4bdef1668, - 0xa4f32415b8a2189b, - 0x5873d597e56f0487, - 0xbd9bd46c566d4cbe, - 0xa5fcdf7a6d8b7968, - 0xd24255ae7c04a7a8, - 0x839241c93cbf7d91, - 0x177aea09a1f71, -])); - -//c1 =1181106931131503085690366763836940511180736285711740464850533427694771\ -// 0547709416531216094540762109517640068062650426528027736329034221306378\ -// 4704411926079800040157735138640440275298654541328833914319314957611177\ -// 10425066733945507 -pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger768([ - 0x916a4eb2ff7ac11a, - 0xd59ca6e9dffed6c8, - 0xf463969df64afb05, - 0xc8de70c9e75e12f3, - 0xe8838252779fbebc, - 0x2c3805c4b887fa30, - 0x6321b4d7f6512133, - 0xc74832a3a2b1a75, - 0x33024814010fd425, - 0x3d785c23326c726e, - 0xff8c958e1472e4d4, - 0x12d3bb942a644, -])); -//c2=2072009258868471909498101026210342951333368232589259029493920657374961\ -// 7849064148058495962094794216409435232211472051045206157033325475923554\ -// 5726791961163284956406588268004593064701738154999494780702218837760970\ -// 12158779213571872 -pub const G2_GENERATOR_X_C2: Fq = field_new!(Fq, BigInteger768([ - 0x473e9cc2ebb3c488, - 0x955e55ac1effae7b, - 0x785a588edec7b65c, - 0xfaf7bf5b149435ca, - 0x4112d188ed29cc72, - 0x6607f68a31749df7, - 0xc744c72e17ea89f7, - 0x8d19280ce3a41005, - 0x2b44333f83f00014, - 0x828f5add25a4697c, - 0x64905525c33a28f7, - 0x1a644a7fb0fe1, -])); - -// y=(c0+c1*X+c2*X^2), -// c0= 3675083916087348237537272566358235394828303844155764677417196794414698\ -// 9212871351541402341009564109262923094099153705770713810057315573694484\ -// 3243933908018023320642085793354280161221517971506517093127968193996295\ -// 70246805263033047 -pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger768([ - 0x9dd7d7268df8be4, - 0x8142929aa5af8f49, - 0x41884f71348f2e2c, - 0x3d2ec3bfaa8d2c0f, - 0x9197d518a1a16822, - 0xb759e35cd6a47d7a, - 0xc215ea37ee10430e, - 0x62b00daf959607d9, - 0x2320552a153d9fb, - 0x6a9c98ccd49629dd, - 0x83fb773b722c8741, - 0x134292ce7239d, -])); - -//c1=4187500413845270455835114666635826435705978338361515646388539006146324\ -// 5031112448152690587129789664478245418431396915082371831839858269092815\ -// 6150736735923269604818859382709070274296916063179228611706154446579968\ -// 43729471305066570 -pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger768([ - 0x971f000db290cad4, - 0x54485e1f10822cb3, - 0xdede563eb3616cf2, - 0xce60d691c186e88d, - 0xd25626fd52245537, - 0xb02e427951c10205, - 0x6ccda659fa4011f7, - 0x421c4650aaeb6429, - 0xaaa316ace9544f20, - 0x4e530f5145092c2, - 0x92d87301ea3e5087, - 0xb989fe6211f4, -])); - -//c2=1480880980850038616394480865805449917263018933921919810289866212578908\ -// 4134582860162155537192438481733282164671123168074524187714053031896947\ -// 9479666622406589245651386078140025496048140159603114059748077651375749\ -// 88247051237595042 -pub const G2_GENERATOR_Y_C2: Fq = field_new!(Fq, BigInteger768([ - 0x9c4ffabe9bc7f7fb, - 0xe24d41dcb9b8a769, - 0x72da29e127bdbbfa, - 0xa70166e62d3f62ee, - 0x4ad77155a7a8a919, - 0x3f754350edd16427, - 0x9a979eb00ec43d1, - 0x9a066daaf13ec37f, - 0x4c04e5ed641bbf23, - 0x9ecb892f7c87f342, - 0x8e6a2dc9d5072c95, - 0x1048083573eb, -])); \ No newline at end of file diff --git a/algebra/src/curves/mnt6753/mod.rs b/algebra/src/curves/mnt6753/mod.rs deleted file mode 100644 index 6db2cce09..000000000 --- a/algebra/src/curves/mnt6753/mod.rs +++ /dev/null @@ -1,114 +0,0 @@ -use crate::field_new; -use crate::{ - fields::{ - mnt6753::{ - fq::{Fq, FqParameters}, - fq3::Fq3Parameters, fq6::Fq6Parameters, - Fq3, - Fr, - }, - FpParameters, - }, - BigInteger768 as BigInteger -}; -use crate::curves::models::mnt6::{MNT6Parameters, MNT6p, - G1Affine as MNT6G1Affine, G1Projective as MNT6G1Projective, - G2Affine as MNT6G2Affine, G2Projective as MNT6G2Projective, -}; -use self::{g1::MNT6G1Parameters, g2::MNT6G2Parameters}; - -pub mod g1; -pub mod g2; -#[cfg(test)] -mod tests; - -pub struct MNT6_753Parameters; - -impl MNT6Parameters for MNT6_753Parameters { - /// The Frobenius trace of the MNT6 curve is - /// t = 204691208819330962009469868104636132783269696790011977400223898462431810102935615891307667367766898917669754470401 - /// Our Ate pairing Miller loop count is the absolute value of the Frobenius trace minus 1 - const ATE_LOOP_COUNT: &'static [u64] = &[ - 0x7a7713041ba18000, - 0x6b0344c4e2c428b0, - 0x733b714aa43c31a6, - 0x51852c8cbe26e600, - 0x86dcbcee5dcda7fe, - 0x15474b1d641a3fd, - ]; - - //Output of find_wnaf(ate_loop_count), already trimmed of leading zeros and MSB - //starting with least significant bit - const WNAF: &'static [i32] = &[ - 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1,0,1,0,0,0,1,0,-1,0,0,-1,0,0,1,0,0,0,0,1,0,0,0,0,0,-1,0,1,0, - 1,0,0,0,-1,0,0,-1,0,0,0,1,0,1,0,-1,0,0,0,1,0,0,0,0,-1,0,-1,0,1,0,0,1,0,1,0,0,0,0,1,0,0,0,-1, - 0,-1,0,1,0,0,-1,0,0,1,0,1,0,0,0,-1,0,1,0,1,0,0,0,1,0,-1,0,1,0,0,0,0,0,-1,0,-1,0,-1,0,0,1,0, - -1,0,1,0,1,0,-1,0,1,0,0,-1,0,1,0,0,0,-1,0,0,0,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,0,0,0,-1 - ,0,0,-1,0,0,-1,0,0,0,1,0,-1,0,1,0,-1,0,0,1,0,0,0,0,0,0,0,0,0,-1,0,1,0,-1,0,0,-1,0,0,1,0,1,0, - 0,0,-1,0,0,0,0,-1,0,1,0,-1,0,1,0,0,1,0,0,-1,0,-1,0,1,0,1,0,1,0,0,0,0,-1,0,1,0,0,1,0,1,0,0, - -1,0,0,0,0,0,0,0,0,0,1,0,1,0,-1,0,-1,0,0,1,0,-1,0,0,-1,0,0,0,-1,0,1,0,-1,0,0,-1,0,0,0,1,0, - -1,0,0,0,-1,0,1,0,-1,0,0,-1,0,0,-1,0,0,1,0,0,0,-1,0,-1,0,0,0,0,0,0,0,0,1,0,0,1,0,-1,0,1,0,0, - 0,0,1,0,0,-1,0,-1,0,-1,0,0,0,1,0,0,-1,0,-1,0,1,0,1,0,-1,0,0,1,0,0,1,0,1,0,1,0 - ]; - // Frobenius trace of this curve is non-negative - const ATE_IS_LOOP_COUNT_NEG: bool = false; - - const TWIST: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO); - - // I would do the hard coded definition inside G2, and just refer to from here. - const TWIST_COEFF_A: Fq3 = field_new!(Fq3, - FQ_ZERO, - FQ_ZERO, - field_new!(Fq, BigInteger([ // = COEFF_A - 0x4768931cfff9c7d4, - 0xc45e46d6ada96ca0, - 0x479b0bdb0b3c0107, - 0x362a089610f8d41b, - 0xdbafcec2c8a91aaf, - 0x78428b0ff9d96a06, - 0xf2e4472a9080c353, - 0xc9006ed33f0e971c, - 0x0794d9d10bdb7288, - 0x3c1e44cab5419e2c, - 0x49b5fc6c81f4560c, - 0x1c287777c30ba, - ])), - ); - - // m_1 = 1 - const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger = BigInteger([0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]); - // m_0 = 691208819330962009469868104636132783269696790011977400223898462431810102935615891307667367766898917669754470400 - const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger = - BigInteger([ - 0x7a7713041ba18000, - 0x6b0344c4e2c428b0, - 0x733b714aa43c31a6, - 0x51852c8cbe26e600, - 0x86dcbcee5dcda7fe, - 0x15474b1d641a3fd, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - ]); - // m_0 is positive - const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = false; - - type Fp = Fq; - type Fr = Fr; - type Fp3Params = Fq3Parameters; - type Fp6Params = Fq6Parameters; - type G1Parameters = MNT6G1Parameters; - type G2Parameters = MNT6G2Parameters; -} - -pub type MNT6 = MNT6p; -pub type G1Affine = MNT6G1Affine; -pub type G1Projective = MNT6G1Projective; -pub type G2Affine = MNT6G2Affine; -pub type G2Projective = MNT6G2Projective; - -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])); -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); \ No newline at end of file diff --git a/algebra/src/curves/mnt6753/tests.rs b/algebra/src/curves/mnt6753/tests.rs deleted file mode 100644 index 38ebcaa3b..000000000 --- a/algebra/src/curves/mnt6753/tests.rs +++ /dev/null @@ -1,2330 +0,0 @@ -use crate::{curves::{ - mnt6753::{ - G1Affine, G1Projective, G2Affine, G2Projective, MNT6, - g1::MNT6G1Parameters, g2::MNT6G2Parameters, - }, - tests::curve_tests, - AffineCurve, PairingEngine, -}, biginteger::BigInteger768, fields::mnt6753::{fq::Fq, fq3::Fq3, fq6::Fq6, fr::Fr}, groups::tests::group_test, ProjectiveCurve, Field, PrimeField, ToBits, FromCompressedBits, SemanticallyValid}; -use rand; -use std::ops::AddAssign; -use crate::groups::tests::{compression_test, gt_compression_test}; -use crate::curves::tests::sw_projective_tests; - -#[test] -fn test_g1_projective_curve() { - curve_tests::(); - sw_projective_tests::() -} - -#[test] -fn test_g1_projective_group() { - let a: G1Projective = rand::random(); - let b: G1Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g1_generator() { - let generator = G1Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_g1_is_valid(){ - - // Reject point with invalid x coordinate - let p = G1Affine::new( - Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - Fq::from_repr(BigInteger768([ - 0xc03f5776ce4155bc, - 0xb4b0cf1d9252b514, - 0x7c2629e81dcd39e2, - 0xef22cae93288b67c, - 0x5aaa737d25df88ec, - 0x90393751da027702, - 0x847a554768d83571, - 0xa1fb40101e14e34f, - 0xb1013cd2a638f0ec, - 0xbe2ef9be6fda5327, - 0x77f96b2643dac6ab, - 0xdbc437613c91, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.x.is_valid()); - - // Reject point with invalid y coordinate - let p = G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x3cd03c6b6ec25d1, - 0x78edb4f6cd87a09d, - 0x340771e0ebe09dec, - 0xcd0482046a4edc0c, - 0x29b6b88c6a0f1173, - 0x163475c53aa2d18, - 0x970825199438fc2, - 0xeba100200da78dad, - 0x98ee8998a2d53c82, - 0x1cb6fcd41a949b5d, - 0x7525d2225c811bcb, - 0x7856001a46ed, - ])), - Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - false, - ); - assert!(!p.is_valid()); - assert!(!p.y.is_valid()); - - //Reject point not belonging to curve - let p = G1Affine::new( - Fq::zero(), - Fq::zero(), - false, - ); - assert!(!p.is_valid()); - assert!(!p.is_on_curve()); - - // Accept valid point - let p: G1Projective = rand::random(); - let p_affine = p.into_affine(); - assert!(p_affine.is_valid()); - -} - -#[test] -fn test_g1_compression_decompression() { - let even = G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x3cd03c6b6ec25d1, - 0x78edb4f6cd87a09d, - 0x340771e0ebe09dec, - 0xcd0482046a4edc0c, - 0x29b6b88c6a0f1173, - 0x163475c53aa2d18, - 0x970825199438fc2, - 0xeba100200da78dad, - 0x98ee8998a2d53c82, - 0x1cb6fcd41a949b5d, - 0x7525d2225c811bcb, - 0x7856001a46ed, - ])), - Fq::from_repr(BigInteger768([ - 0xc03f5776ce4155bc, - 0xb4b0cf1d9252b514, - 0x7c2629e81dcd39e2, - 0xef22cae93288b67c, - 0x5aaa737d25df88ec, - 0x90393751da027702, - 0x847a554768d83571, - 0xa1fb40101e14e34f, - 0xb1013cd2a638f0ec, - 0xbe2ef9be6fda5327, - 0x77f96b2643dac6ab, - 0xdbc437613c91, - ])), - false, - ); - - let odd = G1Affine::new( - Fq::from_repr(BigInteger768([ - 0xb8d38bbe9c25c105, - 0xbc1448b8eb87395e, - 0x35b9e895016002ab, - 0x20e890ebd368b285, - 0x55b73014d2826472, - 0xcb3843058895d18b, - 0xc3542107bb06fbd6, - 0xa080b3b51ba782fd, - 0x6b4a0acf60176132, - 0xe5c3d1f17d7df3e7, - 0x2c141ea3abfac478, - 0xb7c24c40e1f8, - ])), - Fq::from_repr(BigInteger768([ - 0xf49a4edf87e92ceb, - 0xc47c9db5baea2cc7, - 0x3fb4c0d5856bd262, - 0xe0a9e1bb5d566302, - 0xc1be7e4f66e4ca3, - 0xc1ec3045de88b8aa, - 0xd18243791d59a9d8, - 0x6a6c3fcb2d20d203, - 0xde2179f539134fc0, - 0x76465dddb7fddc50, - 0xc824c064e445e4b6, - 0x131cee77c1144, - ])), - false, - ); - - compression_test::(even, odd); - - //Test correct compression/decompression of a point with x = 0 coordinate - let mut zero_bits = Fq::zero().write_bits(); - zero_bits.push(false); //Set infinity - zero_bits.push(true); //Set parity - assert!(G1Affine::decompress(zero_bits.clone()).is_ok()); - - zero_bits.pop(); - zero_bits.push(false); //Change parity - assert!(G1Affine::decompress(zero_bits.clone()).is_ok()); - -} - -#[test] -fn test_g2_projective_curve() { - curve_tests::(); - sw_projective_tests::() -} - -#[test] -fn test_g2_projective_group() { - let a: G2Projective = rand::random(); - let b: G2Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g2_generator() { - let generator = G2Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_g2_is_valid(){ - - // Reject point with invalid x coordinate - let p = G2Affine::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x8df82d68842385ac, - 0x37579c297222f91c, - 0xbb8447bbbac83b9c, - 0x333990292e09f2b3, - 0xa50666391692667f, - 0xc0684b96157a09e6, - 0xe3655e4e8f0116d, - 0xae180f3de5147719, - 0xf260be4b66cb35a, - 0x6b1062c650fc987a, - 0x874902f907d249f1, - 0xfbd19e58bd5c, - ])), - Fq::from_repr(BigInteger768([ - 0x7e19aac94d329689, - 0x6edf35ffcf482984, - 0x4e1d6b2c48310480, - 0x78abbe97910a4d54, - 0x491846f7c70a2fcb, - 0xa1bcc5f513ab06b7, - 0xa8a2900e4d33ddba, - 0x59997c489cbec1c0, - 0xb0f858ae58edd1c6, - 0xc9cd0bc8b2e8f57, - 0x518150950f79807e, - 0x134ae7a9cfd14, - ])), - Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x3bb60e37a7e4648a, - 0xd8315f8f6fc4c48b, - 0x2845b1a566733b96, - 0xd8c95f80d637a86d, - 0x2b6012600e691dd0, - 0x6925d17380cb7049, - 0x457291de5e007f36, - 0xd41fdf4009bdbb05, - 0xdbcad4356382f6e5, - 0xcb862f3d902d656b, - 0x6e77292af4392156, - 0x17179a9754ff1, - ])), - Fq::from_repr(BigInteger768([ - 0x3a0a4e30be761d89, - 0x1ffd3cfcf20d5b8b, - 0xec43d2c927a16e8b, - 0x1847fd9a5d1356bc, - 0xcf314a2dfb982043, - 0x69b3036a75415d83, - 0x573a207f6769ff1a, - 0xd5b39642a2c3ebe8, - 0x384b3135a8b2b464, - 0x315e3edc0c033890, - 0x507dc3434dbfc4f0, - 0x4fa4abae257c, - ])), - Fq::from_repr(BigInteger768([ - 0x32344c99f79cb25f, - 0xcf2c9fe9ad4a37b2, - 0xe0df8c8e3cd0d6c3, - 0xd49b7774247b4114, - 0x51228caa2b4eaf8, - 0xe9dfa21fcaaad99e, - 0xc2e5c5ea85e9f2bc, - 0x616aa95978969139, - 0xf06f6f3b8962cc1a, - 0xb427300687e48b9e, - 0x8c9536a159da5e0d, - 0x169f3c0718f96, - ])), - ), - false, - ); - assert!(!p.is_valid()); - assert!(!p.x.is_valid()); - - // Reject point with invalid y coordinate - let p = G2Affine::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x8df82d68842385ac, - 0x37579c297222f91c, - 0xbb8447bbbac83b9c, - 0x333990292e09f2b3, - 0xa50666391692667f, - 0xc0684b96157a09e6, - 0xe3655e4e8f0116d, - 0xae180f3de5147719, - 0xf260be4b66cb35a, - 0x6b1062c650fc987a, - 0x874902f907d249f1, - 0xfbd19e58bd5c, - ])), - Fq::from_repr(BigInteger768([ - 0x7e19aac94d329689, - 0x6edf35ffcf482984, - 0x4e1d6b2c48310480, - 0x78abbe97910a4d54, - 0x491846f7c70a2fcb, - 0xa1bcc5f513ab06b7, - 0xa8a2900e4d33ddba, - 0x59997c489cbec1c0, - 0xb0f858ae58edd1c6, - 0xc9cd0bc8b2e8f57, - 0x518150950f79807e, - 0x134ae7a9cfd14, - ])), - Fq::from_repr(BigInteger768([ - 0xdb0d6847d0f4c983, - 0x33ed5306b3ee875b, - 0x82239bcf5e133e55, - 0x110abba8428bf470, - 0x425fa26d73a4cbac, - 0xc17aa1adc1944004, - 0x757d07c7ac197be1, - 0xf03957021f43fbbf, - 0xd0585646c7c60be8, - 0xf8aa560f3ca80790, - 0x5138bd8654ea87de, - 0x1680ecf592b4f, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x3bb60e37a7e4648a, - 0xd8315f8f6fc4c48b, - 0x2845b1a566733b96, - 0xd8c95f80d637a86d, - 0x2b6012600e691dd0, - 0x6925d17380cb7049, - 0x457291de5e007f36, - 0xd41fdf4009bdbb05, - 0xdbcad4356382f6e5, - 0xcb862f3d902d656b, - 0x6e77292af4392156, - 0x17179a9754ff1, - ])), - Fq::from_repr(BigInteger768([ - 0x3a0a4e30be761d89, - 0x1ffd3cfcf20d5b8b, - 0xec43d2c927a16e8b, - 0x1847fd9a5d1356bc, - 0xcf314a2dfb982043, - 0x69b3036a75415d83, - 0x573a207f6769ff1a, - 0xd5b39642a2c3ebe8, - 0x384b3135a8b2b464, - 0x315e3edc0c033890, - 0x507dc3434dbfc4f0, - 0x4fa4abae257c, - ])), - Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])), - ), - false, - ); - assert!(!p.is_valid()); - assert!(!p.y.is_valid()); - - //Reject point not belonging to curve - let p = G2Affine::new( - Fq3::zero(), - Fq3::zero(), - false, - ); - assert!(!p.is_valid()); - assert!(!p.is_on_curve()); - - // Accept valid point - - let p: G2Projective = rand::random(); - let p_affine = p.into_affine(); - assert!(p_affine.is_valid()); - -} - -#[test] -fn test_g2_compression_decompression() { - let odd = G2Affine::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x8df82d68842385ac, - 0x37579c297222f91c, - 0xbb8447bbbac83b9c, - 0x333990292e09f2b3, - 0xa50666391692667f, - 0xc0684b96157a09e6, - 0xe3655e4e8f0116d, - 0xae180f3de5147719, - 0xf260be4b66cb35a, - 0x6b1062c650fc987a, - 0x874902f907d249f1, - 0xfbd19e58bd5c, - ])), - Fq::from_repr(BigInteger768([ - 0x7e19aac94d329689, - 0x6edf35ffcf482984, - 0x4e1d6b2c48310480, - 0x78abbe97910a4d54, - 0x491846f7c70a2fcb, - 0xa1bcc5f513ab06b7, - 0xa8a2900e4d33ddba, - 0x59997c489cbec1c0, - 0xb0f858ae58edd1c6, - 0xc9cd0bc8b2e8f57, - 0x518150950f79807e, - 0x134ae7a9cfd14, - ])), - Fq::from_repr(BigInteger768([ - 0xdb0d6847d0f4c983, - 0x33ed5306b3ee875b, - 0x82239bcf5e133e55, - 0x110abba8428bf470, - 0x425fa26d73a4cbac, - 0xc17aa1adc1944004, - 0x757d07c7ac197be1, - 0xf03957021f43fbbf, - 0xd0585646c7c60be8, - 0xf8aa560f3ca80790, - 0x5138bd8654ea87de, - 0x1680ecf592b4f, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x3bb60e37a7e4648a, - 0xd8315f8f6fc4c48b, - 0x2845b1a566733b96, - 0xd8c95f80d637a86d, - 0x2b6012600e691dd0, - 0x6925d17380cb7049, - 0x457291de5e007f36, - 0xd41fdf4009bdbb05, - 0xdbcad4356382f6e5, - 0xcb862f3d902d656b, - 0x6e77292af4392156, - 0x17179a9754ff1, - ])), - Fq::from_repr(BigInteger768([ - 0x3a0a4e30be761d89, - 0x1ffd3cfcf20d5b8b, - 0xec43d2c927a16e8b, - 0x1847fd9a5d1356bc, - 0xcf314a2dfb982043, - 0x69b3036a75415d83, - 0x573a207f6769ff1a, - 0xd5b39642a2c3ebe8, - 0x384b3135a8b2b464, - 0x315e3edc0c033890, - 0x507dc3434dbfc4f0, - 0x4fa4abae257c, - ])), - Fq::from_repr(BigInteger768([ - 0x32344c99f79cb25f, - 0xcf2c9fe9ad4a37b2, - 0xe0df8c8e3cd0d6c3, - 0xd49b7774247b4114, - 0x51228caa2b4eaf8, - 0xe9dfa21fcaaad99e, - 0xc2e5c5ea85e9f2bc, - 0x616aa95978969139, - 0xf06f6f3b8962cc1a, - 0xb427300687e48b9e, - 0x8c9536a159da5e0d, - 0x169f3c0718f96, - ])), - ), - false, - ); - - let even = G2Affine::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x88c9455df356eb06, - 0x49267cd59b9c7dbb, - 0x19614a5b3ac75d58, - 0x4b5e15974043d5bf, - 0x65fb985c04762298, - 0x4e78c456be749502, - 0xcc7d6765c60c08df, - 0xf4f69e1ce940f31a, - 0x59189e67daf734cd, - 0x92f745b3ee6ef8c6, - 0x1fee0bf10130f5c9, - 0x12404f1334b80, - ])), - Fq::from_repr(BigInteger768([ - 0xd1c5a95ac9fa2139, - 0xe00941bcf9ebc2a6, - 0x95ffaf98fe574a1a, - 0xadce768d118421b2, - 0x306ffb0728edb1b6, - 0x838bb7a2d353d4d9, - 0x3cc442503e54754, - 0xf0a6eb32342d4216, - 0x9d3a1ac0aa29c7d4, - 0x23822c38a73d4d9a, - 0xa662e71d30f4d23e, - 0x31c504304ac4, - ])), - Fq::from_repr(BigInteger768([ - 0xfbdb4fc39ead2376, - 0x16769a1eaebd65f, - 0xfd241d97f6601f93, - 0xaa1047903c66c17e, - 0xa8cbda274b85e692, - 0x3ec97ba755ecc75e, - 0x1720f4dab0249246, - 0xbda361da83f2444a, - 0x9fca54411e2baf58, - 0xe738620a96962a10, - 0xad8ba2ff829b4a4e, - 0x89287c09d16, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x180be83f74cdbc9c, - 0x63c39cfeb670e575, - 0x65c207acc3ace46b, - 0xd7b021385084ae6, - 0xa81fd034bb39cb30, - 0x6c69468ce3f2ecc7, - 0x27b23f150d4d6c26, - 0x2d7aa46a061ab417, - 0x53cdfd6aa0274780, - 0x1f2e7a221b3ab258, - 0xb15e4f82e3debfd, - 0xd1117779cca, - ])), - Fq::from_repr(BigInteger768([ - 0x5c93fc8e97faef76, - 0xf81be7e3afa565b5, - 0x2f2e1e9f0fe1485a, - 0x405e7c3fa4109122, - 0x66e7ba7bd3335952, - 0xc639304d6e16c7b2, - 0x67d320ee3572cbca, - 0x406e6d716a1196, - 0xedbc3212b8b21ead, - 0x6d06022b09f62bed, - 0x669d27caae64d629, - 0x8b9838d013ec, - ])), - Fq::from_repr(BigInteger768([ - 0x9406800e2003facc, - 0x6f627c493f6487eb, - 0x26c66f7481b99cc1, - 0x55621803eb7bba92, - 0x2b1e999396b357ea, - 0x4c405e64a12346ab, - 0xdf2ba882139bcf68, - 0xc8ffe4045a8e4c8e, - 0xb51304544c1b1ec3, - 0x12b0170cc31ea4f, - 0x3332de6896ecaa4e, - 0x164d1d901f819, - ])), - ), - false, - ); - compression_test::(even, odd); -} - -#[test] -fn test_bilinearity() { - let a = G1Projective::new( - Fq::from_repr(BigInteger768([ - 0x44cb89d53cf0cebb, - 0x7e51a3a8684bb228, - 0xeaafa2a6860f2fba, - 0x673182d55c5799ae, - 0x757d15e274f59a08, - 0x36eea65e87cacf3c, - 0x4295a6f7d5385150, - 0x54c89f24dd4d1d2a, - 0xa84db78018b02e50, - 0x3e620d5b2c6872fa, - 0x65b393e9e43c7c51, - 0x50a7bf6cf77f, - ])), - Fq::from_repr(BigInteger768([ - 0xaa1f9e2b4be0d1ad, - 0x458579717a37043b, - 0xda1d35153b470713, - 0x175154289303d42a, - 0xd18dce9b75867c3b, - 0xe15c86d7bd5b441f, - 0xd8df23c1b9d94522, - 0x1f315d78de56d451, - 0x320140f5565562b7, - 0x925f710b3a38f9bf, - 0x670ca1d776017d36, - 0x5197e8a59768, - ])), - Fq::from_repr(BigInteger768([ - 0xfeaa1a546ecc60f4, - 0x74c9ff1b87d9856e, - 0xfdc309ac6d154ca5, - 0x20384970a5bfe054, - 0xa8c5d9d771aa84ec, - 0xad3f7a4fd731501f, - 0x95a0691b052cb8e, - 0x181f547f89ada784, - 0x5b0c5110f593bdba, - 0xcfa9f5ae6dca09a4, - 0x2c33337c769a9528, - 0x120bb1dac4cb5, - ])), - ); - - let b = G2Projective::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xca0f4cc9895356b6, - 0x5a71355378b64e71, - 0xf30bfe522ffa77fe, - 0x9ecd6bb276562126, - 0x574fc9c5a4b767e4, - 0x232b47cc17e6508e, - 0x22295c5c1853dfe0, - 0x9f3e415c4a52b7ee, - 0xc89da20d1dd87af7, - 0x871156d78c9b63e9, - 0xe8427d011935e667, - 0x70d77d24ea1a, - ])), - Fq::from_repr(BigInteger768([ - 0xe10a63be4ce50dfb, - 0xd64b891b0f2e1c54, - 0x3fb53e373d3df377, - 0xf995549d9813c01d, - 0xb86ed6b9bdfc120, - 0xbf4cf6cf871b6923, - 0xbd61c286c3b25f06, - 0x8c85f06989c409c8, - 0x1de95d73b5f62ad4, - 0x70358f4d230064d9, - 0x16d457a347d44dba, - 0x137d36f35ca14, - ])), - Fq::from_repr(BigInteger768([ - 0xfd36f90d371cb2d9, - 0x995ce399801db8c0, - 0xc1e229b3b413ac45, - 0x446795cca839016a, - 0x957fa55bf892e7f7, - 0xb8d1f69bbc19ef72, - 0x104e8574e45ef400, - 0x75f77a64705fbe24, - 0x74a5239775d86179, - 0x9c6792c16f1ba58f, - 0x873c7197a839a600, - 0x1b12cd4278601, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x37d3207a0533192d, - 0xbe7caa1770c52335, - 0xba7d851be3128b2a, - 0x886910371f91a391, - 0x6079325975637505, - 0x6c76bf50f81a05c2, - 0x7a24ba99b4e3082b, - 0x97ef0d48bd492e2f, - 0x108ac409bd4fb2e1, - 0x7e9bd4c6549b47c5, - 0xa9efd4443ccdf059, - 0x2470e4b0ca7e, - ])), - Fq::from_repr(BigInteger768([ - 0x7dafbd40fcf052c4, - 0x91d5cacef71ef09b, - 0x31a27ec65716465b, - 0xa690c8b57779718, - 0x714377bf6d161d2c, - 0x8c81260a7fb59fb, - 0xa71297bf0a2196fe, - 0x3a9929bbdd6b9e03, - 0x8c96fd771e3a66e2, - 0x400903c2b53d5c7, - 0x5071706a1cf55a25, - 0x1aa93643c3add, - ])), - Fq::from_repr(BigInteger768([ - 0x61484f00a668a158, - 0x2ae1b990608a327f, - 0xe1d27a574273d534, - 0xc266cd46c1479e37, - 0x1fc1bbcb13fc9fbc, - 0x9e2504211cca36f8, - 0xea39ec399413762e, - 0xa5834aa4baaa3a35, - 0x4791c23d53a5fa0, - 0x9e5a33a5ea18f48f, - 0xb909e1becf6c4cdd, - 0x759cfa11f64d, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x78bb63bc749ef777, - 0x238a3388bb04820a, - 0x20bfaf55ead52a8, - 0x9d15d6a539c2b387, - 0x42aff87009883b81, - 0x202429d9da964904, - 0x32912681d0adb328, - 0xc803c429a2672a02, - 0x3aaa785eb48f0d21, - 0x5c7c0b7958dbb951, - 0x8efbdbe749859515, - 0x1a2fe0702e57a, - ])), - Fq::from_repr(BigInteger768([ - 0x912e383f0c0f65cf, - 0xbb9f8160a7eca401, - 0x7991db6d3abddd41, - 0x7ee4b47d635d07aa, - 0xd0424b7c0eb9e291, - 0xd0ccdb4c72d5d9d9, - 0xfb4b882042e764f2, - 0x343945306a41819a, - 0xa908506042853c39, - 0x2b47d41dcf80acdd, - 0x7eb9d44943ae07e2, - 0xa3c3cec3c34b, - ])), - Fq::from_repr(BigInteger768([ - 0x281f510811a45df1, - 0x7b17e85318e18e60, - 0x5d30c32e608ec707, - 0x8e471f3d001204ae, - 0x1a02b3ecaa2e4404, - 0xee44a80a613cc440, - 0xcd3a36919073fb09, - 0x7de94a95b8ca2dbb, - 0x62af97cc5fb78ac9, - 0xb47f9ed219dc6401, - 0x2ed168653ec16d78, - 0x36b35e829ce9, - ])), - ), - ); - - assert_eq!(MNT6::pairing(a, b).unwrap(), Fq6::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x4973db8f9e0c6a01, - 0x2e478b37756da90a, - 0x64f5334bcd538cc9, - 0xa980fcdcea14ce4d, - 0x2825a091b67134e7, - 0x466e80adf109b770, - 0xf72f0250d5c8ac64, - 0x3bd327df1ef1bdea, - 0x19fafede64f96b0d, - 0xe14026c6304fdb8b, - 0x64cbccd1fb225dc0, - 0xff6e18c2af9d, - ])), - Fq::from_repr(BigInteger768([ - 0xef8fbbcb5e4ee19a, - 0x947873abf6b92ee7, - 0x7db6525747ea40ac, - 0x61f798c8c520b790, - 0xf32bf6e5d3f6dc22, - 0xaca05c6de8435637, - 0x75275a187612410f, - 0x656e90b4f4fdba8f, - 0x74cf89d49c5e3acb, - 0x20e14c925e0c35fe, - 0xcf7d0a0947d1594f, - 0xa6ee211b76e7, - ])), - Fq::from_repr(BigInteger768([ - 0x4e6d5a9f15f097ec, - 0x5979bd4d8bdcab28, - 0x464952d692555f02, - 0xf22b6fbdf213bcba, - 0xdab41e46e10c5d68, - 0xadb11d499dd5fa7b, - 0x7e4c8202b7606ec0, - 0x4e5bcb0fad16246, - 0x3e4ca36174be1bc0, - 0xe98640a01d21b8f9, - 0x46354859fe867b0c, - 0x2e4a1f995379, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x91a052cebc704029, - 0x8244eb8da1145976, - 0x960b6ce1cc518c8c, - 0xafbec0740dee324d, - 0xa000406fcf0cd5c4, - 0xfbeb19adc5caa23b, - 0xa1f79c4ddacd257d, - 0x5256f6dc895daeda, - 0xc931c1fbf7434ae6, - 0xb815c355235d17bf, - 0xe5c1ef55ab557fa6, - 0xd150a454ca87, - ])), - Fq::from_repr(BigInteger768([ - 0x1397facfe0661e69, - 0x19fccd25f753fd5e, - 0xb388e0240e9b59f4, - 0xbe0eae789c1770f1, - 0x7f071181c09d7939, - 0x7c6ac3e3359ee780, - 0xda51382d9887bef3, - 0x4d053295a9cc44ac, - 0xa89134f10dd5ff1c, - 0xc9bc93dd1610afe2, - 0xe9092cf272ae3bd7, - 0xe752c1fb8be8, - ])), - Fq::from_repr(BigInteger768([ - 0xaa764bb93445f82f, - 0x3143d85e145bd12, - 0xc4966f31e8d61904, - 0x2645d68dea8e318, - 0x1ab50ff754496936, - 0x9903331506187746, - 0xacb063acdbe55f30, - 0xcc62af58875c3efc, - 0x7a3433785926382e, - 0xd0d941ef439f8a67, - 0x8f661437dbd0c371, - 0x10448bd9f714e, - ])), - ), - )); - - let a: G1Projective = rand::random(); - let b: G2Projective = rand::random(); - let s: Fr = rand::random(); - - let sa = a * &s; - let sb = b * &s; - - let ans1 = MNT6::pairing(sa, b).unwrap(); - let ans2 = MNT6::pairing(a, sb).unwrap(); - let ans3 = MNT6::pairing(a, b).unwrap().pow(s.into_repr()); - - assert_eq!(ans1, ans2); - assert_eq!(ans2, ans3); - - assert_ne!(ans1, Fq6::one()); - assert_ne!(ans2, Fq6::one()); - assert_ne!(ans3, Fq6::one()); - - assert_eq!(ans1.pow(Fr::characteristic()), Fq6::one()); - assert_eq!(ans2.pow(Fr::characteristic()), Fq6::one()); - assert_eq!(ans3.pow(Fr::characteristic()), Fq6::one()); -} - - -#[test] -fn test_gt_compression(){ - - let even = Fq6::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x18ac31ddad32b86f, - 0xbe5b1cce78d1514b, - 0xe30b8e054e9f0758, - 0xf25601c95542130d, - 0x4fa86bab8126d0bc, - 0xc8ac51508b5f90a, - 0x376378d638f60b88, - 0x177881c48ee2689, - 0x58f1d2ff9cc32158, - 0xdac7f2635a4db145, - 0x5f15f50799655639, - 0x15f72415a0506, - ])), - Fq::from_repr(BigInteger768([ - 0xdf1259266e7a2e3b, - 0xed4b68f04a18e207, - 0x6fe2577233bab144, - 0x90ab3e925c74d26, - 0xd12ec51fb93cc527, - 0x1733b8cd54d1e011, - 0x830203089d22ca0b, - 0xaca36dd733309622, - 0x67e9a430ff2b8d12, - 0xd3f30086e0f5564d, - 0x31192411f7b01f47, - 0x119f8084c2100, - ])), - Fq::from_repr(BigInteger768([ - 0x731337ab41c0e53c, - 0x4bf5e9207f80e938, - 0xce2c2c38bf35d9f1, - 0xc210685a134a721c, - 0x6fde636bd2ae48b1, - 0xc1f70c0edb12027, - 0x7d9b1bd2844379ab, - 0x436484f08f2bbbb, - 0x949ee5471f48c3a1, - 0xdb291fc1950b8180, - 0xb12dc8e5df2e65c1, - 0x1b81a5fa279f9, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xf378a7a7b93f708a, - 0x3068250263c0e387, - 0xa881318795d6dd7b, - 0x740166982b201920, - 0xfeeaf116da744de3, - 0xbf91f84da99b6f72, - 0x92caa263d5a615b0, - 0x8bac625bc5768e30, - 0xf69192a0d3dfa17e, - 0x545b8e79b94c3a51, - 0xbb4be4b655e9a4f3, - 0x27bae5116900, - ])), - Fq::from_repr(BigInteger768([ - 0xebad16cdaa416348, - 0x9de66658f9abef93, - 0x7d06b147e553606c, - 0xec69d95f70b3655f, - 0x37563204a92e9146, - 0x43924be1bba2fdbc, - 0x86f22b1665d7a469, - 0x787988c4eca04728, - 0xcc0cde80da21bd9f, - 0x6a78c660c097880b, - 0x772130363890d930, - 0xff24a1c2bd6, - ])), - Fq::from_repr(BigInteger768([ - 0xdba8a544b2f7c47b, - 0xefe104119bda1fbe, - 0x33d58e51e164af7d, - 0x760cdce59d5976be, - 0x38db4cbbda9c1c5b, - 0xca7fd6b7c0d6d002, - 0x93b629cedaf1c6c6, - 0x65fc1072b45df614, - 0x9c5e3e51d9a6c9bb, - 0x3fd54b1667e23890, - 0xda68a11f0718e4bc, - 0x162c0e42c4f80, - ])), - ), - ); - - let odd = Fq6::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xda79a8f83f567030, - 0x516d6f0aa624b82c, - 0x48895476a035c7b1, - 0xa458f8a8e471470b, - 0xd3d21516cc7ad7e2, - 0x604b064629fc30c1, - 0xb782eae0cd853ef4, - 0x9f37a380cc03ae78, - 0xf848dc936be1052e, - 0x19074fb53ac4064a, - 0x5e714b162be067ba, - 0x891380935d13, - ])), - Fq::from_repr(BigInteger768([ - 0x82765b59ec6faf5f, - 0xf09bdf92755cbab5, - 0x53564dc1c17192c4, - 0xa3fc150b9c7074c9, - 0xc0bc777de11ba4e8, - 0xf875f625b9b64900, - 0x5fc413addef59009, - 0x1e415b356b21adc8, - 0x12a9b64f03567b98, - 0xd58b85e176833e45, - 0xfe08a8acba1b3d60, - 0x5eeb745857f5, - ])), - Fq::from_repr(BigInteger768([ - 0x4a7fbcf85bf41f43, - 0x142eee4d142c5e8e, - 0x590a69c1fe6e63b9, - 0x5e6ec7835e88989c, - 0xedf18b027bc31608, - 0x7427e678829365ac, - 0xe2be3c3285193ad5, - 0x25eebbd73f61cf78, - 0x74a37ca12a5d9a08, - 0x40b2cd8345d4e075, - 0xd99545b090320fa9, - 0x172383e56a467, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xaace1775382c2cd2, - 0xdc503a02ecb37246, - 0x1ee78d15da32a313, - 0xa84b4a4547ee2fa3, - 0x31b452cf7cbc7cd6, - 0xfa2ccaf25be8991e, - 0xec5d4d5706d19426, - 0x9bf90c2d4a06c369, - 0xa2bfc96a51c1afbb, - 0x3e47e2dd52f5974, - 0xc64cc9f1e0fe071b, - 0x31a8abb0c3d4, - ])), - Fq::from_repr(BigInteger768([ - 0x7a0c9fa95abe6d33, - 0x9d94661714516163, - 0x9da57db69d11d81f, - 0x2d6d4bd2057cfe85, - 0x1c7dc040bf288f69, - 0x3c7c368d56a13519, - 0xf6c74f964124fdc0, - 0x250d7ca9906e2a91, - 0x84b81f0ff74b2e63, - 0xc7e84f72716d4fdd, - 0x9c133749c1b35313, - 0x10387bcfc22f5, - ])), - Fq::from_repr(BigInteger768([ - 0x35286dcbf4e0af11, - 0x7e87bf4c2ce6c95f, - 0x4620be1c490eb89e, - 0xc63d2f144d256bf7, - 0xf68c68bf98f29114, - 0x90a1c2c2cdc251fc, - 0x5adf0c22fc8a2a81, - 0xa0fe788f60ad4787, - 0x49f6936a2f25d2fb, - 0xbe5cb70a96249c05, - 0x1b73cac6e51733a3, - 0x14fe47d61b531, - ])), - ), - ); - - gt_compression_test::(even, odd); - -} - -#[test] -fn test_g1_addition_correctness() { - let mut p = G1Projective::new( - Fq::from_repr(BigInteger768([ - 0x74cd16dc1278d2e5, - 0x155a38dcb4a1d8ab, - 0x7162afcac539f6c6, - 0xf4a36afb9ec89077, - 0x8c8f83a89cd6504e, - 0x6b086d2058ce3ebe, - 0x922aced322b92eba, - 0xd30405d7ef7c0d0c, - 0x93d275dd3858da28, - 0x98b3cf0b734dacd7, - 0xe36898fae0b28b62, - 0x198b33fd53d9a, - ])), - Fq::from_repr(BigInteger768([ - 0x915b2561c17401bd, - 0xc7cbdb3028c8bc40, - 0xc6201ddda2b4df74, - 0x928c15f3e3d098f6, - 0xccb665d7d712fc5, - 0x6bf073e186de9eae, - 0xb3975cae8768dc4b, - 0xed8e62ba78b9a5ac, - 0x355ebc8ee9629986, - 0xc7a11bcf109d1094, - 0x8bf41c64ec8e56e7, - 0xa8b5d3b9be22, - ])), - Fq::from_repr(BigInteger768([ - 0x44466636c89ecdc0, - 0x457754cde5ee05ed, - 0x6cde11b62fb7f106, - 0x9e2654d04cf56fc2, - 0x2a0fd8f40c6e8ba4, - 0x7ae892d02e00750e, - 0x7c7e61b8be840ba9, - 0x40130535aeded1da, - 0xd9d4eec220199dbd, - 0x805008a8cb8a6c92, - 0xdbae11d3b374d0fb, - 0x1a388b228cf78, - ])), - ); - - p.add_assign(&G1Projective::new( - Fq::from_repr(BigInteger768([ - 0x682bbfc83478a2cf, - 0x15ce9dfe142665a7, - 0xf1f4170c46dabade, - 0x1f643d1ef8ef467, - 0x7f67c851e4546def, - 0xe3bd12196c7cdd37, - 0x655f6600803e9e92, - 0x56a7900f3aec385e, - 0xda5c308e83e49742, - 0xee4bbce6cf3c0a5d, - 0x2db08ab54032e671, - 0x1599ce55ea10a, - ])), - Fq::from_repr(BigInteger768([ - 0xa59905ad98a34028, - 0xe7900dbe0f37fb42, - 0x3f1d72edd9ac7285, - 0x4ef0aa4c42db61be, - 0x6dabf8008b4b0d39, - 0x3e006344fda452e0, - 0xec75e3654731d6e1, - 0xeb1b89e3cfda3f6f, - 0xdeaf07302369f077, - 0x9a41131e741ef51c, - 0x7aeafe29d511daeb, - 0xc0ccbe69a06, - ])), - Fq::from_repr(BigInteger768([ - 0xf55be8c2752dcf55, - 0xe1fd14eac8e5cf99, - 0x4b3bc0325c9acfe0, - 0xc83f959c187fcd72, - 0x3ca981ad51bb2af7, - 0xef2560adf77cc18d, - 0xb1ae5de76cb56de2, - 0x52d1d0e20446b89f, - 0x90a1116ff3e615a3, - 0x41e89da6e7d00d4c, - 0x389b2848eb2376cb, - 0x9f425c5726d3, - ])), - )); - - let p = G1Affine::from(p); - - assert_eq!( - p, - G1Affine::new( - Fq::from_repr(BigInteger768([ - 0xf40492cfbc948c2, - 0xf8722a2e7c82fdc7, - 0x5403f3895f3335fb, - 0xa67afc09b1a58bd5, - 0xef56150662db1087, - 0x5d22e7428c1313d1, - 0xdc3c3cecdd3e3c29, - 0xd62034d6f1a69e56, - 0xe42ca03d032998d0, - 0xb34165090279c69c, - 0xb8ede4b8815d8cd6, - 0x9bd9ea2bcbdd, - ])), - Fq::from_repr(BigInteger768([ - 0xc5a198c226745576, - 0x46732574fd5f1975, - 0xf1233308889f7fe6, - 0x6371bd7696561ec, - 0xb8a223ad94594fc2, - 0x9a77f49715d38658, - 0x6b92086852972827, - 0x79e6cc85a716a8ae, - 0x2d66012e875a95cc, - 0x1125bd274d3c0065, - 0x19214ef3131d3962, - 0xd5fb521864fc, - ])), - false, - ) - ); -} - -#[test] -fn test_g1_doubling_correctness() { - let mut p = G1Projective::new( - Fq::from_repr(BigInteger768([ - 0x3a93ea6748f7987b, - 0xe328ef650632c30, - 0x8a696681c7200035, - 0x9b4cf31e8ddb599a, - 0x5224868a08d68be8, - 0x111ec87e758908cb, - 0xf796719c43f502c2, - 0xe3b3f6caf88f9e98, - 0xbccb89afad0c2273, - 0x16355558bdc8e08a, - 0x12036bc1964996b6, - 0x178b698527d42, - ])), - Fq::from_repr(BigInteger768([ - 0x2c244db8c1d6a919, - 0x2e19bf0d59757d49, - 0xbbbab8ab80772c5a, - 0xb51af63ede1c0cd, - 0x9aae778b9898d308, - 0xf997441afaa69d20, - 0x81c8e294802e4b1c, - 0xec947ba17362adff, - 0xcb828c228963b675, - 0xb2d8f154275984df, - 0x1f27a21c2d31fe81, - 0x18f8935911ad6, - ])), - Fq::from_repr(BigInteger768([ - 0x4b8cbb1f978f97ed, - 0xd81513efbd50a824, - 0x2bfe080db4752907, - 0x82aed3d0a7bd4378, - 0x57cf4668c00980d8, - 0xcc76ae8523d63d17, - 0x6a93398572c3ba97, - 0x73a1b52c3dd91343, - 0xbb1f184615cff69d, - 0xf3aec1d1825c9fbf, - 0xd65801dfd4904c07, - 0xa68a307e5c1a, - ])), - ); - - p.double_in_place(); - - let p = G1Affine::from(p); - - assert_eq!( - p, - G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x1a063deb58259910, - 0x383543b69937a9f2, - 0xd1a244d98796ab8c, - 0x33ad012fcf91c3c7, - 0xbf0c235af07597e6, - 0xf841a64f6fc94ab9, - 0xee213134dee2207d, - 0x7c2401e621332b90, - 0x7933b297c783384b, - 0x933e679f9fabf659, - 0x4df83d8b84453fc, - 0x128dfb73076e5, - ])), - Fq::from_repr(BigInteger768([ - 0x38f37de4b342e481, - 0x1ddd995f61998b54, - 0x465facfd3c0b43c8, - 0x5a0472437546dd65, - 0xfe94db35bdb3efb, - 0x8b230826ca6eed99, - 0xdac96ef16315ca84, - 0x538d11eaebe44e0b, - 0xb088c279e6636a6a, - 0x55acc4298caf1af, - 0xb3d7e86834a2f03e, - 0x1388b4603c20a, - ])), - false, - ) - ); -} - -#[test] -fn test_g1_scalar_multiplication(){ - - let a = G1Affine::new( - Fq::from_repr(BigInteger768([ - 0x72b88f68dc11d3c2, - 0x7129d0e09ee9d3e2, - 0xb9ce32d3a7620558, - 0x5063ef2476ad672f, - 0x9ce5492597a81d4d, - 0x705ba56d6b2ea919, - 0x3add6cd95ac14517, - 0x8ac6d148f43941fe, - 0x932fe7ef4f668401, - 0x8f1a2c1e32a18f9e, - 0xaabbf64b65df3231, - 0xefc256a27831, - ])), - Fq::from_repr(BigInteger768([ - 0xc0e92e5cb097be88, - 0xacadb4d52625f385, - 0x5ef4ad4d0e8d826e, - 0xb4b5a2b9725c8951, - 0x51587371a7efece8, - 0x9f0816360152388d, - 0xe7e6cc50a00b3c25, - 0x3a548b8e3e5ad515, - 0xd97e38b50999669c, - 0xc58d48e75d4a0ad, - 0x46686d4ce0ac95b7, - 0x94c96320a821, - ])), - false - ); - - let scalar = Fr::from_repr(BigInteger768([ - 0x2048113fffc2df67, - 0xa87114570b53169b, - 0xc6970a1d1aff1ff0, - 0xfac736c1d3464a1b, - 0xbad3e7f6dd911fb1, - 0x8f6fa902997ba46a, - 0xe5fd3baf7f89860b, - 0x6075eb309c220ead, - 0xe002dcd6a945b3ae, - 0x7e2e9255bdd343b7, - 0xefcaf3c92c21b95b, - 0x41dbf8953d3f, - ])); - - - assert_eq!((a.mul(scalar)).into_affine(), - G1Affine::new( - Fq::from_repr(BigInteger768([ - 0xa69f6f3b4b896566, - 0x2ffb3a607a90885, - 0x49f92f17fa7f97f8, - 0xe046b541d930a716, - 0x6993f94d9013788c, - 0x2c70272247c490d0, - 0xd2a3753b2595d40d, - 0xdd5bea4924ed3021, - 0x5732fecdf688097f, - 0xc9dbfd651ad23de1, - 0x672d66e6f00ed4a1, - 0x92be1f538380, - ])), - Fq::from_repr(BigInteger768([ - 0xeb571917089203d6, - 0x8eb5a047296674a9, - 0x8e6beb782691f765, - 0x53535da732d949d4, - 0xd67d9d03d162c6bb, - 0x579309d137e2eb1f, - 0x4ff015cd97588158, - 0xddac7ace7e38692d, - 0x718c6ef1a19767f8, - 0xe242c8a178a4ed8d, - 0x57469e3c84742451, - 0x1b54ebf98990a, - ])), - false - ) - ); -} - -#[test] -fn test_g1_affine_projective_conversion() { - - let a = G1Projective::new( - Fq::from_repr(BigInteger768([ - 0x8787de3c97f90440, - 0xfb55f79e497ebd0f, - 0x825bf93b0a74be51, - 0x3f1bf94a410e44d7, - 0xee091d53ba6e0f17, - 0x74c196530e0c4920, - 0xea497e1bbf678b4e, - 0x82ac69bd4ff295fb, - 0xfca44436531d7f4e, - 0x2253c48087956354, - 0x7eea9631a7bdc979, - 0xb41fb5d7435e, - ])), - Fq::from_repr(BigInteger768([ - 0xd3517fa41cface32, - 0x48fdde207fe0781, - 0xde658f54c73da2af, - 0x4673c94817cc09d5, - 0x8edb5982288306d0, - 0x42bb35cf918580fd, - 0xad5ab9f1083042ad, - 0xe986ed52d8d749cb, - 0xac78cd89ff80dd86, - 0xeff61f4b93ca5c22, - 0x99493ede99313887, - 0xb4b4b1dedf0c, - ])), - Fq::from_repr(BigInteger768([ - 0x27b2ab042056c401, - 0x63a57e6e785a129d, - 0x754c682b0618ff78, - 0x782563a8c914271b, - 0x98dd8b15cee9aaf, - 0xa9204abe016ae066, - 0xf498e0e599050fc8, - 0xa7c7bccd9247bc62, - 0xe075dcf0d561710f, - 0x2038f7f59d3f3221, - 0x320753d1a593c036, - 0x36b51c6a3288, - ])), - ); - - let a_a = a.into_affine(); - assert_eq!(a_a, G1Affine::new( - Fq::from_repr(BigInteger768([ - 0xeed5a0a2eeed0d6e, - 0xd10e0f23a0015544, - 0xa9cd701b711a8cd6, - 0xe9ff46772ea6b4dd, - 0x43627948f5f3db53, - 0x60a618188f984bcd, - 0x93b59b8613f58256, - 0x80029a27200b574a, - 0xe6ec300b016a46b4, - 0x15ba5933dd5ef67f, - 0x34db9748360f7839, - 0x77a97c7c1bda, - ])), - Fq::from_repr(BigInteger768([ - 0xa49849bec0126bc9, - 0x14ca6d280ad3ffeb, - 0x24ec1fb3556606af, - 0xf143f8356a18aea7, - 0xa0ad66feb5509c89, - 0x16017b6db5fb0270, - 0x79acdd8c40b4a4b5, - 0xefd191a5a8b5edab, - 0x5f5772c11538c5, - 0xe617fdb412017225, - 0xc48e08711cf34f90, - 0xab3d7ca90f35, - ])), - false, - )); - - assert_eq!(a_a.into_projective(), a); -} - -#[test] -fn test_g2_addition_correctness() { - let mut p = G2Projective::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x56137b39ca3baa56, - 0x4e175aa64a816b1b, - 0x43ed6b11b6c24ae2, - 0x1705dc580518f1e0, - 0x11065f0eb0e9f3a3, - 0x7ebb4de367aae2f9, - 0x1f0daeeaafa50239, - 0xa1ea4776f5b9fec8, - 0x421c73837df79369, - 0xad5e7dddc84622d1, - 0xfe6bff8f6e765d9b, - 0xa059ca6fd913, - ])), - Fq::from_repr(BigInteger768([ - 0x8222b231da8226e7, - 0xef48723c32aaed65, - 0xfb4d639c55232f9f, - 0x85979276fa91a41b, - 0xa952af3fb4117312, - 0xb43a682e90015ce2, - 0xaa5160964563b39b, - 0xf85abe21b79d1ccd, - 0x7c726d60087dcaf0, - 0xb605e0bf214f0546, - 0x4eb0e0d1af6f42d8, - 0x742a1f09a424, - ])), - Fq::from_repr(BigInteger768([ - 0xe9193f6bc74a71fb, - 0x752db640eef11b33, - 0xafc82bf2971994e8, - 0xd396a76406e27cd0, - 0xddb4e60cb29487a3, - 0xfe78fb36dbd81345, - 0xbf5eeef63f16c83, - 0xacb50a53a0139200, - 0x9c7b026eeac16f7d, - 0xefa924fa0af2e067, - 0xeae103739c7a774a, - 0x10286f11c0e37, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x9efca51744ec95f6, - 0xce2ad499c315a0e4, - 0x85cf10ed7f27ae00, - 0x7e2fb8024566b4f, - 0x63f4c15ea6210e0a, - 0x135b769017f511bb, - 0xc10697d4dab452cf, - 0x5131c69ee7d949af, - 0xa73eab679aeae7ad, - 0xae481fcc2a460779, - 0x48648e1845166fc, - 0x18da7b539225f, - ])), - Fq::from_repr(BigInteger768([ - 0x8423d98c63df5bfb, - 0x2996fec9375c3b4c, - 0xc78d3d1d2c1170cf, - 0x321bdfd136fe4a61, - 0x2dd8b4df8154b566, - 0xb7dba21d040f4b55, - 0x101813cbecc124e2, - 0x47c1d3775809961d, - 0xfa738937858d01c2, - 0x8237ff3f772b92cc, - 0xa07bfffae050d905, - 0x70d4e3802f7c, - ])), - Fq::from_repr(BigInteger768([ - 0xa892d09cdd56cc4f, - 0xfd22abb5df4de495, - 0xcdc0655dbf94738c, - 0x1a25f804e73e1af8, - 0x303d6e340cb27a28, - 0xbbe199058cfe8f69, - 0xc7b54f0cbcfffd5b, - 0xd57cf2a7fe4ff048, - 0x748296fd1af4f8f3, - 0xd5565794175ef065, - 0xf22a317b0a2d8f72, - 0x1746e5451f11b, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x57badc8119db3c16, - 0xdf5dc30a6ead73ff, - 0x76ac1333ec7ca622, - 0x6f5016a67a7fdba9, - 0x66863174e9ac17b7, - 0xc4cfff8809bb5c0d, - 0xf83d68d9368628e1, - 0x5dccfbe1e0f6131b, - 0x693ab99d505173f1, - 0xaeefb5cc09d99915, - 0x84870d7dc93dd99a, - 0x18287c5840351, - ])), - Fq::from_repr(BigInteger768([ - 0x4bf035b2e7a28c41, - 0xc13e76b1e1e36f67, - 0xb37a47e61a2c237f, - 0xb4f840700d620bf7, - 0xd145a02775c29822, - 0xeb6b22852568d00b, - 0x6093cb1e767d740f, - 0x26227a1e920ee30d, - 0x643304287c7f44b, - 0xa9259221ca83a643, - 0x1c095c2ef3f99a13, - 0x11910b984af58, - ])), - Fq::from_repr(BigInteger768([ - 0xe3f6840613cd4e1c, - 0x89721b0b56ecd1a9, - 0x5b127782085cde39, - 0xc2136ce7149f4659, - 0xa821a5272d0c09b4, - 0x7d2704f3b36aacae, - 0x66391a17126b4a0c, - 0x7db12ad20e00888b, - 0xc63688993bc14345, - 0x20a77edce34ab2ca, - 0x4f221db70ba49935, - 0x192e3dbd61ab1, - ])), - ), - ); - - p.add_assign(&G2Projective::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x87863ba63bea72c3, - 0x301f24c22eb25b2f, - 0x655c8281915afb6, - 0xc47c966fcbb7db52, - 0xdc575c69687e9eed, - 0xa3e5795b4e7c250c, - 0x3e112c2fdfd8e340, - 0x74a6fbb8f663ff7, - 0xce47f3f8d454cb0, - 0x69b127abf29e1633, - 0x4c7e8fa7652bc991, - 0x1970dc821883d, - ])), - Fq::from_repr(BigInteger768([ - 0x95fa49aafdfd4387, - 0x382d7b8c16bae294, - 0x344921db0ccf8f7c, - 0xf8b1524b6636e881, - 0x98cd7764a0cefca8, - 0xe6828fb3e8201b8b, - 0x16e27a6a16e1bb2b, - 0x18f07a858db62506, - 0x483f6ae56ed0c07, - 0x67e8fab20c445e7d, - 0x3f1e78100b6c0982, - 0x77724fbde868, - ])), - Fq::from_repr(BigInteger768([ - 0xc9d7abeb69398180, - 0xa1ae85412d41caec, - 0x9b2e4aaa34e0328a, - 0xc27a88d15f92be18, - 0xd3d6cf48c076fc94, - 0x72816881f09d4bb6, - 0xbf6eef3e9874ae55, - 0x5c19e198010d8fc3, - 0x1fb14a9016da8d2a, - 0xac3385fd6116dbf3, - 0x37a04821c9a4d7cb, - 0x4941dcb96830, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x4b056a07a62f0d5e, - 0x8c462239f6da102e, - 0x483b3f91ffbb69c1, - 0x9f37442128120ef5, - 0x553f8d818f7ac1b0, - 0x658780ad849d7806, - 0x6fba4cb2b981ddd9, - 0x75dbbf19d9a33c81, - 0xaa8b3def948b3b14, - 0x6f4b61d89717664f, - 0x636d4d2f896909b9, - 0x13b0ac87fa18e, - ])), - Fq::from_repr(BigInteger768([ - 0x4b6995aee58e16fa, - 0xf9d3edd1132af029, - 0xe9c2c37b3f6faf43, - 0x932bec74d762de96, - 0x4ef739318975f2bb, - 0xef7e5ec88408551d, - 0xa4e5914ca671ae00, - 0x29d67af1a2206c57, - 0x18223036e6672b3f, - 0x9cbb5024df2f2952, - 0xcd6bb55e807dd909, - 0xece87353533e, - ])), - Fq::from_repr(BigInteger768([ - 0x2ba1521408d8f353, - 0x8714509e69a0ebc0, - 0xe341880ff720f681, - 0xeee75a395e4142cf, - 0x6c3cb88e6ac3b2c8, - 0x5bbe18dda8eff671, - 0x377fa52e7460d3d4, - 0x56663efc856db27d, - 0x1d9b169247f08fad, - 0xc26362a5b8aa24d, - 0x4eb32cb0380924b2, - 0x10bd00eddaf04, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x77251d37877143f7, - 0x1cd02dbe37de5d46, - 0x718a19dfbbeefdfc, - 0x61b0e6b5fa015ed1, - 0xb9c43ec9a538b3f3, - 0xa26f4bef388b5b22, - 0x7e72eef204f0cd5f, - 0x6f0560b81fce20b3, - 0x3e0594edff904b59, - 0xd6730d8bab21bf25, - 0xfa6285765f99e955, - 0xb0977f21c2ae, - ])), - Fq::from_repr(BigInteger768([ - 0xda63eac44e5015f9, - 0x6f4c27cb33273e56, - 0x4a429b8ad6b0a1db, - 0x127ec46b400d7c07, - 0xb314d64cd340267b, - 0x8a6eb9a6e4d8c2ef, - 0xa0cbe7b0d4aacf01, - 0xa44e4842f334a0e7, - 0x2f0cccb48756a1d1, - 0x1d6d6f87bb53c8ec, - 0x6e2ec2cb0fa7c47a, - 0xe617aac6b091, - ])), - Fq::from_repr(BigInteger768([ - 0x729c58e3f8d7bf46, - 0x19b41fc9a34d6a4b, - 0x570d9c67ea4dc0e9, - 0x80c1d4a76974ecb9, - 0xddbc6c455c6c9926, - 0x6daab77be12bff96, - 0x4adb0be62b4ea876, - 0xa02b63f7e770e3d7, - 0x88791ec7c8656be0, - 0xe7ef1dc8258d8f13, - 0x6e514c1b1e756d6b, - 0x2e0de242b6fd, - ])), - ), - )); - - let p = G2Affine::from(p); - - assert_eq!( - p, - G2Affine::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x72da42b16ed21b5, - 0x19cf95a1944ba199, - 0x2f2ef35977f4612f, - 0xa6726a9d7715720d, - 0x79ce35f04bd3d22a, - 0xacfa48485f98c45f, - 0xdcc7be3ac3086ab7, - 0xb7f8c1903c80cc65, - 0x45ef7c43e7bf0bc6, - 0x369df576c884a7d0, - 0xd55f95f56fc5b458, - 0x1936b58c2060a, - ])), - Fq::from_repr(BigInteger768([ - 0x56d1c3d314335ae, - 0x892f2640e9c523a9, - 0xb8f98e09aa4f187a, - 0x6dae73b4cbd791ac, - 0x8a93f4bcd21ab495, - 0x1d2d365143faf727, - 0x9c32e3949dc2a6f4, - 0xf72b53f119a2b2fd, - 0xb33a098dc9e8cb09, - 0xebbf6c603331bc89, - 0xb25216f9437c9b06, - 0x1b66fafc3d177, - ])), - Fq::from_repr(BigInteger768([ - 0xa9586414497d2bcf, - 0x79d532ec02ebf370, - 0xf2529e4e4c76e177, - 0x73a7ebc86c84b20e, - 0x25dcfd184b12f6e6, - 0xc847183685424711, - 0x669d2c5314f33983, - 0x5650db7ee1dc3c89, - 0xe633d4ea9dfc90e9, - 0x878e6e14abb5d677, - 0x9c78d0699f1d989, - 0x17b2dbc818c22, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xcced23ebafe5da2f, - 0x4b5e7a869f6fd391, - 0x7e80b5a845677da2, - 0x6142c907ac5aa6df, - 0x41a59ec52c30f77a, - 0x3f7506b4c2493219, - 0x95bb55d3c3e7ec87, - 0x82cd4321482fbc0e, - 0x585232bd450510e9, - 0x24c5a40ee13b8f54, - 0x2a76e1d7c3e717e0, - 0x85fd06c1e238, - ])), - Fq::from_repr(BigInteger768([ - 0x2474f29e22fc2cc8, - 0xaed5873b7cf54927, - 0x931bffcf40540924, - 0x6bdab65f570af4e1, - 0x64dbba9a1fb71802, - 0xa061718296b0ae16, - 0x365e09d1dba4189d, - 0xb834da127d42fcda, - 0x184278ed73195df5, - 0xd0ca1f94504615ee, - 0xf2b837b8435a5b14, - 0x24571737f8cf, - ])), - Fq::from_repr(BigInteger768([ - 0x2db90bcac593cd62, - 0x2229bed918d53817, - 0x78e7e563ec6edce8, - 0xa8666e7cd8aeef2e, - 0xe4cdc7ba2bc82094, - 0xa4defb4f3d4dfe7d, - 0xc952ccad822b2dc7, - 0x7aee0227acca18f8, - 0x8fe25b5fbed66fdf, - 0x351c9e37debbfe2a, - 0x987d2e0aaf7337ae, - 0x11f7551db14d4, - ])), - ), - false, - ) - ); -} - -#[test] -fn test_g2_doubling_correctness() { - let mut p = G2Projective::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x7afe33d9581ac612, - 0x3b268f3f5ca15ba0, - 0x9a1dcdd2085fbd87, - 0xaf30d12d461cc9de, - 0x81019caa6d7cdec8, - 0xa18a577f1ece49b3, - 0x19b9a3a5b155dd9, - 0x9a2b4b6a71057c0, - 0xd5d9136ee4cd338, - 0xc2250f3bceb91e90, - 0xf53f9b8034f443ae, - 0x15f4f4d546f0e, - ])), - Fq::from_repr(BigInteger768([ - 0xd5bbb40e1d42d978, - 0x30dde24b67f69204, - 0xf0f93c04bc826600, - 0xa8508ddc54bf0099, - 0x647f0bc6baf72f76, - 0x50f2e01975fb88d1, - 0x78f440535d7d4933, - 0xbebb4004e9bee0bb, - 0x31828cdf310ebd79, - 0xd3a0491c0171d440, - 0x98ea5571387b76ac, - 0x1464d36e83747, - ])), - Fq::from_repr(BigInteger768([ - 0x189fe2dcffb8f02f, - 0x133f51926365621, - 0xb17b7dfce86ca0b, - 0x135856cacdb04ae0, - 0xbf4d3961a67be656, - 0x1f5adbe45fcace2d, - 0xacca868c6335b0a5, - 0xf35031ee481b1484, - 0x33e4417949cfbdcc, - 0x7dc4a7523a1d58ca, - 0xc18e99e82854d4e8, - 0x478c0805f8f6, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x7d06d45904b4d189, - 0x337ab423aec2b700, - 0x73350955d364b1e6, - 0xc76ba597d1b2b296, - 0xe60ad65d2163cfa4, - 0x1c8f81ad1c18a9b3, - 0xa138d4547eb1ae27, - 0x808a5a826e268b90, - 0x6a2a2fc1c76b542, - 0x23b8f5cc380ec615, - 0xe3a822c99280d9a6, - 0x1341cdf7cb49f, - ])), - Fq::from_repr(BigInteger768([ - 0x85d37be6902ce66d, - 0x532f9ab02d35ee94, - 0x7b935a4919f632f0, - 0xec9b4311bde9a7f7, - 0xdfdf2d38069abf2c, - 0x50a960ad1bfee92d, - 0x6e802205eef2409b, - 0x1289ea7184837b86, - 0x109d7ac0d1c2824b, - 0x738215ef7a81abd3, - 0x4efd91632bee964d, - 0xe8e73d65776e, - ])), - Fq::from_repr(BigInteger768([ - 0x3ed24bd014a23862, - 0x2e1377d1970eb489, - 0x6fd4b852de87f3f6, - 0x97e95bc699904128, - 0x9472d3bdf91ecb0a, - 0xf0d4cfdbcec1c557, - 0x8bc8f4ce61da016b, - 0xe78142d8d22f029, - 0x344505a275cb212d, - 0x744552fcf8a5ba69, - 0x2ec189ba35e37137, - 0x117c24e8845ab, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x1feaac2dc9634757, - 0xc24edf5a193b4a14, - 0xa140a8e32516f595, - 0x4a1554f8b4fe7b27, - 0x5c2cff9d8721ca9b, - 0x1e1d40f932f2a73, - 0xb933994dc579696d, - 0xfacb4b38216bd0a8, - 0x5b5d77d5d3172073, - 0xfae1cc4ca6bad372, - 0x102bca76726133ff, - 0x124763fe07e8c, - ])), - Fq::from_repr(BigInteger768([ - 0xd7893b5ed1d3d3ee, - 0x665b7cd06c1c4ab, - 0xdd13f4f06796a91c, - 0xfd17a943fa771314, - 0x6101d82cd2aba4b8, - 0xd61fb9c0e0afdf1c, - 0xc31d17943aff8d11, - 0x4f4ca8cd62f3b64f, - 0x26025dd5d125483f, - 0x25a8d763d7e77a3a, - 0x8e574854bb3551f7, - 0xf606417c6e90, - ])), - Fq::from_repr(BigInteger768([ - 0x53b490fcfd62fd9c, - 0x1f8c0d5492b3889b, - 0x1897f9a3b4ef96e, - 0x3613a8121c42b956, - 0xb00635a0e1d582b1, - 0xe8f3552df325e79, - 0x343f100cbca33566, - 0xa717479aecd717, - 0x6f796b4bea4c3e4b, - 0xcbbbe4c9fae9252f, - 0xf604f47a62d6bbed, - 0x11f5a0052ab8d, - ])), - ), - ); - - p.double_in_place(); - - let p = G2Affine::from(p); - - assert_eq!( - p, - G2Affine::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xc42fccbc0ebd24e, - 0x6d62787fa9c49d68, - 0x74158ed70cc7ea2f, - 0x85bfaedfcd7079ba, - 0x44d75b4f3617df1a, - 0x6af3e27d7c66ddcf, - 0x761cef1b00bd15e8, - 0x92a10d76c9b8bb04, - 0x870d7614b448c619, - 0xdf11d2c479669c96, - 0xce570fed502bd378, - 0x1521406dcbdb1, - ])), - Fq::from_repr(BigInteger768([ - 0x1c6b9fa0ab40353d, - 0x3ae58b92b72d1b57, - 0x928a70b5c5aac718, - 0x534c846e80bf3665, - 0xd2fc2b8efa91bdb6, - 0xef6b5b763fc52b13, - 0xbc78dfc64c32adfd, - 0x4bca8998505aa365, - 0xf474c8f4ec4b5a57, - 0x61b6a5778ade5d32, - 0x3ececc75ffd000be, - 0xbe7ead6e2b6a, - ])), - Fq::from_repr(BigInteger768([ - 0xeb462784ce36d20, - 0x19afacb028edb474, - 0x7b63449b34bc1546, - 0x3a3192f34400a705, - 0x6c5205b699393a35, - 0xe84e35a9c81e33d4, - 0xe782722bae243c8a, - 0x6336b9ffb63333d, - 0xf7a8dab344df1bc2, - 0xd3f22b53b86f98bc, - 0x55c2259b3977c817, - 0x1177c4edc045e, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x679d27f0d14d23cc, - 0x72f06b4af5d1ae38, - 0xb71d244cbbce3153, - 0x69b918b26499443c, - 0xa751ce9d28a9c780, - 0xcdd5ed47544a203b, - 0xa03cbd3570c5d0fb, - 0x711d8d09d74a846c, - 0x9c7759b54b8e9621, - 0x2f6cf020aea0c6df, - 0x8b49561208464c5b, - 0xfe0f4a20fb24, - ])), - Fq::from_repr(BigInteger768([ - 0x114fdb086bf1d66d, - 0xbb6ebb6eae3a5399, - 0xc4d1b90a1f69275a, - 0xa02beacc7f7da147, - 0x6bdcc45f93b93bdd, - 0x2c93d518759bab56, - 0x7f87120c9250f290, - 0x79ef07dc5347cd12, - 0x9043ff4e1d54795b, - 0xfa771af5f9256ba4, - 0x94b428d0806ab9a3, - 0xccfd53d1f36a, - ])), - Fq::from_repr(BigInteger768([ - 0xa4dda82fb971e5f2, - 0x1d997e1b1fc2081a, - 0xc126799731c79522, - 0xe92e379f0f698fc0, - 0xf0676c22d4b46e19, - 0x360422ae07dfe5a1, - 0x1412adbb5a48f783, - 0xa485c3f2e8d765c4, - 0x6addc78671c92e1e, - 0x8020137d9f8c3c27, - 0x8a1e77734bbb942f, - 0xaf59db8c96cd, - ])), - ), - false, - ) - ); -} - -#[test] -fn test_g2_affine_projective_conversion() { - - let a = G2Projective::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x41da74b6053ef6b7, - 0xd2d8e66a97d6d70c, - 0x7ac76da0c57d242a, - 0x1d9994979ca6320c, - 0x5efaa7068db278e, - 0x69b7a027a94b9108, - 0xc4c418b25cc6eec4, - 0xc6c9c0462a4d19fa, - 0x13eb8645580a636d, - 0xe67b196f93af2efe, - 0x3f32311effb99d62, - 0xe19ac924921e, - ])), - Fq::from_repr(BigInteger768([ - 0x7bd707b87e0e6222, - 0xcdfab711016889ae, - 0x634f1fa69bdc4f18, - 0x3507a4d5a6dfd5e4, - 0xae02ba638117d237, - 0x5e5c63c1213d494c, - 0xafe728fee241bc51, - 0xaf9b3ddb385c369b, - 0xd4c7962e8bec7d01, - 0xa54484aa9f628d35, - 0x36c49e7a019dec56, - 0x649ebb4f5333, - ])), - Fq::from_repr(BigInteger768([ - 0xb7a546922fc19e28, - 0x6ada12bbed8ed05b, - 0xe16262c6dc7c3c11, - 0x396d30ea665ae084, - 0x93edaaa2cb3f00c5, - 0xc720b2f2c22b7687, - 0x2e3fb425356cfa7e, - 0x37f4c4de2f231b14, - 0xd7adad21893cf6f3, - 0x1fe165bd106320e6, - 0x247462136540f12a, - 0x5a38ebea92db, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x636589ed41345edd, - 0x5a0af3b90740340b, - 0xa3f3fb75c5e4658a, - 0x4fcf6da494e13f6e, - 0x8163bd5eb479c7d8, - 0x8af37fa2be2a5c2e, - 0xaa2fb7892bc86cc8, - 0x30485a615f090784, - 0x572462ac652d2ec4, - 0x16b1b0838c7f2dfa, - 0xc7c82b124d29523a, - 0xc7da75251aa1, - ])), - Fq::from_repr(BigInteger768([ - 0x962dcd61817dfd4a, - 0x1c25d6b360c1f469, - 0xddd1cd7de4f543fd, - 0xf759ff375d871cbc, - 0xc9b86b9eb0e5ee7b, - 0x6f5ea5194e34ad18, - 0x3a71767058bc090d, - 0x6bf80049c4df2cbc, - 0xecdfd40e0520dd23, - 0x3e96694f5e910f07, - 0x966e652c58da6a65, - 0x19a8d8200b537, - ])), - Fq::from_repr(BigInteger768([ - 0x14063f5aec0647c9, - 0x20cc135f9e10e87f, - 0xb76da867efb027bb, - 0x493f81882ecfb443, - 0x3676f338e99490bc, - 0x9116c97756658116, - 0xf3d9a565be6f2ed0, - 0xe22538518acb9972, - 0x297e33b59e7ef8b3, - 0x3d4318ac29bca429, - 0x6d6c7143fadc8936, - 0x127539501b00, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x82097d42bd51ef66, - 0xfd4e094113627162, - 0x9904b731c1295e5c, - 0xd5313acfbe8ed8da, - 0xe8ddede77f6811e1, - 0x4599037eb2ea8540, - 0xab814af32d579073, - 0x5412cda7259ad5b7, - 0x303aea9509ee9fde, - 0xbe2cf5ae8ace7169, - 0xa2524a26b1b23670, - 0xab4c0f1bb6c3, - ])), - Fq::from_repr(BigInteger768([ - 0xaf9e5ec686a89b2, - 0xdbb9b911cae18cf6, - 0x6d36515a9cb6df09, - 0xf01d546cbb00a4a4, - 0xc2fdb6026e919b9d, - 0x55a2a96991b7bde8, - 0x8d508b496a2568b, - 0xf2fdc71a935caf9a, - 0xd829d521f3e24f9d, - 0x50b601c1c50ec227, - 0x430ab40c9b76faee, - 0x14663e29c98ea, - ])), - Fq::from_repr(BigInteger768([ - 0xb5952e77b6134df1, - 0x9b51dd7361aa4ba5, - 0x4fd7f2636bb78b8d, - 0x7590912e38e12e5e, - 0xd84570d9476b8ed8, - 0xf30c8c4fecaea147, - 0xc75fed655656096, - 0x3b383b273e1990e3, - 0x382e7f2ba28b60da, - 0x84f723f168eaf40a, - 0x8255394604ca40ca, - 0x4f19f455187a, - ])), - ), - ); - - let a_a = a.into_affine(); - assert_eq!(a_a, G2Affine::new( - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xb489155cde461e70, - 0xd4fb0aa23bdee915, - 0x98a581a47b4966f5, - 0xad8deeb38229260f, - 0xe48a999e485599b5, - 0xb12fb18448b87286, - 0x3b664f193f8d15fc, - 0xddee53205b649f66, - 0x9d4b7d1bc72cf5bc, - 0xf9b0ba487e16d623, - 0x368732a518cd82b9, - 0xd396ab6cedc4, - ])), - Fq::from_repr(BigInteger768([ - 0xc090f5e604fd0c5d, - 0xa60929023cb4396e, - 0x6a36c13d14bca950, - 0xf193928a62537ad8, - 0x5dd422653a0ab7cf, - 0xfeb169cf1ac20c11, - 0x5028e997a66c4c6f, - 0x672f2b840a15ba5c, - 0xee196d6c275be00c, - 0xdd870928ef5ae447, - 0x237ecf9425954948, - 0x72ec91495c31, - ])), - Fq::from_repr(BigInteger768([ - 0x1b3cd2c07cfde588, - 0xf2bf2e55ef070a26, - 0xeeba31b5b21e2304, - 0x4a421ab6976aea8b, - 0xae1ead99e11944a, - 0xfd8c5279a8e81f7f, - 0x3ec0e0cc678f7305, - 0xa69cc9e2bba8167a, - 0xcd82059011ddf04e, - 0xeee99d47a09a4593, - 0xe15c3735be0d602e, - 0x194096f789dd1, - ])), - ), - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x1bb831bb71581013, - 0x1321eec3da1b5d46, - 0xe40687d26234d94, - 0x54c2753a84bbb000, - 0x881aa3b8009029e2, - 0xedb67e94eaf66d46, - 0xb90b6645ddfdbb0, - 0x90a3da91d292f192, - 0x6a26f0b35c5f4127, - 0xdbfe15c28bf71d7e, - 0x1f4547885a7b4235, - 0x1ae49be53f3be, - ])), - Fq::from_repr(BigInteger768([ - 0x6cd6b15339a2335, - 0xb73bc2ffca948e20, - 0x1f931f92eef44939, - 0x38d36c80c753f143, - 0x5ead901f39b982c9, - 0xc1f0f883d77d095c, - 0x22c4cd08073bad9, - 0x4be9b344c77cdeac, - 0xe82884569e2f9635, - 0xf4ce3b57da7d19a8, - 0xa25a6d5b197fd61e, - 0x3f2060253ae9, - ])), - Fq::from_repr(BigInteger768([ - 0x1b4fe8c3e6fcce8e, - 0x58ce396c473c8fd2, - 0x213f3665465425d8, - 0x68fb0af18b762781, - 0xba9202c133a484c1, - 0x549aaaf8d7e0a2b5, - 0x45a35501b854e77, - 0x816fa402bc80c4d0, - 0x35466ff2460a7d0f, - 0x5b39026cd7730aa7, - 0xcafe3fc6740e4da6, - 0xf3b25e7206d0, - ])), - ), - false - )); - assert_eq!(a_a.into_projective(), a); -} \ No newline at end of file diff --git a/algebra/src/curves/mod.rs b/algebra/src/curves/mod.rs index 4a7f92050..894cbb9cc 100644 --- a/algebra/src/curves/mod.rs +++ b/algebra/src/curves/mod.rs @@ -15,36 +15,6 @@ use serde::{Serialize, Deserialize}; pub mod models; -#[cfg(feature = "bls12_377")] -pub mod bls12_377; - -#[cfg(feature = "bls12_381")] -pub mod bls12_381; - -#[cfg(feature = "bn_382")] -pub mod bn_382; - -#[cfg(feature = "edwards_bls12")] -pub mod edwards_bls12; - -#[cfg(feature = "edwards_sw6")] -pub mod edwards_sw6; - -#[cfg(feature = "jubjub")] -pub mod jubjub; - -#[cfg(feature = "mnt4_753")] -pub mod mnt4753; - -#[cfg(feature = "mnt6_753")] -pub mod mnt6753; - -#[cfg(feature = "mnt6")] -pub mod mnt6; - -#[cfg(feature = "sw6")] -pub mod sw6; - #[cfg(feature = "tweedle")] pub mod tweedle; diff --git a/algebra/src/curves/models/bls12/g1.rs b/algebra/src/curves/models/bls12/g1.rs deleted file mode 100644 index a3913f0f4..000000000 --- a/algebra/src/curves/models/bls12/g1.rs +++ /dev/null @@ -1,56 +0,0 @@ -use crate::{bytes::ToBytes, curves::{ - bls12::Bls12Parameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - AffineCurve, -}, FromBytes}; -use std::io::{Result as IoResult, Write, Read}; -use std::io; -use serde::{Serialize, Deserialize}; - -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; - -#[derive(Derivative)] -#[derivative( - Clone(bound = "P: Bls12Parameters"), - Debug(bound = "P: Bls12Parameters"), - PartialEq(bound = "P: Bls12Parameters"), - Eq(bound = "P: Bls12Parameters") -)] -#[derive(Serialize, Deserialize)] -#[serde(bound(serialize = "P: Bls12Parameters"))] -#[serde(bound(deserialize = "P: Bls12Parameters"))] -#[serde(transparent)] -pub struct G1Prepared(pub G1Affine

); - -impl G1Prepared

{ - pub fn is_zero(&self) -> bool { - self.0.is_zero() - } -} - -impl From> for G1Prepared

{ - fn from(other: G1Affine

) -> Self { - G1Prepared(other) - } -} - -impl Default for G1Prepared

{ - fn default() -> Self { - G1Prepared(G1Affine::

::prime_subgroup_generator()) - } -} - -impl ToBytes for G1Prepared

{ - fn write(&self, writer: W) -> IoResult<()> { - self.0.write(writer) - } -} - -impl FromBytes for G1Prepared

{ - fn read(mut reader: R) -> IoResult { - let g1a = G1Affine::

::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(G1Prepared(g1a)) - } -} diff --git a/algebra/src/curves/models/bls12/g2.rs b/algebra/src/curves/models/bls12/g2.rs deleted file mode 100644 index 43f2d539b..000000000 --- a/algebra/src/curves/models/bls12/g2.rs +++ /dev/null @@ -1,170 +0,0 @@ -use crate::{bytes::ToBytes, curves::{ - bls12::{Bls12Parameters, TwistType}, - models::SWModelParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - AffineCurve, -}, fields::{BitIterator, Field, Fp2}, FromBytes}; -use std::io::{Result as IoResult, Write, Read, Error, ErrorKind}; -use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; -use serde::{Serialize, Deserialize}; - -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; - -#[derive(Derivative)] -#[derivative( - Clone(bound = "P: Bls12Parameters"), - Debug(bound = "P: Bls12Parameters"), - PartialEq(bound = "P: Bls12Parameters"), - Eq(bound = "P: Bls12Parameters") -)] -#[derive(Serialize, Deserialize)] -#[serde(bound(serialize = "P: Bls12Parameters"))] -#[serde(bound(deserialize = "P: Bls12Parameters"))] -pub struct G2Prepared { - // Stores the coefficients of the line evaluations as calculated in - // https://eprint.iacr.org/2013/722.pdf - pub ell_coeffs: Vec<(Fp2, Fp2, Fp2)>, - pub infinity: bool, -} - -#[derive(Derivative)] -#[derivative( - Clone(bound = "P: Bls12Parameters"), - Copy(bound = "P: Bls12Parameters"), - Debug(bound = "P: Bls12Parameters") -)] -struct G2HomProjective { - x: Fp2, - y: Fp2, - z: Fp2, -} - -impl Default for G2Prepared

{ - fn default() -> Self { - Self::from(G2Affine::

::prime_subgroup_generator()) - } -} - -impl ToBytes for G2Prepared

{ - fn write(&self, mut writer: W) -> IoResult<()> { - writer.write_u32::(self.ell_coeffs.len() as u32)?; - for coeff in &self.ell_coeffs { - coeff.0.write(&mut writer)?; - coeff.1.write(&mut writer)?; - coeff.2.write(&mut writer)?; - } - self.infinity.write(writer) - } -} - -impl FromBytes for G2Prepared

{ - fn read(mut reader: R) -> IoResult { - let ell_coeffs_len = reader.read_u32::()? as usize; - let mut ell_coeffs = vec![]; - for _ in 0..ell_coeffs_len { - let c0 = Fp2::::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - let c1 = Fp2::::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - let c2 = Fp2::::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - ell_coeffs.push((c0, c1, c2)); - } - let infinity = bool::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - Ok(G2Prepared{ell_coeffs, infinity}) - } -} - -impl G2Prepared

{ - pub fn is_zero(&self) -> bool { - self.infinity - } -} - -impl From> for G2Prepared

{ - fn from(q: G2Affine

) -> Self { - let two_inv = P::Fp::one().double().inverse().unwrap(); - if q.is_zero() { - return Self { - ell_coeffs: vec![], - infinity: true, - }; - } - - let mut ell_coeffs = vec![]; - let mut r = G2HomProjective { - x: q.x, - y: q.y, - z: Fp2::one(), - }; - - for i in BitIterator::new(P::X).skip(1) { - ell_coeffs.push(doubling_step::

(&mut r, &two_inv)); - - if i { - ell_coeffs.push(addition_step::

(&mut r, &q)); - } - } - - Self { - ell_coeffs, - infinity: false, - } - } -} - -fn doubling_step( - r: &mut G2HomProjective, - two_inv: &B::Fp, -) -> (Fp2, Fp2, Fp2) { - // Formula for line function when working with - // homogeneous projective coordinates. - - let mut a = r.x * &r.y; - a.mul_assign_by_basefield(two_inv); - let b = r.y.square(); - let c = r.z.square(); - let e = B::G2Parameters::COEFF_B * &(c.double() + &c); - let f = e.double() + &e; - let mut g = b + &f; - g.mul_assign_by_basefield(two_inv); - let h = (r.y + &r.z).square() - &(b + &c); - let i = e - &b; - let j = r.x.square(); - let e_square = e.square(); - - r.x = a * &(b - &f); - r.y = g.square() - &(e_square.double() + &e_square); - r.z = b * &h; - match B::TWIST_TYPE { - TwistType::M => (i, j.double() + &j, -h), - TwistType::D => (-h, j.double() + &j, i), - } -} - -fn addition_step( - r: &mut G2HomProjective, - q: &G2Affine, -) -> (Fp2, Fp2, Fp2) { - // Formula for line function when working with - // homogeneous projective coordinates. - let theta = r.y - &(q.y * &r.z); - let lambda = r.x - &(q.x * &r.z); - let c = theta.square(); - let d = lambda.square(); - let e = lambda * &d; - let f = r.z * &c; - let g = r.x * &d; - let h = e + &f - &g.double(); - r.x = lambda * &h; - r.y = theta * &(g - &h) - &(e * &r.y); - r.z *= &e; - let j = theta * &q.x - &(lambda * &q.y); - - match B::TWIST_TYPE { - TwistType::M => (j, -theta, lambda), - TwistType::D => (lambda, -theta, j), - } -} diff --git a/algebra/src/curves/models/bls12/mod.rs b/algebra/src/curves/models/bls12/mod.rs deleted file mode 100644 index 5fdf48af9..000000000 --- a/algebra/src/curves/models/bls12/mod.rs +++ /dev/null @@ -1,185 +0,0 @@ -use crate::{curves::{ - models::{ModelParameters, SWModelParameters}, PairingEngine -}, fields::{ - models::quadratic_extension::QuadExtParameters, - fp12_2over3over2::{Fp12, Fp12Parameters, Fp12ParamsWrapper}, - fp2::Fp2Parameters, - fp6_3over2::Fp6Parameters, - BitIterator, Field, Fp2, PrimeField, SquareRootField, -}, Error}; - -use std::marker::PhantomData; - -pub enum TwistType { - M, - D, -} - -pub trait Bls12Parameters: 'static { - const X: &'static [u64]; - const X_IS_NEGATIVE: bool; - const TWIST_TYPE: TwistType; - type Fp: PrimeField + SquareRootField + Into<::BigInt>; - type Fp2Params: Fp2Parameters; - type Fp6Params: Fp6Parameters; - type Fp12Params: Fp12Parameters; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< - BaseField = Fp2, - ScalarField = ::ScalarField, - >; -} - -pub mod g1; -pub mod g2; - -pub use self::{ - g1::{G1Affine, G1Prepared, G1Projective}, - g2::{G2Affine, G2Prepared, G2Projective}, -}; - -#[derive(Derivative)] -#[derivative(Copy, Clone, PartialEq, Eq, Debug, Hash)] -pub struct Bls12(PhantomData P>); - -impl Bls12

{ - // Evaluate the line function at point p. - fn ell( - f: &mut Fp12, - coeffs: &(Fp2, Fp2, Fp2), - p: &G1Affine

, - ) { - let mut c0 = coeffs.0; - let mut c1 = coeffs.1; - let mut c2 = coeffs.2; - - match P::TWIST_TYPE { - TwistType::M => { - c2.mul_assign_by_basefield(&p.y); - c1.mul_assign_by_basefield(&p.x); - f.mul_by_014(&c0, &c1, &c2); - }, - TwistType::D => { - c0.mul_assign_by_basefield(&p.y); - c1.mul_assign_by_basefield(&p.x); - f.mul_by_034(&c0, &c1, &c2); - }, - } - } - - fn exp_by_x(mut f: Fp12) -> Fp12 { - f = f.cyclotomic_exp(P::X); - if P::X_IS_NEGATIVE { - f.conjugate(); - } - f - } -} - -impl PairingEngine for Bls12

-{ - type Fr = ::ScalarField; - type G1Projective = G1Projective

; - type G1Affine = G1Affine

; - type G1Prepared = G1Prepared

; - type G2Projective = G2Projective

; - type G2Affine = G2Affine

; - type G2Prepared = G2Prepared

; - type Fq = P::Fp; - type Fqe = Fp2; - type Fqk = Fp12; - - fn miller_loop<'a, I>(i: I) -> Result - where - I: IntoIterator, - { - let mut pairs = vec![]; - for (p, q) in i { - if !p.is_zero() && !q.is_zero() { - pairs.push((p, q.ell_coeffs.iter())); - } - } - - let mut f = Self::Fqk::one(); - - for i in BitIterator::new(P::X).skip(1) { - f.square_in_place(); - - for &mut (p, ref mut coeffs) in &mut pairs { - Self::ell(&mut f, coeffs.next().unwrap(), &p.0); - } - - if i { - for &mut (p, ref mut coeffs) in &mut pairs { - Self::ell(&mut f, coeffs.next().unwrap(), &p.0); - } - } - } - - if P::X_IS_NEGATIVE { - f.conjugate(); - } - - Ok(f) - } - - fn final_exponentiation(f: &Self::Fqk) -> Result { - // Computing the final exponentation following - // https://eprint.iacr.org/2016/130.pdf. - // We don't use their "faster" formula because it is difficult to make - // it work for curves with odd `P::X`. - // Hence we implement the algorithm from Table 1 below. - - // f1 = r.conjugate() = f^(p^6) - let mut f1 = *f; - f1.conjugate(); - - match f.inverse() { - Some(mut f2) => { - // f2 = f^(-1); - // r = f^(p^6 - 1) - let mut r = f1 * &f2; - - // f2 = f^(p^6 - 1) - f2 = r; - // r = f^((p^6 - 1)(p^2)) - r.frobenius_map(2); - - // r = f^((p^6 - 1)(p^2) + (p^6 - 1)) - // r = f^((p^6 - 1)(p^2 + 1)) - r *= &f2; - - // Hard part of the final exponentation is below: - // From https://eprint.iacr.org/2016/130.pdf, Table 1 - let mut y0 = Fp12ParamsWrapper::::cyclotomic_square(&r); - y0.conjugate(); - - let mut y5 = Self::exp_by_x(r); - - let mut y1 = Fp12ParamsWrapper::::cyclotomic_square(&y5); - let mut y3 = y0 * &y5; - y0 = Self::exp_by_x(y3); - let y2 = Self::exp_by_x(y0); - let mut y4 = Self::exp_by_x(y2); - y4 *= &y1; - y1 = Self::exp_by_x(y4); - y3.conjugate(); - y1 *= &y3; - y1 *= &r; - y3 = r; - y3.conjugate(); - y0 *= &r; - y0.frobenius_map(3); - y4 *= &y3; - y4.frobenius_map(1); - y5 *= &y2; - y5.frobenius_map(2); - y5 *= &y0; - y5 *= &y4; - y5 *= &y1; - Ok(y5) - }, - None => Err(format!("f is zero"))?, - } - } -} diff --git a/algebra/src/curves/models/bn/g1.rs b/algebra/src/curves/models/bn/g1.rs deleted file mode 100644 index ad58c7331..000000000 --- a/algebra/src/curves/models/bn/g1.rs +++ /dev/null @@ -1,61 +0,0 @@ -use crate::{ - bytes::{ - ToBytes, FromBytes - }, - curves::{ - bn::BnParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - AffineCurve, - }, -}; - -use std::io::{Result as IoResult, Read, Write, Error, ErrorKind}; -use serde::{Serialize, Deserialize}; - -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; - -#[derive(Derivative)] -#[derivative( - Clone(bound = "P: BnParameters"), - Debug(bound = "P: BnParameters"), - PartialEq(bound = "P: BnParameters"), - Eq(bound = "P: BnParameters") -)] -#[derive(Serialize, Deserialize)] -#[serde(bound(serialize = "P: BnParameters"))] -#[serde(bound(deserialize = "P: BnParameters"))] -#[serde(transparent)] -pub struct G1Prepared(pub G1Affine

); - -impl G1Prepared

{ - pub fn is_zero(&self) -> bool { - self.0.is_zero() - } -} - -impl From> for G1Prepared

{ - fn from(other: G1Affine

) -> Self { - G1Prepared(other) - } -} - -impl Default for G1Prepared

{ - fn default() -> Self { - G1Prepared(G1Affine::

::prime_subgroup_generator()) - } -} - -impl ToBytes for G1Prepared

{ - fn write(&self, writer: W) -> IoResult<()> { - self.0.write(writer) - } -} - -impl FromBytes for G1Prepared

{ - fn read(mut reader: R) -> IoResult { - let g1a = G1Affine::

::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - Ok(G1Prepared(g1a)) - } -} diff --git a/algebra/src/curves/models/bn/g2.rs b/algebra/src/curves/models/bn/g2.rs deleted file mode 100644 index ff66b80cf..000000000 --- a/algebra/src/curves/models/bn/g2.rs +++ /dev/null @@ -1,210 +0,0 @@ -use crate::{ - bytes::{ - ToBytes, FromBytes, - }, - curves::{ - bn::{BnParameters, TwistType}, - models::SWModelParameters, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - AffineCurve, - }, - fields::{Field, Fp2}, -}; -use std::{io::{Result as IoResult, Write, Read, Error, ErrorKind}, ops::Neg}; -use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; -use serde::{Serialize, Deserialize}; - -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; - -#[derive(Derivative)] -#[derivative( - Clone(bound = "P: BnParameters"), - Debug(bound = "P: BnParameters"), - PartialEq(bound = "P: BnParameters"), - Eq(bound = "P: BnParameters") -)] -#[derive(Serialize, Deserialize)] -#[serde(bound(serialize = "P: BnParameters"))] -#[serde(bound(deserialize = "P: BnParameters"))] -pub struct G2Prepared { - // Stores the coefficients of the line evaluations as calculated in - // https://eprint.iacr.org/2013/722.pdf - pub ell_coeffs: Vec<(Fp2, Fp2, Fp2)>, - pub infinity: bool, -} - -#[derive(Derivative)] -#[derivative( - Clone(bound = "P: BnParameters"), - Copy(bound = "P: BnParameters"), - Debug(bound = "P: BnParameters") -)] -struct G2HomProjective { - x: Fp2, - y: Fp2, - z: Fp2, -} - -impl Default for G2Prepared

{ - fn default() -> Self { - Self::from(G2Affine::

::prime_subgroup_generator()) - } -} - -impl ToBytes for G2Prepared

{ - fn write(&self, mut writer: W) -> IoResult<()> { - writer.write_u32::(self.ell_coeffs.len() as u32)?; - for coeff in &self.ell_coeffs { - coeff.0.write(&mut writer)?; - coeff.1.write(&mut writer)?; - coeff.2.write(&mut writer)?; - } - self.infinity.write(writer) - } -} - -impl FromBytes for G2Prepared

{ - fn read(mut reader: R) -> IoResult { - let ell_coeffs_len = reader.read_u32::()? as usize; - let mut ell_coeffs = vec![]; - for _ in 0..ell_coeffs_len { - let c0 = Fp2::::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - let c1 = Fp2::::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - let c2 = Fp2::::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - ell_coeffs.push((c0, c1, c2)); - } - let infinity = bool::read(&mut reader) - .map_err(|e| Error::new(ErrorKind::InvalidData, e))?; - Ok(G2Prepared{ell_coeffs, infinity}) - } -} - -impl G2Prepared

{ - pub fn is_zero(&self) -> bool { - self.infinity - } -} - -impl From> for G2Prepared

{ - fn from(q: G2Affine

) -> Self { - let two_inv = P::Fp::one().double().inverse().unwrap(); - if q.is_zero() { - return Self { - ell_coeffs: vec![], - infinity: true, - }; - } - - let mut ell_coeffs = vec![]; - let mut r = G2HomProjective { - x: q.x, - y: q.y, - z: Fp2::one(), - }; - - let negq = q.neg(); - - for i in (1..P::ATE_LOOP_COUNT.len()).rev() { - ell_coeffs.push(doubling_step::

(&mut r, &two_inv)); - - let bit = P::ATE_LOOP_COUNT[i - 1]; - - match bit { - 1 => { - ell_coeffs.push(addition_step::

(&mut r, &q)); - } - -1 => { - ell_coeffs.push(addition_step::

(&mut r, &negq)); - } - _ => continue, - } - } - - let q1 = mul_by_char::

(q); - let mut q2 = mul_by_char::

(q1); - - if P::ATE_LOOP_COUNT_IS_NEGATIVE { - r.y = -r.y; - } - - q2.y = -q2.y; - - ell_coeffs.push(addition_step::

(&mut r, &q1)); - ell_coeffs.push(addition_step::

(&mut r, &q2)); - - Self { - ell_coeffs, - infinity: false, - } - } -} - -fn mul_by_char(r: G2Affine

) -> G2Affine

{ - // multiply by field characteristic - - let mut s = r; - s.x.frobenius_map(1); - s.x *= &P::TWIST_MUL_BY_Q_X; - s.y.frobenius_map(1); - s.y *= &P::TWIST_MUL_BY_Q_Y; - - s -} - -fn doubling_step( - r: &mut G2HomProjective, - two_inv: &B::Fp, -) -> (Fp2, Fp2, Fp2) { - // Formula for line function when working with - // homogeneous projective coordinates. - - let mut a = r.x * &r.y; - a.mul_assign_by_basefield(two_inv); - let b = r.y.square(); - let c = r.z.square(); - let e = B::G2Parameters::COEFF_B * &(c.double() + &c); - let f = e.double() + &e; - let mut g = b + &f; - g.mul_assign_by_basefield(two_inv); - let h = (r.y + &r.z).square() - &(b + &c); - let i = e - &b; - let j = r.x.square(); - let e_square = e.square(); - - r.x = a * &(b - &f); - r.y = g.square() - &(e_square.double() + &e_square); - r.z = b * &h; - match B::TWIST_TYPE { - TwistType::M => (i, j.double() + &j, -h), - TwistType::D => (-h, j.double() + &j, i), - } -} - -fn addition_step( - r: &mut G2HomProjective, - q: &G2Affine, -) -> (Fp2, Fp2, Fp2) { - // Formula for line function when working with - // homogeneous projective coordinates. - let theta = r.y - &(q.y * &r.z); - let lambda = r.x - &(q.x * &r.z); - let c = theta.square(); - let d = lambda.square(); - let e = lambda * &d; - let f = r.z * &c; - let g = r.x * &d; - let h = e + &f - &g.double(); - r.x = lambda * &h; - r.y = theta * &(g - &h) - &(e * &r.y); - r.z *= &e; - let j = theta * &q.x - &(lambda * &q.y); - - match B::TWIST_TYPE { - TwistType::M => (j, -theta, lambda), - TwistType::D => (lambda, -theta, j), - } -} diff --git a/algebra/src/curves/models/bn/mod.rs b/algebra/src/curves/models/bn/mod.rs deleted file mode 100644 index 3685a27fe..000000000 --- a/algebra/src/curves/models/bn/mod.rs +++ /dev/null @@ -1,218 +0,0 @@ -use crate::{ - curves::{ - models::{ModelParameters, SWModelParameters}, - PairingEngine - }, - fields::{ - fp12_2over3over2::{Fp12, Fp12Parameters, Fp12ParamsWrapper}, - fp2::Fp2Parameters, - fp6_3over2::Fp6Parameters, - Field, Fp2, PrimeField, SquareRootField, - QuadExtParameters - }, - Error, -}; - -use std::marker::PhantomData; - -pub enum TwistType { - M, - D, -} - -pub trait BnParameters: 'static { - const X: &'static [u64]; - const X_IS_NEGATIVE: bool; - const ATE_LOOP_COUNT: &'static [i8]; - const ATE_LOOP_COUNT_IS_NEGATIVE: bool; - const TWIST_TYPE: TwistType; - const TWIST_MUL_BY_Q_X: Fp2; - const TWIST_MUL_BY_Q_Y: Fp2; - type Fp: PrimeField + SquareRootField + Into<::BigInt>; - type Fp2Params: Fp2Parameters; - type Fp6Params: Fp6Parameters; - type Fp12Params: Fp12Parameters; - type G1Parameters: SWModelParameters; - type G2Parameters: SWModelParameters< - BaseField = Fp2, - ScalarField = ::ScalarField, - >; -} - -pub mod g1; -pub mod g2; - -pub use self::{ - g1::{G1Affine, G1Prepared, G1Projective}, - g2::{G2Affine, G2Prepared, G2Projective}, -}; - -#[derive(Derivative)] -#[derivative(Copy, Clone, PartialEq, Eq, Debug, Hash)] -pub struct Bn(PhantomData P>); - -impl Bn

{ - // Evaluate the line function at point p. - fn ell( - f: &mut Fp12, - coeffs: &(Fp2, Fp2, Fp2), - p: &G1Affine

, - ) { - let mut c0 = coeffs.0; - let mut c1 = coeffs.1; - let mut c2 = coeffs.2; - - match P::TWIST_TYPE { - TwistType::M => { - c2.mul_assign_by_basefield(&p.y); - c1.mul_assign_by_basefield(&p.x); - f.mul_by_014(&c0, &c1, &c2); - } - TwistType::D => { - c0.mul_assign_by_basefield(&p.y); - c1.mul_assign_by_basefield(&p.x); - f.mul_by_034(&c0, &c1, &c2); - } - } - } - - fn exp_by_neg_x(mut f: Fp12) -> Fp12 { - f = f.cyclotomic_exp(&P::X); - if !!!P::X_IS_NEGATIVE { - f.conjugate(); - } - f - } -} - -impl PairingEngine for Bn

-{ - type Fr = ::ScalarField; - type G1Projective = G1Projective

; - type G1Affine = G1Affine

; - type G1Prepared = G1Prepared

; - type G2Projective = G2Projective

; - type G2Affine = G2Affine

; - type G2Prepared = G2Prepared

; - type Fq = P::Fp; - type Fqe = Fp2; - type Fqk = Fp12; - - fn miller_loop<'a, I>(i: I) -> Result - where - I: IntoIterator, - { - let mut pairs = vec![]; - for (p, q) in i { - if !p.is_zero() && !q.is_zero() { - pairs.push((p, q.ell_coeffs.iter())); - } - } - - let mut f = Self::Fqk::one(); - - for i in (1..P::ATE_LOOP_COUNT.len()).rev() { - if i != P::ATE_LOOP_COUNT.len() - 1 { - f.square_in_place(); - } - - for (p, ref mut coeffs) in &mut pairs { - Self::ell(&mut f, coeffs.next().unwrap(), &p.0); - } - - let bit = P::ATE_LOOP_COUNT[i - 1]; - match bit { - 1 => { - for &mut (p, ref mut coeffs) in &mut pairs { - Self::ell(&mut f, coeffs.next().unwrap(), &p.0); - } - } - -1 => { - for &mut (p, ref mut coeffs) in &mut pairs { - Self::ell(&mut f, coeffs.next().unwrap(), &p.0); - } - } - _ => continue, - } - } - - if P::ATE_LOOP_COUNT_IS_NEGATIVE { - f.conjugate(); - } - - for &mut (p, ref mut coeffs) in &mut pairs { - Self::ell(&mut f, coeffs.next().unwrap(), &p.0); - } - - for &mut (p, ref mut coeffs) in &mut pairs { - Self::ell(&mut f, coeffs.next().unwrap(), &p.0); - } - - Ok(f) - } - - fn final_exponentiation(f: &Self::Fqk) -> Result { - // Easy part: result = elt^((q^6-1)*(q^2+1)). - // Follows, e.g., Beuchat et al page 9, by computing result as follows: - // elt^((q^6-1)*(q^2+1)) = (conj(elt) * elt^(-1))^(q^2+1) - - // f1 = r.conjugate() = f^(p^6) - let mut f1 = *f; - f1.conjugate(); - - match f.inverse() { - Some(mut f2) => { - // f2 = f^(-1); - // r = f^(p^6 - 1) - let mut r = f1 * &f2; - - // f2 = f^(p^6 - 1) - f2 = r; - // r = f^((p^6 - 1)(p^2)) - r.frobenius_map(2); - - // r = f^((p^6 - 1)(p^2) + (p^6 - 1)) - // r = f^((p^6 - 1)(p^2 + 1)) - r *= &f2; - - // Hard part follows Laura Fuentes-Castaneda et al. "Faster hashing to G2" - // by computing: - // - // result = elt^(q^3 * (12*z^3 + 6z^2 + 4z - 1) + - // q^2 * (12*z^3 + 6z^2 + 6z) + - // q * (12*z^3 + 6z^2 + 4z) + - // 1 * (12*z^3 + 12z^2 + 6z + 1)) - // which equals - // - // result = elt^( 2z * ( 6z^2 + 3z + 1 ) * (q^4 - q^2 + 1)/r ). - - let y0 = Self::exp_by_neg_x(r); - let y1 = Fp12ParamsWrapper::::cyclotomic_square(&y0); - let y2 = Fp12ParamsWrapper::::cyclotomic_square(&y1); - let mut y3 = y2 * &y1; - let y4 = Self::exp_by_neg_x(y3); - let y5 = Fp12ParamsWrapper::::cyclotomic_square(&y4); - let mut y6 = Self::exp_by_neg_x(y5); - y3.conjugate(); - y6.conjugate(); - let y7 = y6 * &y4; - let mut y8 = y7 * &y3; - let y9 = y8 * &y1; - let y10 = y8 * &y4; - let y11 = y10 * &r; - let mut y12 = y9; - y12.frobenius_map(1); - let y13 = y12 * &y11; - y8.frobenius_map(2); - let y14 = y8 * &y13; - r.conjugate(); - let mut y15 = r * &y9; - y15.frobenius_map(3); - let y16 = y15 * &y14; - - Ok(y16) - }, - None => Err(format!("f is zero"))?, - } - } -} diff --git a/algebra/src/curves/models/mnt4/g1.rs b/algebra/src/curves/models/mnt4/g1.rs deleted file mode 100644 index 65b659dd4..000000000 --- a/algebra/src/curves/models/mnt4/g1.rs +++ /dev/null @@ -1,55 +0,0 @@ -use crate::curves::models::mnt4::{MNT4Parameters, MNT4p}; -use crate::curves::short_weierstrass_projective::{GroupAffine, GroupProjective}; -use crate::{Fp2, ToBytes, AffineCurve, FromBytes}; -use std::io::{Write, Result as IoResult, Read}; -use std::io; -use serde::{Serialize, Deserialize}; - -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; - -#[derive(Derivative)] -#[derivative( -Copy(bound = "P: MNT4Parameters"), -Clone(bound = "P: MNT4Parameters"), -Debug(bound = "P: MNT4Parameters"), -PartialEq(bound = "P: MNT4Parameters"), -Eq(bound = "P: MNT4Parameters") -)] -#[derive(Serialize, Deserialize)] -#[serde(bound(serialize = "P: MNT4Parameters"))] -#[serde(bound(deserialize = "P: MNT4Parameters"))] -pub struct G1Prepared { - pub p: G1Affine

, - pub py_twist_squared: Fp2, -} - -impl ToBytes for G1Prepared

{ - fn write(&self, mut writer: W) -> IoResult<()> { - self.p.write(&mut writer)?; - self.py_twist_squared.write(&mut writer)?; - Ok(()) - } -} - -impl FromBytes for G1Prepared

{ - fn read(mut reader: R) -> IoResult { - let p = G1Affine::

::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let py_twist_squared = Fp2::::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(G1Prepared{p, py_twist_squared}) - } -} - -impl From> for G1Prepared

{ - fn from(other: G1Affine

) -> Self { - MNT4p::

::ate_precompute_g1(&other) - } -} - -impl Default for G1Prepared

{ - fn default() -> Self { - Self::from(G1Affine::

::prime_subgroup_generator()) - } -} \ No newline at end of file diff --git a/algebra/src/curves/models/mnt4/g2.rs b/algebra/src/curves/models/mnt4/g2.rs deleted file mode 100644 index 3295a9da7..000000000 --- a/algebra/src/curves/models/mnt4/g2.rs +++ /dev/null @@ -1,100 +0,0 @@ -use crate::curves::models::mnt4::{MNT4Parameters, MNT4p}; -use crate::curves::short_weierstrass_projective::{GroupAffine, GroupProjective}; -use crate::{Fp2, ToBytes, AffineCurve, FromBytes}; -use std::io::{Write, Result as IoResult, Read}; -use std::io; -use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; -use serde::{Serialize, Deserialize}; - -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; - -#[derive(Derivative)] -#[derivative( -Clone(bound = "P: MNT4Parameters"), -Debug(bound = "P: MNT4Parameters"), -PartialEq(bound = "P: MNT4Parameters"), -Eq(bound = "P: MNT4Parameters") -)] -#[derive(Serialize, Deserialize)] -pub struct G2PreparedCoefficients{ - pub r_y: Fp2, - pub gamma: Fp2, - pub gamma_x: Fp2, -} - -implToBytes for G2PreparedCoefficients

{ - fn write(&self, mut writer: W) -> IoResult<()> { - self.r_y.write(&mut writer)?; - self.gamma.write(&mut writer)?; - self.gamma_x.write(&mut writer)?; - Ok(()) - } -} - -impl FromBytes for G2PreparedCoefficients

{ - fn read(mut reader: R) -> IoResult { - let r_y = Fp2::::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let gamma = Fp2::::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let gamma_x = Fp2::::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(G2PreparedCoefficients{r_y, gamma, gamma_x}) - } -} - -#[derive(Derivative)] -#[derivative( -Clone(bound = "P: MNT4Parameters"), -Debug(bound = "P: MNT4Parameters"), -PartialEq(bound = "P: MNT4Parameters"), -Eq(bound = "P: MNT4Parameters") -)] -#[derive(Serialize, Deserialize)] -#[serde(bound(serialize = "P: MNT4Parameters"))] -#[serde(bound(deserialize = "P: MNT4Parameters"))] -pub struct G2Prepared{ - pub q: G2Affine

, - pub coeffs: Vec>, -} - -impl ToBytes for G2Prepared

{ - fn write(&self, mut writer: W) -> IoResult<()> { - self.q.write(&mut writer)?; - writer.write_u32::(self.coeffs.len() as u32)?; - for c in &self.coeffs{ - c.write(&mut writer)?; - } - Ok(()) - } -} - -impl FromBytes for G2Prepared

{ - fn read(mut reader: R) -> IoResult { - let q = G2Affine::

::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - - let coeffs_len = reader.read_u32::()? as usize; - let mut coeffs = vec![]; - - for _ in 0..coeffs_len { - let c = G2PreparedCoefficients::

::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - coeffs.push(c); - } - Ok(G2Prepared{q, coeffs}) - } -} - -impl From> for G2Prepared

{ - fn from(point: G2Affine

) -> Self { - MNT4p::

::ate_precompute_g2(&point) - } -} - -impl Default for G2Prepared

{ - fn default() -> Self { - Self::from(G2Affine::

::prime_subgroup_generator()) - } -} \ No newline at end of file diff --git a/algebra/src/curves/models/mnt4/mod.rs b/algebra/src/curves/models/mnt4/mod.rs deleted file mode 100644 index b6274312f..000000000 --- a/algebra/src/curves/models/mnt4/mod.rs +++ /dev/null @@ -1,303 +0,0 @@ -use crate::{Error, Fp2, BigInteger768 as BigInteger, PrimeField, SquareRootField, Fp2Parameters, Fp4Parameters, SWModelParameters, ModelParameters, PairingEngine, Fp4, Field}; -use std::marker::PhantomData; -use std::ops::{Add, Mul, Sub}; - - -// Ate pairing e: G_1 x G_2 -> G_T for MNT4 curves over prime fields -// -// E: y^2 = x^3 + a*x + b mod p. -// -// Its embedding field F4 is regarded as towered extension -// -// F4 = F2[Y]/(Y^2-X), -// F2 = Fp[X]/(X^2-alpha), -// -// using a "non-residue" alpha mod p such that (X^4-alpha) is irreducible over Fp. -// We apply standard efficiency measures (see, e.g. ): G_2 is represented by a subgroup -// of prime order r=ord(G_1) of the quadratic twist -// -// E': y^2 = x^3 + (a*twist^2) x + b*twist^3 -// -// over F2, with twist=X, the Frobenius operator is applied to reduce the cost of the -// final exponentiation, and we do pre-computations of (essentially) the line coefficients -// of the Miller loop. -// The loop count allows signed bit representation, so this variant supports curves with Frobenius -// trace having low Hamming weight NAF. - -pub trait MNT4Parameters: 'static { - // the loop count for the Miller loop, equals the |Frobenius trace of E - 1| - const ATE_LOOP_COUNT: &'static [u64]; - // the non-adjacent normal form of ATE_LOOP_COUNT trimmed of leading zeroes and - // without MSB, starting with the least significant bit - const WNAF: &'static [i32]; - // true/false depending whether the Frobenius trace is negative/positive - const ATE_IS_LOOP_COUNT_NEG: bool; - // The twist factor twist=Y^2 for - // E': y'^2 = x'^3 + a*twist^2*x + twist^3 * b - // as needed for the point evaluation of the Miller loop lines - const TWIST: Fp2; - // Weierstrass coefficient a'=a*omega^4= a*alpha of the quadratic twist E' - // as needed for the point evaluation of the Miller loop lines - const TWIST_COEFF_A: Fp2; - // the final pairing exponent is decomposed as - // (p^4-1)/r = (p^2-1) (p^2 + 1)/r, - // wheras - // (p^2 +1)/r = m_1*p + m_0, - // where m_1, 0<= m_1 < p, is - const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger; - // and m_0, |m_0| <= p/2, equal to - const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger; - // is set true/false depending on the sign of m_0 - const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool; - - // base field F of the curve - type Fp: PrimeField + SquareRootField + Into<::BigInt>; - // scalar field of the curve - type Fr: PrimeField + SquareRootField + Into<::BigInt>; - // parameters of the quadratic extension field F2 - type Fp2Params: Fp2Parameters; - // paramters of the embedding field F4 - type Fp4Params: Fp4Parameters; - // parameters for E with defining field F - type G1Parameters: SWModelParameters; - // parameters for the quadratic twist E' over F2 - type G2Parameters: SWModelParameters< - BaseField=Fp2, - ScalarField=::ScalarField, - >; -} - -pub mod g1; -pub mod g2; - -pub use self::{ - g1::{G1Affine, G1Prepared, G1Projective}, - g2::{G2Affine, G2Prepared, G2Projective}, -}; -use crate::curves::models::mnt4::g2::G2PreparedCoefficients; - -#[derive(Derivative)] -#[derivative(Copy, Clone, PartialEq, Eq, Debug, Hash)] -pub struct MNT4p(PhantomData P>); - -impl MNT4p

{ - // Takes as input a (non-zero) point P in G1 in affine coordinates, and outputs a - // precomputed version of it for pairing purposes, which is comprised of - // P itself, and - // py_twist_squared, the y-coordinate of P times X^2 = alpha - // The latter is needed for optimizing point evaluation of the Miller lines - fn ate_precompute_g1(value: &G1Affine

) -> G1Prepared

{ - let mut py_twist_squared = P::TWIST.square(); - py_twist_squared.mul_assign_by_basefield(&value.y); - - G1Prepared { p: value.clone(), py_twist_squared } - } - - // Takes as input a (non-zero) point Q from G2 in affine coordinates, and outputs the - // (P-independent) pre-computable coefficients for all operations of the Miller loop. - // These are comprised of the line coefficients in an optimized variant: - // s.y = the y-coordinate of internal state S, - // gamma = the F2-slope of the tangent/P-chord at S, - // gamma_x = the F2-slope times the x-coordinate s.x of S. - fn ate_precompute_g2(value: &G2Affine

) -> G2Prepared

{ - let mut g2p = G2Prepared { - q: value.clone(), - coeffs: vec![], - }; - - let mut s = value.clone(); - - // signed binary representation of the Ate loop count in big endian order - for &n in P::WNAF.iter().rev() { - - //Doubling step - let gamma = { - let sx_squared = s.x.square(); - let three_sx_squared_plus_a = sx_squared.double().add(&sx_squared).add(&P::TWIST_COEFF_A); - let two_sy_inv = s.y.double().inverse().unwrap(); - three_sx_squared_plus_a.mul(&two_sy_inv) // the F2-slope of the tangent at S=(s.x,s.y) - }; - let gamma_x = gamma.mul(&s.x); - let new_sx = { - let two_sx = s.x.double(); - gamma.square().sub(&two_sx) // x-coordinate after doubling - }; - let new_sy = { - let sx_minus_new_sx = s.x.sub(&new_sx); - gamma.mul(&sx_minus_new_sx).sub(&s.y) //y-coordinate after doubling - }; - let c = G2PreparedCoefficients { r_y: s.y, gamma, gamma_x }; - g2p.coeffs.push(c); - s.x = new_sx; - s.y = new_sy; - - if n != 0 { - //Addition/substraction step depending on the sign of n - let sx_minus_x_inv = s.x.sub(&value.x).inverse().unwrap(); - let numerator = if n > 0 { s.y.sub(&value.y) } else { s.y.add(&value.y) }; - let gamma = numerator.mul(&sx_minus_x_inv); // the F2-slope of chord Q' to R' - let gamma_x = gamma.mul(&value.x); - let new_sx = { - let sx_plus_x = s.x.add(&value.x); - gamma.square().sub(&sx_plus_x) - }; - let new_sy = { - let sx_minus_new_sx = s.x.sub(&new_sx); - gamma.mul(&sx_minus_new_sx).sub(&s.y) - }; - let c = G2PreparedCoefficients { r_y: s.y, gamma, gamma_x }; - g2p.coeffs.push(c); - s.x = new_sx; - s.y = new_sy; - } - } - g2p - } - - - pub fn ate_miller_loop(p: &G1Prepared

, q: &G2Prepared

) -> Fp4 { - let mut f = Fp4::::one(); - - let mut idx: usize = 0; - - for &n in P::WNAF.iter().rev() { - // code below gets executed for all signed bits (EXCEPT the MSB itself) of - // the ATE_LOOP_COUNT (skipping leading zeros) in MSB to LSB order - - //doubling step - f = f.square(); - let c = &q.coeffs[idx]; - idx += 1; - - // evaluate the tangent line g_{R,R} at P in F4 (scaled by twist^2) using the - // pre-computed data - // g_{R,R}(P) = (y_P - lambda*x_p - d) * twist^2, - // where - // lambda = gamma * Y/twist, - // d = (y'-gamma * x')* Y/twist^2, - // with (x',y') being the twist coordinates of R. - // Thus - // g_{R,R}(P) = y_p*X^2 + (gamma*x'- gamma*twist*x_p - y') *Y. - // The scale factor twist^2 from F2 is cancelled out by the final exponentiation. - - let mut gamma_twist_times_x = c.gamma.mul(&P::TWIST); - gamma_twist_times_x.mul_assign_by_basefield(&p.p.x); - - let g_rr_at_p = Fp4::::new( - p.py_twist_squared, - c.gamma_x - &gamma_twist_times_x - &c.r_y, - ); - - // and cumulate it to f - f = f.mul_by_023(&g_rr_at_p); - - // addition/substraction step - if n != 0 { - let c = &q.coeffs[idx]; - idx += 1; - - //evaluate chord g_{RQ}(P) in F4 using pre-computed data as above - //I suggest to write a separate function for the point evaluation - //as done in the implementation of the sw6 Miller loop - let mut gamma_twist_times_x = c.gamma.mul(&P::TWIST); - gamma_twist_times_x.mul_assign_by_basefield(&p.p.x); - let g_rq_at_p_c1 = if n > 0 { - c.gamma_x - &gamma_twist_times_x - &q.q.y - } else { - c.gamma_x - &gamma_twist_times_x + &q.q.y - }; - - let g_rq_at_p = Fp4::::new( - p.py_twist_squared, - g_rq_at_p_c1, - ); - // and cumulate it to f - f = f.mul_by_023(&g_rq_at_p); - } - } - - if P::ATE_IS_LOOP_COUNT_NEG { - f = f.unitary_inverse(); - } - - f - } - - pub fn final_exponentiation(value: &Fp4) -> Result, Error> { - if value.is_zero() { - Err(format!("Invalid exponentiation value: 0"))? - } - let value_inv = value.inverse().unwrap(); - // the "easy part" - let value_to_first_chunk = Self::final_exponentiation_first_chunk(value, &value_inv); - let value_inv_to_first_chunk = Self::final_exponentiation_first_chunk(&value_inv, value); - // the "hard part" - Ok(Self::final_exponentiation_last_chunk(&value_to_first_chunk, &value_inv_to_first_chunk)) - } - - fn final_exponentiation_first_chunk(elt: &Fp4, elt_inv: &Fp4) -> Fp4 { - // use the Frobenius map and elt^{-1} to compute - // elt^(q^2-1) - let mut elt_q2 = elt.clone(); - // elt^(q^2) - elt_q2.conjugate(); - // elt^(q^2-1) - let elt_q2_over_elt = elt_q2 * elt_inv; - - elt_q2_over_elt - } - - - fn final_exponentiation_last_chunk(elt: &Fp4, elt_inv: &Fp4) -> Fp4 { - // remaining exponentiaton by m_1*q + m_0, m_0 can be signed. - let elt_clone = elt.clone(); - let elt_inv_clone = elt_inv.clone(); - - let mut elt_q = elt.clone(); - //elt^{q} - elt_q.frobenius_map(1); - - // exponentiation by m_1 and m_0 using optimized exponentiation for r-th roots of unity - //elt^{q*m_1} - let w1_part = elt_q.cyclotomic_exp(&P::FINAL_EXPONENT_LAST_CHUNK_1); - //elt^{m_0} - let w0_part; - if P::FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG { - w0_part = elt_inv_clone.cyclotomic_exp(&P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0); - } else { - w0_part = elt_clone.cyclotomic_exp(&P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0); - } - //elt^{q*m_1+m_0} - w1_part * &w0_part - } -} - -impl PairingEngine for MNT4p

-{ - type Fr = ::ScalarField; - type G1Projective = G1Projective

; - type G1Affine = G1Affine

; - type G1Prepared = G1Prepared

; - type G2Projective = G2Projective

; - type G2Affine = G2Affine

; - type G2Prepared = G2Prepared

; - type Fq = P::Fp; - type Fqe = Fp2; - type Fqk = Fp4; - - fn miller_loop<'a, I>(i: I) -> Result - where - I: IntoIterator, - { - let mut result = Self::Fqk::one(); - for &(ref p, ref q) in i { - result *= &Self::ate_miller_loop(p, q); - } - Ok(result) - } - - fn final_exponentiation(r: &Self::Fqk) -> Result { - Self::final_exponentiation(r) - } -} - diff --git a/algebra/src/curves/models/mnt6/g1.rs b/algebra/src/curves/models/mnt6/g1.rs deleted file mode 100644 index a98972785..000000000 --- a/algebra/src/curves/models/mnt6/g1.rs +++ /dev/null @@ -1,55 +0,0 @@ -use crate::curves::models::mnt6::{MNT6Parameters, MNT6p}; -use crate::curves::short_weierstrass_projective::{GroupAffine, GroupProjective}; -use crate::{Fp3, ToBytes, AffineCurve, FromBytes}; -use std::io::{Write, Result as IoResult, Read}; -use std::io; -use serde::{Serialize, Deserialize}; - -pub type G1Affine

= GroupAffine<

::G1Parameters>; -pub type G1Projective

= GroupProjective<

::G1Parameters>; - -#[derive(Derivative)] -#[derivative( -Copy(bound = "P: MNT6Parameters"), -Clone(bound = "P: MNT6Parameters"), -Debug(bound = "P: MNT6Parameters"), -PartialEq(bound = "P: MNT6Parameters"), -Eq(bound = "P: MNT6Parameters") -)] -#[derive(Serialize, Deserialize)] -#[serde(bound(serialize = "P: MNT6Parameters"))] -#[serde(bound(deserialize = "P: MNT6Parameters"))] -pub struct G1Prepared { - pub p: G1Affine

, - pub py_twist_squared: Fp3, -} - -impl ToBytes for G1Prepared

{ - fn write(&self, mut writer: W) -> IoResult<()> { - self.p.write(&mut writer)?; - self.py_twist_squared.write(&mut writer)?; - Ok(()) - } -} - -impl FromBytes for G1Prepared

{ - fn read(mut reader: R) -> IoResult { - let p = G1Affine::

::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let py_twist_squared = Fp3::::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(G1Prepared{p, py_twist_squared}) - } -} - -impl From> for G1Prepared

{ - fn from(other: G1Affine

) -> Self { - MNT6p::

::ate_precompute_g1(&other) - } -} - -impl Default for G1Prepared

{ - fn default() -> Self { - Self::from(G1Affine::

::prime_subgroup_generator()) - } -} \ No newline at end of file diff --git a/algebra/src/curves/models/mnt6/g2.rs b/algebra/src/curves/models/mnt6/g2.rs deleted file mode 100644 index 4f187b8e0..000000000 --- a/algebra/src/curves/models/mnt6/g2.rs +++ /dev/null @@ -1,102 +0,0 @@ -use crate::curves::models::mnt6::{MNT6Parameters, MNT6p}; -use crate::curves::short_weierstrass_projective::{GroupAffine, GroupProjective}; -use crate::{Fp3, ToBytes, AffineCurve, FromBytes}; -use std::io::{Write, Result as IoResult, Read}; -use std::io; -use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; -use serde::{Serialize, Deserialize}; - -pub type G2Affine

= GroupAffine<

::G2Parameters>; -pub type G2Projective

= GroupProjective<

::G2Parameters>; - - -#[derive(Derivative)] -#[derivative( -Copy(bound = "P: MNT6Parameters"), -Clone(bound = "P: MNT6Parameters"), -Debug(bound = "P: MNT6Parameters"), -PartialEq(bound = "P: MNT6Parameters"), -Eq(bound = "P: MNT6Parameters") -)] -#[derive(Serialize, Deserialize)] -pub struct G2PreparedCoefficients{ - pub r_y: Fp3, - pub gamma: Fp3, - pub gamma_x: Fp3, -} - -implToBytes for G2PreparedCoefficients

{ - fn write(&self, mut writer: W) -> IoResult<()> { - self.r_y.write(&mut writer)?; - self.gamma.write(&mut writer)?; - self.gamma_x.write(&mut writer)?; - Ok(()) - } -} - -impl FromBytes for G2PreparedCoefficients

{ - fn read(mut reader: R) -> IoResult { - let r_y = Fp3::::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let gamma = Fp3::::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - let gamma_x = Fp3::::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(G2PreparedCoefficients{r_y, gamma, gamma_x}) - } -} - -#[derive(Derivative)] -#[derivative( -Clone(bound = "P: MNT6Parameters"), -Debug(bound = "P: MNT6Parameters"), -PartialEq(bound = "P: MNT6Parameters"), -Eq(bound = "P: MNT6Parameters") -)] -#[derive(Serialize, Deserialize)] -#[serde(bound(serialize = "P: MNT6Parameters"))] -#[serde(bound(deserialize = "P: MNT6Parameters"))] -pub struct G2Prepared{ - pub q: G2Affine

, - pub coeffs: Vec>, -} - -impl ToBytes for G2Prepared

{ - fn write(&self, mut writer: W) -> IoResult<()> { - self.q.write(&mut writer)?; - writer.write_u32::(self.coeffs.len() as u32)?; - for c in &self.coeffs{ - c.write(&mut writer)?; - } - Ok(()) - } -} - -impl FromBytes for G2Prepared

{ - fn read(mut reader: R) -> IoResult { - let q = G2Affine::

::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - - let coeffs_len = reader.read_u32::()? as usize; - let mut coeffs = vec![]; - - for _ in 0..coeffs_len { - let c = G2PreparedCoefficients::

::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - coeffs.push(c); - } - Ok(G2Prepared{q, coeffs}) - } -} - -impl From> for G2Prepared

{ - fn from(point: G2Affine

) -> Self { - MNT6p::

::ate_precompute_g2(&point).unwrap() - } -} - -impl Default for G2Prepared

{ - fn default() -> Self { - Self::from(G2Affine::

::prime_subgroup_generator()) - } -} \ No newline at end of file diff --git a/algebra/src/curves/models/mnt6/mod.rs b/algebra/src/curves/models/mnt6/mod.rs deleted file mode 100644 index 9206f415b..000000000 --- a/algebra/src/curves/models/mnt6/mod.rs +++ /dev/null @@ -1,313 +0,0 @@ -use crate::{Error, Fp3, BigInteger768 as BigInteger, PrimeField, SquareRootField, Fp3Parameters, Fp6Parameters, SWModelParameters, ModelParameters, PairingEngine, Fp6, Field}; -use std::marker::PhantomData; -use std::ops::{Add, Mul, Sub}; - - -// Ate pairing e: G_1 x G_2 -> G_T for MNT6 curves over prime fields -// -// E: y^2 = x^3 + a*x + b mod p. -// -// Its embedding field F6 is regarded as towered extension -// -// F6 = F2[Y]/(Y^2-X), -// F3 = Fp[X]/(X^3-alpha), -// -// using a "non-residue" alpha mod p such that (X^6-alpha) is irreducible over Fp. -// We apply standard efficiency measures (see, e.g. ): G_2 is represented by a subgroup -// of prime order r=ord(G_1) of the quadratic twist -// -// E': y^2 = x^3 + (a*twist^2) x + b*twist^3 -// -// over F3, with twist = X = Y^2, the Frobenius operator is applied to reduce the cost of the -// final exponentiation, and we do pre-computations of (essentially) the line coefficients -// of the Miller loop. -// The loop count allows signed bit representation, so this variant supports curves with Frobenius -// trace having low Hamming weight NAF.. - -pub trait MNT6Parameters: 'static { - // the loop count for the Miller loop, equals the |Frobenius trace of E - 1| - const ATE_LOOP_COUNT: &'static [u64]; - // the non-adjacent normal form of ATE_LOOP_COUNT trimmed of leading zeroes and - // without MSB, starting with the least significant bit - const WNAF: &'static [i32]; - // true/false depending whether the Frobenius trace is negative/positive - const ATE_IS_LOOP_COUNT_NEG: bool; - // The twist factor twist=Y^2 for - // E': y'^2 = x'^3 + a*twist^2*x + twist^3 * b - // as needed for the point evaluation of the Miller loop lines - const TWIST: Fp3; - // Weierstrass coefficient a'=a*omega^4= a*alpha of the quadratic twist E' - // as needed for the point evaluation of the Miller loop lines - // translated via the twist map - const TWIST_COEFF_A: Fp3; - // the final pairing exponent is decomposed as - // (p^6-1)/r = (p^3-1)(p+1) (p^2 - p + 1)/r, - // wheras - // (p^2 - p + 1)/r = m_1*p + m_0, - // with 0<= m_0 < p, m_0 - const FINAL_EXPONENT_LAST_CHUNK_1: BigInteger; - // and m_0, |m_0| <= p/2, equal to - const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger; - // is set true/false depending on the sign of m_0 - const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool; - - // base field F of the curve - type Fp: PrimeField + SquareRootField + Into<::BigInt>; - // scalar field of the curve - type Fr: PrimeField + SquareRootField + Into<::BigInt>; - // parameters of the quadratic extension field F3 - type Fp3Params: Fp3Parameters; - // paramters of the embedding field F6 - type Fp6Params: Fp6Parameters; - // parameters for E with defining field F - type G1Parameters: SWModelParameters; - // parameters for the quadratic twist E' over F3 - type G2Parameters: SWModelParameters< - BaseField = Fp3, - ScalarField = ::ScalarField, - >; -} - -pub mod g1; -pub mod g2; - -pub use self::{ - g1::{G1Affine, G1Prepared, G1Projective}, - g2::{G2Affine, G2Prepared, G2Projective}, -}; -use crate::curves::models::mnt6::g2::G2PreparedCoefficients; - -#[derive(Derivative)] -#[derivative(Copy, Clone, PartialEq, Eq, Debug, Hash)] -pub struct MNT6p(PhantomData P>); - -impl MNT6p

{ - - // Takes as input a point in G1 in affine coordinates, and outputs a - // precomputed version of it for pairing purposes. - fn ate_precompute_g1(value: &G1Affine

) -> G1Prepared

{ - let mut py_twist_squared = P::TWIST.square(); - py_twist_squared.mul_assign_by_fp(&value.y); - - G1Prepared {p: *value, py_twist_squared} - } - - // Takes as input a (non-zero) point Q from G2 in affine coordinates, and outputs the - // (P-independent) pre-computable coefficients for all operations of the Miller loop. - // These are comprised of the line coefficients in an optimized variant: - // s.y = the y-coordinate of internal state S, - // gamma = the F3-slope of the tangent/P-chord at S, - // gamma_x = the F3-slope times the x-coordinate s.x of S. - fn ate_precompute_g2(value: &G2Affine

) -> Result, Error> { - - let mut g2p = G2Prepared { - q: *value, - coeffs: vec![], - }; - - let mut s = value.clone(); - - // signed binary representation of the Ate loop count in big endian order - for &n in P::WNAF.iter().rev() { - - //Doubling step - let gamma = { - let sx_squared = s.x.square(); - let three_sx_squared_plus_a = sx_squared.double().add(&sx_squared).add(&P::TWIST_COEFF_A); - if value.y.is_zero() { - Err(format!("Invalid Q-point value"))? - } - let two_sy_inv = s.y.double().inverse().unwrap(); - three_sx_squared_plus_a.mul(&two_sy_inv) // the F3-slope of the tangent at S=(s.x,s.y) - }; - let gamma_x = gamma.mul(&s.x); - let new_sx = { - let two_sx = s.x.double(); - gamma.square().sub(&two_sx) //x-coordinate after doubling - }; - let new_sy = { - let sx_minus_new_sx = s.x.sub(&new_sx); - gamma.mul(&sx_minus_new_sx).sub(&s.y) //y-coordinate after doubling - }; - let c = G2PreparedCoefficients{r_y: s.y, gamma, gamma_x}; - g2p.coeffs.push(c); - s.x = new_sx; - s.y = new_sy; - - if n != 0 { - //Addition/substraction step depending on the sign of n - if s.x == value.x { - Err(format!("Invalid Q-point value"))? - } - let sx_minus_x_inv = s.x.sub(&value.x).inverse().unwrap(); - let numerator = if n > 0 { s.y.sub(&value.y) } else { s.y.add(&value.y) }; - let gamma = numerator.mul(&sx_minus_x_inv); //the F3 slope of the chord Q'R' - let gamma_x = gamma.mul(&value.x); - let new_sx = { - let sx_plus_x = s.x.add(&value.x); - gamma.square().sub(&sx_plus_x) - }; - let new_sy = { - let sx_minus_new_sx = s.x.sub(&new_sx); - gamma.mul(&sx_minus_new_sx).sub(&s.y) - }; - let c = G2PreparedCoefficients{r_y: s.y, gamma, gamma_x}; - g2p.coeffs.push(c); - s.x = new_sx; - s.y = new_sy; - } - } - - Ok(g2p) - } - - - pub fn ate_miller_loop(p: &G1Prepared

, q: &G2Prepared

) -> Fp6 { - - let mut f = Fp6::::one(); - - let mut idx: usize = 0; - - for &n in P::WNAF.iter().rev() { - // code below gets executed for all bits (EXCEPT the MSB itself) of - // mnt4_param_p (skipping leading zeros) in MSB to LSB order - - // doubling step - f = f.square(); - let c = &q.coeffs[idx]; - idx += 1; - - // evaluate the tangent line g_{R,R} at P in F6 (scaled by twist^2) using the - // pre-computed data: - // g_{R,R}(P) = (y_P - lambda*x_p - d) * X^2, - // where - // lambda = gamma * Y/twist, - // d = (y'-gamma * x')* Y/twist^2, - // with (x',y') being the twist coordinates of R. - // Thus - // g_{R,R}(P) = y_p*twist^2 + (gamma*x'- gamma*twist*x_p - y') *Y. - // The scale factor twist^2 from F3 is cancelled out by the final exponentiation. - - let mut gamma_twist_times_x = c.gamma.mul(&P::TWIST); - gamma_twist_times_x.mul_assign_by_fp(&p.p.x); - let g_rr_at_p = Fp6::::new( - p.py_twist_squared, - c.gamma_x - &gamma_twist_times_x -&c.r_y, - ); - //and cumulate it to f - f = f.mul_by_2345(&g_rr_at_p); - - //addition/substraction step - if n != 0 { - let c = &q.coeffs[idx]; - idx += 1; - - //evaluate chord g_{RQ}(P) in F6 using pre-computed data as above - //I suggest to write a separate function for the point evaluation - //as done in the implementation of the sw6 Miller loop - let mut gamma_twist_times_x = c.gamma.mul(&P::TWIST); - gamma_twist_times_x.mul_assign_by_fp(&p.p.x); - let g_rq_at_p_c1 = if n > 0 { - c.gamma_x - &gamma_twist_times_x - &q.q.y - } else { - c.gamma_x - &gamma_twist_times_x + &q.q.y - }; - let g_rq_at_p = Fp6::::new( - p.py_twist_squared, - g_rq_at_p_c1, - ); - //and cumulate it to f - f = f.mul_by_2345(&g_rq_at_p); - } - } - - if P::ATE_IS_LOOP_COUNT_NEG { - f = f.unitary_inverse(); - } - - f - } - - pub fn final_exponentiation(value: &Fp6) -> Result, Error> { - if value.is_zero() { - Err(format!("Invalid exponentiation value: 0"))? - } - let value_inv = value.inverse().unwrap(); - // "easy part" of the exponentiation - let value_to_first_chunk = Self::final_exponentiation_first_chunk(value, &value_inv); - let value_inv_to_first_chunk = Self::final_exponentiation_first_chunk(&value_inv, value); - // "hard part" - Ok(Self::final_exponentiation_last_chunk(&value_to_first_chunk, &value_inv_to_first_chunk)) - } - - fn final_exponentiation_first_chunk(elt: &Fp6, elt_inv: &Fp6) -> Fp6 { - // use the Frobenius map and elt^{-1} to compute the "easy part" - // elt^{(q^3-1)*(q+1)} - - let mut elt_q3 = elt.clone(); - // elt^{q^3} - elt_q3.conjugate(); - // elt^{q^3-1} - let mut elt_q3_over_elt = elt_q3 * elt_inv; - let elt_q3_over_elt_clone = elt_q3_over_elt.clone(); - // elt^{(q^3-1)q} - elt_q3_over_elt.frobenius_map(1); - // elt^{(q^3-1)*(q+1)} - elt_q3_over_elt *= &elt_q3_over_elt_clone; - - elt_q3_over_elt - } - - fn final_exponentiation_last_chunk(elt: &Fp6, elt_inv: &Fp6) -> Fp6 { - // remaining exponentiaton by m_1*q + m_0, m_0 can be signed. - let elt_clone = elt.clone(); - let elt_inv_clone = elt_inv.clone(); - - let mut elt_q = elt.clone(); - //elt^{q} - elt_q.frobenius_map(1); - - // exponentiation by m_1 and m_0 using optimized exponentiation for r-th roots of unity - //elt^{q*m_1} - let w1_part = elt_q.cyclotomic_exp(&P::FINAL_EXPONENT_LAST_CHUNK_1); - //elt^{m_0} - let w0_part; - if P::FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG { - w0_part = elt_inv_clone.cyclotomic_exp(&P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0); - } else { - w0_part = elt_clone.cyclotomic_exp(&P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0); - } - //elt^{q*m_1+m_0} - w1_part * &w0_part - } -} - -impl PairingEngine for MNT6p

-{ - type Fr = ::ScalarField; - type G1Projective = G1Projective

; - type G1Affine = G1Affine

; - type G1Prepared = G1Prepared

; - type G2Projective = G2Projective

; - type G2Affine = G2Affine

; - type G2Prepared = G2Prepared

; - type Fq = P::Fp; - type Fqe = Fp3; - type Fqk = Fp6; - - fn miller_loop<'a, I>(i: I) -> Result - where - I: IntoIterator, - { - let mut result = Self::Fqk::one(); - for &(ref p, ref q) in i { - result *= &Self::ate_miller_loop(p, q); - } - Ok(result) - } - - fn final_exponentiation(r: &Self::Fqk) -> Result { - Self::final_exponentiation(r) - } -} - diff --git a/algebra/src/curves/models/mod.rs b/algebra/src/curves/models/mod.rs index 6e447f171..750e42210 100644 --- a/algebra/src/curves/models/mod.rs +++ b/algebra/src/curves/models/mod.rs @@ -1,9 +1,5 @@ use crate::{biginteger::BigInteger, fields::{Field, PrimeField, SquareRootField}}; -pub mod bls12; -pub mod bn; -pub mod mnt4; -pub mod mnt6; pub mod short_weierstrass_jacobian; pub mod short_weierstrass_projective; pub mod twisted_edwards_extended; diff --git a/algebra/src/curves/sw6/g1.rs b/algebra/src/curves/sw6/g1.rs deleted file mode 100644 index 679a85a57..000000000 --- a/algebra/src/curves/sw6/g1.rs +++ /dev/null @@ -1,119 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::{BigInteger384, BigInteger832}, - curves::{ - models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - }, - fields::sw6::{Fq, Fr}, -}; - -pub type G1Affine = GroupAffine; -pub type G1Projective = GroupProjective; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct SW6G1Parameters; - -impl ModelParameters for SW6G1Parameters { - type BaseField = Fq; - type ScalarField = Fr; -} - -impl SWModelParameters for SW6G1Parameters { - /// COEFF_A = 5 - const COEFF_A: Fq = field_new!(Fq, BigInteger832([ - 0x781c76643018bd7a, - 0x64f3a5a4f1d1ad48, - 0xd2f8a1eb4f72692d, - 0xc35eb123c6ed72ca, - 0xb58d6bcfd32de058, - 0x841eab13b02a492c, - 0x4b70dc5a54c487e7, - 0x2f231a8808a74c59, - 0x5e2915154d70b050, - 0x8a40fa16f37a6b37, - 0xd01980093a72c54b, - 0xef6845c25398004c, - 0x48, - ])); - - /// COEFF_B = 17764315118651679038286329069295091506801468118146712649886336045535808055361274148466772191243305528312843236347777260247138934336850548243151534538734724191505953341403463040067571652261229308333392040104884438208594329793895206056414 - const COEFF_B: Fq = field_new!(Fq, BigInteger832([ - 0xec5bd271ad37429, - 0x9db8ac843ecca28a, - 0x94f29bcb7e01bc74, - 0x1b0bebb77bb5af0, - 0x75b8cef4aa27ee17, - 0xb5767ae80812cf6b, - 0x592fa41e377a0d8c, - 0xb6c6deedbb52df3e, - 0xcb1343e488737fd4, - 0x878020734d05b5a9, - 0x2f51354eddfa069a, - 0x498e2ecdc545243e, - 0x2c2, - ])); - - /// COFACTOR = - /// 86482221941698704497288378992285180119495364068003923046442785886272123124361700722982503222189455144364945735564951561028 - const COFACTOR: &'static [u64] = &[ - 0x5657b9b57b942344, - 0x84f9a65f3bd54eaf, - 0x5ea4214e35cd127, - 0xe3cbcbc14ec1501d, - 0xf196cb845a3092ab, - 0x7e14627ad0e19017, - 0x217db4, - ]; - - /// COFACTOR^(-1) mod r = - /// 163276846538158998893990986356139314746223949404500031940624325017036397274793417940375498603127780919653358641788 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([ - 4179837108212676264, - 15545810469293120493, - 13202863094424182470, - 9506285060796071546, - 9248558385029790142, - 87030208545296111, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G1_GENERATOR_X, G1_GENERATOR_Y); -} - -/// G1_GENERATOR_X = -/// 5511163824921585887915590525772884263960974614921003940645351443740084257508990841338974915037175497689287870585840954231884082785026301437744745393958283053278991955159266640440849940136976927372133743626748847559939620888818486853646 -pub const G1_GENERATOR_X: Fq = field_new!(Fq, BigInteger832([ - 0x5901480e5bc22290, - 0x20024afcdb9bd3a9, - 0x12dc18ff416e8138, - 0x28c69aa0ea223e18, - 0xafb1524a1eb7efe6, - 0x3d5c34edc3764ca2, - 0x736c2230c8466ce9, - 0xacfaa04e051014f1, - 0x5d5ff82f00ff2964, - 0x64c13ba270a26eaf, - 0x50e9864b56ab172e, - 0xd8370826a322499e, - 0x00000000000006f1, -])); - -/// G1_GENERATOR_Y = -/// 7913123550914612057135582061699117755797758113868200992327595317370485234417808273674357776714522052694559358668442301647906991623400754234679697332299689255516547752391831738454121261248793568285885897998257357202903170202349380518443 -pub const G1_GENERATOR_Y: Fq = field_new!(Fq, BigInteger832([ - 0x8af8b64b402e1953, - 0xd1bbceb3a258ea51, - 0xdca9efa3140aaa0d, - 0x807a610058ddedb2, - 0xeb898562fe88076c, - 0x0e4342ca56dd8ce2, - 0x4f5528d29f1bde9a, - 0xf18b0c6c19feb372, - 0x94503ac2fac9199c, - 0xffc86a8aff08ea34, - 0xf7b1295214735d8c, - 0x44eda9e0f55edd10, - 0x0000000000000ef3, -])); diff --git a/algebra/src/curves/sw6/g2.rs b/algebra/src/curves/sw6/g2.rs deleted file mode 100644 index 43121fbea..000000000 --- a/algebra/src/curves/sw6/g2.rs +++ /dev/null @@ -1,229 +0,0 @@ -use crate::field_new; -use super::FQ_ZERO; -use crate::{ - biginteger::{BigInteger384, BigInteger832}, - curves::{ - models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - }, - fields::sw6::{Fq, Fq3, Fr}, -}; - -pub type G2Affine = GroupAffine; -pub type G2Projective = GroupProjective; - -#[derive(Copy, Clone, Default, PartialEq, Eq)] -pub struct SW6G2Parameters; - -impl ModelParameters for SW6G2Parameters { - type BaseField = Fq3; - type ScalarField = Fr; -} - -impl SWModelParameters for SW6G2Parameters { - /// COEFF_A = (0, 0, COEFF_A * TWIST^2) = (0, 0, 5) - const COEFF_A: Fq3 = field_new!(Fq3, - FQ_ZERO, - FQ_ZERO, - field_new!(Fq, BigInteger832([ - 0x781c76643018bd7a, - 0x64f3a5a4f1d1ad48, - 0xd2f8a1eb4f72692d, - 0xc35eb123c6ed72ca, - 0xb58d6bcfd32de058, - 0x841eab13b02a492c, - 0x4b70dc5a54c487e7, - 0x2f231a8808a74c59, - 0x5e2915154d70b050, - 0x8a40fa16f37a6b37, - 0xd01980093a72c54b, - 0xef6845c25398004c, - 0x48, - ])), - ); - - /// COEFF_B = (G1::COEFF_B * TWIST^3, 0, 0) = - /// (7237353553714858194254855835825640240663090882935418626687402315497764195116318527743248304684159666286416318482685337633828994152723793439622384740540789612754127688659139509552568164770448654259255628317166934203899992395064470477612, - /// 0, 0) - const COEFF_B: Fq3 = field_new!(Fq3, - field_new!(Fq, BigInteger832([ - 0xc00a9afc5cbce615, - 0x0260c2b730644102, - 0x9051e955661691ec, - 0x15f9af8514839e37, - 0xfa62826ca407172b, - 0x37043dc868f48874, - 0x876b5588d132b025, - 0x481952128335562a, - 0x4ffa729aeddd7dcd, - 0xe181a5dae94a399f, - 0x671fb50145b255d8, - 0xbc3860730482d728, - 0x00000000000023dd, - ])), - FQ_ZERO, - FQ_ZERO, - ); - - /// COFACTOR = - /// 43276679045916726782882096851503554444292580777869919574700824986947162516693702667493938255647666346010819253090121562084993205202476199057555142869892665220155573207800985012241638987472334344174208389303164492698303448192856551557283997344470334833850065978668184377503856699635686872344035470027430053642178229054516302338812152178131995800255516474185251732445975837621097393375441662426280154371264547168198834382681059556891327702516519955053315674076980350109237328216856859758931256208439575383786363605925879337208599843910819433766160937121108797819223653884174994325142959644019600 - const COFACTOR: &'static [u64] = &[ - 0x4b77fca151d50b90, - 0x8c98a12bd486d2fb, - 0x1f0c9a51593693f8, - 0x1d6f388069c063c1, - 0x556e918748f06793, - 0x2cea7dc01aae2140, - 0x4216f0595cee44d0, - 0x7a5e400154f633cf, - 0xbb74eb9b6630846b, - 0x8eb48c92998f3358, - 0xbedd37f629e8e634, - 0xc541018fe4d10cc7, - 0x574956a099ace2c3, - 0xa597504275948226, - 0x7ecaaf050acb91f3, - 0x0f25b044f4e9c932, - 0xf8c39cbf0df97780, - 0xd8f9eda95d6abf3e, - 0xd1d80da227dd39c1, - 0x8b589c61531dbce7, - 0xfee4439281455474, - 0x9eea59baa2aeb4a1, - 0xa3b8a42c4e1e6f5a, - 0xc4b99b0d9b077d21, - 0xd09033887d09b4d2, - 0x4a86d8ebb7fdf52a, - 0xbe7ce44dd084e05d, - 0x4ed25f7ebe6c44b3, - 0xd7f8e3ef00255961, - 0xa1ad2ad61580ef78, - 0x19e70d3618ca3, - ]; - - /// COFACTOR^(-1) mod r = - /// 45586359457219724873147353901735745013467692594291916855200979604570630929674383405372210802279573887880950375598 - const COFACTOR_INV: Fr = field_new!(Fr, BigInteger384([ - 7373687189387546408, - 11284009518041539892, - 301575489693670883, - 13203058298476577559, - 18441611830097862156, - 4115759498196698, - ])); - - /// AFFINE_GENERATOR_COEFFS = (G2_GENERATOR_X, G2_GENERATOR_Y) - const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = - (G2_GENERATOR_X, G2_GENERATOR_Y); -} - -const G2_GENERATOR_X: Fq3 = field_new!(Fq3, G2_GENERATOR_X_C0, G2_GENERATOR_X_C1, G2_GENERATOR_X_C2); -const G2_GENERATOR_Y: Fq3 = field_new!(Fq3, G2_GENERATOR_Y_C0, G2_GENERATOR_Y_C1, G2_GENERATOR_Y_C2); - -/// G2_GENERATOR_X_C0 = -/// 13426761183630949215425595811885033211332897733228446437546263564078445562454176776915160094418980045665397361295624472103734543457352048745726512354895954850428989867542989474136256025045975283415690491751906307188562464175510373683338 -pub const G2_GENERATOR_X_C0: Fq = field_new!(Fq, BigInteger832([ - 0x03b3fe4c8d4ecac7, - 0x9568212677524d1e, - 0xf5de3f2228d187c1, - 0x7bac772e31a420ef, - 0x0255cf59968a612b, - 0x991d4676f6b5d605, - 0x02dd2ae4831d29ea, - 0xbeca7c9a62e392c2, - 0xfc1d0633d48d2fc5, - 0x7867813be5f7d2a1, - 0x6f567b6617030028, - 0xf08c9fa6ca6809df, - 0x0000000000000de9, -])); - -/// G2_GENERATOR_X_C1 = -/// 20471601555918880743198170952645906008198510944268658573129351735028343217532386920456705632337352161031960990613816401042894531220068552819818037605513359562118363589199569321421558696125646867661360498323171027455638052943806292028610 -pub const G2_GENERATOR_X_C1: Fq = field_new!(Fq, BigInteger832([ - 0xefd1b506e5fbe05f, - 0xad27d47a4975140c, - 0xfa11540132dbc27a, - 0x8dca42b6da7c4717, - 0x66d30fd7fd76207a, - 0xb8e4f65c68932b1d, - 0x3b7f971e93ad14be, - 0xf860a89f4e582f9f, - 0x7d438aaa3986f73b, - 0xa37ec0c18c6e106a, - 0x9f2dfb98b5185b54, - 0x19995e421ca939bc, - 0x0000000000002f4f, -])); - -/// G2_GENERATOR_X_C2 = -/// 3905053196875761830053608605277158152930144841844497593936739534395003062685449846381431331169369910535935138116320442345524758217411779027270883193856999691582831339845600938304719916501940381093815781408183227875600753651697934495980 -pub const G2_GENERATOR_X_C2: Fq = field_new!(Fq, BigInteger832([ - 0xc081ed832bdf911e, - 0xb85ff7aeebdfe7b3, - 0x96dce6bb307b14eb, - 0x578f7ded84bd824c, - 0xb799305a9971d184, - 0x0116ad33c2874b90, - 0x862dce68efdca245, - 0x4190947c70534c1d, - 0x1b1aa80334248d03, - 0xb13b07aff63fcf27, - 0x5727687b73ab4fff, - 0xf559a7f4eb8d180a, - 0x0000000000002d37, -])); - -/// G2_GENERATOR_Y_C0 = -/// 8567517639523571619872938228644013584947463594196306323477160496987712111576624702939472765993995586889532559039169098780892505598589581147768095093536988446010255611523736706017580686335404469207486594272103717837888228343074699140243 -pub const G2_GENERATOR_Y_C0: Fq = field_new!(Fq, BigInteger832([ - 0x3f680b59e26b33d1, - 0x720fdf65b9e15b17, - 0x0f0b56def11247b1, - 0x5ea05417c8a4a52c, - 0x4ad59dc4f7c47a09, - 0xf393e0db62107115, - 0xde3b16404a53d2bb, - 0xeaa74961636280e0, - 0x2d16ccd14cf5a88c, - 0x5667565a06187d0e, - 0xb446fdc7565d0261, - 0xd3ad395d6fd0faab, - 0x0000000000000655, -])); - -/// G2_GENERATOR_Y_C1 = -/// 3890537069205870914984502594450293167889863914413852788876350245583932846980126025043974070704295857226211547108005650399870458089721518559480870503159804530091559886149680718531004778697982910253701559194337987238111062202037698927752 -pub const G2_GENERATOR_Y_C1: Fq = field_new!(Fq, BigInteger832([ - 0x9e86cc63207679dd, - 0x4e16d9a9d87c3e47, - 0xdbee3524db80627d, - 0x137322b87d93befc, - 0x24a7ca2f9aae90a0, - 0x44abea538df3e854, - 0xc01d176c6e042eee, - 0xf5fcc4caabc75699, - 0x1f99972699a38960, - 0x30d4cc8256bf963d, - 0xa3634826edcfefff, - 0x34f3bd0c8e5a4b38, - 0x0000000000001d28, -])); - -/// G2_GENERATOR_Y_C2 = -/// 10936269922612615564271188303104593362724754284143779051599749016735041389483971486958818324356025479751246744831831158558101688599198721653921723013062333636402617118847009085485166284126970598561393411916461254016145116183331671450721 -pub const G2_GENERATOR_Y_C2: Fq = field_new!(Fq, BigInteger832([ - 0xfc478105dedf3654, - 0xa6fcfcfdd2710d6a, - 0x05a68c283d5d4c65, - 0x9fab8d94c667a679, - 0x009b0a616ea54ff9, - 0xf0df517bc7bc6382, - 0xdb44338e7491f5b7, - 0xcd192a7e53453f45, - 0xa041a7a60982d92c, - 0x4dd01c62bae4c7ff, - 0x79a69a54e6b66178, - 0xd47b0bfe832b05f8, - 0x00000000000000ef, -])); diff --git a/algebra/src/curves/sw6/mod.rs b/algebra/src/curves/sw6/mod.rs deleted file mode 100644 index 7e95f9efc..000000000 --- a/algebra/src/curves/sw6/mod.rs +++ /dev/null @@ -1,248 +0,0 @@ -use crate::field_new; -use crate::{ - Error, - biginteger::BigInteger832, - curves::PairingEngine, - fields::{ - sw6::{ - fq::{Fq, FqParameters}, - Fq3, Fq6, Fr, - }, - BitIterator, Field, FpParameters, - }, -}; - -pub mod g1; -pub use self::g1::{G1Affine, G1Projective}; - -pub mod g2; -pub use self::g2::{G2Affine, G2Projective}; - -#[cfg(test)] -mod tests; - -pub type GT = Fq6; - -#[derive(Copy, Clone, Eq, PartialEq, Debug)] -pub struct SW6; - -impl PairingEngine for SW6 { - type Fr = Fr; - type G1Projective = G1Projective; - type G1Affine = G1Affine; - type G1Prepared = G1Affine; - type G2Projective = G2Projective; - type G2Affine = G2Affine; - type G2Prepared = G2Affine; - type Fq = Fq; - type Fqe = Fq3; - type Fqk = Fq6; - - fn miller_loop<'a, I>(i: I) -> Result - where - I: IntoIterator - { - let mut result = Self::Fqk::one(); - for &(ref p, ref q) in i { - result *= SW6::ate_miller_loop(p, q)?; - } - Ok(result) - } - - fn final_exponentiation(r: &Self::Fqk) -> Result { - SW6::final_exponentiation(r) - } -} - -impl SW6 { - pub fn ate_pairing(p: &G1Affine, q: &G2Affine) -> Result { - SW6::final_exponentiation(&SW6::ate_miller_loop(p, q)?) - } - - fn ate_miller_loop(p: &G1Affine, q: &G2Affine) -> Result { - use crate::curves::{models::SWModelParameters, sw6::g2::SW6G2Parameters}; - - let px = p.x; - let py = p.y; - let qx = q.x; - let qy = q.y; - let mut py_twist_squared = TWIST.square(); - py_twist_squared.mul_assign_by_fp(&py); - - let mut old_rx; - let mut old_ry; - let mut rx = qx; - let mut ry = qy; - let mut f = Fq6::one(); - - // The for loop is executed for all bits (EXCEPT the MSB itself) of - // sw6_param_p (skipping leading zeros) in MSB to LSB order - let mut found_one = false; - for bit in BitIterator::new(ATE_LOOP_COUNT) { - if !found_one && bit { - found_one = true; - continue; - } else if !found_one { - continue; - } - - old_rx = rx; - old_ry = ry; - - if old_ry.is_zero() { - Err(format!("Incorrect values for miller loop: p={}, q={}", p, q))? - } - - let old_rx_square = old_rx.square(); - let old_rx_square_3 = old_rx_square.double() + &old_rx_square; - let old_rx_square_3_a = old_rx_square_3 + &SW6G2Parameters::COEFF_A; - let old_ry_double_inverse = old_ry.double().inverse().unwrap(); - - let gamma = old_rx_square_3_a * &old_ry_double_inverse; - let gamma_twist = gamma * &TWIST; - let gamma_old_rx = gamma * &old_rx; - let mut gamma_twist_px = gamma_twist; - gamma_twist_px.mul_assign_by_fp(&px); - - let x = py_twist_squared; - let y = gamma_old_rx - &old_ry - &gamma_twist_px; - let ell_rr_at_p = Fq6::new(x, y); - - rx = gamma.square() - &old_rx.double(); - ry = gamma * &(old_rx - &rx) - &old_ry; - f = f.square() * &ell_rr_at_p; - - if bit { - old_rx = rx; - old_ry = ry; - - if old_rx == qx { - Err(format!("Incorrect values for miller loop: p={}, q={}", p, q))? - } - - let gamma = (old_ry - &qy) * &((old_rx - &qx).inverse().unwrap()); - let gamma_twist = gamma * &TWIST; - let gamma_qx = gamma * &qx; - let mut gamma_twist_px = gamma_twist; - gamma_twist_px.mul_assign_by_fp(&px); - - let x = py_twist_squared; - let y = gamma_qx - &qy - &gamma_twist_px; - let ell_rq_at_p = Fq6::new(x, y); - - rx = gamma.square() - &old_rx - &qx; - ry = gamma * &(old_rx - &rx) - &old_ry; - f = f * &ell_rq_at_p; - } - } - - Ok(f) - } - - fn final_exponentiation(value: &Fq6) -> Result { - if value.is_zero() { - Err(format!("Invalid exponentiation value: 0"))? - } - let value_inv = value.inverse().unwrap(); - let value_to_first_chunk = SW6::final_exponentiation_first(value, &value_inv); - let value_inv_to_first_chunk = SW6::final_exponentiation_first(&value_inv, value); - Ok(SW6::final_exponentiation_last(&value_to_first_chunk, &value_inv_to_first_chunk)) - } - - fn final_exponentiation_first(elt: &Fq6, elt_inv: &Fq6) -> Fq6 { - // (q^3-1)*(q+1) - - // elt_q3 = elt^(q^3) - let mut elt_q3 = elt.clone(); - elt_q3.frobenius_map(3); - // elt_q3_over_elt = elt^(q^3-1) - let elt_q3_over_elt = elt_q3 * elt_inv; - // alpha = elt^((q^3-1) * q) - let mut alpha = elt_q3_over_elt.clone(); - alpha.frobenius_map(1); - // beta = elt^((q^3-1)*(q+1) - alpha * &elt_q3_over_elt - } - - fn final_exponentiation_last(elt: &Fq6, elt_inv: &Fq6) -> Fq6 { - let mut elt_q = elt.clone(); - elt_q.frobenius_map(1); - - let w1_part = elt_q.cyclotomic_exp(&FINAL_EXPONENT_LAST_CHUNK_W1); - let w0_part = match FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG { - true => elt_inv.cyclotomic_exp(&FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0), - false => elt.cyclotomic_exp(&FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0), - }; - - w1_part * &w0_part - } -} - -/// FQ_ZERO = 0 -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger832([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])); - -/// FQ_ONE = 1 -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); - -/// TWIST = (0, 1, 0) -pub const TWIST: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO); - -/// ATE_IS_LOOP_COUNT_NEG = false -pub const ATE_IS_LOOP_COUNT_NEG: bool = false; - -/// ATE_LOOP_COUNT = -/// 506464946133393486072777102926336625944849939610982267859828541006717966526573193706126370441346337661774335955699621 -pub const ATE_LOOP_COUNT: [u64; 13] = [ - 0x55c5b9b57b942ae8, - 0x3d52287d3dfd424a, - 0xcf1ff9d6a543deb7, - 0x820c9c5711ceeebc, - 0x549a2d44305d20fe, - 0x50f5c131afd70235, - 0xab3596c8617c5792, - 0x830c728d80f9d78b, - 0x6a7223ee72023d07, - 0xbc5d176b746af026, - 0xe959283d8f526663, - 0xc4d2263babf8941f, - 0x3848, -]; - -/// FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG = true -pub const FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG: bool = true; - -/// FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0 = -/// 7000705447348627246181409558336018323010329260726930841638672011287206690002601216854775649561085256265269640040570922609783227469279331691880282815325569032149343779036142830666859805506518426649197067288711084398033 -pub const FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0: BigInteger832 = BigInteger832([ - 0xb62ef36af72855d1, - 0x676b5cef49d290fa, - 0xd17fcf3c60947427, - 0x5b93d992bc1b2849, - 0x2171887cecd072cb, - 0x879a2873f1516f4a, - 0x8cc6856bd2cdf24e, - 0xbff4fb6644d01993, - 0x5dcbeea3e31ea667, - 0x5f256f47681649f3, - 0x2355a2b0839967fe, - 0x144ed, - 0x0, -]); - -/// FINAL_EXPONENT_LAST_CHUNK_W1 = -/// 86482221941698704497288378992285180119495364068003923046442785886272123124361700722982503222189455144364945735564951562986 -pub const FINAL_EXPONENT_LAST_CHUNK_W1: BigInteger832 = BigInteger832([ - 0x5657b9b57b942aea, - 0x84f9a65f3bd54eaf, - 0x5ea4214e35cd127, - 0xe3cbcbc14ec1501d, - 0xf196cb845a3092ab, - 0x7e14627ad0e19017, - 0x217db4, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, -]); diff --git a/algebra/src/curves/sw6/tests.rs b/algebra/src/curves/sw6/tests.rs deleted file mode 100644 index fefa39307..000000000 --- a/algebra/src/curves/sw6/tests.rs +++ /dev/null @@ -1,108 +0,0 @@ -use crate::{curves::{ - sw6::{G1Affine, G1Projective, G2Affine, G2Projective, SW6, g1::SW6G1Parameters, g2::SW6G2Parameters}, - tests::{curve_tests, sw_jacobian_tests}, - AffineCurve, PairingEngine, -}, groups::tests::group_test, SemanticallyValid}; - -#[test] -fn test_g1_projective_curve() { - curve_tests::(); -} - -#[test] -fn test_g1_projective_group() { - let a: G1Projective = rand::random(); - let b: G1Projective = rand::random(); - group_test(a, b); - sw_jacobian_tests::() -} - -#[test] -fn test_g1_generator() { - let generator = G1Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_g2_projective_curve() { - curve_tests::(); - sw_jacobian_tests::() -} - -#[test] -fn test_g2_projective_group() { - let a: G2Projective = rand::random(); - let b: G2Projective = rand::random(); - group_test(a, b); -} - -#[test] -fn test_g2_generator() { - let generator = G2Affine::prime_subgroup_generator(); - assert!(generator.is_valid()); -} - -#[test] -fn test_bilinearity() { - use crate::fields::{ - sw6::{fq6::Fq6, fr::Fr}, - Field, PrimeField, - }; - use rand; - - let a: G1Projective = rand::random(); - let b: G2Projective = rand::random(); - let s: Fr = rand::random(); - - let sa = a * &s; - let sb = b * &s; - - let ans1 = SW6::pairing(sa, b).unwrap(); - let ans2 = SW6::pairing(a, sb).unwrap(); - let ans3 = SW6::pairing(a, b).unwrap().pow(s.into_repr()); - - assert_eq!(ans1, ans2); - assert_eq!(ans2, ans3); - - assert_ne!(ans1, Fq6::one()); - assert_ne!(ans2, Fq6::one()); - assert_ne!(ans3, Fq6::one()); - - assert_eq!(ans1.pow(Fr::characteristic()), Fq6::one()); - assert_eq!(ans2.pow(Fr::characteristic()), Fq6::one()); - assert_eq!(ans3.pow(Fr::characteristic()), Fq6::one()); -} - -#[test] -#[ignore] -fn print_g1_generator() { - use crate::fields::sw6::fq::Fq; - - let x: Fq = "5511163824921585887915590525772884263960974614921003940645351443740084257508990841338974915037175497689287870585840954231884082785026301437744745393958283053278991955159266640440849940136976927372133743626748847559939620888818486853646".parse().unwrap(); - let y: Fq = "7913123550914612057135582061699117755797758113868200992327595317370485234417808273674357776714522052694559358668442301647906991623400754234679697332299689255516547752391831738454121261248793568285885897998257357202903170202349380518443".parse().unwrap(); - - println!("pub const G1_GENERATOR_X: Fq = Fq::new({});", x.0); - println!("pub const G1_GENERATOR_Y: Fq = Fq::new({});", y.0); -} - -#[test] -#[ignore] -fn print_g2_generator() { - use crate::fields::sw6::fq::Fq; - - let x_c0: Fq = "13426761183630949215425595811885033211332897733228446437546263564078445562454176776915160094418980045665397361295624472103734543457352048745726512354895954850428989867542989474136256025045975283415690491751906307188562464175510373683338".parse().unwrap(); - let x_c1: Fq = "20471601555918880743198170952645906008198510944268658573129351735028343217532386920456705632337352161031960990613816401042894531220068552819818037605513359562118363589199569321421558696125646867661360498323171027455638052943806292028610".parse().unwrap(); - let x_c2: Fq = "3905053196875761830053608605277158152930144841844497593936739534395003062685449846381431331169369910535935138116320442345524758217411779027270883193856999691582831339845600938304719916501940381093815781408183227875600753651697934495980".parse().unwrap(); - - let y_c0: Fq = "8567517639523571619872938228644013584947463594196306323477160496987712111576624702939472765993995586889532559039169098780892505598589581147768095093536988446010255611523736706017580686335404469207486594272103717837888228343074699140243".parse().unwrap(); - let y_c1: Fq = "3890537069205870914984502594450293167889863914413852788876350245583932846980126025043974070704295857226211547108005650399870458089721518559480870503159804530091559886149680718531004778697982910253701559194337987238111062202037698927752".parse().unwrap(); - let y_c2: Fq = "10936269922612615564271188303104593362724754284143779051599749016735041389483971486958818324356025479751246744831831158558101688599198721653921723013062333636402617118847009085485166284126970598561393411916461254016145116183331671450721".parse().unwrap(); - - println!("pub const G2_GENERATOR_X_C0: Fq = Fq::new({});", x_c0.0); - println!("pub const G2_GENERATOR_X_C1: Fq = Fq::new({});", x_c1.0); - println!("pub const G2_GENERATOR_X_C2: Fq = Fq::new({});", x_c2.0); - - println!("pub const G2_GENERATOR_Y_C0: Fq = Fq::new({});", y_c0.0); - println!("pub const G2_GENERATOR_Y_C1: Fq = Fq::new({});", y_c1.0); - println!("pub const G2_GENERATOR_Y_C2: Fq = Fq::new({});", y_c2.0); -} diff --git a/algebra/src/fft/domain/domain_selector.rs b/algebra/src/fft/domain/domain_selector.rs index 5df018503..94b53865a 100644 --- a/algebra/src/fft/domain/domain_selector.rs +++ b/algebra/src/fft/domain/domain_selector.rs @@ -46,11 +46,11 @@ pub fn get_best_evaluation_domain(num_coeffs: usize) -> Option(rng: &mut R) { + fn test_fft_composition(rng: &mut R) { for coeffs in 0..18 { let coeffs = 1 << coeffs; let mut v = vec![]; for _ in 0..coeffs { - v.push(E::Fr::rand(rng)); + v.push(Fr::rand(rng)); } let mut v2 = v.clone(); - let domain = get_best_evaluation_domain::(coeffs).unwrap(); - v.resize(domain.size(), E::Fr::zero()); + let domain = get_best_evaluation_domain::(coeffs).unwrap(); + v.resize(domain.size(), Fr::zero()); domain.ifft_in_place(&mut v2); domain.fft_in_place(&mut v2); @@ -42,25 +42,25 @@ fn fft_composition() { let rng = &mut rand::thread_rng(); - test_fft_composition::(rng); + test_fft_composition::(rng); } #[test] fn fft_consistency() { - fn test_consistency(rng: &mut R) { + fn test_consistency(rng: &mut R) { let worker = Worker::new(); for _ in 0..5 { for log_d in 0..18 { let d = 1 << log_d; - let mut v1 = (0..d).map(|_| E::Fr::rand(rng)).collect::>(); + let mut v1 = (0..d).map(|_| Fr::rand(rng)).collect::>(); let mut v2 = v1.clone(); - let domain = get_best_evaluation_domain::(v1.len()).unwrap(); + let domain = get_best_evaluation_domain::(v1.len()).unwrap(); for log_cpus in log_d..min(log_d + 1, 3) { - if log_d < ::Params::TWO_ADICITY{ + if log_d (rng); + test_consistency::(rng); } \ No newline at end of file diff --git a/algebra/src/fft/polynomial/dense.rs b/algebra/src/fft/polynomial/dense.rs index 8102a7cdf..c466501d8 100644 --- a/algebra/src/fft/polynomial/dense.rs +++ b/algebra/src/fft/polynomial/dense.rs @@ -397,7 +397,7 @@ impl<'a, F: PrimeField> Mul for &'a DensePolynomial { mod tests { use crate::domain::get_best_evaluation_domain; use crate::polynomial::*; - use crate::fields::bls12_381::fr::Fr; + use crate::fields::tweedle::fr::Fr; use crate::fields::Field; use crate::UniformRand; use rand::thread_rng; diff --git a/algebra/src/fft/polynomial/sparse.rs b/algebra/src/fft/polynomial/sparse.rs index fe81ef91e..2ab4fcc2e 100644 --- a/algebra/src/fft/polynomial/sparse.rs +++ b/algebra/src/fft/polynomial/sparse.rs @@ -124,7 +124,7 @@ impl Into> for SparsePolynomial { #[cfg(test)] mod tests { use crate::{get_best_evaluation_domain, DensePolynomial, SparsePolynomial}; - use crate::fields::bls12_381::fr::Fr; + use crate::fields::tweedle::fr::Fr; use crate::Field; #[test] diff --git a/algebra/src/fields/bls12_377/fq.rs b/algebra/src/fields/bls12_377/fq.rs deleted file mode 100644 index 02ff05f8d..000000000 --- a/algebra/src/fields/bls12_377/fq.rs +++ /dev/null @@ -1,107 +0,0 @@ -use crate::{ - biginteger::BigInteger384 as BigInteger, - fields::{Fp384, Fp384Parameters, FpParameters}, - field_new -}; - -pub type Fq = Fp384; - -pub struct FqParameters; - -impl Fp384Parameters for FqParameters {} -impl FpParameters for FqParameters { - type BigInt = BigInteger; - - // MODULUS = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 - const MODULUS: BigInteger = BigInteger([ - 0x8508c00000000001, - 0x170b5d4430000000, - 0x1ef3622fba094800, - 0x1a22d9f300f5138f, - 0xc63b05c06ca1493b, - 0x1ae3a4617c510ea, - ]); - - const MODULUS_BITS: u32 = 377; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 7; - - const R: BigInteger = BigInteger([ - 202099033278250856u64, - 5854854902718660529u64, - 11492539364873682930u64, - 8885205928937022213u64, - 5545221690922665192u64, - 39800542322357402u64, - ]); - - const R2: BigInteger = BigInteger([ - 0xb786686c9400cd22, - 0x329fcaab00431b1, - 0x22a5f11162d6b46d, - 0xbfdf7d03827dc3ac, - 0x837e92f041790bf9, - 0x6dfccb1e914b88, - ]); - - const INV: u64 = 9586122913090633727u64; - - // GENERATOR = -5 - const GENERATOR: BigInteger = BigInteger([ - 0xfc0b8000000002fa, - 0x97d39cf6e000018b, - 0x2072420fbfa05044, - 0xcbbcbd50d97c3802, - 0xbaf1ec35813f9eb, - 0x9974a2c0945ad2, - ]); - - const TWO_ADICITY: u32 = 46u32; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 2022196864061697551u64, - 17419102863309525423u64, - 8564289679875062096u64, - 17152078065055548215u64, - 17966377291017729567u64, - 68610905582439508u64, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x4284600000000000, - 0xb85aea218000000, - 0x8f79b117dd04a400, - 0x8d116cf9807a89c7, - 0x631d82e03650a49d, - 0xd71d230be28875, - ]); - - // T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T - - // T = (MODULUS - 1) // 2^S = - // 3675842578061421676390135839012792950148785745837396071634149488243117337281387659330802195819009059 - const T: BigInteger = BigInteger([ - 0x7510c00000021423, - 0x88bee82520005c2d, - 0x67cc03d44e3c7bcd, - 0x1701b28524ec688b, - 0xe9185f1443ab18ec, - 0x6b8, - ]); - - // (T - 1) // 2 = - // 1837921289030710838195067919506396475074392872918698035817074744121558668640693829665401097909504529 - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0xba88600000010a11, - 0xc45f741290002e16, - 0xb3e601ea271e3de6, - 0xb80d94292763445, - 0x748c2f8a21d58c76, - 0x35c, - ]); -} - -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])); \ No newline at end of file diff --git a/algebra/src/fields/bls12_377/fq12.rs b/algebra/src/fields/bls12_377/fq12.rs deleted file mode 100644 index efda27803..000000000 --- a/algebra/src/fields/bls12_377/fq12.rs +++ /dev/null @@ -1,166 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger384, - fields::{ - bls12_377::{fq::Fq, fq2::{Fq2, FQ2_ONE, FQ2_ZERO}, fq6::{Fq6, Fq6Parameters}}, - fp12_2over3over2::{Fp12, Fp12Parameters}, - }, -}; - -pub type Fq12 = Fp12; - -#[derive(Clone, Copy)] -pub struct Fq12Parameters; - -impl Fp12Parameters for Fq12Parameters { - type Fp6Params = Fq6Parameters; - - const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO); - - const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[ - // Fp2::NONRESIDUE^(((q^0) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x2cdffffffffff68, - 0x51409f837fffffb1, - 0x9f7db3a98a7d3ff2, - 0x7b4e97b76e7c6305, - 0x4cf495bf803c84e8, - 0x8d6661e2fdf49a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^1) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x6ec47a04a3f7ca9e, - 0xa42e0cb968c1fa44, - 0x578d5187fbd2bd23, - 0x930eeb0ac79dd4bd, - 0xa24883de1e09a9ee, - 0xdaa7058067d46f, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^2) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x5892506da58478da, - 0x133366940ac2a74b, - 0x9b64a150cdf726cf, - 0x5cc426090a9c587e, - 0x5cf848adfdcd640c, - 0x4702bf3ac02380, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^3) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x982c13d9d084771f, - 0xfd49de0c6da34a32, - 0x61a530d183ab0e53, - 0xdf8fe44106dd9879, - 0x40f29b58d88472bc, - 0x158723199046d5d, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^4) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xdacd106da5847973, - 0xd8fe2454bac2a79a, - 0x1ada4fd6fd832edc, - 0xfb9868449d150908, - 0xd63eb8aeea32285e, - 0x167d6a36f873fd0, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^5) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x296799d52c8cac81, - 0x591bd15304e14fee, - 0xa17df4987d85130, - 0x4c80f9363f3fc3bc, - 0x9eaa177aba7ac8ce, - 0x7dcb2c189c98ed, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^6) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x823ac00000000099, - 0xc5cabdc0b000004f, - 0x7f75ae862f8c080d, - 0x9ed4423b9278b089, - 0x79467000ec64c452, - 0x120d3e434c71c50, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^7) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x164445fb5c083563, - 0x72dd508ac73e05bc, - 0xc76610a7be368adc, - 0x8713eee839573ed1, - 0x23f281e24e979f4c, - 0xd39340975d3c7b, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^8) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x2c766f925a7b8727, - 0x3d7f6b0253d58b5, - 0x838ec0deec122131, - 0xbd5eb3e9f658bb10, - 0x6942bd126ed3e52e, - 0x1673786dd04ed6a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^9) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xecdcac262f7b88e2, - 0x19c17f37c25cb5cd, - 0xbd4e315e365e39ac, - 0x3a92f5b1fa177b15, - 0x85486a67941cd67e, - 0x55c8147ec0a38d, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^10) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xaa3baf925a7b868e, - 0x3e0d38ef753d5865, - 0x4191258bc861923, - 0x1e8a71ae63e00a87, - 0xeffc4d11826f20dc, - 0x4663a2a83dd119, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^11) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x5ba1262ad3735380, - 0xbdef8bf12b1eb012, - 0x14db82e63230f6cf, - 0xcda1e0bcc1b54fd3, - 0x2790ee45b226806c, - 0x1306f19ff2877fd, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - ]; -} diff --git a/algebra/src/fields/bls12_377/fq2.rs b/algebra/src/fields/bls12_377/fq2.rs deleted file mode 100644 index 32abaf8b6..000000000 --- a/algebra/src/fields/bls12_377/fq2.rs +++ /dev/null @@ -1,75 +0,0 @@ -use crate::{ - field_new, - biginteger::BigInteger384 as BigInteger, - fields::{ - bls12_377::fq::{ - Fq, FQ_ONE, FQ_ZERO - }, - fp2::{Fp2, Fp2Parameters}, - Field, - }, -}; - -pub type Fq2 = Fp2; - -pub struct Fq2Parameters; - -impl Fp2Parameters for Fq2Parameters { - type Fp = Fq; - - /// NONRESIDUE = -5 - const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ - 0xfc0b8000000002fa, - 0x97d39cf6e000018b, - 0x2072420fbfa05044, - 0xcbbcbd50d97c3802, - 0xbaf1ec35813f9eb, - 0x9974a2c0945ad2, - ])); - - /// QUADRATIC_NONRESIDUE = U - const QUADRATIC_NONRESIDUE: (Fq, Fq) = ( - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger([ - 202099033278250856u64, - 5854854902718660529u64, - 11492539364873682930u64, - 8885205928937022213u64, - 5545221690922665192u64, - 39800542322357402u64, - ])), - ); - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[ - // NONRESIDUE**(((q^0) - 1) / 2) - field_new!(Fq, BigInteger([ - 0x2cdffffffffff68, - 0x51409f837fffffb1, - 0x9f7db3a98a7d3ff2, - 0x7b4e97b76e7c6305, - 0x4cf495bf803c84e8, - 0x8d6661e2fdf49a, - ])), - // NONRESIDUE**(((q^1) - 1) / 2) - field_new!(Fq, BigInteger([ - 0x823ac00000000099, - 0xc5cabdc0b000004f, - 0x7f75ae862f8c080d, - 0x9ed4423b9278b089, - 0x79467000ec64c452, - 0x120d3e434c71c50, - ])), - ]; - - #[inline(always)] - fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp { - let original = fe; - let mut fe = -fe.double(); - fe.double_in_place(); - fe - original - } -} - -pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO); -pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO); diff --git a/algebra/src/fields/bls12_377/fq6.rs b/algebra/src/fields/bls12_377/fq6.rs deleted file mode 100644 index 37f69610a..000000000 --- a/algebra/src/fields/bls12_377/fq6.rs +++ /dev/null @@ -1,217 +0,0 @@ -use crate::field_new; -use crate::biginteger::BigInteger384; - -use crate::fields::{ - fp2::Fp2Parameters, - fp6_3over2::{Fp6, Fp6Parameters}, -}; - -use crate::fields::bls12_377::{ - fq::Fq, - fq2::{Fq2, Fq2Parameters}, -}; - -pub type Fq6 = Fp6; - -#[derive(Clone, Copy)] -pub struct Fq6Parameters; - -impl Fp6Parameters for Fq6Parameters { - type Fp2Params = Fq2Parameters; - - /// NONRESIDUE = U - const NONRESIDUE: Fq2 = field_new!(Fq2, - field_new!(Fq, BigInteger384([0, 0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger384([ - 202099033278250856u64, - 5854854902718660529u64, - 11492539364873682930u64, - 8885205928937022213u64, - 5545221690922665192u64, - 39800542322357402u64, - ])), - ); - - const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[ - // Fp2::NONRESIDUE^(((q^0) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x2cdffffffffff68, - 0x51409f837fffffb1, - 0x9f7db3a98a7d3ff2, - 0x7b4e97b76e7c6305, - 0x4cf495bf803c84e8, - 0x8d6661e2fdf49a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^1) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x5892506da58478da, - 0x133366940ac2a74b, - 0x9b64a150cdf726cf, - 0x5cc426090a9c587e, - 0x5cf848adfdcd640c, - 0x4702bf3ac02380, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^2) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xdacd106da5847973, - 0xd8fe2454bac2a79a, - 0x1ada4fd6fd832edc, - 0xfb9868449d150908, - 0xd63eb8aeea32285e, - 0x167d6a36f873fd0, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^3) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x823ac00000000099, - 0xc5cabdc0b000004f, - 0x7f75ae862f8c080d, - 0x9ed4423b9278b089, - 0x79467000ec64c452, - 0x120d3e434c71c50, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^4) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x2c766f925a7b8727, - 0x3d7f6b0253d58b5, - 0x838ec0deec122131, - 0xbd5eb3e9f658bb10, - 0x6942bd126ed3e52e, - 0x1673786dd04ed6a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^(((q^5) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xaa3baf925a7b868e, - 0x3e0d38ef753d5865, - 0x4191258bc861923, - 0x1e8a71ae63e00a87, - 0xeffc4d11826f20dc, - 0x4663a2a83dd119, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - ]; - const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[ - // Fp2::NONRESIDUE^((2*(q^0) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x2cdffffffffff68, - 0x51409f837fffffb1, - 0x9f7db3a98a7d3ff2, - 0x7b4e97b76e7c6305, - 0x4cf495bf803c84e8, - 0x8d6661e2fdf49a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^((2*(q^1) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xdacd106da5847973, - 0xd8fe2454bac2a79a, - 0x1ada4fd6fd832edc, - 0xfb9868449d150908, - 0xd63eb8aeea32285e, - 0x167d6a36f873fd0, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^((2*(q^2) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x2c766f925a7b8727, - 0x3d7f6b0253d58b5, - 0x838ec0deec122131, - 0xbd5eb3e9f658bb10, - 0x6942bd126ed3e52e, - 0x1673786dd04ed6a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^((2*(q^3) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x2cdffffffffff68, - 0x51409f837fffffb1, - 0x9f7db3a98a7d3ff2, - 0x7b4e97b76e7c6305, - 0x4cf495bf803c84e8, - 0x8d6661e2fdf49a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^((2*(q^4) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xdacd106da5847973, - 0xd8fe2454bac2a79a, - 0x1ada4fd6fd832edc, - 0xfb9868449d150908, - 0xd63eb8aeea32285e, - 0x167d6a36f873fd0, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fp2::NONRESIDUE^((2*(q^5) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x2c766f925a7b8727, - 0x3d7f6b0253d58b5, - 0x838ec0deec122131, - 0xbd5eb3e9f658bb10, - 0x6942bd126ed3e52e, - 0x1673786dd04ed6a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - ]; - - #[inline(always)] - fn mul_fp2_by_nonresidue(fe: &Fq2) -> Fq2 { - // Karatsuba multiplication with constant other = u. - let c0 = Fq2Parameters::mul_fp_by_nonresidue(&fe.c1); - let c1 = fe.c0; - field_new!(Fq2, c0, c1) - } -} - -#[cfg(test)] -mod test { - use super::*; - use crate::fields::Field; - use crate::UniformRand; -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; - - #[test] - fn test_fq2_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let nqr = Fq2::new(Fq::zero(), Fq::one()); - println!("One: {:?}", Fq::one()); - - for _ in 0..1000 { - let mut a = Fq2::rand(&mut rng); - let mut b = a; - a = a * &Fq6Parameters::NONRESIDUE; - b *= &nqr; - - assert_eq!(a, b); - } - } -} diff --git a/algebra/src/fields/bls12_377/fr.rs b/algebra/src/fields/bls12_377/fr.rs deleted file mode 100644 index 36f9325ad..000000000 --- a/algebra/src/fields/bls12_377/fr.rs +++ /dev/null @@ -1,90 +0,0 @@ -use crate::{ - biginteger::BigInteger256 as BigInteger, - fields::{Fp256, Fp256Parameters, FpParameters}, -}; - -pub type Fr = Fp256; - -pub struct FrParameters; - -impl Fp256Parameters for FrParameters {} - -impl FpParameters for FrParameters { - type BigInt = BigInteger; - - // MODULUS = 8444461749428370424248824938781546531375899335154063827935233455917409239041 - const MODULUS: BigInteger = BigInteger([ - 725501752471715841u64, - 6461107452199829505u64, - 6968279316240510977u64, - 1345280370688173398u64, - ]); - - const MODULUS_BITS: u32 = 253; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 3; - - const R: BigInteger = BigInteger([ - 9015221291577245683u64, - 8239323489949974514u64, - 1646089257421115374u64, - 958099254763297437u64, - ]); - - const R2: BigInteger = BigInteger([ - 2726216793283724667u64, - 14712177743343147295u64, - 12091039717619697043u64, - 81024008013859129u64, - ]); - - const INV: u64 = 725501752471715839u64; - - // GENERATOR = 11 - const GENERATOR: BigInteger = BigInteger([ - 1855201571499933546u64, - 8511318076631809892u64, - 6222514765367795509u64, - 1122129207579058019u64, - ]); - - const TWO_ADICITY: u32 = 47; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 0x3c3d3ca739381fb2, - 0x9a14cda3ec99772b, - 0xd7aacc7c59724826, - 0xd1ba211c5cc349c, - ]); - - /// (r - 1)/2 = - /// 4222230874714185212124412469390773265687949667577031913967616727958704619520 - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x8508c00000000000, - 0xacd53b7f68000000, - 0x305a268f2e1bd800, - 0x955b2af4d1652ab, - ]); - - // T and T_MINUS_ONE_DIV_TWO, where r - 1 = 2^s * t - - /// t = (r - 1) / 2^s = - /// 60001509534603559531609739528203892656505753216962260608619555 - const T: BigInteger = BigInteger([ - 0xedfda00000021423, - 0x9a3cb86f6002b354, - 0xcabd34594aacc168, - 0x2556, - ]); - - /// (t - 1) / 2 = - /// 30000754767301779765804869764101946328252876608481130304309777 - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x76fed00000010a11, - 0x4d1e5c37b00159aa, - 0x655e9a2ca55660b4, - 0x12ab, - ]); -} diff --git a/algebra/src/fields/bls12_377/mod.rs b/algebra/src/fields/bls12_377/mod.rs deleted file mode 100644 index 8e271b8fc..000000000 --- a/algebra/src/fields/bls12_377/mod.rs +++ /dev/null @@ -1,17 +0,0 @@ -pub mod fr; -pub use self::fr::*; - -pub mod fq; -pub use self::fq::*; - -pub mod fq2; -pub use self::fq2::*; - -pub mod fq6; -pub use self::fq6::*; - -pub mod fq12; -pub use self::fq12::*; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/bls12_377/tests.rs b/algebra/src/fields/bls12_377/tests.rs deleted file mode 100644 index 5b6aaafed..000000000 --- a/algebra/src/fields/bls12_377/tests.rs +++ /dev/null @@ -1,556 +0,0 @@ -use crate::{ - biginteger::{BigInteger, BigInteger384}, - fields::{ - bls12_377::{Fq, Fq12, Fq2, Fq2Parameters, Fq6, Fq6Parameters, FqParameters}, - fp6_3over2::Fp6Parameters, - tests::{field_test, frobenius_test, primefield_test, sqrt_field_test}, - Field, Fp2Parameters, FpParameters, PrimeField, SquareRootField, - }, - ToBits, SemanticallyValid, -}; -use crate::UniformRand; -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::{ - cmp::Ordering, - ops::{AddAssign, MulAssign, SubAssign}, -}; - -pub(crate) const ITERATIONS: usize = 5; - -#[test] -fn test_bls12_377_fr() { - use crate::fields::bls12_377::Fr; - - for _ in 0..ITERATIONS { - let a: Fr = rand::random(); - let b: Fr = rand::random(); - field_test(a, b); - primefield_test::(); - sqrt_field_test(b); - } -} - -#[test] -fn test_bls12_377_fq() { - use crate::fields::bls12_377::Fq; - - for _ in 0..ITERATIONS { - let a: Fq = rand::random(); - let b: Fq = rand::random(); - field_test(a, b); - primefield_test::(); - sqrt_field_test(a); - } -} - -#[test] -fn test_bls12_377_fq2() { - use crate::fields::bls12_377::{Fq, Fq2}; - - for _ in 0..ITERATIONS { - let a: Fq2 = rand::random(); - let b: Fq2 = rand::random(); - field_test(a, b); - sqrt_field_test(a); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_bls12_377_fq6() { - use crate::fields::bls12_377::{Fq, Fq6}; - - for _ in 0..ITERATIONS { - let g: Fq6 = rand::random(); - let h: Fq6 = rand::random(); - field_test(g, h); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_bls12_377_fq12() { - use crate::fields::bls12_377::{Fq, Fq12}; - - for _ in 0..ITERATIONS { - let g: Fq12 = rand::random(); - let h: Fq12 = rand::random(); - field_test(g, h); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_fq_repr_from() { - assert_eq!( - BigInteger384::from(100), - BigInteger384([100, 0, 0, 0, 0, 0]) - ); -} - -#[test] -fn test_fq_repr_is_odd() { - assert!(!BigInteger384::from(0).is_odd()); - assert!(BigInteger384::from(0).is_even()); - assert!(BigInteger384::from(1).is_odd()); - assert!(!BigInteger384::from(1).is_even()); - assert!(!BigInteger384::from(324834872).is_odd()); - assert!(BigInteger384::from(324834872).is_even()); - assert!(BigInteger384::from(324834873).is_odd()); - assert!(!BigInteger384::from(324834873).is_even()); -} - -#[test] -fn test_fq_repr_is_zero() { - assert!(BigInteger384::from(0).is_zero()); - assert!(!BigInteger384::from(1).is_zero()); - assert!(!BigInteger384([0, 0, 0, 0, 1, 0]).is_zero()); -} - -#[test] -fn test_fq_repr_num_bits() { - let mut a = BigInteger384::from(0); - assert_eq!(0, a.num_bits()); - a = BigInteger384::from(1); - for i in 1..385 { - assert_eq!(i, a.num_bits()); - a.mul2(); - } - assert_eq!(0, a.num_bits()); -} - -#[test] -fn test_fq_add_assign() { - // Test associativity - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Generate a, b, c and ensure (a + b) + c == a + (b + c). - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - - let mut tmp2 = b; - tmp2.add_assign(&c); - tmp2.add_assign(&a); - - assert!(tmp1.is_valid()); - assert!(tmp2.is_valid()); - assert_eq!(tmp1, tmp2); - } -} - -#[test] -fn test_fq_sub_assign() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure that (a - b) + (b - a) = 0. - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.sub_assign(&b); - - let mut tmp2 = b; - tmp2.sub_assign(&a); - - tmp1.add_assign(&tmp2); - assert!(tmp1.is_zero()); - } -} - -#[test] -fn test_fq_mul_assign() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * b) * c = a * (b * c) - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.mul_assign(&b); - tmp1.mul_assign(&c); - - let mut tmp2 = b; - tmp2.mul_assign(&c); - tmp2.mul_assign(&a); - - assert_eq!(tmp1, tmp2); - } - - for _ in 0..1000000 { - // Ensure that r * (a + b + c) = r*a + r*b + r*c - - let r = Fq::rand(&mut rng); - let mut a = Fq::rand(&mut rng); - let mut b = Fq::rand(&mut rng); - let mut c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - tmp1.mul_assign(&r); - - a.mul_assign(&r); - b.mul_assign(&r); - c.mul_assign(&r); - - a.add_assign(&b); - a.add_assign(&c); - - assert_eq!(tmp1, a); - } -} - -#[test] -fn test_fq_squaring() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * a) = a^2 - let a = Fq::rand(&mut rng); - - let mut tmp = a; - tmp.square_in_place(); - - let mut tmp2 = a; - tmp2.mul_assign(&a); - - assert_eq!(tmp, tmp2); - } -} - -#[test] -fn test_fq_inverse() { - assert!(Fq::zero().inverse().is_none()); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let one = Fq::one(); - - for _ in 0..1000 { - // Ensure that a * a^-1 = 1 - let mut a = Fq::rand(&mut rng); - let ainv = a.inverse().unwrap(); - a.mul_assign(&ainv); - assert_eq!(a, one); - } -} - -#[test] -fn test_fq_double_in_place() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure doubling a is equivalent to adding a to itself. - let mut a = Fq::rand(&mut rng); - let mut b = a; - b.add_assign(&a); - a.double_in_place(); - assert_eq!(a, b); - } -} - -#[test] -fn test_fq_negate() { - { - let a = -Fq::zero(); - - assert!(a.is_zero()); - } - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure (a - (-a)) = 0. - let mut a = Fq::rand(&mut rng); - let b = -a; - a.add_assign(&b); - - assert!(a.is_zero()); - } -} - -#[test] -fn test_fq_pow() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for i in 0..1000 { - // Exponentiate by various small numbers and ensure it consists with repeated - // multiplication. - let a = Fq::rand(&mut rng); - let target = a.pow(&[i]); - let mut c = Fq::one(); - for _ in 0..i { - c.mul_assign(&a); - } - assert_eq!(c, target); - } - - for _ in 0..1000 { - // Exponentiating by the modulus should have no effect in a prime field. - let a = Fq::rand(&mut rng); - - assert_eq!(a, a.pow(Fq::characteristic())); - } -} - -#[test] -fn test_fq_sqrt() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero()); - - for _ in 0..1000 { - // Ensure sqrt(a^2) = a or -a - let a = Fq::rand(&mut rng); - let nega = -a; - let mut b = a; - b.square_in_place(); - - let b = b.sqrt().unwrap(); - - assert!(a == b || nega == b); - } - - for _ in 0..1000 { - // Ensure sqrt(a)^2 = a for random a - let a = Fq::rand(&mut rng); - - if let Some(mut tmp) = a.sqrt() { - tmp.square_in_place(); - - assert_eq!(a, tmp); - } - } -} - -#[test] -fn test_fq_num_bits() { - assert_eq!(FqParameters::MODULUS_BITS, 377); - assert_eq!(FqParameters::CAPACITY, 376); -} - -#[test] -fn test_convert_fq_fr() { - use crate::fields::{ - convert, leading_zeros, - bls12_381::Fr, - }; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - - // Safely convert a random Fq into a Fr - let q: Fq = UniformRand::rand(&mut rng); - let q_bits = &q.write_bits()[125..]; //Skip 125 bits, in order to perform a safe conversion - let conv = convert::(q_bits.to_vec()).unwrap(); - assert_eq!(conv.pow(Fr::characteristic()), conv); - - // Safely convert a random Fr into a Fq - let r: Fr = UniformRand::rand(&mut rng); //No need to skip bits, Fr is smaller than Fq - let conv = convert::(r.write_bits()).unwrap(); - assert_eq!(conv.pow(Fq::characteristic()), conv); - } - - //Attempting to convert a bit array that exceeds other field's modulus will result in an error - loop { - let q: Fq = UniformRand::rand(&mut rng); - let q_bits = q.write_bits(); - if leading_zeros(q_bits.as_slice()) >= 125 { continue } //In this case the assertion below will fail - assert!(convert::(q_bits).is_err()); //Fq is much more bigger than Fr - break; - } -} - -#[test] -fn test_fq_root_of_unity() { - assert_eq!(FqParameters::TWO_ADICITY, 46); - assert_eq!( - Fq::multiplicative_generator().pow([ - 0x7510c00000021423, - 0x88bee82520005c2d, - 0x67cc03d44e3c7bcd, - 0x1701b28524ec688b, - 0xe9185f1443ab18ec, - 0x6b8 - ]), - Fq::root_of_unity() - ); - assert_eq!( - Fq::root_of_unity().pow([1 << FqParameters::TWO_ADICITY]), - Fq::one() - ); - assert!(Fq::multiplicative_generator().sqrt().is_none()); -} - -#[test] -fn test_fq_ordering() { - // BigInteger384's ordering is well-tested, but we still need to make sure the - // Fq elements aren't being compared in Montgomery form. - for i in 0..100 { - assert!(Fq::from_repr(BigInteger384::from(i + 1)) > Fq::from_repr(BigInteger384::from(i))); - } -} - -#[test] -fn test_fq_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(QuadraticResidue, Fq::one().legendre()); - assert_eq!(Zero, Fq::zero().legendre()); - assert_eq!( - QuadraticResidue, - Fq::from_repr(BigInteger384::from(4)).legendre() - ); - assert_eq!( - QuadraticNonResidue, - Fq::from_repr(BigInteger384::from(5)).legendre() - ); -} - -#[test] -fn test_fq2_ordering() { - let mut a = Fq2::new(Fq::zero(), Fq::zero()); - let mut b = a.clone(); - - assert!(a.cmp(&b) == Ordering::Equal); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); - b.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Greater); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); -} - -#[test] -fn test_fq2_basics() { - assert_eq!(Fq2::new(Fq::zero(), Fq::zero(),), Fq2::zero()); - assert_eq!(Fq2::new(Fq::one(), Fq::zero(),), Fq2::one()); - assert!(Fq2::zero().is_zero()); - assert!(!Fq2::one().is_zero()); - assert!(!Fq2::new(Fq::zero(), Fq::one(),).is_zero()); -} - -#[test] -fn test_fq2_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(Zero, Fq2::zero().legendre()); - // i^2 = -1 - let mut m1 = -Fq2::one(); - assert_eq!(QuadraticResidue, m1.legendre()); - m1 = Fq6Parameters::mul_fp2_by_nonresidue(&m1); - assert_eq!(QuadraticNonResidue, m1.legendre()); -} - -#[test] -fn test_fq2_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let nqr = Fq2::new(Fq::zero(), Fq::one()); - - let quadratic_non_residue = Fq2::new( - Fq2Parameters::QUADRATIC_NONRESIDUE.0, - Fq2Parameters::QUADRATIC_NONRESIDUE.1, - ); - for _ in 0..1000 { - let mut a = Fq2::rand(&mut rng); - let mut b = a; - a = quadratic_non_residue * &a; - b.mul_assign(&nqr); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq6_mul_by_1() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c1 = Fq2::rand(&mut rng); - let mut a = Fq6::rand(&mut rng); - let mut b = a; - - a.mul_by_1(&c1); - b.mul_assign(&Fq6::new(Fq2::zero(), c1, Fq2::zero())); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq6_mul_by_01() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c0 = Fq2::rand(&mut rng); - let c1 = Fq2::rand(&mut rng); - let mut a = Fq6::rand(&mut rng); - let mut b = a; - - a.mul_by_01(&c0, &c1); - b.mul_assign(&Fq6::new(c0, c1, Fq2::zero())); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq12_mul_by_014() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c0 = Fq2::rand(&mut rng); - let c1 = Fq2::rand(&mut rng); - let c5 = Fq2::rand(&mut rng); - let mut a = Fq12::rand(&mut rng); - let mut b = a; - - a.mul_by_014(&c0, &c1, &c5); - b.mul_assign(&Fq12::new( - Fq6::new(c0, c1, Fq2::zero()), - Fq6::new(Fq2::zero(), c5, Fq2::zero()), - )); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq12_mul_by_034() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c0 = Fq2::rand(&mut rng); - let c3 = Fq2::rand(&mut rng); - let c4 = Fq2::rand(&mut rng); - let mut a = Fq12::rand(&mut rng); - let mut b = a; - - a.mul_by_034(&c0, &c3, &c4); - b.mul_assign(&Fq12::new( - Fq6::new(c0, Fq2::zero(), Fq2::zero()), - Fq6::new(c3, c4, Fq2::zero()), - )); - - assert_eq!(a, b); - } -} diff --git a/algebra/src/fields/bls12_381/fq.rs b/algebra/src/fields/bls12_381/fq.rs deleted file mode 100644 index 220201a06..000000000 --- a/algebra/src/fields/bls12_381/fq.rs +++ /dev/null @@ -1,103 +0,0 @@ -use crate::{ - biginteger::BigInteger384 as BigInteger, - fields::{Fp384, Fp384Parameters, FpParameters}, - field_new -}; - -pub type Fq = Fp384; - -pub struct FqParameters; - -impl Fp384Parameters for FqParameters {} -impl FpParameters for FqParameters { - type BigInt = BigInteger; - - // MODULUS = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787 - const MODULUS: BigInteger = BigInteger([ - 0xb9feffffffffaaab, - 0x1eabfffeb153ffff, - 0x6730d2a0f6b0f624, - 0x64774b84f38512bf, - 0x4b1ba7b6434bacd7, - 0x1a0111ea397fe69a, - ]); - - const MODULUS_BITS: u32 = 381; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 3; - - const R: BigInteger = BigInteger([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ]); - - const R2: BigInteger = BigInteger([ - 0xf4df1f341c341746, - 0xa76e6a609d104f1, - 0x8de5476c4c95b6d5, - 0x67eb88a9939d83c0, - 0x9a793e85b519952d, - 0x11988fe592cae3aa, - ]); - - const INV: u64 = 0x89f3fffcfffcfffd; - - // GENERATOR = 2 - const GENERATOR: BigInteger = BigInteger([ - 0x321300000006554f, - 0xb93c0018d6c40005, - 0x57605e0db0ddbb51, - 0x8b256521ed1f9bcb, - 0x6cf28d7901622c03, - 0x11ebab9dbb81e28c, - ]); - - const TWO_ADICITY: u32 = 1; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 0x43f5fffffffcaaae, - 0x32b7fff2ed47fffd, - 0x7e83a49a2e99d69, - 0xeca8f3318332bb7a, - 0xef148d1ea0f4c069, - 0x40ab3263eff0206, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0xdcff7fffffffd555, - 0xf55ffff58a9ffff, - 0xb39869507b587b12, - 0xb23ba5c279c2895f, - 0x258dd3db21a5d66b, - 0xd0088f51cbff34d, - ]); - - // T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T - - const T: BigInteger = BigInteger([ - 0xdcff7fffffffd555, - 0xf55ffff58a9ffff, - 0xb39869507b587b12, - 0xb23ba5c279c2895f, - 0x258dd3db21a5d66b, - 0xd0088f51cbff34d, - ]); - - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0xee7fbfffffffeaaa, - 0x7aaffffac54ffff, - 0xd9cc34a83dac3d89, - 0xd91dd2e13ce144af, - 0x92c6e9ed90d2eb35, - 0x680447a8e5ff9a6, - ]); -} - -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])); \ No newline at end of file diff --git a/algebra/src/fields/bls12_381/fq12.rs b/algebra/src/fields/bls12_381/fq12.rs deleted file mode 100644 index 104e67ad3..000000000 --- a/algebra/src/fields/bls12_381/fq12.rs +++ /dev/null @@ -1,236 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger384, - fields::{ - bls12_381::{fq::Fq, fq2::{Fq2, FQ2_ONE, FQ2_ZERO}, fq6::{Fq6, Fq6Parameters}}, - fp12_2over3over2::{Fp12, Fp12Parameters}, - }, -}; - -pub type Fq12 = Fp12; - -#[derive(Clone, Copy)] -pub struct Fq12Parameters; - -impl Fp12Parameters for Fq12Parameters { - type Fp6Params = Fq6Parameters; - - const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO); - - const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[ - // Fq2(u + 1)**(((q^0) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^1) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x7089552b319d465, - 0xc6695f92b50a8313, - 0x97e83cccd117228f, - 0xa35baecab2dc29ee, - 0x1ce393ea5daace4d, - 0x8f2220fb0fb66eb, - ])), - field_new!(Fq, BigInteger384([ - 0xb2f66aad4ce5d646, - 0x5842a06bfc497cec, - 0xcf4895d42599d394, - 0xc11b9cba40a8e8d0, - 0x2e3813cbe5a0de89, - 0x110eefda88847faf, - ])), - ), - // Fq2(u + 1)**(((q^2) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xecfb361b798dba3a, - 0xc100ddb891865a2c, - 0xec08ff1232bda8e, - 0xd5c13cc6f1ca4721, - 0x47222a47bf7b5c04, - 0x110f184e51c5f59, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^3) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x3e2f585da55c9ad1, - 0x4294213d86c18183, - 0x382844c88b623732, - 0x92ad2afd19103e18, - 0x1d794e4fac7cf0b9, - 0xbd592fc7d825ec8, - ])), - field_new!(Fq, BigInteger384([ - 0x7bcfa7a25aa30fda, - 0xdc17dec12a927e7c, - 0x2f088dd86b4ebef1, - 0xd1ca2087da74d4a7, - 0x2da2596696cebc1d, - 0xe2b7eedbbfd87d2, - ])), - ), - // Fq2(u + 1)**(((q^4) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x30f1361b798a64e8, - 0xf3b8ddab7ece5a2a, - 0x16a8ca3ac61577f7, - 0xc26a2ff874fd029b, - 0x3636b76660701c6e, - 0x51ba4ab241b6160, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^5) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x3726c30af242c66c, - 0x7c2ac1aad1b6fe70, - 0xa04007fbba4b14a2, - 0xef517c3266341429, - 0x95ba654ed2226b, - 0x2e370eccc86f7dd, - ])), - field_new!(Fq, BigInteger384([ - 0x82d83cf50dbce43f, - 0xa2813e53df9d018f, - 0xc6f0caa53c65e181, - 0x7525cf528d50fe95, - 0x4a85ed50f4798a6b, - 0x171da0fd6cf8eebd, - ])), - ), - // Fq2(u + 1)**(((q^6) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x43f5fffffffcaaae, - 0x32b7fff2ed47fffd, - 0x7e83a49a2e99d69, - 0xeca8f3318332bb7a, - 0xef148d1ea0f4c069, - 0x40ab3263eff0206, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^7) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xb2f66aad4ce5d646, - 0x5842a06bfc497cec, - 0xcf4895d42599d394, - 0xc11b9cba40a8e8d0, - 0x2e3813cbe5a0de89, - 0x110eefda88847faf, - ])), - field_new!(Fq, BigInteger384([ - 0x7089552b319d465, - 0xc6695f92b50a8313, - 0x97e83cccd117228f, - 0xa35baecab2dc29ee, - 0x1ce393ea5daace4d, - 0x8f2220fb0fb66eb, - ])), - ), - // Fq2(u + 1)**(((q^8) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xcd03c9e48671f071, - 0x5dab22461fcda5d2, - 0x587042afd3851b95, - 0x8eb60ebe01bacb9e, - 0x3f97d6e83d050d2, - 0x18f0206554638741, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^9) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x7bcfa7a25aa30fda, - 0xdc17dec12a927e7c, - 0x2f088dd86b4ebef1, - 0xd1ca2087da74d4a7, - 0x2da2596696cebc1d, - 0xe2b7eedbbfd87d2, - ])), - field_new!(Fq, BigInteger384([ - 0x3e2f585da55c9ad1, - 0x4294213d86c18183, - 0x382844c88b623732, - 0x92ad2afd19103e18, - 0x1d794e4fac7cf0b9, - 0xbd592fc7d825ec8, - ])), - ), - // Fq2(u + 1)**(((q^10) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x890dc9e4867545c3, - 0x2af322533285a5d5, - 0x50880866309b7e2c, - 0xa20d1b8c7e881024, - 0x14e4f04fe2db9068, - 0x14e56d3f1564853a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^11) - 1) / 6) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x82d83cf50dbce43f, - 0xa2813e53df9d018f, - 0xc6f0caa53c65e181, - 0x7525cf528d50fe95, - 0x4a85ed50f4798a6b, - 0x171da0fd6cf8eebd, - ])), - field_new!(Fq, BigInteger384([ - 0x3726c30af242c66c, - 0x7c2ac1aad1b6fe70, - 0xa04007fbba4b14a2, - 0xef517c3266341429, - 0x95ba654ed2226b, - 0x2e370eccc86f7dd, - ])), - ), - ]; -} - -#[cfg(test)] -mod test { - use super::*; - use crate::fields::{ - bls12_381::{fq2::Fq2, fq6::Fq6}, - Field, - }; - use crate::UniformRand; -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; - - #[test] - fn test_fq6_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let nqr = Fq6::new(Fq2::zero(), Fq2::one(), Fq2::zero()); - - for _ in 0..1000 { - let mut a = Fq6::rand(&mut rng); - let mut b = a; - a = Fq12Parameters::mul_fp6_by_nonresidue(&a); - b *= &nqr; - - assert_eq!(a, b); - } - } -} diff --git a/algebra/src/fields/bls12_381/fq2.rs b/algebra/src/fields/bls12_381/fq2.rs deleted file mode 100644 index c2399278e..000000000 --- a/algebra/src/fields/bls12_381/fq2.rs +++ /dev/null @@ -1,78 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger384 as BigInteger, - fields::{ - bls12_381::fq::{ - Fq, FQ_ONE, FQ_ZERO - }, - fp2::{Fp2, Fp2Parameters}, - }, -}; - -pub type Fq2 = Fp2; - -pub struct Fq2Parameters; - -impl Fp2Parameters for Fq2Parameters { - type Fp = Fq; - - /// NONRESIDUE = -1 - const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ - 0x43f5fffffffcaaae, - 0x32b7fff2ed47fffd, - 0x7e83a49a2e99d69, - 0xeca8f3318332bb7a, - 0xef148d1ea0f4c069, - 0x40ab3263eff0206, - ])); - - /// QUADRATIC_NONRESIDUE = (U + 1) - const QUADRATIC_NONRESIDUE: (Fq, Fq) = ( - field_new!(Fq, BigInteger([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - field_new!(Fq, BigInteger([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - ); - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[ - // Fq(-1)**(((q^0) - 1) / 2) - field_new!(Fq, BigInteger([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - // Fq(-1)**(((q^1) - 1) / 2) - field_new!(Fq, BigInteger([ - 0x43f5fffffffcaaae, - 0x32b7fff2ed47fffd, - 0x7e83a49a2e99d69, - 0xeca8f3318332bb7a, - 0xef148d1ea0f4c069, - 0x40ab3263eff0206, - ])), - ]; - - #[inline(always)] - fn mul_fp_by_nonresidue(fp: &Self::Fp) -> Self::Fp { - -(*fp) - } -} - -pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO); -pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO); \ No newline at end of file diff --git a/algebra/src/fields/bls12_381/fq6.rs b/algebra/src/fields/bls12_381/fq6.rs deleted file mode 100644 index 01bddf651..000000000 --- a/algebra/src/fields/bls12_381/fq6.rs +++ /dev/null @@ -1,200 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger384, - fields::{ - bls12_381::{ - fq::Fq, - fq2::{Fq2, Fq2Parameters}, - }, - fp6_3over2::{Fp6, Fp6Parameters}, - }, -}; - -pub type Fq6 = Fp6; - -#[derive(Clone, Copy)] -pub struct Fq6Parameters; - -impl Fp6Parameters for Fq6Parameters { - type Fp2Params = Fq2Parameters; - - /// NONRESIDUE = (U + 1) - const NONRESIDUE: Fq2 = field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - field_new!(Fq, BigInteger384([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - ); - - const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[ - // Fq2(u + 1)**(((q^0) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^1) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fq, BigInteger384([ - 0xcd03c9e48671f071, - 0x5dab22461fcda5d2, - 0x587042afd3851b95, - 0x8eb60ebe01bacb9e, - 0x3f97d6e83d050d2, - 0x18f0206554638741, - ])), - ), - // Fq2(u + 1)**(((q^2) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x30f1361b798a64e8, - 0xf3b8ddab7ece5a2a, - 0x16a8ca3ac61577f7, - 0xc26a2ff874fd029b, - 0x3636b76660701c6e, - 0x51ba4ab241b6160, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^3) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fq, BigInteger384([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - ), - // Fq2(u + 1)**(((q^4) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xcd03c9e48671f071, - 0x5dab22461fcda5d2, - 0x587042afd3851b95, - 0x8eb60ebe01bacb9e, - 0x3f97d6e83d050d2, - 0x18f0206554638741, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((q^5) - 1) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fq, BigInteger384([ - 0x30f1361b798a64e8, - 0xf3b8ddab7ece5a2a, - 0x16a8ca3ac61577f7, - 0xc26a2ff874fd029b, - 0x3636b76660701c6e, - 0x51ba4ab241b6160, - ])), - ), - ]; - - const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[ - // Fq2(u + 1)**(((2q^0) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x760900000002fffd, - 0xebf4000bc40c0002, - 0x5f48985753c758ba, - 0x77ce585370525745, - 0x5c071a97a256ec6d, - 0x15f65ec3fa80e493, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((2q^1) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x890dc9e4867545c3, - 0x2af322533285a5d5, - 0x50880866309b7e2c, - 0xa20d1b8c7e881024, - 0x14e4f04fe2db9068, - 0x14e56d3f1564853a, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((2q^2) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xcd03c9e48671f071, - 0x5dab22461fcda5d2, - 0x587042afd3851b95, - 0x8eb60ebe01bacb9e, - 0x3f97d6e83d050d2, - 0x18f0206554638741, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((2q^3) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x43f5fffffffcaaae, - 0x32b7fff2ed47fffd, - 0x7e83a49a2e99d69, - 0xeca8f3318332bb7a, - 0xef148d1ea0f4c069, - 0x40ab3263eff0206, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((2q^4) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0x30f1361b798a64e8, - 0xf3b8ddab7ece5a2a, - 0x16a8ca3ac61577f7, - 0xc26a2ff874fd029b, - 0x3636b76660701c6e, - 0x51ba4ab241b6160, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(u + 1)**(((2q^5) - 2) / 3) - field_new!(Fq2, - field_new!(Fq, BigInteger384([ - 0xecfb361b798dba3a, - 0xc100ddb891865a2c, - 0xec08ff1232bda8e, - 0xd5c13cc6f1ca4721, - 0x47222a47bf7b5c04, - 0x110f184e51c5f59, - ])), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - ]; - - /// Multiply this element by the quadratic nonresidue 1 + u. - /// Make this generic. - fn mul_fp2_by_nonresidue(fe: &Fq2) -> Fq2 { - let mut copy = *fe; - let t0 = copy.c0; - copy.c0 -= &fe.c1; - copy.c1 += &t0; - copy - } -} diff --git a/algebra/src/fields/bls12_381/fr.rs b/algebra/src/fields/bls12_381/fr.rs deleted file mode 100644 index 415df370a..000000000 --- a/algebra/src/fields/bls12_381/fr.rs +++ /dev/null @@ -1 +0,0 @@ -pub use crate::fields::jubjub::fq::{Fq as Fr, FqParameters as FrParameters}; diff --git a/algebra/src/fields/bls12_381/mod.rs b/algebra/src/fields/bls12_381/mod.rs deleted file mode 100644 index 8e271b8fc..000000000 --- a/algebra/src/fields/bls12_381/mod.rs +++ /dev/null @@ -1,17 +0,0 @@ -pub mod fr; -pub use self::fr::*; - -pub mod fq; -pub use self::fq::*; - -pub mod fq2; -pub use self::fq2::*; - -pub mod fq6; -pub use self::fq6::*; - -pub mod fq12; -pub use self::fq12::*; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/bls12_381/tests.rs b/algebra/src/fields/bls12_381/tests.rs deleted file mode 100644 index 0f0f2c033..000000000 --- a/algebra/src/fields/bls12_381/tests.rs +++ /dev/null @@ -1,2412 +0,0 @@ -use crate::{ - biginteger::{BigInteger, BigInteger384}, - fields::{ - bls12_381::{ - Fq, Fq12, Fq12Parameters, Fq2, Fq2Parameters, Fq6, Fq6Parameters, FqParameters, - }, - fp12_2over3over2::Fp12Parameters, - fp6_3over2::Fp6Parameters, - tests::{field_test, frobenius_test, primefield_test, sqrt_field_test}, - Field, Fp2Parameters, FpParameters, PrimeField, SquareRootField, - - }, - ToBits, SemanticallyValid, -}; -use crate::UniformRand; -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::{ - cmp::Ordering, - ops::{AddAssign, MulAssign, SubAssign}, -}; - -pub(crate) const ITERATIONS: usize = 5; - -#[test] -fn test_bls12_381_fr() { - use crate::fields::bls12_381::Fr; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fr = UniformRand::rand(&mut rng); - let b: Fr = UniformRand::rand(&mut rng); - field_test(a, b); - primefield_test::(); - sqrt_field_test(b); - } -} - -#[test] -fn test_bls12_381_fq() { - use crate::fields::bls12_381::Fq; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fq = UniformRand::rand(&mut rng); - let b: Fq = UniformRand::rand(&mut rng); - field_test(a, b); - primefield_test::(); - sqrt_field_test(a); - } -} - -#[test] -fn test_bls12_381_fq2() { - use crate::fields::bls12_381::{Fq, Fq2}; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fq2 = UniformRand::rand(&mut rng); - let b: Fq2 = UniformRand::rand(&mut rng); - field_test(a, b); - sqrt_field_test(a); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_bls12_381_fq6() { - use crate::fields::bls12_381::{Fq, Fq6}; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let g: Fq6 = UniformRand::rand(&mut rng); - let h: Fq6 = UniformRand::rand(&mut rng); - field_test(g, h); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_bls12_381_fq12() { - use crate::fields::bls12_381::{Fq, Fq12}; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let g: Fq12 = UniformRand::rand(&mut rng); - let h: Fq12 = UniformRand::rand(&mut rng); - field_test(g, h); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_bls12_381_negative_one() { - use crate::{biginteger::BigInteger384, fields::bls12_381::fq::Fq}; - - let neg_one = Fq::new(BigInteger384([ - 0x43f5fffffffcaaae, - 0x32b7fff2ed47fffd, - 0x7e83a49a2e99d69, - 0xeca8f3318332bb7a, - 0xef148d1ea0f4c069, - 0x40ab3263eff0206, - ])); - assert_eq!(neg_one, -Fq::one()); -} - -#[test] -fn test_frob_coeffs() { - let nqr = -Fq::one(); - - assert_eq!(Fq2Parameters::FROBENIUS_COEFF_FP2_C1[0], Fq::one()); - assert_eq!( - Fq2Parameters::FROBENIUS_COEFF_FP2_C1[1], - nqr.pow([ - 0xdcff7fffffffd555, - 0xf55ffff58a9ffff, - 0xb39869507b587b12, - 0xb23ba5c279c2895f, - 0x258dd3db21a5d66b, - 0xd0088f51cbff34d, - ]) - ); - - let nqr = Fq2::new(Fq::one(), Fq::one()); - - assert_eq!(Fq6Parameters::FROBENIUS_COEFF_FP6_C1[0], Fq2::one()); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[1], - nqr.pow([ - 0x9354ffffffffe38e, - 0xa395554e5c6aaaa, - 0xcd104635a790520c, - 0xcc27c3d6fbd7063f, - 0x190937e76bc3e447, - 0x8ab05f8bdd54cde, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[2], - nqr.pow([ - 0xb78e0000097b2f68, - 0xd44f23b47cbd64e3, - 0x5cb9668120b069a9, - 0xccea85f9bf7b3d16, - 0xdba2c8d7adb356d, - 0x9cd75ded75d7429, - 0xfc65c31103284fab, - 0xc58cb9a9b249ee24, - 0xccf734c3118a2e9a, - 0xa0f4304c5a256ce6, - 0xc3f0d2f8e0ba61f8, - 0xe167e192ebca97, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[3], - nqr.pow([ - 0xdbc6fcd6f35b9e06, - 0x997dead10becd6aa, - 0x9dbbd24c17206460, - 0x72b97acc6057c45e, - 0xf8e9a230bf0c628e, - 0x647ccb1885c63a7, - 0xce80264fc55bf6ee, - 0x94d8d716c3939fc4, - 0xad78f0eb77ee6ee1, - 0xd6fe49bfe57dc5f9, - 0x2656d6c15c63647, - 0xdf6282f111fa903, - 0x1bdba63e0632b4bb, - 0x6883597bcaa505eb, - 0xa56d4ec90c34a982, - 0x7e4c42823bbe90b2, - 0xf64728aa6dcb0f20, - 0x16e57e16ef152f, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[4], - nqr.pow([ - 0x4649add3c71c6d90, - 0x43caa6528972a865, - 0xcda8445bbaaa0fbb, - 0xc93dea665662aa66, - 0x2863bc891834481d, - 0x51a0c3f5d4ccbed8, - 0x9210e660f90ccae9, - 0xe2bd6836c546d65e, - 0xf223abbaa7cf778b, - 0xd4f10b222cf11680, - 0xd540f5eff4a1962e, - 0xa123a1f140b56526, - 0x31ace500636a59f6, - 0x3a82bc8c8dfa57a9, - 0x648c511e217fc1f8, - 0x36c17ffd53a4558f, - 0x881bef5fd684eefd, - 0x5d648dbdc5dbb522, - 0x8fd07bf06e5e59b8, - 0x8ddec8a9acaa4b51, - 0x4cc1f8688e2def26, - 0xa74e63cb492c03de, - 0x57c968173d1349bb, - 0x253674e02a866, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[5], - nqr.pow([ - 0xf896f792732eb2be, - 0x49c86a6d1dc593a1, - 0xe5b31e94581f91c3, - 0xe3da5cc0a6b20d7f, - 0x822caef950e0bfed, - 0x317ed950b9ee67cd, - 0xffd664016ee3f6cd, - 0x77d991c88810b122, - 0x62e72e635e698264, - 0x905e1a1a2d22814a, - 0xf5b7ab3a3f33d981, - 0x175871b0bc0e25dd, - 0x1e2e9a63df5c3772, - 0xe888b1f7445b149d, - 0x9551c19e5e7e2c24, - 0xecf21939a3d2d6be, - 0xd830dbfdab72dbd4, - 0x7b34af8d622d40c0, - 0x3df6d20a45671242, - 0xaf86bee30e21d98, - 0x41064c1534e5df5d, - 0xf5f6cabd3164c609, - 0xa5d14bdf2b7ee65, - 0xa718c069defc9138, - 0xdb1447e770e3110e, - 0xc1b164a9e90af491, - 0x7180441f9d251602, - 0x1fd3a5e6a9a893e, - 0x1e17b779d54d5db, - 0x3c7afafe3174, - ]) - ); - - assert_eq!(Fq6Parameters::FROBENIUS_COEFF_FP6_C2[0], Fq2::one()); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[1], - nqr.pow([ - 0x26a9ffffffffc71c, - 0x1472aaa9cb8d5555, - 0x9a208c6b4f20a418, - 0x984f87adf7ae0c7f, - 0x32126fced787c88f, - 0x11560bf17baa99bc, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[2], - nqr.pow([ - 0x6f1c000012f65ed0, - 0xa89e4768f97ac9c7, - 0xb972cd024160d353, - 0x99d50bf37ef67a2c, - 0x1b74591af5b66adb, - 0x139aebbdaebae852, - 0xf8cb862206509f56, - 0x8b1973536493dc49, - 0x99ee698623145d35, - 0x41e86098b44ad9cd, - 0x87e1a5f1c174c3f1, - 0x1c2cfc325d7952f, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[3], - nqr.pow([ - 0xb78df9ade6b73c0c, - 0x32fbd5a217d9ad55, - 0x3b77a4982e40c8c1, - 0xe572f598c0af88bd, - 0xf1d344617e18c51c, - 0xc8f996310b8c74f, - 0x9d004c9f8ab7eddc, - 0x29b1ae2d87273f89, - 0x5af1e1d6efdcddc3, - 0xadfc937fcafb8bf3, - 0x4cadad82b8c6c8f, - 0x1bec505e223f5206, - 0x37b74c7c0c656976, - 0xd106b2f7954a0bd6, - 0x4ada9d9218695304, - 0xfc988504777d2165, - 0xec8e5154db961e40, - 0x2dcafc2dde2a5f, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[4], - nqr.pow([ - 0x8c935ba78e38db20, - 0x87954ca512e550ca, - 0x9b5088b775541f76, - 0x927bd4ccacc554cd, - 0x50c779123068903b, - 0xa34187eba9997db0, - 0x2421ccc1f21995d2, - 0xc57ad06d8a8dacbd, - 0xe44757754f9eef17, - 0xa9e2164459e22d01, - 0xaa81ebdfe9432c5d, - 0x424743e2816aca4d, - 0x6359ca00c6d4b3ed, - 0x750579191bf4af52, - 0xc918a23c42ff83f0, - 0x6d82fffaa748ab1e, - 0x1037debfad09ddfa, - 0xbac91b7b8bb76a45, - 0x1fa0f7e0dcbcb370, - 0x1bbd9153595496a3, - 0x9983f0d11c5bde4d, - 0x4e9cc796925807bc, - 0xaf92d02e7a269377, - 0x4a6ce9c0550cc, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[5], - nqr.pow([ - 0xf12def24e65d657c, - 0x9390d4da3b8b2743, - 0xcb663d28b03f2386, - 0xc7b4b9814d641aff, - 0x4595df2a1c17fdb, - 0x62fdb2a173dccf9b, - 0xffacc802ddc7ed9a, - 0xefb3239110216245, - 0xc5ce5cc6bcd304c8, - 0x20bc34345a450294, - 0xeb6f56747e67b303, - 0x2eb0e361781c4bbb, - 0x3c5d34c7beb86ee4, - 0xd11163ee88b6293a, - 0x2aa3833cbcfc5849, - 0xd9e4327347a5ad7d, - 0xb061b7fb56e5b7a9, - 0xf6695f1ac45a8181, - 0x7beda4148ace2484, - 0x15f0d7dc61c43b30, - 0x820c982a69cbbeba, - 0xebed957a62c98c12, - 0x14ba297be56fdccb, - 0x4e3180d3bdf92270, - 0xb6288fcee1c6221d, - 0x8362c953d215e923, - 0xe300883f3a4a2c05, - 0x3fa74bcd535127c, - 0x3c2f6ef3aa9abb6, - 0x78f5f5fc62e8, - ]) - ); - - assert_eq!(Fq12Parameters::FROBENIUS_COEFF_FP12_C1[0], Fq2::one()); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[1], - nqr.pow([ - 0x49aa7ffffffff1c7, - 0x51caaaa72e35555, - 0xe688231ad3c82906, - 0xe613e1eb7deb831f, - 0xc849bf3b5e1f223, - 0x45582fc5eeaa66f, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[2], - nqr.pow([ - 0xdbc7000004bd97b4, - 0xea2791da3e5eb271, - 0x2e5cb340905834d4, - 0xe67542fcdfbd9e8b, - 0x86dd1646bd6d9ab6, - 0x84e6baef6baeba14, - 0x7e32e188819427d5, - 0x62c65cd4d924f712, - 0x667b9a6188c5174d, - 0x507a18262d12b673, - 0xe1f8697c705d30fc, - 0x70b3f0c975e54b, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[3], - nqr.pow(vec![ - 0x6de37e6b79adcf03, - 0x4cbef56885f66b55, - 0x4edde9260b903230, - 0x395cbd66302be22f, - 0xfc74d1185f863147, - 0x323e658c42e31d3, - 0x67401327e2adfb77, - 0xca6c6b8b61c9cfe2, - 0xd6bc7875bbf73770, - 0xeb7f24dff2bee2fc, - 0x8132b6b60ae31b23, - 0x86fb1417888fd481, - 0x8dedd31f03195a5d, - 0x3441acbde55282f5, - 0x52b6a764861a54c1, - 0x3f2621411ddf4859, - 0xfb23945536e58790, - 0xb72bf0b778a97, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[4], - nqr.pow(vec![ - 0xa324d6e9e38e36c8, - 0xa1e5532944b95432, - 0x66d4222ddd5507dd, - 0xe49ef5332b315533, - 0x1431de448c1a240e, - 0xa8d061faea665f6c, - 0x490873307c866574, - 0xf15eb41b62a36b2f, - 0x7911d5dd53e7bbc5, - 0x6a78859116788b40, - 0x6aa07af7fa50cb17, - 0x5091d0f8a05ab293, - 0x98d6728031b52cfb, - 0x1d415e4646fd2bd4, - 0xb246288f10bfe0fc, - 0x9b60bffea9d22ac7, - 0x440df7afeb42777e, - 0x2eb246dee2edda91, - 0xc7e83df8372f2cdc, - 0x46ef6454d65525a8, - 0x2660fc344716f793, - 0xd3a731e5a49601ef, - 0x2be4b40b9e89a4dd, - 0x129b3a7015433, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[5], - nqr.pow(vec![ - 0xfc4b7bc93997595f, - 0xa4e435368ee2c9d0, - 0xf2d98f4a2c0fc8e1, - 0xf1ed2e60535906bf, - 0xc116577ca8705ff6, - 0x98bf6ca85cf733e6, - 0x7feb3200b771fb66, - 0x3becc8e444085891, - 0x31739731af34c132, - 0xc82f0d0d169140a5, - 0xfadbd59d1f99ecc0, - 0xbac38d85e0712ee, - 0x8f174d31efae1bb9, - 0x744458fba22d8a4e, - 0x4aa8e0cf2f3f1612, - 0x76790c9cd1e96b5f, - 0x6c186dfed5b96dea, - 0x3d9a57c6b116a060, - 0x1efb690522b38921, - 0x857c35f718710ecc, - 0xa083260a9a72efae, - 0xfafb655e98b26304, - 0x52e8a5ef95bf732, - 0x538c6034ef7e489c, - 0xed8a23f3b8718887, - 0x60d8b254f4857a48, - 0x38c0220fce928b01, - 0x80fe9d2f354d449f, - 0xf0bdbbceaa6aed, - 0x1e3d7d7f18ba, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[6], - nqr.pow(vec![ - 0x21219610a012ba3c, - 0xa5c19ad35375325, - 0x4e9df1e497674396, - 0xfb05b717c991c6ef, - 0x4a1265bca93a32f2, - 0xd875ff2a7bdc1f66, - 0xc6d8754736c771b2, - 0x2d80c759ba5a2ae7, - 0x138a20df4b03cc1a, - 0xc22d07fe68e93024, - 0xd1dc474d3b433133, - 0xc22aa5e75044e5c, - 0xf657c6fbf9c17ebf, - 0xc591a794a58660d, - 0x2261850ee1453281, - 0xd17d3bd3b7f5efb4, - 0xf00cec8ec507d01, - 0x2a6a775657a00ae6, - 0x5f098a12ff470719, - 0x409d194e7b5c5afa, - 0x1d66478e982af5b, - 0xda425a5b5e01ca3f, - 0xf77e4f78747e903c, - 0x177d49f73732c6fc, - 0xa9618fecabe0e1f4, - 0xba5337eac90bd080, - 0x66fececdbc35d4e7, - 0xa4cd583203d9206f, - 0x98391632ceeca596, - 0x4946b76e1236ad3f, - 0xa0dec64e60e711a1, - 0xfcb41ed3605013, - 0x8ca8f9692ae1e3a9, - 0xd3078bfc28cc1baf, - 0xf0536f764e982f82, - 0x3125f1a2656, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[7], - nqr.pow(vec![ - 0x742754a1f22fdb, - 0x2a1955c2dec3a702, - 0x9747b28c796d134e, - 0xc113a0411f59db79, - 0x3bb0fa929853bfc1, - 0x28c3c25f8f6fb487, - 0xbc2b6c99d3045b34, - 0x98fb67d6badde1fd, - 0x48841d76a24d2073, - 0xd49891145fe93ae6, - 0xc772b9c8e74d4099, - 0xccf4e7b9907755bb, - 0x9cf47b25d42fd908, - 0x5616a0c347fc445d, - 0xff93b7a7ad1b8a6d, - 0xac2099256b78a77a, - 0x7804a95b02892e1c, - 0x5cf59ca7bfd69776, - 0xa7023502acd3c866, - 0xc76f4982fcf8f37, - 0x51862a5a57ac986e, - 0x38b80ed72b1b1023, - 0x4a291812066a61e1, - 0xcd8a685eff45631, - 0x3f40f708764e4fa5, - 0x8aa0441891285092, - 0x9eff60d71cdf0a9, - 0x4fdd9d56517e2bfa, - 0x1f3c80d74a28bc85, - 0x24617417c064b648, - 0x7ddda1e4385d5088, - 0xf9e132b11dd32a16, - 0xcc957cb8ef66ab99, - 0xd4f206d37cb752c5, - 0x40de343f28ad616b, - 0x8d1f24379068f0e3, - 0x6f31d7947ea21137, - 0x27311f9c32184061, - 0x9eea0664cc78ce5f, - 0x7d4151f6fea9a0da, - 0x454096fa75bd571a, - 0x4fe0f20ecb, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[8], - nqr.pow(vec![ - 0x802f5720d0b25710, - 0x6714f0a258b85c7c, - 0x31394c90afdf16e, - 0xe9d2b0c64f957b19, - 0xe67c0d9c5e7903ee, - 0x3156fdc5443ea8ef, - 0x7c4c50524d88c892, - 0xc99dc8990c0ad244, - 0xd37ababf3649a896, - 0x76fe4b838ff7a20c, - 0xcf69ee2cec728db3, - 0xb83535548e5f41, - 0x371147684ccb0c23, - 0x194f6f4fa500db52, - 0xc4571dc78a4c5374, - 0xe4d46d479999ca97, - 0x76b6785a615a151c, - 0xcceb8bcea7eaf8c1, - 0x80d87a6fbe5ae687, - 0x6a97ddddb85ce85, - 0xd783958f26034204, - 0x7144506f2e2e8590, - 0x948693d377aef166, - 0x8364621ed6f96056, - 0xf021777c4c09ee2d, - 0xc6cf5e746ecd50b, - 0xa2337b7aa22743df, - 0xae753f8bbacab39c, - 0xfc782a9e34d3c1cc, - 0x21b827324fe494d9, - 0x5692ce350ed03b38, - 0xf323a2b3cd0481b0, - 0xe859c97a4ccad2e3, - 0x48434b70381e4503, - 0x46042d62e4132ed8, - 0x48c4d6f56122e2f2, - 0xf87711ab9f5c1af7, - 0xb14b7a054759b469, - 0x8eb0a96993ffa9aa, - 0x9b21fb6fc58b760c, - 0xf3abdd115d2e7d25, - 0xf7beac3d4d12409c, - 0x40a5585cce69bf03, - 0x697881e1ba22d5a8, - 0x3d6c04e6ad373fd9, - 0x849871bf627be886, - 0x550f4b9b71b28ef9, - 0x81d2e0d78, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[9], - nqr.pow(vec![ - 0x4af4accf7de0b977, - 0x742485e21805b4ee, - 0xee388fbc4ac36dec, - 0x1e199da57ad178a, - 0xc27c12b292c6726a, - 0x162e6ed84505b5e8, - 0xe191683f336e09df, - 0x17deb7e8d1e0fce6, - 0xd944f19ad06f5836, - 0x4c5f5e59f6276026, - 0xf1ba9c7c148a38a8, - 0xd205fe2dba72b326, - 0x9a2cf2a4c289824e, - 0x4f47ad512c39e24d, - 0xc5894d984000ea09, - 0x2974c03ff7cf01fa, - 0xfcd243b48cb99a22, - 0x2b5150c9313ac1e8, - 0x9089f37c7fc80eda, - 0x989540cc9a7aea56, - 0x1ab1d4e337e63018, - 0x42b546c30d357e43, - 0x1c6abc04f76233d9, - 0x78b3b8d88bf73e47, - 0x151c4e4c45dc68e6, - 0x519a79c4f54397ed, - 0x93f5b51535a127c5, - 0x5fc51b6f52fa153e, - 0x2e0504f2d4a965c3, - 0xc85bd3a3da52bffe, - 0x98c60957a46a89ef, - 0x48c03b5976b91cae, - 0xc6598040a0a61438, - 0xbf0b49dc255953af, - 0xb78dff905b628ab4, - 0x68140b797ba74ab8, - 0x116cf037991d1143, - 0x2f7fe82e58acb0b8, - 0xc20bf7a8f7be5d45, - 0x86c2905c338d5709, - 0xff13a3ae6c8ace3d, - 0xb6f95e2282d08337, - 0xd49f7b313e9cbf29, - 0xf794517193a1ce8c, - 0x39641fecb596a874, - 0x411c4c4edf462fb3, - 0x3f8cd55c10cf25b4, - 0x2bdd7ea165e860b6, - 0xacd7d2cef4caa193, - 0x6558a1d09a05f96, - 0x1f52b5f5b546fc20, - 0x4ee22a5a8c250c12, - 0xd3a63a54a205b6b3, - 0xd2ff5be8, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[10], - nqr.pow(vec![ - 0xe5953a4f96cdda44, - 0x336b2d734cbc32bb, - 0x3f79bfe3cd7410e, - 0x267ae19aaa0f0332, - 0x85a9c4db78d5c749, - 0x90996b046b5dc7d8, - 0x8945eae9820afc6a, - 0x2644ddea2b036bd, - 0x39898e35ac2e3819, - 0x2574eab095659ab9, - 0x65953d51ac5ea798, - 0xc6b8c7afe6752466, - 0x40e9e993e9286544, - 0x7e0ad34ad9700ea0, - 0xac1015eba2c69222, - 0x24f057a19239b5d8, - 0x2043b48c8a3767eb, - 0x1117c124a75d7ff4, - 0x433cfd1a09fb3ce7, - 0x25b087ce4bcf7fb, - 0xbcee0dc53a3e5bdb, - 0xbffda040cf028735, - 0xf7cf103a25512acc, - 0x31d4ecda673130b9, - 0xea0906dab18461e6, - 0x5a40585a5ac3050d, - 0x803358fc14fd0eda, - 0x3678ca654eada770, - 0x7b91a1293a45e33e, - 0xcd5e5b8ea8530e43, - 0x21ae563ab34da266, - 0xecb00dad60df8894, - 0x77fe53e652facfef, - 0x9b7d1ad0b00244ec, - 0xe695df5ca73f801, - 0x23cdb21feeab0149, - 0x14de113e7ea810d9, - 0x52600cd958dac7e7, - 0xc83392c14667e488, - 0x9f808444bc1717fc, - 0x56facb4bcf7c788f, - 0x8bcad53245fc3ca0, - 0xdef661e83f27d81c, - 0x37d4ebcac9ad87e5, - 0x6fe8b24f5cdb9324, - 0xee08a26c1197654c, - 0xc98b22f65f237e9a, - 0xf54873a908ed3401, - 0x6e1cb951d41f3f3, - 0x290b2250a54e8df6, - 0x7f36d51eb1db669e, - 0xb08c7ed81a6ee43e, - 0x95e1c90fb092f680, - 0x429e4afd0e8b820, - 0x2c14a83ee87d715c, - 0xf37267575cfc8af5, - 0xb99e9afeda3c2c30, - 0x8f0f69da75792d5a, - 0x35074a85a533c73, - 0x156ed119, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[11], - nqr.pow(vec![ - 0x107db680942de533, - 0x6262b24d2052393b, - 0x6136df824159ebc, - 0xedb052c9970c5deb, - 0xca813aea916c3777, - 0xf49dacb9d76c1788, - 0x624941bd372933bb, - 0xa5e60c2520638331, - 0xb38b661683411074, - 0x1d2c9af4c43d962b, - 0x17d807a0f14aa830, - 0x6e6581a51012c108, - 0x668a537e5b35e6f5, - 0x6c396cf3782dca5d, - 0x33b679d1bff536ed, - 0x736cce41805d90aa, - 0x8a562f369eb680bf, - 0x9f61aa208a11ded8, - 0x43dd89dd94d20f35, - 0xcf84c6610575c10a, - 0x9f318d49cf2fe8e6, - 0xbbc6e5f25a6e434e, - 0x6528c433d11d987b, - 0xffced71cc48c0e8a, - 0x4cbb1474f4cb2a26, - 0x66a035c0b28b7231, - 0xa6f2875faa1a82ae, - 0xdd1ea3deff818b02, - 0xe0cfdf0dcdecf701, - 0x9aefa231f2f6d23, - 0xfb251297efa06746, - 0x5a40d367df985538, - 0x1ea31d69ab506fed, - 0xc64ea8280e89a73f, - 0x969acf9f2d4496f4, - 0xe84c9181ee60c52c, - 0xc60f27fc19fc6ca4, - 0x760b33d850154048, - 0x84f69080f66c8457, - 0xc0192ba0fabf640e, - 0xd2c338765c23a3a8, - 0xa7838c20f02cec6c, - 0xb7cf01d020572877, - 0xd63ffaeba0be200a, - 0xf7492baeb5f041ac, - 0x8602c5212170d117, - 0xad9b2e83a5a42068, - 0x2461829b3ba1083e, - 0x7c34650da5295273, - 0xdc824ba800a8265a, - 0xd18d9b47836af7b2, - 0x3af78945c58cbf4d, - 0x7ed9575b8596906c, - 0x6d0c133895009a66, - 0x53bc1247ea349fe1, - 0x6b3063078d41aa7a, - 0x6184acd8cd880b33, - 0x76f4d15503fd1b96, - 0x7a9afd61eef25746, - 0xce974aadece60609, - 0x88ca59546a8ceafd, - 0x6d29391c41a0ac07, - 0x443843a60e0f46a6, - 0xa1590f62fd2602c7, - 0x536d5b15b514373f, - 0x22d582b, - ]) - ); -} - -#[test] -fn test_neg_one() { - let o = -Fq::one(); - - let thing: [u64; 6] = [ - 0x43f5fffffffcaaae, - 0x32b7fff2ed47fffd, - 0x7e83a49a2e99d69, - 0xeca8f3318332bb7a, - 0xef148d1ea0f4c069, - 0x40ab3263eff0206, - ]; - println!("{:?}", thing); - let negative_one = Fq::new(BigInteger384(thing)); - - assert_eq!(negative_one, o); -} - -#[test] -fn test_fq_repr_from() { - assert_eq!( - BigInteger384::from(100), - BigInteger384([100, 0, 0, 0, 0, 0]) - ); -} - -#[test] -fn test_fq_repr_is_odd() { - assert!(!BigInteger384::from(0).is_odd()); - assert!(BigInteger384::from(0).is_even()); - assert!(BigInteger384::from(1).is_odd()); - assert!(!BigInteger384::from(1).is_even()); - assert!(!BigInteger384::from(324834872).is_odd()); - assert!(BigInteger384::from(324834872).is_even()); - assert!(BigInteger384::from(324834873).is_odd()); - assert!(!BigInteger384::from(324834873).is_even()); -} - -#[test] -fn test_fq_repr_is_zero() { - assert!(BigInteger384::from(0).is_zero()); - assert!(!BigInteger384::from(1).is_zero()); - assert!(!BigInteger384([0, 0, 0, 0, 1, 0]).is_zero()); -} - -#[test] -fn test_fq_repr_div2() { - let mut a = BigInteger384([ - 0x8b0ad39f8dd7482a, - 0x147221c9a7178b69, - 0x54764cb08d8a6aa0, - 0x8519d708e1d83041, - 0x41f82777bd13fdb, - 0xf43944578f9b771b, - ]); - a.div2(); - assert_eq!( - a, - BigInteger384([ - 0xc58569cfc6eba415, - 0xa3910e4d38bc5b4, - 0xaa3b265846c53550, - 0xc28ceb8470ec1820, - 0x820fc13bbde89fed, - 0x7a1ca22bc7cdbb8d, - ]) - ); - for _ in 0..10 { - a.div2(); - } - assert_eq!( - a, - BigInteger384([ - 0x6d31615a73f1bae9, - 0x54028e443934e2f1, - 0x82a8ec99611b14d, - 0xfb70a33ae11c3b06, - 0xe36083f04eef7a27, - 0x1e87288af1f36e, - ]) - ); - for _ in 0..300 { - a.div2(); - } - assert_eq!( - a, - BigInteger384([0x7288af1f36ee3608, 0x1e8, 0x0, 0x0, 0x0, 0x0]) - ); - for _ in 0..50 { - a.div2(); - } - assert_eq!(a, BigInteger384([0x7a1ca2, 0x0, 0x0, 0x0, 0x0, 0x0])); - for _ in 0..22 { - a.div2(); - } - assert_eq!(a, BigInteger384([0x1, 0x0, 0x0, 0x0, 0x0, 0x0])); - a.div2(); - assert!(a.is_zero()); -} - -#[test] -fn test_fq_repr_divn() { - let mut a = BigInteger384([ - 0xaa5cdd6172847ffd, - 0x43242c06aed55287, - 0x9ddd5b312f3dd104, - 0xc5541fd48046b7e7, - 0x16080cf4071e0b05, - 0x1225f2901aea514e, - ]); - a.divn(0); - assert_eq!( - a, - BigInteger384([ - 0xaa5cdd6172847ffd, - 0x43242c06aed55287, - 0x9ddd5b312f3dd104, - 0xc5541fd48046b7e7, - 0x16080cf4071e0b05, - 0x1225f2901aea514e, - ]) - ); - a.divn(1); - assert_eq!( - a, - BigInteger384([ - 0xd52e6eb0b9423ffe, - 0x21921603576aa943, - 0xceeead98979ee882, - 0xe2aa0fea40235bf3, - 0xb04067a038f0582, - 0x912f9480d7528a7, - ]) - ); - a.divn(50); - assert_eq!( - a, - BigInteger384([ - 0x8580d5daaa50f54b, - 0xab6625e7ba208864, - 0x83fa9008d6fcf3bb, - 0x19e80e3c160b8aa, - 0xbe52035d4a29c2c1, - 0x244, - ]) - ); - a.divn(130); - assert_eq!( - a, - BigInteger384([ - 0xa0fea40235bf3cee, - 0x4067a038f0582e2a, - 0x2f9480d7528a70b0, - 0x91, - 0x0, - 0x0, - ]) - ); - a.divn(64); - assert_eq!( - a, - BigInteger384([0x4067a038f0582e2a, 0x2f9480d7528a70b0, 0x91, 0x0, 0x0, 0x0]) - ); -} - -#[test] -fn test_fq_repr_mul2() { - let mut a = BigInteger384::from(23712937547); - a.mul2(); - assert_eq!(a, BigInteger384([0xb0acd6c96, 0x0, 0x0, 0x0, 0x0, 0x0])); - for _ in 0..60 { - a.mul2(); - } - assert_eq!( - a, - BigInteger384([0x6000000000000000, 0xb0acd6c9, 0x0, 0x0, 0x0, 0x0]) - ); - for _ in 0..300 { - a.mul2(); - } - assert_eq!( - a, - BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0xcd6c960000000000]) - ); - for _ in 0..17 { - a.mul2(); - } - assert_eq!( - a, - BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x2c00000000000000]) - ); - for _ in 0..6 { - a.mul2(); - } - assert!(a.is_zero()); -} - -#[test] -fn test_fq_repr_num_bits() { - let mut a = BigInteger384::from(0); - assert_eq!(0, a.num_bits()); - a = BigInteger384::from(1); - for i in 1..385 { - assert_eq!(i, a.num_bits()); - a.mul2(); - } - assert_eq!(0, a.num_bits()); -} - -#[test] -fn test_fq_repr_sub_noborrow() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let mut t = BigInteger384([ - 0x827a4a08041ebd9, - 0x3c239f3dcc8f0d6b, - 0x9ab46a912d555364, - 0x196936b17b43910b, - 0xad0eb3948a5c34fd, - 0xd56f7b5ab8b5ce8, - ]); - t.sub_noborrow(&BigInteger384([ - 0xc7867917187ca02b, - 0x5d75679d4911ffef, - 0x8c5b3e48b1a71c15, - 0x6a427ae846fd66aa, - 0x7a37e7265ee1eaf9, - 0x7c0577a26f59d5, - ])); - assert!( - t == BigInteger384([ - 0x40a12b8967c54bae, - 0xdeae37a0837d0d7b, - 0xe592c487bae374e, - 0xaf26bbc934462a61, - 0x32d6cc6e2b7a4a03, - 0xcdaf23e091c0313, - ]) - ); - - for _ in 0..1000 { - let mut a = BigInteger384::rand(&mut rng); - a.0[5] >>= 30; - let mut b = a; - for _ in 0..10 { - b.mul2(); - } - let mut c = b; - for _ in 0..10 { - c.mul2(); - } - - assert!(a < b); - assert!(b < c); - - let mut csub_ba = c; - csub_ba.sub_noborrow(&b); - csub_ba.sub_noborrow(&a); - - let mut csub_ab = c; - csub_ab.sub_noborrow(&a); - csub_ab.sub_noborrow(&b); - - assert_eq!(csub_ab, csub_ba); - } - - // Subtracting q+1 from q should produce -1 (mod 2**384) - let mut qplusone = BigInteger384([ - 0xb9feffffffffaaab, - 0x1eabfffeb153ffff, - 0x6730d2a0f6b0f624, - 0x64774b84f38512bf, - 0x4b1ba7b6434bacd7, - 0x1a0111ea397fe69a, - ]); - qplusone.sub_noborrow(&BigInteger384([ - 0xb9feffffffffaaac, - 0x1eabfffeb153ffff, - 0x6730d2a0f6b0f624, - 0x64774b84f38512bf, - 0x4b1ba7b6434bacd7, - 0x1a0111ea397fe69a, - ])); - assert_eq!( - qplusone, - BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ]) - ); -} - -#[test] -fn test_fq_repr_add_nocarry() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let mut t = BigInteger384([ - 0x827a4a08041ebd9, - 0x3c239f3dcc8f0d6b, - 0x9ab46a912d555364, - 0x196936b17b43910b, - 0xad0eb3948a5c34fd, - 0xd56f7b5ab8b5ce8, - ]); - t.add_nocarry(&BigInteger384([ - 0xc7867917187ca02b, - 0x5d75679d4911ffef, - 0x8c5b3e48b1a71c15, - 0x6a427ae846fd66aa, - 0x7a37e7265ee1eaf9, - 0x7c0577a26f59d5, - ])); - assert!( - t == BigInteger384([ - 0xcfae1db798be8c04, - 0x999906db15a10d5a, - 0x270fa8d9defc6f79, - 0x83abb199c240f7b6, - 0x27469abae93e1ff6, - 0xdd2fd2d4dfab6be, - ]) - ); - - // Test for the associativity of addition. - for _ in 0..1000 { - let mut a = BigInteger384::rand(&mut rng); - let mut b = BigInteger384::rand(&mut rng); - let mut c = BigInteger384::rand(&mut rng); - - // Unset the first few bits, so that overflow won't occur. - a.0[5] >>= 3; - b.0[5] >>= 3; - c.0[5] >>= 3; - - let mut abc = a; - abc.add_nocarry(&b); - abc.add_nocarry(&c); - - let mut acb = a; - acb.add_nocarry(&c); - acb.add_nocarry(&b); - - let mut bac = b; - bac.add_nocarry(&a); - bac.add_nocarry(&c); - - let mut bca = b; - bca.add_nocarry(&c); - bca.add_nocarry(&a); - - let mut cab = c; - cab.add_nocarry(&a); - cab.add_nocarry(&b); - - let mut cba = c; - cba.add_nocarry(&b); - cba.add_nocarry(&a); - - assert_eq!(abc, acb); - assert_eq!(abc, bac); - assert_eq!(abc, bca); - assert_eq!(abc, cab); - assert_eq!(abc, cba); - } - - // Adding 1 to (2^384 - 1) should produce zero - let mut x = BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ]); - x.add_nocarry(&BigInteger384::from(1)); - assert!(x.is_zero()); -} - -#[test] -fn test_fq_is_valid() { - let mut a = Fq::new(FqParameters::MODULUS); - assert!(!a.is_valid()); - a.0.sub_noborrow(&BigInteger384::from(1)); - assert!(a.is_valid()); - assert!(Fq::new(BigInteger384::from(0)).is_valid()); - assert!(Fq::new(BigInteger384([ - 0xdf4671abd14dab3e, - 0xe2dc0c9f534fbd33, - 0x31ca6c880cc444a6, - 0x257a67e70ef33359, - 0xf9b29e493f899b36, - 0x17c8be1800b9f059, - ])) - .is_valid()); - assert!(!Fq::new(BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])) - .is_valid()); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let a = Fq::rand(&mut rng); - assert!(a.is_valid()); - } -} - -#[test] -fn test_fq_add_assign() { - { - // Random number - let mut tmp = Fq::new(BigInteger384([ - 0x624434821df92b69, - 0x503260c04fd2e2ea, - 0xd9df726e0d16e8ce, - 0xfbcb39adfd5dfaeb, - 0x86b8a22b0c88b112, - 0x165a2ed809e4201b, - ])); - assert!(tmp.is_valid()); - // Test that adding zero has no effect. - tmp.add_assign(&Fq::new(BigInteger384::from(0))); - assert_eq!( - tmp, - Fq::new(BigInteger384([ - 0x624434821df92b69, - 0x503260c04fd2e2ea, - 0xd9df726e0d16e8ce, - 0xfbcb39adfd5dfaeb, - 0x86b8a22b0c88b112, - 0x165a2ed809e4201b, - ])) - ); - // Add one and test for the result. - tmp.add_assign(&Fq::new(BigInteger384::from(1))); - assert_eq!( - tmp, - Fq::new(BigInteger384([ - 0x624434821df92b6a, - 0x503260c04fd2e2ea, - 0xd9df726e0d16e8ce, - 0xfbcb39adfd5dfaeb, - 0x86b8a22b0c88b112, - 0x165a2ed809e4201b, - ])) - ); - // Add another random number that exercises the reduction. - tmp.add_assign(&Fq::new(BigInteger384([ - 0x374d8f8ea7a648d8, - 0xe318bb0ebb8bfa9b, - 0x613d996f0a95b400, - 0x9fac233cb7e4fef1, - 0x67e47552d253c52, - 0x5c31b227edf25da, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger384([ - 0xdf92c410c59fc997, - 0x149f1bd05a0add85, - 0xd3ec393c20fba6ab, - 0x37001165c1bde71d, - 0x421b41c9f662408e, - 0x21c38104f435f5b, - ])) - ); - // Add one to (q - 1) and test for the result. - tmp = Fq::new(BigInteger384([ - 0xb9feffffffffaaaa, - 0x1eabfffeb153ffff, - 0x6730d2a0f6b0f624, - 0x64774b84f38512bf, - 0x4b1ba7b6434bacd7, - 0x1a0111ea397fe69a, - ])); - tmp.add_assign(&Fq::new(BigInteger384::from(1))); - assert!(tmp.0.is_zero()); - // Add a random number to another one such that the result is q - 1 - tmp = Fq::new(BigInteger384([ - 0x531221a410efc95b, - 0x72819306027e9717, - 0x5ecefb937068b746, - 0x97de59cd6feaefd7, - 0xdc35c51158644588, - 0xb2d176c04f2100, - ])); - tmp.add_assign(&Fq::new(BigInteger384([ - 0x66ecde5bef0fe14f, - 0xac2a6cf8aed568e8, - 0x861d70d86483edd, - 0xcc98f1b7839a22e8, - 0x6ee5e2a4eae7674e, - 0x194e40737930c599, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger384([ - 0xb9feffffffffaaaa, - 0x1eabfffeb153ffff, - 0x6730d2a0f6b0f624, - 0x64774b84f38512bf, - 0x4b1ba7b6434bacd7, - 0x1a0111ea397fe69a, - ])) - ); - // Add one to the result and test for it. - tmp.add_assign(&Fq::new(BigInteger384::from(1))); - assert!(tmp.0.is_zero()); - } - - // Test associativity - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Generate a, b, c and ensure (a + b) + c == a + (b + c). - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - - let mut tmp2 = b; - tmp2.add_assign(&c); - tmp2.add_assign(&a); - - assert!(tmp1.is_valid()); - assert!(tmp2.is_valid()); - assert_eq!(tmp1, tmp2); - } -} - -#[test] -fn test_fq_sub_assign() { - { - // Test arbitrary subtraction that tests reduction. - let mut tmp = Fq::new(BigInteger384([ - 0x531221a410efc95b, - 0x72819306027e9717, - 0x5ecefb937068b746, - 0x97de59cd6feaefd7, - 0xdc35c51158644588, - 0xb2d176c04f2100, - ])); - tmp.sub_assign(&Fq::new(BigInteger384([ - 0x98910d20877e4ada, - 0x940c983013f4b8ba, - 0xf677dc9b8345ba33, - 0xbef2ce6b7f577eba, - 0xe1ae288ac3222c44, - 0x5968bb602790806, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger384([ - 0x748014838971292c, - 0xfd20fad49fddde5c, - 0xcf87f198e3d3f336, - 0x3d62d6e6e41883db, - 0x45a3443cd88dc61b, - 0x151d57aaf755ff94, - ])) - ); - - // Test the opposite subtraction which doesn't test reduction. - tmp = Fq::new(BigInteger384([ - 0x98910d20877e4ada, - 0x940c983013f4b8ba, - 0xf677dc9b8345ba33, - 0xbef2ce6b7f577eba, - 0xe1ae288ac3222c44, - 0x5968bb602790806, - ])); - tmp.sub_assign(&Fq::new(BigInteger384([ - 0x531221a410efc95b, - 0x72819306027e9717, - 0x5ecefb937068b746, - 0x97de59cd6feaefd7, - 0xdc35c51158644588, - 0xb2d176c04f2100, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger384([ - 0x457eeb7c768e817f, - 0x218b052a117621a3, - 0x97a8e10812dd02ed, - 0x2714749e0f6c8ee3, - 0x57863796abde6bc, - 0x4e3ba3f4229e706, - ])) - ); - - // Test for sensible results with zero - tmp = Fq::new(BigInteger384::from(0)); - tmp.sub_assign(&Fq::new(BigInteger384::from(0))); - assert!(tmp.is_zero()); - - tmp = Fq::new(BigInteger384([ - 0x98910d20877e4ada, - 0x940c983013f4b8ba, - 0xf677dc9b8345ba33, - 0xbef2ce6b7f577eba, - 0xe1ae288ac3222c44, - 0x5968bb602790806, - ])); - tmp.sub_assign(&Fq::new(BigInteger384::from(0))); - assert_eq!( - tmp, - Fq::new(BigInteger384([ - 0x98910d20877e4ada, - 0x940c983013f4b8ba, - 0xf677dc9b8345ba33, - 0xbef2ce6b7f577eba, - 0xe1ae288ac3222c44, - 0x5968bb602790806, - ])) - ); - } - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure that (a - b) + (b - a) = 0. - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.sub_assign(&b); - - let mut tmp2 = b; - tmp2.sub_assign(&a); - - tmp1.add_assign(&tmp2); - assert!(tmp1.is_zero()); - } -} - -#[test] -fn test_fq_mul_assign() { - let mut tmp = Fq::new(BigInteger384([ - 0xcc6200000020aa8a, - 0x422800801dd8001a, - 0x7f4f5e619041c62c, - 0x8a55171ac70ed2ba, - 0x3f69cc3a3d07d58b, - 0xb972455fd09b8ef, - ])); - tmp.mul_assign(&Fq::new(BigInteger384([ - 0x329300000030ffcf, - 0x633c00c02cc40028, - 0xbef70d925862a942, - 0x4f7fa2a82a963c17, - 0xdf1eb2575b8bc051, - 0x1162b680fb8e9566, - ]))); - assert!( - tmp == Fq::new(BigInteger384([ - 0x9dc4000001ebfe14, - 0x2850078997b00193, - 0xa8197f1abb4d7bf, - 0xc0309573f4bfe871, - 0xf48d0923ffaf7620, - 0x11d4b58c7a926e66, - ])) - ); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * b) * c = a * (b * c) - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.mul_assign(&b); - tmp1.mul_assign(&c); - - let mut tmp2 = b; - tmp2.mul_assign(&c); - tmp2.mul_assign(&a); - - assert_eq!(tmp1, tmp2); - } - - for _ in 0..1000000 { - // Ensure that r * (a + b + c) = r*a + r*b + r*c - - let r = Fq::rand(&mut rng); - let mut a = Fq::rand(&mut rng); - let mut b = Fq::rand(&mut rng); - let mut c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - tmp1.mul_assign(&r); - - a.mul_assign(&r); - b.mul_assign(&r); - c.mul_assign(&r); - - a.add_assign(&b); - a.add_assign(&c); - - assert_eq!(tmp1, a); - } -} - -#[test] -fn test_fq_squaring() { - let mut a = Fq::new(BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0x19ffffffffffffff, - ])); - assert!(a.is_valid()); - a.square_in_place(); - assert_eq!( - a, - Fq::from_repr(BigInteger384([ - 0x1cfb28fe7dfbbb86, - 0x24cbe1731577a59, - 0xcce1d4edc120e66e, - 0xdc05c659b4e15b27, - 0x79361e5a802c6a23, - 0x24bcbe5d51b9a6f, - ])) - ); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * a) = a^2 - let a = Fq::rand(&mut rng); - - let mut tmp = a; - tmp.square_in_place(); - - let mut tmp2 = a; - tmp2.mul_assign(&a); - - assert_eq!(tmp, tmp2); - } -} - -#[test] -fn test_fq_inverse() { - assert!(Fq::zero().inverse().is_none()); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let one = Fq::one(); - - for _ in 0..1000 { - // Ensure that a * a^-1 = 1 - let mut a = Fq::rand(&mut rng); - let ainv = a.inverse().unwrap(); - a.mul_assign(&ainv); - assert_eq!(a, one); - } -} - -#[test] -fn test_fq_double_in_place() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure doubling a is equivalent to adding a to itself. - let mut a = Fq::rand(&mut rng); - let mut b = a; - b.add_assign(&a); - a.double_in_place(); - assert_eq!(a, b); - } -} - -#[test] -fn test_fq_negate() { - { - let a = -Fq::zero(); - - assert!(a.is_zero()); - } - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure (a - (-a)) = 0. - let mut a = Fq::rand(&mut rng); - let b = -a; - a.add_assign(&b); - - assert!(a.is_zero()); - } -} - -#[test] -fn test_fq_pow() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for i in 0..1000 { - // Exponentiate by various small numbers and ensure it consists with repeated - // multiplication. - let a = Fq::rand(&mut rng); - let target = a.pow(&[i]); - let mut c = Fq::one(); - for _ in 0..i { - c.mul_assign(&a); - } - assert_eq!(c, target); - } - - for _ in 0..1000 { - // Exponentiating by the modulus should have no effect in a prime field. - let a = Fq::rand(&mut rng); - - assert_eq!(a, a.pow(Fq::characteristic())); - } -} - -#[test] -fn test_fq_sqrt() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero()); - - for _ in 0..1000 { - // Ensure sqrt(a^2) = a or -a - let a = Fq::rand(&mut rng); - let nega = -a; - let mut b = a; - b.square_in_place(); - - let b = b.sqrt().unwrap(); - - assert!(a == b || nega == b); - } - - for _ in 0..1000 { - // Ensure sqrt(a)^2 = a for random a - let a = Fq::rand(&mut rng); - - if let Some(mut tmp) = a.sqrt() { - tmp.square_in_place(); - - assert_eq!(a, tmp); - } - } -} - -#[test] -fn test_fq_num_bits() { - assert_eq!(FqParameters::MODULUS_BITS, 381); - assert_eq!(FqParameters::CAPACITY, 380); -} - -#[test] -fn test_convert_fq_fr() { - use crate::fields::{ - convert, leading_zeros, - bls12_381::Fr, - }; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - - // Safely convert a random Fq into a Fr - let q: Fq = UniformRand::rand(&mut rng); - let q_bits = &q.write_bits()[127..]; //Skip 127 bits, in order to perform a safe conversion - let conv = convert::(q_bits.to_vec()).unwrap(); - assert_eq!(conv.pow(Fr::characteristic()), conv); - - // Safely convert a random Fr into a Fq - let r: Fr = UniformRand::rand(&mut rng); //No need to skip bits, Fr is smaller than Fq - let conv = convert::(r.write_bits()).unwrap(); - assert_eq!(conv.pow(Fq::characteristic()), conv); - } - - //Attempting to convert a bit array that exceeds other field's modulus will result in an error - loop { - let q: Fq = UniformRand::rand(&mut rng); - let q_bits = q.write_bits(); - if leading_zeros(q_bits.as_slice()) >= 127 { continue } //In this case the assertion below will fail - assert!(convert::(q_bits).is_err()); //Fq is much more bigger than Fr - break; - } -} - -#[test] -fn test_fq_root_of_unity() { - assert_eq!(FqParameters::TWO_ADICITY, 1); - assert_eq!( - Fq::multiplicative_generator(), - Fq::from_repr(BigInteger384::from(2)) - ); - assert_eq!( - Fq::multiplicative_generator().pow([ - 0xdcff7fffffffd555, - 0xf55ffff58a9ffff, - 0xb39869507b587b12, - 0xb23ba5c279c2895f, - 0x258dd3db21a5d66b, - 0xd0088f51cbff34d, - ]), - Fq::root_of_unity() - ); - assert_eq!( - Fq::root_of_unity().pow([1 << FqParameters::TWO_ADICITY]), - Fq::one() - ); - assert!(Fq::multiplicative_generator().sqrt().is_none()); -} - -// #[test] -// fn fq_field_tests() { -// ::tests::field::random_field_tests::(); -// ::tests::field::random_sqrt_tests::(); -// ::tests::field::random_frobenius_tests::(Fq::char(), 13); -// ::tests::field::from_str_tests::(); -// } - -#[test] -fn test_fq_ordering() { - // BigInteger384's ordering is well-tested, but we still need to make sure the - // Fq elements aren't being compared in Montgomery form. - for i in 0..100 { - assert!(Fq::from_repr(BigInteger384::from(i + 1)) > Fq::from_repr(BigInteger384::from(i))); - } -} - -// #[test] -// fn fq_repr_tests() { -// ::tests::repr::random_repr_tests::(); -// } - -#[test] -fn test_fq_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(QuadraticResidue, Fq::one().legendre()); - assert_eq!(Zero, Fq::zero().legendre()); - - assert_eq!( - QuadraticNonResidue, - Fq::from_repr(BigInteger384::from(2)).legendre() - ); - assert_eq!( - QuadraticResidue, - Fq::from_repr(BigInteger384::from(4)).legendre() - ); - - let e = BigInteger384([ - 0x52a112f249778642, - 0xd0bedb989b7991f, - 0xdad3b6681aa63c05, - 0xf2efc0bb4721b283, - 0x6057a98f18c24733, - 0x1022c2fd122889e4, - ]); - assert_eq!(QuadraticNonResidue, Fq::from_repr(e).legendre()); - let e = BigInteger384([ - 0x6dae594e53a96c74, - 0x19b16ca9ba64b37b, - 0x5c764661a59bfc68, - 0xaa346e9b31c60a, - 0x346059f9d87a9fa9, - 0x1d61ac6bfd5c88b, - ]); - assert_eq!(QuadraticResidue, Fq::from_repr(e).legendre()); -} - -#[test] -fn test_fq2_ordering() { - let mut a = Fq2::new(Fq::zero(), Fq::zero()); - - let mut b = a.clone(); - - assert!(a.cmp(&b) == Ordering::Equal); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); - b.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Greater); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); -} - -#[test] -fn test_fq2_basics() { - assert_eq!(Fq2::new(Fq::zero(), Fq::zero(),), Fq2::zero()); - assert_eq!(Fq2::new(Fq::one(), Fq::zero(),), Fq2::one()); - assert!(Fq2::zero().is_zero()); - assert!(!Fq2::one().is_zero()); - assert!(!Fq2::new(Fq::zero(), Fq::one(),).is_zero()); -} - -#[test] -fn test_fq2_squaring() { - let a = Fq2::new(Fq::one(), Fq::one()).square(); // u + 1 - assert_eq!( - a, - Fq2::new(Fq::zero(), Fq::from_repr(BigInteger384::from(2)),) - ); // 2u - - let a = Fq2::new(Fq::zero(), Fq::one()).square(); // u - assert_eq!(a, { - let neg1 = -Fq::one(); - Fq2::new(neg1, Fq::zero()) - }); // -1 - - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x9c2c6309bbf8b598, - 0x4eef5c946536f602, - 0x90e34aab6fb6a6bd, - 0xf7f295a94e58ae7c, - 0x41b76dcc1c3fbe5e, - 0x7080c5fa1d8e042, - ])), - Fq::from_repr(BigInteger384([ - 0x38f473b3c870a4ab, - 0x6ad3291177c8c7e5, - 0xdac5a4c911a4353e, - 0xbfb99020604137a0, - 0xfc58a7b7be815407, - 0x10d1615e75250a21, - ])), - ); - a.square_in_place(); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0xf262c28c538bcf68, - 0xb9f2a66eae1073ba, - 0xdc46ab8fad67ae0, - 0xcb674157618da176, - 0x4cf17b5893c3d327, - 0x7eac81369c43361, - ])), - Fq::from_repr(BigInteger384([ - 0xc1579cf58e980cf8, - 0xa23eb7e12dd54d98, - 0xe75138bce4cec7aa, - 0x38d0d7275a9689e1, - 0x739c983042779a65, - 0x1542a61c8a8db994, - ])), - ) - ); -} - -#[test] -fn test_fq2_mul() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x85c9f989e1461f03, - 0xa2e33c333449a1d6, - 0x41e461154a7354a3, - 0x9ee53e7e84d7532e, - 0x1c202d8ed97afb45, - 0x51d3f9253e2516f, - ])), - Fq::from_repr(BigInteger384([ - 0xa7348a8b511aedcf, - 0x143c215d8176b319, - 0x4cc48081c09b8903, - 0x9533e4a9a5158be, - 0x7a5e1ecb676d65f9, - 0x180c3ee46656b008, - ])), - ); - a.mul_assign(&Fq2::new( - Fq::from_repr(BigInteger384([ - 0xe21f9169805f537e, - 0xfc87e62e179c285d, - 0x27ece175be07a531, - 0xcd460f9f0c23e430, - 0x6c9110292bfa409, - 0x2c93a72eb8af83e, - ])), - Fq::from_repr(BigInteger384([ - 0x4b1c3f936d8992d4, - 0x1d2a72916dba4c8a, - 0x8871c508658d1e5f, - 0x57a06d3135a752ae, - 0x634cd3c6c565096d, - 0x19e17334d4e93558, - ])), - )); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x95b5127e6360c7e4, - 0xde29c31a19a6937e, - 0xf61a96dacf5a39bc, - 0x5511fe4d84ee5f78, - 0x5310a202d92f9963, - 0x1751afbe166e5399, - ])), - Fq::from_repr(BigInteger384([ - 0x84af0e1bd630117a, - 0x6c63cd4da2c2aa7, - 0x5ba6e5430e883d40, - 0xc975106579c275ee, - 0x33a9ac82ce4c5083, - 0x1ef1a36c201589d, - ])), - ) - ); -} - -#[test] -fn test_fq2_inverse() { - assert!(Fq2::zero().inverse().is_none()); - - let a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x85c9f989e1461f03, - 0xa2e33c333449a1d6, - 0x41e461154a7354a3, - 0x9ee53e7e84d7532e, - 0x1c202d8ed97afb45, - 0x51d3f9253e2516f, - ])), - Fq::from_repr(BigInteger384([ - 0xa7348a8b511aedcf, - 0x143c215d8176b319, - 0x4cc48081c09b8903, - 0x9533e4a9a5158be, - 0x7a5e1ecb676d65f9, - 0x180c3ee46656b008, - ])), - ); - let a = a.inverse().unwrap(); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x70300f9bcb9e594, - 0xe5ecda5fdafddbb2, - 0x64bef617d2915a8f, - 0xdfba703293941c30, - 0xa6c3d8f9586f2636, - 0x1351ef01941b70c4, - ])), - Fq::from_repr(BigInteger384([ - 0x8c39fd76a8312cb4, - 0x15d7b6b95defbff0, - 0x947143f89faedee9, - 0xcbf651a0f367afb2, - 0xdf4e54f0d3ef15a6, - 0x103bdf241afb0019, - ])), - ) - ); -} - -#[test] -fn test_fq2_addition() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ); - a.add_assign(&Fq2::new( - Fq::from_repr(BigInteger384([ - 0x619a02d78dc70ef2, - 0xb93adfc9119e33e8, - 0x4bf0b99a9f0dca12, - 0x3b88899a42a6318f, - 0x986a4a62fa82a49d, - 0x13ce433fa26027f5, - ])), - Fq::from_repr(BigInteger384([ - 0x66323bf80b58b9b9, - 0xa1379b6facf6e596, - 0x402aef1fb797e32f, - 0x2236f55246d0d44d, - 0x4c8c1800eb104566, - 0x11d6e20e986c2085, - ])), - )); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x8e9a7adaf6eb0eb9, - 0xcb207e6b3341eaba, - 0xd70b0c7b481d23ff, - 0xf4ef57d604b6bca2, - 0x65309427b3d5d090, - 0x14c715d5553f01d2, - ])), - Fq::from_repr(BigInteger384([ - 0xfdb032e7d9079a94, - 0x35a2809d15468d83, - 0xfe4b23317e0796d5, - 0xd62fa51334f560fa, - 0x9ad265eb46e01984, - 0x1303f3465112c8bc, - ])), - ) - ); -} - -#[test] -fn test_fq2_subtraction() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ); - a.sub_assign(&Fq2::new( - Fq::from_repr(BigInteger384([ - 0x619a02d78dc70ef2, - 0xb93adfc9119e33e8, - 0x4bf0b99a9f0dca12, - 0x3b88899a42a6318f, - 0x986a4a62fa82a49d, - 0x13ce433fa26027f5, - ])), - Fq::from_repr(BigInteger384([ - 0x66323bf80b58b9b9, - 0xa1379b6facf6e596, - 0x402aef1fb797e32f, - 0x2236f55246d0d44d, - 0x4c8c1800eb104566, - 0x11d6e20e986c2085, - ])), - )); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x8565752bdb5c9b80, - 0x7756bed7c15982e9, - 0xa65a6be700b285fe, - 0xe255902672ef6c43, - 0x7f77a718021c342d, - 0x72ba14049fe9881, - ])), - Fq::from_repr(BigInteger384([ - 0xeb4abaf7c255d1cd, - 0x11df49bc6cacc256, - 0xe52617930588c69a, - 0xf63905f39ad8cb1f, - 0x4cd5dd9fb40b3b8f, - 0x957411359ba6e4c, - ])), - ) - ); -} - -#[test] -fn test_fq2_negation() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ); - a = -a; - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x8cfe87fc96dbaae4, - 0xcc6615c8fb0492d, - 0xdc167fc04da19c37, - 0xab107d49317487ab, - 0x7e555df189f880e3, - 0x19083f5486a10cbd, - ])), - Fq::from_repr(BigInteger384([ - 0x228109103250c9d0, - 0x8a411ad149045812, - 0xa9109e8f3041427e, - 0xb07e9bc405608611, - 0xfcd559cbe77bd8b8, - 0x18d400b280d93e62, - ])), - ) - ); -} - -#[test] -fn test_fq2_doubling() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ); - a.double_in_place(); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x5a00f006d247ff8e, - 0x23cb3d4443476da4, - 0x1634a5c1521eb3da, - 0x72cd9c7784211627, - 0x998c938972a657e7, - 0x1f1a52b65bdb3b9, - ])), - Fq::from_repr(BigInteger384([ - 0x2efbeddf9b5dc1b6, - 0x28d5ca5ad09f4fdb, - 0x7c4068238cdf674b, - 0x67f15f81dc49195b, - 0x9c8c9bd4b79fa83d, - 0x25a226f714d506e, - ])), - ) - ); -} - -#[test] -fn test_fq2_frobenius_map() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ); - a.frobenius_map(0); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ) - ); - a.frobenius_map(1); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x228109103250c9d0, - 0x8a411ad149045812, - 0xa9109e8f3041427e, - 0xb07e9bc405608611, - 0xfcd559cbe77bd8b8, - 0x18d400b280d93e62, - ])), - ) - ); - a.frobenius_map(1); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ) - ); - a.frobenius_map(2); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ) - ); -} - -#[test] -fn test_fq2_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(Zero, Fq2::zero().legendre()); - // i^2 = -1 - let mut m1 = -Fq2::one(); - assert_eq!(QuadraticResidue, m1.legendre()); - m1 = Fq6Parameters::mul_fp2_by_nonresidue(&m1); - assert_eq!(QuadraticNonResidue, m1.legendre()); -} - -#[test] -fn test_fq2_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let nqr = Fq2::new(Fq::one(), Fq::one()); - - for _ in 0..1000 { - let mut a = Fq2::rand(&mut rng); - let mut b = a; - a = Fq6Parameters::mul_fp2_by_nonresidue(&a); - b.mul_assign(&nqr); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq6_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let nqr = Fq6::new(Fq2::zero(), Fq2::one(), Fq2::zero()); - - for _ in 0..1000 { - let mut a = Fq6::rand(&mut rng); - let mut b = a; - a = Fq12Parameters::mul_fp6_by_nonresidue(&a); - b.mul_assign(&nqr); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq6_mul_by_1() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c1 = Fq2::rand(&mut rng); - let mut a = Fq6::rand(&mut rng); - let mut b = a; - - a.mul_by_1(&c1); - b.mul_assign(&Fq6::new(Fq2::zero(), c1, Fq2::zero())); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq6_mul_by_01() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c0 = Fq2::rand(&mut rng); - let c1 = Fq2::rand(&mut rng); - let mut a = Fq6::rand(&mut rng); - let mut b = a; - - a.mul_by_01(&c0, &c1); - b.mul_assign(&Fq6::new(c0, c1, Fq2::zero())); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq12_mul_by_014() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c0 = Fq2::rand(&mut rng); - let c1 = Fq2::rand(&mut rng); - let c5 = Fq2::rand(&mut rng); - let mut a = Fq12::rand(&mut rng); - let mut b = a; - - a.mul_by_014(&c0, &c1, &c5); - b.mul_assign(&Fq12::new( - Fq6::new(c0, c1, Fq2::zero()), - Fq6::new(Fq2::zero(), c5, Fq2::zero()), - )); - - assert_eq!(a, b); - } -} diff --git a/algebra/src/fields/bn_382/fq.rs b/algebra/src/fields/bn_382/fq.rs deleted file mode 100644 index 36b50472e..000000000 --- a/algebra/src/fields/bn_382/fq.rs +++ /dev/null @@ -1,113 +0,0 @@ -use crate::{ - biginteger::BigInteger384 as BigInteger, - fields::{Fp384, Fp384Parameters, FpParameters}, - field_new -}; - -pub type Fq = Fp384; - -pub struct FqParameters; - -// const U : [u64; a] = [0, 1073873924]; -// const SIX_U_PLUS_2_NAF : [i8;98] = [0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -// 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -// 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -// 0, -1, 0, 1, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, -1, 0, 1, 0, 0, 0, 0, 0, 0, -// 0, 0, 0, 0, -1, 0, 1]; -// const CUBIC_NONRESIDUE_TO_Q_MINUS_1_OVER_2 : Fq2 = Fq2( -// field_new!(Fq, BigInteger([ 0x16b744a7d72fb912, 0x8db76da14b98776d, -// 0xd7d0fda03758326c, 0x9a05f3af0ce04699, 0x1c8a66ecb161efb2, -// 0x13a9f1d5f1261bfe ])), Fq::zero() -// ); -impl Fp384Parameters for FqParameters {} -impl FpParameters for FqParameters { - type BigInt = BigInteger; - - // MODULUS = 5543634365110765627805495722742127385843376434033820803592568747918351978899288491582778380528407187068941959692289 - const MODULUS: BigInteger = BigInteger([ - 0x1, - 0x1800c1818, - 0x8018309183030180, - 0xb48a3614289b0901, - 0x71503c69b09dbf88, - 0x2404893fdad8878e, - ]); - - const MODULUS_BITS: u32 = 382; - - // Check this - const REPR_SHAVE_BITS: u32 = 2; - - const R: BigInteger = BigInteger([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x7f56ac056aeaf57f, - 0x10388572e3c2c0f5, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a, - ]); - - // T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T - - const R2: BigInteger = BigInteger([ - 0xc79c121e98884701, - 0xfd75271b6a2e235d, - 0x1530439e68fe657, - 0xf6b7a72ebfbdbfb, - 0x50c6c2ce8f44951b, - 0x17fe189b54066561, - ]); - - const INV: u64 = 18446744073709551615; - - // GENERATOR = 14 - const GENERATOR: BigInteger = BigInteger([ - 0xffffffffffffff9d, - 0xffffff6b7b52aeb7, - 0x76a537ba55d66b7f, - 0x2e8d16344c0b846b, - 0x2df8a320b2feee22, - 0x123eec4e5e4393ea, - ]); - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const TWO_ADICITY: u32 = 67; - - const ROOT_OF_UNITY: Self::BigInt = BigInteger([ - 0xe38be9090411d7d0, - 0x579d9745d8f8468b, - 0x4a5514233c9850c5, - 0xa7c5be912557804a, - 0xc69e67da380310d4, - 0x136e8eef9cf4445b, - ]); - - const T: BigInteger = BigInteger([ - 0x30018303, - 0x3003061230606030, - 0x169146c285136120, - 0xce2a078d3613b7f1, - 0x4809127fb5b10f1, - 0x0, - ]); - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x1800c181, - 0x1801830918303018, - 0x8b48a3614289b090, - 0xe71503c69b09dbf8, - 0x2404893fdad8878, - 0x0, - ]); - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x0, - 0xc0060c0c, - 0xc00c1848c18180c0, - 0x5a451b0a144d8480, - 0x38a81e34d84edfc4, - 0x1202449fed6c43c7, - ]); -} - -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0])); diff --git a/algebra/src/fields/bn_382/fq12.rs b/algebra/src/fields/bn_382/fq12.rs deleted file mode 100644 index 0558f9d60..000000000 --- a/algebra/src/fields/bn_382/fq12.rs +++ /dev/null @@ -1,201 +0,0 @@ -use crate::{ - biginteger::BigInteger384, field_new, - fields::bn_382::{ - Fq, fq2::{Fq2, FQ2_ZERO, FQ2_ONE}, Fq6, Fq6Parameters, - }, - fp12_2over3over2::{Fp12, Fp12Parameters}, -}; - -pub type Fq12 = Fp12; - -#[derive(Clone, Copy)] -pub struct Fq12Parameters; - -impl Fp12Parameters for Fq12Parameters { - type Fp6Params = Fq6Parameters; - - const NONRESIDUE: Fq6 = field_new!(Fq6, FQ2_ZERO, FQ2_ONE, FQ2_ZERO); - - const FROBENIUS_COEFF_FP12_C1: &'static [Fq2] = &[ - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x7f56ac056aeaf57f, - 0x10388572e3c2c0f5, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0x51b19a7e3871df8a, - 0xff256c8a6096ca14, - 0x3c5ed207a2e9ac81, - 0xee047eb105d3e89c, - 0x59e5bf1f71597093, - 0x2226c77500bb1b4b - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0x43ac10f69cd0866e, - 0xb67658d4844670fa, - 0x64500aac20e3e056, - 0xe69857d69abfc002, - 0x521ddf42ec5832c5, - 0xee09eba205fe5d8 - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0x16b744a7d72fb912, - 0x8db76da14b98776d, - 0xd7d0fda03758326c, - 0x9a05f3af0ce04699, - 0x1c8a66ecb161efb2, - 0x13a9f1d5f1261bfe - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0x43ac10f69cd08675, - 0xb67658df049b19a2, - 0xe4f95ea6b5f8ead6, - 0xd65fd263b6fcff0c, - 0x6b4f8626c0a86f82, - 0xb005f791c4b9abd - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0xc505aa299ebdd989, - 0x8e9201186b0dc570, - 0x1b8a5c2a1771876a, - 0x608bab122fa766ff, - 0x33f4e436f0a63ea7, - 0x1587b3a0cb438841 - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0x8, - 0xc0060c0c0, - 0xc1848c18180c00, - 0xa451b0a144d8480c, - 0x8a81e34d84edfc45, - 0x202449fed6c43c73 - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0xae4e6581c78e2077, - 0xda93771f754e03, - 0x43b95e89e01954fe, - 0xc685b76322c72065, - 0x176a7d4a3f444ef4, - 0x1ddc1cada1d6c43 - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0xbc53ef09632f7993, - 0x4989a72cfbc5a71d, - 0x1bc825e5621f2129, - 0xcdf1de3d8ddb48ff, - 0x1f325d26c4458cc2, - 0x1523ea85ba78a1b6 - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0xe948bb5828d046ef, - 0x724892603473a0aa, - 0xa84732f14baacf13, - 0x1a8442651bbac267, - 0x54c5d57cff3bcfd6, - 0x105a9769e9b26b90 - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0xbc53ef09632f798c, - 0x4989a7227b70fe75, - 0x9b1ed1eacd0a16a9, - 0xde2a63b0719e09f4, - 0x600b642eff55005, - 0x190429c6be8cecd1 - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - field_new!( - Fq2, - field_new!( - Fq, - BigInteger384([ - 0x3afa55d661422678, - 0x716dfee914fe52a7, - 0x648dd4676b917a15, - 0x53fe8b01f8f3a202, - 0x3d5b5832bff780e1, - 0xe7cd59f0f94ff4d - ]) - ), - field_new!(Fq, BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - ]; -} diff --git a/algebra/src/fields/bn_382/fq2.rs b/algebra/src/fields/bn_382/fq2.rs deleted file mode 100644 index 5c19862b1..000000000 --- a/algebra/src/fields/bn_382/fq2.rs +++ /dev/null @@ -1,114 +0,0 @@ -use crate::{ - fields::bn_382::fq::{Fq, FQ_ONE, FQ_ZERO}, - fp2::{Fp2, Fp2Parameters}, - biginteger::BigInteger384 as BigInteger, field_new, - Field, -}; - -pub type Fq2 = Fp2; - -pub struct Fq2Parameters; - -impl Fp2Parameters for Fq2Parameters { - type Fp = Fq; - - /// NONRESIDUE = 7 - const NONRESIDUE: Fq = field_new!( - Fq, - BigInteger([ - 0xffffffffffffffcf, - 0xffffffb67daf6367, - 0x7b5eb425ec6cb67f, - 0x718ba6243a5346b6, - 0x4fa46fc531ce56d5, - 0x1b21bac71c8e0dbc - ]) - ); - - // U = sqrt(7) - /// QUADRATIC_NONRESIDUE = (0 + 2 * U) - const QUADRATIC_NONRESIDUE: (Fq, Fq) = ( - // 0 - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - // 2 - field_new!( - Fq, - BigInteger([ - 0xfffffffffffffff2, - 0xffffffeaff56aeaf, - 0xfead580ad5d5eaff, - 0x20710ae5c78581ea, - 0xcd9cb238575f8686, - 0x7c07e8208289635 - ]) - ), - ); - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_FP2_C1: &'static [Fq] = &[ - // Fq(7)**(((q^0) - 1) / 2) - field_new!( - Fq, - BigInteger([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x7f56ac056aeaf57f, - 0x10388572e3c2c0f5, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) - ), - // Fq(7)**(((q^1) - 1) / 2) - field_new!( - Fq, - BigInteger([ - 0x8, - 0xc0060c0c0, - 0xc1848c18180c00, - 0xa451b0a144d8480c, - 0x8a81e34d84edfc45, - 0x202449fed6c43c73 - ]) - ), - ]; - - #[inline(always)] - fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp { - // times 7 - let mut result = fe.clone(); - result.double_in_place(); // 2x - result += fe; // 3x - result.double_in_place(); // 6x - result += fe; // 7x - result - } -} - -pub const FQ2_ZERO: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ZERO); -pub const FQ2_ONE: Fq2 = field_new!(Fq2, FQ_ONE, FQ_ZERO); - -#[cfg(test)] -mod test { - #![allow(unused_imports)] - use super::*; - use crate::{Field, UniformRand}; - use rand::SeedableRng; - use rand_xorshift::XorShiftRng; - - #[test] - fn test_fq_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let seven: u32 = 7; - let non_residue = Fq::from(seven); - - for _ in 0..1000 { - let mut a = Fq::rand(&mut rng); - let mut b = a; - a = Fq2Parameters::mul_fp_by_nonresidue(&a); - b *= &non_residue; - - assert_eq!(a, b); - } - } -} diff --git a/algebra/src/fields/bn_382/fq6.rs b/algebra/src/fields/bn_382/fq6.rs deleted file mode 100644 index 46fb5d98d..000000000 --- a/algebra/src/fields/bn_382/fq6.rs +++ /dev/null @@ -1,254 +0,0 @@ -use crate::{ - fields::bn_382::{Fq, Fq2, Fq2Parameters}, - biginteger::BigInteger384 as BigInteger, - Field, field_new, - fp2::Fp2Parameters, - fp6_3over2::{Fp6, Fp6Parameters}, -}; - -pub type Fq6 = Fp6; - -#[derive(Clone, Copy)] -pub struct Fq6Parameters; - -impl Fp6Parameters for Fq6Parameters { - type Fp2Params = Fq2Parameters; - - // u = sqrt(7) - // 3 * u has no cube nor square nor sixth root - /// NONRESIDUE = (2 * U) - const NONRESIDUE: Fq2 = field_new!( - Fq2, - // 0 - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - // 3 - field_new!( - Fq, - BigInteger([ - 0xffffffffffffffeb, - 0xffffffe07f020607, - 0x7e04041040c0e07f, - 0x30a99058ab4842e0, - 0xb46b0b54830f49c9, - 0xba0bdc30c3ce150 - ]) - ), - ); - - const FROBENIUS_COEFF_FP6_C1: &'static [Fq2] = &[ - // Fq2(nqr)**(((q^0) - 1) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x7f56ac056aeaf57f, - 0x10388572e3c2c0f5, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((q^1) - 1) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0x43ac10f69cd0866e, - 0xb67658d4844670fa, - 0x64500aac20e3e056, - 0xe69857d69abfc002, - 0x521ddf42ec5832c5, - 0xee09eba205fe5d8 - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((q^2) - 1) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0x43ac10f69cd08675, - 0xb67658df049b19a2, - 0xe4f95ea6b5f8ead6, - 0xd65fd263b6fcff0c, - 0x6b4f8626c0a86f82, - 0xb005f791c4b9abd - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((q^3) - 1) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0x8, - 0xc0060c0c0, - 0xc1848c18180c00, - 0xa451b0a144d8480c, - 0x8a81e34d84edfc45, - 0x202449fed6c43c73 - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((q^4) - 1) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0xbc53ef09632f7993, - 0x4989a72cfbc5a71d, - 0x1bc825e5621f2129, - 0xcdf1de3d8ddb48ff, - 0x1f325d26c4458cc2, - 0x1523ea85ba78a1b6 - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((q^5) - 1) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0xbc53ef09632f798c, - 0x4989a7227b70fe75, - 0x9b1ed1eacd0a16a9, - 0xde2a63b0719e09f4, - 0x600b642eff55005, - 0x190429c6be8cecd1 - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - ]; - - const FROBENIUS_COEFF_FP6_C2: &'static [Fq2] = &[ - // (Fq2(nqr) ** (2/3)) ** (q^0) / (Fq2(nqr) ** (2/3)) - // Fq2(nqr)**(((2q^0) - 2) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x7f56ac056aeaf57f, - 0x10388572e3c2c0f5, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((2q^1) - 2) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0x43ac10f69cd08675, - 0xb67658df049b19a2, - 0xe4f95ea6b5f8ead6, - 0xd65fd263b6fcff0c, - 0x6b4f8626c0a86f82, - 0xb005f791c4b9abd - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((2q^2) - 2) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0xbc53ef09632f7993, - 0x4989a72cfbc5a71d, - 0x1bc825e5621f2129, - 0xcdf1de3d8ddb48ff, - 0x1f325d26c4458cc2, - 0x1523ea85ba78a1b6 - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((2q^3) - 2) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x7f56ac056aeaf57f, - 0x10388572e3c2c0f5, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((2q^4) - 2) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0x43ac10f69cd08675, - 0xb67658df049b19a2, - 0xe4f95ea6b5f8ead6, - 0xd65fd263b6fcff0c, - 0x6b4f8626c0a86f82, - 0xb005f791c4b9abd - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - // Fq2(nqr)**(((2q^5) - 2) / 3) - field_new!( - Fq2, - field_new!( - Fq, - BigInteger([ - 0xbc53ef09632f7993, - 0x4989a72cfbc5a71d, - 0x1bc825e5621f2129, - 0xcdf1de3d8ddb48ff, - 0x1f325d26c4458cc2, - 0x1523ea85ba78a1b6 - ]) - ), - field_new!(Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - ), - ]; - - /// Multiply this element by the quadratic nonresidue 0 + 3 * u. - fn mul_fp2_by_nonresidue(fe: &Fq2) -> Fq2 { - // 3 U (c0 + U * c1) - // == 3*7*c1 + U (3 c0) - - let seven_c1 = Fq2Parameters::mul_fp_by_nonresidue(&fe.c1); // 7*c1 - let mut c0 = seven_c1.clone(); - c0.double_in_place(); // 2*7*c1 - c0 += &seven_c1; // 3*7*c1 - - let mut c1 = fe.c0; - c1.double_in_place(); - c1 += &fe.c0; - - Fq2::new(c0, c1) - } -} - diff --git a/algebra/src/fields/bn_382/fr.rs b/algebra/src/fields/bn_382/fr.rs deleted file mode 100644 index 963b34ab1..000000000 --- a/algebra/src/fields/bn_382/fr.rs +++ /dev/null @@ -1,94 +0,0 @@ -use crate::{ - biginteger::BigInteger384 as BigInteger, - fields::{Fp384, Fp384Parameters, FpParameters}, -}; - -pub type Fr = Fp384; - -pub struct FrParameters; - -impl Fp384Parameters for FrParameters {} -impl FpParameters for FrParameters { - type BigInt = BigInteger; - - const MODULUS: BigInteger = BigInteger([ - 0x1, - 0x1800c1818, - 0x2012246d22424120, - 0xb48a3614289b0901, - 0x71503c69b09dbf88, - 0x2404893fdad8878e, - ]); - - const MODULUS_BITS: u32 = 382; - - const REPR_SHAVE_BITS: u32 = 2; - - const R: BigInteger = BigInteger([ - 0xfffffffffffffff9, - 0xfffffff57fab5757, - 0x1f8101041030381f, - 0x10388572e3c2c0f8, - 0xe6ce591c2bafc343, - 0x3e03f4104144b1a, - ]); - - const R2: BigInteger = BigInteger([ - 0xaa7b14a53b610887, - 0xb22034140d119ca9, - 0xe10d2796937ba75, - 0xe52454bf8b810402, - 0x1b4eec3d89fc0fd3, - 0xbc857aea27171f7, - ]); - - const INV: u64 = 18446744073709551615; - - // GENERATOR = 7 - const GENERATOR: BigInteger = BigInteger([ - 0xffffffffffffffcf, - 0xffffffb67daf6367, - 0xdc87071c715188df, - 0x718ba6243a5346c8, - 0x4fa46fc531ce56d5, - 0x1b21bac71c8e0dbc, - ]); - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const TWO_ADICITY: u32 = 67; - - const ROOT_OF_UNITY: Self::BigInt = BigInteger([ - 0xdb510d8c5d0d218f, - 0x447119a2f8d5e310, - 0x1373332ba33d5a84, - 0xb830356347b45dbb, - 0x851efb96cb691ec1, - 0x141037c57e9d0173, - ]); - - const T: BigInteger = BigInteger([ - 0x30018303, - 0x2402448da4484824, - 0x169146c285136120, - 0xce2a078d3613b7f1, - 0x4809127fb5b10f1, - 0x0, - ]); - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x1800c181, - 0x12012246d2242412, - 0x8b48a3614289b090, - 0xe71503c69b09dbf8, - 0x2404893fdad8878, - 0x0, - ]); - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x0, - 0xc0060c0c, - 0x9009123691212090, - 0x5a451b0a144d8480, - 0x38a81e34d84edfc4, - 0x1202449fed6c43c7, - ]); -} diff --git a/algebra/src/fields/bn_382/mod.rs b/algebra/src/fields/bn_382/mod.rs deleted file mode 100644 index f1010301d..000000000 --- a/algebra/src/fields/bn_382/mod.rs +++ /dev/null @@ -1,18 +0,0 @@ -pub mod fr; -pub use self::fr::*; - -pub mod fq; -pub use self::fq::*; - -pub mod fq2; -pub use self::fq2::*; - -pub mod fq6; -pub use self::fq6::*; - -pub mod fq12; -pub use self::fq12::*; - -#[cfg(test)] -mod tests; - diff --git a/algebra/src/fields/bn_382/tests.rs b/algebra/src/fields/bn_382/tests.rs deleted file mode 100644 index bdef3ca3e..000000000 --- a/algebra/src/fields/bn_382/tests.rs +++ /dev/null @@ -1,1697 +0,0 @@ -use crate::{ - biginteger::{BigInteger, BigInteger384}, - fields::{ - fp12_2over3over2::Fp12Parameters, Fp2Parameters, fp6_3over2::Fp6Parameters, FpParameters, - bn_382::{ - Fq, Fq12, Fq12Parameters, Fq2, Fq2Parameters, Fq6, Fq6Parameters, FqParameters, Fr, - }, - Field, PrimeField, SquareRootField, - tests::{field_test, primefield_test, frobenius_test, sqrt_field_test}, - }, - UniformRand, -}; -use std::{ - cmp::Ordering, - ops::{AddAssign, MulAssign}, -}; -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; - -pub(crate) const ITERATIONS: usize = 5; - -#[test] -fn test_size_fr() { - println!("{}", ::Params::MODULUS_BITS); - println!("{}", std::mem::size_of::<::BigInt>() * 8) -} - -#[test] -fn test_bn_382_fr() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fr = UniformRand::rand(&mut rng); - let b: Fr = UniformRand::rand(&mut rng); - field_test(a, b); - primefield_test::(); - sqrt_field_test(b); - } -} - -#[test] -fn test_bn_382_fq() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fq = UniformRand::rand(&mut rng); - let b: Fq = UniformRand::rand(&mut rng); - field_test(a, b); - primefield_test::(); - sqrt_field_test(a); - } -} - -#[test] -fn test_bn_382_fq2() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fq2 = UniformRand::rand(&mut rng); - let b: Fq2 = UniformRand::rand(&mut rng); - field_test(a, b); - sqrt_field_test(a); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_bn_382_fq6() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let g: Fq6 = UniformRand::rand(&mut rng); - let h: Fq6 = UniformRand::rand(&mut rng); - field_test(g, h); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_bn_382_fq12() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let g: Fq12 = UniformRand::rand(&mut rng); - let h: Fq12 = UniformRand::rand(&mut rng); - field_test(g, h); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_bn_382_negative_one() { - let neg_one = Fq::new(BigInteger384([ - 0x8, - 0xc0060c0c0, - 0xc1848c18180c00, - 0xa451b0a144d8480c, - 0x8a81e34d84edfc45, - 0x202449fed6c43c73, - ])); - assert_eq!(neg_one, -Fq::one()); -} - -#[test] -fn test_frob_coeffs() { - let nqr = Fq::from_repr(BigInteger384::from(7)); - let cq = Fq::characteristic(); - let q = BigInteger384([cq[0], cq[1], cq[2], cq[3], cq[4], cq[5]]); - - let q_minus_1_over_2 = { - let mut x = q.clone(); - let _ = x.sub_noborrow(&1.into()); - x.div2(); - x - }; - assert_eq!(Fq2Parameters::FROBENIUS_COEFF_FP2_C1[0], Fq::one()); - assert_eq!( - Fq2Parameters::FROBENIUS_COEFF_FP2_C1[1], - // (q - 1) / 2 - nqr.pow(q_minus_1_over_2) - ); - - let nqr = Fq6Parameters::NONRESIDUE.clone(); - assert_eq!(Fq6Parameters::FROBENIUS_COEFF_FP6_C1[0], Fq2::one()); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[1], - // (q - 1) / 3 - nqr.pow([ - 0, - 2147747848, - 9225641637177262208, - 10485338002510381824, - 2721697516351690029, - 865116730873272282, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[2], - // (q^2 - 1) / 3 - nqr.pow([ - 0, - 4295495696, - 13843001656410866112, - 12619659656556060161, - 7863949179600421831, - 17824932913741859728, - 14106172767398838916, - 10392428039924848012, - 18240516690138460617, - 4172794130351852566, - 3052012245806222584, - 121716920077541807, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[3], - // (q^3 - 1) / 3 - nqr.pow([ - 0, - 6443243544, - 13852080057700811712, - 13974760756070671107, - 8474791303092970207, - 15247111912366805117, - 12758405836849367900, - 12846794460241389429, - 13532760723228230634, - 8526073349132696454, - 16145725457143290934, - 3082578096989227526, - 6830165298950233162, - 17302433147824971781, - 12528394078520259374, - 13725539263945993487, - 13263483163850314236, - 17124866627198422, - ]) - ); - assert_eq!( - // (q^4 - 1) / 3 - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[4], - nqr.pow([ - 0, - 8590991392, - 9252876841047099008, - 3675693021278299142, - 3349650391287462279, - 13911023695139878569, - 16275601568726772140, - 3014688273044934821, - 1472059661550192864, - 2035158628369053974, - 1713684101115859557, - 9284221196945340952, - 2683613555443221405, - 15729065835098504351, - 15984104543943309973, - 12723413988826450866, - 41170366029762151, - 16008086735292104253, - 15596425719292126299, - 15108390649563014334, - 52931762420676395, - 13732307747156784034, - 7818978216170078201, - 2409369681819975, - ]) - ); - assert_eq!( - // (q^5 - 1) / 3 - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[5], - nqr.pow([ - 0, - 10738739240, - 45392006449728000, - 7740996319822131978, - 15478087213462929103, - 17472710613337942216, - 9044015039479477296, - 11586903911799256759, - 2813762230899659887, - 11104325984644937458, - 4302092015276168721, - 8234334058539386480, - 11962170479666254089, - 1461528360371107444, - 6162227182064005366, - 7232630698859231536, - 8412330371357627039, - 363274686941722124, - 4438052204811362316, - 15807890790833648603, - 17923236621871238366, - 10400515525131393666, - 14107173108564206483, - 5590046816246288581, - 16903738071061848386, - 5921390934571784652, - 6669210272393187091, - 1983999480480749653, - 857708666524832295, - 338984378100408, - ]) - ); - - assert_eq!(Fq6Parameters::FROBENIUS_COEFF_FP6_C2[0], Fq2::one()); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[1], - // (2 * q - 2) / 3 - nqr.pow([ - 0, - 4295495696, - 4539200644972800, - 2523931931311212033, - 5443395032703380059, - 1730233461746544564, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[2], - // (2 * q^2 - 2) / 3 - nqr.pow([ - 0, - 8590991392, - 9239259239112180608, - 6792575239402568707, - 15727898359200843663, - 17203121753774167840, - 9765601461088126217, - 2338112006140144409, - 18034289306567369619, - 8345588260703705133, - 6104024491612445168, - 243433840155083614, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[3], - // (2 * q^3 - 2) / 3 - nqr.pow([ - 0, - 12886487088, - 9257416041692071808, - 9502777438431790599, - 16949582606185940415, - 12047479751024058618, - 7070067599989184185, - 7246844846773227243, - 8618777372746909653, - 17052146698265392909, - 13844706840577030252, - 6165156193978455053, - 13660330597900466324, - 16158122221940391946, - 6610044083330967133, - 9004334454182435359, - 8080222253991076857, - 34249733254396845, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[4], - // (2 * q^4 - 2) / 3 - nqr.pow([ - 0, - 17181982784, - 59009608384646400, - 7351386042556598285, - 6699300782574924558, - 9375303316570205522, - 14104459063743992665, - 6029376546089869643, - 2944119323100385728, - 4070317256738107948, - 3427368202231719114, - 121698320181130288, - 5367227110886442811, - 13011387596487457086, - 13521465014177068331, - 7000083903943350117, - 82340732059524303, - 13569429396874656890, - 12746107364874700983, - 11770037225416477053, - 105863524841352791, - 9017871420604016452, - 15637956432340156403, - 4818739363639950, - ]) - ); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C2[5], - // (2 * q^5 - 2) / 3 - nqr.pow([ - 0, - 21477478480, - 90784012899456000, - 15481992639644263956, - 12509430353216306590, - 16498677152966332817, - 18088030078958954593, - 4727063749888961902, - 5627524461799319775, - 3761907895580323300, - 8604184030552337443, - 16468668117078772960, - 5477596885622956562, - 2923056720742214889, - 12324454364128010732, - 14465261397718463072, - 16824660742715254078, - 726549373883444248, - 8876104409622724632, - 13169037507957745590, - 17399729170032925117, - 2354286976553235717, - 9767602143418861351, - 11180093632492577163, - 15360732068414145156, - 11842781869143569305, - 13338420544786374182, - 3967998960961499306, - 1715417333049664590, - 677968756200816, - ]) - ); - - let nqr = Fq6Parameters::NONRESIDUE.clone(); - assert_eq!(Fq12Parameters::FROBENIUS_COEFF_FP12_C1[0], Fq2::one()); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[1], - nqr.pow([ - 0, - 1073873924, - 4612820818588631104, - 14466041038109966720, - 1360848758175845014, - 432558365436636141, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[2], - nqr.pow([ - 0, - 2147747848, - 16144872865060208864, - 15533201865132805888, - 3931974589800210915, - 8912466456870929864, - 7053086383699419458, - 14419586056817199814, - 9120258345069230308, - 2086397065175926283, - 10749378159757887100, - 60858460038770903, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[3], - nqr.pow(vec![ - 0, - 3221621772, - 16149412065705181664, - 16210752414890111361, - 13460767688401260911, - 7623555956183402558, - 15602574955279459758, - 6423397230120694714, - 6766380361614115317, - 4263036674566348227, - 8072862728571645467, - 1541289048494613763, - 12638454686329892389, - 8651216573912485890, - 15487569076114905495, - 6862769631972996743, - 6631741581925157118, - 8562433313599211, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[4], - nqr.pow(vec![ - 0, - 4295495696, - 4626438420523549504, - 11061218547493925379, - 10898197232498506947, - 6955511847569939284, - 17361172821218161878, - 1507344136522467410, - 736029830775096432, - 10240951351039302795, - 856842050557929778, - 13865482635327446284, - 10565178814576386510, - 17087904954404027983, - 7992052271971654986, - 15585079031268001241, - 9243957219869656883, - 17227415404500827934, - 7798212859646063149, - 16777567361636282975, - 26465881210338197, - 16089525910433167825, - 13132861144939814908, - 1204684840909987, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[5], - nqr.pow(vec![ - 0, - 5369369620, - 22696003224864000, - 13093870196765841797, - 7739043606731464551, - 8736355306668971108, - 13745379556594514456, - 15016823992754404187, - 1406881115449829943, - 14775535029177244537, - 2151046007638084360, - 13340539066124469048, - 5981085239833127044, - 730764180185553722, - 3081113591032002683, - 12839687386284391576, - 4206165185678813519, - 181637343470861062, - 11442398139260456966, - 7903945395416824301, - 8961618310935619183, - 14423629799420472641, - 16276958591136879049, - 2795023408123144290, - 8451869035530924193, - 12184067504140668134, - 12557977173051369353, - 10215371777095150634, - 428854333262416147, - 169492189050204, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[6], - nqr.pow(vec![ - 0, - 6443243544, - 2338184813809125152, - 16871233222817902855, - 9128410254440549604, - 6358414737107760671, - 7468729267714966206, - 13941217655799039844, - 13346431459341595049, - 7898852908234196435, - 15336792284145632846, - 11388163220812683193, - 3081093040835939111, - 3129346386773272968, - 9927228518296795807, - 7377526438469140102, - 10982033484834786477, - 4338217268182375900, - 9361642498942237193, - 95770243317576020, - 12381045952473046729, - 13583764370608885618, - 6914038083938247018, - 11758473285549676044, - 11115849729267060548, - 17409651029690199254, - 1556144995363291, - 201277993468444800, - 4475903768997462991, - 14292114947578464987, - 11232182361686567882, - 8023223058519243510, - 8460645903912770899, - 3728985165610438147, - 9557646917806612605, - 23846570632805, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[7], - nqr.pow(vec![ - 0, - 7517117468, - 11572904852276332960, - 16955833485762150793, - 13861723677667078339, - 3351040880758239373, - 10187361698481445917, - 13133145996058314825, - 9880302656011032102, - 13564594818746138045, - 7715332987162020029, - 8507406103252913234, - 3841936539250661075, - 1805614599139944761, - 203070458119069734, - 6012523277532087348, - 17138495458943996700, - 554721240220003420, - 12440154572222299423, - 16155796765560152746, - 16906961404535980601, - 16988772101138510128, - 10387531528977690481, - 11239496299840526324, - 17694275296936601295, - 8678865958464098749, - 9320448299481179664, - 4686598267618731179, - 13742235150573415491, - 12374458970711564027, - 269339566263283418, - 10481813823058826132, - 717376942815119705, - 13666875719826635227, - 12280940418647842802, - 9519820163220694865, - 617514567176427309, - 12583439039711230168, - 17395426026137895032, - 8613762055003349927, - 10640527628973352346, - 3355074556131, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[8], - nqr.pow(vec![ - 0, - 8590991392, - 9280112044916935808, - 7910196845710627852, - 14384733437153267341, - 13506577854283292941, - 10857690159372235189, - 272593318034492385, - 12923380669675470042, - 2100692327127267929, - 13230996614761816179, - 7168823705819996997, - 13956769771436729488, - 5681613690936661631, - 11503781881124304312, - 17948477454354511940, - 2585515360459221833, - 8259262986641375999, - 10186761771126765300, - 138677943505860314, - 5250511679047117534, - 14897331219308048187, - 569947668211672644, - 9595808377407591607, - 3673903986281427142, - 4870403510282402826, - 2096666344982093356, - 12051547529286607576, - 1844298388091022287, - 1306834614315497461, - 6474597614146232073, - 12878772894351383459, - 14872419472349185632, - 14433096506366908483, - 6489113408900444583, - 12661100796117668959, - 91512520663806584, - 1296368661047785873, - 10476259365810701958, - 2053707460771923724, - 6065289503083254206, - 6873892662994326422, - 12294887061544157066, - 1245036048899490368, - 878322480486140511, - 3487162457538806614, - 11345805986413709742, - 472039583826, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[9], - nqr.pow(vec![ - 0, - 9664865316, - 13906550465440485312, - 2743593236484927887, - 15240256226051785162, - 5666101964554392148, - 15486630721293003604, - 11085304049122138569, - 3743538961979692360, - 10479969010368013395, - 8805888377599446479, - 1551988704758378836, - 14640760467567754482, - 17095114512289855362, - 17093001622846958786, - 7870427257463436135, - 5710915045644416575, - 4183002850442633052, - 2183746690979144293, - 10361570738316409762, - 1823519866094145509, - 1979140920109133656, - 3934637357680171129, - 483707244939023109, - 1565783218869661592, - 2070037913090854503, - 14241273410721161637, - 10692540910451051929, - 15363289899804154929, - 15065156723151968355, - 14866176115383228793, - 1754717951053774339, - 6219089168165776907, - 2843316444832961545, - 7769394471483342945, - 6209130940448592686, - 9895465624289118027, - 3768298914925623782, - 9749235554500066774, - 1141391204377577507, - 14056362858548820458, - 16607719785754580914, - 15673364900352983470, - 580200748086459451, - 10509892878537744119, - 15607998199247548635, - 12824174783078822258, - 6481915545385316101, - 1957565790411709196, - 349002659769060597, - 16415225026456770303, - 1404654246286235655, - 6356350610771785647, - 66413239101, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[10], - nqr.pow(vec![ - 0, - 10738739240, - 7005476040137429856, - 14465292591906644755, - 14621431796216200706, - 14525857187455188078, - 10700440084621593392, - 12242072263566209620, - 8264012505466920242, - 14417507739553060693, - 16334656267535174813, - 5608731228249949498, - 13823809389348153905, - 7430045463521736622, - 2833765277650240876, - 1309907354854159809, - 5021927718196352462, - 15874794418293664475, - 15608826217061854163, - 1595251607803040137, - 8888388384778788, - 7831801103413923870, - 6005456231811099037, - 6096848355567875777, - 15850729980334142493, - 1624611499560916485, - 6184106485895126123, - 6387589785991100343, - 4441436714440535396, - 10674155509432621698, - 10042502358973557699, - 2576341273935999356, - 18156873608396522635, - 617515025121520734, - 9881222500003602426, - 4756903745958102601, - 2006577979583400419, - 8327703057715215960, - 15321419544975328394, - 12628506519071548335, - 13177222782269231712, - 2411912121646877137, - 10868769581993413381, - 16185388380426370530, - 5539608759663320000, - 10723559808687022239, - 14719067825964600572, - 460658681716792668, - 10091533243992712257, - 14530462048548757687, - 12200158948752460980, - 18189052240063574460, - 2913087417685331074, - 4736340601006000495, - 2372095410131630914, - 16516702885801480121, - 17997825935487833985, - 9257298735064255248, - 1536693001487705261, - 9343958598, - ]) - ); - assert_eq!( - Fq12Parameters::FROBENIUS_COEFF_FP12_C1[11], - nqr.pow(vec![ - 0, - 11812613164, - 7023632842717321056, - 744332624668717463, - 4371722958200983232, - 11636017688460936382, - 17152858786832518158, - 5682050630732907671, - 8727981457605556050, - 10057238357286604968, - 4003863022247557308, - 7604055838654582988, - 12261673555141771681, - 15883167835850577292, - 5714157687636561277, - 14618404407668008357, - 16402832752841580893, - 5972425114553822180, - 12155917574793055344, - 8808187807425270992, - 9211841961893389931, - 12725660675278824272, - 12414773954685858373, - 9792868552842682366, - 5719933945026251524, - 12537786363063843971, - 18187538106036260758, - 12740838136551074431, - 7969056988229557200, - 872948111533580865, - 17726711914655473767, - 770549698442050016, - 16298837429388465735, - 5178749236651908864, - 18138853862298625203, - 7793664090201224685, - 11193293738282492653, - 9873076932945272135, - 15807756096133577526, - 10083282791902955936, - 2195531347646939012, - 16238427073634898251, - 5493913095325849250, - 14170967139044366675, - 12805124499495589934, - 11391084290952387861, - 9364144152903456451, - 1899440368800537432, - 2322858144550417821, - 10240253012091294361, - 15065302116186703837, - 12448570265819329800, - 6343718079088714168, - 4380121812362314977, - 8816058002082775395, - 8311367630575408773, - 1256689681524789185, - 15712089605351878639, - 2370617092363650854, - 1292526687163685054, - 1968496925520971753, - 14509852769280912127, - 83170576256002463, - 15256590279050317540, - 18173816319152067096, - 1314640927, - ]) - ); -} - -#[test] -fn test_fq_repr_from() { - assert_eq!( - BigInteger384::from(100), - BigInteger384([100, 0, 0, 0, 0, 0]) - ); -} - -#[test] -fn test_fq_repr_is_odd() { - assert!(!BigInteger384::from(0).is_odd()); - assert!(BigInteger384::from(0).is_even()); - assert!(BigInteger384::from(1).is_odd()); - assert!(!BigInteger384::from(1).is_even()); - assert!(!BigInteger384::from(324834872).is_odd()); - assert!(BigInteger384::from(324834872).is_even()); - assert!(BigInteger384::from(324834873).is_odd()); - assert!(!BigInteger384::from(324834873).is_even()); -} - -#[test] -fn test_fq_repr_is_zero() { - assert!(BigInteger384::from(0).is_zero()); - assert!(!BigInteger384::from(1).is_zero()); - assert!(!BigInteger384([0, 0, 0, 0, 1, 0]).is_zero()); -} - -#[test] -fn test_fq_repr_div2() { - let mut a = BigInteger384([ - 0x8b0ad39f8dd7482a, - 0x147221c9a7178b69, - 0x54764cb08d8a6aa0, - 0x8519d708e1d83041, - 0x41f82777bd13fdb, - 0xf43944578f9b771b, - ]); - a.div2(); - assert_eq!( - a, - BigInteger384([ - 0xc58569cfc6eba415, - 0xa3910e4d38bc5b4, - 0xaa3b265846c53550, - 0xc28ceb8470ec1820, - 0x820fc13bbde89fed, - 0x7a1ca22bc7cdbb8d, - ]) - ); - for _ in 0..10 { - a.div2(); - } - assert_eq!( - a, - BigInteger384([ - 0x6d31615a73f1bae9, - 0x54028e443934e2f1, - 0x82a8ec99611b14d, - 0xfb70a33ae11c3b06, - 0xe36083f04eef7a27, - 0x1e87288af1f36e, - ]) - ); - for _ in 0..300 { - a.div2(); - } - assert_eq!( - a, - BigInteger384([0x7288af1f36ee3608, 0x1e8, 0x0, 0x0, 0x0, 0x0]) - ); - for _ in 0..50 { - a.div2(); - } - assert_eq!(a, BigInteger384([0x7a1ca2, 0x0, 0x0, 0x0, 0x0, 0x0])); - for _ in 0..22 { - a.div2(); - } - assert_eq!(a, BigInteger384([0x1, 0x0, 0x0, 0x0, 0x0, 0x0])); - a.div2(); - assert!(a.is_zero()); -} - -#[test] -fn test_fq_repr_divn() { - let mut a = BigInteger384([ - 0xaa5cdd6172847ffd, - 0x43242c06aed55287, - 0x9ddd5b312f3dd104, - 0xc5541fd48046b7e7, - 0x16080cf4071e0b05, - 0x1225f2901aea514e, - ]); - a.divn(0); - assert_eq!( - a, - BigInteger384([ - 0xaa5cdd6172847ffd, - 0x43242c06aed55287, - 0x9ddd5b312f3dd104, - 0xc5541fd48046b7e7, - 0x16080cf4071e0b05, - 0x1225f2901aea514e, - ]) - ); - a.divn(1); - assert_eq!( - a, - BigInteger384([ - 0xd52e6eb0b9423ffe, - 0x21921603576aa943, - 0xceeead98979ee882, - 0xe2aa0fea40235bf3, - 0xb04067a038f0582, - 0x912f9480d7528a7, - ]) - ); - a.divn(50); - assert_eq!( - a, - BigInteger384([ - 0x8580d5daaa50f54b, - 0xab6625e7ba208864, - 0x83fa9008d6fcf3bb, - 0x19e80e3c160b8aa, - 0xbe52035d4a29c2c1, - 0x244, - ]) - ); - a.divn(130); - assert_eq!( - a, - BigInteger384([ - 0xa0fea40235bf3cee, - 0x4067a038f0582e2a, - 0x2f9480d7528a70b0, - 0x91, - 0x0, - 0x0, - ]) - ); - a.divn(64); - assert_eq!( - a, - BigInteger384([0x4067a038f0582e2a, 0x2f9480d7528a70b0, 0x91, 0x0, 0x0, 0x0]) - ); -} - -#[test] -fn test_fq_repr_mul2() { - let mut a = BigInteger384::from(23712937547); - a.mul2(); - assert_eq!(a, BigInteger384([0xb0acd6c96, 0x0, 0x0, 0x0, 0x0, 0x0])); - for _ in 0..60 { - a.mul2(); - } - assert_eq!( - a, - BigInteger384([0x6000000000000000, 0xb0acd6c9, 0x0, 0x0, 0x0, 0x0]) - ); - for _ in 0..300 { - a.mul2(); - } - assert_eq!( - a, - BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0xcd6c960000000000]) - ); - for _ in 0..17 { - a.mul2(); - } - assert_eq!( - a, - BigInteger384([0x0, 0x0, 0x0, 0x0, 0x0, 0x2c00000000000000]) - ); - for _ in 0..6 { - a.mul2(); - } - assert!(a.is_zero()); -} - -#[test] -fn test_fq_repr_num_bits() { - let mut a = BigInteger384::from(0); - assert_eq!(0, a.num_bits()); - a = BigInteger384::from(1); - for i in 1..385 { - assert_eq!(i, a.num_bits()); - a.mul2(); - } - assert_eq!(0, a.num_bits()); -} - -#[test] -fn test_fq_repr_sub_noborrow() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let mut t = BigInteger384([ - 0x827a4a08041ebd9, - 0x3c239f3dcc8f0d6b, - 0x9ab46a912d555364, - 0x196936b17b43910b, - 0xad0eb3948a5c34fd, - 0xd56f7b5ab8b5ce8, - ]); - t.sub_noborrow(&BigInteger384([ - 0xc7867917187ca02b, - 0x5d75679d4911ffef, - 0x8c5b3e48b1a71c15, - 0x6a427ae846fd66aa, - 0x7a37e7265ee1eaf9, - 0x7c0577a26f59d5, - ])); - assert!( - t == BigInteger384([ - 0x40a12b8967c54bae, - 0xdeae37a0837d0d7b, - 0xe592c487bae374e, - 0xaf26bbc934462a61, - 0x32d6cc6e2b7a4a03, - 0xcdaf23e091c0313, - ]) - ); - - for _ in 0..1000 { - let mut a = BigInteger384::rand(&mut rng); - a.0[5] >>= 30; - let mut b = a; - for _ in 0..10 { - b.mul2(); - } - let mut c = b; - for _ in 0..10 { - c.mul2(); - } - - assert!(a < b); - assert!(b < c); - - let mut csub_ba = c; - csub_ba.sub_noborrow(&b); - csub_ba.sub_noborrow(&a); - - let mut csub_ab = c; - csub_ab.sub_noborrow(&a); - csub_ab.sub_noborrow(&b); - - assert_eq!(csub_ab, csub_ba); - } - - // Subtracting q+1 from q should produce -1 (mod 2**384) - let mut qplusone = BigInteger384([ - 0xb9feffffffffaaab, - 0x1eabfffeb153ffff, - 0x6730d2a0f6b0f624, - 0x64774b84f38512bf, - 0x4b1ba7b6434bacd7, - 0x1a0111ea397fe69a, - ]); - qplusone.sub_noborrow(&BigInteger384([ - 0xb9feffffffffaaac, - 0x1eabfffeb153ffff, - 0x6730d2a0f6b0f624, - 0x64774b84f38512bf, - 0x4b1ba7b6434bacd7, - 0x1a0111ea397fe69a, - ])); - assert_eq!( - qplusone, - BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ]) - ); -} - -#[test] -fn test_fq_repr_add_nocarry() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let mut t = BigInteger384([ - 0x827a4a08041ebd9, - 0x3c239f3dcc8f0d6b, - 0x9ab46a912d555364, - 0x196936b17b43910b, - 0xad0eb3948a5c34fd, - 0xd56f7b5ab8b5ce8, - ]); - t.add_nocarry(&BigInteger384([ - 0xc7867917187ca02b, - 0x5d75679d4911ffef, - 0x8c5b3e48b1a71c15, - 0x6a427ae846fd66aa, - 0x7a37e7265ee1eaf9, - 0x7c0577a26f59d5, - ])); - assert!( - t == BigInteger384([ - 0xcfae1db798be8c04, - 0x999906db15a10d5a, - 0x270fa8d9defc6f79, - 0x83abb199c240f7b6, - 0x27469abae93e1ff6, - 0xdd2fd2d4dfab6be, - ]) - ); - - // Test for the associativity of addition. - for _ in 0..1000 { - let mut a = BigInteger384::rand(&mut rng); - let mut b = BigInteger384::rand(&mut rng); - let mut c = BigInteger384::rand(&mut rng); - - // Unset the first few bits, so that overflow won't occur. - a.0[5] >>= 3; - b.0[5] >>= 3; - c.0[5] >>= 3; - - let mut abc = a; - abc.add_nocarry(&b); - abc.add_nocarry(&c); - - let mut acb = a; - acb.add_nocarry(&c); - acb.add_nocarry(&b); - - let mut bac = b; - bac.add_nocarry(&a); - bac.add_nocarry(&c); - - let mut bca = b; - bca.add_nocarry(&c); - bca.add_nocarry(&a); - - let mut cab = c; - cab.add_nocarry(&a); - cab.add_nocarry(&b); - - let mut cba = c; - cba.add_nocarry(&b); - cba.add_nocarry(&a); - - assert_eq!(abc, acb); - assert_eq!(abc, bac); - assert_eq!(abc, bca); - assert_eq!(abc, cab); - assert_eq!(abc, cba); - } - - // Adding 1 to (2^384 - 1) should produce zero - let mut x = BigInteger384([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ]); - x.add_nocarry(&BigInteger384::from(1)); - assert!(x.is_zero()); -} - -#[test] -fn test_fq_add_assign() { - { - // Random number - let mut tmp = Fq::new(BigInteger384([ - 0x624434821df92b69, - 0x503260c04fd2e2ea, - 0xd9df726e0d16e8ce, - 0xfbcb39adfd5dfaeb, - 0x86b8a22b0c88b112, - 0x165a2ed809e4201b, - ])); - // Test that adding zero has no effect. - tmp.add_assign(&Fq::new(BigInteger384::from(0))); - assert_eq!( - tmp, - Fq::new(BigInteger384([ - 0x624434821df92b69, - 0x503260c04fd2e2ea, - 0xd9df726e0d16e8ce, - 0xfbcb39adfd5dfaeb, - 0x86b8a22b0c88b112, - 0x165a2ed809e4201b, - ])) - ); - } - - // Test associativity - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Generate a, b, c and ensure (a + b) + c == a + (b + c). - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - - let mut tmp2 = b; - tmp2.add_assign(&c); - tmp2.add_assign(&a); - - assert_eq!(tmp1, tmp2); - } -} - -#[test] -fn test_fq_mul_assign() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * b) * c = a * (b * c) - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.mul_assign(&b); - tmp1.mul_assign(&c); - - let mut tmp2 = b; - tmp2.mul_assign(&c); - tmp2.mul_assign(&a); - - assert_eq!(tmp1, tmp2); - } - - for _ in 0..1000000 { - // Ensure that r * (a + b + c) = r*a + r*b + r*c - - let r = Fq::rand(&mut rng); - let mut a = Fq::rand(&mut rng); - let mut b = Fq::rand(&mut rng); - let mut c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - tmp1.mul_assign(&r); - - a.mul_assign(&r); - b.mul_assign(&r); - c.mul_assign(&r); - - a.add_assign(&b); - a.add_assign(&c); - - assert_eq!(tmp1, a); - } -} - -#[test] -fn test_fq_squaring() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * a) = a^2 - let a = Fq::rand(&mut rng); - - let mut tmp = a; - tmp.square_in_place(); - - let mut tmp2 = a; - tmp2.mul_assign(&a); - - assert_eq!(tmp, tmp2); - } -} - -#[test] -fn test_fq_inverse() { - assert!(Fq::zero().inverse().is_none()); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let one = Fq::one(); - - for _ in 0..1000 { - // Ensure that a * a^-1 = 1 - let mut a = Fq::rand(&mut rng); - let ainv = a.inverse().unwrap(); - a.mul_assign(&ainv); - assert_eq!(a, one); - } -} - -#[test] -fn test_fq_double_in_place() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure doubling a is equivalent to adding a to itself. - let mut a = Fq::rand(&mut rng); - let mut b = a; - b.add_assign(&a); - a.double_in_place(); - assert_eq!(a, b); - } -} - -#[test] -fn test_fq_negate() { - { - let a = -Fq::zero(); - - assert!(a.is_zero()); - } - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure (a - (-a)) = 0. - let mut a = Fq::rand(&mut rng); - let b = -a; - a.add_assign(&b); - - assert!(a.is_zero()); - } -} - -#[test] -fn test_fq_pow() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for i in 0..1000 { - // Exponentiate by various small numbers and ensure it consists with repeated - // multiplication. - let a = Fq::rand(&mut rng); - let target = a.pow(&[i]); - let mut c = Fq::one(); - for _ in 0..i { - c.mul_assign(&a); - } - assert_eq!(c, target); - } - - for _ in 0..1000 { - // Exponentiating by the modulus should have no effect in a prime field. - let a = Fq::rand(&mut rng); - - assert_eq!(a, a.pow(Fq::characteristic())); - } -} - -#[test] -fn test_fq_sqrt() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero()); - - for _ in 0..1000 { - // Ensure sqrt(a^2) = a or -a - let a = Fq::rand(&mut rng); - let nega = -a; - let mut b = a; - b.square_in_place(); - - let b = b.sqrt().unwrap(); - - assert!(a == b || nega == b); - } - - for _ in 0..1000 { - // Ensure sqrt(a)^2 = a for random a - let a = Fq::rand(&mut rng); - - if let Some(mut tmp) = a.sqrt() { - tmp.square_in_place(); - - assert_eq!(a, tmp); - } - } -} - -#[test] -fn test_fq_num_bits() { - assert_eq!(FqParameters::MODULUS_BITS, 382); - assert_eq!(FqParameters::CAPACITY, 381); -} - -#[test] -fn test_fq_ordering() { - // BigInteger384's ordering is well-tested, but we still need to make sure the - // Fq elements aren't being compared in Montgomery form. - for i in 0..100 { - assert!(Fq::from_repr(BigInteger384::from(i + 1)) > Fq::from_repr(BigInteger384::from(i))); - } -} - -// #[test] -// fn fq_repr_tests() { -// ::tests::repr::random_repr_tests::(); -// } - -#[test] -fn test_fq_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(QuadraticResidue, Fq::one().legendre()); - assert_eq!(Zero, Fq::zero().legendre()); - - assert_eq!( - QuadraticResidue, - Fq::from_repr(BigInteger384::from(2)).legendre() - ); - assert_eq!( - QuadraticResidue, - Fq::from_repr(BigInteger384::from(4)).legendre() - ); -} - -#[test] -fn test_fq2_ordering() { - let mut a = Fq2::new(Fq::zero(), Fq::zero()); - - let mut b = a.clone(); - - assert!(a.cmp(&b) == Ordering::Equal); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); - b.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Greater); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); -} - -#[test] -fn test_fq2_basics() { - assert_eq!(Fq2::new(Fq::zero(), Fq::zero(),), Fq2::zero()); - assert_eq!(Fq2::new(Fq::one(), Fq::zero(),), Fq2::one()); - assert!(Fq2::zero().is_zero()); - assert!(!Fq2::one().is_zero()); - assert!(!Fq2::new(Fq::zero(), Fq::one(),).is_zero()); -} - -#[test] -fn test_fq2_inverse() { - assert!(Fq2::zero().inverse().is_none()); - - let a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x57712f649f231bf3, - 0xdd7cddf2f4603dcb, - 0xf350693f560f254, - 0xd6bd3fdd0fc3b5b4, - 0xdb7c5e8258036911, - 0xe84c7a88c502271, - ])), - Fq::from_repr(BigInteger384([ - 0xc04ec3bd1ede925e, - 0x54d5f95f26628255, - 0xf2ff26a3f286464b, - 0x72d8f68e3c11222b, - 0xfa5a1b93b0813f7a, - 0x168178c674fe5e1c, - ])), - ); - let a = a.inverse().unwrap(); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x76e2a7728a451901, - 0x2717121041121420, - 0x2fdb1e07d9ac7a6e, - 0xb76e522717bbcdf5, - 0x5fec3d6b14481c4, - 0xc639eebd0f0f919 - ])), - Fq::from_repr(BigInteger384([ - 0xb219dc3c41a7fc1e, - 0xef737caadc1e, - 0xf8b3637027635f79, - 0x35f7aaba0c8c876a, - 0x51ab431de9fad2e5, - 0xa52a6c3c748fbec - ])), - ) - ); -} - -#[test] -fn test_fq2_addition() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ); - a.add_assign(&Fq2::new( - Fq::from_repr(BigInteger384([ - 0x619a02d78dc70ef2, - 0xb93adfc9119e33e8, - 0x4bf0b99a9f0dca12, - 0x3b88899a42a6318f, - 0x986a4a62fa82a49d, - 0x13ce433fa26027f5, - ])), - Fq::from_repr(BigInteger384([ - 0x66323bf80b58b9b9, - 0xa1379b6facf6e596, - 0x402aef1fb797e32f, - 0x2236f55246d0d44d, - 0x4c8c1800eb104566, - 0x11d6e20e986c2085, - ])), - )); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x8e9a7adaf6eb0eb9, - 0xcb207e6b3341eaba, - 0xd70b0c7b481d23ff, - 0xf4ef57d604b6bca2, - 0x65309427b3d5d090, - 0x14c715d5553f01d2, - ])), - Fq::from_repr(BigInteger384([ - 0xfdb032e7d9079a94, - 0x35a2809d15468d83, - 0xfe4b23317e0796d5, - 0xd62fa51334f560fa, - 0x9ad265eb46e01984, - 0x1303f3465112c8bc, - ])), - ) - ); -} - -#[test] -fn test_fq2_doubling() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger384([ - 0x2d0078036923ffc7, - 0x11e59ea221a3b6d2, - 0x8b1a52e0a90f59ed, - 0xb966ce3bc2108b13, - 0xccc649c4b9532bf3, - 0xf8d295b2ded9dc, - ])), - Fq::from_repr(BigInteger384([ - 0x977df6efcdaee0db, - 0x946ae52d684fa7ed, - 0xbe203411c66fb3a5, - 0xb3f8afc0ee248cad, - 0x4e464dea5bcfd41e, - 0x12d1137b8a6a837, - ])), - ); - a.double_in_place(); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger384([ - 0x5a00f006d247ff8e, - 0x23cb3d4443476da4, - 0x1634a5c1521eb3da, - 0x72cd9c7784211627, - 0x998c938972a657e7, - 0x1f1a52b65bdb3b9, - ])), - Fq::from_repr(BigInteger384([ - 0x2efbeddf9b5dc1b6, - 0x28d5ca5ad09f4fdb, - 0x7c4068238cdf674b, - 0x67f15f81dc49195b, - 0x9c8c9bd4b79fa83d, - 0x25a226f714d506e, - ])), - ) - ); -} - -#[test] -fn test_fq2_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(Zero, Fq2::zero().legendre()); - // i^2 = -1 - let mut m1 = -Fq2::one(); - assert_eq!(QuadraticResidue, m1.legendre()); - m1 = Fq6Parameters::mul_fp2_by_nonresidue(&m1); - assert_eq!(QuadraticNonResidue, m1.legendre()); -} - -#[test] -fn test_fq6_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let nqr = Fq6::new(Fq2::zero(), Fq2::one(), Fq2::zero()); - - for _ in 0..1000 { - let mut a = Fq6::rand(&mut rng); - let mut b = a; - a = Fq12Parameters::mul_fp6_by_nonresidue(&a); - b.mul_assign(&nqr); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq6_mul_by_1() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c1 = Fq2::rand(&mut rng); - let mut a = Fq6::rand(&mut rng); - let mut b = a; - - a.mul_by_1(&c1); - b.mul_assign(&Fq6::new(Fq2::zero(), c1, Fq2::zero())); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq6_mul_by_01() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c0 = Fq2::rand(&mut rng); - let c1 = Fq2::rand(&mut rng); - let mut a = Fq6::rand(&mut rng); - let mut b = a; - - a.mul_by_01(&c0, &c1); - b.mul_assign(&Fq6::new(c0, c1, Fq2::zero())); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq12_mul_by_014() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c0 = Fq2::rand(&mut rng); - let c1 = Fq2::rand(&mut rng); - let c5 = Fq2::rand(&mut rng); - let mut a = Fq12::rand(&mut rng); - let mut b = a; - - a.mul_by_014(&c0, &c1, &c5); - b.mul_assign(&Fq12::new( - Fq6::new(c0, c1, Fq2::zero()), - Fq6::new(Fq2::zero(), c5, Fq2::zero()), - )); - - assert_eq!(a, b); - } -} diff --git a/algebra/src/fields/edwards_bls12/fq.rs b/algebra/src/fields/edwards_bls12/fq.rs deleted file mode 100644 index e053865ab..000000000 --- a/algebra/src/fields/edwards_bls12/fq.rs +++ /dev/null @@ -1 +0,0 @@ -pub use crate::fields::bls12_377::fr::{Fr as Fq, FrParameters as FqParameters}; diff --git a/algebra/src/fields/edwards_bls12/fr.rs b/algebra/src/fields/edwards_bls12/fr.rs deleted file mode 100644 index ccb9ea499..000000000 --- a/algebra/src/fields/edwards_bls12/fr.rs +++ /dev/null @@ -1,71 +0,0 @@ -use crate::{ - biginteger::BigInteger256 as BigInteger, - fields::{Fp256, Fp256Parameters, FpParameters}, -}; - -pub type Fr = Fp256; - -pub struct FrParameters; - -impl Fp256Parameters for FrParameters {} -impl FpParameters for FrParameters { - type BigInt = BigInteger; - - // MODULUS = 2111115437357092606062206234695386632838870926408408195193685246394721360383 - const MODULUS: BigInteger = BigInteger([ - 13356249993388743167u64, - 5950279507993463550u64, - 10965441865914903552u64, - 336320092672043349u64, - ]); - - const MODULUS_BITS: u32 = 251; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 5; - - const R: BigInteger = BigInteger([ - 16632263305389933622u64, - 10726299895124897348u64, - 16608693673010411502u64, - 285459069419210737u64, - ]); - - const R2: BigInteger = BigInteger([ - 3987543627614508126u64, - 17742427666091596403u64, - 14557327917022607905u64, - 322810149704226881u64, - ]); - - const INV: u64 = 9659935179256617473u64; - - // 5 - const GENERATOR: BigInteger = BigInteger([ - 11289572479685143826u64, - 11383637369941080925u64, - 2288212753973340071u64, - 82014976407880291u64, - ]); - - const TWO_ADICITY: u32 = 1; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 15170730761708361161u64, - 13670723686578117817u64, - 12803492266614043665u64, - 50861023252832611u64, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 6678124996694371583u64, - 2975139753996731775u64, - 14706092969812227584u64, - 168160046336021674u64, - ]); - - const T: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]); - - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]); -} diff --git a/algebra/src/fields/edwards_bls12/mod.rs b/algebra/src/fields/edwards_bls12/mod.rs deleted file mode 100644 index 54eaf49d7..000000000 --- a/algebra/src/fields/edwards_bls12/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -pub mod fq; -pub mod fr; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/edwards_bls12/tests.rs b/algebra/src/fields/edwards_bls12/tests.rs deleted file mode 100644 index 6ae2379ca..000000000 --- a/algebra/src/fields/edwards_bls12/tests.rs +++ /dev/null @@ -1,21 +0,0 @@ -use crate::fields::tests::{field_test, primefield_test}; - -#[test] -fn test_edwards_bls12_fr() { - use crate::fields::edwards_bls12::fr::Fr; - - let a: Fr = rand::random(); - let b: Fr = rand::random(); - field_test(a, b); - primefield_test::(); -} - -#[test] -fn test_edwards_bls12_fq() { - use crate::fields::edwards_bls12::fq::Fq; - - let a: Fq = rand::random(); - let b: Fq = rand::random(); - field_test(a, b); - primefield_test::(); -} diff --git a/algebra/src/fields/edwards_sw6/fq.rs b/algebra/src/fields/edwards_sw6/fq.rs deleted file mode 100644 index 0a3048837..000000000 --- a/algebra/src/fields/edwards_sw6/fq.rs +++ /dev/null @@ -1 +0,0 @@ -pub use crate::fields::sw6::fr::{Fr as Fq, FrParameters as FqParameters}; diff --git a/algebra/src/fields/edwards_sw6/fr.rs b/algebra/src/fields/edwards_sw6/fr.rs deleted file mode 100644 index 6997984f7..000000000 --- a/algebra/src/fields/edwards_sw6/fr.rs +++ /dev/null @@ -1,83 +0,0 @@ -use crate::{ - biginteger::BigInteger384 as BigInteger, - fields::{Fp384, Fp384Parameters, FpParameters}, -}; - -pub type Fr = Fp384; - -pub struct FrParameters; - -impl Fp384Parameters for FrParameters {} -impl FpParameters for FrParameters { - type BigInt = BigInteger; - - // MODULUS = 32333053251621136751331591711861691692049189094364332567435817881934511297123972799646723302813083835942624121493 - const MODULUS: BigInteger = BigInteger([ - 4684667634276979349u64, - 3748803659444032385u64, - 16273581227874629698u64, - 7152942431629910641u64, - 6397188139321141543u64, - 15137289088311837u64, - ]); - - const MODULUS_BITS: u32 = 374; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 10; - - const R: BigInteger = BigInteger([ - 12565484300600153878u64, - 8749673077137355528u64, - 9027943686469014788u64, - 13026065139386752555u64, - 11197589485989933721u64, - 9525964145733727u64, - ]); - - const R2: BigInteger = BigInteger([ - 17257035094703902127u64, - 16096159112880350050u64, - 3498553494623421763u64, - 333405339929360058u64, - 1125865524035793947u64, - 1586246138566285u64, - ]); - - const INV: u64 = 16242011933465909059u64; - - // 2 - const GENERATOR: BigInteger = BigInteger([ - 1999556893213776791u64, - 13750542494830678672u64, - 1782306145063399878u64, - 452443773434042853u64, - 15997990832658725900u64, - 3914639203155617u64, - ]); - - const TWO_ADICITY: u32 = 2u32; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 12119792640622387781u64, - 8318439284650634613u64, - 6931324077796168275u64, - 12851391603681523141u64, - 6881015057611215092u64, - 1893962574900431u64, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 11565705853993265482u64, - 1874401829722016192u64, - 17360162650792090657u64, - 12799843252669731128u64, - 12421966106515346579u64, - 7568644544155918u64, - ]); - - const T: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]); - - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]); -} diff --git a/algebra/src/fields/edwards_sw6/mod.rs b/algebra/src/fields/edwards_sw6/mod.rs deleted file mode 100644 index 54eaf49d7..000000000 --- a/algebra/src/fields/edwards_sw6/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -pub mod fq; -pub mod fr; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/edwards_sw6/tests.rs b/algebra/src/fields/edwards_sw6/tests.rs deleted file mode 100644 index 375eddae4..000000000 --- a/algebra/src/fields/edwards_sw6/tests.rs +++ /dev/null @@ -1,21 +0,0 @@ -use crate::fields::tests::{field_test, primefield_test}; - -#[test] -fn test_edwards_sw6_fr() { - use crate::fields::edwards_sw6::fr::Fr; - - let a: Fr = rand::random(); - let b: Fr = rand::random(); - field_test(a, b); - primefield_test::(); -} - -#[test] -fn test_edwards_sw6_fq() { - use crate::fields::edwards_sw6::fq::Fq; - - let a: Fq = rand::random(); - let b: Fq = rand::random(); - field_test(a, b); - primefield_test::(); -} diff --git a/algebra/src/fields/jubjub/fq.rs b/algebra/src/fields/jubjub/fq.rs deleted file mode 100644 index 25aa19d72..000000000 --- a/algebra/src/fields/jubjub/fq.rs +++ /dev/null @@ -1,87 +0,0 @@ -use crate::{ - biginteger::BigInteger256 as BigInteger, - fields::{Fp256, Fp256Parameters, FpParameters}, -}; - -pub type Fq = Fp256; - -pub struct FqParameters; - -impl Fp256Parameters for FqParameters {} -impl FpParameters for FqParameters { - type BigInt = BigInteger; - - // MODULUS = 52435875175126190479447740508185965837690552500527637822603658699938581184513 - const MODULUS: BigInteger = BigInteger([ - 0xffffffff00000001, - 0x53bda402fffe5bfe, - 0x3339d80809a1d805, - 0x73eda753299d7d48, - ]); - - const MODULUS_BITS: u32 = 255; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 1; - - const R: BigInteger = BigInteger([ - 0x1fffffffe, - 0x5884b7fa00034802, - 0x998c4fefecbc4ff5, - 0x1824b159acc5056f, - ]); - - const R2: BigInteger = BigInteger([ - 0xc999e990f3f29c6d, - 0x2b6cedcb87925c23, - 0x5d314967254398f, - 0x748d9d99f59ff11, - ]); - - const INV: u64 = 0xfffffffeffffffff; - - // - const GENERATOR: BigInteger = BigInteger([ - 0xefffffff1, - 0x17e363d300189c0f, - 0xff9c57876f8457b0, - 0x351332208fc5a8c4, - ]); - - const TWO_ADICITY: u32 = 32; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 0xb9b58d8c5f0e466a, - 0x5b1b4c801819d7ec, - 0xaf53ae352a31e64, - 0x5bf3adda19e9b27b, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x7fffffff80000000, - 0xa9ded2017fff2dff, - 0x199cec0404d0ec02, - 0x39f6d3a994cebea4, - ]); - - // T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T - - // T = (MODULUS - 1) / 2^S = - // 12208678567578594777604504606729831043093128246378069236549469339647 - const T: BigInteger = BigInteger([ - 0xfffe5bfeffffffff, - 0x9a1d80553bda402, - 0x299d7d483339d808, - 0x73eda753, - ]); - - // (T - 1) / 2 = - // 6104339283789297388802252303364915521546564123189034618274734669823 - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x7fff2dff7fffffff, - 0x4d0ec02a9ded201, - 0x94cebea4199cec04, - 0x39f6d3a9, - ]); -} diff --git a/algebra/src/fields/jubjub/fr.rs b/algebra/src/fields/jubjub/fr.rs deleted file mode 100644 index 7af9903f5..000000000 --- a/algebra/src/fields/jubjub/fr.rs +++ /dev/null @@ -1,65 +0,0 @@ -use crate::{ - biginteger::BigInteger256 as BigInteger, - fields::{Fp256, Fp256Parameters, FpParameters}, -}; - -pub type Fr = Fp256; - -pub struct FrParameters; - -impl Fp256Parameters for FrParameters {} -impl FpParameters for FrParameters { - type BigInt = BigInteger; - - // MODULUS = 6554484396890773809930967563523245729705921265872317281365359162392183254199. - const MODULUS: BigInteger = BigInteger([ - 0xd0970e5ed6f72cb7, - 0xa6682093ccc81082, - 0x6673b0101343b00, - 0xe7db4ea6533afa9, - ]); - - const MODULUS_BITS: u32 = 252; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 4; - - const R: BigInteger = BigInteger([ - 0x25f80bb3b99607d9, - 0xf315d62f66b6e750, - 0x932514eeeb8814f4, - 0x9a6fc6f479155c6, - ]); - - const R2: BigInteger = BigInteger([ - 0x67719aa495e57731, - 0x51b0cef09ce3fc26, - 0x69dab7fac026e9a5, - 0x4f6547b8d127688, - ]); - - const INV: u64 = 0x1ba3a358ef788ef9; - - const GENERATOR: BigInteger = BigInteger([ - 0x720b1b19d49ea8f1, - 0xbf4aa36101f13a58, - 0x5fa8cc968193ccbb, - 0xe70cbdc7dccf3ac, - ]); - - const TWO_ADICITY: u32 = 1; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 0xaa9f02ab1d6124de, - 0xb3524a6466112932, - 0x7342261215ac260b, - 0x4d6b87b1da259e2, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]); - - const T: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]); - - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]); -} diff --git a/algebra/src/fields/jubjub/mod.rs b/algebra/src/fields/jubjub/mod.rs deleted file mode 100644 index 54eaf49d7..000000000 --- a/algebra/src/fields/jubjub/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -pub mod fq; -pub mod fr; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/jubjub/tests.rs b/algebra/src/fields/jubjub/tests.rs deleted file mode 100644 index 7212175a7..000000000 --- a/algebra/src/fields/jubjub/tests.rs +++ /dev/null @@ -1,449 +0,0 @@ -use crate::{ - biginteger::BigInteger256 as BigInteger, - bytes::{FromBytes, ToBytes}, - fields::{ - jubjub::{fq::Fq, fr::Fr}, - tests::{field_test, primefield_test}, - Field, - LegendreSymbol::*, - PrimeField, SquareRootField, - }, -}; -use std::str::FromStr; - -#[test] -fn test_jubjub_fr() { - let a: Fr = rand::random(); - let b: Fr = rand::random(); - field_test(a, b); - primefield_test::(); -} - -#[test] -fn test_jubjub_fq() { - let a: Fq = rand::random(); - let b: Fq = rand::random(); - field_test(a, b); - primefield_test::(); -} - -#[test] -fn test_fq_add() { - let f1 = Fq::from_str( - "18386742314266644595564329008376577163854043021652781768352795308532764650733", - ) - .unwrap(); - let f2 = Fq::from_str( - "39786307610986038981023499868190793548353538256264351797285876981647142458383", - ) - .unwrap(); - let f3 = Fq::from_str( - "5737174750126493097140088368381404874517028777389495743035013590241325924603", - ) - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f2.is_zero()); - assert!(!f3.is_zero()); - assert_eq!(f1 + &f2, f3); -} - -#[test] -fn test_fq_add_one() { - let f1 = Fq::from_str( - "4946875394261337176810256604189376311946643975348516311606738923340201185904", - ) - .unwrap(); - let f2 = Fq::from_str( - "4946875394261337176810256604189376311946643975348516311606738923340201185905", - ) - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f2.is_zero()); - assert_eq!(f1 + &Fq::one(), f2); -} - -#[test] -fn test_fq_mul() { - let f1 = Fq::from_str( - "24703123148064348394273033316595937198355721297494556079070134653139656190956", - ) - .unwrap(); - let f2 = Fq::from_str( - "38196797080882758914424853878212529985425118523754343117256179679117054302131", - ) - .unwrap(); - let f3 = Fq::from_str( - "38057113854472161555556064369220825628027487067886761874351491955834635348140", - ) - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f2.is_zero()); - assert!(!f3.is_zero()); - assert_eq!(f1 * &f2, f3); -} - -#[test] -fn test_fq_triple_mul() { - let f1 = Fq::from_str( - "23834398828139479510988224171342199299644042568628082836691700490363123893905", - ) - .unwrap(); - let f2 = Fq::from_str( - "48343809612844640454129919255697536258606705076971130519928764925719046689317", - ) - .unwrap(); - let f3 = Fq::from_str( - "22704845471524346880579660022678666462201713488283356385810726260959369106033", - ) - .unwrap(); - let f4 = Fq::from_str( - "18897508522635316277030308074760673440128491438505204942623624791502972539393", - ) - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f2.is_zero()); - assert!(!f3.is_zero()); - assert_eq!(f1 * &f2 * &f3, f4); -} - -#[test] -fn test_fq_div() { - let f1 = Fq::from_str( - "31892744363926593013886463524057935370302352424137349660481695792871889573091", - ) - .unwrap(); - let f2 = Fq::from_str( - "47695868328933459965610498875668250916462767196500056002116961816137113470902", - ) - .unwrap(); - let f3 = Fq::from_str( - "29049672724678710659792141917402891276693777283079976086581207190825261000580", - ) - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f2.is_zero()); - assert!(!f3.is_zero()); - assert_eq!(f1 / &f2, f3); -} - -#[test] -fn test_fq_sub() { - let f1 = Fq::from_str( - "18695869713129401390241150743745601908470616448391638969502807001833388904079", - ) - .unwrap(); - let f2 = Fq::from_str( - "10105476028534616828778879109836101003805485072436929139123765141153277007373", - ) - .unwrap(); - let f3 = Fq::from_str( - "8590393684594784561462271633909500904665131375954709830379041860680111896706", - ) - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f2.is_zero()); - assert!(!f3.is_zero()); - assert_eq!(f1 - &f2, f3); -} - -#[test] -fn test_fq_double_in_place() { - let mut f1 = Fq::from_str( - "29729289787452206300641229002276778748586801323231253291984198106063944136114", - ) - .unwrap(); - let f3 = Fq::from_str( - "7022704399778222121834717496367591659483050145934868761364737512189307087715", - ) - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f3.is_zero()); - f1.double_in_place(); - assert_eq!(f1, f3); -} - -#[test] -fn test_fq_double_in_place_thrice() { - let mut f1 = Fq::from_str( - "32768907806651393940832831055386272949401004221411141755415956893066040832473", - ) - .unwrap(); - let f3 = Fq::from_str( - "52407761752706389608871686410346320244445823769178582752913020344774001921732", - ) - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f3.is_zero()); - f1.double_in_place(); - f1.double_in_place(); - f1.double_in_place(); - assert_eq!(f1, f3); -} - -#[test] -fn test_fq_generate_random_jubjub_point() { - let d = Fq::from_str( - "19257038036680949359750312669786877991949435402254120286184196891950884077233", - ) - .unwrap(); - let y = Fq::from_str( - "20269054604167148422407276086932743904275456233139568486008667107872965128512", - ) - .unwrap(); - let x2 = Fq::from_str( - "35041048504708632193693740149219726446678304552734087046982753200179718192840", - ) - .unwrap(); - - let computed_y2 = y.square(); - let y2 = Fq::from_str( - "22730681238307918419349440108285755984465605552827817317611903495170775437833", - ) - .unwrap(); - assert_eq!(y2, computed_y2); - - let computed_dy2 = d * &computed_y2; - let dy2 = Fq::from_str( - "24720347560552809545835752815204882739669031262711919770503096707526812943411", - ) - .unwrap(); - assert_eq!(dy2, computed_dy2); - - let computed_divisor = computed_dy2 + &Fq::one(); - let divisor = Fq::from_str( - "24720347560552809545835752815204882739669031262711919770503096707526812943412", - ) - .unwrap(); - assert_eq!(divisor, computed_divisor); - - let computed_x2 = (computed_y2 - &Fq::one()) / &computed_divisor; - assert_eq!(x2, computed_x2); - - let x = Fq::from_str( - "15337652609730546173818014678723269532482775720866471265774032070871608223361", - ) - .unwrap(); - let computed_x = computed_x2.sqrt().unwrap(); - assert_eq!(computed_x.square(), x2); - assert_eq!(x, computed_x); - - fn add<'a>(curr: (Fq, Fq), other: &'a (Fq, Fq)) -> (Fq, Fq) { - let y1y2 = curr.1 * &other.1; - let x1x2 = curr.0 * &other.0; - let d = Fq::from_str( - "19257038036680949359750312669786877991949435402254120286184196891950884077233", - ) - .unwrap(); - let dx1x2y1y2 = d * &y1y2 * &x1x2; - - let d1 = Fq::one() + &dx1x2y1y2; - let d2 = Fq::one() - &dx1x2y1y2; - - let x1y2 = curr.0 * &other.1; - let y1x2 = curr.1 * &other.0; - - let x = (x1y2 + &y1x2) / &d1; - let y = (y1y2 + &x1x2) / &d2; - - (x, y) - } - - let result = add((x, y), &(x, y)); - let result = add(result, &result); - let result = add(result, &result); - - let point_x = Fq::from_str( - "47259664076168047050113154262636619161204477920503059672059915868534495873964", - ) - .unwrap(); - let point_y = Fq::from_str( - "19016409245280491801573912449420132838852726543024859389273314249842195919690", - ) - .unwrap(); - assert_eq!((point_x, point_y), result); -} - -#[test] -fn test_fq_square_in_place() { - let mut f1 = Fq::from_str( - "34864651240005695523200639428464570946052769938774601449735727714436878540682", - ) - .unwrap(); - let f3 = - Fq::from_str("213133100629336594719108316042277780359104840987226496279264105585804377948") - .unwrap(); - assert!(!f1.is_zero()); - assert!(!f3.is_zero()); - f1.square_in_place(); - assert_eq!(f1, f3); -} - -#[test] -fn test_fq_sqrt() { - let f1 = Fq::from_str( - "10875927553327821418567659853801220899541454800710193788767706167237535308235", - ) - .unwrap(); - let f3 = Fq::from_str( - "10816221372957505053219354782681292880545918527618367765651802809826238616708", - ) - .unwrap(); - assert_eq!(f1.sqrt().unwrap(), f3); -} - -#[test] -fn test_fq_from_str() { - let f1_from_repr = Fq::from_repr(BigInteger([ - 0xab8a2535947d1a77, - 0x9ba74cbfda0bbcda, - 0xe928b59724d60baf, - 0x1cccaaeb9bb1680a, - ])); - let f1 = Fq::from_str( - "13026376210409056429264774981357153555336288129100724591327877625017068755575", - ) - .unwrap(); - let f2_from_repr = Fq::from_repr(BigInteger([ - 0x97e9103775d2f35c, - 0xbe6756b6c587544b, - 0x6ee38c3afd88ef4b, - 0x2bacd150f540c677, - ])); - let f2 = Fq::from_str( - "19754794831832707859764530223239420866832328728734160755396495950822165902172", - ) - .unwrap(); - assert_eq!(f1_from_repr, f1); - assert_eq!(f2_from_repr, f2); -} - -#[test] -fn test_fq_legendre() { - assert_eq!(QuadraticResidue, Fq::one().legendre()); - assert_eq!(Zero, Fq::zero().legendre()); - - let e = BigInteger([ - 0x0dbc5349cd5664da, - 0x8ac5b6296e3ae29d, - 0x127cb819feceaa3b, - 0x3a6b21fb03867191, - ]); - assert_eq!(QuadraticResidue, Fq::from_repr(e).legendre()); - let e = BigInteger([ - 0x96341aefd047c045, - 0x9b5f4254500a4d65, - 0x1ee08223b68ac240, - 0x31d9cd545c0ec7c6, - ]); - assert_eq!(QuadraticNonResidue, Fq::from_repr(e).legendre()); -} - -#[test] -fn test_fq_bytes() { - let f1_from_repr = Fq::from_repr(BigInteger([ - 0xab8a2535947d1a77, - 0x9ba74cbfda0bbcda, - 0xe928b59724d60baf, - 0x1cccaaeb9bb1680a, - ])); - - let mut f1_bytes = [0u8; 32]; - f1_from_repr.write(f1_bytes.as_mut()).unwrap(); - - let f1 = Fq::read(f1_bytes.as_ref()).unwrap(); - assert_eq!(f1_from_repr, f1); -} - -#[test] -fn test_fr_add() { - let f1 = Fr::from_repr(BigInteger([ - 0xc81265fb4130fe0c, - 0xb308836c14e22279, - 0x699e887f96bff372, - 0x84ecc7e76c11ad, - ])); - let f2 = Fr::from_repr(BigInteger([ - 0x71875719b422efb8, - 0x43658e68a93612, - 0x9fa756be2011e833, - 0xaa2b2cb08dac497, - ])); - let f3 = Fr::from_repr(BigInteger([ - 0x3999bd14f553edc4, - 0xb34be8fa7d8b588c, - 0x945df3db6d1dba5, - 0xb279f92f046d645, - ])); - assert_eq!(f1 + &f2, f3); -} - -#[test] -fn test_fr_mul() { - let f1 = Fr::from_repr(BigInteger([ - 0xc81265fb4130fe0c, - 0xb308836c14e22279, - 0x699e887f96bff372, - 0x84ecc7e76c11ad, - ])); - let f2 = Fr::from_repr(BigInteger([ - 0x71875719b422efb8, - 0x43658e68a93612, - 0x9fa756be2011e833, - 0xaa2b2cb08dac497, - ])); - let f3 = Fr::from_repr(BigInteger([ - 0x6d6618ac6b4a8381, - 0x5b9eb35d711ee1da, - 0xce83310e6ac4105d, - 0x98032e0f206320a, - ])); - assert_eq!(f1 * &f2, f3); -} - -#[test] -fn test_fr_bytes() { - let f1_from_repr = Fr::from_repr(BigInteger([ - 0xc81265fb4130fe0c, - 0xb308836c14e22279, - 0x699e887f96bff372, - 0x84ecc7e76c11ad, - ])); - - let mut f1_bytes = [0u8; 32]; - f1_from_repr.write(f1_bytes.as_mut()).unwrap(); - - let f1 = Fr::read(f1_bytes.as_ref()).unwrap(); - assert_eq!(f1_from_repr, f1); -} - -#[test] -fn test_fr_from_str() { - let f100_from_repr = Fr::from_repr(BigInteger([0x64, 0, 0, 0])); - let f100 = Fr::from_str("100").unwrap(); - assert_eq!(f100_from_repr, f100); -} - -#[test] -#[ignore] -fn print_field() { - println!("one: {:?}", Fq::one()); - println!("zero: {:?}", Fq::zero()); - println!( - "256 in repr: {:?}", - Fq::from_repr(BigInteger([0, 0, 1, 255])) - ); - println!("256: {:?}", Fq::from_str("256").unwrap().into_repr()); - println!("1024: {:?}", Fq::from_str("1024").unwrap().into_repr()); - println!( - "255 to bytes: {:?}", - to_bytes![Fq::from_str("255").unwrap().into_repr()].unwrap() - ); - println!( - "256 to bytes: {:?}", - to_bytes![Fq::from_str("256").unwrap().into_repr()].unwrap() - ); - println!( - "1023 to bytes: {:?}", - to_bytes![Fq::from_str("1023").unwrap().into_repr()].unwrap() - ); -} diff --git a/algebra/src/fields/mnt4753/fq.rs b/algebra/src/fields/mnt4753/fq.rs deleted file mode 100644 index 59bd8d7b1..000000000 --- a/algebra/src/fields/mnt4753/fq.rs +++ /dev/null @@ -1,190 +0,0 @@ -use crate::{ - biginteger::BigInteger768 as BigInteger, - fields::{Fp768, Fp768Parameters, FpParameters}, - field_new, -}; - -pub type Fq = Fp768; - -pub struct FqParameters; - -impl Fp768Parameters for FqParameters {} -impl FpParameters for FqParameters { - type BigInt = BigInteger; - - //q=4189849096791895340234421479124063712817070991995394907178350292102535\ - // 2812571106773058893763790338921418070971888253786114353726529584385201\ - // 5916057220131264689314043479498405430079863277434628537206280516921412\ - // 65303114721689601 - const MODULUS: BigInteger = BigInteger([ - 0x5E9063DE245E8001, - 0xE39D54522CDD119F, - 0x638810719AC425F0, - 0x685ACCE9767254A4, - 0xB80F0DA5CB537E38, - 0xB117E776F218059D, - 0x99D124D9A15AF79D, - 0x07FDB925E8A0ED8D, - 0x5EB7E8F96C97D873, - 0xB7F997505B8FAFED, - 0x10229022EEE2CDAD, - 0x01C4C62D92C411, - ]); - - const MODULUS_BITS: u32 = 753; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 15; - - //Montgomery R - //R= 4189849096791895340234421479124063712817070991995394907178350292102535\ - // 2812571106773058893763790338921418070971888458477323173057491593855069\ - // 6962418547963961657214163253500644414704181378463984696119357190599081\ - // 64220784476160001 - const R: BigInteger = BigInteger([ - 0x98A8ECABD9DC6F42, - 0x91CD31C65A034686, - 0x97C3E4A0CD14572E, - 0x79589819C788B601, - 0xED269C942108976F, - 0x1E0F4D8ACF031D68, - 0x320C3BB713338559, - 0x598B4302D2F00A62, - 0x4074C9CBFD8CA621, - 0x0FA47EDB3865E88C, - 0x95455FB31FF9A195, - 0x7B479EC8E242, - ]); - - // R squared - const R2: BigInteger = BigInteger([ - 0x84717088cfd190c8, - 0xc7d9ff8e7df03c0a, - 0xa24bea56242b3507, - 0xa896a656a0714c7d, - 0x80a46659ff6f3ddf, - 0x2f47839ef88d7ce8, - 0xa8c86d4604a3b597, - 0xe03c79cac4f7ef07, - 0x2505daf1f4a81245, - 0x8e4605754c381723, - 0xb081f15bcbfdacaf, - 0x2a33e89cb485, - ]); - - const INV: u64 = 0xF2044CFBE45E7FFF; - - // primitive root = 17 - // in Montgomery rep. - const GENERATOR: BigInteger = BigInteger([ - 0xA8F627F0E629635E, - 0x202AFCE346C36872, - 0x85E1ECE733493254, - 0x6D76E610664AC389, - 0xDF542F3F04441585, - 0x3AA4885BF6D4DD80, - 0xEB8B63C1C0FFFC74, - 0xD2488E985F6CFA4E, - 0xCCE1C2A623F7A66A, - 0x2A060F4D5085B19A, - 0xA9111A596408842F, - 0x11CA8D50BF627, - ]); - - const TWO_ADICITY: u32 = 15; - - //2^15-th root of unity= - //4057782239841298271987667181434762231172587855940010056522122386022639\ - // 6934830112376659822430317692232440883010225033880793828874730711721234\ - // 3256942404608557417637915404747061501703740905506954278065832363019301\ - // 57866709353840964 - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 0x03B079C7556AC378, - 0x2C8C74D04A3F00D4, - 0xD3B001061B90D4CF, - 0x946E77514891B0E6, - 0x79CAEC8AD6DC9EA1, - 0xBEFD780EDC81435D, - 0xE093D4DCA630B154, - 0x43A0F673199F1C12, - 0x92276C78436253FF, - 0xE249D1CF014FCD24, - 0x96F36471FB7C3EC5, - 0x1080B8906B7C4, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0xAF4831EF122F4000, - 0x71CEAA29166E88CF, - 0x31C40838CD6212F8, - 0x342D6674BB392A52, - 0xDC0786D2E5A9BF1C, - 0xD88BF3BB790C02CE, - 0xCCE8926CD0AD7BCE, - 0x83FEDC92F45076C6, - 0xAF5BF47CB64BEC39, - 0xDBFCCBA82DC7D7F6, - 0x88114811777166D6, - 0xE26316C96208, - ]); - // T*2^duacity = q-1 - // T=1278640471433073529124274133033466709233725278318907137200424283478556\ - // 9095633272330645414356625469641546042166713944636875718300332514765991\ - // 6966570196573261929111951745452394235253864525584298259645471349158145\ - // 9512424155325 - const T: BigInteger = BigInteger([ - 0x233EBD20C7BC48BD, - 0x4BE1C73AA8A459BA, - 0xA948C71020E33588, - 0xFC70D0B599D2ECE4, - 0x0B3B701E1B4B96A6, - 0xEF3B622FCEEDE430, - 0xDB1B33A249B342B5, - 0xB0E60FFB724BD141, - 0x5FDABD6FD1F2D92F, - 0x9B5B6FF32EA0B71F, - 0x882220452045DDC5, - 0x3898C5B25, - ]); - - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x119F5E9063DE245E, - 0x25F0E39D54522CDD, - 0x54A4638810719AC4, - 0x7E38685ACCE97672, - 0x059DB80F0DA5CB53, - 0xF79DB117E776F218, - 0xED8D99D124D9A15A, - 0xD87307FDB925E8A0, - 0xAFED5EB7E8F96C97, - 0xCDADB7F997505B8F, - 0xC41110229022EEE2, - 0x1C4C62D92, - ]); - - const SMALL_SUBGROUP_DEFINED: bool = true; - - const SMALL_SUBGROUP_BASE: Option = Some(5); - - const SMALL_SUBGROUP_POWER: Option = Some(2); - - // generator^((modulus-1) / (2^s * small_subgroup_base^small_subgroup_power)) - const FULL_ROOT_OF_UNITY: Option = Some(BigInteger([ - 0x7be1f1d123f7b888, - 0x96e4f023c4994337, - 0x5a7b50cd5499351b, - 0x6d9fdec8de6ec83a, - 0x74cdad01951aa963, - 0xb3bd7998bcd80684, - 0x627226cdd7f87f17, - 0xc6d3c3097b11a675, - 0xfcf853509bb56358, - 0x272fa61396a4d851, - 0x17b5335959bbbd2b, - 0x63abadde7527, - ])); -} - -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])); \ No newline at end of file diff --git a/algebra/src/fields/mnt4753/fq2.rs b/algebra/src/fields/mnt4753/fq2.rs deleted file mode 100644 index 122bdaf36..000000000 --- a/algebra/src/fields/mnt4753/fq2.rs +++ /dev/null @@ -1,104 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger768 as BigInteger, - fields::{ - mnt4753::fq::Fq, - fp2::{Fp2, Fp2Parameters}, - }, -}; - -pub type Fq2 = Fp2; - -pub struct Fq2Parameters; - -impl Fp2Parameters for Fq2Parameters { - type Fp = Fq; - - /// NONRESIDUE = alpha = 13 - /// Montg.rep. - const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ - 11881297496860141143, - 13588356353764843511, - 9969398190777826186, - 17325157081734070311, - 16341533986183788031, - 8322434028726676858, - 13631157743146294957, - 8365783422740577875, - 3010239015809771096, - 11776256826687733591, - 7214251687253691272, - 268626707558702, - ])); - - /// QUADRATIC_NONRESIDUE = (8,1) - /// Montg. rep. - const QUADRATIC_NONRESIDUE: (Fq, Fq) = ( - field_new!(Fq, BigInteger([ - 587330122779359758, - 14352661462510473462, - 17802452401246596498, - 18018663494943049411, - 17948754733747257098, - 10253180574146027531, - 6683223122694781837, - 13573468617269213174, - 5059368039312883748, - 950479668716233863, - 9936591501985804621, - 88719447132658 - ])), - - field_new!(Fq, BigInteger([ - 11000302312691101506, - 10506108233708684934, - 10935835699472258862, - 8743905913029047809, - 17088517996127229807, - 2166035204362411368, - 3606323059104122201, - 6452324570546309730, - 4644558993695221281, - 1127165286758606988, - 10756108507984535957, - 135547536859714 - ])), - ); - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_FP2_C1: &'static[Fq] = &[ - - //X^{q^0} = alpha^((q^0 - 1)/2)*X = 1*X - field_new!(Fq, BigInteger([ - 11000302312691101506, - 10506108233708684934, - 10935835699472258862, - 8743905913029047809, - 17088517996127229807, - 2166035204362411368, - 3606323059104122201, - 6452324570546309730, - 4644558993695221281, - 1127165286758606988, - 10756108507984535957, - 135547536859714 - ])), - - //alpha^((q^1 - 1)/2) - field_new!(Fq, BigInteger([ - 14260497802974073023, - 5895249896161266456, - 14682908860938702530, - 17222385991615618722, - 14621060510943733448, - 10594887362868996148, - 7477357615964975684, - 12570239403004322603, - 2180620924574446161, - 12129628062772479841, - 8853285699251153944, - 362282887012814 - ])), - ]; - -} diff --git a/algebra/src/fields/mnt4753/fq4.rs b/algebra/src/fields/mnt4753/fq4.rs deleted file mode 100644 index db1050b9f..000000000 --- a/algebra/src/fields/mnt4753/fq4.rs +++ /dev/null @@ -1,89 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger768 as BigInteger, - fields::{ - fp4::{Fp4, Fp4Parameters}, - mnt4753::{ - fq::{Fq, FQ_ZERO, FQ_ONE}, - fq2::{Fq2, Fq2Parameters}, - }, - }, -}; - -pub type Fq4 = Fp4; - -pub struct Fq4Parameters; - -impl Fp4Parameters for Fq4Parameters { - type Fp2Params = Fq2Parameters; - - const NONRESIDUE: Fq2 = field_new!(Fq2, FQ_ZERO, FQ_ONE); - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_FP4_C1: &'static [Fq] = &[ - - //NONRESIDUE^((q^0 - 1)/4) - field_new!(Fq, BigInteger([ - 11000302312691101506, - 10506108233708684934, - 10935835699472258862, - 8743905913029047809, - 17088517996127229807, - 2166035204362411368, - 3606323059104122201, - 6452324570546309730, - 4644558993695221281, - 1127165286758606988, - 10756108507984535957, - 135547536859714, - ])), - - //NONRESIDUE^((q^1 - 1)/4) - field_new!(Fq, BigInteger([ - 2732208433323581659, - 2172983777736624684, - 14351170316343013496, - 6345300643186282385, - 3197292113538174065, - 1887663496013421009, - 16627860175048929982, - 1842296636815120666, - 13463717484107308085, - 721000253033730237, - 1214767992212094798, - 163570781165682, - ])), - - //NONRESIDUE^((q^2 - 1)/4) - field_new!(Fq, BigInteger([ - 14260497802974073023, - 5895249896161266456, - 14682908860938702530, - 17222385991615618722, - 14621060510943733448, - 10594887362868996148, - 7477357615964975684, - 12570239403004322603, - 2180620924574446161, - 12129628062772479841, - 8853285699251153944, - 362282887012814, - ])), - - //NONRESIDUE^((q^3 - 1)/4) - field_new!(Fq, BigInteger([ - 4081847608632041254, - 14228374352133326707, - 11267574244067947896, - 1174247187748832530, - 10065542319823237575, - 10873259071217986508, - 12902564573729719519, - 17180267336735511666, - 11808206507871910973, - 12535793096497356591, - 18394626215023595103, - 334259642706846 - ])), - ]; -} \ No newline at end of file diff --git a/algebra/src/fields/mnt4753/fr.rs b/algebra/src/fields/mnt4753/fr.rs deleted file mode 100644 index 3aa16b2be..000000000 --- a/algebra/src/fields/mnt4753/fr.rs +++ /dev/null @@ -1 +0,0 @@ -pub use crate::fields::mnt6753::fq::{Fq as Fr, FqParameters as FrParameters}; \ No newline at end of file diff --git a/algebra/src/fields/mnt4753/mod.rs b/algebra/src/fields/mnt4753/mod.rs deleted file mode 100644 index d1e0730e1..000000000 --- a/algebra/src/fields/mnt4753/mod.rs +++ /dev/null @@ -1,14 +0,0 @@ -pub mod fr; -pub use self::fr::*; - -pub mod fq; -pub use self::fq::*; - -pub mod fq2; -pub use self::fq2::*; - -pub mod fq4; -pub use self::fq4::*; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/mnt4753/test_vec/mnt4753_tobyte b/algebra/src/fields/mnt4753/test_vec/mnt4753_tobyte deleted file mode 100644 index 4f7443762fd6d8e419b0537ca4454560bcb1fc74..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 96 zcmV-m0H6Q+fXtnzu`UdS56p}Nuyl);;vCr%|CJL+tKC|HP8(&Zc2x8FC%B8e%M4;H zGdV#R9luwk!TNz`;->BMqvXlpp~5(&sRVLr6A!U)ii)5@43eh3MX_((KKpHCEC2vY Cq%ZUU diff --git a/algebra/src/fields/mnt4753/tests.rs b/algebra/src/fields/mnt4753/tests.rs deleted file mode 100644 index 37d730b48..000000000 --- a/algebra/src/fields/mnt4753/tests.rs +++ /dev/null @@ -1,1876 +0,0 @@ -use crate::{ - biginteger::{BigInteger, BigInteger768}, - fields::tests::{field_test, frobenius_test, primefield_test, sqrt_field_test}, - fields::mnt4753::{Fq, FqParameters, Fq2, Fq2Parameters, Fq4, Fq4Parameters, Fr}, - fields::FpParameters, - fields::models::{fp2::Fp2Parameters, fp4::Fp4Parameters}, - Field, PrimeField, SquareRootField, - UniformRand, - bytes::{ToBytes, FromBytes}, to_bytes, ToBits, SemanticallyValid, -}; - -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::{ - ops::{AddAssign, MulAssign, SubAssign}, - cmp::Ordering, -}; - -pub(crate) const ITERATIONS: usize = 5; - -#[test] -fn test_mnt4753_fr() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fr = UniformRand::rand(&mut rng); - let b: Fr = UniformRand::rand(&mut rng); - field_test(a, b); - primefield_test::(); - sqrt_field_test(b); - } -} - -#[test] -fn test_mnt4753_fq() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fq = UniformRand::rand(&mut rng); - let b: Fq = UniformRand::rand(&mut rng); - field_test(a, b); - primefield_test::(); - sqrt_field_test(a); - } -} - -#[test] -fn test_mnt4753_fq2() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fq2 = UniformRand::rand(&mut rng); - let b: Fq2 = UniformRand::rand(&mut rng); - field_test(a, b); - sqrt_field_test(a); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_mnt4753_fq4() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let g: Fq4 = UniformRand::rand(&mut rng); - let h: Fq4 = UniformRand::rand(&mut rng); - field_test(g, h); - } - frobenius_test::(Fq::characteristic(), 13); -} - - -#[test] -fn test_frob_coeffs() { - - //Fq2 coefficients test - let nqr = Fq::new(BigInteger768([ - 11881297496860141143, - 13588356353764843511, - 9969398190777826186, - 17325157081734070311, - 16341533986183788031, - 8322434028726676858, - 13631157743146294957, - 8365783422740577875, - 3010239015809771096, - 11776256826687733591, - 7214251687253691272, - 268626707558702, - ])); - - assert_eq!(Fq2Parameters::FROBENIUS_COEFF_FP2_C1[0], Fq::one()); - assert_eq!( - Fq2Parameters::FROBENIUS_COEFF_FP2_C1[1], - nqr.pow([ - 0xAF4831EF122F4000, - 0x71CEAA29166E88CF, - 0x31C40838CD6212F8, - 0x342D6674BB392A52, - 0xDC0786D2E5A9BF1C, - 0xD88BF3BB790C02CE, - 0xCCE8926CD0AD7BCE, - 0x83FEDC92F45076C6, - 0xAF5BF47CB64BEC39, - 0xDBFCCBA82DC7D7F6, - 0x88114811777166D6, - 0xE26316C96208, - ]) - ); - - //Fq4 coefficients test - assert_eq!(Fq4Parameters::FROBENIUS_COEFF_FP4_C1[0], Fq::one()); - assert_eq!( - Fq4Parameters::FROBENIUS_COEFF_FP4_C1[1], - nqr.pow([ - 0xd7a418f78917a000, - 0x38e755148b374467, - 0x18e2041c66b1097c, - 0x1a16b33a5d9c9529, - 0x6e03c36972d4df8e, - 0x6c45f9ddbc860167, - 0x667449366856bde7, - 0xc1ff6e497a283b63, - 0x57adfa3e5b25f61c, - 0x6dfe65d416e3ebfb, - 0x4408a408bbb8b36b, - 0x71318b64b104, - ]) - ); - - assert_eq!( - Fq4Parameters::FROBENIUS_COEFF_FP4_C1[2], - nqr.pow([ - 0xbb4c5fa7a22f4000, - 0xaa577656adec411c, - 0x818ea97cade6ed97, - 0xe20199288067443e, - 0x8e9c8ed556dc1767, - 0xb137c8ec23877dd9, - 0xe894d15ac94b88c1, - 0x31c2bf97498dcd49, - 0x481449239e4ea77, - 0x56e583b5fd2b5720, - 0x7f82bdde428d7c41, - 0x4f26223cae3a7324, - 0x52975e00b52b86b5, - 0xfe534fe59436d1ab, - 0xbd730a4837ec1719, - 0x4e8b576b5d85308d, - 0x5841c9f6ec780a78, - 0x135ab6ca7e688bd3, - 0xf92b763730ad9922, - 0x2a03f90b89a196a7, - 0x147944fe3cc40aa7, - 0xcbd232a067a67771, - 0x32e01e1c4eefc062, - 0xc8331a96, - ]) - ); - - let t: Vec = vec![ - 0x5fd9fc104b46e000, - 0x1e345e64bc3f81d4, - 0xb34098ec25558a87, - 0xb282f2aa887e70ba, - 0x1b87c5580fb5fa31, - 0xb9fbe059f4d517f5, - 0xbd7d5cda58619ae0, - 0x890a0f3fa910756e, - 0x6e333bb25edc0865, - 0xee2630cae3709e25, - 0xb97f44a556e8e77c, - 0xf77783b54e8a1b16, - 0xeb017c6e0e6a9414, - 0x1e168ed166486490, - 0x731eccb21637216c, - 0xe0db563bbcf86ea3, - 0xe7ca94bbe8ffd7bb, - 0xf3fce5d2b115dc57, - 0x80a5f12d11994856, - 0x9be3b3a9d59d0c2c, - 0x88e2ef22bc9aee8e, - 0x81ee17c36e6941dd, - 0x23b8ae1b66484554, - 0xd6d1fe64efb02ca5, - 0xb1ed04968b94ce52, - 0xad7a8ff0bffcf3dc, - 0x2bd711b36662ed31, - 0xb848a251c83b23f3, - 0x96f629d6d9d61eb2, - 0x8c55f5d4afea045b, - 0xcfe097a40a96ca99, - 0x240bd338c822d715, - 0xa7a3a44bc8779588, - 0x76c1bb0b23579a9e, - 0x361b84251779aa78, - 0x16215, - ]; - assert_eq!( - Fq4Parameters::FROBENIUS_COEFF_FP4_C1[3], - nqr.pow(t) - ); -} - - -#[test] -fn test_neg_one() { - let neg_one = Fq::new(BigInteger768([ - 0xc5e777324a8210bf, - 0x51d0228bd2d9cb18, - 0xcbc42bd0cdafcec2, - 0xef0234cfaee99ea2, - 0xcae87111aa4ae6c8, - 0x930899ec2314e834, - 0x67c4e9228e277244, - 0xae72762315b0e32b, - 0x1e431f2d6f0b3251, - 0xa85518752329c761, - 0x7add306fcee92c18, - 0x1497e8ec9e1ce, - ])); - assert_eq!(neg_one, -Fq::one()); -} - - -#[test] -fn test_fq_is_valid() { - let mut a = Fq::new(FqParameters::MODULUS); - assert!(!a.is_valid()); - a.0.sub_noborrow(&BigInteger768::from(1)); - assert!(a.is_valid()); - assert!(Fq::new(BigInteger768::from(0)).is_valid()); - assert!(Fq::new(BigInteger768([ - 0x20fc924b28d2f7d6, - 0xeee2288b24070b7f, - 0xbd14dcce936d92bf, - 0x7705edb97ebcd3f3, - 0x2c497d412bd2c3e8, - 0x9363f538ef90135d, - 0xb0109742cc4add3f, - 0x577389b8e8af372e, - 0xbb1fec3e1ab79a25, - 0xcc9c980eac0222e2, - 0xf738570ed0a42ffa, - 0x1c3b43f4ef84d, - ])) - .is_valid()); - assert!(!Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])) - .is_valid()); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let a = Fq::rand(&mut rng); - println!("{:?}", a); - assert!(a.is_valid()); - } -} - - -#[test] -fn test_fq_add_assign() { - { - // Random number - let mut tmp = Fq::new(BigInteger768([ - 0x6b73b160e812b6a3, - 0x920f4bde3d1e6d70, - 0xad7c43767007402a, - 0xeec097f4edb6d94e, - 0xedd649af7ff8f8d9, - 0xd487b3c97fa1aff1, - 0x7ee5aa4cab2095c1, - 0x1682796bc0d18747, - 0xb13abeedc98acc1e, - 0x5df407ccca403f0c, - 0xef8fc932df51be4d, - 0x188f263e1b224, - ])); - assert!(tmp.is_valid()); - // Test that adding zero has no effect. - tmp.add_assign(&Fq::new(BigInteger768::from(0))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x6b73b160e812b6a3, - 0x920f4bde3d1e6d70, - 0xad7c43767007402a, - 0xeec097f4edb6d94e, - 0xedd649af7ff8f8d9, - 0xd487b3c97fa1aff1, - 0x7ee5aa4cab2095c1, - 0x1682796bc0d18747, - 0xb13abeedc98acc1e, - 0x5df407ccca403f0c, - 0xef8fc932df51be4d, - 0x188f263e1b224, - ]))); - // Add one and test for the result. - tmp.add_assign(&Fq::new(BigInteger768::from(1))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x6b73b160e812b6a4, - 0x920f4bde3d1e6d70, - 0xad7c43767007402a, - 0xeec097f4edb6d94e, - 0xedd649af7ff8f8d9, - 0xd487b3c97fa1aff1, - 0x7ee5aa4cab2095c1, - 0x1682796bc0d18747, - 0xb13abeedc98acc1e, - 0x5df407ccca403f0c, - 0xef8fc932df51be4d, - 0x188f263e1b224, - ]))); - // Add another random number that exercises the reduction. - tmp.add_assign(&Fq::new(BigInteger768([ - 0xe95e2d43caa35471, - 0x1bd18c806ebb4160, - 0xcde4889fb2596a9e, - 0x4a5e38f927c76670, - 0xb3ea6fcf75bd204, - 0x9a9206b28ec054e9, - 0xc8e1add798955218, - 0x70d33702049247f5, - 0xe9e48e1b44c79f63, - 0x7758f3a861973a17, - 0x97bc179c7b96dda7, - 0x3caf1bf9214d, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0xf6417ac68e578b14, - 0xca43840c7efc9d31, - 0x17d8bba4879c84d7, - 0xd0c404049f0beb1b, - 0x4105e306ac014ca5, - 0xbe01d3051c49ff3d, - 0xadf6334aa25af03c, - 0x7f57f747dcc2e1af, - 0x3c67640fa1ba930e, - 0x1d536424d047c937, - 0x772950ac6c05ce47, - 0xdb52480f61, - ]))); - // Add one to (q - 1) and test for the result. - tmp = Fq::new(BigInteger768([ - 0x5E9063DE245E8000, - 0xE39D54522CDD119F, - 0x638810719AC425F0, - 0x685ACCE9767254A4, - 0xB80F0DA5CB537E38, - 0xB117E776F218059D, - 0x99D124D9A15AF79D, - 0x07FDB925E8A0ED8D, - 0x5EB7E8F96C97D873, - 0xB7F997505B8FAFED, - 0x10229022EEE2CDAD, - 0x01C4C62D92C411, - ])); - tmp.add_assign(&Fq::new(BigInteger768::from(1))); - assert!(tmp.0.is_zero()); - // Add a random number to another one such that the result is q - 1 - tmp = Fq::new(BigInteger768([ - 0x4655d097df1b68a1, - 0x4b03ad48db48a072, - 0x7922ccd99130dd8a, - 0x829a090815c0b81c, - 0xddffc641db15e8e1, - 0xdf8850a0111c699b, - 0xef1e3e7153698182, - 0xe89676fbf981d7c7, - 0x768dcc47e764ac0f, - 0x9666e3be5241e70, - 0x438440b524e356d4, - 0x11762e7161ca2, - ])); - tmp.add_assign(&Fq::new(BigInteger768([ - 0x183a93464543175f, - 0x9899a7095194712d, - 0xea65439809934866, - 0xe5c0c3e160b19c87, - 0xda0f4763f03d9556, - 0xd18f96d6e0fb9c01, - 0xaab2e6684df1761a, - 0x1f674229ef1f15c5, - 0xe82a1cb185332c63, - 0xae932914766b917c, - 0xcc9e4f6dc9ff76d9, - 0xad63467ca76e, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x5E9063DE245E8000, - 0xE39D54522CDD119F, - 0x638810719AC425F0, - 0x685ACCE9767254A4, - 0xB80F0DA5CB537E38, - 0xB117E776F218059D, - 0x99D124D9A15AF79D, - 0x07FDB925E8A0ED8D, - 0x5EB7E8F96C97D873, - 0xB7F997505B8FAFED, - 0x10229022EEE2CDAD, - 0x01C4C62D92C411, - ])) - ); - // Add one to the result and test for it. - tmp.add_assign(&Fq::new(BigInteger768::from(1))); - assert!(tmp.0.is_zero()); - } - - // Test associativity - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Generate a, b, c and ensure (a + b) + c == a + (b + c). - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - - let mut tmp2 = b; - tmp2.add_assign(&c); - tmp2.add_assign(&a); - - assert!(tmp1.is_valid()); - assert!(tmp2.is_valid()); - assert_eq!(tmp1, tmp2); - } -} - - -#[test] -fn test_fq_sub_assign() { - { - // Test arbitrary subtraction that tests reduction. - let mut tmp = Fq::new(BigInteger768([ - 0xc7564a475de9a839, - 0x28ddfb67731c1d10, - 0x3969ef83e0a5be75, - 0x6c8f5a5217f1a34, - 0xa9ab64a80f4d0044, - 0x125885735ebeab75, - 0xbb3f84d5ab0025a8, - 0xeddd57a2d71ba40a, - 0x70c8164857c17c3c, - 0xe85fd4c0ef646fda, - 0xe5527d7bc0d7e068, - 0x77786c31b9fe, - ])); - tmp.sub_assign(&Fq::new(BigInteger768([ - 0x7cdb8adc095c68e4, - 0xef7e55bfa2c7d6fe, - 0x612b4c9e017b6ab2, - 0x1bd77344474e7180, - 0x7717e7ff0fe957fb, - 0x68db8609c8a3733f, - 0x5f85ed476f99b66c, - 0x13a1c595a7d28470, - 0x9e659a162f4b77ab, - 0x38e5f1a907dd8c03, - 0x2be8ddc3c2b9f5e4, - 0x5b292b78ef11, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x4a7abf6b548d3f55, - 0x395fa5a7d0544612, - 0xd83ea2e5df2a53c2, - 0xeaf18260da30a8b3, - 0x32937ca8ff63a848, - 0xa97cff69961b3836, - 0x5bb9978e3b666f3b, - 0xda3b920d2f491f9a, - 0xd2627c3228760491, - 0xaf79e317e786e3d6, - 0xb9699fb7fe1dea84, - 0x1c4f40b8caed, - ])) - ); - - // Test the opposite subtraction which doesn't test reduction. - tmp = Fq::new(BigInteger768([ - 0x7cdb8adc095c68e4, - 0xef7e55bfa2c7d6fe, - 0x612b4c9e017b6ab2, - 0x1bd77344474e7180, - 0x7717e7ff0fe957fb, - 0x68db8609c8a3733f, - 0x5f85ed476f99b66c, - 0x13a1c595a7d28470, - 0x9e659a162f4b77ab, - 0x38e5f1a907dd8c03, - 0x2be8ddc3c2b9f5e4, - 0x5b292b78ef11, - ])); - tmp.sub_assign(&Fq::new(BigInteger768([ - 0xc7564a475de9a839, - 0x28ddfb67731c1d10, - 0x3969ef83e0a5be75, - 0x6c8f5a5217f1a34, - 0xa9ab64a80f4d0044, - 0x125885735ebeab75, - 0xbb3f84d5ab0025a8, - 0xeddd57a2d71ba40a, - 0x70c8164857c17c3c, - 0xe85fd4c0ef646fda, - 0xe5527d7bc0d7e068, - 0x77786c31b9fe, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x1415a472cfd140ac, - 0xaa3daeaa5c88cb8d, - 0x8b496d8bbb99d22e, - 0x7d694a889c41abf0, - 0x857b90fccbefd5ef, - 0x79ae80d5bfccd67, - 0x3e178d4b65f48862, - 0x2dc22718b957cdf3, - 0x8c556cc74421d3e1, - 0x87fb4387408cc16, - 0x56b8f06af0c4e329, - 0x1a876ecd9f923, - ])) - ); - - // Test for sensible results with zero - tmp = Fq::new(BigInteger768::from(0)); - tmp.sub_assign(&Fq::new(BigInteger768::from(0))); - assert!(tmp.is_zero()); - - tmp = Fq::new(BigInteger768([ - 0xb2b74f8c784b6de, - 0x1d5ae51c4d7a2afc, - 0xf424485fa9ab9789, - 0x39948fcd5f1ba445, - 0xa8635673ec8e6c81, - 0x19b75b83a122ee72, - 0x31e7f890d12e9443, - 0x3dbca4d50c6a02e6, - 0xa4bbd149268eda35, - 0x648728f79da906ef, - 0xa59d876a69cd2af8, - 0x554c1f5e7873, - ])); - tmp.sub_assign(&Fq::new(BigInteger768::from(0))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0xb2b74f8c784b6de, - 0x1d5ae51c4d7a2afc, - 0xf424485fa9ab9789, - 0x39948fcd5f1ba445, - 0xa8635673ec8e6c81, - 0x19b75b83a122ee72, - 0x31e7f890d12e9443, - 0x3dbca4d50c6a02e6, - 0xa4bbd149268eda35, - 0x648728f79da906ef, - 0xa59d876a69cd2af8, - 0x554c1f5e7873, - ])) - ); - } - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure that (a - b) + (b - a) = 0. - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.sub_assign(&b); - - let mut tmp2 = b; - tmp2.sub_assign(&a); - - tmp1.add_assign(&tmp2); - assert!(tmp1.is_zero()); - } -} - - -#[test] -fn test_fq_mul_assign() { - let mut tmp = Fq::new(BigInteger768([ - 0xf90599b5974382d2, - 0xe7581c1924d6b303, - 0x55d7d7228dd30eb2, - 0xa47c9f5d998f2b51, - 0x411c00a50673af12, - 0x181d1518a9c7b25f, - 0x3c64f5fd46039bcf, - 0xf2e55ae09dbc1241, - 0xb7f12d1fb9d5c945, - 0x967c968236916e02, - 0x717e420231853795, - 0x636d6103f527, - ])); - tmp.mul_assign(&Fq::new(BigInteger768([ - 0x43ea1602974be9df, - 0x9d89a1653778ac89, - 0x3d241871d23271cd, - 0x423a8c8dc1ec87fd, - 0xbd1b39df736ddb58, - 0x1d797c82d55bfa7e, - 0x37e34ae333d830a, - 0x86c6146b1b283b29, - 0x83834e34a16c2ac4, - 0x3ab52e777269366b, - 0xab8bf157064f27ed, - 0x1292685293a9a, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x14ae353c059de348, - 0xeb6633d6a82837f5, - 0xf41cd69d4fbc892c, - 0xdb444089367e0b4a, - 0x961b7b8786357e80, - 0x1fbe8be6536a0371, - 0x465ac4f7242a2243, - 0xecd5870ff01c825, - 0x332f77d2b0c14161, - 0x6ad5a4ecbc496483, - 0x4cf4822137e9d7a2, - 0x14c07b7ffa456, - ])) - ); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * b) * c = a * (b * c) - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.mul_assign(&b); - tmp1.mul_assign(&c); - - let mut tmp2 = b; - tmp2.mul_assign(&c); - tmp2.mul_assign(&a); - - assert_eq!(tmp1, tmp2); - } - - for _ in 0..1000000 { - // Ensure that r * (a + b + c) = r*a + r*b + r*c - - let r = Fq::rand(&mut rng); - let mut a = Fq::rand(&mut rng); - let mut b = Fq::rand(&mut rng); - let mut c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - tmp1.mul_assign(&r); - - a.mul_assign(&r); - b.mul_assign(&r); - c.mul_assign(&r); - - a.add_assign(&b); - a.add_assign(&c); - - assert_eq!(tmp1, a); - } -} - - -#[test] -fn test_fq_squaring() { - let mut a = Fq::new(BigInteger768([ - 0xd185e57f9afb8fb5, - 0x2b7fd95edee5f66f, - 0x9ea544d6b3e7c8e5, - 0x2301ffe498f19737, - 0xfc1034b27fe57524, - 0x9d51b22c45752994, - 0x6555c3b6097f83c7, - 0x9d504f54fb0a7b27, - 0x9b45f041912c19e9, - 0xc08807443d74051f, - 0xe49806cdd5773372, - 0x1c3d520d338be, - ])); - assert!(a.is_valid()); - a.square_in_place(); - assert_eq!( - a, - Fq::from_repr(BigInteger768([ - 0x69661e7ce51d9de1, - 0x80e7a38a90970c77, - 0xd7b7136d8b7a3cb6, - 0x1f85d9a72700c5f1, - 0x23c598bde8f3bd79, - 0x72993e5df0b896c0, - 0x3d745a0701458c74, - 0x847527793ef4edcf, - 0x3e683b7b96c452f6, - 0xda49b7613adf8939, - 0xe426f68da1e89cc6, - 0x569dd56b8303, - ])) - ); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * a) = a^2 - let a = Fq::rand(&mut rng); - - let mut tmp = a; - tmp.square_in_place(); - - let mut tmp2 = a; - tmp2.mul_assign(&a); - - assert_eq!(tmp, tmp2); - } -} - -#[test] -fn test_fq_inverse() { - assert!(Fq::zero().inverse().is_none()); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let one = Fq::one(); - - for _ in 0..1000 { - // Ensure that a * a^-1 = 1 - let mut a = Fq::rand(&mut rng); - let ainv = a.inverse().unwrap(); - a.mul_assign(&ainv); - assert_eq!(a, one); - } -} - - -#[test] -fn test_fq_double_in_place() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure doubling a is equivalent to adding a to itself. - let mut a = Fq::rand(&mut rng); - let mut b = a; - b.add_assign(&a); - a.double_in_place(); - assert_eq!(a, b); - } -} - - -#[test] -fn test_fq_negate() { - { - let a = -Fq::zero(); - - assert!(a.is_zero()); - } - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure (a - (-a)) = 0. - let mut a = Fq::rand(&mut rng); - let b = -a; - a.add_assign(&b); - - assert!(a.is_zero()); - } -} - - -#[test] -fn test_fq_pow() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for i in 0..1000 { - // Exponentiate by various small numbers and ensure it consists with repeated - // multiplication. - let a = Fq::rand(&mut rng); - let target = a.pow(&[i]); - let mut c = Fq::one(); - for _ in 0..i { - c.mul_assign(&a); - } - assert_eq!(c, target); - } - - for _ in 0..1000 { - // Exponentiating by the modulus should have no effect in a prime field. - let a = Fq::rand(&mut rng); - - assert_eq!(a, a.pow(Fq::characteristic())); - } -} - - -#[test] -fn test_fq_sqrt() { - - let a_squared = Fq::new(BigInteger768([ - 0xd9ddf9cba96cc287, - 0xd4a37d9a7f28d94c, - 0x2fbe515c4feaefd3, - 0x39cf73ff8cf508d7, - 0xbc4da230bc9f52c, - 0x3e1f0132e1f0851c, - 0x7e7c04b6a099574e, - 0xa7b18147273defee, - 0x4d41983dd4323832, - 0xf85193e73b78a121, - 0x9b111ff50e57db2d, - 0x186a7dede838e, - ])); - let a = a_squared.sqrt().unwrap(); - assert_eq!(a, Fq::new(BigInteger768([ - 0x2246981b0859aa51, - 0x2c27b2a6d58c0be4, - 0xd12541e352f9bff1, - 0x70401d9ca2890cde, - 0xfe3a5678bfaeb0f7, - 0x7c1f5e5cfd935e01, - 0x4f7f6b949a430333, - 0x31a49135470aeee2, - 0xffff8d5b9eab0d02, - 0x989ffec98fb0ed77, - 0xccfebe585ad372c8, - 0x13dc68aa6edec, - ]))); - - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero()); - - for _ in 0..1000 { - // Ensure sqrt(a^2) = a or -a - let a = Fq::rand(&mut rng); - let nega = -a; - let mut b = a; - b.square_in_place(); - - let b = b.sqrt().unwrap(); - - assert!(a == b || nega == b); - } - - for _ in 0..1000 { - // Ensure sqrt(a)^2 = a for random a - let a = Fq::rand(&mut rng); - - if let Some(mut tmp) = a.sqrt() { - tmp.square_in_place(); - - assert_eq!(a, tmp); - } - } -} - - -#[test] -fn test_fq_num_bits() { - assert_eq!(FqParameters::MODULUS_BITS, 753); - assert_eq!(FqParameters::CAPACITY, 752); -} - -#[test] -fn test_fq_bytes() { - let a = Fq::from_repr(BigInteger768([ - 0xc2eb1a79dcc80fb, - 0x8b74b0048ccc0f85, - 0x1395ff13d91ce297, - 0x651b4e825addab48, - 0x8bb827faf35476a9, - 0x4139332c620ccbbc, - 0x81fac1a457bf1d18, - 0xc9e4a3f3eda6e267, - 0x7204a9a538c2a1e0, - 0xa08a8a70b10f136a, - 0x6fb145bda6920c42, - 0x2c646dfb3edc, - ])); - let a_b = to_bytes!(a).unwrap(); - let a_b_read = std::fs::read("src/fields/mnt4753/test_vec/mnt4753_tobyte").unwrap(); - assert_eq!(a_b, a_b_read); - let a_read = Fq::read(a_b_read.as_slice()).unwrap(); - assert_eq!(a, a_read); -} - -#[test] -fn test_convert_fq_fr() { - use crate::fields::{ - convert, mnt4753::{ - Fr, FrParameters, - }, - }; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - - // Safely convert a random Fq into a Fr - let q: Fq = UniformRand::rand(&mut rng); - let q_bits = &q.write_bits()[1..]; //Skip 1 bit, in order to perform a safe conversion - let conv = convert::(q_bits.to_vec()).unwrap(); - assert_eq!(conv.pow(Fr::characteristic()), conv); - - // Safely convert a random Fr into a Fq - let r: Fr = UniformRand::rand(&mut rng); - let r_bits = &r.write_bits()[1..]; //Skip 1 bit, in order to perform a safe conversion - let conv = convert::(r_bits.to_vec()).unwrap(); - assert_eq!(conv.pow(Fq::characteristic()), conv); - } - - //Attempting to convert a bit array that exceeds other field's modulus will result in an error - let modulus_r = Fr::new(FrParameters::MODULUS); - assert!(convert::((modulus_r - &Fr::one()).write_bits()).is_err()); //Fr_Modulus - 1 is bigger than Fq modulus -} - -#[test] -fn test_fq_root_of_unity() { - assert_eq!(FqParameters::TWO_ADICITY, 15); - assert_eq!( - Fq::multiplicative_generator(), - Fq::from_repr(BigInteger768::from(17)) - ); - assert_eq!( - Fq::multiplicative_generator().pow([ - 0x233EBD20C7BC48BD, - 0x4BE1C73AA8A459BA, - 0xA948C71020E33588, - 0xFC70D0B599D2ECE4, - 0x0B3B701E1B4B96A6, - 0xEF3B622FCEEDE430, - 0xDB1B33A249B342B5, - 0xB0E60FFB724BD141, - 0x5FDABD6FD1F2D92F, - 0x9B5B6FF32EA0B71F, - 0x882220452045DDC5, - 0x3898C5B25, - ]), - Fq::root_of_unity() - ); - assert_eq!( - Fq::root_of_unity().pow([1 << FqParameters::TWO_ADICITY]), - Fq::one() - ); - assert!(Fq::multiplicative_generator().sqrt().is_none()); -} - - -#[test] -fn test_fq_ordering() { - // BigInteger768's ordering is well-tested, but we still need to make sure the - // Fq elements aren't being compared in Montgomery form. - for i in 0..100 { - assert!(Fq::from_repr(BigInteger768::from(i + 1)) > Fq::from_repr(BigInteger768::from(i))); - } -} - - -#[test] -fn test_fq_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(QuadraticResidue, Fq::one().legendre()); - assert_eq!(Zero, Fq::zero().legendre()); - - assert_eq!( - QuadraticNonResidue, - Fq::from_repr(BigInteger768::from(13)).legendre() - ); - assert_eq!( - QuadraticResidue, - Fq::from_repr(BigInteger768::from(169)).legendre() - ); - - let e = BigInteger768([ - 0x489302efc996adf7, - 0x7b4bb81ad0f8d9ea, - 0x831b945e1cb94c65, - 0xde6cbbddcb71a21c, - 0xc4c288920781396c, - 0x1f510e8a5d0f9204, - 0x137c3afdd9394bc5, - 0x7a9b5336fea79b3b, - 0x5d045d7cf7e6e740, - 0x78ce9be361f75af2, - 0x72442a1e6ff0a47f, - 0xa813136f81ec, - ]); - assert_eq!(QuadraticNonResidue, Fq::from_repr(e).legendre()); - let e = BigInteger768([ - 0xc467a286665a3a01, - 0x746bb22010770da0, - 0x199fd7b97ae3dde8, - 0x5f5803abb402a9a1, - 0xea7b59755662a360, - 0xb0389a63076a2e8d, - 0x20e406e2cbb7362f, - 0x50c0fbbcf08074db, - 0x66d856be449cdfbb, - 0x567eadc74aa00b15, - 0x4412e4c5b9ce9aae, - 0x17580790e3633, - ]); - assert_eq!(QuadraticResidue, Fq::from_repr(e).legendre()); -} - - -#[test] -fn test_fq2_ordering() { - let mut a = Fq2::new(Fq::zero(), Fq::zero()); - - let mut b = a.clone(); - - assert!(a.cmp(&b) == Ordering::Equal); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); - b.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Greater); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); -} - - -#[test] -fn test_fq2_basics() { - assert_eq!(Fq2::new(Fq::zero(), Fq::zero(),), Fq2::zero()); - assert_eq!(Fq2::new(Fq::one(), Fq::zero(),), Fq2::one()); - assert!(Fq2::zero().is_zero()); - assert!(!Fq2::one().is_zero()); - assert!(!Fq2::new(Fq::zero(), Fq::one(),).is_zero()); -} - -#[test] -fn test_fq2_squaring() { - // i = sqrt(13) in mnt4_753 fq2 - - //(8+i)^2 = 77 + 16i - let a = Fq2::new(Fq::from_repr(BigInteger768::from(8)), Fq::one()).square(); - assert_eq!( - a, - Fq2::new(Fq::from_repr(BigInteger768::from(77)), Fq::from_repr(BigInteger768::from(16))) - ); - - //i^2 = 13 - let a = Fq2::new(Fq::zero(), Fq::one()).square(); - assert_eq!(a, - Fq2::new(Fq::from_repr(BigInteger768::from(13)), Fq::zero()) - ); - - let mut a = Fq2::new( - Fq::from_repr(BigInteger768([ - 0xff128f8b944c48c5, - 0x73351fc9610b2fc7, - 0x2a7ec9853b6149c2, - 0x829544b8e70c8324, - 0x90ca8df680dbb3cb, - 0x97b890988d408de, - 0xad34ee124fc9e1e5, - 0x28112f0b0c052e9, - 0x7efb3d6e48b56c29, - 0x42ca7e6b53f59fe4, - 0x59902c4c0c7c2794, - 0x3a53cfef3e95, - ])), - Fq::from_repr(BigInteger768([ - 0x97e9cfc0c257c70b, - 0x7df17f22f3a7cd5, - 0xa17378ac19414061, - 0x19b57a91e3078396, - 0xa89301cd176713b0, - 0x779fd05b05cc6f7e, - 0xa78d0b554b342fe7, - 0xb6c8fdc260726a59, - 0xd46bb7e9849a0674, - 0x32135600cc7c33ef, - 0x9651b872b7c8c88d, - 0x11cc6249d7977, - ])), - ); - a.square_in_place(); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x7e776a6249e3692f, - 0xe94d32ccee6a0fa0, - 0x6f7be94f4856f904, - 0xa32707f3e6c8681e, - 0xb703912c9df1b826, - 0x8695d8a2b3f9a2d7, - 0x4fc12ff6b2adc9e3, - 0x60c24677cc0ff766, - 0xbfc9fe3df21beb2f, - 0x51fb8916485165d8, - 0xb5dd8fc1fc3b6b62, - 0x104064032c6cb, - ])), - Fq::from_repr(BigInteger768([ - 0x55da822db96624ac, - 0x55b289dc1366a1de, - 0xd668c50654d6f919, - 0xbf3c0956bb907919, - 0xf1830ee028bfbfc0, - 0xa86fbe0e8aa0a18c, - 0xaefb71371ed4a03e, - 0x3d39ed069544eefb, - 0xfaf8197459cb76dc, - 0xf3e574a54c55b2d, - 0x67da7270a707f7f5, - 0xbd0be9a5a08a, - ])), - ) - ); -} - -#[test] -fn test_fq2_mul() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger768([ - 0x2afdb2e15999761d, - 0xbe74b32b3fc6c1a5, - 0x98b5af1a5ae56540, - 0xbba4a5a2d14a9496, - 0x399e0ec60182c40, - 0x1a9fdc1d6c67c284, - 0x65b4509da003e4cd, - 0x7f1b656f0f977c2f, - 0x3844e026770c0ca9, - 0xd7a204e04badafd0, - 0x19cf945757c30fb0, - 0x18ac8efa22b1d, - ])), - Fq::from_repr(BigInteger768([ - 0x859a004149732671, - 0x375fb8c3d741b4ec, - 0x8abe05fa793ec11a, - 0xa2d18fddf5c30ba0, - 0x5376af17184bb5cc, - 0x98559a5bc9071c94, - 0x91c9e09032a76bb, - 0x12d08be52bab51be, - 0x4ca7b42ec1c58def, - 0x283e9cecfeaae3e, - 0x82b3528d7699d664, - 0x15f0238583afa, - ])), - ); - a.mul_assign(&Fq2::new( - Fq::from_repr(BigInteger768([ - 0x182ee151232e14cf, - 0x5dd5c035904f4c4b, - 0x72655ce8807a17e1, - 0x9fd5dd0dd3e1f830, - 0xf28ce0175b26c7d4, - 0x123ba7eeeecc6ef9, - 0xa4e8cc882555844a, - 0xb734c8a6ee7f5732, - 0x2589347b7c6b2a4a, - 0x28866daaeef933a3, - 0xa5ec12d10c6c461, - 0x16772bdde2b5f, - ])), - Fq::from_repr(BigInteger768([ - 0x90e899987662bb27, - 0xf05be6e5e0216763, - 0xc814bc0792075341, - 0x112e6ef80d2378f9, - 0x6d14622921e4e62, - 0xfaeea70c1909193e, - 0x1d48b9e0ed0434d0, - 0x892966119014a798, - 0xc7dc187e4e1d5461, - 0x5eb7beebd479c963, - 0x332549b47f987f3a, - 0xe34afdcf1d1d, - ])), - )); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xecb889331ad1571e, - 0x82678d008679c1cb, - 0x11741dc59f073796, - 0x747bb020f4f07faa, - 0xa5fe03aa50ea7ac0, - 0x43f301fb870ec899, - 0xbe67409dcc2a5cc4, - 0xb28630629c388aec, - 0xb0ac2892f1d8533d, - 0x545103503e23eb1, - 0xa66dfe734b1c7559, - 0x18aa7cd804a0, - ])), - Fq::from_repr(BigInteger768([ - 0xaad2909b79f04c49, - 0x1a0985bb1bb7df0b, - 0xd308b5e6a70a91, - 0x7c50582215541503, - 0x4ebd6cbcfff753d8, - 0x8b3951d333a1e62b, - 0xe36bd3445f646239, - 0xc38e569980cd3b0a, - 0x20971efaf96a7221, - 0xd9732b87dd87e2f2, - 0x89fd7bc4b1e0d206, - 0x8ad6da1cadf6, - ])), - ) - ); -} - -#[test] -fn test_fq2_inverse() { - assert!(Fq2::zero().inverse().is_none()); - - let a = Fq2::new( - Fq::from_repr(BigInteger768([ - 0x964ee7cea60eb57a, - 0x6a20aa04ade93fef, - 0xacad401a731d63b8, - 0x9b17c20453c8ae50, - 0x90a161e54914c977, - 0xb47208162dbabb01, - 0xc9fb2d426c6efeb0, - 0x6d8dd6c568d71255, - 0xa1d593606b258533, - 0x2ab40dc82fb3e5b2, - 0xb3fd8dc7652f42fd, - 0xdd826c52197d, - ])), - Fq::from_repr(BigInteger768([ - 0x3f8dc7345415c891, - 0x6e349462399200a9, - 0x5c6297acf72ec991, - 0xbb86c426e88a4703, - 0xf79cb1fdb656a004, - 0x3add3e19fdef1ca1, - 0x93d52b31be1bb9ab, - 0x51b69e5a6351de11, - 0x2d4c21d857c7d54, - 0x6133841cfe93454a, - 0x25e4324f4bed09d, - 0xd4a9ceb9414e, - ])), - ); - let a = a.inverse().unwrap(); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xa9170fd89427009f, - 0x3007b9970b056fe0, - 0xb6fdba1a0e158619, - 0x8a2b68fb7c527ea3, - 0x5e27ea1d2fa42e38, - 0x273c25a3af332812, - 0xfb4c5e4663edf31f, - 0xc622624050d88ce0, - 0xc4bc1e449e9330f0, - 0x299d388979feb63a, - 0x9e33166d1029311d, - 0x15c016a382d93, - ])), - Fq::from_repr(BigInteger768([ - 0x54cb5db3c0e0dfd, - 0xcc69f7964588fe33, - 0x8d1746178ee824fe, - 0x2ad9cfb2c866b0f2, - 0x7ce0518badf35a70, - 0x4908b6bff1aa2b0f, - 0x7700ee3e86ebe18f, - 0xb824ee7d86a120e3, - 0xeb69a93c7c547c8, - 0x658da3ee4426f138, - 0x2ff3cf1bc2054fbb, - 0x10913f2d35c0b, - ])), - ) - ); -} - -#[test] -fn test_fq2_addition() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger768([ - 0x9c6a036d6c0e6b2, - 0xe9622ccb4be29f0, - 0xd1090e2133506233, - 0xe2be2eca38e9223b, - 0xb215917925a0b6bb, - 0x9b4543407e543059, - 0xf1ac1204181afa12, - 0x14d664ce1b1ec9fa, - 0xd3965b381be984e9, - 0xe858e69aca0e179, - 0x3d0573773a04373c, - 0xad05b8045478, - ])), - Fq::from_repr(BigInteger768([ - 0x6e61832ccce96f9, - 0xe7e230cea04d41e9, - 0x36feb392cebdfe0, - 0xb80d4df2196fa340, - 0x5849ab55060d640e, - 0x92332e56d682f3b, - 0x73678f1c037bfc3, - 0xf90690d8831b1b1d, - 0xfc9aa8b7c28a18cb, - 0x89725c4fcb551e4f, - 0xb9a41c05d4daae61, - 0xa6cc7717bc8d, - ])), - ); - a.add_assign(&Fq2::new( - Fq::from_repr(BigInteger768([ - 0x989b61d995737933, - 0xd749df4a5ff4f0b, - 0x48fbe68eb6a94b7a, - 0xec7ac71f4db92487, - 0xa785e0a0ad64a59a, - 0x5c954cb8bfa22fe6, - 0xe3a2c18a1e689e2c, - 0x798e452560b52cbb, - 0xe829a8718cc5fd11, - 0x197b35482311da0e, - 0x9602e4eb487dc7d1, - 0x1703bbbf3925b, - ])), - Fq::from_repr(BigInteger768([ - 0x33eb5194f9e480e8, - 0x3802e435600e705f, - 0xce1b3a556e69d362, - 0x17b3496b34b071b3, - 0x961047d03fabb74, - 0xe17e03b8314d400d, - 0x836ac49d3810035d, - 0x27069fab144e67e, - 0x170dddb329465830, - 0xaee5d09dcf6bc44, - 0xa6f2b42ef5824b55, - 0x8f00b6755561, - ])), - )); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x43d19e3247d5dfe4, - 0x386d6c6f2de0675c, - 0xb67ce43e4f3587bc, - 0x66de2900102ff21e, - 0xa18c647407b1de1e, - 0x46c2a8824bde5aa2, - 0x3b7daeb49528a0a1, - 0x8666f0cd93330929, - 0x5d081ab03c17a987, - 0x70072c6174230b9b, - 0xc2e5c83f939f315f, - 0x587b466522c2, - ])), - Fq::from_repr(BigInteger768([ - 0x3ad169c7c6b317e1, - 0x1fe51504005bb248, - 0xd18b258e9b55b343, - 0xcfc0975d4e2014f3, - 0x61aaafd20a081f82, - 0xeaa1369d9eb56f48, - 0x8aa13d8ef847c320, - 0xfb76fad33460019b, - 0x13a8866aebd070fb, - 0x9460b959a84bda94, - 0x6096d034ca5cf9b6, - 0x135cd2d8d11ef, - ])), - ) - ); -} - -#[test] -fn test_fq2_subtraction() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger768([ - 0xd223db5aa01be301, - 0xb43df8745c408868, - 0xda58342db6a6e003, - 0x3551f61a382a5c2e, - 0xa2eb7284b58e8994, - 0xb26cb3d1474a47aa, - 0xc2fd220690df29bc, - 0x65ce308f11635aab, - 0xb996006a2d77ee54, - 0x6f6bb892d2ae31f6, - 0xc8af668ef80502b6, - 0xf3665d7d89e5, - ])), - Fq::from_repr(BigInteger768([ - 0x95cb398cb87c0a77, - 0x8f3c32f14300d583, - 0xb6a93e2d244afc4c, - 0xc9180ec333d1582b, - 0x81858a29598551f2, - 0xcece72a28273e79e, - 0x24fd7d0687680c73, - 0xc8e2dab05c00b126, - 0x1b3626091256f084, - 0x31356f806cce35ef, - 0x62b546ca1c5c9625, - 0x11e6a92ae3475, - ])), - ); - a.sub_assign(&Fq2::new( - Fq::from_repr(BigInteger768([ - 0x58e8fabc65a52629, - 0x813ab8eb0453c060, - 0x4ed6e1b7df50afd8, - 0xc924a861da12942f, - 0x9ec615461d151df7, - 0x9aa300afbf8f0c9f, - 0x5aca78259b54103e, - 0xb5a526fa22b2ba5b, - 0x9d493bf936d88b81, - 0xf2b01cb9c763b92, - 0x99144cf7e765cd17, - 0x651ce9fa1806, - ])), - Fq::from_repr(BigInteger768([ - 0x3583e181dd94c2b1, - 0xd60e335793fda76f, - 0xd640106688f4c053, - 0xe4dde19abd9bf22c, - 0x1b50bcd3b8e65405, - 0x483e6b331c38ddd4, - 0x2b5a5514814add9d, - 0x1460bb60835d99b6, - 0x3d7edd36ad73cba2, - 0xd2ba566386ceff49, - 0x2510954f48b81a0, - 0x1163a5829bd3a, - ])), - )); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x793ae09e3a76bcd8, - 0x33033f8957ecc808, - 0x8b815275d756302b, - 0x6c2d4db85e17c7ff, - 0x4255d3e98796b9c, - 0x17c9b32187bb3b0b, - 0x6832a9e0f58b197e, - 0xb0290994eeb0a050, - 0x1c4cc470f69f62d2, - 0x6040b6c73637f664, - 0x2f9b1997109f359f, - 0x8e49738371df, - ])), - Fq::from_repr(BigInteger768([ - 0x6047580adae747c6, - 0xb92dff99af032e14, - 0xe0692dc69b563bf8, - 0xe43a2d28763565fe, - 0x6634cd55a09efdec, - 0x8690076f663b09ca, - 0xf9a327f2061d2ed6, - 0xb4821f4fd8a3176f, - 0xddb748d264e324e2, - 0x5e7b191ce5ff36a5, - 0x60643d7527d11484, - 0x8303a84773b, - ])), - ) - ); -} - -#[test] -fn test_fq2_negation() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger768([ - 0xacfb56ae6b5e56c5, - 0x25b0948724d89058, - 0xfb36d5a1676d8cf0, - 0xb323d8e527ee2e3a, - 0x381dcb3112b73661, - 0xe223c17603e0f4cd, - 0xd1892e0ca7b20e00, - 0x1fec661b9b11f52e, - 0x80eab1b3db98720d, - 0x35d5144f89e05606, - 0xee744410b3f8a3f3, - 0xf8ff68170059, - ])), - Fq::from_repr(BigInteger768([ - 0x26c4d98b160b718d, - 0x8d394f31abe4784, - 0xfb98c2b6c2052e84, - 0x4382195183aa598, - 0x3186453d2058019, - 0x9889296f1d8715f0, - 0x86437bcffbe3c11c, - 0x9bc7d14c4a915d69, - 0xdc71f4fdc3a37922, - 0x8df9c47d66790331, - 0xbe517812bd9a9752, - 0x1b7cb0803f1c0, - ])), - ); - a = -a; - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xb1950d2fb900293c, - 0xbdecbfcb08048146, - 0x68513ad033569900, - 0xb536f4044e842669, - 0x7ff14274b89c47d6, - 0xcef42600ee3710d0, - 0xc847f6ccf9a8e99c, - 0xe811530a4d8ef85e, - 0xddcd374590ff6665, - 0x82248300d1af59e6, - 0x21ae4c123aea29ba, - 0xcbc6c57bc3b7, - ])), - Fq::from_repr(BigInteger768([ - 0x37cb8a530e530e74, - 0xdac9bf5f121eca1b, - 0x67ef4dbad8bef76c, - 0x6422ab545e37af0b, - 0xb4f6a951f94dfe1f, - 0x188ebe07d490efad, - 0x138da909a5773681, - 0x6c35e7d99e0f9024, - 0x8245f3fba8f45f50, - 0x29ffd2d2f516acbb, - 0x51d118103148365b, - 0xcfb258ed250, - ])), - ) - ); -} - -#[test] -fn test_fq2_doubling() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger768([ - 0x5de6a90e1dabcd6f, - 0x91232ff1f83871e1, - 0xa3b7cf9905943cda, - 0x2ae2448c879b402b, - 0xae8dbfbb420e533e, - 0x37e2505227b2488a, - 0x1b22f1a4d29c13e4, - 0xa6ffb961595f2f41, - 0xc0e32085f70a1843, - 0xab5734b40aeafeaa, - 0x4e35a1ed7b854060, - 0x1b9215305af80, - ])), - Fq::from_repr(BigInteger768([ - 0x496546eafb30bf92, - 0x9c79448c3429e603, - 0x9d987088402f672f, - 0x21271066822a7fe3, - 0xed1ba13befaeb1e6, - 0x329f98ccf9f342c2, - 0xacf3614d1bb82214, - 0x5934a9705c3c91cc, - 0xfdfb138fb457b4fd, - 0x6eac21a419a97545, - 0xdf52d3010537ce54, - 0x10b44e2b445c4, - ])), - ); - a.double_in_place(); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0x5d3cee3e16f91add, - 0x3ea90b91c393d223, - 0xe3e78ec0706453c4, - 0xed69bc2f98c42bb2, - 0xa50c71d0b8c92843, - 0xbeacb92d5d4c8b77, - 0x9c74be7003dd302a, - 0x4601b99cca1d70f4, - 0x230e5812817c5814, - 0x9eb4d217ba464d68, - 0x8c48b3b80827b313, - 0x1ad7c78789aef, - ])), - Fq::from_repr(BigInteger768([ - 0x343a29f7d202ff23, - 0x555534c63b76ba67, - 0xd7a8d09ee59aa86e, - 0xd9f353e38de2ab22, - 0x222834d21409e593, - 0xb4274a2301ce7fe8, - 0xc0159dc096154c8a, - 0xaa6b99bacfd8360b, - 0x9d3e3e25fc179187, - 0x255eabf7d7c33a9e, - 0xae8315df1b8ccefb, - 0x51c397d5c778, - ])), - ) - ); -} - -#[test] -fn test_fq2_frobenius_map() { - let mut a = Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe4cc1c461ee5b8af, - 0xbfdde425f805dba7, - 0x6583adec0dff5830, - 0x595619386f074c4c, - 0x70bf2940f4b13a47, - 0x9da1accdeaa0ffed, - 0xb4463c694091e28d, - 0x8099a1ea8431ee7a, - 0x68c85b07984826ba, - 0x29318418cb52a2fd, - 0xd79b651f5823264d, - 0x12cd3bc49a35b, - ])), - Fq::from_repr(BigInteger768([ - 0x3fbc766f5be800c, - 0x9f560a6739cda688, - 0xec0e383d4c2b9af7, - 0x7fed2657aa03f5f1, - 0x3d4f91a837a35136, - 0xcfd09e93ffbee91a, - 0x7636125662e8020f, - 0xb4303ceb7a4cfb00, - 0x4204c128b8670d5b, - 0x63f63e46eb59aaa3, - 0x987831d5a07208cc, - 0x180bca61c183b, - ])), - ); - a.frobenius_map(0); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe4cc1c461ee5b8af, - 0xbfdde425f805dba7, - 0x6583adec0dff5830, - 0x595619386f074c4c, - 0x70bf2940f4b13a47, - 0x9da1accdeaa0ffed, - 0xb4463c694091e28d, - 0x8099a1ea8431ee7a, - 0x68c85b07984826ba, - 0x29318418cb52a2fd, - 0xd79b651f5823264d, - 0x12cd3bc49a35b, - ])), - Fq::from_repr(BigInteger768([ - 0x3fbc766f5be800c, - 0x9f560a6739cda688, - 0xec0e383d4c2b9af7, - 0x7fed2657aa03f5f1, - 0x3d4f91a837a35136, - 0xcfd09e93ffbee91a, - 0x7636125662e8020f, - 0xb4303ceb7a4cfb00, - 0x4204c128b8670d5b, - 0x63f63e46eb59aaa3, - 0x987831d5a07208cc, - 0x180bca61c183b, - ])), - ) - ); - a.frobenius_map(1); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe4cc1c461ee5b8af, - 0xbfdde425f805dba7, - 0x6583adec0dff5830, - 0x595619386f074c4c, - 0x70bf2940f4b13a47, - 0x9da1accdeaa0ffed, - 0xb4463c694091e28d, - 0x8099a1ea8431ee7a, - 0x68c85b07984826ba, - 0x29318418cb52a2fd, - 0xd79b651f5823264d, - 0x12cd3bc49a35b, - ])), - Fq::from_repr(BigInteger768([ - 0x5a949c772e9ffff5, - 0x444749eaf30f6b17, - 0x7779d8344e988af9, - 0xe86da691cc6e5eb2, - 0x7abf7bfd93b02d01, - 0xe14748e2f2591c83, - 0x239b12833e72f58d, - 0x53cd7c3a6e53f28d, - 0x1cb327d0b430cb17, - 0x540359097036054a, - 0x77aa5e4d4e70c4e1, - 0x44098776abd5, - ])), - ) - ); - a.frobenius_map(1); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe4cc1c461ee5b8af, - 0xbfdde425f805dba7, - 0x6583adec0dff5830, - 0x595619386f074c4c, - 0x70bf2940f4b13a47, - 0x9da1accdeaa0ffed, - 0xb4463c694091e28d, - 0x8099a1ea8431ee7a, - 0x68c85b07984826ba, - 0x29318418cb52a2fd, - 0xd79b651f5823264d, - 0x12cd3bc49a35b, - ])), - Fq::from_repr(BigInteger768([ - 0x3fbc766f5be800c, - 0x9f560a6739cda688, - 0xec0e383d4c2b9af7, - 0x7fed2657aa03f5f1, - 0x3d4f91a837a35136, - 0xcfd09e93ffbee91a, - 0x7636125662e8020f, - 0xb4303ceb7a4cfb00, - 0x4204c128b8670d5b, - 0x63f63e46eb59aaa3, - 0x987831d5a07208cc, - 0x180bca61c183b, - ])), - ) - ); - a.frobenius_map(2); - assert_eq!( - a, - Fq2::new( - Fq::from_repr(BigInteger768([ - 0xe4cc1c461ee5b8af, - 0xbfdde425f805dba7, - 0x6583adec0dff5830, - 0x595619386f074c4c, - 0x70bf2940f4b13a47, - 0x9da1accdeaa0ffed, - 0xb4463c694091e28d, - 0x8099a1ea8431ee7a, - 0x68c85b07984826ba, - 0x29318418cb52a2fd, - 0xd79b651f5823264d, - 0x12cd3bc49a35b, - ])), - Fq::from_repr(BigInteger768([ - 0x3fbc766f5be800c, - 0x9f560a6739cda688, - 0xec0e383d4c2b9af7, - 0x7fed2657aa03f5f1, - 0x3d4f91a837a35136, - 0xcfd09e93ffbee91a, - 0x7636125662e8020f, - 0xb4303ceb7a4cfb00, - 0x4204c128b8670d5b, - 0x63f63e46eb59aaa3, - 0x987831d5a07208cc, - 0x180bca61c183b, - ])), - ) - ); -} - - -#[test] -fn test_fq2_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(Zero, Fq2::zero().legendre()); - assert_eq!(QuadraticNonResidue, Fq2Parameters::NONRESIDUE.legendre()); - assert_eq!(QuadraticNonResidue, Fq4Parameters::NONRESIDUE.legendre()); - - // i^2 = -1 - let mut m1 = -Fq2::one(); - assert_eq!(QuadraticResidue, m1.legendre()); - m1 = Fq4Parameters::mul_fp2_by_nonresidue(&m1); - assert_eq!(QuadraticNonResidue, m1.legendre()); -} - - -#[test] -fn test_fq2_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let nqr = Fq2::new( - Fq::zero(), - Fq::one() - ); - - for _ in 0..1000 { - let mut a = Fq2::rand(&mut rng); - let mut b = a; - a = Fq4Parameters::mul_fp2_by_nonresidue(&a); - b.mul_assign(&nqr); - - assert_eq!(a, b); - } -} - -#[test] -fn test_fq4_mul_by_023() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c0 = Fq::rand(&mut rng); - let c2 = Fq::rand(&mut rng); - let c3 = Fq::rand(&mut rng); - let to_mul = Fq4::new( - Fq2::new(c0, Fq::zero()), - Fq2::new(c2, c3), - ); - let a = Fq4::rand(&mut rng); - let mut b = a; - - b.mul_assign(&to_mul); - - assert_eq!(a.mul_by_023(&to_mul), b); - } -} \ No newline at end of file diff --git a/algebra/src/fields/mnt6/fq.rs b/algebra/src/fields/mnt6/fq.rs deleted file mode 100644 index 69480cdaf..000000000 --- a/algebra/src/fields/mnt6/fq.rs +++ /dev/null @@ -1,94 +0,0 @@ -use crate::{ - biginteger::BigInteger320 as BigInteger, - fields::{Fp320, Fp320Parameters, FpParameters}, - field_new, -}; - -pub type Fq = Fp320; - -pub struct FqParameters; - -impl Fp320Parameters for FqParameters {} -impl FpParameters for FqParameters { - type BigInt = BigInteger; - - // MODULUS = 475922286169261325753349249653048451545124878552823515553267735739164647307408490559963137 - const MODULUS: BigInteger = BigInteger([ - 0xbb4334a400000001, - 0xfb494c07925d6ad3, - 0xcaeec9635cf44194, - 0xa266249da7b0548e, - 0x3bcf7bcd473, - ]); - - const MODULUS_BITS: u32 = 298; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 22; - - const R: BigInteger = BigInteger([ - 0xc3177aefffbb845c, - 0x9b80c702f9961788, - 0xc5df8dcdac70a85a, - 0x29184098647b5197, - 0x1c1223d33c3, - ]); - - const R2: BigInteger = BigInteger([ - 0x465a743c68e0596b, - 0x34f9102adb68371, - 0x4bbd6dcf1e3a8386, - 0x2ff00dced8e4b6d, - 0x149bb44a342, - ]); - - const INV: u64 = 0xbb4334a3ffffffff; - - const GENERATOR: BigInteger = BigInteger([ - 0xb1ddfacffd532b94, - 0x25e295ff76674008, - 0x8f00647b48958d36, - 0x1159f37d4e0fddb2, - 0x2977770b3d1, - ]); - - const TWO_ADICITY: u32 = 34; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 0x818b361df1af7be4, - 0x2ae2750d46a53957, - 0x5784a8fe792c5f8a, - 0xf9bd39c0cdcf1bb6, - 0x6a24a0f8a8, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0xdda19a5200000000, - 0x7da4a603c92eb569, - 0x657764b1ae7a20ca, - 0xd133124ed3d82a47, - 0x1de7bde6a39, - ]); - - // T and T_MINUS_ONE_DIV_TWO, where MODULUS - 1 = 2^S * T - - const T: BigInteger = BigInteger([ - 0xe4975ab4eed0cd29, - 0xd73d10653ed25301, - 0x69ec1523b2bbb258, - 0x3def351ce8998927, - 0xef, - ]); - - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0xf24bad5a77686694, - 0x6b9e88329f692980, - 0xb4f60a91d95dd92c, - 0x9ef79a8e744cc493, - 0x77, - ]); -} - -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0])); diff --git a/algebra/src/fields/mnt6/fq3.rs b/algebra/src/fields/mnt6/fq3.rs deleted file mode 100644 index 4600d9c70..000000000 --- a/algebra/src/fields/mnt6/fq3.rs +++ /dev/null @@ -1,104 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger320 as BigInteger, - fields::{ - fp3::{Fp3, Fp3Parameters}, - mnt6::fq::Fq, - }, -}; - -pub type Fq3 = Fp3; - -pub struct Fq3Parameters; - -impl Fp3Parameters for Fq3Parameters { - type Fp = Fq; - - //alpha = 11 - const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ - 0x58eefd67fea995ca, - 0x12f14affbb33a004, - 0x4780323da44ac69b, - 0x88acf9bea707eed9, - 0x14bbbb859e8, - ])); - - const TWO_ADICITY: u32 = 34; - - const T_MINUS_ONE_DIV_TWO: &'static [u64] = &[ - 0x69232b75663933bd, - 0xca650efcfc00ee0, - 0x77ca3963fe36f720, - 0xe4cb46632f9bcf7e, - 0xef510453f08f9f30, - 0x9dd5b8fc72f02d83, - 0x7f8d017ed86608ab, - 0xeb2219b3697c97a4, - 0xc8663846ab96996f, - 0x833cd532053eac7d, - 0x1d5b73dfb20bd3cc, - 0x6f5f6da606b59873, - 0x62e990f43dfc42d6, - 0x6878f58, - ]; - - const QUADRATIC_NONRESIDUE_TO_T: (Fq, Fq, Fq) = ( - field_new!(Fq, BigInteger([ - 0x44a4178610a3a4e6, - 0x49321e4d00f35073, - 0xbbc01b9c400c07a1, - 0xd0127c4589095738, - 0x3730de2a45d, - ])), - field_new!(Fq, BigInteger([0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger([0, 0, 0, 0, 0])), - ); - - const FROBENIUS_COEFF_FP3_C1: &'static [Fq] = &[ - field_new!(Fq, BigInteger([ - 0xc3177aefffbb845c, - 0x9b80c702f9961788, - 0xc5df8dcdac70a85a, - 0x29184098647b5197, - 0x1c1223d33c3, - ])), - field_new!(Fq, BigInteger([ - 0x1c17bb7477085b6a, - 0x2621629c22e83dbb, - 0x21c062106d949dd8, - 0x9d5b981062164ba, - 0x84ad703207, - ])), - field_new!(Fq, BigInteger([ - 0xdc13fe3f893c203b, - 0x39a7226875df158f, - 0xe34ed98542eefb62, - 0x6f782a843d139e3c, - 0x177280f6ea9, - ])), - ]; - - const FROBENIUS_COEFF_FP3_C2: &'static [Fq] = &[ - field_new!(Fq, BigInteger([ - 0xc3177aefffbb845c, - 0x9b80c702f9961788, - 0xc5df8dcdac70a85a, - 0x29184098647b5197, - 0x1c1223d33c3, - ])), - field_new!(Fq, BigInteger([ - 0xdc13fe3f893c203b, - 0x39a7226875df158f, - 0xe34ed98542eefb62, - 0x6f782a843d139e3c, - 0x177280f6ea9, - ])), - field_new!(Fq, BigInteger([ - 0x1c17bb7477085b6a, - 0x2621629c22e83dbb, - 0x21c062106d949dd8, - 0x9d5b981062164ba, - 0x84ad703207, - ])), - ]; -} diff --git a/algebra/src/fields/mnt6/fq6.rs b/algebra/src/fields/mnt6/fq6.rs deleted file mode 100644 index a9fb9ad2b..000000000 --- a/algebra/src/fields/mnt6/fq6.rs +++ /dev/null @@ -1,66 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger320 as BigInteger, - fields::{ - fp6_2over3::{Fp6, Fp6Parameters}, - mnt6::{ - fq::{Fq, FQ_ZERO, FQ_ONE}, - fq3::{Fq3, Fq3Parameters}, - }, - }, -}; - -pub type Fq6 = Fp6; - -pub struct Fq6Parameters; - -impl Fp6Parameters for Fq6Parameters { - type Fp3Params = Fq3Parameters; - - const NONRESIDUE: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO); - - const FROBENIUS_COEFF_FP6_C1: &'static [Fq] = &[ - field_new!(Fq, BigInteger([ - 0xc3177aefffbb845c, - 0x9b80c702f9961788, - 0xc5df8dcdac70a85a, - 0x29184098647b5197, - 0x1c1223d33c3, - ])), - field_new!(Fq, BigInteger([ - 0xdf2f366476c3dfc6, - 0xc1a2299f1c7e5543, - 0xe79fefde1a054632, - 0x32edfa196a9cb651, - 0x245cfad65ca, - ])), - field_new!(Fq, BigInteger([ - 0x1c17bb7477085b6a, - 0x2621629c22e83dbb, - 0x21c062106d949dd8, - 0x9d5b981062164ba, - 0x84ad703207, - ])), - field_new!(Fq, BigInteger([ - 0xf82bb9b400447ba5, - 0x5fc8850498c7534a, - 0x50f3b95b083993a, - 0x794de405433502f7, - 0x1fbd57fa0b0, - ])), - field_new!(Fq, BigInteger([ - 0xdc13fe3f893c203b, - 0x39a7226875df158f, - 0xe34ed98542eefb62, - 0x6f782a843d139e3c, - 0x177280f6ea9, - ])), - field_new!(Fq, BigInteger([ - 0x9f2b792f88f7a497, - 0xd527e96b6f752d18, - 0xa92e6752ef5fa3bc, - 0x98906b1ca18eefd4, - 0x3384a4ca26c, - ])), - ]; -} diff --git a/algebra/src/fields/mnt6/fr.rs b/algebra/src/fields/mnt6/fr.rs deleted file mode 100644 index 611a24fbf..000000000 --- a/algebra/src/fields/mnt6/fr.rs +++ /dev/null @@ -1,88 +0,0 @@ -use crate::{ - biginteger::BigInteger320 as BigInteger, - fields::{Fp320, Fp320Parameters, FpParameters}, -}; - -pub type Fr = Fp320; - -pub struct FrParameters; - -impl Fp320Parameters for FrParameters {} -impl FpParameters for FrParameters { - type BigInt = BigInteger; - - // MODULUS = 475922286169261325753349249653048451545124879242694725395555128576210262817955800483758081 - const MODULUS: BigInteger = BigInteger([ - 14487189785281953793u64, - 4731562877756902930u64, - 14622846468719063274u64, - 11702080941310629006u64, - 4110145082483u64, - ]); - - const MODULUS_BITS: u32 = 298; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 22; - - const R: BigInteger = BigInteger([ - 1784298994435064924u64, - 16852041090100268533u64, - 14258261760832875328u64, - 2961187778261111191u64, - 1929014752195u64, - ]); - - const R2: BigInteger = BigInteger([ - 28619103704175136u64, - 11702218449377544339u64, - 7403203599591297249u64, - 2248105543421449339u64, - 2357678148148u64, - ]); - - const INV: u64 = 12714121028002250751u64; - - const GENERATOR: BigInteger = BigInteger([ - 2709730703260633621u64, - 13556085429182073539u64, - 10903316137158576359u64, - 5319113788683590444u64, - 4022235209932u64, - ]); - - const TWO_ADICITY: u32 = 17; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 9821480371597472441u64, - 9468346035609379175u64, - 9963748368231707135u64, - 14865337659602750405u64, - 3984815592673u64, - ]); - - const T: BigInteger = BigInteger([ - 0x70964866b2d38b3, - 0x987520d4f1af2890, - 0x2a47657764b1ae89, - 0x6a39d133124ed3d8, - 0x1de7bde, - ]); - - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x384b24335969c59, - 0xcc3a906a78d79448, - 0x1523b2bbb258d744, - 0x351ce899892769ec, - 0xef3def, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x64866b2d38b30000, - 0x20d4f1af28900709, - 0x657764b1ae899875, - 0xd133124ed3d82a47, - 0x1de7bde6a39, - ]); -} diff --git a/algebra/src/fields/mnt6/mod.rs b/algebra/src/fields/mnt6/mod.rs deleted file mode 100644 index 7bfd333df..000000000 --- a/algebra/src/fields/mnt6/mod.rs +++ /dev/null @@ -1,14 +0,0 @@ -pub mod fr; -pub use self::fr::*; - -pub mod fq; -pub use self::fq::*; - -pub mod fq3; -pub use self::fq3::*; - -pub mod fq6; -pub use self::fq6::*; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/mnt6/tests.rs b/algebra/src/fields/mnt6/tests.rs deleted file mode 100644 index 6b486e469..000000000 --- a/algebra/src/fields/mnt6/tests.rs +++ /dev/null @@ -1,47 +0,0 @@ -use crate::{ - fields::tests::{field_test, frobenius_test, primefield_test, sqrt_field_test}, - Field, -}; - -#[test] -fn test_mnt6_fr() { - use crate::fields::mnt6::Fr; - - let a: Fr = rand::random(); - let b: Fr = rand::random(); - field_test(a, b); - sqrt_field_test(a); - primefield_test::(); -} - -#[test] -fn test_mnt6_fq() { - use crate::fields::mnt6::Fq; - - let a: Fq = rand::random(); - let b: Fq = rand::random(); - field_test(a, b); - sqrt_field_test(a); - primefield_test::(); -} - -#[test] -fn test_mnt6_fq3() { - use crate::fields::mnt6::{Fq, Fq3}; - - let a: Fq3 = rand::random(); - let b: Fq3 = rand::random(); - field_test(a, b); - sqrt_field_test(a); - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_mnt6_fq6() { - use crate::fields::mnt6::{Fq, Fq6}; - - let a: Fq6 = rand::random(); - let b: Fq6 = rand::random(); - field_test(a, b); - frobenius_test::(Fq::characteristic(), 13); -} diff --git a/algebra/src/fields/mnt6753/fq.rs b/algebra/src/fields/mnt6753/fq.rs deleted file mode 100644 index a1c4effe0..000000000 --- a/algebra/src/fields/mnt6753/fq.rs +++ /dev/null @@ -1,168 +0,0 @@ -use crate::{ - biginteger::BigInteger768 as BigInteger, - fields::{Fp768, Fp768Parameters, FpParameters}, - field_new, -}; - -pub type Fq = Fp768; - -pub struct FqParameters; - -impl Fp768Parameters for FqParameters {} -impl FpParameters for FqParameters { - type BigInt = BigInteger; - //q=4189849096791895340234421479124063712817070991995394907178350292102535\ - // 2812571106773058893763790338921418070971888458477323173057491593855069\ - // 6962418547963961657214163253500644414704181378463984696119357190599081\ - // 64220784476160001 - const MODULUS: BigInteger = BigInteger([ - 0xD90776E240000001, - 0x4EA099170FA13A4F, - 0xD6C381BC3F005797, - 0xB9DFF97634993AA4, - 0x3EEBCA9429212636, - 0xB26C5C28C859A99B, - 0x99D124D9A15AF79D, - 0x07FDB925E8A0ED8D, - 0x5EB7E8F96C97D873, - 0xB7F997505B8FAFED, - 0x10229022EEE2CDAD, - 0x01C4C62D92C411, - ]); - - const MODULUS_BITS: u32 = 753; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 15; - - //Montgomery coeff. - //R=4189849096791895340234421479124063712817070991995394907178350292102535\ - // 2812571106773058893763790338921418070971888253786114353726529584385201\ - // 5916057220131264689314043479498405430079863277434628537206280516921412\ - // 65303114721689601 - const R: BigInteger = BigInteger([ - 0xB99680147FFF6F42, - 0x4EB16817B589CEA8, - 0xA1EBD2D90C79E179, - 0x0F725CAEC549C0DA, - 0xAB0C4EE6D3E6DAD4, - 0x9FBCA908DE0CCB62, - 0x320C3BB713338498, - 0x598B4302D2F00A62, - 0x4074C9CBFD8CA621, - 0x0FA47EDB3865E88C, - 0x95455FB31FF9A195, - 0x7B479EC8E242, - ]); - - //R squared - const R2: BigInteger = BigInteger([ - 0x3F9C69C7B7F4C8D1, - 0x70A50FA9EE48D127, - 0xCDBE6702009569CB, - 0x6BD8C6C6C49EDC38, - 0x7955876CC35EE94E, - 0xC7285529BE54A3F4, - 0xDED52121ECEC77CF, - 0x99BE80F2EE12EE8E, - 0xC8A0FF01493BDCEF, - 0xACC27988F3D9A316, - 0xD9E817A8FB44B3C9, - 0x5B58037E0E4, - ]); - - const INV: u64 = 0xC90776E23FFFFFFF; - - //primitive root 17 - //Montgomery rep. - const GENERATOR: BigInteger = BigInteger([ - 0xEEE0A5D37FF6635E, - 0xFF458536CFA1CFF4, - 0x659AF978D8169AB0, - 0x1F1841C24780E3F1, - 0x602213036DCFEF3A, - 0xD1D5C8F39D72DB20, - 0xEB8B63C1C0FFEFAB, - 0xD2488E985F6CFA4E, - 0xCCE1C2A623F7A66A, - 0x2A060F4D5085B19A, - 0xA9111A596408842F, - 0x11CA8D50BF627, - ]); - - const TWO_ADICITY: u32 = 30; - - //2^30-th root of unity = - // 5431548564651772770863376209190533321743766006080874345421017090576169\ - // 9203047139500946280436927728019954715398494115227044713939878828833556\ - // 2469720602658230005087864400063132208698945486010219188665318698698092\ - // 7065212650747291 - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 0x307F66B297671883, - 0xD72A7F2B1E645F4E, - 0x67079DAA9A902283, - 0xF33F7620A86C668B, - 0x8878570D66464C12, - 0xA557AF5B524F522B, - 0x5FAFA3F6EF19319D, - 0x1EB9E04110A65629, - 0x3F96FEB3C639A0B0, - 0x4D4FE37DF3FFD732, - 0xADC831BD55BCF3E9, - 0x1B9F32A8BD6AB, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0xEC83BB7120000000, - 0xA7504C8B87D09D27, - 0x6B61C0DE1F802BCB, - 0x5CEFFCBB1A4C9D52, - 0x9F75E54A1490931B, - 0xD9362E14642CD4CD, - 0xCCE8926CD0AD7BCE, - 0x83FEDC92F45076C6, - 0xAF5BF47CB64BEC39, - 0xDBFCCBA82DC7D7F6, - 0x88114811777166D6, - 0xE26316C96208, - ]); - - //t = (q-1)/2^duadicity = - //3902101048074565213391949868876546353862687006588461722413404185420400\ - // 7249857398469987226430131438115069708760723898631821547688442835449306\ - // 0114251960035377794144827177283022938952018859297022871784267193264403\ - // 97855625 - const T: BigInteger = BigInteger([ - 0x3E84E93F641DDB89, - 0xFC015E5D3A82645C, - 0xD264EA935B0E06F0, - 0xA48498DAE77FE5D8, - 0x2166A66CFBAF2A50, - 0x856BDE76C9B170A3, - 0xA283B63667449366, - 0xB25F61CC1FF6E497, - 0x6E3EBFB57ADFA3E5, - 0xBB8B36B6DFE65D41, - 0xB64B1044408A408B, - 0x71318, - ]); - - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x1F42749FB20EEDC4, - 0x7E00AF2E9D41322E, - 0x69327549AD870378, - 0x52424C6D73BFF2EC, - 0x90B353367DD79528, - 0x42B5EF3B64D8B851, - 0xD141DB1B33A249B3, - 0xD92FB0E60FFB724B, - 0xB71F5FDABD6FD1F2, - 0xDDC59B5B6FF32EA0, - 0x5B25882220452045, - 0x3898C, - ]); -} - -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])); \ No newline at end of file diff --git a/algebra/src/fields/mnt6753/fq3.rs b/algebra/src/fields/mnt6753/fq3.rs deleted file mode 100644 index 916e61100..000000000 --- a/algebra/src/fields/mnt6753/fq3.rs +++ /dev/null @@ -1,199 +0,0 @@ -use crate::{ - field_new, - biginteger::BigInteger768 as BigInteger, - fields::{ - fp3::{Fp3, Fp3Parameters}, - mnt6753::fq::Fq, - }, -}; - -pub type Fq3 = Fp3; - -pub struct Fq3Parameters; - -impl Fp3Parameters for Fq3Parameters { - type Fp = Fq; - - // alpha = 11 - const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ - 0x4768931cfff9c7d4, - 0xc45e46d6ada96ca0, - 0x479b0bdb0b3c0107, - 0x362a089610f8d41b, - 0xdbafcec2c8a91aaf, - 0x78428b0ff9d96a06, - 0xf2e4472a9080c353, - 0xc9006ed33f0e971c, - 0x0794d9d10bdb7288, - 0x3c1e44cab5419e2c, - 0x49b5fc6c81f4560c, - 0x1c287777c30ba, - ])); - - const TWO_ADICITY: u32 = 30; - - //t=(p^3-1)/2 - const T_MINUS_ONE_DIV_TWO: &'static [u64] = &[ - 0xd6447f9d762cc94d, - 0xfc72f2d69c49b1dd, - 0x56524f8eca1d3e92, - 0x8f1633f602c3b2ae, - 0x45d5bebb37be973c, - 0x36b885fe0423c666, - 0x1b5aefa50853c03d, - 0x549ba23c3c70fa49, - 0xb323e0add7f13ec2, - 0x39c6bf6b757e6ec2, - 0x9017af105004645a, - 0x7d05c9b5544267a3, - 0xff83ee77adbe22f9, - 0xabe49e95ab5133f0, - 0xb98c227558b1b9e1, - 0xa54641bd1a4e20c8, - 0x52c5a4bad703a538, - 0xd4fd4c0c949ac98b, - 0x61c6203eb008385d, - 0xc65ed5664f9b95a9, - 0x55c4ecdf6ca7c4f5, - 0xc795504c013a1fb3, - 0xfc04ff3e3afea252, - 0xf2ae66577c689a10, - 0xaae48029a805f455, - 0xa827c78687948639, - 0x2f3433f22bf74542, - 0xc0f9bb9fe47134a2, - 0x98460e01b1baceca, - 0x54b654cc62afaea5, - 0x4116b8ae7f04bd20, - 0x43bcac41205e99c6, - 0x1abcd4f53d1d225e, - 0xbbcd53c3b60dd859, - 0xb10a9b0dc2128, - ]; - - // quadratic non-residue (c0+ 0* X + 0*X^2), - // c0=1659781419976566415021745064391095587555604711122877233394175714744952\ - // 8858260736949611040045144870330052211081080633146517319686355350402298\ - // 7667807845209238605163122279088377413675555771794427110778974744994732\ - // 54624198506809678 - const QUADRATIC_NONRESIDUE_TO_T: (Fq, Fq, Fq) = ( - field_new!(Fq, BigInteger([ - 0x2217cbfb0feb469c, - 0x68216255ea00e214, - 0xe1391d4fa199ab8, - 0x915ac7dfd6cbc927, - 0xdc90acba889c8eff, - 0x74d377e9be5fc824, - 0x7d23df9a20eabf7a, - 0x2891082620e9a3e6, - 0x820481f8ecaea6f8, - 0xf0b43af4e2ce8c2e, - 0x97cc7da5fef0c28a, - 0x6157c1dabadf, - ])), - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - ); - - const FROBENIUS_COEFF_FP3_C1: &'static [Fq] = &[ - - //X^{q^0} = alpha^((q^0 - 1)/ 3)*X = 1*X - field_new!(Fq, BigInteger([ - 0xb99680147fff6f42, - 0x4eb16817b589cea8, - 0xa1ebd2d90c79e179, - 0xf725caec549c0da, - 0xab0c4ee6d3e6dad4, - 0x9fbca908de0ccb62, - 0x320c3bb713338498, - 0x598b4302d2f00a62, - 0x4074c9cbfd8ca621, - 0xfa47edb3865e88c, - 0x95455fb31ff9a195, - 0x7b479ec8e242, - ])), - - //X^{q^1} = alpha^((q^1 - 1)/ 3)*X - field_new!(Fq, BigInteger([ - 0x6b66f7b83f968680, - 0x1379b1ebf803e51e, - 0x9bb6f43b5282969c, - 0x3f64a98166c46a97, - 0x524a1cc56c78e977, - 0xf480725d1dc6e2f1, - 0xe660b05c89764d7d, - 0xe5b38512c92d9f5b, - 0xa75658e33e25f9f0, - 0xb4b96c948f0e9992, - 0xb8b087523d7db902, - 0x11d5033223a5d, - ])), - - //X^{q^2} = alpha^((q^2 - 1)/ 3)*X - field_new!(Fq, BigInteger([ - 0xb409ff15806a0a3f, - 0xec757f1362138688, - 0x9920baa7e003df81, - 0x6b08f346088b0f32, - 0x41955ee7e8c161eb, - 0x1e2f40c2cc85fb47, - 0x816438c604b12587, - 0xc8bef1104c8343cf, - 0x76ecc64a30e53860, - 0xf39babe0941b2dce, - 0xc22ca91d916b7315, - 0x2c2e5ba7a770, - ])), - ]; - - const FROBENIUS_COEFF_FP3_C2: &'static [Fq] = &[ - - //(X^2)^{q^0} = alpha^(2(q^0 - 1)/ 3)*X^2 = 1*X^2 - field_new!(Fq, BigInteger([ - 0xb99680147fff6f42, - 0x4eb16817b589cea8, - 0xa1ebd2d90c79e179, - 0xf725caec549c0da, - 0xab0c4ee6d3e6dad4, - 0x9fbca908de0ccb62, - 0x320c3bb713338498, - 0x598b4302d2f00a62, - 0x4074c9cbfd8ca621, - 0xfa47edb3865e88c, - 0x95455fb31ff9a195, - 0x7b479ec8e242, - ])), - - //(X^2)^{q^1} = alpha^(2(q^1 - 1)/ 3)*X^2 - field_new!(Fq, BigInteger([ - 0xb409ff15806a0a3f, - 0xec757f1362138688, - 0x9920baa7e003df81, - 0x6b08f346088b0f32, - 0x41955ee7e8c161eb, - 0x1e2f40c2cc85fb47, - 0x816438c604b12587, - 0xc8bef1104c8343cf, - 0x76ecc64a30e53860, - 0xf39babe0941b2dce, - 0xc22ca91d916b7315, - 0x2c2e5ba7a770, - ])), - - //(X^2)^{q^2} = alpha^(2(q^2 - 1)/ 3)*X^2 - field_new!(Fq, BigInteger([ - 0x6b66f7b83f968680, - 0x1379b1ebf803e51e, - 0x9bb6f43b5282969c, - 0x3f64a98166c46a97, - 0x524a1cc56c78e977, - 0xf480725d1dc6e2f1, - 0xe660b05c89764d7d, - 0xe5b38512c92d9f5b, - 0xa75658e33e25f9f0, - 0xb4b96c948f0e9992, - 0xb8b087523d7db902, - 0x11d5033223a5d, - ])), - ]; -} diff --git a/algebra/src/fields/mnt6753/fq6.rs b/algebra/src/fields/mnt6753/fq6.rs deleted file mode 100644 index 89a35171b..000000000 --- a/algebra/src/fields/mnt6753/fq6.rs +++ /dev/null @@ -1,120 +0,0 @@ -use crate::{ - field_new, - biginteger::BigInteger768 as BigInteger, - fields::{ - fp6_2over3::{Fp6, Fp6Parameters}, - mnt6753::{ - fq::{Fq, FQ_ONE, FQ_ZERO}, - fq3::{Fq3, Fq3Parameters}, - }, - }, -}; - -pub type Fq6 = Fp6; - -pub struct Fq6Parameters; - -impl Fp6Parameters for Fq6Parameters { - type Fp3Params = Fq3Parameters; - - const NONRESIDUE: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO); - - const FROBENIUS_COEFF_FP6_C1: &'static [Fq] = &[ - - //alpha^((q^0 - 1)/ 6) = 1 - field_new!(Fq, BigInteger([ - 0xb99680147fff6f42, - 0x4eb16817b589cea8, - 0xa1ebd2d90c79e179, - 0xf725caec549c0da, - 0xab0c4ee6d3e6dad4, - 0x9fbca908de0ccb62, - 0x320c3bb713338498, - 0x598b4302d2f00a62, - 0x4074c9cbfd8ca621, - 0xfa47edb3865e88c, - 0x95455fb31ff9a195, - 0x7b479ec8e242, - ])), - - //alpha^((q^1 - 1)/ 6) - field_new!(Fq, BigInteger([ - 0x24fd77ccbf95f5c2, - 0x622b1a03ad8db3c7, - 0x3da2c7145efc7815, - 0x4ed706302c0e2b72, - 0xfd566bac405fc44b, - 0x943d1b65fbd3ae53, - 0x186cec139ca9d216, - 0x3f3ec8159c1da9be, - 0xe7cb22af3bb2a012, - 0xc45deb6fc774821e, - 0x4df5e7055d775a97, - 0x19897d1eb1ca0, - ])), - - //alpha^((q^2 - 1)/ 6) - field_new!(Fq, BigInteger([ - 0x6b66f7b83f968680, - 0x1379b1ebf803e51e, - 0x9bb6f43b5282969c, - 0x3f64a98166c46a97, - 0x524a1cc56c78e977, - 0xf480725d1dc6e2f1, - 0xe660b05c89764d7d, - 0xe5b38512c92d9f5b, - 0xa75658e33e25f9f0, - 0xb4b96c948f0e9992, - 0xb8b087523d7db902, - 0x11d5033223a5d, - ])), - - //alpha^((q^3 - 1)/ 6) - field_new!(Fq, BigInteger([ - 0x1f70f6cdc00090bf, - 0xffef30ff5a176ba7, - 0x34d7aee33286761d, - 0xaa6d9cc76f4f79ca, - 0x93df7bad553a4b62, - 0x12afb31fea4cde38, - 0x67c4e9228e277305, - 0xae72762315b0e32b, - 0x1e431f2d6f0b3251, - 0xa85518752329c761, - 0x7add306fcee92c18, - 0x1497e8ec9e1ce, - ])), - - //alpha^((q^4 - 1)/ 6) - field_new!(Fq, BigInteger([ - 0xb409ff15806a0a3f, - 0xec757f1362138688, - 0x9920baa7e003df81, - 0x6b08f346088b0f32, - 0x41955ee7e8c161eb, - 0x1e2f40c2cc85fb47, - 0x816438c604b12587, - 0xc8bef1104c8343cf, - 0x76ecc64a30e53860, - 0xf39babe0941b2dce, - 0xc22ca91d916b7315, - 0x2c2e5ba7a770, - ])), - - //alpha^((q^5 - 1)/ 6) - field_new!(Fq, BigInteger([ - 0x6da07f2a00697981, - 0x3b26e72b179d5531, - 0x3b0c8d80ec7dc0fb, - 0x7a7b4ff4cdd4d00d, - 0xeca1adcebca83cbf, - 0xbdebe9cbaa92c6a9, - 0xb370747d17e4aa1f, - 0x224a34131f734e31, - 0xb76190162e71de82, - 0x3402abbcc81165a, - 0x577208d0b16514ab, - 0xa775fa7089b3, - ])), - ]; -} \ No newline at end of file diff --git a/algebra/src/fields/mnt6753/fr.rs b/algebra/src/fields/mnt6753/fr.rs deleted file mode 100644 index 2892ceb3f..000000000 --- a/algebra/src/fields/mnt6753/fr.rs +++ /dev/null @@ -1 +0,0 @@ -pub use crate::fields::mnt4753::fq::{Fq as Fr, FqParameters as FrParameters}; \ No newline at end of file diff --git a/algebra/src/fields/mnt6753/mod.rs b/algebra/src/fields/mnt6753/mod.rs deleted file mode 100644 index 663021cc7..000000000 --- a/algebra/src/fields/mnt6753/mod.rs +++ /dev/null @@ -1,14 +0,0 @@ -pub mod fr; -pub use self::fr::*; - -pub mod fq; -pub use self::fq::*; - -pub mod fq3; -pub use self::fq3::*; - -pub mod fq6; -pub use self::fq6::*; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/mnt6753/test_vec/mnt6753_tobyte b/algebra/src/fields/mnt6753/test_vec/mnt6753_tobyte deleted file mode 100644 index 32ed53d5c52c26b91b4d1259226188209d1c7561..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 96 zcmV-m0H6Ow(i<-dKC CN-OOE diff --git a/algebra/src/fields/mnt6753/tests.rs b/algebra/src/fields/mnt6753/tests.rs deleted file mode 100644 index e0415b0fb..000000000 --- a/algebra/src/fields/mnt6753/tests.rs +++ /dev/null @@ -1,2394 +0,0 @@ -use crate::{ - BigInteger, BigInteger768, - fields::tests::{field_test, frobenius_test, primefield_test, sqrt_field_test}, - fields::mnt6753::{Fq, Fq3, Fq6, FqParameters, Fq3Parameters, Fq6Parameters}, - fields::FpParameters, fields::models::{Fp3Parameters, Fp6Parameters}, - Field, PrimeField, SquareRootField, UniformRand, bytes::ToBytes, to_bytes, ToBits, - SemanticallyValid, -}; -use rand::SeedableRng; -use rand_xorshift::XorShiftRng; -use std::{ - ops::{AddAssign, MulAssign, SubAssign}, - cmp::Ordering, -}; - -pub(crate) const ITERATIONS: usize = 5; - -#[test] -fn test_mnt6753_fr() { - use crate::fields::mnt6753::Fr; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fr = UniformRand::rand(&mut rng); - let b: Fr = UniformRand::rand(&mut rng); - field_test(a, b); - primefield_test::(); - sqrt_field_test(b); - } -} - -#[test] -fn test_mnt6753_fq() { - use crate::fields::mnt6753::Fq; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fq = UniformRand::rand(&mut rng); - let b: Fq = UniformRand::rand(&mut rng); - field_test(a, b); - primefield_test::(); - sqrt_field_test(a); - } -} - -#[test] -fn test_mnt6753_fq3() { - use crate::fields::mnt6753::{Fq3, Fq}; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let a: Fq3 = UniformRand::rand(&mut rng); - let b: Fq3 = UniformRand::rand(&mut rng); - field_test(a, b); - sqrt_field_test(a); - } - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_mnt6753_fq6() { - use crate::fields::mnt6753::{Fq6, Fq}; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - for _ in 0..ITERATIONS { - let g: Fq6 = UniformRand::rand(&mut rng); - let h: Fq6 = UniformRand::rand(&mut rng); - field_test(g, h); - } - frobenius_test::(Fq::characteristic(), 13); -} - - -#[test] -fn test_frob_coeffs() { - - //Fq3 coefficients tests - let nqr = Fq::new(BigInteger768([ - 0x4768931cfff9c7d4, - 0xc45e46d6ada96ca0, - 0x479b0bdb0b3c0107, - 0x362a089610f8d41b, - 0xdbafcec2c8a91aaf, - 0x78428b0ff9d96a06, - 0xf2e4472a9080c353, - 0xc9006ed33f0e971c, - 0x0794d9d10bdb7288, - 0x3c1e44cab5419e2c, - 0x49b5fc6c81f4560c, - 0x1c287777c30ba, - ])); - - assert_eq!(Fq3Parameters::FROBENIUS_COEFF_FP3_C1[0], Fq::one()); - assert_eq!( - Fq3Parameters::FROBENIUS_COEFF_FP3_C1[1], - nqr.pow([ - 0x9dad27a0c0000000, - 0x1a35885d0535be1a, - 0xf2412b3ebfaac7dd, - 0x3df5532766ddbe36, - 0x14f94386b8606212, - 0x90cec962ed733889, - 0x3345b6f335c8fd34, - 0xad54930ca2e04f2f, - 0x74e7f85324329d7b, - 0x3d5332701e853aa4, - 0x5ab6300ba4f6448f, - 0x96ecb9db96b0, - ]) - ); - assert_eq!( - Fq3Parameters::FROBENIUS_COEFF_FP3_C1[2], - nqr.pow([ - 0xeb5a4f4180000000, - 0x11ef14dc4d1d1a86, - 0xbcc65c98b6cd8a4d, - 0xaf02ccd5b8bbe4b6, - 0xe1c0ead251ed2f70, - 0xbd7f08fc1ab959c3, - 0x5ebf8d9546b52026, - 0xb931b7f5b7d71339, - 0x8215b63c8e7b5b88, - 0xf070a30875e8a2f3, - 0x57c26ad4f20a441e, - 0xb0f25e4ced223e74, - 0x5a202de8e5c64e7d, - 0x5ef5c9680032ac34, - 0xc8781f524d75840a, - 0x2ed25d673f721af8, - 0xe8a21855d90b0c39, - 0x6f239ff4c19bf775, - 0xa18f4849963ccc2d, - 0xe2aff6ba0cd7738a, - 0x1b4c5bfda65ab8de, - 0x651843808a3349ec, - 0x992ad2d0693fab2e, - 0x10aeece1d, - ]) - ); - - assert_eq!(Fq3Parameters::FROBENIUS_COEFF_FP3_C2[0], Fq::one()); - assert_eq!( - Fq3Parameters::FROBENIUS_COEFF_FP3_C2[1], - nqr.pow([ - 0x3b5a4f4180000000, - 0x346b10ba0a6b7c35, - 0xe482567d7f558fba, - 0x7beaa64ecdbb7c6d, - 0x29f2870d70c0c424, - 0x219d92c5dae67112, - 0x668b6de66b91fa69, - 0x5aa9261945c09e5e, - 0xe9cff0a648653af7, - 0x7aa664e03d0a7548, - 0xb56c601749ec891e, - 0x12dd973b72d60, - ]) - ); - - assert_eq!(Fq3Parameters::FROBENIUS_COEFF_FP3_C2[0], Fq::one()); - assert_eq!( - Fq3Parameters::FROBENIUS_COEFF_FP3_C2[2], - nqr.pow([ - 0xd6b49e8300000000, - 0x23de29b89a3a350d, - 0x798cb9316d9b149a, - 0x5e0599ab7177c96d, - 0xc381d5a4a3da5ee1, - 0x7afe11f83572b387, - 0xbd7f1b2a8d6a404d, - 0x72636feb6fae2672, - 0x42b6c791cf6b711, - 0xe0e14610ebd145e7, - 0xaf84d5a9e414883d, - 0x61e4bc99da447ce8, - 0xb4405bd1cb8c9cfb, - 0xbdeb92d000655868, - 0x90f03ea49aeb0814, - 0x5da4bace7ee435f1, - 0xd14430abb2161872, - 0xde473fe98337eeeb, - 0x431e90932c79985a, - 0xc55fed7419aee715, - 0x3698b7fb4cb571bd, - 0xca308701146693d8, - 0x3255a5a0d27f565c, - 0x215dd9c3b, - ]) - ); - - //Fq6 coefficients tests - assert_eq!(Fq6Parameters::FROBENIUS_COEFF_FP6_C1[0], Fq::one()); - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[1], - nqr.pow([ - 0x4ed693d060000000, - 0x8d1ac42e829adf0d, - 0x7920959f5fd563ee, - 0x1efaa993b36edf1b, - 0x8a7ca1c35c303109, - 0x486764b176b99c44, - 0x99a2db799ae47e9a, - 0xd6aa498651702797, - 0x3a73fc2992194ebd, - 0x9ea999380f429d52, - 0x2d5b1805d27b2247, - 0x4b765cedcb58, - ]) - ); - - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[2], - nqr.pow([ - 0x75ad27a0c0000000, - 0x88f78a6e268e8d43, - 0x5e632e4c5b66c526, - 0x5781666adc5df25b, - 0xf0e0756928f697b8, - 0x5ebf847e0d5cace1, - 0xaf5fc6caa35a9013, - 0x5c98dbfadbeb899c, - 0xc10adb1e473dadc4, - 0x783851843af45179, - 0x2be1356a7905220f, - 0xd8792f2676911f3a, - 0x2d1016f472e3273e, - 0x2f7ae4b40019561a, - 0x643c0fa926bac205, - 0x97692eb39fb90d7c, - 0xf4510c2aec85861c, - 0xb791cffa60cdfbba, - 0x50c7a424cb1e6616, - 0x7157fb5d066bb9c5, - 0xda62dfed32d5c6f, - 0x328c21c04519a4f6, - 0xcc956968349fd597, - 0x8577670e, - ]) - ); - - let t: Vec = vec! - [ - 0x7483bb7120000000, - 0x8d062427d1db0aa2, - 0x3b826fe19509943c, - 0x803af98e873186a1, - 0x44a537450bec8454, - 0xd5ada5dddb27253a, - 0x1606faafc48f607f, - 0xafb414db6cf23ea3, - 0x7ca96fe5870cf82f, - 0xf47533e58eeda80e, - 0x6ab085cda25e548, - 0xc70588a2f6aca3ec, - 0x4e7a82ea1fc07b79, - 0x239c19a96aa053df, - 0xc76424d2ce530d37, - 0x178682bb64cbad89, - 0x91eaf86f631b3025, - 0x61b790cb9c3b230f, - 0x8eab5a07d1bfc656, - 0xdbf7a1ce1d7b2d5a, - 0x9e635069d087e71d, - 0x1a2d4ef1d06912, - 0x2f95383190a1c6b1, - 0x4a5e0cd6bfab1545, - 0xce007f07298e8887, - 0x8b4c6084ce3db558, - 0xd8ff45c58e0350a0, - 0xfdb419b82e99aefe, - 0x2424e690e56a24f7, - 0x5d8ea3e32205d680, - 0xdfeb0fc2b1b9dc66, - 0xc2b28cd0856c8f63, - 0x1a6d183285a50e5a, - 0x4f2bd2076ce511bf, - 0x24125818ba511c50, - 0xec0e, - ]; - - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[3], - nqr.pow(t) - ); - - let t: Vec = vec! - [ - 0x4b5a4f4180000000, - 0x783662c46a80572a, - 0x31a642537380b8be, - 0x31fdf7d2783357f9, - 0xa64bf80f29d4a380, - 0x68b8cf53ddd69d96, - 0x8e3c7b3ea0c0be37, - 0x36cb38751b0f77f1, - 0xa8a417be3370d640, - 0xf0c066c248813483, - 0x8c685a2ac4b83397, - 0xf00dbe827f89c59a, - 0x91168858a5f2a3, - 0x55c6534a8616a8a3, - 0xff9251ff410648a2, - 0xafea5a69638e6516, - 0xa5f4000f268eacad, - 0xafe8790437aabf46, - 0x53dce7024e46ccc, - 0x1493122a461ad407, - 0xfb431035eb5a2f3b, - 0xd0a6ea8220a35fca, - 0xec572e8a0b9fcadf, - 0x52e31949e769e68f, - 0x295a639156032388, - 0x80889685b9148b71, - 0x109af4f71e5eda89, - 0xd39e04c2971decbe, - 0x80c9a3088efc5d9a, - 0x32b7b5d36c4dde52, - 0x86ab1afba43c6854, - 0x8786fc69c6c89706, - 0x5c5e06e5c600b84d, - 0x6f8e49eff8d6266a, - 0x227824926819d14e, - 0xd53010c350ad1f3d, - 0x4a8383be03e79dbe, - 0x72510e49651532fa, - 0x53de452724de6bd2, - 0x5256bd99476fec9f, - 0xd4477261ad9e79de, - 0x36b00ab62f7320b7, - 0x4aa540e25039151c, - 0x14b46b50e1e196a, - 0xccf6320467271e3c, - 0x194918cffa199bad, - 0xa17fb4a61aee2779, - 0x1, - ]; - - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[4], - nqr.pow(t) - ); - - let t: Vec = vec! - [ - 0xfa30e311e0000000, - 0x6ef817acd67e72da, - 0x45338206ce5c9133, - 0x8438e5505522ac6d, - 0x3ea99e081b654883, - 0xc58e2dba60f065e9, - 0xf9c736b998219ec2, - 0x8a7cada98eb6ad4b, - 0xfe8e8c18e441c138, - 0x56aa21cd75a7b0fc, - 0x29c788f106af584, - 0x3cc6d8eb83299dc6, - 0x46e1e69cc5500317, - 0x8406d92cc587504, - 0x453486afd6485d60, - 0x997ac2bc0efe8466, - 0xe0fc78cd0390a835, - 0x558cdc1d93d153e0, - 0x9459405791421871, - 0xce4b742bf235a9d0, - 0x113589f871521a06, - 0x936d759a69e7f120, - 0xab6259a1b5d8c1a9, - 0x7f6202ebec4e84cc, - 0x8efa2ad0205b0e50, - 0xf835c625d07a159e, - 0xdf446a2449285c34, - 0x864bc1a4e2f98422, - 0x79e1d8a346184e21, - 0x134ff19c36e84fe1, - 0x9ea41e9ba6f28d41, - 0xdcb1937741a9521f, - 0xcf1c4297ce1939d7, - 0xb1b593ead6925afa, - 0xd345ad63dc77da8, - 0x1e4351c475baf3d5, - 0x5c7dd5e318f30a66, - 0xc6ce35c17727f901, - 0x69033f0d8fd3d637, - 0xbcbcc848d6ff231b, - 0xbb7d7610675d36bd, - 0x2d3b28aeeb42d9d5, - 0x4124fa3a31712e5a, - 0x56c4bb63c9ebdc47, - 0x6a264b5bbbbabba6, - 0x565a57cb6f363b87, - 0x6037930dbb8d7260, - 0x5f6a5cc2377d7ad5, - 0xcc5b55c23062df09, - 0xcd8679e41a58f4b8, - 0x5b611a47f5cdf206, - 0x245fce8964046f4d, - 0x69671932dd937705, - 0xe1c838f724cee452, - 0x1605d803ca616eac, - 0x834a9c5bf260a369, - 0xd5463104b340a76e, - 0x25761608b8cc8150, - 0x2e268ae0dcd5d, - ]; - - assert_eq!( - Fq6Parameters::FROBENIUS_COEFF_FP6_C1[5], - nqr.pow(t) - ); -} - - -#[test] -fn test_neg_one() { - let neg_one = Fq::new(BigInteger768([ - 0x1f70f6cdc00090bf, - 0xffef30ff5a176ba7, - 0x34d7aee33286761d, - 0xaa6d9cc76f4f79ca, - 0x93df7bad553a4b62, - 0x12afb31fea4cde38, - 0x67c4e9228e277305, - 0xae72762315b0e32b, - 0x1e431f2d6f0b3251, - 0xa85518752329c761, - 0x7add306fcee92c18, - 0x1497e8ec9e1ce, - ])); - assert_eq!(neg_one, -Fq::one()); -} - - -#[test] -fn test_fq_is_valid() { - let mut a = Fq::new(FqParameters::MODULUS); - assert!(!a.is_valid()); - a.0.sub_noborrow(&BigInteger768::from(1)); - assert!(a.is_valid()); - assert!(Fq::new(BigInteger768::from(0)).is_valid()); - assert!(Fq::new(BigInteger768([ - 4334945402112658761, - 5754338769440963294, - 213982681521013032, - 12086861433024916758, - 3907127509866713521, - 13945672019815712008, - 15986918099604157897, - 1610539633786093561, - 6468823346244563772, - 2229132487154770553, - 4774597994323744797, - 467097584308943, - ])) - .is_valid()); - - assert!(!Fq::new(BigInteger768([ - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - 0xffffffffffffffff, - ])) - .is_valid()); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let a = Fq::rand(&mut rng); - assert!(a.is_valid()); - } -} - - -#[test] -fn test_fq_add_assign() { - { - // Random number - let mut tmp = Fq::new(BigInteger768([ - 0xd71ecd9366caebf4, - 0xf79dc7c215b5603d, - 0xc48a95ce7d901364, - 0x37be56f69d9fd17b, - 0x309e25a2d9c8a0d5, - 0xb7fedecd78bc2e5b, - 0x56617000c0209a8e, - 0x398e53fdc65be214, - 0x2d36e4a81de6695e, - 0x6999415ac5be48f4, - 0x8c8376b88bb61a43, - 0x571a8191ad3f, - ])); - assert!(tmp.is_valid()); - // Test that adding zero has no effect. - tmp.add_assign(&Fq::new(BigInteger768::from(0))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0xd71ecd9366caebf4, - 0xf79dc7c215b5603d, - 0xc48a95ce7d901364, - 0x37be56f69d9fd17b, - 0x309e25a2d9c8a0d5, - 0xb7fedecd78bc2e5b, - 0x56617000c0209a8e, - 0x398e53fdc65be214, - 0x2d36e4a81de6695e, - 0x6999415ac5be48f4, - 0x8c8376b88bb61a43, - 0x571a8191ad3f, - ])) - ); - // Add one and test for the result. - tmp.add_assign(&Fq::new(BigInteger768::from(1))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0xd71ecd9366caebf5, - 0xf79dc7c215b5603d, - 0xc48a95ce7d901364, - 0x37be56f69d9fd17b, - 0x309e25a2d9c8a0d5, - 0xb7fedecd78bc2e5b, - 0x56617000c0209a8e, - 0x398e53fdc65be214, - 0x2d36e4a81de6695e, - 0x6999415ac5be48f4, - 0x8c8376b88bb61a43, - 0x571a8191ad3f, - ])) - ); - // Add another random number that exercises the reduction. - tmp.add_assign(&Fq::new(BigInteger768([ - 0xa833ac17d3ed787d, - 0x51b38b65f01cf4b, - 0x6f9726cd804f9fba, - 0xcee05b70be5e63e8, - 0x96e8e72359ce53fa, - 0xf0424c5bce9ffe0e, - 0xb88205d99d8c566c, - 0x51f7b750d7c59b83, - 0xec186e8312be7259, - 0x9a575ff427f8e3c6, - 0xb63befd8b7eb976, - 0x8328f53786bc, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x7f5279ab3ab86472, - 0xfcb9007874b72f89, - 0x3421bc9bfddfb31e, - 0x69eb2675bfe3564, - 0xc7870cc63396f4d0, - 0xa8412b29475c2c69, - 0xee375da5dacf0fb, - 0x8b860b4e9e217d98, - 0x194f532b30a4dbb7, - 0x3f0a14eedb72cbb, - 0x97e735b61734d3ba, - 0xda4376c933fb, - ])) - ); - // Add one to (q - 1) and test for the result. - tmp = Fq::new(BigInteger768([ - 0xD90776E240000000, - 0x4EA099170FA13A4F, - 0xD6C381BC3F005797, - 0xB9DFF97634993AA4, - 0x3EEBCA9429212636, - 0xB26C5C28C859A99B, - 0x99D124D9A15AF79D, - 0x07FDB925E8A0ED8D, - 0x5EB7E8F96C97D873, - 0xB7F997505B8FAFED, - 0x10229022EEE2CDAD, - 0x01C4C62D92C411, - ])); - tmp.add_assign(&Fq::new(BigInteger768::from(1))); - assert!(tmp.0.is_zero()); - // Add a random number to another one such that the result is q - 1 - tmp = Fq::new(BigInteger768([ - 0x87abddbd74a24e95, - 0x502e6d2817124c21, - 0x73f2fa5c2607b48a, - 0xf1f4db12bee0c496, - 0xfbb608395fba6b77, - 0xe4aaf10d8f0e93c1, - 0x6b1e008da5bcb156, - 0xc342430f055fe8b1, - 0x964c5700528ae61e, - 0xf83cce9c272e4c22, - 0x5c90f71b9258fa9f, - 0x1a6ca658e16d7, - ])); - tmp.add_assign(&Fq::new(BigInteger768([ - 0x515b9924cb5db16b, - 0xfe722beef88eee2e, - 0x62d0876018f8a30c, - 0xc7eb1e6375b8760e, - 0x4335c25ac966babe, - 0xcdc16b1b394b15d9, - 0x2eb3244bfb9e4646, - 0x44bb7616e34104dc, - 0xc86b91f91a0cf254, - 0xbfbcc8b4346163ca, - 0xb39199075c89d30d, - 0x1dfbc804ad39, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0xD90776E240000000, - 0x4EA099170FA13A4F, - 0xD6C381BC3F005797, - 0xB9DFF97634993AA4, - 0x3EEBCA9429212636, - 0xB26C5C28C859A99B, - 0x99D124D9A15AF79D, - 0x07FDB925E8A0ED8D, - 0x5EB7E8F96C97D873, - 0xB7F997505B8FAFED, - 0x10229022EEE2CDAD, - 0x01C4C62D92C411, - ])) - ); - // Add one to the result and test for it. - tmp.add_assign(&Fq::new(BigInteger768::from(1))); - assert!(tmp.0.is_zero()); - } - - // Test associativity - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Generate a, b, c and ensure (a + b) + c == a + (b + c). - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - - let mut tmp2 = b; - tmp2.add_assign(&c); - tmp2.add_assign(&a); - - assert!(tmp1.is_valid()); - assert!(tmp2.is_valid()); - assert_eq!(tmp1, tmp2); - } -} - - -#[test] -fn test_fq_sub_assign() { - { - // Test arbitrary subtraction that tests reduction. - let mut tmp = Fq::new(BigInteger768([ - 0x498e02ae4388631c, - 0x4e46e93ca8740be4, - 0x2c375ca1f4ce59da, - 0xb6976fbf66abf4d8, - 0xc44700335d60a831, - 0xb98f3093987eb2b6, - 0xa1ae604739e8506b, - 0x9ee466288cc528c1, - 0xe4f8ae389ba8678b, - 0x7f8f04daec7d211b, - 0xccb0bd2a806c61a0, - 0x7799ba9ec5f9, - ])); - tmp.sub_assign(&Fq::new(BigInteger768([ - 0x8c27de877e6dd70, - 0xc4f112f5ff1602de, - 0x2e61440d01e26550, - 0xd7a5a7a27f1dd489, - 0x18c873d5908c3e1b, - 0xbff6fd4ee069d1c9, - 0x7d27a79b256e5544, - 0xdc6484f9c2f7d42d, - 0xfc45abe1c7dcc1b8, - 0x1ddc807c50f98529, - 0x3a5c2cbda6a1c247, - 0x24a8b7761c01, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x40cb84c5cba185ac, - 0x8955d646a95e0906, - 0xfdd61894f2ebf489, - 0xdef1c81ce78e204e, - 0xab7e8c5dccd46a15, - 0xf9983344b814e0ed, - 0x2486b8ac1479fb26, - 0xc27fe12ec9cd5494, - 0xe8b30256d3cba5d2, - 0x61b2845e9b839bf1, - 0x9254906cd9ca9f59, - 0x52f10328a9f8, - ])) - ); - - // Test the opposite subtraction which doesn't test reduction. - tmp = Fq::new(BigInteger768([ - 0x8c27de877e6dd70, - 0xc4f112f5ff1602de, - 0x2e61440d01e26550, - 0xd7a5a7a27f1dd489, - 0x18c873d5908c3e1b, - 0xbff6fd4ee069d1c9, - 0x7d27a79b256e5544, - 0xdc6484f9c2f7d42d, - 0xfc45abe1c7dcc1b8, - 0x1ddc807c50f98529, - 0x3a5c2cbda6a1c247, - 0x24a8b7761c01, - ])); - tmp.sub_assign(&Fq::new(BigInteger768([ - 0x498e02ae4388631c, - 0x4e46e93ca8740be4, - 0x2c375ca1f4ce59da, - 0xb6976fbf66abf4d8, - 0xc44700335d60a831, - 0xb98f3093987eb2b6, - 0xa1ae604739e8506b, - 0x9ee466288cc528c1, - 0xe4f8ae389ba8678b, - 0x7f8f04daec7d211b, - 0xccb0bd2a806c61a0, - 0x7799ba9ec5f9, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x983bf21c745e7a55, - 0xc54ac2d066433149, - 0xd8ed69274c14630d, - 0xdaee31594d0b1a55, - 0x936d3e365c4cbc20, - 0xb8d428e41044c8ad, - 0x754a6c2d8ce0fc76, - 0x457dd7f71ed398f9, - 0x7604e6a298cc32a0, - 0x564712f1c00c13fb, - 0x7dcdffb615182e54, - 0x171d52a6a1a18, - ])) - ); - - // Test for sensible results with zero - tmp = Fq::new(BigInteger768::from(0)); - tmp.sub_assign(&Fq::new(BigInteger768::from(0))); - assert!(tmp.is_zero()); - - tmp = Fq::new(BigInteger768([ - 0xf9566119e604dffd, - 0x5128b45b17b1d1a, - 0xf9c68449e46773bc, - 0x83299ded47cf7c3c, - 0xf012a23810f90638, - 0x7764504372af51f6, - 0xa8c4872246f123d7, - 0xb19941f9e9b8ebe6, - 0x5ca77716ab16ce47, - 0x1afadccedb97f7c9, - 0x8e7b2a674d82952b, - 0x1c34b30dad512, - ])); - tmp.sub_assign(&Fq::new(BigInteger768::from(0))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0xf9566119e604dffd, - 0x5128b45b17b1d1a, - 0xf9c68449e46773bc, - 0x83299ded47cf7c3c, - 0xf012a23810f90638, - 0x7764504372af51f6, - 0xa8c4872246f123d7, - 0xb19941f9e9b8ebe6, - 0x5ca77716ab16ce47, - 0x1afadccedb97f7c9, - 0x8e7b2a674d82952b, - 0x1c34b30dad512, - ])) - ); - } - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure that (a - b) + (b - a) = 0. - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.sub_assign(&b); - - let mut tmp2 = b; - tmp2.sub_assign(&a); - - tmp1.add_assign(&tmp2); - assert!(tmp1.is_zero()); - } -} - - -#[test] -fn test_fq_mul_assign() { - let mut tmp = Fq::new(BigInteger768([ - 0xd13c2d67ff927355, - 0x48a3ed07a9255a92, - 0x982dc83dc987c355, - 0x95101640f58d0561, - 0x8c3b1401350d9d04, - 0x57cfe2bcc2bcea3e, - 0xbe3d2c34db7d9eca, - 0xe177d2eeaa96423b, - 0xce933a42b85f0ffb, - 0xab63f8cfb8d7325d, - 0xd7bbaa9d7be4f1e2, - 0x1b93ec2058d83, - ])); - tmp.mul_assign(&Fq::new(BigInteger768([ - 0x4c91701e19e27ed, - 0x60f7ac0ade842b38, - 0xe21eaa804f7da8f5, - 0xd00d4726be1ec9d9, - 0x5cd2ce1f29861e99, - 0x2955e6fdee8d2147, - 0x57550b212d00d16e, - 0x14ad5270ee634ea2, - 0x11261b2c50ab3ce5, - 0x243adeb987ff1db3, - 0xed362b88a41ff6eb, - 0x13a7c7a59137, - ]))); - assert_eq!( - tmp, - Fq::new(BigInteger768([ - 0x42d9ca5556458579, - 0x27a6b6355cbe1d0a, - 0xc903f28df9887807, - 0xca107724944437d0, - 0xc89e7003b7975cb8, - 0x9a710305830486ef, - 0xcc5e827d897dd989, - 0x514efb8818c8f976, - 0x1dc8cff9cdef10ee, - 0x1fd9341478822f4d, - 0x528e7ff14e1b3445, - 0xfe7cea18aace, - ])) - ); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * b) * c = a * (b * c) - let a = Fq::rand(&mut rng); - let b = Fq::rand(&mut rng); - let c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.mul_assign(&b); - tmp1.mul_assign(&c); - - let mut tmp2 = b; - tmp2.mul_assign(&c); - tmp2.mul_assign(&a); - - assert_eq!(tmp1, tmp2); - } - - for _ in 0..1000000 { - // Ensure that r * (a + b + c) = r*a + r*b + r*c - - let r = Fq::rand(&mut rng); - let mut a = Fq::rand(&mut rng); - let mut b = Fq::rand(&mut rng); - let mut c = Fq::rand(&mut rng); - - let mut tmp1 = a; - tmp1.add_assign(&b); - tmp1.add_assign(&c); - tmp1.mul_assign(&r); - - a.mul_assign(&r); - b.mul_assign(&r); - c.mul_assign(&r); - - a.add_assign(&b); - a.add_assign(&c); - - assert_eq!(tmp1, a); - } -} - - -#[test] -fn test_fq_squaring() { - let mut a = Fq::new(BigInteger768([ - 0x9584b092cee7ad6e, - 0x612640abc76c7a89, - 0xa149278cf5a0dbf4, - 0x6cca1f556c978932, - 0xaa2147d8f6d82c95, - 0xec1ced81b01d59ae, - 0x3d26125f76e2e9c, - 0xd4e4ca0a8a03f769, - 0x1627eb466dac06f0, - 0x7e41fd42d3d1e7fe, - 0xb5cc058c94c33a12, - 0x304222fb7e55, - ])); - assert!(a.is_valid()); - a.square_in_place(); - assert_eq!( - a, - Fq::from_repr(BigInteger768([ - 0x8508bbd8f2bc49c1, - 0x3df121fd16e9636, - 0xa91b04bd08bf3e3e, - 0xcfac2ec8a861466a, - 0x364a448d4574e219, - 0x163623609ca88080, - 0x4a645805dc7788be, - 0xf6da93019b94efe9, - 0x2456f275e0477c59, - 0x886cb05190f97e75, - 0xee362a46476f91de, - 0xe066089e656c, - ])) - ); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000000 { - // Ensure that (a * a) = a^2 - let a = Fq::rand(&mut rng); - - let mut tmp = a; - tmp.square_in_place(); - - let mut tmp2 = a; - tmp2.mul_assign(&a); - - assert_eq!(tmp, tmp2); - } -} - - -#[test] -fn test_fq_inverse() { - assert!(Fq::zero().inverse().is_none()); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let one = Fq::one(); - - for _ in 0..1000 { - // Ensure that a * a^-1 = 1 - let mut a = Fq::rand(&mut rng); - let ainv = a.inverse().unwrap(); - a.mul_assign(&ainv); - assert_eq!(a, one); - } -} - - -#[test] -fn test_fq_double_in_place() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure doubling a is equivalent to adding a to itself. - let mut a = Fq::rand(&mut rng); - let mut b = a; - b.add_assign(&a); - a.double_in_place(); - assert_eq!(a, b); - } -} - - -#[test] -fn test_fq_negate() { - { - let a = -Fq::zero(); - - assert!(a.is_zero()); - } - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - // Ensure (a - (-a)) = 0. - let mut a = Fq::rand(&mut rng); - let b = -a; - a.add_assign(&b); - - assert!(a.is_zero()); - } -} - - -#[test] -fn test_fq_pow() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for i in 0..1000 { - // Exponentiate by various small numbers and ensure it consists with repeated - // multiplication. - let a = Fq::rand(&mut rng); - let target = a.pow(&[i]); - let mut c = Fq::one(); - for _ in 0..i { - c.mul_assign(&a); - } - assert_eq!(c, target); - } - - for _ in 0..1000 { - // Exponentiating by the modulus should have no effect in a prime field. - let a = Fq::rand(&mut rng); - - assert_eq!(a, a.pow(Fq::characteristic())); - } -} - - -#[test] -fn test_fq_sqrt() { - - let a_squared = Fq::new(BigInteger768([ - 0x815f0a0b6846238c, - 0x5949c2aef4191aac, - 0x7dd3ce5c3e2aca9b, - 0x33626ad4f94ccca5, - 0xef5d495e9555b4ff, - 0x8414d5bd8de49ef4, - 0x5b16424c19676079, - 0x58a9a5ebe1c0a51f, - 0xe5fd980f6f8e1385, - 0x4dab45076384cd54, - 0x5fb2e86d6a180aa0, - 0x18cd3d7d0d32c, - ])); - let a = a_squared.sqrt().unwrap(); - assert_eq!(a, Fq::new(BigInteger768([ - 0x9696cbd70f683946, - 0x2fbe984a7f99fb5e, - 0x4152df84cdbbce30, - 0x5ebe5c628d5a355e, - 0xd448a5598db83394, - 0x5c8ba2124ebab55b, - 0xe8ef67a51612340, - 0x3c7382380f2f323f, - 0x93e740b12eec5af3, - 0x89a625f9546373f2, - 0xb2c2be3f0e9c1b51, - 0xafc892d9432f, - ]))); - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero()); - - for _ in 0..1000 { - // Ensure sqrt(a^2) = a or -a - let a = Fq::rand(&mut rng); - let nega = -a; - let mut b = a; - b.square_in_place(); - - let b = b.sqrt().unwrap(); - - assert!(a == b || nega == b); - } - - for _ in 0..1000 { - // Ensure sqrt(a)^2 = a for random a - let a = Fq::rand(&mut rng); - - if let Some(mut tmp) = a.sqrt() { - tmp.square_in_place(); - - assert_eq!(a, tmp); - } - } -} - - -#[test] -fn test_fq_num_bits() { - assert_eq!(FqParameters::MODULUS_BITS, 753); - assert_eq!(FqParameters::CAPACITY, 752); -} - - -#[test] -fn test_fq_root_of_unity() { - assert_eq!(FqParameters::TWO_ADICITY, 30); - assert_eq!( - Fq::multiplicative_generator(), - Fq::from_repr(BigInteger768::from(17)) - ); - assert_eq!( - Fq::multiplicative_generator().pow([ - 0x3E84E93F641DDB89, - 0xFC015E5D3A82645C, - 0xD264EA935B0E06F0, - 0xA48498DAE77FE5D8, - 0x2166A66CFBAF2A50, - 0x856BDE76C9B170A3, - 0xA283B63667449366, - 0xB25F61CC1FF6E497, - 0x6E3EBFB57ADFA3E5, - 0xBB8B36B6DFE65D41, - 0xB64B1044408A408B, - 0x71318, - ]), - Fq::root_of_unity() - ); - assert_eq!( - Fq::root_of_unity().pow([1 << FqParameters::TWO_ADICITY]), - Fq::one() - ); - assert!(Fq::multiplicative_generator().sqrt().is_none()); -} - - -#[test] -fn test_fq_ordering() { - // BigInteger768's ordering is well-tested, but we still need to make sure the - // Fq elements aren't being compared in Montgomery form. - for i in 0..100 { - assert!(Fq::from_repr(BigInteger768::from(i + 1)) > Fq::from_repr(BigInteger768::from(i))); - } -} - - -#[test] -fn test_fq_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(QuadraticResidue, Fq::one().legendre()); - assert_eq!(Zero, Fq::zero().legendre()); - - assert_eq!( - QuadraticNonResidue, - Fq::new(BigInteger768::from(11)).legendre() - ); - assert_eq!( - QuadraticResidue, - Fq::new(BigInteger768::from(121)).legendre() - ); - - let e = BigInteger768([ - 0xcd3165e89d5a6aec, - 0xfe794ff2c42eb6e2, - 0xb0fca85ac55700a1, - 0x436d3571cec6563a, - 0x21f200cb4d7bcfeb, - 0xc9ef4b7f2c8e322f, - 0x47ee13c44f7f103c, - 0xa90deb8adf454d57, - 0xd46263471ead205d, - 0xb5c0ca287e04c8ef, - 0x6d39092796528ed0, - 0x4ded2b341ce9, - ]); - assert_eq!(QuadraticNonResidue, Fq::from_repr(e).legendre()); - let e = BigInteger768([ - 0x3804b3df0abf369c, - 0x5e5c63ebc1f00fb5, - 0x7d48d4105cbc998b, - 0x78139f68d36ffea2, - 0x76bb92a44562f42d, - 0xd7e07480810fac6d, - 0xf8341b3074bba776, - 0xf8fd6de7df4decaf, - 0xa5387dd904bc8425, - 0x590b46d9358adc1b, - 0x7d72acdc191ac04f, - 0xbd6fdb57393b, - ]); - assert_eq!(QuadraticResidue, Fq::from_repr(e).legendre()); -} - -#[test] -fn test_fq_bytes() { - let a = Fq::from_repr(BigInteger768([ - 0xecb23e0a2f1bd245, - 0x31b80c631edc39ae, - 0x590554649da78d85, - 0xc12a5b2366697d8c, - 0x1c4d1238bc71b6b2, - 0x8d0b219cdb2c21d4, - 0xa4a93f04ec97df4a, - 0x67ca57a5e41af3f0, - 0xd8ac205142b50568, - 0xc2a674c3ef59f6de, - 0x40067f9930800bb5, - 0x129bc5bbcc439, - ])); - let a_b = to_bytes!(a).unwrap(); - let a_b_read = std::fs::read("src/fields/mnt6753/test_vec/mnt6753_tobyte").unwrap(); - assert_eq!(a_b, a_b_read); -} - -#[test] -fn test_convert_fq_fr() { - use crate::fields::{ - convert, mnt6753::{ - FqParameters, Fr - }, - }; - - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - - // Safely convert a random Fq into a Fr - let q: Fq = UniformRand::rand(&mut rng); - let q_bits = &q.write_bits()[1..]; //Skip 1 bit, in order to perform a safe conversion - let conv = convert::(q_bits.to_vec()).unwrap(); - assert_eq!(conv.pow(Fr::characteristic()), conv); - - // Safely convert a random Fr into a Fq - let r: Fr = UniformRand::rand(&mut rng); - let r_bits = &r.write_bits()[1..]; //Skip 1 bit, in order to perform a safe conversion - let conv = convert::(r_bits.to_vec()).unwrap(); - assert_eq!(conv.pow(Fq::characteristic()), conv); - } - - //Attempting to convert a bit array that exceeds other field's modulus will result in an error - let modulus_q = Fq::new(FqParameters::MODULUS); - assert!(convert::((modulus_q - &Fq::one()).write_bits()).is_err()); //Fq_Modulus - 1 is bigger than Fr modulus -} - -#[test] -fn test_fq3_ordering() { - let mut a = Fq3::new(Fq::zero(), Fq::zero(), Fq::zero()); - - let mut b = a.clone(); - - assert!(a.cmp(&b) == Ordering::Equal); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); - b.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Less); - a.c1.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Greater); - b.c0.add_assign(&Fq::one()); - assert!(a.cmp(&b) == Ordering::Equal); -} - - -#[test] -fn test_fq3_basics() { - assert_eq!(Fq3::new(Fq::zero(), Fq::zero(), Fq::zero()), Fq3::zero()); - assert_eq!(Fq3::new(Fq::one(), Fq::zero(), Fq::zero()), Fq3::one()); - assert!(Fq3::zero().is_zero()); - assert!(!Fq3::one().is_zero()); - assert!(!Fq3::new(Fq::zero(), Fq::one(), Fq::zero()).is_zero()); -} - - -#[test] -fn test_fq3_squaring() { - // i = sqrt(11) in mnt6_753 fq3 - - //(11 + 0i + 0j)^2 = 121 + 0i + 0j = 121 - let a = Fq3::new(Fq::from_repr(BigInteger768::from(11)), Fq::zero(), Fq::zero()).square(); - assert_eq!( - a, - Fq3::new(Fq::from_repr(BigInteger768::from(121)), Fq::zero(), Fq::zero()) - ); - - let mut a = Fq3::new( - Fq::from_repr(BigInteger768([ - 0x4021ea91c1d7ed85, - 0x78bd65a80e548b88, - 0xb15b43140075906, - 0x143f963245fdce5f, - 0x3b07cd86d0be3997, - 0xbc8ccddb928234fc, - 0x80c7ce910c156ccc, - 0x117349672833c222, - 0x949d3f355fb23ca3, - 0x39c56800c5cb7865, - 0x33bcb002a225b9cb, - 0xcfdcc84af403, - ])), - Fq::from_repr(BigInteger768([ - 0x9f5f269a1851cdc, - 0xbbe507b0cd3c14f9, - 0xaf9b1ffd3d0bc566, - 0x75321f979bd32876, - 0x8da033b1cebcfefc, - 0x26e23be5fd1d73c, - 0x761d56f0d23101f6, - 0x96bd1d6551c00c65, - 0x5e17d1b99b7a938, - 0x149c5088da3e94d1, - 0xb4771eea63454794, - 0x1a2b05501eeac, - ])), - Fq::from_repr(BigInteger768([ - 0xe3e78d907b757a8c, - 0x17c324937f5735f2, - 0x5a0e6bc2ced16f28, - 0xb37843eece4d27b3, - 0xb8b225093ee90d4a, - 0xf80398bf27c851cc, - 0xb59f5ad72ad7b97, - 0x4f1e23b8c8aba546, - 0xe1bb6e79103f6e5, - 0xc6030187e4a8b103, - 0x49b7488076cb6d63, - 0x3cd9059f596d, - ])), - ); - a.square_in_place(); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xf88598c734a0ebea, - 0xc4d16ff251e0d4ea, - 0xfdc0993bea96656b, - 0x42d66c4b9fb4c54c, - 0x895ad48fed7ebc9b, - 0x7c356895984e4190, - 0x8e33757f7dbe3f2f, - 0x8bf91ab0fb58265, - 0x31398876d267714e, - 0x60b52f79cb1b6ef2, - 0x9dac6bdcc46ffcca, - 0x16971309611df, - ])), - Fq::from_repr(BigInteger768([ - 0xf3421c6cf4aaefc2, - 0x53c6bf7bbef81e58, - 0x8e7cb542c36ebc1d, - 0xbdb4b657dbd84fe2, - 0xb8e7b475066e8b42, - 0x1c0c3e2ec27607f, - 0x96c04d86f1e68651, - 0xeb63b5ec8c258fd1, - 0x79adf6a1e68f0cfb, - 0x3ac7dd569185f706, - 0x4aed0fb556acdcfe, - 0x5b97eb0ec575, - ])), - Fq::from_repr(BigInteger768([ - 0xe941d8679493cd4c, - 0x32f1a39375bfb2f8, - 0x146259a5646c77f1, - 0xc0a32a02fa2b005a, - 0xa8f3bbf89b5b7ca4, - 0xd40dec29cbed7259, - 0xfd621ece49ba14db, - 0xcafd071c105f9545, - 0xa3f7d1d45413c2a9, - 0x3365e865115b992, - 0x2703e89cb154b091, - 0x2750df057935, - ])), - ) - ); -} - -#[test] -fn test_fq3_mul() { - - let mut a = Fq3::new( - Fq::from_repr(BigInteger768([ - 0x3246ad9d5f2e162, - 0xb1a35a4ae6524cf4, - 0x43c67ef1fc963fe9, - 0xbdd7d3a9279e5133, - 0xf674346a7c629056, - 0x4210f13baa1290d3, - 0xcb3b4dca901c3526, - 0x1e1531abf7129c57, - 0x5e28ee42c19296e8, - 0x30ab88ba97c1c54b, - 0xeab7ccc94a470cac, - 0x19c5d753734e8, - ])), - Fq::from_repr(BigInteger768([ - 0x47a591f3099b6e84, - 0x17aa7b9c0701cb9c, - 0x7afb9e4c0bae4299, - 0x6e6c706d1e24a31f, - 0xd71d5501ca9eb295, - 0x209e568e6d68be58, - 0xf414daf62310083e, - 0x6d7d60ae249d9902, - 0xb12a28d2d941f691, - 0x30c08fde4dc9e7cd, - 0x9c2cf5cb5a054f10, - 0xd8ae87a6c6f9, - ])), - Fq::from_repr(BigInteger768([ - 0xace91a518173d79e, - 0x85b4b32d9e2c29f1, - 0xc23398b50ae36fb1, - 0xe4ad44193654931b, - 0x206960e627a3db5, - 0x3b5b892e388858c3, - 0x784e2a0e051839b6, - 0xeea4ed5c465934b3, - 0xe22149dfeadd89f3, - 0x31f8225a1ce56854, - 0x6cacc0691fc39968, - 0x4c451bf14739, - ])), - ); - a.mul_assign(&Fq3::new( - Fq::from_repr(BigInteger768([ - 0xea3d71dace0032be, - 0x9e32fec5ecf8847, - 0xdc741dcaaa904521, - 0x17cf97ee724d55f3, - 0xeb0c6f944ccdccf2, - 0xbe2d742884ee1ade, - 0xed72d008693e424d, - 0x29d565346140503b, - 0xae6d1807f4ddb996, - 0xc2c87df1290f12b3, - 0x25c9e97ea9a6168c, - 0x14bcbd0c05740, - ])), - Fq::from_repr(BigInteger768([ - 0xa7c248bf356ea80f, - 0xc9915a5e4713b051, - 0x96bfd4bedee3d075, - 0x86774975113b713, - 0x5cb302606c76bce7, - 0x20eb52e0ec2b5a90, - 0xce74054a1d7cda7d, - 0xcd5114716dd466fc, - 0xd92b87655b255f7f, - 0xa612d7a0a2cdfa50, - 0xdcbfdf74619fd088, - 0xe83492a23080, - ])), - Fq::from_repr(BigInteger768([ - 0x6878848d258bd4e5, - 0x21957e8c41feefb9, - 0x3fcf69a08f1e9410, - 0xe1e3056e0fa30e3c, - 0x5808b8487bbe7fc4, - 0xb5cfe60844f7d6a2, - 0x6f706a5d16a5aa41, - 0x7d438e19d0a302e9, - 0xacccbb506f192a14, - 0xd7683e432f46ad80, - 0xbd42d09e48f32be3, - 0xd000d94a201b, - ])), - )); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x546b6559354ad33a, - 0x7cb3fc50b5a89374, - 0xdbeeecf57666280a, - 0xc2a90279a880bb6f, - 0x93d97a513df51f25, - 0x5c64fa3416f7f5fd, - 0x5eb4cf7680c263b7, - 0x536d8cf5eb09798b, - 0x68329591d9896a9b, - 0x3e692f0eadcb46a1, - 0xb87a30e08cbcba96, - 0x12819a4a1b8b1, - ])), - Fq::from_repr(BigInteger768([ - 0x5dd5aa31a378481, - 0x2c308bb900870e56, - 0x63f20733e3579087, - 0x47153c90a1180256, - 0x5b7d3967f14a60a8, - 0x4995effcc846e2ea, - 0x1e854b6391135556, - 0x14aa2a716b4d9dbc, - 0xc0ab4f9869284465, - 0x6b661a8addf630a0, - 0x48ebf9a3fb386998, - 0x15cb12c006579, - ])), - Fq::from_repr(BigInteger768([ - 0x43052d439c9f6567, - 0x481cdd48b1ed431c, - 0x790e3dddabd89525, - 0x69764daa04dd82ea, - 0x68f8eddae35c7197, - 0x889d19480480d2ba, - 0xfec70cb30b86c860, - 0xb8c82f5b93784ec6, - 0x2badf2fecc0092e2, - 0x4cf2853fe24e12d5, - 0xa1027b754aa3b1b7, - 0x1bead97aeff44, - ])), - ) - ); -} - -#[test] -fn test_fq3_inverse() { - assert!(Fq3::zero().inverse().is_none()); - - let a = Fq3::new( - Fq::from_repr(BigInteger768([ - 0xea2f5a5b285605a9, - 0x9b9811086eb9a36c, - 0xeb4155b27eb0fd70, - 0xd78395c5e2265dfb, - 0x38c7271a32d8d316, - 0x16d69e418c964f89, - 0x391e37e6cb9f7517, - 0x14a5d0cff50ee3de, - 0xbdbf5f1b2c60e32a, - 0xe86653ca83ceacb9, - 0xcb0c8450b3a1d50c, - 0x9eea8f1bd345, - ])), - Fq::from_repr(BigInteger768([ - 0xe96321d6846bd938, - 0xc44457d924ebf799, - 0x64a87c9840b9f92f, - 0x7ec7476a0f7ac1d0, - 0xa7358171b0e872e0, - 0x46454b2e1fda0a3c, - 0x9f9d75e878378870, - 0xf1c0de78d4ced8e5, - 0x14c8681949bdbf8e, - 0x890ec974d4890f7a, - 0x8b6154ccda8486d2, - 0x54817d11357b, - ])), - Fq::from_repr(BigInteger768([ - 0xe0b69c3f609e009e, - 0x32cd8f0daadaee, - 0x4098e710b4abdeb, - 0xa70f14273d01899d, - 0x7a72bf882a1b3019, - 0x1bcae3482320a23c, - 0xf0830d313f84efe7, - 0x17e00a2bedc5d2c2, - 0x912329932f17d4fe, - 0x8ab61f747de901a2, - 0x8b5728c254c913a1, - 0x12478efb39124, - ])), - ); - let a = a.inverse().unwrap(); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xf6b123e3017ea59c, - 0xaae1b9ecd171bf54, - 0xed292157532e6b9, - 0xa29971bef1c7fd64, - 0x2754fddf487b12e, - 0xc2071ba19a8078d1, - 0x1f70013a7b8b523f, - 0xa8eabba8d7e3e06, - 0x51c8b51fdd68c5c0, - 0x467942fdc4d667db, - 0x6a26b87a2e55958a, - 0x63ea13b8d65f, - ])), - Fq::from_repr(BigInteger768([ - 0x4f3c45fa94981f88, - 0xab180727571e1d30, - 0x400c3c0c47b831be, - 0x7f1be9868780fef9, - 0xe644700a947c200a, - 0x4b18c27e6ae5358f, - 0x3347724766e20ca4, - 0xd4a6c139c5a8d60, - 0x112e45da5f8e4b2d, - 0x5139fc7a469c4cb5, - 0x6a1f4a3d81d00c0, - 0x9385286edaea, - ])), - Fq::from_repr(BigInteger768([ - 0xcc69730b69a27ce8, - 0xb20d449bf5cc5206, - 0xfcc8e81422a637d6, - 0xb8aa02f107456a00, - 0x98a2ee22af2c87bc, - 0x673097c76eb3a89b, - 0x90f8a8331c814b14, - 0x20735cbe81a9f60d, - 0x4f7fa65e8eff3455, - 0x2ef59d3d073df835, - 0xd4ed3a61398b57d9, - 0x23924edf3ce6, - ])), - ) - ); -} - -#[test] -fn test_fq3_addition() { - let mut a = Fq3::new( - Fq::from_repr(BigInteger768([ - 0x70a9f6f7d7cfc496, - 0x84e1e992071a39a3, - 0xcce6af0aa9d42cd4, - 0x16da3ccd8aa3bce7, - 0x3abf78b7a0ccdedb, - 0x64533c073dc56616, - 0x57d48514426d003a, - 0x76c57931a08a7b94, - 0x408797ae7e5bf40c, - 0xb5a8219fe218369a, - 0x4871ad4c341c20dc, - 0x1b2d12ecc2d26, - ])), - Fq::from_repr(BigInteger768([ - 0xdde2779130322cd8, - 0x3a5c2c1d565026a, - 0xa1cfca0f4ac1f2e7, - 0xc713963da24dacca, - 0xd6f7d36691cdd4a6, - 0xc67ebdcc0748810d, - 0x5d116e4ce8bdec44, - 0x5a1be86ecedb6931, - 0xbbb7b3a08620dca9, - 0xab47ba8d382bbc47, - 0x8276191222a801ea, - 0x167415192e699, - ])), - Fq::from_repr(BigInteger768([ - 0x43311da439d6bda8, - 0x4a4c249c61ad4da5, - 0xfa2add6d7da7e98b, - 0x22735466fa682a2, - 0x9a8497a2aac7c4d3, - 0xf470d9c28a935608, - 0x30201634f7b3fee6, - 0xae48ae0d58656f61, - 0x45fdf3d91ae8a9e0, - 0xf4e0a80511532a6d, - 0x5e4da4b94811844d, - 0xf5315ce200d, - ])), - ); - a.add_assign(&Fq3::new( - Fq::from_repr(BigInteger768([ - 0x8a5b3caa7f25f292, - 0x319ab2fa79515ecb, - 0x422065fe8ece17ab, - 0xc85e6d69508cd1d9, - 0x57ff297e60fe88fb, - 0x317a6603ff60fb38, - 0x887f460c565c190, - 0x846e7d862cac4884, - 0xc5ef1c4f1a978a07, - 0xc1ae30a0818ef210, - 0x5aac8601312cac55, - 0xc382c8f64875, - ])), - Fq::from_repr(BigInteger768([ - 0x40a20c619e79826c, - 0x69a3132c23d60833, - 0x96c322803a1669fb, - 0x96a26754fb90c64d, - 0x25bafad53d14fbdb, - 0xd23fcfe959d5d73c, - 0x61f2474a938bd25f, - 0xac66b0233da24bf5, - 0x5b8b6bf66139b5ec, - 0x592cb115aa3292ad, - 0x98a061fbe7a35eda, - 0x19059b30bba93, - ])), - Fq::from_repr(BigInteger768([ - 0xa0450c373073d290, - 0x83566a6c362b7610, - 0xc05579d6cbc72938, - 0x20f59bc313cf6f25, - 0x7feb5a333872c8c4, - 0x3dfd55628b2d3f9f, - 0x435dd011644a05e7, - 0xf7059c8a97467555, - 0xcd8fe71709865ebc, - 0x248f8286f84fc456, - 0x4dce63167743ac32, - 0xff16fdcc042, - ])), - )); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x21fdbcc016f5b727, - 0x67dc037570ca5e1f, - 0x3843934cf9a1ece8, - 0x2558b0c0a697541c, - 0x53d2d7a1d8aa41a0, - 0xe36145e274ccb7b3, - 0xc68b549b6677ca2c, - 0xf3363d91e495d68a, - 0xa7becb042c5ba5a0, - 0xbf5cbaf0081778bd, - 0x92fba32a7665ff84, - 0xb18dca2fb18a, - ])), - Fq::from_repr(BigInteger768([ - 0x457d0d108eabaf43, - 0x1ea83cd6e999d04e, - 0x61cf6ad345d8054b, - 0xa3d6041c69453873, - 0xbdc703a7a5c1aa4b, - 0xe652318c98c4aeae, - 0x253290bddaeec706, - 0xfe84df6c23dcc799, - 0xb88b369d7ac2ba22, - 0x4c7ad45286ce9f07, - 0xaf3eaeb1b689317, - 0x132d4d70bdd1c, - ])), - Fq::from_repr(BigInteger768([ - 0xe37629db6a4a9038, - 0xcda28f0897d8c3b5, - 0xba805744496f12c3, - 0x231cd1098375f1c8, - 0x1a6ff1d5e33a8d97, - 0x326e2f2515c095a8, - 0x737de6465bfe04ce, - 0xa54e4a97efabe4b6, - 0x138ddaf0246f089d, - 0x19702a8c09a2eec4, - 0xac1c07cfbf553080, - 0x1f4485aae04f, - ])), - ) - ); -} - -#[test] -fn test_fq3_subtraction() { - let mut a = Fq3::new( - Fq::from_repr(BigInteger768([ - 0x466f53ee62857c35, - 0xc2db6a3ac5d73b17, - 0x4e4b3b2667890ce, - 0xc439a945528dfb6d, - 0x658b45180b928613, - 0x6ba00c3473316448, - 0xe69d313374ac8a1a, - 0x74909447e6beb138, - 0x35b02d0d917d55a2, - 0x7a262f207791f762, - 0xc3f96812fa360cc4, - 0xc589fccf404a, - ])), - Fq::from_repr(BigInteger768([ - 0x62079cdb754f6283, - 0xac492f5b26fcd792, - 0xa90a15721c31e5c3, - 0x2aa1a00708752976, - 0x25ffd74d046f9865, - 0xacbea3e3977ed71a, - 0x4c9dd2c1740d23ff, - 0x5439242985eedace, - 0x20015c9662207818, - 0x7efc2900c8dcd296, - 0x79b705f651b64b37, - 0x241a6f488ef3, - ])), - Fq::from_repr(BigInteger768([ - 0x7421f4deec25cdf, - 0xe333e3b3f7ad9635, - 0xf4e0e90a81ecdfa4, - 0x30b664c73744090d, - 0xa2c939517669ca3, - 0x26c843d7e091fd84, - 0x12e2b5d09078573c, - 0xd65c1fcba1ce8535, - 0x53ad9c33664134d5, - 0x510d8bb445fb7364, - 0x65d97212aad39715, - 0x13e02b8c098aa, - ])), - ); - a.sub_assign(&Fq3::new( - Fq::from_repr(BigInteger768([ - 0xae66135f4c0de452, - 0xec320d88395e5e0, - 0x8cba68af85c9ed0f, - 0x996d5b81871aae5a, - 0x8eefe077a5f8904b, - 0x7063aa08173520ec, - 0x8e724a8c7a2cdb52, - 0x2220f0d274d9280d, - 0xe7faf2c8b08a53d6, - 0x3d7adea7f6f2feba, - 0x7388689327cc879e, - 0x12204bc594c27, - ])), - Fq::from_repr(BigInteger768([ - 0xc0f4c0c54cff46e4, - 0xbd5d05139c379672, - 0x42e975e7d48f0bf8, - 0x854b54e796fceead, - 0xf70666bd557b9d3a, - 0x4761fd7d60b15402, - 0x58b6c761b51c5c38, - 0x297198dfad1e9ad0, - 0xd98876ab040eaa20, - 0x49d6ff00de45a75c, - 0x783f56ea7eeab38a, - 0xa75818e565b, - ])), - Fq::from_repr(BigInteger768([ - 0x357041f1e563353a, - 0x4d7884c47ebd50d6, - 0x571fa308fb790e92, - 0x132a83fe50aa0d34, - 0x8a5615b190de6c96, - 0xf540a5d8a1c27249, - 0x50b718961ba058fc, - 0xe3f754eb96ffff41, - 0xc936c2b501095e6f, - 0x2b81b529966a348c, - 0x583520d69bc45417, - 0xeda15eca386f, - ])), - )); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x7110b771567797e4, - 0x2b8e27951e28f86, - 0x4eedccbf1faefb57, - 0xe4ac473a000c87b7, - 0x15872f348ebb1bfe, - 0xada8be552455ecf7, - 0xf1fc0b809bdaa665, - 0x5a6d5c9b5a8676b8, - 0xac6d233e4d8ada3f, - 0xf4a4e7c8dc2ea894, - 0x60938fa2c14c52d3, - 0x1684b6e08b834, - ])), - Fq::from_repr(BigInteger768([ - 0xa112dc1628501b9f, - 0xeeec2a478ac5411f, - 0x66209f8a47a2d9ca, - 0xa5564b1f71783ac9, - 0x2ef9708faef3fb2a, - 0x655ca66636cd8317, - 0xf3e70b5fbef0c7c7, - 0x2ac78b49d8d03ffd, - 0x4678e5eb5e11cdf8, - 0x352529ffea972b39, - 0x177af0bd2cb97ad, - 0x19a4edba3898, - ])), - Fq::from_repr(BigInteger768([ - 0xd1d1dd5c095f27a5, - 0x95bb5eef78f0455e, - 0x9dc146018673d112, - 0x1d8be0c8e699fbd9, - 0x7fd67de38688300d, - 0x31879dff3ecf8b3a, - 0xc22b9d3a74d7fe3f, - 0xf264cae00ace85f3, - 0x8a76d97e6537d665, - 0x258bd68aaf913ed7, - 0xda4513c0f0f42fe, - 0x506159f6603b, - ])), - ) - ); -} - -#[test] -fn test_fq3_negation() { - let mut a = Fq3::new( - Fq::from_repr(BigInteger768([ - 0x45a4987bd3e0d56d, - 0xa001d1f786af5915, - 0x3b4e2747265dd474, - 0x6e4f1694c5e2c3c5, - 0xe2a2e49750d269, - 0x7ad3a81da9108d86, - 0x26b38ef00c89a2fb, - 0x3f549ebf55695b14, - 0x30556837056daf5e, - 0x90d6790c0b3928d0, - 0x6d91bbc81e4db043, - 0xa6357fe3f93d, - ])), - Fq::from_repr(BigInteger768([ - 0x431babec51a9126f, - 0x7010cbe98cb9317e, - 0x68441948e9dd2030, - 0x5062859a46134908, - 0xf780c38412a2eca7, - 0xeccf583f8b368e3c, - 0x7f41ac709c0f00fc, - 0x1001838301b18f15, - 0x7366d796a5c2ac58, - 0x96df478644ed2323, - 0xe70fb635feae00bd, - 0x10d776a6661d, - ])), - Fq::from_repr(BigInteger768([ - 0x876ea7e4a25c62f1, - 0x630ce5add7dcc4ee, - 0x411fa998cf05f747, - 0x7f777e93c2bb82a9, - 0xd45a316491697a3c, - 0x73d4c32b5d32cd3d, - 0x4d8837c1b004e6ed, - 0x697249a5886df985, - 0x99256513a6c0a93f, - 0x78295b06f24b2acc, - 0x674b3104ee4258bf, - 0x8439c1521467, - ])), - ); - a = -a; - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x9362de666c1f2a94, - 0xae9ec71f88f1e13a, - 0x9b755a7518a28322, - 0x4b90e2e16eb676df, - 0x3e0927af91d053cd, - 0x3798b40b1f491c15, - 0x731d95e994d154a2, - 0xc8a91a6693379279, - 0x2e6280c2672a2914, - 0x27231e445056871d, - 0xa290d45ad0951d6a, - 0x11e90adaecad3, - ])), - Fq::from_repr(BigInteger768([ - 0x95ebcaf5ee56ed92, - 0xde8fcd2d82e808d1, - 0x6e7f687355233766, - 0x697d73dbee85f19c, - 0x476b0710167e398f, - 0xc59d03e93d231b5e, - 0x1a8f7869054bf6a0, - 0xf7fc35a2e6ef5e78, - 0xeb511162c6d52c1a, - 0x211a4fca16a28cc9, - 0x2912d9ecf034ccf0, - 0x1b3eeb6ec5df3, - ])), - Fq::from_repr(BigInteger768([ - 0x5198cefd9da39d10, - 0xeb93b36937c47561, - 0x95a3d8236ffa604f, - 0x3a687ae271ddb7fb, - 0x6a91992f97b7abfa, - 0x3e9798fd6b26dc5d, - 0x4c48ed17f15610b0, - 0x9e8b6f806032f408, - 0xc59283e5c5d72f33, - 0x3fd03c4969448520, - 0xa8d75f1e00a074ee, - 0x1408c6c40afa9, - ])), - ) - ); -} - -#[test] -fn test_fq3_doubling() { - let mut a = Fq3::new( - Fq::from_repr(BigInteger768([ - 0xd192ae0d65f172e5, - 0xa973e6d47e71a73e, - 0x794ef7d80e97a231, - 0x388d30fad5bce669, - 0x828c216522e230a0, - 0xb1b9903e98e589a3, - 0x3bab2d4dfc3b4d98, - 0x511bb8398504956, - 0xd995de739cd417c3, - 0x5da89657b5dfde2f, - 0x932e48738bf2ead7, - 0xd35bfbd24ffa, - ])), - Fq::from_repr(BigInteger768([ - 0x5c83fc6f4c683523, - 0xb37a157d260571fd, - 0xa4e5ba9d2c827a0a, - 0x81fd741407dd59, - 0x40a916dedb48c79a, - 0x9094f99a14b5ddd5, - 0xa86f628c0e0f313f, - 0xf0159069ad16e6cc, - 0x1739f0de0a7be25, - 0x7921849db4a258fb, - 0x3188837a5d4dda25, - 0x58d43cab04bc, - ])), - Fq::from_repr(BigInteger768([ - 0x6160e374a4eb163a, - 0xadf9a96ea1729143, - 0xbd0c2b5aa0006c03, - 0xc20fa3537d5b2672, - 0x1b230f48f7f4cbf4, - 0xc4b47d6737ef05f4, - 0xdf8bd07bb9d562e0, - 0x893163812adfac13, - 0x13f4bdfb094a057b, - 0xd7ad1d85b9953c25, - 0xdf524e2d7f802a5d, - 0x79893fa4c427, - ])), - ); - a.double_in_place(); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0xa3255c1acbe2e5ca, - 0x52e7cda8fce34e7d, - 0xf29defb01d2f4463, - 0x711a61f5ab79ccd2, - 0x51842ca45c46140, - 0x6373207d31cb1347, - 0x77565a9bf8769b31, - 0xa23770730a092ac, - 0xb32bbce739a82f86, - 0xbb512caf6bbfbc5f, - 0x265c90e717e5d5ae, - 0x1a6b7f7a49ff5, - ])), - Fq::from_repr(BigInteger768([ - 0xb907f8de98d06a46, - 0x66f42afa4c0ae3fa, - 0x49cb753a5904f415, - 0x103fae8280fbab3, - 0x81522dbdb6918f34, - 0x2129f334296bbbaa, - 0x50dec5181c1e627f, - 0xe02b20d35a2dcd99, - 0x2e73e1bc14f7c4b, - 0xf243093b6944b1f6, - 0x631106f4ba9bb44a, - 0xb1a879560978, - ])), - Fq::from_repr(BigInteger768([ - 0xc2c1c6e949d62c74, - 0x5bf352dd42e52286, - 0x7a1856b54000d807, - 0x841f46a6fab64ce5, - 0x36461e91efe997e9, - 0x8968face6fde0be8, - 0xbf17a0f773aac5c1, - 0x1262c70255bf5827, - 0x27e97bf612940af7, - 0xaf5a3b0b732a784a, - 0xbea49c5aff0054bb, - 0xf3127f49884f, - ])), - ) - ); -} - -#[test] -fn test_fq3_frobenius_map() { - let mut a = Fq3::new( - Fq::from_repr(BigInteger768([ - 0x5ae08dbcf05a7e94, - 0x7a3ae54580a38126, - 0xa44b6b87c98acd54, - 0x12fbbf7aac1c4257, - 0x83574728a5dd4cd, - 0x94f4abd8fb7572aa, - 0xb0cc279b783eb119, - 0xf7e82969a91de53a, - 0xcdf097798212fc90, - 0xb3a1873b082f9c90, - 0x7fbd55a49371f883, - 0x1281fb018fed1, - ])), - Fq::from_repr(BigInteger768([ - 0x6fc7aff59a9b9fca, - 0x38d88519ba8e4994, - 0x3b0ce22e5d10e284, - 0xec07648b1d926326, - 0x4ad75a653684893, - 0x8787f090de330059, - 0x4ba554a712f7017c, - 0x48f9347afc8eafc1, - 0x1ff13912b5782b6e, - 0x7878e03cb713f699, - 0xaf28937e1c342778, - 0x12d05bdbb114d, - ])), - Fq::from_repr(BigInteger768([ - 0x26738434e6f99141, - 0x21733ea49be3f6cb, - 0xcefb33846962f4f0, - 0x9ab4e36cdb571399, - 0x2b74ea5a7e0217dc, - 0x3adb3a4f7f7084e1, - 0x89a0611519e1952f, - 0xb69a42ce200b8f7, - 0x580f9df838107915, - 0xda957fb3b319f8af, - 0x73ce2e50e6d0fa3, - 0x8a5add60133, - ])), - ); - a.frobenius_map(0); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x5ae08dbcf05a7e94, - 0x7a3ae54580a38126, - 0xa44b6b87c98acd54, - 0x12fbbf7aac1c4257, - 0x83574728a5dd4cd, - 0x94f4abd8fb7572aa, - 0xb0cc279b783eb119, - 0xf7e82969a91de53a, - 0xcdf097798212fc90, - 0xb3a1873b082f9c90, - 0x7fbd55a49371f883, - 0x1281fb018fed1, - ])), - Fq::from_repr(BigInteger768([ - 0x6fc7aff59a9b9fca, - 0x38d88519ba8e4994, - 0x3b0ce22e5d10e284, - 0xec07648b1d926326, - 0x4ad75a653684893, - 0x8787f090de330059, - 0x4ba554a712f7017c, - 0x48f9347afc8eafc1, - 0x1ff13912b5782b6e, - 0x7878e03cb713f699, - 0xaf28937e1c342778, - 0x12d05bdbb114d, - ])), - Fq::from_repr(BigInteger768([ - 0x26738434e6f99141, - 0x21733ea49be3f6cb, - 0xcefb33846962f4f0, - 0x9ab4e36cdb571399, - 0x2b74ea5a7e0217dc, - 0x3adb3a4f7f7084e1, - 0x89a0611519e1952f, - 0xb69a42ce200b8f7, - 0x580f9df838107915, - 0xda957fb3b319f8af, - 0x73ce2e50e6d0fa3, - 0x8a5add60133, - ])), - ) - ); - a.frobenius_map(1); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x5ae08dbcf05a7e94, - 0x7a3ae54580a38126, - 0xa44b6b87c98acd54, - 0x12fbbf7aac1c4257, - 0x83574728a5dd4cd, - 0x94f4abd8fb7572aa, - 0xb0cc279b783eb119, - 0xf7e82969a91de53a, - 0xcdf097798212fc90, - 0xb3a1873b082f9c90, - 0x7fbd55a49371f883, - 0x1281fb018fed1, - ])), - Fq::from_repr(BigInteger768([ - 0x3110a46cb0ed77f1, - 0xe1e033e34bd5fa34, - 0xc5f2da0bf19faee6, - 0xaa4b967c01a0b0a5, - 0xa491f6d1abe3bea5, - 0x24c45b5a04c13a77, - 0x8ec36da8681eaa21, - 0x15e5cc898998c2, - 0x83e9fa5d6864f771, - 0xbd110fb01b05d02, - 0x1e3d1d4ce9b15d5c, - 0x4c25d114bc14, - ])), - Fq::from_repr(BigInteger768([ - 0x57f33e76b7aa6e5e, - 0x3296ee1b127f5a4d, - 0x4223426a6bccfa89, - 0xd36f0b46c0347d4d, - 0xd746bc9a42d72ff6, - 0x12f2f98837410346, - 0x68600cbaadcdae61, - 0xf04297331b1b5c9f, - 0xf4b1a2b62b5218d1, - 0x90b1594c69063bc, - 0xd2d70a164f85328b, - 0x187c61d058bf8, - ])), - ) - ); - a.frobenius_map(1); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x5ae08dbcf05a7e94, - 0x7a3ae54580a38126, - 0xa44b6b87c98acd54, - 0x12fbbf7aac1c4257, - 0x83574728a5dd4cd, - 0x94f4abd8fb7572aa, - 0xb0cc279b783eb119, - 0xf7e82969a91de53a, - 0xcdf097798212fc90, - 0xb3a1873b082f9c90, - 0x7fbd55a49371f883, - 0x1281fb018fed1, - ])), - Fq::from_repr(BigInteger768([ - 0x382f227ff476e846, - 0x33e7e01a093cf687, - 0xd5c3c581f04fc62c, - 0x238cfe6f156626d8, - 0x95ac5e1c29d51efd, - 0x620103de5656eca, - 0xbf68628a26454c00, - 0xbeee9ede6288a509, - 0xbadcb5894ebab593, - 0x33afa618a2cb5c51, - 0x42bcdf57e8fd48d9, - 0x4b9a9ec2f6af, - ])), - Fq::from_repr(BigInteger768([ - 0x5aa0b436a15c0062, - 0xfa966c57613de937, - 0xc5a50bcd69d0681d, - 0x4bbc0ac2990da9bd, - 0x3c30239f6847de63, - 0x649e285111a82173, - 0xa7d0b709d9abb40d, - 0xc517dc5eb84d7f6, - 0x11f6a84b0935468c, - 0xd4590207e1e55381, - 0x360ea32790f08b7e, - 0x345a62b736e5, - ])), - ) - ); - a.frobenius_map(2); - assert_eq!( - a, - Fq3::new( - Fq::from_repr(BigInteger768([ - 0x5ae08dbcf05a7e94, - 0x7a3ae54580a38126, - 0xa44b6b87c98acd54, - 0x12fbbf7aac1c4257, - 0x83574728a5dd4cd, - 0x94f4abd8fb7572aa, - 0xb0cc279b783eb119, - 0xf7e82969a91de53a, - 0xcdf097798212fc90, - 0xb3a1873b082f9c90, - 0x7fbd55a49371f883, - 0x1281fb018fed1, - ])), - Fq::from_repr(BigInteger768([ - 0x3110a46cb0ed77f1, - 0xe1e033e34bd5fa34, - 0xc5f2da0bf19faee6, - 0xaa4b967c01a0b0a5, - 0xa491f6d1abe3bea5, - 0x24c45b5a04c13a77, - 0x8ec36da8681eaa21, - 0x15e5cc898998c2, - 0x83e9fa5d6864f771, - 0xbd110fb01b05d02, - 0x1e3d1d4ce9b15d5c, - 0x4c25d114bc14, - ])), - Fq::from_repr(BigInteger768([ - 0x57f33e76b7aa6e5e, - 0x3296ee1b127f5a4d, - 0x4223426a6bccfa89, - 0xd36f0b46c0347d4d, - 0xd746bc9a42d72ff6, - 0x12f2f98837410346, - 0x68600cbaadcdae61, - 0xf04297331b1b5c9f, - 0xf4b1a2b62b5218d1, - 0x90b1594c69063bc, - 0xd2d70a164f85328b, - 0x187c61d058bf8, - ])), - ) - ); -} - - -#[test] -fn test_fq3_legendre() { - use crate::fields::LegendreSymbol::*; - - assert_eq!(Zero, Fq3::zero().legendre()); - assert_eq!(QuadraticNonResidue, Fq3Parameters::NONRESIDUE.legendre()); - // i^2 = -1 - let mut m1 = -Fq3::one(); - assert_eq!(QuadraticResidue, m1.legendre()); - m1 = Fq6Parameters::mul_fp3_by_nonresidue(&m1); - assert_eq!(QuadraticNonResidue, m1.legendre()); - - assert_eq!(QuadraticNonResidue, Fq6Parameters::NONRESIDUE.legendre()); -} - -#[test] -fn test_fq3_mul_nonresidue() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - let nqr = Fq3::new( - Fq::zero(), - Fq::one(), - Fq::zero() - ); - - for _ in 0..1000 { - let mut a = Fq3::rand(&mut rng); - let mut b = a; - a = Fq6Parameters::mul_fp3_by_nonresidue(&a); - b.mul_assign(&nqr); - - assert_eq!(a, b); - } -} - - -#[test] -fn test_fq6_mul_by_2345() { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - for _ in 0..1000 { - let c2 = Fq::rand(&mut rng); - let c3 = Fq::rand(&mut rng); - let c4 = Fq::rand(&mut rng); - let c5 = Fq::rand(&mut rng); - let to_mul = Fq6::new( - Fq3::new(Fq::zero(), Fq::zero(), c2), - Fq3::new(c3, c4, c5), - ); - let a = Fq6::rand(&mut rng); - let mut b = a; - - b.mul_assign(&to_mul); - - assert_eq!(a.mul_by_2345(&to_mul), b); - } -} \ No newline at end of file diff --git a/algebra/src/fields/mod.rs b/algebra/src/fields/mod.rs index e7b2941d8..0e0f997e6 100644 --- a/algebra/src/fields/mod.rs +++ b/algebra/src/fields/mod.rs @@ -18,36 +18,6 @@ use serde::{Serialize, Deserialize}; #[macro_use] mod macros; -#[cfg(feature = "bls12_377")] -pub mod bls12_377; - -#[cfg(feature = "bls12_381")] -pub mod bls12_381; - -#[cfg(feature = "bn_382")] -pub mod bn_382; - -#[cfg(feature = "edwards_bls12")] -pub mod edwards_bls12; - -#[cfg(feature = "edwards_sw6")] -pub mod edwards_sw6; - -#[cfg(feature = "jubjub")] -pub mod jubjub; - -#[cfg(feature = "mnt4_753")] -pub mod mnt4753; - -#[cfg(feature = "mnt6_753")] -pub mod mnt6753; - -#[cfg(feature = "mnt6")] -pub mod mnt6; - -#[cfg(feature = "sw6")] -pub mod sw6; - #[cfg(feature = "tweedle")] pub mod tweedle; diff --git a/algebra/src/fields/sw6/fq.rs b/algebra/src/fields/sw6/fq.rs deleted file mode 100644 index a427b9ac0..000000000 --- a/algebra/src/fields/sw6/fq.rs +++ /dev/null @@ -1,161 +0,0 @@ -use crate::{ - biginteger::BigInteger832 as BigInteger, - fields::{Fp832, Fp832Parameters, FpParameters}, - field_new, -}; - -pub type Fq = Fp832; - -pub struct FqParameters; - -impl Fp832Parameters for FqParameters {} -impl FpParameters for FqParameters { - type BigInt = BigInteger; - - /// MODULUS = 22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825577 - const MODULUS: BigInteger = BigInteger([ - 0xdace79b57b942ae9, - 0x545d85c16dfd424a, - 0xee135c065f4d26b7, - 0x9c2f764a12c4024b, - 0x1ad533049cfe6a39, - 0x52a3fb77c79c1320, - 0xab3596c8617c5792, - 0x830c728d80f9d78b, - 0x6a7223ee72023d07, - 0xbc5d176b746af026, - 0xe959283d8f526663, - 0xc4d2263babf8941f, - 0x3848, - ]); - - const MODULUS_BITS: u32 = 782; - - const CAPACITY: u32 = Self::MODULUS_BITS - 1; - - const REPR_SHAVE_BITS: u32 = 50; - - const R: BigInteger = BigInteger([ - 11190988450819017841u64, - 16170411717126802030u64, - 2265463223430229059u64, - 16946880912571045974u64, - 11155248462028513229u64, - 12855672356664541314u64, - 8489376931127408159u64, - 2655797810825538098u64, - 9648483887143916718u64, - 17514963461276738952u64, - 16777089214204267338u64, - 15649035958020076168u64, - 8659u64, - ]); - - const R2: BigInteger = BigInteger([ - 13983406830510863714u64, - 17863856572171232656u64, - 1698388424046564526u64, - 1773634430448388392u64, - 8684647957094413275u64, - 3992637317298078843u64, - 18420879196616862245u64, - 3238482510270583127u64, - 7928200707794018216u64, - 10024831010452223910u64, - 9613847725664942650u64, - 15361265984156787358u64, - 7833u64, - ]); - - const INV: u64 = 14469047335842394791u64; - - /// GENERATOR = 13 - const GENERATOR: BigInteger = BigInteger([ - 16669393626057438558u64, - 1640520694378723217u64, - 1598646156981121135u64, - 12401834967100173388u64, - 2356467520877704673u64, - 14759118825104212161u64, - 5556628239575210651u64, - 5317520392768798654u64, - 16398429955031064995u64, - 3556102264904210145u64, - 8166834915717907988u64, - 11926665585800594452u64, - 11716u64, - ]); - - const TWO_ADICITY: u32 = 3; - - const ROOT_OF_UNITY: BigInteger = BigInteger([ - 18044746167194862600u64, - 63590321303744709u64, - 5009346151370959890u64, - 2859114157767503991u64, - 8301813204852325413u64, - 5629414263664332594u64, - 2637340888701394641u64, - 17433538052687852753u64, - 2230763098934759248u64, - 3785382115983092023u64, - 8895511354022222370u64, - 15792083141709071785u64, - 1328u64, - ]); - - const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0x6d673cdabdca1574, - 0xaa2ec2e0b6fea125, - 0xf709ae032fa6935b, - 0xce17bb2509620125, - 0xd6a99824e7f351c, - 0x2951fdbbe3ce0990, - 0xd59acb6430be2bc9, - 0xc1863946c07cebc5, - 0x353911f739011e83, - 0xde2e8bb5ba357813, - 0xf4ac941ec7a93331, - 0x6269131dd5fc4a0f, - 0x1c24, - ]); - - // (T - 1)/2 = - // 1398117143679731058146671387906315933423474966581074036386468539227923378278626533764529938634242576261128410962740119034868607201414583335758422276643816405480145410934911750070786645716409577212967755581539567265673914343284832551598 - const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ - 0xadace79b57b942ae, - 0x7545d85c16dfd424, - 0xbee135c065f4d26b, - 0x99c2f764a12c4024, - 0x1ad533049cfe6a3, - 0x252a3fb77c79c132, - 0xbab3596c8617c579, - 0x7830c728d80f9d78, - 0x66a7223ee72023d0, - 0x3bc5d176b746af02, - 0xfe959283d8f52666, - 0x8c4d2263babf8941, - 0x384, - ]); - - // T = - // 2796234287359462116293342775812631866846949933162148072772937078455846756557253067529059877268485152522256821925480238069737214402829166671516844553287632810960290821869823500141573291432819154425935511163079134531347828686569665103197 - const T: BigInteger = BigInteger([ - 0x5b59cf36af72855d, - 0xea8bb0b82dbfa849, - 0x7dc26b80cbe9a4d6, - 0x3385eec942588049, - 0x35aa660939fcd47, - 0x4a547f6ef8f38264, - 0x7566b2d90c2f8af2, - 0xf0618e51b01f3af1, - 0xcd4e447dce4047a0, - 0x778ba2ed6e8d5e04, - 0xfd2b2507b1ea4ccc, - 0x189a44c7757f1283, - 0x709, - ]); -} - -pub const FQ_ONE: Fq = field_new!(Fq, FqParameters::R); -pub const FQ_ZERO: Fq = field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])); \ No newline at end of file diff --git a/algebra/src/fields/sw6/fq3.rs b/algebra/src/fields/sw6/fq3.rs deleted file mode 100644 index d734c9032..000000000 --- a/algebra/src/fields/sw6/fq3.rs +++ /dev/null @@ -1,202 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger832 as BigInteger, - fields::{ - fp3::{Fp3, Fp3Parameters}, - sw6::fq::Fq, - }, -}; - -pub type Fq3 = Fp3; - -pub struct Fq3Parameters; - -impl Fp3Parameters for Fq3Parameters { - type Fp = Fq; - - /// NONRESIDUE = 13 - const NONRESIDUE: Fq = field_new!(Fq, BigInteger([ - 0xe755952f4650755e, - 0x16c44ce1331ef791, - 0x162f8835b467306f, - 0xac1c2b31e1062c4c, - 0x20b3dab9a2a935e1, - 0xccd2ec5fd01e00c1, - 0x4d1d1bf190c8da9b, - 0x49cba09fb0e13fbe, - 0xe392ed2957c061a3, - 0x3159d02b3c93d6e1, - 0x71566d160a9f8614, - 0xa5840728fc854414, - 0x2dc4, - ])); - - const TWO_ADICITY: u32 = 3; - - const T_MINUS_ONE_DIV_TWO: &'static [u64] = &[ - 0x62730e2cd2029617, - 0x660647f735cb88cf, - 0x274359d60784f69d, - 0x83067194eb102629, - 0x54ea4a12a9381160, - 0xade0b24e398dac25, - 0xb476ae9f927e81cb, - 0x220fd4a9178adc3b, - 0x57e0cb9b0569745b, - 0xba15024addc8f52e, - 0x145b9bc116144ab6, - 0x6bc2260726e88b15, - 0x51da6bf151066474, - 0x9fd1b3190f6320cf, - 0x2097bfb7bf4167b0, - 0x27c35b1e7e628e09, - 0x94f80c9d623dd9bb, - 0x20bfa6d5bf31e7d3, - 0x19fb862c049d3a8, - 0xdf4c5efe04c0cec1, - 0x32c9a8abe9b50297, - 0x268d5c2076b44f0a, - 0x76027ec67b23ca21, - 0x248d61e0c45d270, - 0x419cd0d1d6be027e, - 0xbcd8dc3b1986ef18, - 0x73093d8719c862c2, - 0x651d60f8f9f6fcd9, - 0x8dabebe38a09b261, - 0xfa85b5a9e180cd3f, - 0x6a97fc618f319fb7, - 0xce08b93a5652a8e1, - 0x37525cbc4ba24cf9, - 0xb104c580df9d2150, - 0x1407c1bfe240a89d, - 0x34c96a73372daf9a, - 0x2b87fda171, - ]; - - const QUADRATIC_NONRESIDUE_TO_T: (Fq, Fq, Fq) = ( - field_new!(Fq, BigInteger([ - 0x59987c0ef8e31739, - 0x59578d750d6f57dd, - 0x9672547570dddab8, - 0x1a1f630e1d6dbdd5, - 0xde15f46e52d7613e, - 0x6a1b6e4f80179926, - 0x461ad119d93123b, - 0x12054e3654907ed9, - 0x85ea06b12bf811a0, - 0xc01d53d07347f9ec, - 0x70c424eb666c3922, - 0x1796ce4ed605d49e, - 0x68b, - ])), - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - field_new!(Fq, BigInteger([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - ); - - const FROBENIUS_COEFF_FP3_C1: &'static [Fq] = &[ - field_new!(Fq, BigInteger([ - 0x9b4e60b420910c71, - 0xe068d7c83f284a6e, - 0x1f708acc7c452c43, - 0xeb2f6a66cca51856, - 0x9acf675f886e9fcd, - 0xb26885e567cc8082, - 0x75d05357183eb61f, - 0x24db4a09b5842a32, - 0x85e64cf9ba4b14ae, - 0xf311a6784358a588, - 0xe8d431c061aecb4a, - 0xd92c8b4aab19f288, - 0x21d3, - ])), - field_new!(Fq, BigInteger([ - 0xe793e750fc0c0fdc, - 0x28cd75f5634a867e, - 0xde5e9b1261eb3c33, - 0x68a0fb1c17595903, - 0x19626d2c9f392e46, - 0xc4d95794cb378b83, - 0x54870f1f582d67c9, - 0xf3f1a0ac4aceb56d, - 0x811361215ea4fd47, - 0x32cd6ee17d95bd00, - 0x725f9881049a9c52, - 0x5acb70be0613a307, - 0x11bb, - ])), - field_new!(Fq, BigInteger([ - 0x57ec31b05ef70e9c, - 0x4b273803cb8a715d, - 0xf0443627811cbe40, - 0x485f10c72ec590f1, - 0x66a35e7875569c25, - 0xdb621dfd9498071a, - 0xe0de3451f11039a8, - 0x6a3f87d780a6f7eb, - 0x637875d359122b11, - 0x967e0211b37c8d9d, - 0x8e255dfc2908fec6, - 0x90da2a32facafe8f, - 0x4b9, - ])), - ]; - - const FROBENIUS_COEFF_FP3_C2: &'static [Fq] = &[ - field_new!(Fq, BigInteger([ - 0x9b4e60b420910c71, - 0xe068d7c83f284a6e, - 0x1f708acc7c452c43, - 0xeb2f6a66cca51856, - 0x9acf675f886e9fcd, - 0xb26885e567cc8082, - 0x75d05357183eb61f, - 0x24db4a09b5842a32, - 0x85e64cf9ba4b14ae, - 0xf311a6784358a588, - 0xe8d431c061aecb4a, - 0xd92c8b4aab19f288, - 0x21d3, - ])), - field_new!(Fq, BigInteger([ - 0x57ec31b05ef70e9c, - 0x4b273803cb8a715d, - 0xf0443627811cbe40, - 0x485f10c72ec590f1, - 0x66a35e7875569c25, - 0xdb621dfd9498071a, - 0xe0de3451f11039a8, - 0x6a3f87d780a6f7eb, - 0x637875d359122b11, - 0x967e0211b37c8d9d, - 0x8e255dfc2908fec6, - 0x90da2a32facafe8f, - 0x4b9, - ])), - field_new!(Fq, BigInteger([ - 0xe793e750fc0c0fdc, - 0x28cd75f5634a867e, - 0xde5e9b1261eb3c33, - 0x68a0fb1c17595903, - 0x19626d2c9f392e46, - 0xc4d95794cb378b83, - 0x54870f1f582d67c9, - 0xf3f1a0ac4aceb56d, - 0x811361215ea4fd47, - 0x32cd6ee17d95bd00, - 0x725f9881049a9c52, - 0x5acb70be0613a307, - 0x11bb, - ])), - ]; - - #[inline(always)] - fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp { - use crate::fields::Field; - - let original = *fe; - let mut four_fe = fe.double(); - four_fe.double_in_place(); - let eight_fe = four_fe.double(); - eight_fe + &four_fe + &original - } -} diff --git a/algebra/src/fields/sw6/fq6.rs b/algebra/src/fields/sw6/fq6.rs deleted file mode 100644 index decf162f6..000000000 --- a/algebra/src/fields/sw6/fq6.rs +++ /dev/null @@ -1,114 +0,0 @@ -use crate::field_new; -use crate::{ - biginteger::BigInteger832 as BigInteger, - fields::{ - fp6_2over3::{Fp6, Fp6Parameters}, - sw6::{ - fq::{Fq, FQ_ZERO, FQ_ONE}, - fq3::{Fq3, Fq3Parameters}, - }, - }, -}; - -pub type Fq6 = Fp6; - -pub struct Fq6Parameters; - -impl Fp6Parameters for Fq6Parameters { - type Fp3Params = Fq3Parameters; - - const NONRESIDUE: Fq3 = field_new!(Fq3, FQ_ZERO, FQ_ONE, FQ_ZERO); - - const FROBENIUS_COEFF_FP6_C1: &'static [Fq] = &[ - field_new!(Fq, BigInteger([ - 0x9b4e60b420910c71, - 0xe068d7c83f284a6e, - 0x1f708acc7c452c43, - 0xeb2f6a66cca51856, - 0x9acf675f886e9fcd, - 0xb26885e567cc8082, - 0x75d05357183eb61f, - 0x24db4a09b5842a32, - 0x85e64cf9ba4b14ae, - 0xf311a6784358a588, - 0xe8d431c061aecb4a, - 0xd92c8b4aab19f288, - 0x21d3, - ])), - field_new!(Fq, BigInteger([ - 0x82e248051c9d1c4d, - 0x9364dbda272d0ed, - 0xfdcf25dede306877, - 0x53d06582e3fe7159, - 0xb431d48c27a7ce14, - 0x7741dd7a33040c05, - 0xca576276706c1de9, - 0x18cceab60052df9f, - 0x6f9ae1b18f011f6, - 0x25df1559c0ee6289, - 0x5b33ca416649679d, - 0x33f7fc08b12d9590, - 0x338f, - ])), - field_new!(Fq, BigInteger([ - 0xe793e750fc0c0fdc, - 0x28cd75f5634a867e, - 0xde5e9b1261eb3c33, - 0x68a0fb1c17595903, - 0x19626d2c9f392e46, - 0xc4d95794cb378b83, - 0x54870f1f582d67c9, - 0xf3f1a0ac4aceb56d, - 0x811361215ea4fd47, - 0x32cd6ee17d95bd00, - 0x725f9881049a9c52, - 0x5acb70be0613a307, - 0x11bb, - ])), - field_new!(Fq, BigInteger([ - 0x3f8019015b031e78, - 0x73f4adf92ed4f7dc, - 0xcea2d139e307fa73, - 0xb1000be3461ee9f5, - 0x8005cba5148fca6b, - 0xa03b75925fcf929d, - 0x35654371493da172, - 0x5e312883cb75ad59, - 0xe48bd6f4b7b72859, - 0xc94b70f331124a9d, - 0x84f67d2da39b18, - 0xeba59af100dea197, - 0x1674, - ])), - field_new!(Fq, BigInteger([ - 0x57ec31b05ef70e9c, - 0x4b273803cb8a715d, - 0xf0443627811cbe40, - 0x485f10c72ec590f1, - 0x66a35e7875569c25, - 0xdb621dfd9498071a, - 0xe0de3451f11039a8, - 0x6a3f87d780a6f7eb, - 0x637875d359122b11, - 0x967e0211b37c8d9d, - 0x8e255dfc2908fec6, - 0x90da2a32facafe8f, - 0x4b9, - ])), - field_new!(Fq, BigInteger([ - 0xf33a92647f881b0d, - 0x2b900fcc0ab2bbcb, - 0xfb4c0f3fd61ea84, - 0x338e7b2dfb6aa948, - 0x172c5d7fdc53bf3, - 0x8dcaa3e2fc64879d, - 0x56ae87a9094eefc8, - 0x8f1ad1e1362b221e, - 0xe95ec2cd135d3fbf, - 0x898fa889f6d53325, - 0x76f98fbc8ab7ca11, - 0x6a06b57da5e4f118, - 0x268d, - ])), - ]; -} diff --git a/algebra/src/fields/sw6/fr.rs b/algebra/src/fields/sw6/fr.rs deleted file mode 100644 index 55a87296c..000000000 --- a/algebra/src/fields/sw6/fr.rs +++ /dev/null @@ -1 +0,0 @@ -pub use crate::fields::bls12_377::fq::{Fq as Fr, FqParameters as FrParameters}; diff --git a/algebra/src/fields/sw6/mod.rs b/algebra/src/fields/sw6/mod.rs deleted file mode 100644 index 7bfd333df..000000000 --- a/algebra/src/fields/sw6/mod.rs +++ /dev/null @@ -1,14 +0,0 @@ -pub mod fr; -pub use self::fr::*; - -pub mod fq; -pub use self::fq::*; - -pub mod fq3; -pub use self::fq3::*; - -pub mod fq6; -pub use self::fq6::*; - -#[cfg(test)] -mod tests; diff --git a/algebra/src/fields/sw6/tests.rs b/algebra/src/fields/sw6/tests.rs deleted file mode 100644 index 39e5e45b3..000000000 --- a/algebra/src/fields/sw6/tests.rs +++ /dev/null @@ -1,47 +0,0 @@ -use crate::{ - fields::tests::{field_test, frobenius_test, primefield_test, sqrt_field_test}, - Field, -}; - -#[test] -fn test_sw6_fr() { - use crate::fields::sw6::Fr; - - let a: Fr = rand::random(); - let b: Fr = rand::random(); - field_test(a, b); - sqrt_field_test(a); - primefield_test::(); -} - -#[test] -fn test_sw6_fq() { - use crate::fields::sw6::Fq; - - let a: Fq = rand::random(); - let b: Fq = rand::random(); - field_test(a, b); - primefield_test::(); - sqrt_field_test(a); -} - -#[test] -fn test_sw6_fq3() { - use crate::fields::sw6::{Fq, Fq3}; - - let a: Fq3 = rand::random(); - let b: Fq3 = rand::random(); - field_test(a, b); - sqrt_field_test(a); - frobenius_test::(Fq::characteristic(), 13); -} - -#[test] -fn test_sw6_fq6() { - use crate::fields::sw6::{Fq, Fq6}; - - let a: Fq6 = rand::random(); - let b: Fq6 = rand::random(); - field_test(a, b); - frobenius_test::(Fq::characteristic(), 13); -} diff --git a/algebra/src/msm/variable_base.rs b/algebra/src/msm/variable_base.rs index ab1a7aaed..5b51097e4 100644 --- a/algebra/src/msm/variable_base.rs +++ b/algebra/src/msm/variable_base.rs @@ -229,11 +229,8 @@ impl VariableBaseMSM { mod test { use super::*; - use crate::curves::bn_382::G1Projective as Bn382G1Projective; - use crate::curves::bn_382::g::Projective as Bn382GProjective; use crate::curves::tweedle::dee::Projective as TweedleDee; use crate::curves::tweedle::dum::Projective as TweedleDum; - use crate::curves::bls12_381::G1Projective as BlsG1Projective; use rand::{SeedableRng, Rng}; use rand_xorshift::XorShiftRng; @@ -283,21 +280,4 @@ mod test { test_all_variants::(1 << 12, 16, rng); test_all_variants::(1 << 12, 16, rng); } - - #[cfg(feature = "bn_382")] - #[test] - fn test_all_variants_bn382() { - let rng = &mut XorShiftRng::seed_from_u64(234872845u64); - - test_all_variants::(1 << 12, 16, rng); - test_all_variants::(1 << 12, 16, rng); - } - - #[cfg(feature = "bls12_381")] - #[test] - fn test_all_variants_bls() { - let rng = &mut XorShiftRng::seed_from_u64(234872845u64); - - test_all_variants::(1 << 12, 16, rng); - } } \ No newline at end of file From a558c293149ca054ba081791880ad24fd01c043b Mon Sep 17 00:00:00 2001 From: Phoinic Date: Tue, 16 Nov 2021 09:29:16 +0200 Subject: [PATCH 20/79] Reformat code --- algebra/algebra-derive/src/lib.rs | 16 +- algebra/benches/criterion_fft/fft_tweedle.rs | 31 +- .../criterion_msm/variable_msm_tweedle.rs | 91 +- algebra/benches/curve_and_field_benches.rs | 2 +- algebra/benches/curves/tweedle.rs | 11 +- algebra/benches/fft/mod.rs | 26 +- algebra/benches/macros/utils.rs | 2 - algebra/build.rs | 2 +- algebra/src/biginteger/mod.rs | 14 +- algebra/src/biginteger/tests.rs | 2 +- algebra/src/bits.rs | 12 +- algebra/src/bytes.rs | 14 +- algebra/src/curves/mod.rs | 56 +- algebra/src/curves/models/mod.rs | 7 +- .../models/short_weierstrass_jacobian.rs | 167 +- .../models/short_weierstrass_projective.rs | 172 +- .../models/twisted_edwards_extended/mod.rs | 98 +- .../models/twisted_edwards_extended/tests.rs | 12 +- algebra/src/curves/tests.rs | 16 +- algebra/src/curves/tweedle/dee.rs | 4 +- algebra/src/curves/tweedle/dum.rs | 7 +- algebra/src/curves/tweedle/tests.rs | 73 +- .../src/fft/domain/basic_radix_2_domain.rs | 90 +- algebra/src/fft/domain/domain_selector.rs | 24 +- .../src/fft/domain/mixed_radix_2_domain.rs | 213 +- algebra/src/fft/domain/mod.rs | 72 +- algebra/src/fft/domain/test.rs | 26 +- algebra/src/fft/evaluations.rs | 72 +- algebra/src/fft/mod.rs | 4 +- algebra/src/fft/multicore.rs | 2 +- algebra/src/fft/polynomial/dense.rs | 52 +- algebra/src/fft/polynomial/mod.rs | 16 +- algebra/src/fft/polynomial/sparse.rs | 10 +- algebra/src/fields/arithmetic.rs | 8 +- algebra/src/fields/macros.rs | 7 +- algebra/src/fields/mod.rs | 50 +- algebra/src/fields/models/cubic_extension.rs | 78 +- algebra/src/fields/models/fp12_2over3over2.rs | 2 +- algebra/src/fields/models/fp2.rs | 6 +- algebra/src/fields/models/fp3.rs | 2 +- algebra/src/fields/models/fp4.rs | 39 +- algebra/src/fields/models/fp6_2over3.rs | 27 +- algebra/src/fields/models/fp6_3over2.rs | 2 +- algebra/src/fields/models/mod.rs | 17 +- .../src/fields/models/quadratic_extension.rs | 85 +- algebra/src/fields/tests.rs | 9 +- algebra/src/fields/tweedle/fq.rs | 2 +- algebra/src/fields/tweedle/fr.rs | 10 +- algebra/src/fields/tweedle/tests.rs | 20 +- algebra/src/groups/mod.rs | 8 +- algebra/src/groups/tests.rs | 5 +- algebra/src/msm/fixed_base.rs | 9 +- algebra/src/msm/variable_base.rs | 195 +- algebra/src/rand.rs | 7 +- algebra/src/serialize/error.rs | 2 +- algebra/src/serialize/flags.rs | 2 +- algebra/src/serialize/mod.rs | 122 +- algebra/src/to_field_vec.rs | 36 +- algebra/src/validity.rs | 2 +- bench-utils/src/lib.rs | 35 +- primitives/benches/crypto_primitives/ecvrf.rs | 18 +- .../benches/crypto_primitives/poseidon_crh.rs | 32 +- .../benches/crypto_primitives/poseidon_mht.rs | 372 +- .../benches/crypto_primitives/signature.rs | 18 +- .../src/commitment/injective_map/mod.rs | 4 +- primitives/src/commitment/mod.rs | 15 +- primitives/src/commitment/pedersen/mod.rs | 28 +- primitives/src/crh/bowe_hopwood/mod.rs | 57 +- primitives/src/crh/injective_map/mod.rs | 18 +- primitives/src/crh/mod.rs | 141 +- primitives/src/crh/pedersen/mod.rs | 42 +- primitives/src/crh/poseidon/batched_crh.rs | 284 +- primitives/src/crh/poseidon/mod.rs | 1942 ++++++-- .../src/crh/poseidon/parameters/bn382.rs | 2448 +++++++++- .../src/crh/poseidon/parameters/bn382_dual.rs | 2455 +++++++++- .../src/crh/poseidon/parameters/mnt4753.rs | 4249 ++++++++++++++++- .../src/crh/poseidon/parameters/mnt6753.rs | 4242 +++++++++++++++- primitives/src/crh/poseidon/parameters/mod.rs | 2 +- .../crh/poseidon/parameters/tweedle_dee.rs | 2043 +++++++- .../crh/poseidon/parameters/tweedle_dum.rs | 2062 +++++++- primitives/src/crh/poseidon/sbox.rs | 5 +- primitives/src/crh/sbox.rs | 13 +- primitives/src/lib.rs | 19 +- .../src/merkle_tree/field_based_mht/mod.rs | 66 +- .../merkle_tree/field_based_mht/naive/mod.rs | 145 +- .../field_based_mht/optimized/mod.rs | 274 +- .../field_based_mht/parameters/bn382.rs | 436 +- .../field_based_mht/parameters/bn382_dual.rs | 436 +- .../field_based_mht/parameters/mnt4753.rs | 619 ++- .../field_based_mht/parameters/mnt6753.rs | 616 ++- .../field_based_mht/parameters/mod.rs | 21 +- .../field_based_mht/parameters/tweedle_dee.rs | 379 +- .../field_based_mht/parameters/tweedle_dum.rs | 378 +- .../src/merkle_tree/field_based_mht/path.rs | 80 +- primitives/src/merkle_tree/mod.rs | 119 +- primitives/src/prf/mod.rs | 2 +- primitives/src/signature/mod.rs | 69 +- .../signature/schnorr/field_based_schnorr.rs | 223 +- primitives/src/signature/schnorr/mod.rs | 27 +- primitives/src/vrf/ecvrf/mod.rs | 289 +- primitives/src/vrf/mod.rs | 72 +- proof-systems/src/darlin/accumulators/dlog.rs | 562 ++- proof-systems/src/darlin/accumulators/mod.rs | 23 +- .../src/darlin/benches/accumulate_verify.rs | 136 +- .../src/darlin/benches/batch_verification.rs | 70 +- .../benches/batch_verification_detailed.rs | 225 +- proof-systems/src/darlin/data_structures.rs | 105 +- proof-systems/src/darlin/error.rs | 6 +- proof-systems/src/darlin/mod.rs | 230 +- proof-systems/src/darlin/pcd/error.rs | 14 +- proof-systems/src/darlin/pcd/final_darlin.rs | 115 +- proof-systems/src/darlin/pcd/mod.rs | 149 +- proof-systems/src/darlin/pcd/simple_marlin.rs | 118 +- proof-systems/src/darlin/proof_aggregator.rs | 203 +- .../src/darlin/tests/final_darlin.rs | 203 +- proof-systems/src/darlin/tests/mod.rs | 385 +- .../src/darlin/tests/simple_marlin.rs | 72 +- .../examples/recursive-snark/constraints.rs | 28 +- .../src/gm17/examples/recursive-snark/gm17.rs | 7 +- .../examples/snark-scalability/constraints.rs | 7 +- proof-systems/src/gm17/generator.rs | 44 +- proof-systems/src/gm17/mod.rs | 62 +- proof-systems/src/gm17/prover.rs | 42 +- proof-systems/src/gm17/r1cs_to_sap.rs | 4 +- proof-systems/src/gm17/test.rs | 12 +- proof-systems/src/gm17/verifier.rs | 22 +- .../benches/bn382_gro16_test_circuits.rs | 240 +- .../src/groth16/benches/gro16_bench.rs | 114 +- .../examples/recursive-snark/constraints.rs | 46 +- .../examples/recursive-snark/groth16.rs | 7 +- .../examples/snark-scalability/constraints.rs | 2 +- proof-systems/src/groth16/generator.rs | 85 +- proof-systems/src/groth16/mod.rs | 456 +- proof-systems/src/groth16/prover.rs | 25 +- proof-systems/src/groth16/r1cs_to_qap.rs | 93 +- proof-systems/src/groth16/test.rs | 26 +- proof-systems/src/groth16/verifier.rs | 10 +- proof-systems/src/lib.rs | 2 +- r1cs/core/src/constraint_system.rs | 118 +- r1cs/core/src/error.rs | 14 +- r1cs/core/src/impl_constraint_var.rs | 4 +- r1cs/core/src/impl_lc.rs | 6 +- r1cs/core/src/lib.rs | 9 +- .../crypto/src/commitment/blake2s/mod.rs | 28 +- .../src/commitment/injective_map/mod.rs | 6 +- r1cs/gadgets/crypto/src/commitment/mod.rs | 2 +- .../crypto/src/commitment/pedersen/mod.rs | 54 +- .../crypto/src/crh/bowe_hopwood/mod.rs | 57 +- .../crypto/src/crh/injective_map/mod.rs | 6 +- r1cs/gadgets/crypto/src/crh/mod.rs | 46 +- r1cs/gadgets/crypto/src/crh/pedersen/mod.rs | 36 +- r1cs/gadgets/crypto/src/crh/poseidon/bn382.rs | 17 +- .../crypto/src/crh/poseidon/mnt4753.rs | 11 +- .../crypto/src/crh/poseidon/mnt6753.rs | 11 +- r1cs/gadgets/crypto/src/crh/poseidon/mod.rs | 169 +- .../crypto/src/crh/poseidon/tweedle.rs | 13 +- r1cs/gadgets/crypto/src/crh/sbox.rs | 44 +- r1cs/gadgets/crypto/src/lib.rs | 2 +- .../src/merkle_tree/field_based_mht/mod.rs | 386 +- r1cs/gadgets/crypto/src/merkle_tree/mod.rs | 116 +- r1cs/gadgets/crypto/src/nizk/gm17/mod.rs | 153 +- r1cs/gadgets/crypto/src/nizk/groth16/mod.rs | 309 +- r1cs/gadgets/crypto/src/nizk/mod.rs | 17 +- r1cs/gadgets/crypto/src/prf/blake2s/mod.rs | 18 +- r1cs/gadgets/crypto/src/signature/mod.rs | 46 +- .../signature/schnorr/field_based_schnorr.rs | 582 ++- .../crypto/src/signature/schnorr/mod.rs | 100 +- r1cs/gadgets/crypto/src/vrf/ecvrf/mod.rs | 647 +-- r1cs/gadgets/crypto/src/vrf/mod.rs | 25 +- r1cs/gadgets/std/src/alloc.rs | 27 +- r1cs/gadgets/std/src/bits/boolean.rs | 585 +-- r1cs/gadgets/std/src/bits/mod.rs | 7 +- r1cs/gadgets/std/src/bits/uint32.rs | 62 +- r1cs/gadgets/std/src/bits/uint64.rs | 87 +- r1cs/gadgets/std/src/bits/uint8.rs | 73 +- r1cs/gadgets/std/src/eq.rs | 52 +- .../gadgets/std/src/fields/cubic_extension.rs | 228 +- r1cs/gadgets/std/src/fields/fp.rs | 120 +- r1cs/gadgets/std/src/fields/fp12.rs | 67 +- r1cs/gadgets/std/src/fields/fp2.rs | 21 +- r1cs/gadgets/std/src/fields/fp3.rs | 27 +- r1cs/gadgets/std/src/fields/fp4.rs | 76 +- r1cs/gadgets/std/src/fields/fp6_2over3.rs | 78 +- r1cs/gadgets/std/src/fields/fp6_3over2.rs | 39 +- r1cs/gadgets/std/src/fields/mod.rs | 184 +- .../std/src/fields/quadratic_extension.rs | 133 +- .../curves/short_weierstrass/bls12/mod.rs | 9 +- .../groups/curves/short_weierstrass/bn/mod.rs | 19 +- .../curves/short_weierstrass/mnt/mnt4/mod.rs | 223 +- .../curves/short_weierstrass/mnt/mnt6/mod.rs | 228 +- .../curves/short_weierstrass/mnt/mod.rs | 2 +- .../groups/curves/short_weierstrass/mod.rs | 2 +- .../short_weierstrass_jacobian.rs | 466 +- .../short_weierstrass_projective.rs | 473 +- .../src/groups/curves/twisted_edwards/mod.rs | 419 +- r1cs/gadgets/std/src/groups/mod.rs | 29 +- .../std/src/instantiated/bls12_377/curves.rs | 8 +- .../std/src/instantiated/bls12_377/pairing.rs | 3 +- .../std/src/instantiated/bn_382/curves.rs | 8 +- .../std/src/instantiated/bn_382/g/curves.rs | 15 +- .../std/src/instantiated/bn_382/mod.rs | 2 +- .../src/instantiated/edwards_bls12/curves.rs | 5 +- .../src/instantiated/edwards_bls12/fields.rs | 2 +- .../src/instantiated/edwards_sw6/curves.rs | 5 +- .../std/src/instantiated/jubjub/curves.rs | 5 +- .../std/src/instantiated/mnt4_753/curves.rs | 8 +- .../std/src/instantiated/mnt6_753/curves.rs | 8 +- .../std/src/instantiated/tweedle/curves.rs | 21 +- .../std/src/instantiated/tweedle/fields.rs | 4 +- .../std/src/instantiated/tweedle/mod.rs | 2 +- r1cs/gadgets/std/src/lib.rs | 9 +- r1cs/gadgets/std/src/pairing/bls12/mod.rs | 19 +- r1cs/gadgets/std/src/pairing/bn/mod.rs | 46 +- r1cs/gadgets/std/src/pairing/mnt4/mod.rs | 81 +- r1cs/gadgets/std/src/pairing/mnt6/mod.rs | 82 +- r1cs/gadgets/std/src/pairing/mod.rs | 14 +- r1cs/gadgets/std/src/select.rs | 10 +- .../gadgets/std/src/test_constraint_system.rs | 14 +- r1cs/gadgets/std/src/to_field_gadget_vec.rs | 88 +- 219 files changed, 28970 insertions(+), 9190 deletions(-) diff --git a/algebra/algebra-derive/src/lib.rs b/algebra/algebra-derive/src/lib.rs index de0893290..9f0a483ec 100644 --- a/algebra/algebra-derive/src/lib.rs +++ b/algebra/algebra-derive/src/lib.rs @@ -154,7 +154,8 @@ fn impl_deserialize_field(ty: &Type) -> (TokenStream, TokenStream, TokenStream, let mut uncompressed_fields = Vec::new(); let mut uncompressed_unchecked_fields = Vec::new(); for elem_ty in tuple.elems.iter() { - let (compressed, unchecked, uncompressed, uncompressed_unchecked) = impl_deserialize_field(elem_ty); + let (compressed, unchecked, uncompressed, uncompressed_unchecked) = + impl_deserialize_field(elem_ty); compressed_fields.push(compressed); unchecked_fields.push(unchecked); uncompressed_fields.push(uncompressed); @@ -206,12 +207,17 @@ fn impl_canonical_deserialize(ast: &syn::DeriveInput) -> TokenStream { } // struct field without len_type Some(ident) => { - let (compressed_field, unchecked_field, uncompressed_field, uncompressed_unchecked_field) = - impl_deserialize_field(&field.ty); + let ( + compressed_field, + unchecked_field, + uncompressed_field, + uncompressed_unchecked_field, + ) = impl_deserialize_field(&field.ty); compressed_field_cases.push(quote! { #ident: #compressed_field }); unchecked_field_cases.push(quote! { #ident: #unchecked_field }); uncompressed_field_cases.push(quote! { #ident: #uncompressed_field }); - uncompressed_unchecked_field_cases.push(quote! { #ident: #uncompressed_unchecked_field }); + uncompressed_unchecked_field_cases + .push(quote! { #ident: #uncompressed_unchecked_field }); } } } @@ -287,4 +293,4 @@ fn impl_canonical_deserialize(ast: &syn::DeriveInput) -> TokenStream { } }; gen -} \ No newline at end of file +} diff --git a/algebra/benches/criterion_fft/fft_tweedle.rs b/algebra/benches/criterion_fft/fft_tweedle.rs index 4110cc132..6e58ac194 100644 --- a/algebra/benches/criterion_fft/fft_tweedle.rs +++ b/algebra/benches/criterion_fft/fft_tweedle.rs @@ -4,11 +4,10 @@ extern crate criterion; #[macro_use] extern crate bench_utils; -use algebra::{ - fields::tweedle::Fr, - PrimeField, UniformRand, +use algebra::fft::{ + get_best_evaluation_domain, BasicRadix2Domain, DensePolynomial, EvaluationDomain, }; -use algebra::fft::{DensePolynomial, EvaluationDomain, BasicRadix2Domain, get_best_evaluation_domain}; +use algebra::{fields::tweedle::Fr, PrimeField, UniformRand}; use rand; use std::{ @@ -21,25 +20,25 @@ use criterion::{BatchSize, BenchmarkId, Criterion}; const DATA_PATH: &'static str = "./coeffs_tweedle"; fn save_data(num_coeffs: usize) { - let mut fs = File::create(DATA_PATH).unwrap(); let rng = &mut rand::thread_rng(); for _ in 0..num_coeffs { - let elem:F = UniformRand::rand(rng); + let elem: F = UniformRand::rand(rng); match elem.write(&mut fs) { - Ok(_) => {}, - Err(msg) => { panic!("Cannot save coeffs to file: {}", msg)} + Ok(_) => {} + Err(msg) => { + panic!("Cannot save coeffs to file: {}", msg) + } } } } fn load_data(samples: usize) -> Vec { - if !Path::new(DATA_PATH).exists() { save_data::(1 << 23); } - + let mut fs = File::open(DATA_PATH).unwrap(); let mut a: Vec = Vec::with_capacity(samples); @@ -83,9 +82,7 @@ fn bench_ffts>( ) ); - domain.fft( - &mut a.as_slice(), - ); + domain.fft(&mut a.as_slice()); add_to_trace!( || format!("****************{}*******************", domain_size), @@ -150,9 +147,7 @@ fn bench_iffts>( ) ); - domain.ifft( - &mut a, - ); + domain.ifft(&mut a); add_to_trace!( || format!("****************{}*******************", domain_size), @@ -305,9 +300,7 @@ fn bench_dense_poly_div_by_vanishing_poly> ) ); - let _ans1 = p.divide_by_vanishing_poly( - &domain.clone(), - ); + let _ans1 = p.divide_by_vanishing_poly(&domain.clone()); add_to_trace!( || format!("****************{}*******************", num_coeffs), diff --git a/algebra/benches/criterion_msm/variable_msm_tweedle.rs b/algebra/benches/criterion_msm/variable_msm_tweedle.rs index 6d4256547..217a10896 100644 --- a/algebra/benches/criterion_msm/variable_msm_tweedle.rs +++ b/algebra/benches/criterion_msm/variable_msm_tweedle.rs @@ -4,17 +4,17 @@ extern crate criterion; #[macro_use] extern crate bench_utils; -use criterion::{BenchmarkId, Criterion, BatchSize}; +use criterion::{BatchSize, BenchmarkId, Criterion}; +use algebra::msm::VariableBaseMSM; use algebra::{ - curves::tweedle::dee::{Projective as G1Projective, Affine as G1Affine}, - BigInteger256, UniformRand, ProjectiveCurve, FromBytes, ToBytes + curves::tweedle::dee::{Affine as G1Affine, Projective as G1Projective}, + BigInteger256, FromBytes, ProjectiveCurve, ToBytes, UniformRand, }; -use algebra::msm::VariableBaseMSM; -use std::time::{SystemTime, UNIX_EPOCH}; use std::fs::File; use std::path::Path; +use std::time::{SystemTime, UNIX_EPOCH}; const DATA_PATH: &'static str = "./msm_bases_tweedle"; @@ -24,21 +24,24 @@ fn save_data(samples: usize) { let mut fs = File::create(DATA_PATH).unwrap(); for _ in 0..samples { - let elem1:BigInteger256 = BigInteger256::rand(rng); - let elem2:G1Affine = G1Projective::rand(rng).into_affine(); + let elem1: BigInteger256 = BigInteger256::rand(rng); + let elem2: G1Affine = G1Projective::rand(rng).into_affine(); match elem1.write(&mut fs) { - Ok(_) => {}, - Err(msg) => { panic!("Cannot save coeffs to file: {}", msg)} + Ok(_) => {} + Err(msg) => { + panic!("Cannot save coeffs to file: {}", msg) + } } match elem2.write(&mut fs) { - Ok(_) => {}, - Err(msg) => { panic!("Cannot save coeffs to file: {}", msg)} + Ok(_) => {} + Err(msg) => { + panic!("Cannot save coeffs to file: {}", msg) + } } } } -fn load_data(samples: usize) -> (Vec,Vec) { - +fn load_data(samples: usize) -> (Vec, Vec) { if !Path::new(DATA_PATH).exists() { save_data(1 << 23); } @@ -54,33 +57,52 @@ fn load_data(samples: usize) -> (Vec,Vec) { g.push(elem2); } - (v, g) + (v, g) } fn variable_msm(c: &mut Criterion) { - - let mut group = c.benchmark_group("variable_base_msm_affine-tweedle-variable number of bases = number of scalars"); + let mut group = c.benchmark_group( + "variable_base_msm_affine-tweedle-variable number of bases = number of scalars", + ); let samples = (14..=23).map(|i| 2usize.pow(i)).collect::>(); for &samples in samples.iter() { - group.bench_with_input(BenchmarkId::from_parameter(samples), &samples, |b, _samples| { - b.iter_batched(|| { - let (v, g) = load_data(samples); - (v, g) + group.bench_with_input( + BenchmarkId::from_parameter(samples), + &samples, + |b, _samples| { + b.iter_batched( + || { + let (v, g) = load_data(samples); + (v, g) + }, + |(v, g)| { + add_to_trace!( + || format!("****************{}*******************", samples), + || format!( + "--->START TIMESTAMP: {:?}", + SystemTime::now() + .duration_since(UNIX_EPOCH) + .unwrap() + .as_secs() + ) + ); + VariableBaseMSM::multi_scalar_mul(g.as_slice(), v.as_slice()).unwrap(); + add_to_trace!( + || format!("****************{}*******************", samples), + || format!( + "--->END TIMESTAMP: {:?}", + SystemTime::now() + .duration_since(UNIX_EPOCH) + .unwrap() + .as_secs() + ) + ); + }, + BatchSize::PerIteration, + ); }, - |(v, g)| { - add_to_trace!( - || format!("****************{}*******************", samples), - || format!("--->START TIMESTAMP: {:?}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) ); - VariableBaseMSM::multi_scalar_mul(g.as_slice(), v.as_slice()).unwrap(); - add_to_trace!( - || format!("****************{}*******************", samples), - || format!("--->END TIMESTAMP: {:?}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) - ); - }, - BatchSize::PerIteration); - }); } } @@ -90,7 +112,4 @@ criterion_group! { targets = variable_msm, } -criterion_main! ( - variable_msm_eval_tweedle -); - +criterion_main!(variable_msm_eval_tweedle); diff --git a/algebra/benches/curve_and_field_benches.rs b/algebra/benches/curve_and_field_benches.rs index 72fe57577..119974360 100644 --- a/algebra/benches/curve_and_field_benches.rs +++ b/algebra/benches/curve_and_field_benches.rs @@ -12,4 +12,4 @@ pub mod macros; mod curves; #[cfg(all(nightly, test, feature = "fft"))] -mod fft; \ No newline at end of file +mod fft; diff --git a/algebra/benches/curves/tweedle.rs b/algebra/benches/curves/tweedle.rs index a06c8e85b..cc7aa6559 100644 --- a/algebra/benches/curves/tweedle.rs +++ b/algebra/benches/curves/tweedle.rs @@ -4,14 +4,17 @@ use std::ops::{AddAssign, MulAssign, SubAssign}; use algebra::{ biginteger::{BigInteger256 as FrRepr, BigInteger256 as FqRepr}, - fields::tweedle::{ - fq::Fq, fr::Fr, - }, + fields::tweedle::{fq::Fq, fr::Fr}, // curves::tweedle::{ // G1Affine, G1Projective as G1, // G2Affine, G2Projective as G2, // }, - BigInteger, Field, PrimeField, ProjectiveCurve, SquareRootField, UniformRand, + BigInteger, + Field, + PrimeField, + ProjectiveCurve, + SquareRootField, + UniformRand, }; // ec_bench!(); diff --git a/algebra/benches/fft/mod.rs b/algebra/benches/fft/mod.rs index f3a59ba83..1383bf51d 100644 --- a/algebra/benches/fft/mod.rs +++ b/algebra/benches/fft/mod.rs @@ -1,8 +1,4 @@ -use algebra::{ - fields::tweedle::Fr, - fft::get_best_evaluation_domain, - UniformRand, -}; +use algebra::{fft::get_best_evaluation_domain, fields::tweedle::Fr, UniformRand}; use rand::SeedableRng; use rand_xorshift::XorShiftRng; @@ -23,7 +19,8 @@ fn bench_basic_domain_fft(b: &mut ::test::Bencher) { v.push(Fr::rand(&mut rng)); } v - }).collect(); + }) + .collect(); let v_b: Vec> = (0..SAMPLES) .map(|_| { @@ -32,7 +29,8 @@ fn bench_basic_domain_fft(b: &mut ::test::Bencher) { v.push(Fr::rand(&mut rng)); } v - }).collect(); + }) + .collect(); let v_c: Vec> = (0..SAMPLES) .map(|_| { @@ -41,7 +39,8 @@ fn bench_basic_domain_fft(b: &mut ::test::Bencher) { v.push(Fr::rand(&mut rng)); } v - }).collect(); + }) + .collect(); let mut count = 0; b.iter(|| { @@ -80,7 +79,8 @@ fn bench_mixed_domain_fft(b: &mut ::test::Bencher) { v.push(Fr::rand(&mut rng)); } v - }).collect(); + }) + .collect(); let v_b: Vec> = (0..SAMPLES) .map(|_| { @@ -89,7 +89,8 @@ fn bench_mixed_domain_fft(b: &mut ::test::Bencher) { v.push(Fr::rand(&mut rng)); } v - }).collect(); + }) + .collect(); let v_c: Vec> = (0..SAMPLES) .map(|_| { @@ -98,7 +99,8 @@ fn bench_mixed_domain_fft(b: &mut ::test::Bencher) { v.push(Fr::rand(&mut rng)); } v - }).collect(); + }) + .collect(); let mut count = 0; b.iter(|| { @@ -118,4 +120,4 @@ fn bench_mixed_domain_fft(b: &mut ::test::Bencher) { domain.divide_by_vanishing_poly_on_coset_in_place(&mut ab); domain.coset_ifft_in_place(&mut ab); }); -} \ No newline at end of file +} diff --git a/algebra/benches/macros/utils.rs b/algebra/benches/macros/utils.rs index 35db7c333..4d014f8f3 100644 --- a/algebra/benches/macros/utils.rs +++ b/algebra/benches/macros/utils.rs @@ -1,6 +1,5 @@ macro_rules! n_fold { ($tmp:ident, $v:ident, $func:ident, $count:ident) => { - #[cfg(not(feature = "n_fold"))] $tmp.$func(&$v[$count].1); #[cfg(feature = "n_fold")] @@ -10,7 +9,6 @@ macro_rules! n_fold { }; ($tmp:ident, $func:ident) => { - #[cfg(not(feature = "n_fold"))] $tmp.$func(); #[cfg(feature = "n_fold")] diff --git a/algebra/build.rs b/algebra/build.rs index 556b7dc79..ab3ef68a9 100644 --- a/algebra/build.rs +++ b/algebra/build.rs @@ -30,4 +30,4 @@ fn main() { fs::write(&dest_path, generate_macro_string(NUM_LIMBS)).unwrap(); println!("cargo:rustc-cfg=use_asm"); } -} \ No newline at end of file +} diff --git a/algebra/src/biginteger/mod.rs b/algebra/src/biginteger/mod.rs index d85978a3c..df20e9979 100644 --- a/algebra/src/biginteger/mod.rs +++ b/algebra/src/biginteger/mod.rs @@ -1,13 +1,17 @@ use crate::{ - bytes::{FromBytes, ToBytes}, fields::BitIterator, - UniformRand, CanonicalSerialize, CanonicalDeserialize, SerializationError + bytes::{FromBytes, ToBytes}, + fields::BitIterator, + CanonicalDeserialize, CanonicalSerialize, SerializationError, UniformRand, }; -use rand::{Rng, distributions::{Distribution, Standard}}; +use rand::{ + distributions::{Distribution, Standard}, + Rng, +}; +use serde::{Deserialize, Serialize}; use std::{ fmt::{Debug, Display}, io::{Read, Result as IoResult, Write}, }; -use serde::{Serialize, Deserialize}; #[macro_use] mod macros; @@ -29,7 +33,7 @@ pub trait BigInteger: ToBytes + FromBytes + Serialize - + for <'a> Deserialize<'a> + + for<'a> Deserialize<'a> + CanonicalSerialize + CanonicalDeserialize + Copy diff --git a/algebra/src/biginteger/tests.rs b/algebra/src/biginteger/tests.rs index 364e29ad4..36d694594 100644 --- a/algebra/src/biginteger/tests.rs +++ b/algebra/src/biginteger/tests.rs @@ -1,6 +1,6 @@ use crate::biginteger::BigInteger; -use rand::SeedableRng; use crate::UniformRand; +use rand::SeedableRng; use rand_xorshift::XorShiftRng; fn biginteger_arithmetic_test(a: B, b: B, zero: B) { diff --git a/algebra/src/bits.rs b/algebra/src/bits.rs index 5a3fd117f..19cd9cc7f 100644 --- a/algebra/src/bits.rs +++ b/algebra/src/bits.rs @@ -15,7 +15,7 @@ pub trait ToCompressedBits { fn compress(&self) -> Vec; } -pub trait FromCompressedBits: Sized { +pub trait FromCompressedBits: Sized { fn decompress(compressed: Vec) -> Result; } @@ -34,9 +34,13 @@ impl std::fmt::Display for BitSerializationError { let msg = match self { BitSerializationError::InvalidFieldElement(s) => s.to_owned(), BitSerializationError::UndefinedSqrt => "square root doesn't exist in field".to_owned(), - BitSerializationError::NotPrimeOrder => "point is not in the prime order subgroup".to_owned(), + BitSerializationError::NotPrimeOrder => { + "point is not in the prime order subgroup".to_owned() + } BitSerializationError::NotOnCurve => "point is not on curve".to_owned(), - BitSerializationError::NotInCorrectSubgroup => "point is not in the correct subgroup".to_owned(), + BitSerializationError::NotInCorrectSubgroup => { + "point is not in the correct subgroup".to_owned() + } BitSerializationError::InvalidFlags => "illegal flags combination".to_owned(), }; write!(f, "{}", msg) @@ -48,4 +52,4 @@ impl std::error::Error for BitSerializationError { fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None } -} \ No newline at end of file +} diff --git a/algebra/src/bytes.rs b/algebra/src/bytes.rs index 095d3affe..f6ddd6302 100644 --- a/algebra/src/bytes.rs +++ b/algebra/src/bytes.rs @@ -1,6 +1,6 @@ -use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt}; -use std::io::{Read, Result as IoResult, Write, Error as IoError, ErrorKind}; use crate::SemanticallyValid; +use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt}; +use std::io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}; pub trait ToBytes { /// Serializes `self` into `writer`. @@ -8,24 +8,24 @@ pub trait ToBytes { } pub trait FromBytes: Sized { - /// Reads `Self` from `reader`. fn read(reader: R) -> IoResult; } pub trait FromBytesChecked: Sized + FromBytes + SemanticallyValid { - /// If `Self` implements `SemanticallyValid` trait, may be more efficient to /// perform semantic checks while deserializing, in order to return immediately /// in case of errors. The function passes if and only if `reader` represents /// a valid serialization of `Self`, and a semantically valid instance of `Self`. - fn read_checked(reader: R) -> IoResult - { + fn read_checked(reader: R) -> IoResult { let read = Self::read(reader)?; if read.is_valid() { Ok(read) } else { - Err(IoError::new(ErrorKind::InvalidData, "Semantic checks failed")) + Err(IoError::new( + ErrorKind::InvalidData, + "Semantic checks failed", + )) } } } diff --git a/algebra/src/curves/mod.rs b/algebra/src/curves/mod.rs index 894cbb9cc..54c3bf465 100644 --- a/algebra/src/curves/mod.rs +++ b/algebra/src/curves/mod.rs @@ -1,17 +1,17 @@ +use crate::UniformRand; use crate::{ - Error, + bits::{FromCompressedBits, ToCompressedBits}, bytes::{FromBytes, ToBytes}, fields::{Field, PrimeField, SquareRootField}, - groups::Group, SemanticallyValid, FromBytesChecked, bits::{FromCompressedBits, ToCompressedBits}, - CanonicalSerialize, CanonicalDeserialize + groups::Group, + CanonicalDeserialize, CanonicalSerialize, Error, FromBytesChecked, SemanticallyValid, }; -use crate::UniformRand; +use serde::{Deserialize, Serialize}; use std::{ fmt::{Debug, Display}, hash::Hash, ops::{Add, AddAssign, Neg, Sub, SubAssign}, }; -use serde::{Serialize, Deserialize}; pub mod models; @@ -39,8 +39,16 @@ pub trait PairingEngine: Sized + 'static + Copy + Debug + Sync + Send + Eq + Par + Into; /// A G1 element that has been preprocessed for use in a pairing. - type G1Prepared: ToBytes + FromBytes + Serialize + for<'a> Deserialize<'a> + Default + Clone + - Send + Sync + Debug + From; + type G1Prepared: ToBytes + + FromBytes + + Serialize + + for<'a> Deserialize<'a> + + Default + + Clone + + Send + + Sync + + Debug + + From; /// The projective representation of an element in G2. type G2Projective: ProjectiveCurve @@ -54,8 +62,18 @@ pub trait PairingEngine: Sized + 'static + Copy + Debug + Sync + Send + Eq + Par + Into; /// A G2 element that has been preprocessed for use in a pairing. - type G2Prepared: ToBytes + FromBytes + Serialize + for<'a> Deserialize<'a> + Default + Eq + - PartialEq + Clone + Send + Sync + Debug + From; + type G2Prepared: ToBytes + + FromBytes + + Serialize + + for<'a> Deserialize<'a> + + Default + + Eq + + PartialEq + + Clone + + Send + + Sync + + Debug + + From; /// The base field that hosts G1. type Fq: PrimeField + SquareRootField; @@ -69,8 +87,8 @@ pub trait PairingEngine: Sized + 'static + Copy + Debug + Sync + Send + Eq + Par /// Perform a miller loop with some number of (G1, G2) pairs. #[must_use] fn miller_loop<'a, I>(i: I) -> Result - where - I: IntoIterator; + where + I: IntoIterator; /// Perform final exponentiation of the result of a miller loop. #[must_use] @@ -79,8 +97,8 @@ pub trait PairingEngine: Sized + 'static + Copy + Debug + Sync + Send + Eq + Par /// Computes a product of pairings. #[must_use] fn product_of_pairings<'a, I>(i: I) -> Result - where - I: IntoIterator, + where + I: IntoIterator, { Self::final_exponentiation(&Self::miller_loop(i)?) } @@ -88,9 +106,9 @@ pub trait PairingEngine: Sized + 'static + Copy + Debug + Sync + Send + Eq + Par /// Performs multiple pairing operations #[must_use] fn pairing(p: G1, q: G2) -> Result - where - G1: Into, - G2: Into, + where + G1: Into, + G2: Into, { let g1_prep = Self::G1Prepared::from(p.into()); let g2_prep = Self::G2Prepared::from(q.into()); @@ -106,7 +124,7 @@ pub trait ProjectiveCurve: + ToBytes + FromBytes + Serialize - + for <'a> Deserialize<'a> + + for<'a> Deserialize<'a> + CanonicalSerialize + CanonicalDeserialize + SemanticallyValid @@ -202,7 +220,7 @@ pub trait AffineCurve: + ToBytes + FromBytes + Serialize - + for <'a> Deserialize<'a> + + for<'a> Deserialize<'a> + CanonicalSerialize + CanonicalDeserialize + SemanticallyValid @@ -306,4 +324,4 @@ pub fn prepare_g1(g: impl Into) -> E::G1Prepared pub fn prepare_g2(g: impl Into) -> E::G2Prepared { let g: E::G2Affine = g.into(); E::G2Prepared::from(g) -} \ No newline at end of file +} diff --git a/algebra/src/curves/models/mod.rs b/algebra/src/curves/models/mod.rs index 750e42210..fb2996471 100644 --- a/algebra/src/curves/models/mod.rs +++ b/algebra/src/curves/models/mod.rs @@ -1,4 +1,7 @@ -use crate::{biginteger::BigInteger, fields::{Field, PrimeField, SquareRootField}}; +use crate::{ + biginteger::BigInteger, + fields::{Field, PrimeField, SquareRootField}, +}; pub mod short_weierstrass_jacobian; pub mod short_weierstrass_projective; @@ -114,4 +117,4 @@ pub trait MontgomeryModelParameters: ModelParameters { const COEFF_B: Self::BaseField; type TEModelParameters: TEModelParameters; -} \ No newline at end of file +} diff --git a/algebra/src/curves/models/short_weierstrass_jacobian.rs b/algebra/src/curves/models/short_weierstrass_jacobian.rs index d220c927d..31c524b09 100644 --- a/algebra/src/curves/models/short_weierstrass_jacobian.rs +++ b/algebra/src/curves/models/short_weierstrass_jacobian.rs @@ -1,12 +1,22 @@ -use rand::{Rng, distributions::{Standard, Distribution}}; +use crate::{ + bytes::{FromBytes, ToBytes}, + curves::{models::SWModelParameters as Parameters, AffineCurve, ProjectiveCurve}, + fields::{BitIterator, Field, PrimeField, SquareRootField}, + BitSerializationError, CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, Error, FromBytesChecked, FromCompressedBits, SWFlags, + SemanticallyValid, SerializationError, ToCompressedBits, UniformRand, +}; +use rand::{ + distributions::{Distribution, Standard}, + Rng, +}; +use serde::{Deserialize, Serialize}; +use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}; use std::{ fmt::{Display, Formatter, Result as FmtResult}, - io::{Read, Result as IoResult, Write, Error as IoError, ErrorKind}, + io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}, marker::PhantomData, }; -use crate::{bytes::{FromBytes, ToBytes}, curves::{AffineCurve, ProjectiveCurve, models::SWModelParameters as Parameters}, fields::{BitIterator, Field, PrimeField, SquareRootField}, CanonicalSerialize, SerializationError, CanonicalSerializeWithFlags, CanonicalDeserialize, CanonicalDeserializeWithFlags, UniformRand, SemanticallyValid, Error, FromBytesChecked, BitSerializationError, FromCompressedBits, ToCompressedBits, SWFlags}; -use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}; -use serde::{Serialize, Deserialize}; #[derive(Derivative)] #[derivative( @@ -171,11 +181,12 @@ impl AffineCurve for GroupAffine

{ #[inline] fn group_membership_test(&self) -> bool { - self.is_on_curve() && if !self.is_zero() { - self.is_in_correct_subgroup_assuming_on_curve() - } else { - true - } + self.is_on_curve() + && if !self.is_zero() { + self.is_in_correct_subgroup_assuming_on_curve() + } else { + true + } } fn add_points(to_add: &mut [Vec]) { @@ -186,13 +197,23 @@ impl AffineCurve for GroupAffine

{ while to_add.iter().position(|x| x.len() > 1) != None { let mut dx: usize = 0; - for p in to_add.iter_mut(){ - if p.len() < 2 { continue } - let len = if p.len() % 2 == 0 { p.len() } else { p.len() - 1 }; - for i in (0..len).step_by(2){ + for p in to_add.iter_mut() { + if p.len() < 2 { + continue; + } + let len = if p.len() % 2 == 0 { + p.len() + } else { + p.len() - 1 + }; + for i in (0..len).step_by(2) { denoms[dx] = { if p[i].x == p[i + 1].x { - if p[i + 1].y == zero { one } else { p[i + 1].y.double() } + if p[i + 1].y == zero { + one + } else { + p[i + 1].y.double() + } } else { p[i].x - &p[i + 1].x } @@ -206,25 +227,25 @@ impl AffineCurve for GroupAffine

{ dx = 0; for p in to_add.iter_mut() { - if p.len() < 2 { continue } - let len = if p.len() % 2 == 0 { p.len() } else { p.len() - 1 }; + if p.len() < 2 { + continue; + } + let len = if p.len() % 2 == 0 { + p.len() + } else { + p.len() - 1 + }; for i in (0..len).step_by(2) { - let j = i/2; - if p[i+1].is_zero() - { + let j = i / 2; + if p[i + 1].is_zero() { p[j] = p[i]; - } - else if p[i].is_zero() - { - p[j] = p[i+1]; - } - else if p[i+1].x == p[i].x && (p[i+1].y != p[i].y || p[i+1].y.is_zero()) + } else if p[i].is_zero() { + p[j] = p[i + 1]; + } else if p[i + 1].x == p[i].x && (p[i + 1].y != p[i].y || p[i + 1].y.is_zero()) { p[j] = Self::zero(); - } - else if p[i+1].x == p[i].x && p[i+1].y == p[i].y - { + } else if p[i + 1].x == p[i].x && p[i + 1].y == p[i].y { let sq = p[i].x.square(); let s = (sq.double() + &sq + &P::COEFF_A) * &denoms[dx]; let x = s.square() - &p[i].x.double(); @@ -232,11 +253,9 @@ impl AffineCurve for GroupAffine

{ p[j].x = x; p[j].y = y; p[j].infinity = false; - } - else - { - let s = (p[i].y - &p[i+1].y) * &denoms[dx]; - let x = s.square() - &p[i].x - &p[i+1].x; + } else { + let s = (p[i].y - &p[i + 1].y) * &denoms[dx]; + let x = s.square() - &p[i].x - &p[i + 1].x; let y = -p[i].y - &(s * &(x - &p[i].x)); p[j].x = x; p[j].y = y; @@ -246,14 +265,11 @@ impl AffineCurve for GroupAffine

{ } let len = p.len(); - if len % 2 == 1 - { - p[len/2] = p[len-1]; - p.truncate(len/2+1); - } - else - { - p.truncate(len/2); + if len % 2 == 1 { + p[len / 2] = p[len - 1]; + p.truncate(len / 2 + 1); + } else { + p.truncate(len / 2); } } } @@ -279,12 +295,9 @@ impl AffineCurve for GroupAffine

{ } } -impl SemanticallyValid for GroupAffine

-{ +impl SemanticallyValid for GroupAffine

{ fn is_valid(&self) -> bool { - self.x.is_valid() && - self.y.is_valid() && - self.group_membership_test() + self.x.is_valid() && self.y.is_valid() && self.group_membership_test() } } @@ -329,20 +342,26 @@ impl FromBytesChecked for GroupAffine

{ let infinity = bool::read(reader)?; let point = Self::new(x, y, infinity); if !point.group_membership_test() { - return Err(IoError::new(ErrorKind::InvalidData, "invalid point: group membership test failed")); + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid point: group membership test failed", + )); } Ok(point) } } -use crate::{ToBits, FromBits}; -impl ToCompressedBits for GroupAffine

-{ +use crate::{FromBits, ToBits}; +impl ToCompressedBits for GroupAffine

{ #[inline] fn compress(&self) -> Vec { // Strictly speaking, self.x is zero already when self.infinity is true, but // to guard against implementation mistakes we do not assume this. - let p = if self.infinity {P::BaseField::zero()} else {self.x}; + let p = if self.infinity { + P::BaseField::zero() + } else { + self.x + }; let mut res = p.write_bits(); // Add infinity flag @@ -355,8 +374,7 @@ impl ToCompressedBits for GroupAffine

} } -impl FromCompressedBits for GroupAffine

-{ +impl FromCompressedBits for GroupAffine

{ #[inline] fn decompress(compressed: Vec) -> Result { let len = compressed.len() - 1; @@ -366,7 +384,6 @@ impl FromCompressedBits for GroupAffine

//Mask away the flag bits and try to get the x coordinate let x = P::BaseField::read_bits(compressed[0..(len - 1)].to_vec())?; match (infinity_flag_set, parity_flag_set, x.is_zero()) { - //If the infinity flag is set, return the value assuming //the x-coordinate is zero and the parity bit is not set. (true, false, true) => Ok(Self::zero()), @@ -374,23 +391,20 @@ impl FromCompressedBits for GroupAffine

//If infinity flag is not set, then we attempt to construct //a point from the x coordinate and the parity. (false, _, _) => { - //Attempt to get the y coordinate from its parity and x match Self::get_point_from_x_and_parity(x, parity_flag_set) { - //Check p belongs to the subgroup we expect Some(p) => { if p.is_in_correct_subgroup_assuming_on_curve() { Ok(p) - } - else { + } else { let e = BitSerializationError::NotInCorrectSubgroup; Err(Box::new(e)) } } _ => Err(Box::new(BitSerializationError::NotOnCurve)), } - }, + } //Other combinations are illegal _ => Err(Box::new(BitSerializationError::InvalidFlags)), @@ -415,9 +429,9 @@ impl Default for GroupAffine

{ )] #[derive(Serialize, Deserialize)] pub struct GroupProjective { - pub x: P::BaseField, - pub y: P::BaseField, - pub z: P::BaseField, + pub x: P::BaseField, + pub y: P::BaseField, + pub z: P::BaseField, #[derivative(Debug = "ignore")] #[serde(skip)] _params: PhantomData

, @@ -455,7 +469,6 @@ impl PartialEq for GroupProjective

{ } } - impl Distribution> for Standard { #[inline] fn sample(&self, rng: &mut R) -> GroupProjective

{ @@ -465,7 +478,6 @@ impl Distribution> for Standard { } } - impl ToBytes for GroupProjective

{ #[inline] fn write(&self, mut writer: W) -> IoResult<()> { @@ -492,8 +504,11 @@ impl FromBytesChecked for GroupProjective

{ let z = P::BaseField::read_checked(reader)?; let point = Self::new(x, y, z); if !point.group_membership_test() { - return Err(IoError::new(ErrorKind::InvalidData, "invalid point: group membership test failed")); - } + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid point: group membership test failed", + )); + } Ok(point) } } @@ -792,13 +807,9 @@ impl ProjectiveCurve for GroupProjective

{ } } -impl SemanticallyValid for GroupProjective

-{ +impl SemanticallyValid for GroupProjective

{ fn is_valid(&self) -> bool { - self.x.is_valid() && - self.y.is_valid() && - self.z.is_valid() && - self.group_membership_test() + self.x.is_valid() && self.y.is_valid() && self.z.is_valid() && self.group_membership_test() } } @@ -1055,9 +1066,7 @@ impl CanonicalDeserialize for GroupAffine

{ } #[allow(unused_qualifications)] - fn deserialize_uncompressed( - reader: R, - ) -> Result { + fn deserialize_uncompressed(reader: R) -> Result { let p = Self::deserialize_uncompressed_unchecked(reader)?; if !p.group_membership_test() { @@ -1067,7 +1076,9 @@ impl CanonicalDeserialize for GroupAffine

{ } #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; let (y, flags): (P::BaseField, SWFlags) = CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; @@ -1100,4 +1111,4 @@ impl CanonicalDeserialize for GroupProjective

{ let aff = GroupAffine::

::deserialize_uncompressed_unchecked(reader)?; Ok(aff.into()) } -} \ No newline at end of file +} diff --git a/algebra/src/curves/models/short_weierstrass_projective.rs b/algebra/src/curves/models/short_weierstrass_projective.rs index cf98dd9e1..2b080d23a 100644 --- a/algebra/src/curves/models/short_weierstrass_projective.rs +++ b/algebra/src/curves/models/short_weierstrass_projective.rs @@ -1,19 +1,22 @@ -use rand::{Rng, distributions::{Standard, Distribution}}; -use std::{ - fmt::{Display, Formatter, Result as FmtResult}, - io::{Read, Result as IoResult, Write, Error as IoError, ErrorKind}, - marker::PhantomData, -}; use crate::{ bytes::{FromBytes, ToBytes}, - curves::{AffineCurve, ProjectiveCurve, models::SWModelParameters as Parameters}, + curves::{models::SWModelParameters as Parameters, AffineCurve, ProjectiveCurve}, fields::{BitIterator, Field, PrimeField, SquareRootField}, - CanonicalSerialize, SerializationError, CanonicalSerializeWithFlags, CanonicalDeserialize, - CanonicalDeserializeWithFlags, UniformRand, SemanticallyValid, Error, FromBytesChecked, - BitSerializationError, FromCompressedBits, ToCompressedBits, SWFlags + BitSerializationError, CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, Error, FromBytesChecked, FromCompressedBits, SWFlags, + SemanticallyValid, SerializationError, ToCompressedBits, UniformRand, +}; +use rand::{ + distributions::{Distribution, Standard}, + Rng, }; +use serde::{Deserialize, Serialize}; use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}; -use serde::{Serialize, Deserialize}; +use std::{ + fmt::{Display, Formatter, Result as FmtResult}, + io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}, + marker::PhantomData, +}; #[derive(Derivative)] #[derivative( @@ -139,7 +142,6 @@ impl GroupAffine

{ self.mul_bits(BitIterator::new(P::ScalarField::characteristic())) .is_zero() } - } impl AffineCurve for GroupAffine

{ @@ -184,11 +186,12 @@ impl AffineCurve for GroupAffine

{ #[inline] fn group_membership_test(&self) -> bool { - self.is_on_curve() && if !self.is_zero() { - self.is_in_correct_subgroup_assuming_on_curve() - } else { - true - } + self.is_on_curve() + && if !self.is_zero() { + self.is_in_correct_subgroup_assuming_on_curve() + } else { + true + } } fn add_points(to_add: &mut [Vec]) { @@ -199,13 +202,23 @@ impl AffineCurve for GroupAffine

{ while to_add.iter().position(|x| x.len() > 1) != None { let mut dx: usize = 0; - for p in to_add.iter_mut(){ - if p.len() < 2 { continue } - let len = if p.len() % 2 == 0 { p.len() } else { p.len() - 1 }; - for i in (0..len).step_by(2){ + for p in to_add.iter_mut() { + if p.len() < 2 { + continue; + } + let len = if p.len() % 2 == 0 { + p.len() + } else { + p.len() - 1 + }; + for i in (0..len).step_by(2) { denoms[dx] = { if p[i].x == p[i + 1].x { - if p[i + 1].y == zero { one } else { p[i + 1].y.double() } + if p[i + 1].y == zero { + one + } else { + p[i + 1].y.double() + } } else { p[i].x - &p[i + 1].x } @@ -219,25 +232,25 @@ impl AffineCurve for GroupAffine

{ dx = 0; for p in to_add.iter_mut() { - if p.len() < 2 { continue } - let len = if p.len() % 2 == 0 { p.len() } else { p.len() - 1 }; + if p.len() < 2 { + continue; + } + let len = if p.len() % 2 == 0 { + p.len() + } else { + p.len() - 1 + }; for i in (0..len).step_by(2) { - let j = i/2; - if p[i+1].is_zero() - { + let j = i / 2; + if p[i + 1].is_zero() { p[j] = p[i]; - } - else if p[i].is_zero() - { - p[j] = p[i+1]; - } - else if p[i+1].x == p[i].x && (p[i+1].y != p[i].y || p[i+1].y.is_zero()) + } else if p[i].is_zero() { + p[j] = p[i + 1]; + } else if p[i + 1].x == p[i].x && (p[i + 1].y != p[i].y || p[i + 1].y.is_zero()) { p[j] = Self::zero(); - } - else if p[i+1].x == p[i].x && p[i+1].y == p[i].y - { + } else if p[i + 1].x == p[i].x && p[i + 1].y == p[i].y { let sq = p[i].x.square(); let s = (sq.double() + &sq + &P::COEFF_A) * &denoms[dx]; let x = s.square() - &p[i].x.double(); @@ -245,11 +258,9 @@ impl AffineCurve for GroupAffine

{ p[j].x = x; p[j].y = y; p[j].infinity = false; - } - else - { - let s = (p[i].y - &p[i+1].y) * &denoms[dx]; - let x = s.square() - &p[i].x - &p[i+1].x; + } else { + let s = (p[i].y - &p[i + 1].y) * &denoms[dx]; + let x = s.square() - &p[i].x - &p[i + 1].x; let y = -p[i].y - &(s * &(x - &p[i].x)); p[j].x = x; p[j].y = y; @@ -259,14 +270,11 @@ impl AffineCurve for GroupAffine

{ } let len = p.len(); - if len % 2 == 1 - { - p[len/2] = p[len-1]; - p.truncate(len/2+1); - } - else - { - p.truncate(len/2); + if len % 2 == 1 { + p[len / 2] = p[len - 1]; + p.truncate(len / 2 + 1); + } else { + p.truncate(len / 2); } } } @@ -292,12 +300,9 @@ impl AffineCurve for GroupAffine

{ } } -impl SemanticallyValid for GroupAffine

-{ +impl SemanticallyValid for GroupAffine

{ fn is_valid(&self) -> bool { - self.x.is_valid() && - self.y.is_valid() && - self.group_membership_test() + self.x.is_valid() && self.y.is_valid() && self.group_membership_test() } } @@ -341,20 +346,26 @@ impl FromBytesChecked for GroupAffine

{ let infinity = bool::read(reader)?; let point = Self::new(x, y, infinity); if !point.group_membership_test() { - return Err(IoError::new(ErrorKind::InvalidData, "invalid point: group membership test failed")); + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid point: group membership test failed", + )); } Ok(point) } } -use crate::{ToBits, FromBits}; -impl ToCompressedBits for GroupAffine

-{ +use crate::{FromBits, ToBits}; +impl ToCompressedBits for GroupAffine

{ #[inline] fn compress(&self) -> Vec { // Strictly speaking, self.x is zero already when self.infinity is true, but // to guard against implementation mistakes we do not assume this. - let p = if self.infinity {P::BaseField::zero()} else {self.x}; + let p = if self.infinity { + P::BaseField::zero() + } else { + self.x + }; let mut res = p.write_bits(); // Add infinity flag @@ -367,8 +378,7 @@ impl ToCompressedBits for GroupAffine

} } -impl FromCompressedBits for GroupAffine

-{ +impl FromCompressedBits for GroupAffine

{ #[inline] fn decompress(compressed: Vec) -> Result { let len = compressed.len() - 1; @@ -378,7 +388,6 @@ impl FromCompressedBits for GroupAffine

//Mask away the flag bits and try to get the x coordinate let x = P::BaseField::read_bits(compressed[0..(len - 1)].to_vec())?; match (infinity_flag_set, parity_flag_set, x.is_zero()) { - //If the infinity flag is set, return the value assuming //the x-coordinate is zero and the parity bit is not set. (true, false, true) => Ok(Self::zero()), @@ -386,23 +395,20 @@ impl FromCompressedBits for GroupAffine

//If infinity flag is not set, then we attempt to construct //a point from the x coordinate and the parity. (false, _, _) => { - //Attempt to get the y coordinate from its parity and x match Self::get_point_from_x_and_parity(x, parity_flag_set) { - //Check p belongs to the subgroup we expect Some(p) => { if p.is_in_correct_subgroup_assuming_on_curve() { Ok(p) - } - else { + } else { let e = BitSerializationError::NotInCorrectSubgroup; Err(Box::new(e)) } } _ => Err(Box::new(BitSerializationError::NotOnCurve)), } - }, + } //Other combinations are illegal _ => Err(Box::new(BitSerializationError::InvalidFlags)), @@ -427,9 +433,9 @@ impl Default for GroupAffine

{ )] #[derive(Serialize, Deserialize)] pub struct GroupProjective { - pub x: P::BaseField, - pub y: P::BaseField, - pub z: P::BaseField, + pub x: P::BaseField, + pub y: P::BaseField, + pub z: P::BaseField, #[serde(skip)] _params: PhantomData

, } @@ -457,8 +463,7 @@ impl PartialEq for GroupProjective

{ // y1/z1 == y2/z2 <==> y1 * z2 == y2 * z1 else if (self.y * &other.z) != (other.y * &self.z) { false - } - else { + } else { true } } @@ -499,7 +504,10 @@ impl FromBytesChecked for GroupProjective

{ let z = P::BaseField::read_checked(reader)?; let point = Self::new(x, y, z); if !point.group_membership_test() { - return Err(IoError::new(ErrorKind::InvalidData, "invalid point: group membership test failed")); + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid point: group membership test failed", + )); } Ok(point) } @@ -717,13 +725,9 @@ impl ProjectiveCurve for GroupProjective

{ } } -impl SemanticallyValid for GroupProjective

-{ +impl SemanticallyValid for GroupProjective

{ fn is_valid(&self) -> bool { - self.x.is_valid() && - self.y.is_valid() && - self.z.is_valid() && - self.group_membership_test() + self.x.is_valid() && self.y.is_valid() && self.z.is_valid() && self.group_membership_test() } } @@ -943,9 +947,7 @@ impl CanonicalDeserialize for GroupAffine

{ } #[allow(unused_qualifications)] - fn deserialize_uncompressed( - reader: R, - ) -> Result { + fn deserialize_uncompressed(reader: R) -> Result { let p = Self::deserialize_uncompressed_unchecked(reader)?; if !p.group_membership_test() { @@ -955,7 +957,9 @@ impl CanonicalDeserialize for GroupAffine

{ } #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; let (y, flags): (P::BaseField, SWFlags) = CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; @@ -988,4 +992,4 @@ impl CanonicalDeserialize for GroupProjective

{ let aff = GroupAffine::

::deserialize_uncompressed_unchecked(reader)?; Ok(aff.into()) } -} \ No newline at end of file +} diff --git a/algebra/src/curves/models/twisted_edwards_extended/mod.rs b/algebra/src/curves/models/twisted_edwards_extended/mod.rs index 77584b9a6..1ae6629fa 100644 --- a/algebra/src/curves/models/twisted_edwards_extended/mod.rs +++ b/algebra/src/curves/models/twisted_edwards_extended/mod.rs @@ -1,7 +1,10 @@ -use rand::{Rng, distributions::{Standard, Distribution}}; +use rand::{ + distributions::{Distribution, Standard}, + Rng, +}; use std::{ fmt::{Display, Formatter, Result as FmtResult}, - io::{Read, Result as IoResult, Error as IoError, Write, ErrorKind}, + io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}, marker::PhantomData, ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}, }; @@ -9,14 +12,15 @@ use std::{ use crate::{ bytes::{FromBytes, ToBytes}, curves::{ - models::TEModelParameters as Parameters, models::MontgomeryModelParameters as MontgomeryParameters, - AffineCurve, ProjectiveCurve - }, fields::{BitIterator, Field, PrimeField, SquareRootField}, UniformRand, SemanticallyValid, - Error, FromBytesChecked, ToCompressedBits, FromCompressedBits, BitSerializationError, - CanonicalSerialize, SerializationError, CanonicalSerializeWithFlags, CanonicalDeserialize, - CanonicalDeserializeWithFlags, EdwardsFlags + models::MontgomeryModelParameters as MontgomeryParameters, + models::TEModelParameters as Parameters, AffineCurve, ProjectiveCurve, + }, + fields::{BitIterator, Field, PrimeField, SquareRootField}, + BitSerializationError, CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, EdwardsFlags, Error, FromBytesChecked, FromCompressedBits, + SemanticallyValid, SerializationError, ToCompressedBits, UniformRand, }; -use serde::{Serialize, Deserialize}; +use serde::{Deserialize, Serialize}; #[cfg(test)] pub mod tests; @@ -176,11 +180,12 @@ impl AffineCurve for GroupAffine

{ } fn group_membership_test(&self) -> bool { - self.is_on_curve() && if !self.is_zero() { - self.is_in_correct_subgroup_assuming_on_curve() - } else { - true - } + self.is_on_curve() + && if !self.is_zero() { + self.is_in_correct_subgroup_assuming_on_curve() + } else { + true + } } fn add_points(_: &mut [Vec]) { @@ -204,13 +209,9 @@ impl AffineCurve for GroupAffine

{ } } -impl SemanticallyValid for GroupAffine

-{ +impl SemanticallyValid for GroupAffine

{ fn is_valid(&self) -> bool { - - self.x.is_valid() && - self.y.is_valid() && - self.group_membership_test() + self.x.is_valid() && self.y.is_valid() && self.group_membership_test() } } @@ -302,18 +303,19 @@ impl FromBytesChecked for GroupAffine

{ let y = P::BaseField::read_checked(reader)?; let p = Self::new(x, y); if !p.group_membership_test() { - return Err(IoError::new(ErrorKind::InvalidData, "invalid point: group membership test failed")); + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid point: group membership test failed", + )); } Ok(p) } } -use crate::{ToBits, FromBits}; -impl ToCompressedBits for GroupAffine

-{ +use crate::{FromBits, ToBits}; +impl ToCompressedBits for GroupAffine

{ #[inline] fn compress(&self) -> Vec { - let mut res = self.x.write_bits(); // Is the y-coordinate the odd one of the two associated with the @@ -324,8 +326,7 @@ impl ToCompressedBits for GroupAffine

} } -impl FromCompressedBits for GroupAffine

-{ +impl FromCompressedBits for GroupAffine

{ #[inline] fn decompress(compressed: Vec) -> Result { let len = compressed.len() - 1; @@ -336,13 +337,11 @@ impl FromCompressedBits for GroupAffine

//Attempt to get the y coordinate from its parity and x match Self::get_point_from_x_and_parity(x, parity_flag_set) { - //Check p belongs to the subgroup we expect Some(p) => { if p.is_zero() || p.is_in_correct_subgroup_assuming_on_curve() { Ok(p) - } - else { + } else { let e = BitSerializationError::NotPrimeOrder; Err(Box::new(e)) } @@ -491,7 +490,10 @@ impl FromBytesChecked for GroupProjective

{ let z = P::BaseField::read_checked(reader)?; let p = Self::new(x, y, t, z); if !p.group_membership_test() { - return Err(IoError::new(ErrorKind::InvalidData, "invalid point: group membership test failed")); + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid point: group membership test failed", + )); } Ok(p) } @@ -661,15 +663,13 @@ impl ProjectiveCurve for GroupProjective

{ } } -impl SemanticallyValid for GroupProjective

-{ +impl SemanticallyValid for GroupProjective

{ fn is_valid(&self) -> bool { - - self.x.is_valid() && - self.y.is_valid() && - self.z.is_valid() && - self.t.is_valid() && - self.group_membership_test() + self.x.is_valid() + && self.y.is_valid() + && self.z.is_valid() + && self.t.is_valid() + && self.group_membership_test() } } @@ -888,7 +888,9 @@ impl CanonicalDeserialize for GroupAffine

{ } #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; let y: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; @@ -918,19 +920,20 @@ impl CanonicalDeserialize for GroupProjective

{ #[allow(unused_qualifications)] fn deserialize_uncompressed_unchecked(reader: R) -> Result { - let aff = as CanonicalDeserialize>::deserialize_uncompressed_unchecked(reader)?; + let aff = + as CanonicalDeserialize>::deserialize_uncompressed_unchecked(reader)?; Ok(aff.into()) } } #[derive(Derivative)] #[derivative( -Copy(bound = "P: MontgomeryParameters"), -Clone(bound = "P: MontgomeryParameters"), -PartialEq(bound = "P: MontgomeryParameters"), -Eq(bound = "P: MontgomeryParameters"), -Debug(bound = "P: MontgomeryParameters"), -Hash(bound = "P: MontgomeryParameters") + Copy(bound = "P: MontgomeryParameters"), + Clone(bound = "P: MontgomeryParameters"), + PartialEq(bound = "P: MontgomeryParameters"), + Eq(bound = "P: MontgomeryParameters"), + Debug(bound = "P: MontgomeryParameters"), + Hash(bound = "P: MontgomeryParameters") )] pub struct MontgomeryGroupAffine { pub x: P::BaseField, @@ -954,4 +957,3 @@ impl MontgomeryGroupAffine

{ } } } - diff --git a/algebra/src/curves/models/twisted_edwards_extended/tests.rs b/algebra/src/curves/models/twisted_edwards_extended/tests.rs index 148d82db2..aee3d11eb 100644 --- a/algebra/src/curves/models/twisted_edwards_extended/tests.rs +++ b/algebra/src/curves/models/twisted_edwards_extended/tests.rs @@ -1,13 +1,15 @@ -use crate::{fields::Field, TEModelParameters, MontgomeryModelParameters}; +use crate::{fields::Field, MontgomeryModelParameters, TEModelParameters}; pub(crate) fn montgomery_conversion_test

() - where - P: TEModelParameters, +where + P: TEModelParameters, { // A = 2 * (a + d) / (a - d) - let a = P::BaseField::one().double()*&(P::COEFF_A + &P::COEFF_D)*&(P::COEFF_A - &P::COEFF_D).inverse().unwrap(); + let a = P::BaseField::one().double() + * &(P::COEFF_A + &P::COEFF_D) + * &(P::COEFF_A - &P::COEFF_D).inverse().unwrap(); // B = 4 / (a - d) - let b = P::BaseField::one().double().double()*&(P::COEFF_A - &P::COEFF_D).inverse().unwrap(); + let b = P::BaseField::one().double().double() * &(P::COEFF_A - &P::COEFF_D).inverse().unwrap(); assert_eq!(a, P::MontgomeryModelParameters::COEFF_A); assert_eq!(b, P::MontgomeryModelParameters::COEFF_B); diff --git a/algebra/src/curves/tests.rs b/algebra/src/curves/tests.rs index 0610f64aa..1a225b8da 100644 --- a/algebra/src/curves/tests.rs +++ b/algebra/src/curves/tests.rs @@ -1,11 +1,11 @@ +use crate::UniformRand; use crate::{ curves::{AffineCurve, ProjectiveCurve}, fields::{Field, PrimeField}, serialize::{CanonicalDeserialize, CanonicalSerialize}, - SWModelParameters, TEModelParameters + SWModelParameters, TEModelParameters, }; -use crate::UniformRand; -use rand::{SeedableRng, thread_rng}; +use rand::{thread_rng, SeedableRng}; use rand_xorshift::XorShiftRng; use std::io::Cursor; @@ -531,16 +531,16 @@ pub fn sw_projective_curve_serialization_test() { } pub fn edwards_tests() - where - P::BaseField: PrimeField, +where + P::BaseField: PrimeField, { edwards_curve_serialization_test::

(); edwards_from_random_bytes::

(); } pub fn edwards_from_random_bytes() - where - P::BaseField: PrimeField, +where + P::BaseField: PrimeField, { use crate::curves::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; use crate::ToBytes; @@ -639,4 +639,4 @@ pub fn edwards_curve_serialization_test() { assert_eq!(a, b); } } -} \ No newline at end of file +} diff --git a/algebra/src/curves/tweedle/dee.rs b/algebra/src/curves/tweedle/dee.rs index 55802f9e3..dc4190a70 100644 --- a/algebra/src/curves/tweedle/dee.rs +++ b/algebra/src/curves/tweedle/dee.rs @@ -3,10 +3,10 @@ use crate::{ biginteger::BigInteger256, curves::{ models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - ModelParameters, SWModelParameters + ModelParameters, SWModelParameters, }, + fields::tweedle::*, Field, - fields::tweedle::* }; #[derive(Copy, Clone, Default, PartialEq, Eq)] diff --git a/algebra/src/curves/tweedle/dum.rs b/algebra/src/curves/tweedle/dum.rs index 2173afcf8..26ce8b858 100644 --- a/algebra/src/curves/tweedle/dum.rs +++ b/algebra/src/curves/tweedle/dum.rs @@ -2,10 +2,11 @@ use crate::{ biginteger::BigInteger256, curves::{ models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}, - ModelParameters, SWModelParameters + ModelParameters, SWModelParameters, }, - Field, field_new, - fields::tweedle::* + field_new, + fields::tweedle::*, + Field, }; #[derive(Copy, Clone, Default, PartialEq, Eq)] diff --git a/algebra/src/curves/tweedle/tests.rs b/algebra/src/curves/tweedle/tests.rs index c88c2f0c2..df3bfaefa 100644 --- a/algebra/src/curves/tweedle/tests.rs +++ b/algebra/src/curves/tweedle/tests.rs @@ -1,22 +1,18 @@ use crate::{ curves::{ - models::SWModelParameters, tweedle::*, - tests::curve_tests, - AffineCurve, ProjectiveCurve, + models::SWModelParameters, tests::curve_tests, tweedle::*, AffineCurve, ProjectiveCurve, }, + fields::{tweedle::*, Field, SquareRootField}, groups::tests::group_test, - fields::{Field, SquareRootField, tweedle::*}, }; use std::ops::{AddAssign, MulAssign}; use std::str::FromStr; -use rand::{ - Rng, SeedableRng -}; -use rand_xorshift::XorShiftRng; use crate::curves::tests::sw_jacobian_tests; use crate::curves::tweedle::dee::TweedledeeParameters; use crate::curves::tweedle::dum::TweedledumParameters; +use rand::{Rng, SeedableRng}; +use rand_xorshift::XorShiftRng; #[test] fn test_dee_projective_curve() { @@ -131,14 +127,26 @@ fn test_dum_generator_raw() { #[test] fn test_dee_addition_correctness() { let mut p = dee::Projective::new( - Fq::from_str("17071515411234329267051251142008744532074161438140426170549136904789606209155").unwrap(), - Fq::from_str("9067370984564524093871625068725679070040168060994636121507153477916099620826").unwrap(), + Fq::from_str( + "17071515411234329267051251142008744532074161438140426170549136904789606209155", + ) + .unwrap(), + Fq::from_str( + "9067370984564524093871625068725679070040168060994636121507153477916099620826", + ) + .unwrap(), Fq::one(), ); p.add_assign(&dee::Projective::new( - Fq::from_str("5902988235118225415057554152593109689819081116067139376852243422243422684655").unwrap(), - Fq::from_str("9237374262095944048575165674046716194558759078123659312337709713005853948132").unwrap(), + Fq::from_str( + "5902988235118225415057554152593109689819081116067139376852243422243422684655", + ) + .unwrap(), + Fq::from_str( + "9237374262095944048575165674046716194558759078123659312337709713005853948132", + ) + .unwrap(), Fq::one(), )); @@ -147,25 +155,42 @@ fn test_dee_addition_correctness() { assert_eq!( p, dee::Affine::new( - Fq::from_str("17272972729543522859996365140537720509583378385403153153034405894416507370075").unwrap(), - Fq::from_str("10919319153241406943315020022865635527830995765162202572118118072098170575117").unwrap(), + Fq::from_str( + "17272972729543522859996365140537720509583378385403153153034405894416507370075" + ) + .unwrap(), + Fq::from_str( + "10919319153241406943315020022865635527830995765162202572118118072098170575117" + ) + .unwrap(), false, ) ); } - #[test] fn test_dum_addition_correctness() { let mut p = dum::Projective::new( - Fr::from_str("21118483776076764996122757821606091900059043860162004907989579660882026321197").unwrap(), - Fr::from_str("9025588652913915603174720117986570170395425582417356177673155554443430464689").unwrap(), + Fr::from_str( + "21118483776076764996122757821606091900059043860162004907989579660882026321197", + ) + .unwrap(), + Fr::from_str( + "9025588652913915603174720117986570170395425582417356177673155554443430464689", + ) + .unwrap(), Fr::one(), ); p.add_assign(&dum::Projective::new( - Fr::from_str("20385173229981432379197513268506886433340219379830521001646291041798263137109").unwrap(), - Fr::from_str("16494790468966191765270742698088328193228887152919586743292725150337386016283").unwrap(), + Fr::from_str( + "20385173229981432379197513268506886433340219379830521001646291041798263137109", + ) + .unwrap(), + Fr::from_str( + "16494790468966191765270742698088328193228887152919586743292725150337386016283", + ) + .unwrap(), Fr::one(), )); @@ -174,8 +199,14 @@ fn test_dum_addition_correctness() { assert_eq!( p, dum::Affine::new( - Fr::from_str("3707088439511374954709258634608802460084680838305626554041952787711711292620").unwrap(), - Fr::from_str("21427612888550306000000889405343941940930914059283626531936541886782117113518").unwrap(), + Fr::from_str( + "3707088439511374954709258634608802460084680838305626554041952787711711292620" + ) + .unwrap(), + Fr::from_str( + "21427612888550306000000889405343941940930914059283626531936541886782117113518" + ) + .unwrap(), false, ) ); diff --git a/algebra/src/fft/domain/basic_radix_2_domain.rs b/algebra/src/fft/domain/basic_radix_2_domain.rs index b74c1486a..51f9ce9c3 100644 --- a/algebra/src/fft/domain/basic_radix_2_domain.rs +++ b/algebra/src/fft/domain/basic_radix_2_domain.rs @@ -1,8 +1,8 @@ -use crate::{FpParameters, PrimeField}; use crate::{multicore::Worker, EvaluationDomain}; -use std::fmt; +use crate::{FpParameters, PrimeField}; use rayon::prelude::*; use std::any::Any; +use std::fmt; /// Defines a domain over which finite field (I)FFTs can be performed. Works /// only for fields that have a large multiplicative subgroup of size that is @@ -12,19 +12,19 @@ use std::any::Any; #[derive(Copy, Clone, Hash, Eq, PartialEq, Default)] pub struct BasicRadix2Domain { /// The size of the domain. - pub size: u64, + pub size: u64, /// `log_2(self.size)`. - pub log_size_of_group: u32, + pub log_size_of_group: u32, /// Size of the domain as a field element. pub size_as_field_element: F, /// Inverse of the size in the field. - pub size_inv: F, + pub size_inv: F, /// A generator of the subgroup. - pub group_gen: F, + pub group_gen: F, /// Inverse of the generator of the subgroup. - pub group_gen_inv: F, + pub group_gen_inv: F, /// Multiplicative generator of the finite field. - pub generator_inv: F, + pub generator_inv: F, } impl fmt::Debug for BasicRadix2Domain { @@ -34,9 +34,7 @@ impl fmt::Debug for BasicRadix2Domain { } impl BasicRadix2Domain { - - pub fn new(num_coeffs: usize) -> Option - { + pub fn new(num_coeffs: usize) -> Option { // Compute the size of our evaluation domain let (size, log_size_of_group) = match Self::compute_size_of_domain(num_coeffs) { Some(size) => (size, size.trailing_zeros()), @@ -54,14 +52,14 @@ impl BasicRadix2Domain { let size_as_field_element = F::from_repr(size_as_bigint); let size_inv = size_as_field_element.inverse()?; - Some(Self{ + Some(Self { size: size as u64, log_size_of_group, size_as_field_element, size_inv, group_gen, group_gen_inv: group_gen.inverse()?, - generator_inv: F::multiplicative_generator().inverse()? + generator_inv: F::multiplicative_generator().inverse()?, }) } @@ -98,13 +96,13 @@ impl BasicRadix2Domain { } } - /// Computes the radix-2 FFT of a[0..n] over an FFT domain {z: z^n - 1 = 0} of size n=2^log_n, + /// Computes the radix-2 FFT of a[0..n] over an FFT domain {z: z^n - 1 = 0} of size n=2^log_n, /// given a generator omega for this domain. /// - /// The algorithm reindexes the FFT domain C_n={0,1}^log(n) by reversing the bit order. + /// The algorithm reindexes the FFT domain C_n={0,1}^log(n) by reversing the bit order. /// This makes the enumeration of the FFT domain C_n into the cosets of C_m with m|n slightly - /// more intuitive: For fixed k' from 0..n/m, - /// [k' || j] = k' * m + j, + /// more intuitive: For fixed k' from 0..n/m, + /// [k' || j] = k' * m + j, /// where j=0..m, goes through the coset of C_m at k', and varying k' enumerates the partition /// of C_n. pub(crate) fn serial_fft(a: &mut [F], omega: F, log_n: u32) { @@ -129,9 +127,9 @@ impl BasicRadix2Domain { } } - // We recursively compute the FFTs over the cosets of C_{2*m} from the - // FFTs over the cosets of C_m, starting with m=1. - // With this convention, + // We recursively compute the FFTs over the cosets of C_{2*m} from the + // FFTs over the cosets of C_m, starting with m=1. + // With this convention, // new_a[k' || 0 || j] = a[k' || 0 || j] + w^{j} * a[k' || 1 || j] // new_a[k' || 1 || j] = a[k' || 0 || j] + w^{m+j} * a[k' || 1 || j], // where w is a generator of C_{2m} (and hence w^{m+j} = -w^j). @@ -144,9 +142,9 @@ impl BasicRadix2Domain { // k enumerates the partition of C_n into cosets of C_{2m} while k < n { let mut w = F::one(); - // compute the FFT for the coset C_{2m} at k. + // compute the FFT for the coset C_{2m} at k. for j in 0..m { - // a[k + m + j] <- a[k+j] - w_m * a[k + j + m] + // a[k + m + j] <- a[k+j] - w_m * a[k + j + m] // a[k + j] <- a[k+j] + w_m * a[k + j + m] let mut t = a[(k + j + m) as usize]; t *= &w; @@ -163,25 +161,19 @@ impl BasicRadix2Domain { m *= 2; } } - - /// To parallelize over cpu=2^log_cpu cores, we split the computation of the FFT over + + /// To parallelize over cpu=2^log_cpu cores, we split the computation of the FFT over /// C_n = C_cpu x C_new in the following manner: /// FFT(f(x), k) = Sum_{(g,h) in C_cpus x C_new} f(gh x)* omega^{k * gh x} = /// = Sum_{h in C_new} [ Sum_{g in C_cpus} f(g hx) * omega^{j *g hx} ] * omega^{i * cpus * hx} - /// where k = i*cpus + j, with j in 0..cpus. + /// where k = i*cpus + j, with j in 0..cpus. /// - /// The inner sums + /// The inner sums /// f_j(x)= Sum_{g in C_cpus} f(g x) * omega^{j *g x}, /// are computed in a preparation step, and the "big" ones /// phi_j(i) = Sum_{h in C_new} f_j(h x) omega^{i*cpus*hx}, /// i=0..n/cpus, via a call of serial_fft. - pub(crate) fn parallel_fft( - a: &mut [F], - worker: &Worker, - omega: F, - log_n: u32, - log_cpus: u32, - ) { + pub(crate) fn parallel_fft(a: &mut [F], worker: &Worker, omega: F, log_n: u32, log_cpus: u32) { debug_assert!(log_n >= log_cpus); let num_cpus = 1 << log_cpus; @@ -197,7 +189,7 @@ impl BasicRadix2Domain { // Shuffle into a sub-FFT let omega_j = omega.pow(&[j as u64]); let omega_step = omega.pow(&[(j as u64) << log_new_n]); - + // Compute f_j(x) for x in C_new. let mut elt = F::one(); for i in 0..(1 << log_new_n) { @@ -219,7 +211,7 @@ impl BasicRadix2Domain { }); // j=0..cpus, i=0..n/cpus, - // FFT(f, idx = i*cpus + j) = phi_j(i) = FFT(f_j)[i] + // FFT(f, idx = i*cpus + j) = phi_j(i) = FFT(f_j)[i] worker.scope(a.len(), |scope, chunk| { let tmp = &tmp; @@ -228,7 +220,7 @@ impl BasicRadix2Domain { let mut idx = idx * chunk; // compute index from chunk index let mask = (1 << log_cpus) - 1; for a in a { - *a = tmp[idx & mask][idx >> log_cpus]; // idx & mask = idx mod cpus = j, idx>>log_cpus = i. + *a = tmp[idx & mask][idx >> log_cpus]; // idx & mask = idx mod cpus = j, idx>>log_cpus = i. idx += 1; } }); @@ -238,7 +230,6 @@ impl BasicRadix2Domain { } impl EvaluationDomain for BasicRadix2Domain { - fn size(&self) -> usize { self.size.clone() as usize } @@ -253,7 +244,12 @@ impl EvaluationDomain for BasicRadix2Domain { fn fft_in_place(&self, coeffs: &mut Vec) { coeffs.resize(self.size(), F::zero()); - Self::best_fft(coeffs, &Worker::new(), self.group_gen, self.log_size_of_group) + Self::best_fft( + coeffs, + &Worker::new(), + self.group_gen, + self.log_size_of_group, + ) } fn coset_fft_in_place(&self, coeffs: &mut Vec) { @@ -264,7 +260,12 @@ impl EvaluationDomain for BasicRadix2Domain { #[inline] fn ifft_in_place(&self, evals: &mut Vec) { evals.resize(self.size(), F::zero()); - Self::best_fft(evals, &Worker::new(), self.group_gen_inv, self.log_size_of_group); + Self::best_fft( + evals, + &Worker::new(), + self.group_gen_inv, + self.log_size_of_group, + ); evals.par_iter_mut().for_each(|val| *val *= &self.size_inv); } @@ -273,15 +274,18 @@ impl EvaluationDomain for BasicRadix2Domain { Self::distribute_powers(evals, self.generator_inv); } - fn eq(&self, other: & dyn EvaluationDomain) -> bool { - other.as_any().downcast_ref::().map_or(false, |x| x == self) + fn eq(&self, other: &dyn EvaluationDomain) -> bool { + other + .as_any() + .downcast_ref::() + .map_or(false, |x| x == self) } - fn as_any(&self) -> & dyn Any { + fn as_any(&self) -> &dyn Any { self } fn clone_and_box(&self) -> Box> { Box::new((*self).clone()) } -} \ No newline at end of file +} diff --git a/algebra/src/fft/domain/domain_selector.rs b/algebra/src/fft/domain/domain_selector.rs index 94b53865a..44fae311b 100644 --- a/algebra/src/fft/domain/domain_selector.rs +++ b/algebra/src/fft/domain/domain_selector.rs @@ -1,11 +1,11 @@ use crate::{BasicRadix2Domain, EvaluationDomain, MixedRadix2Domain}; -use crate::{ - PrimeField, FpParameters, -}; +use crate::{FpParameters, PrimeField}; /// Return the smallest sized and most efficient Evaluation Domain able to support `num_coeffs` size -pub fn get_best_evaluation_domain(num_coeffs: usize) -> Option>>{ -// Let's assign an index to each domain: +pub fn get_best_evaluation_domain( + num_coeffs: usize, +) -> Option>> { + // Let's assign an index to each domain: // -1: No suitable domain found // 0: BasicRadix2Domain // 1: MixedRadix2Domain @@ -20,7 +20,7 @@ pub fn get_best_evaluation_domain(num_coeffs: usize) -> Option {} }; @@ -31,7 +31,7 @@ pub fn get_best_evaluation_domain(num_coeffs: usize) -> Option {} }; } @@ -46,8 +46,8 @@ pub fn get_best_evaluation_domain(num_coeffs: usize) -> Option(domain_size).unwrap(); assert_eq!(domain.size(), 32768, "Unexpected domain size"); - domain_size = 32769; //Expected Mixed to be chosen domain = get_best_evaluation_domain::(domain_size).unwrap(); assert_eq!(domain.size(), 40960, "Unexpected domain size"); - //Limit for the mixed radix2 domain support domain_size = 819200; domain = get_best_evaluation_domain::(domain_size).unwrap(); @@ -85,8 +83,8 @@ mod test { //No supported domain for this size should exist domain_size = 819201; match get_best_evaluation_domain::(domain_size) { - None => {}, - _ => panic!("No domain should exists for this size") + None => {} + _ => panic!("No domain should exists for this size"), } } -} \ No newline at end of file +} diff --git a/algebra/src/fft/domain/mixed_radix_2_domain.rs b/algebra/src/fft/domain/mixed_radix_2_domain.rs index c894b765b..e8c091d3c 100644 --- a/algebra/src/fft/domain/mixed_radix_2_domain.rs +++ b/algebra/src/fft/domain/mixed_radix_2_domain.rs @@ -1,8 +1,8 @@ -use crate::{FpParameters, PrimeField}; use crate::{multicore::Worker, EvaluationDomain}; +use crate::{FpParameters, PrimeField}; use rayon::prelude::*; -use std::fmt; use std::any::Any; +use std::fmt; /// Defines a domain over which finite field (I)FFTs can be performed. Works /// only for fields that have a large multiplicative subgroup of size that is @@ -14,17 +14,17 @@ use std::any::Any; #[derive(Copy, Clone, Hash, Eq, PartialEq, Default)] pub struct MixedRadix2Domain { /// The size of the domain. - pub size: u64, + pub size: u64, /// `log_2(self.size)`. - pub log_size_of_group: u32, + pub log_size_of_group: u32, /// Inverse of the size in the field. - pub size_inv: F, + pub size_inv: F, /// A generator of the subgroup. - pub group_gen: F, + pub group_gen: F, /// Inverse of the generator of the subgroup. - pub group_gen_inv: F, + pub group_gen_inv: F, /// Multiplicative generator of the finite field. - pub generator_inv: F, + pub generator_inv: F, } impl fmt::Debug for MixedRadix2Domain { @@ -34,7 +34,6 @@ impl fmt::Debug for MixedRadix2Domain { } impl MixedRadix2Domain { - pub fn new(num_coeffs: usize) -> Option { let q = F::Params::SMALL_SUBGROUP_BASE.unwrap(); @@ -45,7 +44,7 @@ impl MixedRadix2Domain { let q_adicity = Self::k_adicity(q, size as u64); let two_adicity = Self::k_adicity(2, size as u64); (size as u64, size.trailing_zeros(), q_adicity, two_adicity) - }, + } _ => return None, }; @@ -57,7 +56,7 @@ impl MixedRadix2Domain { for _ in q_adicity..F::Params::SMALL_SUBGROUP_POWER.unwrap() { group_gen = group_gen.pow(&q_as_bigint); } - for _ in two_adicity..F::Params::TWO_ADICITY as u64{ + for _ in two_adicity..F::Params::TWO_ADICITY as u64 { group_gen.square_in_place(); } let size_as_bigint = F::BigInt::from(size); @@ -66,7 +65,7 @@ impl MixedRadix2Domain { let group_gen_inv = group_gen.inverse()?; let generator_inv = F::multiplicative_generator().inverse()?; - Some(Self{ + Some(Self { size, log_size_of_group, size_inv, @@ -77,8 +76,7 @@ impl MixedRadix2Domain { } //Returns: min { n : N | n = 2^k * q^s, n >= num_coeffs, s <= small_subgroup_power, k <= TWO_ADICITY } - pub fn compute_size_of_domain(num_coeffs: usize) -> Option - { + pub fn compute_size_of_domain(num_coeffs: usize) -> Option { let mut best = std::u64::MAX; for b in 0..F::Params::SMALL_SUBGROUP_POWER.unwrap() + 1 { let mut r = F::Params::SMALL_SUBGROUP_BASE.unwrap().pow(b as u32); @@ -87,7 +85,7 @@ impl MixedRadix2Domain { r *= 2; two_adicity += 1; } - if two_adicity <= F::Params::TWO_ADICITY{ + if two_adicity <= F::Params::TWO_ADICITY { best = best.min(r); } } @@ -99,14 +97,17 @@ impl MixedRadix2Domain { let two_adicity = Self::k_adicity(2, best); let two_part = 1 << two_adicity; - if best != (two_part * q_part) || two_adicity > F::Params::TWO_ADICITY as u64 || q_adicity > F::Params::SMALL_SUBGROUP_POWER.unwrap() { - return None + if best != (two_part * q_part) + || two_adicity > F::Params::TWO_ADICITY as u64 + || q_adicity > F::Params::SMALL_SUBGROUP_POWER.unwrap() + { + return None; } return Some(best as usize); } - fn k_adicity(k: u64, n: u64) -> u64{ + fn k_adicity(k: u64, n: u64) -> u64 { let mut r = 0; let mut ctr = n.clone(); while ctr > 1 { @@ -124,17 +125,15 @@ impl MixedRadix2Domain { /// This FFT first splits into 2 sub-arrays two_adicity many times, /// And then splits into q sub-arrays q_adicity many times. pub(crate) fn mixed_serial_fft(a: &mut [F], omega: F, log_n: u32) { - let n = a.len() as u64; let q = F::Params::SMALL_SUBGROUP_BASE.unwrap() as usize; - let n_over_q = F::BigInt::from(n/q as u64); + let n_over_q = F::BigInt::from(n / q as u64); let q_adicity = Self::k_adicity(q as u64, n); let two_adicity = Self::k_adicity(2, n); let mut m = 1; // invariant: m = 2^{s-1} if q_adicity > 0 { - // If we're using the other radix, we have to do two things differently than in the radix 2 case. // 1. Applying the index permutation is a bit more complicated. It isn't an involution // (like it is in the radix 2 case) so we need to remember which elements we've moved as we go along @@ -144,86 +143,77 @@ impl MixedRadix2Domain { // specialized q=2 case. // The algorithm reindexes the FFT domain C by reversing the digits of the mixed-radix representation - // x = (b_0 + b_1*2 + ... + b_{two_adicity-1}* 2^{two_adicity-1} + // x = (b_0 + b_1*2 + ... + b_{two_adicity-1}* 2^{two_adicity-1} // + 2^{two_adicity} (x_0 + x_1*q+..+ x_{q_adicity -1}*q^{q_adicity - 1}), // see the mixed_radix_fft_permute() below. - + // Applying the permutation let mut seen = vec![false; n as usize]; - for k in 0..n - { - let mut i = k as usize; - let mut a_i = a[i]; - while !seen[i] - { - let dest = Self::mixed_radix_fft_permute(two_adicity, q_adicity, q as u64, n, i); - let a_dest = a[dest]; - a[dest] = a_i; - - seen[i] = true; - - a_i = a_dest; - i = dest; - } + for k in 0..n { + let mut i = k as usize; + let mut a_i = a[i]; + while !seen[i] { + let dest = + Self::mixed_radix_fft_permute(two_adicity, q_adicity, q as u64, n, i); + let a_dest = a[dest]; + a[dest] = a_i; + + seen[i] = true; + + a_i = a_dest; + i = dest; } + } - // We recursively compute the FFTs over the cosets of C_{q*m} from the - // FFTs over the cosets of C_m, starting with m=1. - // With this convention, - // new_a[k' || i || j ] = Sum_{l=0..q} w^{ (i*m + j) * l} * a[k' || l || j] - // where w is a generator of C_{q*m} (and hence w^{m*i*l} is a q-th - // unit root + // We recursively compute the FFTs over the cosets of C_{q*m} from the + // FFTs over the cosets of C_m, starting with m=1. + // With this convention, + // new_a[k' || i || j ] = Sum_{l=0..q} w^{ (i*m + j) * l} * a[k' || l || j] + // where w is a generator of C_{q*m} (and hence w^{m*i*l} is a q-th + // unit root // qth_roots[i*l mod q] = g^{n/q* i*l}). let omega_q = omega.pow(n_over_q); let mut qth_roots = vec![F::one(); q]; - for i in 1..q - { - qth_roots[i] = qth_roots[i-1] * &omega_q; - } + for i in 1..q { + qth_roots[i] = qth_roots[i - 1] * &omega_q; + } + + let mut terms = vec![F::one(); q - 1]; + + for _ in 0..q_adicity { + let n_over_q_times_m = F::BigInt::from(n / ((q * m) as u64)); + // w_m is the generator of the cyclic subgroup C_{q*m} + let w_m = omega.pow(n_over_q_times_m); + let mut k = 0; + // k enumerates the partition of C_n into cosets of C_{q*m} + while k < (n as usize) { + let mut w_j = F::one(); // w_j keeps track of omega_m ^ j + // compute the FFT for the coset C_{q*m} at k. + for j in 0..m { + // terms[i-1] = w^{i*j} * a[k || i || j], i= 1..q + let base_term = a[k + j]; + let mut w_j_i = w_j.clone(); // w_j_i keeps track of the powers w^{j*i} + for i in 1..q { + terms[i - 1] = w_j_i * &a[k + j + (i * m)]; + w_j_i *= &w_j; + } - let mut terms = vec![F::one(); q-1]; - - for _ in 0..q_adicity - { - let n_over_q_times_m = F::BigInt::from(n/((q*m) as u64)); - // w_m is the generator of the cyclic subgroup C_{q*m} - let w_m = omega.pow(n_over_q_times_m); - let mut k = 0; - // k enumerates the partition of C_n into cosets of C_{q*m} - while k < (n as usize) - { - let mut w_j = F::one(); // w_j keeps track of omega_m ^ j - // compute the FFT for the coset C_{q*m} at k. - for j in 0..m - { - // terms[i-1] = w^{i*j} * a[k || i || j], i= 1..q - let base_term = a[k+j]; - let mut w_j_i = w_j.clone(); // w_j_i keeps track of the powers w^{j*i} - for i in 1..q - { - terms[i - 1] = w_j_i * &a[k+j+(i*m)]; - w_j_i *= &w_j; - } - - for i in 0..q - { - // a[k || i || j] <- Sum_{l=0..q} w^{ (i*m + j) * l} * a[k' || l || j] = - // = Sum_{l=0..q} qth_roots[(i*l)%q] * w^{ (l * j} * a[k' || l || j] - a[k+j+(i*m)] = base_term; - for l in 1..q - { - a[k+j+(i*m)] += &(qth_roots[(i*l)%q] * &terms[l-1]); - } - } - w_j *= &w_m; - } - // choose next coset of C_{q*m} - k += q*m ; + for i in 0..q { + // a[k || i || j] <- Sum_{l=0..q} w^{ (i*m + j) * l} * a[k' || l || j] = + // = Sum_{l=0..q} qth_roots[(i*l)%q] * w^{ (l * j} * a[k' || l || j] + a[k + j + (i * m)] = base_term; + for l in 1..q { + a[k + j + (i * m)] += &(qth_roots[(i * l) % q] * &terms[l - 1]); + } } - m *= q; + w_j *= &w_m; + } + // choose next coset of C_{q*m} + k += q * m; } - } - else{ + m *= q; + } + } else { #[inline] fn bitreverse(mut n: u32, l: u32) -> u32 { let mut r = 0; @@ -244,7 +234,7 @@ impl MixedRadix2Domain { } //2-adic part - for _ in 0..two_adicity{ + for _ in 0..two_adicity { let w_m = omega.pow(&[(n / (2 * m as u64))]); // w_m is 2^s-th root of unity now let mut k = 0; while k < n as usize { @@ -276,22 +266,27 @@ impl MixedRadix2Domain { /// We want to return /// j = b_0 (N/2) + b_1 (N/ 2^2) + ... + b_{two_adicity-1} (N/ 2^two_adicity) /// + x_0 (N / 2^two_adicity / q) + .. + x_{q_adicity-1} (N / 2^two_adicity / q^q_adicity) - fn mixed_radix_fft_permute(two_adicity: u64, q_adicity: u64, q: u64, n: u64, idx: usize) -> usize - { + fn mixed_radix_fft_permute( + two_adicity: u64, + q_adicity: u64, + q: u64, + n: u64, + idx: usize, + ) -> usize { let mut res = 0; let mut shift = n; let mut i = idx as u64; - for _ in 0..two_adicity{ - shift = shift/2; + for _ in 0..two_adicity { + shift = shift / 2; res += (i % 2) * shift; - i = i/2; + i = i / 2; } - for _ in 0..q_adicity{ - shift = shift/q; + for _ in 0..q_adicity { + shift = shift / q; res += (i % q) * shift; - i = i/q; + i = i / q; } return res as usize; @@ -304,19 +299,17 @@ impl MixedRadix2Domain { log_n: u32, log_cpus: u32, ) { - let num_cpus = 1 << log_cpus; let m = a.len(); let two_adicity = Self::k_adicity(2, m as u64); let two_part = 1 << two_adicity; - if two_part < num_cpus as u64 - { + if two_part < num_cpus as u64 { Self::mixed_serial_fft(a, omega, log_n); return; } - let log_new_n = m/num_cpus; + let log_new_n = m / num_cpus; let mut tmp = vec![vec![F::zero(); log_new_n]; num_cpus]; let new_omega = omega.pow(&[num_cpus as u64]); @@ -328,7 +321,7 @@ impl MixedRadix2Domain { scope.spawn(move |_| { // Shuffle into a sub-FFT let omega_j = omega.pow(&[j as u64]); - let omega_step = omega.pow(&[(j*log_new_n) as u64]); + let omega_step = omega.pow(&[(j * log_new_n) as u64]); let mut elt = F::one(); for i in 0..log_new_n { @@ -347,7 +340,6 @@ impl MixedRadix2Domain { } }); - worker.scope(a.len(), |scope, chunk| { let tmp = &tmp; @@ -378,7 +370,6 @@ impl MixedRadix2Domain { }); } - fn best_fft(a: &mut [F], _worker: &Worker, omega: F, log_n: u32) { let log_cpus = _worker.log_num_cpus(); @@ -386,12 +377,11 @@ impl MixedRadix2Domain { return Self::mixed_serial_fft(a, omega, log_n); } else { return Self::mixed_parallel_fft(a, _worker, omega, log_n, log_cpus); - } + } } } impl EvaluationDomain for MixedRadix2Domain { - fn size(&self) -> usize { self.size.clone() as usize } @@ -436,11 +426,14 @@ impl EvaluationDomain for MixedRadix2Domain { Self::distribute_powers(evals, self.generator_inv); } - fn eq(&self, other: & dyn EvaluationDomain) -> bool { - other.as_any().downcast_ref::().map_or(false, |x| x == self) + fn eq(&self, other: &dyn EvaluationDomain) -> bool { + other + .as_any() + .downcast_ref::() + .map_or(false, |x| x == self) } - fn as_any(&self) -> & dyn Any { + fn as_any(&self) -> &dyn Any { self } diff --git a/algebra/src/fft/domain/mod.rs b/algebra/src/fft/domain/mod.rs index 33848868a..8dcf70995 100644 --- a/algebra/src/fft/domain/mod.rs +++ b/algebra/src/fft/domain/mod.rs @@ -22,21 +22,16 @@ pub use self::mixed_radix_2_domain::*; #[cfg(test)] mod test; -use crate::{ - SparsePolynomial, - multicore::Worker, - Error, -}; use crate::PrimeField; +use crate::{multicore::Worker, Error, SparsePolynomial}; use rayon::prelude::*; //use std::hash::Hash; -use std::fmt::Debug; -use std::any::Any; use rand::Rng; +use std::any::Any; +use std::fmt::Debug; /// Defines a domain over which finite field (I)FFTs can be performed. -pub trait EvaluationDomain: Debug + Send + Sync -{ +pub trait EvaluationDomain: Debug + Send + Sync { /// Returns the size of the domain fn size(&self) -> usize; @@ -123,18 +118,25 @@ pub trait EvaluationDomain: Debug + Send + Sync /// evaluations in the domain. /// Returns the evaluations of the product over the domain. #[must_use] - fn mul_polynomials_in_evaluation_domain(&self, self_evals: &[F], other_evals: &[F]) -> Result, Error> { + fn mul_polynomials_in_evaluation_domain( + &self, + self_evals: &[F], + other_evals: &[F], + ) -> Result, Error> { if self_evals.len() != other_evals.len() { Err(format!("Evals sizes are not same"))? } let mut result = self_evals.to_vec(); - result.par_iter_mut().zip(other_evals).for_each(|(a,b)| *a *= b); + result + .par_iter_mut() + .zip(other_evals) + .for_each(|(a, b)| *a *= b); Ok(result) } - /// Given an arbitrary field element `tau`, compute the Lagrange kernel + /// Given an arbitrary field element `tau`, compute the Lagrange kernel /// L(z,tau) = 1/n * z * (1 - tau^n)/(z -tau). - /// The Lagrange kernel is useful when one needs to evaluate many polynomials given in + /// The Lagrange kernel is useful when one needs to evaluate many polynomials given in /// Lagrange representation at that given point. /// This implementation works also if `tau` is selected from the domain. fn evaluate_all_lagrange_coefficients(&self, tau: F) -> Vec { @@ -164,7 +166,7 @@ pub trait EvaluationDomain: Debug + Send + Sync let mut u = vec![F::zero(); size]; let mut ls = vec![F::zero(); size]; // u[i] = tau - z at z = g^i, - // ls[i] = (tau^n - 1)/n * g^i, + // ls[i] = (tau^n - 1)/n * g^i, for i in 0..size { u[i] = tau - &r; ls[i] = l; @@ -173,7 +175,7 @@ pub trait EvaluationDomain: Debug + Send + Sync } batch_inversion(u.as_mut_slice()); - // We compute L(z,tau) = u[i]*ls[i]. + // We compute L(z,tau) = u[i]*ls[i]. u.par_iter_mut().zip(ls).for_each(|(tau_minus_r, l)| { *tau_minus_r *= l; }); @@ -224,27 +226,28 @@ pub trait EvaluationDomain: Debug + Send + Sync cur_elem: F::one(), cur_pow: 0, size: self.size() as u64, - group_gen: self.group_gen() + group_gen: self.group_gen(), } } // Support to PartialEq to make this trait a trait object - fn eq(&self, other: & dyn EvaluationDomain) -> bool; + fn eq(&self, other: &dyn EvaluationDomain) -> bool; - fn as_any(&self) -> & dyn Any; + fn as_any(&self) -> &dyn Any; // Support to Clone to make this trait a trait object fn clone_and_box(&self) -> Box>; } -impl<'a, 'b, F: PrimeField> PartialEq+'b> for dyn EvaluationDomain+'a { - fn eq(&self, other: &(dyn EvaluationDomain+'b)) -> bool { +impl<'a, 'b, F: PrimeField> PartialEq + 'b> + for dyn EvaluationDomain + 'a +{ + fn eq(&self, other: &(dyn EvaluationDomain + 'b)) -> bool { EvaluationDomain::::eq(self, other) } } -impl Clone for Box> -{ +impl Clone for Box> { fn clone(&self) -> Box> { self.clone_and_box() } @@ -252,10 +255,10 @@ impl Clone for Box> /// An iterator over the elements of the domain. pub struct Elements { - cur_elem: F, - cur_pow: u64, - size: u64, - group_gen: F, + cur_elem: F, + cur_pow: u64, + size: u64, + group_gen: F, } impl Iterator for Elements { @@ -272,10 +275,10 @@ impl Iterator for Elements { } } -pub fn sample_element_outside_domain< - F: PrimeField, - R: Rng ->(domain: &Box>, rng: &mut R) -> F { +pub fn sample_element_outside_domain( + domain: &Box>, + rng: &mut R, +) -> F { let mut t = F::rand(rng); while domain.evaluate_vanishing_polynomial(t).is_zero() { t = F::rand(rng); @@ -285,10 +288,10 @@ pub fn sample_element_outside_domain< #[cfg(test)] mod tests { + use crate::fields::tweedle::fr::Fr; use crate::get_best_evaluation_domain; use crate::Field; - use crate::fields::tweedle::fr::Fr; - use rand::{Rng, thread_rng}; + use rand::{thread_rng, Rng}; #[test] fn vanishing_polynomial_evaluation() { @@ -299,7 +302,10 @@ mod tests { let z = domain.vanishing_polynomial(); for _ in 0..100 { let point = rng.gen(); - assert_eq!(z.evaluate(point), domain.evaluate_vanishing_polynomial(point)) + assert_eq!( + z.evaluate(point), + domain.evaluate_vanishing_polynomial(point) + ) } } } diff --git a/algebra/src/fft/domain/test.rs b/algebra/src/fft/domain/test.rs index 6f37d7800..83bdcce12 100644 --- a/algebra/src/fft/domain/test.rs +++ b/algebra/src/fft/domain/test.rs @@ -1,9 +1,9 @@ -use crate::{PrimeField, FpParameters}; -use crate::{domain::*, multicore::*}; use crate::fields::tweedle::Fr; +use crate::{domain::*, multicore::*}; +use crate::{FpParameters, PrimeField}; use rand; -use std::cmp::min; use rand::Rng; +use std::cmp::min; // Test multiplying various (low degree) polynomials together and // comparing with naive evaluations. @@ -60,11 +60,23 @@ fn fft_consistency() { let domain = get_best_evaluation_domain::(v1.len()).unwrap(); for log_cpus in log_d..min(log_d + 1, 3) { - if log_d (rng); -} \ No newline at end of file +} diff --git a/algebra/src/fft/evaluations.rs b/algebra/src/fft/evaluations.rs index c53832fe8..ea07ffb32 100644 --- a/algebra/src/fft/evaluations.rs +++ b/algebra/src/fft/evaluations.rs @@ -1,8 +1,8 @@ //! A polynomial represented in evaluations form. -use std::ops::{Add, Sub, Mul, Div, AddAssign, SubAssign, MulAssign, DivAssign}; -use crate::{PrimeField, serialize::*}; -use crate::{DensePolynomial, EvaluationDomain, get_best_evaluation_domain}; +use crate::{get_best_evaluation_domain, DensePolynomial, EvaluationDomain}; +use crate::{serialize::*, PrimeField}; +use std::ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Sub, SubAssign}; /// Stores a polynomial in evaluation form. #[derive(Debug)] @@ -26,20 +26,17 @@ impl CanonicalSerialize for Evaluations { impl CanonicalDeserialize for Evaluations { fn deserialize(reader: R) -> Result { let evals: Vec = CanonicalDeserialize::deserialize(reader)?; - let domain = get_best_evaluation_domain::(evals.len()) - .ok_or(SerializationError::InvalidData)?; + let domain = + get_best_evaluation_domain::(evals.len()).ok_or(SerializationError::InvalidData)?; - Ok(Self { evals, domain}) + Ok(Self { evals, domain }) } } impl Evaluations { /// Construct `Self` from evaluations and a domain. pub fn from_vec_and_domain(evals: Vec, domain: Box>) -> Self { - Self { - evals, - domain, - } + Self { evals, domain } } /// Interpolate a polynomial from a list of evaluations @@ -64,7 +61,6 @@ impl std::ops::Index for Evaluations { } impl<'a, 'b, F: PrimeField> Mul<&'a Evaluations> for &'b Evaluations { - type Output = Evaluations; #[inline] @@ -78,13 +74,19 @@ impl<'a, 'b, F: PrimeField> Mul<&'a Evaluations> for &'b Evaluations { impl<'a, F: PrimeField> MulAssign<&'a Evaluations> for Evaluations { #[inline] fn mul_assign(&mut self, other: &'a Evaluations) { - assert_eq!(self.domain.as_ref(), other.domain.as_ref(), "domains are unequal"); - self.evals.iter_mut().zip(&other.evals).for_each(|(a, b)| *a *= b); + assert_eq!( + self.domain.as_ref(), + other.domain.as_ref(), + "domains are unequal" + ); + self.evals + .iter_mut() + .zip(&other.evals) + .for_each(|(a, b)| *a *= b); } } impl<'a, 'b, F: PrimeField> Add<&'a Evaluations> for &'b Evaluations { - type Output = Evaluations; #[inline] @@ -98,13 +100,19 @@ impl<'a, 'b, F: PrimeField> Add<&'a Evaluations> for &'b Evaluations { impl<'a, F: PrimeField> AddAssign<&'a Evaluations> for Evaluations { #[inline] fn add_assign(&mut self, other: &'a Evaluations) { - assert_eq!(self.domain.as_ref(), other.domain.as_ref(), "domains are unequal"); - self.evals.iter_mut().zip(&other.evals).for_each(|(a, b)| *a += b); + assert_eq!( + self.domain.as_ref(), + other.domain.as_ref(), + "domains are unequal" + ); + self.evals + .iter_mut() + .zip(&other.evals) + .for_each(|(a, b)| *a += b); } } impl<'a, 'b, F: PrimeField> Sub<&'a Evaluations> for &'b Evaluations { - type Output = Evaluations; #[inline] @@ -118,13 +126,19 @@ impl<'a, 'b, F: PrimeField> Sub<&'a Evaluations> for &'b Evaluations { impl<'a, F: PrimeField> SubAssign<&'a Evaluations> for Evaluations { #[inline] fn sub_assign(&mut self, other: &'a Evaluations) { - assert_eq!(self.domain.as_ref(), other.domain.as_ref(), "domains are unequal"); - self.evals.iter_mut().zip(&other.evals).for_each(|(a, b)| *a -= b); + assert_eq!( + self.domain.as_ref(), + other.domain.as_ref(), + "domains are unequal" + ); + self.evals + .iter_mut() + .zip(&other.evals) + .for_each(|(a, b)| *a -= b); } } impl<'a, 'b, F: PrimeField> Div<&'a Evaluations> for &'b Evaluations { - type Output = Evaluations; #[inline] @@ -138,23 +152,29 @@ impl<'a, 'b, F: PrimeField> Div<&'a Evaluations> for &'b Evaluations { impl<'a, F: PrimeField> DivAssign<&'a Evaluations> for Evaluations { #[inline] fn div_assign(&mut self, other: &'a Evaluations) { - assert_eq!(self.domain.as_ref(), other.domain.as_ref(), "domains are unequal"); - self.evals.iter_mut().zip(&other.evals).for_each(|(a, b)| *a /= b); + assert_eq!( + self.domain.as_ref(), + other.domain.as_ref(), + "domains are unequal" + ); + self.evals + .iter_mut() + .zip(&other.evals) + .for_each(|(a, b)| *a /= b); } } impl Clone for Evaluations { fn clone(&self) -> Self { - Self{ + Self { evals: self.evals.clone(), domain: self.domain.clone(), } } } -impl PartialEq for Evaluations{ +impl PartialEq for Evaluations { fn eq(&self, other: &Self) -> bool { - self.evals.eq(&other.evals) && - self.domain.eq(&other.domain) + self.evals.eq(&other.evals) && self.domain.eq(&other.domain) } } diff --git a/algebra/src/fft/mod.rs b/algebra/src/fft/mod.rs index 85c8931b6..4140831c9 100644 --- a/algebra/src/fft/mod.rs +++ b/algebra/src/fft/mod.rs @@ -6,6 +6,4 @@ pub(crate) mod multicore; pub use domain::*; pub use evaluations::Evaluations; -pub use polynomial::{DensePolynomial, SparsePolynomial, DenseOrSparsePolynomial}; - - +pub use polynomial::{DenseOrSparsePolynomial, DensePolynomial, SparsePolynomial}; diff --git a/algebra/src/fft/multicore.rs b/algebra/src/fft/multicore.rs index b1493825b..e5799bc58 100644 --- a/algebra/src/fft/multicore.rs +++ b/algebra/src/fft/multicore.rs @@ -31,4 +31,4 @@ impl Worker { rayon::scope(move |scope| f(scope, chunk_size)) } -} \ No newline at end of file +} diff --git a/algebra/src/fft/polynomial/dense.rs b/algebra/src/fft/polynomial/dense.rs index c466501d8..e7c634cce 100644 --- a/algebra/src/fft/polynomial/dense.rs +++ b/algebra/src/fft/polynomial/dense.rs @@ -1,11 +1,11 @@ //! A polynomial represented in coefficient form. -use std::fmt; -use std::ops::{Add, AddAssign, Deref, DerefMut, Div, Mul, Neg, Sub, SubAssign}; -use crate::{Field, PrimeField, ToBytes, FromBytes, serialize::*}; -use crate::{Evaluations, EvaluationDomain, DenseOrSparsePolynomial, get_best_evaluation_domain}; +use crate::{get_best_evaluation_domain, DenseOrSparsePolynomial, EvaluationDomain, Evaluations}; +use crate::{serialize::*, Field, FromBytes, PrimeField, ToBytes}; use rand::Rng; use rayon::prelude::*; +use std::fmt; +use std::ops::{Add, AddAssign, Deref, DerefMut, Div, Mul, Neg, Sub, SubAssign}; /// Stores a polynomial in coefficient form. #[derive(Clone, PartialEq, Eq, Hash, Default, CanonicalSerialize, CanonicalDeserialize)] @@ -14,8 +14,7 @@ pub struct DensePolynomial { pub coeffs: Vec, } -impl ToBytes for DensePolynomial -{ +impl ToBytes for DensePolynomial { fn write(&self, mut w: W) -> std::io::Result<()> { (self.coeffs.len() as u64).write(&mut w)?; for c in self.coeffs.iter() { @@ -25,8 +24,7 @@ impl ToBytes for DensePolynomial } } -impl FromBytes for DensePolynomial -{ +impl FromBytes for DensePolynomial { fn read(mut reader: Read) -> std::io::Result> { let mut coeffs = vec![]; let coeffs_count = u64::read(&mut reader) @@ -162,13 +160,19 @@ impl DensePolynomial { pub fn mul_by_vanishing_poly(&self, domain_size: usize) -> DensePolynomial { let mut shifted = vec![F::zero(); domain_size]; shifted.extend_from_slice(&self.coeffs); - shifted.par_iter_mut().zip(&self.coeffs).for_each(|(s, c)| *s -= c); + shifted + .par_iter_mut() + .zip(&self.coeffs) + .for_each(|(s, c)| *s -= c); DensePolynomial::from_coefficients_vec(shifted) } /// Divide `self` by the vanishing polynomial for the domain `domain`. /// Returns the quotient and remainder of the division. - pub fn divide_by_vanishing_poly(&self, domain: &Box>) -> Option<(DensePolynomial, DensePolynomial)> { + pub fn divide_by_vanishing_poly( + &self, + domain: &Box>, + ) -> Option<(DensePolynomial, DensePolynomial)> { let self_poly: DenseOrSparsePolynomial = self.into(); let vanishing_poly: DenseOrSparsePolynomial = domain.vanishing_polynomial().into(); self_poly.divide_with_q_and_r(&vanishing_poly) @@ -260,7 +264,10 @@ impl<'a, 'b, F: Field> AddAssign<(F, &'a DensePolynomial)> for DensePolynomia impl DensePolynomial { /// Evaluate `self` over `domain`. - pub fn evaluate_over_domain_by_ref(&self, domain: Box>) -> Evaluations { + pub fn evaluate_over_domain_by_ref( + &self, + domain: Box>, + ) -> Evaluations { let poly: DenseOrSparsePolynomial<'_, F> = self.into(); DenseOrSparsePolynomial::::evaluate_over_domain(poly, domain) } @@ -379,26 +386,30 @@ impl Mul for DensePolynomial { type Output = DensePolynomial; fn mul(self, other: F) -> DensePolynomial { - <&DensePolynomial as Mul<&DensePolynomial>>::mul(&self, &DensePolynomial::from_coefficients_slice(&[other])) + <&DensePolynomial as Mul<&DensePolynomial>>::mul( + &self, + &DensePolynomial::from_coefficients_slice(&[other]), + ) } } - impl<'a, F: PrimeField> Mul for &'a DensePolynomial { type Output = DensePolynomial; fn mul(self, other: F) -> DensePolynomial { - <&DensePolynomial as Mul<&DensePolynomial>>::mul(&self, &DensePolynomial::from_coefficients_slice(&[other])) + <&DensePolynomial as Mul<&DensePolynomial>>::mul( + &self, + &DensePolynomial::from_coefficients_slice(&[other]), + ) } } - #[cfg(test)] mod tests { use crate::domain::get_best_evaluation_domain; - use crate::polynomial::*; use crate::fields::tweedle::fr::Fr; use crate::fields::Field; + use crate::polynomial::*; use crate::UniformRand; use rand::thread_rng; @@ -435,7 +446,9 @@ mod tests { let mut p1 = DensePolynomial::rand(a_degree, rng); let p2 = DensePolynomial::rand(b_degree, rng); let f = Fr::rand(rng); - let f_p2 = DensePolynomial::from_coefficients_vec(p2.coeffs.iter().map(|c| f * c).collect()); + let f_p2 = DensePolynomial::from_coefficients_vec( + p2.coeffs.iter().map(|c| f * c).collect(), + ); let res2 = &f_p2 + &p1; p1 += (f, &p2); let res1 = p1; @@ -485,7 +498,10 @@ mod tests { for b_degree in 0..70 { let dividend = DensePolynomial::::rand(a_degree, rng); let divisor = DensePolynomial::::rand(b_degree, rng); - if let Some((quotient, remainder)) = DenseOrSparsePolynomial::divide_with_q_and_r(&(÷nd).into(), &(&divisor).into()) { + if let Some((quotient, remainder)) = DenseOrSparsePolynomial::divide_with_q_and_r( + &(÷nd).into(), + &(&divisor).into(), + ) { assert_eq!(dividend, &(&divisor * "ient) + &remainder) } } diff --git a/algebra/src/fft/polynomial/mod.rs b/algebra/src/fft/polynomial/mod.rs index af36eedda..1959cc708 100644 --- a/algebra/src/fft/polynomial/mod.rs +++ b/algebra/src/fft/polynomial/mod.rs @@ -1,11 +1,10 @@ //! Work with sparse and dense polynomials. +use crate::{EvaluationDomain, Evaluations}; use crate::{Field, PrimeField}; use std::borrow::Cow; use std::convert::TryInto; use DenseOrSparsePolynomial::*; -use crate::{Evaluations, EvaluationDomain}; - mod dense; mod sparse; @@ -34,7 +33,6 @@ impl<'a, F: 'a + Field> From<&'a DensePolynomial> for DenseOrSparsePolynomial } } - impl From> for DenseOrSparsePolynomial<'_, F> { fn from(other: SparsePolynomial) -> Self { SPolynomial(Cow::Owned(other)) @@ -47,7 +45,6 @@ impl<'a, F: Field> From<&'a SparsePolynomial> for DenseOrSparsePolynomial<'a, } } - impl Into> for DenseOrSparsePolynomial<'_, F> { fn into(self) -> DensePolynomial { match self { @@ -63,7 +60,7 @@ impl TryInto> for DenseOrSparsePolynomial<'_, F> { fn try_into(self) -> Result, ()> { match self { SPolynomial(p) => Ok(p.into_owned()), - _ => Err(()) + _ => Err(()), } } } @@ -102,7 +99,10 @@ impl DenseOrSparsePolynomial<'_, F> { } /// Divide self by another (sparse or dense) polynomial, and returns the quotient and remainder. - pub fn divide_with_q_and_r(&self, divisor: &Self) -> Option<(DensePolynomial, DensePolynomial)> { + pub fn divide_with_q_and_r( + &self, + divisor: &Self, + ) -> Option<(DensePolynomial, DensePolynomial)> { if self.is_zero() { Some((DensePolynomial::zero(), DensePolynomial::zero())) } else if divisor.is_zero() { @@ -133,11 +133,10 @@ impl DenseOrSparsePolynomial<'_, F> { } } impl DenseOrSparsePolynomial<'_, F> { - /// Construct `Evaluations` by evaluating a polynomial over the domain `domain`. pub fn evaluate_over_domain( poly: impl Into, - domain: Box> + domain: Box>, ) -> Evaluations { let poly = poly.into(); poly.eval_over_domain_helper(domain) @@ -161,6 +160,5 @@ impl DenseOrSparsePolynomial<'_, F> { Evaluations::from_vec_and_domain(d.coeffs, domain) } } - } } diff --git a/algebra/src/fft/polynomial/sparse.rs b/algebra/src/fft/polynomial/sparse.rs index 2ab4fcc2e..3dd5aa088 100644 --- a/algebra/src/fft/polynomial/sparse.rs +++ b/algebra/src/fft/polynomial/sparse.rs @@ -2,9 +2,9 @@ use std::fmt; -use crate::{Field, PrimeField}; use crate::DensePolynomial; use crate::{DenseOrSparsePolynomial, EvaluationDomain, Evaluations}; +use crate::{Field, PrimeField}; /// Stores a sparse polynomial in coefficient form. #[derive(Clone, PartialEq, Eq, Hash, Default)] @@ -96,10 +96,12 @@ impl SparsePolynomial { } } - impl SparsePolynomial { /// Evaluate `self` over `domain`. - pub fn evaluate_over_domain_by_ref(&self, domain: Box>) -> Evaluations { + pub fn evaluate_over_domain_by_ref( + &self, + domain: Box>, + ) -> Evaluations { let poly: DenseOrSparsePolynomial<'_, F> = self.into(); DenseOrSparsePolynomial::::evaluate_over_domain(poly, domain) } @@ -123,9 +125,9 @@ impl Into> for SparsePolynomial { #[cfg(test)] mod tests { - use crate::{get_best_evaluation_domain, DensePolynomial, SparsePolynomial}; use crate::fields::tweedle::fr::Fr; use crate::Field; + use crate::{get_best_evaluation_domain, DensePolynomial, SparsePolynomial}; #[test] fn evaluate_over_domain() { diff --git a/algebra/src/fields/arithmetic.rs b/algebra/src/fields/arithmetic.rs index c2b43c735..72b39b2a4 100644 --- a/algebra/src/fields/arithmetic.rs +++ b/algebra/src/fields/arithmetic.rs @@ -17,7 +17,7 @@ macro_rules! impl_montgomery_reduction { (self.0).0.copy_from_slice(&r[$limbs..]); self.reduce(); } - } + }; } /// This modular multiplication algorithm uses Montgomery @@ -113,7 +113,7 @@ macro_rules! impl_field_mul_short_assign { } self.reduce(); } - } + }; } macro_rules! impl_field_into_repr { @@ -543,7 +543,6 @@ macro_rules! impl_mul_short { #[allow(unused_qualifications)] impl MulShortAssign for $type

{ - #[inline] fn mul_short_assign(&mut self, other: Self) { self.mul_short_assign(&other) @@ -552,11 +551,10 @@ macro_rules! impl_mul_short { #[allow(unused_qualifications)] impl<'a, P: $params> MulShortAssign<&'a mut Self> for $type

{ - #[inline] fn mul_short_assign(&mut self, other: &'a mut Self) { self.mul_short_assign(&*other) } } }; -} \ No newline at end of file +} diff --git a/algebra/src/fields/macros.rs b/algebra/src/fields/macros.rs index 15896515c..32e43223f 100644 --- a/algebra/src/fields/macros.rs +++ b/algebra/src/fields/macros.rs @@ -41,10 +41,7 @@ macro_rules! impl_prime_field_serializer { impl CanonicalSerialize for $field

{ #[inline] - fn serialize( - &self, - writer: W, - ) -> Result<(), SerializationError> { + fn serialize(&self, writer: W) -> Result<(), SerializationError> { self.serialize_with_flags(writer, EmptyFlags) } @@ -617,4 +614,4 @@ macro_rules! impl_Fp { } } } -} \ No newline at end of file +} diff --git a/algebra/src/fields/mod.rs b/algebra/src/fields/mod.rs index 0e0f997e6..db0be840d 100644 --- a/algebra/src/fields/mod.rs +++ b/algebra/src/fields/mod.rs @@ -1,19 +1,20 @@ use crate::{ - biginteger::BigInteger, bytes::{FromBytes, ToBytes}, UniformRand, bits::{ToBits, FromBits}, - Error, BitSerializationError, SemanticallyValid, FromBytesChecked, - serialize:: { - CanonicalSerialize, CanonicalDeserialize, - CanonicalSerializeWithFlags, CanonicalDeserializeWithFlags, - Flags, EmptyFlags - } + biginteger::BigInteger, + bits::{FromBits, ToBits}, + bytes::{FromBytes, ToBytes}, + serialize::{ + CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, EmptyFlags, Flags, + }, + BitSerializationError, Error, FromBytesChecked, SemanticallyValid, UniformRand, }; +use serde::{Deserialize, Serialize}; use std::{ fmt::{Debug, Display}, hash::Hash, ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}, str::FromStr, }; -use serde::{Serialize, Deserialize}; #[macro_use] mod macros; @@ -34,8 +35,8 @@ pub use self::models::*; macro_rules! field_new { ($name:ident, $c0:expr) => { $name { - 0: $c0, - 1: std::marker::PhantomData + 0: $c0, + 1: std::marker::PhantomData, } }; ($name:ident, $c0:expr, $c1:expr $(,)?) => { @@ -56,7 +57,6 @@ macro_rules! field_new { } pub trait MulShort { - type Output; #[must_use] @@ -64,7 +64,6 @@ pub trait MulShort { } pub trait MulShortAssign { - fn mul_short_assign(&mut self, rhs: Rhs); } @@ -76,7 +75,7 @@ pub trait Field: + ToBits + FromBits + Serialize - + for <'a> Deserialize<'a> + + for<'a> Deserialize<'a> + CanonicalSerialize + CanonicalSerializeWithFlags + CanonicalDeserialize @@ -213,10 +212,11 @@ pub trait Field: } } -use std::io::{ Read, Result as IoResult }; +use std::io::{Read, Result as IoResult}; impl FromBytesChecked for F { - fn read_checked(reader: R) -> IoResult - { Self::read(reader) } + fn read_checked(reader: R) -> IoResult { + Self::read(reader) + } } /// A trait that defines parameters for a prime field. @@ -328,7 +328,6 @@ pub trait PrimeField: Field + FromStr { fn modulus_minus_one_div_two() -> Self::BigInt { Self::Params::MODULUS_MINUS_ONE_DIV_TWO } - } impl ToBits for F { @@ -363,23 +362,24 @@ impl FromBits for F { //NOTE: We allow bits having enough leading bits to zero s.t. the length will be <= F::MODULUS_BITS let leading_zeros = leading_zeros(bits.as_slice()) as usize; let bits = &bits.as_slice()[leading_zeros..]; - match bits.len() <= modulus_bits { + match bits.len() <= modulus_bits { true => { let read_bigint = ::BigInt::from_bits(bits); match read_bigint < F::Params::MODULUS { true => Ok(Self::from_repr(read_bigint)), false => { - let e = Box::new( - BitSerializationError::InvalidFieldElement("element is over the field modulus".to_owned()) - ); + let e = Box::new(BitSerializationError::InvalidFieldElement( + "element is over the field modulus".to_owned(), + )); Err(e) } } - }, + } false => { - let e = Box::new( - BitSerializationError::InvalidFieldElement(format!("bit vec length is greater than the modulus bits ({})", modulus_bits)) - ); + let e = Box::new(BitSerializationError::InvalidFieldElement(format!( + "bit vec length is greater than the modulus bits ({})", + modulus_bits + ))); Err(e) } } diff --git a/algebra/src/fields/models/cubic_extension.rs b/algebra/src/fields/models/cubic_extension.rs index 4f4be0bec..1a7e327ed 100644 --- a/algebra/src/fields/models/cubic_extension.rs +++ b/algebra/src/fields/models/cubic_extension.rs @@ -1,25 +1,24 @@ +use rand::{ + distributions::{Distribution, Standard}, + Rng, +}; use std::{ cmp::{Ord, Ordering, PartialOrd}, fmt, + io::{Read, Result as IoResult, Write}, marker::PhantomData, ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}, - io::{Read, Result as IoResult, Write}, -}; -use rand::{ - distributions::{Distribution, Standard}, - Rng, }; use crate::{ - bytes::{FromBytes, ToBytes}, bits::{FromBits, ToBits}, + bytes::{FromBytes, ToBytes}, fields::{Field, FpParameters, PrimeField}, - UniformRand, Error, SemanticallyValid, - CanonicalSerialize, Flags, - SerializationError, CanonicalSerializeWithFlags, CanonicalDeserialize, - CanonicalDeserializeWithFlags, EmptyFlags + CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, EmptyFlags, Error, Flags, SemanticallyValid, SerializationError, + UniformRand, }; -use serde::{Serialize, Deserialize}; +use serde::{Deserialize, Serialize}; /// Model for cubic extension field of a prime field F=BasePrimeField /// F3 = F[X]/(X^3-alpha), @@ -68,13 +67,13 @@ pub trait CubicExtParameters: 'static + Send + Sync { #[derive(Derivative)] #[derivative( -Default(bound = "P: CubicExtParameters"), -Hash(bound = "P: CubicExtParameters"), -Clone(bound = "P: CubicExtParameters"), -Copy(bound = "P: CubicExtParameters"), -Debug(bound = "P: CubicExtParameters"), -PartialEq(bound = "P: CubicExtParameters"), -Eq(bound = "P: CubicExtParameters"), + Default(bound = "P: CubicExtParameters"), + Hash(bound = "P: CubicExtParameters"), + Clone(bound = "P: CubicExtParameters"), + Copy(bound = "P: CubicExtParameters"), + Debug(bound = "P: CubicExtParameters"), + PartialEq(bound = "P: CubicExtParameters"), + Eq(bound = "P: CubicExtParameters") )] #[derive(Serialize, Deserialize)] pub struct CubicExtField { @@ -115,7 +114,6 @@ impl CubicExtField

{ } } - impl Field for CubicExtField

{ type BasePrimeField = P::BasePrimeField; @@ -146,9 +144,9 @@ impl Field for CubicExtField

{ } fn is_odd(&self) -> bool { - self.c2.is_odd() || - (self.c2.is_zero() && self.c1.is_odd()) || - ( self.c2.is_zero() && self.c1.is_zero() && self.c0.is_odd()) + self.c2.is_odd() + || (self.c2.is_zero() && self.c1.is_odd()) + || (self.c2.is_zero() && self.c1.is_zero() && self.c0.is_odd()) } #[inline] @@ -268,7 +266,7 @@ impl Field for CubicExtField

{ if let Some(c0) = P::BaseField::from_random_bytes(&bytes[..split_at]) { if let Some(c1) = P::BaseField::from_random_bytes(&bytes[split_at..2 * split_at]) { if let Some((c2, flags)) = - P::BaseField::from_random_bytes_with_flags(&bytes[2 * split_at..]) + P::BaseField::from_random_bytes_with_flags(&bytes[2 * split_at..]) { return Some((CubicExtField::new(c0, c1, c2), flags)); } @@ -310,8 +308,8 @@ impl PartialOrd for CubicExtField

{ } impl From for CubicExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u128) -> Self { let fe: P::BaseField = other.into(); @@ -320,8 +318,8 @@ impl From for CubicExtField

} impl From for CubicExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u64) -> Self { let fe: P::BaseField = other.into(); @@ -330,8 +328,8 @@ impl From for CubicExtField

} impl From for CubicExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u32) -> Self { let fe: P::BaseField = other.into(); @@ -340,8 +338,8 @@ impl From for CubicExtField

} impl From for CubicExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u16) -> Self { let fe: P::BaseField = other.into(); @@ -350,8 +348,8 @@ impl From for CubicExtField

} impl From for CubicExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u8) -> Self { let fe: P::BaseField = other.into(); @@ -384,16 +382,16 @@ impl ToBits for CubicExtField

{ bits.extend_from_slice(self.c1.write_bits().as_slice()); bits.extend_from_slice(self.c2.write_bits().as_slice()); bits - } } impl FromBits for CubicExtField

{ fn read_bits(bits: Vec) -> Result { - let size = (P::DEGREE_OVER_BASE_PRIME_FIELD/3) * ::Params::MODULUS_BITS as usize; + let size = (P::DEGREE_OVER_BASE_PRIME_FIELD / 3) + * ::Params::MODULUS_BITS as usize; let c0 = P::BaseField::read_bits(bits[..size].to_vec())?; - let c1 = P::BaseField::read_bits(bits[size..(2*size)].to_vec())?; - let c2 = P::BaseField::read_bits(bits[(2*size)..].to_vec())?; + let c1 = P::BaseField::read_bits(bits[size..(2 * size)].to_vec())?; + let c2 = P::BaseField::read_bits(bits[(2 * size)..].to_vec())?; Ok(CubicExtField::new(c0, c1, c2)) } } @@ -456,9 +454,7 @@ impl CanonicalDeserialize for CubicExtField

{ impl SemanticallyValid for CubicExtField

{ #[inline] fn is_valid(&self) -> bool { - self.c0.is_valid() && - self.c1.is_valid() && - self.c2.is_valid() + self.c0.is_valid() && self.c1.is_valid() && self.c2.is_valid() } } @@ -590,4 +586,4 @@ impl fmt::Display for CubicExtField

{ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!(f, "CubicExtField({}, {}, {})", self.c0, self.c1, self.c2) } -} \ No newline at end of file +} diff --git a/algebra/src/fields/models/fp12_2over3over2.rs b/algebra/src/fields/models/fp12_2over3over2.rs index 079b8f633..5725b9b31 100644 --- a/algebra/src/fields/models/fp12_2over3over2.rs +++ b/algebra/src/fields/models/fp12_2over3over2.rs @@ -219,4 +219,4 @@ mod test { assert!(characteristic_square_mod_6_is_one(&[41, 41])); assert!(characteristic_square_mod_6_is_one(&[1, std::u64::MAX])); } -} \ No newline at end of file +} diff --git a/algebra/src/fields/models/fp2.rs b/algebra/src/fields/models/fp2.rs index 32ccb484b..27b9cc221 100644 --- a/algebra/src/fields/models/fp2.rs +++ b/algebra/src/fields/models/fp2.rs @@ -1,7 +1,5 @@ use super::quadratic_extension::*; -use crate::fields::{ - PrimeField, SquareRootField -}; +use crate::fields::{PrimeField, SquareRootField}; use std::marker::PhantomData; pub trait Fp2Parameters: 'static + Send + Sync { @@ -51,4 +49,4 @@ impl Fp2

{ self.c0 *= other; self.c1 *= other; } -} \ No newline at end of file +} diff --git a/algebra/src/fields/models/fp3.rs b/algebra/src/fields/models/fp3.rs index e66b59fb4..6047a5941 100644 --- a/algebra/src/fields/models/fp3.rs +++ b/algebra/src/fields/models/fp3.rs @@ -92,4 +92,4 @@ impl SquareRootField for Fp3

{ self }) } -} \ No newline at end of file +} diff --git a/algebra/src/fields/models/fp4.rs b/algebra/src/fields/models/fp4.rs index 2ea53cff8..2be0b86d8 100644 --- a/algebra/src/fields/models/fp4.rs +++ b/algebra/src/fields/models/fp4.rs @@ -2,9 +2,9 @@ use super::quadratic_extension::*; use std::marker::PhantomData; use crate::{ - fields::{Fp2, Fp2Parameters, Field, SquareRootField}, - bits::{ToBits, ToCompressedBits, FromBits, FromCompressedBits}, - Error, BitSerializationError, + bits::{FromBits, FromCompressedBits, ToBits, ToCompressedBits}, + fields::{Field, Fp2, Fp2Parameters, SquareRootField}, + BitSerializationError, Error, }; /// Model for quadratic extension field F4 as towered extension @@ -64,7 +64,10 @@ impl QuadExtParameters for Fp4ParamsWrapper

{ let c = b.square() - &a; let d = Self::mul_base_field_by_nonresidue(&a); let e = c - &d; - QuadExtField::::new(d.double() + &Self::BaseField::one(), e - &Self::BaseField::one()) + QuadExtField::::new( + d.double() + &Self::BaseField::one(), + e - &Self::BaseField::one(), + ) } } @@ -82,14 +85,12 @@ impl Fp4

{ } //Mul by an element of the form (c0: [c0, 0] c1: [c2, c3]) - pub fn mul_by_023(self, other: &Self) -> Self - { - let v0 = - { - let v0_c0 = self.c0.c0 * &other.c0.c0; - let v0_c1 = self.c0.c1 * &other.c0.c0; - Fp2::new(v0_c0, v0_c1) - }; + pub fn mul_by_023(self, other: &Self) -> Self { + let v0 = { + let v0_c0 = self.c0.c0 * &other.c0.c0; + let v0_c1 = self.c0.c1 * &other.c0.c0; + Fp2::new(v0_c0, v0_c1) + }; let v1 = self.c1 * &other.c1; let c0 = v0 + &P::mul_fp2_by_nonresidue(&v1); @@ -105,10 +106,8 @@ impl Fp4

{ /// of the result. impl ToCompressedBits for Fp4

{ - #[inline] fn compress(&self) -> Vec { - //Serialize c1 let mut res = self.c1.write_bits(); @@ -121,7 +120,6 @@ impl ToCompressedBits for Fp4

{ } impl FromCompressedBits for Fp4

{ - #[inline] fn decompress(compressed: Vec) -> Result { let len = compressed.len() - 1; @@ -137,15 +135,18 @@ impl FromCompressedBits for Fp4

{ }; match c0 { - //Estabilish c0 parity Some(c0_u) => { - let c0_s = if c0_u.is_odd() ^ parity_flag_set {-c0_u} else {c0_u}; + let c0_s = if c0_u.is_odd() ^ parity_flag_set { + -c0_u + } else { + c0_u + }; Ok(Self::new(c0_s, c1)) - }, + } //sqrt(1 + nr*c1^2) doesn't exists in the field _ => Err(Box::new(BitSerializationError::UndefinedSqrt)), } } -} \ No newline at end of file +} diff --git a/algebra/src/fields/models/fp6_2over3.rs b/algebra/src/fields/models/fp6_2over3.rs index e472fb0ef..a4c67ab5e 100644 --- a/algebra/src/fields/models/fp6_2over3.rs +++ b/algebra/src/fields/models/fp6_2over3.rs @@ -1,11 +1,11 @@ use super::quadratic_extension::*; use std::marker::PhantomData; -use std::ops::{Neg, MulAssign}; +use std::ops::{MulAssign, Neg}; use crate::{ - fields::{Fp3, Fp3Parameters, Field, SquareRootField}, - bits::{ToBits, ToCompressedBits, FromBits, FromCompressedBits}, - Error, BitSerializationError, + bits::{FromBits, FromCompressedBits, ToBits, ToCompressedBits}, + fields::{Field, Fp3, Fp3Parameters, SquareRootField}, + BitSerializationError, Error, }; /// Model for quadratic extension field F6 as towered extension @@ -44,7 +44,6 @@ impl QuadExtParameters for Fp6ParamsWrapper

{ const DEGREE_OVER_BASE_PRIME_FIELD: usize = 6; - const NONRESIDUE: Self::BaseField = P::NONRESIDUE; const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP6_C1; @@ -124,7 +123,7 @@ impl Fp6

{ //Mul by an element of the form [c0: (0, 0, a), c1: (b, c, d)] pub fn mul_by_2345(self, other: &Self) -> Self - /* Devegili OhEig Scott Dahab --- Multiplication and Squaring on Pairing-Friendly Fields.pdf; Section 3 (Karatsuba) */ +/* Devegili OhEig Scott Dahab --- Multiplication and Squaring on Pairing-Friendly Fields.pdf; Section 3 (Karatsuba) */ { let v0 = { let t = other.c0.c2 * &::NONRESIDUE; @@ -133,7 +132,7 @@ impl Fp6

{ let v1 = self.c1 * &other.c1; let beta_v1 = P::mul_fp3_by_nonresidue(&v1); let c0 = v0 + &beta_v1; - let c1 = (self.c0 + &self.c1) * &(other.c0 + &other.c1) -&v0 -&v1; + let c1 = (self.c0 + &self.c1) * &(other.c0 + &other.c1) - &v0 - &v1; Self::new(c0, c1) } } @@ -144,10 +143,8 @@ impl Fp6

{ /// of the result. impl ToCompressedBits for Fp6

{ - #[inline] fn compress(&self) -> Vec { - //Serialize c1 let mut res = self.c1.write_bits(); @@ -160,7 +157,6 @@ impl ToCompressedBits for Fp6

{ } impl FromCompressedBits for Fp6

{ - #[inline] fn decompress(compressed: Vec) -> Result { let len = compressed.len() - 1; @@ -176,16 +172,19 @@ impl FromCompressedBits for Fp6

{ }; match c0 { - //Estabilish c0 parity Some(c0_u) => { let neg_c0u = c0_u.neg(); - let c0_s = if c0_u.is_odd() ^ parity_flag_set {neg_c0u} else {c0_u}; + let c0_s = if c0_u.is_odd() ^ parity_flag_set { + neg_c0u + } else { + c0_u + }; Ok(Self::new(c0_s, c1)) - }, + } //sqrt(1 + nr*c1^2) doesn't exists in the field _ => Err(Box::new(BitSerializationError::UndefinedSqrt)), } } -} \ No newline at end of file +} diff --git a/algebra/src/fields/models/fp6_3over2.rs b/algebra/src/fields/models/fp6_3over2.rs index 8171205af..65216d4bf 100644 --- a/algebra/src/fields/models/fp6_3over2.rs +++ b/algebra/src/fields/models/fp6_3over2.rs @@ -137,4 +137,4 @@ impl Fp6

{ self.c1 = t2; self.c2 = t3; } -} \ No newline at end of file +} diff --git a/algebra/src/fields/models/mod.rs b/algebra/src/fields/models/mod.rs index acb8855d0..ef506dbf0 100644 --- a/algebra/src/fields/models/mod.rs +++ b/algebra/src/fields/models/mod.rs @@ -14,20 +14,17 @@ use crate::{ }, bytes::{FromBytes, ToBytes}, fields::{ - Field, FpParameters, LegendreSymbol, PrimeField, SquareRootField, - MulShort, MulShortAssign + Field, FpParameters, LegendreSymbol, MulShort, MulShortAssign, PrimeField, SquareRootField, + }, + serialize::{ + buffer_byte_size, CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, EmptyFlags, Flags, SerializationError, }, SemanticallyValid, - serialize:: { - CanonicalSerialize, CanonicalDeserialize, - CanonicalSerializeWithFlags, CanonicalDeserializeWithFlags, - Flags, EmptyFlags, SerializationError, buffer_byte_size - } }; -use std::io::{Read, Result as IoResult, Write, ErrorKind, Error as IoError}; -use serde::{Serialize, Deserialize}; - +use serde::{Deserialize, Serialize}; +use std::io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}; #[cfg(use_asm)] use std::mem::MaybeUninit; diff --git a/algebra/src/fields/models/quadratic_extension.rs b/algebra/src/fields/models/quadratic_extension.rs index a09fd8ec0..17f63b7d7 100644 --- a/algebra/src/fields/models/quadratic_extension.rs +++ b/algebra/src/fields/models/quadratic_extension.rs @@ -1,26 +1,25 @@ +use rand::{ + distributions::{Distribution, Standard}, + Rng, +}; use std::{ cmp::{Ord, Ordering, PartialOrd}, fmt, + io::{Read, Result as IoResult, Write}, marker::PhantomData, ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}, - io::{Read, Write, Result as IoResult}, -}; -use rand::{ - distributions::{Distribution, Standard}, - Rng, }; +use crate::biginteger::arithmetic::find_wnaf; use crate::{ - bytes::{FromBytes, ToBytes}, bits::{FromBits, ToBits}, + bytes::{FromBytes, ToBytes}, fields::{Field, FpParameters, LegendreSymbol, PrimeField, SquareRootField}, - UniformRand, Error, SemanticallyValid, - CanonicalSerialize, Flags, - SerializationError, CanonicalSerializeWithFlags, CanonicalDeserialize, - CanonicalDeserializeWithFlags, EmptyFlags + CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, EmptyFlags, Error, Flags, SemanticallyValid, SerializationError, + UniformRand, }; -use crate::biginteger::arithmetic::find_wnaf; -use serde::{Serialize, Deserialize}; +use serde::{Deserialize, Serialize}; /// Model for quadratic extension field of prime field F=Fp /// F2 = F[X]/(X^2-alpha), @@ -68,13 +67,13 @@ pub trait QuadExtParameters: 'static + Send + Sync + Sized { #[derive(Derivative)] #[derivative( -Default(bound = "P: QuadExtParameters"), -Hash(bound = "P: QuadExtParameters"), -Clone(bound = "P: QuadExtParameters"), -Copy(bound = "P: QuadExtParameters"), -Debug(bound = "P: QuadExtParameters"), -PartialEq(bound = "P: QuadExtParameters"), -Eq(bound = "P: QuadExtParameters"), + Default(bound = "P: QuadExtParameters"), + Hash(bound = "P: QuadExtParameters"), + Clone(bound = "P: QuadExtParameters"), + Copy(bound = "P: QuadExtParameters"), + Debug(bound = "P: QuadExtParameters"), + PartialEq(bound = "P: QuadExtParameters"), + Eq(bound = "P: QuadExtParameters") )] #[derive(Serialize, Deserialize)] pub struct QuadExtField { @@ -105,7 +104,6 @@ impl QuadExtField

{ Self::new(self.c0, -self.c1) } - // (signed) binary square and multiply for r-th roots of unity // used for the final exponentiation in the Ate pairing pub fn cyclotomic_exp>(&self, exponent: S) -> Self { @@ -168,7 +166,7 @@ impl Field for QuadExtField

{ } fn is_odd(&self) -> bool { - self.c1.is_odd() || ( self.c1.is_zero() && self.c0.is_odd()) + self.c1.is_odd() || (self.c1.is_zero() && self.c0.is_odd()) } #[inline] @@ -251,7 +249,7 @@ impl Field for QuadExtField

{ let split_at = bytes.len() / 2; if let Some(c0) = P::BaseField::from_random_bytes(&bytes[..split_at]) { if let Some((c1, flags)) = - P::BaseField::from_random_bytes_with_flags(&bytes[split_at..]) + P::BaseField::from_random_bytes_with_flags(&bytes[split_at..]) { return Some((QuadExtField::new(c0, c1), flags)); } @@ -266,8 +264,8 @@ impl Field for QuadExtField

{ } impl<'a, P: QuadExtParameters> SquareRootField for QuadExtField

- where - P::BaseField: SquareRootField, +where + P::BaseField: SquareRootField, { fn legendre(&self) -> LegendreSymbol { self.norm().legendre() @@ -284,12 +282,8 @@ impl<'a, P: QuadExtParameters> SquareRootField for QuadExtField

Zero => Some(*self), QuadraticNonResidue => None, QuadraticResidue => { - let two_inv = P::BaseField::one() - .double() - .inverse(); - let alpha = self - .norm() - .sqrt(); + let two_inv = P::BaseField::one().double().inverse(); + let alpha = self.norm().sqrt(); if two_inv.is_none() || alpha.is_none() { return None; } @@ -305,7 +299,10 @@ impl<'a, P: QuadExtParameters> SquareRootField for QuadExtField

if c0_inv.is_none() { return None; } - Some(Self::new(c0.unwrap(), self.c1 * &two_inv.unwrap() * &c0_inv.unwrap())) + Some(Self::new( + c0.unwrap(), + self.c1 * &two_inv.unwrap() * &c0_inv.unwrap(), + )) } } } @@ -338,8 +335,8 @@ impl PartialOrd for QuadExtField

{ } impl From for QuadExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u128) -> Self { Self::new(other.into(), P::BaseField::zero()) @@ -347,8 +344,8 @@ impl From for QuadExtField

} impl From for QuadExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u64) -> Self { Self::new(other.into(), P::BaseField::zero()) @@ -356,8 +353,8 @@ impl From for QuadExtField

} impl From for QuadExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u32) -> Self { Self::new(other.into(), P::BaseField::zero()) @@ -365,8 +362,8 @@ impl From for QuadExtField

} impl From for QuadExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u16) -> Self { Self::new(other.into(), P::BaseField::zero()) @@ -374,8 +371,8 @@ impl From for QuadExtField

} impl From for QuadExtField

- where - P::BaseField: From, +where + P::BaseField: From, { fn from(other: u8) -> Self { Self::new(other.into(), P::BaseField::zero()) @@ -404,13 +401,13 @@ impl ToBits for QuadExtField

{ let mut bits = self.c0.write_bits(); bits.extend_from_slice(self.c1.write_bits().as_slice()); bits - } } impl FromBits for QuadExtField

{ fn read_bits(bits: Vec) -> Result { - let size = (P::DEGREE_OVER_BASE_PRIME_FIELD/2) * ::Params::MODULUS_BITS as usize; + let size = (P::DEGREE_OVER_BASE_PRIME_FIELD / 2) + * ::Params::MODULUS_BITS as usize; let c0 = P::BaseField::read_bits(bits[..size].to_vec())?; let c1 = P::BaseField::read_bits(bits[size..].to_vec())?; Ok(QuadExtField::new(c0, c1)) @@ -584,4 +581,4 @@ impl fmt::Display for QuadExtField

{ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!(f, "QuadExtField({} + {} * u)", self.c0, self.c1) } -} \ No newline at end of file +} diff --git a/algebra/src/fields/tests.rs b/algebra/src/fields/tests.rs index 4de9f3083..4f822d944 100644 --- a/algebra/src/fields/tests.rs +++ b/algebra/src/fields/tests.rs @@ -1,5 +1,8 @@ -use crate::{fields::{Field, LegendreSymbol, PrimeField, SquareRootField}, ToBytes, to_bytes, Flags, CanonicalSerialize, CanonicalDeserialize, SWFlags}; -use rand::{Rng, SeedableRng, thread_rng}; +use crate::{ + fields::{Field, LegendreSymbol, PrimeField, SquareRootField}, + to_bytes, CanonicalDeserialize, CanonicalSerialize, Flags, SWFlags, ToBytes, +}; +use rand::{thread_rng, Rng, SeedableRng}; use rand_xorshift::XorShiftRng; use std::io::Cursor; @@ -262,7 +265,7 @@ fn field_canonical_serialization_test(buf_size: usize) { false }); assert!(if let SerializationError::NotEnoughSpace = - F::deserialize_with_flags::<_, DummyFlags>(&mut &serialized[..]).unwrap_err() + F::deserialize_with_flags::<_, DummyFlags>(&mut &serialized[..]).unwrap_err() { true } else { diff --git a/algebra/src/fields/tweedle/fq.rs b/algebra/src/fields/tweedle/fq.rs index 3094d82fc..4545dddf5 100644 --- a/algebra/src/fields/tweedle/fq.rs +++ b/algebra/src/fields/tweedle/fq.rs @@ -1,7 +1,7 @@ use crate::{ biginteger::BigInteger256 as BigInteger, + field_new, fields::{Fp256, Fp256Parameters, FpParameters}, - field_new }; pub struct FqParameters; diff --git a/algebra/src/fields/tweedle/fr.rs b/algebra/src/fields/tweedle/fr.rs index 097de4520..f76171a6f 100644 --- a/algebra/src/fields/tweedle/fr.rs +++ b/algebra/src/fields/tweedle/fr.rs @@ -1,6 +1,6 @@ use crate::{ biginteger::BigInteger256 as BigInteger, - fields::{FpParameters, Fp256, Fp256Parameters}, + fields::{Fp256, Fp256Parameters, FpParameters}, }; pub type Fr = Fp256; @@ -16,21 +16,21 @@ impl FpParameters for FrParameters { 0xa14064e200000001, 0x38aa1276c3f59b9, 0x0, - 0x4000000000000000 + 0x4000000000000000, ]); const R: BigInteger = BigInteger([ 0x1c3ed159fffffffd, 0xf5601c89bb41f2d3, 0xffffffffffffffff, - 0x3fffffffffffffff + 0x3fffffffffffffff, ]); const R2: BigInteger = BigInteger([ 0x280c9c4000000010, 0x91a4409b5400af74, 0xdd7b28e19094c659, - 0xc8ad9107ccca0e + 0xc8ad9107ccca0e, ]); const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([ @@ -51,7 +51,7 @@ impl FpParameters for FrParameters { 0x8388339ffffffed, 0xbcb60a12f74c5739, 0xffffffffffffffff, - 0x3fffffffffffffff + 0x3fffffffffffffff, ]); const MODULUS_BITS: u32 = 255; diff --git a/algebra/src/fields/tweedle/tests.rs b/algebra/src/fields/tweedle/tests.rs index 3383aa015..c66e6a40a 100644 --- a/algebra/src/fields/tweedle/tests.rs +++ b/algebra/src/fields/tweedle/tests.rs @@ -2,8 +2,8 @@ use crate::{ biginteger::BigInteger256 as BigInteger, bytes::{FromBytes, ToBytes}, fields::{ - tweedle::{fq::Fq, fr::Fr}, tests::{field_test, primefield_test}, + tweedle::{fq::Fq, fr::Fr}, Field, LegendreSymbol::*, PrimeField, SquareRootField, @@ -186,9 +186,10 @@ fn test_fq_square_in_place() { "21864651240005695523200639428464570946052769938774601449735727714436878540682", ) .unwrap(); - let f3 = - Fq::from_str("19581484219153942072047858331099766329275818131597627721493461404774907481642") - .unwrap(); + let f3 = Fq::from_str( + "19581484219153942072047858331099766329275818131597627721493461404774907481642", + ) + .unwrap(); assert!(!f1.is_zero()); assert!(!f3.is_zero()); f1.square_in_place(); @@ -214,7 +215,7 @@ fn test_fq_from_str() { 0x17a655e2b3cd9f8a, 0xe98745acbc60cf8, 0x8318964c0b265e48, - 0x3056f43c9ee293fd + 0x3056f43c9ee293fd, ])); let f1 = Fq::from_str( "21864651240005695523200639428464570946052769938774601449735727714436878540682", @@ -224,7 +225,7 @@ fn test_fq_from_str() { 0x97e9103775d2f35c, 0xbe6756b6c587544b, 0x6ee38c3afd88ef4b, - 0x2bacd150f540c677 + 0x2bacd150f540c677, ])); let f2 = Fq::from_str( "19754794831832707859764530223239420866832328728734160755396495950822165902172", @@ -241,11 +242,13 @@ fn test_fq_legendre() { let e = Fq::from_str( "19754794831832707859764530223239420866832328728734160755396495950822165902172", - ).unwrap(); + ) + .unwrap(); assert_eq!(QuadraticResidue, e.legendre()); let e = Fq::from_str( "7894070009960485405056471228743059385328854667547937089962899125529157892247", - ).unwrap(); + ) + .unwrap(); assert_eq!(QuadraticNonResidue, e.legendre()); } @@ -305,7 +308,6 @@ fn test_fr_mul() { assert_eq!(f1 * &f2, f3); } - #[test] fn test_fr_bytes() { let f1_from_repr = Fr::from_repr(BigInteger([ diff --git a/algebra/src/groups/mod.rs b/algebra/src/groups/mod.rs index 971223bd5..a9a1f854d 100644 --- a/algebra/src/groups/mod.rs +++ b/algebra/src/groups/mod.rs @@ -1,5 +1,7 @@ -use crate::{BitIterator, FromBytesChecked, SemanticallyValid, CanonicalSerialize, CanonicalDeserialize}; use crate::UniformRand; +use crate::{ + BitIterator, CanonicalDeserialize, CanonicalSerialize, FromBytesChecked, SemanticallyValid, +}; use std::{ fmt::{Debug, Display}, hash::Hash, @@ -10,7 +12,7 @@ use crate::{ bytes::{FromBytes, ToBytes}, fields::PrimeField, }; -use serde::{Serialize, Deserialize}; +use serde::{Deserialize, Serialize}; #[cfg(test)] pub mod tests; @@ -78,4 +80,4 @@ pub trait Group: } *self = res } -} \ No newline at end of file +} diff --git a/algebra/src/groups/tests.rs b/algebra/src/groups/tests.rs index 86b367332..13de53515 100644 --- a/algebra/src/groups/tests.rs +++ b/algebra/src/groups/tests.rs @@ -1,4 +1,4 @@ -use crate::{Group, AffineCurve, Field, UniformRand, ToCompressedBits, FromCompressedBits}; +use crate::{AffineCurve, Field, FromCompressedBits, Group, ToCompressedBits, UniformRand}; use rand::SeedableRng; use rand_xorshift::XorShiftRng; @@ -73,7 +73,6 @@ pub fn group_test(a: G, mut b: G) { } pub fn compression_test(even: T, odd: T) { - //Test correct compression/de-compression of a non-zero point with even y let even_compressed = even.compress(); let even_len = even_compressed.len(); @@ -133,4 +132,4 @@ pub fn gt_compression_test(eve let odd_decompressed = T::decompress(odd_compressed).unwrap(); assert_eq!(odd, odd_decompressed); -} \ No newline at end of file +} diff --git a/algebra/src/msm/fixed_base.rs b/algebra/src/msm/fixed_base.rs index eb336437a..fd1e1f328 100644 --- a/algebra/src/msm/fixed_base.rs +++ b/algebra/src/msm/fixed_base.rs @@ -1,4 +1,4 @@ -use crate::{BigInteger, FpParameters, PrimeField, ProjectiveCurve, Error}; +use crate::{BigInteger, Error, FpParameters, PrimeField, ProjectiveCurve}; use rayon::prelude::*; pub struct FixedBaseMSM; @@ -55,7 +55,8 @@ impl FixedBaseMSM { for outer in 0..outerc { let mut inner = 0usize; for i in 0..window { - if outer * window + i < (::Params::MODULUS_BITS as usize) + if outer * window + i + < (::Params::MODULUS_BITS as usize) && scalar_val[outer * window + i] { inner |= 1 << i; @@ -77,6 +78,8 @@ impl FixedBaseMSM { Err(format!("Invalid table size"))? } - Ok(v.par_iter().map(|e| Self::windowed_mul::(outerc, window, table, e)).collect::>()) + Ok(v.par_iter() + .map(|e| Self::windowed_mul::(outerc, window, table, e)) + .collect::>()) } } diff --git a/algebra/src/msm/variable_base.rs b/algebra/src/msm/variable_base.rs index 5b51097e4..9c1b6eb97 100644 --- a/algebra/src/msm/variable_base.rs +++ b/algebra/src/msm/variable_base.rs @@ -1,10 +1,9 @@ -use crate::{AffineCurve, BigInteger, Field, FpParameters, PrimeField, ProjectiveCurve, Error}; +use crate::{AffineCurve, BigInteger, Error, Field, FpParameters, PrimeField, ProjectiveCurve}; use rayon::prelude::*; pub struct VariableBaseMSM; impl VariableBaseMSM { - /// WARNING: This function allows scalars and bases to have different length /// (as long as scalars.len() <= bases.len()): internally, bases are trimmed /// to have the same length of the scalars; this may lead to potential message @@ -13,24 +12,29 @@ impl VariableBaseMSM { pub fn multi_scalar_mul_affine_c( bases: &[G], scalars: &[::BigInt], - c: usize + c: usize, ) -> Result { - // Sanity checks if c == 0 { Err(format!("Invalid window size value: 0"))? } if c > 25 { - Err(format!("Invalid window size value: {}. It must be smaller than 25", c))? + Err(format!( + "Invalid window size value: {}. It must be smaller than 25", + c + ))? } if scalars.len() > bases.len() { - Err(format!("Invalid MSM length. Scalars len: {}, Bases len: {}", scalars.len(), bases.len()))? + Err(format!( + "Invalid MSM length. Scalars len: {}, Bases len: {}", + scalars.len(), + bases.len() + ))? } let cc = 1 << c; - let num_bits = - ::Params::MODULUS_BITS as usize; + let num_bits = ::Params::MODULUS_BITS as usize; let fr_one = G::ScalarField::one().into_repr(); let zero = G::zero().into_projective(); @@ -43,31 +47,35 @@ impl VariableBaseMSM { .into_par_iter() .map(|w_start| { // We don't need the "zero" bucket, we use 2^c-1 bucket for units - let mut buckets = vec![Vec::with_capacity(bases.len()/cc * 2); cc]; - scalars.iter().zip(bases).filter(|(s, _)| !s.is_zero()).for_each(|(&scalar, base)| { - if scalar == fr_one { - // We only process unit scalars once in the first window. - if w_start == 0 && base.is_zero() == false { - buckets[cc - 1].push(*base); - } - } else { - let mut scalar = scalar; - - // We right-shift by w_start, thus getting rid of the - // lower bits. - scalar.divn(w_start as u32); - - // We mod the remaining bits by the window size. - let scalar = scalar.as_ref()[0] % (1 << c); - - // If the scalar is non-zero, we update the corresponding - // bucket. - // (Recall that `buckets` doesn't have a zero bucket.) - if scalar != 0 && base.is_zero() == false { - buckets[(scalar - 1) as usize].push(*base); + let mut buckets = vec![Vec::with_capacity(bases.len() / cc * 2); cc]; + scalars + .iter() + .zip(bases) + .filter(|(s, _)| !s.is_zero()) + .for_each(|(&scalar, base)| { + if scalar == fr_one { + // We only process unit scalars once in the first window. + if w_start == 0 && base.is_zero() == false { + buckets[cc - 1].push(*base); + } + } else { + let mut scalar = scalar; + + // We right-shift by w_start, thus getting rid of the + // lower bits. + scalar.divn(w_start as u32); + + // We mod the remaining bits by the window size. + let scalar = scalar.as_ref()[0] % (1 << c); + + // If the scalar is non-zero, we update the corresponding + // bucket. + // (Recall that `buckets` doesn't have a zero bucket.) + if scalar != 0 && base.is_zero() == false { + buckets[(scalar - 1) as usize].push(*base); + } } - } - }); + }); G::add_points(&mut buckets); let mut res = if buckets[cc - 1].len() == 0 { zero @@ -90,13 +98,17 @@ impl VariableBaseMSM { let lowest = window_sums.first().unwrap(); // We're traversing windows from high to low. - let result = window_sums[1..].iter().rev().fold(zero, |mut total, sum_i| { - total += sum_i; - for _ in 0..c { - total.double_in_place(); - } - total - }) + lowest; + let result = window_sums[1..] + .iter() + .rev() + .fold(zero, |mut total, sum_i| { + total += sum_i; + for _ in 0..c { + total.double_in_place(); + } + total + }) + + lowest; Ok(result) } @@ -109,22 +121,27 @@ impl VariableBaseMSM { pub fn msm_inner_c( bases: &[G], scalars: &[::BigInt], - c: usize + c: usize, ) -> Result { - // Sanity checks if c == 0 { Err(format!("Invalid window size value: 0"))? } if c > 25 { - Err(format!("Invalid window size value: {}. It must be smaller than 25", c))? + Err(format!( + "Invalid window size value: {}. It must be smaller than 25", + c + ))? } if scalars.len() > bases.len() { - Err(format!("Invalid MSM length. Scalars len: {}, Bases len: {}", scalars.len(), bases.len()))? + Err(format!( + "Invalid MSM length. Scalars len: {}, Bases len: {}", + scalars.len(), + bases.len() + ))? } - let num_bits = - ::Params::MODULUS_BITS as usize; + let num_bits = ::Params::MODULUS_BITS as usize; let fr_one = G::ScalarField::one().into_repr(); let zero = G::zero().into_projective(); @@ -139,30 +156,34 @@ impl VariableBaseMSM { let mut res = zero; // We don't need the "zero" bucket, so we only have 2^c - 1 buckets let mut buckets = vec![zero; (1 << c) - 1]; - scalars.iter().zip(bases).filter(|(s, _)| !s.is_zero()).for_each(|(&scalar, base)| { - if scalar == fr_one { - // We only process unit scalars once in the first window. - if w_start == 0 { - res.add_assign_mixed(base); - } - } else { - let mut scalar = scalar; - - // We right-shift by w_start, thus getting rid of the - // lower bits. - scalar.divn(w_start as u32); - - // We mod the remaining bits by the window size. - let scalar = scalar.as_ref()[0] % (1 << c); - - // If the scalar is non-zero, we update the corresponding - // bucket. - // (Recall that `buckets` doesn't have a zero bucket.) - if scalar != 0 { - buckets[(scalar - 1) as usize].add_assign_mixed(&base); + scalars + .iter() + .zip(bases) + .filter(|(s, _)| !s.is_zero()) + .for_each(|(&scalar, base)| { + if scalar == fr_one { + // We only process unit scalars once in the first window. + if w_start == 0 { + res.add_assign_mixed(base); + } + } else { + let mut scalar = scalar; + + // We right-shift by w_start, thus getting rid of the + // lower bits. + scalar.divn(w_start as u32); + + // We mod the remaining bits by the window size. + let scalar = scalar.as_ref()[0] % (1 << c); + + // If the scalar is non-zero, we update the corresponding + // bucket. + // (Recall that `buckets` doesn't have a zero bucket.) + if scalar != 0 { + buckets[(scalar - 1) as usize].add_assign_mixed(&base); + } } - } - }); + }); G::Projective::batch_normalization(&mut buckets); let mut running_sum = G::Projective::zero(); @@ -179,13 +200,17 @@ impl VariableBaseMSM { let lowest = window_sums.first().unwrap(); // We're traversing windows from high to low. - let result = window_sums[1..].iter().rev().fold(zero, |mut total, sum_i| { - total += sum_i; - for _ in 0..c { - total.double_in_place(); - } - total - }) + lowest; + let result = window_sums[1..] + .iter() + .rev() + .fold(zero, |mut total, sum_i| { + total += sum_i; + for _ in 0..c { + total.double_in_place(); + } + total + }) + + lowest; Ok(result) } @@ -193,8 +218,7 @@ impl VariableBaseMSM { pub fn msm_inner( bases: &[G], scalars: &[::BigInt], - ) -> Result - { + ) -> Result { let scal_len = scalars.len(); let c: usize = if scal_len < 32 { @@ -211,7 +235,7 @@ impl VariableBaseMSM { scalars: &[::BigInt], ) -> Result where - G::Projective: ProjectiveCurve + G::Projective: ProjectiveCurve, { let scal_len = scalars.len(); @@ -232,9 +256,9 @@ mod test { use crate::curves::tweedle::dee::Projective as TweedleDee; use crate::curves::tweedle::dum::Projective as TweedleDum; - use rand::{SeedableRng, Rng}; - use rand_xorshift::XorShiftRng; use crate::UniformRand; + use rand::{Rng, SeedableRng}; + use rand_xorshift::XorShiftRng; fn naive_var_base_msm( bases: &[G], @@ -248,11 +272,7 @@ mod test { acc } - fn test_all_variants( - samples: usize, - c: usize, - rng: &mut R, - ) { + fn test_all_variants(samples: usize, c: usize, rng: &mut R) { let v = (0..samples) .map(|_| G::ScalarField::rand(rng).into_repr()) .collect::>(); @@ -263,7 +283,8 @@ mod test { let naive = naive_var_base_msm(g.as_slice(), v.as_slice()); let fast = VariableBaseMSM::msm_inner(g.as_slice(), v.as_slice()).unwrap(); - let affine = VariableBaseMSM::multi_scalar_mul_affine_c(g.as_slice(), v.as_slice(), c).unwrap(); + let affine = + VariableBaseMSM::multi_scalar_mul_affine_c(g.as_slice(), v.as_slice(), c).unwrap(); let inner = VariableBaseMSM::msm_inner_c(g.as_slice(), v.as_slice(), c).unwrap(); assert_eq!(naive, fast); @@ -280,4 +301,4 @@ mod test { test_all_variants::(1 << 12, 16, rng); test_all_variants::(1 << 12, 16, rng); } -} \ No newline at end of file +} diff --git a/algebra/src/rand.rs b/algebra/src/rand.rs index 18d84aa97..4b58bed94 100644 --- a/algebra/src/rand.rs +++ b/algebra/src/rand.rs @@ -1,4 +1,7 @@ -use rand::{Rng, distributions::{Distribution, Standard}}; +use rand::{ + distributions::{Distribution, Standard}, + Rng, +}; pub trait UniformRand: Sized { fn rand(rng: &mut R) -> Self; @@ -6,7 +9,7 @@ pub trait UniformRand: Sized { impl UniformRand for T where - Standard: Distribution + Standard: Distribution, { #[inline] fn rand(rng: &mut R) -> Self { diff --git a/algebra/src/serialize/error.rs b/algebra/src/serialize/error.rs index bcc29e4fd..8e5a52afb 100644 --- a/algebra/src/serialize/error.rs +++ b/algebra/src/serialize/error.rs @@ -34,4 +34,4 @@ impl fmt::Display for SerializationError { SerializationError::IoError(err) => write!(f, "I/O error: {:?}", err), } } -} \ No newline at end of file +} diff --git a/algebra/src/serialize/flags.rs b/algebra/src/serialize/flags.rs index 9094ab35d..398b46acd 100644 --- a/algebra/src/serialize/flags.rs +++ b/algebra/src/serialize/flags.rs @@ -192,4 +192,4 @@ impl Flags for EdwardsFlags { Some(Self::EvenY) } } -} \ No newline at end of file +} diff --git a/algebra/src/serialize/mod.rs b/algebra/src/serialize/mod.rs index 6fc82fa44..562909f77 100644 --- a/algebra/src/serialize/mod.rs +++ b/algebra/src/serialize/mod.rs @@ -1,6 +1,8 @@ mod error; mod flags; +pub use error::*; +pub use flags::*; pub use std::io::{Read, Write}; use std::{ borrow::{Cow, ToOwned}, @@ -10,8 +12,6 @@ use std::{ string::String, vec::Vec, }; -pub use error::*; -pub use flags::*; #[cfg(feature = "derive")] #[doc(hidden)] @@ -236,7 +236,10 @@ impl CanonicalSerialize for [T] { } #[inline] - fn serialize_without_metadata(&self, mut writer: W) -> Result<(), SerializationError> { + fn serialize_without_metadata( + &self, + mut writer: W, + ) -> Result<(), SerializationError> { for item in self.iter() { item.serialize_without_metadata(&mut writer)?; } @@ -348,7 +351,9 @@ impl CanonicalDeserialize for Vec { } #[inline] - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { let len = ::deserialize(&mut reader)?; let mut values = Vec::new(); for _ in 0..len { @@ -486,9 +491,9 @@ impl<'a, T: CanonicalSerialize + ToOwned> CanonicalSerialize for Cow<'a, T> { } impl<'a, T> CanonicalDeserialize for Cow<'a, T> - where - T: ToOwned, - ::Owned: CanonicalDeserialize, +where + T: ToOwned, + ::Owned: CanonicalDeserialize, { #[inline] fn deserialize(reader: R) -> Result { @@ -511,9 +516,9 @@ impl<'a, T> CanonicalDeserialize for Cow<'a, T> #[inline] fn deserialize_uncompressed_unchecked(reader: R) -> Result { - Ok(Cow::Owned(::Owned::deserialize_uncompressed_unchecked( - reader, - )?)) + Ok(Cow::Owned( + ::Owned::deserialize_uncompressed_unchecked(reader)?, + )) } } @@ -534,10 +539,10 @@ impl CanonicalSerialize for Option { fn serialized_size(&self) -> usize { self.is_some().serialized_size() + if let Some(item) = self { - item.serialized_size() - } else { - 0 - } + item.serialized_size() + } else { + 0 + } } #[inline] @@ -562,10 +567,10 @@ impl CanonicalSerialize for Option { fn uncompressed_size(&self) -> usize { self.is_some().uncompressed_size() + if let Some(item) = self { - item.uncompressed_size() - } else { - 0 - } + item.uncompressed_size() + } else { + 0 + } } } @@ -607,7 +612,9 @@ impl CanonicalDeserialize for Option { } #[inline] - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { let is_some = bool::deserialize_uncompressed_unchecked(&mut reader)?; let data = if is_some { Some(T::deserialize_uncompressed_unchecked(&mut reader)?) @@ -659,7 +666,9 @@ impl CanonicalDeserialize for Rc { } #[inline] - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { Ok(Rc::new(T::deserialize_uncompressed_unchecked(&mut reader)?)) } } @@ -697,15 +706,15 @@ impl CanonicalDeserialize for bool { #[inline] fn deserialize_uncompressed_unchecked(reader: R) -> Result { - Self::deserialize_unchecked(reader) + Self::deserialize_unchecked(reader) } } // Serialize BTreeMap as `len(map) || key 1 || value 1 || ... || key n || value n` impl CanonicalSerialize for BTreeMap - where - K: CanonicalSerialize, - V: CanonicalSerialize, +where + K: CanonicalSerialize, + V: CanonicalSerialize, { fn serialize(&self, mut writer: W) -> Result<(), SerializationError> { let len = self.len() as u64; @@ -725,7 +734,10 @@ impl CanonicalSerialize for BTreeMap } #[inline] - fn serialize_without_metadata(&self, mut writer: W) -> Result<(), SerializationError> { + fn serialize_without_metadata( + &self, + mut writer: W, + ) -> Result<(), SerializationError> { for (k, v) in self.iter() { k.serialize_without_metadata(&mut writer)?; v.serialize_without_metadata(&mut writer)?; @@ -752,9 +764,9 @@ impl CanonicalSerialize for BTreeMap } impl CanonicalDeserialize for BTreeMap - where - K: Ord + CanonicalDeserialize, - V: CanonicalDeserialize, +where + K: Ord + CanonicalDeserialize, + V: CanonicalDeserialize, { fn deserialize(mut reader: R) -> Result { let len = u64::deserialize(&mut reader)?; @@ -789,7 +801,9 @@ impl CanonicalDeserialize for BTreeMap Ok(map) } - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { let len = u64::deserialize_uncompressed_unchecked(&mut reader)?; let mut map = BTreeMap::new(); for _ in 0..len { @@ -821,7 +835,10 @@ impl CanonicalSerialize for BTreeSet { } #[inline] - fn serialize_without_metadata(&self, mut writer: W) -> Result<(), SerializationError> { + fn serialize_without_metadata( + &self, + mut writer: W, + ) -> Result<(), SerializationError> { for elem in self.iter() { elem.serialize_without_metadata(&mut writer)?; } @@ -873,7 +890,9 @@ impl CanonicalDeserialize for BTreeSet { Ok(set) } - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { let len = u64::deserialize_uncompressed_unchecked(&mut reader)?; let mut set = BTreeSet::new(); for _ in 0..len { @@ -896,8 +915,7 @@ pub fn test_canonical_serialize_deserialize< >( negative_test: bool, data: &T, -) -{ +) { // serialize/deserialize { let buf_size = data.serialized_size(); @@ -950,7 +968,8 @@ pub fn test_canonical_serialize_deserialize< if negative_test { let wrong_buf_size = buf_size - 1; T::deserialize_uncompressed(&serialized[..wrong_buf_size]).unwrap_err(); - CanonicalSerialize::serialize_uncompressed(data, &mut serialized[..wrong_buf_size]).unwrap_err(); + CanonicalSerialize::serialize_uncompressed(data, &mut serialized[..wrong_buf_size]) + .unwrap_err(); let wrong_ser_data = serialized.into_iter().map(|b| !b).collect::>(); let deser_result = T::deserialize_uncompressed(&wrong_ser_data[..]); @@ -970,7 +989,8 @@ pub fn test_canonical_serialize_deserialize< if negative_test { let wrong_buf_size = buf_size - 1; T::deserialize_uncompressed_unchecked(&serialized[..wrong_buf_size]).unwrap_err(); - CanonicalSerialize::serialize_uncompressed(data, &mut serialized[..wrong_buf_size]).unwrap_err(); + CanonicalSerialize::serialize_uncompressed(data, &mut serialized[..wrong_buf_size]) + .unwrap_err(); let wrong_ser_data = serialized.into_iter().map(|b| !b).collect::>(); let deser_result = T::deserialize_uncompressed_unchecked(&wrong_ser_data[..]); @@ -1067,7 +1087,9 @@ mod test { } #[inline] - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { let result = Vec::::deserialize_uncompressed_unchecked(&mut reader)?; assert_eq!(result.as_slice(), &[100u8, 200u8]); @@ -1104,16 +1126,22 @@ mod test { #[test] fn test_tuple_vec() { - test_canonical_serialize_deserialize(false, &vec![ - (Dummy, Dummy, Dummy), - (Dummy, Dummy, Dummy), - (Dummy, Dummy, Dummy), - ]); - test_canonical_serialize_deserialize(false, &vec![ - (86u8, 98u64, Dummy), - (86u8, 98u64, Dummy), - (86u8, 98u64, Dummy), - ]); + test_canonical_serialize_deserialize( + false, + &vec![ + (Dummy, Dummy, Dummy), + (Dummy, Dummy, Dummy), + (Dummy, Dummy, Dummy), + ], + ); + test_canonical_serialize_deserialize( + false, + &vec![ + (86u8, 98u64, Dummy), + (86u8, 98u64, Dummy), + (86u8, 98u64, Dummy), + ], + ); } #[test] @@ -1172,4 +1200,4 @@ mod test { fn test_phantomdata() { test_canonical_serialize_deserialize(false, &std::marker::PhantomData::); } -} \ No newline at end of file +} diff --git a/algebra/src/to_field_vec.rs b/algebra/src/to_field_vec.rs index 0e781544e..a1217398d 100644 --- a/algebra/src/to_field_vec.rs +++ b/algebra/src/to_field_vec.rs @@ -2,13 +2,14 @@ use crate::{ curves::{ models::{SWModelParameters, TEModelParameters}, short_weierstrass_jacobian::{GroupAffine as SWJAffine, GroupProjective as SWJProjective}, - short_weierstrass_projective::{GroupAffine as SWPAffine, GroupProjective as SWPProjective}, + short_weierstrass_projective::{ + GroupAffine as SWPAffine, GroupProjective as SWPProjective, + }, twisted_edwards_extended::{GroupAffine as TEAffine, GroupProjective as TEProjective}, ProjectiveCurve, }, - QuadExtField, QuadExtParameters, - CubicExtField, CubicExtParameters, - FpParameters, Field, PrimeField, + CubicExtField, CubicExtParameters, Field, FpParameters, PrimeField, QuadExtField, + QuadExtParameters, }; type Error = Box; @@ -42,8 +43,8 @@ impl ToConstraintField for () { } impl ToConstraintField for QuadExtField

- where - P::BaseField: ToConstraintField, +where + P::BaseField: ToConstraintField, { fn to_field_elements(&self) -> Result, Error> { let mut res = Vec::new(); @@ -58,8 +59,8 @@ impl ToConstraintField for QuadExtField } impl ToConstraintField for CubicExtField

- where - P::BaseField: ToConstraintField, +where + P::BaseField: ToConstraintField, { fn to_field_elements(&self) -> Result, Error> { let mut res = Vec::new(); @@ -130,8 +131,8 @@ where } impl ToConstraintField for SWPAffine - where - M::BaseField: ToConstraintField, +where + M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Result, Error> { @@ -145,8 +146,8 @@ impl ToConstraintField fo } impl ToConstraintField for SWPProjective - where - M::BaseField: ToConstraintField, +where + M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Result, Error> { @@ -163,10 +164,9 @@ impl ToConstraintField for [u8] { fn to_field_elements(&self) -> Result, Error> { let max_size = ::Params::CAPACITY / 8; let max_size = max_size as usize; - let bigint_size = ( - ::Params::MODULUS_BITS + - ::Params::REPR_SHAVE_BITS - )/8; + let bigint_size = (::Params::MODULUS_BITS + + ::Params::REPR_SHAVE_BITS) + / 8; let fes = self .chunks(max_size) .map(|chunk| { @@ -188,9 +188,7 @@ impl ToConstraintField for [bool] { let max_size = ::Params::CAPACITY as usize; let fes = self .chunks(max_size) - .map(|chunk| { - ConstraintF::read_bits(chunk.to_vec()) - }) + .map(|chunk| ConstraintF::read_bits(chunk.to_vec())) .collect::, _>>()?; Ok(fes) } diff --git a/algebra/src/validity.rs b/algebra/src/validity.rs index 082ce0350..9ad25b71c 100644 --- a/algebra/src/validity.rs +++ b/algebra/src/validity.rs @@ -14,4 +14,4 @@ impl SemanticallyValid for Vec { } true } -} \ No newline at end of file +} diff --git a/bench-utils/src/lib.rs b/bench-utils/src/lib.rs index e7620e946..4e90fafc1 100644 --- a/bench-utils/src/lib.rs +++ b/bench-utils/src/lib.rs @@ -18,8 +18,8 @@ pub mod inner { #[macro_export] macro_rules! start_timer { ($msg:expr) => {{ - use $crate::{compute_indent, Colorize, NUM_INDENT, PAD_CHAR}; use std::{sync::atomic::Ordering, time::Instant}; + use $crate::{compute_indent, Colorize, NUM_INDENT, PAD_CHAR}; let msg = $msg(); let start_info = "Start:".yellow().bold(); @@ -28,7 +28,10 @@ pub mod inner { println!("{}{:8} {}", indent, start_info, msg); NUM_INDENT.fetch_add(1, Ordering::Relaxed); - $crate::TimerInfo { msg: msg.to_string(), time: Instant::now() } + $crate::TimerInfo { + msg: msg.to_string(), + time: Instant::now(), + } }}; } @@ -38,8 +41,8 @@ pub mod inner { end_timer!($time, || ""); }}; ($time:expr, $msg:expr) => {{ - use $crate::{compute_indent, Colorize, NUM_INDENT, PAD_CHAR}; use std::sync::atomic::Ordering; + use $crate::{compute_indent, Colorize, NUM_INDENT, PAD_CHAR}; let time = $time.time; let final_time = time.elapsed(); @@ -76,16 +79,16 @@ pub mod inner { final_time, pad = 75 - indent_amount ); - }}; - } #[macro_export] macro_rules! add_to_trace { ($title:expr, $msg:expr) => {{ - use $crate::{compute_indent, compute_indent_whitespace, Colorize, NUM_INDENT, PAD_CHAR}; use std::sync::atomic::Ordering; + use $crate::{ + compute_indent, compute_indent_whitespace, Colorize, NUM_INDENT, PAD_CHAR, + }; let start_msg = "StartMsg".yellow().bold(); let end_msg = "EndMsg".green().bold(); @@ -99,24 +102,16 @@ pub mod inner { let msg_indent_amount = 2 * NUM_INDENT.fetch_add(0, Ordering::Relaxed) + 2; let msg_indent = compute_indent_whitespace(msg_indent_amount); let mut final_message = "\n".to_string(); - for line in $msg().lines() { - final_message += &format!( - "{}{}\n", - msg_indent, - line, - ); + for line in $msg().lines() { + final_message += &format!("{}{}\n", msg_indent, line,); } // Todo: Recursively ensure that *entire* string is of appropriate // width (not just message). println!("{}{}", start_indent, start_msg); - println!( - "{}{}", - msg_indent, - final_message, - ); + println!("{}{}", msg_indent, final_message,); println!("{}{}", start_indent, end_msg); - }} + }}; } pub fn compute_indent_whitespace(indent_amount: usize) -> String { @@ -137,7 +132,7 @@ pub mod inner { } else { PAD_CHAR } - }, + } Err(_) => PAD_CHAR, }; for _ in 0..indent_amount { @@ -162,7 +157,7 @@ mod inner { macro_rules! add_to_trace { ($title:expr, $msg:expr) => { let _ = $msg; - } + }; } #[macro_export] diff --git a/primitives/benches/crypto_primitives/ecvrf.rs b/primitives/benches/crypto_primitives/ecvrf.rs index 49d2b372b..cd16d47ad 100644 --- a/primitives/benches/crypto_primitives/ecvrf.rs +++ b/primitives/benches/crypto_primitives/ecvrf.rs @@ -1,19 +1,12 @@ use algebra::curves::mnt6753::G1Projective as MNT6G1Projective; use algebra::fields::mnt4753::Fr as MNT4Fr; use algebra::UniformRand; +use criterion::Criterion; use primitives::{ - crh::{ - MNT4PoseidonHash, - bowe_hopwood::BoweHopwoodPedersenCRH, - pedersen::PedersenWindow, - }, - vrf::{ - FieldBasedVrf, - ecvrf::FieldBasedEcVrf, - }, - FixedLengthCRH + crh::{bowe_hopwood::BoweHopwoodPedersenCRH, pedersen::PedersenWindow, MNT4PoseidonHash}, + vrf::{ecvrf::FieldBasedEcVrf, FieldBasedVrf}, + FixedLengthCRH, }; -use criterion::Criterion; #[macro_use] extern crate criterion; @@ -29,7 +22,6 @@ type BHMNT6 = BoweHopwoodPedersenCRH; type EcVrfMNT4 = FieldBasedEcVrf; fn ecvrf_keygen(c: &mut Criterion) { - c.bench_function("FieldSchnorrMNT4: KeyGen", move |b| { b.iter(|| { let mut rng = &mut rand::thread_rng(); @@ -70,4 +62,4 @@ criterion_group! { targets = ecvrf_keygen, ecvrf_prove, ecvrf_verify } -criterion_main!(ecvrf); \ No newline at end of file +criterion_main!(ecvrf); diff --git a/primitives/benches/crypto_primitives/poseidon_crh.rs b/primitives/benches/crypto_primitives/poseidon_crh.rs index 6669a3ec6..d37b454f1 100644 --- a/primitives/benches/crypto_primitives/poseidon_crh.rs +++ b/primitives/benches/crypto_primitives/poseidon_crh.rs @@ -1,25 +1,15 @@ -use criterion::{criterion_group, criterion_main, Criterion}; -use algebra::{ - fields::{ - mnt4753::Fr as MNT4753Fr, - mnt6753::Fr as MNT6753Fr, - bn_382::Fr as BN382Fr, - bn_382::Fq as BN382Fq, - tweedle::Fr as tweedleFr, - tweedle::Fq as tweedleFq - } +use algebra::fields::{ + bn_382::Fq as BN382Fq, bn_382::Fr as BN382Fr, mnt4753::Fr as MNT4753Fr, + mnt6753::Fr as MNT6753Fr, tweedle::Fq as tweedleFq, tweedle::Fr as tweedleFr, }; +use criterion::{criterion_group, criterion_main, Criterion}; use algebra::UniformRand; -use rand_xorshift::XorShiftRng; +use primitives::crh::{poseidon::parameters::*, FieldBasedHash}; use rand::SeedableRng; -use primitives::crh::{ - poseidon::parameters::*, - FieldBasedHash, -}; +use rand_xorshift::XorShiftRng; fn poseidon_crh_eval_mnt4(c: &mut Criterion) { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let samples = 2000; let mut h = MNT4PoseidonHash::init_constant_length(samples, None); @@ -36,7 +26,6 @@ fn poseidon_crh_eval_mnt4(c: &mut Criterion) { } fn poseidon_crh_eval_mnt6(c: &mut Criterion) { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let samples = 2000; let mut h = MNT6PoseidonHash::init_constant_length(samples, None); @@ -53,7 +42,6 @@ fn poseidon_crh_eval_mnt6(c: &mut Criterion) { } fn poseidon_crh_eval_bn382fr(c: &mut Criterion) { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let samples = 2000; let mut h = BN382FrPoseidonHash::init_constant_length(samples, None); @@ -70,7 +58,6 @@ fn poseidon_crh_eval_bn382fr(c: &mut Criterion) { } fn poseidon_crh_eval_bn382fq(c: &mut Criterion) { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let samples = 2000; let mut h = BN382FqPoseidonHash::init_constant_length(samples, None); @@ -87,7 +74,6 @@ fn poseidon_crh_eval_bn382fq(c: &mut Criterion) { } fn poseidon_crh_eval_tweedlefr(c: &mut Criterion) { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let samples = 2000; let mut h = TweedleFrPoseidonHash::init_constant_length(samples, None); @@ -104,7 +90,6 @@ fn poseidon_crh_eval_tweedlefr(c: &mut Criterion) { } fn poseidon_crh_eval_tweedlefq(c: &mut Criterion) { - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let samples = 2000; let mut h = TweedleFqPoseidonHash::init_constant_length(samples, None); @@ -120,7 +105,6 @@ fn poseidon_crh_eval_tweedlefq(c: &mut Criterion) { }); } - criterion_group! { name = crh_poseidon_eval; config = Criterion::default().sample_size(20); @@ -129,6 +113,4 @@ criterion_group! { poseidon_crh_eval_tweedlefq, poseidon_crh_eval_tweedlefr, } -criterion_main! ( - crh_poseidon_eval -); +criterion_main!(crh_poseidon_eval); diff --git a/primitives/benches/crypto_primitives/poseidon_mht.rs b/primitives/benches/crypto_primitives/poseidon_mht.rs index b1939cdb8..5a709604c 100644 --- a/primitives/benches/crypto_primitives/poseidon_mht.rs +++ b/primitives/benches/crypto_primitives/poseidon_mht.rs @@ -2,35 +2,25 @@ extern crate criterion; use algebra::{ - fields::{ - mnt4753::Fr as MNT4753Fr, mnt6753::Fr as MNT6753Fr - }, - Field, UniformRand + fields::{mnt4753::Fr as MNT4753Fr, mnt6753::Fr as MNT6753Fr}, + Field, UniformRand, }; use primitives::{ crh::parameters::{ - MNT4PoseidonHash, MNT6PoseidonHash, - MNT4BatchPoseidonHash, MNT6BatchPoseidonHash + MNT4BatchPoseidonHash, MNT4PoseidonHash, MNT6BatchPoseidonHash, MNT6PoseidonHash, + }, + merkle_tree::field_based_mht::{ + parameters::{MNT4753_MHT_POSEIDON_PARAMETERS, MNT6753_MHT_POSEIDON_PARAMETERS}, + BatchFieldBasedMerkleTreeParameters, FieldBasedMerkleTree, FieldBasedMerkleTreeParameters, + FieldBasedMerkleTreePrecomputedZeroConstants, FieldBasedOptimizedMHT, }, - merkle_tree::{ - field_based_mht::{ - parameters::{ - MNT4753_MHT_POSEIDON_PARAMETERS, MNT6753_MHT_POSEIDON_PARAMETERS, - }, - FieldBasedMerkleTree, - FieldBasedOptimizedMHT, FieldBasedMerkleTreePrecomputedZeroConstants, - FieldBasedMerkleTreeParameters, BatchFieldBasedMerkleTreeParameters, - }, - } }; -use criterion::{ - Criterion, BenchmarkId -}; +use criterion::{BenchmarkId, Criterion}; -use rand_xorshift::XorShiftRng; use rand::SeedableRng; +use rand_xorshift::XorShiftRng; #[derive(Clone, Debug)] struct MNT4753FieldBasedMerkleTreeParams; @@ -38,7 +28,8 @@ impl FieldBasedMerkleTreeParameters for MNT4753FieldBasedMerkleTreeParams { type Data = MNT4753Fr; type H = MNT4PoseidonHash; const MERKLE_ARITY: usize = 2; - const ZERO_NODE_CST: Option> = Some(MNT4753_MHT_POSEIDON_PARAMETERS); + const ZERO_NODE_CST: Option> = + Some(MNT4753_MHT_POSEIDON_PARAMETERS); } impl BatchFieldBasedMerkleTreeParameters for MNT4753FieldBasedMerkleTreeParams { @@ -53,7 +44,8 @@ impl FieldBasedMerkleTreeParameters for MNT6753FieldBasedMerkleTreeParams { type Data = MNT6753Fr; type H = MNT6PoseidonHash; const MERKLE_ARITY: usize = 2; - const ZERO_NODE_CST: Option> = Some(MNT6753_MHT_POSEIDON_PARAMETERS); + const ZERO_NODE_CST: Option> = + Some(MNT6753_MHT_POSEIDON_PARAMETERS); } impl BatchFieldBasedMerkleTreeParameters for MNT6753FieldBasedMerkleTreeParams { @@ -65,199 +57,259 @@ type MNT6PoseidonMHT = FieldBasedOptimizedMHT const BENCH_HEIGHT: usize = 11; fn batch_poseidon_mht_eval_mnt4_full(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT4PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch Full Poseidon MHT Eval for MNT4 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..num_leaves { - tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch Full Poseidon MHT Eval for MNT4 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..num_leaves { + tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt6_full(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT6PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch Full Poseidon MHT Eval for MNT6 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..num_leaves { - tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch Full Poseidon MHT Eval for MNT6 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..num_leaves { + tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt4_3_4(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT4PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch 3/4 Poseidon MHT Eval for MNT4 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..(num_leaves * 3)/4 { - tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch 3/4 Poseidon MHT Eval for MNT4 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..(num_leaves * 3) / 4 { + tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt6_3_4(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT6PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch 3/4 Poseidon MHT Eval for MNT6 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..(num_leaves * 3)/4 { - tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch 3/4 Poseidon MHT Eval for MNT6 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..(num_leaves * 3) / 4 { + tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt4_half(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT4PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch half Poseidon MHT Eval for MNT4 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..num_leaves/2 { - tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch half Poseidon MHT Eval for MNT4 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..num_leaves / 2 { + tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt6_half(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT6PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch half Poseidon MHT Eval for MNT6 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..num_leaves/2 { - tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch half Poseidon MHT Eval for MNT6 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..num_leaves / 2 { + tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt4_1_4(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT4PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch 1/4 Poseidon MHT Eval for MNT4 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..num_leaves/4 { - tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch 1/4 Poseidon MHT Eval for MNT4 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..num_leaves / 4 { + tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt6_1_4(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT6PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch 1/4 Poseidon MHT Eval for MNT6 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..num_leaves/4 { - tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch 1/4 Poseidon MHT Eval for MNT6 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..num_leaves / 4 { + tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt4_interleaved(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT4PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch interleaved Poseidon MHT Eval for MNT4 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..num_leaves/3 { - tree.append(MNT4753Fr::zero()).unwrap(); - } - for _ in 0..(num_leaves * 2)/3 { - tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch interleaved Poseidon MHT Eval for MNT4 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..num_leaves / 3 { + tree.append(MNT4753Fr::zero()).unwrap(); + } + for _ in 0..(num_leaves * 2) / 3 { + tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } fn batch_poseidon_mht_eval_mnt6_interleaved(c: &mut Criterion) { - let num_leaves = 2usize.pow(BENCH_HEIGHT as u32 - 1); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let mut tree = MNT6PoseidonMHT::init(BENCH_HEIGHT, num_leaves).unwrap(); - c.bench_function(format!("Batch interleaved Poseidon MHT Eval for MNT6 ({} leaves)", num_leaves).as_str(), move |b| { - b.iter(|| { - for _ in 0..num_leaves/3 { - tree.append(MNT6753Fr::zero()).unwrap(); - } - for _ in 0..(num_leaves * 2)/3 { - tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }) - }); + c.bench_function( + format!( + "Batch interleaved Poseidon MHT Eval for MNT6 ({} leaves)", + num_leaves + ) + .as_str(), + move |b| { + b.iter(|| { + for _ in 0..num_leaves / 3 { + tree.append(MNT6753Fr::zero()).unwrap(); + } + for _ in 0..(num_leaves * 2) / 3 { + tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }) + }, + ); } /// Let's create a full tree with different processing_step sizes and bench the total time @@ -271,21 +323,26 @@ fn batch_poseidon_mht_tune_processing_step_mnt4(c: &mut Criterion) { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - let mut group = c.benchmark_group( - format!("tune processing_step_size for MNT4 with a tree of height {}", BENCH_HEIGHT) - ); + let mut group = c.benchmark_group(format!( + "tune processing_step_size for MNT4 with a tree of height {}", + BENCH_HEIGHT + )); for processing_step in processing_steps.iter() { let mut tree = MNT4PoseidonMHT::init(BENCH_HEIGHT, *processing_step).unwrap(); - group.bench_with_input(BenchmarkId::from_parameter(processing_step), processing_step, |b, _processing_step| { - b.iter(|| { - for _ in 0..num_leaves { - tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }); - }); + group.bench_with_input( + BenchmarkId::from_parameter(processing_step), + processing_step, + |b, _processing_step| { + b.iter(|| { + for _ in 0..num_leaves { + tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }); + }, + ); } } @@ -300,22 +357,27 @@ fn batch_poseidon_mht_tune_processing_step_mnt6(c: &mut Criterion) { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - let mut group = c.benchmark_group( - format!("tune processing_step_size for MNT6 with a tree of height {}", BENCH_HEIGHT) - ); + let mut group = c.benchmark_group(format!( + "tune processing_step_size for MNT6 with a tree of height {}", + BENCH_HEIGHT + )); for processing_step in processing_steps.iter() { let mut tree = MNT6PoseidonMHT::init(BENCH_HEIGHT, *processing_step).unwrap(); - group.bench_with_input(BenchmarkId::from_parameter(processing_step), processing_step, |b, _processing_step| { - b.iter(|| { - for _ in 0..num_leaves { - tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); - } - tree.finalize_in_place(); - tree.reset(); - }); - }); + group.bench_with_input( + BenchmarkId::from_parameter(processing_step), + processing_step, + |b, _processing_step| { + b.iter(|| { + for _ in 0..num_leaves { + tree.append(MNT6753Fr::rand(&mut rng)).unwrap(); + } + tree.finalize_in_place(); + tree.reset(); + }); + }, + ); } } @@ -330,13 +392,11 @@ criterion_group! { batch_poseidon_mht_eval_mnt4_interleaved, batch_poseidon_mht_eval_mnt6_interleaved } -criterion_group!{ +criterion_group! { name = mht_poseidon_tuning; config = Criterion::default().sample_size(10); targets = batch_poseidon_mht_tune_processing_step_mnt4, batch_poseidon_mht_tune_processing_step_mnt6 } -criterion_main! ( - mht_poseidon_tuning -); \ No newline at end of file +criterion_main!(mht_poseidon_tuning); diff --git a/primitives/benches/crypto_primitives/signature.rs b/primitives/benches/crypto_primitives/signature.rs index 48ea57824..456fc4df6 100644 --- a/primitives/benches/crypto_primitives/signature.rs +++ b/primitives/benches/crypto_primitives/signature.rs @@ -63,7 +63,9 @@ mod projective { let randomness: [u8; 32] = rng.gen(); c.bench_function("SchnorrMNT4Projective: Randomize PubKey", move |b| { - b.iter(|| SchnorrMNT4Affine::randomize_public_key(¶meters, &pk, &randomness).unwrap()) + b.iter(|| { + SchnorrMNT4Affine::randomize_public_key(¶meters, &pk, &randomness).unwrap() + }) }); } @@ -77,7 +79,8 @@ mod projective { c.bench_function("SchnorrMNT4Projective: Randomize Signature", move |b| { b.iter(|| { - SchnorrMNT4Affine::randomize_signature(¶meters, &signature, &randomness).unwrap() + SchnorrMNT4Affine::randomize_signature(¶meters, &signature, &randomness) + .unwrap() }) }); } @@ -91,20 +94,19 @@ mod projective { mod field_impl { use algebra::{ - fields::mnt4753::Fr as MNT4Fr, - curves::mnt6753::G1Projective as MNT6G1Projective, + curves::mnt6753::G1Projective as MNT6G1Projective, fields::mnt4753::Fr as MNT4Fr, UniformRand, }; use criterion::Criterion; use primitives::{ crh::MNT4PoseidonHash, - signature::{schnorr::field_based_schnorr::*, FieldBasedSignatureScheme} + signature::{schnorr::field_based_schnorr::*, FieldBasedSignatureScheme}, }; - type SchnorrMNT4Fr = FieldBasedSchnorrSignatureScheme; + type SchnorrMNT4Fr = + FieldBasedSchnorrSignatureScheme; fn schnorr_signature_keygen(c: &mut Criterion) { - c.bench_function("FieldSchnorrMNT4: KeyGen", move |b| { b.iter(|| { let mut rng = &mut rand::thread_rng(); @@ -145,5 +147,5 @@ mod field_impl { } } -use crate::{projective::schnorr_sig_projective, field_impl::field_based_schnorr_sig}; +use crate::{field_impl::field_based_schnorr_sig, projective::schnorr_sig_projective}; criterion_main!(schnorr_sig_projective, field_based_schnorr_sig); diff --git a/primitives/src/commitment/injective_map/mod.rs b/primitives/src/commitment/injective_map/mod.rs index b313b534a..7edcadd06 100644 --- a/primitives/src/commitment/injective_map/mod.rs +++ b/primitives/src/commitment/injective_map/mod.rs @@ -11,9 +11,9 @@ pub use crate::crh::injective_map::InjectiveMap; use algebra::groups::Group; pub struct PedersenCommCompressor, W: PedersenWindow> { - _group: PhantomData, + _group: PhantomData, _compressor: PhantomData, - _comm: PedersenCommitment, + _comm: PedersenCommitment, } impl, W: PedersenWindow> CommitmentScheme diff --git a/primitives/src/commitment/mod.rs b/primitives/src/commitment/mod.rs index 07330181c..d27828c1f 100644 --- a/primitives/src/commitment/mod.rs +++ b/primitives/src/commitment/mod.rs @@ -1,11 +1,9 @@ +use algebra::bytes::ToBytes; use algebra::UniformRand; use rand::Rng; use std::{fmt::Debug, hash::Hash}; -use algebra::bytes::ToBytes; -use serde::{ - Serialize, Deserialize -}; +use serde::{Deserialize, Serialize}; pub mod blake2s; pub mod injective_map; @@ -16,7 +14,14 @@ use crate::Error; pub trait CommitmentScheme { type Output: ToBytes + Serialize + for<'a> Deserialize<'a> + Clone + Default + Eq + Hash + Debug; type Parameters: Clone + Serialize + for<'a> Deserialize<'a>; - type Randomness: Clone + ToBytes + Serialize + for<'a> Deserialize<'a> + Default + Eq + UniformRand + Debug; + type Randomness: Clone + + ToBytes + + Serialize + + for<'a> Deserialize<'a> + + Default + + Eq + + UniformRand + + Debug; fn setup(r: &mut R) -> Result; diff --git a/primitives/src/commitment/pedersen/mod.rs b/primitives/src/commitment/pedersen/mod.rs index d2bf267d9..66735f8bf 100644 --- a/primitives/src/commitment/pedersen/mod.rs +++ b/primitives/src/commitment/pedersen/mod.rs @@ -1,4 +1,4 @@ -use crate::{Error, CryptoError}; +use crate::{CryptoError, Error}; use algebra::{ bytes::ToBytes, groups::Group, BitIterator, Field, FpParameters, PrimeField, ToConstraintField, UniformRand, @@ -16,17 +16,17 @@ use crate::crh::{ FixedLengthCRH, }; -use serde::{Serialize, Deserialize}; +use serde::{Deserialize, Serialize}; #[derive(Clone, Serialize, Deserialize)] #[serde(bound(deserialize = "G: Group"))] pub struct PedersenParameters { pub randomness_generator: Vec, - pub generators: Vec>, + pub generators: Vec>, } pub struct PedersenCommitment { - group: PhantomData, + group: PhantomData, window: PhantomData, } @@ -86,10 +86,9 @@ impl CommitmentScheme for PedersenCommitment let commit_time = start_timer!(|| "PedersenCOMM::Commit"); // If the input is too long, return an error. if input.len() > W::WINDOW_SIZE * W::NUM_WINDOWS { - Err(Box::new(CryptoError::Other(format!( - "incorrect input length: {:?}", - input.len() - ).to_owned())))? + Err(Box::new(CryptoError::Other( + format!("incorrect input length: {:?}", input.len()).to_owned(), + )))? } // Pad the input to the necessary length. let mut padded_input = Vec::with_capacity(input.len()); @@ -103,11 +102,14 @@ impl CommitmentScheme for PedersenCommitment input = padded_input.as_slice(); } if parameters.generators.len() != W::NUM_WINDOWS { - Err(Box::new(CryptoError::Other(format!( - "Number of generators: {} not enough for the selected num windows: {}", - parameters.generators.len(), - W::NUM_WINDOWS - ).to_owned())))? + Err(Box::new(CryptoError::Other( + format!( + "Number of generators: {} not enough for the selected num windows: {}", + parameters.generators.len(), + W::NUM_WINDOWS + ) + .to_owned(), + )))? } // Invoke Pedersen CRH here, to prevent code duplication. diff --git a/primitives/src/crh/bowe_hopwood/mod.rs b/primitives/src/crh/bowe_hopwood/mod.rs index 44fc83e5b..292ddef19 100644 --- a/primitives/src/crh/bowe_hopwood/mod.rs +++ b/primitives/src/crh/bowe_hopwood/mod.rs @@ -1,4 +1,4 @@ -use crate::{Error, bytes_to_bits, CryptoError}; +use crate::{bytes_to_bits, CryptoError, Error}; use rand::Rng; use rayon::prelude::*; use std::{ @@ -9,7 +9,7 @@ use std::{ use super::pedersen::{PedersenCRH, PedersenWindow}; use crate::crh::FixedLengthCRH; use algebra::{biginteger::BigInteger, fields::PrimeField, groups::Group}; -use serde::{Serialize, Deserialize}; +use serde::{Deserialize, Serialize}; pub const CHUNK_SIZE: usize = 3; @@ -20,7 +20,7 @@ pub struct BoweHopwoodPedersenParameters { } pub struct BoweHopwoodPedersenCRH { - group: PhantomData, + group: PhantomData, window: PhantomData, } @@ -85,13 +85,16 @@ impl FixedLengthCRH for BoweHopwoodPedersenCRH W::WINDOW_SIZE * W::NUM_WINDOWS * CHUNK_SIZE { - return Err(Box::new(CryptoError::Other(format!( - "incorrect input length {:?} for window params {:?}x{:?}x{}", - input.len(), - W::WINDOW_SIZE, - W::NUM_WINDOWS, - CHUNK_SIZE, - ).to_owned()))); + return Err(Box::new(CryptoError::Other( + format!( + "incorrect input length {:?} for window params {:?}x{:?}x{}", + input.len(), + W::WINDOW_SIZE, + W::NUM_WINDOWS, + CHUNK_SIZE, + ) + .to_owned(), + ))); } let mut padded_input = Vec::with_capacity(input.len()); @@ -106,21 +109,27 @@ impl FixedLengthCRH for BoweHopwoodPedersenCRH FixedLengthCRH for BoweHopwoodPedersenCRH Debug for BoweHopwoodPedersenParameters { } } -impl BoweHopwoodPedersenParameters{ +impl BoweHopwoodPedersenParameters { pub fn check_consistency(&self) -> bool { for (i, p1) in self.generators.iter().enumerate() { if p1[0] == G::zero() { diff --git a/primitives/src/crh/injective_map/mod.rs b/primitives/src/crh/injective_map/mod.rs index bd8c81157..aa350d277 100644 --- a/primitives/src/crh/injective_map/mod.rs +++ b/primitives/src/crh/injective_map/mod.rs @@ -16,10 +16,10 @@ use algebra::{ groups::Group, }; -use serde::{Serialize, Deserialize}; +use serde::{Deserialize, Serialize}; pub trait InjectiveMap { - type Output: ToBytes + Serialize + for<'a> Deserialize <'a> + Clone + Eq + Hash + Default + Debug; + type Output: ToBytes + Serialize + for<'a> Deserialize<'a> + Clone + Eq + Hash + Default + Debug; fn injective_map(ge: &G) -> Result; } @@ -30,10 +30,7 @@ impl InjectiveMap> for TECompressor { fn injective_map(ge: &TEAffine

) -> Result { if !ge.is_in_correct_subgroup_assuming_on_curve() { - return Err(CryptoError::InvalidElement(format!( - "{}", - ge - ))); + return Err(CryptoError::InvalidElement(format!("{}", ge))); } Ok(ge.x) } @@ -45,19 +42,16 @@ impl InjectiveMap> for TECompressor { fn injective_map(ge: &TEProjective

) -> Result { let ge = ge.into_affine(); if !ge.is_in_correct_subgroup_assuming_on_curve() { - return Err(CryptoError::InvalidElement(format!( - "{}", - ge - ))); + return Err(CryptoError::InvalidElement(format!("{}", ge))); } Ok(ge.x) } } pub struct PedersenCRHCompressor, W: PedersenWindow> { - _group: PhantomData, + _group: PhantomData, _compressor: PhantomData, - _crh: PedersenCRH, + _crh: PedersenCRH, } impl, W: PedersenWindow> FixedLengthCRH diff --git a/primitives/src/crh/mod.rs b/primitives/src/crh/mod.rs index 86a4a65f4..7e2347225 100644 --- a/primitives/src/crh/mod.rs +++ b/primitives/src/crh/mod.rs @@ -1,9 +1,7 @@ -use algebra::{ - Field, bytes::ToBytes -}; +use algebra::{bytes::ToBytes, Field}; use rand::Rng; +use serde::{Deserialize, Serialize}; use std::hash::Hash; -use serde::{Serialize, Deserialize}; pub mod bowe_hopwood; pub mod injective_map; @@ -15,7 +13,7 @@ pub use self::sbox::*; pub mod poseidon; pub use self::poseidon::*; -use crate::{Error, CryptoError}; +use crate::{CryptoError, Error}; use rayon::prelude::*; pub trait FixedLengthCRH { @@ -49,9 +47,9 @@ pub trait FieldBasedHash { /// Initialize a Field Hash accepting inputs of variable length. /// It is able to serve two different modes, selected by the boolean `mod_rate`: - /// - `mod_rate` = False is for the ususal variable length hash, whereas + /// - `mod_rate` = False is for the ususal variable length hash, whereas /// - `mod_rate` = True allows the input only to be a multiple of the rate (and hence - /// should throw an error when trying to finalize with a non-multiple of rate input). + /// should throw an error when trying to finalize with a non-multiple of rate input). /// This mode allows an optimized handling of padding, saving constraints in SNARK applications; fn init_variable_length(mod_rate: bool, personalization: Option<&[Self::Data]>) -> Self; @@ -68,12 +66,8 @@ pub trait FieldBasedHash { /// Helper allowing to hash the implementor of this trait into a Field pub trait FieldHasher> { - /// Hash `self`, given some optional `personalization` into a Field - fn hash( - &self, - personalization: Option<&[H::Data]> - ) -> Result; + fn hash(&self, personalization: Option<&[H::Data]>) -> Result; } pub trait BatchFieldBasedHash { @@ -91,20 +85,29 @@ pub trait BatchFieldBasedHash { /// of aggregated hash but it's actually the hash result of each of the inputs, grouped in /// hash_rate chunks. fn batch_evaluate(input_array: &[Self::Data]) -> Result, Error> { - let rate = <::Parameters as FieldBasedHashParameters>::R; if input_array.len() % rate != 0 { - return Err(Box::new(CryptoError::Other("The length of the input data array is not a multiple of the rate".to_owned()))); + return Err(Box::new(CryptoError::Other( + "The length of the input data array is not a multiple of the rate".to_owned(), + ))); } if input_array.len() == 0 { - return Err(Box::new(CryptoError::Other("Input data array does not contain any data".to_owned()))); + return Err(Box::new(CryptoError::Other( + "Input data array does not contain any data".to_owned(), + ))); } - Ok(input_array.par_chunks(rate).map(|chunk| { - let mut digest = ::init_constant_length(rate, None); - chunk.iter().for_each(|input| { digest.update(input.clone()); } ); - digest.finalize().unwrap() - }).collect::>()) + Ok(input_array + .par_chunks(rate) + .map(|chunk| { + let mut digest = + ::init_constant_length(rate, None); + chunk.iter().for_each(|input| { + digest.update(input.clone()); + }); + digest.finalize().unwrap() + }) + .collect::>()) } /// Given an `input_array` of size n * hash_rate, batches the computation of the n hashes @@ -114,13 +117,20 @@ pub trait BatchFieldBasedHash { /// NOTE: The hashes are independent from each other, therefore the output is not some sort /// of aggregated hash but it's actually the hash result of each of the inputs, grouped in /// hash_rate chunks. - fn batch_evaluate_in_place(input_array: &mut[Self::Data], output_array: &mut[Self::Data]) -> Result<(), Error> { + fn batch_evaluate_in_place( + input_array: &mut [Self::Data], + output_array: &mut [Self::Data], + ) -> Result<(), Error> { let rate = <::Parameters as FieldBasedHashParameters>::R; if input_array.len() % rate != 0 { - return Err(Box::new(CryptoError::Other("The length of the input data array is not a multiple of the rate".to_owned()))); + return Err(Box::new(CryptoError::Other( + "The length of the input data array is not a multiple of the rate".to_owned(), + ))); } if input_array.len() == 0 { - return Err(Box::new(CryptoError::Other("Input data array does not contain any data".to_owned()))); + return Err(Box::new(CryptoError::Other( + "Input data array does not contain any data".to_owned(), + ))); } if output_array.len() != input_array.len() / rate { return Err(Box::new(CryptoError::Other(format!( @@ -130,10 +140,15 @@ pub trait BatchFieldBasedHash { rate )))); } - input_array.par_chunks(rate).zip(output_array.par_iter_mut()) + input_array + .par_chunks(rate) + .zip(output_array.par_iter_mut()) .for_each(|(inputs, output)| { - let mut digest = ::init_constant_length(rate, None); - inputs.iter().for_each(|input| { digest.update(input.clone()); } ); + let mut digest = + ::init_constant_length(rate, None); + inputs.iter().for_each(|input| { + digest.update(input.clone()); + }); *output = digest.finalize().unwrap(); }); Ok(()) @@ -143,18 +158,14 @@ pub trait BatchFieldBasedHash { #[cfg(test)] mod test { - use algebra::{ - fields::mnt4753::Fr as MNT4753Fr, Field, UniformRand - }; + use algebra::{fields::mnt4753::Fr as MNT4753Fr, Field, UniformRand}; use super::BatchFieldBasedHash; - use crate::crh::poseidon::{ - MNT4PoseidonHash, MNT4BatchPoseidonHash - }; + use crate::crh::poseidon::{MNT4BatchPoseidonHash, MNT4PoseidonHash}; - use rand_xorshift::XorShiftRng; - use rand::SeedableRng; use crate::{FieldBasedHash, FieldBasedHashParameters}; + use rand::SeedableRng; + use rand_xorshift::XorShiftRng; struct DummyMNT4BatchPoseidonHash; @@ -172,21 +183,33 @@ mod test { let final_elem = inputs[inputs_len - 1].clone(); digest.reset(None); - inputs.into_iter().take(inputs_len - 1).for_each(|fe| { digest.update(fe); }); + inputs.into_iter().take(inputs_len - 1).for_each(|fe| { + digest.update(fe); + }); // Test call to finalize() with too few inputs with respect to the declared size // results in an error. - assert!(digest.finalize().is_err(), "Success call to finalize despite smaller number of inputs"); + assert!( + digest.finalize().is_err(), + "Success call to finalize despite smaller number of inputs" + ); //Test finalize() being idempotent digest.update(final_elem); let output = digest.finalize().unwrap(); - assert_eq!(output, digest.finalize().unwrap(), "Two subsequent calls to finalize gave different results"); + assert_eq!( + output, + digest.finalize().unwrap(), + "Two subsequent calls to finalize gave different results" + ); // Test call to finalize() with too much inputs with respect to the declared size // results in an error. digest.update(final_elem); - assert!(digest.finalize().is_err(), "Success call to finalize despite bigger number of inputs"); + assert!( + digest.finalize().is_err(), + "Success call to finalize despite bigger number of inputs" + ); } pub(crate) fn variable_length_field_based_hash_test( @@ -205,22 +228,33 @@ mod test { if mod_rate { constant_length_field_based_hash_test(digest, inputs); } else { - // Check padding is added correctly and that the hash is collision free when input // is not modulus rate let output = digest.finalize().unwrap(); let padded_inputs = pad_inputs(inputs.clone()); digest.reset(None); - padded_inputs.iter().for_each(|fe| { digest.update(fe.clone()); }); - assert_ne!(output, digest.finalize().unwrap(), "Incorrect padding: collision detected"); + padded_inputs.iter().for_each(|fe| { + digest.update(fe.clone()); + }); + assert_ne!( + output, + digest.finalize().unwrap(), + "Incorrect padding: collision detected" + ); // Check padding is added correctly and that the hash is collision free also when input // happens to be modulus rate let output = digest.finalize().unwrap(); let padded_inputs = pad_inputs(padded_inputs); digest.reset(None); - padded_inputs.into_iter().for_each(|fe| { digest.update(fe); }); - assert_ne!(output, digest.finalize().unwrap(), "Incorrect padding: collision detected"); + padded_inputs.into_iter().for_each(|fe| { + digest.update(fe); + }); + assert_ne!( + output, + digest.finalize().unwrap(), + "Incorrect padding: collision detected" + ); } } @@ -237,14 +271,23 @@ mod test { } let batch_hash_output = MNT4BatchPoseidonHash::batch_evaluate(inputs.as_slice()).unwrap(); - let dummy_batch_hash_output = DummyMNT4BatchPoseidonHash::batch_evaluate(inputs.as_slice()).unwrap(); + let dummy_batch_hash_output = + DummyMNT4BatchPoseidonHash::batch_evaluate(inputs.as_slice()).unwrap(); assert_eq!(batch_hash_output, dummy_batch_hash_output); - let mut batch_hash_output_new = vec![MNT4753Fr::zero(); num_inputs/rate]; - let mut dummy_batch_hash_output_new = vec![MNT4753Fr::zero(); num_inputs/rate]; - - MNT4BatchPoseidonHash::batch_evaluate_in_place(inputs.as_mut_slice(), batch_hash_output_new.as_mut_slice()).unwrap(); - DummyMNT4BatchPoseidonHash::batch_evaluate_in_place(inputs.as_mut_slice(), dummy_batch_hash_output_new.as_mut_slice()).unwrap(); + let mut batch_hash_output_new = vec![MNT4753Fr::zero(); num_inputs / rate]; + let mut dummy_batch_hash_output_new = vec![MNT4753Fr::zero(); num_inputs / rate]; + + MNT4BatchPoseidonHash::batch_evaluate_in_place( + inputs.as_mut_slice(), + batch_hash_output_new.as_mut_slice(), + ) + .unwrap(); + DummyMNT4BatchPoseidonHash::batch_evaluate_in_place( + inputs.as_mut_slice(), + dummy_batch_hash_output_new.as_mut_slice(), + ) + .unwrap(); assert_eq!(batch_hash_output_new, dummy_batch_hash_output_new); assert_eq!(batch_hash_output, batch_hash_output_new); diff --git a/primitives/src/crh/pedersen/mod.rs b/primitives/src/crh/pedersen/mod.rs index 303881277..5696a64e0 100644 --- a/primitives/src/crh/pedersen/mod.rs +++ b/primitives/src/crh/pedersen/mod.rs @@ -1,4 +1,4 @@ -use crate::{Error, bytes_to_bits, CryptoError}; +use crate::{bytes_to_bits, CryptoError, Error}; use rand::Rng; use rayon::prelude::*; use std::{ @@ -8,8 +8,7 @@ use std::{ use crate::crh::FixedLengthCRH; use algebra::{groups::Group, Field, ToConstraintField}; -use serde::{Serialize, Deserialize}; - +use serde::{Deserialize, Serialize}; pub trait PedersenWindow: Clone { const WINDOW_SIZE: usize; @@ -23,7 +22,7 @@ pub struct PedersenParameters { } pub struct PedersenCRH { - group: PhantomData, + group: PhantomData, window: PhantomData, } @@ -68,12 +67,15 @@ impl FixedLengthCRH for PedersenCRH { let eval_time = start_timer!(|| "PedersenCRH::Eval"); if (input.len() * 8) > W::WINDOW_SIZE * W::NUM_WINDOWS { - return Err(Box::new(CryptoError::Other(format!( - "incorrect input length {:?} for window params {:?}x{:?}", - input.len(), - W::WINDOW_SIZE, - W::NUM_WINDOWS - ).to_owned()))); + return Err(Box::new(CryptoError::Other( + format!( + "incorrect input length {:?} for window params {:?}x{:?}", + input.len(), + W::WINDOW_SIZE, + W::NUM_WINDOWS + ) + .to_owned(), + ))); } let mut padded_input = Vec::with_capacity(input.len()); @@ -89,14 +91,16 @@ impl FixedLengthCRH for PedersenCRH { } if parameters.generators.len() != W::NUM_WINDOWS { - Err(Box::new(CryptoError::Other(format!( - "Incorrect pp of size {:?}x{:?} for window params {:?}x{:?}", - parameters.generators[0].len(), - parameters.generators.len(), - W::WINDOW_SIZE, - W::NUM_WINDOWS - ).to_owned())))? - + Err(Box::new(CryptoError::Other( + format!( + "Incorrect pp of size {:?}x{:?} for window params {:?}x{:?}", + parameters.generators[0].len(), + parameters.generators.len(), + W::WINDOW_SIZE, + W::NUM_WINDOWS + ) + .to_owned(), + )))? } // Compute sum of h_i^{m_i} for all i. @@ -129,7 +133,7 @@ impl Debug for PedersenParameters { } } -impl PedersenParameters{ +impl PedersenParameters { pub fn check_consistency(&self) -> bool { for (i, p1) in self.generators.iter().enumerate() { if p1[0] == G::zero() { diff --git a/primitives/src/crh/poseidon/batched_crh.rs b/primitives/src/crh/poseidon/batched_crh.rs index d12ca01e5..a66845b58 100644 --- a/primitives/src/crh/poseidon/batched_crh.rs +++ b/primitives/src/crh/poseidon/batched_crh.rs @@ -1,28 +1,38 @@ -use algebra::PrimeField; -use std::marker::PhantomData; use crate::crh::BatchFieldBasedHash; -use crate::{Error, PoseidonParameters, PoseidonHash, BatchSBox, CryptoError}; +use crate::{BatchSBox, CryptoError, Error, PoseidonHash, PoseidonParameters}; +use algebra::PrimeField; use rayon::prelude::*; +use std::marker::PhantomData; -pub struct PoseidonBatchHash, SB: BatchSBox> -{ - _field: PhantomData, +pub struct PoseidonBatchHash< + F: PrimeField, + P: PoseidonParameters, + SB: BatchSBox, +> { + _field: PhantomData, _parameters: PhantomData

, - _sbox: PhantomData, + _sbox: PhantomData, } impl PoseidonBatchHash - where - F: PrimeField, - P: PoseidonParameters, - SB: BatchSBox, +where + F: PrimeField, + P: PoseidonParameters, + SB: BatchSBox, { fn apply_permutation(input_array: &[F]) -> Vec> { - // Sanity checks let array_length = input_array.len() / P::R; - assert_eq!(input_array.len() % P::R, 0, "The length of the input data array is not a multiple of the rate."); - assert_ne!(input_array.len(), 0, "Input data array does not contain any data."); + assert_eq!( + input_array.len() % P::R, + 0, + "The length of the input data array is not a multiple of the rate." + ); + assert_ne!( + input_array.len(), + 0, + "Input data array does not contain any data." + ); // Assign pre-computed values of the state vector equivalent to a permutation with zero element state vector let mut state_z = Vec::new(); @@ -50,19 +60,17 @@ impl PoseidonBatchHash // Calculate the chunk size to split the state vector let cpus = rayon::current_num_threads(); - let chunk_size = (array_length as f64/ cpus as f64).ceil() as usize; + let chunk_size = (array_length as f64 / cpus as f64).ceil() as usize; // apply permutation to different chunks in parallel - state.par_chunks_mut(chunk_size) - .for_each(| p1| { - Self::poseidon_perm_gen(p1); - }); + state.par_chunks_mut(chunk_size).for_each(|p1| { + Self::poseidon_perm_gen(p1); + }); state } fn poseidon_full_round(vec_state: &mut [Vec], round_cst_idx: &mut usize) { - // go over each of the state vectors and add the round constants for k in 0..vec_state.len() { let round_cst_idx_copy = &mut round_cst_idx.clone(); @@ -80,7 +88,6 @@ impl PoseidonBatchHash } fn poseidon_partial_round(vec_state: &mut [Vec], round_cst_idx: &mut usize) { - // go over each of the state vectors and add the round constants for k in 0..vec_state.len() { let round_cst_idx_copy = &mut round_cst_idx.clone(); @@ -98,7 +105,6 @@ impl PoseidonBatchHash } pub fn poseidon_perm_gen(vec_state: &mut [Vec]) { - // index that goes over the round constants let mut round_cst_idx: usize = 0; @@ -120,16 +126,15 @@ impl PoseidonBatchHash } impl BatchFieldBasedHash for PoseidonBatchHash - where - F: PrimeField, - P: PoseidonParameters, - SB: BatchSBox, +where + F: PrimeField, + P: PoseidonParameters, + SB: BatchSBox, { type Data = F; type BaseHash = PoseidonHash; fn batch_evaluate(input_array: &[F]) -> Result, Error> { - // Input: // This function calculates the hashes of inputs by groups of the rate P::R. // The inputs are arranged in an array and arranged as consecutive chunks @@ -143,13 +148,13 @@ impl BatchFieldBasedHash for PoseidonBatchHash if input_array.len() % P::R != 0 { Err(Box::new(CryptoError::Other( - "The length of the input data array is not a multiple of the rate.".to_owned() + "The length of the input data array is not a multiple of the rate.".to_owned(), )))? } if input_array.len() == 0 { Err(Box::new(CryptoError::Other( - "Input data array does not contain any data.".to_owned() + "Input data array does not contain any data.".to_owned(), )))? } @@ -163,8 +168,7 @@ impl BatchFieldBasedHash for PoseidonBatchHash Ok(output_array) } - fn batch_evaluate_in_place(input_array: &mut[F], output_array: &mut[F]) -> Result<(), Error> { - + fn batch_evaluate_in_place(input_array: &mut [F], output_array: &mut [F]) -> Result<(), Error> { // Input: // This function calculates the hashes of inputs by groups of the rate P::R. // The inputs are arranged in an array and arranged as consecutive chunks @@ -176,13 +180,13 @@ impl BatchFieldBasedHash for PoseidonBatchHash if input_array.len() % P::R != 0 { Err(Box::new(CryptoError::Other( - "The length of the input data array is not a multiple of the rate.".to_owned() + "The length of the input data array is not a multiple of the rate.".to_owned(), )))? } if input_array.len() == 0 { Err(Box::new(CryptoError::Other( - "Input data array does not contain any data.".to_owned() + "Input data array does not contain any data.".to_owned(), )))? } @@ -208,17 +212,17 @@ impl BatchFieldBasedHash for PoseidonBatchHash #[cfg(test)] mod test { + use crate::{BatchFieldBasedHash, FieldBasedHash}; use algebra::{Field, UniformRand}; - use crate::{FieldBasedHash, BatchFieldBasedHash}; - use rand_xorshift::XorShiftRng; use rand::SeedableRng; + use rand_xorshift::XorShiftRng; use std::str::FromStr; #[cfg(feature = "mnt4_753")] mod mnt4_753 { use super::*; + use crate::{MNT4BatchPoseidonHash, MNT4PoseidonHash}; use algebra::fields::mnt4753::Fr as MNT4753Fr; - use crate::{MNT4PoseidonHash, MNT4BatchPoseidonHash}; #[test] fn test_batch_hash_mnt4() { @@ -250,7 +254,9 @@ mod test { input_serial.iter().for_each(|p| { let mut digest = MNT4PoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { digest.update(f); }); + p.into_iter().for_each(|&f| { + digest.update(f); + }); output_4753.push(digest.finalize().unwrap()); }); @@ -260,17 +266,26 @@ mod test { // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output_4753[i], output_vec[i], "Hash outputs, position {}, for MNT4 are not equal.", i); + assert_eq!( + output_4753[i], output_vec[i], + "Hash outputs, position {}, for MNT4 are not equal.", + i + ); } // Check with one single hash let single_output = MNT4PoseidonHash::init_constant_length(2, None) .update(input_serial[0][0]) .update(input_serial[0][1]) - .finalize().unwrap(); + .finalize() + .unwrap(); let single_batch_output = MNT4BatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - assert_eq!(single_output, single_batch_output.unwrap()[0], "Single instance hash outputs are not equal for MNT4."); + assert_eq!( + single_output, + single_batch_output.unwrap()[0], + "Single instance hash outputs are not equal for MNT4." + ); } #[test] @@ -294,12 +309,20 @@ mod test { let output_vec = (MNT4BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); let mut output_vec_in_place = vec![MNT4753Fr::zero(); num_hashes]; - MNT4BatchPoseidonHash::batch_evaluate_in_place(&mut input_batch[..], &mut output_vec_in_place[..]).unwrap(); + MNT4BatchPoseidonHash::batch_evaluate_in_place( + &mut input_batch[..], + &mut output_vec_in_place[..], + ) + .unwrap(); // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output_vec_in_place[i], output_vec[i], "Hash outputs, position {}, for MNT6 are not equal.", i); + assert_eq!( + output_vec_in_place[i], output_vec[i], + "Hash outputs, position {}, for MNT6 are not equal.", + i + ); } } @@ -335,12 +358,11 @@ mod test { #[cfg(feature = "mnt6_753")] mod mnt6_753 { use super::*; + use crate::{MNT6BatchPoseidonHash, MNT6PoseidonHash}; use algebra::fields::mnt6753::Fr as MNT6753Fr; - use crate::{MNT6PoseidonHash, MNT6BatchPoseidonHash}; #[test] fn test_batch_hash_mnt6() { - // the number of hashes to test let num_hashes = 1000; @@ -369,7 +391,9 @@ mod test { input_serial.iter().for_each(|p| { let mut digest = MNT6PoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { digest.update(f); }); + p.into_iter().for_each(|&f| { + digest.update(f); + }); output_6753.push(digest.finalize().unwrap()); }); @@ -379,22 +403,30 @@ mod test { // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output_6753[i], output_vec[i], "Hash outputs, position {}, for MNT6 are not equal.", i); + assert_eq!( + output_6753[i], output_vec[i], + "Hash outputs, position {}, for MNT6 are not equal.", + i + ); } // Check with one single hash let single_output = MNT6PoseidonHash::init_constant_length(2, None) .update(input_serial[0][0]) .update(input_serial[0][1]) - .finalize().unwrap(); + .finalize() + .unwrap(); let single_batch_output = MNT6BatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - assert_eq!(single_output, single_batch_output.unwrap()[0], "Single instance hash outputs are not equal for MNT6."); + assert_eq!( + single_output, + single_batch_output.unwrap()[0], + "Single instance hash outputs are not equal for MNT6." + ); } #[test] fn test_batch_hash_mnt6_in_place() { - // the number of hashes to test let num_hashes = 1000; @@ -414,12 +446,20 @@ mod test { let output_vec = (MNT6BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); let mut output_vec_in_place = vec![MNT6753Fr::zero(); num_hashes]; - MNT6BatchPoseidonHash::batch_evaluate_in_place(&mut input_batch[..], &mut output_vec_in_place[..]).unwrap(); + MNT6BatchPoseidonHash::batch_evaluate_in_place( + &mut input_batch[..], + &mut output_vec_in_place[..], + ) + .unwrap(); // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output_vec_in_place[i], output_vec[i], "Hash outputs, position {}, for MNT6 are not equal.", i); + assert_eq!( + output_vec_in_place[i], output_vec[i], + "Hash outputs, position {}, for MNT6 are not equal.", + i + ); } } @@ -455,14 +495,11 @@ mod test { #[cfg(feature = "bn_382")] mod bn_382 { use super::*; - use algebra::fields::bn_382::{ - Fr as BN382Fr, - Fq as BN382Fq, - }; use crate::{ - BN382FrPoseidonHash, BN382FrBatchPoseidonHash, - BN382FqPoseidonHash, BN382FqBatchPoseidonHash, + BN382FqBatchPoseidonHash, BN382FqPoseidonHash, BN382FrBatchPoseidonHash, + BN382FrPoseidonHash, }; + use algebra::fields::bn_382::{Fq as BN382Fq, Fr as BN382Fr}; #[test] fn test_batch_hash_bn382fq() { @@ -493,7 +530,9 @@ mod test { input_serial.iter().for_each(|p| { let mut digest = BN382FqPoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { digest.update(f); }); + p.into_iter().for_each(|&f| { + digest.update(f); + }); output.push(digest.finalize().unwrap()); }); @@ -502,7 +541,11 @@ mod test { // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output[i], output_vec[i], "Hash outputs, position {}, for BN382Fq are not equal.", i); + assert_eq!( + output[i], output_vec[i], + "Hash outputs, position {}, for BN382Fq are not equal.", + i + ); } // Check with one single hash @@ -513,12 +556,15 @@ mod test { .unwrap(); let single_batch_output = BN382FqBatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - assert_eq!(single_output, single_batch_output.unwrap()[0], "Single instance hash outputs are not equal for BN382Fq."); + assert_eq!( + single_output, + single_batch_output.unwrap()[0], + "Single instance hash outputs are not equal for BN382Fq." + ); } #[test] fn test_batch_hash_bn382fr() { - // the number of hashes to test let num_hashes = 1000; @@ -546,7 +592,9 @@ mod test { input_serial.iter().for_each(|p| { let mut digest = BN382FrPoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { digest.update(f); }); + p.into_iter().for_each(|&f| { + digest.update(f); + }); output.push(digest.finalize().unwrap()); }); @@ -555,7 +603,11 @@ mod test { // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output[i], output_vec[i], "Hash outputs, position {}, for BN382Fr are not equal.", i); + assert_eq!( + output[i], output_vec[i], + "Hash outputs, position {}, for BN382Fr are not equal.", + i + ); } // Check with one single hash @@ -566,7 +618,11 @@ mod test { .unwrap(); let single_batch_output = BN382FrBatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - assert_eq!(single_output, single_batch_output.unwrap()[0], "Single instance hash outputs are not equal for BN382Fr."); + assert_eq!( + single_output, + single_batch_output.unwrap()[0], + "Single instance hash outputs are not equal for BN382Fr." + ); } #[test] @@ -590,18 +646,25 @@ mod test { let output_vec = (BN382FqBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); let mut output_vec_in_place = vec![BN382Fq::zero(); num_hashes]; - BN382FqBatchPoseidonHash::batch_evaluate_in_place(&mut input_batch[..], &mut output_vec_in_place[..]).unwrap(); + BN382FqBatchPoseidonHash::batch_evaluate_in_place( + &mut input_batch[..], + &mut output_vec_in_place[..], + ) + .unwrap(); // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output_vec_in_place[i], output_vec[i], "Hash outputs, position {}, for BN382Fq are not equal.", i); + assert_eq!( + output_vec_in_place[i], output_vec[i], + "Hash outputs, position {}, for BN382Fq are not equal.", + i + ); } } #[test] fn test_batch_hash_bn382fr_in_place() { - // the number of hashes to test let num_hashes = 1000; @@ -621,12 +684,20 @@ mod test { let output_vec = (BN382FrBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); let mut output_vec_in_place = vec![BN382Fr::zero(); num_hashes]; - BN382FrBatchPoseidonHash::batch_evaluate_in_place(&mut input_batch[..], &mut output_vec_in_place[..]).unwrap(); + BN382FrBatchPoseidonHash::batch_evaluate_in_place( + &mut input_batch[..], + &mut output_vec_in_place[..], + ) + .unwrap(); // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output_vec_in_place[i], output_vec[i], "Hash outputs, position {}, for BN382Fr are not equal.", i); + assert_eq!( + output_vec_in_place[i], output_vec[i], + "Hash outputs, position {}, for BN382Fr are not equal.", + i + ); } } } @@ -634,14 +705,11 @@ mod test { #[cfg(feature = "tweedle")] mod tweedle { use super::*; - use algebra::fields::tweedle::{ - Fr as TweedleFr, - Fq as TweedleFq, - }; use crate::{ - TweedleFrPoseidonHash, TweedleFrBatchPoseidonHash, - TweedleFqPoseidonHash, TweedleFqBatchPoseidonHash, + TweedleFqBatchPoseidonHash, TweedleFqPoseidonHash, TweedleFrBatchPoseidonHash, + TweedleFrPoseidonHash, }; + use algebra::fields::tweedle::{Fq as TweedleFq, Fr as TweedleFr}; #[test] fn test_batch_hash_tweedlefq() { @@ -672,7 +740,9 @@ mod test { input_serial.iter().for_each(|p| { let mut digest = TweedleFqPoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { digest.update(f); }); + p.into_iter().for_each(|&f| { + digest.update(f); + }); output.push(digest.finalize().unwrap()); }); @@ -681,7 +751,11 @@ mod test { // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output[i], output_vec[i], "Hash outputs, position {}, for TweedleFr are not equal.", i); + assert_eq!( + output[i], output_vec[i], + "Hash outputs, position {}, for TweedleFr are not equal.", + i + ); } // Check with one single hash @@ -690,14 +764,18 @@ mod test { .update(input_serial[0][1]) .finalize() .unwrap(); - let single_batch_output = TweedleFqBatchPoseidonHash::batch_evaluate(&input_batch[0..2]); + let single_batch_output = + TweedleFqBatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - assert_eq!(single_output, single_batch_output.unwrap()[0], "Single instance hash outputs are not equal for TweedleFq."); + assert_eq!( + single_output, + single_batch_output.unwrap()[0], + "Single instance hash outputs are not equal for TweedleFq." + ); } #[test] fn test_batch_hash_tweedlefr() { - // the number of hashes to test let num_hashes = 1000; @@ -725,7 +803,9 @@ mod test { input_serial.iter().for_each(|p| { let mut digest = TweedleFrPoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { digest.update(f); }); + p.into_iter().for_each(|&f| { + digest.update(f); + }); output.push(digest.finalize().unwrap()); }); @@ -734,7 +814,11 @@ mod test { // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output[i], output_vec[i], "Hash outputs, position {}, for TweedleFr are not equal.", i); + assert_eq!( + output[i], output_vec[i], + "Hash outputs, position {}, for TweedleFr are not equal.", + i + ); } // Check with one single hash @@ -743,9 +827,14 @@ mod test { .update(input_serial[0][1]) .finalize() .unwrap(); - let single_batch_output = TweedleFrBatchPoseidonHash::batch_evaluate(&input_batch[0..2]); + let single_batch_output = + TweedleFrBatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - assert_eq!(single_output, single_batch_output.unwrap()[0], "Single instance hash outputs are not equal for TweedleFr."); + assert_eq!( + single_output, + single_batch_output.unwrap()[0], + "Single instance hash outputs are not equal for TweedleFr." + ); } #[test] @@ -769,18 +858,25 @@ mod test { let output_vec = (TweedleFqBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); let mut output_vec_in_place = vec![TweedleFq::zero(); num_hashes]; - TweedleFqBatchPoseidonHash::batch_evaluate_in_place(&mut input_batch[..], &mut output_vec_in_place[..]).unwrap(); + TweedleFqBatchPoseidonHash::batch_evaluate_in_place( + &mut input_batch[..], + &mut output_vec_in_place[..], + ) + .unwrap(); // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output_vec_in_place[i], output_vec[i], "Hash outputs, position {}, for TweedleFq are not equal.", i); + assert_eq!( + output_vec_in_place[i], output_vec[i], + "Hash outputs, position {}, for TweedleFq are not equal.", + i + ); } } #[test] fn test_batch_hash_tweedlefr_in_place() { - // the number of hashes to test let num_hashes = 1000; @@ -800,13 +896,21 @@ mod test { let output_vec = (TweedleFrBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); let mut output_vec_in_place = vec![TweedleFr::zero(); num_hashes]; - TweedleFrBatchPoseidonHash::batch_evaluate_in_place(&mut input_batch[..], &mut output_vec_in_place[..]).unwrap(); + TweedleFrBatchPoseidonHash::batch_evaluate_in_place( + &mut input_batch[..], + &mut output_vec_in_place[..], + ) + .unwrap(); // ============================================================================= // Compare results for i in 0..num_hashes { - assert_eq!(output_vec_in_place[i], output_vec[i], "Hash outputs, position {}, for TweedleFr are not equal.", i); + assert_eq!( + output_vec_in_place[i], output_vec[i], + "Hash outputs, position {}, for TweedleFr are not equal.", + i + ); } } } -} \ No newline at end of file +} diff --git a/primitives/src/crh/poseidon/mod.rs b/primitives/src/crh/poseidon/mod.rs index bf64f451f..de92bc4bb 100644 --- a/primitives/src/crh/poseidon/mod.rs +++ b/primitives/src/crh/poseidon/mod.rs @@ -3,17 +3,11 @@ extern crate rayon; use algebra::{Field, PrimeField}; -use std::{ - ops::Mul, - marker::PhantomData -}; +use std::{marker::PhantomData, ops::Mul}; use crate::{ - crh::{ - FieldBasedHash, - FieldBasedHashParameters, - SBox, - }, CryptoError, Error + crh::{FieldBasedHash, FieldBasedHashParameters, SBox}, + CryptoError, Error, }; pub mod batched_crh; @@ -25,21 +19,20 @@ pub mod sbox; pub use self::sbox::*; pub trait PoseidonParameters: 'static + FieldBasedHashParameters + Clone { - const T: usize; // Number of S-Boxes - const R_F:i32; // Number of full rounds - const R_P:i32; // Number of partial rounds - const ZERO:Self::Fr; // The zero element in the field - const AFTER_ZERO_PERM: &'static[Self::Fr]; // State vector after a zero permutation - const ROUND_CST: &'static[Self::Fr]; // Array of round constants - const MDS_CST: &'static[Self::Fr]; // The MDS matrix + const T: usize; // Number of S-Boxes + const R_F: i32; // Number of full rounds + const R_P: i32; // Number of partial rounds + const ZERO: Self::Fr; // The zero element in the field + const AFTER_ZERO_PERM: &'static [Self::Fr]; // State vector after a zero permutation + const ROUND_CST: &'static [Self::Fr]; // Array of round constants + const MDS_CST: &'static [Self::Fr]; // The MDS matrix /// Add round constants to `state` starting from `start_idx_cst`, modifying `state` in place. #[inline] fn add_round_constants( state: &mut [::Fr], - start_idx_cst: &mut usize - ) - { + start_idx_cst: &mut usize, + ) { for d in state.iter_mut() { let rc = Self::ROUND_CST[*start_idx_cst]; *d += &rc; @@ -53,7 +46,7 @@ pub trait PoseidonParameters: 'static + FieldBasedHashParameters + Clone { fn dot_product( res: &mut ::Fr, state: &mut [::Fr], - mut start_idx_cst: usize + mut start_idx_cst: usize, ) { state.iter().for_each(|x| { let elem = x.mul(&Self::MDS_CST[start_idx_cst]); @@ -64,8 +57,7 @@ pub trait PoseidonParameters: 'static + FieldBasedHashParameters + Clone { /// Perform matrix mix on `state`, modifying `state` in place. #[inline] - fn matrix_mix(state: &mut Vec<::Fr>) - { + fn matrix_mix(state: &mut Vec<::Fr>) { // the new state where the result will be stored initialized to zero elements let mut new_state = vec![::Fr::zero(); Self::T]; @@ -85,11 +77,12 @@ pub trait PoseidonShortParameters: PoseidonParameters { } #[derive(Derivative)] -#[derivative( -Clone(bound = ""), -Debug(bound = ""), -)] -pub struct PoseidonHash, SB: SBox>{ +#[derivative(Clone(bound = ""), Debug(bound = ""))] +pub struct PoseidonHash< + F: PrimeField, + P: PoseidonParameters, + SB: SBox, +> { state: Vec, pending: Vec, input_size: Option, @@ -100,13 +93,12 @@ pub struct PoseidonHash, SB: SBox PoseidonHash - where - F: PrimeField, - P: PoseidonParameters, - SB: SBox, +where + F: PrimeField, + P: PoseidonParameters, + SB: SBox, { - fn _init(constant_size: Option, mod_rate: bool, personalization: Option<&[F]>) -> Self - { + fn _init(constant_size: Option, mod_rate: bool, personalization: Option<&[F]>) -> Self { let mut state = Vec::with_capacity(P::T); for i in 0..P::T { state.push(P::AFTER_ZERO_PERM[i]); @@ -126,13 +118,13 @@ impl PoseidonHash // This will allow eventually to precompute the constants of the initial state. This // is exactly as doing H(personalization, padding, ...). NOTE: this way of personalizing // the hash is not mentioned in https://eprint.iacr.org/2019/458.pdf - if personalization.is_some(){ + if personalization.is_some() { // Use a support variable-length non mod rate instance let mut personalization_instance = Self::init_variable_length(false, None); let personalization = personalization.unwrap(); // Apply personalization - for &p in personalization.into_iter(){ + for &p in personalization.into_iter() { personalization_instance.update(p); } @@ -171,32 +163,26 @@ impl PoseidonHash #[inline] // Padding strategy is described in https://eprint.iacr.org/2019/458.pdf(Section 4.2) - fn pad_and_finalize(&self) -> F - { + fn pad_and_finalize(&self) -> F { // Constant input length instance if self.input_size.is_some() { - // The constant size is modulus rate, so we already have the hash output in state[0] // as a permutation is applied each time pending reaches P::R length if self.pending.is_empty() { self.state[0].clone() } - // Pending is not empty: pad with 0s up to rate then compute the hash, else { Self::get_hash(self.state.clone(), self.pending.clone()) } } - // Variable input length instance else { - // The input is of variable length, but always modulus rate: result is already available // in state[0] as a permutation is applied each time pending reaches P::R length if self.mod_rate { self.state[0].clone() } - // The input is of variable length, but not modulus rate: we always need to apply // padding. Pad with a single 1 and then 0s up to rate. Compute hash. else { @@ -207,8 +193,7 @@ impl PoseidonHash } } - pub(crate) fn poseidon_perm (state: &mut Vec) { - + pub(crate) fn poseidon_perm(state: &mut Vec) { // index that goes over the round constants let round_cst_idx = &mut 0; @@ -251,10 +236,10 @@ impl PoseidonHash } impl FieldBasedHash for PoseidonHash - where - F: PrimeField, - P: PoseidonParameters, - SB: SBox, +where + F: PrimeField, + P: PoseidonParameters, + SB: SBox, { type Data = F; type Parameters = P; @@ -263,7 +248,7 @@ impl FieldBasedHash for PoseidonHash Self::_init( Some(input_size), input_size % P::R == 0, // Not taken into account, can be any - personalization + personalization, ) } @@ -279,7 +264,6 @@ impl FieldBasedHash for PoseidonHash } fn finalize(&self) -> Result { - let error_condition = // Constant input length instance, but the size of the input is different from the declared one @@ -291,14 +275,13 @@ impl FieldBasedHash for PoseidonHash (self.input_size.is_none() && self.mod_rate && self.updates_ctr % P::R != 0); // If one of the conditions above is true, we must throw an error - if error_condition - { - Err(Box::new(CryptoError::HashingError("attempt to finalize with an input of invalid size".to_owned()))) + if error_condition { + Err(Box::new(CryptoError::HashingError( + "attempt to finalize with an input of invalid size".to_owned(), + ))) } - // Otherwise pad if needed (according to the Self instance type) and return the hash output - else - { + else { Ok(self.pad_and_finalize()) } } @@ -312,16 +295,14 @@ impl FieldBasedHash for PoseidonHash #[cfg(test)] mod test { - use algebra::{Field, PrimeField}; use crate::crh::{ + test::{constant_length_field_based_hash_test, variable_length_field_based_hash_test}, FieldBasedHash, SBox, - test::{ - constant_length_field_based_hash_test, variable_length_field_based_hash_test - } }; - use crate::{FieldBasedHashParameters, PoseidonParameters, PoseidonHash}; + use crate::{FieldBasedHashParameters, PoseidonHash, PoseidonParameters}; + use algebra::{Field, PrimeField}; - fn generate_inputs(num: usize) -> Vec{ + fn generate_inputs(num: usize) -> Vec { let mut inputs = Vec::with_capacity(num); for i in 1..=num { let input = F::from(i as u32); @@ -330,38 +311,39 @@ mod test { inputs } - fn poseidon_permutation_regression_test, SB: SBox>( + fn poseidon_permutation_regression_test< + F: PrimeField, + P: PoseidonParameters, + SB: SBox, + >( start_states: Vec>, - end_states: Vec>, - ) - { + end_states: Vec>, + ) { // Regression test - start_states.into_iter().zip(end_states).enumerate().for_each(|(i, (mut start_state, end_state))| { - PoseidonHash::::poseidon_perm(&mut start_state); - assert_eq!( - start_state, - end_state, - "Incorrect end state {}:\n Expected\n{:?}\n, Found\n {:?}\n", i, start_state, end_state); - }); + start_states + .into_iter() + .zip(end_states) + .enumerate() + .for_each(|(i, (mut start_state, end_state))| { + PoseidonHash::::poseidon_perm(&mut start_state); + assert_eq!( + start_state, end_state, + "Incorrect end state {}:\n Expected\n{:?}\n, Found\n {:?}\n", + i, start_state, end_state + ); + }); } - fn test_routine>( - num_samples: usize, - ) - { + fn test_routine>(num_samples: usize) { let rate = ::R; for i in 0..num_samples { - let ins = generate_inputs::(i + 1); // Constant length { let mut digest = H::init_constant_length(i + 1, None); - constant_length_field_based_hash_test::( - &mut digest, - ins.clone() - ); + constant_length_field_based_hash_test::(&mut digest, ins.clone()); } // Variable length @@ -369,20 +351,12 @@ mod test { let mod_rate = (i + 1) % rate == 0; let mut digest = H::init_variable_length(mod_rate, None); - variable_length_field_based_hash_test::( - &mut digest, - ins.clone(), - mod_rate - ); + variable_length_field_based_hash_test::(&mut digest, ins.clone(), mod_rate); // Test also case in which mod_rate is false but the input happens to be mod rate if mod_rate { let mut digest = H::init_variable_length(!mod_rate, None); - variable_length_field_based_hash_test::( - &mut digest, - ins, - !mod_rate - ); + variable_length_field_based_hash_test::(&mut digest, ins, !mod_rate); } } } @@ -391,422 +365,1764 @@ mod test { #[cfg(feature = "mnt4_753")] #[test] fn test_poseidon_hash_mnt4() { - use algebra::{ - biginteger::BigInteger768, - fields::mnt4753::Fr as MNT4753Fr - }; use crate::crh::poseidon::parameters::mnt4753::{ - MNT4PoseidonHash, MNT4753PoseidonParameters, MNT4InversePoseidonSBox + MNT4753PoseidonParameters, MNT4InversePoseidonSBox, MNT4PoseidonHash, }; + use algebra::{biginteger::BigInteger768, fields::mnt4753::Fr as MNT4753Fr}; // Test vectors are computed via the script in ./parameters/scripts/permutation_mnt4fr.sage let start_states = vec![ vec![MNT4753Fr::zero(); 3], vec![ - MNT4753Fr::new(BigInteger768([0xf770348fbe4e29b6,0xfefd6b30dfb52494,0xec61827e5cf9425,0xc6288db72079112c,0xd70e11f75c351bac,0x2e4657caf8648c8e,0x7f9f3a94358aa2f7,0xee7f886bb42e8eab,0xe5ae5d4ec1b0796f,0xd056464cb38777c6,0xf3d7cd676c74ae38,0x120d49a741c34,])), - MNT4753Fr::new(BigInteger768([0x96de60f9741f78b7,0xa98cc9495bb4615e,0xc4b3aeadfd321c2c,0x40e4b75eb8fe1116,0x1396ee290297e819,0x9762744e4cfded19,0xbedcef99b43ee15a,0x8b84865c31d378a0,0xf5468754aa4a4c4e,0xfd715c8245c2e124,0x31cb5bb04a339986,0xdaf306180aed,])), - MNT4753Fr::new(BigInteger768([0x7e874134d509e406,0x729d013268020212,0x8b362dd530097799,0xae5054da3ad04250,0xe2e7413bd0fcbe5f,0xad08673f2f925bee,0xfb93f0ee8900d97e,0x2c1d037343b00151,0xd3dac3f2b1139f55,0x154e788ae1aca4cc,0x663269814fb52d57,0x676d9c4d8329,])), + MNT4753Fr::new(BigInteger768([ + 0xf770348fbe4e29b6, + 0xfefd6b30dfb52494, + 0xec61827e5cf9425, + 0xc6288db72079112c, + 0xd70e11f75c351bac, + 0x2e4657caf8648c8e, + 0x7f9f3a94358aa2f7, + 0xee7f886bb42e8eab, + 0xe5ae5d4ec1b0796f, + 0xd056464cb38777c6, + 0xf3d7cd676c74ae38, + 0x120d49a741c34, + ])), + MNT4753Fr::new(BigInteger768([ + 0x96de60f9741f78b7, + 0xa98cc9495bb4615e, + 0xc4b3aeadfd321c2c, + 0x40e4b75eb8fe1116, + 0x1396ee290297e819, + 0x9762744e4cfded19, + 0xbedcef99b43ee15a, + 0x8b84865c31d378a0, + 0xf5468754aa4a4c4e, + 0xfd715c8245c2e124, + 0x31cb5bb04a339986, + 0xdaf306180aed, + ])), + MNT4753Fr::new(BigInteger768([ + 0x7e874134d509e406, + 0x729d013268020212, + 0x8b362dd530097799, + 0xae5054da3ad04250, + 0xe2e7413bd0fcbe5f, + 0xad08673f2f925bee, + 0xfb93f0ee8900d97e, + 0x2c1d037343b00151, + 0xd3dac3f2b1139f55, + 0x154e788ae1aca4cc, + 0x663269814fb52d57, + 0x676d9c4d8329, + ])), ], vec![ - MNT4753Fr::new(BigInteger768([0xa26b0bc72724d615,0x729202dca25403d4,0x1b2ff6dc78c46b5e,0xed529329c88557ec,0xa7264c3cd1f1ca2d,0xa9f0e2b1e57c800f,0x2322b96082d360ec,0x138d00037c082f1c,0x6c25792c21edce0a,0x75723fc00d8d1bc3,0xf60868fea31de240,0x14e224d41e354,])), - MNT4753Fr::new(BigInteger768([0x21c229d68cde6f3f,0xf96b852ba3677e55,0x815b51e9b5e329c2,0xedec4ec2b77a9d36,0x44e0217411a0dea9,0x724a35de8cbd3141,0x8008cb5f0106c484,0x921855777c1c9cd3,0xd87d5b5babb7c9ab,0x603fc082a06ed8c4,0xe589b5a1adea946e,0x129d1f84a0c66,])), - MNT4753Fr::new(BigInteger768([0x80794339ccdf973f,0x8f537759fc1b1aca,0x7997a170b362d649,0x7b1cddf6db6ca199,0x6b25316a81753330,0xa143d6d50bd07ebf,0x4d65e4fd6f8587d6,0x572c858cf606bd90,0x245465ba33e044b1,0x86f9aaa423b9390,0x8ee2bbed6bda13a6,0x7fa83fcd7a59,])), + MNT4753Fr::new(BigInteger768([ + 0xa26b0bc72724d615, + 0x729202dca25403d4, + 0x1b2ff6dc78c46b5e, + 0xed529329c88557ec, + 0xa7264c3cd1f1ca2d, + 0xa9f0e2b1e57c800f, + 0x2322b96082d360ec, + 0x138d00037c082f1c, + 0x6c25792c21edce0a, + 0x75723fc00d8d1bc3, + 0xf60868fea31de240, + 0x14e224d41e354, + ])), + MNT4753Fr::new(BigInteger768([ + 0x21c229d68cde6f3f, + 0xf96b852ba3677e55, + 0x815b51e9b5e329c2, + 0xedec4ec2b77a9d36, + 0x44e0217411a0dea9, + 0x724a35de8cbd3141, + 0x8008cb5f0106c484, + 0x921855777c1c9cd3, + 0xd87d5b5babb7c9ab, + 0x603fc082a06ed8c4, + 0xe589b5a1adea946e, + 0x129d1f84a0c66, + ])), + MNT4753Fr::new(BigInteger768([ + 0x80794339ccdf973f, + 0x8f537759fc1b1aca, + 0x7997a170b362d649, + 0x7b1cddf6db6ca199, + 0x6b25316a81753330, + 0xa143d6d50bd07ebf, + 0x4d65e4fd6f8587d6, + 0x572c858cf606bd90, + 0x245465ba33e044b1, + 0x86f9aaa423b9390, + 0x8ee2bbed6bda13a6, + 0x7fa83fcd7a59, + ])), ], vec![ - MNT4753Fr::new(BigInteger768([0x275345cd3949fba9,0xaa492ccf37b80d9,0xdd9c6b17371c879a,0x846303d5b851d739,0x8d2b1b900c8c2227,0x780824b721514171,0xe08b4ffffb8a4f71,0xc69a0eb1b3f3ad,0x409578a5de88b1df,0xef2b552006465afb,0x2539560ecdf8147,0x134fe3e183dcd,])), - MNT4753Fr::new(BigInteger768([0xf7f3c59f70e5b72a,0xec1ae7ed077f2d99,0xbbf075b432e1a2d8,0xf32012c620b8cd09,0x81e964a2687b8654,0x43082373cc23c4f6,0x494428fd5d2b9d5,0xed89d49a5f32ca1a,0x8d2c7f6937d4bc08,0x8aa8316d21567c0c,0x5e2c9cde56f4c802,0x6422f65bc889,])), - MNT4753Fr::new(BigInteger768([0x44238a7e541cdf0,0xc09a1bda2e310a6d,0xef2001005bbaf873,0x1fd97ee19fea97eb,0xce43458dee7839cd,0x735d8cff80565348,0xca740dd90f883e06,0x8825f23c63c39a44,0xe80c50eb3548e408,0xddc815aae7e6a432,0x519048208b84f07f,0x50d352305dca,])), + MNT4753Fr::new(BigInteger768([ + 0x275345cd3949fba9, + 0xaa492ccf37b80d9, + 0xdd9c6b17371c879a, + 0x846303d5b851d739, + 0x8d2b1b900c8c2227, + 0x780824b721514171, + 0xe08b4ffffb8a4f71, + 0xc69a0eb1b3f3ad, + 0x409578a5de88b1df, + 0xef2b552006465afb, + 0x2539560ecdf8147, + 0x134fe3e183dcd, + ])), + MNT4753Fr::new(BigInteger768([ + 0xf7f3c59f70e5b72a, + 0xec1ae7ed077f2d99, + 0xbbf075b432e1a2d8, + 0xf32012c620b8cd09, + 0x81e964a2687b8654, + 0x43082373cc23c4f6, + 0x494428fd5d2b9d5, + 0xed89d49a5f32ca1a, + 0x8d2c7f6937d4bc08, + 0x8aa8316d21567c0c, + 0x5e2c9cde56f4c802, + 0x6422f65bc889, + ])), + MNT4753Fr::new(BigInteger768([ + 0x44238a7e541cdf0, + 0xc09a1bda2e310a6d, + 0xef2001005bbaf873, + 0x1fd97ee19fea97eb, + 0xce43458dee7839cd, + 0x735d8cff80565348, + 0xca740dd90f883e06, + 0x8825f23c63c39a44, + 0xe80c50eb3548e408, + 0xddc815aae7e6a432, + 0x519048208b84f07f, + 0x50d352305dca, + ])), ], vec![ - MNT4753Fr::new(BigInteger768([0x911b5559a3eeb52d,0x482afb0b1b566e49,0x3983c4efc4fb37da,0x3288b81e77372d01,0xc69bd18751793c34,0x103f732ca150f840,0xbe72b866f7fd8512,0x19f4e9f908c9d1bf,0xb7976427cfc0fe4e,0xc9f43b7c2ad54601,0x3f2eb373787a291,0x9d3dd62a7475,])), - MNT4753Fr::new(BigInteger768([0x799693496d2180d4,0x9c8364f338a500b7,0x37a57ca5674e1252,0x2c19b0502325bead,0x32b30a126f41f5ac,0x8bcd51ff52cedf29,0x9e04cb66d8d16160,0x59e8aaadbc99fab6,0xbd046f342e99d386,0x4488dd3ce29590aa,0xdcc2bb0149b02eaa,0x1543d162aa244,])), - MNT4753Fr::new(BigInteger768([0xbb41e5acd82643f9,0x4042aec0d83f7624,0x2c14ed2f563bb21e,0x9cee7ec494eb57e9,0x41eec6c2b0056ac2,0xd1ea7cfa30f223ef,0xf148c377c2fba415,0xb3b56ee96972c9cb,0x82c3e44086911217,0x9ef750feb5842cc6,0x9f33c28feb810dc0,0x727b9f80e6df,])), + MNT4753Fr::new(BigInteger768([ + 0x911b5559a3eeb52d, + 0x482afb0b1b566e49, + 0x3983c4efc4fb37da, + 0x3288b81e77372d01, + 0xc69bd18751793c34, + 0x103f732ca150f840, + 0xbe72b866f7fd8512, + 0x19f4e9f908c9d1bf, + 0xb7976427cfc0fe4e, + 0xc9f43b7c2ad54601, + 0x3f2eb373787a291, + 0x9d3dd62a7475, + ])), + MNT4753Fr::new(BigInteger768([ + 0x799693496d2180d4, + 0x9c8364f338a500b7, + 0x37a57ca5674e1252, + 0x2c19b0502325bead, + 0x32b30a126f41f5ac, + 0x8bcd51ff52cedf29, + 0x9e04cb66d8d16160, + 0x59e8aaadbc99fab6, + 0xbd046f342e99d386, + 0x4488dd3ce29590aa, + 0xdcc2bb0149b02eaa, + 0x1543d162aa244, + ])), + MNT4753Fr::new(BigInteger768([ + 0xbb41e5acd82643f9, + 0x4042aec0d83f7624, + 0x2c14ed2f563bb21e, + 0x9cee7ec494eb57e9, + 0x41eec6c2b0056ac2, + 0xd1ea7cfa30f223ef, + 0xf148c377c2fba415, + 0xb3b56ee96972c9cb, + 0x82c3e44086911217, + 0x9ef750feb5842cc6, + 0x9f33c28feb810dc0, + 0x727b9f80e6df, + ])), ], ]; let end_states = vec![ vec![ - MNT4753Fr::new(BigInteger768([0x4f54c026da6ed8f0,0x12700bf5ad94f6c9,0x23a3fa62e9c042c1,0x2394c785581c75e7,0x839626f16bd60d08,0xb29828eef68c9bd4,0xd1479004b0f71d2,0x9d1a0dffdd1e7b00,0x9f1df2af9215e68c,0xc562186972253d2e,0xf6b8c66a6f3999b0,0xa040e4e0ff92,])), - MNT4753Fr::new(BigInteger768([0xb0258a782c08064,0x6a04841f8be4990a,0xda027778a67d713b,0xb88be63be3cac9b4,0xde929c2510a321e5,0xc0d9dd704886213e,0xfbe0efc728d44f11,0x77c8d6422b5eb368,0x2827d5af4fe0fbad,0xb90c8793bc2a9d21,0xf9ce1fdde5140214,0x15a64a6345311,])), - MNT4753Fr::new(BigInteger768([0xde9731dd4ad29db3,0x86caaccf88b402a1,0xe5e77eee08fca8a2,0x1dd9e752e50aad07,0x2d0f73cfb9508a83,0xb2b6ab08f14d96eb,0x224833c17d87490d,0x4e7d2e13141aaa55,0x1796b61e1cc3563,0xdbeb6f5ed60179f,0xb0633f07c680eda2,0x601b999b7143,])), + MNT4753Fr::new(BigInteger768([ + 0x4f54c026da6ed8f0, + 0x12700bf5ad94f6c9, + 0x23a3fa62e9c042c1, + 0x2394c785581c75e7, + 0x839626f16bd60d08, + 0xb29828eef68c9bd4, + 0xd1479004b0f71d2, + 0x9d1a0dffdd1e7b00, + 0x9f1df2af9215e68c, + 0xc562186972253d2e, + 0xf6b8c66a6f3999b0, + 0xa040e4e0ff92, + ])), + MNT4753Fr::new(BigInteger768([ + 0xb0258a782c08064, + 0x6a04841f8be4990a, + 0xda027778a67d713b, + 0xb88be63be3cac9b4, + 0xde929c2510a321e5, + 0xc0d9dd704886213e, + 0xfbe0efc728d44f11, + 0x77c8d6422b5eb368, + 0x2827d5af4fe0fbad, + 0xb90c8793bc2a9d21, + 0xf9ce1fdde5140214, + 0x15a64a6345311, + ])), + MNT4753Fr::new(BigInteger768([ + 0xde9731dd4ad29db3, + 0x86caaccf88b402a1, + 0xe5e77eee08fca8a2, + 0x1dd9e752e50aad07, + 0x2d0f73cfb9508a83, + 0xb2b6ab08f14d96eb, + 0x224833c17d87490d, + 0x4e7d2e13141aaa55, + 0x1796b61e1cc3563, + 0xdbeb6f5ed60179f, + 0xb0633f07c680eda2, + 0x601b999b7143, + ])), ], vec![ - MNT4753Fr::new(BigInteger768([0xe749d7517ebe099b,0xc6abeacc602cf0bf,0x958f4b91f3c3b22d,0x9a295b36c4a6ea9e,0xd3925085d5ae2179,0xf23a8b4284968652,0x8018232a8a8fd30b,0x34533842150d4c6a,0xf0531c8f2f4a3dd4,0xeaab2b7956c6e7cb,0x9fc2b52eb516b457,0x7e2c759defce,])), - MNT4753Fr::new(BigInteger768([0xfc5dab1dedb49656,0x78deb85913893c98,0x6088942fdbff357e,0xb3c15f514de46072,0x5dc205c3ccd4df39,0x591d9320bec689a6,0x99a7765caae47a86,0x2fcfe60a560fa3ed,0x43e2f302b5852456,0x5b4087eaa01f39c6,0xcc7db3f671985b7d,0x1272366ae322b,])), - MNT4753Fr::new(BigInteger768([0xc23a10d72a73058e,0x7125f89599d62e8e,0x944ffd3948d3b453,0xc1513ee7ef29c1d2,0xdf1ddf8a25a2233,0x193c0cac56b49055,0xcb23ffde25ea2bd6,0x6d4a4ad2f3e415af,0x7da1b50b3731057,0x30f2f41a6746bd09,0x2a3cfda1f9885424,0xe6f1af34a223,])), + MNT4753Fr::new(BigInteger768([ + 0xe749d7517ebe099b, + 0xc6abeacc602cf0bf, + 0x958f4b91f3c3b22d, + 0x9a295b36c4a6ea9e, + 0xd3925085d5ae2179, + 0xf23a8b4284968652, + 0x8018232a8a8fd30b, + 0x34533842150d4c6a, + 0xf0531c8f2f4a3dd4, + 0xeaab2b7956c6e7cb, + 0x9fc2b52eb516b457, + 0x7e2c759defce, + ])), + MNT4753Fr::new(BigInteger768([ + 0xfc5dab1dedb49656, + 0x78deb85913893c98, + 0x6088942fdbff357e, + 0xb3c15f514de46072, + 0x5dc205c3ccd4df39, + 0x591d9320bec689a6, + 0x99a7765caae47a86, + 0x2fcfe60a560fa3ed, + 0x43e2f302b5852456, + 0x5b4087eaa01f39c6, + 0xcc7db3f671985b7d, + 0x1272366ae322b, + ])), + MNT4753Fr::new(BigInteger768([ + 0xc23a10d72a73058e, + 0x7125f89599d62e8e, + 0x944ffd3948d3b453, + 0xc1513ee7ef29c1d2, + 0xdf1ddf8a25a2233, + 0x193c0cac56b49055, + 0xcb23ffde25ea2bd6, + 0x6d4a4ad2f3e415af, + 0x7da1b50b3731057, + 0x30f2f41a6746bd09, + 0x2a3cfda1f9885424, + 0xe6f1af34a223, + ])), ], vec![ - MNT4753Fr::new(BigInteger768([0xbfcb18d74e65c563,0x722359395bfeb077,0xb8e0b7abddb9a694,0xc830a386c2854b6b,0x53d7c0704e145ce,0xbe91d2a17d6f8874,0x2b49e38e1b99292a,0xc7e2cb48c2be1151,0xa5e54b3a714aad54,0xf634e385fe3d9b90,0x66f9a11a59535867,0x1425351d064a2,])), - MNT4753Fr::new(BigInteger768([0x4a28ff3c4fecbb8d,0x60a639f0a2a002d9,0x5149d27ed99128c1,0x6dacfe4ce235b503,0xf21ef2fe6f344e69,0xbac70a5d64a033de,0x54f1cb89e291c8e6,0x2548230a2b8eeb67,0x763440a89ffdc8de,0x3ac6435a7c2b7922,0xacb97881f998663d,0x8ae31b1e760f,])), - MNT4753Fr::new(BigInteger768([0x9dfe82b5a7baefa5,0x14bff3144e3c4f00,0xcbb47c1db66e74c4,0x8c3d330245b24464,0x3be7110fcc0f2674,0xb4a9281c6d349356,0xa4894a010cef488c,0x2abe0a21b8a83ca7,0xf9e9d807e418b54,0x439e4046be879838,0x3204e13287f737d5,0x3098a5738444,])), + MNT4753Fr::new(BigInteger768([ + 0xbfcb18d74e65c563, + 0x722359395bfeb077, + 0xb8e0b7abddb9a694, + 0xc830a386c2854b6b, + 0x53d7c0704e145ce, + 0xbe91d2a17d6f8874, + 0x2b49e38e1b99292a, + 0xc7e2cb48c2be1151, + 0xa5e54b3a714aad54, + 0xf634e385fe3d9b90, + 0x66f9a11a59535867, + 0x1425351d064a2, + ])), + MNT4753Fr::new(BigInteger768([ + 0x4a28ff3c4fecbb8d, + 0x60a639f0a2a002d9, + 0x5149d27ed99128c1, + 0x6dacfe4ce235b503, + 0xf21ef2fe6f344e69, + 0xbac70a5d64a033de, + 0x54f1cb89e291c8e6, + 0x2548230a2b8eeb67, + 0x763440a89ffdc8de, + 0x3ac6435a7c2b7922, + 0xacb97881f998663d, + 0x8ae31b1e760f, + ])), + MNT4753Fr::new(BigInteger768([ + 0x9dfe82b5a7baefa5, + 0x14bff3144e3c4f00, + 0xcbb47c1db66e74c4, + 0x8c3d330245b24464, + 0x3be7110fcc0f2674, + 0xb4a9281c6d349356, + 0xa4894a010cef488c, + 0x2abe0a21b8a83ca7, + 0xf9e9d807e418b54, + 0x439e4046be879838, + 0x3204e13287f737d5, + 0x3098a5738444, + ])), ], vec![ - MNT4753Fr::new(BigInteger768([0x470bac44ae262597,0x37c75eb3f00758fb,0xae77bbd563b5fac6,0xa22469cb36563eb5,0x4db9a5ea229af500,0xf6848cf2a64ad4a5,0x3a4611a0ed9e6243,0xf63fb5b6489325dd,0x1a9c90dd1544863f,0xdab1cb220fdf73d4,0xb9ec40309591932b,0x141777a73c602,])), - MNT4753Fr::new(BigInteger768([0xedab7a7bd3a0061b,0x32d0ba278e569bec,0x83a9e0f317060812,0x29acd35e4d33cdb6,0x3f13496b623a9cde,0xa565606e05e4a5d,0xba87579c189af741,0x45bcb5fbad648a4e,0x32e8658135401638,0xbc853abb54e732b5,0xc37855ec443e12d3,0x1ad1ff8f54ad6,])), - MNT4753Fr::new(BigInteger768([0xaba94817dccf0311,0x601cdff2f1e54d9e,0x6a0d8ab8a097a5b6,0x51d8c83d12239512,0x92f9ef537fc921e8,0x688b9fe86605c3ae,0x250ebdd755ad043c,0x29d412ee38a1e765,0xb31f5447678264b4,0x7d053f0ea44d854b,0x5d83d881795db690,0x397b9db5b588,])), + MNT4753Fr::new(BigInteger768([ + 0x470bac44ae262597, + 0x37c75eb3f00758fb, + 0xae77bbd563b5fac6, + 0xa22469cb36563eb5, + 0x4db9a5ea229af500, + 0xf6848cf2a64ad4a5, + 0x3a4611a0ed9e6243, + 0xf63fb5b6489325dd, + 0x1a9c90dd1544863f, + 0xdab1cb220fdf73d4, + 0xb9ec40309591932b, + 0x141777a73c602, + ])), + MNT4753Fr::new(BigInteger768([ + 0xedab7a7bd3a0061b, + 0x32d0ba278e569bec, + 0x83a9e0f317060812, + 0x29acd35e4d33cdb6, + 0x3f13496b623a9cde, + 0xa565606e05e4a5d, + 0xba87579c189af741, + 0x45bcb5fbad648a4e, + 0x32e8658135401638, + 0xbc853abb54e732b5, + 0xc37855ec443e12d3, + 0x1ad1ff8f54ad6, + ])), + MNT4753Fr::new(BigInteger768([ + 0xaba94817dccf0311, + 0x601cdff2f1e54d9e, + 0x6a0d8ab8a097a5b6, + 0x51d8c83d12239512, + 0x92f9ef537fc921e8, + 0x688b9fe86605c3ae, + 0x250ebdd755ad043c, + 0x29d412ee38a1e765, + 0xb31f5447678264b4, + 0x7d053f0ea44d854b, + 0x5d83d881795db690, + 0x397b9db5b588, + ])), ], vec![ - MNT4753Fr::new(BigInteger768([0xf0afca787979dcae,0x42fbae09a94724f3,0xce13b6f47a98712e,0x68faa457e317c516,0x7f77afa6123189da,0xf24b93d153626436,0xa40c88d389b68cfd,0x9b032ff8170c5c10,0xb90fa1c19b5affe3,0xc6cb43fb1342f46b,0x73a8195215425b8a,0x16cfda5a32fef,])), - MNT4753Fr::new(BigInteger768([0xd864f5bc7dbdbe12,0xd316f0a8460332b6,0xada86ced0ff99e99,0x80860702b69fbf79,0xe4a85e8c6fe21f02,0xdc253a82c99e4359,0x538ca29cb25f1740,0xb4b3b0c1728477d2,0x2ae092fa5a67319a,0xf11e69b6ea6e795b,0xbd153a2d52cd7fe1,0x172ce347450d4,])), - MNT4753Fr::new(BigInteger768([0x16d7536835c3972f,0x6e1897915f2ecc3e,0xa12771652da6c8b8,0xaf97a5aaa35b7313,0xae2a361cddc23c31,0xefc41bde8666d6dc,0x6cdd6c01057a661,0x7235dca1f39f8bc6,0x6332b45ab259d,0x851fb01167d8a74a,0x1c840faa9ad5c9b7,0xfe4f5c82b740,])), - ] + MNT4753Fr::new(BigInteger768([ + 0xf0afca787979dcae, + 0x42fbae09a94724f3, + 0xce13b6f47a98712e, + 0x68faa457e317c516, + 0x7f77afa6123189da, + 0xf24b93d153626436, + 0xa40c88d389b68cfd, + 0x9b032ff8170c5c10, + 0xb90fa1c19b5affe3, + 0xc6cb43fb1342f46b, + 0x73a8195215425b8a, + 0x16cfda5a32fef, + ])), + MNT4753Fr::new(BigInteger768([ + 0xd864f5bc7dbdbe12, + 0xd316f0a8460332b6, + 0xada86ced0ff99e99, + 0x80860702b69fbf79, + 0xe4a85e8c6fe21f02, + 0xdc253a82c99e4359, + 0x538ca29cb25f1740, + 0xb4b3b0c1728477d2, + 0x2ae092fa5a67319a, + 0xf11e69b6ea6e795b, + 0xbd153a2d52cd7fe1, + 0x172ce347450d4, + ])), + MNT4753Fr::new(BigInteger768([ + 0x16d7536835c3972f, + 0x6e1897915f2ecc3e, + 0xa12771652da6c8b8, + 0xaf97a5aaa35b7313, + 0xae2a361cddc23c31, + 0xefc41bde8666d6dc, + 0x6cdd6c01057a661, + 0x7235dca1f39f8bc6, + 0x6332b45ab259d, + 0x851fb01167d8a74a, + 0x1c840faa9ad5c9b7, + 0xfe4f5c82b740, + ])), + ], ]; - poseidon_permutation_regression_test::( - start_states, end_states - ); + poseidon_permutation_regression_test::< + MNT4753Fr, + MNT4753PoseidonParameters, + MNT4InversePoseidonSBox, + >(start_states, end_states); test_routine::(3) } #[cfg(feature = "mnt6_753")] #[test] fn test_poseidon_hash_mnt6() { - use algebra::{ - biginteger::BigInteger768, - fields::mnt6753::Fr as MNT6753Fr - }; use crate::crh::poseidon::parameters::mnt6753::{ - MNT6PoseidonHash, MNT6753PoseidonParameters, MNT6InversePoseidonSBox, + MNT6753PoseidonParameters, MNT6InversePoseidonSBox, MNT6PoseidonHash, }; + use algebra::{biginteger::BigInteger768, fields::mnt6753::Fr as MNT6753Fr}; // Test vectors are computed via the script in ./parameters/scripts/permutation_mnt6fr.sage let start_states = vec![ vec![MNT6753Fr::zero(); 3], vec![ - MNT6753Fr::new(BigInteger768([0x2045f548c283a386,0x9f90d7b623ef9965,0x634e1e0bcd6ce5f1,0xed09fb1cd92e2f48,0xa4b92193ab3a4c,0xc38d823f5e556d81,0x93e8a09384f1d5f0,0xa463757a137a2127,0xc948555766dabe44,0x3246e78f29a70bfe,0x21ebc006f85e213,0x18c2c2170055e,])), - MNT6753Fr::new(BigInteger768([0x5abb4a33f5026781,0xa3510b40fb1bd1e7,0xce8ae77f3e0e9a1d,0xd1375569096b196a,0x107156721a5241bd,0x82b75d6eb65ccdc,0x9f6a6933bbe7d8ad,0x9335a61a85fe8998,0x5179ec766656404c,0x8052414d46077e77,0xb77841abce4c69c,0x10e71d39ef7ee,])), - MNT6753Fr::new(BigInteger768([0xf76a1c08fa236882,0x25e1b757eb33ed43,0x1f63d4997a13c8b1,0xe23eae7ea2605b4b,0xe8c20feb190f9dd,0xa63856368a5c24f9,0x114eaf0c94cc670b,0xe858d17f6da22272,0x9b5443cadda8156a,0xfe92bd2a3eefc8b3,0x2c8a4defc4a4ff9,0x19cc15d056674,])), + MNT6753Fr::new(BigInteger768([ + 0x2045f548c283a386, + 0x9f90d7b623ef9965, + 0x634e1e0bcd6ce5f1, + 0xed09fb1cd92e2f48, + 0xa4b92193ab3a4c, + 0xc38d823f5e556d81, + 0x93e8a09384f1d5f0, + 0xa463757a137a2127, + 0xc948555766dabe44, + 0x3246e78f29a70bfe, + 0x21ebc006f85e213, + 0x18c2c2170055e, + ])), + MNT6753Fr::new(BigInteger768([ + 0x5abb4a33f5026781, + 0xa3510b40fb1bd1e7, + 0xce8ae77f3e0e9a1d, + 0xd1375569096b196a, + 0x107156721a5241bd, + 0x82b75d6eb65ccdc, + 0x9f6a6933bbe7d8ad, + 0x9335a61a85fe8998, + 0x5179ec766656404c, + 0x8052414d46077e77, + 0xb77841abce4c69c, + 0x10e71d39ef7ee, + ])), + MNT6753Fr::new(BigInteger768([ + 0xf76a1c08fa236882, + 0x25e1b757eb33ed43, + 0x1f63d4997a13c8b1, + 0xe23eae7ea2605b4b, + 0xe8c20feb190f9dd, + 0xa63856368a5c24f9, + 0x114eaf0c94cc670b, + 0xe858d17f6da22272, + 0x9b5443cadda8156a, + 0xfe92bd2a3eefc8b3, + 0x2c8a4defc4a4ff9, + 0x19cc15d056674, + ])), ], vec![ - MNT6753Fr::new(BigInteger768([0x1b940903c57e8e7f,0xbd38cde2e8e16008,0xe18d1abcfe05990a,0x8e86b1ca3a0ee1f5,0x33a31929417f05f9,0x170be227265f62bd,0x29e22c2b9864352a,0x901db3c41b27245e,0xc3bc6e6cfce69e3c,0x498f01eea65c0215,0xbf86a87e3005b3db,0x90f488bd8e09,])), - MNT6753Fr::new(BigInteger768([0xb2d9ad48cbb812ba,0xc53cb754a7a02d89,0x89f52c6630ad8f86,0xe623c68f3610652f,0x198f83682c814e5d,0xfb78854e850e95fb,0x46e398cb56c27f78,0x81e60dab3991f035,0x3babbc1fe35f4f30,0x8056c683be44ffab,0x167af8aceb070f00,0x1a2572baaf46d,])), - MNT6753Fr::new(BigInteger768([0x6242acf3bfbe2c6e,0x7afcb4878b2fcab1,0xccdee01e7839e6ff,0x8ebef555a3fcaeb9,0xa627b970cb4d56d2,0xb672bd365dab0d61,0x71f74eef13dab0fd,0x5a138a0bd718f4c3,0x7d08a2cf2ef0747c,0x8a0cdeefcdfded66,0xfe18f6573bbabadb,0x12c02029e0030,])), + MNT6753Fr::new(BigInteger768([ + 0x1b940903c57e8e7f, + 0xbd38cde2e8e16008, + 0xe18d1abcfe05990a, + 0x8e86b1ca3a0ee1f5, + 0x33a31929417f05f9, + 0x170be227265f62bd, + 0x29e22c2b9864352a, + 0x901db3c41b27245e, + 0xc3bc6e6cfce69e3c, + 0x498f01eea65c0215, + 0xbf86a87e3005b3db, + 0x90f488bd8e09, + ])), + MNT6753Fr::new(BigInteger768([ + 0xb2d9ad48cbb812ba, + 0xc53cb754a7a02d89, + 0x89f52c6630ad8f86, + 0xe623c68f3610652f, + 0x198f83682c814e5d, + 0xfb78854e850e95fb, + 0x46e398cb56c27f78, + 0x81e60dab3991f035, + 0x3babbc1fe35f4f30, + 0x8056c683be44ffab, + 0x167af8aceb070f00, + 0x1a2572baaf46d, + ])), + MNT6753Fr::new(BigInteger768([ + 0x6242acf3bfbe2c6e, + 0x7afcb4878b2fcab1, + 0xccdee01e7839e6ff, + 0x8ebef555a3fcaeb9, + 0xa627b970cb4d56d2, + 0xb672bd365dab0d61, + 0x71f74eef13dab0fd, + 0x5a138a0bd718f4c3, + 0x7d08a2cf2ef0747c, + 0x8a0cdeefcdfded66, + 0xfe18f6573bbabadb, + 0x12c02029e0030, + ])), ], vec![ - MNT6753Fr::new(BigInteger768([0xf2ca60b5bb454d9f,0xb4ae3ba59e4a711,0x62154368b888061c,0x6214f711b35b4f9,0x5dd4d44dc9d4f0ad,0x4304e1c271f64602,0x80d4e3b0e1025ae3,0x5316732d6accc44d,0x24fc5d7d7bba464e,0x12d10c9485d208a1,0xca6df371c62a8872,0x86ce9f608bae,])), - MNT6753Fr::new(BigInteger768([0xcdf0f7492613b504,0x455faa0e541fa1e6,0xb77242df6b8a68be,0x3b5435160d723cb6,0x77b8914a813586bf,0xc17dabd68e491d26,0xa85720ce2231af9d,0xd19e81cea5d64c41,0x56c90bfdb43ce182,0x9ff4ff3aba6a9a01,0x8875906afee26342,0x16a993a8df862,])), - MNT6753Fr::new(BigInteger768([0xad98e2452d8be558,0xed19ce15ee0069d3,0xf889b49a8ad1016e,0x42760a3cbfb291b7,0x3d94e422b333dc5d,0xc27cbbac2884c097,0x851fd495c84543e9,0xf9b100c34675f211,0x11eae122f8ff1706,0xf3eecc4f60743020,0x38fc6ca1e5d1b4a7,0xffa8124e7034,])), + MNT6753Fr::new(BigInteger768([ + 0xf2ca60b5bb454d9f, + 0xb4ae3ba59e4a711, + 0x62154368b888061c, + 0x6214f711b35b4f9, + 0x5dd4d44dc9d4f0ad, + 0x4304e1c271f64602, + 0x80d4e3b0e1025ae3, + 0x5316732d6accc44d, + 0x24fc5d7d7bba464e, + 0x12d10c9485d208a1, + 0xca6df371c62a8872, + 0x86ce9f608bae, + ])), + MNT6753Fr::new(BigInteger768([ + 0xcdf0f7492613b504, + 0x455faa0e541fa1e6, + 0xb77242df6b8a68be, + 0x3b5435160d723cb6, + 0x77b8914a813586bf, + 0xc17dabd68e491d26, + 0xa85720ce2231af9d, + 0xd19e81cea5d64c41, + 0x56c90bfdb43ce182, + 0x9ff4ff3aba6a9a01, + 0x8875906afee26342, + 0x16a993a8df862, + ])), + MNT6753Fr::new(BigInteger768([ + 0xad98e2452d8be558, + 0xed19ce15ee0069d3, + 0xf889b49a8ad1016e, + 0x42760a3cbfb291b7, + 0x3d94e422b333dc5d, + 0xc27cbbac2884c097, + 0x851fd495c84543e9, + 0xf9b100c34675f211, + 0x11eae122f8ff1706, + 0xf3eecc4f60743020, + 0x38fc6ca1e5d1b4a7, + 0xffa8124e7034, + ])), ], vec![ - MNT6753Fr::new(BigInteger768([0x376743561f755f41,0xf0a8830457e9879b,0xa134b300b8f2d67b,0x1806324852aa9feb,0xdb98705dbf283859,0x565bca638d85ee57,0x1c6b6fe1fe752b0,0xd9eb23176d5d6110,0x5c5e86b5774422e2,0xd6fdf4c92ea236a1,0xeb2a915f44b72fa3,0x195c5f80dbf29,])), - MNT6753Fr::new(BigInteger768([0x4c674244dfb68ecc,0x24a104856852ac3f,0x83e10d6c10dd3f4f,0xe99fe1f0d8553d3c,0x2d371b923253d5c0,0x14594932de89a19e,0xfd4589d2f8e53f17,0xe2ba2c7b929a53b3,0x3891f35b974a36ec,0xf17f8749ca140c09,0x6be74c21301f7c9e,0x13de4e1311a04,])), - MNT6753Fr::new(BigInteger768([0xc366ce203caca4b0,0xe1d195b5bf3af54e,0x24b93c34bd0043ee,0x91559c070b29c53a,0xe866e46830168ff8,0xaeeda2129518cab7,0x37f8bb28ae15d7f3,0x5811fb22acd02c55,0xce7d805057f58acc,0x3a80df0b2af5f4fd,0x4dc7c29c8f6bed72,0xe511723afdb9,])), - ] + MNT6753Fr::new(BigInteger768([ + 0x376743561f755f41, + 0xf0a8830457e9879b, + 0xa134b300b8f2d67b, + 0x1806324852aa9feb, + 0xdb98705dbf283859, + 0x565bca638d85ee57, + 0x1c6b6fe1fe752b0, + 0xd9eb23176d5d6110, + 0x5c5e86b5774422e2, + 0xd6fdf4c92ea236a1, + 0xeb2a915f44b72fa3, + 0x195c5f80dbf29, + ])), + MNT6753Fr::new(BigInteger768([ + 0x4c674244dfb68ecc, + 0x24a104856852ac3f, + 0x83e10d6c10dd3f4f, + 0xe99fe1f0d8553d3c, + 0x2d371b923253d5c0, + 0x14594932de89a19e, + 0xfd4589d2f8e53f17, + 0xe2ba2c7b929a53b3, + 0x3891f35b974a36ec, + 0xf17f8749ca140c09, + 0x6be74c21301f7c9e, + 0x13de4e1311a04, + ])), + MNT6753Fr::new(BigInteger768([ + 0xc366ce203caca4b0, + 0xe1d195b5bf3af54e, + 0x24b93c34bd0043ee, + 0x91559c070b29c53a, + 0xe866e46830168ff8, + 0xaeeda2129518cab7, + 0x37f8bb28ae15d7f3, + 0x5811fb22acd02c55, + 0xce7d805057f58acc, + 0x3a80df0b2af5f4fd, + 0x4dc7c29c8f6bed72, + 0xe511723afdb9, + ])), + ], ]; let end_states = vec![ vec![ - MNT6753Fr::new(BigInteger768([0xef99f18ca1164fb0,0x1bf161755d689806,0x83ee017c500c6964,0x8abab822f92200c0,0x4b64884b9cc7eef9,0x53d4a2f13e17017c,0x551b8da2668dad8a,0x9939a48a0191c96c,0x2e1d80ef403671a0,0xb037bb60fbeb0212,0x6a22eba60581eb12,0x6ec196c9026d,])), - MNT6753Fr::new(BigInteger768([0x18c4207483ba0f2f,0x6c50abc8aca74de3,0x7c1acfd6686351c,0xf367937c1356e91f,0xcdbf0447592ec1,0xe13763baac982387,0x2e1f904290e7045f,0xb6ffbcccd73c1092,0xfae22550de44cf2c,0x14c26231e52c7eae,0x471836049049f3b7,0xdc46826797ae,])), - MNT6753Fr::new(BigInteger768([0x2ee4a96e4cda5f6f,0x7442a7b7f51fdbfc,0x23d03839ab7d811,0x1f873a8c0ddfd7a4,0x872f14e24612551a,0xd43181c852d5f78b,0xb2ff35a74130d2cd,0xd64aaa80f389157,0xb954953b8d35d74,0x37aba7a7212e96c,0xcce2fff62e11a3d4,0xfb3f9157120d,])), + MNT6753Fr::new(BigInteger768([ + 0xef99f18ca1164fb0, + 0x1bf161755d689806, + 0x83ee017c500c6964, + 0x8abab822f92200c0, + 0x4b64884b9cc7eef9, + 0x53d4a2f13e17017c, + 0x551b8da2668dad8a, + 0x9939a48a0191c96c, + 0x2e1d80ef403671a0, + 0xb037bb60fbeb0212, + 0x6a22eba60581eb12, + 0x6ec196c9026d, + ])), + MNT6753Fr::new(BigInteger768([ + 0x18c4207483ba0f2f, + 0x6c50abc8aca74de3, + 0x7c1acfd6686351c, + 0xf367937c1356e91f, + 0xcdbf0447592ec1, + 0xe13763baac982387, + 0x2e1f904290e7045f, + 0xb6ffbcccd73c1092, + 0xfae22550de44cf2c, + 0x14c26231e52c7eae, + 0x471836049049f3b7, + 0xdc46826797ae, + ])), + MNT6753Fr::new(BigInteger768([ + 0x2ee4a96e4cda5f6f, + 0x7442a7b7f51fdbfc, + 0x23d03839ab7d811, + 0x1f873a8c0ddfd7a4, + 0x872f14e24612551a, + 0xd43181c852d5f78b, + 0xb2ff35a74130d2cd, + 0xd64aaa80f389157, + 0xb954953b8d35d74, + 0x37aba7a7212e96c, + 0xcce2fff62e11a3d4, + 0xfb3f9157120d, + ])), ], vec![ - MNT6753Fr::new(BigInteger768([0x626e4d0e6e3e1936,0x7c99da459f8385d0,0xbd84a2fb934889a6,0xff40b1979118e180,0x76cb8b37a32cce54,0x6c389f3f88157389,0xb9f0135ec3d92cc2,0xfd6a928e603a79be,0x5472af35b978d0a6,0x109995c9831f98c2,0x976c556bfe34da5a,0xf838693b701,])), - MNT6753Fr::new(BigInteger768([0x58fb485fd781fcc6,0xd92a60427ce67147,0x2cca412943d39ade,0xc55d3362bac1743,0xcb8dcfa4ae0fcda1,0x25bde06b8f99facd,0x2d30b30add5faa3e,0xbe0ebdda1ba7458d,0x296f6010c1db1c7b,0x506364ec0031a00e,0x24c13847d3fe6ab7,0xea0c23423f1a,])), - MNT6753Fr::new(BigInteger768([0xc36816e6dafa2f57,0x554255a6e34a34d4,0x29f17ff72b3c5695,0xae97815a3cc05077,0x64a0824e4b9b1aae,0x267cf597a9a556ef,0x8d8c67fc33757cbc,0xad2db4d1a3c73012,0xf3fcee4d169de439,0xfc4632cd5cb31baf,0xe1420a2c4e68de6,0x1bd34ad51cd02,])), + MNT6753Fr::new(BigInteger768([ + 0x626e4d0e6e3e1936, + 0x7c99da459f8385d0, + 0xbd84a2fb934889a6, + 0xff40b1979118e180, + 0x76cb8b37a32cce54, + 0x6c389f3f88157389, + 0xb9f0135ec3d92cc2, + 0xfd6a928e603a79be, + 0x5472af35b978d0a6, + 0x109995c9831f98c2, + 0x976c556bfe34da5a, + 0xf838693b701, + ])), + MNT6753Fr::new(BigInteger768([ + 0x58fb485fd781fcc6, + 0xd92a60427ce67147, + 0x2cca412943d39ade, + 0xc55d3362bac1743, + 0xcb8dcfa4ae0fcda1, + 0x25bde06b8f99facd, + 0x2d30b30add5faa3e, + 0xbe0ebdda1ba7458d, + 0x296f6010c1db1c7b, + 0x506364ec0031a00e, + 0x24c13847d3fe6ab7, + 0xea0c23423f1a, + ])), + MNT6753Fr::new(BigInteger768([ + 0xc36816e6dafa2f57, + 0x554255a6e34a34d4, + 0x29f17ff72b3c5695, + 0xae97815a3cc05077, + 0x64a0824e4b9b1aae, + 0x267cf597a9a556ef, + 0x8d8c67fc33757cbc, + 0xad2db4d1a3c73012, + 0xf3fcee4d169de439, + 0xfc4632cd5cb31baf, + 0xe1420a2c4e68de6, + 0x1bd34ad51cd02, + ])), ], vec![ - MNT6753Fr::new(BigInteger768([0x160dacef01b59531,0x313dd55066586bd8,0xdcc16189ec00c953,0xcc44967095828982,0x1066ee6f582ba5ea,0x3d879be40c078337,0xb9cb0ef83e1b4a51,0xc9b91de1e758c41,0xe578ceb8440e2bb8,0x3d6f2d210d4278df,0x2bab83b243a3335a,0x1afd20a9dbdc7,])), - MNT6753Fr::new(BigInteger768([0x3a7ee60628dc201d,0xae1dcd081da757a,0xde1625ce6e93bc19,0xfb1a64dd14c0ae77,0x1bb5eba30eb2f202,0xdf064e762ce2f903,0x9abc764fb4c55d03,0x6db04d43d811c05d,0x87d85ec650763745,0x1bdcd095b0e1ada2,0x8681985565baa005,0x154d78a914323,])), - MNT6753Fr::new(BigInteger768([0x101437542e4c39d4,0xcbdcf8d57d75fdd2,0x40996ed826c3b401,0xe492943442e0833b,0xf088ed10c7619f8c,0xb8e27256e0a69172,0x7112494180a5924,0x58d0e045a50972e9,0x4285049c582ed300,0xba0daceb8ab6d3c0,0x5ebb479b97c4c24d,0x820fdfe15d33,])), + MNT6753Fr::new(BigInteger768([ + 0x160dacef01b59531, + 0x313dd55066586bd8, + 0xdcc16189ec00c953, + 0xcc44967095828982, + 0x1066ee6f582ba5ea, + 0x3d879be40c078337, + 0xb9cb0ef83e1b4a51, + 0xc9b91de1e758c41, + 0xe578ceb8440e2bb8, + 0x3d6f2d210d4278df, + 0x2bab83b243a3335a, + 0x1afd20a9dbdc7, + ])), + MNT6753Fr::new(BigInteger768([ + 0x3a7ee60628dc201d, + 0xae1dcd081da757a, + 0xde1625ce6e93bc19, + 0xfb1a64dd14c0ae77, + 0x1bb5eba30eb2f202, + 0xdf064e762ce2f903, + 0x9abc764fb4c55d03, + 0x6db04d43d811c05d, + 0x87d85ec650763745, + 0x1bdcd095b0e1ada2, + 0x8681985565baa005, + 0x154d78a914323, + ])), + MNT6753Fr::new(BigInteger768([ + 0x101437542e4c39d4, + 0xcbdcf8d57d75fdd2, + 0x40996ed826c3b401, + 0xe492943442e0833b, + 0xf088ed10c7619f8c, + 0xb8e27256e0a69172, + 0x7112494180a5924, + 0x58d0e045a50972e9, + 0x4285049c582ed300, + 0xba0daceb8ab6d3c0, + 0x5ebb479b97c4c24d, + 0x820fdfe15d33, + ])), ], vec![ - MNT6753Fr::new(BigInteger768([0x645f79445d3423f1,0x699de15f996c470c,0x3740c3b7e7818751,0xac5c029dba988fd2,0x7342c873ecef9aee,0x4ff8cedd8fa15877,0xa9f8d05cc0c37cdb,0x6342d403e9995fcc,0xcd1206bec9b26855,0x9c7d8a00045eb24d,0x9c63e4f9f6757a65,0x1b358d82afeb4,])), - MNT6753Fr::new(BigInteger768([0x5c47dc04494f4bd2,0x9c673cd9289d41af,0x162259acba9d8d18,0x62cad4f296328097,0x8aaf9e1700b7c75d,0x55e78bf0544350b2,0x4f68ebcc4892c902,0xdab2889f96fa7b5b,0x2a03de10d75b9f18,0x1ea1e16fc08e4df6,0x6acecbff7d2f538,0x9435d0a83b56,])), - MNT6753Fr::new(BigInteger768([0x57c48852f8169d69,0x770318c8f24e3ac0,0xa0305f4306f0fbf4,0xf24a6cdad69062c1,0x193310c1c542ab5e,0x34b6461663f4fe2a,0xe7a085a783023999,0xb5ce7b9c96faf8e0,0x7552f4cfa41a306a,0x2f174937af08a752,0x1a0cef0caa379120,0xaf994027adab,])), + MNT6753Fr::new(BigInteger768([ + 0x645f79445d3423f1, + 0x699de15f996c470c, + 0x3740c3b7e7818751, + 0xac5c029dba988fd2, + 0x7342c873ecef9aee, + 0x4ff8cedd8fa15877, + 0xa9f8d05cc0c37cdb, + 0x6342d403e9995fcc, + 0xcd1206bec9b26855, + 0x9c7d8a00045eb24d, + 0x9c63e4f9f6757a65, + 0x1b358d82afeb4, + ])), + MNT6753Fr::new(BigInteger768([ + 0x5c47dc04494f4bd2, + 0x9c673cd9289d41af, + 0x162259acba9d8d18, + 0x62cad4f296328097, + 0x8aaf9e1700b7c75d, + 0x55e78bf0544350b2, + 0x4f68ebcc4892c902, + 0xdab2889f96fa7b5b, + 0x2a03de10d75b9f18, + 0x1ea1e16fc08e4df6, + 0x6acecbff7d2f538, + 0x9435d0a83b56, + ])), + MNT6753Fr::new(BigInteger768([ + 0x57c48852f8169d69, + 0x770318c8f24e3ac0, + 0xa0305f4306f0fbf4, + 0xf24a6cdad69062c1, + 0x193310c1c542ab5e, + 0x34b6461663f4fe2a, + 0xe7a085a783023999, + 0xb5ce7b9c96faf8e0, + 0x7552f4cfa41a306a, + 0x2f174937af08a752, + 0x1a0cef0caa379120, + 0xaf994027adab, + ])), ], vec![ - MNT6753Fr::new(BigInteger768([0x9720001bc9352497,0x26db06d9f4127454,0x9cce839d50eab099,0xba25501620cf63a9,0x795125f6eb018f87,0x694e8cec73b544f8,0xdb77a066d8a2cdd5,0x7aabd5789a9eafe3,0x178cc6b3542ceaa6,0xa6ac0cd365b9c275,0x122759efe8da9356,0x8e1dde78adb9,])), - MNT6753Fr::new(BigInteger768([0xa9c2b63431ec99e7,0xb05d41809af7e5dc,0x2cbd97c762aecb7,0x4d41c4687b6d4477,0x8381b288c0dbf80,0x50d30f6e9cd8073e,0xbd5d9a24ab8be9f5,0x53f6ff54d29bfaf6,0xdfcf47396745930f,0xf9624d429b121957,0x2eff2dd22352fa1c,0x8062baa0e970,])), - MNT6753Fr::new(BigInteger768([0x686af5fafbfbf6ea,0x1e1c039393b53fbf,0x395bda15104e42d7,0x86bd133dc0ecd7de,0xe6edda60379dd98,0xa4b50608cd0cbda3,0x71914eaa21572,0x716fc727079df56d,0x92d198f1997ebcb0,0x2bc460bbd690afcc,0xed78f65c0b4e499e,0x2bfad26243bd,])), - ] + MNT6753Fr::new(BigInteger768([ + 0x9720001bc9352497, + 0x26db06d9f4127454, + 0x9cce839d50eab099, + 0xba25501620cf63a9, + 0x795125f6eb018f87, + 0x694e8cec73b544f8, + 0xdb77a066d8a2cdd5, + 0x7aabd5789a9eafe3, + 0x178cc6b3542ceaa6, + 0xa6ac0cd365b9c275, + 0x122759efe8da9356, + 0x8e1dde78adb9, + ])), + MNT6753Fr::new(BigInteger768([ + 0xa9c2b63431ec99e7, + 0xb05d41809af7e5dc, + 0x2cbd97c762aecb7, + 0x4d41c4687b6d4477, + 0x8381b288c0dbf80, + 0x50d30f6e9cd8073e, + 0xbd5d9a24ab8be9f5, + 0x53f6ff54d29bfaf6, + 0xdfcf47396745930f, + 0xf9624d429b121957, + 0x2eff2dd22352fa1c, + 0x8062baa0e970, + ])), + MNT6753Fr::new(BigInteger768([ + 0x686af5fafbfbf6ea, + 0x1e1c039393b53fbf, + 0x395bda15104e42d7, + 0x86bd133dc0ecd7de, + 0xe6edda60379dd98, + 0xa4b50608cd0cbda3, + 0x71914eaa21572, + 0x716fc727079df56d, + 0x92d198f1997ebcb0, + 0x2bc460bbd690afcc, + 0xed78f65c0b4e499e, + 0x2bfad26243bd, + ])), + ], ]; - poseidon_permutation_regression_test::( - start_states, end_states - ); + poseidon_permutation_regression_test::< + MNT6753Fr, + MNT6753PoseidonParameters, + MNT6InversePoseidonSBox, + >(start_states, end_states); test_routine::(3) } #[cfg(feature = "bn_382")] #[test] fn test_poseidon_hash_bn382_fr() { - use algebra::{ - biginteger::BigInteger384, - fields::bn_382::Fr as BN382Fr - }; use crate::crh::poseidon::parameters::bn382::{ - BN382FrPoseidonHash, BN382FrPoseidonParameters, BN382FrQuinticSbox + BN382FrPoseidonHash, BN382FrPoseidonParameters, BN382FrQuinticSbox, }; + use algebra::{biginteger::BigInteger384, fields::bn_382::Fr as BN382Fr}; // Test vectors are computed via the script in ./parameters/scripts/permutation_bn382.sage let start_states = vec![ vec![BN382Fr::zero(); 3], vec![ - BN382Fr::new(BigInteger384([0x3c2fc28fee546f2f,0x46673e3f762a05a9,0xf3a4196fb7f077b0,0xea452bd940906dd0,0x61a33d4ae39ee3a1,0xb0fe1409f6b6ad,])), - BN382Fr::new(BigInteger384([0x4ca6094864916d57,0x2ca4974e3b8e4d6,0x4a05915e47dd8a18,0x5e6888ec4e9811ed,0xb1ddb601c4144f40,0x45c5e2dccf92992,])), - BN382Fr::new(BigInteger384([0x20e98c5412e8a53c,0xb2df907a45237f4,0x89db0df005eb52fb,0xc77948ae1a2a2cda,0xf5ddb01fdc5f2ca4,0x17cd7c819448cb46,])), + BN382Fr::new(BigInteger384([ + 0x3c2fc28fee546f2f, + 0x46673e3f762a05a9, + 0xf3a4196fb7f077b0, + 0xea452bd940906dd0, + 0x61a33d4ae39ee3a1, + 0xb0fe1409f6b6ad, + ])), + BN382Fr::new(BigInteger384([ + 0x4ca6094864916d57, + 0x2ca4974e3b8e4d6, + 0x4a05915e47dd8a18, + 0x5e6888ec4e9811ed, + 0xb1ddb601c4144f40, + 0x45c5e2dccf92992, + ])), + BN382Fr::new(BigInteger384([ + 0x20e98c5412e8a53c, + 0xb2df907a45237f4, + 0x89db0df005eb52fb, + 0xc77948ae1a2a2cda, + 0xf5ddb01fdc5f2ca4, + 0x17cd7c819448cb46, + ])), ], vec![ - BN382Fr::new(BigInteger384([0x541a0ca7bfcc881f,0xf88b8f238697be3c,0x36e61e96d2fb8d14,0x1a3edaa7cbaee4cb,0x55a2ae58ee66a979,0x100171f764d62113,])), - BN382Fr::new(BigInteger384([0x4abbd93002288653,0x37e17a329d1fa261,0xcd880c8eaf7a18b9,0xb0c2cd616408d2cf,0x5e938101f5333493,0x22a361e49171b56c,])), - BN382Fr::new(BigInteger384([0x75efbb3b47ed610d,0x872b59023b1582f,0x154f1c9f55385a05,0x130ecac1483ed87c,0xc9c4f03d0a0e838,0x11985516d2a7f963,])), + BN382Fr::new(BigInteger384([ + 0x541a0ca7bfcc881f, + 0xf88b8f238697be3c, + 0x36e61e96d2fb8d14, + 0x1a3edaa7cbaee4cb, + 0x55a2ae58ee66a979, + 0x100171f764d62113, + ])), + BN382Fr::new(BigInteger384([ + 0x4abbd93002288653, + 0x37e17a329d1fa261, + 0xcd880c8eaf7a18b9, + 0xb0c2cd616408d2cf, + 0x5e938101f5333493, + 0x22a361e49171b56c, + ])), + BN382Fr::new(BigInteger384([ + 0x75efbb3b47ed610d, + 0x872b59023b1582f, + 0x154f1c9f55385a05, + 0x130ecac1483ed87c, + 0xc9c4f03d0a0e838, + 0x11985516d2a7f963, + ])), ], vec![ - BN382Fr::new(BigInteger384([0x5676a2aa9827db5c,0x42dffaf55931d898,0x4df6a1acb8359ba6,0xb6c57235a1057d95,0x8c80b33063239cec,0xc7219289e5b6fbe,])), - BN382Fr::new(BigInteger384([0xe17739d0259851fc,0x8cf3a336d885e861,0x5147bc1f93978a33,0x371ff88b2aaa0b59,0xc4fac8e7e213807e,0x49b925c3136f71b,])), - BN382Fr::new(BigInteger384([0xe2fdff72d46fcb0a,0x4067d514d9cb9ecf,0xf51b3c5b3bc11d00,0xeed7a12d7d42ee4c,0xc8bb6a1b0a079aa7,0xd047e537eb9ac58,])), + BN382Fr::new(BigInteger384([ + 0x5676a2aa9827db5c, + 0x42dffaf55931d898, + 0x4df6a1acb8359ba6, + 0xb6c57235a1057d95, + 0x8c80b33063239cec, + 0xc7219289e5b6fbe, + ])), + BN382Fr::new(BigInteger384([ + 0xe17739d0259851fc, + 0x8cf3a336d885e861, + 0x5147bc1f93978a33, + 0x371ff88b2aaa0b59, + 0xc4fac8e7e213807e, + 0x49b925c3136f71b, + ])), + BN382Fr::new(BigInteger384([ + 0xe2fdff72d46fcb0a, + 0x4067d514d9cb9ecf, + 0xf51b3c5b3bc11d00, + 0xeed7a12d7d42ee4c, + 0xc8bb6a1b0a079aa7, + 0xd047e537eb9ac58, + ])), ], vec![ - BN382Fr::new(BigInteger384([0xcd0f5560277aad4d,0xffe03011802d3fd1,0xf74446bb0aa3e8e2,0x5e1f3daa54d09f36,0x459daf13600a2960,0x1cd498d82eb74a2d,])), - BN382Fr::new(BigInteger384([0xc1ca68ef9f0d7346,0x78bfeb6a95ea63e5,0xce164dee9dba93a,0x60f8dbaa8634a63a,0xfcfb923ab4911528,0x93128aeb82dbf04,])), - BN382Fr::new(BigInteger384([0x16c5a3b0f84a1808,0x1bb720c4473aa741,0xe3dd83f67121d1fb,0x31dc7f9ff20507b8,0xc86761e6ec443333,0x6f67c54083f05db,])), - ] + BN382Fr::new(BigInteger384([ + 0xcd0f5560277aad4d, + 0xffe03011802d3fd1, + 0xf74446bb0aa3e8e2, + 0x5e1f3daa54d09f36, + 0x459daf13600a2960, + 0x1cd498d82eb74a2d, + ])), + BN382Fr::new(BigInteger384([ + 0xc1ca68ef9f0d7346, + 0x78bfeb6a95ea63e5, + 0xce164dee9dba93a, + 0x60f8dbaa8634a63a, + 0xfcfb923ab4911528, + 0x93128aeb82dbf04, + ])), + BN382Fr::new(BigInteger384([ + 0x16c5a3b0f84a1808, + 0x1bb720c4473aa741, + 0xe3dd83f67121d1fb, + 0x31dc7f9ff20507b8, + 0xc86761e6ec443333, + 0x6f67c54083f05db, + ])), + ], ]; let end_states = vec![ vec![ - BN382Fr::new(BigInteger384([0x3600ae9dea9ba41a,0x17a35e3bedfc2e1,0x7ee93e40052b3867,0xc555ef28f09e84e9,0x1ef349664ad402cf,0x1c49706c59f09b25,])), - BN382Fr::new(BigInteger384([0xbb6f865c755b9100,0x6f6ccbea5f0c5847,0x4cfd3606c21c2573,0x3512ec3dc6889f67,0xc7981de6b0710b5f,0x109fe23f817aa0cf,])), - BN382Fr::new(BigInteger384([0x39de13d041934215,0x5370089a3da7c4fe,0x512952ce97e48c03,0xe1c26f50f4c9c4c1,0x1f008942e907b93e,0x1910b7b5453ff08f,])), + BN382Fr::new(BigInteger384([ + 0x3600ae9dea9ba41a, + 0x17a35e3bedfc2e1, + 0x7ee93e40052b3867, + 0xc555ef28f09e84e9, + 0x1ef349664ad402cf, + 0x1c49706c59f09b25, + ])), + BN382Fr::new(BigInteger384([ + 0xbb6f865c755b9100, + 0x6f6ccbea5f0c5847, + 0x4cfd3606c21c2573, + 0x3512ec3dc6889f67, + 0xc7981de6b0710b5f, + 0x109fe23f817aa0cf, + ])), + BN382Fr::new(BigInteger384([ + 0x39de13d041934215, + 0x5370089a3da7c4fe, + 0x512952ce97e48c03, + 0xe1c26f50f4c9c4c1, + 0x1f008942e907b93e, + 0x1910b7b5453ff08f, + ])), ], vec![ - BN382Fr::new(BigInteger384([0xf3b93ceda4f3a5c,0x5dcd6b6bc043fd10,0x8d383811267393b4,0x66f48dee2d1b12df,0xbdb9d022d8ef1832,0x3d7e58786b39ef4,])), - BN382Fr::new(BigInteger384([0x44aa122585436d31,0x28935d91839eef2b,0xda2ba836d955d3fe,0x200274d572c207a8,0x68ea32c32bf9e76c,0x1b6e87d7d7bd71b6,])), - BN382Fr::new(BigInteger384([0x65ba9efee2204115,0x81b822106a189c40,0x72b7d6e504e281b4,0xa51d8ac7dd820df0,0x1ea1f1cb92430cbc,0x23a85bdeb2d2dd16,])), + BN382Fr::new(BigInteger384([ + 0xf3b93ceda4f3a5c, + 0x5dcd6b6bc043fd10, + 0x8d383811267393b4, + 0x66f48dee2d1b12df, + 0xbdb9d022d8ef1832, + 0x3d7e58786b39ef4, + ])), + BN382Fr::new(BigInteger384([ + 0x44aa122585436d31, + 0x28935d91839eef2b, + 0xda2ba836d955d3fe, + 0x200274d572c207a8, + 0x68ea32c32bf9e76c, + 0x1b6e87d7d7bd71b6, + ])), + BN382Fr::new(BigInteger384([ + 0x65ba9efee2204115, + 0x81b822106a189c40, + 0x72b7d6e504e281b4, + 0xa51d8ac7dd820df0, + 0x1ea1f1cb92430cbc, + 0x23a85bdeb2d2dd16, + ])), ], vec![ - BN382Fr::new(BigInteger384([0x47c7598c44ff8d16,0x9a2a4de7e4caa199,0xa64228ccfb671b,0xe507c52bab4c227c,0xa03bae146874c577,0x142abb97131a15ce,])), - BN382Fr::new(BigInteger384([0x6e5c0a1b6c74884d,0xf5bb78ce31dc03be,0xe12a8aea2fdbfb1c,0x27806b8e798e5047,0xdb908a200b3040d9,0xe722e2590de5b3d,])), - BN382Fr::new(BigInteger384([0xa3c9528966e64486,0x475589fea46633f1,0xd74899c26b7cc411,0x1771d0995b78fb5d,0xf4e48a25c61e9202,0x13751c53efdbf754,])), + BN382Fr::new(BigInteger384([ + 0x47c7598c44ff8d16, + 0x9a2a4de7e4caa199, + 0xa64228ccfb671b, + 0xe507c52bab4c227c, + 0xa03bae146874c577, + 0x142abb97131a15ce, + ])), + BN382Fr::new(BigInteger384([ + 0x6e5c0a1b6c74884d, + 0xf5bb78ce31dc03be, + 0xe12a8aea2fdbfb1c, + 0x27806b8e798e5047, + 0xdb908a200b3040d9, + 0xe722e2590de5b3d, + ])), + BN382Fr::new(BigInteger384([ + 0xa3c9528966e64486, + 0x475589fea46633f1, + 0xd74899c26b7cc411, + 0x1771d0995b78fb5d, + 0xf4e48a25c61e9202, + 0x13751c53efdbf754, + ])), ], vec![ - BN382Fr::new(BigInteger384([0xbaa9e75cb23bcf05,0x35d727f254ae75d7,0xacb20d326450e2b8,0x177c73eda4c84fdb,0x51f291a5f9dd6033,0x8788cee947e9501,])), - BN382Fr::new(BigInteger384([0xf1b326ebc984ec0,0x866f44f24cf07054,0x5f070db622ccd3da,0xceb0f26208090d9e,0xdd7bd626dbb1d31e,0xa8a45f03c973521,])), - BN382Fr::new(BigInteger384([0x32e4799fc1db07b1,0xbbdcbf7c6b9e2f24,0xf7cbd541b37e4650,0xd8143503afc7320a,0x75a91583524c9a16,0x1c9f9295f8bce898,])), + BN382Fr::new(BigInteger384([ + 0xbaa9e75cb23bcf05, + 0x35d727f254ae75d7, + 0xacb20d326450e2b8, + 0x177c73eda4c84fdb, + 0x51f291a5f9dd6033, + 0x8788cee947e9501, + ])), + BN382Fr::new(BigInteger384([ + 0xf1b326ebc984ec0, + 0x866f44f24cf07054, + 0x5f070db622ccd3da, + 0xceb0f26208090d9e, + 0xdd7bd626dbb1d31e, + 0xa8a45f03c973521, + ])), + BN382Fr::new(BigInteger384([ + 0x32e4799fc1db07b1, + 0xbbdcbf7c6b9e2f24, + 0xf7cbd541b37e4650, + 0xd8143503afc7320a, + 0x75a91583524c9a16, + 0x1c9f9295f8bce898, + ])), ], vec![ - BN382Fr::new(BigInteger384([0xd5db324446615bf8,0x96f94dd6887732e0,0x56020c6319093a3a,0x5ef153e7bc15f69b,0x1b87643733a4b798,0x16787d5e34111ed,])), - BN382Fr::new(BigInteger384([0x4558ed95b354fe81,0x31ba491852c4023,0x98af2996db40ba92,0xb4c3ac53e548ec3d,0x96c9e81d713719ea,0x1eefdfa3b6b479ae,])), - BN382Fr::new(BigInteger384([0x3340788274f54c1f,0xb2d040485d2fd9d6,0xd7df55b13440dbf3,0x856bf5fc77c7f48b,0x48cf9764e0e67a05,0x1816ef21b6373a7,])), - ] + BN382Fr::new(BigInteger384([ + 0xd5db324446615bf8, + 0x96f94dd6887732e0, + 0x56020c6319093a3a, + 0x5ef153e7bc15f69b, + 0x1b87643733a4b798, + 0x16787d5e34111ed, + ])), + BN382Fr::new(BigInteger384([ + 0x4558ed95b354fe81, + 0x31ba491852c4023, + 0x98af2996db40ba92, + 0xb4c3ac53e548ec3d, + 0x96c9e81d713719ea, + 0x1eefdfa3b6b479ae, + ])), + BN382Fr::new(BigInteger384([ + 0x3340788274f54c1f, + 0xb2d040485d2fd9d6, + 0xd7df55b13440dbf3, + 0x856bf5fc77c7f48b, + 0x48cf9764e0e67a05, + 0x1816ef21b6373a7, + ])), + ], ]; - poseidon_permutation_regression_test::( - start_states, end_states - ); + poseidon_permutation_regression_test::< + BN382Fr, + BN382FrPoseidonParameters, + BN382FrQuinticSbox, + >(start_states, end_states); test_routine::(3) } #[cfg(feature = "bn_382")] #[test] fn test_poseidon_hash_bn382_fq() { - use algebra::{ - biginteger::BigInteger384, - fields::bn_382::Fq as BN382Fq - }; use crate::crh::poseidon::parameters::bn382_dual::{ - BN382FqPoseidonHash, BN382FqPoseidonParameters, BN382FqQuinticSbox + BN382FqPoseidonHash, BN382FqPoseidonParameters, BN382FqQuinticSbox, }; + use algebra::{biginteger::BigInteger384, fields::bn_382::Fq as BN382Fq}; // Test vectors are computed via the script in ./parameters/scripts/permutation_bn382dual.sage let start_states = vec![ vec![BN382Fq::zero(); 3], vec![ - BN382Fq::new(BigInteger384([0x239d004c236ddb,0x88d83e760e8bd5bb,0x2ca0f68190713e45,0x8f6a964f924c8fff,0x62a854d505daa3f3,0x295e6179129332c,])), - BN382Fq::new(BigInteger384([0xa4a0f24f69849fbf,0x751e1bb2f93df901,0x6955afa141342da,0x3a242cea266d1ac2,0x4f838810d428645,0x397b9821248dd08,])), - BN382Fq::new(BigInteger384([0x5985d03eb267a372,0x6491f79810a21027,0xe65805fff01b641a,0x3aa8f9b916f74025,0x7ed27d962144ab7f,0x17f25f1815f2512c,])), + BN382Fq::new(BigInteger384([ + 0x239d004c236ddb, + 0x88d83e760e8bd5bb, + 0x2ca0f68190713e45, + 0x8f6a964f924c8fff, + 0x62a854d505daa3f3, + 0x295e6179129332c, + ])), + BN382Fq::new(BigInteger384([ + 0xa4a0f24f69849fbf, + 0x751e1bb2f93df901, + 0x6955afa141342da, + 0x3a242cea266d1ac2, + 0x4f838810d428645, + 0x397b9821248dd08, + ])), + BN382Fq::new(BigInteger384([ + 0x5985d03eb267a372, + 0x6491f79810a21027, + 0xe65805fff01b641a, + 0x3aa8f9b916f74025, + 0x7ed27d962144ab7f, + 0x17f25f1815f2512c, + ])), ], vec![ - BN382Fq::new(BigInteger384([0x86ead0985648077a,0x7a50ef9f2086cc9d,0x69c612dbec57975e,0x8647aacd9ab88959,0x3a5fabf8692b8d12,0xbdb03daf76eb57,])), - BN382Fq::new(BigInteger384([0x4409ea78e288db0a,0xc14e0a759b5fd26b,0x1ae0285264db243b,0xf2be0cf31a448a05,0xd103243aef14ada3,0x1189adbc498d1570,])), - BN382Fq::new(BigInteger384([0xfa5e0c518b29c440,0x28cbb1257edeb8a6,0x7a120a8c0658b3b5,0x13040f12fb2249f8,0xb71143b9ada3922c,0x1ee9611738dbe1b3,])), + BN382Fq::new(BigInteger384([ + 0x86ead0985648077a, + 0x7a50ef9f2086cc9d, + 0x69c612dbec57975e, + 0x8647aacd9ab88959, + 0x3a5fabf8692b8d12, + 0xbdb03daf76eb57, + ])), + BN382Fq::new(BigInteger384([ + 0x4409ea78e288db0a, + 0xc14e0a759b5fd26b, + 0x1ae0285264db243b, + 0xf2be0cf31a448a05, + 0xd103243aef14ada3, + 0x1189adbc498d1570, + ])), + BN382Fq::new(BigInteger384([ + 0xfa5e0c518b29c440, + 0x28cbb1257edeb8a6, + 0x7a120a8c0658b3b5, + 0x13040f12fb2249f8, + 0xb71143b9ada3922c, + 0x1ee9611738dbe1b3, + ])), ], vec![ - BN382Fq::new(BigInteger384([0x3bbae40afacfabc1,0x518f05b12a86d30,0xa7c6c267a8c546f3,0xdff2338e035d8c38,0x45cad929932db574,0x179803640786a069,])), - BN382Fq::new(BigInteger384([0xe4c488029c73ab3d,0x9cbea6f936421688,0xa733a951138f8904,0x9566d6bc3392168,0xe102fe13109c07ae,0x1e4c4733f9c926f1,])), - BN382Fq::new(BigInteger384([0xbeeabdfd33d7d4d4,0x258d58e0edf24637,0x644767bec95dd149,0x780c156441e1c292,0xb0b849ce82fd90a2,0xb189d134bfa9ced,])), + BN382Fq::new(BigInteger384([ + 0x3bbae40afacfabc1, + 0x518f05b12a86d30, + 0xa7c6c267a8c546f3, + 0xdff2338e035d8c38, + 0x45cad929932db574, + 0x179803640786a069, + ])), + BN382Fq::new(BigInteger384([ + 0xe4c488029c73ab3d, + 0x9cbea6f936421688, + 0xa733a951138f8904, + 0x9566d6bc3392168, + 0xe102fe13109c07ae, + 0x1e4c4733f9c926f1, + ])), + BN382Fq::new(BigInteger384([ + 0xbeeabdfd33d7d4d4, + 0x258d58e0edf24637, + 0x644767bec95dd149, + 0x780c156441e1c292, + 0xb0b849ce82fd90a2, + 0xb189d134bfa9ced, + ])), ], vec![ - BN382Fq::new(BigInteger384([0x1d9b42d2a2f73ea8,0xb9b3cf9c1e9aea41,0xa3c8780de2c255f2,0xff9617a521bc6a15,0x3dfe0e09411bbce1,0x1872aac1dea2aba8,])), - BN382Fq::new(BigInteger384([0x166383182fda3435,0x3125ac12879ae7e6,0x425286423e9432b,0x796686a5176807f8,0x826f8b280eb7669c,0x37172d9cb2e8efd,])), - BN382Fq::new(BigInteger384([0x2fc9a35fae8c69f3,0x8dca72688a8fa1c4,0xe7a690c67ed759d6,0xcde98c6072dd8eb4,0xa4bd01fd0dbe1bcd,0xf556423e114180e,])), - ] + BN382Fq::new(BigInteger384([ + 0x1d9b42d2a2f73ea8, + 0xb9b3cf9c1e9aea41, + 0xa3c8780de2c255f2, + 0xff9617a521bc6a15, + 0x3dfe0e09411bbce1, + 0x1872aac1dea2aba8, + ])), + BN382Fq::new(BigInteger384([ + 0x166383182fda3435, + 0x3125ac12879ae7e6, + 0x425286423e9432b, + 0x796686a5176807f8, + 0x826f8b280eb7669c, + 0x37172d9cb2e8efd, + ])), + BN382Fq::new(BigInteger384([ + 0x2fc9a35fae8c69f3, + 0x8dca72688a8fa1c4, + 0xe7a690c67ed759d6, + 0xcde98c6072dd8eb4, + 0xa4bd01fd0dbe1bcd, + 0xf556423e114180e, + ])), + ], ]; let end_states = vec![ vec![ - BN382Fq::new(BigInteger384([0x27dcc9c1f001c02d,0x7fc9de4b5ab915ed,0x7c6832557c4a410d,0x320b95a8fa27bf32,0xe5c89c9c09bd67e5,0x65748e22de4f8c5,])), - BN382Fq::new(BigInteger384([0x7cdb27778c5d6796,0xad588ee542be3389,0x68e926bfdd6398ec,0xe432240624573240,0x2766c91ade70f83f,0x170646120652b37c,])), - BN382Fq::new(BigInteger384([0xcada65af3ba4e9c4,0x7e4561e9933627cd,0x8cb8757ddb2e0730,0x610ecc5beda633e0,0x984de49537e8c3ec,0x1349deb07a8f6f52,])) + BN382Fq::new(BigInteger384([ + 0x27dcc9c1f001c02d, + 0x7fc9de4b5ab915ed, + 0x7c6832557c4a410d, + 0x320b95a8fa27bf32, + 0xe5c89c9c09bd67e5, + 0x65748e22de4f8c5, + ])), + BN382Fq::new(BigInteger384([ + 0x7cdb27778c5d6796, + 0xad588ee542be3389, + 0x68e926bfdd6398ec, + 0xe432240624573240, + 0x2766c91ade70f83f, + 0x170646120652b37c, + ])), + BN382Fq::new(BigInteger384([ + 0xcada65af3ba4e9c4, + 0x7e4561e9933627cd, + 0x8cb8757ddb2e0730, + 0x610ecc5beda633e0, + 0x984de49537e8c3ec, + 0x1349deb07a8f6f52, + ])), ], vec![ - BN382Fq::new(BigInteger384([0xcfd422c316b20422,0xf15801f500d95821,0x360f5beb123f7d4e,0xfc13f1eabfe897f0,0xc70e46eea3b47d2c,0x14eb20b8f8cc25e5,])), - BN382Fq::new(BigInteger384([0x18fb3a5f70545729,0xadc0d9cd0b986c7b,0xc0f502215de819a9,0x21bff5966fdde339,0xc39b173777b1f86b,0x1e01840238fce37a,])), - BN382Fq::new(BigInteger384([0x70fd0a437704dfb5,0xc0afdaef11a41929,0x8a3d1c5e46648541,0x97c16c79daeb557d,0xd18b01c167ec00e6,0x10d02b9f59132a1d,])), + BN382Fq::new(BigInteger384([ + 0xcfd422c316b20422, + 0xf15801f500d95821, + 0x360f5beb123f7d4e, + 0xfc13f1eabfe897f0, + 0xc70e46eea3b47d2c, + 0x14eb20b8f8cc25e5, + ])), + BN382Fq::new(BigInteger384([ + 0x18fb3a5f70545729, + 0xadc0d9cd0b986c7b, + 0xc0f502215de819a9, + 0x21bff5966fdde339, + 0xc39b173777b1f86b, + 0x1e01840238fce37a, + ])), + BN382Fq::new(BigInteger384([ + 0x70fd0a437704dfb5, + 0xc0afdaef11a41929, + 0x8a3d1c5e46648541, + 0x97c16c79daeb557d, + 0xd18b01c167ec00e6, + 0x10d02b9f59132a1d, + ])), ], vec![ - BN382Fq::new(BigInteger384([0x1035143aba9695b9,0xf532c66887edbfcd,0xa6bd2998470d554f,0x831687ccd8a703ff,0xb75bed9a7ae1bab5,0x8b4c6d206c82fb8,])), - BN382Fq::new(BigInteger384([0x7e3d0019dd9387ab,0x746b6db1b8c19f4b,0x2964ec70d389adf6,0x8333f2f4045ebb5f,0x31832aff0cd42bc1,0x16572d68fc8031d5,])), - BN382Fq::new(BigInteger384([0x208b12c54d10bf3b,0xce12a04a890b4859,0x24fc1c25be961547,0xf8e6e4ee5cf48107,0x43a590c19365296e,0x58b7ff26592e23f,])), + BN382Fq::new(BigInteger384([ + 0x1035143aba9695b9, + 0xf532c66887edbfcd, + 0xa6bd2998470d554f, + 0x831687ccd8a703ff, + 0xb75bed9a7ae1bab5, + 0x8b4c6d206c82fb8, + ])), + BN382Fq::new(BigInteger384([ + 0x7e3d0019dd9387ab, + 0x746b6db1b8c19f4b, + 0x2964ec70d389adf6, + 0x8333f2f4045ebb5f, + 0x31832aff0cd42bc1, + 0x16572d68fc8031d5, + ])), + BN382Fq::new(BigInteger384([ + 0x208b12c54d10bf3b, + 0xce12a04a890b4859, + 0x24fc1c25be961547, + 0xf8e6e4ee5cf48107, + 0x43a590c19365296e, + 0x58b7ff26592e23f, + ])), ], vec![ - BN382Fq::new(BigInteger384([0x4f52c2933ef585f2,0x93b9868fb78ca000,0x390b415d3dda671c,0x7376e52933a4470,0x6f4cb578d987419,0xc539440279dc102,])), - BN382Fq::new(BigInteger384([0x3b8ed76f186a092f,0xfc7e9b70f3a206d0,0xa3bbb0c1436c65a2,0xfe0aeae213ba4473,0x9d8ff7b60fe2b888,0x35cb00af8ae79df,])), - BN382Fq::new(BigInteger384([0x1e27e68b262adee9,0xd4b7220a4be055ae,0x4ac1d5ab2530b8b,0x34e9beab4c8c6260,0xa37fff7e0bb5c229,0xa75e8ec286abe8e,])), + BN382Fq::new(BigInteger384([ + 0x4f52c2933ef585f2, + 0x93b9868fb78ca000, + 0x390b415d3dda671c, + 0x7376e52933a4470, + 0x6f4cb578d987419, + 0xc539440279dc102, + ])), + BN382Fq::new(BigInteger384([ + 0x3b8ed76f186a092f, + 0xfc7e9b70f3a206d0, + 0xa3bbb0c1436c65a2, + 0xfe0aeae213ba4473, + 0x9d8ff7b60fe2b888, + 0x35cb00af8ae79df, + ])), + BN382Fq::new(BigInteger384([ + 0x1e27e68b262adee9, + 0xd4b7220a4be055ae, + 0x4ac1d5ab2530b8b, + 0x34e9beab4c8c6260, + 0xa37fff7e0bb5c229, + 0xa75e8ec286abe8e, + ])), ], vec![ - BN382Fq::new(BigInteger384([0x9b735d2a3353402c,0xd4547e70eb8130fa,0x2438c5a8bed96075,0x32fdf7691a26f030,0xa1f649648c34ed64,0x22a1ead2ba837f97,])), - BN382Fq::new(BigInteger384([0x39b0c7a9271496c,0xcfec5f805bdb5e00,0xa9aead920a13442d,0xf8c824e2dedc3993,0x81b407a948baa360,0x205d8c200fb40967,])), - BN382Fq::new(BigInteger384([0xf9cc3c9cf970f38c,0xaf92136db468bbb9,0xb1c839b8e1eb9561,0xf92e59ecbe79cc84,0x34c857f5954e45f8,0x8344e8ada34f5d1,])), - ] + BN382Fq::new(BigInteger384([ + 0x9b735d2a3353402c, + 0xd4547e70eb8130fa, + 0x2438c5a8bed96075, + 0x32fdf7691a26f030, + 0xa1f649648c34ed64, + 0x22a1ead2ba837f97, + ])), + BN382Fq::new(BigInteger384([ + 0x39b0c7a9271496c, + 0xcfec5f805bdb5e00, + 0xa9aead920a13442d, + 0xf8c824e2dedc3993, + 0x81b407a948baa360, + 0x205d8c200fb40967, + ])), + BN382Fq::new(BigInteger384([ + 0xf9cc3c9cf970f38c, + 0xaf92136db468bbb9, + 0xb1c839b8e1eb9561, + 0xf92e59ecbe79cc84, + 0x34c857f5954e45f8, + 0x8344e8ada34f5d1, + ])), + ], ]; - poseidon_permutation_regression_test::( - start_states, end_states - ); + poseidon_permutation_regression_test::< + BN382Fq, + BN382FqPoseidonParameters, + BN382FqQuinticSbox, + >(start_states, end_states); test_routine::(3) } #[cfg(feature = "tweedle")] #[test] fn test_poseidon_hash_tweedle_fr() { - use algebra::{ - biginteger::BigInteger256, - fields::tweedle::Fr as TweedleFr - }; use crate::crh::poseidon::parameters::tweedle_dee::{ - TweedleFrPoseidonHash, TweedleFrPoseidonParameters, TweedleFrQuinticSbox + TweedleFrPoseidonHash, TweedleFrPoseidonParameters, TweedleFrQuinticSbox, }; + use algebra::{biginteger::BigInteger256, fields::tweedle::Fr as TweedleFr}; // Test vectors are computed via the script in ./parameters/scripts/permutation_deefr.sage let start_states = vec![ vec![TweedleFr::zero(); 3], vec![ - TweedleFr::new(BigInteger256([0x2d9ced12b8448fa3,0xe47617895bcb1def,0xdb309341af8fc9bc,0x3518ed3d596d9b3d,])), - TweedleFr::new(BigInteger256([0x2f00b53bfb408372,0x6de08091d9994983,0x30787444ac8639a3,0x18b1a8fe589e66ad,])), - TweedleFr::new(BigInteger256([0xbbff40a91825c30d,0xa82ca4dd45ed43cd,0x3ce8daf6c9c21029,0x10c0f7735f33aa7a,])), + TweedleFr::new(BigInteger256([ + 0x2d9ced12b8448fa3, + 0xe47617895bcb1def, + 0xdb309341af8fc9bc, + 0x3518ed3d596d9b3d, + ])), + TweedleFr::new(BigInteger256([ + 0x2f00b53bfb408372, + 0x6de08091d9994983, + 0x30787444ac8639a3, + 0x18b1a8fe589e66ad, + ])), + TweedleFr::new(BigInteger256([ + 0xbbff40a91825c30d, + 0xa82ca4dd45ed43cd, + 0x3ce8daf6c9c21029, + 0x10c0f7735f33aa7a, + ])), ], vec![ - TweedleFr::new(BigInteger256([0x5f37a0bd77589e1f,0x5473621f06e318b0,0x134c69d294364fc2,0x17ce475fc0918e98,])), - TweedleFr::new(BigInteger256([0xf997aedfd435a00c,0xff8244711a05ace4,0x111f3729665dfce3,0x12e06c5d75a20f44,])), - TweedleFr::new(BigInteger256([0x4fe219488f716f3b,0x47994803d7aa1b4b,0x83c0b9401250e3df,0xc55e3e5129040af,])), + TweedleFr::new(BigInteger256([ + 0x5f37a0bd77589e1f, + 0x5473621f06e318b0, + 0x134c69d294364fc2, + 0x17ce475fc0918e98, + ])), + TweedleFr::new(BigInteger256([ + 0xf997aedfd435a00c, + 0xff8244711a05ace4, + 0x111f3729665dfce3, + 0x12e06c5d75a20f44, + ])), + TweedleFr::new(BigInteger256([ + 0x4fe219488f716f3b, + 0x47994803d7aa1b4b, + 0x83c0b9401250e3df, + 0xc55e3e5129040af, + ])), ], vec![ - TweedleFr::new(BigInteger256([0x1c88b7f17d83e522,0x63bbb3d972a8a79,0x3cd3b269e9148e61,0x107064754c2219f6,])), - TweedleFr::new(BigInteger256([0xd98347c19ef61123,0x8c2f919a2ce03104,0x19a6ebeb17c8d50b,0x211359dab98e662b,])), - TweedleFr::new(BigInteger256([0x6fca9aeca36a6a90,0x9a5901d4db4cb38b,0xb7a625b6fa9c1d25,0x1c0c5a9e4863c446,])), + TweedleFr::new(BigInteger256([ + 0x1c88b7f17d83e522, + 0x63bbb3d972a8a79, + 0x3cd3b269e9148e61, + 0x107064754c2219f6, + ])), + TweedleFr::new(BigInteger256([ + 0xd98347c19ef61123, + 0x8c2f919a2ce03104, + 0x19a6ebeb17c8d50b, + 0x211359dab98e662b, + ])), + TweedleFr::new(BigInteger256([ + 0x6fca9aeca36a6a90, + 0x9a5901d4db4cb38b, + 0xb7a625b6fa9c1d25, + 0x1c0c5a9e4863c446, + ])), ], vec![ - TweedleFr::new(BigInteger256([0x52cc4aa39d8838b8,0x412ba25c63120ebb,0x667515874f0074d6,0x1d2f166897ea99e,])), - TweedleFr::new(BigInteger256([0x466265a678233c51,0xd6b41807e24ee39f,0xee5874453e9c291c,0x1b0bbd1b8e79ea9d,])), - TweedleFr::new(BigInteger256([0x49d2b1885d136bf6,0xfebba4a8e8c0595b,0xa5b4ca600f485e66,0x27c2b78d22e855c0,])), + TweedleFr::new(BigInteger256([ + 0x52cc4aa39d8838b8, + 0x412ba25c63120ebb, + 0x667515874f0074d6, + 0x1d2f166897ea99e, + ])), + TweedleFr::new(BigInteger256([ + 0x466265a678233c51, + 0xd6b41807e24ee39f, + 0xee5874453e9c291c, + 0x1b0bbd1b8e79ea9d, + ])), + TweedleFr::new(BigInteger256([ + 0x49d2b1885d136bf6, + 0xfebba4a8e8c0595b, + 0xa5b4ca600f485e66, + 0x27c2b78d22e855c0, + ])), ], ]; let end_states = vec![ vec![ - TweedleFr::new(BigInteger256([0x85614442a60ac11a,0x55a43ca8180d2e08,0x43f61ff197080ac4,0x19d87eb89a42aaf1,])), - TweedleFr::new(BigInteger256([0xa2f6b5a9a16d3790,0xc947563b131a126c,0x52c19607bb4b6640,0xc4604a460df1c57,])), - TweedleFr::new(BigInteger256([0x7d8f3c1679a9cbe2,0xb09fdc38ee15fe77,0x810720bf23be8578,0x2ab876d1a0abfa95,])), + TweedleFr::new(BigInteger256([ + 0x85614442a60ac11a, + 0x55a43ca8180d2e08, + 0x43f61ff197080ac4, + 0x19d87eb89a42aaf1, + ])), + TweedleFr::new(BigInteger256([ + 0xa2f6b5a9a16d3790, + 0xc947563b131a126c, + 0x52c19607bb4b6640, + 0xc4604a460df1c57, + ])), + TweedleFr::new(BigInteger256([ + 0x7d8f3c1679a9cbe2, + 0xb09fdc38ee15fe77, + 0x810720bf23be8578, + 0x2ab876d1a0abfa95, + ])), ], vec![ - TweedleFr::new(BigInteger256([0xc4a37b8664180077,0xd8390d652933725e,0xaafa5d29eb656edb,0x296682761320f48c,])), - TweedleFr::new(BigInteger256([0x2fffbed47e729020,0x6d243b1d399f42dd,0x2bcea2d0461856d7,0x2fc6f9c7c62a5088,])), - TweedleFr::new(BigInteger256([0x8b617097039cbf5f,0xc3e9594e65f53809,0x96f163d2a6e08e55,0x1283bbfbfafe0185,])), + TweedleFr::new(BigInteger256([ + 0xc4a37b8664180077, + 0xd8390d652933725e, + 0xaafa5d29eb656edb, + 0x296682761320f48c, + ])), + TweedleFr::new(BigInteger256([ + 0x2fffbed47e729020, + 0x6d243b1d399f42dd, + 0x2bcea2d0461856d7, + 0x2fc6f9c7c62a5088, + ])), + TweedleFr::new(BigInteger256([ + 0x8b617097039cbf5f, + 0xc3e9594e65f53809, + 0x96f163d2a6e08e55, + 0x1283bbfbfafe0185, + ])), ], vec![ - TweedleFr::new(BigInteger256([0xb0e21925172f0ba3,0x22bb8d3720914af7,0x31ee2b9a26424619,0x2184d5590df49e25,])), - TweedleFr::new(BigInteger256([0x4f525fe270112fb8,0x59d975c2bc66f456,0x1740475c80005233,0x3f44acd2d334fee9,])), - TweedleFr::new(BigInteger256([0xda02921fa73b4778,0xb9b7c2742272dbeb,0xb3491dacb990965c,0x3cffd4206f4264e,])), + TweedleFr::new(BigInteger256([ + 0xb0e21925172f0ba3, + 0x22bb8d3720914af7, + 0x31ee2b9a26424619, + 0x2184d5590df49e25, + ])), + TweedleFr::new(BigInteger256([ + 0x4f525fe270112fb8, + 0x59d975c2bc66f456, + 0x1740475c80005233, + 0x3f44acd2d334fee9, + ])), + TweedleFr::new(BigInteger256([ + 0xda02921fa73b4778, + 0xb9b7c2742272dbeb, + 0xb3491dacb990965c, + 0x3cffd4206f4264e, + ])), ], vec![ - TweedleFr::new(BigInteger256([0x9a5d804c8f8980d7,0x60f4ba8f01fccce4,0x95428b68f3a9eba3,0x3108ed7e0636e1e7,])), - TweedleFr::new(BigInteger256([0xf5e24f59c7e404d7,0xf4a10531d95222b1,0xb55cfa77a621836f,0x15f7c485bf9b2bf1,])), - TweedleFr::new(BigInteger256([0xf65bd157052e1b45,0x180aa5b7e51b8a46,0xe451d510b5cf9dae,0x7cdd9f00493bc73,])), + TweedleFr::new(BigInteger256([ + 0x9a5d804c8f8980d7, + 0x60f4ba8f01fccce4, + 0x95428b68f3a9eba3, + 0x3108ed7e0636e1e7, + ])), + TweedleFr::new(BigInteger256([ + 0xf5e24f59c7e404d7, + 0xf4a10531d95222b1, + 0xb55cfa77a621836f, + 0x15f7c485bf9b2bf1, + ])), + TweedleFr::new(BigInteger256([ + 0xf65bd157052e1b45, + 0x180aa5b7e51b8a46, + 0xe451d510b5cf9dae, + 0x7cdd9f00493bc73, + ])), ], vec![ - TweedleFr::new(BigInteger256([0x7c080f4b62e78aab,0xc6294e279a622677,0xcabd73efb2584d6d,0x10186a71cc08159e,])), - TweedleFr::new(BigInteger256([0xdb3d4f4a63e1324d,0x6705ae25ff9b471f,0xccae1d131341f589,0x1b31cd963165eccc,])), - TweedleFr::new(BigInteger256([0x9860019e6edc3f2f,0x14ca7a30bb1a5c36,0xf4e9f4abe3f7ef0c,0x143d7bf07e7f54c7,])), + TweedleFr::new(BigInteger256([ + 0x7c080f4b62e78aab, + 0xc6294e279a622677, + 0xcabd73efb2584d6d, + 0x10186a71cc08159e, + ])), + TweedleFr::new(BigInteger256([ + 0xdb3d4f4a63e1324d, + 0x6705ae25ff9b471f, + 0xccae1d131341f589, + 0x1b31cd963165eccc, + ])), + TweedleFr::new(BigInteger256([ + 0x9860019e6edc3f2f, + 0x14ca7a30bb1a5c36, + 0xf4e9f4abe3f7ef0c, + 0x143d7bf07e7f54c7, + ])), ], ]; - poseidon_permutation_regression_test::( - start_states, end_states - ); + poseidon_permutation_regression_test::< + TweedleFr, + TweedleFrPoseidonParameters, + TweedleFrQuinticSbox, + >(start_states, end_states); test_routine::(3) } #[cfg(feature = "tweedle")] #[test] fn test_poseidon_hash_tweedle_fq() { - use algebra::{ - biginteger::BigInteger256, - fields::tweedle::Fq as TweedleFq - }; use crate::crh::poseidon::parameters::tweedle_dum::{ - TweedleFqPoseidonHash, TweedleFqPoseidonParameters, TweedleFqQuinticSbox + TweedleFqPoseidonHash, TweedleFqPoseidonParameters, TweedleFqQuinticSbox, }; + use algebra::{biginteger::BigInteger256, fields::tweedle::Fq as TweedleFq}; // Test vectors are computed via the script in ./parameters/scripts/permutation_dumfr.sage let start_states = vec![ + vec![TweedleFq::zero(); 3], vec![ - TweedleFq::zero(); 3 + TweedleFq::new(BigInteger256([ + 0x530261dfc524611d, + 0xebde2e5e0c454577, + 0x31c9a2fd3288dbd8, + 0x22faf97cf0bfa8ed, + ])), + TweedleFq::new(BigInteger256([ + 0x25f47e32d936f0c0, + 0x9c88b0ffb8d56acc, + 0x3c1a4050825c76ac, + 0xf81aaaddfb679df, + ])), + TweedleFq::new(BigInteger256([ + 0x129cb322f4812820, + 0x5b218d2750d9cc33, + 0x5baa3f8af95e185b, + 0xf5713c92c9b59a5, + ])), ], vec![ - TweedleFq::new(BigInteger256([0x530261dfc524611d,0xebde2e5e0c454577,0x31c9a2fd3288dbd8,0x22faf97cf0bfa8ed,])), - TweedleFq::new(BigInteger256([0x25f47e32d936f0c0,0x9c88b0ffb8d56acc,0x3c1a4050825c76ac,0xf81aaaddfb679df,])), - TweedleFq::new(BigInteger256([0x129cb322f4812820,0x5b218d2750d9cc33,0x5baa3f8af95e185b,0xf5713c92c9b59a5,])), + TweedleFq::new(BigInteger256([ + 0x8c70fb5700e28179, + 0x58d04dff4aeb7baa, + 0x7d229f69585bbc4c, + 0x1a53f352bbb741f, + ])), + TweedleFq::new(BigInteger256([ + 0x983971f4bc40e955, + 0xf9c4aa245dc69370, + 0xc90afb10e865d7fa, + 0x25c68f3eda91e782, + ])), + TweedleFq::new(BigInteger256([ + 0x553902e820896d7e, + 0xea7238f532c5b890, + 0x66c31bc5cacadbb5, + 0x11fbf51d7acd7811, + ])), ], vec![ - TweedleFq::new(BigInteger256([0x8c70fb5700e28179,0x58d04dff4aeb7baa,0x7d229f69585bbc4c,0x1a53f352bbb741f,])), - TweedleFq::new(BigInteger256([0x983971f4bc40e955,0xf9c4aa245dc69370,0xc90afb10e865d7fa,0x25c68f3eda91e782,])), - TweedleFq::new(BigInteger256([0x553902e820896d7e,0xea7238f532c5b890,0x66c31bc5cacadbb5,0x11fbf51d7acd7811,])), + TweedleFq::new(BigInteger256([ + 0x8c5101f47ede0f2b, + 0xdde609c8ee90d5e9, + 0xf53611e4c9658d0b, + 0x9b8ad64dd287d37, + ])), + TweedleFq::new(BigInteger256([ + 0xe79daeebc658d0a, + 0x3019b7ed8cae3dd8, + 0xe4966f5f01879f27, + 0x2f1328f79025e70c, + ])), + TweedleFq::new(BigInteger256([ + 0x49ad0534394806ae, + 0x6ab073974f741a93, + 0x3e043b146513dfe5, + 0x29b158cd24e843e4, + ])), ], vec![ - TweedleFq::new(BigInteger256([0x8c5101f47ede0f2b,0xdde609c8ee90d5e9,0xf53611e4c9658d0b,0x9b8ad64dd287d37,])), - TweedleFq::new(BigInteger256([0xe79daeebc658d0a,0x3019b7ed8cae3dd8,0xe4966f5f01879f27,0x2f1328f79025e70c,])), - TweedleFq::new(BigInteger256([0x49ad0534394806ae,0x6ab073974f741a93,0x3e043b146513dfe5,0x29b158cd24e843e4,])), - ], - vec![ - TweedleFq::new(BigInteger256([0x3a410990938e76ed,0x4bd4f247c6c2215b,0xe815c6d61abfe6f9,0x94daa5bcfb9eb6f,])), - TweedleFq::new(BigInteger256([0x3787fbb0c8dcfe1a,0xf67406e5daf43fae,0x7a5fc8f335f28767,0x18ff0f241943eec8,])), - TweedleFq::new(BigInteger256([0xc72a940881085fd6,0x7096ba03e87353af,0x32decb002f5a4e83,0x492cc5ac858b06a,])), + TweedleFq::new(BigInteger256([ + 0x3a410990938e76ed, + 0x4bd4f247c6c2215b, + 0xe815c6d61abfe6f9, + 0x94daa5bcfb9eb6f, + ])), + TweedleFq::new(BigInteger256([ + 0x3787fbb0c8dcfe1a, + 0xf67406e5daf43fae, + 0x7a5fc8f335f28767, + 0x18ff0f241943eec8, + ])), + TweedleFq::new(BigInteger256([ + 0xc72a940881085fd6, + 0x7096ba03e87353af, + 0x32decb002f5a4e83, + 0x492cc5ac858b06a, + ])), ], ]; let end_states = vec![ vec![ - TweedleFq::new(BigInteger256([0x46ef7b471f039f54,0x7516283cc67869f2,0x561a6334ba7a39f1,0x293842a1538ac01b,])), - TweedleFq::new(BigInteger256([0x6f10ff3b97995e3b,0x7650f70901d51a88,0x9f13555ea4caf2eb,0x14ed7f5560a0a1e1,])), - TweedleFq::new(BigInteger256([0x815126351fe00f44,0x921a5f3ad5a6e83c,0x5f614c0b1bdaf5f7,0x7733c69a8892f0e,])), + TweedleFq::new(BigInteger256([ + 0x46ef7b471f039f54, + 0x7516283cc67869f2, + 0x561a6334ba7a39f1, + 0x293842a1538ac01b, + ])), + TweedleFq::new(BigInteger256([ + 0x6f10ff3b97995e3b, + 0x7650f70901d51a88, + 0x9f13555ea4caf2eb, + 0x14ed7f5560a0a1e1, + ])), + TweedleFq::new(BigInteger256([ + 0x815126351fe00f44, + 0x921a5f3ad5a6e83c, + 0x5f614c0b1bdaf5f7, + 0x7733c69a8892f0e, + ])), ], vec![ - TweedleFq::new(BigInteger256([0xf39ca6429f499eb1,0x69657c642b509baa,0xbb0a2f6bb3a44a7b,0x1b0f054ee6b06ee5,])), - TweedleFq::new(BigInteger256([0x9eab499dc61a7d92,0x457d1a9027e66bd4,0x74f80311cef652a5,0x2f0dc832cc821ed,])), - TweedleFq::new(BigInteger256([0xe5949837b34cdd97,0x2fdd08e41ac8e36f,0xbfcb6768fbb981d,0x1521b70d21fc43fb,])), + TweedleFq::new(BigInteger256([ + 0xf39ca6429f499eb1, + 0x69657c642b509baa, + 0xbb0a2f6bb3a44a7b, + 0x1b0f054ee6b06ee5, + ])), + TweedleFq::new(BigInteger256([ + 0x9eab499dc61a7d92, + 0x457d1a9027e66bd4, + 0x74f80311cef652a5, + 0x2f0dc832cc821ed, + ])), + TweedleFq::new(BigInteger256([ + 0xe5949837b34cdd97, + 0x2fdd08e41ac8e36f, + 0xbfcb6768fbb981d, + 0x1521b70d21fc43fb, + ])), ], vec![ - TweedleFq::new(BigInteger256([0x21fb36a475c20033,0x6a938adf93ceda77,0xa05bc36806e89296,0x1cd7a0d468136dd3,])), - TweedleFq::new(BigInteger256([0x6295c60c77022ca5,0x440a39652987ef94,0xbe9a8f921e81b656,0x3ade3ff16b820c56,])), - TweedleFq::new(BigInteger256([0x62f4df55b1158a3d,0x6787fff1b51e08ed,0x47b46cd1709e9d30,0x3c4bbad805b5838c,])), + TweedleFq::new(BigInteger256([ + 0x21fb36a475c20033, + 0x6a938adf93ceda77, + 0xa05bc36806e89296, + 0x1cd7a0d468136dd3, + ])), + TweedleFq::new(BigInteger256([ + 0x6295c60c77022ca5, + 0x440a39652987ef94, + 0xbe9a8f921e81b656, + 0x3ade3ff16b820c56, + ])), + TweedleFq::new(BigInteger256([ + 0x62f4df55b1158a3d, + 0x6787fff1b51e08ed, + 0x47b46cd1709e9d30, + 0x3c4bbad805b5838c, + ])), ], vec![ - TweedleFq::new(BigInteger256([0xf0b39ffa74b62183,0x9c87a4fea04e092a,0xe7ef4462efcf6492,0x1495692d563b0275,])), - TweedleFq::new(BigInteger256([0x1758eeffd0793b03,0x37e1f13b2b104aa,0x71c181dd5d62c9d,0x3448bf7ebad19d00,])), - TweedleFq::new(BigInteger256([0x63feeddf9fd791f,0xcf11513a74efebf6,0xc046e6ff5b45f4af,0x13a773bcdaabf9b1,])), + TweedleFq::new(BigInteger256([ + 0xf0b39ffa74b62183, + 0x9c87a4fea04e092a, + 0xe7ef4462efcf6492, + 0x1495692d563b0275, + ])), + TweedleFq::new(BigInteger256([ + 0x1758eeffd0793b03, + 0x37e1f13b2b104aa, + 0x71c181dd5d62c9d, + 0x3448bf7ebad19d00, + ])), + TweedleFq::new(BigInteger256([ + 0x63feeddf9fd791f, + 0xcf11513a74efebf6, + 0xc046e6ff5b45f4af, + 0x13a773bcdaabf9b1, + ])), ], vec![ - TweedleFq::new(BigInteger256([0x6f2ad1eed8b08a65,0x23e051559fea114f,0x6e9855acf367f614,0x1f6ff3e5034d9adb,])), - TweedleFq::new(BigInteger256([0xc76c27513034009f,0xf08aae84a5bdaf00,0xb4614eed8e6839d5,0x18b4587f29cdb052,])), - TweedleFq::new(BigInteger256([0xa5a9c19386d171db,0x57321c0b6d91fa65,0xaa19cb2f60d37e5b,0x12a05d4caaa7d0ca,])), + TweedleFq::new(BigInteger256([ + 0x6f2ad1eed8b08a65, + 0x23e051559fea114f, + 0x6e9855acf367f614, + 0x1f6ff3e5034d9adb, + ])), + TweedleFq::new(BigInteger256([ + 0xc76c27513034009f, + 0xf08aae84a5bdaf00, + 0xb4614eed8e6839d5, + 0x18b4587f29cdb052, + ])), + TweedleFq::new(BigInteger256([ + 0xa5a9c19386d171db, + 0x57321c0b6d91fa65, + 0xaa19cb2f60d37e5b, + 0x12a05d4caaa7d0ca, + ])), ], ]; - poseidon_permutation_regression_test::( - start_states, end_states - ); + poseidon_permutation_regression_test::< + TweedleFq, + TweedleFqPoseidonParameters, + TweedleFqQuinticSbox, + >(start_states, end_states); test_routine::(3) } -} \ No newline at end of file +} diff --git a/primitives/src/crh/poseidon/parameters/bn382.rs b/primitives/src/crh/poseidon/parameters/bn382.rs index 9a709afed..ec79c04c3 100644 --- a/primitives/src/crh/poseidon/parameters/bn382.rs +++ b/primitives/src/crh/poseidon/parameters/bn382.rs @@ -1,6 +1,5 @@ use crate::crh::{ - PoseidonParameters, - FieldBasedHashParameters, PoseidonHash, batched_crh::PoseidonBatchHash, + batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonParameters, PoseidonQuinticSBox, }; use algebra::fields::bn_382::Fr as BN382Fr; @@ -17,11 +16,10 @@ pub struct BN382FrPoseidonParameters; impl FieldBasedHashParameters for BN382FrPoseidonParameters { type Fr = BN382Fr; - const R: usize = 2; // The rate of the hash function + const R: usize = 2; // The rate of the hash function } impl PoseidonParameters for BN382FrPoseidonParameters { - const T: usize = 3; // Size of the internal state (in field elements) const R_F: i32 = 4; // Half number of full rounds (the R_f in the paper) const R_P: i32 = 56; // Number of partial rounds @@ -31,223 +29,2255 @@ impl PoseidonParameters for BN382FrPoseidonParameters { // State vector after permutation of zero state vector const AFTER_ZERO_PERM: &'static [BN382Fr] = &[ - BN382Fr::new(BigInteger([0x3600ae9dea9ba41a,0x17a35e3bedfc2e1,0x7ee93e40052b3867,0xc555ef28f09e84e9,0x1ef349664ad402cf,0x1c49706c59f09b25,])), - BN382Fr::new(BigInteger([0xbb6f865c755b9100,0x6f6ccbea5f0c5847,0x4cfd3606c21c2573,0x3512ec3dc6889f67,0xc7981de6b0710b5f,0x109fe23f817aa0cf,])), - BN382Fr::new(BigInteger([0x39de13d041934215,0x5370089a3da7c4fe,0x512952ce97e48c03,0xe1c26f50f4c9c4c1,0x1f008942e907b93e,0x1910b7b5453ff08f,])), + BN382Fr::new(BigInteger([ + 0x3600ae9dea9ba41a, + 0x17a35e3bedfc2e1, + 0x7ee93e40052b3867, + 0xc555ef28f09e84e9, + 0x1ef349664ad402cf, + 0x1c49706c59f09b25, + ])), + BN382Fr::new(BigInteger([ + 0xbb6f865c755b9100, + 0x6f6ccbea5f0c5847, + 0x4cfd3606c21c2573, + 0x3512ec3dc6889f67, + 0xc7981de6b0710b5f, + 0x109fe23f817aa0cf, + ])), + BN382Fr::new(BigInteger([ + 0x39de13d041934215, + 0x5370089a3da7c4fe, + 0x512952ce97e48c03, + 0xe1c26f50f4c9c4c1, + 0x1f008942e907b93e, + 0x1910b7b5453ff08f, + ])), ]; // Array of round constants const ROUND_CST: &'static [BN382Fr] = &[ // Constants in Montgomery representation. - field_new!(BN382Fr,BigInteger([0x612594bbb1b6e471,0x378e47c761bde158,0x3bc6646891051db3,0x5a4b437eff423c1e,0x9872641294446a72,0x10dc628330a637a0,])), - field_new!(BN382Fr,BigInteger([0x648b925a912409e4,0x3137eb5e72da8291,0x58d3c520be2d4e86,0xb68fbeb1ab564e98,0xc47730e1b98e2804,0x20e7bb9a467b3926,])), - field_new!(BN382Fr,BigInteger([0x1d51c18e15d84b89,0xb679e453773a1166,0x2e7a43308fdef5b5,0xfc1727f11c11bebe,0x34438c67b8107cdb,0x217f841af91c5293,])), - field_new!(BN382Fr,BigInteger([0x187fec8936804a9e,0x4fad22235608d500,0x53eb48d5a7e0f37b,0xb540d80d00de0206,0xc718c0ea9b4d8ffa,0x14f78a64836e832e,])), - field_new!(BN382Fr,BigInteger([0x21b11c3f5923a641,0x82421ecfad69dcec,0x6054cc7043a10170,0x414c0d35d1af8a48,0x3d3b2e5b0344ae4b,0x2539bfc1d203ef3,])), - field_new!(BN382Fr,BigInteger([0x6242abe27a3fde78,0x6ac220eb054337dc,0x68ec76e4f7ab3367,0xeaf43afa8ed9f4b9,0x69b4c57bd8ffec75,0x244402235244c6c,])), - field_new!(BN382Fr,BigInteger([0xd03b987b146a036a,0x5e1a6737273007dc,0x6b3c110658ea8329,0x28b86415ce76e590,0xb4c299a0f4b35288,0xb277b8b1dc45b54,])), - field_new!(BN382Fr,BigInteger([0x1851ccbf8ac0c4a0,0x7bfbabc08b8e1820,0x5f9e8f70cc0d89e6,0x6a60d3e9b2efab9d,0x5f00532bf5c3e7b7,0x163c93f958fe6165,])), - field_new!(BN382Fr,BigInteger([0x2e025a1b9fc1cf7e,0x9d2a3926c8e4873d,0x815247d8b3ed282b,0xbcea0d05bb60e6e0,0x641d40f393b70f0b,0x49937dc4336efc4,])), - field_new!(BN382Fr,BigInteger([0xc4fe4660dc170c54,0x6466c8bf6bae65e6,0xe0b937fbe714c317,0x1b5c3c9e3bd86eb1,0xed6d009f6c0f689c,0x1a2e64b8e1160157,])), - field_new!(BN382Fr,BigInteger([0xc2677abcce729473,0xcc2ad5dcd10e8138,0xbc00ff9a08251b0e,0xab06e89754bdafda,0xaf9ee29407761667,0x1a91142192f16d77,])), - field_new!(BN382Fr,BigInteger([0x5d3924656b2e96b5,0xf07dce7e5b93e084,0x11cb47794099c628,0x1a51be34bcd1f11,0xfb6c4a29847ed8bd,0xf8cd5fb058a687,])), - field_new!(BN382Fr,BigInteger([0x4b6abf73349047c5,0xfb00fb1d0ce00e97,0x2c80aa15dc10fd27,0x6c1c172bf58bf5db,0xc5afa80758f61cc1,0x101ab8639da5903b,])), - field_new!(BN382Fr,BigInteger([0xee84aab656871f2b,0x7b59847da780fa09,0x9ed2e4ef8c67a6ac,0xd1d5e4983fb63d56,0x918ef129484f6416,0x4ed575d596b0602,])), - field_new!(BN382Fr,BigInteger([0x58f3f554d7c5b733,0x7691b6862724e884,0xdeef90c871cb4e65,0x1e13cfc8f6e08cd5,0x46885ac1ae81376b,0x3b58110b0de832e,])), - field_new!(BN382Fr,BigInteger([0x446e0dd315118672,0x34362a3a5782fcc,0x869e30e64061f70f,0xa2d416d4ac47e503,0x26e45bd23d2d5e72,0x1e942e7f440e111e,])), - field_new!(BN382Fr,BigInteger([0xbbbef86dad29c116,0xafccad57e6e0e283,0x55db744a8ae16107,0xc334fcc6fe3e1d33,0xba84412daa85c437,0xf83004f4d48bfd1,])), - field_new!(BN382Fr,BigInteger([0xb1f4a46da7d16e93,0x6aa9efa28eceea77,0x3f5a7def907b0fec,0xc04ad03d8e686b12,0xe2867b73d9b9a42c,0x1842fe7d5ee870f4,])), - field_new!(BN382Fr,BigInteger([0xa4cab7e77ad91d2b,0xcc939045d9622fc0,0x4dfd4554bccbec82,0xa082bef06a3aa21f,0x2495c409d9b20891,0x1eb8aac188034c7a,])), - field_new!(BN382Fr,BigInteger([0xc220e4cd7cea36bd,0xd7ddf157d467b5e0,0x9cda30e4db26a535,0x501d52e6919d3d85,0x8e3341dcf7cdcfcd,0x19c18a87cb0f478a,])), - field_new!(BN382Fr,BigInteger([0xc4434445afe11416,0x93d860a5f1808a15,0x76a6f908b263c167,0x3c535ecedfcc7474,0xdff4b09337bb69fd,0x1d8146147a732b6b,])), - field_new!(BN382Fr,BigInteger([0x53869b602d088ead,0x34562e6fdf6c489a,0x2746687a5902c65,0x52fcb012dc77ea19,0x3932aa1140bd8740,0x42b278db02964d0,])), - field_new!(BN382Fr,BigInteger([0x663001807d2d112a,0xc582d9dc8bf0fa09,0x2084c427cdffe861,0x78c456b8c3b2525d,0xc7758eb65b16edee,0x13cdf833fb9b7b02,])), - field_new!(BN382Fr,BigInteger([0xc102214b726d6540,0xe1756cf3989385b6,0xaba456a472886b86,0xe69fc37dc73c9d97,0x7a8fa6d7359914e2,0xe5689850df5d1a7,])), - field_new!(BN382Fr,BigInteger([0x1c9e227aa38dc007,0xbb2289a1aaf0a6b8,0x7c2c107cc99c14cb,0x46feeb0231bdb907,0xecf91543b2399e6d,0x260e275c81141e3,])), - field_new!(BN382Fr,BigInteger([0xd4209b6bf5e09b4a,0xc4d65edcaef6f4b2,0x7d6c16c833bb04d2,0x76f8559c97e8bc5,0x993a8698b0af0ff2,0x91b038ba5c6fbb5,])), - field_new!(BN382Fr,BigInteger([0x6a66939c2a3e8234,0x6e36f00a8c275e35,0x84e0cbe222635c19,0x64567200b6471bd5,0xfcae76b4aa74cbd0,0xc5bc9f742bf7dda,])), - field_new!(BN382Fr,BigInteger([0xbe090d890c1fbb82,0x5f466d9dbeb0f41f,0x95a1b4467bc8f316,0xb4394875c87737b9,0x9eed654652634c31,0x21ddf7aeb3256046,])), - field_new!(BN382Fr,BigInteger([0xecbd0679d0cc2e2f,0xb100a1ed21b586da,0x38954a366b39c0d5,0xf1199b459e8ca278,0xcef14e9c83fbafa0,0x1b06bce55c89647a,])), - field_new!(BN382Fr,BigInteger([0xb5fb0ccc085896d2,0x17d57df63f346658,0x59cb1ea93e0b8ea7,0x480042e193b0a945,0x352257c21f74ac58,0x18ec5afb2a583fd,])), - field_new!(BN382Fr,BigInteger([0xf29704cee883c5f9,0x4cdea6c79755e0c6,0xabb0de810e531941,0x870fb7b6310a798a,0x91b1f1aa665000ac,0x22df418d022c49c3,])), - field_new!(BN382Fr,BigInteger([0xb0e5b193025cf63e,0x70e6498ca19ec864,0xdc620e0e6c661bb9,0x2ae93e3bc005351e,0x16ea0c602ffa4c56,0x1c1c3ffea1ccbaa8,])), - field_new!(BN382Fr,BigInteger([0x12209b68ba85fbc7,0x59cf50d6cb4e97de,0x60a0db7096520aec,0xc18b7bb5fd86bf94,0x17cd558db842f379,0x10a08f25a0cc9f9,])), - field_new!(BN382Fr,BigInteger([0xb2283575aae39034,0xb00e40d02a1aebad,0x47fb96740c989d41,0x8feecc9254494342,0xc3a3641a41d83c15,0x17c5acd67472548c,])), - field_new!(BN382Fr,BigInteger([0x908b884bf8495e02,0x4fedd1613523eb2a,0xdf9e7857d5b4901b,0x1da985a29f773b6f,0xce5bd199e3640c8,0xa87bd4fc26b35db,])), - field_new!(BN382Fr,BigInteger([0x939945437ccadce,0x25e9ed3e56dd88e4,0x540eed7468cde940,0xec37670dd2e43309,0xf1fc0a5beda99cd1,0x105dbc5c778ea0db,])), - field_new!(BN382Fr,BigInteger([0x3c1023ff94b35ed9,0x245407c49b2d2acb,0x9ebd77aaed0fc04c,0x496e72558c5ec89a,0xd41ed7f1dd9d5436,0x1a5f1ed7d8aff27b,])), - field_new!(BN382Fr,BigInteger([0x61d199a03b8ea301,0xdebf75191444d05c,0xde221b14381951c0,0xbe532ad1c7c2fbb2,0xbc03d6b8a664b3ca,0xf2f0523c2f3b8b6,])), - field_new!(BN382Fr,BigInteger([0x85ae87462afa2675,0xa4a639046e7177b6,0xb58292f4b192d5ec,0x4bcd2ff0c329e04f,0x87e1cfdc670e8333,0x56ad8723efc665c,])), - field_new!(BN382Fr,BigInteger([0x14eee3f1fa623589,0xfae4dbad19ac9796,0xf793271c6996f743,0xc5c55d0ea1b714d2,0x597475995b5ad044,0x2139a591e4311498,])), - field_new!(BN382Fr,BigInteger([0x87ce55ad4f9f95af,0xde157639400314a2,0x20474aa26d1d83ea,0xf5cbb4a5e03c9636,0xfeb4568697e45e31,0x8af3f7bea74fd70,])), - field_new!(BN382Fr,BigInteger([0x434a2cc78d712030,0x6e0d22f536b573f7,0xe0b1dc67d929947f,0x6884a2f7c44f353c,0xd46fdd9ce1d5b6a5,0x13ef30c2ed69dbff,])), - field_new!(BN382Fr,BigInteger([0x7a040f4d6d94f86f,0x27c1ce564ddf4262,0xa81b7f221c69617,0x57c9ce680180abb0,0xdf3325058728863f,0x23dccc19d0bc5ea9,])), - field_new!(BN382Fr,BigInteger([0x539fbfa2a87db0f5,0xa57f6e213f3bb620,0xc34c6cb5ddc5c2cc,0xf40ccbca5bbda6b2,0x3e306ad129c8ff11,0x408c61bfc775733,])), - field_new!(BN382Fr,BigInteger([0x46e61f5887d07b9b,0xc96b76d4c5f08401,0xc74f6d63103d19d8,0xb8459c6564c47b85,0xfc5f6901c0b4379b,0x1da94c36fc845606,])), - field_new!(BN382Fr,BigInteger([0x2d795708468a266b,0x961a55c7e1219e39,0xae6f2d01860872d3,0xab7800372cf73559,0x48f717b74e679149,0xeda31ac67ae5315,])), - field_new!(BN382Fr,BigInteger([0x7137f30d73d73f81,0xeecb48eb237cd378,0x1637a75145b62358,0xbd580295215776de,0xf95009ba8b9089e7,0xbf303de2dabc0c,])), - field_new!(BN382Fr,BigInteger([0x4dd5f94cf3e3b24e,0xf02fcb016625225d,0x8a2f20c64b044caa,0x82ab8c456706ab8e,0x9f95f6bcbd936b1a,0x94add9e4777f3ec,])), - field_new!(BN382Fr,BigInteger([0x72cec38fc44ae9fd,0x524c561c05b3ee03,0x335c6503d6ff69e0,0x68b763fb63724d9c,0x3e1d47f963a16b93,0x17005cec6551b146,])), - field_new!(BN382Fr,BigInteger([0x8d45f8b369ddbb5d,0xcd6da2f230c4791e,0x2e75ad84501b4cb3,0xfb6f16ad8af05c68,0xf43ae1565f6b4198,0x9c663df67c79ae0,])), - field_new!(BN382Fr,BigInteger([0x744bda0fa1185896,0xa54e5d9454a4a5f,0x486c322adab592c7,0x49f15ba85bda0074,0xbb548ebcde301c96,0x1d42d55c1d34128d,])), - field_new!(BN382Fr,BigInteger([0xdcdf4a8bfcc014a9,0x5731a326cd0f6091,0x59e4fe149f9fd6cd,0x37ee92e10f1f3bef,0x2ea7d49a2b35dcb3,0x1e3807bbb0193b6c,])), - field_new!(BN382Fr,BigInteger([0x947e60321e5db74d,0xeb8d9dbd8663c6e2,0x181a6b7b22756fa0,0xba33ae95d315c6c3,0x6f8adabe4603a166,0x200f79799699f8d2,])), - field_new!(BN382Fr,BigInteger([0x48f46aa4c5b7edcf,0x81f6079017544d02,0xf44dc26c65bcc111,0x5ccb22f8e2342245,0x6cdfd3b3e088fa73,0x5dfa8d483b29d9e,])), - field_new!(BN382Fr,BigInteger([0x46f9c1d6dc3a3635,0xdb744fdfe3a39cae,0x90135be4a873578b,0x5a9a6d05af9d75fc,0xd56b6c884a05cf30,0x128ba26e0aaff223,])), - field_new!(BN382Fr,BigInteger([0x1b9ef2e1fdcad621,0x22fc1ed56a7c3271,0xb5a12609a2d85cc0,0xeb940b6d340c1ba8,0xf0c5210206945b36,0x56423779cbc31b9,])), - field_new!(BN382Fr,BigInteger([0x29b6515a963138b4,0x82a4f40a10483963,0xaf3f3ac9f947d89c,0x9306458f32ecd397,0x993b226bd8984495,0x23910c546f06701b,])), - field_new!(BN382Fr,BigInteger([0x9a8064a6e0e0cdf0,0xca2db5ff06cb19b5,0x4ad1b252db8bcefc,0xa125bd8c6ee80cd,0xdb2b447da09ea5df,0x1973b1f2fc25dca0,])), - field_new!(BN382Fr,BigInteger([0xefa6fc1bc0692d14,0xfbeacbcde0f07b9d,0x4da046680b1daa6b,0xfa142ee742f4f49c,0x9dec9e73eda83945,0x1b3ec0ffa7d9aeaf,])), - field_new!(BN382Fr,BigInteger([0x9814b0e799d15a4,0x3848483e9e34c1d2,0x6f82cd22ea499b17,0xbff924dbb25ee1a0,0x29b340d84e573aeb,0x1a4a3b9b9a612267,])), - field_new!(BN382Fr,BigInteger([0x25e1603d2672c8d4,0xd2a6a53a75cb5b51,0xf5c4c73dbb0a9e35,0x5c9c03c61fa094dc,0xbb02f422986b4d34,0x15f0105f67207436,])), - field_new!(BN382Fr,BigInteger([0x8e3b556b0e951eae,0xfbcd9bd056290492,0x9f3730541b1f9da5,0x8ae8e49dded74ba9,0x171b39226325e1b8,0x3b71540db8272f8,])), - field_new!(BN382Fr,BigInteger([0xe801f84196a415b5,0xc853b94a1fcd3a7c,0x9562f03fd0432bf5,0xd9b5ce252ef78b77,0xe57608a901117f27,0x1c2b311ff94b347a,])), - field_new!(BN382Fr,BigInteger([0xe2799af45bf5f7d2,0x479541284a76235e,0xf0a9940508e04519,0xd2d212f8be526b70,0xcd2f5f564c2eba9f,0x5080a96532ff18b,])), - field_new!(BN382Fr,BigInteger([0x332175a4423c8923,0x6cbe63b275c0d82d,0xbec33a42798f65fe,0x132e172ca2b60e2a,0x51cbbd900cc2c75,0x2dfa65296c60e99,])), - field_new!(BN382Fr,BigInteger([0xe0a11f06a9ee6d32,0x44e2f4545749bac7,0xf8a8e15a15ccb7a,0x15d7111b564d06da,0xd7acbc538912e7f,0xd9b432f044de0bd,])), - field_new!(BN382Fr,BigInteger([0x165a83a1ec85d1fa,0x106ba5c124610036,0xf4b65d8666c1127b,0x539454aa40c802e5,0x52b7cb09a98ef05a,0x40606e30fdd2590,])), - field_new!(BN382Fr,BigInteger([0xe2180fd4b11735e,0x1d4e8d9294054096,0x522d0d21c472caf9,0xd974eca535c80945,0xc235e94823a37ab1,0x1afe8df0b43f34b1,])), - field_new!(BN382Fr,BigInteger([0xa76cacf57c6d42b6,0x69a31cab5ffec23e,0x847382df32999bef,0xf8a5b4629ebe83a0,0x9a56273965d1a8af,0xe3fcf60b082db41,])), - field_new!(BN382Fr,BigInteger([0x8c7654b932e5a0e7,0x83f6d3395b0fbbca,0x319b957a385b7f9c,0xaf3e99f27aff72e0,0x2321cad504dcd5c7,0x2e00ce72a6be2af,])), - field_new!(BN382Fr,BigInteger([0xa2cf2778231357d2,0xd0392de753e2fdc6,0x48e5271c1306beec,0x703038931cd972e6,0x5b40bbc31ed1424a,0x11a32d36858681b6,])), - field_new!(BN382Fr,BigInteger([0xefa9b4f0ddfd2702,0xc9d3e274ac5b5e32,0xd4ef26276dc1a95b,0x9d85956870fa6309,0x538402d6a4f95f87,0x20ef3e759e2b5774,])), - field_new!(BN382Fr,BigInteger([0x2f60c3d89d527633,0xa3e0be9226ecca86,0xf1689ad9efa4c39a,0x5169a21bce1fe136,0x6e3540a32f9e4aca,0x1c975d864f6a9908,])), - field_new!(BN382Fr,BigInteger([0xa08b2ea220ec0f01,0x86632b185d09b55e,0x3d0ab9907cf80762,0xb2f25baca5f2a8b3,0x604fde4a028521a7,0x17e1b72b82b07098,])), - field_new!(BN382Fr,BigInteger([0x9035d4d6b225e113,0x199b7c8dad453c0e,0xb0124646645d7d8e,0xfeffddbef7fbb9ed,0xf7c8e24de35d28b,0x17946871be482e29,])), - field_new!(BN382Fr,BigInteger([0x68cb8cf32f1fa3ca,0x8410a35992e64198,0x1656e4c3c8809d1c,0x5a7a593ea5160028,0x6f9884fec64ad87,0x68f342a7d9c1578,])), - field_new!(BN382Fr,BigInteger([0x6aa1649a239a3994,0xf3873ada62153606,0xd4f0605c7c2e6f90,0x942229d8c0244a22,0x4be923475c5f8097,0x4c543a99bf453e1,])), - field_new!(BN382Fr,BigInteger([0xc6aacfbf3df91e60,0xcdc8779b251de05d,0x490ce8abcbd485bf,0xe07f2f206b0a0000,0xce85478b8702534,0x1fe00bbda79ba428,])), - field_new!(BN382Fr,BigInteger([0xa365d86d6c8c4ab0,0x1df5e4d2f04cc1e3,0xdbb4ce154979385e,0x2b5184972a069c50,0x8aac4c3dce9136fd,0x2a3b121f3358ffc,])), - field_new!(BN382Fr,BigInteger([0xbf66da9421be42ed,0x226d53670264f514,0x5a781ad5bd473d6b,0xf4d62ad2a6af1bb6,0x3380da9a0c1a6c10,0x16f0e7d19f26d09c,])), - field_new!(BN382Fr,BigInteger([0xe644fa4d4fb7342a,0x15e768944458bb5c,0xd528cc6f453699c,0xc4b9157132f26c6a,0xc31528ac8f8d8b3f,0x945a72e10891225,])), - field_new!(BN382Fr,BigInteger([0xb321b56b8f98610c,0x3ec88e37031b97fd,0x85c0e7cfba951245,0xa6d89f69de3e394b,0xfa3ae8fc7b87e7fe,0x212cc2675acfa9cc,])), - field_new!(BN382Fr,BigInteger([0x357863050cee0503,0x1e9fc0db7868b869,0x586e7953b8e42ac,0x87386dcbd2b79642,0xafd688ea111ad0e7,0x23f60a02b4a4fe59,])), - field_new!(BN382Fr,BigInteger([0xaf6a37deeb831a81,0x881b385fb805b87a,0x4701bfe082a43e05,0x41650f00a2d6e8db,0xbb2ca998e39e13b0,0x232f4f9687b47327,])), - field_new!(BN382Fr,BigInteger([0x4f8605c1f2ca166,0xbbef46f7849737df,0x4b0fdee02ed2ac0a,0x532c2e3af6785dc1,0x7510d9520a1c3ddf,0x15f653783e92ba13,])), - field_new!(BN382Fr,BigInteger([0x4067cab4773020b3,0xe5c29073725ec874,0xa7abb978a061096f,0x1c587a24de3a3b6f,0xfd33c6fc2986a8e3,0xa5fa65cce47aa42,])), - field_new!(BN382Fr,BigInteger([0x533dedcc81369bd0,0xbdf53837b9d23058,0xe27b721a005b5faf,0xd21b8da39f0debe8,0x8f7f95eb502a4d53,0x877f53f518ac833,])), - field_new!(BN382Fr,BigInteger([0xdb570121e5620ca5,0x4cc42224d164e33e,0x1e0fababde2a1608,0x9f0b888d97f43a5d,0x7d7d77d695f1a40b,0x1187a307034c3250,])), - field_new!(BN382Fr,BigInteger([0x3bf4d0689f992368,0x3028683c9bf5f61c,0x753ab3b520ad87c4,0xb0ea236abf05170b,0x78cd2cf60bcb65ba,0xaba26bcf92961be,])), - field_new!(BN382Fr,BigInteger([0xaa04a6057e9a5895,0x6020909871225d55,0x7c934fefedfcb2f7,0x35be567d72ee7f68,0x3a3ae567bf722173,0x23f5342de659b66e,])), - field_new!(BN382Fr,BigInteger([0xbb1b0a89f8f674ef,0xb218e7f698309305,0x212f47513733f4e4,0xd7b2c046fc3c8198,0xdd0f369360ba052e,0x148adaa1a5d07646,])), - field_new!(BN382Fr,BigInteger([0x3d2b35dbb9f9f32c,0x1df6064e3b7883f0,0xaeeef2fc5b7cda5f,0x5f569f59490867ad,0xab41c3c99ff1a7b,0x1f6af01b4069f01c,])), - field_new!(BN382Fr,BigInteger([0x7b08f7196f95f250,0xebd998a94641b216,0xecd17f2f0e6b7be2,0xd45567f5aa54063a,0xe7dfacc677a37ea6,0x131d85807f2536d2,])), - field_new!(BN382Fr,BigInteger([0x85385038acab36f2,0xa9d46b0a174ab171,0x2aec8efde8e83eaa,0x535702cf318b0449,0x791e65318aadaa29,0x11cc5aaabe45a470,])), - field_new!(BN382Fr,BigInteger([0x8f47e1abf7eeae37,0xf81d797cfd12fd6d,0x1f403efbcea531ef,0x12242501b075fecf,0xcba721d0e59ec56e,0x1d95cca7805931a1,])), - field_new!(BN382Fr,BigInteger([0xd20a477c6171f257,0xf3733e0aec025177,0x58a7c392f84a3100,0x9e44fb173a2de05f,0xa5b0e85f7e550abd,0x775c9caf7ae3540,])), - field_new!(BN382Fr,BigInteger([0x7ad7c44ee12ddbf8,0xc685d908e1c0257d,0xd21db1d7d01e1c7d,0x4f49944f6bd9773f,0x7178542947e4489b,0x7628c430703efc7,])), - field_new!(BN382Fr,BigInteger([0x299be442511a549,0x7eecf2053e4f9fdb,0xfcda10b863099df7,0x893ecda9e309edb6,0xdfd6d782c3fc588,0xe064ef8fed04cae,])), - field_new!(BN382Fr,BigInteger([0x208ab9b77971c005,0x11a5e62003b6177e,0xa03468532c04561e,0xf241db89cbbee228,0xe14a9a8790b67ba8,0x3b9ebf739eadde2,])), - field_new!(BN382Fr,BigInteger([0xcfdd3f19dcfe7200,0xcbd8ed1a0fe60cc3,0xd89719d2ae246454,0x82bf01f10ae3d89,0x3cd3795a60c92a93,0x6146368a87304fb,])), - field_new!(BN382Fr,BigInteger([0x69ec3312c6016ef4,0xfa5bc3577cded484,0xa7c91d6c06a093a0,0x6af99c6916f16e96,0xb18c021e88a175c7,0x1c76d7686ed24a21,])), - field_new!(BN382Fr,BigInteger([0x97b3eba6b93daef6,0x9bb66787f505a5d7,0x1dcd50ca8f8b7a04,0xc2d2f0cb3282e2d2,0xe38f6b1b5b28bce7,0x113d44625996b66d,])), - field_new!(BN382Fr,BigInteger([0xdf57996b93afc1ad,0xaf30f4ff3b168631,0xa931c3e1e775bcc1,0x7adce239e718404a,0x7c7a6a32c80a0397,0x1f96cd3f39c5c93c,])), - field_new!(BN382Fr,BigInteger([0xc5c2f205e08455b2,0x6fd98f231c9bbf5a,0xe9160824fc9537af,0x530b6a7df23676a9,0x36b9a6ee3f8377fe,0x1d1e1dead541740f,])), - field_new!(BN382Fr,BigInteger([0xce22230822007509,0xac72ea574a7ce9cb,0xe818ca23600e10c5,0x5f101b62bc4256ee,0x2edf5dc78c2423ce,0x858f27f979a1ff5,])), - field_new!(BN382Fr,BigInteger([0xfb99e91588851f92,0x334de6ac473e5ba2,0xb5987498886b2763,0x4b3dc539e53d3763,0x1b2f2b45c1788b82,0x1bf8e8124a6f04be,])), - field_new!(BN382Fr,BigInteger([0x8b26faf7d19cf85f,0xd0153d21f912ed09,0x7e29be298642eaf9,0x9e16e137643a57f9,0xeb50ba0623229882,0xf2cd70c90e5c137,])), - field_new!(BN382Fr,BigInteger([0xed5975879d4c9335,0xbe147ec26265105,0xb9558ccabc1c9d57,0x7fa00c926e0f6ebd,0xb4b628e17306abf0,0x17156fd3629203c2,])), - field_new!(BN382Fr,BigInteger([0x289c6f8d69ddaf35,0x1e389db66f6417cd,0x15840b36d2b04b1a,0xebdc1ac5c474f652,0x8cbeb6a72a503fa,0x16a41a19459c7f31,])), - field_new!(BN382Fr,BigInteger([0x3d9801d7761cc606,0x8051e52278a87b74,0xab13d148e96d8058,0x3453fd74e5dedd7e,0x48bb90eb7286187,0x22460c3a490b161b,])), - field_new!(BN382Fr,BigInteger([0xdf286f0c78c02975,0x13050e707ca121ef,0xcd7950cc3f022cab,0x75f58ef17509e38a,0x11de934ccf45dae0,0x299ac12badbb5cd,])), - field_new!(BN382Fr,BigInteger([0x91684a0c014dc61d,0x75df2538a72a421,0x12c39c7bbc30e033,0x12000da5d041967b,0xdeec8ba0d47a3c46,0x11c74d47691149f9,])), - field_new!(BN382Fr,BigInteger([0xe613c4e3dd026369,0xd9cbe6fb91d0c4f6,0xa6d7cbb5ec4e707b,0xf08f73238bb560e3,0xf5c9bab7aac2dd3d,0x2909fa265a93ebf,])), - field_new!(BN382Fr,BigInteger([0x5cf20fbd0d0d48b2,0xbc5fa7e7c70898a7,0x8e264b6c284ab7f,0x3483a690e97713ce,0xcd7ba5a6fbdab1f1,0x4161814bdcaff4c,])), - field_new!(BN382Fr,BigInteger([0xf5933f81aaf94238,0x1ef53b2aff05625a,0x51400e271d42eda6,0x56d38c87cc4fde24,0x52f37e6fd7c369be,0x4ff1d5e02f92ce1,])), - field_new!(BN382Fr,BigInteger([0x8d0bbce67d7fa5af,0xbd8171f1d66fbae7,0x6510c52bc3406195,0x7a34305832edf74,0x22c815ae2893d67c,0xe0a06c13b0590de,])), - field_new!(BN382Fr,BigInteger([0x63a5acef15bd163f,0x5e1292e82b660d02,0x7008fb440cdb92f,0xa722012e2b46f69d,0x9b3562fa323495cc,0xaa3b17b1693a9f,])), - field_new!(BN382Fr,BigInteger([0xe5276a57d8326b2d,0x24216cbd2b2b3386,0xc6a03b315c24b23,0xbd6ef4ff9bb0b420,0xf30d7cf1ddeef03f,0x1836f0533b24db24,])), - field_new!(BN382Fr,BigInteger([0x81a3799217ebe001,0x5b130e3e2b989267,0x39d1e9e36cb21487,0x4e5f75781535f1ec,0x588a839951b2d619,0x229910365618a427,])), - field_new!(BN382Fr,BigInteger([0xa5c15385b840fb15,0xd13718215429bedf,0x253e95be77bbc624,0xf4baceb37c1f046a,0x5a3bfd255ab0782e,0xd8a4c4c43a4ba72,])), - field_new!(BN382Fr,BigInteger([0xf003d683557c00a7,0x2e65eeff293d4c0a,0x782240b45e7bdc89,0x924b1f6b64f3e901,0x164db2bcb6533af4,0x43991de11efce49,])), - field_new!(BN382Fr,BigInteger([0xfd2782d5e0d4e8d5,0x6da02e0ceef5deed,0xbfeef7aaa6316117,0xbf072772f2ef3700,0x15d320ca38578a78,0x29afde87db3e525,])), - field_new!(BN382Fr,BigInteger([0x390972e93a070537,0x820cf65537fd40f2,0x9834888c10c3ed1c,0x612d06a291a63e8e,0x43223bfd0df37c7b,0x11a49225d8578fc4,])), - field_new!(BN382Fr,BigInteger([0x32eeb2908138d2ac,0x3dc1c46f1bd91d96,0x3c9b7fdff2c894ca,0x69ab314018fb277a,0x9aa35d2992dd6f67,0x55a2460cc63c607,])), - field_new!(BN382Fr,BigInteger([0xdb31badf8b3fcae9,0xb1d0eaedebb52841,0x720147e41b5c7ac7,0xb091b6e5ec8d6254,0xad26104dc2ab12a4,0x1a6ce6bfafc654d,])), - field_new!(BN382Fr,BigInteger([0x27d211809720fc52,0x4abb28d977c17853,0x94e1bb63cc3c0bb0,0xeaf11f4190d56fde,0x55c0782e7ea21b50,0x3bccc01d96f4313,])), - field_new!(BN382Fr,BigInteger([0xb68bc0459ca55cd5,0x2b05f7835969ed72,0xe62bd13014fd3617,0xad8d2b9749f8142e,0xc7c169b169139f39,0x206668d88617eb11,])), - field_new!(BN382Fr,BigInteger([0xb2a3de5de36bf48,0xdd88d6ca0ab87eef,0x89404fc445070ef3,0xb148f5cd3ffa3aaa,0xebcef82c8cd243f7,0x1e33db199c53a413,])), - field_new!(BN382Fr,BigInteger([0x2e4c1b10fc98ac9d,0x886165d8f5ff092a,0xaad87a9b145fee16,0x530c6e6999ada6f3,0xc648ce9ce59623f7,0xabe7b5c9f447b18,])), - field_new!(BN382Fr,BigInteger([0x3b870ddd75a8f5a6,0x88a013fa5eb99e9e,0x338fa0e41c0681f7,0x7b0b00ec65ae4bdd,0xd4f372a65a575b18,0xaa3380437b75889,])), - field_new!(BN382Fr,BigInteger([0x521e150067cb5c34,0xddd0d7000436a545,0x14a8ce8bb8c383f0,0x69569fc5352914be,0xdeaf9132524d6b7c,0x264396fbecf9b1b,])), - field_new!(BN382Fr,BigInteger([0x827853bab7316f02,0xe03670d1c54321cc,0x8308a184607983e8,0x42c94475385ba780,0xae14e507056295c2,0x16a26fa4e7e62fd1,])), - field_new!(BN382Fr,BigInteger([0x11477aa5d9556bf4,0x8cd38c9f17782c,0x67224e10043089e,0x7b9e186e002a5d0a,0xbd0d06a4e30ab454,0x19070c7b55fcca60,])), - field_new!(BN382Fr,BigInteger([0xb8a3fe342ae97f71,0xd3377f9d85582d66,0xc5bbee9e346f3273,0xac772f92c6665426,0x88f6df3d8a8d5188,0x1ac57b7c03d42216,])), - field_new!(BN382Fr,BigInteger([0x7e132e39e670ca8a,0x39dfc3adc7832470,0x5328abf85799c431,0x7b9466f04a9da855,0x4508d8fac01f97a5,0xb782926d71e68f1,])), - field_new!(BN382Fr,BigInteger([0x97ccdb5a76fc0aa5,0xd6e16c8dc5f7e206,0x298ee6ab3c71d944,0xe55c955eb38f6c97,0x757bd1d9f746ef50,0x15fbcee358092dc1,])), - field_new!(BN382Fr,BigInteger([0x6c970df067c60f23,0x6bb6e0cc4b910162,0xbdc1759443633876,0xd076bdae238232fe,0xdcf4f9300f23985e,0x135b5481f8337e9b,])), - field_new!(BN382Fr,BigInteger([0x785f30aa2ebfde43,0xa9fdfd04c9b75e45,0x3e5e3a0b1e9b0788,0x434d0a8cdd1a5641,0x66425fe572a203f0,0xbf96a3b42165c73,])), - field_new!(BN382Fr,BigInteger([0x9594db702429dcaa,0x91b8246d933ebd6b,0x8e876a1368e1cf97,0xa58925ee1da6aaec,0x9b7f96d89b2a839f,0x18efadb64440d441,])), - field_new!(BN382Fr,BigInteger([0x46b7f122949ba9ec,0xc97adc943a3c2ba5,0x617d66835c68741d,0x4c346f4c88c08fa9,0xc9a5dcbe8c604ea8,0x19556bfebba49232,])), - field_new!(BN382Fr,BigInteger([0x502b786484da94d6,0x70af0f996050c4cf,0x7bc4eb282e92efde,0x3cc13c9fbac2461b,0x76aae8b46515cf81,0x5c08f41e3b03f7a,])), - field_new!(BN382Fr,BigInteger([0x378d56657a97e2f3,0xddaab891ec53abdc,0xd9b855b3245334b7,0x31264f18f3427d0,0x591a8e1df6c6a4b2,0x13d120a29e3925ef,])), - field_new!(BN382Fr,BigInteger([0xbecd44432b5f67d1,0xbe0580b15a9da777,0xa779556318e82596,0x2f5f23655b3b75f8,0x3bb479a02e847e10,0xe7ddc705473f20c,])), - field_new!(BN382Fr,BigInteger([0x6b6e5c0337750e36,0x4b40e5666b9aef6c,0xbf8068c108601ec9,0xb5d92512d2705122,0x7559c4862202b7e4,0x2032a50c2573e6ab,])), - field_new!(BN382Fr,BigInteger([0xef07946de19d89ec,0xf95925650e8fcb60,0x79f749f54ae1cfbe,0xc8eef18b542e9fd9,0xabeb0b79937ff307,0xc5f28a31dc9d608,])), - field_new!(BN382Fr,BigInteger([0x1f75ce22dcc06e6e,0x437f87988235efb0,0x9086a7d80524a8d0,0x1dcde226b5818e83,0x9cf4235b8e09ec3a,0xe05c1eb1b19ab1,])), - field_new!(BN382Fr,BigInteger([0x3c7900051e7388ff,0xed97ec6862b48066,0x94f25f4b0cf7b3eb,0x7287aca0d13a6e82,0xd36f5004effbb985,0x4ec65397a065dea,])), - field_new!(BN382Fr,BigInteger([0x9e1c766108af505d,0x30c84353674de042,0xc3f1928fdd934cb4,0xc1f38b33f07a84f5,0x8cc237edf14011de,0x8eaba8e51dd779c,])), - field_new!(BN382Fr,BigInteger([0x48359e687edb8f84,0x8655630a4a68aaab,0x261a90d533b44928,0xc190d058e6c9439a,0x61ac3aafb82ba635,0x1494c0a698e52de5,])), - field_new!(BN382Fr,BigInteger([0x168d484cb1778d66,0xdcd8c74199b11136,0x17d92329166b4948,0x312770e62ae54976,0x266e16d60a810e5f,0x4496f776caecc65,])), - field_new!(BN382Fr,BigInteger([0x50a676ea4416eb2e,0xb9627b6dade2e3aa,0xf9e57d095e42f39d,0xb2bcd062c55c2d67,0xe2779837ffcb6e7d,0x1f4839cf7d86f8eb,])), - field_new!(BN382Fr,BigInteger([0xb12e1716f71ed91b,0x27d8de1c2a8c828e,0xed04b02d5c65a11a,0x36e916c152f6a379,0x44969f87c20a1ece,0x4408d84ceedb145,])), - field_new!(BN382Fr,BigInteger([0x3154f9da4c52b4a9,0xaa63ca916ce64811,0x2d1ecb52db89a7f0,0x58e997f7dedb0575,0x79e4f19654b47296,0x1d231393a9bdf2f0,])), - field_new!(BN382Fr,BigInteger([0x4d3fdc53d4999b51,0xd5b9da0c018cc5c0,0x5aac0fee19cb3fd4,0xd57a1fd78266889,0x11bb9ab06b1eb60e,0x4c61d8160747c10,])), - field_new!(BN382Fr,BigInteger([0x6cf6339972418e98,0x5a8ffb1ed8677882,0x70fa9f55ea7f59eb,0xff82065ddffa952d,0xb64e7b51c8d1c03c,0x12f36ea40e9e5559,])), - field_new!(BN382Fr,BigInteger([0x53b9ccda6e84a65d,0xe5b7620858f8433c,0x5500b6758ca14ecc,0x2ddea05ee984a57f,0x51edadd520007288,0x12a161d5438c36fa,])), - field_new!(BN382Fr,BigInteger([0x32516c0c9d2daa27,0xc683c85ae5831a9d,0x7a44cac4c6e04bbb,0x86cc68ca96cb89fa,0xc381e214cc0f1b42,0x23b115b019e27c5e,])), - field_new!(BN382Fr,BigInteger([0x850e0e6cc19070cc,0x859db81fd43d7e26,0xc1e21f0df3ad5d17,0x3ae161051f2e90dc,0xe056d00f6b00e52a,0x28943f255dcd267,])), - field_new!(BN382Fr,BigInteger([0x884c8a013c5a2a1a,0xb069415fabf2d0ff,0xa8b420e2c171f47c,0x856ca33a62572e52,0xc0ebde2406ed0987,0xb0ecf3aa6ad07af,])), - field_new!(BN382Fr,BigInteger([0x8c91e15eb81fbbcf,0x51b38fccd0b6b068,0xf79c6a034f95fe53,0x9626cc95f96659c7,0xcbcccfe8fc30c289,0x19fb71c7406e9a35,])), - field_new!(BN382Fr,BigInteger([0x7607534731acda95,0x4c511fddb22342ce,0x447ee08d9bb19c72,0xc4822aebfcbc2285,0x24c7063fbc50ef5f,0x111d562483ae1b71,])), - field_new!(BN382Fr,BigInteger([0xce20bffa022cee7e,0x421f5dfca8b1a5f9,0x1da40c9a61ab178b,0xcc134d7f9db89d45,0xae3253acd9b18c10,0x15ef6c06f33fb6c0,])), - field_new!(BN382Fr,BigInteger([0x2bc2f7581707e7d8,0xe9a0613d9bc1bd33,0xe24c78647b7f3bbe,0x2839b022c82b9cf8,0xed2921264b022413,0xb381f2aaab65f4d,])), - field_new!(BN382Fr,BigInteger([0x5e6fee613014710c,0xf34e50300d58d054,0xb00bfa2f5a8bc9f2,0x89ea7a4f518a3edc,0x6b5cc8869511a61,0xfaf777914cb272e,])), - field_new!(BN382Fr,BigInteger([0x66af9169e9f2de88,0xfdea808705a2514,0x825e10e467fb80dd,0x39c7cb2eb3eac255,0x2e9e945b2024d288,0x19fda157944fbf36,])), - field_new!(BN382Fr,BigInteger([0x6eefb698748896c4,0xa06c916f6f1c91bf,0x24ff20753d5cf7f4,0x52de1724feaf5af4,0xf25e208ae5af63ca,0x102689f02caa0826,])), - field_new!(BN382Fr,BigInteger([0x34b7964e39e834cc,0x3e775735d0955f9,0x88e77f88d8ebeb57,0x825b94779cad295,0x46c9b7191d5e4d74,0x19bfe4306a81e64a,])), - field_new!(BN382Fr,BigInteger([0xa35df64b24f289d2,0x66f092b3aedfc3f7,0x13f874ca29beced6,0x22ea2e7a43d9f226,0x7414416c37789e87,0x3350acacfd72967,])), - field_new!(BN382Fr,BigInteger([0xd2bf00b533ce6c06,0xb3de8680f43a28c7,0x730e5a196c5fc194,0x8c154245fb46c624,0x82e3241d164de917,0x1902e37228d9d38f,])), - field_new!(BN382Fr,BigInteger([0xb819eec020508b5c,0xcce6660568f80104,0x692e54d5856c0684,0x5a1080560a8ebbf2,0x56f5ecfbf91dcbb7,0x173a900322be09e4,])), - field_new!(BN382Fr,BigInteger([0x95969670c277ddb9,0xc826790873bba829,0xfdf70609fa8230b7,0xa169524c68697c76,0x2786e0c33daa49cf,0x29c1b08c55baa58,])), - field_new!(BN382Fr,BigInteger([0x187ae236b49eaf35,0xa9fe12f04dc3cd94,0x6f8ff94bdf4e131b,0x99228622c82b5e58,0x397a158c03b324a3,0x4e7712aed7462f1,])), - field_new!(BN382Fr,BigInteger([0x597c7274df3d7d88,0xbb2a2190c7bb2f43,0xc664baf43bb79e84,0x687ee06e701c86fc,0x1e24d31f3dea47fc,0x2075c27b6a16bd0,])), - field_new!(BN382Fr,BigInteger([0x99d63b17bbdf6ab2,0xb59d593e36a172,0x5ee25a9d8a1b80b4,0xfe38bd87369e3a98,0x47eb9c4c39e18c2f,0x150581e6c9362089,])), - field_new!(BN382Fr,BigInteger([0x4f63aade947fae5f,0x2c2b5531556b5edf,0x60d8239b8fdf387a,0x2909f8c49bee14da,0xaffac27e2d83dd81,0x193bd69debe9c522,])), - field_new!(BN382Fr,BigInteger([0xbf5239674121e83e,0xaebe0c92d79df372,0x7578c05576f91f84,0x49ffc0ab4e48fbeb,0x54c23ed221fd9853,0x11d63ec956e107e9,])), - field_new!(BN382Fr,BigInteger([0xf459c6ac32b8652e,0x528db5f18f6afc99,0x1a502939c4f2fd5d,0x49600c3308ea6a63,0xbf0415f6ba180853,0x1fcdfde2b660527e,])), - field_new!(BN382Fr,BigInteger([0xe2e903d9d4c808a0,0x7a4defedc70780b4,0xc8d6b3a356d34fbf,0x4544fe079617c918,0x4d0589b6193869e9,0x120c6530412201aa,])), - field_new!(BN382Fr,BigInteger([0x5f826fc253b59528,0x28449323d7c050ec,0x62aa7b6294a2f139,0xe42cde6fcefbf3dd,0xe6339d9ba1965313,0x1a72b1b95874ddf9,])), - field_new!(BN382Fr,BigInteger([0xd17eeae9951f047,0xf0dc29eb01d1118a,0x669f981021b78ace,0x8a89559daeea7f91,0x30a09810b5a22c76,0xdf7f160cf9436a4,])), - field_new!(BN382Fr,BigInteger([0x8be1bdbb1d48b64e,0xc37cfc891cdf1410,0x5d1ddc24edf7692b,0xc15a2ce1f334e6c8,0x3575b82b8470f86e,0x69117702034296a,])), - field_new!(BN382Fr,BigInteger([0xd625d3dd403286e3,0xd52e788ef0f57130,0x330158b788aec4d8,0x9d2626ec8ea6f809,0xcb27c9558047ac2f,0x2227509862ecc1a0,])), - field_new!(BN382Fr,BigInteger([0x57cc408927eb6722,0xf8e6c6e2fdc1d5f6,0x6655c3d44b5c16fa,0x518e71c7c9866f1a,0x2fc4aa2db79d1e76,0xef174135a6ea6da,])), - field_new!(BN382Fr,BigInteger([0x865f134c6a813514,0x7a635641c2514936,0x32eef0d70a72c1db,0x191b7985fbbf4797,0x3f7d8b950abaa75f,0xd66089a58be5673,])), - field_new!(BN382Fr,BigInteger([0xbb0bff3a43659235,0x81e01781d17d77e2,0x9042478a34860ade,0x9a0a4f52db822381,0x411fc69234f0831,0x18670b6257d14e5f,])), - field_new!(BN382Fr,BigInteger([0xed1825b47c0970a8,0x6c30c692af42c2dc,0x7170a21067e6ebae,0xa88fce0e1de88878,0xeded4124fd263e5d,0x10cc27dba715fbce,])), - field_new!(BN382Fr,BigInteger([0xc507cd5ca20ac47e,0x8760b2d002c24bf4,0x7a1a3ee341d2bd31,0xbde7a4dc298733f0,0x59384f9ba681de1a,0x1e61c79fdcbbc92,])), - field_new!(BN382Fr,BigInteger([0x50ff27fef4648a49,0xf4ffbcb41a25f01a,0x11475e1c50ca75a3,0xc748083328fde991,0xa51978c881dd1657,0x1a8c4560c688e4f7,])), - field_new!(BN382Fr,BigInteger([0x5669d2e3a299c74b,0x4dc3bcf4ca360bc1,0x79ac21ed9756f463,0xd03312e6a6b66cde,0x7dca20b390eb1db8,0x1011ccb163b1de7d,])), - field_new!(BN382Fr,BigInteger([0xf1f28a273dc0a4c4,0xdd43c35dcef01c34,0xb2bea8ffd6b04709,0xc5558d2ba68fd50d,0xe904e61565cb64cd,0x113ef43883a21768,])), - field_new!(BN382Fr,BigInteger([0xb708e32f29816d24,0x23775eff7e90a018,0xe24a63c0e2757005,0x408fe0842baac598,0x4a99ec3cd437fde1,0x17eb1dd58b2b71cd,])), - field_new!(BN382Fr,BigInteger([0x24190c79caae1c26,0xcd672499c42e8960,0xc1c8b951fc99dece,0xd636eaec9b0139bf,0xfcb633cc250fa9b7,0x1d3001e683da15c8,])), + field_new!( + BN382Fr, + BigInteger([ + 0x612594bbb1b6e471, + 0x378e47c761bde158, + 0x3bc6646891051db3, + 0x5a4b437eff423c1e, + 0x9872641294446a72, + 0x10dc628330a637a0, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x648b925a912409e4, + 0x3137eb5e72da8291, + 0x58d3c520be2d4e86, + 0xb68fbeb1ab564e98, + 0xc47730e1b98e2804, + 0x20e7bb9a467b3926, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x1d51c18e15d84b89, + 0xb679e453773a1166, + 0x2e7a43308fdef5b5, + 0xfc1727f11c11bebe, + 0x34438c67b8107cdb, + 0x217f841af91c5293, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x187fec8936804a9e, + 0x4fad22235608d500, + 0x53eb48d5a7e0f37b, + 0xb540d80d00de0206, + 0xc718c0ea9b4d8ffa, + 0x14f78a64836e832e, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x21b11c3f5923a641, + 0x82421ecfad69dcec, + 0x6054cc7043a10170, + 0x414c0d35d1af8a48, + 0x3d3b2e5b0344ae4b, + 0x2539bfc1d203ef3, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x6242abe27a3fde78, + 0x6ac220eb054337dc, + 0x68ec76e4f7ab3367, + 0xeaf43afa8ed9f4b9, + 0x69b4c57bd8ffec75, + 0x244402235244c6c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xd03b987b146a036a, + 0x5e1a6737273007dc, + 0x6b3c110658ea8329, + 0x28b86415ce76e590, + 0xb4c299a0f4b35288, + 0xb277b8b1dc45b54, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x1851ccbf8ac0c4a0, + 0x7bfbabc08b8e1820, + 0x5f9e8f70cc0d89e6, + 0x6a60d3e9b2efab9d, + 0x5f00532bf5c3e7b7, + 0x163c93f958fe6165, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x2e025a1b9fc1cf7e, + 0x9d2a3926c8e4873d, + 0x815247d8b3ed282b, + 0xbcea0d05bb60e6e0, + 0x641d40f393b70f0b, + 0x49937dc4336efc4, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xc4fe4660dc170c54, + 0x6466c8bf6bae65e6, + 0xe0b937fbe714c317, + 0x1b5c3c9e3bd86eb1, + 0xed6d009f6c0f689c, + 0x1a2e64b8e1160157, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xc2677abcce729473, + 0xcc2ad5dcd10e8138, + 0xbc00ff9a08251b0e, + 0xab06e89754bdafda, + 0xaf9ee29407761667, + 0x1a91142192f16d77, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x5d3924656b2e96b5, + 0xf07dce7e5b93e084, + 0x11cb47794099c628, + 0x1a51be34bcd1f11, + 0xfb6c4a29847ed8bd, + 0xf8cd5fb058a687, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x4b6abf73349047c5, + 0xfb00fb1d0ce00e97, + 0x2c80aa15dc10fd27, + 0x6c1c172bf58bf5db, + 0xc5afa80758f61cc1, + 0x101ab8639da5903b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xee84aab656871f2b, + 0x7b59847da780fa09, + 0x9ed2e4ef8c67a6ac, + 0xd1d5e4983fb63d56, + 0x918ef129484f6416, + 0x4ed575d596b0602, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x58f3f554d7c5b733, + 0x7691b6862724e884, + 0xdeef90c871cb4e65, + 0x1e13cfc8f6e08cd5, + 0x46885ac1ae81376b, + 0x3b58110b0de832e, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x446e0dd315118672, + 0x34362a3a5782fcc, + 0x869e30e64061f70f, + 0xa2d416d4ac47e503, + 0x26e45bd23d2d5e72, + 0x1e942e7f440e111e, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xbbbef86dad29c116, + 0xafccad57e6e0e283, + 0x55db744a8ae16107, + 0xc334fcc6fe3e1d33, + 0xba84412daa85c437, + 0xf83004f4d48bfd1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb1f4a46da7d16e93, + 0x6aa9efa28eceea77, + 0x3f5a7def907b0fec, + 0xc04ad03d8e686b12, + 0xe2867b73d9b9a42c, + 0x1842fe7d5ee870f4, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xa4cab7e77ad91d2b, + 0xcc939045d9622fc0, + 0x4dfd4554bccbec82, + 0xa082bef06a3aa21f, + 0x2495c409d9b20891, + 0x1eb8aac188034c7a, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xc220e4cd7cea36bd, + 0xd7ddf157d467b5e0, + 0x9cda30e4db26a535, + 0x501d52e6919d3d85, + 0x8e3341dcf7cdcfcd, + 0x19c18a87cb0f478a, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xc4434445afe11416, + 0x93d860a5f1808a15, + 0x76a6f908b263c167, + 0x3c535ecedfcc7474, + 0xdff4b09337bb69fd, + 0x1d8146147a732b6b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x53869b602d088ead, + 0x34562e6fdf6c489a, + 0x2746687a5902c65, + 0x52fcb012dc77ea19, + 0x3932aa1140bd8740, + 0x42b278db02964d0, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x663001807d2d112a, + 0xc582d9dc8bf0fa09, + 0x2084c427cdffe861, + 0x78c456b8c3b2525d, + 0xc7758eb65b16edee, + 0x13cdf833fb9b7b02, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xc102214b726d6540, + 0xe1756cf3989385b6, + 0xaba456a472886b86, + 0xe69fc37dc73c9d97, + 0x7a8fa6d7359914e2, + 0xe5689850df5d1a7, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x1c9e227aa38dc007, + 0xbb2289a1aaf0a6b8, + 0x7c2c107cc99c14cb, + 0x46feeb0231bdb907, + 0xecf91543b2399e6d, + 0x260e275c81141e3, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xd4209b6bf5e09b4a, + 0xc4d65edcaef6f4b2, + 0x7d6c16c833bb04d2, + 0x76f8559c97e8bc5, + 0x993a8698b0af0ff2, + 0x91b038ba5c6fbb5, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x6a66939c2a3e8234, + 0x6e36f00a8c275e35, + 0x84e0cbe222635c19, + 0x64567200b6471bd5, + 0xfcae76b4aa74cbd0, + 0xc5bc9f742bf7dda, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xbe090d890c1fbb82, + 0x5f466d9dbeb0f41f, + 0x95a1b4467bc8f316, + 0xb4394875c87737b9, + 0x9eed654652634c31, + 0x21ddf7aeb3256046, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xecbd0679d0cc2e2f, + 0xb100a1ed21b586da, + 0x38954a366b39c0d5, + 0xf1199b459e8ca278, + 0xcef14e9c83fbafa0, + 0x1b06bce55c89647a, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb5fb0ccc085896d2, + 0x17d57df63f346658, + 0x59cb1ea93e0b8ea7, + 0x480042e193b0a945, + 0x352257c21f74ac58, + 0x18ec5afb2a583fd, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xf29704cee883c5f9, + 0x4cdea6c79755e0c6, + 0xabb0de810e531941, + 0x870fb7b6310a798a, + 0x91b1f1aa665000ac, + 0x22df418d022c49c3, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb0e5b193025cf63e, + 0x70e6498ca19ec864, + 0xdc620e0e6c661bb9, + 0x2ae93e3bc005351e, + 0x16ea0c602ffa4c56, + 0x1c1c3ffea1ccbaa8, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x12209b68ba85fbc7, + 0x59cf50d6cb4e97de, + 0x60a0db7096520aec, + 0xc18b7bb5fd86bf94, + 0x17cd558db842f379, + 0x10a08f25a0cc9f9, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb2283575aae39034, + 0xb00e40d02a1aebad, + 0x47fb96740c989d41, + 0x8feecc9254494342, + 0xc3a3641a41d83c15, + 0x17c5acd67472548c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x908b884bf8495e02, + 0x4fedd1613523eb2a, + 0xdf9e7857d5b4901b, + 0x1da985a29f773b6f, + 0xce5bd199e3640c8, + 0xa87bd4fc26b35db, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x939945437ccadce, + 0x25e9ed3e56dd88e4, + 0x540eed7468cde940, + 0xec37670dd2e43309, + 0xf1fc0a5beda99cd1, + 0x105dbc5c778ea0db, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x3c1023ff94b35ed9, + 0x245407c49b2d2acb, + 0x9ebd77aaed0fc04c, + 0x496e72558c5ec89a, + 0xd41ed7f1dd9d5436, + 0x1a5f1ed7d8aff27b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x61d199a03b8ea301, + 0xdebf75191444d05c, + 0xde221b14381951c0, + 0xbe532ad1c7c2fbb2, + 0xbc03d6b8a664b3ca, + 0xf2f0523c2f3b8b6, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x85ae87462afa2675, + 0xa4a639046e7177b6, + 0xb58292f4b192d5ec, + 0x4bcd2ff0c329e04f, + 0x87e1cfdc670e8333, + 0x56ad8723efc665c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x14eee3f1fa623589, + 0xfae4dbad19ac9796, + 0xf793271c6996f743, + 0xc5c55d0ea1b714d2, + 0x597475995b5ad044, + 0x2139a591e4311498, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x87ce55ad4f9f95af, + 0xde157639400314a2, + 0x20474aa26d1d83ea, + 0xf5cbb4a5e03c9636, + 0xfeb4568697e45e31, + 0x8af3f7bea74fd70, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x434a2cc78d712030, + 0x6e0d22f536b573f7, + 0xe0b1dc67d929947f, + 0x6884a2f7c44f353c, + 0xd46fdd9ce1d5b6a5, + 0x13ef30c2ed69dbff, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x7a040f4d6d94f86f, + 0x27c1ce564ddf4262, + 0xa81b7f221c69617, + 0x57c9ce680180abb0, + 0xdf3325058728863f, + 0x23dccc19d0bc5ea9, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x539fbfa2a87db0f5, + 0xa57f6e213f3bb620, + 0xc34c6cb5ddc5c2cc, + 0xf40ccbca5bbda6b2, + 0x3e306ad129c8ff11, + 0x408c61bfc775733, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x46e61f5887d07b9b, + 0xc96b76d4c5f08401, + 0xc74f6d63103d19d8, + 0xb8459c6564c47b85, + 0xfc5f6901c0b4379b, + 0x1da94c36fc845606, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x2d795708468a266b, + 0x961a55c7e1219e39, + 0xae6f2d01860872d3, + 0xab7800372cf73559, + 0x48f717b74e679149, + 0xeda31ac67ae5315, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x7137f30d73d73f81, + 0xeecb48eb237cd378, + 0x1637a75145b62358, + 0xbd580295215776de, + 0xf95009ba8b9089e7, + 0xbf303de2dabc0c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x4dd5f94cf3e3b24e, + 0xf02fcb016625225d, + 0x8a2f20c64b044caa, + 0x82ab8c456706ab8e, + 0x9f95f6bcbd936b1a, + 0x94add9e4777f3ec, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x72cec38fc44ae9fd, + 0x524c561c05b3ee03, + 0x335c6503d6ff69e0, + 0x68b763fb63724d9c, + 0x3e1d47f963a16b93, + 0x17005cec6551b146, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8d45f8b369ddbb5d, + 0xcd6da2f230c4791e, + 0x2e75ad84501b4cb3, + 0xfb6f16ad8af05c68, + 0xf43ae1565f6b4198, + 0x9c663df67c79ae0, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x744bda0fa1185896, + 0xa54e5d9454a4a5f, + 0x486c322adab592c7, + 0x49f15ba85bda0074, + 0xbb548ebcde301c96, + 0x1d42d55c1d34128d, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xdcdf4a8bfcc014a9, + 0x5731a326cd0f6091, + 0x59e4fe149f9fd6cd, + 0x37ee92e10f1f3bef, + 0x2ea7d49a2b35dcb3, + 0x1e3807bbb0193b6c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x947e60321e5db74d, + 0xeb8d9dbd8663c6e2, + 0x181a6b7b22756fa0, + 0xba33ae95d315c6c3, + 0x6f8adabe4603a166, + 0x200f79799699f8d2, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x48f46aa4c5b7edcf, + 0x81f6079017544d02, + 0xf44dc26c65bcc111, + 0x5ccb22f8e2342245, + 0x6cdfd3b3e088fa73, + 0x5dfa8d483b29d9e, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x46f9c1d6dc3a3635, + 0xdb744fdfe3a39cae, + 0x90135be4a873578b, + 0x5a9a6d05af9d75fc, + 0xd56b6c884a05cf30, + 0x128ba26e0aaff223, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x1b9ef2e1fdcad621, + 0x22fc1ed56a7c3271, + 0xb5a12609a2d85cc0, + 0xeb940b6d340c1ba8, + 0xf0c5210206945b36, + 0x56423779cbc31b9, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x29b6515a963138b4, + 0x82a4f40a10483963, + 0xaf3f3ac9f947d89c, + 0x9306458f32ecd397, + 0x993b226bd8984495, + 0x23910c546f06701b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x9a8064a6e0e0cdf0, + 0xca2db5ff06cb19b5, + 0x4ad1b252db8bcefc, + 0xa125bd8c6ee80cd, + 0xdb2b447da09ea5df, + 0x1973b1f2fc25dca0, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xefa6fc1bc0692d14, + 0xfbeacbcde0f07b9d, + 0x4da046680b1daa6b, + 0xfa142ee742f4f49c, + 0x9dec9e73eda83945, + 0x1b3ec0ffa7d9aeaf, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x9814b0e799d15a4, + 0x3848483e9e34c1d2, + 0x6f82cd22ea499b17, + 0xbff924dbb25ee1a0, + 0x29b340d84e573aeb, + 0x1a4a3b9b9a612267, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x25e1603d2672c8d4, + 0xd2a6a53a75cb5b51, + 0xf5c4c73dbb0a9e35, + 0x5c9c03c61fa094dc, + 0xbb02f422986b4d34, + 0x15f0105f67207436, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8e3b556b0e951eae, + 0xfbcd9bd056290492, + 0x9f3730541b1f9da5, + 0x8ae8e49dded74ba9, + 0x171b39226325e1b8, + 0x3b71540db8272f8, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xe801f84196a415b5, + 0xc853b94a1fcd3a7c, + 0x9562f03fd0432bf5, + 0xd9b5ce252ef78b77, + 0xe57608a901117f27, + 0x1c2b311ff94b347a, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xe2799af45bf5f7d2, + 0x479541284a76235e, + 0xf0a9940508e04519, + 0xd2d212f8be526b70, + 0xcd2f5f564c2eba9f, + 0x5080a96532ff18b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x332175a4423c8923, + 0x6cbe63b275c0d82d, + 0xbec33a42798f65fe, + 0x132e172ca2b60e2a, + 0x51cbbd900cc2c75, + 0x2dfa65296c60e99, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xe0a11f06a9ee6d32, + 0x44e2f4545749bac7, + 0xf8a8e15a15ccb7a, + 0x15d7111b564d06da, + 0xd7acbc538912e7f, + 0xd9b432f044de0bd, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x165a83a1ec85d1fa, + 0x106ba5c124610036, + 0xf4b65d8666c1127b, + 0x539454aa40c802e5, + 0x52b7cb09a98ef05a, + 0x40606e30fdd2590, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xe2180fd4b11735e, + 0x1d4e8d9294054096, + 0x522d0d21c472caf9, + 0xd974eca535c80945, + 0xc235e94823a37ab1, + 0x1afe8df0b43f34b1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xa76cacf57c6d42b6, + 0x69a31cab5ffec23e, + 0x847382df32999bef, + 0xf8a5b4629ebe83a0, + 0x9a56273965d1a8af, + 0xe3fcf60b082db41, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8c7654b932e5a0e7, + 0x83f6d3395b0fbbca, + 0x319b957a385b7f9c, + 0xaf3e99f27aff72e0, + 0x2321cad504dcd5c7, + 0x2e00ce72a6be2af, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xa2cf2778231357d2, + 0xd0392de753e2fdc6, + 0x48e5271c1306beec, + 0x703038931cd972e6, + 0x5b40bbc31ed1424a, + 0x11a32d36858681b6, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xefa9b4f0ddfd2702, + 0xc9d3e274ac5b5e32, + 0xd4ef26276dc1a95b, + 0x9d85956870fa6309, + 0x538402d6a4f95f87, + 0x20ef3e759e2b5774, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x2f60c3d89d527633, + 0xa3e0be9226ecca86, + 0xf1689ad9efa4c39a, + 0x5169a21bce1fe136, + 0x6e3540a32f9e4aca, + 0x1c975d864f6a9908, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xa08b2ea220ec0f01, + 0x86632b185d09b55e, + 0x3d0ab9907cf80762, + 0xb2f25baca5f2a8b3, + 0x604fde4a028521a7, + 0x17e1b72b82b07098, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x9035d4d6b225e113, + 0x199b7c8dad453c0e, + 0xb0124646645d7d8e, + 0xfeffddbef7fbb9ed, + 0xf7c8e24de35d28b, + 0x17946871be482e29, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x68cb8cf32f1fa3ca, + 0x8410a35992e64198, + 0x1656e4c3c8809d1c, + 0x5a7a593ea5160028, + 0x6f9884fec64ad87, + 0x68f342a7d9c1578, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x6aa1649a239a3994, + 0xf3873ada62153606, + 0xd4f0605c7c2e6f90, + 0x942229d8c0244a22, + 0x4be923475c5f8097, + 0x4c543a99bf453e1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xc6aacfbf3df91e60, + 0xcdc8779b251de05d, + 0x490ce8abcbd485bf, + 0xe07f2f206b0a0000, + 0xce85478b8702534, + 0x1fe00bbda79ba428, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xa365d86d6c8c4ab0, + 0x1df5e4d2f04cc1e3, + 0xdbb4ce154979385e, + 0x2b5184972a069c50, + 0x8aac4c3dce9136fd, + 0x2a3b121f3358ffc, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xbf66da9421be42ed, + 0x226d53670264f514, + 0x5a781ad5bd473d6b, + 0xf4d62ad2a6af1bb6, + 0x3380da9a0c1a6c10, + 0x16f0e7d19f26d09c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xe644fa4d4fb7342a, + 0x15e768944458bb5c, + 0xd528cc6f453699c, + 0xc4b9157132f26c6a, + 0xc31528ac8f8d8b3f, + 0x945a72e10891225, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb321b56b8f98610c, + 0x3ec88e37031b97fd, + 0x85c0e7cfba951245, + 0xa6d89f69de3e394b, + 0xfa3ae8fc7b87e7fe, + 0x212cc2675acfa9cc, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x357863050cee0503, + 0x1e9fc0db7868b869, + 0x586e7953b8e42ac, + 0x87386dcbd2b79642, + 0xafd688ea111ad0e7, + 0x23f60a02b4a4fe59, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xaf6a37deeb831a81, + 0x881b385fb805b87a, + 0x4701bfe082a43e05, + 0x41650f00a2d6e8db, + 0xbb2ca998e39e13b0, + 0x232f4f9687b47327, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x4f8605c1f2ca166, + 0xbbef46f7849737df, + 0x4b0fdee02ed2ac0a, + 0x532c2e3af6785dc1, + 0x7510d9520a1c3ddf, + 0x15f653783e92ba13, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x4067cab4773020b3, + 0xe5c29073725ec874, + 0xa7abb978a061096f, + 0x1c587a24de3a3b6f, + 0xfd33c6fc2986a8e3, + 0xa5fa65cce47aa42, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x533dedcc81369bd0, + 0xbdf53837b9d23058, + 0xe27b721a005b5faf, + 0xd21b8da39f0debe8, + 0x8f7f95eb502a4d53, + 0x877f53f518ac833, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xdb570121e5620ca5, + 0x4cc42224d164e33e, + 0x1e0fababde2a1608, + 0x9f0b888d97f43a5d, + 0x7d7d77d695f1a40b, + 0x1187a307034c3250, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x3bf4d0689f992368, + 0x3028683c9bf5f61c, + 0x753ab3b520ad87c4, + 0xb0ea236abf05170b, + 0x78cd2cf60bcb65ba, + 0xaba26bcf92961be, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xaa04a6057e9a5895, + 0x6020909871225d55, + 0x7c934fefedfcb2f7, + 0x35be567d72ee7f68, + 0x3a3ae567bf722173, + 0x23f5342de659b66e, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xbb1b0a89f8f674ef, + 0xb218e7f698309305, + 0x212f47513733f4e4, + 0xd7b2c046fc3c8198, + 0xdd0f369360ba052e, + 0x148adaa1a5d07646, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x3d2b35dbb9f9f32c, + 0x1df6064e3b7883f0, + 0xaeeef2fc5b7cda5f, + 0x5f569f59490867ad, + 0xab41c3c99ff1a7b, + 0x1f6af01b4069f01c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x7b08f7196f95f250, + 0xebd998a94641b216, + 0xecd17f2f0e6b7be2, + 0xd45567f5aa54063a, + 0xe7dfacc677a37ea6, + 0x131d85807f2536d2, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x85385038acab36f2, + 0xa9d46b0a174ab171, + 0x2aec8efde8e83eaa, + 0x535702cf318b0449, + 0x791e65318aadaa29, + 0x11cc5aaabe45a470, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8f47e1abf7eeae37, + 0xf81d797cfd12fd6d, + 0x1f403efbcea531ef, + 0x12242501b075fecf, + 0xcba721d0e59ec56e, + 0x1d95cca7805931a1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xd20a477c6171f257, + 0xf3733e0aec025177, + 0x58a7c392f84a3100, + 0x9e44fb173a2de05f, + 0xa5b0e85f7e550abd, + 0x775c9caf7ae3540, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x7ad7c44ee12ddbf8, + 0xc685d908e1c0257d, + 0xd21db1d7d01e1c7d, + 0x4f49944f6bd9773f, + 0x7178542947e4489b, + 0x7628c430703efc7, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x299be442511a549, + 0x7eecf2053e4f9fdb, + 0xfcda10b863099df7, + 0x893ecda9e309edb6, + 0xdfd6d782c3fc588, + 0xe064ef8fed04cae, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x208ab9b77971c005, + 0x11a5e62003b6177e, + 0xa03468532c04561e, + 0xf241db89cbbee228, + 0xe14a9a8790b67ba8, + 0x3b9ebf739eadde2, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xcfdd3f19dcfe7200, + 0xcbd8ed1a0fe60cc3, + 0xd89719d2ae246454, + 0x82bf01f10ae3d89, + 0x3cd3795a60c92a93, + 0x6146368a87304fb, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x69ec3312c6016ef4, + 0xfa5bc3577cded484, + 0xa7c91d6c06a093a0, + 0x6af99c6916f16e96, + 0xb18c021e88a175c7, + 0x1c76d7686ed24a21, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x97b3eba6b93daef6, + 0x9bb66787f505a5d7, + 0x1dcd50ca8f8b7a04, + 0xc2d2f0cb3282e2d2, + 0xe38f6b1b5b28bce7, + 0x113d44625996b66d, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xdf57996b93afc1ad, + 0xaf30f4ff3b168631, + 0xa931c3e1e775bcc1, + 0x7adce239e718404a, + 0x7c7a6a32c80a0397, + 0x1f96cd3f39c5c93c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xc5c2f205e08455b2, + 0x6fd98f231c9bbf5a, + 0xe9160824fc9537af, + 0x530b6a7df23676a9, + 0x36b9a6ee3f8377fe, + 0x1d1e1dead541740f, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xce22230822007509, + 0xac72ea574a7ce9cb, + 0xe818ca23600e10c5, + 0x5f101b62bc4256ee, + 0x2edf5dc78c2423ce, + 0x858f27f979a1ff5, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xfb99e91588851f92, + 0x334de6ac473e5ba2, + 0xb5987498886b2763, + 0x4b3dc539e53d3763, + 0x1b2f2b45c1788b82, + 0x1bf8e8124a6f04be, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8b26faf7d19cf85f, + 0xd0153d21f912ed09, + 0x7e29be298642eaf9, + 0x9e16e137643a57f9, + 0xeb50ba0623229882, + 0xf2cd70c90e5c137, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xed5975879d4c9335, + 0xbe147ec26265105, + 0xb9558ccabc1c9d57, + 0x7fa00c926e0f6ebd, + 0xb4b628e17306abf0, + 0x17156fd3629203c2, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x289c6f8d69ddaf35, + 0x1e389db66f6417cd, + 0x15840b36d2b04b1a, + 0xebdc1ac5c474f652, + 0x8cbeb6a72a503fa, + 0x16a41a19459c7f31, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x3d9801d7761cc606, + 0x8051e52278a87b74, + 0xab13d148e96d8058, + 0x3453fd74e5dedd7e, + 0x48bb90eb7286187, + 0x22460c3a490b161b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xdf286f0c78c02975, + 0x13050e707ca121ef, + 0xcd7950cc3f022cab, + 0x75f58ef17509e38a, + 0x11de934ccf45dae0, + 0x299ac12badbb5cd, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x91684a0c014dc61d, + 0x75df2538a72a421, + 0x12c39c7bbc30e033, + 0x12000da5d041967b, + 0xdeec8ba0d47a3c46, + 0x11c74d47691149f9, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xe613c4e3dd026369, + 0xd9cbe6fb91d0c4f6, + 0xa6d7cbb5ec4e707b, + 0xf08f73238bb560e3, + 0xf5c9bab7aac2dd3d, + 0x2909fa265a93ebf, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x5cf20fbd0d0d48b2, + 0xbc5fa7e7c70898a7, + 0x8e264b6c284ab7f, + 0x3483a690e97713ce, + 0xcd7ba5a6fbdab1f1, + 0x4161814bdcaff4c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xf5933f81aaf94238, + 0x1ef53b2aff05625a, + 0x51400e271d42eda6, + 0x56d38c87cc4fde24, + 0x52f37e6fd7c369be, + 0x4ff1d5e02f92ce1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8d0bbce67d7fa5af, + 0xbd8171f1d66fbae7, + 0x6510c52bc3406195, + 0x7a34305832edf74, + 0x22c815ae2893d67c, + 0xe0a06c13b0590de, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x63a5acef15bd163f, + 0x5e1292e82b660d02, + 0x7008fb440cdb92f, + 0xa722012e2b46f69d, + 0x9b3562fa323495cc, + 0xaa3b17b1693a9f, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xe5276a57d8326b2d, + 0x24216cbd2b2b3386, + 0xc6a03b315c24b23, + 0xbd6ef4ff9bb0b420, + 0xf30d7cf1ddeef03f, + 0x1836f0533b24db24, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x81a3799217ebe001, + 0x5b130e3e2b989267, + 0x39d1e9e36cb21487, + 0x4e5f75781535f1ec, + 0x588a839951b2d619, + 0x229910365618a427, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xa5c15385b840fb15, + 0xd13718215429bedf, + 0x253e95be77bbc624, + 0xf4baceb37c1f046a, + 0x5a3bfd255ab0782e, + 0xd8a4c4c43a4ba72, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xf003d683557c00a7, + 0x2e65eeff293d4c0a, + 0x782240b45e7bdc89, + 0x924b1f6b64f3e901, + 0x164db2bcb6533af4, + 0x43991de11efce49, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xfd2782d5e0d4e8d5, + 0x6da02e0ceef5deed, + 0xbfeef7aaa6316117, + 0xbf072772f2ef3700, + 0x15d320ca38578a78, + 0x29afde87db3e525, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x390972e93a070537, + 0x820cf65537fd40f2, + 0x9834888c10c3ed1c, + 0x612d06a291a63e8e, + 0x43223bfd0df37c7b, + 0x11a49225d8578fc4, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x32eeb2908138d2ac, + 0x3dc1c46f1bd91d96, + 0x3c9b7fdff2c894ca, + 0x69ab314018fb277a, + 0x9aa35d2992dd6f67, + 0x55a2460cc63c607, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xdb31badf8b3fcae9, + 0xb1d0eaedebb52841, + 0x720147e41b5c7ac7, + 0xb091b6e5ec8d6254, + 0xad26104dc2ab12a4, + 0x1a6ce6bfafc654d, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x27d211809720fc52, + 0x4abb28d977c17853, + 0x94e1bb63cc3c0bb0, + 0xeaf11f4190d56fde, + 0x55c0782e7ea21b50, + 0x3bccc01d96f4313, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb68bc0459ca55cd5, + 0x2b05f7835969ed72, + 0xe62bd13014fd3617, + 0xad8d2b9749f8142e, + 0xc7c169b169139f39, + 0x206668d88617eb11, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb2a3de5de36bf48, + 0xdd88d6ca0ab87eef, + 0x89404fc445070ef3, + 0xb148f5cd3ffa3aaa, + 0xebcef82c8cd243f7, + 0x1e33db199c53a413, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x2e4c1b10fc98ac9d, + 0x886165d8f5ff092a, + 0xaad87a9b145fee16, + 0x530c6e6999ada6f3, + 0xc648ce9ce59623f7, + 0xabe7b5c9f447b18, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x3b870ddd75a8f5a6, + 0x88a013fa5eb99e9e, + 0x338fa0e41c0681f7, + 0x7b0b00ec65ae4bdd, + 0xd4f372a65a575b18, + 0xaa3380437b75889, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x521e150067cb5c34, + 0xddd0d7000436a545, + 0x14a8ce8bb8c383f0, + 0x69569fc5352914be, + 0xdeaf9132524d6b7c, + 0x264396fbecf9b1b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x827853bab7316f02, + 0xe03670d1c54321cc, + 0x8308a184607983e8, + 0x42c94475385ba780, + 0xae14e507056295c2, + 0x16a26fa4e7e62fd1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x11477aa5d9556bf4, + 0x8cd38c9f17782c, + 0x67224e10043089e, + 0x7b9e186e002a5d0a, + 0xbd0d06a4e30ab454, + 0x19070c7b55fcca60, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb8a3fe342ae97f71, + 0xd3377f9d85582d66, + 0xc5bbee9e346f3273, + 0xac772f92c6665426, + 0x88f6df3d8a8d5188, + 0x1ac57b7c03d42216, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x7e132e39e670ca8a, + 0x39dfc3adc7832470, + 0x5328abf85799c431, + 0x7b9466f04a9da855, + 0x4508d8fac01f97a5, + 0xb782926d71e68f1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x97ccdb5a76fc0aa5, + 0xd6e16c8dc5f7e206, + 0x298ee6ab3c71d944, + 0xe55c955eb38f6c97, + 0x757bd1d9f746ef50, + 0x15fbcee358092dc1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x6c970df067c60f23, + 0x6bb6e0cc4b910162, + 0xbdc1759443633876, + 0xd076bdae238232fe, + 0xdcf4f9300f23985e, + 0x135b5481f8337e9b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x785f30aa2ebfde43, + 0xa9fdfd04c9b75e45, + 0x3e5e3a0b1e9b0788, + 0x434d0a8cdd1a5641, + 0x66425fe572a203f0, + 0xbf96a3b42165c73, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x9594db702429dcaa, + 0x91b8246d933ebd6b, + 0x8e876a1368e1cf97, + 0xa58925ee1da6aaec, + 0x9b7f96d89b2a839f, + 0x18efadb64440d441, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x46b7f122949ba9ec, + 0xc97adc943a3c2ba5, + 0x617d66835c68741d, + 0x4c346f4c88c08fa9, + 0xc9a5dcbe8c604ea8, + 0x19556bfebba49232, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x502b786484da94d6, + 0x70af0f996050c4cf, + 0x7bc4eb282e92efde, + 0x3cc13c9fbac2461b, + 0x76aae8b46515cf81, + 0x5c08f41e3b03f7a, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x378d56657a97e2f3, + 0xddaab891ec53abdc, + 0xd9b855b3245334b7, + 0x31264f18f3427d0, + 0x591a8e1df6c6a4b2, + 0x13d120a29e3925ef, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xbecd44432b5f67d1, + 0xbe0580b15a9da777, + 0xa779556318e82596, + 0x2f5f23655b3b75f8, + 0x3bb479a02e847e10, + 0xe7ddc705473f20c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x6b6e5c0337750e36, + 0x4b40e5666b9aef6c, + 0xbf8068c108601ec9, + 0xb5d92512d2705122, + 0x7559c4862202b7e4, + 0x2032a50c2573e6ab, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xef07946de19d89ec, + 0xf95925650e8fcb60, + 0x79f749f54ae1cfbe, + 0xc8eef18b542e9fd9, + 0xabeb0b79937ff307, + 0xc5f28a31dc9d608, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x1f75ce22dcc06e6e, + 0x437f87988235efb0, + 0x9086a7d80524a8d0, + 0x1dcde226b5818e83, + 0x9cf4235b8e09ec3a, + 0xe05c1eb1b19ab1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x3c7900051e7388ff, + 0xed97ec6862b48066, + 0x94f25f4b0cf7b3eb, + 0x7287aca0d13a6e82, + 0xd36f5004effbb985, + 0x4ec65397a065dea, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x9e1c766108af505d, + 0x30c84353674de042, + 0xc3f1928fdd934cb4, + 0xc1f38b33f07a84f5, + 0x8cc237edf14011de, + 0x8eaba8e51dd779c, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x48359e687edb8f84, + 0x8655630a4a68aaab, + 0x261a90d533b44928, + 0xc190d058e6c9439a, + 0x61ac3aafb82ba635, + 0x1494c0a698e52de5, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x168d484cb1778d66, + 0xdcd8c74199b11136, + 0x17d92329166b4948, + 0x312770e62ae54976, + 0x266e16d60a810e5f, + 0x4496f776caecc65, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x50a676ea4416eb2e, + 0xb9627b6dade2e3aa, + 0xf9e57d095e42f39d, + 0xb2bcd062c55c2d67, + 0xe2779837ffcb6e7d, + 0x1f4839cf7d86f8eb, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb12e1716f71ed91b, + 0x27d8de1c2a8c828e, + 0xed04b02d5c65a11a, + 0x36e916c152f6a379, + 0x44969f87c20a1ece, + 0x4408d84ceedb145, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x3154f9da4c52b4a9, + 0xaa63ca916ce64811, + 0x2d1ecb52db89a7f0, + 0x58e997f7dedb0575, + 0x79e4f19654b47296, + 0x1d231393a9bdf2f0, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x4d3fdc53d4999b51, + 0xd5b9da0c018cc5c0, + 0x5aac0fee19cb3fd4, + 0xd57a1fd78266889, + 0x11bb9ab06b1eb60e, + 0x4c61d8160747c10, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x6cf6339972418e98, + 0x5a8ffb1ed8677882, + 0x70fa9f55ea7f59eb, + 0xff82065ddffa952d, + 0xb64e7b51c8d1c03c, + 0x12f36ea40e9e5559, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x53b9ccda6e84a65d, + 0xe5b7620858f8433c, + 0x5500b6758ca14ecc, + 0x2ddea05ee984a57f, + 0x51edadd520007288, + 0x12a161d5438c36fa, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x32516c0c9d2daa27, + 0xc683c85ae5831a9d, + 0x7a44cac4c6e04bbb, + 0x86cc68ca96cb89fa, + 0xc381e214cc0f1b42, + 0x23b115b019e27c5e, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x850e0e6cc19070cc, + 0x859db81fd43d7e26, + 0xc1e21f0df3ad5d17, + 0x3ae161051f2e90dc, + 0xe056d00f6b00e52a, + 0x28943f255dcd267, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x884c8a013c5a2a1a, + 0xb069415fabf2d0ff, + 0xa8b420e2c171f47c, + 0x856ca33a62572e52, + 0xc0ebde2406ed0987, + 0xb0ecf3aa6ad07af, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8c91e15eb81fbbcf, + 0x51b38fccd0b6b068, + 0xf79c6a034f95fe53, + 0x9626cc95f96659c7, + 0xcbcccfe8fc30c289, + 0x19fb71c7406e9a35, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x7607534731acda95, + 0x4c511fddb22342ce, + 0x447ee08d9bb19c72, + 0xc4822aebfcbc2285, + 0x24c7063fbc50ef5f, + 0x111d562483ae1b71, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xce20bffa022cee7e, + 0x421f5dfca8b1a5f9, + 0x1da40c9a61ab178b, + 0xcc134d7f9db89d45, + 0xae3253acd9b18c10, + 0x15ef6c06f33fb6c0, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x2bc2f7581707e7d8, + 0xe9a0613d9bc1bd33, + 0xe24c78647b7f3bbe, + 0x2839b022c82b9cf8, + 0xed2921264b022413, + 0xb381f2aaab65f4d, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x5e6fee613014710c, + 0xf34e50300d58d054, + 0xb00bfa2f5a8bc9f2, + 0x89ea7a4f518a3edc, + 0x6b5cc8869511a61, + 0xfaf777914cb272e, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x66af9169e9f2de88, + 0xfdea808705a2514, + 0x825e10e467fb80dd, + 0x39c7cb2eb3eac255, + 0x2e9e945b2024d288, + 0x19fda157944fbf36, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x6eefb698748896c4, + 0xa06c916f6f1c91bf, + 0x24ff20753d5cf7f4, + 0x52de1724feaf5af4, + 0xf25e208ae5af63ca, + 0x102689f02caa0826, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x34b7964e39e834cc, + 0x3e775735d0955f9, + 0x88e77f88d8ebeb57, + 0x825b94779cad295, + 0x46c9b7191d5e4d74, + 0x19bfe4306a81e64a, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xa35df64b24f289d2, + 0x66f092b3aedfc3f7, + 0x13f874ca29beced6, + 0x22ea2e7a43d9f226, + 0x7414416c37789e87, + 0x3350acacfd72967, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xd2bf00b533ce6c06, + 0xb3de8680f43a28c7, + 0x730e5a196c5fc194, + 0x8c154245fb46c624, + 0x82e3241d164de917, + 0x1902e37228d9d38f, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb819eec020508b5c, + 0xcce6660568f80104, + 0x692e54d5856c0684, + 0x5a1080560a8ebbf2, + 0x56f5ecfbf91dcbb7, + 0x173a900322be09e4, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x95969670c277ddb9, + 0xc826790873bba829, + 0xfdf70609fa8230b7, + 0xa169524c68697c76, + 0x2786e0c33daa49cf, + 0x29c1b08c55baa58, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x187ae236b49eaf35, + 0xa9fe12f04dc3cd94, + 0x6f8ff94bdf4e131b, + 0x99228622c82b5e58, + 0x397a158c03b324a3, + 0x4e7712aed7462f1, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x597c7274df3d7d88, + 0xbb2a2190c7bb2f43, + 0xc664baf43bb79e84, + 0x687ee06e701c86fc, + 0x1e24d31f3dea47fc, + 0x2075c27b6a16bd0, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x99d63b17bbdf6ab2, + 0xb59d593e36a172, + 0x5ee25a9d8a1b80b4, + 0xfe38bd87369e3a98, + 0x47eb9c4c39e18c2f, + 0x150581e6c9362089, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x4f63aade947fae5f, + 0x2c2b5531556b5edf, + 0x60d8239b8fdf387a, + 0x2909f8c49bee14da, + 0xaffac27e2d83dd81, + 0x193bd69debe9c522, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xbf5239674121e83e, + 0xaebe0c92d79df372, + 0x7578c05576f91f84, + 0x49ffc0ab4e48fbeb, + 0x54c23ed221fd9853, + 0x11d63ec956e107e9, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xf459c6ac32b8652e, + 0x528db5f18f6afc99, + 0x1a502939c4f2fd5d, + 0x49600c3308ea6a63, + 0xbf0415f6ba180853, + 0x1fcdfde2b660527e, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xe2e903d9d4c808a0, + 0x7a4defedc70780b4, + 0xc8d6b3a356d34fbf, + 0x4544fe079617c918, + 0x4d0589b6193869e9, + 0x120c6530412201aa, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x5f826fc253b59528, + 0x28449323d7c050ec, + 0x62aa7b6294a2f139, + 0xe42cde6fcefbf3dd, + 0xe6339d9ba1965313, + 0x1a72b1b95874ddf9, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xd17eeae9951f047, + 0xf0dc29eb01d1118a, + 0x669f981021b78ace, + 0x8a89559daeea7f91, + 0x30a09810b5a22c76, + 0xdf7f160cf9436a4, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8be1bdbb1d48b64e, + 0xc37cfc891cdf1410, + 0x5d1ddc24edf7692b, + 0xc15a2ce1f334e6c8, + 0x3575b82b8470f86e, + 0x69117702034296a, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xd625d3dd403286e3, + 0xd52e788ef0f57130, + 0x330158b788aec4d8, + 0x9d2626ec8ea6f809, + 0xcb27c9558047ac2f, + 0x2227509862ecc1a0, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x57cc408927eb6722, + 0xf8e6c6e2fdc1d5f6, + 0x6655c3d44b5c16fa, + 0x518e71c7c9866f1a, + 0x2fc4aa2db79d1e76, + 0xef174135a6ea6da, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x865f134c6a813514, + 0x7a635641c2514936, + 0x32eef0d70a72c1db, + 0x191b7985fbbf4797, + 0x3f7d8b950abaa75f, + 0xd66089a58be5673, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xbb0bff3a43659235, + 0x81e01781d17d77e2, + 0x9042478a34860ade, + 0x9a0a4f52db822381, + 0x411fc69234f0831, + 0x18670b6257d14e5f, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xed1825b47c0970a8, + 0x6c30c692af42c2dc, + 0x7170a21067e6ebae, + 0xa88fce0e1de88878, + 0xeded4124fd263e5d, + 0x10cc27dba715fbce, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xc507cd5ca20ac47e, + 0x8760b2d002c24bf4, + 0x7a1a3ee341d2bd31, + 0xbde7a4dc298733f0, + 0x59384f9ba681de1a, + 0x1e61c79fdcbbc92, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x50ff27fef4648a49, + 0xf4ffbcb41a25f01a, + 0x11475e1c50ca75a3, + 0xc748083328fde991, + 0xa51978c881dd1657, + 0x1a8c4560c688e4f7, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x5669d2e3a299c74b, + 0x4dc3bcf4ca360bc1, + 0x79ac21ed9756f463, + 0xd03312e6a6b66cde, + 0x7dca20b390eb1db8, + 0x1011ccb163b1de7d, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xf1f28a273dc0a4c4, + 0xdd43c35dcef01c34, + 0xb2bea8ffd6b04709, + 0xc5558d2ba68fd50d, + 0xe904e61565cb64cd, + 0x113ef43883a21768, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb708e32f29816d24, + 0x23775eff7e90a018, + 0xe24a63c0e2757005, + 0x408fe0842baac598, + 0x4a99ec3cd437fde1, + 0x17eb1dd58b2b71cd, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x24190c79caae1c26, + 0xcd672499c42e8960, + 0xc1c8b951fc99dece, + 0xd636eaec9b0139bf, + 0xfcb633cc250fa9b7, + 0x1d3001e683da15c8, + ]) + ), ]; // The MDS matrix constants const MDS_CST: &'static [BN382Fr] = &[ // Constants in Montgomery representation - field_new!(BN382Fr,BigInteger([0x6ac1a9ca2bfaf672,0x8741e5775336eecd,0xc3542eb56e2ecdbd,0xc060b453f5769f1d,0xa0bfbaaf8550d2f0,0x82244d24068fb84,])), - field_new!(BN382Fr,BigInteger([0x72f8f2e204bf70bb,0xdfaca0814998d678,0x5bc5bc7dc7efbf60,0x60c7447005c6238c,0x228675fb4e689682,0x1b23a18d15b6e344,])), - field_new!(BN382Fr,BigInteger([0xef774390a82f9829,0x9794a1188d8dae52,0x8784315795923532,0xc572c69f9cb6de5a,0x59a5a62e6c8ff7fe,0x1fcde0449a9d773b,])), - field_new!(BN382Fr,BigInteger([0x60259bca5f29a567,0x642332164b5a1c6,0x8c5fc348a776f303,0x4d3fdbbc5c457c5b,0x8d7b0b765f9aab96,0x15754b8d77c2bac,])), - field_new!(BN382Fr,BigInteger([0xb073f85139114a15,0xc73710f0b2754d34,0x5fec554b012529cd,0xd127ce2c88fe8e59,0x348d6fac251c205d,0x3d62705403fb5c7,])), - field_new!(BN382Fr,BigInteger([0x8fe5ed1437107ae5,0x3573f33f9cdd0fa1,0xc4f893a2a0ce03a7,0xe96399d2176c06de,0x48e6d3f03abbbcdf,0x22fc5a0e6c275361,])), - field_new!(BN382Fr,BigInteger([0xf8e3d65ad93901ba,0xbf80d68b79087348,0x986a203c13df0dfd,0x28e6fee273ab8089,0xa0d247b5118c7053,0x13c1fc781c3bc96a,])), - field_new!(BN382Fr,BigInteger([0xb384b1e3e7890676,0xbf03c31fbdf881ca,0x202d2c8fdd23af75,0xeec6a4e71db93069,0xcd7b6a126c7c5241,0xc0670d904227bbb,])), - field_new!(BN382Fr,BigInteger([0xb5c9511701fe7e60,0x1d994508bb246d45,0xd516dd8ebf30a39,0xd96940aa566a16bc,0xc613094840067ecb,0xfe933fbef246789,])), + field_new!( + BN382Fr, + BigInteger([ + 0x6ac1a9ca2bfaf672, + 0x8741e5775336eecd, + 0xc3542eb56e2ecdbd, + 0xc060b453f5769f1d, + 0xa0bfbaaf8550d2f0, + 0x82244d24068fb84, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x72f8f2e204bf70bb, + 0xdfaca0814998d678, + 0x5bc5bc7dc7efbf60, + 0x60c7447005c6238c, + 0x228675fb4e689682, + 0x1b23a18d15b6e344, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xef774390a82f9829, + 0x9794a1188d8dae52, + 0x8784315795923532, + 0xc572c69f9cb6de5a, + 0x59a5a62e6c8ff7fe, + 0x1fcde0449a9d773b, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x60259bca5f29a567, + 0x642332164b5a1c6, + 0x8c5fc348a776f303, + 0x4d3fdbbc5c457c5b, + 0x8d7b0b765f9aab96, + 0x15754b8d77c2bac, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb073f85139114a15, + 0xc73710f0b2754d34, + 0x5fec554b012529cd, + 0xd127ce2c88fe8e59, + 0x348d6fac251c205d, + 0x3d62705403fb5c7, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0x8fe5ed1437107ae5, + 0x3573f33f9cdd0fa1, + 0xc4f893a2a0ce03a7, + 0xe96399d2176c06de, + 0x48e6d3f03abbbcdf, + 0x22fc5a0e6c275361, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xf8e3d65ad93901ba, + 0xbf80d68b79087348, + 0x986a203c13df0dfd, + 0x28e6fee273ab8089, + 0xa0d247b5118c7053, + 0x13c1fc781c3bc96a, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb384b1e3e7890676, + 0xbf03c31fbdf881ca, + 0x202d2c8fdd23af75, + 0xeec6a4e71db93069, + 0xcd7b6a126c7c5241, + 0xc0670d904227bbb, + ]) + ), + field_new!( + BN382Fr, + BigInteger([ + 0xb5c9511701fe7e60, + 0x1d994508bb246d45, + 0xd516dd8ebf30a39, + 0xd96940aa566a16bc, + 0xc613094840067ecb, + 0xfe933fbef246789, + ]) + ), ]; } pub type BN382FrQuinticSbox = PoseidonQuinticSBox; pub type BN382FrPoseidonHash = PoseidonHash; -pub type BN382FrBatchPoseidonHash = PoseidonBatchHash; \ No newline at end of file +pub type BN382FrBatchPoseidonHash = + PoseidonBatchHash; diff --git a/primitives/src/crh/poseidon/parameters/bn382_dual.rs b/primitives/src/crh/poseidon/parameters/bn382_dual.rs index c3e04d5c3..a149197c3 100644 --- a/primitives/src/crh/poseidon/parameters/bn382_dual.rs +++ b/primitives/src/crh/poseidon/parameters/bn382_dual.rs @@ -1,6 +1,5 @@ use crate::crh::{ - PoseidonParameters, - FieldBasedHashParameters, PoseidonHash, batched_crh::PoseidonBatchHash, + batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonParameters, PoseidonQuinticSBox, }; use algebra::fields::bn_382::Fq as BN382Fq; @@ -17,13 +16,12 @@ pub struct BN382FqPoseidonParameters; impl FieldBasedHashParameters for BN382FqPoseidonParameters { type Fr = BN382Fq; - const R:usize = 2; // The rate of the hash function + const R: usize = 2; // The rate of the hash function } impl PoseidonParameters for BN382FqPoseidonParameters { - - const T: usize = 3; // Size of the internal state (in field elements) - const R_F: i32 = 4; // Half number of full rounds (the R_f in the paper) + const T: usize = 3; // Size of the internal state (in field elements) + const R_F: i32 = 4; // Half number of full rounds (the R_f in the paper) const R_P: i32 = 56; // Number of partial rounds // The zero element of the field @@ -31,224 +29,2255 @@ impl PoseidonParameters for BN382FqPoseidonParameters { // State vector after permutation of zero state vector const AFTER_ZERO_PERM: &'static [BN382Fq] = &[ - BN382Fq::new(BigInteger([0x27dcc9c1f001c02d,0x7fc9de4b5ab915ed,0x7c6832557c4a410d,0x320b95a8fa27bf32,0xe5c89c9c09bd67e5,0x65748e22de4f8c5,])), - BN382Fq::new(BigInteger([0x7cdb27778c5d6796,0xad588ee542be3389,0x68e926bfdd6398ec,0xe432240624573240,0x2766c91ade70f83f,0x170646120652b37c,])), - BN382Fq::new(BigInteger([0xcada65af3ba4e9c4,0x7e4561e9933627cd,0x8cb8757ddb2e0730,0x610ecc5beda633e0,0x984de49537e8c3ec,0x1349deb07a8f6f52,])) + BN382Fq::new(BigInteger([ + 0x27dcc9c1f001c02d, + 0x7fc9de4b5ab915ed, + 0x7c6832557c4a410d, + 0x320b95a8fa27bf32, + 0xe5c89c9c09bd67e5, + 0x65748e22de4f8c5, + ])), + BN382Fq::new(BigInteger([ + 0x7cdb27778c5d6796, + 0xad588ee542be3389, + 0x68e926bfdd6398ec, + 0xe432240624573240, + 0x2766c91ade70f83f, + 0x170646120652b37c, + ])), + BN382Fq::new(BigInteger([ + 0xcada65af3ba4e9c4, + 0x7e4561e9933627cd, + 0x8cb8757ddb2e0730, + 0x610ecc5beda633e0, + 0x984de49537e8c3ec, + 0x1349deb07a8f6f52, + ])), ]; // Array of round constants - const ROUND_CST: &'static[BN382Fq] = &[ + const ROUND_CST: &'static [BN382Fq] = &[ // Constants in Montgomery representation. - field_new!(BN382Fq,BigInteger([0x7d3e06817fe2fa1e,0xe4c855556b4aacda,0xd3c7466dfe3ef0ad,0xdc8dfad17c55598d,0xfedeaecb451cc31c,0x1bae49fccd9255b6,])), - field_new!(BN382Fq,BigInteger([0x754b46e688e41941,0x5218c793c3fcd5f,0xba2d939611dd08a0,0xf2c8cd45b84d1652,0xfec52f665bbf0be7,0x1d8fb23e0ed07701,])), - field_new!(BN382Fq,BigInteger([0x179cb43091dd32ca,0x7018ca5f70f11350,0x7aa891c65140ab9d,0x7b58774f3f1be5a7,0x58d49c97590ce49c,0x22d837d6cf90598d,])), - field_new!(BN382Fq,BigInteger([0x6e7264f540297200,0x7e22d05a2ac6eead,0x750bb0bb0d9beca2,0xce0d22d4f9b03517,0x2d3abd81cc62a5d5,0x1e364e55e0f8e6f8,])), - field_new!(BN382Fq,BigInteger([0x286abfb064d58d5a,0x694641c59e8226c0,0x32e216e3da299c02,0xde59f2f1fb4e0e13,0x46582fcca06d8bc5,0xd701682260dc1ec,])), - field_new!(BN382Fq,BigInteger([0x3124c62cde9d20e2,0x9fac0ad8132a843,0x16a273f6243d658b,0x10bbd72c62bd55c7,0x28009a3b766ce48e,0xb2e1ad3015607f3,])), - field_new!(BN382Fq,BigInteger([0xcd85dea0420e7da4,0x7655466abe3e791e,0x89ba0ed5c5df0b7a,0x696eb193eedd7a53,0x21ef87ad83bc2098,0x1436fa2898d85c31,])), - field_new!(BN382Fq,BigInteger([0x2eb1bef93fa95c1b,0x6744676e7c75d573,0xfe40bfb6449c47ed,0xfb6f06274deb6d2f,0xa121c9375338d467,0x18c0c15fee7893a3,])), - field_new!(BN382Fq,BigInteger([0x9e87fc5f2c70948a,0xf15a84b5d6674772,0xeeb5b16e7841c954,0x195365c9174167ce,0x44cc3beded5210e8,0x9b30e2f37cf4d6d,])), - field_new!(BN382Fq,BigInteger([0xed5ac23cb2d7b2e7,0xb59479b2299532fd,0xd7346e61af7d6075,0x5379a9f9af0c76be,0xbc5e3f64e23b4510,0x1aa9539db9e2ca68,])), - field_new!(BN382Fq,BigInteger([0x7cca5d75471e18a5,0xcf738bac19bfd23c,0x8c7dae93f38d07d8,0x9928bea7b544d67,0x7bcbddc8941fbafa,0x107a0460dc3257d7,])), - field_new!(BN382Fq,BigInteger([0x509d7d069c8144b4,0x40d6f4f4838412b4,0x5f808597a65e824f,0xf85fc0b1ae528ba6,0x35417bc445096105,0x44c8ecab50e4106,])), - field_new!(BN382Fq,BigInteger([0xda7bcdb9334589ce,0x279866595323b253,0xc031ba9e9316bb4c,0x4d45d0a51e50ee99,0xd053f804a1ee09fa,0x1bd56aee6613e74e,])), - field_new!(BN382Fq,BigInteger([0xc19bd1f4d113085d,0xa029a66df291c4,0xdb6338960b5b1cc5,0xe91b2ccb73bb8a6f,0xe0c9fe626bd1f126,0x2395daf5ba537f1d,])), - field_new!(BN382Fq,BigInteger([0xe4de707dc5215efc,0xa7fea7ecec777a24,0x4fccf05790993d31,0xc61a8ea4220b5f3f,0x27d4a4665ac75ba9,0x6e3246f4a3b382e,])), - field_new!(BN382Fq,BigInteger([0x9d67087a4ea62ebf,0x59699096f1144725,0x2af84cf3d0380a9e,0xd87ee2a6d17347d8,0x4a81eb07be1b056c,0x75a5a6801316477,])), - field_new!(BN382Fq,BigInteger([0x9a6fd8809f12d30b,0x3ca61d2f47a53089,0x6c4d38eea4287956,0x154fa56675395c0c,0x8f865519001514f6,0x313964af599095e,])), - field_new!(BN382Fq,BigInteger([0x4ff63f6fc5645fd1,0x7b82f0c9b003a384,0x405ce50b7a794585,0x29e412a76ea8e5bd,0x692bacb4a43e915,0x78c400e81eaea2a,])), - field_new!(BN382Fq,BigInteger([0x2389a14f0e3f6b65,0x8598cc77c8681c81,0x3440e4d2dbe05338,0xaae1f848c7032be5,0x6e4f9f5529c13580,0x1de775da7d81ff42,])), - field_new!(BN382Fq,BigInteger([0x84fe9561a4fe2594,0x45c754538473d54e,0x2081e726351ab13e,0x8cb323441756a713,0xcb4b80882f845807,0x1ee0fcb705dc2430,])), - field_new!(BN382Fq,BigInteger([0x9c0aaa37d9119bc1,0x575c078a99cbd829,0x560f505a0478cedb,0x603f002e733c554f,0xaf0e6f0f83da8ce5,0xf5194f8e715f5d4,])), - field_new!(BN382Fq,BigInteger([0xf3561b7c1cf04,0xe56f7e055b0ec90b,0x9fb224e52785822,0x4c1790f1a8f9110b,0x35c79e9c35302307,0x18664851ea84735a,])), - field_new!(BN382Fq,BigInteger([0x50bdc2348c15b026,0xc77491daac514fc4,0x8955bc6b09ac737d,0xad2ea27060414f4d,0x7c997db5fac52dd0,0x1f2a5df9da5f6e32,])), - field_new!(BN382Fq,BigInteger([0xc681eed0e78148a7,0x57621f4c24529a1d,0x5876dd8e8ea07bd3,0xd28bb407c841cbf6,0x8b359037c71d366d,0xc328179635cd9f8,])), - field_new!(BN382Fq,BigInteger([0xb1df1f49c37ca695,0x1b56a5b8a3ba95f1,0x9a1808171c05e8e1,0x596925481ab62566,0xa9894f79cde80b77,0x1818e624cc575377,])), - field_new!(BN382Fq,BigInteger([0x43548437e0c1fc50,0x59a017d1d250161f,0xa2321e1ad533ce71,0x3430291f3dfd7b49,0x40e675e0cdd03d1d,0x1fb60b75dee10176,])), - field_new!(BN382Fq,BigInteger([0x9650122a9d5e917a,0xa8c5eb643e9680dc,0xebd8e0cf4b27e181,0x81878f28988986f5,0x84ecb59806b665fe,0x117feaed33fcaf64,])), - field_new!(BN382Fq,BigInteger([0x762852a42e0e383b,0x2b9d56b451dfd3a1,0xed90a6dd9cfa1ca0,0xc5e6550af40ad5f6,0x6670b6c3cc0f13ba,0x5e52fd37e326076,])), - field_new!(BN382Fq,BigInteger([0xe1e4e2b36aee2c68,0x72612c101843cef7,0x76566b953d138574,0x6286ec06a22d97c4,0xfb0718535ee4c307,0x9e580b297e1295b,])), - field_new!(BN382Fq,BigInteger([0x65f93a2ead7fa104,0x1139a51aa674b95c,0xab9fa9ccab64de12,0x4969cab7168e67e1,0x2c66ed95aa8833e9,0x22277dba6061a1d8,])), - field_new!(BN382Fq,BigInteger([0x12cb752b436c79c3,0xb5575ed259af50,0x7dccf11c775c50d2,0x256f41f44c42588,0xdddd7ae2731d6bd,0x1a7da4605f2bcf7f,])), - field_new!(BN382Fq,BigInteger([0xf17d407d066ce17e,0xdfea3d5a11d38819,0x717c2c4500c8a8c0,0xc4688c81e31a6bfb,0x2efddb7e9a1a49ec,0x11e0e744d9b9bf65,])), - field_new!(BN382Fq,BigInteger([0x2f760135fa494ee,0xe4c672bdaa35fa34,0x1a97d2b5972454fb,0xb81957273e6ab4ff,0xaae7da73e2b6266f,0x1e686ac49d2a0af0,])), - field_new!(BN382Fq,BigInteger([0x1eba31296647c903,0xbd60962fb86746ae,0x1b4d0d9f30fb2a43,0x5b25913bd3ddc434,0xbc01fc18fb238c25,0x116e17520ecc512a,])), - field_new!(BN382Fq,BigInteger([0x59d0c63a50610ec1,0x3fe0bd51fa0924ce,0xc6d8ebda99506139,0xe99dc0342673ea71,0x9c64cdfb11223be2,0x230326e1cac30a51,])), - field_new!(BN382Fq,BigInteger([0x19dd66a19f2d898f,0xba24837495c205bd,0xddd6a3e566c9364,0xf17d2d050307ed13,0x8569697716a78d55,0x407aa69c480f0b3,])), - field_new!(BN382Fq,BigInteger([0x2243ad2201738dfb,0x47fa258210c3c4d3,0xe16a2f543c5e1563,0x388ab7de843b5472,0x1e0cfdaa9aee9db9,0x110ccf2550e558c5,])), - field_new!(BN382Fq,BigInteger([0xaeac429db7c9fc3e,0x7987de7d8d4db1ae,0x2014fa7be205236b,0x25907e49da254eb,0x3f5ffb11ff83ff7a,0x1f3ac24ab99ac449,])), - field_new!(BN382Fq,BigInteger([0x6cc00c3862aec83d,0x53d9edc4ca869837,0x6a6faf39cc7cca99,0x79d17dc8f0fd7a8f,0x9ed37f5afbd892fe,0x1f954915257adceb,])), - field_new!(BN382Fq,BigInteger([0x225313eda783d91c,0x76933610b1c2a124,0x521b514063a98ce4,0x13097fb4ee798ed4,0x313901195a1ea8b8,0xff5d28d7fe4999f,])), - field_new!(BN382Fq,BigInteger([0xa1c3174820850d5,0x168f64a76996a0d4,0x303146faa39efcbf,0xa8fc079df528ce32,0x34a6e6f873f78b5d,0x1e309d65bec39e58,])), - field_new!(BN382Fq,BigInteger([0x5aba4a3eba88b40a,0xf127a7a57f966e88,0xa865a53933a2c98,0x7701a2b048d8493d,0x493e5cceb2dd3b4b,0x145d682927bfe049,])), - field_new!(BN382Fq,BigInteger([0x6ba71c33b869a2b,0xe3c311ecbc20b673,0xc8ffec8a168b0beb,0xd45919cf48d19ca1,0xff2aeb83156f1e0c,0x65a7c17c04d9b8,])), - field_new!(BN382Fq,BigInteger([0x4483c5ac6052733c,0x65bafd9ec9cfeabb,0x2d9af7ffe46491f4,0x5107fa9836303c50,0xb1626909c20a8843,0xb77644d31505c4a,])), - field_new!(BN382Fq,BigInteger([0xfa37aca0ad180976,0xadd5ca29c549ea0,0x4ca36d8a5becbf99,0xb35cc97506fba437,0x801b618d8f7a65cc,0x88bb0ff7c887260,])), - field_new!(BN382Fq,BigInteger([0x74334a2589275f8a,0x495e1acbf42feda3,0x6f598447f9edd1e2,0x6e8bcbee242e2acd,0x737217d76399b6c,0x7605effd6db690e,])), - field_new!(BN382Fq,BigInteger([0x79558d730cdb0cf4,0x4d76ad94a57ea3dc,0x5a50daa4eae5be50,0x74dc4e343537adc0,0xaf57e89b8c8f3e4f,0xf0262b7cd58877b,])), - field_new!(BN382Fq,BigInteger([0x8d5a4bfd9e8e4c01,0xc48f87f84b1837d0,0x9746d06f3c208d0f,0xa55b05cc96e1f278,0x9feb469338fd0639,0x164d9b54c6bbaa53,])), - field_new!(BN382Fq,BigInteger([0xd711a95e74aa16e5,0xb21b42826191468a,0xef2215a6e2465cf5,0x3be11d38cd2abc2e,0x6922aa004be7acbe,0x9a438ce38f57452,])), - field_new!(BN382Fq,BigInteger([0x6f0c791d5a19f8ad,0x275fc4f4cf3f0749,0x14e6278ceb5603f,0x590ca23d0742e311,0xd523652098158b3a,0x144386ed9e2bd037,])), - field_new!(BN382Fq,BigInteger([0xf1b912e706f95fc1,0x9376a60c0fc8251d,0xd16509aa8d5702aa,0xf2ad8b42c152b137,0x2afc63ed502bf64e,0x1b6b0e5558cf617,])), - field_new!(BN382Fq,BigInteger([0xbe0ad82d9087197c,0x52bb9b60c3921550,0xd6087209d2c93fe5,0xf237aa4f495c4e6b,0xd7ed19ea6caae622,0x1ff295b91a998386,])), - field_new!(BN382Fq,BigInteger([0xe7b97858a6116d4b,0xd252a504b677fc67,0xec18f05d02c43c78,0xa34d9af2785c6751,0x7441dd9d2c7386c8,0xb755708ab1d63e1,])), - field_new!(BN382Fq,BigInteger([0x6a1966d3e49fafc5,0x8c1d2f21edfda2aa,0x1e82cd1e3a21a87d,0xfd8c44699c59c071,0xcb6db201aeb8e231,0xa57ca087cf89d1a,])), - field_new!(BN382Fq,BigInteger([0x9b878aa4f5c861a4,0xc7a50a6ef2667e80,0x3b33bc9fdda7f2b4,0x2b2b093522416676,0x33c874bb886eab7e,0x2f7225321705c9f,])), - field_new!(BN382Fq,BigInteger([0x38dfe7c8970c5a78,0x190711550d76e4fd,0x8af31c1ea6981255,0xe44676fac09c007b,0x104542df1c5818ad,0x22a3b7d8efcf0800,])), - field_new!(BN382Fq,BigInteger([0xad5aad220f28bf51,0xb787f8a1009b43bb,0x9f5c78b850cf435b,0x2a17d2b78b00b5b2,0x2a4689cf92603212,0x885788fc73b9dec,])), - field_new!(BN382Fq,BigInteger([0x596522cf3842f886,0x6ba78ebad4ad6c5f,0x5e915622de2ac7a8,0xd2e59e5e9b7803e9,0x12c15ef046080ddb,0x6196d0e51609c2f,])), - field_new!(BN382Fq,BigInteger([0x7e431c78ef003b9e,0x9bec5430fd198efd,0x7adfe197a648c9c,0xadc6814bdb8bf143,0x3ef245fbeea19ee0,0x1b502b659f6836ba,])), - field_new!(BN382Fq,BigInteger([0x7dd783443d5ade4a,0x8d91ab427b47d701,0x559737434af8cb42,0x5de98c39e51c61c2,0x6795b74aabd89d60,0x160214431f119d36,])), - field_new!(BN382Fq,BigInteger([0x251c10d7fa7c47f7,0x3c5fed691f68b593,0x3ea6ba7614ec69a8,0xa83d2c9a7604b3c7,0x503e43021f5084dd,0x30d842ee24af4af,])), - field_new!(BN382Fq,BigInteger([0x24a001965c5a1ba1,0x21a3948e442d7a1b,0xf262851a2eaeb09a,0x9a271685559ac491,0x5eabb60c7b9cdf7c,0x1368a35e372e7d9d,])), - field_new!(BN382Fq,BigInteger([0xcadffb361e7dd4e3,0xadc86c733c0b39a0,0x6c02ba0221296118,0xd1c3748fee443c9b,0xc04c5a63e15d102f,0x1a9f44a94d17649f,])), - field_new!(BN382Fq,BigInteger([0xadb5ac70082c132f,0x667ea02a0bf6f1dc,0x33a436e53c7eda95,0xea430c4a49f27027,0x9f7c45e34cbf6009,0x1ee595a24a59d641,])), - field_new!(BN382Fq,BigInteger([0x28ac144f3a0b7e60,0x81fc47eb0a5deef1,0x1a14e4dd531e46cc,0x7dd2f07f98c3421e,0x531bc81951825408,0xa2c68961991d3ff,])), - field_new!(BN382Fq,BigInteger([0x63dddc915e48446f,0x3a0f3d957ed21daf,0xabc04d220488efca,0x5f6b1f817b891852,0xc59271c2ace370cb,0xa4e9ffabdd62291,])), - field_new!(BN382Fq,BigInteger([0x8db624d513968f95,0xc170025059125c0c,0x5abbac40d20de48,0xe3e20a404b528996,0xcd3929d5524f33dc,0x9c3cf17f05ad0e,])), - field_new!(BN382Fq,BigInteger([0x9b277edb6efb3130,0x988064c61e7619fd,0x2fbfd271f9b310e,0xef68cd1a6799c767,0xba33b0055fb32250,0x196e91c97e27ce2a,])), - field_new!(BN382Fq,BigInteger([0xad6bccb6962563a2,0x3541e76cf2b27ec6,0x4da50d8dc11d476a,0xbd918c9990d0819c,0x1be2192580c32d03,0x13d8d818e68a3503,])), - field_new!(BN382Fq,BigInteger([0xc3ea077e59173225,0x9b2cda8e512b43d9,0x8d8cc70481f2de1e,0xf81ea731024e9e40,0xd7815d8494506e6f,0x111cc2c3474c379d,])), - field_new!(BN382Fq,BigInteger([0xc3990a99670c6376,0x733fede82f6a9f32,0x25ccf1bdc3a7b6fe,0xfb1688881f90f542,0x1d1c1fe21fc1053f,0x1185a4198ce71f31,])), - field_new!(BN382Fq,BigInteger([0x56e6d5ac098ed4f7,0xf6a50ebd6524904c,0x78f752af811e0af7,0x5c6785c73ca6a1c2,0x3573984c71537f33,0x9a4f531f29dce14,])), - field_new!(BN382Fq,BigInteger([0x2acbb144412bd40e,0x12793dc870c184e0,0x99293f4107113fd0,0xf1f7d677ef74423d,0xca28475098096a20,0xcdb39d0b13228e8,])), - field_new!(BN382Fq,BigInteger([0x7326571976ac830f,0x2dbb7b7357c055e,0xfb3f0c006d85055f,0xb9bf39bb94ae555d,0x9586cd1894236411,0x14275986001e5b8e,])), - field_new!(BN382Fq,BigInteger([0x4ea34215e89e9594,0xb04b3fcabac985d0,0xc385ba3b30bb9004,0xd895542bb41b31f7,0xd4ee182cc63f49f,0x14429ec401d439d9,])), - field_new!(BN382Fq,BigInteger([0x7d9256120eea4336,0xc3b7c11a24f3ad9d,0x379d9ffa093019d7,0xcb24c948ffc31f42,0xfaa6a3f44513d31c,0xa73bb43e27c4d9,])), - field_new!(BN382Fq,BigInteger([0x5715f91b450a2b22,0xbe6056637c16d403,0x18e0ee010694b3eb,0xeea2d89ffd0325c,0xf4d046cd2663d58c,0x9390ecf851c6bb5,])), - field_new!(BN382Fq,BigInteger([0xcf582579e37b65e4,0x7cb61273ef51698d,0xe21caf10ff0db9e3,0xd23478bd96a9fd46,0x50a060a3b4d52f99,0x1de0c3208db25112,])), - field_new!(BN382Fq,BigInteger([0xd6799804a7c64aae,0x61cb60d3fa12a952,0x6361bc0acea399e1,0x64048d38061bea1a,0x459654a8836b40c4,0x110b87f12f17d2cb,])), - field_new!(BN382Fq,BigInteger([0xd4576d455000661,0xafbd7dab30d92892,0x42124cd19ef60497,0x677fc6071d62784a,0x2cd20ec12410380b,0xcdc0ec2f73389a1,])), - field_new!(BN382Fq,BigInteger([0xdcd901cc066ad6f1,0x2c65a94ceb06c216,0xd2020b3627e37199,0xdc36db63303c1f95,0x77f4b5945b03b180,0x1a4d8e85086a7018,])), - field_new!(BN382Fq,BigInteger([0x924d686e1f4de468,0xfb951524e511a931,0xdf0c374b77a287e4,0x571839b1986e69e2,0xeb1386c4838d6f40,0x1ba077f86ab31ce9,])), - field_new!(BN382Fq,BigInteger([0x46a80563869043b,0xe2a9cff6e164dafe,0xb06e9dc8460c4df5,0x42b109c6b7aa652b,0xc3f2a1ba965ef49b,0x188fb3cf5d26ef98,])), - field_new!(BN382Fq,BigInteger([0xb4ad19e94842f68a,0x30bd2dbe0a36b781,0x81dcc8d903d96637,0x17d5654d4230b8e8,0xf916fc51d11081bf,0x18d9ebe7791394b5,])), - field_new!(BN382Fq,BigInteger([0x8e1a2fe58ea5b4e5,0xa293946be1872304,0x60c7c8d04a55d07d,0x3b4f31f25b4b992e,0xb0c1889e90604cd9,0x21de7a9924782247,])), - field_new!(BN382Fq,BigInteger([0x73708f4080f1bac5,0x9bcd5349856d3b85,0xbaf65543926b79c0,0x1e5a0e846c2be200,0x75a71228b1c408d7,0xb00a7c04513b482,])), - field_new!(BN382Fq,BigInteger([0x270e3bc92fe43b76,0x4508e2c719a621cb,0x28150cbdd98573a4,0xc51f19fba8a857db,0x1d616ccb11df5cf3,0x5fa245a0bce6684,])), - field_new!(BN382Fq,BigInteger([0xaa5758d6b77fa096,0xfb86385a61da33a1,0xb8760cb02d62871a,0xb777e60379664c6e,0x4e35b0262a8dd1b0,0x4b7a81c8fbd5223,])), - field_new!(BN382Fq,BigInteger([0xcb46ae413dd897b3,0x3c2f05238b865685,0xe2c71aed8f17cf48,0x24489fb04292964f,0x7297b7b70f73d062,0x912823646e0441d,])), - field_new!(BN382Fq,BigInteger([0x223a2f3352f8e722,0xcdd30eecbf3a95e4,0x17661fd46a883cdc,0xc4558484a5ee007f,0xd7b36a7acb002d96,0x149056a9ce282692,])), - field_new!(BN382Fq,BigInteger([0xdac8476fc388dbd3,0x41ce264f30113429,0x4b75791e88afcc5e,0xaf0feb0d78958a1a,0x456677e7084f6510,0x971d78775774c05,])), - field_new!(BN382Fq,BigInteger([0xea6db25c7f53a2de,0xeee885144aef66aa,0x2a8c170053fbed18,0x8bac8127939f0bc3,0xdebc8e0d27c0bed6,0xce25ea5ca6a23fa,])), - field_new!(BN382Fq,BigInteger([0x2c4f6fb62d7c30a0,0x593571582f4c201b,0x7a68b9459c6eeff2,0x582e48599c7e5b87,0x2de3f60125b3c492,0x57b622e2b54bc08,])), - field_new!(BN382Fq,BigInteger([0x9767d665a4befb9b,0x36869114281a8fe0,0xa96fe9de70b3d14c,0xeca0a53acbe1e9b1,0x92a46fc52c530cbc,0x1f7223adb838d6ca,])), - field_new!(BN382Fq,BigInteger([0xd14afbb062ec7466,0x7f573318281e44d,0xc0f3907c7d65602f,0xcc358ab3ede53284,0x3f108fc02249b5d6,0x2037000b310a41af,])), - field_new!(BN382Fq,BigInteger([0xe3a7f5a60c842ace,0x291591469e9e388a,0x1970ce92c091bc14,0x281e0bfb36af26d,0x4cb460106ebc8464,0x1a4972a7abd72a9c,])), - field_new!(BN382Fq,BigInteger([0xeb37f3044a018cfa,0x740b4f1a24b705ba,0xab5191ec02196fb8,0x5c602ba23ab4b6be,0x14cc18a48880bc74,0x45901d587c632b5,])), - field_new!(BN382Fq,BigInteger([0x4d03f8feb4e29412,0x1312da11e9d6c3c7,0xa3f3f447ae8c2b18,0xa3d46cb6d3aff0e7,0x6b3e6e402cd32755,0x2115dbd506bd9ff3,])), - field_new!(BN382Fq,BigInteger([0x5b3cc958ff25a816,0x40e1fafa7d8d0df,0xa303af264ac204cb,0x89d91f2e5a0012a8,0x8786e0c8fe120512,0x1ca3fdd74b72c550,])), - field_new!(BN382Fq,BigInteger([0x9d8b280bb3ffe753,0x85997448639561c9,0xa271b44e64ea857e,0x548f79af1b6a409e,0xc9327aae6474fda2,0x2365e24750970de4,])), - field_new!(BN382Fq,BigInteger([0x46ecdd73a74b7d1e,0x3a7e9631fcd5239,0x455987279a668aa,0x558388ecb2c5db85,0x5512f9cffcadb1ec,0xcbf236439e73c6f,])), - field_new!(BN382Fq,BigInteger([0xc05b829150faa3a7,0x91a4c4c6640887f0,0x9b78c67388127cc5,0x96f6c4c796961820,0x3c32c42953807d1,0x1f80990d61726ba7,])), - field_new!(BN382Fq,BigInteger([0x146f4d6db64519e5,0x4f1c67e5e1696854,0xa74bb64530ffebb8,0xb2147dfb425d992c,0xa1c937be431909cb,0x1ff0475c68d6f42f,])), - field_new!(BN382Fq,BigInteger([0xd3ac2f1875a1e4f8,0x541ac2ac1a33a705,0x5856458d6dbf42d,0x9c5c28e8c894b748,0x981fa30f407cbd38,0x1124b071e2840bdf,])), - field_new!(BN382Fq,BigInteger([0xbf7a8f2ba373e34e,0xb0e6d67cfa9b525d,0x5e82bbcefe9a8f65,0x94bfdb0881563f6,0x4f95c9e067a860e2,0xb59e5fd70c41736,])), - field_new!(BN382Fq,BigInteger([0x99bd7e328fd74e6e,0x6f40a78a33d0477c,0xd7a3ce8774f5c5d4,0xbefa4c401655b3e0,0xceed628ce16401a9,0x1771f0c9ab9e01a0,])), - field_new!(BN382Fq,BigInteger([0xaa33d3105c11d030,0xb4206b4274144118,0x71af41702c20aa1d,0x4b81d549f01a3bf,0x9e695344a20872cd,0xd9da4aef601b64d,])), - field_new!(BN382Fq,BigInteger([0x19a6aab308d8fc38,0x657996de7cdc0288,0xbabc456e42bebfc1,0xa78a28e83141031d,0x4786071361f1cdb,0x19eb1a863087b891,])), - field_new!(BN382Fq,BigInteger([0xf4fbb1fa6558c0b7,0x6b24b123ee40321b,0x92074c3648a99b35,0xf3be03c28c26611d,0x1df77967a66b292f,0x1a1daaedee4baa4c,])), - field_new!(BN382Fq,BigInteger([0x3a82f327f9606694,0x7291e98c9363473d,0x7b0b80ef86a287a7,0xdf1dcf2ccdc7506e,0xaff515139c07264d,0x23d7670fd063e7c0,])), - field_new!(BN382Fq,BigInteger([0xed50a3abeb5389fd,0x165e2b2728cd4440,0x7aa64cc11dc70781,0x4ff0c136113d2d3b,0x823c918132409328,0x139d6ff9a0fbe6f,])), - field_new!(BN382Fq,BigInteger([0xba6c752de6036dba,0x287bb7c856fc951,0x5e811f9882ea22db,0x7b92e32100367c87,0x8aac4c9e772db556,0x12be4d6b3d608d6e,])), - field_new!(BN382Fq,BigInteger([0x61e0975aa3cbc721,0xe837cffcf71f4387,0x2a5eb9ee35e8eb2,0x6157fe03aa9edc19,0xf9454bf7e9d8d856,0x1e0d0c1935346420,])), - field_new!(BN382Fq,BigInteger([0xc9479abf4cb7c45,0x6a3f08b15901988c,0x4cd230c93832ff25,0x7a94cd892bfbae6d,0xb7c7ea2bf8fa825c,0x1477cc8413069412,])), - field_new!(BN382Fq,BigInteger([0x8db7f9df9aca2466,0xa003378e6f470e35,0xe1595479552688c8,0x140789fcf6f470d2,0xf43fe45a3ff8c0dd,0x13eb14c4ba26f086,])), - field_new!(BN382Fq,BigInteger([0xba11304404e55714,0xd7a5ebffa7108c41,0x7fb72486c2e5fb72,0xec3d576731687f6e,0x77944f261dc6ac2d,0x1c539ae5469b07db,])), - field_new!(BN382Fq,BigInteger([0xa56715ce64d6d51d,0x2b0fdc813d82ce81,0x67dbaa19d64ebb14,0xf28425a404173a4a,0xb44df750f88769f,0x165d737d22d40d8d,])), - field_new!(BN382Fq,BigInteger([0x38d54f187254b673,0xdb8329159cfc7d0a,0x341b5e6877f9e5dc,0x308eeaa500c5fa7c,0x147c7b04a5686654,0x1e0c1343a2f46ae9,])), - field_new!(BN382Fq,BigInteger([0x7d0a7817339648c7,0x6d2bbe2568bd122c,0xb1d022c56deacb8d,0xf3a2157e7c0fb9d2,0x32a928690f5785eb,0x23d36f0efa20bec6,])), - field_new!(BN382Fq,BigInteger([0x1ba73d3f2039a551,0xb20ce85ee313b7a6,0xfda26ce92468b557,0xa536e7778b08ab31,0x55b343ab2a03877e,0xde0d7750338de90,])), - field_new!(BN382Fq,BigInteger([0xd14e2e58bd3a3600,0x52cc43605ccb7878,0xd45ef99362259a19,0xdbd620a074e674f4,0xf1308b7999e86648,0xd99b203be30299d,])), - field_new!(BN382Fq,BigInteger([0x2d258c64a39258ae,0x95770a7d649b2751,0x5ceff0d392b75775,0xb0d5088aea922240,0x2eda9ef8e22238b1,0x1eb3a2847562c989,])), - field_new!(BN382Fq,BigInteger([0x64c5a9976c34367b,0xb36428fcf75e189c,0x515c48a6a206d639,0xec7b8d3827ea6418,0x242306fe1c4c55e8,0x1e63d46e2cfa5ac8,])), - field_new!(BN382Fq,BigInteger([0x45a449fb632a6ea1,0xc758b2694916c9ae,0xc4cb7c8fa5904b63,0xca43dd46ba5aa36e,0xc34770489b356a87,0xc2fbf2fca9a77d2,])), - field_new!(BN382Fq,BigInteger([0xeec6c112251e481,0x1c6857cf9941a068,0x688ea495b579093e,0x51d0da22ae2e8e88,0xb39e86163126d812,0x227aae148627caf8,])), - field_new!(BN382Fq,BigInteger([0xe74a3f48e86fea2e,0xd0aacde6489a7b13,0xfae7d18731b7ca32,0x9f383d76e9c81ec4,0x9b5c879911035711,0x991664507056f46,])), - field_new!(BN382Fq,BigInteger([0x323b0d71397ebaa5,0xd7f3d3ea938134ef,0xa064e9462c589493,0xbd21225d39e11944,0xaee1c83237ab6fdb,0x744d5aab0f1154a,])), - field_new!(BN382Fq,BigInteger([0xb9f070ac75463fab,0x52c1d55cc512c1ef,0x17a0e056654f5771,0xdf40372a1d2cda87,0xe3f2dc081747fa47,0x1eacdfbdf93b83f,])), - field_new!(BN382Fq,BigInteger([0x3fb40908a6af991b,0xdb8e3ad754fb1b05,0xf0ca408ff4260bb6,0x724a1491dad7e2da,0x799badb10eec717b,0x16d7513dd78dbe80,])), - field_new!(BN382Fq,BigInteger([0x622d9fad56102378,0xc006938896526de9,0x35f38c1290e7706f,0xfac8725935829b6d,0x5d04e3dfa16fc2d4,0x3b154e70a17f9e6,])), - field_new!(BN382Fq,BigInteger([0x281ee6cd03d6a761,0xa1042b8794f7ef58,0xcb66d5b539a7adb6,0xc36ff447f5378b46,0x7fae60474ae15653,0x1f9bf90f2a259054,])), - field_new!(BN382Fq,BigInteger([0x2ff1497169822a09,0xfbe99c36690a05cd,0x3652ed9ef2dca99e,0x927baf0f74563ae2,0x73a8b390017e502e,0x1440521166668284,])), - field_new!(BN382Fq,BigInteger([0xd1916119637fa5e9,0xd454c90c89389c66,0xf479a0c8deb8865a,0x32982975bfbb0739,0xe0a2dade98190398,0xb9b1fcda1ed0d88,])), - field_new!(BN382Fq,BigInteger([0x7a5c42fe5004bbee,0x870b992532c7ec69,0x6e5e0bb83dacc6c5,0xcd304188c3674c3a,0x65020c69284cc361,0x217f5f53e3379ddd,])), - field_new!(BN382Fq,BigInteger([0x186fb6dcf55b541a,0x33808954d7e6e696,0xf72b728bc765d0e0,0xeb287542941dc3b5,0xa460f5242f3d2a99,0x12dea74e20511847,])), - field_new!(BN382Fq,BigInteger([0x56a8b5c7ab465750,0xa85596f010b9f395,0x8c0d1516ac13fc3d,0xebc4ab3e7779f074,0x46908169bee2a8ae,0x211c205a812f6e62,])), - field_new!(BN382Fq,BigInteger([0x4f1a7a692b818a56,0xcbd0e353e8f7f4cc,0x886917652a9c3fee,0xa9037c8e67477fe,0xac035ddf8e176ce5,0x23d8568d4f9f1b8f,])), - field_new!(BN382Fq,BigInteger([0x59d5db51e5b3aca4,0x39ed6b782cbd472,0x8b59b0612ce3ff84,0xab70aa79f61680de,0x5ed9fa83db412c51,0xb6bcf9d8f4fdedd,])), - field_new!(BN382Fq,BigInteger([0xc46d1e4e9b063124,0x22fb889539d315a,0x605ae51ce39fb701,0xce27f6dc690c5d31,0x5b21edbe47138fd0,0xbf9244e5d8c724a,])), - field_new!(BN382Fq,BigInteger([0xa4b893db7265d28f,0x27840a56c73e0e90,0x665109d3d3c5bcbf,0x36e48aabe2c53f02,0xe91dd6d198a41348,0x15e5c81319388e50,])), - field_new!(BN382Fq,BigInteger([0xd3b35835ce2f5568,0xc9d87caafdd70880,0x63c0aa7690deb97c,0xddbe32dba15ec989,0x6c0ecd498f7abd9e,0xa97e9163209e830,])), - field_new!(BN382Fq,BigInteger([0x6d724e6e54fce9f7,0xf3cab2cf84bcb7a7,0x6512228511d8b645,0xcc09e60d2fcc95b8,0x8b69c789dfc5d84e,0x1e318fa8f5e2435,])), - field_new!(BN382Fq,BigInteger([0x67bf7dcbbe25b1b6,0xc9210e60b8edf434,0x2cb9649613583586,0x999917c7c1769441,0xb039646cb40b3cc2,0x60d7ab47bd4fa32,])), - field_new!(BN382Fq,BigInteger([0x185c925eb60646e3,0xec905576c7c038f8,0x623462f3ee26f348,0x3d3f2a4cffdf186,0x714a88b6868b0c93,0x5cefe3f902ec4ce,])), - field_new!(BN382Fq,BigInteger([0xbdd8c952c824ee91,0xc50e750144e8daa3,0x6f72775ecd9cfc99,0x4b8202acab657528,0xe91b332b3a32cb01,0xdcd5bb998a59f25,])), - field_new!(BN382Fq,BigInteger([0x35ff043eb0a259ca,0x8a19d1a07add11d9,0xd5a7f65a7e98e76f,0x1d1f5e3d7b67acff,0x1f3160260ad5d071,0x1f49f4f4c4bb0a73,])), - field_new!(BN382Fq,BigInteger([0xcd2d09df5d799ab3,0x301c5e78c75ec61f,0x3dd659aed620cb5a,0xf49ec1aafcddde8b,0x9a5900a61f200d79,0x12471025c1903c3a,])), - field_new!(BN382Fq,BigInteger([0x1b70d555e2ca135,0x8b25fe3158b211dc,0x423cb7743e56cdd2,0xd83ec2b68f32a3cb,0xafa31e76172fe97b,0x1284a8d884504da0,])), - field_new!(BN382Fq,BigInteger([0xb4e20ef9c167092a,0x25e23e7643b2353c,0x2e9a487d6fcf0e27,0x22017a054baa0dc1,0xdbe5fb651269e627,0x175f982ef538845e,])), - field_new!(BN382Fq,BigInteger([0xa230125cae01ca06,0xb60ddd805060bb65,0x781f6358fdf35cc5,0x27ec26272ca9279f,0x223b9b925145c7d0,0x15321c7999c2c790,])), - field_new!(BN382Fq,BigInteger([0x299cf1feb0967100,0xe1c814fbe77f0aad,0x74f1a6571a1bf4c0,0xc5b00355e3f71462,0x42959e6fca317d1a,0xf6f766752fcd031,])), - field_new!(BN382Fq,BigInteger([0xc90630575fe8926f,0x4beecf53beecc9e7,0x3ec5c23ff79d26e7,0x82b9ae9b2074a975,0x3275d3335a5b61a4,0x17e60476ddc00394,])), - field_new!(BN382Fq,BigInteger([0x61ca02d84e446d4,0x8bf76e3afbf222cf,0xe3f845d9b5c526d9,0x31a417dccde139c4,0xaf451639027fa0a8,0xa5d949c5ba734a4,])), - field_new!(BN382Fq,BigInteger([0x684b5d5dd06452,0x81873d5c3a927f4b,0xf3ae7d878b53045e,0x5b12585266e9ffc2,0xb6a33967c4fcd23c,0x1fee25b968a19460,])), - field_new!(BN382Fq,BigInteger([0x28ac05b45525aee6,0xe6ec0ec78f89e6be,0x763da0a94ffb1777,0x9fd9806cf8e0377,0x39853681df51f01d,0x10e884b847588f2e,])), - field_new!(BN382Fq,BigInteger([0x9ba33a2b8e6d3e77,0x2375fd431e4f63ed,0x287db763b1775b1f,0xb444aa043a658005,0x108dc7af1268421e,0x203df7ff4b1018b9,])), - field_new!(BN382Fq,BigInteger([0x77cd2254a1ba4727,0xe06d00860400b3e,0x3a834592427d51b0,0x812b436e8d62d10e,0x84f6075d99f256fe,0x1c5a16937066e01e,])), - field_new!(BN382Fq,BigInteger([0x9a9f5e24b2de8f9,0x5686257bbbd39f6f,0x838a747f765013ea,0xfe45b64bc9bd029,0xdb964863079a7c10,0xc919816e59ac26c,])), - field_new!(BN382Fq,BigInteger([0xbe21b3621c08586a,0x2724d1f62e184324,0xa02bb0baa99fa2be,0xde816314ae73aed3,0x3667d7ef0501a531,0x20737843e7abb3e2,])), - field_new!(BN382Fq,BigInteger([0x935770455d764bed,0x978193d2ea32671c,0xc080a64d91aa30a3,0xf373a04cd5ee7205,0xf6107d1a4eb5e7d7,0x12360610e1533edd,])), - field_new!(BN382Fq,BigInteger([0xe0708f8fafeb7e9b,0xf940ab183d24b34c,0x2c6306a03e773c24,0x4e8e976d3e59aea,0x5020c2ebb299d0d0,0x1aa2a3dda80c1b3f,])), - field_new!(BN382Fq,BigInteger([0xf853f29bcdb2b758,0xdfffd08ae4750820,0x685519bec7ef0e89,0x2eac74c3e917edf0,0xaaea4e1001653ce1,0x98d7d48d1a81695,])), - field_new!(BN382Fq,BigInteger([0x7425e6b4fb03ff8e,0x2105558124998e6e,0xb798777e99bb4557,0xe28f58384b8d7d16,0x5143f5e56d13cfe8,0xcae8a8711f32f8f,])), - field_new!(BN382Fq,BigInteger([0xb6c46eb0b3d4b33b,0x7c2cb08899d9edcf,0xbd7c3b37d41cf642,0xac04c8564fe08058,0x6b1caede28480bac,0x21fbc48be334a5a9,])), - field_new!(BN382Fq,BigInteger([0x9f938a64de6abc09,0x4627eef381040b02,0xd9d5fa5d8d96c84,0x33ad95824019e9d9,0xd917accdd2b13a7b,0xb2d9874e2a62cb1,])), - field_new!(BN382Fq,BigInteger([0xa5ffbdeb2ea110be,0x766bde9ef5bd7107,0xd9f698f2bf09048,0xe276b168a207b6e1,0xb690c8fc42b71e91,0x54df5846a5e813e,])), - field_new!(BN382Fq,BigInteger([0x24db87d6e4d6709,0xbf1197219274c2f3,0x471d23fef55f04aa,0xecfcd4a4fa627c4d,0x95421db58854eeb4,0x1d20e6d69f5e945a,])), - field_new!(BN382Fq,BigInteger([0x3348360c91c59160,0x2a1db34c49353e2c,0x44ee4803e36b9e87,0xedb38be161db8745,0x28e53ccbd28bceb6,0x93366d44b72a28c,])), - field_new!(BN382Fq,BigInteger([0xaf2ca5db68a78c48,0x509dd080dbc8d3cc,0xa81246a0f655ecb0,0xb426bee485d33879,0xce02523041e91e2c,0x1d89a23c703a2b30,])), - field_new!(BN382Fq,BigInteger([0x19d38b7daaea3530,0x49657e8d58725c81,0xaa4d32ba5d860a1e,0xb229e9c836f1b38c,0x6cbc121177f093a6,0x21ad1de692351f86,])), - field_new!(BN382Fq,BigInteger([0xa948ecbfca226399,0xe953e15ae5a5369d,0xc33a0a0ef1d1f5b,0x8af264c523f5b377,0x84ac6d77cb262d37,0x13821cdca29e6d4e,])), - field_new!(BN382Fq,BigInteger([0x62312591f619fdc0,0x5d33a1df255325a7,0xc7e5649004526bdb,0x60ec4c76f23c340f,0x46a13ab95d03d2ad,0x1069188d2c9a5a53,])), - field_new!(BN382Fq,BigInteger([0x3010e9acec9096d7,0x2b203ae92f8ed6eb,0xbd7a5a549decffaa,0xb22773183e3ea1d7,0x476b4cf2ed6f4126,0x189c2d6451dbe104,])), - field_new!(BN382Fq,BigInteger([0x75513c8a0fa7fafa,0x5e35eb4662658a04,0x573426a661704df4,0x494f8eb7d41ef30d,0x46bb978e4987b42c,0x1162126adcc68ff7,])), - field_new!(BN382Fq,BigInteger([0xa06cc2f15a8dcbfe,0x7f57f8d71e46e63d,0x612d8f679804b0ec,0x49a7e74b1ca8b3f9,0x91fbf9a3ff6c31ed,0xe0c50bcc47c86c2,])), - field_new!(BN382Fq,BigInteger([0xd8df2f0db3aef3ce,0x5d04e468adcf12,0x308980a74c1e4ce3,0xb5637748d790029b,0x3e7e1a564eb69c80,0x918465ddb6b1f44,])), - field_new!(BN382Fq,BigInteger([0xf2fb32edb2515c6,0xf0cd212a371e1e7e,0x42a08dbf3d6f4cbe,0x649d9ea1b64ffe30,0x8c9fb237c238eba,0x1a4303f272d8bfa5,])), - field_new!(BN382Fq,BigInteger([0xa1eef4849620442,0xac71ab32dc6f2775,0x84e1d19794f4dcc0,0xd7fec7abdf034aec,0x7b56d5f965eaea8a,0xd1f5994cd986d19,])), - field_new!(BN382Fq,BigInteger([0x5c43385f49919aa0,0x7f250b2827c9a0c5,0x6cef909a571df578,0x83061f78d24752d4,0x607cf5724015ea5f,0xa6b4c97124db01d,])), - field_new!(BN382Fq,BigInteger([0x84cc4779f63ea86d,0xb9236de88b1b527d,0xadcd29b3e5aa0584,0xff0f794959835122,0x759445ae35be11df,0x1ebfd9ae8a59b8de,])), - field_new!(BN382Fq,BigInteger([0x774979a98aa1a428,0xd28d6db4966dbf5d,0x9a81829346be995a,0x8ec9014e3a48293f,0xbba6121dcc7f287b,0x6b9821b672e5458,])), - field_new!(BN382Fq,BigInteger([0xe8832dd2179b057d,0x1e20be80b160ae61,0x851cf07e9dd9b05,0x811cb0153f9d5b2f,0x1226419b4aa0b45b,0xec23a9e2774b9f6,])), - field_new!(BN382Fq,BigInteger([0x35fed0092c2121bd,0x86591ea9267c848b,0x116024014ba4cf84,0xb6199a51a489c6f9,0x822564eff591e51b,0xd55fb2c5e4ece87,])), - field_new!(BN382Fq,BigInteger([0xc6dcc91fccd7aac7,0xcf9ab43fad117528,0xdeb1ccf32d4c5880,0xa9c96ac7913281be,0x158f32784daa2e36,0x111426d7ea57ce16,])), - field_new!(BN382Fq,BigInteger([0x7b1ce60e4e42885,0x57263ac69ce54243,0x1f6978230085216b,0x93706bb6f8fc3f89,0x367aca6758325d23,0x12b511e38d0d16d8,])), - field_new!(BN382Fq,BigInteger([0x3bc7aa5c339dc68,0x73365851862aa04a,0x9e0057832f283402,0xec4624b3010b16de,0x4c899e803dfa6683,0xd3fc3bc3b2d083d,])), - field_new!(BN382Fq,BigInteger([0x7be36f2d192d31d0,0x245a34a523dccf46,0x57b8423ff597eb2c,0xb1aa67289cf52bcb,0x5eee2e2d650639e8,0x2bfa6fbdda246cb,])), - field_new!(BN382Fq,BigInteger([0x32079c180dfce428,0x10617c87f09b343d,0x95034dde23517d1a,0xafb1d3a4c2920d91,0xe2eb69935360d32f,0x3682b6074e77476,])), - field_new!(BN382Fq,BigInteger([0xd8d5136b2b6feac2,0xcae96ba0e8c7e57f,0x10f720c7818d1583,0xff669a8147cc34ca,0x7c1c1c408f32b9e0,0x1050bdfeedcd74a6,])), - field_new!(BN382Fq,BigInteger([0x7f8efa59bb904972,0xfb2614eb7cb968c0,0x41673203aea2b0f0,0x292e62ce6587a915,0x26e1377d438055c3,0x1041c909c7a54986,])), - field_new!(BN382Fq,BigInteger([0x78ca1fec56fecc31,0xaac71b8644aee19a,0x49cb7370ea9445c7,0x108ef1c4ae528cff,0xead47030db3e7e12,0x98c367b2789e318,])), - field_new!(BN382Fq,BigInteger([0x690b3ca2b6c19d51,0x58f12a81d28bd9d9,0xea9c0b5e33186f40,0xc05b840a2ba60075,0x653af412e1c7ebb3,0x1606f2057e47242,])), - + field_new!( + BN382Fq, + BigInteger([ + 0x7d3e06817fe2fa1e, + 0xe4c855556b4aacda, + 0xd3c7466dfe3ef0ad, + 0xdc8dfad17c55598d, + 0xfedeaecb451cc31c, + 0x1bae49fccd9255b6, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x754b46e688e41941, + 0x5218c793c3fcd5f, + 0xba2d939611dd08a0, + 0xf2c8cd45b84d1652, + 0xfec52f665bbf0be7, + 0x1d8fb23e0ed07701, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x179cb43091dd32ca, + 0x7018ca5f70f11350, + 0x7aa891c65140ab9d, + 0x7b58774f3f1be5a7, + 0x58d49c97590ce49c, + 0x22d837d6cf90598d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x6e7264f540297200, + 0x7e22d05a2ac6eead, + 0x750bb0bb0d9beca2, + 0xce0d22d4f9b03517, + 0x2d3abd81cc62a5d5, + 0x1e364e55e0f8e6f8, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x286abfb064d58d5a, + 0x694641c59e8226c0, + 0x32e216e3da299c02, + 0xde59f2f1fb4e0e13, + 0x46582fcca06d8bc5, + 0xd701682260dc1ec, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x3124c62cde9d20e2, + 0x9fac0ad8132a843, + 0x16a273f6243d658b, + 0x10bbd72c62bd55c7, + 0x28009a3b766ce48e, + 0xb2e1ad3015607f3, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xcd85dea0420e7da4, + 0x7655466abe3e791e, + 0x89ba0ed5c5df0b7a, + 0x696eb193eedd7a53, + 0x21ef87ad83bc2098, + 0x1436fa2898d85c31, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x2eb1bef93fa95c1b, + 0x6744676e7c75d573, + 0xfe40bfb6449c47ed, + 0xfb6f06274deb6d2f, + 0xa121c9375338d467, + 0x18c0c15fee7893a3, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9e87fc5f2c70948a, + 0xf15a84b5d6674772, + 0xeeb5b16e7841c954, + 0x195365c9174167ce, + 0x44cc3beded5210e8, + 0x9b30e2f37cf4d6d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xed5ac23cb2d7b2e7, + 0xb59479b2299532fd, + 0xd7346e61af7d6075, + 0x5379a9f9af0c76be, + 0xbc5e3f64e23b4510, + 0x1aa9539db9e2ca68, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7cca5d75471e18a5, + 0xcf738bac19bfd23c, + 0x8c7dae93f38d07d8, + 0x9928bea7b544d67, + 0x7bcbddc8941fbafa, + 0x107a0460dc3257d7, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x509d7d069c8144b4, + 0x40d6f4f4838412b4, + 0x5f808597a65e824f, + 0xf85fc0b1ae528ba6, + 0x35417bc445096105, + 0x44c8ecab50e4106, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xda7bcdb9334589ce, + 0x279866595323b253, + 0xc031ba9e9316bb4c, + 0x4d45d0a51e50ee99, + 0xd053f804a1ee09fa, + 0x1bd56aee6613e74e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc19bd1f4d113085d, + 0xa029a66df291c4, + 0xdb6338960b5b1cc5, + 0xe91b2ccb73bb8a6f, + 0xe0c9fe626bd1f126, + 0x2395daf5ba537f1d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xe4de707dc5215efc, + 0xa7fea7ecec777a24, + 0x4fccf05790993d31, + 0xc61a8ea4220b5f3f, + 0x27d4a4665ac75ba9, + 0x6e3246f4a3b382e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9d67087a4ea62ebf, + 0x59699096f1144725, + 0x2af84cf3d0380a9e, + 0xd87ee2a6d17347d8, + 0x4a81eb07be1b056c, + 0x75a5a6801316477, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9a6fd8809f12d30b, + 0x3ca61d2f47a53089, + 0x6c4d38eea4287956, + 0x154fa56675395c0c, + 0x8f865519001514f6, + 0x313964af599095e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x4ff63f6fc5645fd1, + 0x7b82f0c9b003a384, + 0x405ce50b7a794585, + 0x29e412a76ea8e5bd, + 0x692bacb4a43e915, + 0x78c400e81eaea2a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x2389a14f0e3f6b65, + 0x8598cc77c8681c81, + 0x3440e4d2dbe05338, + 0xaae1f848c7032be5, + 0x6e4f9f5529c13580, + 0x1de775da7d81ff42, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x84fe9561a4fe2594, + 0x45c754538473d54e, + 0x2081e726351ab13e, + 0x8cb323441756a713, + 0xcb4b80882f845807, + 0x1ee0fcb705dc2430, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9c0aaa37d9119bc1, + 0x575c078a99cbd829, + 0x560f505a0478cedb, + 0x603f002e733c554f, + 0xaf0e6f0f83da8ce5, + 0xf5194f8e715f5d4, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xf3561b7c1cf04, + 0xe56f7e055b0ec90b, + 0x9fb224e52785822, + 0x4c1790f1a8f9110b, + 0x35c79e9c35302307, + 0x18664851ea84735a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x50bdc2348c15b026, + 0xc77491daac514fc4, + 0x8955bc6b09ac737d, + 0xad2ea27060414f4d, + 0x7c997db5fac52dd0, + 0x1f2a5df9da5f6e32, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc681eed0e78148a7, + 0x57621f4c24529a1d, + 0x5876dd8e8ea07bd3, + 0xd28bb407c841cbf6, + 0x8b359037c71d366d, + 0xc328179635cd9f8, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xb1df1f49c37ca695, + 0x1b56a5b8a3ba95f1, + 0x9a1808171c05e8e1, + 0x596925481ab62566, + 0xa9894f79cde80b77, + 0x1818e624cc575377, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x43548437e0c1fc50, + 0x59a017d1d250161f, + 0xa2321e1ad533ce71, + 0x3430291f3dfd7b49, + 0x40e675e0cdd03d1d, + 0x1fb60b75dee10176, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9650122a9d5e917a, + 0xa8c5eb643e9680dc, + 0xebd8e0cf4b27e181, + 0x81878f28988986f5, + 0x84ecb59806b665fe, + 0x117feaed33fcaf64, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x762852a42e0e383b, + 0x2b9d56b451dfd3a1, + 0xed90a6dd9cfa1ca0, + 0xc5e6550af40ad5f6, + 0x6670b6c3cc0f13ba, + 0x5e52fd37e326076, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xe1e4e2b36aee2c68, + 0x72612c101843cef7, + 0x76566b953d138574, + 0x6286ec06a22d97c4, + 0xfb0718535ee4c307, + 0x9e580b297e1295b, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x65f93a2ead7fa104, + 0x1139a51aa674b95c, + 0xab9fa9ccab64de12, + 0x4969cab7168e67e1, + 0x2c66ed95aa8833e9, + 0x22277dba6061a1d8, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x12cb752b436c79c3, + 0xb5575ed259af50, + 0x7dccf11c775c50d2, + 0x256f41f44c42588, + 0xdddd7ae2731d6bd, + 0x1a7da4605f2bcf7f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xf17d407d066ce17e, + 0xdfea3d5a11d38819, + 0x717c2c4500c8a8c0, + 0xc4688c81e31a6bfb, + 0x2efddb7e9a1a49ec, + 0x11e0e744d9b9bf65, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x2f760135fa494ee, + 0xe4c672bdaa35fa34, + 0x1a97d2b5972454fb, + 0xb81957273e6ab4ff, + 0xaae7da73e2b6266f, + 0x1e686ac49d2a0af0, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x1eba31296647c903, + 0xbd60962fb86746ae, + 0x1b4d0d9f30fb2a43, + 0x5b25913bd3ddc434, + 0xbc01fc18fb238c25, + 0x116e17520ecc512a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x59d0c63a50610ec1, + 0x3fe0bd51fa0924ce, + 0xc6d8ebda99506139, + 0xe99dc0342673ea71, + 0x9c64cdfb11223be2, + 0x230326e1cac30a51, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x19dd66a19f2d898f, + 0xba24837495c205bd, + 0xddd6a3e566c9364, + 0xf17d2d050307ed13, + 0x8569697716a78d55, + 0x407aa69c480f0b3, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x2243ad2201738dfb, + 0x47fa258210c3c4d3, + 0xe16a2f543c5e1563, + 0x388ab7de843b5472, + 0x1e0cfdaa9aee9db9, + 0x110ccf2550e558c5, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xaeac429db7c9fc3e, + 0x7987de7d8d4db1ae, + 0x2014fa7be205236b, + 0x25907e49da254eb, + 0x3f5ffb11ff83ff7a, + 0x1f3ac24ab99ac449, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x6cc00c3862aec83d, + 0x53d9edc4ca869837, + 0x6a6faf39cc7cca99, + 0x79d17dc8f0fd7a8f, + 0x9ed37f5afbd892fe, + 0x1f954915257adceb, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x225313eda783d91c, + 0x76933610b1c2a124, + 0x521b514063a98ce4, + 0x13097fb4ee798ed4, + 0x313901195a1ea8b8, + 0xff5d28d7fe4999f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xa1c3174820850d5, + 0x168f64a76996a0d4, + 0x303146faa39efcbf, + 0xa8fc079df528ce32, + 0x34a6e6f873f78b5d, + 0x1e309d65bec39e58, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x5aba4a3eba88b40a, + 0xf127a7a57f966e88, + 0xa865a53933a2c98, + 0x7701a2b048d8493d, + 0x493e5cceb2dd3b4b, + 0x145d682927bfe049, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x6ba71c33b869a2b, + 0xe3c311ecbc20b673, + 0xc8ffec8a168b0beb, + 0xd45919cf48d19ca1, + 0xff2aeb83156f1e0c, + 0x65a7c17c04d9b8, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x4483c5ac6052733c, + 0x65bafd9ec9cfeabb, + 0x2d9af7ffe46491f4, + 0x5107fa9836303c50, + 0xb1626909c20a8843, + 0xb77644d31505c4a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xfa37aca0ad180976, + 0xadd5ca29c549ea0, + 0x4ca36d8a5becbf99, + 0xb35cc97506fba437, + 0x801b618d8f7a65cc, + 0x88bb0ff7c887260, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x74334a2589275f8a, + 0x495e1acbf42feda3, + 0x6f598447f9edd1e2, + 0x6e8bcbee242e2acd, + 0x737217d76399b6c, + 0x7605effd6db690e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x79558d730cdb0cf4, + 0x4d76ad94a57ea3dc, + 0x5a50daa4eae5be50, + 0x74dc4e343537adc0, + 0xaf57e89b8c8f3e4f, + 0xf0262b7cd58877b, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x8d5a4bfd9e8e4c01, + 0xc48f87f84b1837d0, + 0x9746d06f3c208d0f, + 0xa55b05cc96e1f278, + 0x9feb469338fd0639, + 0x164d9b54c6bbaa53, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd711a95e74aa16e5, + 0xb21b42826191468a, + 0xef2215a6e2465cf5, + 0x3be11d38cd2abc2e, + 0x6922aa004be7acbe, + 0x9a438ce38f57452, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x6f0c791d5a19f8ad, + 0x275fc4f4cf3f0749, + 0x14e6278ceb5603f, + 0x590ca23d0742e311, + 0xd523652098158b3a, + 0x144386ed9e2bd037, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xf1b912e706f95fc1, + 0x9376a60c0fc8251d, + 0xd16509aa8d5702aa, + 0xf2ad8b42c152b137, + 0x2afc63ed502bf64e, + 0x1b6b0e5558cf617, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xbe0ad82d9087197c, + 0x52bb9b60c3921550, + 0xd6087209d2c93fe5, + 0xf237aa4f495c4e6b, + 0xd7ed19ea6caae622, + 0x1ff295b91a998386, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xe7b97858a6116d4b, + 0xd252a504b677fc67, + 0xec18f05d02c43c78, + 0xa34d9af2785c6751, + 0x7441dd9d2c7386c8, + 0xb755708ab1d63e1, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x6a1966d3e49fafc5, + 0x8c1d2f21edfda2aa, + 0x1e82cd1e3a21a87d, + 0xfd8c44699c59c071, + 0xcb6db201aeb8e231, + 0xa57ca087cf89d1a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9b878aa4f5c861a4, + 0xc7a50a6ef2667e80, + 0x3b33bc9fdda7f2b4, + 0x2b2b093522416676, + 0x33c874bb886eab7e, + 0x2f7225321705c9f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x38dfe7c8970c5a78, + 0x190711550d76e4fd, + 0x8af31c1ea6981255, + 0xe44676fac09c007b, + 0x104542df1c5818ad, + 0x22a3b7d8efcf0800, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xad5aad220f28bf51, + 0xb787f8a1009b43bb, + 0x9f5c78b850cf435b, + 0x2a17d2b78b00b5b2, + 0x2a4689cf92603212, + 0x885788fc73b9dec, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x596522cf3842f886, + 0x6ba78ebad4ad6c5f, + 0x5e915622de2ac7a8, + 0xd2e59e5e9b7803e9, + 0x12c15ef046080ddb, + 0x6196d0e51609c2f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7e431c78ef003b9e, + 0x9bec5430fd198efd, + 0x7adfe197a648c9c, + 0xadc6814bdb8bf143, + 0x3ef245fbeea19ee0, + 0x1b502b659f6836ba, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7dd783443d5ade4a, + 0x8d91ab427b47d701, + 0x559737434af8cb42, + 0x5de98c39e51c61c2, + 0x6795b74aabd89d60, + 0x160214431f119d36, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x251c10d7fa7c47f7, + 0x3c5fed691f68b593, + 0x3ea6ba7614ec69a8, + 0xa83d2c9a7604b3c7, + 0x503e43021f5084dd, + 0x30d842ee24af4af, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x24a001965c5a1ba1, + 0x21a3948e442d7a1b, + 0xf262851a2eaeb09a, + 0x9a271685559ac491, + 0x5eabb60c7b9cdf7c, + 0x1368a35e372e7d9d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xcadffb361e7dd4e3, + 0xadc86c733c0b39a0, + 0x6c02ba0221296118, + 0xd1c3748fee443c9b, + 0xc04c5a63e15d102f, + 0x1a9f44a94d17649f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xadb5ac70082c132f, + 0x667ea02a0bf6f1dc, + 0x33a436e53c7eda95, + 0xea430c4a49f27027, + 0x9f7c45e34cbf6009, + 0x1ee595a24a59d641, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x28ac144f3a0b7e60, + 0x81fc47eb0a5deef1, + 0x1a14e4dd531e46cc, + 0x7dd2f07f98c3421e, + 0x531bc81951825408, + 0xa2c68961991d3ff, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x63dddc915e48446f, + 0x3a0f3d957ed21daf, + 0xabc04d220488efca, + 0x5f6b1f817b891852, + 0xc59271c2ace370cb, + 0xa4e9ffabdd62291, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x8db624d513968f95, + 0xc170025059125c0c, + 0x5abbac40d20de48, + 0xe3e20a404b528996, + 0xcd3929d5524f33dc, + 0x9c3cf17f05ad0e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9b277edb6efb3130, + 0x988064c61e7619fd, + 0x2fbfd271f9b310e, + 0xef68cd1a6799c767, + 0xba33b0055fb32250, + 0x196e91c97e27ce2a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xad6bccb6962563a2, + 0x3541e76cf2b27ec6, + 0x4da50d8dc11d476a, + 0xbd918c9990d0819c, + 0x1be2192580c32d03, + 0x13d8d818e68a3503, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc3ea077e59173225, + 0x9b2cda8e512b43d9, + 0x8d8cc70481f2de1e, + 0xf81ea731024e9e40, + 0xd7815d8494506e6f, + 0x111cc2c3474c379d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc3990a99670c6376, + 0x733fede82f6a9f32, + 0x25ccf1bdc3a7b6fe, + 0xfb1688881f90f542, + 0x1d1c1fe21fc1053f, + 0x1185a4198ce71f31, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x56e6d5ac098ed4f7, + 0xf6a50ebd6524904c, + 0x78f752af811e0af7, + 0x5c6785c73ca6a1c2, + 0x3573984c71537f33, + 0x9a4f531f29dce14, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x2acbb144412bd40e, + 0x12793dc870c184e0, + 0x99293f4107113fd0, + 0xf1f7d677ef74423d, + 0xca28475098096a20, + 0xcdb39d0b13228e8, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7326571976ac830f, + 0x2dbb7b7357c055e, + 0xfb3f0c006d85055f, + 0xb9bf39bb94ae555d, + 0x9586cd1894236411, + 0x14275986001e5b8e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x4ea34215e89e9594, + 0xb04b3fcabac985d0, + 0xc385ba3b30bb9004, + 0xd895542bb41b31f7, + 0xd4ee182cc63f49f, + 0x14429ec401d439d9, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7d9256120eea4336, + 0xc3b7c11a24f3ad9d, + 0x379d9ffa093019d7, + 0xcb24c948ffc31f42, + 0xfaa6a3f44513d31c, + 0xa73bb43e27c4d9, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x5715f91b450a2b22, + 0xbe6056637c16d403, + 0x18e0ee010694b3eb, + 0xeea2d89ffd0325c, + 0xf4d046cd2663d58c, + 0x9390ecf851c6bb5, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xcf582579e37b65e4, + 0x7cb61273ef51698d, + 0xe21caf10ff0db9e3, + 0xd23478bd96a9fd46, + 0x50a060a3b4d52f99, + 0x1de0c3208db25112, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd6799804a7c64aae, + 0x61cb60d3fa12a952, + 0x6361bc0acea399e1, + 0x64048d38061bea1a, + 0x459654a8836b40c4, + 0x110b87f12f17d2cb, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd4576d455000661, + 0xafbd7dab30d92892, + 0x42124cd19ef60497, + 0x677fc6071d62784a, + 0x2cd20ec12410380b, + 0xcdc0ec2f73389a1, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xdcd901cc066ad6f1, + 0x2c65a94ceb06c216, + 0xd2020b3627e37199, + 0xdc36db63303c1f95, + 0x77f4b5945b03b180, + 0x1a4d8e85086a7018, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x924d686e1f4de468, + 0xfb951524e511a931, + 0xdf0c374b77a287e4, + 0x571839b1986e69e2, + 0xeb1386c4838d6f40, + 0x1ba077f86ab31ce9, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x46a80563869043b, + 0xe2a9cff6e164dafe, + 0xb06e9dc8460c4df5, + 0x42b109c6b7aa652b, + 0xc3f2a1ba965ef49b, + 0x188fb3cf5d26ef98, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xb4ad19e94842f68a, + 0x30bd2dbe0a36b781, + 0x81dcc8d903d96637, + 0x17d5654d4230b8e8, + 0xf916fc51d11081bf, + 0x18d9ebe7791394b5, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x8e1a2fe58ea5b4e5, + 0xa293946be1872304, + 0x60c7c8d04a55d07d, + 0x3b4f31f25b4b992e, + 0xb0c1889e90604cd9, + 0x21de7a9924782247, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x73708f4080f1bac5, + 0x9bcd5349856d3b85, + 0xbaf65543926b79c0, + 0x1e5a0e846c2be200, + 0x75a71228b1c408d7, + 0xb00a7c04513b482, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x270e3bc92fe43b76, + 0x4508e2c719a621cb, + 0x28150cbdd98573a4, + 0xc51f19fba8a857db, + 0x1d616ccb11df5cf3, + 0x5fa245a0bce6684, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xaa5758d6b77fa096, + 0xfb86385a61da33a1, + 0xb8760cb02d62871a, + 0xb777e60379664c6e, + 0x4e35b0262a8dd1b0, + 0x4b7a81c8fbd5223, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xcb46ae413dd897b3, + 0x3c2f05238b865685, + 0xe2c71aed8f17cf48, + 0x24489fb04292964f, + 0x7297b7b70f73d062, + 0x912823646e0441d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x223a2f3352f8e722, + 0xcdd30eecbf3a95e4, + 0x17661fd46a883cdc, + 0xc4558484a5ee007f, + 0xd7b36a7acb002d96, + 0x149056a9ce282692, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xdac8476fc388dbd3, + 0x41ce264f30113429, + 0x4b75791e88afcc5e, + 0xaf0feb0d78958a1a, + 0x456677e7084f6510, + 0x971d78775774c05, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xea6db25c7f53a2de, + 0xeee885144aef66aa, + 0x2a8c170053fbed18, + 0x8bac8127939f0bc3, + 0xdebc8e0d27c0bed6, + 0xce25ea5ca6a23fa, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x2c4f6fb62d7c30a0, + 0x593571582f4c201b, + 0x7a68b9459c6eeff2, + 0x582e48599c7e5b87, + 0x2de3f60125b3c492, + 0x57b622e2b54bc08, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9767d665a4befb9b, + 0x36869114281a8fe0, + 0xa96fe9de70b3d14c, + 0xeca0a53acbe1e9b1, + 0x92a46fc52c530cbc, + 0x1f7223adb838d6ca, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd14afbb062ec7466, + 0x7f573318281e44d, + 0xc0f3907c7d65602f, + 0xcc358ab3ede53284, + 0x3f108fc02249b5d6, + 0x2037000b310a41af, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xe3a7f5a60c842ace, + 0x291591469e9e388a, + 0x1970ce92c091bc14, + 0x281e0bfb36af26d, + 0x4cb460106ebc8464, + 0x1a4972a7abd72a9c, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xeb37f3044a018cfa, + 0x740b4f1a24b705ba, + 0xab5191ec02196fb8, + 0x5c602ba23ab4b6be, + 0x14cc18a48880bc74, + 0x45901d587c632b5, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x4d03f8feb4e29412, + 0x1312da11e9d6c3c7, + 0xa3f3f447ae8c2b18, + 0xa3d46cb6d3aff0e7, + 0x6b3e6e402cd32755, + 0x2115dbd506bd9ff3, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x5b3cc958ff25a816, + 0x40e1fafa7d8d0df, + 0xa303af264ac204cb, + 0x89d91f2e5a0012a8, + 0x8786e0c8fe120512, + 0x1ca3fdd74b72c550, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9d8b280bb3ffe753, + 0x85997448639561c9, + 0xa271b44e64ea857e, + 0x548f79af1b6a409e, + 0xc9327aae6474fda2, + 0x2365e24750970de4, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x46ecdd73a74b7d1e, + 0x3a7e9631fcd5239, + 0x455987279a668aa, + 0x558388ecb2c5db85, + 0x5512f9cffcadb1ec, + 0xcbf236439e73c6f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc05b829150faa3a7, + 0x91a4c4c6640887f0, + 0x9b78c67388127cc5, + 0x96f6c4c796961820, + 0x3c32c42953807d1, + 0x1f80990d61726ba7, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x146f4d6db64519e5, + 0x4f1c67e5e1696854, + 0xa74bb64530ffebb8, + 0xb2147dfb425d992c, + 0xa1c937be431909cb, + 0x1ff0475c68d6f42f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd3ac2f1875a1e4f8, + 0x541ac2ac1a33a705, + 0x5856458d6dbf42d, + 0x9c5c28e8c894b748, + 0x981fa30f407cbd38, + 0x1124b071e2840bdf, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xbf7a8f2ba373e34e, + 0xb0e6d67cfa9b525d, + 0x5e82bbcefe9a8f65, + 0x94bfdb0881563f6, + 0x4f95c9e067a860e2, + 0xb59e5fd70c41736, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x99bd7e328fd74e6e, + 0x6f40a78a33d0477c, + 0xd7a3ce8774f5c5d4, + 0xbefa4c401655b3e0, + 0xceed628ce16401a9, + 0x1771f0c9ab9e01a0, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xaa33d3105c11d030, + 0xb4206b4274144118, + 0x71af41702c20aa1d, + 0x4b81d549f01a3bf, + 0x9e695344a20872cd, + 0xd9da4aef601b64d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x19a6aab308d8fc38, + 0x657996de7cdc0288, + 0xbabc456e42bebfc1, + 0xa78a28e83141031d, + 0x4786071361f1cdb, + 0x19eb1a863087b891, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xf4fbb1fa6558c0b7, + 0x6b24b123ee40321b, + 0x92074c3648a99b35, + 0xf3be03c28c26611d, + 0x1df77967a66b292f, + 0x1a1daaedee4baa4c, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x3a82f327f9606694, + 0x7291e98c9363473d, + 0x7b0b80ef86a287a7, + 0xdf1dcf2ccdc7506e, + 0xaff515139c07264d, + 0x23d7670fd063e7c0, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xed50a3abeb5389fd, + 0x165e2b2728cd4440, + 0x7aa64cc11dc70781, + 0x4ff0c136113d2d3b, + 0x823c918132409328, + 0x139d6ff9a0fbe6f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xba6c752de6036dba, + 0x287bb7c856fc951, + 0x5e811f9882ea22db, + 0x7b92e32100367c87, + 0x8aac4c9e772db556, + 0x12be4d6b3d608d6e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x61e0975aa3cbc721, + 0xe837cffcf71f4387, + 0x2a5eb9ee35e8eb2, + 0x6157fe03aa9edc19, + 0xf9454bf7e9d8d856, + 0x1e0d0c1935346420, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc9479abf4cb7c45, + 0x6a3f08b15901988c, + 0x4cd230c93832ff25, + 0x7a94cd892bfbae6d, + 0xb7c7ea2bf8fa825c, + 0x1477cc8413069412, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x8db7f9df9aca2466, + 0xa003378e6f470e35, + 0xe1595479552688c8, + 0x140789fcf6f470d2, + 0xf43fe45a3ff8c0dd, + 0x13eb14c4ba26f086, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xba11304404e55714, + 0xd7a5ebffa7108c41, + 0x7fb72486c2e5fb72, + 0xec3d576731687f6e, + 0x77944f261dc6ac2d, + 0x1c539ae5469b07db, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xa56715ce64d6d51d, + 0x2b0fdc813d82ce81, + 0x67dbaa19d64ebb14, + 0xf28425a404173a4a, + 0xb44df750f88769f, + 0x165d737d22d40d8d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x38d54f187254b673, + 0xdb8329159cfc7d0a, + 0x341b5e6877f9e5dc, + 0x308eeaa500c5fa7c, + 0x147c7b04a5686654, + 0x1e0c1343a2f46ae9, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7d0a7817339648c7, + 0x6d2bbe2568bd122c, + 0xb1d022c56deacb8d, + 0xf3a2157e7c0fb9d2, + 0x32a928690f5785eb, + 0x23d36f0efa20bec6, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x1ba73d3f2039a551, + 0xb20ce85ee313b7a6, + 0xfda26ce92468b557, + 0xa536e7778b08ab31, + 0x55b343ab2a03877e, + 0xde0d7750338de90, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd14e2e58bd3a3600, + 0x52cc43605ccb7878, + 0xd45ef99362259a19, + 0xdbd620a074e674f4, + 0xf1308b7999e86648, + 0xd99b203be30299d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x2d258c64a39258ae, + 0x95770a7d649b2751, + 0x5ceff0d392b75775, + 0xb0d5088aea922240, + 0x2eda9ef8e22238b1, + 0x1eb3a2847562c989, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x64c5a9976c34367b, + 0xb36428fcf75e189c, + 0x515c48a6a206d639, + 0xec7b8d3827ea6418, + 0x242306fe1c4c55e8, + 0x1e63d46e2cfa5ac8, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x45a449fb632a6ea1, + 0xc758b2694916c9ae, + 0xc4cb7c8fa5904b63, + 0xca43dd46ba5aa36e, + 0xc34770489b356a87, + 0xc2fbf2fca9a77d2, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xeec6c112251e481, + 0x1c6857cf9941a068, + 0x688ea495b579093e, + 0x51d0da22ae2e8e88, + 0xb39e86163126d812, + 0x227aae148627caf8, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xe74a3f48e86fea2e, + 0xd0aacde6489a7b13, + 0xfae7d18731b7ca32, + 0x9f383d76e9c81ec4, + 0x9b5c879911035711, + 0x991664507056f46, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x323b0d71397ebaa5, + 0xd7f3d3ea938134ef, + 0xa064e9462c589493, + 0xbd21225d39e11944, + 0xaee1c83237ab6fdb, + 0x744d5aab0f1154a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xb9f070ac75463fab, + 0x52c1d55cc512c1ef, + 0x17a0e056654f5771, + 0xdf40372a1d2cda87, + 0xe3f2dc081747fa47, + 0x1eacdfbdf93b83f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x3fb40908a6af991b, + 0xdb8e3ad754fb1b05, + 0xf0ca408ff4260bb6, + 0x724a1491dad7e2da, + 0x799badb10eec717b, + 0x16d7513dd78dbe80, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x622d9fad56102378, + 0xc006938896526de9, + 0x35f38c1290e7706f, + 0xfac8725935829b6d, + 0x5d04e3dfa16fc2d4, + 0x3b154e70a17f9e6, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x281ee6cd03d6a761, + 0xa1042b8794f7ef58, + 0xcb66d5b539a7adb6, + 0xc36ff447f5378b46, + 0x7fae60474ae15653, + 0x1f9bf90f2a259054, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x2ff1497169822a09, + 0xfbe99c36690a05cd, + 0x3652ed9ef2dca99e, + 0x927baf0f74563ae2, + 0x73a8b390017e502e, + 0x1440521166668284, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd1916119637fa5e9, + 0xd454c90c89389c66, + 0xf479a0c8deb8865a, + 0x32982975bfbb0739, + 0xe0a2dade98190398, + 0xb9b1fcda1ed0d88, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7a5c42fe5004bbee, + 0x870b992532c7ec69, + 0x6e5e0bb83dacc6c5, + 0xcd304188c3674c3a, + 0x65020c69284cc361, + 0x217f5f53e3379ddd, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x186fb6dcf55b541a, + 0x33808954d7e6e696, + 0xf72b728bc765d0e0, + 0xeb287542941dc3b5, + 0xa460f5242f3d2a99, + 0x12dea74e20511847, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x56a8b5c7ab465750, + 0xa85596f010b9f395, + 0x8c0d1516ac13fc3d, + 0xebc4ab3e7779f074, + 0x46908169bee2a8ae, + 0x211c205a812f6e62, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x4f1a7a692b818a56, + 0xcbd0e353e8f7f4cc, + 0x886917652a9c3fee, + 0xa9037c8e67477fe, + 0xac035ddf8e176ce5, + 0x23d8568d4f9f1b8f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x59d5db51e5b3aca4, + 0x39ed6b782cbd472, + 0x8b59b0612ce3ff84, + 0xab70aa79f61680de, + 0x5ed9fa83db412c51, + 0xb6bcf9d8f4fdedd, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc46d1e4e9b063124, + 0x22fb889539d315a, + 0x605ae51ce39fb701, + 0xce27f6dc690c5d31, + 0x5b21edbe47138fd0, + 0xbf9244e5d8c724a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xa4b893db7265d28f, + 0x27840a56c73e0e90, + 0x665109d3d3c5bcbf, + 0x36e48aabe2c53f02, + 0xe91dd6d198a41348, + 0x15e5c81319388e50, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd3b35835ce2f5568, + 0xc9d87caafdd70880, + 0x63c0aa7690deb97c, + 0xddbe32dba15ec989, + 0x6c0ecd498f7abd9e, + 0xa97e9163209e830, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x6d724e6e54fce9f7, + 0xf3cab2cf84bcb7a7, + 0x6512228511d8b645, + 0xcc09e60d2fcc95b8, + 0x8b69c789dfc5d84e, + 0x1e318fa8f5e2435, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x67bf7dcbbe25b1b6, + 0xc9210e60b8edf434, + 0x2cb9649613583586, + 0x999917c7c1769441, + 0xb039646cb40b3cc2, + 0x60d7ab47bd4fa32, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x185c925eb60646e3, + 0xec905576c7c038f8, + 0x623462f3ee26f348, + 0x3d3f2a4cffdf186, + 0x714a88b6868b0c93, + 0x5cefe3f902ec4ce, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xbdd8c952c824ee91, + 0xc50e750144e8daa3, + 0x6f72775ecd9cfc99, + 0x4b8202acab657528, + 0xe91b332b3a32cb01, + 0xdcd5bb998a59f25, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x35ff043eb0a259ca, + 0x8a19d1a07add11d9, + 0xd5a7f65a7e98e76f, + 0x1d1f5e3d7b67acff, + 0x1f3160260ad5d071, + 0x1f49f4f4c4bb0a73, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xcd2d09df5d799ab3, + 0x301c5e78c75ec61f, + 0x3dd659aed620cb5a, + 0xf49ec1aafcddde8b, + 0x9a5900a61f200d79, + 0x12471025c1903c3a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x1b70d555e2ca135, + 0x8b25fe3158b211dc, + 0x423cb7743e56cdd2, + 0xd83ec2b68f32a3cb, + 0xafa31e76172fe97b, + 0x1284a8d884504da0, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xb4e20ef9c167092a, + 0x25e23e7643b2353c, + 0x2e9a487d6fcf0e27, + 0x22017a054baa0dc1, + 0xdbe5fb651269e627, + 0x175f982ef538845e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xa230125cae01ca06, + 0xb60ddd805060bb65, + 0x781f6358fdf35cc5, + 0x27ec26272ca9279f, + 0x223b9b925145c7d0, + 0x15321c7999c2c790, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x299cf1feb0967100, + 0xe1c814fbe77f0aad, + 0x74f1a6571a1bf4c0, + 0xc5b00355e3f71462, + 0x42959e6fca317d1a, + 0xf6f766752fcd031, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc90630575fe8926f, + 0x4beecf53beecc9e7, + 0x3ec5c23ff79d26e7, + 0x82b9ae9b2074a975, + 0x3275d3335a5b61a4, + 0x17e60476ddc00394, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x61ca02d84e446d4, + 0x8bf76e3afbf222cf, + 0xe3f845d9b5c526d9, + 0x31a417dccde139c4, + 0xaf451639027fa0a8, + 0xa5d949c5ba734a4, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x684b5d5dd06452, + 0x81873d5c3a927f4b, + 0xf3ae7d878b53045e, + 0x5b12585266e9ffc2, + 0xb6a33967c4fcd23c, + 0x1fee25b968a19460, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x28ac05b45525aee6, + 0xe6ec0ec78f89e6be, + 0x763da0a94ffb1777, + 0x9fd9806cf8e0377, + 0x39853681df51f01d, + 0x10e884b847588f2e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9ba33a2b8e6d3e77, + 0x2375fd431e4f63ed, + 0x287db763b1775b1f, + 0xb444aa043a658005, + 0x108dc7af1268421e, + 0x203df7ff4b1018b9, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x77cd2254a1ba4727, + 0xe06d00860400b3e, + 0x3a834592427d51b0, + 0x812b436e8d62d10e, + 0x84f6075d99f256fe, + 0x1c5a16937066e01e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9a9f5e24b2de8f9, + 0x5686257bbbd39f6f, + 0x838a747f765013ea, + 0xfe45b64bc9bd029, + 0xdb964863079a7c10, + 0xc919816e59ac26c, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xbe21b3621c08586a, + 0x2724d1f62e184324, + 0xa02bb0baa99fa2be, + 0xde816314ae73aed3, + 0x3667d7ef0501a531, + 0x20737843e7abb3e2, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x935770455d764bed, + 0x978193d2ea32671c, + 0xc080a64d91aa30a3, + 0xf373a04cd5ee7205, + 0xf6107d1a4eb5e7d7, + 0x12360610e1533edd, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xe0708f8fafeb7e9b, + 0xf940ab183d24b34c, + 0x2c6306a03e773c24, + 0x4e8e976d3e59aea, + 0x5020c2ebb299d0d0, + 0x1aa2a3dda80c1b3f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xf853f29bcdb2b758, + 0xdfffd08ae4750820, + 0x685519bec7ef0e89, + 0x2eac74c3e917edf0, + 0xaaea4e1001653ce1, + 0x98d7d48d1a81695, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7425e6b4fb03ff8e, + 0x2105558124998e6e, + 0xb798777e99bb4557, + 0xe28f58384b8d7d16, + 0x5143f5e56d13cfe8, + 0xcae8a8711f32f8f, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xb6c46eb0b3d4b33b, + 0x7c2cb08899d9edcf, + 0xbd7c3b37d41cf642, + 0xac04c8564fe08058, + 0x6b1caede28480bac, + 0x21fbc48be334a5a9, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x9f938a64de6abc09, + 0x4627eef381040b02, + 0xd9d5fa5d8d96c84, + 0x33ad95824019e9d9, + 0xd917accdd2b13a7b, + 0xb2d9874e2a62cb1, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xa5ffbdeb2ea110be, + 0x766bde9ef5bd7107, + 0xd9f698f2bf09048, + 0xe276b168a207b6e1, + 0xb690c8fc42b71e91, + 0x54df5846a5e813e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x24db87d6e4d6709, + 0xbf1197219274c2f3, + 0x471d23fef55f04aa, + 0xecfcd4a4fa627c4d, + 0x95421db58854eeb4, + 0x1d20e6d69f5e945a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x3348360c91c59160, + 0x2a1db34c49353e2c, + 0x44ee4803e36b9e87, + 0xedb38be161db8745, + 0x28e53ccbd28bceb6, + 0x93366d44b72a28c, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xaf2ca5db68a78c48, + 0x509dd080dbc8d3cc, + 0xa81246a0f655ecb0, + 0xb426bee485d33879, + 0xce02523041e91e2c, + 0x1d89a23c703a2b30, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x19d38b7daaea3530, + 0x49657e8d58725c81, + 0xaa4d32ba5d860a1e, + 0xb229e9c836f1b38c, + 0x6cbc121177f093a6, + 0x21ad1de692351f86, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xa948ecbfca226399, + 0xe953e15ae5a5369d, + 0xc33a0a0ef1d1f5b, + 0x8af264c523f5b377, + 0x84ac6d77cb262d37, + 0x13821cdca29e6d4e, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x62312591f619fdc0, + 0x5d33a1df255325a7, + 0xc7e5649004526bdb, + 0x60ec4c76f23c340f, + 0x46a13ab95d03d2ad, + 0x1069188d2c9a5a53, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x3010e9acec9096d7, + 0x2b203ae92f8ed6eb, + 0xbd7a5a549decffaa, + 0xb22773183e3ea1d7, + 0x476b4cf2ed6f4126, + 0x189c2d6451dbe104, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x75513c8a0fa7fafa, + 0x5e35eb4662658a04, + 0x573426a661704df4, + 0x494f8eb7d41ef30d, + 0x46bb978e4987b42c, + 0x1162126adcc68ff7, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xa06cc2f15a8dcbfe, + 0x7f57f8d71e46e63d, + 0x612d8f679804b0ec, + 0x49a7e74b1ca8b3f9, + 0x91fbf9a3ff6c31ed, + 0xe0c50bcc47c86c2, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd8df2f0db3aef3ce, + 0x5d04e468adcf12, + 0x308980a74c1e4ce3, + 0xb5637748d790029b, + 0x3e7e1a564eb69c80, + 0x918465ddb6b1f44, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xf2fb32edb2515c6, + 0xf0cd212a371e1e7e, + 0x42a08dbf3d6f4cbe, + 0x649d9ea1b64ffe30, + 0x8c9fb237c238eba, + 0x1a4303f272d8bfa5, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xa1eef4849620442, + 0xac71ab32dc6f2775, + 0x84e1d19794f4dcc0, + 0xd7fec7abdf034aec, + 0x7b56d5f965eaea8a, + 0xd1f5994cd986d19, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x5c43385f49919aa0, + 0x7f250b2827c9a0c5, + 0x6cef909a571df578, + 0x83061f78d24752d4, + 0x607cf5724015ea5f, + 0xa6b4c97124db01d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x84cc4779f63ea86d, + 0xb9236de88b1b527d, + 0xadcd29b3e5aa0584, + 0xff0f794959835122, + 0x759445ae35be11df, + 0x1ebfd9ae8a59b8de, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x774979a98aa1a428, + 0xd28d6db4966dbf5d, + 0x9a81829346be995a, + 0x8ec9014e3a48293f, + 0xbba6121dcc7f287b, + 0x6b9821b672e5458, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xe8832dd2179b057d, + 0x1e20be80b160ae61, + 0x851cf07e9dd9b05, + 0x811cb0153f9d5b2f, + 0x1226419b4aa0b45b, + 0xec23a9e2774b9f6, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x35fed0092c2121bd, + 0x86591ea9267c848b, + 0x116024014ba4cf84, + 0xb6199a51a489c6f9, + 0x822564eff591e51b, + 0xd55fb2c5e4ece87, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xc6dcc91fccd7aac7, + 0xcf9ab43fad117528, + 0xdeb1ccf32d4c5880, + 0xa9c96ac7913281be, + 0x158f32784daa2e36, + 0x111426d7ea57ce16, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7b1ce60e4e42885, + 0x57263ac69ce54243, + 0x1f6978230085216b, + 0x93706bb6f8fc3f89, + 0x367aca6758325d23, + 0x12b511e38d0d16d8, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x3bc7aa5c339dc68, + 0x73365851862aa04a, + 0x9e0057832f283402, + 0xec4624b3010b16de, + 0x4c899e803dfa6683, + 0xd3fc3bc3b2d083d, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7be36f2d192d31d0, + 0x245a34a523dccf46, + 0x57b8423ff597eb2c, + 0xb1aa67289cf52bcb, + 0x5eee2e2d650639e8, + 0x2bfa6fbdda246cb, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x32079c180dfce428, + 0x10617c87f09b343d, + 0x95034dde23517d1a, + 0xafb1d3a4c2920d91, + 0xe2eb69935360d32f, + 0x3682b6074e77476, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd8d5136b2b6feac2, + 0xcae96ba0e8c7e57f, + 0x10f720c7818d1583, + 0xff669a8147cc34ca, + 0x7c1c1c408f32b9e0, + 0x1050bdfeedcd74a6, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7f8efa59bb904972, + 0xfb2614eb7cb968c0, + 0x41673203aea2b0f0, + 0x292e62ce6587a915, + 0x26e1377d438055c3, + 0x1041c909c7a54986, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x78ca1fec56fecc31, + 0xaac71b8644aee19a, + 0x49cb7370ea9445c7, + 0x108ef1c4ae528cff, + 0xead47030db3e7e12, + 0x98c367b2789e318, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x690b3ca2b6c19d51, + 0x58f12a81d28bd9d9, + 0xea9c0b5e33186f40, + 0xc05b840a2ba60075, + 0x653af412e1c7ebb3, + 0x1606f2057e47242, + ]) + ), ]; // The MDS matrix constants const MDS_CST: &'static [BN382Fq] = &[ // Constants in Montgomery representation - field_new!(BN382Fq,BigInteger([0x397857d68200d574,0xd28c82874875bbbf,0xbf3116276a5e626e,0xb46843e785373cf3,0x554aa7d66761bfbb,0x5d19bdb71778541,])), - field_new!(BN382Fq,BigInteger([0x42ed8e29c99e77d4,0x9b3dc99fa8df07a8,0xbea39276a88b451,0x68cdc36cda06aeb0,0x2df13cc054c8b0a5,0x4ba3b0a7edcfcd2,])), - field_new!(BN382Fq,BigInteger([0x7bda16389c0b7c78,0x588241e53a63bd27,0xcd74903a17166291,0x6b2a803c4b730a56,0xaa47fc73540f793d,0x1047d90f1d8ea82a,])), - field_new!(BN382Fq,BigInteger([0xd95f6116b09b3c00,0x90922c88c1601a0a,0x333b6fb8ab58e678,0xd0610aab079c52d3,0xabdb85ae6f7328e6,0x1840e3671d26102c,])), - field_new!(BN382Fq,BigInteger([0x8b12b7a7a81b57a4,0x50d95243b50466e7,0x7536012d01d2f5d3,0x342d728a0c0c024a,0x88e3f4607910e62d,0x51e550fd0093c84,])), - field_new!(BN382Fq,BigInteger([0x7af610cb8bfc9412,0x558d20d6cdf0db03,0x12500c5fd3e2c8be,0x612de2568ed650cc,0x9eae6a30c7e85c0c,0xceb5127234d64e9,])), - field_new!(BN382Fq,BigInteger([0x43a12d2da4f0badd,0x4fd4c419e435fa92,0xeea1e6fbe17e2c8,0x74b696b28d5da145,0x2585e1ab409b40b8,0x18cb0c351a6caf2,])), - field_new!(BN382Fq,BigInteger([0xbf302ec4ffb0388f,0x7d4f228f6851cedd,0x19dbefc2e70045b4,0xe2bc0b0a9e85b446,0x28292dabfa5a02a0,0x619cb1cbd979687,])), - field_new!(BN382Fq,BigInteger([0x72a8e842794dff45,0x48523ee8e5a68cd9,0xa863bebe796b98dd,0xc03bb379b5704529,0xe051c36ffb1a63ee,0x1a68d07f893e235e,])), + field_new!( + BN382Fq, + BigInteger([ + 0x397857d68200d574, + 0xd28c82874875bbbf, + 0xbf3116276a5e626e, + 0xb46843e785373cf3, + 0x554aa7d66761bfbb, + 0x5d19bdb71778541, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x42ed8e29c99e77d4, + 0x9b3dc99fa8df07a8, + 0xbea39276a88b451, + 0x68cdc36cda06aeb0, + 0x2df13cc054c8b0a5, + 0x4ba3b0a7edcfcd2, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7bda16389c0b7c78, + 0x588241e53a63bd27, + 0xcd74903a17166291, + 0x6b2a803c4b730a56, + 0xaa47fc73540f793d, + 0x1047d90f1d8ea82a, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xd95f6116b09b3c00, + 0x90922c88c1601a0a, + 0x333b6fb8ab58e678, + 0xd0610aab079c52d3, + 0xabdb85ae6f7328e6, + 0x1840e3671d26102c, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x8b12b7a7a81b57a4, + 0x50d95243b50466e7, + 0x7536012d01d2f5d3, + 0x342d728a0c0c024a, + 0x88e3f4607910e62d, + 0x51e550fd0093c84, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x7af610cb8bfc9412, + 0x558d20d6cdf0db03, + 0x12500c5fd3e2c8be, + 0x612de2568ed650cc, + 0x9eae6a30c7e85c0c, + 0xceb5127234d64e9, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x43a12d2da4f0badd, + 0x4fd4c419e435fa92, + 0xeea1e6fbe17e2c8, + 0x74b696b28d5da145, + 0x2585e1ab409b40b8, + 0x18cb0c351a6caf2, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0xbf302ec4ffb0388f, + 0x7d4f228f6851cedd, + 0x19dbefc2e70045b4, + 0xe2bc0b0a9e85b446, + 0x28292dabfa5a02a0, + 0x619cb1cbd979687, + ]) + ), + field_new!( + BN382Fq, + BigInteger([ + 0x72a8e842794dff45, + 0x48523ee8e5a68cd9, + 0xa863bebe796b98dd, + 0xc03bb379b5704529, + 0xe051c36ffb1a63ee, + 0x1a68d07f893e235e, + ]) + ), ]; } pub type BN382FqQuinticSbox = PoseidonQuinticSBox; pub type BN382FqPoseidonHash = PoseidonHash; -pub type BN382FqBatchPoseidonHash = PoseidonBatchHash; +pub type BN382FqBatchPoseidonHash = + PoseidonBatchHash; diff --git a/primitives/src/crh/poseidon/parameters/mnt4753.rs b/primitives/src/crh/poseidon/parameters/mnt4753.rs index cabd12d4a..830b6da70 100644 --- a/primitives/src/crh/poseidon/parameters/mnt4753.rs +++ b/primitives/src/crh/poseidon/parameters/mnt4753.rs @@ -1,19 +1,14 @@ use crate::crh::{ + batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonInverseSBox, PoseidonParameters, PoseidonShortParameters, - FieldBasedHashParameters, PoseidonHash, batched_crh::PoseidonBatchHash, - PoseidonInverseSBox, }; -use algebra::{ - fields::mnt4753::Fr, - biginteger::BigInteger768 as BigInteger, - field_new, - MulShort -}; +use algebra::{biginteger::BigInteger768 as BigInteger, field_new, fields::mnt4753::Fr, MulShort}; pub type MNT4InversePoseidonSBox = PoseidonInverseSBox; pub type MNT4PoseidonHash = PoseidonHash; -pub type MNT4BatchPoseidonHash = PoseidonBatchHash; +pub type MNT4BatchPoseidonHash = + PoseidonBatchHash; #[derive(Debug, Clone)] /// x^{-1}-POSEIDON-128 parameters for scalar field Fr of MNT4-753, with an MDS matrix supporting @@ -25,269 +20,4015 @@ pub struct MNT4753PoseidonParameters; impl FieldBasedHashParameters for MNT4753PoseidonParameters { type Fr = Fr; - const R: usize = 2; // The rate of the hash function + const R: usize = 2; // The rate of the hash function } impl PoseidonShortParameters for MNT4753PoseidonParameters { - const MDS_CST_SHORT: &'static[Fr] = &[ + const MDS_CST_SHORT: &'static [Fr] = &[ // These constants are in Partial Montgomery representation with R = 2^64 - field_new!(Fr,BigInteger([0x1b06b82936573768, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0xa8a66953a924365d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0xb412c015510c2717, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x351fdbd63ac0afdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x302be8e2c8e27f02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x7dcdc338f53308c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x5220f8b41dab7db4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x524543d141024c82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x3657a2432f363f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), + field_new!( + Fr, + BigInteger([ + 0x1b06b82936573768, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa8a66953a924365d, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb412c015510c2717, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x351fdbd63ac0afdb, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x302be8e2c8e27f02, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7dcdc338f53308c, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5220f8b41dab7db4, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x524543d141024c82, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x3657a2432f363f4, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), ]; } impl PoseidonParameters for MNT4753PoseidonParameters { - - const T: usize = 3; // Size of the internal state (in field elements) - // Number of rounds including security margin. Without such, R_f = 3, R_p = 58. - const R_F: i32 = 4; // Half number of full rounds (R_f in the Poseidon paper) + const T: usize = 3; // Size of the internal state (in field elements) + // Number of rounds including security margin. Without such, R_f = 3, R_p = 58. + const R_F: i32 = 4; // Half number of full rounds (R_f in the Poseidon paper) const R_P: i32 = 63; // Number of partial rounds // The zero element of the field - const ZERO: Fr = field_new!(Fr, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])); + const ZERO: Fr = field_new!( + Fr, + BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]) + ); // State vector after permutation of zero state vector - const AFTER_ZERO_PERM: &'static[Fr] = &[ - field_new!(Fr, BigInteger([15380592374319684711, 6376564341100455372, 2062102260953380452, 7842349685152257866, 10373589506956732364, 8620359571792471768, 17469280520975403298, 7325805863422861914, 10045888571221403107, 1056204775948344815, 10909741368077396356, 257713037619667])), - field_new!(Fr, BigInteger([16528462235314733357, 15498062440155990321, 684862438054371890, 3177002760439964894, 5766073008164964717, 16124581840022168595, 14158624266684372130, 10661010654145755481, 10871622636226693964, 13768276705033767899, 14316680955574988959, 423626683371407])), - field_new!(Fr, BigInteger([3754924348498419949, 10945477307373304816, 7739835231918526866, 10282987044716712108, 7179192226677623939, 1357833339101798890, 2956644407304607578, 916450647693250699, 16660610448819777655, 835564104886574966, 7796901780696291212, 401958197854281])) + const AFTER_ZERO_PERM: &'static [Fr] = &[ + field_new!( + Fr, + BigInteger([ + 15380592374319684711, + 6376564341100455372, + 2062102260953380452, + 7842349685152257866, + 10373589506956732364, + 8620359571792471768, + 17469280520975403298, + 7325805863422861914, + 10045888571221403107, + 1056204775948344815, + 10909741368077396356, + 257713037619667 + ]) + ), + field_new!( + Fr, + BigInteger([ + 16528462235314733357, + 15498062440155990321, + 684862438054371890, + 3177002760439964894, + 5766073008164964717, + 16124581840022168595, + 14158624266684372130, + 10661010654145755481, + 10871622636226693964, + 13768276705033767899, + 14316680955574988959, + 423626683371407 + ]) + ), + field_new!( + Fr, + BigInteger([ + 3754924348498419949, + 10945477307373304816, + 7739835231918526866, + 10282987044716712108, + 7179192226677623939, + 1357833339101798890, + 2956644407304607578, + 916450647693250699, + 16660610448819777655, + 835564104886574966, + 7796901780696291212, + 401958197854281 + ]) + ), ]; // Array of round constants (in Montgomery representation) - const ROUND_CST: &'static[Fr] = &[ - field_new!(Fr,BigInteger([0x8525f4afb1e81742,0xb5ba1c010e68ab3e,0x4d189999d6ca2a86,0xcd38926365277f25,0xdc6e535d6475bce1,0x43dfd3d24af97212,0x19abccbebec4859c,0x232b373c1ed1185a,0xf3ac591b3dfa244,0xe9d303ee0a2d758e,0xd6bb082d7935e3c3,0x2cfb48940c0f,])), - field_new!(Fr,BigInteger([0xde55266dee5b79aa,0x4edb20010d386a0b,0x194764aa9c200011,0x5492e2451ca409c3,0x4cfb1c5fe5141e66,0xed8e74919754c30e,0x6cb986a7e97eaafc,0xdba1aee673c7dd84,0x5facc0c81b49148,0x28460d45d7cdc448,0x517b409910ee2b85,0x4343b2da0631,])), - field_new!(Fr,BigInteger([0x9b952c901accf0a7,0x760bc791333834c4,0xf698ebd85374716,0x238d7c75ef417c35,0xb2c7344700a39e27,0x91bf3075a71221cc,0xf0ca1908a800571b,0xb6b05b86679136e5,0x1e275143bb513e76,0xd0be4c58d18eb9ac,0x35a8aab1b9ee1c07,0x2f9ab064c1cc,])), - field_new!(Fr,BigInteger([0x81cbdc8014f47ad9,0x3e68b1e9fa6b2e89,0x6ae7f33b327bb86c,0x4f78cd5ecd2ba9,0xe935df718b220555,0x6d23508799627565,0xdbaf9866fe9937de,0xe77ebad142ae1a3c,0x6305e7a0f65dc77c,0x287bfefb75e96590,0x6e7b860f6d3e1f14,0x14aadaec0f363,])), - field_new!(Fr,BigInteger([0x8f9d2d1055ead02e,0x538d38861d0fa852,0x26c692f9c3cf08a7,0x907c44d8da768d4d,0x4a133f3ef8272f51,0x15ef940f21938101,0xc09c33b9ea0d3ab7,0x7141830d0d9724f,0x7be659695a1267de,0x525db11f980fa951,0xb3573b90de0f3af5,0x14305dc986fae,])), - field_new!(Fr,BigInteger([0xcc17e1d011f2745c,0x7e142b4471637dd3,0x5473180e376ff24a,0xccc708d53858ee4c,0x106032bbf95eb8b3,0x8a23cf1502a25203,0x20861cea628d6ae8,0x62339fa3ea65013a,0xb586f6c818bc8022,0x916091f4d682de4,0x3ac6ab718f3eea87,0x158e3da6d28c,])), - field_new!(Fr,BigInteger([0x923c6d93ab41a56a,0x6479fb1dabdc488d,0x6446575cdb3e411e,0xe9928e6158f83ef0,0xef93a719033530ed,0xb01384723296baf1,0x1427f67672e0586e,0x5343d461f7e4de3b,0x7c54dce21cf25417,0x774b532c83dd8dd3,0x2dd50a143b396304,0x18adc3a1a9175,])), - field_new!(Fr,BigInteger([0x396f9b6a993c6eb0,0xc84e01159ebe2043,0x727703ce6f4cb200,0xc380bb4dadcbee35,0xe887a3c024b7eb1,0x4b89861b25245333,0xdeaf67213e92eefb,0x2a27e99a64842b5,0x2bb244e61688d0ef,0x3018e93d9d272fc0,0xd15bb630f9765a97,0x47cd8a194b28,])), - field_new!(Fr,BigInteger([0x25ea932580f2606a,0x661d89d759979ecd,0xddd5a8fc7151f9ef,0x2f0d4c1e42fe2ce4,0xedc778ab6fed3072,0xbdd94e070e5ad64f,0xed7b47cb32ce0be6,0xae1849dc3e5e6868,0x5a3d18d55c0069a8,0x3a27d8da6b9e1e6b,0x3f8a5d7b89809523,0x184bee7574935,])), - field_new!(Fr,BigInteger([0xd47bb1407faa0853,0x56612084454f90b3,0x13ea9b48071b7724,0x6244cecb1f8b597b,0xea648cbc16229ebd,0x1d2247130191d2e2,0x5dd99818a1d90475,0x4e20285520059b89,0x8581618185b46194,0xed2140c4f89afa02,0xeb6d7a94081459aa,0xba74a2a9568b,])), - field_new!(Fr,BigInteger([0x1867e2e21fd65dfd,0xbcc098330d760332,0x2e012e544a799281,0x62e050d4f236221,0xf5c97374d22465dd,0xb4dd5113572b1026,0x513ad77be992bfb0,0xe52dfeac93f57e72,0x4d1f0e7be2a7616a,0x3611bf37dbc7a21b,0xe254c1d98ea48b84,0x44fe9223019b,])), - field_new!(Fr,BigInteger([0x1f1efd9a0b338b6a,0x56eed59fb67962b0,0xef278fcd36cd123b,0x6250604b703b775,0x6b8c9bd33618ff36,0x6c7fa78ab59bfe26,0xb3f68744ae0760fd,0x2de6766461018fd6,0xc2d2621236f4ff5e,0xc65f4d486378e25,0x32ffe62f36eb2de0,0x135791803eb11,])), - field_new!(Fr,BigInteger([0x594e37a0f2e8aa45,0xf8357832ddb15d30,0xfcf9c21fc66b57aa,0x2dcb388b3998defe,0x911c7f56b6346803,0x50903d63b763c91b,0x428f7d12ed5797c3,0xc6cfd9d42b302653,0xca28789e3578f64f,0x8dd6185e1d32292d,0xce83c373de2a3a98,0x8a910c35240c,])), - field_new!(Fr,BigInteger([0xc65d8f9893b9d53,0xa1811bab172a0e42,0x8fc95887a9c42aa4,0x9e94a23ddbb743d9,0x612091ab361f7d61,0x9782762b3e43fbf6,0x4928592c7e14a3af,0x835d52bd6f31811,0x52a25e3ea8bae857,0x206069a0ea734027,0x4533e03db6f06afc,0x83674c465ed5,])), - field_new!(Fr,BigInteger([0x7223eb453a3a72f8,0xa7d56e81ff69b349,0x245dca9c0003458d,0x5b874f43997ae1d3,0xad924c38946a157f,0x452174a8df895da6,0x4ae1aa52d0998bf1,0x99513468cdccd563,0x7d4af0c6ddda0bdb,0xa061f62c286c9ecd,0x26806f18c940f4c0,0x61dedb949b0b,])), - field_new!(Fr,BigInteger([0xb2012368d65c1957,0x22477a764f735bb0,0xc35c02a611f741f1,0x3a1c7e0925558c08,0xc3be16a96a9be7bd,0xba105b13c31ab416,0xa99b13f6276db431,0xe905ae4f8b10aab1,0x486d08dc83243d3e,0x780fc672cf3e5d75,0x54e0f0ad888cd33e,0x74385bf3d002,])), - field_new!(Fr,BigInteger([0xc3c1537f5c054be6,0x96dd3ab02634bf06,0x78697fbf9c66a1d9,0x487b600f683d4a1a,0xc452fe3142c84ab,0xa7c4bcf478b116dc,0xe610cd585c7e884,0x332f78951787218a,0xad4f01577d113758,0xa03d304aafefa4c4,0xd96a1272d43b2cd,0x5a61186c3a9d,])), - field_new!(Fr,BigInteger([0xe2820a1ad93554ab,0x1fe2abc75ba01a5b,0xb664d6305236c54b,0xa715617934ef66cc,0x54285327ee476780,0xc4ea227fa18cb4d,0xe971af57f4666464,0xe4649d954c34f241,0x226a46698ddc4b5d,0x282ce8ae43d6dece,0x87f748eff58c903c,0x19c4b55691609,])), - field_new!(Fr,BigInteger([0xbe74b84d1a171412,0x66eefa0e9e38cff0,0xcd665789caa054cb,0x6563c80a0f2c4974,0x8a690d248ffbcc68,0x3c2ea2d44c23730d,0xe59a57ffdd8b6f8f,0xca6fd4d6f329a73f,0x2dbe36efa4c4c63a,0xc2e5bbb001885d23,0x3857b0210c3b3799,0xfe7b33e943c6,])), - field_new!(Fr,BigInteger([0xd5dec1209f1f474a,0x7326db0dce67c344,0x47fa73087f98b252,0x33b4fd1a6415dc27,0xf1d43e834dc17924,0x6958f8eec3b73abc,0x16c6f9beb09fcac1,0x85ce42ab26b46b33,0x2cde3e6e89163571,0x460e7cf1a3dbc8fd,0x2207eaab54f30948,0x1ac10edb681de,])), - field_new!(Fr,BigInteger([0x6a429864b692acb3,0xf154fbbc7ce0062b,0xa8f2207240c1b521,0x316900852e9a7fc0,0x9719f22c4f8cc349,0x3558de696f426759,0x98884b2ef068bcc3,0x21a0b3975533ce7e,0xb500066f1e32dfbb,0xf8c379d67cb2cd40,0x20365419605f75f6,0x1467efe40525d,])), - field_new!(Fr,BigInteger([0xc503655aeca0d364,0xdae7f32dbad094b5,0x75c7114ab572e663,0x5b61831cd761332e,0x1a6684aad1c52f9e,0x52e862be80d1f714,0x37320928c63c658d,0x37b71e5e618b9803,0x98fec2c83de30488,0x8ab3c46a03e6342e,0x6de69d41513a7938,0x1b5322e285d9d,])), - field_new!(Fr,BigInteger([0xd734c3728d059224,0x23c118e8adb791a8,0x204dbd8bd14c5c68,0x2b51be669021fb6f,0x72f3b1d1acfa3969,0x8518be98150cbfef,0x9d12ff7a988e0c9e,0x152a2b0f3778ebf3,0x295ddec92531002,0x72cc8e721db6aab4,0x731cf73b8ee483f3,0x908bdb466d1c,])), - field_new!(Fr,BigInteger([0x2bd4d9ba10092c65,0x4fed8b45f9ed1f6e,0xd2b6dbc238a13d66,0x3808ac84536d2f98,0xbacb8c86a8ceb7cf,0x8602d7ce145fabc7,0xe94ad8fd0764bfde,0xc2086d29899fdbc3,0x918bb89b9e74a521,0x20f909550cc6e7a9,0x7d66ad70eecc157b,0x1487e9149f646,])), - field_new!(Fr,BigInteger([0x35854e4ccb4488d6,0xba4f53b44644ff6,0xc64819069d47ad6c,0x897824646d664a2c,0xc94e0c09c0bd0f19,0x8fa3182357ce0e85,0x2271e9a458c3c82b,0x9185709911893a3d,0x7f17969baf5c5aa7,0x72c4c8662247bdf9,0x84749d7f55f43570,0x2b3a4cc744c5,])), - field_new!(Fr,BigInteger([0xa9a516b4e737e9be,0xe4af60aa76089f6b,0xf7edf663719c8b62,0xbf7c39d339ce28ba,0x40c31c1b6624c321,0x52b6e61f3bcb9bf5,0xb90907b8a78da95e,0xe72d4b02f70df41a,0xc14b6f1fb53274c9,0x192e529a2ad2bacd,0x8552396f2eb8e476,0x15c85ac242d25,])), - field_new!(Fr,BigInteger([0xd6be617246282c9e,0x7d33baf977e9b427,0xf561e4252fa691e2,0xa731158b214a32aa,0xeed7da492067197e,0xa36d8b61ff32aa1b,0xb1cc31b626cd175c,0x5d2c95a6daf2ebb3,0x202166f1d6f8e5af,0x265e72c5fe65ed90,0x9c279aba4c427198,0xfbb0249cb92c,])), - field_new!(Fr,BigInteger([0x983782ced4ca1a21,0x52a42bbde0602a46,0xb94dae7a4a8eb2fb,0x3288b60a1cf2b42b,0x4b6b109149e14aa2,0xc0d919abad0116c0,0xcc307a5bf030c7e5,0xe10d9fe729dc2234,0x6edae0c00958c5f6,0xbc1298a87408c3c7,0xfd40d3c28d74541e,0x9bf658ebd5b5,])), - field_new!(Fr,BigInteger([0x143e6da9ee85f80e,0x84a4cf2ffb1fb945,0x8a1376aab1f27e9b,0x77b8f0c5d22c08f,0xcbfc314a9e49521e,0x9e3af8727d46617a,0xc0af33c08c4ccb5d,0xe3f1bc84d7aaa206,0x313bacd4acc135ac,0xac4136d68cdc0575,0xfe7367292a20a25e,0x13727c15a3fb2,])), - field_new!(Fr,BigInteger([0xd6eba3b0c8f2bd8d,0xf48d8b9582c07a08,0x2192fdf68085cb08,0x52cf9d7a8767158a,0xd944038f35099664,0xace775e0c40f290b,0x1c97be9f611df88c,0xcc4ddec6c4a0adf2,0xdb9dfd5678f24689,0xd67cc14d2fa553f4,0xa1d0ca71b732a90c,0x7946363aee20,])), - field_new!(Fr,BigInteger([0xc6aa17b63f875cec,0x8215038761c93d8f,0xb69ce3677bb17c3d,0x95ae3e79d55271dc,0x177e94c34d68ba0e,0xcd38c85a232edcb5,0xfad5b26ecd58fd06,0x7ae0531d7ef088c4,0xbd7b001f547108d,0xe831c845847e389d,0x31b1bbd6552ce049,0x187f15bd78c02,])), - field_new!(Fr,BigInteger([0x6338ff295bdac7b1,0x9fdba5e10e8cba1c,0xf9660c21d4ad20fa,0x93780176bf6d9a89,0xba9ec5e9dee773c,0x6c0bb9be37e8bd1b,0xbd72e20b4c97227b,0x4d9584d3043be2e5,0xf6efa94850581ddf,0xef30c97680782e0a,0x7312ff77980f7494,0x567c88719c8f,])), - field_new!(Fr,BigInteger([0x64f65998bafd431e,0x9ce8a9e1c8299fbe,0x62ec0c9273598e62,0x53dd36075d49a456,0x6c8951193b27d4e4,0x15c38efa040e6bd,0x9df40c53071652ee,0x601ee8df5e1bfbfb,0xe7e31d4a55ff634,0x28b591cef4488edd,0xa5abbfb7be61ce85,0x272f4f53fe17,])), - field_new!(Fr,BigInteger([0xce24a655fbc9b521,0xe8d829f1faf9d1,0xc3a3e69b81248339,0x7916ce607d62dc8b,0x69833b159dd03f9d,0xdebdaf05191532cb,0x1988171e2a81bdae,0xb0cbd546bbae54cb,0x6b8287844afd28db,0xf372b1ffe8eaf6f0,0x6ad2260c73a01f47,0x83da50e21004,])), - field_new!(Fr,BigInteger([0x327803fb6ffe3aa8,0x1f7d7a4c6837c807,0xb0dc2d4b1b41b35,0xabd0e0213e3b3a58,0xe3798c75dcf51c9b,0x47dcd784d9497f1a,0x44c84ff5a1d26dee,0xcd45e014e497978e,0xbfbe53389cb979c2,0xeef6ef45aa4c88a9,0xb2e1a37eb5a70ff2,0xcc0cd8ca02d0,])), - field_new!(Fr,BigInteger([0x2f8225ed5ab44d4d,0x72c024fb452d6ff1,0xb6665338eda951cc,0x2fd1fdf5c7979bbe,0x45171a6b37d8da33,0xae6c5f8d117ae8b3,0xfd4fc1b94aacb3d9,0x7ba539e6257f2d5c,0x19fd4817917a6bf7,0x76aed14b5ca2f500,0x1348ad4795d5e319,0x1512027f4cba0,])), - field_new!(Fr,BigInteger([0x97ef13610e026573,0x7fe051c94a37b02c,0x267e44da0301fd29,0xacd41cb49e41cc68,0x293b4090ccf9b555,0xffab5c3664c0bdb6,0x9d0c8a189349db3a,0xd886ad9bab12bea8,0x366976b0b56f3893,0x71f48edba06438de,0x6d3e42219ee5926f,0x3a4f7f22f627,])), - field_new!(Fr,BigInteger([0xc0d8dbeb0227537f,0x43d69fb1637e4c0,0x45bf53409aaafa15,0xaa2e8c1e9138684e,0x6715334eef18ff13,0xc712c7e0bbffac9a,0xcff1627a6e1542b7,0xabbd790a59bd396c,0x8ee8b7f4aa006c6b,0xe748a9a43cdfba89,0xe14bb3a00af74d76,0xae52fb36f165,])), - field_new!(Fr,BigInteger([0x85dbdbbd9852808a,0x19d3f99322643b3e,0x68eb7043b9fb3b5e,0xf243302abbbaff2a,0xa0c2bea8df733d,0xe47e9f8d28e26482,0x6797ff85f9f665d9,0x2c7f9c3a1d2d3946,0x25b0fa02f4924c78,0x90f084a744698262,0xf33c820807be38ed,0x3b6ca5cac171,])), - field_new!(Fr,BigInteger([0xdc5a0720a758c341,0xc0808eb15834d6fb,0x840aa0b9a2c1d55,0x114c90774388b3a0,0x4b91be128d8b259e,0x7613983728d2d937,0x2abf115d1940d8b6,0x13b4ae09d0453266,0xc04ed10168b550d9,0xf59e4049af096c7c,0x8bbcfa83171e21c0,0xb6f1f03b49e2,])), - field_new!(Fr,BigInteger([0x48964419e312fd05,0x58f1e8bdd763b00,0xc08a012b8a95e99c,0x8e60a26b26e112e1,0x23422f08eb0101de,0x2707bbca6735217,0xe5acdae3323d9ce3,0xc91088f6e99fd848,0xcd582092dbf5e3f0,0x47bf8b9e01e7aba6,0x169504a0071dc85,0x430e54f10f1e,])), - field_new!(Fr,BigInteger([0x5ffd43946b0f2192,0x8e1af510eab65232,0xa9feee3a1ae664bb,0x717be76cbfcc8195,0xdfd69a135017009f,0x2816babc50c12747,0xf59219445a49f10,0x37af47e9ef0c5591,0x3d184ffb41c86c42,0x49c2e7239edd72fb,0xff0117f3cc83b74c,0x2486a01b1226,])), - field_new!(Fr,BigInteger([0xfdd104aa49b1209a,0x810e01c7e161bc0d,0x7ec94f97806fc398,0xa315065f14324437,0x7ff1003e6c65213b,0xb831b1dc1f4028c5,0xdf4f3429f266a283,0xee103a04fc066158,0x798c00ba68b685a5,0xa604508525f38dbe,0xeecc028862dedba8,0x168d37d0ba867,])), - field_new!(Fr,BigInteger([0x27678fc8caac94a,0x15fac62d5e43885b,0x381ff35f3bfd2279,0xa6c9980be48221d0,0x72dadf63e2ad653b,0xef91e4465d51f32c,0x2d2c69b728ab65e9,0xa4aada165dc3c1fe,0xf41cee6a007dafa1,0x773250fb1e3cc541,0xa7f403d5202074fe,0x11602703e4a40,])), - field_new!(Fr,BigInteger([0x8b82b4464b128bba,0x23fba0c0e3f3357a,0xb49e4518300ff123,0x4edc52f742e76751,0x51dd26d85b417960,0x525e486de0f833ac,0xda47e3e0b3c68fc0,0xa0e73f09af9fc059,0xc2db4cafa965e999,0xa52d0eb000308f45,0xc57be9913d40e468,0xe3f10c6cd149,])), - field_new!(Fr,BigInteger([0xb985c6e193f9c2dd,0xe4d2c026b1c3860d,0x17d47474ce2acd2a,0x1dbc5c1418ca767e,0x20f67166c3595315,0x1f4dc1599b585baf,0x7bd0025ffb20fac1,0x819ecf5050d6f13c,0x3a488388b72682d9,0x7914e1833e7d63a2,0x1e41a47e2c5b7a99,0x11b6dd321e160,])), - field_new!(Fr,BigInteger([0xedda8eb7f33a6cd1,0x72c8ac267acc9714,0x17ecf45e5759ecfb,0x349e4be1ff225cc7,0xf5ef3a47fe355603,0xe421ec5dc8817daf,0x2115308142f7ce07,0xba2a3d2e9b5017cd,0x1f3339531901f1a4,0x86fa5b173d4964d4,0x18fdb3933b60e1ad,0xce48a27c81a7,])), - field_new!(Fr,BigInteger([0x7823eff6a0b07597,0xcee82603d683edf9,0xa0b7ce30e6c19f2d,0x508e951167ef9d50,0x5ab729c9f7a2a1c9,0xed1ec1f8f57990ed,0xd169a25605fc0b32,0xfedef6b0e29be06c,0x896425f204590234,0x414b7c0b0ea60a75,0x3bb457875bb4807a,0xa1959dd48525,])), - field_new!(Fr,BigInteger([0x40e4c2caf97704c,0x70fca58d0b8ddb6a,0xd3a808f1e6da621d,0xfce3d9a659c11af8,0x625b96e77e45e450,0x5f718adb25358abe,0xa3d91dda7d6dea08,0xd13b60b8facc80f0,0x6cf3dc9dca09c7e8,0x51492174950df0b9,0x5e5518dfc14893a0,0x1372751cd3c71,])), - field_new!(Fr,BigInteger([0x43ea62b7110ae25e,0x1bc6a97acfe05ecf,0x827ea659539da3b8,0xbd1f41234d0cf27a,0x14455ff35775e22a,0x61aa77281e19c4e0,0x82d7b05e4a8dcd8e,0xfd19d979872f063e,0xe75ddcc0b50a4bc9,0xb1a7ce6ff214ff5d,0xbe7b14bbf62eeb2c,0x35fedd11cfa7,])), - field_new!(Fr,BigInteger([0x691aa37d8446dced,0x7dcb3693dd7e417e,0x4a4ab0da413c0123,0x11bf523db5bc6e68,0x880a3e34b86b7cc1,0x429a1398440c6acf,0x9167d502630fddf3,0x387d5fb877af5d94,0x926caa347273d207,0x42c9f5b0ee0fbf91,0x58d2890dbc3fa259,0x13c6cacf06060,])), - field_new!(Fr,BigInteger([0xa06ca8e4fc21772c,0x4e003e8d4c96949d,0x821c3736ffa659c3,0xb42fa0416a5c5f5e,0x8e745c1892a417e3,0xcb1d7b609d0e47c2,0x2d0f65fc07ef8049,0x4540d4b721381d87,0x69f7e8cccf0e2746,0xa8aa15a3a5dcae13,0xcc2f7f04e48f6f63,0x837fa1b34e27,])), - field_new!(Fr,BigInteger([0x666d0862d7bf65b,0x4167a78b108f0581,0x816c445e6e48d098,0xc5d6e29950f544e9,0x28162fad399a722d,0x8b028a5098af4c16,0xb42423382db652b9,0x2a7be30debb63ce7,0xe63b306d9d447c1a,0x965dc9ed77828589,0xfafed54b468fedcb,0xfd6fe16dc63a,])), - field_new!(Fr,BigInteger([0xb293bde7f748c036,0x320d79beee0b7d0,0x743702b31139540f,0x4da3bf472247d03b,0xe53ee938cfeeeba0,0xd38dc0fbf68ff4d5,0x8b4789ab306162ea,0xdb6cdf7a2bce7c8e,0xf81dc6beb360216a,0x2f55a3025fbb896a,0xb897d5476153d12b,0x11c8ce9601a87,])), - field_new!(Fr,BigInteger([0x7565761c561dc15,0x93fafd23be51add2,0xae4fd506d2533386,0xb3502faaf38f9719,0x484c851946a4660e,0x206159e3c3f04e1,0x948e622e50250503,0x13c457459537a412,0x2d5832e4413cfe33,0x5c5710cb92372ded,0xdad6ca344c032131,0x4ca05a4968ac,])), - field_new!(Fr,BigInteger([0x3b4cb38521673522,0xfcf6b1f8f922e4c7,0x35d7cd4d8acbd2e5,0xce414bae3f1b34d6,0xdabebc5922c2074f,0xa941f60b90282eda,0xe8d07572abce0030,0xcd96ac13c862fcfd,0x5235abbe7aa93724,0x6e99e968e6aa9105,0x1509d3950fe7e397,0x14e692812d34b,])), - field_new!(Fr,BigInteger([0x28ef9fb0e62e4d84,0xf4b21678b410ca76,0x8c216688f774c6d4,0x7d6e3d7643107d06,0x1dbe5511c7eb95f5,0x59a4dca82af218e2,0xce72d42e5561cc79,0x2cc5ab6c0ecf21e5,0xd5d003d5951ba26c,0xf92a5eaeda440103,0xcd436c53f861e37a,0x33c236e1cd03,])), - field_new!(Fr,BigInteger([0xc44e9761dad186f4,0x528077a243312dda,0xdfc3707fa814a958,0xca238e3a56780c5c,0xb6bfb0505b22a6df,0xa656119b33aca738,0xe5a7f3f2bcfc81d,0xe437c41915e03db8,0xbbf23bbd0763e2c1,0xb5d239cb2869f246,0xe893a90ca21c1fd2,0x50f4ba67b1b9,])), - field_new!(Fr,BigInteger([0x3f1dbde9b60a0f14,0x28e50bccb5c98691,0xdff8991294356578,0xb753bff137253c9a,0x92fe10065a5a1031,0x62a5202d7a553450,0x37a27d84226ef3ed,0x195f6e4a9d65c0c4,0xdd75a1695996cb7a,0x94c371c4880db536,0xf06b419b56df97fb,0x14b579d9dd68c,])), - field_new!(Fr,BigInteger([0x924a8783c06c2bb8,0x631116e00fe3b405,0xd4048fc398c839b0,0x5aa721ca193657f9,0xc90cbb1deec662d1,0x3d5b262e189b1bf6,0x169a59e5f9294ebe,0xb5275de907f55dd0,0x30299ae103655f1d,0x8b7d0635f9258b44,0x52b719e259d950e7,0x15b20e9bd6561,])), - field_new!(Fr,BigInteger([0xf26cef64f3d71f3f,0x46190e29e9a1a886,0xcebcc5b5d36b2377,0x68b4b9c3eab4f1b1,0x47a74944759d1552,0x1e3a064331ce7b0c,0x6009a2c12b9c70a8,0x84ed2f71e905f623,0xe35a9d60426d1253,0xc0f5d2b6dfb66d69,0x22ce9b8aefdb9125,0xed01e9818dd7,])), - field_new!(Fr,BigInteger([0x4a942f65b3366939,0x67cd561c9b8e52a5,0x738911cce7eebb15,0xb5222af01a76179c,0xaa11283897180566,0x1db044367519c335,0xa87091638eec9bbd,0x321d0b45bf7f0484,0x15936a9122140d36,0x68ae953e4e393ebe,0x71c1e318c766d59c,0x46bbdf420920,])), - field_new!(Fr,BigInteger([0x2d90bd891718f1b4,0x82c48f32a2d8127f,0x21355aee6e6ebb88,0x10fc1ed66962b324,0xc756ae1d63d8a798,0x82d32df9312e08e,0xbbe292b40ee37b35,0xff151ad3a1af712a,0xac4ec5593c941b79,0x80806608dec66268,0xe92011814b5e2085,0xb02b591d2e2c,])), - field_new!(Fr,BigInteger([0xb008cb23cbc253e8,0x8d41fd14904145a9,0x51aa7a03c3e5a41f,0x3f60b6707e369065,0x2694faf66668c21f,0x27c1a10a25a14dd0,0xb96ec01bcc36831a,0x69f8f7a52d5ced31,0x45689231b9061830,0x20f6e74fb7882c17,0x52c0c62eaa6899bf,0x1762b7680250c,])), - field_new!(Fr,BigInteger([0x29c8ddc6c8e01f9f,0x726dfd00c01932f0,0xbf1311a335fe2ea8,0x66a827646b65103f,0x2e9695398305c0ea,0x97529890e7ab0172,0x3007d8ce6b1b316a,0x814cb1427a4e8f5e,0x9e9a3512973d203e,0xf0bcbd5187ada720,0x9e3ec961d3c69a8f,0xbcb42d23275,])), - field_new!(Fr,BigInteger([0x9cdb5c6768abaada,0x87972c735c72aba6,0xb8dbb5d240011577,0x37d951dc0c6742da,0xb37ea5e9bfbb32c5,0xd6a68acd21e6e771,0x960c5a4f9dbfec85,0x46c84fe6097bda30,0xfb9000e9dd68edd2,0x6e246992bacd7fe6,0x51681f1a03646200,0x93cdf3eac3b6,])), - field_new!(Fr,BigInteger([0x9470a88035cc1c4e,0x205664e2b47bb0fc,0x5be50df226b57b77,0x54a428288a7d9ebb,0x9843b5903413d780,0xab9caab442b5134c,0x71f65f5cff0dccc4,0x954518492b3ac2,0xea26ffef77b598ad,0x8f6d093dc6041a1b,0x4dfc89cc55f87494,0x4019a1923573,])), - field_new!(Fr,BigInteger([0xc1494b76f72de5cc,0x44d18ba4c9ba42ed,0xc026e7dd0ad20d72,0xb97b18a8d5c5970c,0x2e2b56edcde85323,0x49eabf9773eb78c7,0x82392943d3128e5c,0xdd6b9471be9ac365,0xbc3bed78a9a0b7b5,0xaf5732013481c9c6,0x98afbfdd729560bd,0x134b515b0b0f5,])), - field_new!(Fr,BigInteger([0xa4e1e15486860f3a,0xe61a1a7e616c9dd5,0xd0b4b1f0c51e2a7,0x88a47faa42be4d7c,0x8ca32f774e64b5d,0xdd438f4c00facab2,0x4ede109fdc60864e,0xcc84f6f93d318acf,0xe47514f71e87f920,0x90c643a66e57d19d,0xc11bce9a950769cd,0x1960840969343,])), - field_new!(Fr,BigInteger([0x10e1a229e49e98ec,0xd8222dfa449c1c56,0xc053f18e19668444,0x46d597bdba73f7c9,0xec02d636fd696126,0xa7c402757eeb3a9f,0xb50ee80acb964540,0x358565e6a667dfe9,0xf908edf756d75e90,0xe11c5fac1708ee24,0xfd1c1c81c1c4a9db,0x156da99b9a61,])), - field_new!(Fr,BigInteger([0xddd30b9aee55b1f1,0xd95b2590f2984987,0x1e542a5c17c94f76,0xe38b8ff09eb307cc,0x20de81d272c5ba8e,0x2adfa16e45b92b90,0x5414cf858bc45c5c,0xd7cee4849e50458d,0x4d86d41e473b9f56,0x825e9409463b49ce,0x389a0f975edd6a7b,0x1733da8c9bcc1,])), - field_new!(Fr,BigInteger([0xd6188144feaaabd8,0xf76c6dc9dbd511ec,0x54c0496ad4d158db,0x1d87d9d474d6921,0x357e6e1add4510d9,0x884ae9a3c8c849b0,0x452df4383ccbaf2d,0x5c4bdf304b0e712,0x769bdf2592f9b3f6,0xe142a1113c331cbf,0x48bf505814e5f05a,0x3ad7ae48dc59,])), - field_new!(Fr,BigInteger([0x39670ca40f86a36f,0xd7e7f7856862e765,0x20d9a6231a691f5c,0xeaa9069d45153335,0x780dc724c70e5403,0xf9662832d100f591,0x8b8a7838ef6604c9,0x1a2dc09235fa4e20,0x4bdd65919d47432d,0x370a243c0e93e2d8,0xe6dca36be6b6b031,0x1897951ec06b8,])), - field_new!(Fr,BigInteger([0x423af7a0a34fe74,0xd72a82256ed3071f,0xbc5ff4070fc9ef3,0x26323f8d6d35890f,0x217cd4ab5d61540c,0x8a18353e43bbcfc3,0x175ec1df3ddb9fd7,0xca73c22378e053f2,0x874e55e2311e3f68,0xf17302627c9305a3,0xf75b4a8dc083e183,0x180104eb26af7,])), - field_new!(Fr,BigInteger([0xb651e04b1b5ee4a7,0xe311b2ee0c0d6e8,0x12e5123dbd4df372,0x25b306effa6323f4,0xde6a7e766c592819,0xdeddd6905fa058b5,0x5778606a9456bf2b,0xfceba17b728980d4,0x215f86c98872025b,0x6910aedf710d5940,0xebb7f21487197d69,0x1a95c5a26f24a,])), - field_new!(Fr,BigInteger([0x1aa981aa380ab38c,0x46c66c82d2152992,0x2b3111cf56ca7298,0xf816593009864a5e,0xd7d0b230508c72f7,0xa4414dea3d12f1d3,0xda6c46f5f91319c2,0x65da930eb333a4e2,0xb48eefa5062e3fd8,0xf00812fa84105d36,0x6d053f4907452a4b,0x12add73de7ff,])), - field_new!(Fr,BigInteger([0x837f3809c95eb1da,0x669ecab9a1519daa,0x5e9ebd297cabdab6,0xcaa5e3a8ecea669,0x4cfdf3819399cd1a,0x8e5f536daf2e1bf1,0xeb772bba14e43f3b,0xb054fa947815c1ed,0x6ef6dea8603cb7a5,0xfbb5b15dc7a16d4,0xb68ea2cb514c1748,0x1c1f0b1224d02,])), - field_new!(Fr,BigInteger([0xfceb0cbe99598387,0xeb4e485cd6fc771c,0xccc9ca41dbbc0feb,0x6dfc3c66c7d3cf09,0xdc2e2892cf519d08,0x6a960957df4755cd,0xbb9a97f6a4d3123b,0xcc29630159988cf2,0x9488fcb7902cb49a,0x83490a8317943d74,0x97baccce0d288b8d,0x14aae9815de03,])), - field_new!(Fr,BigInteger([0x676a65c65f4aa546,0xfcb2d24d9a6d2a79,0xd5e539e7ac0ec426,0x2259890bc851a281,0x81bbdfc316d73739,0xec212d75b2cfffaa,0xafd9fe45aeffe081,0x8f3a95e362ed7ee5,0xe878ba0e5f50a8f,0xef6d2ba6950468c2,0x5268e25975ec8d4d,0x5aee09b623fa,])), - field_new!(Fr,BigInteger([0xf8092d6e05994cbe,0x2a69189d8e793632,0x91ae23dc2eecfe0f,0xffec6dc8399d26c8,0x3632bcfb85e1c58c,0x86a64e8c7d181c1,0x1909bbe10237a520,0x9529b086c7ff13cc,0xb9be8f73cf3ecb5e,0x48e71e60b0ad70bc,0xf69d6412dd99d870,0x32c6478e6f9c,])), - field_new!(Fr,BigInteger([0x1e00c0afe048c6c6,0x79b1472981e658e3,0xd121a364bf0975aa,0xefa01886eba8b7a6,0xc8e098608f38043,0x84d9fb21622dceb,0x5f8c5736702ef9ae,0x7e702115082ba625,0x65c65aa7de1b1762,0x8b76c602efec8e93,0xad36e720c58dadad,0x79e4123b8970,])), - field_new!(Fr,BigInteger([0x14b9b8765a786ec4,0xfa9309ec791694ca,0x4599156cbc03959c,0x4a6b91bd08b393f5,0x87033b387a25b8d9,0xde84b87546457583,0xdd4674ae70b3e48f,0x7c236daf7a8bbdb6,0x2786365fbc5a46d0,0x21370c92253c5642,0x3735031bea018e97,0x51f87fd4ea58,])), - field_new!(Fr,BigInteger([0x4d4aa586b61002c0,0x5f34ac4d538290cf,0x913f9724358a40ac,0x20a9c1c05cbbeac,0x8d282588957172c,0x8861548613f50b83,0x4d49fb96ed8d175,0xdd53a4323b5e21e4,0x1362c980b587b901,0xb2b58d2f98b2de68,0x9582cb2c0d45c6c4,0x763e34e8828,])), - field_new!(Fr,BigInteger([0x86ef07a8c9e4adbd,0x623c60c12765a841,0xbdb1071c934ee9c0,0x76d5ab3ddc2a9b34,0x601eb445e3451b82,0xd5b4e695b7fe3c1d,0xc15fc99f15a7617,0xeaa5b1515228d465,0x4ccf0fcfe5dfcc0c,0xa17387a175340092,0xafceeb352a5fe877,0x168f6ace6a975,])), - field_new!(Fr,BigInteger([0xa3bd37ddb695e082,0x6378a852baa5b607,0x9594598030bba9d6,0x3fd4446b72ce6826,0x2df6eb3d917ed4ec,0xe857d8867ed5295a,0x3018dbedc72886a6,0x7d51c914a9526628,0x1f9c2c5c3a0638af,0xbb9da536f620b0a7,0x169a22b0b261c16e,0x141e4bc823f25,])), - field_new!(Fr,BigInteger([0xd7703f3b1f222efa,0x4fd74ebbb5b10686,0x95e6c656e7f57f77,0xa2c057216a6b9c1c,0x65a891ec644d8b47,0xa8ab2484cc20996a,0xabe8402a17bdd678,0x5c4ebf2ade40a61f,0x6c0e0c05af2d6f06,0xe9444167d879b1a9,0xece64d2382fb6426,0x161374b5a30b2,])), - field_new!(Fr,BigInteger([0x80c103752e6f7fdc,0x3b181a0fd25e4d51,0x80d5b339f5c8b74d,0x20d2c3050c1e1b74,0x199a97b153432a78,0x845de1bb65d6914f,0xa35f9fb2b1910060,0xa9a7b5c838cf864,0xa5de5d01ae5f537b,0xa17a30ad03b97097,0xb3510d05fbfbe1da,0x1640a8589f709,])), - field_new!(Fr,BigInteger([0x17d83a0be5ee90f6,0x33dfbf7ca17f72e3,0x7c1efb7051834361,0x3da8019eecf4fa35,0xadaad8e44dd9cf2f,0xde5c66fe3e12f3db,0xcd36a86683875e5e,0x32370584dc02800,0xf10a3804cd5bbc14,0x6bf239473d093943,0x1ba911d217615db,0x844ef983286f,])), - field_new!(Fr,BigInteger([0x4437e9732008edb6,0x41dac03b17eeb79e,0x2b8541e106cfda16,0x7f0fdd06ae32f782,0x997ac198dc11a2e0,0xa6740c0aee751a6c,0x4e03e0a05edd3ee1,0x19c44244ccb44254,0xc706ffb4ae4c4475,0xc1d12995818a268f,0xab04338fe785c0b6,0x60cc123c990e,])), - field_new!(Fr,BigInteger([0xa751169d1e11e22f,0x1bb43797fa51b9b4,0x4e2ef360d15414e4,0x6c5d6ebe080d4acf,0x2ab958ca8ada5728,0x86de0cbccf26e7d1,0x61228285f32ee9a6,0x9e8113c17da72cc9,0x9bd23613bc163667,0x27cf7ad1c628fad7,0x2f88e115e246e688,0x18aa76d71201e,])), - field_new!(Fr,BigInteger([0x9981f6e98c1cfa09,0xf4fa1d7767981252,0xfdca0d52eadd6e66,0x64a793d32e212896,0xff4f1ddde3fe376b,0x8f3938c0c83987a4,0xdf29c1d2198c7b4,0xa547a651b6962663,0xe3110aefd539f247,0x235d6a64437cb60a,0xe8994a240a55fba3,0x195c063d08ed6,])), - field_new!(Fr,BigInteger([0x74d6cf0f7299bd8f,0x4c36e3920cc20ded,0x5cda391002791048,0xf818f4afd5500cba,0x3263c9d9d744e3c1,0x2d7f5213d2eae8b4,0x5f898784825ddc37,0x3a688eb9e9d0ba87,0x142beec513b3a8d2,0x917c646971c4ef,0x6b6556e47ba85c6f,0x130be5bead2d3,])), - field_new!(Fr,BigInteger([0x4a162705f731381b,0xc4f9951d0cb7dc01,0x60afc3cae7f321d8,0xdec7867f34cc65f6,0x2bc5d0b89ad73dee,0x2209f2819c7ab122,0x7630bdc6726d6729,0x798d6e25b2baf271,0xeffd683772ff87ac,0xab7c06b74c0bf5bf,0x84dc93c6dd5586be,0xcf337452aba4,])), - field_new!(Fr,BigInteger([0xe8ef740dfd524f88,0x7e91ab9feb2c24a1,0xf8c1f45d9b1b70fa,0x9cf14cd876ea9def,0x22d9a76f1b71a4c5,0xe29d0850b0997dcb,0x39ab111005c9bc10,0xea81e0275493ab32,0x4d1479b573ed7c87,0xae1a013644afdcab,0x395409c2f93caf3c,0x1abb805b13325,])), - field_new!(Fr,BigInteger([0xab391dff32c1dd18,0x8401c9cabfc7fe2,0x73cf8dd33d2b3e43,0x2aa9b23943893c27,0xc69da1099fe94cfb,0xa17e269008bcfb72,0x776aecb732999d13,0xdfe66e925a57685,0x20581f8c916109bc,0x607733b395ddf65f,0x4fcd07b57e7ef6a8,0x179deb9b81174,])), - field_new!(Fr,BigInteger([0x93c5d5d34e90566e,0x8d1cc25e7e99571f,0xf4647c54f5c7bde8,0x93c87bdebec3d426,0xe0def1c5589c4e2,0x515690019df55d84,0x5c6485ae2849609d,0x9c411ccbbae27f2c,0xab79af8f793e5a7e,0xa85aa1edb20708df,0x5e0c3e863fd3b694,0x669d6d3ed50e,])), - field_new!(Fr,BigInteger([0xc2a1b3ae3f73b692,0x397184e8fee23eea,0x369e6f4c2e7b7d8b,0x2a65b9c11432a934,0xca4610366281355f,0xd9e457c535ad1767,0x22d13b70b7bac911,0xf6f5b6c34d6b7ecb,0xfbe08722379ac2a6,0x4e2a2171f19eb5d7,0xd82df442c87bb606,0x1526a709a55b5,])), - field_new!(Fr,BigInteger([0xa0f14a1d23fac98d,0x1a29021f4398f22a,0x6c71615038544c67,0x7a1563867f18ba57,0x8d08daff93ca30d9,0x7e3e9c4a298d67fe,0xbce2fba79c324a47,0xfd12bc4d05abe7e,0x657d740f2b19835c,0x8ec4a42323d60abf,0x1b847cd79e44ae4c,0x508baae8ab5,])), - field_new!(Fr,BigInteger([0x89090b871fe13999,0x20c0848d315e6648,0x98cb64684402e18c,0x2eed80d183960be2,0xe18c275ce59334da,0x32a5d16c80d346fb,0x6bcc56b671ab7104,0x700202e50c8b5bef,0xc4bbab192d091da4,0x9720f26c87e735ad,0xeb0214dbbe6ff5d4,0xe6fa84596983,])), - field_new!(Fr,BigInteger([0xc43b076970d477ab,0x74e214874710102b,0x473e38884b9a2e74,0x82b65090c3421c9f,0x55ef8ac21d894529,0xb63d8868d656daa6,0x5c73398bcf24e160,0xaf99f4b01c453137,0x5c21e01706959f44,0x59564067a16f2fcb,0xa9f38fb851a35627,0x13b0f6b857827,])), - field_new!(Fr,BigInteger([0x8660639836c9ebf0,0xf09bc2cb4117a6b5,0x4884716ae23ee1c4,0xdc1860c7aee7e77,0x87bd757b5679c7c7,0xcd87f0961e24fbd6,0x3818715d6f5c7c4a,0x45dffef2540cee66,0xd1040612f83e8c1b,0x66124db8b4242c15,0xfaf3b54fc2e3dfbb,0x5c8d900e7f01,])), - field_new!(Fr,BigInteger([0xa5f8c5133ecc08e0,0x2d92b8a35a7f4c10,0x4689c903988890dd,0xb7f214363b1403f6,0xa67c7adeb36a6da8,0x406866514088578a,0x22a818d0366b44c7,0x45a8840ed5140c86,0x2eb25015ab336f1e,0x2aa71df79f2608f8,0xcdf41c3c1c0c4c60,0xd9b129d9a468,])), - field_new!(Fr,BigInteger([0x806ce11e5e2f14c8,0xcb00d10a25bd8d31,0xfa50ad337fe824c8,0xbeb429fb4b19f069,0x8d3e0ca7d23febfb,0x4125d5fc77ca969b,0x73997daf2135bcfa,0xcb9f896b092d2ebe,0x40bb449980c00533,0x21e35977c44e681,0xb9451469d1ac321d,0x114cf7a862e2a,])), - field_new!(Fr,BigInteger([0x84f6ce6b4f28f385,0x47647f8f97424925,0x97b3d34ef0559781,0xcfddbd52aa618283,0xe62d7c3f4d6b323c,0x15829503c20ce19b,0xcaed4ad4496c5cca,0xe7b1d5a74cdfebac,0x378c6cd50edca7e3,0x300b1226e2afda49,0x4236bfa39e0942ac,0x5113d1b2a25a,])), - field_new!(Fr,BigInteger([0xb1e91c80002b2369,0xb3ec92e40a8e2095,0x7ec3c26acbeac0e6,0x8cb692632f18bb5a,0x71e905739d237575,0xd6d6e160e7c3a221,0xb6951b516da0b60b,0xa3f65834948bca47,0xaead9243538f4e4,0x704ea62c38399e0a,0xa8efd04d5c7deb34,0xfa148f8f9ef5,])), - field_new!(Fr,BigInteger([0x5929dc632cf4ca5b,0xcea52dedbbae44d6,0x13c8025f3a25baf8,0xd44c438057c7914a,0x683b537f8bfde3cd,0xa99964458609df18,0x4f3f878df4ed2cc5,0xa7ad05ce4b40d8cf,0x51113032e7229217,0x14682ed2d390b941,0xbeb1cf365b475576,0xa66c865c386b,])), - field_new!(Fr,BigInteger([0x21d2f2cb9cae5609,0x152c5156572ca68a,0xb152f168213e058f,0xf5f9f1ad2c4a055b,0xce452c720d639567,0x2f66aa636dfff089,0x88a6f307c846c16,0x4f7ea7fed8e50b4d,0xbd766621e09aefe7,0x9512e4c7036bb466,0xb2e4dea89560b5d0,0x12c8d99aaa521,])), - field_new!(Fr,BigInteger([0xbf5e608cc83183e2,0x51650099d52cfc58,0xcc3e11711e1f48fa,0x213e2de5e969a298,0x3c5fb16b37f77905,0xf2622d60bc7dccb6,0x3c56ed58efdc4c02,0xd40b573017e887cb,0xf4e08096dbcefe22,0x3154fcbadda5c5de,0xe4b5040eefc061ba,0xc3e7df915b1c,])), - field_new!(Fr,BigInteger([0xb9a4aabf98a5de21,0x91eb25f175ac7db3,0x5f4d85c51f9acf04,0x5c4b5d8ad2b9b0ed,0xc45be335f13e8358,0x9b9cd08b39601909,0x5cf1067753159490,0xbcbc0ca257a82e1d,0x38c7ab10f718e4ff,0x6e42c446ee085d68,0x42d96a42ee1b7874,0x128f8aa34b239,])), - field_new!(Fr,BigInteger([0x988e6ef36b542c31,0x7d8acd7d28bdd1b1,0x8214d8e1a49bf905,0x267a6b34fb7ccfd8,0x14da41aaf0583da5,0xa255597959be494e,0xdd3ac0b484ba7e31,0xd3907756beeb051e,0x4b184f7de7c4ae8f,0x92815883ec0aac17,0xedcbfb791a1124c1,0x10266b3f53f42,])), - field_new!(Fr,BigInteger([0x27af624481e6e9c7,0x251b72d03bb2d1c6,0x614c71dc670a7310,0x70b36160f25e265,0xbfbb5114fd8188e5,0xe9e090a66f29d6aa,0x7751a00400e69f40,0x595fa38c1af5f013,0x4644dd042c3c3253,0xcacc6b30f1abe9be,0x3871fea544731edb,0xfaedc390dbe,])), - field_new!(Fr,BigInteger([0x28ccf99444f78eab,0x2ed2dc03f7276d20,0xfec70ff3e543d179,0x3e8d30c3f6d93fa5,0x231c71cdc32fd147,0x5a4679e1c9ebc900,0xfc12f19742c67e75,0x1950c4b6e1b68dfb,0xf6228f810dd74e55,0x76dfe2f4163379b4,0x650bf4562d555b4a,0x1ad9f07cd77b0,])), - field_new!(Fr,BigInteger([0xf2635fd5cbaf1c21,0x2916372cafa5675d,0xb9eb38237d61c9ea,0x27518c445be3942d,0x67042d5531f676c7,0x4f93d4ced08b6090,0x5297f425aa2d0675,0x56f333632d39dd6a,0x6e20ea48eaf439d1,0xe3c125ebe2772c9e,0x22628e5a94504483,0xf1f75dda485a,])), - field_new!(Fr,BigInteger([0x33bea26590cbfe6e,0xc9358f01c8cc132d,0x5971a6082b175faf,0xda3bdff0ee792d9d,0xadd00964ee6369b0,0xa898c1ea485fdf4d,0x654b9d73476a1948,0x229dfd964afb82de,0x80f7a02b29975b4,0x3f843c3c9e436492,0xba88ceeef19011a,0x121478fc8482c,])), - field_new!(Fr,BigInteger([0x2626bff8301fee8c,0x3cdca15a5eb39673,0x716aaf53fd50e923,0xbf44a51c317101bc,0xc48c111babfc7218,0x2d2bb24bd65113d,0x9dadc43055662633,0x9fa9e657d193d52b,0x245ff03303b0e3d9,0xfb0208233a0ebcd3,0x6283f0752a2af0d3,0x172f8d631acc2,])), - field_new!(Fr,BigInteger([0x466b381d2ae7fdd2,0xce746cfb2c929cf,0x21b8835e5b9467d7,0x8638bd02d92d4f87,0xda5130048b13580c,0x36e6e28f2e26c449,0x77ed800f8868d373,0x175348f52e6039a1,0xa4786354c139228f,0x660405a241b2abf,0x59287d0e3d700df1,0x1420a287176e3,])), - field_new!(Fr,BigInteger([0x9ae2dd54b9e35edc,0x9edd296372c3966,0x10d508e69ba8e24,0x18980488bd9402c2,0x4be5d312ee6a590,0xe54996d9a5c5758c,0x50d44c0c8259d367,0xa543fac3b98db521,0x4013559c2d068da9,0xbaf4b0974a3eaabf,0xa3d1d905bba12ac3,0x55fe915d2464,])), - field_new!(Fr,BigInteger([0xa12b8888e4373ab2,0x613ac8e268dc23a0,0xe40029ab8ffa1308,0x8c0cad227da78d53,0xebb53ef6d86f7718,0x6586476dea417a55,0x3cebc5d06701a674,0xe43c612de433c54d,0x103f4572b1535cf1,0xe5ae970ead65c070,0xcd96b854fb54eeb2,0xdbd95e70ab2f,])), - field_new!(Fr,BigInteger([0x5c392663b591e695,0x596d76e19e02c1f9,0x34d6ce22a10d0e3c,0x5ac47535d47995e9,0xc4530fd6de5117bf,0x9730681306980b82,0x29313cdf38d84997,0xaf8d23c2bba5dcb6,0x500687faa715a4fa,0x87a6478486ecba38,0x70bec0f6e19b98cc,0xa4683cf44135,])), - field_new!(Fr,BigInteger([0x5599d4fab58d13bb,0xd296da14e84b9ef0,0x42a5219e690adff1,0x195b59dc20bf967e,0x41b91aa3c7e3e13f,0xef577f44ebd03eba,0x6557cff1363d512e,0xcc301638cb6d6cbb,0xd701a219fc3a2eaa,0x337c0d0595d1997c,0xb0ba75eed9416615,0x13f00ceb8a532,])), - field_new!(Fr,BigInteger([0x73c1c29b940cc102,0x3b15744b6425e546,0x69e32383236e9e08,0xbc139e2936ee728a,0xf1873b2f7a1107b,0x36238590d69dc6d4,0xa64230e4915de68a,0x7f7465d2138468d9,0xb9c1800ac173e514,0x40fb093a6daebc7e,0x7ded5c4abbd2a47a,0xfbe53512aa45,])), - field_new!(Fr,BigInteger([0xf4f9c2a0410684e5,0x11e39cf5572185e8,0xa2dbfb52ee62bcff,0x7c050a533d432625,0x42a70c06d72c112f,0x10fb404dc43562ba,0xeaa5b4af1baf5c40,0xc371b9805481fcf4,0x415f3ae0227634ea,0x4e7c58cb84554cc7,0x6fcc7fe1fc6568c7,0x1317f9626fe,])), - field_new!(Fr,BigInteger([0xbe577ff2f3615fad,0x22a4721dc15c4f9b,0xc12dd44a3f19c713,0xeb0345347518b4d5,0x7db2fe9e9643f43a,0xe244833bba98fd5d,0xb44e24f2f4eae692,0xc9e0114e3386cb42,0x436b61412f5ec38e,0x808f1cb5ef9245df,0x4a88daa7f17edf23,0x91f7e19f3e05,])), - field_new!(Fr,BigInteger([0xb9ffce082d1698f6,0x6faa0247002d1fd4,0x87cf0e4fb6732bd9,0x628171dfece85879,0xccc56c0a10f1cf1a,0x1aeedf6eddf6f3e0,0x7f7551f1c9730b69,0xe0b05779bd3829f4,0x287ac7afa2c98c25,0x5e8a59a30796f984,0x3e2f165eff442dc6,0x1a57148959b9,])), - field_new!(Fr,BigInteger([0x25bcea739892218b,0xe6ee0f69ee83699d,0xec5940a311fa48c9,0x494144316defef6e,0x57bb80ea9a3596f7,0x85986e639e8b2f9e,0xe8a0a2357909252d,0x72d6ae983c09795b,0x14f851091bcab471,0xb7bffabeca7693cf,0x77fdaa485c22c33b,0x15f900f79c26c,])), - field_new!(Fr,BigInteger([0xf069eba787042ac5,0x70d9c8a4817e637a,0x7d2eabd53cf831d6,0xbb4c08ca3ac85162,0xf9ba72e8d9dc81b2,0x64fe82708d1db593,0x474cc46af8356fe1,0x39330bd38e28fedf,0x5ccc2c98a8bc6ec9,0x3b7d80b9d404fac4,0xc8a3f6fd7cb9cc3f,0x552238a5050a,])), - field_new!(Fr,BigInteger([0x7884473a783ce0e5,0xd357c0beacf1319c,0x3dc6675a8985f10a,0x9533f0efb0239588,0x1593910c89757197,0xbdcd0f0d0234f38b,0x393b088ec0698266,0xebeb07465b28933b,0x3aee8c5594fd7b6,0x71da16aa39be094e,0xb3a092a0f3c4d4db,0xb7a9828ec7e4,])), - field_new!(Fr,BigInteger([0x401530e0cfa1168e,0x717578f72344a5d5,0x1e04b98a4d7f0e3f,0x77fd513ececeb369,0x995654ff0b89ed3f,0x2d0d9786c2d6339a,0x97de87ced1c07983,0xfb0579f68e3d5add,0xa06d431b730382d8,0x5bad3379fd95c6e8,0x4924dd9517c6195c,0x138109d1111c8,])), - field_new!(Fr,BigInteger([0xcfbe9fdef386c6a9,0x2c4632cedf579dd5,0x38613122e2b8fd4f,0x97f771a3a4bf3c73,0xebbc473cbcc623f4,0x813174c12bba11f,0xf8ab2f3a57a0039f,0xf6885ddf98c0c8a8,0x46a403c7cb35d5cb,0x6507a0ef4414268,0x2118022dad224cbf,0xb84292451a2d,])), - field_new!(Fr,BigInteger([0xc8a3882e0a92f387,0x40beddb74dd131bd,0x1cd168f54f7eb939,0xc25d3de2cd438587,0x6d37c0781d9566c6,0xc3dd653fe77a21c9,0x688f425c8025be20,0xfbdc046d941cc4c7,0x774029cd716f5e87,0x7b5f2240e4af99bb,0xd3a4f49378ba17e7,0x1c144c2727dd,])), - field_new!(Fr,BigInteger([0x156568f14c30fbb3,0x974c06f5626b6477,0xa705a4796f241842,0x557b58413d4e3015,0x73ae7a068cc143ff,0x1808b2adf9d193db,0x22024654d27280de,0x45fb930b23b5f05a,0x7739bc984c746e72,0x24e6f318cb65a7f8,0x514ba5a4c15c4b02,0x2f29651a65e8,])), - field_new!(Fr,BigInteger([0xac094bfb37195890,0xde29f82d8c5446c4,0x28f6258bdeb130c6,0xcab211935c4c6094,0x820a700acbc8946,0x55594544da9097e,0x4552934976880ebc,0xe81258f3f7ee0416,0x6582862e21fe62a9,0x202223b3ecf85c33,0xf4f71bbe19d84e09,0x3b7db4680fe9,])), - field_new!(Fr,BigInteger([0x5d404a70e9bdc533,0x701af90dac9e309c,0x5f4e14acdeab3fce,0xd86bcce61f5785c5,0x745617eb4d7e9bd9,0xa28fb4a9e45fa3b6,0x2bc9c00c6fd57332,0xf2d47d72fb43d7cb,0x8ac1b54ff75075e,0xa8866e121619509a,0x1eb091ddca68a1be,0xa2b7227295e8,])), - field_new!(Fr,BigInteger([0x7588cd86e0538e55,0x2589256e04631cbd,0x4c686871a683aabb,0xe1dc06de6c68ba5,0x4ad549852bd64772,0xe267a84f62953cfa,0x94784b5f26aa8ec5,0xb2edabcc88f93f50,0x118d2cc3617472e2,0x767b3d5706e413f5,0x420b60223a5fa6a8,0x16ad171600642,])), - field_new!(Fr,BigInteger([0xae55d770efe976c9,0xbc3b66ae0f134d87,0xd1325ec1db21a33b,0xdafdf6423b401e5f,0x9fddc0a8a50a50d,0xd0bf42db2473bb34,0x185f2792bf863bcf,0x918bb786e36bbcbc,0x648082c21d025f68,0x8ff1d47abd90b9a6,0xadbd8ba96632c123,0x13c6cf85a38f0,])), - field_new!(Fr,BigInteger([0xd4e02c8dbd92402c,0x4c3a68195c0c0460,0x498cc317d8927faf,0xe2215502a29339c4,0xff73f07ad9d32350,0x75a8696ce0f13713,0x391c1bfa392b0ed5,0xb98e32182a1dcae5,0xec42ebb1a301dbec,0x6e455844e1df2d4f,0xa98ab906e29cd5bd,0x16993e9734dfb,])), - field_new!(Fr,BigInteger([0x845db3f83bef27a2,0xc6eaa23cae65ed9b,0xa82eb06c4305f063,0x2ac6e04c21b33212,0xefe89d13c359023e,0xb99b597b77d3901c,0x1c9097570e4ccbad,0xd5bae9d203c41e79,0xa5221bae4e3c12a4,0x6ca8cad89a79ef33,0xd674477bf3276e84,0xa94a00ed6b00,])), - field_new!(Fr,BigInteger([0x2ff451d2075c651f,0x4e0e143b116e7968,0x64652d64b8c91b2c,0x8842fcfaa3f575a4,0xec214004743532d5,0xc1ca6faa3b059943,0x50a8a99430c11856,0x5569c10f4a353d72,0x22a8b8f9e4b9481c,0xb6e3f059c8385189,0xbb1381c89cbfedf9,0x14e5156e45a7b,])), - field_new!(Fr,BigInteger([0x9f82700fb2be5ad2,0xcc03e659a1d14f11,0x34073ff913ae7bd5,0x5c000dba9ef1a3f,0xe7451f9827c6762c,0x8c6b252d92b93a57,0x34795adbc4a70f6,0xc57a74f13fb6577c,0xc20bc03d0db0a074,0x57700b6230666abd,0x84c0af14df5760f,0xb251d77fc9b,])), - field_new!(Fr,BigInteger([0xdc5713ee49e805f7,0x6f2ac87749523e2,0x9c8704cb41cf9923,0xb9ff42401e80d3c1,0x94128ae476077741,0x54c35fb4ecc9442f,0xe07247d754d3fba2,0x25a275a643446976,0x95724f4d00b8037b,0xdb69c1dbb5d0efd4,0xff8e5f4ba06d1046,0x14805b237518c,])), - field_new!(Fr,BigInteger([0xef4a73cecb5e761f,0xd09da6dd756d0b61,0x5919307ff1063d21,0x555277b8c1d5f140,0x144a34b641770504,0x772bd8dfe11b2a71,0x15afc905b465199c,0xad768072654785ce,0xc3c0e325981e8749,0x7fefc95d14160139,0x3007486f7f3d64df,0x64f6e4c8a925,])), - field_new!(Fr,BigInteger([0x6b593c6894614ed9,0x507f6233b20381e0,0x5bf103abd1939ad7,0x4bb95c906491c4e5,0x619f3f77f1d77ac4,0x78fe05a00fe49f6,0x1ef09ac9161821f7,0xa7d53a18dff19402,0xe44577991eda2132,0xc3f423757fbdb268,0xc31067999993214f,0xdba7ca7cadcd,])), - field_new!(Fr,BigInteger([0x98ca201452b1f16e,0x2c4e0d10b0aefb8e,0xde2d7589142b9ac2,0x411319bbebf9e85,0x23a165dfb92a835a,0x27804de9504d0ab0,0xf6a9cc8944571fae,0xfc53b94610192fc,0xcb269cdb996eb2fe,0x675c33f96862df99,0x2041f285ca6e1c9f,0x1ab20265560f2,])), - field_new!(Fr,BigInteger([0x41df73c35c4c9f54,0xc3c84d1402e5e6ad,0x784f41612f7900f4,0xa51da05deea5066c,0xcf6718f2fc42cb4d,0xf7cbf8c805cbcf66,0x6d0032d0369e295c,0x6945144ee8376159,0xa1d342ed51f60b7d,0x2b36b1ecbc997eeb,0xf42f0517cfffc18,0xd5e9dca972f5,])), - field_new!(Fr,BigInteger([0xac5dd4311df958b2,0x1c87db1bc2e56587,0x2f064d02518e3f0d,0xaba2de6cce73d737,0xcd845ce8431306f2,0x9309917d7d3caa64,0xcb969977bf00be0f,0x9068fd158dea4ea9,0x16ad65edc6c89782,0xfd177f051d03e3f4,0x91c61f4e9414e0e2,0x196cc282fa8e7,])), - field_new!(Fr,BigInteger([0x44c4b98d7fae8ae6,0x1a1b9743c87eda36,0x420f1d29a3c75538,0x9156408a5852f069,0xf278e387c44668cb,0xd865c7ed98b12991,0x7947c97278e98888,0x2d4119d0a7f01634,0x15561c5d4524943d,0xb0408b542fcb23e8,0xd4feeb5470d85861,0x1a998a2c66943,])), - field_new!(Fr,BigInteger([0x962efd6383f3e237,0x3513304356bcc019,0x17aae854440e38fc,0xa3e1a2fcb60ef7f1,0x632c0e8c1fb873f7,0xb10e1471b7493d43,0x3a0db482548017e1,0xdb0f40e7c68a536f,0x3e4f633d407f06f9,0xcb4e29ee7e8bd38,0x124e0d4149ca6926,0x1c29cf8d20433,])), - field_new!(Fr,BigInteger([0xeeb2fffeb0484b5f,0x5f49d7874113e11a,0xb18f3913d66f5d5a,0xba7f0e73d129a1e7,0x237d75f3cadcf45c,0x27aba89b68c3c4c7,0x6599e5e1835b5010,0xbdb105b9d74053de,0x6f286cce4130c308,0xfbe50a3e414e9b9c,0xcca0f8278021430c,0x6087e46cfb53,])), - field_new!(Fr,BigInteger([0x19cd95f86b2f38,0x47706f78da5096ca,0xd78a232cdc60b697,0x900bc52aad89abb8,0xad8d443d51bb0954,0xbf57c4cddeddb8d3,0x8c0cf811ee00ede7,0xa3bf25f09181197a,0x5500448b119fda7a,0x9c81d852b74df5aa,0x8dd9463afa8e9e9b,0x10c935237f5bc,])), - field_new!(Fr,BigInteger([0x2dbad41099ebc407,0xc6a3cb4184dd6fae,0xd64952ccb6080c14,0x2b0e5c91fb6ff2cf,0x6fe7cc50efea6c2c,0xf2988a94dbc84336,0xa4ad178f84ae0e2f,0xdaf7c9bea9ad160c,0x8ebd5b0f695230cf,0x6166f5fa4ccb0d77,0x6edf9b9c47d6d42a,0x1a483396f2886,])), - field_new!(Fr,BigInteger([0xf347dfe2cf56a947,0xa7b08dbbe2696f84,0xc828da43e54f9008,0x3b0b0b5ed372abd6,0xe5277dd55064d606,0x267b083af2587c6f,0x488583c4f4986fff,0x9a5865fd38c2a085,0xd6f374be8eb75848,0xa47a051fdd0ad376,0xa383b86ea8790fef,0x1b6d28d7fb1dd,])), - field_new!(Fr,BigInteger([0xde7ae2dd6071d588,0x7f45d064e1322f16,0xc7244b368cfbda2c,0x6048abd20ea6f703,0xf76f1b21f8eaa297,0x54b95d4009e86875,0xa8e75a6b1bbc0f09,0x8ad630c05ebc4460,0x8851274ff344b6a5,0x2b3cc0f1a034802d,0x8d21668f1ab8e72d,0x15248894f256b,])), - field_new!(Fr,BigInteger([0xe3dc60dcbb4a98fe,0x23160eb63c24d4b5,0xf24788f9ed15ae1b,0x4a9080bf2789f441,0x925274e2665c5f03,0x8248ae71c0d133a5,0x2b10ebf5e32aef34,0x2be5e8a9f9346245,0xce39e516a9cd6a81,0xd5239b6e04c15bb4,0xb61019ff29255234,0x1ac2a7464ef5d,])), - field_new!(Fr,BigInteger([0x7c951958c20825f3,0x8253b0164c3f502c,0xd386b1b609708f2c,0xcb43181c3bf3d11e,0x7bc8b61a513009b9,0x631b53329ae01e4f,0x3aa9d3ccc62d4e71,0x8e1880a14dbb66b8,0x93d26f10749ee66c,0xa9c4fb77300f9661,0x1eda8f69d8f63116,0x605ee1cdbab5,])), - field_new!(Fr,BigInteger([0x2ac6a1642040d160,0xf9b6ec186b9a3ddb,0x1b7b59c1a2e6f995,0xf422ea9be1f97d1d,0x5afa999df1db6311,0x3a2b0beeef028bf6,0x5430ec6625e45e12,0x73aab9b4edb32ce3,0x372af2daf6d28c55,0xf6d67063611bfc58,0x417107aec7750e35,0x11950e1c2544a,])), - field_new!(Fr,BigInteger([0xf09cfcbe4b9c901f,0xdca43784e65b4e84,0xe620f434f9fcea86,0xca98f92bedce4f89,0xe435c32c68a54adf,0x6c63b3f8101c3ffc,0x73654f6a92238aa7,0x38c75afe9ce4c410,0x98afa5e7326191c0,0xb0ee47357cc20686,0x836ed0805ce14e7c,0xd54b15a85e,])), - field_new!(Fr,BigInteger([0xc0992c20b8723510,0x5d759e42f812d8fb,0xa5945ed459cbccfb,0x29bbe28ee136746,0xb6f4139910b90e07,0x65d20354eb67b0c2,0x398b88f536a86c86,0xc1d6f10b74df49cb,0x9c837c431eda3f7b,0x14e993ed62729b44,0xc63e018358b9488d,0xacaee5dc0dd2,])), - field_new!(Fr,BigInteger([0xf3c5df96761c6718,0xf6fb2e70685dd1b4,0xd40161fdb28759a6,0x461165b69d9c62f8,0xe041b8dc36b54e21,0xe9725833866bb8f,0x43dbfb7d91a6863a,0x7bfdc8989282685b,0x5907d5752e81836c,0xa7f9718b52fb3f72,0xb999a5139b2c93ed,0x8ed8d650adc4,])), - field_new!(Fr,BigInteger([0xddad8ad9fbbec223,0x844ab5b35c1764af,0x1ba2c746560d740b,0x7338a37c81814ea8,0x48d0200fd59b0a99,0x439fbbae3c217ba7,0x58f8a6952a68596a,0x4f263f4fa2714f90,0x589b6852b668c727,0x979876675a6d6559,0x1744f6574e3ce698,0xfec58dca8935,])), - field_new!(Fr,BigInteger([0x2eba985e8b061a24,0x29d333d6f4e982d7,0xc27ffc44fa6e9fcd,0xd2c87e3c4f13476a,0x5b95acd8297df971,0x847f654263361cbc,0x4d2cf0d88633d608,0x9df44da9e929c5c4,0x256811ba9aa4879d,0x2622a37b7d76062b,0x2b822c10faf2be90,0x12547330fac09,])), - field_new!(Fr,BigInteger([0x251b33c77f6609fc,0xa1eb119fcc8fee68,0xe2d51e2a2f76d4d2,0x2b21f4eca62d927,0x7b7052038ebb6a1b,0x52bc7bc4d2113166,0x42e919d25dd791d1,0x110b226ee9adfb4e,0x8c784a9319e3067c,0x9532de11b71f25eb,0xbbf62465d422848a,0x1720838f50b19,])), - field_new!(Fr,BigInteger([0xf2de422d76c6307f,0xd5b0b65f6c662881,0x1a235cc434321c8f,0xd1ac878963a846e9,0x3ebd7765d053e23b,0x11af8b7e6ac50995,0x18595c761773f436,0x3a8ad7c684fe0c45,0xe26f52f4660cf47b,0x44c94f63ed492298,0x7a40f342ec430a31,0x19db5a07e6118,])), - field_new!(Fr,BigInteger([0x1bcd74fcd16cf5ba,0x6ce6039a0f48fe2e,0xef20b66966fe1122,0x3b333ed5dec9c056,0x954be6008d5ac282,0x6a256e13e8642470,0xbf0bf8a9cb9fec4b,0x2d78520b740caf5e,0x2769f63453c0338b,0xa49ca8758eb46b5b,0x56dbbbddd2c52931,0x67c5d89e6ba7,])), - field_new!(Fr,BigInteger([0x4b026c57fe8c38a2,0x67d3f0b66d4feb2f,0xb847de703383e335,0x7db30212088736f1,0x8ba13d378af6327f,0xb89d34cb1c174e0e,0xaefe2464e3de007b,0xf47270962abda9a9,0xd1185fc2f29f04f3,0x33acae308d7bae1d,0xeaac0935f894b196,0x7d293b070740,])), - field_new!(Fr,BigInteger([0xc629634cc549f5db,0xa25fa843b423bc2f,0x2e2705f381623632,0x8b46dc5d8e0f2ba0,0x8ec03fae9871057,0x2b5d8aab1f14879,0xf93a1f454b8e8ecb,0xe76787b90972693a,0xcdeeb5297f3541c3,0x9b2a54c5218b2dbc,0xf150fa4ebe586807,0x15cc462876c91,])), - field_new!(Fr,BigInteger([0xfebbe5974efd47ed,0x564a64c65158a7a2,0x46dfa9ca462d78d3,0xaa966926b4e7350c,0xe689981da491b71f,0x34da5605d33e28a4,0xffcb9bda564fa9bf,0xdd06369a4a8ef22d,0xb0b9b03233baa7,0x399d17725c8f7f2d,0xea790826eb8dcc5c,0x12654b038a096,])), - field_new!(Fr,BigInteger([0xaa6053c0ae0555a6,0x885a84674ef32e4b,0x6e23f8a4fe0a0f9d,0x23803a09a243855,0xaa6b94c3a0c6e95a,0xfbfa87affbeee69a,0xa2f81b8ddfaa795f,0x386a4ebd7668efb,0x636067e3909fa68a,0x24f248c9d2e501a7,0xd1bf9f8693dfaf15,0x26b0ea89f3f,])), - field_new!(Fr,BigInteger([0x8175b9427c9a50e,0x7df2707dd7679357,0xa1505ebdbbe8e3f6,0xa9e5954fb881ad95,0x253afd1997e0131c,0xf0973bf86718a78a,0xa6e00f179cd40315,0x2f6a0f57abc385b6,0xfde1b2bdc1870349,0x23b6199c321ed8c6,0x3dc991c5bdd9925c,0x1b792a0482e4d,])), - field_new!(Fr,BigInteger([0x949c6e64a32959c0,0x373687d9d0857d78,0x7c95581d9daff14c,0xffe793c95400463,0x925bd6f651c2803,0xda4e401f675114d9,0xfa824866ce5761fb,0xb0afb0b08ed20714,0x8714949f8f26b739,0x6760164912db91b1,0xcc474f17a82ef295,0x1a753b3ec93f3,])), - field_new!(Fr,BigInteger([0x7c15d383a5e61506,0xc63d0f0e87155d6b,0x17d39970bbba5a58,0xbd5b9dd4e26d0214,0xe174367a62442922,0xb21a2fe4a2015ff7,0x9e4eb9f78895691b,0xa1d0e88af43214e5,0xc343aa2021b0df61,0x313667ec2734f099,0x144bc4b7e73092e7,0x146957236d237,])), - field_new!(Fr,BigInteger([0xf82d16b94a238f09,0x590b15d54016b65c,0xa0dc2db444d53239,0x71d01766e17b669d,0x2bc648b5cfc73b5e,0x25f1f34eff6a1891,0xbed03e087a7620ad,0xf37b7a8dec3e3d3f,0xd86e4a852586af64,0x71d7c78618cb9136,0xbbfb638712e7fa30,0x1866cd70d1a21,])), - field_new!(Fr,BigInteger([0x873563678a5d9bed,0x7a9cb4683aa01303,0x539c4d73a0432f3d,0xbdefb2fbfd2655df,0x7cd948bea6589b74,0x1010757b45355d44,0xa8f81129bcab853c,0xd2d277d3b33e265f,0x8af2b36ca3313579,0x7be4d13e01cce6ae,0xba0e7178fc52c83a,0x2292003bac16,])), - field_new!(Fr,BigInteger([0xe0fe4fe8a370a000,0xe2e261b3ea1f6554,0x6988b2f361711a65,0x70d570fa008f71ca,0x17f6a0ac9bd35c82,0xc8c52130ec97743b,0x11983b99f0e1574a,0xcf898ef74afa3011,0xd87c10a0691e6c65,0xa72a4861abade46e,0xfa270d4bc017f37a,0x155657c7d570a,])), - field_new!(Fr,BigInteger([0xd4ed68afff88b57c,0x5a9df6e2e0ba4730,0x7cda707339b38cb5,0x1ca1c19f554449cc,0x397653b871a0e9a5,0xda8ee1e42d8bbd64,0xbb1693c125ed17d1,0x86df44f345d07e68,0x1b16acb1ae025085,0x6cb886d81113e379,0x8710154496a8045d,0xd98530c9551,])), - field_new!(Fr,BigInteger([0x1131f9398e258559,0x3f20da687c1dc823,0xe3e70cf0b017ae89,0xa118f1cd940aa754,0xa472ce96d5a2721d,0xf9becda673a19fe9,0xed7e00b79e01a01c,0xc522d37391b6a28f,0x7d46835fdc353e6c,0xebca368b50d66ad2,0x8d0bc54b92d28f2e,0x3bb6af4e81b1,])), - field_new!(Fr,BigInteger([0xc79b78eda8e90d0d,0x2b7ff1d905dd2a27,0x5b476878eac3b934,0x2cb948a6e6f8cdd,0x5d382453413879e4,0x2d7c5154656c97b9,0x117cf8bdbec45ec3,0xa0888cfaa233d20a,0x3f7bef774bd67edf,0xaeb5e72c32132afe,0x3421c2b34f7591e4,0x1093be35a448f,])), - field_new!(Fr,BigInteger([0x8dc1a486ba7b4a21,0xaf04e841fcc7b6e1,0xe83242e6b54c4e54,0xb1f42c031af13bb2,0xfe69a04a5df9dbf4,0x7a12fba14d2ceef,0xdee0baa125e148c9,0xefde2ccd2dde02f6,0x85cfc9796f18dbd,0x953a9353c76e2e37,0x7b1ffadf837f1a90,0x158a0cca5a4b1,])), - field_new!(Fr,BigInteger([0x1cc1aa3ab2b6477e,0x84ea39565354de09,0x1821aed8628cd370,0xfbe488fdeb1752aa,0x111396c65bd83ddb,0x706b706aebdcea4d,0x809a7e5c500d061b,0x1ab7235207d2e1d2,0x1ece621e6b2f7f38,0xf708096abd3d441,0x4bfa18b4f55a770,0x1be0bba87328d,])), - field_new!(Fr,BigInteger([0xc2bb9a0c79c44f15,0x6f9950e96021171c,0x265b130cf2a8ed49,0x23941e6aee76b9fe,0x57ca2c4ee2001766,0xcea0cab99a35c2ae,0x425701e3d812805,0x40bf744d242da910,0xbf96177196a1da3a,0x42f1137508bce79d,0xaa923a1484683395,0x139dd018fbbe1,])), - field_new!(Fr,BigInteger([0x18c30c7798b59ccd,0x4166b1d4bfe5f8c8,0x314e4566d488070,0xca597b4fba351d44,0xd66b1e11f9bb2aa0,0xf43b4ead999c94bc,0x65b29f783e80df09,0xbc574a0466e48dc5,0x4e973f234cf4c760,0xa8d40e3917944fd2,0xfc680a412e5e68c8,0xc31a463927d5,])), - field_new!(Fr,BigInteger([0x5f0d22d795a58cc3,0xf77a6b6fb6759a5,0x119e8a8e2f6b97b7,0x16e263282d2f0c56,0x7ae9353b22232605,0xfef3adbbf95edd19,0xae1e620b4c3203a8,0xa811f40415e23ca5,0x2db4e90eb99150d,0x5b82e4204ed4379,0x19135b139bcfd8b8,0x1b81909d3eeb4,])), - field_new!(Fr,BigInteger([0xbcc1f73a9d490d95,0x1c0438309bc14cc0,0xe82c207343fda3d0,0xa975aec835bb08db,0x87e64528d76c342f,0x793f577ca5bc60a0,0x54511caff32776ae,0x551e66d0e450da22,0xa68c09680053fed9,0x68a014c3102196eb,0x2d2ffcc97fa5ce96,0x1493d7805f9ef,])), - field_new!(Fr,BigInteger([0x4dad2242afe58dd5,0xf2d3c1d4fbcaddff,0xd81af17b99ff2269,0xfe8f3addd3d5cb95,0x9a725c3882d48ac8,0x69e8744a96aefb54,0x25a788ce6ad6fa02,0x242f8f4f22eb41dc,0x722fe855fa04a878,0xe9bd683fc76f98d,0x350cb067d9de14fe,0x1583cae3d358c,])), - field_new!(Fr,BigInteger([0xc236532124549fc7,0x8254d8057aa67ae1,0xbe505f0b44089183,0xb706d16381181371,0xd8772c8e7b66a91a,0xf8ebadbc9053a4b1,0xa0c2885e01502a2b,0xbb2d35dca5289056,0x6ca47e8ecb0cbfe,0x1353c498621cbed1,0xf76947f998f129bf,0x6ddfeb2490f8,])), - field_new!(Fr,BigInteger([0xd972f7966154e8e2,0xa6d66130b04a970b,0x6b9912a75dd4772e,0xe9f790e61ef5e8b5,0x1251162fe2531aa,0xc3be528ed1aa9df2,0xc350975409c573ab,0x115014369acf5853,0x715f7ed4107bf51a,0x2c53d60394d3f136,0x886b323c5538f27c,0xc0b43a527a0d,])), - field_new!(Fr,BigInteger([0xa45fe80a855b6bdc,0xa4c1755587ee792e,0x16679b8ab7af949f,0x39a24d93f606fb07,0x78fb76dc58afe0,0xfcf793b9cbea9796,0x3feefd61f744d0a3,0x3527c71011983c1f,0x82cd28e41430fb6d,0x48579d9d2575ae0f,0x30d90f3df07fca17,0xd1851cbd9fe7,])), - field_new!(Fr,BigInteger([0x4bd6e50bb587cc95,0xd0b56287f3a4b7c1,0xed863ee905e8a4d0,0x22a3315f199d82c3,0xaf0e1a737a5a80cf,0xd5958a81c65453c7,0x9195678685e1566b,0xac40e17de962003a,0x7ac959099f91e51d,0x13a4b91604f50136,0xf33fd02cd37ca8cf,0x1c116844be72c,])), - field_new!(Fr,BigInteger([0x26b439223677830d,0xc59f75fb0d1ea92e,0x3cf14417087a06dd,0x1acae0bc50a98b2d,0xdfc5fe61821d8000,0x4e679baea71f6a26,0x159ea07bd98bb46,0x26a613ebe4e26f89,0x6ad1b64828f26bec,0xda72540f80d2e5ff,0x604a053fad9939aa,0x44337c18dfbe,])), - field_new!(Fr,BigInteger([0xf95a5d637ccc4f10,0x920ee0995a4c4e7c,0x38904c1eda8d23bc,0x15e23c8d23933883,0xa85ae19d8f3dbc21,0xa8f0b8d00510849b,0xadf096fcabf54fda,0x5ab38da14c1c8ea8,0x8575b8af43ee02eb,0x7013991da6d3c42b,0xfb9ff9f269f44c10,0x1304d33407eb,])), - field_new!(Fr,BigInteger([0x9c0f5a14d37a99fa,0x42269aca050a7b6,0x9dc8b9a43b25e881,0xbac298598f0b5bfd,0xa8df5cccb1c96686,0x6e4bfb9c7d12106e,0x841b42e05a61a819,0xa6d4dd155af99f7c,0x19b7595c7476bde3,0x823970cc3f0f51d2,0x81b65e1a1b57c47,0x16c09ac42453b,])), - field_new!(Fr,BigInteger([0x172be90932fe06cd,0x809e2d1d2dc76144,0x36b8e4ebb0b433b8,0xba5cb7757b1cfd5b,0xa7069bebdcbd5ebe,0xec490a217e17bda4,0x4a943d54d906f620,0x23d6cf9986332dbd,0xb75f8bb9304f4f90,0x770e6a6e11db0e3,0x6c3199c98f774158,0x294a8331c3bc,])), - field_new!(Fr,BigInteger([0xb5f00c4ea55ba53,0x4c656d4729ebba7b,0xbe748e5413a01525,0xca9ede6d1b178734,0x8b2584122712dae4,0x6e2ea29e118cc395,0x3b9e3498460560f3,0x7b333254f751ce74,0xcf91070e1e613b7b,0xdfccbe0d8089abee,0xa1882e566ecd05b2,0xaab5e200196a,])), - field_new!(Fr,BigInteger([0x2287748ffdd8a1fc,0x6bb2f1cb39299f7b,0x67ec9a854791f7cd,0x90a4cf4bcc99b3ca,0xce7c773dfc614776,0x8313034cd926ca0b,0x322fcbe018caa248,0x6076a74cab113c76,0x5feef9ea8e0f180,0xf2351c23e2c1a11d,0xa00e424628032f7c,0x701b24c0d43e,])), - field_new!(Fr,BigInteger([0x8cfd2af1696a7e78,0x92db4de98bfa13fb,0x948248fbc92f2110,0x2b91b676c6cad372,0xc89901b99ee730dd,0x3a412b36ef8dc79f,0x39acbb9c82973fb5,0x3c7de0855b0d83ea,0xaf29144b3a250d24,0x5e4c1c2aaaf1872e,0x5873a15f3309ebf5,0xa2b64c96e8bc,])), - field_new!(Fr,BigInteger([0x1c9a36aa32b01b0,0x8eee55d8233fa48f,0x6dda76a7e06a4df2,0x15ec29b646a46a44,0x378f1c74d15ae95f,0xae9aff8b510dbf5b,0xa0b65738f857f40c,0x470614518d38fb1c,0x2a2df0198d976653,0x64dd53b448a96b75,0xe8681671ae2d7c6a,0xc8857cd433b4,])), - field_new!(Fr,BigInteger([0xda492a413447ddc,0x685176c6584146b3,0xb0df0409fe4b39ed,0xffc971ca1eee1f61,0xf7aa008be99fcc10,0xd04e97062ff69b9f,0xea93bd5ab0c9058c,0xd581addc12b17b1a,0x750461e69d0eec0a,0x4fdbb6b691c57c4a,0x7088d8c45639775b,0x136def2d19f1,])), - field_new!(Fr,BigInteger([0x6d6d22a160d325d6,0x5000e1262f2e4b84,0x82f96a4bbccde164,0x7de7281ef87c194c,0x50915aaa411c218,0x5a6aeb5487a77a54,0x39777c0f77ecd996,0x614eb1c79f1e8eed,0x51161627dc71863a,0x5e22bc2d02544dcc,0xf4cadaed3e7f74e4,0xa352a640c924,])), - field_new!(Fr,BigInteger([0xec8fe6df2fc5e9b4,0x77789a547a62de74,0x85bdc0e78aff70e8,0x2b89b64100953007,0x3f56cb0ba837c440,0xa9cc5cea03bba5ce,0x9023bca6eb1ed426,0x7870919d3f31aff,0x2924f46d1ebee9d5,0x26b360e5c9ebf458,0x408ba02421ae10c,0xe099b4883ce1,])), - field_new!(Fr,BigInteger([0x192e48a91279cbcf,0x95c3ac2bf829069f,0x78a032164255741,0xb204dc819814bf81,0x81ad2bb132c3632a,0xa04afa9867fb1ae0,0x3ed00e6c66827a41,0xab13c5622423f418,0x1a62ed5fd09d7614,0xbf019824577c4de9,0xbe6c4526d8ff7595,0xe66afb0c2130,])), - field_new!(Fr,BigInteger([0xfe2d689d9540b7b0,0x69d5c197e45e3351,0x8bd8198d5169cec6,0x18e77e2d7af6f5b,0xd5275a060cb75e7e,0x527cbb36c680776e,0xffeffae3f5907a41,0x3c6e0183a2a1101d,0x33bb40e2cd5ccf0a,0xa7e7d439feb0d4d8,0xef37cebf4e150aaa,0xc21538c2907c,])), - field_new!(Fr,BigInteger([0x907e21437c18aab7,0x645e1230a6362069,0xd2fb691d310bc220,0x2d16c2bfb0ebc07e,0x423cc9113a37c49f,0xb02705409beb5558,0xccb31ca73e1f87d5,0xb675cdcd278ac6e0,0x31d16cc025ebae,0x8d056a90af3fb4a9,0xf6ef8591614bd752,0x172094f015b0e,])), - field_new!(Fr,BigInteger([0xbaa509e0ce304935,0x1e3cdbfe6a5d4b1a,0xadc2738755d596f4,0xa6a009cd20d1833e,0x8f00191dd77407b7,0x106ad3c1444c3e05,0x13594a071c159fbe,0x8b40eece2b671055,0x9d1e076ee3308040,0xaba00c9eb2d61415,0xd513c27e2f22aee8,0x11ea9a6ffe364,])), - field_new!(Fr,BigInteger([0x69f2ad69b66bfb1d,0x856d1b716857c746,0xc0d69b469e170939,0xe90cfcc2c93b76d5,0xe841061fef83ff6a,0xb7a68ccf4b3cfb79,0x3ca6c8067423ec95,0xcd1ba4afaa66fd32,0xca89418624105230,0x187b367b36b2679e,0xc6e238a78dd9a85e,0x1097d0c34c84c,])), - field_new!(Fr,BigInteger([0x21bed21c947e6c31,0x342274691e6e3bb4,0x548a938f33ef43b1,0xae6cd08b910c32e,0x18903aec8d7a727,0x6921b1176cb4c53,0x1fd07ce5ca11fc57,0x983fa6a0d2b70697,0x1cd741bd6e425804,0x74b94b009bf56e30,0xf1084c0005cd4859,0xbb0238b023b0,])), - field_new!(Fr,BigInteger([0x7d7b06a6ed2734ee,0xb4530b43b72f412f,0x777ee5c45e524f42,0x8914a73fed386e32,0x57fc876ac0e02b9e,0xcd24313f740fd0c6,0xae4596615941437f,0x71ca9922f572314b,0x492a957798827ae1,0x5d4210063161c7dc,0xf4438d4107ef6de9,0x16c324cc80d1d,])), - field_new!(Fr,BigInteger([0x31e163e2bba406ae,0xbf814eac695a79d6,0x3ef082857c6e0af3,0x6dde872f12fc588f,0xd05acd7b670190b6,0x2b5e3bbd0cde73b6,0x1fe132cbba4fdb64,0x13ffa739ef74c5d5,0xab07a7f09f5dd20f,0x91496292ee8c35d0,0xd8b7d22c3d42f447,0xf8067a3c2d95,])), - field_new!(Fr,BigInteger([0x5ea269a627948214,0x38f3cafdfb25e834,0xa59e51f132aaaa09,0x1df1081ebb37e364,0xf3aed3df5444b646,0x5a2eaf1d1393e86,0x8ff335f3f966d009,0x1962ead7b30c9f3e,0x8df0bd21df94d615,0x7df353a320106bc8,0x999bcbc0d1012176,0x3c6cd86ffeea,])), - field_new!(Fr,BigInteger([0xabdc7b54602826df,0x8656fd0c2916ce20,0x93d23a7b2187369c,0x23b66e8339e72f2f,0x52f429022efa88a3,0x538f0ebddab736ef,0x76190c903637d23a,0xc2691af5342b4d3,0x9f83460790eec4f1,0x323b15fa7bd93949,0xcbfc82e45f7d4a7c,0xee964f6e6d63,])), - field_new!(Fr,BigInteger([0x4c2844051eaa3679,0x55b080f7863df438,0x909e62f9badd7a46,0xc75c6ba1507340cd,0x4687ddeb80fb255,0x15731c4259a5d1dd,0x52755f75cb479400,0x196e185049cf4233,0x14f8f434731e4c16,0x5b50eb0940595a45,0x1de1c127c134f9f5,0x18e3735f432cb,])), - field_new!(Fr,BigInteger([0xaa371123ea88c3bb,0xaa9ada46792f5716,0x3c49c2b627c1b3cd,0xc08af0fb67469f51,0xde9464f4ff58d93b,0xe413ff6745267590,0xdc54c3deba5a14e0,0xdc234552760a26d9,0x8f834b13a4bc9249,0x82c5532cd61cc251,0xf9087c6246fceaaf,0xfef655ac6c36,])), - field_new!(Fr,BigInteger([0x1402238ac55402d8,0x4bc0526019fd9819,0xf930265844c80568,0x20086a72b95b6948,0x4727ecdaab33c73b,0xd3c667755580a7d7,0x1e8e7e96dcb818ee,0x6f7cd073aae59454,0x4d23bb2e4825b493,0x53ab5a7117fa333d,0xda75321f0d0b9d51,0x15dfc9e5637dc,])), - field_new!(Fr,BigInteger([0x8e5fb226bdb14b8c,0x606aac140a3f3e04,0xe831c01443775d03,0xdf1522bd76aa7372,0x8ae9668842578941,0xa2d2c818b96a8ee8,0xf1c5f6c4f15d8ea8,0x611741486a1dd031,0x4ca5638d1e5c7953,0xeaf2e1affac30317,0x89c7db2cb72df74a,0xcc69e8bce3d9,])), - field_new!(Fr,BigInteger([0x1a683ab7d9bdf8a5,0x64cabfd214134613,0x639988c6d0361286,0x4a940f5e65dabc7c,0x39858573b02fee22,0x8d4b7b99dc0c4c91,0x6da4a07245f4d80b,0x331742dcbb485a9a,0xa59e1e88ea3feeb7,0xc0b2e7400a855002,0xd1808d84a85fd995,0x157f2171fe05a,])), + const ROUND_CST: &'static [Fr] = &[ + field_new!( + Fr, + BigInteger([ + 0x8525f4afb1e81742, + 0xb5ba1c010e68ab3e, + 0x4d189999d6ca2a86, + 0xcd38926365277f25, + 0xdc6e535d6475bce1, + 0x43dfd3d24af97212, + 0x19abccbebec4859c, + 0x232b373c1ed1185a, + 0xf3ac591b3dfa244, + 0xe9d303ee0a2d758e, + 0xd6bb082d7935e3c3, + 0x2cfb48940c0f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xde55266dee5b79aa, + 0x4edb20010d386a0b, + 0x194764aa9c200011, + 0x5492e2451ca409c3, + 0x4cfb1c5fe5141e66, + 0xed8e74919754c30e, + 0x6cb986a7e97eaafc, + 0xdba1aee673c7dd84, + 0x5facc0c81b49148, + 0x28460d45d7cdc448, + 0x517b409910ee2b85, + 0x4343b2da0631, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9b952c901accf0a7, + 0x760bc791333834c4, + 0xf698ebd85374716, + 0x238d7c75ef417c35, + 0xb2c7344700a39e27, + 0x91bf3075a71221cc, + 0xf0ca1908a800571b, + 0xb6b05b86679136e5, + 0x1e275143bb513e76, + 0xd0be4c58d18eb9ac, + 0x35a8aab1b9ee1c07, + 0x2f9ab064c1cc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x81cbdc8014f47ad9, + 0x3e68b1e9fa6b2e89, + 0x6ae7f33b327bb86c, + 0x4f78cd5ecd2ba9, + 0xe935df718b220555, + 0x6d23508799627565, + 0xdbaf9866fe9937de, + 0xe77ebad142ae1a3c, + 0x6305e7a0f65dc77c, + 0x287bfefb75e96590, + 0x6e7b860f6d3e1f14, + 0x14aadaec0f363, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8f9d2d1055ead02e, + 0x538d38861d0fa852, + 0x26c692f9c3cf08a7, + 0x907c44d8da768d4d, + 0x4a133f3ef8272f51, + 0x15ef940f21938101, + 0xc09c33b9ea0d3ab7, + 0x7141830d0d9724f, + 0x7be659695a1267de, + 0x525db11f980fa951, + 0xb3573b90de0f3af5, + 0x14305dc986fae, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xcc17e1d011f2745c, + 0x7e142b4471637dd3, + 0x5473180e376ff24a, + 0xccc708d53858ee4c, + 0x106032bbf95eb8b3, + 0x8a23cf1502a25203, + 0x20861cea628d6ae8, + 0x62339fa3ea65013a, + 0xb586f6c818bc8022, + 0x916091f4d682de4, + 0x3ac6ab718f3eea87, + 0x158e3da6d28c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x923c6d93ab41a56a, + 0x6479fb1dabdc488d, + 0x6446575cdb3e411e, + 0xe9928e6158f83ef0, + 0xef93a719033530ed, + 0xb01384723296baf1, + 0x1427f67672e0586e, + 0x5343d461f7e4de3b, + 0x7c54dce21cf25417, + 0x774b532c83dd8dd3, + 0x2dd50a143b396304, + 0x18adc3a1a9175, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x396f9b6a993c6eb0, + 0xc84e01159ebe2043, + 0x727703ce6f4cb200, + 0xc380bb4dadcbee35, + 0xe887a3c024b7eb1, + 0x4b89861b25245333, + 0xdeaf67213e92eefb, + 0x2a27e99a64842b5, + 0x2bb244e61688d0ef, + 0x3018e93d9d272fc0, + 0xd15bb630f9765a97, + 0x47cd8a194b28, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x25ea932580f2606a, + 0x661d89d759979ecd, + 0xddd5a8fc7151f9ef, + 0x2f0d4c1e42fe2ce4, + 0xedc778ab6fed3072, + 0xbdd94e070e5ad64f, + 0xed7b47cb32ce0be6, + 0xae1849dc3e5e6868, + 0x5a3d18d55c0069a8, + 0x3a27d8da6b9e1e6b, + 0x3f8a5d7b89809523, + 0x184bee7574935, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd47bb1407faa0853, + 0x56612084454f90b3, + 0x13ea9b48071b7724, + 0x6244cecb1f8b597b, + 0xea648cbc16229ebd, + 0x1d2247130191d2e2, + 0x5dd99818a1d90475, + 0x4e20285520059b89, + 0x8581618185b46194, + 0xed2140c4f89afa02, + 0xeb6d7a94081459aa, + 0xba74a2a9568b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1867e2e21fd65dfd, + 0xbcc098330d760332, + 0x2e012e544a799281, + 0x62e050d4f236221, + 0xf5c97374d22465dd, + 0xb4dd5113572b1026, + 0x513ad77be992bfb0, + 0xe52dfeac93f57e72, + 0x4d1f0e7be2a7616a, + 0x3611bf37dbc7a21b, + 0xe254c1d98ea48b84, + 0x44fe9223019b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1f1efd9a0b338b6a, + 0x56eed59fb67962b0, + 0xef278fcd36cd123b, + 0x6250604b703b775, + 0x6b8c9bd33618ff36, + 0x6c7fa78ab59bfe26, + 0xb3f68744ae0760fd, + 0x2de6766461018fd6, + 0xc2d2621236f4ff5e, + 0xc65f4d486378e25, + 0x32ffe62f36eb2de0, + 0x135791803eb11, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x594e37a0f2e8aa45, + 0xf8357832ddb15d30, + 0xfcf9c21fc66b57aa, + 0x2dcb388b3998defe, + 0x911c7f56b6346803, + 0x50903d63b763c91b, + 0x428f7d12ed5797c3, + 0xc6cfd9d42b302653, + 0xca28789e3578f64f, + 0x8dd6185e1d32292d, + 0xce83c373de2a3a98, + 0x8a910c35240c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc65d8f9893b9d53, + 0xa1811bab172a0e42, + 0x8fc95887a9c42aa4, + 0x9e94a23ddbb743d9, + 0x612091ab361f7d61, + 0x9782762b3e43fbf6, + 0x4928592c7e14a3af, + 0x835d52bd6f31811, + 0x52a25e3ea8bae857, + 0x206069a0ea734027, + 0x4533e03db6f06afc, + 0x83674c465ed5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7223eb453a3a72f8, + 0xa7d56e81ff69b349, + 0x245dca9c0003458d, + 0x5b874f43997ae1d3, + 0xad924c38946a157f, + 0x452174a8df895da6, + 0x4ae1aa52d0998bf1, + 0x99513468cdccd563, + 0x7d4af0c6ddda0bdb, + 0xa061f62c286c9ecd, + 0x26806f18c940f4c0, + 0x61dedb949b0b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb2012368d65c1957, + 0x22477a764f735bb0, + 0xc35c02a611f741f1, + 0x3a1c7e0925558c08, + 0xc3be16a96a9be7bd, + 0xba105b13c31ab416, + 0xa99b13f6276db431, + 0xe905ae4f8b10aab1, + 0x486d08dc83243d3e, + 0x780fc672cf3e5d75, + 0x54e0f0ad888cd33e, + 0x74385bf3d002, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc3c1537f5c054be6, + 0x96dd3ab02634bf06, + 0x78697fbf9c66a1d9, + 0x487b600f683d4a1a, + 0xc452fe3142c84ab, + 0xa7c4bcf478b116dc, + 0xe610cd585c7e884, + 0x332f78951787218a, + 0xad4f01577d113758, + 0xa03d304aafefa4c4, + 0xd96a1272d43b2cd, + 0x5a61186c3a9d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe2820a1ad93554ab, + 0x1fe2abc75ba01a5b, + 0xb664d6305236c54b, + 0xa715617934ef66cc, + 0x54285327ee476780, + 0xc4ea227fa18cb4d, + 0xe971af57f4666464, + 0xe4649d954c34f241, + 0x226a46698ddc4b5d, + 0x282ce8ae43d6dece, + 0x87f748eff58c903c, + 0x19c4b55691609, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbe74b84d1a171412, + 0x66eefa0e9e38cff0, + 0xcd665789caa054cb, + 0x6563c80a0f2c4974, + 0x8a690d248ffbcc68, + 0x3c2ea2d44c23730d, + 0xe59a57ffdd8b6f8f, + 0xca6fd4d6f329a73f, + 0x2dbe36efa4c4c63a, + 0xc2e5bbb001885d23, + 0x3857b0210c3b3799, + 0xfe7b33e943c6, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd5dec1209f1f474a, + 0x7326db0dce67c344, + 0x47fa73087f98b252, + 0x33b4fd1a6415dc27, + 0xf1d43e834dc17924, + 0x6958f8eec3b73abc, + 0x16c6f9beb09fcac1, + 0x85ce42ab26b46b33, + 0x2cde3e6e89163571, + 0x460e7cf1a3dbc8fd, + 0x2207eaab54f30948, + 0x1ac10edb681de, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6a429864b692acb3, + 0xf154fbbc7ce0062b, + 0xa8f2207240c1b521, + 0x316900852e9a7fc0, + 0x9719f22c4f8cc349, + 0x3558de696f426759, + 0x98884b2ef068bcc3, + 0x21a0b3975533ce7e, + 0xb500066f1e32dfbb, + 0xf8c379d67cb2cd40, + 0x20365419605f75f6, + 0x1467efe40525d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc503655aeca0d364, + 0xdae7f32dbad094b5, + 0x75c7114ab572e663, + 0x5b61831cd761332e, + 0x1a6684aad1c52f9e, + 0x52e862be80d1f714, + 0x37320928c63c658d, + 0x37b71e5e618b9803, + 0x98fec2c83de30488, + 0x8ab3c46a03e6342e, + 0x6de69d41513a7938, + 0x1b5322e285d9d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd734c3728d059224, + 0x23c118e8adb791a8, + 0x204dbd8bd14c5c68, + 0x2b51be669021fb6f, + 0x72f3b1d1acfa3969, + 0x8518be98150cbfef, + 0x9d12ff7a988e0c9e, + 0x152a2b0f3778ebf3, + 0x295ddec92531002, + 0x72cc8e721db6aab4, + 0x731cf73b8ee483f3, + 0x908bdb466d1c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2bd4d9ba10092c65, + 0x4fed8b45f9ed1f6e, + 0xd2b6dbc238a13d66, + 0x3808ac84536d2f98, + 0xbacb8c86a8ceb7cf, + 0x8602d7ce145fabc7, + 0xe94ad8fd0764bfde, + 0xc2086d29899fdbc3, + 0x918bb89b9e74a521, + 0x20f909550cc6e7a9, + 0x7d66ad70eecc157b, + 0x1487e9149f646, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x35854e4ccb4488d6, + 0xba4f53b44644ff6, + 0xc64819069d47ad6c, + 0x897824646d664a2c, + 0xc94e0c09c0bd0f19, + 0x8fa3182357ce0e85, + 0x2271e9a458c3c82b, + 0x9185709911893a3d, + 0x7f17969baf5c5aa7, + 0x72c4c8662247bdf9, + 0x84749d7f55f43570, + 0x2b3a4cc744c5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa9a516b4e737e9be, + 0xe4af60aa76089f6b, + 0xf7edf663719c8b62, + 0xbf7c39d339ce28ba, + 0x40c31c1b6624c321, + 0x52b6e61f3bcb9bf5, + 0xb90907b8a78da95e, + 0xe72d4b02f70df41a, + 0xc14b6f1fb53274c9, + 0x192e529a2ad2bacd, + 0x8552396f2eb8e476, + 0x15c85ac242d25, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd6be617246282c9e, + 0x7d33baf977e9b427, + 0xf561e4252fa691e2, + 0xa731158b214a32aa, + 0xeed7da492067197e, + 0xa36d8b61ff32aa1b, + 0xb1cc31b626cd175c, + 0x5d2c95a6daf2ebb3, + 0x202166f1d6f8e5af, + 0x265e72c5fe65ed90, + 0x9c279aba4c427198, + 0xfbb0249cb92c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x983782ced4ca1a21, + 0x52a42bbde0602a46, + 0xb94dae7a4a8eb2fb, + 0x3288b60a1cf2b42b, + 0x4b6b109149e14aa2, + 0xc0d919abad0116c0, + 0xcc307a5bf030c7e5, + 0xe10d9fe729dc2234, + 0x6edae0c00958c5f6, + 0xbc1298a87408c3c7, + 0xfd40d3c28d74541e, + 0x9bf658ebd5b5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x143e6da9ee85f80e, + 0x84a4cf2ffb1fb945, + 0x8a1376aab1f27e9b, + 0x77b8f0c5d22c08f, + 0xcbfc314a9e49521e, + 0x9e3af8727d46617a, + 0xc0af33c08c4ccb5d, + 0xe3f1bc84d7aaa206, + 0x313bacd4acc135ac, + 0xac4136d68cdc0575, + 0xfe7367292a20a25e, + 0x13727c15a3fb2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd6eba3b0c8f2bd8d, + 0xf48d8b9582c07a08, + 0x2192fdf68085cb08, + 0x52cf9d7a8767158a, + 0xd944038f35099664, + 0xace775e0c40f290b, + 0x1c97be9f611df88c, + 0xcc4ddec6c4a0adf2, + 0xdb9dfd5678f24689, + 0xd67cc14d2fa553f4, + 0xa1d0ca71b732a90c, + 0x7946363aee20, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc6aa17b63f875cec, + 0x8215038761c93d8f, + 0xb69ce3677bb17c3d, + 0x95ae3e79d55271dc, + 0x177e94c34d68ba0e, + 0xcd38c85a232edcb5, + 0xfad5b26ecd58fd06, + 0x7ae0531d7ef088c4, + 0xbd7b001f547108d, + 0xe831c845847e389d, + 0x31b1bbd6552ce049, + 0x187f15bd78c02, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6338ff295bdac7b1, + 0x9fdba5e10e8cba1c, + 0xf9660c21d4ad20fa, + 0x93780176bf6d9a89, + 0xba9ec5e9dee773c, + 0x6c0bb9be37e8bd1b, + 0xbd72e20b4c97227b, + 0x4d9584d3043be2e5, + 0xf6efa94850581ddf, + 0xef30c97680782e0a, + 0x7312ff77980f7494, + 0x567c88719c8f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x64f65998bafd431e, + 0x9ce8a9e1c8299fbe, + 0x62ec0c9273598e62, + 0x53dd36075d49a456, + 0x6c8951193b27d4e4, + 0x15c38efa040e6bd, + 0x9df40c53071652ee, + 0x601ee8df5e1bfbfb, + 0xe7e31d4a55ff634, + 0x28b591cef4488edd, + 0xa5abbfb7be61ce85, + 0x272f4f53fe17, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xce24a655fbc9b521, + 0xe8d829f1faf9d1, + 0xc3a3e69b81248339, + 0x7916ce607d62dc8b, + 0x69833b159dd03f9d, + 0xdebdaf05191532cb, + 0x1988171e2a81bdae, + 0xb0cbd546bbae54cb, + 0x6b8287844afd28db, + 0xf372b1ffe8eaf6f0, + 0x6ad2260c73a01f47, + 0x83da50e21004, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x327803fb6ffe3aa8, + 0x1f7d7a4c6837c807, + 0xb0dc2d4b1b41b35, + 0xabd0e0213e3b3a58, + 0xe3798c75dcf51c9b, + 0x47dcd784d9497f1a, + 0x44c84ff5a1d26dee, + 0xcd45e014e497978e, + 0xbfbe53389cb979c2, + 0xeef6ef45aa4c88a9, + 0xb2e1a37eb5a70ff2, + 0xcc0cd8ca02d0, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2f8225ed5ab44d4d, + 0x72c024fb452d6ff1, + 0xb6665338eda951cc, + 0x2fd1fdf5c7979bbe, + 0x45171a6b37d8da33, + 0xae6c5f8d117ae8b3, + 0xfd4fc1b94aacb3d9, + 0x7ba539e6257f2d5c, + 0x19fd4817917a6bf7, + 0x76aed14b5ca2f500, + 0x1348ad4795d5e319, + 0x1512027f4cba0, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x97ef13610e026573, + 0x7fe051c94a37b02c, + 0x267e44da0301fd29, + 0xacd41cb49e41cc68, + 0x293b4090ccf9b555, + 0xffab5c3664c0bdb6, + 0x9d0c8a189349db3a, + 0xd886ad9bab12bea8, + 0x366976b0b56f3893, + 0x71f48edba06438de, + 0x6d3e42219ee5926f, + 0x3a4f7f22f627, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc0d8dbeb0227537f, + 0x43d69fb1637e4c0, + 0x45bf53409aaafa15, + 0xaa2e8c1e9138684e, + 0x6715334eef18ff13, + 0xc712c7e0bbffac9a, + 0xcff1627a6e1542b7, + 0xabbd790a59bd396c, + 0x8ee8b7f4aa006c6b, + 0xe748a9a43cdfba89, + 0xe14bb3a00af74d76, + 0xae52fb36f165, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x85dbdbbd9852808a, + 0x19d3f99322643b3e, + 0x68eb7043b9fb3b5e, + 0xf243302abbbaff2a, + 0xa0c2bea8df733d, + 0xe47e9f8d28e26482, + 0x6797ff85f9f665d9, + 0x2c7f9c3a1d2d3946, + 0x25b0fa02f4924c78, + 0x90f084a744698262, + 0xf33c820807be38ed, + 0x3b6ca5cac171, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xdc5a0720a758c341, + 0xc0808eb15834d6fb, + 0x840aa0b9a2c1d55, + 0x114c90774388b3a0, + 0x4b91be128d8b259e, + 0x7613983728d2d937, + 0x2abf115d1940d8b6, + 0x13b4ae09d0453266, + 0xc04ed10168b550d9, + 0xf59e4049af096c7c, + 0x8bbcfa83171e21c0, + 0xb6f1f03b49e2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x48964419e312fd05, + 0x58f1e8bdd763b00, + 0xc08a012b8a95e99c, + 0x8e60a26b26e112e1, + 0x23422f08eb0101de, + 0x2707bbca6735217, + 0xe5acdae3323d9ce3, + 0xc91088f6e99fd848, + 0xcd582092dbf5e3f0, + 0x47bf8b9e01e7aba6, + 0x169504a0071dc85, + 0x430e54f10f1e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5ffd43946b0f2192, + 0x8e1af510eab65232, + 0xa9feee3a1ae664bb, + 0x717be76cbfcc8195, + 0xdfd69a135017009f, + 0x2816babc50c12747, + 0xf59219445a49f10, + 0x37af47e9ef0c5591, + 0x3d184ffb41c86c42, + 0x49c2e7239edd72fb, + 0xff0117f3cc83b74c, + 0x2486a01b1226, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfdd104aa49b1209a, + 0x810e01c7e161bc0d, + 0x7ec94f97806fc398, + 0xa315065f14324437, + 0x7ff1003e6c65213b, + 0xb831b1dc1f4028c5, + 0xdf4f3429f266a283, + 0xee103a04fc066158, + 0x798c00ba68b685a5, + 0xa604508525f38dbe, + 0xeecc028862dedba8, + 0x168d37d0ba867, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x27678fc8caac94a, + 0x15fac62d5e43885b, + 0x381ff35f3bfd2279, + 0xa6c9980be48221d0, + 0x72dadf63e2ad653b, + 0xef91e4465d51f32c, + 0x2d2c69b728ab65e9, + 0xa4aada165dc3c1fe, + 0xf41cee6a007dafa1, + 0x773250fb1e3cc541, + 0xa7f403d5202074fe, + 0x11602703e4a40, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8b82b4464b128bba, + 0x23fba0c0e3f3357a, + 0xb49e4518300ff123, + 0x4edc52f742e76751, + 0x51dd26d85b417960, + 0x525e486de0f833ac, + 0xda47e3e0b3c68fc0, + 0xa0e73f09af9fc059, + 0xc2db4cafa965e999, + 0xa52d0eb000308f45, + 0xc57be9913d40e468, + 0xe3f10c6cd149, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb985c6e193f9c2dd, + 0xe4d2c026b1c3860d, + 0x17d47474ce2acd2a, + 0x1dbc5c1418ca767e, + 0x20f67166c3595315, + 0x1f4dc1599b585baf, + 0x7bd0025ffb20fac1, + 0x819ecf5050d6f13c, + 0x3a488388b72682d9, + 0x7914e1833e7d63a2, + 0x1e41a47e2c5b7a99, + 0x11b6dd321e160, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xedda8eb7f33a6cd1, + 0x72c8ac267acc9714, + 0x17ecf45e5759ecfb, + 0x349e4be1ff225cc7, + 0xf5ef3a47fe355603, + 0xe421ec5dc8817daf, + 0x2115308142f7ce07, + 0xba2a3d2e9b5017cd, + 0x1f3339531901f1a4, + 0x86fa5b173d4964d4, + 0x18fdb3933b60e1ad, + 0xce48a27c81a7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7823eff6a0b07597, + 0xcee82603d683edf9, + 0xa0b7ce30e6c19f2d, + 0x508e951167ef9d50, + 0x5ab729c9f7a2a1c9, + 0xed1ec1f8f57990ed, + 0xd169a25605fc0b32, + 0xfedef6b0e29be06c, + 0x896425f204590234, + 0x414b7c0b0ea60a75, + 0x3bb457875bb4807a, + 0xa1959dd48525, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x40e4c2caf97704c, + 0x70fca58d0b8ddb6a, + 0xd3a808f1e6da621d, + 0xfce3d9a659c11af8, + 0x625b96e77e45e450, + 0x5f718adb25358abe, + 0xa3d91dda7d6dea08, + 0xd13b60b8facc80f0, + 0x6cf3dc9dca09c7e8, + 0x51492174950df0b9, + 0x5e5518dfc14893a0, + 0x1372751cd3c71, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x43ea62b7110ae25e, + 0x1bc6a97acfe05ecf, + 0x827ea659539da3b8, + 0xbd1f41234d0cf27a, + 0x14455ff35775e22a, + 0x61aa77281e19c4e0, + 0x82d7b05e4a8dcd8e, + 0xfd19d979872f063e, + 0xe75ddcc0b50a4bc9, + 0xb1a7ce6ff214ff5d, + 0xbe7b14bbf62eeb2c, + 0x35fedd11cfa7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x691aa37d8446dced, + 0x7dcb3693dd7e417e, + 0x4a4ab0da413c0123, + 0x11bf523db5bc6e68, + 0x880a3e34b86b7cc1, + 0x429a1398440c6acf, + 0x9167d502630fddf3, + 0x387d5fb877af5d94, + 0x926caa347273d207, + 0x42c9f5b0ee0fbf91, + 0x58d2890dbc3fa259, + 0x13c6cacf06060, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa06ca8e4fc21772c, + 0x4e003e8d4c96949d, + 0x821c3736ffa659c3, + 0xb42fa0416a5c5f5e, + 0x8e745c1892a417e3, + 0xcb1d7b609d0e47c2, + 0x2d0f65fc07ef8049, + 0x4540d4b721381d87, + 0x69f7e8cccf0e2746, + 0xa8aa15a3a5dcae13, + 0xcc2f7f04e48f6f63, + 0x837fa1b34e27, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x666d0862d7bf65b, + 0x4167a78b108f0581, + 0x816c445e6e48d098, + 0xc5d6e29950f544e9, + 0x28162fad399a722d, + 0x8b028a5098af4c16, + 0xb42423382db652b9, + 0x2a7be30debb63ce7, + 0xe63b306d9d447c1a, + 0x965dc9ed77828589, + 0xfafed54b468fedcb, + 0xfd6fe16dc63a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb293bde7f748c036, + 0x320d79beee0b7d0, + 0x743702b31139540f, + 0x4da3bf472247d03b, + 0xe53ee938cfeeeba0, + 0xd38dc0fbf68ff4d5, + 0x8b4789ab306162ea, + 0xdb6cdf7a2bce7c8e, + 0xf81dc6beb360216a, + 0x2f55a3025fbb896a, + 0xb897d5476153d12b, + 0x11c8ce9601a87, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7565761c561dc15, + 0x93fafd23be51add2, + 0xae4fd506d2533386, + 0xb3502faaf38f9719, + 0x484c851946a4660e, + 0x206159e3c3f04e1, + 0x948e622e50250503, + 0x13c457459537a412, + 0x2d5832e4413cfe33, + 0x5c5710cb92372ded, + 0xdad6ca344c032131, + 0x4ca05a4968ac, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x3b4cb38521673522, + 0xfcf6b1f8f922e4c7, + 0x35d7cd4d8acbd2e5, + 0xce414bae3f1b34d6, + 0xdabebc5922c2074f, + 0xa941f60b90282eda, + 0xe8d07572abce0030, + 0xcd96ac13c862fcfd, + 0x5235abbe7aa93724, + 0x6e99e968e6aa9105, + 0x1509d3950fe7e397, + 0x14e692812d34b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x28ef9fb0e62e4d84, + 0xf4b21678b410ca76, + 0x8c216688f774c6d4, + 0x7d6e3d7643107d06, + 0x1dbe5511c7eb95f5, + 0x59a4dca82af218e2, + 0xce72d42e5561cc79, + 0x2cc5ab6c0ecf21e5, + 0xd5d003d5951ba26c, + 0xf92a5eaeda440103, + 0xcd436c53f861e37a, + 0x33c236e1cd03, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc44e9761dad186f4, + 0x528077a243312dda, + 0xdfc3707fa814a958, + 0xca238e3a56780c5c, + 0xb6bfb0505b22a6df, + 0xa656119b33aca738, + 0xe5a7f3f2bcfc81d, + 0xe437c41915e03db8, + 0xbbf23bbd0763e2c1, + 0xb5d239cb2869f246, + 0xe893a90ca21c1fd2, + 0x50f4ba67b1b9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x3f1dbde9b60a0f14, + 0x28e50bccb5c98691, + 0xdff8991294356578, + 0xb753bff137253c9a, + 0x92fe10065a5a1031, + 0x62a5202d7a553450, + 0x37a27d84226ef3ed, + 0x195f6e4a9d65c0c4, + 0xdd75a1695996cb7a, + 0x94c371c4880db536, + 0xf06b419b56df97fb, + 0x14b579d9dd68c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x924a8783c06c2bb8, + 0x631116e00fe3b405, + 0xd4048fc398c839b0, + 0x5aa721ca193657f9, + 0xc90cbb1deec662d1, + 0x3d5b262e189b1bf6, + 0x169a59e5f9294ebe, + 0xb5275de907f55dd0, + 0x30299ae103655f1d, + 0x8b7d0635f9258b44, + 0x52b719e259d950e7, + 0x15b20e9bd6561, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf26cef64f3d71f3f, + 0x46190e29e9a1a886, + 0xcebcc5b5d36b2377, + 0x68b4b9c3eab4f1b1, + 0x47a74944759d1552, + 0x1e3a064331ce7b0c, + 0x6009a2c12b9c70a8, + 0x84ed2f71e905f623, + 0xe35a9d60426d1253, + 0xc0f5d2b6dfb66d69, + 0x22ce9b8aefdb9125, + 0xed01e9818dd7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4a942f65b3366939, + 0x67cd561c9b8e52a5, + 0x738911cce7eebb15, + 0xb5222af01a76179c, + 0xaa11283897180566, + 0x1db044367519c335, + 0xa87091638eec9bbd, + 0x321d0b45bf7f0484, + 0x15936a9122140d36, + 0x68ae953e4e393ebe, + 0x71c1e318c766d59c, + 0x46bbdf420920, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2d90bd891718f1b4, + 0x82c48f32a2d8127f, + 0x21355aee6e6ebb88, + 0x10fc1ed66962b324, + 0xc756ae1d63d8a798, + 0x82d32df9312e08e, + 0xbbe292b40ee37b35, + 0xff151ad3a1af712a, + 0xac4ec5593c941b79, + 0x80806608dec66268, + 0xe92011814b5e2085, + 0xb02b591d2e2c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb008cb23cbc253e8, + 0x8d41fd14904145a9, + 0x51aa7a03c3e5a41f, + 0x3f60b6707e369065, + 0x2694faf66668c21f, + 0x27c1a10a25a14dd0, + 0xb96ec01bcc36831a, + 0x69f8f7a52d5ced31, + 0x45689231b9061830, + 0x20f6e74fb7882c17, + 0x52c0c62eaa6899bf, + 0x1762b7680250c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x29c8ddc6c8e01f9f, + 0x726dfd00c01932f0, + 0xbf1311a335fe2ea8, + 0x66a827646b65103f, + 0x2e9695398305c0ea, + 0x97529890e7ab0172, + 0x3007d8ce6b1b316a, + 0x814cb1427a4e8f5e, + 0x9e9a3512973d203e, + 0xf0bcbd5187ada720, + 0x9e3ec961d3c69a8f, + 0xbcb42d23275, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9cdb5c6768abaada, + 0x87972c735c72aba6, + 0xb8dbb5d240011577, + 0x37d951dc0c6742da, + 0xb37ea5e9bfbb32c5, + 0xd6a68acd21e6e771, + 0x960c5a4f9dbfec85, + 0x46c84fe6097bda30, + 0xfb9000e9dd68edd2, + 0x6e246992bacd7fe6, + 0x51681f1a03646200, + 0x93cdf3eac3b6, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9470a88035cc1c4e, + 0x205664e2b47bb0fc, + 0x5be50df226b57b77, + 0x54a428288a7d9ebb, + 0x9843b5903413d780, + 0xab9caab442b5134c, + 0x71f65f5cff0dccc4, + 0x954518492b3ac2, + 0xea26ffef77b598ad, + 0x8f6d093dc6041a1b, + 0x4dfc89cc55f87494, + 0x4019a1923573, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc1494b76f72de5cc, + 0x44d18ba4c9ba42ed, + 0xc026e7dd0ad20d72, + 0xb97b18a8d5c5970c, + 0x2e2b56edcde85323, + 0x49eabf9773eb78c7, + 0x82392943d3128e5c, + 0xdd6b9471be9ac365, + 0xbc3bed78a9a0b7b5, + 0xaf5732013481c9c6, + 0x98afbfdd729560bd, + 0x134b515b0b0f5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa4e1e15486860f3a, + 0xe61a1a7e616c9dd5, + 0xd0b4b1f0c51e2a7, + 0x88a47faa42be4d7c, + 0x8ca32f774e64b5d, + 0xdd438f4c00facab2, + 0x4ede109fdc60864e, + 0xcc84f6f93d318acf, + 0xe47514f71e87f920, + 0x90c643a66e57d19d, + 0xc11bce9a950769cd, + 0x1960840969343, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x10e1a229e49e98ec, + 0xd8222dfa449c1c56, + 0xc053f18e19668444, + 0x46d597bdba73f7c9, + 0xec02d636fd696126, + 0xa7c402757eeb3a9f, + 0xb50ee80acb964540, + 0x358565e6a667dfe9, + 0xf908edf756d75e90, + 0xe11c5fac1708ee24, + 0xfd1c1c81c1c4a9db, + 0x156da99b9a61, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xddd30b9aee55b1f1, + 0xd95b2590f2984987, + 0x1e542a5c17c94f76, + 0xe38b8ff09eb307cc, + 0x20de81d272c5ba8e, + 0x2adfa16e45b92b90, + 0x5414cf858bc45c5c, + 0xd7cee4849e50458d, + 0x4d86d41e473b9f56, + 0x825e9409463b49ce, + 0x389a0f975edd6a7b, + 0x1733da8c9bcc1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd6188144feaaabd8, + 0xf76c6dc9dbd511ec, + 0x54c0496ad4d158db, + 0x1d87d9d474d6921, + 0x357e6e1add4510d9, + 0x884ae9a3c8c849b0, + 0x452df4383ccbaf2d, + 0x5c4bdf304b0e712, + 0x769bdf2592f9b3f6, + 0xe142a1113c331cbf, + 0x48bf505814e5f05a, + 0x3ad7ae48dc59, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x39670ca40f86a36f, + 0xd7e7f7856862e765, + 0x20d9a6231a691f5c, + 0xeaa9069d45153335, + 0x780dc724c70e5403, + 0xf9662832d100f591, + 0x8b8a7838ef6604c9, + 0x1a2dc09235fa4e20, + 0x4bdd65919d47432d, + 0x370a243c0e93e2d8, + 0xe6dca36be6b6b031, + 0x1897951ec06b8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x423af7a0a34fe74, + 0xd72a82256ed3071f, + 0xbc5ff4070fc9ef3, + 0x26323f8d6d35890f, + 0x217cd4ab5d61540c, + 0x8a18353e43bbcfc3, + 0x175ec1df3ddb9fd7, + 0xca73c22378e053f2, + 0x874e55e2311e3f68, + 0xf17302627c9305a3, + 0xf75b4a8dc083e183, + 0x180104eb26af7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb651e04b1b5ee4a7, + 0xe311b2ee0c0d6e8, + 0x12e5123dbd4df372, + 0x25b306effa6323f4, + 0xde6a7e766c592819, + 0xdeddd6905fa058b5, + 0x5778606a9456bf2b, + 0xfceba17b728980d4, + 0x215f86c98872025b, + 0x6910aedf710d5940, + 0xebb7f21487197d69, + 0x1a95c5a26f24a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1aa981aa380ab38c, + 0x46c66c82d2152992, + 0x2b3111cf56ca7298, + 0xf816593009864a5e, + 0xd7d0b230508c72f7, + 0xa4414dea3d12f1d3, + 0xda6c46f5f91319c2, + 0x65da930eb333a4e2, + 0xb48eefa5062e3fd8, + 0xf00812fa84105d36, + 0x6d053f4907452a4b, + 0x12add73de7ff, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x837f3809c95eb1da, + 0x669ecab9a1519daa, + 0x5e9ebd297cabdab6, + 0xcaa5e3a8ecea669, + 0x4cfdf3819399cd1a, + 0x8e5f536daf2e1bf1, + 0xeb772bba14e43f3b, + 0xb054fa947815c1ed, + 0x6ef6dea8603cb7a5, + 0xfbb5b15dc7a16d4, + 0xb68ea2cb514c1748, + 0x1c1f0b1224d02, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfceb0cbe99598387, + 0xeb4e485cd6fc771c, + 0xccc9ca41dbbc0feb, + 0x6dfc3c66c7d3cf09, + 0xdc2e2892cf519d08, + 0x6a960957df4755cd, + 0xbb9a97f6a4d3123b, + 0xcc29630159988cf2, + 0x9488fcb7902cb49a, + 0x83490a8317943d74, + 0x97baccce0d288b8d, + 0x14aae9815de03, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x676a65c65f4aa546, + 0xfcb2d24d9a6d2a79, + 0xd5e539e7ac0ec426, + 0x2259890bc851a281, + 0x81bbdfc316d73739, + 0xec212d75b2cfffaa, + 0xafd9fe45aeffe081, + 0x8f3a95e362ed7ee5, + 0xe878ba0e5f50a8f, + 0xef6d2ba6950468c2, + 0x5268e25975ec8d4d, + 0x5aee09b623fa, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf8092d6e05994cbe, + 0x2a69189d8e793632, + 0x91ae23dc2eecfe0f, + 0xffec6dc8399d26c8, + 0x3632bcfb85e1c58c, + 0x86a64e8c7d181c1, + 0x1909bbe10237a520, + 0x9529b086c7ff13cc, + 0xb9be8f73cf3ecb5e, + 0x48e71e60b0ad70bc, + 0xf69d6412dd99d870, + 0x32c6478e6f9c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1e00c0afe048c6c6, + 0x79b1472981e658e3, + 0xd121a364bf0975aa, + 0xefa01886eba8b7a6, + 0xc8e098608f38043, + 0x84d9fb21622dceb, + 0x5f8c5736702ef9ae, + 0x7e702115082ba625, + 0x65c65aa7de1b1762, + 0x8b76c602efec8e93, + 0xad36e720c58dadad, + 0x79e4123b8970, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x14b9b8765a786ec4, + 0xfa9309ec791694ca, + 0x4599156cbc03959c, + 0x4a6b91bd08b393f5, + 0x87033b387a25b8d9, + 0xde84b87546457583, + 0xdd4674ae70b3e48f, + 0x7c236daf7a8bbdb6, + 0x2786365fbc5a46d0, + 0x21370c92253c5642, + 0x3735031bea018e97, + 0x51f87fd4ea58, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4d4aa586b61002c0, + 0x5f34ac4d538290cf, + 0x913f9724358a40ac, + 0x20a9c1c05cbbeac, + 0x8d282588957172c, + 0x8861548613f50b83, + 0x4d49fb96ed8d175, + 0xdd53a4323b5e21e4, + 0x1362c980b587b901, + 0xb2b58d2f98b2de68, + 0x9582cb2c0d45c6c4, + 0x763e34e8828, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x86ef07a8c9e4adbd, + 0x623c60c12765a841, + 0xbdb1071c934ee9c0, + 0x76d5ab3ddc2a9b34, + 0x601eb445e3451b82, + 0xd5b4e695b7fe3c1d, + 0xc15fc99f15a7617, + 0xeaa5b1515228d465, + 0x4ccf0fcfe5dfcc0c, + 0xa17387a175340092, + 0xafceeb352a5fe877, + 0x168f6ace6a975, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa3bd37ddb695e082, + 0x6378a852baa5b607, + 0x9594598030bba9d6, + 0x3fd4446b72ce6826, + 0x2df6eb3d917ed4ec, + 0xe857d8867ed5295a, + 0x3018dbedc72886a6, + 0x7d51c914a9526628, + 0x1f9c2c5c3a0638af, + 0xbb9da536f620b0a7, + 0x169a22b0b261c16e, + 0x141e4bc823f25, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd7703f3b1f222efa, + 0x4fd74ebbb5b10686, + 0x95e6c656e7f57f77, + 0xa2c057216a6b9c1c, + 0x65a891ec644d8b47, + 0xa8ab2484cc20996a, + 0xabe8402a17bdd678, + 0x5c4ebf2ade40a61f, + 0x6c0e0c05af2d6f06, + 0xe9444167d879b1a9, + 0xece64d2382fb6426, + 0x161374b5a30b2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x80c103752e6f7fdc, + 0x3b181a0fd25e4d51, + 0x80d5b339f5c8b74d, + 0x20d2c3050c1e1b74, + 0x199a97b153432a78, + 0x845de1bb65d6914f, + 0xa35f9fb2b1910060, + 0xa9a7b5c838cf864, + 0xa5de5d01ae5f537b, + 0xa17a30ad03b97097, + 0xb3510d05fbfbe1da, + 0x1640a8589f709, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x17d83a0be5ee90f6, + 0x33dfbf7ca17f72e3, + 0x7c1efb7051834361, + 0x3da8019eecf4fa35, + 0xadaad8e44dd9cf2f, + 0xde5c66fe3e12f3db, + 0xcd36a86683875e5e, + 0x32370584dc02800, + 0xf10a3804cd5bbc14, + 0x6bf239473d093943, + 0x1ba911d217615db, + 0x844ef983286f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4437e9732008edb6, + 0x41dac03b17eeb79e, + 0x2b8541e106cfda16, + 0x7f0fdd06ae32f782, + 0x997ac198dc11a2e0, + 0xa6740c0aee751a6c, + 0x4e03e0a05edd3ee1, + 0x19c44244ccb44254, + 0xc706ffb4ae4c4475, + 0xc1d12995818a268f, + 0xab04338fe785c0b6, + 0x60cc123c990e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa751169d1e11e22f, + 0x1bb43797fa51b9b4, + 0x4e2ef360d15414e4, + 0x6c5d6ebe080d4acf, + 0x2ab958ca8ada5728, + 0x86de0cbccf26e7d1, + 0x61228285f32ee9a6, + 0x9e8113c17da72cc9, + 0x9bd23613bc163667, + 0x27cf7ad1c628fad7, + 0x2f88e115e246e688, + 0x18aa76d71201e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9981f6e98c1cfa09, + 0xf4fa1d7767981252, + 0xfdca0d52eadd6e66, + 0x64a793d32e212896, + 0xff4f1ddde3fe376b, + 0x8f3938c0c83987a4, + 0xdf29c1d2198c7b4, + 0xa547a651b6962663, + 0xe3110aefd539f247, + 0x235d6a64437cb60a, + 0xe8994a240a55fba3, + 0x195c063d08ed6, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x74d6cf0f7299bd8f, + 0x4c36e3920cc20ded, + 0x5cda391002791048, + 0xf818f4afd5500cba, + 0x3263c9d9d744e3c1, + 0x2d7f5213d2eae8b4, + 0x5f898784825ddc37, + 0x3a688eb9e9d0ba87, + 0x142beec513b3a8d2, + 0x917c646971c4ef, + 0x6b6556e47ba85c6f, + 0x130be5bead2d3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4a162705f731381b, + 0xc4f9951d0cb7dc01, + 0x60afc3cae7f321d8, + 0xdec7867f34cc65f6, + 0x2bc5d0b89ad73dee, + 0x2209f2819c7ab122, + 0x7630bdc6726d6729, + 0x798d6e25b2baf271, + 0xeffd683772ff87ac, + 0xab7c06b74c0bf5bf, + 0x84dc93c6dd5586be, + 0xcf337452aba4, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe8ef740dfd524f88, + 0x7e91ab9feb2c24a1, + 0xf8c1f45d9b1b70fa, + 0x9cf14cd876ea9def, + 0x22d9a76f1b71a4c5, + 0xe29d0850b0997dcb, + 0x39ab111005c9bc10, + 0xea81e0275493ab32, + 0x4d1479b573ed7c87, + 0xae1a013644afdcab, + 0x395409c2f93caf3c, + 0x1abb805b13325, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xab391dff32c1dd18, + 0x8401c9cabfc7fe2, + 0x73cf8dd33d2b3e43, + 0x2aa9b23943893c27, + 0xc69da1099fe94cfb, + 0xa17e269008bcfb72, + 0x776aecb732999d13, + 0xdfe66e925a57685, + 0x20581f8c916109bc, + 0x607733b395ddf65f, + 0x4fcd07b57e7ef6a8, + 0x179deb9b81174, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x93c5d5d34e90566e, + 0x8d1cc25e7e99571f, + 0xf4647c54f5c7bde8, + 0x93c87bdebec3d426, + 0xe0def1c5589c4e2, + 0x515690019df55d84, + 0x5c6485ae2849609d, + 0x9c411ccbbae27f2c, + 0xab79af8f793e5a7e, + 0xa85aa1edb20708df, + 0x5e0c3e863fd3b694, + 0x669d6d3ed50e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc2a1b3ae3f73b692, + 0x397184e8fee23eea, + 0x369e6f4c2e7b7d8b, + 0x2a65b9c11432a934, + 0xca4610366281355f, + 0xd9e457c535ad1767, + 0x22d13b70b7bac911, + 0xf6f5b6c34d6b7ecb, + 0xfbe08722379ac2a6, + 0x4e2a2171f19eb5d7, + 0xd82df442c87bb606, + 0x1526a709a55b5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa0f14a1d23fac98d, + 0x1a29021f4398f22a, + 0x6c71615038544c67, + 0x7a1563867f18ba57, + 0x8d08daff93ca30d9, + 0x7e3e9c4a298d67fe, + 0xbce2fba79c324a47, + 0xfd12bc4d05abe7e, + 0x657d740f2b19835c, + 0x8ec4a42323d60abf, + 0x1b847cd79e44ae4c, + 0x508baae8ab5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x89090b871fe13999, + 0x20c0848d315e6648, + 0x98cb64684402e18c, + 0x2eed80d183960be2, + 0xe18c275ce59334da, + 0x32a5d16c80d346fb, + 0x6bcc56b671ab7104, + 0x700202e50c8b5bef, + 0xc4bbab192d091da4, + 0x9720f26c87e735ad, + 0xeb0214dbbe6ff5d4, + 0xe6fa84596983, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc43b076970d477ab, + 0x74e214874710102b, + 0x473e38884b9a2e74, + 0x82b65090c3421c9f, + 0x55ef8ac21d894529, + 0xb63d8868d656daa6, + 0x5c73398bcf24e160, + 0xaf99f4b01c453137, + 0x5c21e01706959f44, + 0x59564067a16f2fcb, + 0xa9f38fb851a35627, + 0x13b0f6b857827, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8660639836c9ebf0, + 0xf09bc2cb4117a6b5, + 0x4884716ae23ee1c4, + 0xdc1860c7aee7e77, + 0x87bd757b5679c7c7, + 0xcd87f0961e24fbd6, + 0x3818715d6f5c7c4a, + 0x45dffef2540cee66, + 0xd1040612f83e8c1b, + 0x66124db8b4242c15, + 0xfaf3b54fc2e3dfbb, + 0x5c8d900e7f01, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa5f8c5133ecc08e0, + 0x2d92b8a35a7f4c10, + 0x4689c903988890dd, + 0xb7f214363b1403f6, + 0xa67c7adeb36a6da8, + 0x406866514088578a, + 0x22a818d0366b44c7, + 0x45a8840ed5140c86, + 0x2eb25015ab336f1e, + 0x2aa71df79f2608f8, + 0xcdf41c3c1c0c4c60, + 0xd9b129d9a468, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x806ce11e5e2f14c8, + 0xcb00d10a25bd8d31, + 0xfa50ad337fe824c8, + 0xbeb429fb4b19f069, + 0x8d3e0ca7d23febfb, + 0x4125d5fc77ca969b, + 0x73997daf2135bcfa, + 0xcb9f896b092d2ebe, + 0x40bb449980c00533, + 0x21e35977c44e681, + 0xb9451469d1ac321d, + 0x114cf7a862e2a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x84f6ce6b4f28f385, + 0x47647f8f97424925, + 0x97b3d34ef0559781, + 0xcfddbd52aa618283, + 0xe62d7c3f4d6b323c, + 0x15829503c20ce19b, + 0xcaed4ad4496c5cca, + 0xe7b1d5a74cdfebac, + 0x378c6cd50edca7e3, + 0x300b1226e2afda49, + 0x4236bfa39e0942ac, + 0x5113d1b2a25a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb1e91c80002b2369, + 0xb3ec92e40a8e2095, + 0x7ec3c26acbeac0e6, + 0x8cb692632f18bb5a, + 0x71e905739d237575, + 0xd6d6e160e7c3a221, + 0xb6951b516da0b60b, + 0xa3f65834948bca47, + 0xaead9243538f4e4, + 0x704ea62c38399e0a, + 0xa8efd04d5c7deb34, + 0xfa148f8f9ef5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5929dc632cf4ca5b, + 0xcea52dedbbae44d6, + 0x13c8025f3a25baf8, + 0xd44c438057c7914a, + 0x683b537f8bfde3cd, + 0xa99964458609df18, + 0x4f3f878df4ed2cc5, + 0xa7ad05ce4b40d8cf, + 0x51113032e7229217, + 0x14682ed2d390b941, + 0xbeb1cf365b475576, + 0xa66c865c386b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x21d2f2cb9cae5609, + 0x152c5156572ca68a, + 0xb152f168213e058f, + 0xf5f9f1ad2c4a055b, + 0xce452c720d639567, + 0x2f66aa636dfff089, + 0x88a6f307c846c16, + 0x4f7ea7fed8e50b4d, + 0xbd766621e09aefe7, + 0x9512e4c7036bb466, + 0xb2e4dea89560b5d0, + 0x12c8d99aaa521, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbf5e608cc83183e2, + 0x51650099d52cfc58, + 0xcc3e11711e1f48fa, + 0x213e2de5e969a298, + 0x3c5fb16b37f77905, + 0xf2622d60bc7dccb6, + 0x3c56ed58efdc4c02, + 0xd40b573017e887cb, + 0xf4e08096dbcefe22, + 0x3154fcbadda5c5de, + 0xe4b5040eefc061ba, + 0xc3e7df915b1c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb9a4aabf98a5de21, + 0x91eb25f175ac7db3, + 0x5f4d85c51f9acf04, + 0x5c4b5d8ad2b9b0ed, + 0xc45be335f13e8358, + 0x9b9cd08b39601909, + 0x5cf1067753159490, + 0xbcbc0ca257a82e1d, + 0x38c7ab10f718e4ff, + 0x6e42c446ee085d68, + 0x42d96a42ee1b7874, + 0x128f8aa34b239, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x988e6ef36b542c31, + 0x7d8acd7d28bdd1b1, + 0x8214d8e1a49bf905, + 0x267a6b34fb7ccfd8, + 0x14da41aaf0583da5, + 0xa255597959be494e, + 0xdd3ac0b484ba7e31, + 0xd3907756beeb051e, + 0x4b184f7de7c4ae8f, + 0x92815883ec0aac17, + 0xedcbfb791a1124c1, + 0x10266b3f53f42, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x27af624481e6e9c7, + 0x251b72d03bb2d1c6, + 0x614c71dc670a7310, + 0x70b36160f25e265, + 0xbfbb5114fd8188e5, + 0xe9e090a66f29d6aa, + 0x7751a00400e69f40, + 0x595fa38c1af5f013, + 0x4644dd042c3c3253, + 0xcacc6b30f1abe9be, + 0x3871fea544731edb, + 0xfaedc390dbe, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x28ccf99444f78eab, + 0x2ed2dc03f7276d20, + 0xfec70ff3e543d179, + 0x3e8d30c3f6d93fa5, + 0x231c71cdc32fd147, + 0x5a4679e1c9ebc900, + 0xfc12f19742c67e75, + 0x1950c4b6e1b68dfb, + 0xf6228f810dd74e55, + 0x76dfe2f4163379b4, + 0x650bf4562d555b4a, + 0x1ad9f07cd77b0, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf2635fd5cbaf1c21, + 0x2916372cafa5675d, + 0xb9eb38237d61c9ea, + 0x27518c445be3942d, + 0x67042d5531f676c7, + 0x4f93d4ced08b6090, + 0x5297f425aa2d0675, + 0x56f333632d39dd6a, + 0x6e20ea48eaf439d1, + 0xe3c125ebe2772c9e, + 0x22628e5a94504483, + 0xf1f75dda485a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x33bea26590cbfe6e, + 0xc9358f01c8cc132d, + 0x5971a6082b175faf, + 0xda3bdff0ee792d9d, + 0xadd00964ee6369b0, + 0xa898c1ea485fdf4d, + 0x654b9d73476a1948, + 0x229dfd964afb82de, + 0x80f7a02b29975b4, + 0x3f843c3c9e436492, + 0xba88ceeef19011a, + 0x121478fc8482c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2626bff8301fee8c, + 0x3cdca15a5eb39673, + 0x716aaf53fd50e923, + 0xbf44a51c317101bc, + 0xc48c111babfc7218, + 0x2d2bb24bd65113d, + 0x9dadc43055662633, + 0x9fa9e657d193d52b, + 0x245ff03303b0e3d9, + 0xfb0208233a0ebcd3, + 0x6283f0752a2af0d3, + 0x172f8d631acc2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x466b381d2ae7fdd2, + 0xce746cfb2c929cf, + 0x21b8835e5b9467d7, + 0x8638bd02d92d4f87, + 0xda5130048b13580c, + 0x36e6e28f2e26c449, + 0x77ed800f8868d373, + 0x175348f52e6039a1, + 0xa4786354c139228f, + 0x660405a241b2abf, + 0x59287d0e3d700df1, + 0x1420a287176e3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9ae2dd54b9e35edc, + 0x9edd296372c3966, + 0x10d508e69ba8e24, + 0x18980488bd9402c2, + 0x4be5d312ee6a590, + 0xe54996d9a5c5758c, + 0x50d44c0c8259d367, + 0xa543fac3b98db521, + 0x4013559c2d068da9, + 0xbaf4b0974a3eaabf, + 0xa3d1d905bba12ac3, + 0x55fe915d2464, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa12b8888e4373ab2, + 0x613ac8e268dc23a0, + 0xe40029ab8ffa1308, + 0x8c0cad227da78d53, + 0xebb53ef6d86f7718, + 0x6586476dea417a55, + 0x3cebc5d06701a674, + 0xe43c612de433c54d, + 0x103f4572b1535cf1, + 0xe5ae970ead65c070, + 0xcd96b854fb54eeb2, + 0xdbd95e70ab2f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5c392663b591e695, + 0x596d76e19e02c1f9, + 0x34d6ce22a10d0e3c, + 0x5ac47535d47995e9, + 0xc4530fd6de5117bf, + 0x9730681306980b82, + 0x29313cdf38d84997, + 0xaf8d23c2bba5dcb6, + 0x500687faa715a4fa, + 0x87a6478486ecba38, + 0x70bec0f6e19b98cc, + 0xa4683cf44135, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5599d4fab58d13bb, + 0xd296da14e84b9ef0, + 0x42a5219e690adff1, + 0x195b59dc20bf967e, + 0x41b91aa3c7e3e13f, + 0xef577f44ebd03eba, + 0x6557cff1363d512e, + 0xcc301638cb6d6cbb, + 0xd701a219fc3a2eaa, + 0x337c0d0595d1997c, + 0xb0ba75eed9416615, + 0x13f00ceb8a532, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x73c1c29b940cc102, + 0x3b15744b6425e546, + 0x69e32383236e9e08, + 0xbc139e2936ee728a, + 0xf1873b2f7a1107b, + 0x36238590d69dc6d4, + 0xa64230e4915de68a, + 0x7f7465d2138468d9, + 0xb9c1800ac173e514, + 0x40fb093a6daebc7e, + 0x7ded5c4abbd2a47a, + 0xfbe53512aa45, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf4f9c2a0410684e5, + 0x11e39cf5572185e8, + 0xa2dbfb52ee62bcff, + 0x7c050a533d432625, + 0x42a70c06d72c112f, + 0x10fb404dc43562ba, + 0xeaa5b4af1baf5c40, + 0xc371b9805481fcf4, + 0x415f3ae0227634ea, + 0x4e7c58cb84554cc7, + 0x6fcc7fe1fc6568c7, + 0x1317f9626fe, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbe577ff2f3615fad, + 0x22a4721dc15c4f9b, + 0xc12dd44a3f19c713, + 0xeb0345347518b4d5, + 0x7db2fe9e9643f43a, + 0xe244833bba98fd5d, + 0xb44e24f2f4eae692, + 0xc9e0114e3386cb42, + 0x436b61412f5ec38e, + 0x808f1cb5ef9245df, + 0x4a88daa7f17edf23, + 0x91f7e19f3e05, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb9ffce082d1698f6, + 0x6faa0247002d1fd4, + 0x87cf0e4fb6732bd9, + 0x628171dfece85879, + 0xccc56c0a10f1cf1a, + 0x1aeedf6eddf6f3e0, + 0x7f7551f1c9730b69, + 0xe0b05779bd3829f4, + 0x287ac7afa2c98c25, + 0x5e8a59a30796f984, + 0x3e2f165eff442dc6, + 0x1a57148959b9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x25bcea739892218b, + 0xe6ee0f69ee83699d, + 0xec5940a311fa48c9, + 0x494144316defef6e, + 0x57bb80ea9a3596f7, + 0x85986e639e8b2f9e, + 0xe8a0a2357909252d, + 0x72d6ae983c09795b, + 0x14f851091bcab471, + 0xb7bffabeca7693cf, + 0x77fdaa485c22c33b, + 0x15f900f79c26c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf069eba787042ac5, + 0x70d9c8a4817e637a, + 0x7d2eabd53cf831d6, + 0xbb4c08ca3ac85162, + 0xf9ba72e8d9dc81b2, + 0x64fe82708d1db593, + 0x474cc46af8356fe1, + 0x39330bd38e28fedf, + 0x5ccc2c98a8bc6ec9, + 0x3b7d80b9d404fac4, + 0xc8a3f6fd7cb9cc3f, + 0x552238a5050a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7884473a783ce0e5, + 0xd357c0beacf1319c, + 0x3dc6675a8985f10a, + 0x9533f0efb0239588, + 0x1593910c89757197, + 0xbdcd0f0d0234f38b, + 0x393b088ec0698266, + 0xebeb07465b28933b, + 0x3aee8c5594fd7b6, + 0x71da16aa39be094e, + 0xb3a092a0f3c4d4db, + 0xb7a9828ec7e4, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x401530e0cfa1168e, + 0x717578f72344a5d5, + 0x1e04b98a4d7f0e3f, + 0x77fd513ececeb369, + 0x995654ff0b89ed3f, + 0x2d0d9786c2d6339a, + 0x97de87ced1c07983, + 0xfb0579f68e3d5add, + 0xa06d431b730382d8, + 0x5bad3379fd95c6e8, + 0x4924dd9517c6195c, + 0x138109d1111c8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xcfbe9fdef386c6a9, + 0x2c4632cedf579dd5, + 0x38613122e2b8fd4f, + 0x97f771a3a4bf3c73, + 0xebbc473cbcc623f4, + 0x813174c12bba11f, + 0xf8ab2f3a57a0039f, + 0xf6885ddf98c0c8a8, + 0x46a403c7cb35d5cb, + 0x6507a0ef4414268, + 0x2118022dad224cbf, + 0xb84292451a2d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc8a3882e0a92f387, + 0x40beddb74dd131bd, + 0x1cd168f54f7eb939, + 0xc25d3de2cd438587, + 0x6d37c0781d9566c6, + 0xc3dd653fe77a21c9, + 0x688f425c8025be20, + 0xfbdc046d941cc4c7, + 0x774029cd716f5e87, + 0x7b5f2240e4af99bb, + 0xd3a4f49378ba17e7, + 0x1c144c2727dd, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x156568f14c30fbb3, + 0x974c06f5626b6477, + 0xa705a4796f241842, + 0x557b58413d4e3015, + 0x73ae7a068cc143ff, + 0x1808b2adf9d193db, + 0x22024654d27280de, + 0x45fb930b23b5f05a, + 0x7739bc984c746e72, + 0x24e6f318cb65a7f8, + 0x514ba5a4c15c4b02, + 0x2f29651a65e8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xac094bfb37195890, + 0xde29f82d8c5446c4, + 0x28f6258bdeb130c6, + 0xcab211935c4c6094, + 0x820a700acbc8946, + 0x55594544da9097e, + 0x4552934976880ebc, + 0xe81258f3f7ee0416, + 0x6582862e21fe62a9, + 0x202223b3ecf85c33, + 0xf4f71bbe19d84e09, + 0x3b7db4680fe9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5d404a70e9bdc533, + 0x701af90dac9e309c, + 0x5f4e14acdeab3fce, + 0xd86bcce61f5785c5, + 0x745617eb4d7e9bd9, + 0xa28fb4a9e45fa3b6, + 0x2bc9c00c6fd57332, + 0xf2d47d72fb43d7cb, + 0x8ac1b54ff75075e, + 0xa8866e121619509a, + 0x1eb091ddca68a1be, + 0xa2b7227295e8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7588cd86e0538e55, + 0x2589256e04631cbd, + 0x4c686871a683aabb, + 0xe1dc06de6c68ba5, + 0x4ad549852bd64772, + 0xe267a84f62953cfa, + 0x94784b5f26aa8ec5, + 0xb2edabcc88f93f50, + 0x118d2cc3617472e2, + 0x767b3d5706e413f5, + 0x420b60223a5fa6a8, + 0x16ad171600642, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xae55d770efe976c9, + 0xbc3b66ae0f134d87, + 0xd1325ec1db21a33b, + 0xdafdf6423b401e5f, + 0x9fddc0a8a50a50d, + 0xd0bf42db2473bb34, + 0x185f2792bf863bcf, + 0x918bb786e36bbcbc, + 0x648082c21d025f68, + 0x8ff1d47abd90b9a6, + 0xadbd8ba96632c123, + 0x13c6cf85a38f0, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd4e02c8dbd92402c, + 0x4c3a68195c0c0460, + 0x498cc317d8927faf, + 0xe2215502a29339c4, + 0xff73f07ad9d32350, + 0x75a8696ce0f13713, + 0x391c1bfa392b0ed5, + 0xb98e32182a1dcae5, + 0xec42ebb1a301dbec, + 0x6e455844e1df2d4f, + 0xa98ab906e29cd5bd, + 0x16993e9734dfb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x845db3f83bef27a2, + 0xc6eaa23cae65ed9b, + 0xa82eb06c4305f063, + 0x2ac6e04c21b33212, + 0xefe89d13c359023e, + 0xb99b597b77d3901c, + 0x1c9097570e4ccbad, + 0xd5bae9d203c41e79, + 0xa5221bae4e3c12a4, + 0x6ca8cad89a79ef33, + 0xd674477bf3276e84, + 0xa94a00ed6b00, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2ff451d2075c651f, + 0x4e0e143b116e7968, + 0x64652d64b8c91b2c, + 0x8842fcfaa3f575a4, + 0xec214004743532d5, + 0xc1ca6faa3b059943, + 0x50a8a99430c11856, + 0x5569c10f4a353d72, + 0x22a8b8f9e4b9481c, + 0xb6e3f059c8385189, + 0xbb1381c89cbfedf9, + 0x14e5156e45a7b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9f82700fb2be5ad2, + 0xcc03e659a1d14f11, + 0x34073ff913ae7bd5, + 0x5c000dba9ef1a3f, + 0xe7451f9827c6762c, + 0x8c6b252d92b93a57, + 0x34795adbc4a70f6, + 0xc57a74f13fb6577c, + 0xc20bc03d0db0a074, + 0x57700b6230666abd, + 0x84c0af14df5760f, + 0xb251d77fc9b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xdc5713ee49e805f7, + 0x6f2ac87749523e2, + 0x9c8704cb41cf9923, + 0xb9ff42401e80d3c1, + 0x94128ae476077741, + 0x54c35fb4ecc9442f, + 0xe07247d754d3fba2, + 0x25a275a643446976, + 0x95724f4d00b8037b, + 0xdb69c1dbb5d0efd4, + 0xff8e5f4ba06d1046, + 0x14805b237518c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xef4a73cecb5e761f, + 0xd09da6dd756d0b61, + 0x5919307ff1063d21, + 0x555277b8c1d5f140, + 0x144a34b641770504, + 0x772bd8dfe11b2a71, + 0x15afc905b465199c, + 0xad768072654785ce, + 0xc3c0e325981e8749, + 0x7fefc95d14160139, + 0x3007486f7f3d64df, + 0x64f6e4c8a925, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6b593c6894614ed9, + 0x507f6233b20381e0, + 0x5bf103abd1939ad7, + 0x4bb95c906491c4e5, + 0x619f3f77f1d77ac4, + 0x78fe05a00fe49f6, + 0x1ef09ac9161821f7, + 0xa7d53a18dff19402, + 0xe44577991eda2132, + 0xc3f423757fbdb268, + 0xc31067999993214f, + 0xdba7ca7cadcd, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x98ca201452b1f16e, + 0x2c4e0d10b0aefb8e, + 0xde2d7589142b9ac2, + 0x411319bbebf9e85, + 0x23a165dfb92a835a, + 0x27804de9504d0ab0, + 0xf6a9cc8944571fae, + 0xfc53b94610192fc, + 0xcb269cdb996eb2fe, + 0x675c33f96862df99, + 0x2041f285ca6e1c9f, + 0x1ab20265560f2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x41df73c35c4c9f54, + 0xc3c84d1402e5e6ad, + 0x784f41612f7900f4, + 0xa51da05deea5066c, + 0xcf6718f2fc42cb4d, + 0xf7cbf8c805cbcf66, + 0x6d0032d0369e295c, + 0x6945144ee8376159, + 0xa1d342ed51f60b7d, + 0x2b36b1ecbc997eeb, + 0xf42f0517cfffc18, + 0xd5e9dca972f5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xac5dd4311df958b2, + 0x1c87db1bc2e56587, + 0x2f064d02518e3f0d, + 0xaba2de6cce73d737, + 0xcd845ce8431306f2, + 0x9309917d7d3caa64, + 0xcb969977bf00be0f, + 0x9068fd158dea4ea9, + 0x16ad65edc6c89782, + 0xfd177f051d03e3f4, + 0x91c61f4e9414e0e2, + 0x196cc282fa8e7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x44c4b98d7fae8ae6, + 0x1a1b9743c87eda36, + 0x420f1d29a3c75538, + 0x9156408a5852f069, + 0xf278e387c44668cb, + 0xd865c7ed98b12991, + 0x7947c97278e98888, + 0x2d4119d0a7f01634, + 0x15561c5d4524943d, + 0xb0408b542fcb23e8, + 0xd4feeb5470d85861, + 0x1a998a2c66943, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x962efd6383f3e237, + 0x3513304356bcc019, + 0x17aae854440e38fc, + 0xa3e1a2fcb60ef7f1, + 0x632c0e8c1fb873f7, + 0xb10e1471b7493d43, + 0x3a0db482548017e1, + 0xdb0f40e7c68a536f, + 0x3e4f633d407f06f9, + 0xcb4e29ee7e8bd38, + 0x124e0d4149ca6926, + 0x1c29cf8d20433, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xeeb2fffeb0484b5f, + 0x5f49d7874113e11a, + 0xb18f3913d66f5d5a, + 0xba7f0e73d129a1e7, + 0x237d75f3cadcf45c, + 0x27aba89b68c3c4c7, + 0x6599e5e1835b5010, + 0xbdb105b9d74053de, + 0x6f286cce4130c308, + 0xfbe50a3e414e9b9c, + 0xcca0f8278021430c, + 0x6087e46cfb53, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x19cd95f86b2f38, + 0x47706f78da5096ca, + 0xd78a232cdc60b697, + 0x900bc52aad89abb8, + 0xad8d443d51bb0954, + 0xbf57c4cddeddb8d3, + 0x8c0cf811ee00ede7, + 0xa3bf25f09181197a, + 0x5500448b119fda7a, + 0x9c81d852b74df5aa, + 0x8dd9463afa8e9e9b, + 0x10c935237f5bc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2dbad41099ebc407, + 0xc6a3cb4184dd6fae, + 0xd64952ccb6080c14, + 0x2b0e5c91fb6ff2cf, + 0x6fe7cc50efea6c2c, + 0xf2988a94dbc84336, + 0xa4ad178f84ae0e2f, + 0xdaf7c9bea9ad160c, + 0x8ebd5b0f695230cf, + 0x6166f5fa4ccb0d77, + 0x6edf9b9c47d6d42a, + 0x1a483396f2886, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf347dfe2cf56a947, + 0xa7b08dbbe2696f84, + 0xc828da43e54f9008, + 0x3b0b0b5ed372abd6, + 0xe5277dd55064d606, + 0x267b083af2587c6f, + 0x488583c4f4986fff, + 0x9a5865fd38c2a085, + 0xd6f374be8eb75848, + 0xa47a051fdd0ad376, + 0xa383b86ea8790fef, + 0x1b6d28d7fb1dd, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xde7ae2dd6071d588, + 0x7f45d064e1322f16, + 0xc7244b368cfbda2c, + 0x6048abd20ea6f703, + 0xf76f1b21f8eaa297, + 0x54b95d4009e86875, + 0xa8e75a6b1bbc0f09, + 0x8ad630c05ebc4460, + 0x8851274ff344b6a5, + 0x2b3cc0f1a034802d, + 0x8d21668f1ab8e72d, + 0x15248894f256b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe3dc60dcbb4a98fe, + 0x23160eb63c24d4b5, + 0xf24788f9ed15ae1b, + 0x4a9080bf2789f441, + 0x925274e2665c5f03, + 0x8248ae71c0d133a5, + 0x2b10ebf5e32aef34, + 0x2be5e8a9f9346245, + 0xce39e516a9cd6a81, + 0xd5239b6e04c15bb4, + 0xb61019ff29255234, + 0x1ac2a7464ef5d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7c951958c20825f3, + 0x8253b0164c3f502c, + 0xd386b1b609708f2c, + 0xcb43181c3bf3d11e, + 0x7bc8b61a513009b9, + 0x631b53329ae01e4f, + 0x3aa9d3ccc62d4e71, + 0x8e1880a14dbb66b8, + 0x93d26f10749ee66c, + 0xa9c4fb77300f9661, + 0x1eda8f69d8f63116, + 0x605ee1cdbab5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2ac6a1642040d160, + 0xf9b6ec186b9a3ddb, + 0x1b7b59c1a2e6f995, + 0xf422ea9be1f97d1d, + 0x5afa999df1db6311, + 0x3a2b0beeef028bf6, + 0x5430ec6625e45e12, + 0x73aab9b4edb32ce3, + 0x372af2daf6d28c55, + 0xf6d67063611bfc58, + 0x417107aec7750e35, + 0x11950e1c2544a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf09cfcbe4b9c901f, + 0xdca43784e65b4e84, + 0xe620f434f9fcea86, + 0xca98f92bedce4f89, + 0xe435c32c68a54adf, + 0x6c63b3f8101c3ffc, + 0x73654f6a92238aa7, + 0x38c75afe9ce4c410, + 0x98afa5e7326191c0, + 0xb0ee47357cc20686, + 0x836ed0805ce14e7c, + 0xd54b15a85e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc0992c20b8723510, + 0x5d759e42f812d8fb, + 0xa5945ed459cbccfb, + 0x29bbe28ee136746, + 0xb6f4139910b90e07, + 0x65d20354eb67b0c2, + 0x398b88f536a86c86, + 0xc1d6f10b74df49cb, + 0x9c837c431eda3f7b, + 0x14e993ed62729b44, + 0xc63e018358b9488d, + 0xacaee5dc0dd2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf3c5df96761c6718, + 0xf6fb2e70685dd1b4, + 0xd40161fdb28759a6, + 0x461165b69d9c62f8, + 0xe041b8dc36b54e21, + 0xe9725833866bb8f, + 0x43dbfb7d91a6863a, + 0x7bfdc8989282685b, + 0x5907d5752e81836c, + 0xa7f9718b52fb3f72, + 0xb999a5139b2c93ed, + 0x8ed8d650adc4, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xddad8ad9fbbec223, + 0x844ab5b35c1764af, + 0x1ba2c746560d740b, + 0x7338a37c81814ea8, + 0x48d0200fd59b0a99, + 0x439fbbae3c217ba7, + 0x58f8a6952a68596a, + 0x4f263f4fa2714f90, + 0x589b6852b668c727, + 0x979876675a6d6559, + 0x1744f6574e3ce698, + 0xfec58dca8935, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2eba985e8b061a24, + 0x29d333d6f4e982d7, + 0xc27ffc44fa6e9fcd, + 0xd2c87e3c4f13476a, + 0x5b95acd8297df971, + 0x847f654263361cbc, + 0x4d2cf0d88633d608, + 0x9df44da9e929c5c4, + 0x256811ba9aa4879d, + 0x2622a37b7d76062b, + 0x2b822c10faf2be90, + 0x12547330fac09, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x251b33c77f6609fc, + 0xa1eb119fcc8fee68, + 0xe2d51e2a2f76d4d2, + 0x2b21f4eca62d927, + 0x7b7052038ebb6a1b, + 0x52bc7bc4d2113166, + 0x42e919d25dd791d1, + 0x110b226ee9adfb4e, + 0x8c784a9319e3067c, + 0x9532de11b71f25eb, + 0xbbf62465d422848a, + 0x1720838f50b19, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf2de422d76c6307f, + 0xd5b0b65f6c662881, + 0x1a235cc434321c8f, + 0xd1ac878963a846e9, + 0x3ebd7765d053e23b, + 0x11af8b7e6ac50995, + 0x18595c761773f436, + 0x3a8ad7c684fe0c45, + 0xe26f52f4660cf47b, + 0x44c94f63ed492298, + 0x7a40f342ec430a31, + 0x19db5a07e6118, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1bcd74fcd16cf5ba, + 0x6ce6039a0f48fe2e, + 0xef20b66966fe1122, + 0x3b333ed5dec9c056, + 0x954be6008d5ac282, + 0x6a256e13e8642470, + 0xbf0bf8a9cb9fec4b, + 0x2d78520b740caf5e, + 0x2769f63453c0338b, + 0xa49ca8758eb46b5b, + 0x56dbbbddd2c52931, + 0x67c5d89e6ba7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4b026c57fe8c38a2, + 0x67d3f0b66d4feb2f, + 0xb847de703383e335, + 0x7db30212088736f1, + 0x8ba13d378af6327f, + 0xb89d34cb1c174e0e, + 0xaefe2464e3de007b, + 0xf47270962abda9a9, + 0xd1185fc2f29f04f3, + 0x33acae308d7bae1d, + 0xeaac0935f894b196, + 0x7d293b070740, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc629634cc549f5db, + 0xa25fa843b423bc2f, + 0x2e2705f381623632, + 0x8b46dc5d8e0f2ba0, + 0x8ec03fae9871057, + 0x2b5d8aab1f14879, + 0xf93a1f454b8e8ecb, + 0xe76787b90972693a, + 0xcdeeb5297f3541c3, + 0x9b2a54c5218b2dbc, + 0xf150fa4ebe586807, + 0x15cc462876c91, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfebbe5974efd47ed, + 0x564a64c65158a7a2, + 0x46dfa9ca462d78d3, + 0xaa966926b4e7350c, + 0xe689981da491b71f, + 0x34da5605d33e28a4, + 0xffcb9bda564fa9bf, + 0xdd06369a4a8ef22d, + 0xb0b9b03233baa7, + 0x399d17725c8f7f2d, + 0xea790826eb8dcc5c, + 0x12654b038a096, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xaa6053c0ae0555a6, + 0x885a84674ef32e4b, + 0x6e23f8a4fe0a0f9d, + 0x23803a09a243855, + 0xaa6b94c3a0c6e95a, + 0xfbfa87affbeee69a, + 0xa2f81b8ddfaa795f, + 0x386a4ebd7668efb, + 0x636067e3909fa68a, + 0x24f248c9d2e501a7, + 0xd1bf9f8693dfaf15, + 0x26b0ea89f3f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8175b9427c9a50e, + 0x7df2707dd7679357, + 0xa1505ebdbbe8e3f6, + 0xa9e5954fb881ad95, + 0x253afd1997e0131c, + 0xf0973bf86718a78a, + 0xa6e00f179cd40315, + 0x2f6a0f57abc385b6, + 0xfde1b2bdc1870349, + 0x23b6199c321ed8c6, + 0x3dc991c5bdd9925c, + 0x1b792a0482e4d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x949c6e64a32959c0, + 0x373687d9d0857d78, + 0x7c95581d9daff14c, + 0xffe793c95400463, + 0x925bd6f651c2803, + 0xda4e401f675114d9, + 0xfa824866ce5761fb, + 0xb0afb0b08ed20714, + 0x8714949f8f26b739, + 0x6760164912db91b1, + 0xcc474f17a82ef295, + 0x1a753b3ec93f3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7c15d383a5e61506, + 0xc63d0f0e87155d6b, + 0x17d39970bbba5a58, + 0xbd5b9dd4e26d0214, + 0xe174367a62442922, + 0xb21a2fe4a2015ff7, + 0x9e4eb9f78895691b, + 0xa1d0e88af43214e5, + 0xc343aa2021b0df61, + 0x313667ec2734f099, + 0x144bc4b7e73092e7, + 0x146957236d237, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf82d16b94a238f09, + 0x590b15d54016b65c, + 0xa0dc2db444d53239, + 0x71d01766e17b669d, + 0x2bc648b5cfc73b5e, + 0x25f1f34eff6a1891, + 0xbed03e087a7620ad, + 0xf37b7a8dec3e3d3f, + 0xd86e4a852586af64, + 0x71d7c78618cb9136, + 0xbbfb638712e7fa30, + 0x1866cd70d1a21, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x873563678a5d9bed, + 0x7a9cb4683aa01303, + 0x539c4d73a0432f3d, + 0xbdefb2fbfd2655df, + 0x7cd948bea6589b74, + 0x1010757b45355d44, + 0xa8f81129bcab853c, + 0xd2d277d3b33e265f, + 0x8af2b36ca3313579, + 0x7be4d13e01cce6ae, + 0xba0e7178fc52c83a, + 0x2292003bac16, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe0fe4fe8a370a000, + 0xe2e261b3ea1f6554, + 0x6988b2f361711a65, + 0x70d570fa008f71ca, + 0x17f6a0ac9bd35c82, + 0xc8c52130ec97743b, + 0x11983b99f0e1574a, + 0xcf898ef74afa3011, + 0xd87c10a0691e6c65, + 0xa72a4861abade46e, + 0xfa270d4bc017f37a, + 0x155657c7d570a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd4ed68afff88b57c, + 0x5a9df6e2e0ba4730, + 0x7cda707339b38cb5, + 0x1ca1c19f554449cc, + 0x397653b871a0e9a5, + 0xda8ee1e42d8bbd64, + 0xbb1693c125ed17d1, + 0x86df44f345d07e68, + 0x1b16acb1ae025085, + 0x6cb886d81113e379, + 0x8710154496a8045d, + 0xd98530c9551, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1131f9398e258559, + 0x3f20da687c1dc823, + 0xe3e70cf0b017ae89, + 0xa118f1cd940aa754, + 0xa472ce96d5a2721d, + 0xf9becda673a19fe9, + 0xed7e00b79e01a01c, + 0xc522d37391b6a28f, + 0x7d46835fdc353e6c, + 0xebca368b50d66ad2, + 0x8d0bc54b92d28f2e, + 0x3bb6af4e81b1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc79b78eda8e90d0d, + 0x2b7ff1d905dd2a27, + 0x5b476878eac3b934, + 0x2cb948a6e6f8cdd, + 0x5d382453413879e4, + 0x2d7c5154656c97b9, + 0x117cf8bdbec45ec3, + 0xa0888cfaa233d20a, + 0x3f7bef774bd67edf, + 0xaeb5e72c32132afe, + 0x3421c2b34f7591e4, + 0x1093be35a448f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8dc1a486ba7b4a21, + 0xaf04e841fcc7b6e1, + 0xe83242e6b54c4e54, + 0xb1f42c031af13bb2, + 0xfe69a04a5df9dbf4, + 0x7a12fba14d2ceef, + 0xdee0baa125e148c9, + 0xefde2ccd2dde02f6, + 0x85cfc9796f18dbd, + 0x953a9353c76e2e37, + 0x7b1ffadf837f1a90, + 0x158a0cca5a4b1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1cc1aa3ab2b6477e, + 0x84ea39565354de09, + 0x1821aed8628cd370, + 0xfbe488fdeb1752aa, + 0x111396c65bd83ddb, + 0x706b706aebdcea4d, + 0x809a7e5c500d061b, + 0x1ab7235207d2e1d2, + 0x1ece621e6b2f7f38, + 0xf708096abd3d441, + 0x4bfa18b4f55a770, + 0x1be0bba87328d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc2bb9a0c79c44f15, + 0x6f9950e96021171c, + 0x265b130cf2a8ed49, + 0x23941e6aee76b9fe, + 0x57ca2c4ee2001766, + 0xcea0cab99a35c2ae, + 0x425701e3d812805, + 0x40bf744d242da910, + 0xbf96177196a1da3a, + 0x42f1137508bce79d, + 0xaa923a1484683395, + 0x139dd018fbbe1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x18c30c7798b59ccd, + 0x4166b1d4bfe5f8c8, + 0x314e4566d488070, + 0xca597b4fba351d44, + 0xd66b1e11f9bb2aa0, + 0xf43b4ead999c94bc, + 0x65b29f783e80df09, + 0xbc574a0466e48dc5, + 0x4e973f234cf4c760, + 0xa8d40e3917944fd2, + 0xfc680a412e5e68c8, + 0xc31a463927d5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5f0d22d795a58cc3, + 0xf77a6b6fb6759a5, + 0x119e8a8e2f6b97b7, + 0x16e263282d2f0c56, + 0x7ae9353b22232605, + 0xfef3adbbf95edd19, + 0xae1e620b4c3203a8, + 0xa811f40415e23ca5, + 0x2db4e90eb99150d, + 0x5b82e4204ed4379, + 0x19135b139bcfd8b8, + 0x1b81909d3eeb4, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbcc1f73a9d490d95, + 0x1c0438309bc14cc0, + 0xe82c207343fda3d0, + 0xa975aec835bb08db, + 0x87e64528d76c342f, + 0x793f577ca5bc60a0, + 0x54511caff32776ae, + 0x551e66d0e450da22, + 0xa68c09680053fed9, + 0x68a014c3102196eb, + 0x2d2ffcc97fa5ce96, + 0x1493d7805f9ef, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4dad2242afe58dd5, + 0xf2d3c1d4fbcaddff, + 0xd81af17b99ff2269, + 0xfe8f3addd3d5cb95, + 0x9a725c3882d48ac8, + 0x69e8744a96aefb54, + 0x25a788ce6ad6fa02, + 0x242f8f4f22eb41dc, + 0x722fe855fa04a878, + 0xe9bd683fc76f98d, + 0x350cb067d9de14fe, + 0x1583cae3d358c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc236532124549fc7, + 0x8254d8057aa67ae1, + 0xbe505f0b44089183, + 0xb706d16381181371, + 0xd8772c8e7b66a91a, + 0xf8ebadbc9053a4b1, + 0xa0c2885e01502a2b, + 0xbb2d35dca5289056, + 0x6ca47e8ecb0cbfe, + 0x1353c498621cbed1, + 0xf76947f998f129bf, + 0x6ddfeb2490f8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd972f7966154e8e2, + 0xa6d66130b04a970b, + 0x6b9912a75dd4772e, + 0xe9f790e61ef5e8b5, + 0x1251162fe2531aa, + 0xc3be528ed1aa9df2, + 0xc350975409c573ab, + 0x115014369acf5853, + 0x715f7ed4107bf51a, + 0x2c53d60394d3f136, + 0x886b323c5538f27c, + 0xc0b43a527a0d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa45fe80a855b6bdc, + 0xa4c1755587ee792e, + 0x16679b8ab7af949f, + 0x39a24d93f606fb07, + 0x78fb76dc58afe0, + 0xfcf793b9cbea9796, + 0x3feefd61f744d0a3, + 0x3527c71011983c1f, + 0x82cd28e41430fb6d, + 0x48579d9d2575ae0f, + 0x30d90f3df07fca17, + 0xd1851cbd9fe7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4bd6e50bb587cc95, + 0xd0b56287f3a4b7c1, + 0xed863ee905e8a4d0, + 0x22a3315f199d82c3, + 0xaf0e1a737a5a80cf, + 0xd5958a81c65453c7, + 0x9195678685e1566b, + 0xac40e17de962003a, + 0x7ac959099f91e51d, + 0x13a4b91604f50136, + 0xf33fd02cd37ca8cf, + 0x1c116844be72c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x26b439223677830d, + 0xc59f75fb0d1ea92e, + 0x3cf14417087a06dd, + 0x1acae0bc50a98b2d, + 0xdfc5fe61821d8000, + 0x4e679baea71f6a26, + 0x159ea07bd98bb46, + 0x26a613ebe4e26f89, + 0x6ad1b64828f26bec, + 0xda72540f80d2e5ff, + 0x604a053fad9939aa, + 0x44337c18dfbe, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf95a5d637ccc4f10, + 0x920ee0995a4c4e7c, + 0x38904c1eda8d23bc, + 0x15e23c8d23933883, + 0xa85ae19d8f3dbc21, + 0xa8f0b8d00510849b, + 0xadf096fcabf54fda, + 0x5ab38da14c1c8ea8, + 0x8575b8af43ee02eb, + 0x7013991da6d3c42b, + 0xfb9ff9f269f44c10, + 0x1304d33407eb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9c0f5a14d37a99fa, + 0x42269aca050a7b6, + 0x9dc8b9a43b25e881, + 0xbac298598f0b5bfd, + 0xa8df5cccb1c96686, + 0x6e4bfb9c7d12106e, + 0x841b42e05a61a819, + 0xa6d4dd155af99f7c, + 0x19b7595c7476bde3, + 0x823970cc3f0f51d2, + 0x81b65e1a1b57c47, + 0x16c09ac42453b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x172be90932fe06cd, + 0x809e2d1d2dc76144, + 0x36b8e4ebb0b433b8, + 0xba5cb7757b1cfd5b, + 0xa7069bebdcbd5ebe, + 0xec490a217e17bda4, + 0x4a943d54d906f620, + 0x23d6cf9986332dbd, + 0xb75f8bb9304f4f90, + 0x770e6a6e11db0e3, + 0x6c3199c98f774158, + 0x294a8331c3bc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb5f00c4ea55ba53, + 0x4c656d4729ebba7b, + 0xbe748e5413a01525, + 0xca9ede6d1b178734, + 0x8b2584122712dae4, + 0x6e2ea29e118cc395, + 0x3b9e3498460560f3, + 0x7b333254f751ce74, + 0xcf91070e1e613b7b, + 0xdfccbe0d8089abee, + 0xa1882e566ecd05b2, + 0xaab5e200196a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2287748ffdd8a1fc, + 0x6bb2f1cb39299f7b, + 0x67ec9a854791f7cd, + 0x90a4cf4bcc99b3ca, + 0xce7c773dfc614776, + 0x8313034cd926ca0b, + 0x322fcbe018caa248, + 0x6076a74cab113c76, + 0x5feef9ea8e0f180, + 0xf2351c23e2c1a11d, + 0xa00e424628032f7c, + 0x701b24c0d43e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8cfd2af1696a7e78, + 0x92db4de98bfa13fb, + 0x948248fbc92f2110, + 0x2b91b676c6cad372, + 0xc89901b99ee730dd, + 0x3a412b36ef8dc79f, + 0x39acbb9c82973fb5, + 0x3c7de0855b0d83ea, + 0xaf29144b3a250d24, + 0x5e4c1c2aaaf1872e, + 0x5873a15f3309ebf5, + 0xa2b64c96e8bc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1c9a36aa32b01b0, + 0x8eee55d8233fa48f, + 0x6dda76a7e06a4df2, + 0x15ec29b646a46a44, + 0x378f1c74d15ae95f, + 0xae9aff8b510dbf5b, + 0xa0b65738f857f40c, + 0x470614518d38fb1c, + 0x2a2df0198d976653, + 0x64dd53b448a96b75, + 0xe8681671ae2d7c6a, + 0xc8857cd433b4, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xda492a413447ddc, + 0x685176c6584146b3, + 0xb0df0409fe4b39ed, + 0xffc971ca1eee1f61, + 0xf7aa008be99fcc10, + 0xd04e97062ff69b9f, + 0xea93bd5ab0c9058c, + 0xd581addc12b17b1a, + 0x750461e69d0eec0a, + 0x4fdbb6b691c57c4a, + 0x7088d8c45639775b, + 0x136def2d19f1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6d6d22a160d325d6, + 0x5000e1262f2e4b84, + 0x82f96a4bbccde164, + 0x7de7281ef87c194c, + 0x50915aaa411c218, + 0x5a6aeb5487a77a54, + 0x39777c0f77ecd996, + 0x614eb1c79f1e8eed, + 0x51161627dc71863a, + 0x5e22bc2d02544dcc, + 0xf4cadaed3e7f74e4, + 0xa352a640c924, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xec8fe6df2fc5e9b4, + 0x77789a547a62de74, + 0x85bdc0e78aff70e8, + 0x2b89b64100953007, + 0x3f56cb0ba837c440, + 0xa9cc5cea03bba5ce, + 0x9023bca6eb1ed426, + 0x7870919d3f31aff, + 0x2924f46d1ebee9d5, + 0x26b360e5c9ebf458, + 0x408ba02421ae10c, + 0xe099b4883ce1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x192e48a91279cbcf, + 0x95c3ac2bf829069f, + 0x78a032164255741, + 0xb204dc819814bf81, + 0x81ad2bb132c3632a, + 0xa04afa9867fb1ae0, + 0x3ed00e6c66827a41, + 0xab13c5622423f418, + 0x1a62ed5fd09d7614, + 0xbf019824577c4de9, + 0xbe6c4526d8ff7595, + 0xe66afb0c2130, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfe2d689d9540b7b0, + 0x69d5c197e45e3351, + 0x8bd8198d5169cec6, + 0x18e77e2d7af6f5b, + 0xd5275a060cb75e7e, + 0x527cbb36c680776e, + 0xffeffae3f5907a41, + 0x3c6e0183a2a1101d, + 0x33bb40e2cd5ccf0a, + 0xa7e7d439feb0d4d8, + 0xef37cebf4e150aaa, + 0xc21538c2907c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x907e21437c18aab7, + 0x645e1230a6362069, + 0xd2fb691d310bc220, + 0x2d16c2bfb0ebc07e, + 0x423cc9113a37c49f, + 0xb02705409beb5558, + 0xccb31ca73e1f87d5, + 0xb675cdcd278ac6e0, + 0x31d16cc025ebae, + 0x8d056a90af3fb4a9, + 0xf6ef8591614bd752, + 0x172094f015b0e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbaa509e0ce304935, + 0x1e3cdbfe6a5d4b1a, + 0xadc2738755d596f4, + 0xa6a009cd20d1833e, + 0x8f00191dd77407b7, + 0x106ad3c1444c3e05, + 0x13594a071c159fbe, + 0x8b40eece2b671055, + 0x9d1e076ee3308040, + 0xaba00c9eb2d61415, + 0xd513c27e2f22aee8, + 0x11ea9a6ffe364, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x69f2ad69b66bfb1d, + 0x856d1b716857c746, + 0xc0d69b469e170939, + 0xe90cfcc2c93b76d5, + 0xe841061fef83ff6a, + 0xb7a68ccf4b3cfb79, + 0x3ca6c8067423ec95, + 0xcd1ba4afaa66fd32, + 0xca89418624105230, + 0x187b367b36b2679e, + 0xc6e238a78dd9a85e, + 0x1097d0c34c84c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x21bed21c947e6c31, + 0x342274691e6e3bb4, + 0x548a938f33ef43b1, + 0xae6cd08b910c32e, + 0x18903aec8d7a727, + 0x6921b1176cb4c53, + 0x1fd07ce5ca11fc57, + 0x983fa6a0d2b70697, + 0x1cd741bd6e425804, + 0x74b94b009bf56e30, + 0xf1084c0005cd4859, + 0xbb0238b023b0, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7d7b06a6ed2734ee, + 0xb4530b43b72f412f, + 0x777ee5c45e524f42, + 0x8914a73fed386e32, + 0x57fc876ac0e02b9e, + 0xcd24313f740fd0c6, + 0xae4596615941437f, + 0x71ca9922f572314b, + 0x492a957798827ae1, + 0x5d4210063161c7dc, + 0xf4438d4107ef6de9, + 0x16c324cc80d1d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x31e163e2bba406ae, + 0xbf814eac695a79d6, + 0x3ef082857c6e0af3, + 0x6dde872f12fc588f, + 0xd05acd7b670190b6, + 0x2b5e3bbd0cde73b6, + 0x1fe132cbba4fdb64, + 0x13ffa739ef74c5d5, + 0xab07a7f09f5dd20f, + 0x91496292ee8c35d0, + 0xd8b7d22c3d42f447, + 0xf8067a3c2d95, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5ea269a627948214, + 0x38f3cafdfb25e834, + 0xa59e51f132aaaa09, + 0x1df1081ebb37e364, + 0xf3aed3df5444b646, + 0x5a2eaf1d1393e86, + 0x8ff335f3f966d009, + 0x1962ead7b30c9f3e, + 0x8df0bd21df94d615, + 0x7df353a320106bc8, + 0x999bcbc0d1012176, + 0x3c6cd86ffeea, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xabdc7b54602826df, + 0x8656fd0c2916ce20, + 0x93d23a7b2187369c, + 0x23b66e8339e72f2f, + 0x52f429022efa88a3, + 0x538f0ebddab736ef, + 0x76190c903637d23a, + 0xc2691af5342b4d3, + 0x9f83460790eec4f1, + 0x323b15fa7bd93949, + 0xcbfc82e45f7d4a7c, + 0xee964f6e6d63, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4c2844051eaa3679, + 0x55b080f7863df438, + 0x909e62f9badd7a46, + 0xc75c6ba1507340cd, + 0x4687ddeb80fb255, + 0x15731c4259a5d1dd, + 0x52755f75cb479400, + 0x196e185049cf4233, + 0x14f8f434731e4c16, + 0x5b50eb0940595a45, + 0x1de1c127c134f9f5, + 0x18e3735f432cb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xaa371123ea88c3bb, + 0xaa9ada46792f5716, + 0x3c49c2b627c1b3cd, + 0xc08af0fb67469f51, + 0xde9464f4ff58d93b, + 0xe413ff6745267590, + 0xdc54c3deba5a14e0, + 0xdc234552760a26d9, + 0x8f834b13a4bc9249, + 0x82c5532cd61cc251, + 0xf9087c6246fceaaf, + 0xfef655ac6c36, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1402238ac55402d8, + 0x4bc0526019fd9819, + 0xf930265844c80568, + 0x20086a72b95b6948, + 0x4727ecdaab33c73b, + 0xd3c667755580a7d7, + 0x1e8e7e96dcb818ee, + 0x6f7cd073aae59454, + 0x4d23bb2e4825b493, + 0x53ab5a7117fa333d, + 0xda75321f0d0b9d51, + 0x15dfc9e5637dc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8e5fb226bdb14b8c, + 0x606aac140a3f3e04, + 0xe831c01443775d03, + 0xdf1522bd76aa7372, + 0x8ae9668842578941, + 0xa2d2c818b96a8ee8, + 0xf1c5f6c4f15d8ea8, + 0x611741486a1dd031, + 0x4ca5638d1e5c7953, + 0xeaf2e1affac30317, + 0x89c7db2cb72df74a, + 0xcc69e8bce3d9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1a683ab7d9bdf8a5, + 0x64cabfd214134613, + 0x639988c6d0361286, + 0x4a940f5e65dabc7c, + 0x39858573b02fee22, + 0x8d4b7b99dc0c4c91, + 0x6da4a07245f4d80b, + 0x331742dcbb485a9a, + 0xa59e1e88ea3feeb7, + 0xc0b2e7400a855002, + 0xd1808d84a85fd995, + 0x157f2171fe05a, + ]) + ), ]; // This MDS matrix supports fast matrix multiplication - const MDS_CST: &'static[Fr] = &[ - field_new!(Fr,BigInteger([0x5ef6c5803ffff0b9,0xc87d30b037de2623,0xfb2cfd1981c5d76d,0x5343e3226f1113b2,0xbbbc227fa69131ee,0x2a8c0cf32e31dd41,0x15d6072feb4315cf,0xeac86ddb0d72d1b7,0xf457c575fc343aa0,0x59e953592fd74c9d,0x7ff7fa50750bc70a,0x18886f925d6ba,])), - field_new!(Fr,BigInteger([0xee423eb57fffa0a6,0xc2ba9f17acadde63,0xf21f8870b9600ea0,0x89af6eeca55e3659,0x60edcca63d2a41c8,0xfb477504a89c312,0x4fcc489c84216d59,0x917d7587f44f023,0x73e38903794b3798,0xb319fbc57d331066,0x805c5d11d9f039a7,0x1b0be2cc8f360,])), - field_new!(Fr,BigInteger([0xb80824ebffff9a30,0xc11d8418b0ff1e7f,0x5ef75231ad2a230a,0x9c99ad34cf5d5156,0xd97ef36480fd5c33,0x479907d1d73bf209,0x828832840265987a,0x67cd9c6b7f861f43,0x7ba84d7fdc3ac062,0xc825a95ead868c4,0x410d1b5e6c935945,0xaf1562721ddc,])), - field_new!(Fr,BigInteger([0x7ece4e8bbfffe1f7,0x6a69ea5b8e7f97c2,0x89ec60ffbeb93077,0x37e460ae31bd9f09,0x27f883f8ab5b3e4b,0x763fb1672f8d82b,0x15543370aac8d08c,0xfc620c67f6810dff,0x1e3b9481634be904,0x487e4371f154ff8e,0x61e4d6c705ec6955,0xb7876d9dcb5d,])), - field_new!(Fr,BigInteger([0x58b64638ffffe4c4,0xa236aff2550fe965,0xb7ebd3c32ae833e,0xd03210bf82e6deb7,0x625ee4efdd334591,0xc0e2194f9618dffa,0xe41868f996905538,0x5e019b94813a6396,0x6753171688952332,0x8e8b0f8262c4bb60,0x92b2889e172678e1,0xe3a19fcebe4e,])), - field_new!(Fr,BigInteger([0x3cd1863f7ffffb8e,0x7a17777c854ac90d,0x4ee9492ff07aa164,0xba5d108a2ed94f3d,0x4bd579612aa420b9,0xda4e52b5616c0be2,0x3c4a3090b99f44fc,0x7a1ef57be4a0008a,0xf2765b3b44ffd0a6,0x2c7d5cc8fb43f2d0,0x465b44b613c9b1c4,0x233cf8e79cb2,])), - field_new!(Fr,BigInteger([0x8e66cc663fffd191,0xcdb7a31409d5e61,0xbfeaec0e9f1cd544,0x290f984ba905f3ef,0x595c8a5e35c298df,0x2a74b65104a59061,0xb9b1eaa4b1104c90,0xf1b7e8c337898df6,0xe2652a56a1447aaf,0x6196f3b47b16110e,0xcb1d39edaab39a9e,0x10a95fbcd6967,])), - field_new!(Fr,BigInteger([0xc0ca0bd6ffffd17c,0x99aeeb4cf86395d4,0x21e1479d7415a5da,0xe9b021995874246a,0x3004ec36d60a7661,0x879126f8954aa6a5,0x1b89e4ca7499fca0,0x49e7b8a722561159,0x1d4f0de0b8cfb940,0x4a1d8a1cf84ca296,0x784767101218bb5e,0x3171621a22cf,])), - field_new!(Fr,BigInteger([0xbeaefc0f3ffffe15,0x31fa60c505c528da,0x17062bf32a5800cc,0x7f6c8a491e1c85d8,0x51c275d51d6bb509,0xca2b3dc7bc07b33e,0xfbde52978687148a,0xac5de44ad3586169,0x5544299cb8c3db5f,0x244ac8e0636993bb,0xdb58cffd2ff83d0,0x1120aca75573a,])), + const MDS_CST: &'static [Fr] = &[ + field_new!( + Fr, + BigInteger([ + 0x5ef6c5803ffff0b9, + 0xc87d30b037de2623, + 0xfb2cfd1981c5d76d, + 0x5343e3226f1113b2, + 0xbbbc227fa69131ee, + 0x2a8c0cf32e31dd41, + 0x15d6072feb4315cf, + 0xeac86ddb0d72d1b7, + 0xf457c575fc343aa0, + 0x59e953592fd74c9d, + 0x7ff7fa50750bc70a, + 0x18886f925d6ba, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xee423eb57fffa0a6, + 0xc2ba9f17acadde63, + 0xf21f8870b9600ea0, + 0x89af6eeca55e3659, + 0x60edcca63d2a41c8, + 0xfb477504a89c312, + 0x4fcc489c84216d59, + 0x917d7587f44f023, + 0x73e38903794b3798, + 0xb319fbc57d331066, + 0x805c5d11d9f039a7, + 0x1b0be2cc8f360, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb80824ebffff9a30, + 0xc11d8418b0ff1e7f, + 0x5ef75231ad2a230a, + 0x9c99ad34cf5d5156, + 0xd97ef36480fd5c33, + 0x479907d1d73bf209, + 0x828832840265987a, + 0x67cd9c6b7f861f43, + 0x7ba84d7fdc3ac062, + 0xc825a95ead868c4, + 0x410d1b5e6c935945, + 0xaf1562721ddc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7ece4e8bbfffe1f7, + 0x6a69ea5b8e7f97c2, + 0x89ec60ffbeb93077, + 0x37e460ae31bd9f09, + 0x27f883f8ab5b3e4b, + 0x763fb1672f8d82b, + 0x15543370aac8d08c, + 0xfc620c67f6810dff, + 0x1e3b9481634be904, + 0x487e4371f154ff8e, + 0x61e4d6c705ec6955, + 0xb7876d9dcb5d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x58b64638ffffe4c4, + 0xa236aff2550fe965, + 0xb7ebd3c32ae833e, + 0xd03210bf82e6deb7, + 0x625ee4efdd334591, + 0xc0e2194f9618dffa, + 0xe41868f996905538, + 0x5e019b94813a6396, + 0x6753171688952332, + 0x8e8b0f8262c4bb60, + 0x92b2889e172678e1, + 0xe3a19fcebe4e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x3cd1863f7ffffb8e, + 0x7a17777c854ac90d, + 0x4ee9492ff07aa164, + 0xba5d108a2ed94f3d, + 0x4bd579612aa420b9, + 0xda4e52b5616c0be2, + 0x3c4a3090b99f44fc, + 0x7a1ef57be4a0008a, + 0xf2765b3b44ffd0a6, + 0x2c7d5cc8fb43f2d0, + 0x465b44b613c9b1c4, + 0x233cf8e79cb2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8e66cc663fffd191, + 0xcdb7a31409d5e61, + 0xbfeaec0e9f1cd544, + 0x290f984ba905f3ef, + 0x595c8a5e35c298df, + 0x2a74b65104a59061, + 0xb9b1eaa4b1104c90, + 0xf1b7e8c337898df6, + 0xe2652a56a1447aaf, + 0x6196f3b47b16110e, + 0xcb1d39edaab39a9e, + 0x10a95fbcd6967, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc0ca0bd6ffffd17c, + 0x99aeeb4cf86395d4, + 0x21e1479d7415a5da, + 0xe9b021995874246a, + 0x3004ec36d60a7661, + 0x879126f8954aa6a5, + 0x1b89e4ca7499fca0, + 0x49e7b8a722561159, + 0x1d4f0de0b8cfb940, + 0x4a1d8a1cf84ca296, + 0x784767101218bb5e, + 0x3171621a22cf, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbeaefc0f3ffffe15, + 0x31fa60c505c528da, + 0x17062bf32a5800cc, + 0x7f6c8a491e1c85d8, + 0x51c275d51d6bb509, + 0xca2b3dc7bc07b33e, + 0xfbde52978687148a, + 0xac5de44ad3586169, + 0x5544299cb8c3db5f, + 0x244ac8e0636993bb, + 0xdb58cffd2ff83d0, + 0x1120aca75573a, + ]) + ), ]; /// Short Montgomery multiplication with respect to the short Montgomery constant R_2=2^64 @@ -299,4 +4040,4 @@ impl PoseidonParameters for MNT4753PoseidonParameters { *res += &elem; }); } -} \ No newline at end of file +} diff --git a/primitives/src/crh/poseidon/parameters/mnt6753.rs b/primitives/src/crh/poseidon/parameters/mnt6753.rs index 7fbca6fde..ce0805477 100644 --- a/primitives/src/crh/poseidon/parameters/mnt6753.rs +++ b/primitives/src/crh/poseidon/parameters/mnt6753.rs @@ -1,16 +1,9 @@ use crate::crh::{ + batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonInverseSBox, PoseidonParameters, PoseidonShortParameters, - FieldBasedHashParameters, PoseidonHash, batched_crh::PoseidonBatchHash, - PoseidonInverseSBox, -}; - -use algebra::{ - fields::mnt6753::Fr, - biginteger::BigInteger768 as BigInteger, - field_new, - MulShort }; +use algebra::{biginteger::BigInteger768 as BigInteger, field_new, fields::mnt6753::Fr, MulShort}; #[derive(Debug, Clone)] /// x^{-1}-POSEIDON-128 parameters for scalar field Fr MNT6-753, with an MDS matrix supporting @@ -22,30 +15,174 @@ pub struct MNT6753PoseidonParameters; pub type MNT6InversePoseidonSBox = PoseidonInverseSBox; pub type MNT6PoseidonHash = PoseidonHash; -pub type MNT6BatchPoseidonHash = PoseidonBatchHash; +pub type MNT6BatchPoseidonHash = + PoseidonBatchHash; impl FieldBasedHashParameters for MNT6753PoseidonParameters { type Fr = Fr; - const R: usize = 2; // The rate of the hash function + const R: usize = 2; // The rate of the hash function } impl PoseidonShortParameters for MNT6753PoseidonParameters { - const MDS_CST_SHORT: &'static[Fr] = &[ + const MDS_CST_SHORT: &'static [Fr] = &[ // These constants are in Partial Montgomery representation with R = 2^64 - field_new!(Fr,BigInteger([0x1b06b82936573768, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0xa8a66953a924365d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0xb412c015510c2717, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x351fdbd63ac0afdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x302be8e2c8e27f02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x7dcdc338f53308c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x5220f8b41dab7db4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x524543d141024c82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), - field_new!(Fr,BigInteger([0x3657a2432f363f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])), + field_new!( + Fr, + BigInteger([ + 0x1b06b82936573768, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa8a66953a924365d, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb412c015510c2717, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x351fdbd63ac0afdb, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x302be8e2c8e27f02, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7dcdc338f53308c, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5220f8b41dab7db4, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x524543d141024c82, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x3657a2432f363f4, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0, + 0x0 + ]) + ), ]; } impl PoseidonParameters for MNT6753PoseidonParameters { - const T: usize = 3; // Number of S-Boxes const R_F: i32 = 4; @@ -54,242 +191,3845 @@ impl PoseidonParameters for MNT6753PoseidonParameters { // Number of partial rounds // The zero element of the field - const ZERO:Fr = field_new!(Fr, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0])); + const ZERO: Fr = field_new!( + Fr, + BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]) + ); - const AFTER_ZERO_PERM: &'static[Fr] = &[ - field_new!(Fr, BigInteger([0xef99f18ca1164fb0,0x1bf161755d689806,0x83ee017c500c6964,0x8abab822f92200c0,0x4b64884b9cc7eef9,0x53d4a2f13e17017c,0x551b8da2668dad8a,0x9939a48a0191c96c,0x2e1d80ef403671a0,0xb037bb60fbeb0212,0x6a22eba60581eb12,0x6ec196c9026d,])), - field_new!(Fr, BigInteger([0x18c4207483ba0f2f,0x6c50abc8aca74de3,0x7c1acfd6686351c,0xf367937c1356e91f,0xcdbf0447592ec1,0xe13763baac982387,0x2e1f904290e7045f,0xb6ffbcccd73c1092,0xfae22550de44cf2c,0x14c26231e52c7eae,0x471836049049f3b7,0xdc46826797ae,])), - field_new!(Fr, BigInteger([0x2ee4a96e4cda5f6f,0x7442a7b7f51fdbfc,0x23d03839ab7d811,0x1f873a8c0ddfd7a4,0x872f14e24612551a,0xd43181c852d5f78b,0xb2ff35a74130d2cd,0xd64aaa80f389157,0xb954953b8d35d74,0x37aba7a7212e96c,0xcce2fff62e11a3d4,0xfb3f9157120d,])), + const AFTER_ZERO_PERM: &'static [Fr] = &[ + field_new!( + Fr, + BigInteger([ + 0xef99f18ca1164fb0, + 0x1bf161755d689806, + 0x83ee017c500c6964, + 0x8abab822f92200c0, + 0x4b64884b9cc7eef9, + 0x53d4a2f13e17017c, + 0x551b8da2668dad8a, + 0x9939a48a0191c96c, + 0x2e1d80ef403671a0, + 0xb037bb60fbeb0212, + 0x6a22eba60581eb12, + 0x6ec196c9026d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x18c4207483ba0f2f, + 0x6c50abc8aca74de3, + 0x7c1acfd6686351c, + 0xf367937c1356e91f, + 0xcdbf0447592ec1, + 0xe13763baac982387, + 0x2e1f904290e7045f, + 0xb6ffbcccd73c1092, + 0xfae22550de44cf2c, + 0x14c26231e52c7eae, + 0x471836049049f3b7, + 0xdc46826797ae, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2ee4a96e4cda5f6f, + 0x7442a7b7f51fdbfc, + 0x23d03839ab7d811, + 0x1f873a8c0ddfd7a4, + 0x872f14e24612551a, + 0xd43181c852d5f78b, + 0xb2ff35a74130d2cd, + 0xd64aaa80f389157, + 0xb954953b8d35d74, + 0x37aba7a7212e96c, + 0xcce2fff62e11a3d4, + 0xfb3f9157120d, + ]) + ), ]; // Array of round constants (in Montgomery representation) const ROUND_CST: &'static [Fr] = &[ - field_new!(Fr,BigInteger([0xbc3bce4306347da3,0xe8bf3275de6f8a80,0x56a983ba25567267,0x718c0cb5c1707067,0x847b43861d406618,0x94e384fd0addc509,0x8c05c8e798c7a2e3,0x85204ec1d689f829,0xe5845d1b732e9f45,0x948470650fdf2c14,0x3020e7156b6d05fe,0x169a87b2cb0d2,])), - field_new!(Fr,BigInteger([0xb1243358d3057ddc,0x4f7d9135a93f7748,0xadcd00c037af95ef,0x5d93d11990a375f,0x7e8dce24aeed7f78,0x637b8ff9811147e,0xa74da71309e416ab,0x7b8211e20256568,0x7c75dc81daf36cb4,0x68475b1d5e0de06f,0xed144721f8c12f0c,0x8f3ad7774bde,])), - field_new!(Fr,BigInteger([0x2558a47e2d238f9,0xa3806a012e162b01,0x5b969c8e940ab574,0x40bdbe69f4fa8c2a,0xb55e37231cb10e77,0xf3226b8a7b9f88ab,0x69d45fd2c66a1b61,0x6335cff83520233b,0xba7ca0f17bf5557a,0xa36e501f0ecb1b4,0xb624e1f62688951b,0x120725fe2f38d,])), - field_new!(Fr,BigInteger([0x64971ee618597cc5,0x47011c83b604700f,0x540fe5a11a9ba46b,0xaec24298dabd5ae3,0x35ea26cd9f3c9c17,0xf6f87ee89f706831,0x26a93689410bc844,0x6447ef4de97c9fc4,0x4f9d7deb6fec1ae1,0xcdfeb3d8cbe2eeb2,0xfc5d2edfe5614e6,0x8a46f6357324,])), - field_new!(Fr,BigInteger([0x7a926bcfbbe9164c,0xe905bffe2f6cd343,0x2313e9b25229b004,0x48fe1decc4065073,0xab0c7949277306c0,0xaaecde3c27ae8329,0x944a237d0a673ff3,0xe437df12016a7388,0x524f710ee2849356,0xc8981a53bf724322,0xa5376dc20e96c22b,0x78c2e7b89a98,])), - field_new!(Fr,BigInteger([0xe5c93c20dabde2,0x4a84e87ad6c60636,0xd7be20dc78ffe12b,0xc931d4f5f6226649,0x9b86aaa876579687,0xe1a946bb97534005,0xbfab8ce368acb767,0x707c0b01d76c58b3,0xf0edadc780764c01,0xc0ce398bf996ede5,0x6d50e23f5b4606e0,0x18939e2917075,])), - field_new!(Fr,BigInteger([0xad6038d73b65ac49,0xec6431333f1136aa,0x4c5c41d0197994be,0xf25b85488546a994,0x453e0f1aae654da6,0x6574156a2824bc3d,0x983de26c0534889b,0x7804458d59c7c0f0,0xf60e97dcd32d2b75,0xf81be2cf0cc90ef9,0x73ae4c919e6294d6,0x170db80cd372c,])), - field_new!(Fr,BigInteger([0xa60fcc0717fadf03,0xc0563f26c986e1eb,0x8b37ef8705cde090,0xddc13bd45f04e124,0xd55c58adaeb15353,0x6497682ef4cda76d,0x900638be243c185d,0xbe1a3babc087721a,0xf981dc114e996356,0xbd76dc9fcd1815a2,0xf840c8dee0fb79cd,0x1281b7d95f1e5,])), - field_new!(Fr,BigInteger([0xfcd413a0cf53cc02,0x2c7b141857b9ee70,0x9c09534ff13a0060,0x739089532860063a,0x99da8f1b13b7b5bf,0x11635bafdf16619f,0xab3dc0f7683b5eb5,0x62f827b9bbe81bbb,0xddecd51ea233970c,0xa87281caacfc03f9,0xed7c84c4dde32595,0x4b7429204208,])), - field_new!(Fr,BigInteger([0x8c156b346bda1970,0xe68bd83561e3a9ed,0x3c629ca298087cc0,0x8ed9cd63d9a0af29,0x681280168db49685,0x913b234a0082a534,0xbff3b74ab4c6b92d,0x32c56daef2e6a3c2,0xf4d2a3122db2f6cb,0xc3d40845fa728427,0xb12294978641e515,0xc797e035c3f3,])), - field_new!(Fr,BigInteger([0x98cd921cf106e6f1,0x99b88250713cb636,0xf22b0d765081a737,0x577429a343f260f7,0x960522f36bda2cf0,0xd41dc41d29e11da0,0x82ab5d062a3f6b90,0xe81b4ff572de9ea6,0xd5c270ea2bf2fb68,0x9bf6b653245ef6f2,0x3e9611a14c68eaf,0x2b6817b7d88e,])), - field_new!(Fr,BigInteger([0x52c38478857bc38,0x87dfd561387ee0d3,0xe20a8a17053ecd14,0xf63394618bedca70,0x4eed31f9f1f3e437,0x96e398a226b3a32c,0x62578c2a7c4bfc85,0xb922fe2cf020a8bb,0x8f2a2e28d430de02,0x405b2d7fc2bc947,0x6bff7fda4cf8f35,0xcf161eb3f503,])), - field_new!(Fr,BigInteger([0xbfedab71cd8a8f39,0xf4eb8c3b37469932,0xd9fd0554fb31a36c,0xca89a178095d77c0,0xb4872a4bc30475a4,0xfd07f3f85d942bdd,0xbc3c672d57bbfa46,0xf9622b9e3805ffb5,0x352205a9215a1a35,0xbb78ec06d3563cd3,0xeda50a02ebf8a493,0x9a17284f85d8,])), - field_new!(Fr,BigInteger([0x86933e15d3f51b40,0x94408ba463f74303,0x859090f3694ef6bd,0x913d6669a673047c,0xdf278d0a345df09b,0xab77951041ed9f3d,0xb1d85bb0de5ae94c,0xb5b897b241263ca1,0x2c6c096991f89054,0xd9edf8127760414e,0xa3e47ed303140f4f,0xcef7043b6440,])), - field_new!(Fr,BigInteger([0x515e517734aef7e,0x3f7081cd9252a5a0,0x99242dac0d5fb0c9,0xfffd074618216629,0xc2dc7e5d0881dc76,0xe48daefdfb8ce2f6,0x66f0a2964cec71c2,0x92302ddd6e1d8035,0x27381d6c3df61626,0x20d4cb97f497cca7,0x4690d32e14378905,0xa35ca32185af,])), - field_new!(Fr,BigInteger([0x9df1d74d14e4315e,0x2c45d5c5767d5922,0x7adf6d56f307671,0x2568768c5a3be61,0x75b23b6b918402d5,0x7cfda8fd09520efe,0xbd85632006f8c921,0xd8ace4296a133eca,0x489c6546935090e0,0xd06ee97b10e50a81,0xe01b3231635c7ebe,0x3829459449eb,])), - field_new!(Fr,BigInteger([0xb7dde79b7bf4a100,0x579ab9f6ab605754,0x9f93fb2efad60e8b,0x334c63c11d992259,0x9422891fdad923ed,0x6d9e596b61dc5366,0x8d9dcd04489c9b82,0x3896394679ded931,0xaba406c12b3c8def,0xb50962ce9eb6dc28,0x15687f72b3cdd7f9,0x2d8c1c1af596,])), - field_new!(Fr,BigInteger([0xa716410b829db004,0x135009ba5962231f,0xd6a5e4be709faf82,0x1e49d58e7477a15f,0xe17f80cdbf74063c,0xbde04bff7a310d00,0xbe5b0ed32dd6ba73,0x9b7094c531a4fa02,0x51a1e104551d3255,0x8f7d7687d882ae3b,0x7486650dcfec6e20,0x770e2364d878,])), - field_new!(Fr,BigInteger([0xa2a1cbe1b5efa4d4,0xceb2e913c0b5de20,0x9365b5598899dabf,0xf22db0dbfaf7fb42,0xb23d260ba39875a5,0x4a1ea29372e1afb3,0xf590b3846306852d,0xe477f53a41489505,0xcf37b92157040037,0x3139495d73fb9d49,0xcfe46493bb30ebb5,0x15698ba0ee379,])), - field_new!(Fr,BigInteger([0xcf1e0e4295bb765c,0x5eebbf95e3526584,0x53f08b01c48210c9,0xe430d917e0c5de38,0xc23415e8c5817216,0xc773d51e7480c309,0xd5e5594fb5f63b1d,0x4c307d9a1da2e42e,0xb19fe25509bb7f77,0x7b534d4929b93385,0x54436e71bbe03902,0x186d99821f387,])), - field_new!(Fr,BigInteger([0x4bd658be24774112,0xcac13551f6a42b2c,0xac76edc838584292,0x3dbdc8737cae5f22,0x9b2b727c542fac21,0x8f4848cba0e83b05,0x9e5d49f46d8d4130,0xf65fef81e53aa69a,0x3219752323db5f46,0x33c51406d800b9cb,0x6293365a71e335ed,0xc0805a013c1f,])), - field_new!(Fr,BigInteger([0x66f69b942cbbcd7c,0x35a646050dbacea6,0x37219d8d3dc6b60b,0xd99e34672eac00fa,0x5681cc7197e62dfb,0xe1a7e8afbc9efcbd,0xce576cb4e2e26728,0xb77e05a61a4c3dc,0x7879767c062653dd,0x3fb0004573ae7030,0x70194d8d72f1ee81,0x4629eb4ed9b3,])), - field_new!(Fr,BigInteger([0x47ba6dc973c59fae,0x7589293669d6b1d2,0x9945199f5af5b0d1,0x900e813e1509696f,0xbce135462d7d5f3c,0x495479b22d91a50d,0x9353f0421cf870af,0xcb9e763242274a8,0x4ce8bfa5300ca0d6,0x9692522e7d3c27fa,0xa769977fb8361b09,0x10401bdd1192d,])), - field_new!(Fr,BigInteger([0x35cad5267f72d5a0,0x59978eef99179287,0x21d0b9087ae03d63,0x42b36b9e15d88ca3,0x2f1f411bcfc1682d,0x2ea54ef46ead60,0xbc7ae10814bb57e1,0x51ee614e701c2873,0xd8258954b9d6db5d,0x4a70f7e2ac23ce0f,0x86572f188764a9cc,0x43d3c1cbcaef,])), - field_new!(Fr,BigInteger([0x95a964522e1872a,0xe3805ebffca5caf5,0x7866665fdd28821c,0x107ca6813960b562,0x2b3489de685aa806,0x4518e91d4cee77c9,0x37fa0978b6c226c9,0xb9e41cd595a6e65e,0x3c85eb117274da97,0x359d679e3711f13d,0x21cf42c7ca6c2da6,0x170c112e93fbd,])), - field_new!(Fr,BigInteger([0x2fb99dff9f768266,0xc1ee08b388c0c15,0x6ec43934e6228f53,0xa3c1d0b4058e157a,0x82506d90ca5e876f,0x74f58ca62a946038,0xd1d0d8fdcc33a3e9,0x6f4ed4c48672bccc,0xf214288461b6ac20,0xcae45b984aacf13e,0xe11934dea9b9f2e9,0x187491ad8c7e9,])), - field_new!(Fr,BigInteger([0x45b73fe1fa203ac9,0xe70ffc3798c23627,0xf6df255943b61f8a,0xe5405035a4f1a9e1,0x7ab51c17fb4af6a3,0xf0307b784eb7c208,0xa4a1c93996bb276,0xb4a71d927f54803c,0x28fc3d4d67b8557c,0x232d8075c288d2e8,0xef9f18dd7d0209b8,0x1481fdf212387,])), - field_new!(Fr,BigInteger([0x1c1ab04e329a5f99,0xfc6239a086be8d4f,0x392ed1a0d99c1ac8,0x57eb372b46a08621,0xc284b2cad95afc3c,0x1f67a48aba082dfd,0xe65ece83f217cf9d,0xdd90f37d4cf441f8,0x62f381ef1b42e03c,0x1bfe753fd7a697d5,0x9e5ba3e3bf6c739e,0xf2f72e1a834d,])), - field_new!(Fr,BigInteger([0x7649fb8154288dc1,0xc5805e2b6e719af7,0x551d1de223a11c8e,0x83d21614412d1c6d,0xaabf71ff9de8a1ab,0x48ccc969b6a36b6d,0x664217e0c61017a9,0x91da9a6df4ebf50d,0x7c6ce1629d8d5ae4,0xf957ac73853c8fee,0x104a1d62a2006dbf,0x1b175b2debba3,])), - field_new!(Fr,BigInteger([0xa0d19706a32ea453,0x515567cde835b39a,0x3fc8fb512c0d1104,0x67d716987896a533,0x2a112a0c57897516,0xb95e6012f1bc333a,0xc4b59bf8d7edc847,0x40c6e78201b7ef2f,0xae430be9970fd98a,0xdc438a17861e9bb9,0xa938ea82054bfa2d,0xdb9a3b39dea8,])), - field_new!(Fr,BigInteger([0x68170b2018246a16,0x278918eb802e619c,0x8060f586c60304c,0x6fe568c861543398,0x9fbf941ef7574b6,0x5a8461e2ed26c54f,0x3c585f7567687c36,0x3823f7483a2c4e2a,0x9ecdff84855415d,0xf0c3560d666d86bd,0x54e56be15effeff0,0x1060b7a65f110,])), - field_new!(Fr,BigInteger([0xf9126f9013645e55,0xbc0c855bb5382c9,0xf9d2a95d85e976ed,0x499ad33c6be844ef,0x12af4f8e494e20c7,0xcbd536028f86a723,0xd76a3cf1ba7f1403,0xc0491b6123afaef,0x7983456c41384e7,0xe21a06eab46fe55b,0xc9e775223e9005c3,0x1ba678a02b552,])), - field_new!(Fr,BigInteger([0xefba9b6dd8b44bb6,0x2118c45cd4ad5e64,0x5c39ba3baf080ca1,0x605f6689fc38825f,0xeac9c724d19472b9,0x6c024327bc8ec260,0x94c6ddeb60f56a77,0x4d2a2a12b551b0a7,0xd3268e57a571bddb,0xde42da0f1c19452f,0xa4d02c77eecdaf3b,0x1c1df46675b2b,])), - field_new!(Fr,BigInteger([0x329f0107c25d031f,0x118880346fd43cdf,0xbda10f36776788c2,0xd0a5e6599be940c3,0x56929adb7f0616ff,0x3e86b0a7635462b8,0xb066b4e7872ff039,0x6b72a0577eabe9f2,0x61f32a17b03e4b18,0x2f480847f7d4d3c1,0xb693ee9372487660,0x18ed43b4d6bba,])), - field_new!(Fr,BigInteger([0x45fa9a4c919da6e,0x29d625ec1610a860,0x6daa69edac102211,0x70f19a2cb9bba20a,0x75cf557057e27a9d,0x305546b218234ecb,0x49b868a6670e542c,0x7cd122a295c484fc,0x643721f73c6f0d44,0x1a77cd1bdd016445,0xb1cc6a88711a11e4,0x186003af07a97,])), - field_new!(Fr,BigInteger([0xfac1c10706f04394,0x9dbc02290de64b60,0xd0a7bd1a26bd4c1d,0x8622c5cb7aeddbf1,0x24d9bc40c98ca76e,0x9ca01d95ac15c0f,0xf504a36a5e52fe7c,0x94ea6d60f5dd320,0x31df964e0a290f3f,0xd1e278f4299509e7,0x60b73494cc8a3ac0,0xb0722609be51,])), - field_new!(Fr,BigInteger([0xa9844e70c2e4c1bd,0x9121475c57c5280a,0xce18f0856fca77c1,0x500e1153cabb83d6,0xda69a261bc409c95,0xb23bd4ce8998ae1b,0xb660d7f131493836,0xc530d373817f95b1,0x381fa4bbd5f06b3c,0x87b45f17f9a8b3b8,0x35da29b115a75492,0x86e4d3d33bc,])), - field_new!(Fr,BigInteger([0xde760d5291636b5d,0xdc74d14058a33a32,0x4b3abbd981676ab3,0xf6f7b077488a2ab2,0x2ee93cd428091871,0x2672fff03b6d70cd,0xfd80c33f34b5179a,0x5cfb15ea1395db53,0x7caa3712160b23b5,0xb2094d9a94f9a085,0x79eaf2e4fba700e9,0xf5e5ebdfc24a,])), - field_new!(Fr,BigInteger([0x4a931e7b5d8fe8d4,0x92475f72f889600c,0x18ec232a3237f9b2,0xe9e87a69d603b22d,0x3bc4072a7b2bc7ee,0x307b6dccb363443f,0x95c8af13e5aa4d34,0x5797f43c0eb68bd8,0x2907279a910559ae,0x8cb7f2187e335722,0x4f24a2f63495a781,0x9e74b772a6d8,])), - field_new!(Fr,BigInteger([0x1892a7066a66f33e,0xb6da322dce88f7e4,0x3404a46554c196ba,0xce6af9e88bfdd9b2,0x455dc4dfcb9ec644,0x4c59d13757126f7b,0x365359c9b70d0820,0x19f401f92da6a168,0x60e9f301e52b8a1b,0x88c1ad84016338ca,0x34600b26cdea0db0,0x988574140260,])), - field_new!(Fr,BigInteger([0x30f1c717088f8651,0x70a2e64ec8ad80c1,0x34a6db5cabd2ab1b,0x5901fe9f22757394,0x622beb63e634dd84,0x7ba6aa30011da1b2,0x714a219c89930469,0xddf1fa8d85742328,0x1256203cb7e0f0dd,0x39f01beeb544eefa,0xde2017f229da80dc,0x69a58b8c2d9,])), - field_new!(Fr,BigInteger([0xf8d598c1c3b39d6,0x15193612a7201f97,0x1b606952cf3f167f,0x28b3735e7988e0a4,0x8605717389c09c5a,0x97deb3d89d2de45c,0x58c40656589734cd,0x535c2e02d3c0636d,0x4cd355c1d1844981,0x6a0c3902bd48be06,0x1f2b4595097b6d2d,0x6c5ee0f14ab2,])), - field_new!(Fr,BigInteger([0x187ba1c7f3bf9fdd,0x7e3548ebaea72977,0xe580766e65388f5d,0xa46fd9cc241fc8fa,0x1cf88f4b2bc272f1,0x3ca6fa5f7e9080e4,0xacf91e4fd3cd95cf,0x4bc616acbd20b748,0xd4dcc629df0e4747,0x4d63fbcaa0b05db4,0x7be18636bc4741b8,0x160727ca510ed,])), - field_new!(Fr,BigInteger([0x88e60fd97bec2bb5,0x715cc852cbadb4ff,0xd922db3955851560,0x4e612e64544d155b,0x8db7b6fbc346d1ea,0xf715067a02bbd55,0x1879e2c56fd4a9c7,0x6b669a0c0e0725bd,0x279c6b1ac6dad58a,0x310f56a50fc58ef1,0xf4f66b3888e95881,0xb217a63477a5,])), - field_new!(Fr,BigInteger([0xe250f2b0e35e235e,0xbac016441644e815,0xe60ef6f74a50ee2a,0xc5da294c022def51,0x69d2a99bc7ec3a40,0xd716991c07d5e2de,0x5b1cb7c696cf912c,0x59ad87c220f7d591,0xf2c665694a83889f,0xb688877c1d402f44,0xa5dd1a13958dfc9b,0xdc992d0a3e50,])), - field_new!(Fr,BigInteger([0x3789105efd8aad5c,0xd18634a2e16cb54,0xd2be957506e4e868,0x8939555d9741905d,0x8bb5e9f5a2ed25a9,0xc8f221f83200d7c3,0xf8ab24e72da1ca99,0x5b39686e84721cc2,0xcd1f4ac92ea49f80,0xeb00028e2056463,0xfa983107ca976f26,0xfcb4b0efd1fb,])), - field_new!(Fr,BigInteger([0xc2077fa877097b6b,0x878a886b6bbab4f7,0xfa4a84376eafee36,0x1b53988f57b9d4b0,0x5c757d6afa905166,0x5981aa06fcc59789,0x97b85311c3eb8ab9,0xba391b555112a40a,0x78293783e8a2f0a4,0x239e342363a756ed,0x5eedfdb55b05ba09,0x1806f19515e36,])), - field_new!(Fr,BigInteger([0x2d577d219af8e17,0xe72161fb367e24d5,0x292da9391f7404a,0x78f38578f92e5214,0xf5e143297410d48f,0xf86ac7ac10517e23,0x2640f99a9b40c84c,0x736e7e1b915d839e,0xb7bd1303e345d73c,0x4f5d5b7c275b5d78,0x735a5149fb4d201f,0x14f2470420644,])), - field_new!(Fr,BigInteger([0x45794ec7d4d68c31,0x1a51e1fe92e49ec0,0x6ac3d0f0095aa114,0xff8a448b4f11ee86,0xbac030441dfddeec,0x6185ad7ca5790dd5,0x5e7d1453762f41d5,0xcf10bceecfef8533,0x806910863c9e4196,0x929519da728b5359,0xc4b9e155c2f011b3,0x18b244a5432f1,])), - field_new!(Fr,BigInteger([0x9a9db67d9d6765dd,0xee77c94781cec68c,0xf68e20fa4c41ceac,0xad26262fbb647147,0xb82d2835eb495924,0x41debed8a338a691,0x5a2907d495a19fc2,0x46dd06b9b25d9632,0x8d93f3106338941e,0x333a9b5351bee962,0xd3b687f6381ec72a,0x1c3c5e0334f0a,])), - field_new!(Fr,BigInteger([0xbe5b69734ddeb68e,0x5cfb4be0af686b62,0x7e626848743f743f,0x4cd29b4c86ac427c,0xed72a87bf9130fab,0x5c89af564a2d657d,0x2d20f113672d9bf7,0x8c1c802efd919e42,0x7e017303d6652721,0x94e9e530eb2a62c8,0x54c50eb8369dfde0,0x499d8e51d131,])), - field_new!(Fr,BigInteger([0x1077b30e926766bf,0xdbcc352ef304df8f,0x37a95541f5868938,0x333ced9ff0664c32,0x3912463b3033a846,0xb8094e87d999b19a,0xbfeeb4536d07fad7,0xe0e72bb1fd74022f,0x5810dd5e4c5558cc,0xe7ca2baffccbb9d1,0x3ae550a36c781f5d,0x188acd38d8c5f,])), - field_new!(Fr,BigInteger([0xbe46f1c252f8df87,0xd50e12aec919922f,0x41eac583dc8b2553,0x780140cbfbf2bc59,0xe8d467b23854428,0xdf3a48f5ad04cb93,0x8553e9f85fe767f3,0xb6c10a59e367c088,0x39f5ffb28bb7e6df,0xc1110d4a3e9d640f,0xad9a8a75e58177e0,0x102fe6490c4e0,])), - field_new!(Fr,BigInteger([0xdc995f5b01c22cb6,0xd6872186ab3bca52,0x3b2bb38e8a103eda,0x5f023352144ae9ed,0x9bf8fd8926d4ce8e,0xb12a878c4f9b06d1,0xd83978b5b9c35a87,0x6dd976e8ec582d13,0x59a598b82c8821de,0x28e2f95c93ce41ec,0xc3250f5e2446ea5a,0xb3c004c8deca,])), - field_new!(Fr,BigInteger([0x85ebc6a3ce00710d,0xaf6d26ba626dff8a,0x5da345a2912dcf77,0x41df8badaf36cc86,0xe2d3c03084073bb8,0xb49f6fdabe2145fe,0xb19a81a3cf5826cf,0xe90fcf06d0c74cd6,0xd1dcace51dc4bd46,0x8614d99750c5f607,0x30be63767698ecf,0x67ea8846edfe,])), - field_new!(Fr,BigInteger([0xe43d1c0b19971593,0x5f702ccc62edc52b,0x3427ac8faa48a8fe,0x9635e2cf613753fc,0xd98f9b8965a57ebf,0x6632ff7e3bf0717c,0x853ea927ab13ecb7,0x87f94339b976aa7d,0x42f14e2807ca3f0c,0x5506c7f363ba1263,0xc01e3b8850849594,0x803cfdb46200,])), - field_new!(Fr,BigInteger([0x6c5b0c2eacce16cc,0xef0b3335904cda62,0xdff9657314946045,0x73b4bac8ca237d0,0xbcba23224f13c8e8,0x8dbc686cf2072dfe,0x9a4164ab6b8a3298,0xbc14ef6573ca7ba8,0xef56d101052ab7bf,0xe459ec092b281bad,0xd29e206800a2e51e,0x18620f1a3148d,])), - field_new!(Fr,BigInteger([0xfd714c46638a3677,0x468550a7ec014af4,0xe070ef41e903ce92,0x6d43b53990b7a3b3,0x72d3f96f2537f03b,0xf8ceec51b5c8b9ff,0x6381cb30c6473847,0x956e86ed881ba3de,0x8e0f70c082c7a630,0xf761a9d21f2a68df,0x805ce0d530b8010c,0x3dead102ce55,])), - field_new!(Fr,BigInteger([0x6e8848cf9deeb8e7,0x23bec860a8bb60bb,0xd9b8158022ed712,0x8be82ff15a5cfacb,0xcd5be21caaabfb81,0xcc8c4a99844f65ca,0x152f0407fa09a3d9,0x1dc5d55c96c281ac,0xf5fb882022968972,0x5b004103b737eb6,0x8a454498ce135876,0x11d098b8b4853,])), - field_new!(Fr,BigInteger([0x147e10a756382cce,0xb74ef119a434c322,0x2769dd86c9567ab6,0xe25a2023bf3b2aa5,0xc8056c086b1ca182,0x6ae5346c2a8a62c6,0xc8f06fafdbdb0742,0x49be897884c33520,0x2cd3df36b6916b69,0x848ad901f8de30a1,0x680ed22f76d86483,0x1831e3aab39bb,])), - field_new!(Fr,BigInteger([0x9a93e5e95528c7f7,0x5e26847a9bd2cd12,0x315535bd65cf88af,0x5e8d333595c74e90,0xe70d1f57003cf128,0xbbf63138c0430395,0x897a55102ac563fa,0x6d17ee83aa1eaa38,0xcc4efc3e09645d2c,0xbfdf0b26f7bb30fc,0xb0a55fd6124d3b4d,0x7fd2368ba71,])), - field_new!(Fr,BigInteger([0xd006a2a7c23c8cce,0x3639b33663a339dc,0x124c429aa18e652b,0x5f64b30ea62a2616,0x3bd3accb30b0e724,0x4fd2010860d2dfc1,0xa5eb11300bd23ee3,0x77941850a502997c,0xe0188b457efac6f,0x93bcaa422c9213d6,0x4be996906648bef1,0xfc70f54c3109,])), - field_new!(Fr,BigInteger([0x96590205a01fa3b1,0x20edd1ae1bda98ad,0xe5cddf506c79bf70,0x9438dc1065d99828,0xe2b24e55435c0bf6,0xee5e6f0dcd865f28,0xd47a5f6dab5aae2b,0x315fb0c639a008e4,0xb2430077bcfc670d,0xce6233201b3756f6,0x228dbdca2161d6ce,0x15148b9ed789,])), - field_new!(Fr,BigInteger([0xc2392f0d547e508a,0xf04111c89dab2095,0x2c31ac90611cbc0d,0x486eecde6eeead82,0x3b243f8673319971,0x6eb54e3ab5849b44,0x241836ed0f83e6b5,0x4e0828adb54c3394,0x6d7e99b5ec0a4ce,0x4a57960c1995e35,0xd5d3952034f9bc65,0x16a2ee00a298a,])), - field_new!(Fr,BigInteger([0x59a883f0281fd6e2,0x950bee8636ca70e4,0xb4a12b061932cc9e,0x3ff33dd6599cdcba,0xbdfbca42680382c3,0x5fc3f1e2ffa79ea5,0xcf845dbbe7a9f870,0x6926d707913a8b75,0x218673a7daf62711,0x68366b138b824887,0x67283403824b3544,0xda9bfc6ce7f,])), - field_new!(Fr,BigInteger([0x30f64a7e964c3420,0x96927d44a37700f5,0x3ec4f773acac880a,0xc005622f3eb6bd7a,0xe895c0790e0d77cd,0x64dfd09b98a137c7,0x9b9c44b13e86372d,0x641112f028d24699,0xcf8d9516aa23ba54,0xd0b98027ee358bfd,0x78c2ee083b9c3c0e,0xd9537c4c5855,])), - field_new!(Fr,BigInteger([0xbffa88ed81a4be7d,0xf5b9b1337167971c,0x47666e71f84264c8,0xf10e874338c78c21,0xa6e9dde42e30b5d3,0xca74ac753c17f0f6,0xcfaad2cda1cb0570,0x72f3e192d5fbecf0,0x7787a16a8e2efe0f,0x6ec5193b9b86a147,0x31bbb511fa0f2000,0x1c3a5f33058e3,])), - field_new!(Fr,BigInteger([0xf69eb3289f5e88ba,0x5e7bac8e6b89c879,0x47e1a9b62981ae0d,0xa0697c452040eb75,0xd58cbce4f8e0eaa9,0xecb66ed104f69ed6,0xe4e2396996bac740,0x5f818bc60d770cad,0x793057e474d0eb03,0xf4fcad72d290f8de,0x6c5fed2742e0eafc,0x11b68b984bb54,])), - field_new!(Fr,BigInteger([0xe26c97b5d6d5e8b9,0x1a885e1cc30c2889,0xb9f133394fb07c29,0xc4cbfa769a76fa4a,0xa029f7fc21cf91d1,0xf20aa58ac1bb6411,0xe0caa75c552c0420,0x5399588083fc7f51,0x5236a0be2d533386,0xb301964841c4fb69,0xba1b34aa25dba3d5,0x1b14723bba2a4,])), - field_new!(Fr,BigInteger([0x7189dc77bbe41769,0xd2aebae7814de1e5,0xf0d94430c0738e4,0x50fb92efa196aa89,0x48a080d0df22afee,0x464b2e405607f9b4,0xbe514d65293c91f2,0x2eaed9201ec5dbbc,0xacd18b6ab79eeece,0x6e2a05146f91b7a8,0x125e48c63ad550fd,0x14a6aff6a6a64,])), - field_new!(Fr,BigInteger([0xbad256299b93bacd,0xf95b0c75ac320c29,0xdff52f6346933f91,0x20af28641ce10b04,0xcd896e02837efc54,0x31be62617376b6e5,0x66502e7bfe4a5b3b,0xe1e30fa71d679566,0x1b7532cacaf01b6d,0x9ad254b531b20a85,0x8473360b46ee5aa3,0x1a49b01fc4f92,])), - field_new!(Fr,BigInteger([0x4c50e825c3beb0e4,0x2b3ddfaac3f94490,0x1d89b03950d9fdb3,0x2e6866f4562801d0,0x2dbae0fae8429516,0xd53de03fc2956715,0x47024fc073a68819,0x31dfbb9f6e064e3,0xeb9119d0a7a2371b,0x621b42f743a2f2fc,0x7e8544a2690aa143,0x1afd436dee7df,])), - field_new!(Fr,BigInteger([0x94b956129e730c73,0xd458f1cb4947e98b,0x75b74456a261e807,0xfbdfa8274241d25a,0xeefe13f9b1243387,0xcfeacbe5bfbbc680,0xf75dcc57755d71f7,0xb0fc650f9ddb4864,0xdd969acab9fa59a1,0xf6c3af99ea4cb1dd,0xa57d591e652270fe,0xb66e705fd80d,])), - field_new!(Fr,BigInteger([0xf71f14c8a8fd6601,0x198d40322988b2ee,0x90456ca78250bd8b,0xb9aa12909427a875,0xf06db431b25ca4a6,0xa7aff3a59725c29a,0xee2851aa44df4497,0x7d0ce990adfe577e,0x7196d087bdd03b1f,0xfd5e773f4b7dcd2e,0x5f7cc44255e0709a,0xe5d217d3a2d6,])), - field_new!(Fr,BigInteger([0x9f976f30d0c6c718,0x6e47c1b5f40e36e,0x8c718ab7c80b5675,0xee45f564a5578480,0x6cb65467d4265b32,0xca9279b5863889cf,0xd1d010b4730f3588,0xf9e798db40280952,0x6c3c3d3a6fdccb5e,0x4d20f8b4e6d41889,0x25fda0303374d4cf,0x1a99138175979,])), - field_new!(Fr,BigInteger([0xbdf0e530098aa8cf,0x36e83e07c6f9c012,0xbf30ad60e9e9caf7,0x3d76677a5b96ae38,0x12611f57dd96ffc6,0xf4b2718398e03f12,0x5355bbce05e53887,0xbd92a79420fba3e7,0xdc215633c83e748e,0x8345ace62e83298a,0xa7e8aa69e8ac0cae,0x17a257767e098,])), - field_new!(Fr,BigInteger([0xa9fbc9850a7408be,0xb5d1dabb86dde8c7,0x26d30b8f4e8bd483,0x9be63abf87f45ee4,0x3abfe6d65927ef7b,0xd8ea7d21f70895d,0xafa60adea2c5ee1a,0x74cab4484b6c4fab,0x555cf530c400b013,0xf3b78608e8d29bc5,0xd33aaa578261f3f,0xdf57b7821b7c,])), - field_new!(Fr,BigInteger([0x951880d66e5cb5d2,0xb2085f29f3372e52,0xba108ebe816d9f21,0x4a7e0cf0a9c6d1e5,0xea73db0bc23f56d9,0xd2831e751cb1473,0x8ace4bda00bf91bb,0x25973c26107aa6f0,0x713fbaa3779a7d69,0x1a68d4214460f078,0x37e286b6e491daca,0x16e23f441d64e,])), - field_new!(Fr,BigInteger([0x2ea678aeb9cdccbb,0xcd74a83bcfde156d,0xcc7f2c74af9cc7e4,0xfc67045d356d8b50,0xcb0243798cb7c344,0xa520b1f986070f96,0xf2b26b2a10b2e41,0xa45a3674f04893b4,0xa021bcddb39dc5cf,0xcb52d0247c67d3a4,0xbafbbca80144a025,0x1b65abf946b23,])), - field_new!(Fr,BigInteger([0x7b0f040f3c187be6,0x517e7dc44f97eb0a,0x584e150c580f43c0,0x20db2ac95fe3b709,0x8e7258775ae4fbe0,0xe27e83e64c1cf0e3,0x97a455843a16a22f,0xb2b22ad295043b66,0x16ecfa5c3388b78f,0x542f4b46dc616143,0x3df7c43ec6ad3bf,0x79cd14b45d1,])), - field_new!(Fr,BigInteger([0xa693b34a336c3cb9,0xf065795e1a97d087,0x654675a6c54fcca0,0xe1847042a7ba2290,0xcabecf1dd303db3,0x2a369c6575609757,0xfed4cd1b270379f0,0xb55a77cfea3cf77f,0xb5b6ff0a25851b39,0x1fc8eb0aae53504a,0xb77de5b475057e1e,0x29af39f9f755,])), - field_new!(Fr,BigInteger([0x530e6f9a3f647776,0xbbbf0336671acb88,0x75c0d43d69ef6b8a,0x4da830f97c93ecd7,0x64c8d55786f4bbbf,0x25cce7ec5e911143,0x75ef47a01d6e11d9,0x2bc167a8160099c1,0x6b2dd25ae87c178f,0xa318de39487ad6c3,0x39463cb8d138de8a,0xdb4fb355be92,])), - field_new!(Fr,BigInteger([0xc0e56be3d41eba7c,0xd27fd9da6a7a9235,0x41520b4dc034aecd,0xced115771b8eb89c,0xc7a97ac983353c4c,0xfb4f5e37c52f14d2,0xdc2d07aa74b26240,0x782b22bafe89f618,0x71d86e34b596cd01,0xbfdc79123be9650c,0x2e2cb4186fc8e683,0x7f522cebee08,])), - field_new!(Fr,BigInteger([0x1ad3eb72756eb667,0x899840b5bc095bd5,0xc5499fe92faaef6b,0x4d9facf38e501d79,0xf92311d74044624e,0x777446cbca22e4ca,0x75cf6b2147926cba,0x56dc8d4ff296ef0,0x9520bffb75fb9381,0xea5ba50a45f5002,0x8e3e6b5570da943d,0x1a8f2a4361bb0,])), - field_new!(Fr,BigInteger([0xc9b23ce1994a2be2,0xafc4d9d7a846cdc8,0xf38c0a5e92bf7d72,0x6b3e8afefc564d51,0xe2670d16771b05eb,0xdfec79850638f514,0xe2ad455164c34d6a,0xc0d6c03d2233521e,0xb8c9d738b5cf7837,0x4d73eb67fe8ba695,0x5c5bbf6bd7df8ff3,0xa73f6fd8fdcb,])), - field_new!(Fr,BigInteger([0x4929cd3853614b,0x4e6e1794dc9582a8,0x86104259ac649073,0xdeb403133450dac9,0x72c296236870cb5e,0xd3d9c3d6ac1bdc3f,0x48a1ad3f5da8eecc,0xf5f461f6db707631,0x5f5f289ac31445be,0x1072f420f67feafe,0xb06a8001a9fe0876,0xa30e8afa6161,])), - field_new!(Fr,BigInteger([0xde9ff34cf9789c71,0xefdf7e0b3caa2dc5,0x3b56b5420da688d4,0x97bd0f2b17f4dec8,0x6943f29350de2842,0x511207779d87749f,0x8b5f15e6c9a97c33,0x77c3db5301420e78,0x240a045b85d42865,0xebea6b0d102f45a9,0x5a4da8af19875943,0x60279c4cf464,])), - field_new!(Fr,BigInteger([0x597f95db6b4318cf,0x7d3bffe969ea3244,0x96d4f1900f8fed27,0x9647ea3f7c7d5468,0xe61bfe0136c4ca92,0xdd9505dce4a25997,0x8d986e22aaf9d01e,0x1ba89481015d1e41,0x9609bb2f708eec97,0x50696ed24888ea98,0x785cbc2c939989a7,0x21e5ed67805b,])), - field_new!(Fr,BigInteger([0x59afcc5b01984775,0x6235f2b90970c91f,0xdea996f7ac46622e,0xc6bce5fb767dd9b2,0xd837a5c74eaca2bb,0x1893b85e3544cbaa,0xeb845ac44d606204,0x4702c947851c2562,0xd7b68e320085a5d1,0x7d549ac03b31e0f2,0x9caeaf2f17495fe6,0x13be2ce80f4fa,])), - field_new!(Fr,BigInteger([0x33f5761fc9c93191,0x2c8079d5491bbaba,0x70c2be3902d51f14,0x4fc1c87ba9a1a03a,0xc4a1ece214e755cb,0xad5a60711763d23f,0xfe7d0e7e42499c4c,0xc967ae0c678c357e,0xd41ab40b8d2b42b8,0x8d8fce9e3c5176be,0xeb8fcb07fdba53d1,0x14cef103ba338,])), - field_new!(Fr,BigInteger([0xeb0cb66ecbbced53,0x97edba9f1d5a4918,0xfa1fd1ffd60a4474,0x346767d4e83d1e62,0x55818cf6e0792320,0x4420fcc66e56c786,0x3f5bdd402d92e222,0x6d184b2eb06f7ebd,0xcc31a6f440d37de4,0xb1c63db201c394bb,0xb177947f1d1a48a,0x1baacd47fc9e1,])), - field_new!(Fr,BigInteger([0xccddf55c88e45749,0xe3aa43cc834674dc,0xcb4510060a4fbf1b,0x760b702c74930258,0xe335b5f0b4d53623,0xf49f29bb1858f815,0x78cdf1ea3fce1f56,0x294c1370fe1c2811,0xd7281676bc881782,0x28f03f9a31f409d7,0x68b938dd5e73d456,0x3b251f644408,])), - field_new!(Fr,BigInteger([0xb3377b00a413040c,0x2fd3fa9966d1151b,0xa5d47ac2b29e5a17,0xb9b89642d55e5720,0xa108225259d691f3,0x6272f9c84e611b80,0xc62d874a80cd3ab3,0x93259b2a08697852,0xca4dbae482b8c18,0x4dab321680faae7a,0xf02cc1000c9a106f,0x1a863dc4bd196,])), - field_new!(Fr,BigInteger([0xee0c809927eee565,0xf9ab9ae0542a6661,0x33420685f9fccbf0,0x13058379346b909a,0x8ff49eab78c80639,0x31cce24e14451eb0,0x13dd4d0208285144,0xda5be96791a38b49,0x921a56d4ca213d2a,0x14f0692158dcbd27,0x5ae89d9c2e72b466,0x410116f3a03e,])), - field_new!(Fr,BigInteger([0xa96fd5996b370905,0x7c54f80a5602ef90,0x40e67712f3a9a438,0x2c041260b06a8fd8,0x93cef8fc9083b7c,0x2a2c2f6cfc5e1c5d,0x35ffaf3dd922cb86,0xc60c7cc9a0989231,0x625035cc7a69fcd3,0x9bee745ffabe7acd,0xabbc80256e959a58,0x2c3160819842,])), - field_new!(Fr,BigInteger([0x78d41ebf39e49b85,0xe8ac254e271ca56c,0x3b87fdecc5219e8e,0xf1d8c7ee484cb6a9,0x95919e97baaa0ea8,0x655b2aaeb04faef8,0xb3c653b7d11491ad,0x30ce6413cf79356,0xcfb36cdc1b4323fd,0x3538879a93f2aa4,0xdfe99c4bcb68ac6a,0x5b949497df36,])), - field_new!(Fr,BigInteger([0xc55276d47debbf3f,0xe0fac612a40595a5,0x969ab9740679a56a,0x536eb8951b0574a1,0x658d53baee4ce646,0xee43d8c62247248e,0x17b93809db3893fd,0xbb8df2646d6cef12,0x4f86afb944a21c85,0xfc925ab022025656,0x453b341c11604a5a,0x70882ce026d2,])), - field_new!(Fr,BigInteger([0x827190d431e0fae6,0x3bf8a72bdb849068,0x97faab37710bbe1,0x7835df18db31feaf,0xd2ef53be2f64339,0x2a320f0c24556536,0x14ad19006733137,0x25b2188261c13cef,0xc965901504f59fb8,0x723d00380a351424,0xe431dc83965484b2,0x139d2ca557167,])), - field_new!(Fr,BigInteger([0xdf67773e49e21d86,0xb80d33ac7c2603e9,0xd8226ae26d3ff610,0xf701aa97095042bd,0xb25debccf1342dec,0xa5f7e2e4c6919e7c,0x32c54e0e5f4187a0,0x938b86521bd4e01f,0x666e8af2c8c22cd8,0xb4c16a77d3a3f047,0x2342a463ebc2baa3,0x2598774f0f8d,])), - field_new!(Fr,BigInteger([0xd4132bc37015c3d8,0x95bfa9aed000b7af,0xa11bb665180bdb80,0x69852d96ee117e3,0x3eb4065a0fd51b2a,0xd8a182e35646789d,0x43605aaa2a0e8eeb,0xce1960453209b198,0xd674446ae07aa405,0xf27adb668fbd2a7a,0xe197d21b2b0c4ae1,0xbbd071583b1b,])), - field_new!(Fr,BigInteger([0xc5ac86806c567f94,0xa0a81bd13f4e823b,0x4934358efebb536f,0xa2ed2009fb10c55c,0x2fa1e095b98f8e17,0xb04ee1fd9d44d8ee,0xd05decd620a3f23b,0x67deb92471d7be28,0xdb7bb52f25ede642,0x1ef2e861094f24d4,0xc9135ae37784a6ce,0x9be1e12bdea4,])), - field_new!(Fr,BigInteger([0x576c3d54f69f0fa4,0xbe4584ad80a47e0f,0x2cbdb4ce1abd80,0x27632ad589d97d61,0x3e97114cfe1153ee,0x6cbc173a1bc2f8c,0xe775e30f0305447c,0xc1d9048605883381,0x5d7813b3cf59cdbf,0x4a2904da50bd9c4a,0x797b4fb2965ef5ca,0x3e898ffd2190,])), - field_new!(Fr,BigInteger([0x669d8e9290037a18,0x34c2d915365640d9,0xd016d405d6552160,0x46abee647f501099,0x8ad8d79837bd53e1,0x5eab9dd936da6134,0x643a4eb3ca3d0d69,0xa19cf04d3cfe3c26,0x598e51c20fc425ae,0xac876cffdb33e618,0x53f16ecb5753b84b,0x1496131a8be78,])), - field_new!(Fr,BigInteger([0x35b121cc9270b03d,0x3d96b296a109614d,0x7752d0497de003b2,0x529249bc54897f0a,0x5b15700839e29239,0xa28351154f5a51d2,0xa4c8bf4d86134016,0xb7727433e9e60c9b,0xb9581a592f15cf6,0x487ed830d4ea52c,0xabf9f501b8f0121e,0xc9f0696d3336,])), - field_new!(Fr,BigInteger([0xa0c4cc792a65f820,0xc52dd22b627dbc17,0x5210f4b293fa4f,0xb45498868a369671,0xc499ac40c56a4d46,0x14d3db1cf2f104d1,0xc174ff94a2840e79,0x60a5e43cc7293556,0xc77136451776726e,0x67d4e69072324dd7,0xddae8b4e88c2d018,0x1b4e4137e5f02,])), - field_new!(Fr,BigInteger([0x4b563e35ea1873d5,0x4ba205f8090b5c49,0x53cffa9e96c87fb6,0xc14dcad139695b2,0x52076b02250b986a,0xee1d2003e5f7296f,0x4e3de22938d69b94,0x4ff974d3a4781df5,0x5a0846ac446d956c,0x71beb57b60dc2331,0xd115b3b7deb7125a,0xa64e44a979d3,])), - field_new!(Fr,BigInteger([0x9a1c5c05370ad634,0xf9ab0822d039a1e5,0x69b3d334a5c345bb,0x4bb2dc7a20f2a358,0xb4ace569a20200d9,0x44d5fac61432e66b,0x604af5a54230697e,0x740a852cf371fae0,0xa573a20270cb88de,0xb28ca54686eab55d,0xca5c27d31f2e39bf,0x115e80846be0a,])), - field_new!(Fr,BigInteger([0x8476c8d598d84103,0x1f00daf27a32496a,0x52c5320717226160,0x29c034e8d5fef5e3,0x114c200a950c33c3,0xdf2e2075b0b84219,0xd4fc9057b851f762,0x19689784b28b90f5,0xd36a5c582c7de212,0x4ae098f7ebe03a9e,0xe587c55e345460f7,0x1129e8f63ab4a,])), - field_new!(Fr,BigInteger([0x97aacf4bb71ec4f8,0xd642db333477142a,0xf39a8bda38036b61,0x9eb913e731360fbe,0x5a3bd038a5a1507a,0x75145c4c8517fc4,0xf510ec916a73c57a,0xf875dff59c6999b8,0xb590b9a46440e9d3,0x9d443702e13b9cc7,0xfc125a12bc3daed0,0x6d06d3ebf587,])), - field_new!(Fr,BigInteger([0xd443985f3b451d00,0xe382815d93557ac0,0xc3cc992c160675f8,0xea0a454ee5b8f34e,0x5e506bce8ce3f5a3,0x9f7836f1afd44faf,0x816582aff387cda5,0x3549d3c726a73031,0x304197a8ce23a955,0x975079f63969f432,0xb7181a2c0c6947c6,0xdf521a24ecd8,])), - field_new!(Fr,BigInteger([0xb61ba87230d7c588,0xda9348616f0791a4,0x95467ce44de5a101,0xd17337f5eadb9380,0x78a849bff4f5d78f,0xc63f07b7db94cb08,0x4526d07e80c747d8,0x9cd8c269ee8a4ffb,0x852933f647e0db50,0x6342eaca8d4d39b4,0xb5d1f5e460181ca8,0x19a36763a3a05,])), - field_new!(Fr,BigInteger([0x71f719d1f2888a73,0x16e3e6cd1563ebd6,0x79e51ad365b5b74e,0x7cdbdc690b012c54,0x8116a3c592b17e45,0xb5a2a9237733dfb8,0x97e36487ac8cd418,0x3ca8f2141c869ca7,0x2948765815ed878b,0xa5e6ed33d0cdcb73,0xd623f173657b9773,0x4a45c5cc7376,])), - field_new!(Fr,BigInteger([0x9b9344568ea5a08b,0x1729f52e5457b1a6,0x12f223f0e8c5df2f,0xd0f40b19d5857e32,0xd938b20cb82db5c6,0x4b45c705119ff014,0x2f8a0bbca8669378,0xa8c0d84583d752de,0xbd4be36fa569e814,0xbc4080009fb760ad,0x434b1986619ac051,0x1a1e492d80a90,])), - field_new!(Fr,BigInteger([0x83746d4d884ee0e2,0x9e31df316fef33f2,0x526533901fb9998e,0xbd3a4ebd8e91d970,0x122433e94dcbf9b7,0xc55a1a41e165bcf2,0x28c4478d1150641c,0xd1aa07cf245b1208,0x343c0ef74642659e,0x8a717e3fa998d758,0xd451bc8cba642b6d,0xd3564023028e,])), - field_new!(Fr,BigInteger([0x76591c12876cd2e3,0xff369049daf19794,0xb036272267642fca,0x20d533d6efd3452d,0x259b47825b393d95,0xba5b78891e6f63c9,0xe8b6634780d2b30f,0xc11900222a978d86,0x18fbb3df5f36e466,0xf8c941dfe7caa4d5,0x279a952b634ecd14,0x1833f2efb627e,])), - field_new!(Fr,BigInteger([0x9803e0690d5d84a4,0x247da5abdbb58b02,0x9d36584407237a24,0xa9cd44c8afe9037f,0xc5619462e3a10021,0x4184e06a4cfcab11,0xa2fbf50800013cf1,0x91471125a787f8fa,0xaadf879c40b7a512,0xf4a046127fe2f616,0x35c773baaed21441,0xb87d54dc8342,])), - field_new!(Fr,BigInteger([0x5f8ace14a9393151,0x62387456c8285313,0x829b67c8c441ea39,0xc90994e6d1e844e0,0xf37b855feabc6655,0xb4def7607fb190a6,0xe5eb876a65d07a4f,0x637f53c73345bf90,0x332a722837be4e63,0x4c9d20f6c74678f5,0xbb7ea8a64c31fa74,0xd773486ecdc5,])), - field_new!(Fr,BigInteger([0xad24dc32abf4e778,0x99bf2ca5858a1af5,0xedf04fcb70f5cbb,0x9c8e0891eacf6f8,0xbeeb380afd8c651c,0x5eeeffa790ce40bf,0xd4d36753d3fc3eeb,0xd1838f38f5044152,0xb93f093655130390,0xf0c3781ba8153530,0x2c6bdc7f7a32f79,0xf2bec3a80fab,])), - field_new!(Fr,BigInteger([0xe310565506bd1528,0x9b29cf3a8508e1d6,0xfb0bf6a821c10495,0x1a611e203c2006bb,0xb48d446722b83add,0xc1a47ce237e79bf6,0xa4a0f8ea3bc1dd9d,0xfe495ab6ec7bc73e,0x73d14a4af0174980,0xf80e92d9acc27558,0x4e590b81d33fec36,0xa327b0eca9eb,])), - field_new!(Fr,BigInteger([0x55f0eb82c037c2c6,0xaebec0c14b2122aa,0x452c0b8b02238ff2,0xdfb2beca803648f0,0xbccf299fcfa1ab24,0xe681cb3a57eb602,0x1d18b3e29b2ad780,0x69bc100019ba6da8,0x9ed4ebf57e19672d,0x95b1950795c9fe23,0x918378b171c3f496,0x178a87f609d8d,])), - field_new!(Fr,BigInteger([0xc2e4e774a12df11,0x80a8b9776e4150d8,0xf5c826169ae579e,0xca4d7b0c5c1f13e5,0x5f75387e25c5d11b,0x21b99d7a359e3f56,0xc3caa073d5a5b47c,0xc9d786467388b212,0x76fa4139bd1cc860,0x26b274c883458b4d,0x451a710add46225f,0x13561ab3751a8,])), - field_new!(Fr,BigInteger([0x1c30b67214c03997,0x53a29c719b6ec320,0x9fd18ec63fcf1461,0xa50b96df18d48987,0xeff47b54acad65b5,0xfaef27b1c9f3e03b,0x436495fb40b5e505,0xc08cee0ca939eebe,0x345ab9db9c5a9822,0xe5ac0a08297ca5fe,0xcf65e1b34aba2151,0x1245335ad4620,])), - field_new!(Fr,BigInteger([0xb54ae6bf17bfaf9e,0xe93e38e3c61865fd,0xb5eafeaea790acb6,0x874f56cf63e4ac65,0x54fcae1bb776eae9,0xca709ccd4757a4c7,0x17ea24ca4f082d3a,0xf548f77845898d11,0xaed721464f88f760,0x966c02f735b73efa,0x1cf16bfc395150,0x5eab1eebb2fa,])), - field_new!(Fr,BigInteger([0xd2111b38515f1f6b,0x9935fe93c2d63928,0xfc05bc489296d86c,0xabcc8112fe5b407e,0xf8a6d9d114a9679e,0x950fd0a906855be9,0xc7b84dc7f5430fb2,0x58326488554c3e39,0x2e08ba7a0dfd997a,0x10165700e1b91492,0xd44eb8c68797b3ac,0x18d5a755cfe02,])), - field_new!(Fr,BigInteger([0x1e89b58e70e2d4a7,0xb59d9d2a2ee12b0b,0xb24f583c2def69a4,0xcc3f86f35640a15c,0x1039fdad55ca141b,0x47a555d3665526fd,0xd34c8a9a5ae0dd8b,0x46e930504a5f0673,0x5ffaaeb660aa6283,0x7967022ddb35e137,0x915cac38e69152f4,0x1c36c136fd7f9,])), - field_new!(Fr,BigInteger([0x2c1994f7901ed9b3,0x85cf2bf223c71848,0x8fe998c7a4691c5d,0xc11f2a0f608db20a,0x4f82c4fd8817e396,0x62b8f3380b57637f,0x13a32b559ec4a3ba,0x47b35d8820f9d5fb,0x4aec293710a81e0f,0xa2582c0151ee2ae0,0x2d9371a4ede0d4e,0xbf6e2b546626,])), - field_new!(Fr,BigInteger([0x64bfada11ee5897d,0x5c9157a4280c6c5b,0x217c7f11598c2ba3,0x281232671d4a9a22,0xc74198074fcdd833,0xb8804e435747ff79,0x6289992f89b0234b,0xb26db5bbb899c931,0xaef46cdbd8c53063,0x153dbd4a22e3a17e,0xa5c2f8a34b469b9e,0x1095eb4661a6c,])), - field_new!(Fr,BigInteger([0xcbf268b000504381,0x9937521435163e4b,0x967221953f59e685,0x3ac19b5754b2b5f9,0x1baefaebd154b1f9,0xcaf504746174765d,0xa592f875c42a3a23,0x84b4ee41b68240a0,0x6e6d2ba58c12cffd,0x48545b4a61f7e3a9,0xfbd6ec6687ca9a3,0x234432901dfb,])), - field_new!(Fr,BigInteger([0x583e40f0f10561da,0xb9bffbdbce970961,0x92a4475639dbb734,0x46d20c8f9239d89d,0x1800a40f131ec7ce,0x1845567c5d76073c,0xc1bd2042b38fc84d,0xc9b3abb5d1d1890,0x2df59728a03c0daf,0xb4cc55622b377c56,0xd785c8552fb61a31,0x13963f8b7df69,])), - field_new!(Fr,BigInteger([0x7b0f0f3ab6130333,0x97fa26371e6a9b5,0xe658861d3e2607b3,0xe38fd33ab374e7b3,0x166312cb0cdf2e1c,0xd4b25593a858f237,0x89c1fbe08750aba5,0xa0394eb40b10e6c0,0x8b60417d355ece7d,0x2a64ab036d427f22,0x86be78ff49e695b2,0x187363f322e98,])), - field_new!(Fr,BigInteger([0xcf06629f75c4ed54,0xd42ab99fcb41eb59,0x92983ee95905ee12,0x3b878fa52823e378,0x66ecf952f3f8bf3,0x12db50ed37921d93,0x2d6525af239290c5,0x721b96f252975e50,0x981231dac3bb2b94,0x9c64af5b97dc3485,0x9f0e0bd7be030106,0x49198a339dea,])), - field_new!(Fr,BigInteger([0x37955acb36a29952,0xa289bf5861f908f,0x7735de9d487b3ef,0x2b53c80162ba3d56,0xf49507a06dd7931f,0x628bf33941199742,0xc703c57730fca22a,0x3a748f963705d3af,0x6164660ae17a846d,0xf4ad66c520595a98,0x890d64cdd6abc7de,0x15189ea993be1,])), - field_new!(Fr,BigInteger([0x30ef311cc4d181ef,0xd5f7eda5965af3a3,0x458b85307fb8637,0xc4a8e479e65667ab,0x50744bf7edece047,0xb4fcbe6d959568ee,0xaa0b01e992baf48e,0x316e7f1dbc109fbe,0x4509124d53ef7b0f,0x2a0e0040516edeee,0x6232f97c20c10386,0x194ad67a22b7b,])), - field_new!(Fr,BigInteger([0xa6792591282a968a,0x2833ccee2073ee9d,0xae898f323e3bdae3,0x21e610918c506847,0x9fe812b10f8c0201,0x16eb7a964a007a56,0xaa5c70399607cd5a,0xa4f257ff70055148,0x271b99e3ad745d4a,0x88c54490289c2b54,0xfabd088bdb2b96b7,0xeb40406368fc,])), - field_new!(Fr,BigInteger([0x487c087ceef3a657,0x3c9a7594839ffe39,0xc0c51e87eaa04364,0x5ce0137700bbc09d,0x5cb35b52b5cb9529,0x87db82b66e3330c5,0x1165d3348d233ebc,0x5e47765e6ae1fb28,0x7978c75a62e67e6,0x789729eda7c33e04,0xd3ac7c20c913baa0,0x11b500a09ab2,])), - field_new!(Fr,BigInteger([0xb23c0a9bae5284d8,0x809f3f3411949aca,0xc8b957b1de3ce4bd,0x6b97d3662ad45b61,0x2f8a6f5520d09f18,0x9d55ae71436b30c6,0xb975c47eddc882c4,0xb152a261ad95438c,0xa74316d53fe3e1fa,0x23681b489d21977a,0x7cb51b4a515f9b9e,0x1bdc4f28b264f,])), - field_new!(Fr,BigInteger([0x96aab625b7451adc,0x532ddc05afe0d41e,0xb7d3c7f77c0bbfb9,0x955dc1805e6eda94,0xebffcdbe02a833ec,0x39ae52dcdf82aea4,0xffc94949a674dcf,0x9a13b9d4d0cbeea5,0x8d5be925df7cebb5,0x82e8c6c156607ab8,0x9413a0a0dcfc3454,0x17132101ecd9d,])), - field_new!(Fr,BigInteger([0xfbc273eb419f92f4,0x42d533b09da85589,0x26a0cb40f77b2993,0x1ed8f840a39c79f9,0x9de82bcb96f62cbd,0x3dde760822ca1f43,0xc7ad4a12c05ec565,0x5e368894b5de5e3a,0x104d30f6e50f1a2d,0x22894069b82a1591,0x5aa43ca1c753fda7,0x120e368737802,])), - field_new!(Fr,BigInteger([0x60e11152c2e86c46,0x5da150b53d4044a2,0xc372a038b1d4e147,0xa2728ab1270adfe8,0x166602d7ab1bbde1,0x99d1fe7d94fe2cc6,0x6b00566050c4e695,0x941664ab4910352a,0x333ad3cd62cdaf0e,0x10164320e7f75332,0x100c3bbde87d3d4c,0x13ea965b806ee,])), - field_new!(Fr,BigInteger([0x9695c2a99933b335,0xdde9b8c5325b470d,0x73b61edffd46895a,0x18327b9afb695232,0xf31f742b4859518c,0xb0bd38f1007dcf2,0x8cfadfdca908a47a,0x84fa39e28226961b,0x2ba77e3b9abf7314,0x565f8966fc08b064,0xd226eff57195dae2,0x1550d39b45daa,])), - field_new!(Fr,BigInteger([0xf245bf6903dc35b2,0x6ab1e2452c14f48b,0x67b67a8ff8c058a7,0x421aca837e8ee2d7,0xc9c196b54b3640ca,0xa11295fbadfaa12,0xad1e24f4263b4bb1,0xe044f7b7a2e7f466,0xee95dd23c5e8f360,0xbd61526cd62fb118,0x3aab7cb53b3b9fa6,0x8de2d8eb1a0f,])), - field_new!(Fr,BigInteger([0xd5d5d2fa88a1b722,0x60b11a30510cf057,0x145938075690dd19,0x37f97e81a3733b3,0x7704643508759e86,0xe5392758b3ab4786,0xf0200d9944d0d27d,0x64834e10b38185ac,0x7540daeaa51cc9c4,0x6f1eb4bb47beb9f8,0x99e9bac54f575194,0xc7de5d6d29af,])), - field_new!(Fr,BigInteger([0x37786f4ae56c589,0x978364901e249bd1,0xf3aa78fc57505b13,0xf2844f7263b2ac65,0x189113cbf8569829,0x70f1119ca61c966b,0xdaf0e38f360fa8c3,0x506d6befa28528f1,0x375cc093ec19c334,0x137771b8b522715f,0xa98eb78a5a6a29a9,0x519b971d964,])), - field_new!(Fr,BigInteger([0xc052f09aab8a7855,0x4d08df12ada14524,0x949f2f883eaeff04,0xcf3a206271b2f576,0x87a015a5fd2ee1ae,0xe565f817161de1cd,0x3223558dd0008f88,0xc3f55ca27e4a83f4,0xda30da441d0d1e28,0xa91655ab6c2dfd3f,0x45b03ecfd55cddb9,0x18ecfb387d161,])), - field_new!(Fr,BigInteger([0xc5a710e8024ed549,0x9566c7247378ba6b,0x37a1d3451400c86b,0xda57ec33cad1dd40,0x4ee08f324c76e977,0xd04545cb9b6f5d9b,0x58a719821c86bc77,0x8329e30559a19ecf,0x573cfd063440d7cf,0xf57e9cb7e4d58204,0x4edfadfac4d4ec13,0x42066f107647,])), - field_new!(Fr,BigInteger([0x14d41f7a358ec58a,0xcd6c538a8dc88514,0x8cc8239b4063357c,0xa2e9fc8861163d35,0x947434b4096e4360,0xc03b403d01d54da8,0x832a47c2ac6c2561,0x98da600d80a3aa34,0xb30e9e0867d0622,0xcfdc874c2b106f8b,0x92ced5f2ed3c0295,0x19dc2892d7bc9,])), - field_new!(Fr,BigInteger([0x23740a12477c2986,0xdabb9817bfd28415,0xabb08828d9e7cf6b,0x5b9ab293335ef673,0x80bff5b61ddf577f,0x9bf74d9b7514bcdd,0x383439e35211e2eb,0xa976db2e00e7f7b,0x6baf251296c5be4,0xf69ae8d860829bbd,0x7a0987dd27277526,0xb7259fbddb88,])), - field_new!(Fr,BigInteger([0xd1f1017fb2fd0dd3,0x8e43c2b59436f5ec,0x8ad01ee3a391753f,0x2514d21ab3e8e107,0x13f4e32d6eb2df3f,0x6d33c09287e9a972,0xfe865c84d08bc200,0x69e6e02d81346929,0x899e2ccb7517322e,0x87b250352dd0d7fe,0x2fc4b444c6e476c8,0x2ad86e0550e8,])), - field_new!(Fr,BigInteger([0x2fb868daf585656e,0xac32fdc47e221fdf,0x98e7cc8e29f6e838,0x6859fc6ed66067c4,0x141dc45a8d7dc2f,0x2840b5e3207c188f,0xd6c13a667f2cf4,0xa7262455e5db8bec,0x9a059d6b5a41de91,0xeadb945b3c518d2c,0x12398b55de60afe7,0x17878dde33d31,])), - field_new!(Fr,BigInteger([0x6ad5001e1e089560,0xfbb9d6a2eccb71a2,0xf7e15ff06d466913,0x1dfb88c9cc8e600c,0xf00cd8dc15b0bee0,0x23e67fec9875c6a9,0x19cdacf8e99c86dc,0x847182c3a0ab2ab6,0x24e83c633dea3dde,0xe28c9de519e8ff7a,0x2357bc90b457c81b,0x12c04bbc70349,])), - field_new!(Fr,BigInteger([0x58da0c1ffa32279e,0x99f613fae19abb5e,0x2678725829681e5b,0x6e13c8d1081c3ab9,0x87a351cc0a823f5a,0x116f543ca70959f9,0xe5625a552b588337,0x2df331ff3df7972a,0xcc5ddafce4c23a02,0xe1d37d2117c46957,0x60b756e2563a074c,0x14efa0a826c65,])), - field_new!(Fr,BigInteger([0x316ee76cae340a09,0x313cdb295475c9c9,0x34ea095e98195b44,0xd312f56e708132b1,0xfd7e1d0510bf15b,0xb0d7e8ff3673b13a,0x54bfd70eddd0dded,0xd9769a8ef5b9bf8e,0x8e5f9bdeee65c087,0x9a0ddf9f9196f392,0x71271dd5f0a680ec,0x37c9d9a8e82e,])), - field_new!(Fr,BigInteger([0x78c10460a7b0a3a9,0xff3f5730930b4b5a,0xac0a047c0f70da42,0xb8f121f578c61145,0x34e4a4a92ad8a04e,0xa13b005212524d46,0x4609186002ac2ef9,0x2577cbb09cd2c70d,0x17ccd45b525cdd3a,0x7874374eefad539b,0x810dd1bdd7f1288f,0x1638566ba1c8b,])), - field_new!(Fr,BigInteger([0x66c9b80c6acc2f26,0xcc52d55a453bb01d,0xfa4a4a22634f1b4e,0x976047bbb34378ee,0x3700b5a89ffabab8,0xab0d4768b9ffebf1,0xc79235087edf78ac,0x69a1d7a55593c04d,0xf7163cb1bc35bf84,0xc9ff85e8121261f1,0x9a133d0c6cfa2edd,0xf476b44b17c,])), - field_new!(Fr,BigInteger([0xd871340bf110953c,0x38b50149ca754756,0xe54c9d5763138345,0x12c5af1c857b34dc,0x53f981e1c700d200,0x8bc388ce2f5fd1f6,0x8c6d10c826202c44,0xe344410f140e9c47,0xa961131f5e558ad9,0xda338ccf1871d589,0x93b6efe65cb72e67,0x12b6585bcec13,])), - field_new!(Fr,BigInteger([0x8e1b550b685ec7c2,0x5a7658c68be7b715,0x4aec7bac7a595268,0x6956bc2d445be870,0xec52f67c82a2205f,0x9e3e4bb9d5a93f3f,0xbd279e9aabf30ce1,0x79187e2ea8c37b7,0xbb5fde656b9d7d0,0x51ee2668eccc884f,0x40b5a987597ce0e3,0x1842a91318038,])), - field_new!(Fr,BigInteger([0x52b7a267f1935eb0,0x4b88fa755b382a2d,0x7ad7599f288c24fb,0x752b8fc45a566c5,0x1032c3a04e09e6de,0xdd43ac4fd138f4e5,0x30e12bfeabd87c2f,0x28bce394a9d3c72c,0xb09fcd2744ffd1f1,0xd55613edf0538a3d,0xb609ecf806b25fe5,0x5dcb1ee5c1f9,])), - field_new!(Fr,BigInteger([0xf10c4446eb4b9821,0x62929c7bbb85ae4c,0x1b76cbf4498bc756,0x51cc3806ec4b799d,0xbb82ea5ada86503d,0xb7cae27fb239c72f,0xd04892075ab7c401,0x9ba9f5db1d55139f,0x5f5844c04aec04f6,0x29de464cf66996b8,0x862d797e8efbdc28,0x18c29c1bff099,])), - field_new!(Fr,BigInteger([0x355a16db683ebb61,0x2b0df6cdcd761690,0x1f09933b86b99115,0xd09f49bdcc764de8,0x27b94fd3b7900e89,0xf2f586d21eaf3716,0xcd661c00c9167969,0x782c2355546402cc,0xe2d28a0bedd5dab7,0x53b059cdd82ffc8c,0xb916e9c77e672279,0x17f883adbbeab,])), - field_new!(Fr,BigInteger([0xb141f3f914ee6c5b,0x560983f5e9e88c3b,0x48bcea16262776e8,0x44874c4ed2a9d8cd,0xb22ed78191ef14b7,0x1b91134de87548c7,0x23529f7c7e408d9c,0x5caeef9b3d833173,0xd4eb94e3d7d47722,0x9a3f57048247113,0x57e6fc54f4260895,0x1a1cea8a25e65,])), - field_new!(Fr,BigInteger([0xe7b1d34ef3a02080,0x6836b3e89b623f17,0xcc12965532482e0a,0x88b41720f9027e50,0xf694e7704d041afd,0x81a2d9ee2a17fd25,0xbf57a8d6bebd7421,0x9dda21e3efe53dd0,0x8e45be6b86e7ff09,0xc755fb7c9965a18c,0x4c8dffc0ce509ea8,0xc4f40fcf24b6,])), - field_new!(Fr,BigInteger([0x341b7dbb05573cba,0x6f72ce6d18203ced,0xa0c55d50b50d68a0,0x6f83274681818c0b,0x154dc26d73e4270f,0x68f1cf4b83476fea,0xed1167f2780c9c57,0x7b12566b4afaf6c7,0x488fecdad952d044,0xed0c80b30828b3c8,0xa8adc9804f3b4a4a,0x3078bc469f61,])), - field_new!(Fr,BigInteger([0xdee7f199a478e59e,0x83155109ebf477cb,0x9f2407c6dedadb39,0x62de4fce422a1d9c,0xaa96f9962ed140c6,0xfac73a445feeaf87,0x701285ea325e0e44,0x48d3cc0dd8ff8173,0x94834f3ac5d9f817,0xd2d9e9bd62967585,0xab3b5f585059f1b2,0xa9f4e9f043ae,])), - field_new!(Fr,BigInteger([0xc99de16fefefea43,0x541964dd1879239b,0x768ceca81d7b2df6,0x6df7900f2b4cc973,0xd76bd2455c26c474,0xb1efa07cc8f19d57,0x577a6f07c924ef79,0x14b8767d1ad349f7,0x9864a1028aa74900,0xf4bf84d3d90b138e,0xe9d03513b7689b20,0x1bde870448814,])), - field_new!(Fr,BigInteger([0x566037e1fa22e24e,0x11a4ce0916a6e53b,0x83a2b1071930e1c4,0xd301c525b5d9b356,0xede522f825da941f,0xc27da426e2c8a56b,0x2b4e51f7f9fb3a0e,0x4ee552689eff4238,0x8aff471999051c2,0x1c40d28db03e8ff1,0x7886ec24d2a10699,0xa13ef2ac5e14,])), - field_new!(Fr,BigInteger([0x72a7d46babee4b1e,0x488bcc18bed02ced,0xfa690651d9be84e6,0xda971c5b02fa0ed7,0x848dcd7200af2fca,0x18ee265795b4f713,0xad9ee325949e3a3f,0x839cb6a23d04e5ef,0x96005b6758a5ce09,0x3064666d6dbf8783,0x974c51e992f917e0,0x1a64d4d68c29e,])), - field_new!(Fr,BigInteger([0xe9866756de23027a,0x88433b60da721300,0x97b198c636dd88c9,0xa8c10a4c584db360,0x3c8ba3bd657937c5,0x13fe0cfa8625948a,0x688b3fde53612c70,0x28488261fa66a0c0,0x62d517df29e26155,0xbb6397d53be67664,0x68aa5ed9239e2c03,0x45879d91b076,])), - field_new!(Fr,BigInteger([0x54bcb3ef4fe63354,0x4dc12092e9a36d37,0xb565e93bd2edb236,0xa1ade2937459229f,0x84fcb46fcc343f03,0xfc7b1ac45c82bf35,0xf671b7a5943de344,0xbbbf5aa6660cb803,0x51f8ce88a73719db,0x666ffe572209de22,0x748bc3028db0ea20,0x6cb624720c80,])), - field_new!(Fr,BigInteger([0x8955fe9a4e917e45,0x9d0adb37e6027650,0x5753472e3ec23837,0x3ba3e4c2cb93ec9e,0xc020d34aeb311cca,0x7dc7ed36c2faf237,0x2a70ee84f366fd57,0x8e5c1c3c0f729ca2,0x3a739171f6d7732,0x40e6b8ad996396b1,0x82ef53b300c4c7d6,0x14cb347fdb3d3,])), - field_new!(Fr,BigInteger([0xd04a05c278ce07f9,0x76e05f3f14613e4,0xe632da2c1d5dae59,0x5d473925131a540d,0xcf522f0b85bba962,0x73e80f68a1da929b,0xfa92a96629138d7e,0xcd5aa41b5baa761a,0x89e92e38dd0299c6,0xe443fd23ec434e45,0xddfcde8256384d60,0x13129a3c401cb,])), - field_new!(Fr,BigInteger([0x4932e3ab3c91befa,0xd2c649011868eacc,0xe1960656124de836,0xa5c93c0984af313d,0xb984dfa60146fd7d,0x1288771c21f59e63,0x3e691b026ef77512,0xda81951be12f34ac,0x99f464ffc26f9a53,0xe8ec81716e6c19c1,0xd1a3348b4b57c606,0x13677f68713e0,])), - field_new!(Fr,BigInteger([0x8698626d09389229,0x7c90408aea447603,0xf4ae9901edfc0f63,0x23d569452ce6fbea,0x8d297cba3eaf574a,0x4fe88d4d42b76825,0x7db79e8a9554d8e4,0x61175e4909ac5b0f,0xab53c8d770576798,0x3350db1e28fcdc2c,0x462d8b14b6f45034,0x128e831250cb3,])), - field_new!(Fr,BigInteger([0x9e46ec0e49f39ed6,0xd0adc9f8e73af2b0,0x6ba9ad5ee7a178b5,0x3002da816cc321e3,0x968a8f3efff8684f,0xebb7f3e642a6ad70,0xf338457ef2715f0d,0x6b5058ea31d7ba84,0xa4c55df058382c23,0x789c9e0a52bda937,0xd9f70d3c2db0a049,0x87dec93043c,])), - field_new!(Fr,BigInteger([0x33a90318a204f90a,0x9606358d43bf436c,0xb2f7e306c2a2da49,0x526f3473550776a,0x76cbe9bc85a309cf,0x5521431d5be3e129,0x38ffe6712b3b7326,0x47366089e37b0804,0x6abb6537d8e25522,0xe8e898ded6128230,0xeaa51948a4269348,0x5e35938a9ae5,])), - field_new!(Fr,BigInteger([0x24f82db726d87a2f,0xa80fc135c75322ff,0x1e2d618737f8727e,0x9780b995a593d4f0,0x3eb53f685219da2b,0x6b226d4d55b2d18c,0x1f5454e443ddefae,0xc7248ac8efc87c2c,0x2a499bb98755025b,0x4370f28f6a944218,0x6413ac46bd85661e,0x1bf214e9afdaa,])), - field_new!(Fr,BigInteger([0xf08ecc055731ae9c,0xa9956f4498436267,0x99bd74093a0a347b,0x2920535a13b74261,0x62d96b8a6e5b081d,0xcfa774b5ea2edeb3,0x5347b8ee8e5cac34,0x52f33c6e1c4ca885,0x4e31094fa74f1113,0x8233e4b8f00509bb,0x51aa588bd130a894,0xd21528b51bf8,])), - field_new!(Fr,BigInteger([0x6b0577647ceae7f8,0x60c292f4459950a8,0xbb17825698b65237,0x6f2a1f39eaa6eb81,0xffceab53d1bfbf2a,0x376ccb31e91f1b2e,0x7e770efaa0e9f83b,0x7568c276efc0fd6f,0x8308d6eff2ab4d37,0xe9ac526dad61f85a,0x74b5a3b1ad795adc,0x192bcac7361fe,])), - field_new!(Fr,BigInteger([0x14f78edb99f4ed0c,0x7d2856b6bb3f8286,0x1376a23940cd049c,0x50f380d2cec1574e,0xe2a8cc818a47e22f,0xd3794327e3422fea,0x13a2c81c6c1dcbb2,0x2569d3ba88d18793,0xe21f4a0985645b07,0x5ad42ec81d59f526,0x6a987f8a264fa3e0,0x595d9af27c14,])), - field_new!(Fr,BigInteger([0x210c84830138d313,0x3d8b1abda1be33fe,0x2c865fa300993e6b,0x959365a8cd01ff47,0xb6e2bdd86750c265,0x9ebf30a83d5848b1,0x844d93587f05ad19,0x10845f6e7f52784d,0x11b962c0c2fa5f84,0xb7f985de9f9ce841,0x15d01bf95eda75fa,0x109be4d1080d9,])), - field_new!(Fr,BigInteger([0x432981336f3c7c91,0x9e6188695a84f5e4,0x9e85a5527d4c05e7,0xdef5ae8c0dfdff4d,0xe06b2185ee71656a,0x48c676acf3443f4,0x32fee6eb676243ec,0x85afae2104bea869,0xaa21d95474bc9c47,0x606152d01c39c697,0x45a6c921ef433b77,0x7caeb1369fe7,])), - field_new!(Fr,BigInteger([0xebdf2ff0f799ad2e,0xb0094b3f5dbf1532,0xcbe532cc64fd29ad,0xaf178d132ad028ed,0xefb3ccb62af5252c,0x1569408e5ec22e4a,0xa9f10fdf6d510138,0xe4de4704672b830f,0xa9216fb82a180d6f,0xbd1494cbf2bdc2b6,0x468b472a9aa6007f,0x62c2c3ff1d3a,])), - field_new!(Fr,BigInteger([0x62d2054593b4bb6d,0x282e46412f87b2c5,0x45a786991ea4fbbc,0xfaeb81bd14642c9f,0xf180e1c1a581bb38,0x18e9e357ed95f7cb,0xd6c57a93438e5196,0x2deba9043efb235b,0x905dd9bffd275caa,0x7de0357ab8d7db60,0x1af68c794bfa268b,0x167f22adc88bc,])), - field_new!(Fr,BigInteger([0x8b37efd45369e9c1,0x6847c6cac974b33f,0x89daf3dd706ffa96,0xa97fe685885f3203,0x62b3b5a340e01c08,0x1686df65e5c06ec7,0x9e75460b02944fd,0x790f3c692f9b218b,0xcd3601dde8735fb5,0xae6a81db7e0b0c4d,0x321a5d2df6b18827,0x751b3abfdb7,])), - field_new!(Fr,BigInteger([0x56b8c49396d4b81c,0x2d0b7ce811360351,0x5ac4f279757e37db,0xd53cc217eade6b33,0x3bf692ec0b98775f,0x24c23a974bdb34f5,0x37a149d0254386c8,0x9657a3d2dc215496,0xd1bea20fc44ec42f,0x192b1202b22334ee,0xc11a845e0056d559,0x12ddad3154bab,])), - field_new!(Fr,BigInteger([0x1fac1f20acfe8ea1,0xe0f880dd4178823c,0x106b1c1ce03aa4a6,0xf3d5af5697582151,0x621671d933cf6483,0x428b97a5f41bab21,0xb85f324b876a1999,0x135bdd73b786368c,0xe1813bba425de8ac,0x37b100e12066ece8,0xb74bef2d6cca1d7c,0x19957534526f3,])), - field_new!(Fr,BigInteger([0xee8f1b3a5c664a32,0x2280d9ec143197ae,0xd94a3013e7136302,0xc5a183f342fb63e3,0xea5d62aef4546ba5,0x164a2921f077ffd1,0x83b72b3614695e2b,0xdbd62efa51033687,0x73f635c296414705,0xdd86c34ff56fc5,0x14b3447e23c31c90,0xc2cfa4a7434a,])), - field_new!(Fr,BigInteger([0xbc7e0ec89b506868,0xcb984733fe451b5e,0x367d5d877b3f90b8,0xa3cfe89c59c526f,0x878d25dcfd82ff3a,0x29817476a5a53225,0x93680cdde3b2e6b0,0x48565e6100f9bc77,0x16ef9ff053ce1383,0x1177fd7812a5fa36,0xf4bf3e3a631fb6a6,0x6de98d4dd6c9,])), - field_new!(Fr,BigInteger([0xca3a54fd8a88657b,0x997649d27aac335c,0x9579f385357116d9,0x11775daff1d8532b,0x4b79f5fa9d91544e,0xb8be69ebcf5d68fc,0x67f6b8ab5cf8180b,0xdeba87ef6f33185b,0xfb6d62d54ca88e0d,0x640fdc19c68d0ba7,0xf815d5d6e3dbea90,0xc0f24fa9da78,])), - field_new!(Fr,BigInteger([0x99d5f3a090d2e8b1,0x188207d66ede4813,0x7608f493e81500a4,0xbabcdc935ee4c732,0xe2b5c53a66424ec2,0xc0308182ceff0b8a,0x16ef59156e0ca09,0x2296ea45bbf763bd,0xa0bb68ba36985605,0x802041ac0ac5a3fd,0xc8e400c5a0439ef2,0xb952a2a65d96,])), - field_new!(Fr,BigInteger([0x8e2da395435c8c4d,0xd711b19baefe1c35,0x2619d0013707bc26,0xb4115a0ded2b7b5d,0x6dac961cf0f8326c,0x945e3685e6c70362,0x8d78a7c77eeb60a5,0x7a0c5498cecae58c,0x6fe26e971c2ba780,0xb41bbae120cce4cb,0x718f9152aa516cb7,0x8cfed4609ef7,])), - field_new!(Fr,BigInteger([0xe01a6e9d53864749,0xafb52da1d4a263d,0xf69e62a3c3c30880,0xb9f4e9923a19453c,0x54b6d1b50a0d7218,0xc1f5b0d0008ea832,0xe166d8e734314d07,0xfe221592c1984e6b,0xd6e06b573468e0c1,0x6c19bbd34ae92bb3,0xb9008e73cb6b365c,0x84a5bb5779bf,])), - field_new!(Fr,BigInteger([0xf08786c197427e63,0xceb1d1cb9566cee3,0xde45fecedb5aab6,0x40752ca2dbf8468d,0x43ee711398ab7223,0xbbebbcda4759f379,0xee697e0854a2020a,0xdc815fd598bec3c7,0x3ea3fd3fe4c4268b,0xe1aa3089b96a493,0x9fab263a88397500,0x9e90b550a627,])), - field_new!(Fr,BigInteger([0x140a5743981ab5b6,0xa1967ed8934d84c,0x74fe12835fbc979f,0x6a5e1d1ec39db577,0x7b11ea5e5e670763,0xfec518f5594ce331,0x8a74b31654c44b7c,0x192f910f3069f382,0x2b0d37ede7ab8495,0x11ac51ecf444634e,0x62ec5a3c93953e87,0x3dfeb9dad54a,])), - field_new!(Fr,BigInteger([0x37e193f5deee7219,0x39f9b913b5002793,0xf4086ee1a8beacaf,0xa22cff9ac4e4a7b6,0x9481daedbcdd0c39,0xf438dd92b088e4ea,0xa4555551cd9fc45d,0x7b7cea66db897f0d,0xead76f4f958fcf1b,0xf09575256d34119a,0x6e3babb5a49ee0e4,0x576cc08917b5,])), - field_new!(Fr,BigInteger([0x36a09a9964f68f80,0x949287cb1e0bd8e8,0xfb3ebd86fb1b2d90,0x1d086fa86f1ae573,0x44535df4d551fd78,0x285ec52ff0b56971,0xd3ddea90183e5e72,0x3c3815a361177bb0,0x35be4079c7ad07fc,0x1b5d5650ff90e549,0xcbbe2641b96060b5,0x1319c3835c9d5,])), - field_new!(Fr,BigInteger([0x6b3b099ffc8e0ae0,0xede2ae33f9d5d095,0x34e8979049379d2f,0x4935a4e4d4cab7d7,0x85135bb0d5cfdc94,0x58fdfffc4cb2c1f3,0x5171d3d9a22d02af,0x8b493b3dcc3aaba,0xf2428b683a1973ab,0x8cffe9d2cc9d04d5,0xaac195ebcd8c6df0,0x1381e7ecf26cb,])), - field_new!(Fr,BigInteger([0xdbf27ff79cdcf877,0x8afc4c77355be4a9,0x7b9b1061282cbddd,0x26e1f109099b6b72,0x6c4291527b5f90e7,0x31dad98bd97c673f,0x7a13011ab1400cfc,0xf0a3a04468a8100d,0xe917a9b171d5403c,0x931065154546d909,0x9131209cf0fc9cc4,0x1600b0ad8e3c3,])), - field_new!(Fr,BigInteger([0xce1f39a1cfa7b697,0x99429b9ba2bd9c4,0x876fe5f65d7d43a5,0xd693341dc5c95f3f,0x83b4a24f2a57e4c4,0x2b2d5bcb0e6ca803,0x328a0abb4177d72b,0xf003f6bc38f51771,0x84892dfd72c9ba67,0xc0b2083bf3ec0cbc,0x54be6f401cde11f,0x767e21ffd1e8,])), - field_new!(Fr,BigInteger([0x6722e334c5a4a5ef,0x8d2221782e82729f,0x65b0344484095e46,0x7ebd543862cb010c,0x67335de58ab04060,0xbb52d9ab9b6c0665,0xe8e9cb584dbfab89,0xd3a13048e81de27a,0x1843fc223a73be5b,0x49dcb776622fce0,0xe6a94ef64b74eb9d,0x7d7a95ea1d26,])), - field_new!(Fr,BigInteger([0xf2e6646fdb23005a,0xc5542145e54e925f,0x54037ee25b592f92,0x17679f9d30ab1980,0x4bc5cde07da51897,0x507d164e67470bed,0x5487ac9638e5a109,0xb99f3a8d1447a43c,0xdbc87a57686b6630,0x626642377a2c7706,0x9354a58a099ebf33,0x1ad70ba39a23b,])), - field_new!(Fr,BigInteger([0x6303de3f8a9a0572,0x25c9a4e962d77ea4,0x5b805aefe4ee7af6,0x315adbbde71aaba,0x4a9a71280bf4752c,0x651dafd84c3216b9,0xd3ed0b1c30522b67,0x1bed1278709ebe30,0x38ab7536e06de187,0xfc8f1a967774b60c,0xfd69d113a82aa590,0x16d89bb3bc6a3,])), - field_new!(Fr,BigInteger([0xd7c2a3fd3e4bd49d,0x90573a435320f113,0x5ce31a37c852c0c7,0xb6564882fc23d543,0x2345e511bf8151,0xaca2e847c167fd35,0xe31cc547a186aaa5,0x4421db0e798b9d1c,0xbb095282c4889bad,0x302554f5b9d265ea,0x507512af281e192c,0xf3c51c2f7dd8,])), - field_new!(Fr,BigInteger([0xdaa1fb14dc9bfb52,0x2350ab64573c038d,0xec529037f1a8f91a,0x1a23fb4fc129021a,0xe194241d323fddde,0x64fe030a6ca10310,0x648c03395e7650a9,0xc816093653ca9522,0x7f534ab426312d,0xd96dab83205f9297,0x69996c6bd9daa6e8,0x3e82c2fdfd16,])), - field_new!(Fr,BigInteger([0xca5a4f48f3e7540,0x27d0d0b759277ea5,0x96ab5ecd2ac0d1c9,0x961e8cc136c2cd14,0x96e8f471eab1b7c5,0x9fb8ea548c5a3fd1,0x5e601cedc88f5c87,0x2b041d56213e4f7d,0x7cc27dab772f6a8b,0x41d92e398b366e40,0xcf20ec780ed3da4f,0x16df1d7468044,])), - field_new!(Fr,BigInteger([0x8b058c3cc42514c6,0xa32c7296da4fb7a3,0x7fce83fc1171da1d,0x587a55fd204e6551,0xbbe4e2120fa5ea75,0x1312b7484502ca7d,0xac122c1bc035f710,0xd362ca77d278b75f,0x1f16993aef613f6e,0xa65500f1a1fcf708,0xe86a6ab9b997b73a,0x678f15be099c,])), - field_new!(Fr,BigInteger([0x2be90f8937439a0d,0xfb1a2b9db2c43367,0x6d3fd07f13bb67d7,0xba6a0b848a7c9869,0x16b504402b2d2f58,0xad118bae03e3956,0xccda4527510c4dc,0x88eeb18864607a79,0x38ee387177524c3a,0x4da7b54273317a0,0x996737151eaef218,0x14f0008da5431,])), - field_new!(Fr,BigInteger([0xbf1c23e6811bd686,0x370813d7fe75a61a,0x597f4f94d617a6dc,0xec54a9ed7c33fea6,0x37cd08befc608443,0x2e5fd34c600306b5,0x9abd8a99d39cd098,0xc148482b6670f52c,0xc7b3f1e1975fd9a1,0x5ec16c426f6436f7,0xb6458ea2b864f179,0x12bd536b42041,])), - field_new!(Fr,BigInteger([0x2f7a773ea20e10f6,0xd797a4b2c37b17b6,0x335309f7fc1a984d,0xa84b1ee2a94426e9,0xa64f0b629b7420fc,0x392113eb9ff17c09,0x99cd2cb63caa420a,0x925b33ea59d083d0,0x8e3aa86713851f25,0xf87b6c02fb982c8b,0x2658ee292723133b,0x6c4bd88b8321,])), - field_new!(Fr,BigInteger([0x87ba0c79ddef54f6,0xd5505c0ee341b9ef,0xa67dde817c198742,0xc52a51e5b2eb0ff0,0x3f2d31f21d9f2c4d,0x5dcc3a645d80f634,0xc36ca8597e6f78bc,0xceb3d246d028b83d,0x434247d5a0e1270f,0x9ec5ab74db1a099e,0xb2b8c64a171751c4,0x15c8c058922f1,])), - field_new!(Fr,BigInteger([0xfc49d1a4da54219f,0x1fbacfb0b145b6b4,0xfbe03be712132c8d,0x57263c6c0d240382,0xd0ba0cea204c43c2,0x30655ce3d849704c,0x5511aa665c1c1d69,0x2d5bb1dc00a2fe61,0xb72706049ff235db,0xde5bce739c8aab00,0x97995074975fd584,0x742b29630025,])), - field_new!(Fr,BigInteger([0xf62143ca8dffa500,0xf5a2092d75c0f68,0xf0e7cce47fed1ab7,0x84018fbe00ccec54,0xf2dc3aa21f4d02b4,0x396e15aa2d30ea73,0xe0dcc3705c939a68,0xe9585266e25cf4ba,0x9198156c2d050570,0x2c6b180903eebbc3,0xf1c9f286c7802a03,0x2670c863a290,])), - field_new!(Fr,BigInteger([0x43a46748550969f8,0x747d31fef46bb4ae,0x5745b72f5429b6ac,0xd2fbb3506f6f0a18,0xf8c8ff1bd5ec3159,0x826427458369cee,0x600fdde8e7bcd37e,0xa335fe4b9ee6ac00,0x9c4dc437d5192651,0xad91c0844563b8cf,0x651c6488529a75ba,0x1a929b1d4e41b,])), - field_new!(Fr,BigInteger([0xf5c0fa703ceef967,0x7e8a76ea209882a9,0x5bc0effae852025,0x78e01fbdadf36b3a,0x9c4474e50c7fdcad,0x8988335c5ccdd9d1,0xb019423ddb77c37b,0xff99a012e26b272,0xbbeefe2ebd4a84c4,0x2919528dd8a266fc,0x2ff9472bc05d2a52,0xfbdd82904763,])), + field_new!( + Fr, + BigInteger([ + 0xbc3bce4306347da3, + 0xe8bf3275de6f8a80, + 0x56a983ba25567267, + 0x718c0cb5c1707067, + 0x847b43861d406618, + 0x94e384fd0addc509, + 0x8c05c8e798c7a2e3, + 0x85204ec1d689f829, + 0xe5845d1b732e9f45, + 0x948470650fdf2c14, + 0x3020e7156b6d05fe, + 0x169a87b2cb0d2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb1243358d3057ddc, + 0x4f7d9135a93f7748, + 0xadcd00c037af95ef, + 0x5d93d11990a375f, + 0x7e8dce24aeed7f78, + 0x637b8ff9811147e, + 0xa74da71309e416ab, + 0x7b8211e20256568, + 0x7c75dc81daf36cb4, + 0x68475b1d5e0de06f, + 0xed144721f8c12f0c, + 0x8f3ad7774bde, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2558a47e2d238f9, + 0xa3806a012e162b01, + 0x5b969c8e940ab574, + 0x40bdbe69f4fa8c2a, + 0xb55e37231cb10e77, + 0xf3226b8a7b9f88ab, + 0x69d45fd2c66a1b61, + 0x6335cff83520233b, + 0xba7ca0f17bf5557a, + 0xa36e501f0ecb1b4, + 0xb624e1f62688951b, + 0x120725fe2f38d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x64971ee618597cc5, + 0x47011c83b604700f, + 0x540fe5a11a9ba46b, + 0xaec24298dabd5ae3, + 0x35ea26cd9f3c9c17, + 0xf6f87ee89f706831, + 0x26a93689410bc844, + 0x6447ef4de97c9fc4, + 0x4f9d7deb6fec1ae1, + 0xcdfeb3d8cbe2eeb2, + 0xfc5d2edfe5614e6, + 0x8a46f6357324, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7a926bcfbbe9164c, + 0xe905bffe2f6cd343, + 0x2313e9b25229b004, + 0x48fe1decc4065073, + 0xab0c7949277306c0, + 0xaaecde3c27ae8329, + 0x944a237d0a673ff3, + 0xe437df12016a7388, + 0x524f710ee2849356, + 0xc8981a53bf724322, + 0xa5376dc20e96c22b, + 0x78c2e7b89a98, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe5c93c20dabde2, + 0x4a84e87ad6c60636, + 0xd7be20dc78ffe12b, + 0xc931d4f5f6226649, + 0x9b86aaa876579687, + 0xe1a946bb97534005, + 0xbfab8ce368acb767, + 0x707c0b01d76c58b3, + 0xf0edadc780764c01, + 0xc0ce398bf996ede5, + 0x6d50e23f5b4606e0, + 0x18939e2917075, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xad6038d73b65ac49, + 0xec6431333f1136aa, + 0x4c5c41d0197994be, + 0xf25b85488546a994, + 0x453e0f1aae654da6, + 0x6574156a2824bc3d, + 0x983de26c0534889b, + 0x7804458d59c7c0f0, + 0xf60e97dcd32d2b75, + 0xf81be2cf0cc90ef9, + 0x73ae4c919e6294d6, + 0x170db80cd372c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa60fcc0717fadf03, + 0xc0563f26c986e1eb, + 0x8b37ef8705cde090, + 0xddc13bd45f04e124, + 0xd55c58adaeb15353, + 0x6497682ef4cda76d, + 0x900638be243c185d, + 0xbe1a3babc087721a, + 0xf981dc114e996356, + 0xbd76dc9fcd1815a2, + 0xf840c8dee0fb79cd, + 0x1281b7d95f1e5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfcd413a0cf53cc02, + 0x2c7b141857b9ee70, + 0x9c09534ff13a0060, + 0x739089532860063a, + 0x99da8f1b13b7b5bf, + 0x11635bafdf16619f, + 0xab3dc0f7683b5eb5, + 0x62f827b9bbe81bbb, + 0xddecd51ea233970c, + 0xa87281caacfc03f9, + 0xed7c84c4dde32595, + 0x4b7429204208, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8c156b346bda1970, + 0xe68bd83561e3a9ed, + 0x3c629ca298087cc0, + 0x8ed9cd63d9a0af29, + 0x681280168db49685, + 0x913b234a0082a534, + 0xbff3b74ab4c6b92d, + 0x32c56daef2e6a3c2, + 0xf4d2a3122db2f6cb, + 0xc3d40845fa728427, + 0xb12294978641e515, + 0xc797e035c3f3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x98cd921cf106e6f1, + 0x99b88250713cb636, + 0xf22b0d765081a737, + 0x577429a343f260f7, + 0x960522f36bda2cf0, + 0xd41dc41d29e11da0, + 0x82ab5d062a3f6b90, + 0xe81b4ff572de9ea6, + 0xd5c270ea2bf2fb68, + 0x9bf6b653245ef6f2, + 0x3e9611a14c68eaf, + 0x2b6817b7d88e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x52c38478857bc38, + 0x87dfd561387ee0d3, + 0xe20a8a17053ecd14, + 0xf63394618bedca70, + 0x4eed31f9f1f3e437, + 0x96e398a226b3a32c, + 0x62578c2a7c4bfc85, + 0xb922fe2cf020a8bb, + 0x8f2a2e28d430de02, + 0x405b2d7fc2bc947, + 0x6bff7fda4cf8f35, + 0xcf161eb3f503, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbfedab71cd8a8f39, + 0xf4eb8c3b37469932, + 0xd9fd0554fb31a36c, + 0xca89a178095d77c0, + 0xb4872a4bc30475a4, + 0xfd07f3f85d942bdd, + 0xbc3c672d57bbfa46, + 0xf9622b9e3805ffb5, + 0x352205a9215a1a35, + 0xbb78ec06d3563cd3, + 0xeda50a02ebf8a493, + 0x9a17284f85d8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x86933e15d3f51b40, + 0x94408ba463f74303, + 0x859090f3694ef6bd, + 0x913d6669a673047c, + 0xdf278d0a345df09b, + 0xab77951041ed9f3d, + 0xb1d85bb0de5ae94c, + 0xb5b897b241263ca1, + 0x2c6c096991f89054, + 0xd9edf8127760414e, + 0xa3e47ed303140f4f, + 0xcef7043b6440, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x515e517734aef7e, + 0x3f7081cd9252a5a0, + 0x99242dac0d5fb0c9, + 0xfffd074618216629, + 0xc2dc7e5d0881dc76, + 0xe48daefdfb8ce2f6, + 0x66f0a2964cec71c2, + 0x92302ddd6e1d8035, + 0x27381d6c3df61626, + 0x20d4cb97f497cca7, + 0x4690d32e14378905, + 0xa35ca32185af, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9df1d74d14e4315e, + 0x2c45d5c5767d5922, + 0x7adf6d56f307671, + 0x2568768c5a3be61, + 0x75b23b6b918402d5, + 0x7cfda8fd09520efe, + 0xbd85632006f8c921, + 0xd8ace4296a133eca, + 0x489c6546935090e0, + 0xd06ee97b10e50a81, + 0xe01b3231635c7ebe, + 0x3829459449eb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb7dde79b7bf4a100, + 0x579ab9f6ab605754, + 0x9f93fb2efad60e8b, + 0x334c63c11d992259, + 0x9422891fdad923ed, + 0x6d9e596b61dc5366, + 0x8d9dcd04489c9b82, + 0x3896394679ded931, + 0xaba406c12b3c8def, + 0xb50962ce9eb6dc28, + 0x15687f72b3cdd7f9, + 0x2d8c1c1af596, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa716410b829db004, + 0x135009ba5962231f, + 0xd6a5e4be709faf82, + 0x1e49d58e7477a15f, + 0xe17f80cdbf74063c, + 0xbde04bff7a310d00, + 0xbe5b0ed32dd6ba73, + 0x9b7094c531a4fa02, + 0x51a1e104551d3255, + 0x8f7d7687d882ae3b, + 0x7486650dcfec6e20, + 0x770e2364d878, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa2a1cbe1b5efa4d4, + 0xceb2e913c0b5de20, + 0x9365b5598899dabf, + 0xf22db0dbfaf7fb42, + 0xb23d260ba39875a5, + 0x4a1ea29372e1afb3, + 0xf590b3846306852d, + 0xe477f53a41489505, + 0xcf37b92157040037, + 0x3139495d73fb9d49, + 0xcfe46493bb30ebb5, + 0x15698ba0ee379, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xcf1e0e4295bb765c, + 0x5eebbf95e3526584, + 0x53f08b01c48210c9, + 0xe430d917e0c5de38, + 0xc23415e8c5817216, + 0xc773d51e7480c309, + 0xd5e5594fb5f63b1d, + 0x4c307d9a1da2e42e, + 0xb19fe25509bb7f77, + 0x7b534d4929b93385, + 0x54436e71bbe03902, + 0x186d99821f387, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4bd658be24774112, + 0xcac13551f6a42b2c, + 0xac76edc838584292, + 0x3dbdc8737cae5f22, + 0x9b2b727c542fac21, + 0x8f4848cba0e83b05, + 0x9e5d49f46d8d4130, + 0xf65fef81e53aa69a, + 0x3219752323db5f46, + 0x33c51406d800b9cb, + 0x6293365a71e335ed, + 0xc0805a013c1f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x66f69b942cbbcd7c, + 0x35a646050dbacea6, + 0x37219d8d3dc6b60b, + 0xd99e34672eac00fa, + 0x5681cc7197e62dfb, + 0xe1a7e8afbc9efcbd, + 0xce576cb4e2e26728, + 0xb77e05a61a4c3dc, + 0x7879767c062653dd, + 0x3fb0004573ae7030, + 0x70194d8d72f1ee81, + 0x4629eb4ed9b3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x47ba6dc973c59fae, + 0x7589293669d6b1d2, + 0x9945199f5af5b0d1, + 0x900e813e1509696f, + 0xbce135462d7d5f3c, + 0x495479b22d91a50d, + 0x9353f0421cf870af, + 0xcb9e763242274a8, + 0x4ce8bfa5300ca0d6, + 0x9692522e7d3c27fa, + 0xa769977fb8361b09, + 0x10401bdd1192d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x35cad5267f72d5a0, + 0x59978eef99179287, + 0x21d0b9087ae03d63, + 0x42b36b9e15d88ca3, + 0x2f1f411bcfc1682d, + 0x2ea54ef46ead60, + 0xbc7ae10814bb57e1, + 0x51ee614e701c2873, + 0xd8258954b9d6db5d, + 0x4a70f7e2ac23ce0f, + 0x86572f188764a9cc, + 0x43d3c1cbcaef, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x95a964522e1872a, + 0xe3805ebffca5caf5, + 0x7866665fdd28821c, + 0x107ca6813960b562, + 0x2b3489de685aa806, + 0x4518e91d4cee77c9, + 0x37fa0978b6c226c9, + 0xb9e41cd595a6e65e, + 0x3c85eb117274da97, + 0x359d679e3711f13d, + 0x21cf42c7ca6c2da6, + 0x170c112e93fbd, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2fb99dff9f768266, + 0xc1ee08b388c0c15, + 0x6ec43934e6228f53, + 0xa3c1d0b4058e157a, + 0x82506d90ca5e876f, + 0x74f58ca62a946038, + 0xd1d0d8fdcc33a3e9, + 0x6f4ed4c48672bccc, + 0xf214288461b6ac20, + 0xcae45b984aacf13e, + 0xe11934dea9b9f2e9, + 0x187491ad8c7e9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x45b73fe1fa203ac9, + 0xe70ffc3798c23627, + 0xf6df255943b61f8a, + 0xe5405035a4f1a9e1, + 0x7ab51c17fb4af6a3, + 0xf0307b784eb7c208, + 0xa4a1c93996bb276, + 0xb4a71d927f54803c, + 0x28fc3d4d67b8557c, + 0x232d8075c288d2e8, + 0xef9f18dd7d0209b8, + 0x1481fdf212387, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1c1ab04e329a5f99, + 0xfc6239a086be8d4f, + 0x392ed1a0d99c1ac8, + 0x57eb372b46a08621, + 0xc284b2cad95afc3c, + 0x1f67a48aba082dfd, + 0xe65ece83f217cf9d, + 0xdd90f37d4cf441f8, + 0x62f381ef1b42e03c, + 0x1bfe753fd7a697d5, + 0x9e5ba3e3bf6c739e, + 0xf2f72e1a834d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7649fb8154288dc1, + 0xc5805e2b6e719af7, + 0x551d1de223a11c8e, + 0x83d21614412d1c6d, + 0xaabf71ff9de8a1ab, + 0x48ccc969b6a36b6d, + 0x664217e0c61017a9, + 0x91da9a6df4ebf50d, + 0x7c6ce1629d8d5ae4, + 0xf957ac73853c8fee, + 0x104a1d62a2006dbf, + 0x1b175b2debba3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa0d19706a32ea453, + 0x515567cde835b39a, + 0x3fc8fb512c0d1104, + 0x67d716987896a533, + 0x2a112a0c57897516, + 0xb95e6012f1bc333a, + 0xc4b59bf8d7edc847, + 0x40c6e78201b7ef2f, + 0xae430be9970fd98a, + 0xdc438a17861e9bb9, + 0xa938ea82054bfa2d, + 0xdb9a3b39dea8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x68170b2018246a16, + 0x278918eb802e619c, + 0x8060f586c60304c, + 0x6fe568c861543398, + 0x9fbf941ef7574b6, + 0x5a8461e2ed26c54f, + 0x3c585f7567687c36, + 0x3823f7483a2c4e2a, + 0x9ecdff84855415d, + 0xf0c3560d666d86bd, + 0x54e56be15effeff0, + 0x1060b7a65f110, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf9126f9013645e55, + 0xbc0c855bb5382c9, + 0xf9d2a95d85e976ed, + 0x499ad33c6be844ef, + 0x12af4f8e494e20c7, + 0xcbd536028f86a723, + 0xd76a3cf1ba7f1403, + 0xc0491b6123afaef, + 0x7983456c41384e7, + 0xe21a06eab46fe55b, + 0xc9e775223e9005c3, + 0x1ba678a02b552, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xefba9b6dd8b44bb6, + 0x2118c45cd4ad5e64, + 0x5c39ba3baf080ca1, + 0x605f6689fc38825f, + 0xeac9c724d19472b9, + 0x6c024327bc8ec260, + 0x94c6ddeb60f56a77, + 0x4d2a2a12b551b0a7, + 0xd3268e57a571bddb, + 0xde42da0f1c19452f, + 0xa4d02c77eecdaf3b, + 0x1c1df46675b2b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x329f0107c25d031f, + 0x118880346fd43cdf, + 0xbda10f36776788c2, + 0xd0a5e6599be940c3, + 0x56929adb7f0616ff, + 0x3e86b0a7635462b8, + 0xb066b4e7872ff039, + 0x6b72a0577eabe9f2, + 0x61f32a17b03e4b18, + 0x2f480847f7d4d3c1, + 0xb693ee9372487660, + 0x18ed43b4d6bba, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x45fa9a4c919da6e, + 0x29d625ec1610a860, + 0x6daa69edac102211, + 0x70f19a2cb9bba20a, + 0x75cf557057e27a9d, + 0x305546b218234ecb, + 0x49b868a6670e542c, + 0x7cd122a295c484fc, + 0x643721f73c6f0d44, + 0x1a77cd1bdd016445, + 0xb1cc6a88711a11e4, + 0x186003af07a97, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfac1c10706f04394, + 0x9dbc02290de64b60, + 0xd0a7bd1a26bd4c1d, + 0x8622c5cb7aeddbf1, + 0x24d9bc40c98ca76e, + 0x9ca01d95ac15c0f, + 0xf504a36a5e52fe7c, + 0x94ea6d60f5dd320, + 0x31df964e0a290f3f, + 0xd1e278f4299509e7, + 0x60b73494cc8a3ac0, + 0xb0722609be51, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa9844e70c2e4c1bd, + 0x9121475c57c5280a, + 0xce18f0856fca77c1, + 0x500e1153cabb83d6, + 0xda69a261bc409c95, + 0xb23bd4ce8998ae1b, + 0xb660d7f131493836, + 0xc530d373817f95b1, + 0x381fa4bbd5f06b3c, + 0x87b45f17f9a8b3b8, + 0x35da29b115a75492, + 0x86e4d3d33bc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xde760d5291636b5d, + 0xdc74d14058a33a32, + 0x4b3abbd981676ab3, + 0xf6f7b077488a2ab2, + 0x2ee93cd428091871, + 0x2672fff03b6d70cd, + 0xfd80c33f34b5179a, + 0x5cfb15ea1395db53, + 0x7caa3712160b23b5, + 0xb2094d9a94f9a085, + 0x79eaf2e4fba700e9, + 0xf5e5ebdfc24a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4a931e7b5d8fe8d4, + 0x92475f72f889600c, + 0x18ec232a3237f9b2, + 0xe9e87a69d603b22d, + 0x3bc4072a7b2bc7ee, + 0x307b6dccb363443f, + 0x95c8af13e5aa4d34, + 0x5797f43c0eb68bd8, + 0x2907279a910559ae, + 0x8cb7f2187e335722, + 0x4f24a2f63495a781, + 0x9e74b772a6d8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1892a7066a66f33e, + 0xb6da322dce88f7e4, + 0x3404a46554c196ba, + 0xce6af9e88bfdd9b2, + 0x455dc4dfcb9ec644, + 0x4c59d13757126f7b, + 0x365359c9b70d0820, + 0x19f401f92da6a168, + 0x60e9f301e52b8a1b, + 0x88c1ad84016338ca, + 0x34600b26cdea0db0, + 0x988574140260, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x30f1c717088f8651, + 0x70a2e64ec8ad80c1, + 0x34a6db5cabd2ab1b, + 0x5901fe9f22757394, + 0x622beb63e634dd84, + 0x7ba6aa30011da1b2, + 0x714a219c89930469, + 0xddf1fa8d85742328, + 0x1256203cb7e0f0dd, + 0x39f01beeb544eefa, + 0xde2017f229da80dc, + 0x69a58b8c2d9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf8d598c1c3b39d6, + 0x15193612a7201f97, + 0x1b606952cf3f167f, + 0x28b3735e7988e0a4, + 0x8605717389c09c5a, + 0x97deb3d89d2de45c, + 0x58c40656589734cd, + 0x535c2e02d3c0636d, + 0x4cd355c1d1844981, + 0x6a0c3902bd48be06, + 0x1f2b4595097b6d2d, + 0x6c5ee0f14ab2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x187ba1c7f3bf9fdd, + 0x7e3548ebaea72977, + 0xe580766e65388f5d, + 0xa46fd9cc241fc8fa, + 0x1cf88f4b2bc272f1, + 0x3ca6fa5f7e9080e4, + 0xacf91e4fd3cd95cf, + 0x4bc616acbd20b748, + 0xd4dcc629df0e4747, + 0x4d63fbcaa0b05db4, + 0x7be18636bc4741b8, + 0x160727ca510ed, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x88e60fd97bec2bb5, + 0x715cc852cbadb4ff, + 0xd922db3955851560, + 0x4e612e64544d155b, + 0x8db7b6fbc346d1ea, + 0xf715067a02bbd55, + 0x1879e2c56fd4a9c7, + 0x6b669a0c0e0725bd, + 0x279c6b1ac6dad58a, + 0x310f56a50fc58ef1, + 0xf4f66b3888e95881, + 0xb217a63477a5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe250f2b0e35e235e, + 0xbac016441644e815, + 0xe60ef6f74a50ee2a, + 0xc5da294c022def51, + 0x69d2a99bc7ec3a40, + 0xd716991c07d5e2de, + 0x5b1cb7c696cf912c, + 0x59ad87c220f7d591, + 0xf2c665694a83889f, + 0xb688877c1d402f44, + 0xa5dd1a13958dfc9b, + 0xdc992d0a3e50, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x3789105efd8aad5c, + 0xd18634a2e16cb54, + 0xd2be957506e4e868, + 0x8939555d9741905d, + 0x8bb5e9f5a2ed25a9, + 0xc8f221f83200d7c3, + 0xf8ab24e72da1ca99, + 0x5b39686e84721cc2, + 0xcd1f4ac92ea49f80, + 0xeb00028e2056463, + 0xfa983107ca976f26, + 0xfcb4b0efd1fb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc2077fa877097b6b, + 0x878a886b6bbab4f7, + 0xfa4a84376eafee36, + 0x1b53988f57b9d4b0, + 0x5c757d6afa905166, + 0x5981aa06fcc59789, + 0x97b85311c3eb8ab9, + 0xba391b555112a40a, + 0x78293783e8a2f0a4, + 0x239e342363a756ed, + 0x5eedfdb55b05ba09, + 0x1806f19515e36, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2d577d219af8e17, + 0xe72161fb367e24d5, + 0x292da9391f7404a, + 0x78f38578f92e5214, + 0xf5e143297410d48f, + 0xf86ac7ac10517e23, + 0x2640f99a9b40c84c, + 0x736e7e1b915d839e, + 0xb7bd1303e345d73c, + 0x4f5d5b7c275b5d78, + 0x735a5149fb4d201f, + 0x14f2470420644, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x45794ec7d4d68c31, + 0x1a51e1fe92e49ec0, + 0x6ac3d0f0095aa114, + 0xff8a448b4f11ee86, + 0xbac030441dfddeec, + 0x6185ad7ca5790dd5, + 0x5e7d1453762f41d5, + 0xcf10bceecfef8533, + 0x806910863c9e4196, + 0x929519da728b5359, + 0xc4b9e155c2f011b3, + 0x18b244a5432f1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9a9db67d9d6765dd, + 0xee77c94781cec68c, + 0xf68e20fa4c41ceac, + 0xad26262fbb647147, + 0xb82d2835eb495924, + 0x41debed8a338a691, + 0x5a2907d495a19fc2, + 0x46dd06b9b25d9632, + 0x8d93f3106338941e, + 0x333a9b5351bee962, + 0xd3b687f6381ec72a, + 0x1c3c5e0334f0a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbe5b69734ddeb68e, + 0x5cfb4be0af686b62, + 0x7e626848743f743f, + 0x4cd29b4c86ac427c, + 0xed72a87bf9130fab, + 0x5c89af564a2d657d, + 0x2d20f113672d9bf7, + 0x8c1c802efd919e42, + 0x7e017303d6652721, + 0x94e9e530eb2a62c8, + 0x54c50eb8369dfde0, + 0x499d8e51d131, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1077b30e926766bf, + 0xdbcc352ef304df8f, + 0x37a95541f5868938, + 0x333ced9ff0664c32, + 0x3912463b3033a846, + 0xb8094e87d999b19a, + 0xbfeeb4536d07fad7, + 0xe0e72bb1fd74022f, + 0x5810dd5e4c5558cc, + 0xe7ca2baffccbb9d1, + 0x3ae550a36c781f5d, + 0x188acd38d8c5f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbe46f1c252f8df87, + 0xd50e12aec919922f, + 0x41eac583dc8b2553, + 0x780140cbfbf2bc59, + 0xe8d467b23854428, + 0xdf3a48f5ad04cb93, + 0x8553e9f85fe767f3, + 0xb6c10a59e367c088, + 0x39f5ffb28bb7e6df, + 0xc1110d4a3e9d640f, + 0xad9a8a75e58177e0, + 0x102fe6490c4e0, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xdc995f5b01c22cb6, + 0xd6872186ab3bca52, + 0x3b2bb38e8a103eda, + 0x5f023352144ae9ed, + 0x9bf8fd8926d4ce8e, + 0xb12a878c4f9b06d1, + 0xd83978b5b9c35a87, + 0x6dd976e8ec582d13, + 0x59a598b82c8821de, + 0x28e2f95c93ce41ec, + 0xc3250f5e2446ea5a, + 0xb3c004c8deca, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x85ebc6a3ce00710d, + 0xaf6d26ba626dff8a, + 0x5da345a2912dcf77, + 0x41df8badaf36cc86, + 0xe2d3c03084073bb8, + 0xb49f6fdabe2145fe, + 0xb19a81a3cf5826cf, + 0xe90fcf06d0c74cd6, + 0xd1dcace51dc4bd46, + 0x8614d99750c5f607, + 0x30be63767698ecf, + 0x67ea8846edfe, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe43d1c0b19971593, + 0x5f702ccc62edc52b, + 0x3427ac8faa48a8fe, + 0x9635e2cf613753fc, + 0xd98f9b8965a57ebf, + 0x6632ff7e3bf0717c, + 0x853ea927ab13ecb7, + 0x87f94339b976aa7d, + 0x42f14e2807ca3f0c, + 0x5506c7f363ba1263, + 0xc01e3b8850849594, + 0x803cfdb46200, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6c5b0c2eacce16cc, + 0xef0b3335904cda62, + 0xdff9657314946045, + 0x73b4bac8ca237d0, + 0xbcba23224f13c8e8, + 0x8dbc686cf2072dfe, + 0x9a4164ab6b8a3298, + 0xbc14ef6573ca7ba8, + 0xef56d101052ab7bf, + 0xe459ec092b281bad, + 0xd29e206800a2e51e, + 0x18620f1a3148d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfd714c46638a3677, + 0x468550a7ec014af4, + 0xe070ef41e903ce92, + 0x6d43b53990b7a3b3, + 0x72d3f96f2537f03b, + 0xf8ceec51b5c8b9ff, + 0x6381cb30c6473847, + 0x956e86ed881ba3de, + 0x8e0f70c082c7a630, + 0xf761a9d21f2a68df, + 0x805ce0d530b8010c, + 0x3dead102ce55, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6e8848cf9deeb8e7, + 0x23bec860a8bb60bb, + 0xd9b8158022ed712, + 0x8be82ff15a5cfacb, + 0xcd5be21caaabfb81, + 0xcc8c4a99844f65ca, + 0x152f0407fa09a3d9, + 0x1dc5d55c96c281ac, + 0xf5fb882022968972, + 0x5b004103b737eb6, + 0x8a454498ce135876, + 0x11d098b8b4853, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x147e10a756382cce, + 0xb74ef119a434c322, + 0x2769dd86c9567ab6, + 0xe25a2023bf3b2aa5, + 0xc8056c086b1ca182, + 0x6ae5346c2a8a62c6, + 0xc8f06fafdbdb0742, + 0x49be897884c33520, + 0x2cd3df36b6916b69, + 0x848ad901f8de30a1, + 0x680ed22f76d86483, + 0x1831e3aab39bb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9a93e5e95528c7f7, + 0x5e26847a9bd2cd12, + 0x315535bd65cf88af, + 0x5e8d333595c74e90, + 0xe70d1f57003cf128, + 0xbbf63138c0430395, + 0x897a55102ac563fa, + 0x6d17ee83aa1eaa38, + 0xcc4efc3e09645d2c, + 0xbfdf0b26f7bb30fc, + 0xb0a55fd6124d3b4d, + 0x7fd2368ba71, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd006a2a7c23c8cce, + 0x3639b33663a339dc, + 0x124c429aa18e652b, + 0x5f64b30ea62a2616, + 0x3bd3accb30b0e724, + 0x4fd2010860d2dfc1, + 0xa5eb11300bd23ee3, + 0x77941850a502997c, + 0xe0188b457efac6f, + 0x93bcaa422c9213d6, + 0x4be996906648bef1, + 0xfc70f54c3109, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x96590205a01fa3b1, + 0x20edd1ae1bda98ad, + 0xe5cddf506c79bf70, + 0x9438dc1065d99828, + 0xe2b24e55435c0bf6, + 0xee5e6f0dcd865f28, + 0xd47a5f6dab5aae2b, + 0x315fb0c639a008e4, + 0xb2430077bcfc670d, + 0xce6233201b3756f6, + 0x228dbdca2161d6ce, + 0x15148b9ed789, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc2392f0d547e508a, + 0xf04111c89dab2095, + 0x2c31ac90611cbc0d, + 0x486eecde6eeead82, + 0x3b243f8673319971, + 0x6eb54e3ab5849b44, + 0x241836ed0f83e6b5, + 0x4e0828adb54c3394, + 0x6d7e99b5ec0a4ce, + 0x4a57960c1995e35, + 0xd5d3952034f9bc65, + 0x16a2ee00a298a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x59a883f0281fd6e2, + 0x950bee8636ca70e4, + 0xb4a12b061932cc9e, + 0x3ff33dd6599cdcba, + 0xbdfbca42680382c3, + 0x5fc3f1e2ffa79ea5, + 0xcf845dbbe7a9f870, + 0x6926d707913a8b75, + 0x218673a7daf62711, + 0x68366b138b824887, + 0x67283403824b3544, + 0xda9bfc6ce7f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x30f64a7e964c3420, + 0x96927d44a37700f5, + 0x3ec4f773acac880a, + 0xc005622f3eb6bd7a, + 0xe895c0790e0d77cd, + 0x64dfd09b98a137c7, + 0x9b9c44b13e86372d, + 0x641112f028d24699, + 0xcf8d9516aa23ba54, + 0xd0b98027ee358bfd, + 0x78c2ee083b9c3c0e, + 0xd9537c4c5855, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbffa88ed81a4be7d, + 0xf5b9b1337167971c, + 0x47666e71f84264c8, + 0xf10e874338c78c21, + 0xa6e9dde42e30b5d3, + 0xca74ac753c17f0f6, + 0xcfaad2cda1cb0570, + 0x72f3e192d5fbecf0, + 0x7787a16a8e2efe0f, + 0x6ec5193b9b86a147, + 0x31bbb511fa0f2000, + 0x1c3a5f33058e3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf69eb3289f5e88ba, + 0x5e7bac8e6b89c879, + 0x47e1a9b62981ae0d, + 0xa0697c452040eb75, + 0xd58cbce4f8e0eaa9, + 0xecb66ed104f69ed6, + 0xe4e2396996bac740, + 0x5f818bc60d770cad, + 0x793057e474d0eb03, + 0xf4fcad72d290f8de, + 0x6c5fed2742e0eafc, + 0x11b68b984bb54, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe26c97b5d6d5e8b9, + 0x1a885e1cc30c2889, + 0xb9f133394fb07c29, + 0xc4cbfa769a76fa4a, + 0xa029f7fc21cf91d1, + 0xf20aa58ac1bb6411, + 0xe0caa75c552c0420, + 0x5399588083fc7f51, + 0x5236a0be2d533386, + 0xb301964841c4fb69, + 0xba1b34aa25dba3d5, + 0x1b14723bba2a4, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7189dc77bbe41769, + 0xd2aebae7814de1e5, + 0xf0d94430c0738e4, + 0x50fb92efa196aa89, + 0x48a080d0df22afee, + 0x464b2e405607f9b4, + 0xbe514d65293c91f2, + 0x2eaed9201ec5dbbc, + 0xacd18b6ab79eeece, + 0x6e2a05146f91b7a8, + 0x125e48c63ad550fd, + 0x14a6aff6a6a64, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbad256299b93bacd, + 0xf95b0c75ac320c29, + 0xdff52f6346933f91, + 0x20af28641ce10b04, + 0xcd896e02837efc54, + 0x31be62617376b6e5, + 0x66502e7bfe4a5b3b, + 0xe1e30fa71d679566, + 0x1b7532cacaf01b6d, + 0x9ad254b531b20a85, + 0x8473360b46ee5aa3, + 0x1a49b01fc4f92, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4c50e825c3beb0e4, + 0x2b3ddfaac3f94490, + 0x1d89b03950d9fdb3, + 0x2e6866f4562801d0, + 0x2dbae0fae8429516, + 0xd53de03fc2956715, + 0x47024fc073a68819, + 0x31dfbb9f6e064e3, + 0xeb9119d0a7a2371b, + 0x621b42f743a2f2fc, + 0x7e8544a2690aa143, + 0x1afd436dee7df, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x94b956129e730c73, + 0xd458f1cb4947e98b, + 0x75b74456a261e807, + 0xfbdfa8274241d25a, + 0xeefe13f9b1243387, + 0xcfeacbe5bfbbc680, + 0xf75dcc57755d71f7, + 0xb0fc650f9ddb4864, + 0xdd969acab9fa59a1, + 0xf6c3af99ea4cb1dd, + 0xa57d591e652270fe, + 0xb66e705fd80d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf71f14c8a8fd6601, + 0x198d40322988b2ee, + 0x90456ca78250bd8b, + 0xb9aa12909427a875, + 0xf06db431b25ca4a6, + 0xa7aff3a59725c29a, + 0xee2851aa44df4497, + 0x7d0ce990adfe577e, + 0x7196d087bdd03b1f, + 0xfd5e773f4b7dcd2e, + 0x5f7cc44255e0709a, + 0xe5d217d3a2d6, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9f976f30d0c6c718, + 0x6e47c1b5f40e36e, + 0x8c718ab7c80b5675, + 0xee45f564a5578480, + 0x6cb65467d4265b32, + 0xca9279b5863889cf, + 0xd1d010b4730f3588, + 0xf9e798db40280952, + 0x6c3c3d3a6fdccb5e, + 0x4d20f8b4e6d41889, + 0x25fda0303374d4cf, + 0x1a99138175979, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbdf0e530098aa8cf, + 0x36e83e07c6f9c012, + 0xbf30ad60e9e9caf7, + 0x3d76677a5b96ae38, + 0x12611f57dd96ffc6, + 0xf4b2718398e03f12, + 0x5355bbce05e53887, + 0xbd92a79420fba3e7, + 0xdc215633c83e748e, + 0x8345ace62e83298a, + 0xa7e8aa69e8ac0cae, + 0x17a257767e098, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa9fbc9850a7408be, + 0xb5d1dabb86dde8c7, + 0x26d30b8f4e8bd483, + 0x9be63abf87f45ee4, + 0x3abfe6d65927ef7b, + 0xd8ea7d21f70895d, + 0xafa60adea2c5ee1a, + 0x74cab4484b6c4fab, + 0x555cf530c400b013, + 0xf3b78608e8d29bc5, + 0xd33aaa578261f3f, + 0xdf57b7821b7c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x951880d66e5cb5d2, + 0xb2085f29f3372e52, + 0xba108ebe816d9f21, + 0x4a7e0cf0a9c6d1e5, + 0xea73db0bc23f56d9, + 0xd2831e751cb1473, + 0x8ace4bda00bf91bb, + 0x25973c26107aa6f0, + 0x713fbaa3779a7d69, + 0x1a68d4214460f078, + 0x37e286b6e491daca, + 0x16e23f441d64e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2ea678aeb9cdccbb, + 0xcd74a83bcfde156d, + 0xcc7f2c74af9cc7e4, + 0xfc67045d356d8b50, + 0xcb0243798cb7c344, + 0xa520b1f986070f96, + 0xf2b26b2a10b2e41, + 0xa45a3674f04893b4, + 0xa021bcddb39dc5cf, + 0xcb52d0247c67d3a4, + 0xbafbbca80144a025, + 0x1b65abf946b23, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7b0f040f3c187be6, + 0x517e7dc44f97eb0a, + 0x584e150c580f43c0, + 0x20db2ac95fe3b709, + 0x8e7258775ae4fbe0, + 0xe27e83e64c1cf0e3, + 0x97a455843a16a22f, + 0xb2b22ad295043b66, + 0x16ecfa5c3388b78f, + 0x542f4b46dc616143, + 0x3df7c43ec6ad3bf, + 0x79cd14b45d1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa693b34a336c3cb9, + 0xf065795e1a97d087, + 0x654675a6c54fcca0, + 0xe1847042a7ba2290, + 0xcabecf1dd303db3, + 0x2a369c6575609757, + 0xfed4cd1b270379f0, + 0xb55a77cfea3cf77f, + 0xb5b6ff0a25851b39, + 0x1fc8eb0aae53504a, + 0xb77de5b475057e1e, + 0x29af39f9f755, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x530e6f9a3f647776, + 0xbbbf0336671acb88, + 0x75c0d43d69ef6b8a, + 0x4da830f97c93ecd7, + 0x64c8d55786f4bbbf, + 0x25cce7ec5e911143, + 0x75ef47a01d6e11d9, + 0x2bc167a8160099c1, + 0x6b2dd25ae87c178f, + 0xa318de39487ad6c3, + 0x39463cb8d138de8a, + 0xdb4fb355be92, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc0e56be3d41eba7c, + 0xd27fd9da6a7a9235, + 0x41520b4dc034aecd, + 0xced115771b8eb89c, + 0xc7a97ac983353c4c, + 0xfb4f5e37c52f14d2, + 0xdc2d07aa74b26240, + 0x782b22bafe89f618, + 0x71d86e34b596cd01, + 0xbfdc79123be9650c, + 0x2e2cb4186fc8e683, + 0x7f522cebee08, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1ad3eb72756eb667, + 0x899840b5bc095bd5, + 0xc5499fe92faaef6b, + 0x4d9facf38e501d79, + 0xf92311d74044624e, + 0x777446cbca22e4ca, + 0x75cf6b2147926cba, + 0x56dc8d4ff296ef0, + 0x9520bffb75fb9381, + 0xea5ba50a45f5002, + 0x8e3e6b5570da943d, + 0x1a8f2a4361bb0, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc9b23ce1994a2be2, + 0xafc4d9d7a846cdc8, + 0xf38c0a5e92bf7d72, + 0x6b3e8afefc564d51, + 0xe2670d16771b05eb, + 0xdfec79850638f514, + 0xe2ad455164c34d6a, + 0xc0d6c03d2233521e, + 0xb8c9d738b5cf7837, + 0x4d73eb67fe8ba695, + 0x5c5bbf6bd7df8ff3, + 0xa73f6fd8fdcb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4929cd3853614b, + 0x4e6e1794dc9582a8, + 0x86104259ac649073, + 0xdeb403133450dac9, + 0x72c296236870cb5e, + 0xd3d9c3d6ac1bdc3f, + 0x48a1ad3f5da8eecc, + 0xf5f461f6db707631, + 0x5f5f289ac31445be, + 0x1072f420f67feafe, + 0xb06a8001a9fe0876, + 0xa30e8afa6161, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xde9ff34cf9789c71, + 0xefdf7e0b3caa2dc5, + 0x3b56b5420da688d4, + 0x97bd0f2b17f4dec8, + 0x6943f29350de2842, + 0x511207779d87749f, + 0x8b5f15e6c9a97c33, + 0x77c3db5301420e78, + 0x240a045b85d42865, + 0xebea6b0d102f45a9, + 0x5a4da8af19875943, + 0x60279c4cf464, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x597f95db6b4318cf, + 0x7d3bffe969ea3244, + 0x96d4f1900f8fed27, + 0x9647ea3f7c7d5468, + 0xe61bfe0136c4ca92, + 0xdd9505dce4a25997, + 0x8d986e22aaf9d01e, + 0x1ba89481015d1e41, + 0x9609bb2f708eec97, + 0x50696ed24888ea98, + 0x785cbc2c939989a7, + 0x21e5ed67805b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x59afcc5b01984775, + 0x6235f2b90970c91f, + 0xdea996f7ac46622e, + 0xc6bce5fb767dd9b2, + 0xd837a5c74eaca2bb, + 0x1893b85e3544cbaa, + 0xeb845ac44d606204, + 0x4702c947851c2562, + 0xd7b68e320085a5d1, + 0x7d549ac03b31e0f2, + 0x9caeaf2f17495fe6, + 0x13be2ce80f4fa, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x33f5761fc9c93191, + 0x2c8079d5491bbaba, + 0x70c2be3902d51f14, + 0x4fc1c87ba9a1a03a, + 0xc4a1ece214e755cb, + 0xad5a60711763d23f, + 0xfe7d0e7e42499c4c, + 0xc967ae0c678c357e, + 0xd41ab40b8d2b42b8, + 0x8d8fce9e3c5176be, + 0xeb8fcb07fdba53d1, + 0x14cef103ba338, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xeb0cb66ecbbced53, + 0x97edba9f1d5a4918, + 0xfa1fd1ffd60a4474, + 0x346767d4e83d1e62, + 0x55818cf6e0792320, + 0x4420fcc66e56c786, + 0x3f5bdd402d92e222, + 0x6d184b2eb06f7ebd, + 0xcc31a6f440d37de4, + 0xb1c63db201c394bb, + 0xb177947f1d1a48a, + 0x1baacd47fc9e1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xccddf55c88e45749, + 0xe3aa43cc834674dc, + 0xcb4510060a4fbf1b, + 0x760b702c74930258, + 0xe335b5f0b4d53623, + 0xf49f29bb1858f815, + 0x78cdf1ea3fce1f56, + 0x294c1370fe1c2811, + 0xd7281676bc881782, + 0x28f03f9a31f409d7, + 0x68b938dd5e73d456, + 0x3b251f644408, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb3377b00a413040c, + 0x2fd3fa9966d1151b, + 0xa5d47ac2b29e5a17, + 0xb9b89642d55e5720, + 0xa108225259d691f3, + 0x6272f9c84e611b80, + 0xc62d874a80cd3ab3, + 0x93259b2a08697852, + 0xca4dbae482b8c18, + 0x4dab321680faae7a, + 0xf02cc1000c9a106f, + 0x1a863dc4bd196, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xee0c809927eee565, + 0xf9ab9ae0542a6661, + 0x33420685f9fccbf0, + 0x13058379346b909a, + 0x8ff49eab78c80639, + 0x31cce24e14451eb0, + 0x13dd4d0208285144, + 0xda5be96791a38b49, + 0x921a56d4ca213d2a, + 0x14f0692158dcbd27, + 0x5ae89d9c2e72b466, + 0x410116f3a03e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa96fd5996b370905, + 0x7c54f80a5602ef90, + 0x40e67712f3a9a438, + 0x2c041260b06a8fd8, + 0x93cef8fc9083b7c, + 0x2a2c2f6cfc5e1c5d, + 0x35ffaf3dd922cb86, + 0xc60c7cc9a0989231, + 0x625035cc7a69fcd3, + 0x9bee745ffabe7acd, + 0xabbc80256e959a58, + 0x2c3160819842, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x78d41ebf39e49b85, + 0xe8ac254e271ca56c, + 0x3b87fdecc5219e8e, + 0xf1d8c7ee484cb6a9, + 0x95919e97baaa0ea8, + 0x655b2aaeb04faef8, + 0xb3c653b7d11491ad, + 0x30ce6413cf79356, + 0xcfb36cdc1b4323fd, + 0x3538879a93f2aa4, + 0xdfe99c4bcb68ac6a, + 0x5b949497df36, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc55276d47debbf3f, + 0xe0fac612a40595a5, + 0x969ab9740679a56a, + 0x536eb8951b0574a1, + 0x658d53baee4ce646, + 0xee43d8c62247248e, + 0x17b93809db3893fd, + 0xbb8df2646d6cef12, + 0x4f86afb944a21c85, + 0xfc925ab022025656, + 0x453b341c11604a5a, + 0x70882ce026d2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x827190d431e0fae6, + 0x3bf8a72bdb849068, + 0x97faab37710bbe1, + 0x7835df18db31feaf, + 0xd2ef53be2f64339, + 0x2a320f0c24556536, + 0x14ad19006733137, + 0x25b2188261c13cef, + 0xc965901504f59fb8, + 0x723d00380a351424, + 0xe431dc83965484b2, + 0x139d2ca557167, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xdf67773e49e21d86, + 0xb80d33ac7c2603e9, + 0xd8226ae26d3ff610, + 0xf701aa97095042bd, + 0xb25debccf1342dec, + 0xa5f7e2e4c6919e7c, + 0x32c54e0e5f4187a0, + 0x938b86521bd4e01f, + 0x666e8af2c8c22cd8, + 0xb4c16a77d3a3f047, + 0x2342a463ebc2baa3, + 0x2598774f0f8d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd4132bc37015c3d8, + 0x95bfa9aed000b7af, + 0xa11bb665180bdb80, + 0x69852d96ee117e3, + 0x3eb4065a0fd51b2a, + 0xd8a182e35646789d, + 0x43605aaa2a0e8eeb, + 0xce1960453209b198, + 0xd674446ae07aa405, + 0xf27adb668fbd2a7a, + 0xe197d21b2b0c4ae1, + 0xbbd071583b1b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc5ac86806c567f94, + 0xa0a81bd13f4e823b, + 0x4934358efebb536f, + 0xa2ed2009fb10c55c, + 0x2fa1e095b98f8e17, + 0xb04ee1fd9d44d8ee, + 0xd05decd620a3f23b, + 0x67deb92471d7be28, + 0xdb7bb52f25ede642, + 0x1ef2e861094f24d4, + 0xc9135ae37784a6ce, + 0x9be1e12bdea4, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x576c3d54f69f0fa4, + 0xbe4584ad80a47e0f, + 0x2cbdb4ce1abd80, + 0x27632ad589d97d61, + 0x3e97114cfe1153ee, + 0x6cbc173a1bc2f8c, + 0xe775e30f0305447c, + 0xc1d9048605883381, + 0x5d7813b3cf59cdbf, + 0x4a2904da50bd9c4a, + 0x797b4fb2965ef5ca, + 0x3e898ffd2190, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x669d8e9290037a18, + 0x34c2d915365640d9, + 0xd016d405d6552160, + 0x46abee647f501099, + 0x8ad8d79837bd53e1, + 0x5eab9dd936da6134, + 0x643a4eb3ca3d0d69, + 0xa19cf04d3cfe3c26, + 0x598e51c20fc425ae, + 0xac876cffdb33e618, + 0x53f16ecb5753b84b, + 0x1496131a8be78, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x35b121cc9270b03d, + 0x3d96b296a109614d, + 0x7752d0497de003b2, + 0x529249bc54897f0a, + 0x5b15700839e29239, + 0xa28351154f5a51d2, + 0xa4c8bf4d86134016, + 0xb7727433e9e60c9b, + 0xb9581a592f15cf6, + 0x487ed830d4ea52c, + 0xabf9f501b8f0121e, + 0xc9f0696d3336, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa0c4cc792a65f820, + 0xc52dd22b627dbc17, + 0x5210f4b293fa4f, + 0xb45498868a369671, + 0xc499ac40c56a4d46, + 0x14d3db1cf2f104d1, + 0xc174ff94a2840e79, + 0x60a5e43cc7293556, + 0xc77136451776726e, + 0x67d4e69072324dd7, + 0xddae8b4e88c2d018, + 0x1b4e4137e5f02, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4b563e35ea1873d5, + 0x4ba205f8090b5c49, + 0x53cffa9e96c87fb6, + 0xc14dcad139695b2, + 0x52076b02250b986a, + 0xee1d2003e5f7296f, + 0x4e3de22938d69b94, + 0x4ff974d3a4781df5, + 0x5a0846ac446d956c, + 0x71beb57b60dc2331, + 0xd115b3b7deb7125a, + 0xa64e44a979d3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9a1c5c05370ad634, + 0xf9ab0822d039a1e5, + 0x69b3d334a5c345bb, + 0x4bb2dc7a20f2a358, + 0xb4ace569a20200d9, + 0x44d5fac61432e66b, + 0x604af5a54230697e, + 0x740a852cf371fae0, + 0xa573a20270cb88de, + 0xb28ca54686eab55d, + 0xca5c27d31f2e39bf, + 0x115e80846be0a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8476c8d598d84103, + 0x1f00daf27a32496a, + 0x52c5320717226160, + 0x29c034e8d5fef5e3, + 0x114c200a950c33c3, + 0xdf2e2075b0b84219, + 0xd4fc9057b851f762, + 0x19689784b28b90f5, + 0xd36a5c582c7de212, + 0x4ae098f7ebe03a9e, + 0xe587c55e345460f7, + 0x1129e8f63ab4a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x97aacf4bb71ec4f8, + 0xd642db333477142a, + 0xf39a8bda38036b61, + 0x9eb913e731360fbe, + 0x5a3bd038a5a1507a, + 0x75145c4c8517fc4, + 0xf510ec916a73c57a, + 0xf875dff59c6999b8, + 0xb590b9a46440e9d3, + 0x9d443702e13b9cc7, + 0xfc125a12bc3daed0, + 0x6d06d3ebf587, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd443985f3b451d00, + 0xe382815d93557ac0, + 0xc3cc992c160675f8, + 0xea0a454ee5b8f34e, + 0x5e506bce8ce3f5a3, + 0x9f7836f1afd44faf, + 0x816582aff387cda5, + 0x3549d3c726a73031, + 0x304197a8ce23a955, + 0x975079f63969f432, + 0xb7181a2c0c6947c6, + 0xdf521a24ecd8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb61ba87230d7c588, + 0xda9348616f0791a4, + 0x95467ce44de5a101, + 0xd17337f5eadb9380, + 0x78a849bff4f5d78f, + 0xc63f07b7db94cb08, + 0x4526d07e80c747d8, + 0x9cd8c269ee8a4ffb, + 0x852933f647e0db50, + 0x6342eaca8d4d39b4, + 0xb5d1f5e460181ca8, + 0x19a36763a3a05, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x71f719d1f2888a73, + 0x16e3e6cd1563ebd6, + 0x79e51ad365b5b74e, + 0x7cdbdc690b012c54, + 0x8116a3c592b17e45, + 0xb5a2a9237733dfb8, + 0x97e36487ac8cd418, + 0x3ca8f2141c869ca7, + 0x2948765815ed878b, + 0xa5e6ed33d0cdcb73, + 0xd623f173657b9773, + 0x4a45c5cc7376, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9b9344568ea5a08b, + 0x1729f52e5457b1a6, + 0x12f223f0e8c5df2f, + 0xd0f40b19d5857e32, + 0xd938b20cb82db5c6, + 0x4b45c705119ff014, + 0x2f8a0bbca8669378, + 0xa8c0d84583d752de, + 0xbd4be36fa569e814, + 0xbc4080009fb760ad, + 0x434b1986619ac051, + 0x1a1e492d80a90, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x83746d4d884ee0e2, + 0x9e31df316fef33f2, + 0x526533901fb9998e, + 0xbd3a4ebd8e91d970, + 0x122433e94dcbf9b7, + 0xc55a1a41e165bcf2, + 0x28c4478d1150641c, + 0xd1aa07cf245b1208, + 0x343c0ef74642659e, + 0x8a717e3fa998d758, + 0xd451bc8cba642b6d, + 0xd3564023028e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x76591c12876cd2e3, + 0xff369049daf19794, + 0xb036272267642fca, + 0x20d533d6efd3452d, + 0x259b47825b393d95, + 0xba5b78891e6f63c9, + 0xe8b6634780d2b30f, + 0xc11900222a978d86, + 0x18fbb3df5f36e466, + 0xf8c941dfe7caa4d5, + 0x279a952b634ecd14, + 0x1833f2efb627e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9803e0690d5d84a4, + 0x247da5abdbb58b02, + 0x9d36584407237a24, + 0xa9cd44c8afe9037f, + 0xc5619462e3a10021, + 0x4184e06a4cfcab11, + 0xa2fbf50800013cf1, + 0x91471125a787f8fa, + 0xaadf879c40b7a512, + 0xf4a046127fe2f616, + 0x35c773baaed21441, + 0xb87d54dc8342, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x5f8ace14a9393151, + 0x62387456c8285313, + 0x829b67c8c441ea39, + 0xc90994e6d1e844e0, + 0xf37b855feabc6655, + 0xb4def7607fb190a6, + 0xe5eb876a65d07a4f, + 0x637f53c73345bf90, + 0x332a722837be4e63, + 0x4c9d20f6c74678f5, + 0xbb7ea8a64c31fa74, + 0xd773486ecdc5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xad24dc32abf4e778, + 0x99bf2ca5858a1af5, + 0xedf04fcb70f5cbb, + 0x9c8e0891eacf6f8, + 0xbeeb380afd8c651c, + 0x5eeeffa790ce40bf, + 0xd4d36753d3fc3eeb, + 0xd1838f38f5044152, + 0xb93f093655130390, + 0xf0c3781ba8153530, + 0x2c6bdc7f7a32f79, + 0xf2bec3a80fab, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe310565506bd1528, + 0x9b29cf3a8508e1d6, + 0xfb0bf6a821c10495, + 0x1a611e203c2006bb, + 0xb48d446722b83add, + 0xc1a47ce237e79bf6, + 0xa4a0f8ea3bc1dd9d, + 0xfe495ab6ec7bc73e, + 0x73d14a4af0174980, + 0xf80e92d9acc27558, + 0x4e590b81d33fec36, + 0xa327b0eca9eb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x55f0eb82c037c2c6, + 0xaebec0c14b2122aa, + 0x452c0b8b02238ff2, + 0xdfb2beca803648f0, + 0xbccf299fcfa1ab24, + 0xe681cb3a57eb602, + 0x1d18b3e29b2ad780, + 0x69bc100019ba6da8, + 0x9ed4ebf57e19672d, + 0x95b1950795c9fe23, + 0x918378b171c3f496, + 0x178a87f609d8d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc2e4e774a12df11, + 0x80a8b9776e4150d8, + 0xf5c826169ae579e, + 0xca4d7b0c5c1f13e5, + 0x5f75387e25c5d11b, + 0x21b99d7a359e3f56, + 0xc3caa073d5a5b47c, + 0xc9d786467388b212, + 0x76fa4139bd1cc860, + 0x26b274c883458b4d, + 0x451a710add46225f, + 0x13561ab3751a8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1c30b67214c03997, + 0x53a29c719b6ec320, + 0x9fd18ec63fcf1461, + 0xa50b96df18d48987, + 0xeff47b54acad65b5, + 0xfaef27b1c9f3e03b, + 0x436495fb40b5e505, + 0xc08cee0ca939eebe, + 0x345ab9db9c5a9822, + 0xe5ac0a08297ca5fe, + 0xcf65e1b34aba2151, + 0x1245335ad4620, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb54ae6bf17bfaf9e, + 0xe93e38e3c61865fd, + 0xb5eafeaea790acb6, + 0x874f56cf63e4ac65, + 0x54fcae1bb776eae9, + 0xca709ccd4757a4c7, + 0x17ea24ca4f082d3a, + 0xf548f77845898d11, + 0xaed721464f88f760, + 0x966c02f735b73efa, + 0x1cf16bfc395150, + 0x5eab1eebb2fa, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd2111b38515f1f6b, + 0x9935fe93c2d63928, + 0xfc05bc489296d86c, + 0xabcc8112fe5b407e, + 0xf8a6d9d114a9679e, + 0x950fd0a906855be9, + 0xc7b84dc7f5430fb2, + 0x58326488554c3e39, + 0x2e08ba7a0dfd997a, + 0x10165700e1b91492, + 0xd44eb8c68797b3ac, + 0x18d5a755cfe02, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1e89b58e70e2d4a7, + 0xb59d9d2a2ee12b0b, + 0xb24f583c2def69a4, + 0xcc3f86f35640a15c, + 0x1039fdad55ca141b, + 0x47a555d3665526fd, + 0xd34c8a9a5ae0dd8b, + 0x46e930504a5f0673, + 0x5ffaaeb660aa6283, + 0x7967022ddb35e137, + 0x915cac38e69152f4, + 0x1c36c136fd7f9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2c1994f7901ed9b3, + 0x85cf2bf223c71848, + 0x8fe998c7a4691c5d, + 0xc11f2a0f608db20a, + 0x4f82c4fd8817e396, + 0x62b8f3380b57637f, + 0x13a32b559ec4a3ba, + 0x47b35d8820f9d5fb, + 0x4aec293710a81e0f, + 0xa2582c0151ee2ae0, + 0x2d9371a4ede0d4e, + 0xbf6e2b546626, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x64bfada11ee5897d, + 0x5c9157a4280c6c5b, + 0x217c7f11598c2ba3, + 0x281232671d4a9a22, + 0xc74198074fcdd833, + 0xb8804e435747ff79, + 0x6289992f89b0234b, + 0xb26db5bbb899c931, + 0xaef46cdbd8c53063, + 0x153dbd4a22e3a17e, + 0xa5c2f8a34b469b9e, + 0x1095eb4661a6c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xcbf268b000504381, + 0x9937521435163e4b, + 0x967221953f59e685, + 0x3ac19b5754b2b5f9, + 0x1baefaebd154b1f9, + 0xcaf504746174765d, + 0xa592f875c42a3a23, + 0x84b4ee41b68240a0, + 0x6e6d2ba58c12cffd, + 0x48545b4a61f7e3a9, + 0xfbd6ec6687ca9a3, + 0x234432901dfb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x583e40f0f10561da, + 0xb9bffbdbce970961, + 0x92a4475639dbb734, + 0x46d20c8f9239d89d, + 0x1800a40f131ec7ce, + 0x1845567c5d76073c, + 0xc1bd2042b38fc84d, + 0xc9b3abb5d1d1890, + 0x2df59728a03c0daf, + 0xb4cc55622b377c56, + 0xd785c8552fb61a31, + 0x13963f8b7df69, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x7b0f0f3ab6130333, + 0x97fa26371e6a9b5, + 0xe658861d3e2607b3, + 0xe38fd33ab374e7b3, + 0x166312cb0cdf2e1c, + 0xd4b25593a858f237, + 0x89c1fbe08750aba5, + 0xa0394eb40b10e6c0, + 0x8b60417d355ece7d, + 0x2a64ab036d427f22, + 0x86be78ff49e695b2, + 0x187363f322e98, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xcf06629f75c4ed54, + 0xd42ab99fcb41eb59, + 0x92983ee95905ee12, + 0x3b878fa52823e378, + 0x66ecf952f3f8bf3, + 0x12db50ed37921d93, + 0x2d6525af239290c5, + 0x721b96f252975e50, + 0x981231dac3bb2b94, + 0x9c64af5b97dc3485, + 0x9f0e0bd7be030106, + 0x49198a339dea, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x37955acb36a29952, + 0xa289bf5861f908f, + 0x7735de9d487b3ef, + 0x2b53c80162ba3d56, + 0xf49507a06dd7931f, + 0x628bf33941199742, + 0xc703c57730fca22a, + 0x3a748f963705d3af, + 0x6164660ae17a846d, + 0xf4ad66c520595a98, + 0x890d64cdd6abc7de, + 0x15189ea993be1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x30ef311cc4d181ef, + 0xd5f7eda5965af3a3, + 0x458b85307fb8637, + 0xc4a8e479e65667ab, + 0x50744bf7edece047, + 0xb4fcbe6d959568ee, + 0xaa0b01e992baf48e, + 0x316e7f1dbc109fbe, + 0x4509124d53ef7b0f, + 0x2a0e0040516edeee, + 0x6232f97c20c10386, + 0x194ad67a22b7b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa6792591282a968a, + 0x2833ccee2073ee9d, + 0xae898f323e3bdae3, + 0x21e610918c506847, + 0x9fe812b10f8c0201, + 0x16eb7a964a007a56, + 0xaa5c70399607cd5a, + 0xa4f257ff70055148, + 0x271b99e3ad745d4a, + 0x88c54490289c2b54, + 0xfabd088bdb2b96b7, + 0xeb40406368fc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x487c087ceef3a657, + 0x3c9a7594839ffe39, + 0xc0c51e87eaa04364, + 0x5ce0137700bbc09d, + 0x5cb35b52b5cb9529, + 0x87db82b66e3330c5, + 0x1165d3348d233ebc, + 0x5e47765e6ae1fb28, + 0x7978c75a62e67e6, + 0x789729eda7c33e04, + 0xd3ac7c20c913baa0, + 0x11b500a09ab2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb23c0a9bae5284d8, + 0x809f3f3411949aca, + 0xc8b957b1de3ce4bd, + 0x6b97d3662ad45b61, + 0x2f8a6f5520d09f18, + 0x9d55ae71436b30c6, + 0xb975c47eddc882c4, + 0xb152a261ad95438c, + 0xa74316d53fe3e1fa, + 0x23681b489d21977a, + 0x7cb51b4a515f9b9e, + 0x1bdc4f28b264f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x96aab625b7451adc, + 0x532ddc05afe0d41e, + 0xb7d3c7f77c0bbfb9, + 0x955dc1805e6eda94, + 0xebffcdbe02a833ec, + 0x39ae52dcdf82aea4, + 0xffc94949a674dcf, + 0x9a13b9d4d0cbeea5, + 0x8d5be925df7cebb5, + 0x82e8c6c156607ab8, + 0x9413a0a0dcfc3454, + 0x17132101ecd9d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfbc273eb419f92f4, + 0x42d533b09da85589, + 0x26a0cb40f77b2993, + 0x1ed8f840a39c79f9, + 0x9de82bcb96f62cbd, + 0x3dde760822ca1f43, + 0xc7ad4a12c05ec565, + 0x5e368894b5de5e3a, + 0x104d30f6e50f1a2d, + 0x22894069b82a1591, + 0x5aa43ca1c753fda7, + 0x120e368737802, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x60e11152c2e86c46, + 0x5da150b53d4044a2, + 0xc372a038b1d4e147, + 0xa2728ab1270adfe8, + 0x166602d7ab1bbde1, + 0x99d1fe7d94fe2cc6, + 0x6b00566050c4e695, + 0x941664ab4910352a, + 0x333ad3cd62cdaf0e, + 0x10164320e7f75332, + 0x100c3bbde87d3d4c, + 0x13ea965b806ee, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9695c2a99933b335, + 0xdde9b8c5325b470d, + 0x73b61edffd46895a, + 0x18327b9afb695232, + 0xf31f742b4859518c, + 0xb0bd38f1007dcf2, + 0x8cfadfdca908a47a, + 0x84fa39e28226961b, + 0x2ba77e3b9abf7314, + 0x565f8966fc08b064, + 0xd226eff57195dae2, + 0x1550d39b45daa, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf245bf6903dc35b2, + 0x6ab1e2452c14f48b, + 0x67b67a8ff8c058a7, + 0x421aca837e8ee2d7, + 0xc9c196b54b3640ca, + 0xa11295fbadfaa12, + 0xad1e24f4263b4bb1, + 0xe044f7b7a2e7f466, + 0xee95dd23c5e8f360, + 0xbd61526cd62fb118, + 0x3aab7cb53b3b9fa6, + 0x8de2d8eb1a0f, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd5d5d2fa88a1b722, + 0x60b11a30510cf057, + 0x145938075690dd19, + 0x37f97e81a3733b3, + 0x7704643508759e86, + 0xe5392758b3ab4786, + 0xf0200d9944d0d27d, + 0x64834e10b38185ac, + 0x7540daeaa51cc9c4, + 0x6f1eb4bb47beb9f8, + 0x99e9bac54f575194, + 0xc7de5d6d29af, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x37786f4ae56c589, + 0x978364901e249bd1, + 0xf3aa78fc57505b13, + 0xf2844f7263b2ac65, + 0x189113cbf8569829, + 0x70f1119ca61c966b, + 0xdaf0e38f360fa8c3, + 0x506d6befa28528f1, + 0x375cc093ec19c334, + 0x137771b8b522715f, + 0xa98eb78a5a6a29a9, + 0x519b971d964, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc052f09aab8a7855, + 0x4d08df12ada14524, + 0x949f2f883eaeff04, + 0xcf3a206271b2f576, + 0x87a015a5fd2ee1ae, + 0xe565f817161de1cd, + 0x3223558dd0008f88, + 0xc3f55ca27e4a83f4, + 0xda30da441d0d1e28, + 0xa91655ab6c2dfd3f, + 0x45b03ecfd55cddb9, + 0x18ecfb387d161, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc5a710e8024ed549, + 0x9566c7247378ba6b, + 0x37a1d3451400c86b, + 0xda57ec33cad1dd40, + 0x4ee08f324c76e977, + 0xd04545cb9b6f5d9b, + 0x58a719821c86bc77, + 0x8329e30559a19ecf, + 0x573cfd063440d7cf, + 0xf57e9cb7e4d58204, + 0x4edfadfac4d4ec13, + 0x42066f107647, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x14d41f7a358ec58a, + 0xcd6c538a8dc88514, + 0x8cc8239b4063357c, + 0xa2e9fc8861163d35, + 0x947434b4096e4360, + 0xc03b403d01d54da8, + 0x832a47c2ac6c2561, + 0x98da600d80a3aa34, + 0xb30e9e0867d0622, + 0xcfdc874c2b106f8b, + 0x92ced5f2ed3c0295, + 0x19dc2892d7bc9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x23740a12477c2986, + 0xdabb9817bfd28415, + 0xabb08828d9e7cf6b, + 0x5b9ab293335ef673, + 0x80bff5b61ddf577f, + 0x9bf74d9b7514bcdd, + 0x383439e35211e2eb, + 0xa976db2e00e7f7b, + 0x6baf251296c5be4, + 0xf69ae8d860829bbd, + 0x7a0987dd27277526, + 0xb7259fbddb88, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd1f1017fb2fd0dd3, + 0x8e43c2b59436f5ec, + 0x8ad01ee3a391753f, + 0x2514d21ab3e8e107, + 0x13f4e32d6eb2df3f, + 0x6d33c09287e9a972, + 0xfe865c84d08bc200, + 0x69e6e02d81346929, + 0x899e2ccb7517322e, + 0x87b250352dd0d7fe, + 0x2fc4b444c6e476c8, + 0x2ad86e0550e8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2fb868daf585656e, + 0xac32fdc47e221fdf, + 0x98e7cc8e29f6e838, + 0x6859fc6ed66067c4, + 0x141dc45a8d7dc2f, + 0x2840b5e3207c188f, + 0xd6c13a667f2cf4, + 0xa7262455e5db8bec, + 0x9a059d6b5a41de91, + 0xeadb945b3c518d2c, + 0x12398b55de60afe7, + 0x17878dde33d31, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6ad5001e1e089560, + 0xfbb9d6a2eccb71a2, + 0xf7e15ff06d466913, + 0x1dfb88c9cc8e600c, + 0xf00cd8dc15b0bee0, + 0x23e67fec9875c6a9, + 0x19cdacf8e99c86dc, + 0x847182c3a0ab2ab6, + 0x24e83c633dea3dde, + 0xe28c9de519e8ff7a, + 0x2357bc90b457c81b, + 0x12c04bbc70349, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x58da0c1ffa32279e, + 0x99f613fae19abb5e, + 0x2678725829681e5b, + 0x6e13c8d1081c3ab9, + 0x87a351cc0a823f5a, + 0x116f543ca70959f9, + 0xe5625a552b588337, + 0x2df331ff3df7972a, + 0xcc5ddafce4c23a02, + 0xe1d37d2117c46957, + 0x60b756e2563a074c, + 0x14efa0a826c65, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x316ee76cae340a09, + 0x313cdb295475c9c9, + 0x34ea095e98195b44, + 0xd312f56e708132b1, + 0xfd7e1d0510bf15b, + 0xb0d7e8ff3673b13a, + 0x54bfd70eddd0dded, + 0xd9769a8ef5b9bf8e, + 0x8e5f9bdeee65c087, + 0x9a0ddf9f9196f392, + 0x71271dd5f0a680ec, + 0x37c9d9a8e82e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x78c10460a7b0a3a9, + 0xff3f5730930b4b5a, + 0xac0a047c0f70da42, + 0xb8f121f578c61145, + 0x34e4a4a92ad8a04e, + 0xa13b005212524d46, + 0x4609186002ac2ef9, + 0x2577cbb09cd2c70d, + 0x17ccd45b525cdd3a, + 0x7874374eefad539b, + 0x810dd1bdd7f1288f, + 0x1638566ba1c8b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x66c9b80c6acc2f26, + 0xcc52d55a453bb01d, + 0xfa4a4a22634f1b4e, + 0x976047bbb34378ee, + 0x3700b5a89ffabab8, + 0xab0d4768b9ffebf1, + 0xc79235087edf78ac, + 0x69a1d7a55593c04d, + 0xf7163cb1bc35bf84, + 0xc9ff85e8121261f1, + 0x9a133d0c6cfa2edd, + 0xf476b44b17c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd871340bf110953c, + 0x38b50149ca754756, + 0xe54c9d5763138345, + 0x12c5af1c857b34dc, + 0x53f981e1c700d200, + 0x8bc388ce2f5fd1f6, + 0x8c6d10c826202c44, + 0xe344410f140e9c47, + 0xa961131f5e558ad9, + 0xda338ccf1871d589, + 0x93b6efe65cb72e67, + 0x12b6585bcec13, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8e1b550b685ec7c2, + 0x5a7658c68be7b715, + 0x4aec7bac7a595268, + 0x6956bc2d445be870, + 0xec52f67c82a2205f, + 0x9e3e4bb9d5a93f3f, + 0xbd279e9aabf30ce1, + 0x79187e2ea8c37b7, + 0xbb5fde656b9d7d0, + 0x51ee2668eccc884f, + 0x40b5a987597ce0e3, + 0x1842a91318038, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x52b7a267f1935eb0, + 0x4b88fa755b382a2d, + 0x7ad7599f288c24fb, + 0x752b8fc45a566c5, + 0x1032c3a04e09e6de, + 0xdd43ac4fd138f4e5, + 0x30e12bfeabd87c2f, + 0x28bce394a9d3c72c, + 0xb09fcd2744ffd1f1, + 0xd55613edf0538a3d, + 0xb609ecf806b25fe5, + 0x5dcb1ee5c1f9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf10c4446eb4b9821, + 0x62929c7bbb85ae4c, + 0x1b76cbf4498bc756, + 0x51cc3806ec4b799d, + 0xbb82ea5ada86503d, + 0xb7cae27fb239c72f, + 0xd04892075ab7c401, + 0x9ba9f5db1d55139f, + 0x5f5844c04aec04f6, + 0x29de464cf66996b8, + 0x862d797e8efbdc28, + 0x18c29c1bff099, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x355a16db683ebb61, + 0x2b0df6cdcd761690, + 0x1f09933b86b99115, + 0xd09f49bdcc764de8, + 0x27b94fd3b7900e89, + 0xf2f586d21eaf3716, + 0xcd661c00c9167969, + 0x782c2355546402cc, + 0xe2d28a0bedd5dab7, + 0x53b059cdd82ffc8c, + 0xb916e9c77e672279, + 0x17f883adbbeab, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xb141f3f914ee6c5b, + 0x560983f5e9e88c3b, + 0x48bcea16262776e8, + 0x44874c4ed2a9d8cd, + 0xb22ed78191ef14b7, + 0x1b91134de87548c7, + 0x23529f7c7e408d9c, + 0x5caeef9b3d833173, + 0xd4eb94e3d7d47722, + 0x9a3f57048247113, + 0x57e6fc54f4260895, + 0x1a1cea8a25e65, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe7b1d34ef3a02080, + 0x6836b3e89b623f17, + 0xcc12965532482e0a, + 0x88b41720f9027e50, + 0xf694e7704d041afd, + 0x81a2d9ee2a17fd25, + 0xbf57a8d6bebd7421, + 0x9dda21e3efe53dd0, + 0x8e45be6b86e7ff09, + 0xc755fb7c9965a18c, + 0x4c8dffc0ce509ea8, + 0xc4f40fcf24b6, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x341b7dbb05573cba, + 0x6f72ce6d18203ced, + 0xa0c55d50b50d68a0, + 0x6f83274681818c0b, + 0x154dc26d73e4270f, + 0x68f1cf4b83476fea, + 0xed1167f2780c9c57, + 0x7b12566b4afaf6c7, + 0x488fecdad952d044, + 0xed0c80b30828b3c8, + 0xa8adc9804f3b4a4a, + 0x3078bc469f61, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xdee7f199a478e59e, + 0x83155109ebf477cb, + 0x9f2407c6dedadb39, + 0x62de4fce422a1d9c, + 0xaa96f9962ed140c6, + 0xfac73a445feeaf87, + 0x701285ea325e0e44, + 0x48d3cc0dd8ff8173, + 0x94834f3ac5d9f817, + 0xd2d9e9bd62967585, + 0xab3b5f585059f1b2, + 0xa9f4e9f043ae, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc99de16fefefea43, + 0x541964dd1879239b, + 0x768ceca81d7b2df6, + 0x6df7900f2b4cc973, + 0xd76bd2455c26c474, + 0xb1efa07cc8f19d57, + 0x577a6f07c924ef79, + 0x14b8767d1ad349f7, + 0x9864a1028aa74900, + 0xf4bf84d3d90b138e, + 0xe9d03513b7689b20, + 0x1bde870448814, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x566037e1fa22e24e, + 0x11a4ce0916a6e53b, + 0x83a2b1071930e1c4, + 0xd301c525b5d9b356, + 0xede522f825da941f, + 0xc27da426e2c8a56b, + 0x2b4e51f7f9fb3a0e, + 0x4ee552689eff4238, + 0x8aff471999051c2, + 0x1c40d28db03e8ff1, + 0x7886ec24d2a10699, + 0xa13ef2ac5e14, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x72a7d46babee4b1e, + 0x488bcc18bed02ced, + 0xfa690651d9be84e6, + 0xda971c5b02fa0ed7, + 0x848dcd7200af2fca, + 0x18ee265795b4f713, + 0xad9ee325949e3a3f, + 0x839cb6a23d04e5ef, + 0x96005b6758a5ce09, + 0x3064666d6dbf8783, + 0x974c51e992f917e0, + 0x1a64d4d68c29e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe9866756de23027a, + 0x88433b60da721300, + 0x97b198c636dd88c9, + 0xa8c10a4c584db360, + 0x3c8ba3bd657937c5, + 0x13fe0cfa8625948a, + 0x688b3fde53612c70, + 0x28488261fa66a0c0, + 0x62d517df29e26155, + 0xbb6397d53be67664, + 0x68aa5ed9239e2c03, + 0x45879d91b076, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x54bcb3ef4fe63354, + 0x4dc12092e9a36d37, + 0xb565e93bd2edb236, + 0xa1ade2937459229f, + 0x84fcb46fcc343f03, + 0xfc7b1ac45c82bf35, + 0xf671b7a5943de344, + 0xbbbf5aa6660cb803, + 0x51f8ce88a73719db, + 0x666ffe572209de22, + 0x748bc3028db0ea20, + 0x6cb624720c80, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8955fe9a4e917e45, + 0x9d0adb37e6027650, + 0x5753472e3ec23837, + 0x3ba3e4c2cb93ec9e, + 0xc020d34aeb311cca, + 0x7dc7ed36c2faf237, + 0x2a70ee84f366fd57, + 0x8e5c1c3c0f729ca2, + 0x3a739171f6d7732, + 0x40e6b8ad996396b1, + 0x82ef53b300c4c7d6, + 0x14cb347fdb3d3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd04a05c278ce07f9, + 0x76e05f3f14613e4, + 0xe632da2c1d5dae59, + 0x5d473925131a540d, + 0xcf522f0b85bba962, + 0x73e80f68a1da929b, + 0xfa92a96629138d7e, + 0xcd5aa41b5baa761a, + 0x89e92e38dd0299c6, + 0xe443fd23ec434e45, + 0xddfcde8256384d60, + 0x13129a3c401cb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4932e3ab3c91befa, + 0xd2c649011868eacc, + 0xe1960656124de836, + 0xa5c93c0984af313d, + 0xb984dfa60146fd7d, + 0x1288771c21f59e63, + 0x3e691b026ef77512, + 0xda81951be12f34ac, + 0x99f464ffc26f9a53, + 0xe8ec81716e6c19c1, + 0xd1a3348b4b57c606, + 0x13677f68713e0, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8698626d09389229, + 0x7c90408aea447603, + 0xf4ae9901edfc0f63, + 0x23d569452ce6fbea, + 0x8d297cba3eaf574a, + 0x4fe88d4d42b76825, + 0x7db79e8a9554d8e4, + 0x61175e4909ac5b0f, + 0xab53c8d770576798, + 0x3350db1e28fcdc2c, + 0x462d8b14b6f45034, + 0x128e831250cb3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9e46ec0e49f39ed6, + 0xd0adc9f8e73af2b0, + 0x6ba9ad5ee7a178b5, + 0x3002da816cc321e3, + 0x968a8f3efff8684f, + 0xebb7f3e642a6ad70, + 0xf338457ef2715f0d, + 0x6b5058ea31d7ba84, + 0xa4c55df058382c23, + 0x789c9e0a52bda937, + 0xd9f70d3c2db0a049, + 0x87dec93043c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x33a90318a204f90a, + 0x9606358d43bf436c, + 0xb2f7e306c2a2da49, + 0x526f3473550776a, + 0x76cbe9bc85a309cf, + 0x5521431d5be3e129, + 0x38ffe6712b3b7326, + 0x47366089e37b0804, + 0x6abb6537d8e25522, + 0xe8e898ded6128230, + 0xeaa51948a4269348, + 0x5e35938a9ae5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x24f82db726d87a2f, + 0xa80fc135c75322ff, + 0x1e2d618737f8727e, + 0x9780b995a593d4f0, + 0x3eb53f685219da2b, + 0x6b226d4d55b2d18c, + 0x1f5454e443ddefae, + 0xc7248ac8efc87c2c, + 0x2a499bb98755025b, + 0x4370f28f6a944218, + 0x6413ac46bd85661e, + 0x1bf214e9afdaa, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf08ecc055731ae9c, + 0xa9956f4498436267, + 0x99bd74093a0a347b, + 0x2920535a13b74261, + 0x62d96b8a6e5b081d, + 0xcfa774b5ea2edeb3, + 0x5347b8ee8e5cac34, + 0x52f33c6e1c4ca885, + 0x4e31094fa74f1113, + 0x8233e4b8f00509bb, + 0x51aa588bd130a894, + 0xd21528b51bf8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6b0577647ceae7f8, + 0x60c292f4459950a8, + 0xbb17825698b65237, + 0x6f2a1f39eaa6eb81, + 0xffceab53d1bfbf2a, + 0x376ccb31e91f1b2e, + 0x7e770efaa0e9f83b, + 0x7568c276efc0fd6f, + 0x8308d6eff2ab4d37, + 0xe9ac526dad61f85a, + 0x74b5a3b1ad795adc, + 0x192bcac7361fe, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x14f78edb99f4ed0c, + 0x7d2856b6bb3f8286, + 0x1376a23940cd049c, + 0x50f380d2cec1574e, + 0xe2a8cc818a47e22f, + 0xd3794327e3422fea, + 0x13a2c81c6c1dcbb2, + 0x2569d3ba88d18793, + 0xe21f4a0985645b07, + 0x5ad42ec81d59f526, + 0x6a987f8a264fa3e0, + 0x595d9af27c14, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x210c84830138d313, + 0x3d8b1abda1be33fe, + 0x2c865fa300993e6b, + 0x959365a8cd01ff47, + 0xb6e2bdd86750c265, + 0x9ebf30a83d5848b1, + 0x844d93587f05ad19, + 0x10845f6e7f52784d, + 0x11b962c0c2fa5f84, + 0xb7f985de9f9ce841, + 0x15d01bf95eda75fa, + 0x109be4d1080d9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x432981336f3c7c91, + 0x9e6188695a84f5e4, + 0x9e85a5527d4c05e7, + 0xdef5ae8c0dfdff4d, + 0xe06b2185ee71656a, + 0x48c676acf3443f4, + 0x32fee6eb676243ec, + 0x85afae2104bea869, + 0xaa21d95474bc9c47, + 0x606152d01c39c697, + 0x45a6c921ef433b77, + 0x7caeb1369fe7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xebdf2ff0f799ad2e, + 0xb0094b3f5dbf1532, + 0xcbe532cc64fd29ad, + 0xaf178d132ad028ed, + 0xefb3ccb62af5252c, + 0x1569408e5ec22e4a, + 0xa9f10fdf6d510138, + 0xe4de4704672b830f, + 0xa9216fb82a180d6f, + 0xbd1494cbf2bdc2b6, + 0x468b472a9aa6007f, + 0x62c2c3ff1d3a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x62d2054593b4bb6d, + 0x282e46412f87b2c5, + 0x45a786991ea4fbbc, + 0xfaeb81bd14642c9f, + 0xf180e1c1a581bb38, + 0x18e9e357ed95f7cb, + 0xd6c57a93438e5196, + 0x2deba9043efb235b, + 0x905dd9bffd275caa, + 0x7de0357ab8d7db60, + 0x1af68c794bfa268b, + 0x167f22adc88bc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8b37efd45369e9c1, + 0x6847c6cac974b33f, + 0x89daf3dd706ffa96, + 0xa97fe685885f3203, + 0x62b3b5a340e01c08, + 0x1686df65e5c06ec7, + 0x9e75460b02944fd, + 0x790f3c692f9b218b, + 0xcd3601dde8735fb5, + 0xae6a81db7e0b0c4d, + 0x321a5d2df6b18827, + 0x751b3abfdb7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x56b8c49396d4b81c, + 0x2d0b7ce811360351, + 0x5ac4f279757e37db, + 0xd53cc217eade6b33, + 0x3bf692ec0b98775f, + 0x24c23a974bdb34f5, + 0x37a149d0254386c8, + 0x9657a3d2dc215496, + 0xd1bea20fc44ec42f, + 0x192b1202b22334ee, + 0xc11a845e0056d559, + 0x12ddad3154bab, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x1fac1f20acfe8ea1, + 0xe0f880dd4178823c, + 0x106b1c1ce03aa4a6, + 0xf3d5af5697582151, + 0x621671d933cf6483, + 0x428b97a5f41bab21, + 0xb85f324b876a1999, + 0x135bdd73b786368c, + 0xe1813bba425de8ac, + 0x37b100e12066ece8, + 0xb74bef2d6cca1d7c, + 0x19957534526f3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xee8f1b3a5c664a32, + 0x2280d9ec143197ae, + 0xd94a3013e7136302, + 0xc5a183f342fb63e3, + 0xea5d62aef4546ba5, + 0x164a2921f077ffd1, + 0x83b72b3614695e2b, + 0xdbd62efa51033687, + 0x73f635c296414705, + 0xdd86c34ff56fc5, + 0x14b3447e23c31c90, + 0xc2cfa4a7434a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbc7e0ec89b506868, + 0xcb984733fe451b5e, + 0x367d5d877b3f90b8, + 0xa3cfe89c59c526f, + 0x878d25dcfd82ff3a, + 0x29817476a5a53225, + 0x93680cdde3b2e6b0, + 0x48565e6100f9bc77, + 0x16ef9ff053ce1383, + 0x1177fd7812a5fa36, + 0xf4bf3e3a631fb6a6, + 0x6de98d4dd6c9, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xca3a54fd8a88657b, + 0x997649d27aac335c, + 0x9579f385357116d9, + 0x11775daff1d8532b, + 0x4b79f5fa9d91544e, + 0xb8be69ebcf5d68fc, + 0x67f6b8ab5cf8180b, + 0xdeba87ef6f33185b, + 0xfb6d62d54ca88e0d, + 0x640fdc19c68d0ba7, + 0xf815d5d6e3dbea90, + 0xc0f24fa9da78, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x99d5f3a090d2e8b1, + 0x188207d66ede4813, + 0x7608f493e81500a4, + 0xbabcdc935ee4c732, + 0xe2b5c53a66424ec2, + 0xc0308182ceff0b8a, + 0x16ef59156e0ca09, + 0x2296ea45bbf763bd, + 0xa0bb68ba36985605, + 0x802041ac0ac5a3fd, + 0xc8e400c5a0439ef2, + 0xb952a2a65d96, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8e2da395435c8c4d, + 0xd711b19baefe1c35, + 0x2619d0013707bc26, + 0xb4115a0ded2b7b5d, + 0x6dac961cf0f8326c, + 0x945e3685e6c70362, + 0x8d78a7c77eeb60a5, + 0x7a0c5498cecae58c, + 0x6fe26e971c2ba780, + 0xb41bbae120cce4cb, + 0x718f9152aa516cb7, + 0x8cfed4609ef7, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xe01a6e9d53864749, + 0xafb52da1d4a263d, + 0xf69e62a3c3c30880, + 0xb9f4e9923a19453c, + 0x54b6d1b50a0d7218, + 0xc1f5b0d0008ea832, + 0xe166d8e734314d07, + 0xfe221592c1984e6b, + 0xd6e06b573468e0c1, + 0x6c19bbd34ae92bb3, + 0xb9008e73cb6b365c, + 0x84a5bb5779bf, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf08786c197427e63, + 0xceb1d1cb9566cee3, + 0xde45fecedb5aab6, + 0x40752ca2dbf8468d, + 0x43ee711398ab7223, + 0xbbebbcda4759f379, + 0xee697e0854a2020a, + 0xdc815fd598bec3c7, + 0x3ea3fd3fe4c4268b, + 0xe1aa3089b96a493, + 0x9fab263a88397500, + 0x9e90b550a627, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x140a5743981ab5b6, + 0xa1967ed8934d84c, + 0x74fe12835fbc979f, + 0x6a5e1d1ec39db577, + 0x7b11ea5e5e670763, + 0xfec518f5594ce331, + 0x8a74b31654c44b7c, + 0x192f910f3069f382, + 0x2b0d37ede7ab8495, + 0x11ac51ecf444634e, + 0x62ec5a3c93953e87, + 0x3dfeb9dad54a, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x37e193f5deee7219, + 0x39f9b913b5002793, + 0xf4086ee1a8beacaf, + 0xa22cff9ac4e4a7b6, + 0x9481daedbcdd0c39, + 0xf438dd92b088e4ea, + 0xa4555551cd9fc45d, + 0x7b7cea66db897f0d, + 0xead76f4f958fcf1b, + 0xf09575256d34119a, + 0x6e3babb5a49ee0e4, + 0x576cc08917b5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x36a09a9964f68f80, + 0x949287cb1e0bd8e8, + 0xfb3ebd86fb1b2d90, + 0x1d086fa86f1ae573, + 0x44535df4d551fd78, + 0x285ec52ff0b56971, + 0xd3ddea90183e5e72, + 0x3c3815a361177bb0, + 0x35be4079c7ad07fc, + 0x1b5d5650ff90e549, + 0xcbbe2641b96060b5, + 0x1319c3835c9d5, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6b3b099ffc8e0ae0, + 0xede2ae33f9d5d095, + 0x34e8979049379d2f, + 0x4935a4e4d4cab7d7, + 0x85135bb0d5cfdc94, + 0x58fdfffc4cb2c1f3, + 0x5171d3d9a22d02af, + 0x8b493b3dcc3aaba, + 0xf2428b683a1973ab, + 0x8cffe9d2cc9d04d5, + 0xaac195ebcd8c6df0, + 0x1381e7ecf26cb, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xdbf27ff79cdcf877, + 0x8afc4c77355be4a9, + 0x7b9b1061282cbddd, + 0x26e1f109099b6b72, + 0x6c4291527b5f90e7, + 0x31dad98bd97c673f, + 0x7a13011ab1400cfc, + 0xf0a3a04468a8100d, + 0xe917a9b171d5403c, + 0x931065154546d909, + 0x9131209cf0fc9cc4, + 0x1600b0ad8e3c3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xce1f39a1cfa7b697, + 0x99429b9ba2bd9c4, + 0x876fe5f65d7d43a5, + 0xd693341dc5c95f3f, + 0x83b4a24f2a57e4c4, + 0x2b2d5bcb0e6ca803, + 0x328a0abb4177d72b, + 0xf003f6bc38f51771, + 0x84892dfd72c9ba67, + 0xc0b2083bf3ec0cbc, + 0x54be6f401cde11f, + 0x767e21ffd1e8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6722e334c5a4a5ef, + 0x8d2221782e82729f, + 0x65b0344484095e46, + 0x7ebd543862cb010c, + 0x67335de58ab04060, + 0xbb52d9ab9b6c0665, + 0xe8e9cb584dbfab89, + 0xd3a13048e81de27a, + 0x1843fc223a73be5b, + 0x49dcb776622fce0, + 0xe6a94ef64b74eb9d, + 0x7d7a95ea1d26, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf2e6646fdb23005a, + 0xc5542145e54e925f, + 0x54037ee25b592f92, + 0x17679f9d30ab1980, + 0x4bc5cde07da51897, + 0x507d164e67470bed, + 0x5487ac9638e5a109, + 0xb99f3a8d1447a43c, + 0xdbc87a57686b6630, + 0x626642377a2c7706, + 0x9354a58a099ebf33, + 0x1ad70ba39a23b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x6303de3f8a9a0572, + 0x25c9a4e962d77ea4, + 0x5b805aefe4ee7af6, + 0x315adbbde71aaba, + 0x4a9a71280bf4752c, + 0x651dafd84c3216b9, + 0xd3ed0b1c30522b67, + 0x1bed1278709ebe30, + 0x38ab7536e06de187, + 0xfc8f1a967774b60c, + 0xfd69d113a82aa590, + 0x16d89bb3bc6a3, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd7c2a3fd3e4bd49d, + 0x90573a435320f113, + 0x5ce31a37c852c0c7, + 0xb6564882fc23d543, + 0x2345e511bf8151, + 0xaca2e847c167fd35, + 0xe31cc547a186aaa5, + 0x4421db0e798b9d1c, + 0xbb095282c4889bad, + 0x302554f5b9d265ea, + 0x507512af281e192c, + 0xf3c51c2f7dd8, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xdaa1fb14dc9bfb52, + 0x2350ab64573c038d, + 0xec529037f1a8f91a, + 0x1a23fb4fc129021a, + 0xe194241d323fddde, + 0x64fe030a6ca10310, + 0x648c03395e7650a9, + 0xc816093653ca9522, + 0x7f534ab426312d, + 0xd96dab83205f9297, + 0x69996c6bd9daa6e8, + 0x3e82c2fdfd16, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xca5a4f48f3e7540, + 0x27d0d0b759277ea5, + 0x96ab5ecd2ac0d1c9, + 0x961e8cc136c2cd14, + 0x96e8f471eab1b7c5, + 0x9fb8ea548c5a3fd1, + 0x5e601cedc88f5c87, + 0x2b041d56213e4f7d, + 0x7cc27dab772f6a8b, + 0x41d92e398b366e40, + 0xcf20ec780ed3da4f, + 0x16df1d7468044, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x8b058c3cc42514c6, + 0xa32c7296da4fb7a3, + 0x7fce83fc1171da1d, + 0x587a55fd204e6551, + 0xbbe4e2120fa5ea75, + 0x1312b7484502ca7d, + 0xac122c1bc035f710, + 0xd362ca77d278b75f, + 0x1f16993aef613f6e, + 0xa65500f1a1fcf708, + 0xe86a6ab9b997b73a, + 0x678f15be099c, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2be90f8937439a0d, + 0xfb1a2b9db2c43367, + 0x6d3fd07f13bb67d7, + 0xba6a0b848a7c9869, + 0x16b504402b2d2f58, + 0xad118bae03e3956, + 0xccda4527510c4dc, + 0x88eeb18864607a79, + 0x38ee387177524c3a, + 0x4da7b54273317a0, + 0x996737151eaef218, + 0x14f0008da5431, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xbf1c23e6811bd686, + 0x370813d7fe75a61a, + 0x597f4f94d617a6dc, + 0xec54a9ed7c33fea6, + 0x37cd08befc608443, + 0x2e5fd34c600306b5, + 0x9abd8a99d39cd098, + 0xc148482b6670f52c, + 0xc7b3f1e1975fd9a1, + 0x5ec16c426f6436f7, + 0xb6458ea2b864f179, + 0x12bd536b42041, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2f7a773ea20e10f6, + 0xd797a4b2c37b17b6, + 0x335309f7fc1a984d, + 0xa84b1ee2a94426e9, + 0xa64f0b629b7420fc, + 0x392113eb9ff17c09, + 0x99cd2cb63caa420a, + 0x925b33ea59d083d0, + 0x8e3aa86713851f25, + 0xf87b6c02fb982c8b, + 0x2658ee292723133b, + 0x6c4bd88b8321, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x87ba0c79ddef54f6, + 0xd5505c0ee341b9ef, + 0xa67dde817c198742, + 0xc52a51e5b2eb0ff0, + 0x3f2d31f21d9f2c4d, + 0x5dcc3a645d80f634, + 0xc36ca8597e6f78bc, + 0xceb3d246d028b83d, + 0x434247d5a0e1270f, + 0x9ec5ab74db1a099e, + 0xb2b8c64a171751c4, + 0x15c8c058922f1, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xfc49d1a4da54219f, + 0x1fbacfb0b145b6b4, + 0xfbe03be712132c8d, + 0x57263c6c0d240382, + 0xd0ba0cea204c43c2, + 0x30655ce3d849704c, + 0x5511aa665c1c1d69, + 0x2d5bb1dc00a2fe61, + 0xb72706049ff235db, + 0xde5bce739c8aab00, + 0x97995074975fd584, + 0x742b29630025, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf62143ca8dffa500, + 0xf5a2092d75c0f68, + 0xf0e7cce47fed1ab7, + 0x84018fbe00ccec54, + 0xf2dc3aa21f4d02b4, + 0x396e15aa2d30ea73, + 0xe0dcc3705c939a68, + 0xe9585266e25cf4ba, + 0x9198156c2d050570, + 0x2c6b180903eebbc3, + 0xf1c9f286c7802a03, + 0x2670c863a290, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x43a46748550969f8, + 0x747d31fef46bb4ae, + 0x5745b72f5429b6ac, + 0xd2fbb3506f6f0a18, + 0xf8c8ff1bd5ec3159, + 0x826427458369cee, + 0x600fdde8e7bcd37e, + 0xa335fe4b9ee6ac00, + 0x9c4dc437d5192651, + 0xad91c0844563b8cf, + 0x651c6488529a75ba, + 0x1a929b1d4e41b, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xf5c0fa703ceef967, + 0x7e8a76ea209882a9, + 0x5bc0effae852025, + 0x78e01fbdadf36b3a, + 0x9c4474e50c7fdcad, + 0x8988335c5ccdd9d1, + 0xb019423ddb77c37b, + 0xff99a012e26b272, + 0xbbeefe2ebd4a84c4, + 0x2919528dd8a266fc, + 0x2ff9472bc05d2a52, + 0xfbdd82904763, + ]) + ), ]; // This MDS matrix supports fast matrix multiplication - const MDS_CST: &'static[Fr] = &[ - field_new!(Fr,BigInteger([0x501a4942604a70b9,0xa76ccc949aa7c642,0x6c4cc86c95605cda,0xbccf7d4f7354e493,0x1206801ab772b03d,0x7bced5d373023379,0x15d6072feb4315e3,0xeac86ddb0d72d1b7,0xf457c575fc343aa0,0x59e953592fd74c9d,0x7ff7fa50750bc70a,0x18886f925d6ba,])), - field_new!(Fr,BigInteger([0x2c2d74682546a0a6,0x9865dc7630bda9e1,0x84100fa0ccf644d8,0x9e0952f7ee653d45,0xb4a4ad4288ceb171,0xdeb37c57f9787f3f,0x4fcc489c84216dd7,0x917d7587f44f023,0x73e38903794b3798,0xb319fbc57d331066,0x805c5d11d9f039a7,0x1b0be2cc8f360,])), - field_new!(Fr,BigInteger([0x334837292ab79a30,0xfde71188546dce34,0x72f5d1a2dda92279,0x63616694a7b65f2a,0x83628012db5d30ff,0xae4201d7d244363c,0x8288328402659901,0x67cd9c6b7f861f43,0x7ba84d7fdc3ac062,0xc825a95ead868c4,0x410d1b5e6c935945,0xaf1562721ddc,])), - field_new!(Fr,BigInteger([0xc13874eda5ad61f7,0x8f9667da8429b450,0x8e4a1bde92a86fdb,0xb0cb6fe9700fc28e,0xc3df17581145f3c9,0xf908ec72ac7f51e2,0x15543370aac8d0b3,0xfc620c67f6810dff,0x1e3b9481634be904,0x487e4371f154ff8e,0x61e4d6c705ec6955,0xb7876d9dcb5d,])), - field_new!(Fr,BigInteger([0x9ba02a198259e4c4,0xf3b92022b540fac,0x52602a0d0a06b389,0xf71b59ca2e46d2f9,0x460850b28a1e77c5,0xf8fc3496b9c70c9f,0xe41868f99690555c,0x5e019b94813a6396,0x6753171688952332,0x8e8b0f8262c4bb60,0x92b2889e172678e1,0xe3a19fcebe4e,])), - field_new!(Fr,BigInteger([0xa2240e8253eafb8e,0x2e9f2ab49147a98d,0x8d26e6fe040f572c,0x1c5d1a2f77c3bd3d,0xcd1554fe26d8e940,0xc3bd113fd13708e3,0x3c4a3090b99f4502,0x7a1ef57be4a0008a,0xf2765b3b44ffd0a6,0x2c7d5cc8fb43f2d0,0x465b44b613c9b1c4,0x233cf8e79cb2,])), - field_new!(Fr,BigInteger([0xd72c82540065191,0x9a1ac4ed2fab8e8,0x650c74eea62243a7,0x6fcf337d1937c2d6,0x7d054a93d61e22ca,0xeb0b43ecb693398a,0xb9b1eaa4b1104ccd,0xf1b7e8c337898df6,0xe2652a56a1447aaf,0x6196f3b47b16110e,0xcb1d39edaab39a9e,0x10a95fbcd6967,])), - field_new!(Fr,BigInteger([0x4b9a96ec4445d17c,0x5db9c19124d846d5,0x3ae31b9cf40b26e4,0xe05c645661d6d15a,0x63c92bfa2844c829,0x6415472ada9ac39a,0x1b89e4ca7499fcde,0x49e7b8a722561159,0x1d4f0de0b8cfb940,0x4a1d8a1cf84ca296,0x784767101218bb5e,0x3171621a22cf,])), - field_new!(Fr,BigInteger([0xa11074f03ec07e15,0x713f4663f3ff3355,0x1a08761c29cb3afb,0xd9d8fc39d2b7a8b5,0xfb20d30306dce9cf,0x57270eddabed3a7f,0xfbde52978687148d,0xac5de44ad3586169,0x5544299cb8c3db5f,0x244ac8e0636993bb,0xdb58cffd2ff83d0,0x1120aca75573a,])), + const MDS_CST: &'static [Fr] = &[ + field_new!( + Fr, + BigInteger([ + 0x501a4942604a70b9, + 0xa76ccc949aa7c642, + 0x6c4cc86c95605cda, + 0xbccf7d4f7354e493, + 0x1206801ab772b03d, + 0x7bced5d373023379, + 0x15d6072feb4315e3, + 0xeac86ddb0d72d1b7, + 0xf457c575fc343aa0, + 0x59e953592fd74c9d, + 0x7ff7fa50750bc70a, + 0x18886f925d6ba, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x2c2d74682546a0a6, + 0x9865dc7630bda9e1, + 0x84100fa0ccf644d8, + 0x9e0952f7ee653d45, + 0xb4a4ad4288ceb171, + 0xdeb37c57f9787f3f, + 0x4fcc489c84216dd7, + 0x917d7587f44f023, + 0x73e38903794b3798, + 0xb319fbc57d331066, + 0x805c5d11d9f039a7, + 0x1b0be2cc8f360, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x334837292ab79a30, + 0xfde71188546dce34, + 0x72f5d1a2dda92279, + 0x63616694a7b65f2a, + 0x83628012db5d30ff, + 0xae4201d7d244363c, + 0x8288328402659901, + 0x67cd9c6b7f861f43, + 0x7ba84d7fdc3ac062, + 0xc825a95ead868c4, + 0x410d1b5e6c935945, + 0xaf1562721ddc, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xc13874eda5ad61f7, + 0x8f9667da8429b450, + 0x8e4a1bde92a86fdb, + 0xb0cb6fe9700fc28e, + 0xc3df17581145f3c9, + 0xf908ec72ac7f51e2, + 0x15543370aac8d0b3, + 0xfc620c67f6810dff, + 0x1e3b9481634be904, + 0x487e4371f154ff8e, + 0x61e4d6c705ec6955, + 0xb7876d9dcb5d, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x9ba02a198259e4c4, + 0xf3b92022b540fac, + 0x52602a0d0a06b389, + 0xf71b59ca2e46d2f9, + 0x460850b28a1e77c5, + 0xf8fc3496b9c70c9f, + 0xe41868f99690555c, + 0x5e019b94813a6396, + 0x6753171688952332, + 0x8e8b0f8262c4bb60, + 0x92b2889e172678e1, + 0xe3a19fcebe4e, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa2240e8253eafb8e, + 0x2e9f2ab49147a98d, + 0x8d26e6fe040f572c, + 0x1c5d1a2f77c3bd3d, + 0xcd1554fe26d8e940, + 0xc3bd113fd13708e3, + 0x3c4a3090b99f4502, + 0x7a1ef57be4a0008a, + 0xf2765b3b44ffd0a6, + 0x2c7d5cc8fb43f2d0, + 0x465b44b613c9b1c4, + 0x233cf8e79cb2, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xd72c82540065191, + 0x9a1ac4ed2fab8e8, + 0x650c74eea62243a7, + 0x6fcf337d1937c2d6, + 0x7d054a93d61e22ca, + 0xeb0b43ecb693398a, + 0xb9b1eaa4b1104ccd, + 0xf1b7e8c337898df6, + 0xe2652a56a1447aaf, + 0x6196f3b47b16110e, + 0xcb1d39edaab39a9e, + 0x10a95fbcd6967, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0x4b9a96ec4445d17c, + 0x5db9c19124d846d5, + 0x3ae31b9cf40b26e4, + 0xe05c645661d6d15a, + 0x63c92bfa2844c829, + 0x6415472ada9ac39a, + 0x1b89e4ca7499fcde, + 0x49e7b8a722561159, + 0x1d4f0de0b8cfb940, + 0x4a1d8a1cf84ca296, + 0x784767101218bb5e, + 0x3171621a22cf, + ]) + ), + field_new!( + Fr, + BigInteger([ + 0xa11074f03ec07e15, + 0x713f4663f3ff3355, + 0x1a08761c29cb3afb, + 0xd9d8fc39d2b7a8b5, + 0xfb20d30306dce9cf, + 0x57270eddabed3a7f, + 0xfbde52978687148d, + 0xac5de44ad3586169, + 0x5544299cb8c3db5f, + 0x244ac8e0636993bb, + 0xdb58cffd2ff83d0, + 0x1120aca75573a, + ]) + ), ]; /// Short Montgomery multiplication with respect to the short Montgomery constant R_2=2^64 @@ -301,4 +4041,4 @@ impl PoseidonParameters for MNT6753PoseidonParameters { *res += &elem; }); } -} \ No newline at end of file +} diff --git a/primitives/src/crh/poseidon/parameters/mod.rs b/primitives/src/crh/poseidon/parameters/mod.rs index 12d737c4d..fdaf05ff6 100644 --- a/primitives/src/crh/poseidon/parameters/mod.rs +++ b/primitives/src/crh/poseidon/parameters/mod.rs @@ -26,4 +26,4 @@ pub use self::tweedle_dee::*; #[cfg(feature = "tweedle")] pub mod tweedle_dum; #[cfg(feature = "tweedle")] -pub use self::tweedle_dum::*; \ No newline at end of file +pub use self::tweedle_dum::*; diff --git a/primitives/src/crh/poseidon/parameters/tweedle_dee.rs b/primitives/src/crh/poseidon/parameters/tweedle_dee.rs index 1e34aa247..168295894 100644 --- a/primitives/src/crh/poseidon/parameters/tweedle_dee.rs +++ b/primitives/src/crh/poseidon/parameters/tweedle_dee.rs @@ -1,6 +1,5 @@ use crate::crh::{ - PoseidonParameters, - FieldBasedHashParameters, PoseidonHash, batched_crh::PoseidonBatchHash, + batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonParameters, PoseidonQuinticSBox, }; use algebra::fields::tweedle::Fr as TweedleFr; @@ -17,7 +16,7 @@ pub struct TweedleFrPoseidonParameters; impl FieldBasedHashParameters for TweedleFrPoseidonParameters { type Fr = TweedleFr; - const R: usize = 2; // The rate of the hash function + const R: usize = 2; // The rate of the hash function } impl PoseidonParameters for TweedleFrPoseidonParameters { @@ -30,225 +29,1849 @@ impl PoseidonParameters for TweedleFrPoseidonParameters { // State vector after permutation of zero state vector (Montgomery rep.) const AFTER_ZERO_PERM: &'static [TweedleFr] = &[ - TweedleFr::new(BigInteger([0x85614442a60ac11a,0x55a43ca8180d2e08,0x43f61ff197080ac4,0x19d87eb89a42aaf1,])), - TweedleFr::new(BigInteger([0xa2f6b5a9a16d3790,0xc947563b131a126c,0x52c19607bb4b6640,0xc4604a460df1c57,])), - TweedleFr::new(BigInteger([0x7d8f3c1679a9cbe2,0xb09fdc38ee15fe77,0x810720bf23be8578,0x2ab876d1a0abfa95,])) + TweedleFr::new(BigInteger([ + 0x85614442a60ac11a, + 0x55a43ca8180d2e08, + 0x43f61ff197080ac4, + 0x19d87eb89a42aaf1, + ])), + TweedleFr::new(BigInteger([ + 0xa2f6b5a9a16d3790, + 0xc947563b131a126c, + 0x52c19607bb4b6640, + 0xc4604a460df1c57, + ])), + TweedleFr::new(BigInteger([ + 0x7d8f3c1679a9cbe2, + 0xb09fdc38ee15fe77, + 0x810720bf23be8578, + 0x2ab876d1a0abfa95, + ])), ]; // Array of round constants const ROUND_CST: &'static [TweedleFr] = &[ // Constants converted to Montgomery representation. // For rounds 4 + 56 + 4 = 64 - - field_new!(TweedleFr,BigInteger([0x5b40ba7b683c32b4,0x5c84c551ca7a85da,0x4c7048d27b81a93b,0x3635a5ecd9890320,])), - field_new!(TweedleFr,BigInteger([0xfaf17623b724080f,0x5147e68371f072d8,0x7b6db0e06026db4e,0x35568295f90299f1,])), - field_new!(TweedleFr,BigInteger([0xdf23982dd9ab92ee,0x930337384ab1cf0f,0xa24fb33c6e0edf07,0x16f9cec4b30643d5,])), - field_new!(TweedleFr,BigInteger([0x17a1f4e0ed300856,0xa2261565e18f8435,0x57023bb1ef5e4acc,0x29f74889b22b4f42,])), - field_new!(TweedleFr,BigInteger([0x250b3c444dce8028,0xfc3256f01f8709aa,0xda2ced599d05a12b,0x2709632801b2fad5,])), - field_new!(TweedleFr,BigInteger([0x45c1f93e5da9687d,0xf2a5b62ea2bc014e,0x8609bd7fb780d77,0x21984a539dd58517,])), - field_new!(TweedleFr,BigInteger([0x842f4e299261f8ee,0x95e3ff6ae96ee780,0xe898ea9fcb19fb8a,0xe86cd5182be4ede,])), - field_new!(TweedleFr,BigInteger([0x801561c22bef8ded,0x16f26b1df6fda550,0xb27e9b31bcde644,0x120e1d4f13fed959,])), - field_new!(TweedleFr,BigInteger([0xc8f8a96d4a4d6411,0xade9be9ac79de2bb,0x28d9f1b7afd1fa0d,0x2bd0d5cc0a8ec40d,])), - field_new!(TweedleFr,BigInteger([0xc0232d0b802af29c,0xa7479c9b6937b309,0x9251392cf5507e3f,0x222efa635791e7f3,])), - field_new!(TweedleFr,BigInteger([0x770afc56a6e9e7be,0x5eea5cfd5cbee98f,0xc7634888d523d361,0xc8db4523f0f6b37,])), - field_new!(TweedleFr,BigInteger([0x3c4bef6b32ecfd5f,0x8faf86e61ae51801,0xa7aaf638e5419e61,0x1e8ac93cce7af18c,])), - field_new!(TweedleFr,BigInteger([0xdba1e3b777225723,0x1c443440e9a57d18,0x355d465ae9214b,0x1ca702200dfb0714,])), - field_new!(TweedleFr,BigInteger([0x7398405fa18eed64,0xae86c4847d5522c8,0xb83609d939ea39f8,0x3dca88087d7ca780,])), - field_new!(TweedleFr,BigInteger([0x649ac2dbb3d71084,0x9908ffd822f3b422,0x9c28cee534c92fbf,0x19848720b9c422c2,])), - field_new!(TweedleFr,BigInteger([0x768a4011e50059bd,0xcf9257823d2b4b52,0xe67ddb151a7e2620,0x1ee345166e7b78e4,])), - field_new!(TweedleFr,BigInteger([0xd5278574024ca4bb,0xd27510c90177e064,0xa68b6eb08e653734,0x2a4ec10e3c350990,])), - field_new!(TweedleFr,BigInteger([0xf2e2eeec26f0c782,0x54022078c1ea0f08,0x1f94580b1710ae0f,0x23acae47a518b433,])), - field_new!(TweedleFr,BigInteger([0x3edcc3626063e349,0x24e01b80ad328575,0x6bbcd01882c1dc37,0x3f5be3b0c20a0297,])), - field_new!(TweedleFr,BigInteger([0x6a6a2fcdf45f0f1d,0x4b4b6abdcb2485a4,0xff62dc01f4d5c6d3,0xefb1b1545a3d537,])), - field_new!(TweedleFr,BigInteger([0xc4d8909cb5f1508e,0xdce57a9ddf63bdc7,0x4e40f59531a4210b,0x2aacd0bab17f7e21,])), - field_new!(TweedleFr,BigInteger([0xf0b98b8c922917d9,0x2df4f5b90cc69f6c,0x879b95c03948656f,0x247cfd314dff147b,])), - field_new!(TweedleFr,BigInteger([0x4b19813492891dc5,0xb770bcb2c942e03f,0x7f36c6866501a12e,0x5c528ac418866d8,])), - field_new!(TweedleFr,BigInteger([0x83b5862abd3a5869,0x6e9924a15a35e8e2,0x4ee02518bf9271b4,0x1810ab5d4db5526f,])), - field_new!(TweedleFr,BigInteger([0x57a29928a3f89a83,0x44ce075e9efa5ab8,0xe5986769c012be2,0x1fa92e8d9ceb62a6,])), - field_new!(TweedleFr,BigInteger([0x7f2a76be51108f7a,0xb22948b99ae4b573,0xb04820032d22d414,0x2d821e02f729b3b4,])), - field_new!(TweedleFr,BigInteger([0xd35d701a0855451d,0x86e98f69c3c8223f,0xd0dc2c5c4df590c1,0x14bbe1533e129537,])), - field_new!(TweedleFr,BigInteger([0xaeb51b1954d37e64,0x41dde0df17f6ed05,0x69e41530ca17714b,0x14b01168e046deff,])), - field_new!(TweedleFr,BigInteger([0xee99c169bd39e2be,0x9da34706ab01fe81,0xdd867f2a9f033fea,0xdf49fbdc0a3e246,])), - field_new!(TweedleFr,BigInteger([0x68befc07dbfbe05c,0x21e68712d7529c29,0x5826ac469b436c5f,0x1ffca5b9f5623d08,])), - field_new!(TweedleFr,BigInteger([0x531c7f1193f74903,0x3004cbceb702a130,0xde051b2c457bea98,0xfe4dee460343735,])), - field_new!(TweedleFr,BigInteger([0xd78591c4c24767e0,0xc00f76aae9605c7c,0x282d9be2a5dbcb3,0x2b8320190d37fc1d,])), - field_new!(TweedleFr,BigInteger([0xc8ba5b82a4b8f36f,0xcd83353c928feb30,0xdc7d210da77da39f,0xd8b9729a1595850,])), - field_new!(TweedleFr,BigInteger([0x69ab2f87d14a19d1,0xa50d9f2c2652b492,0x2e2d4ed8796f2095,0x24f017b692739e37,])), - field_new!(TweedleFr,BigInteger([0xd275c2c9c91d7810,0x422f2a583d3ed019,0x6c2d97876c962800,0x35c2b094b945aca8,])), - field_new!(TweedleFr,BigInteger([0xc209a45eab978019,0x4aea5d9c7feba34e,0x80330115db35a489,0xc8c3afb44b5e433,])), - field_new!(TweedleFr,BigInteger([0xa31ea13afb07e3a9,0x576fda31d615e9c0,0x6c3fb6e0ccbc51e2,0x3589d714414c6ae6,])), - field_new!(TweedleFr,BigInteger([0xf066573facee6ae5,0x3f5780997add0273,0x96bf0cbfa9eb2d77,0xe1f6cdcc5cc4f82,])), - field_new!(TweedleFr,BigInteger([0x82175011fcbc1132,0xd9f8835383b444ed,0xc936550b32a08e9f,0x3d2f6e9af6c701b3,])), - field_new!(TweedleFr,BigInteger([0x6d1257d391aaab40,0x9d6bc81892ded952,0x8d494d23f2b6a450,0x2ab76afef15e4907,])), - field_new!(TweedleFr,BigInteger([0x4f2f36b61527cc9b,0x7c24b84bc9efaddb,0xf566d68c350e5ad1,0xb70be812bbd7984,])), - field_new!(TweedleFr,BigInteger([0x5c0bfb236fcd408d,0xa168f50ed8a2d3bc,0x3dd1b7f6d6a6c3de,0x9e7f31ca061f58a,])), - field_new!(TweedleFr,BigInteger([0x529b2af2b6d2692a,0x5f7726eb988e29fb,0xf526ad2131c13565,0x2c2f89f61e0821b7,])), - field_new!(TweedleFr,BigInteger([0xc9a0042e7e8d9161,0x1ef6405cd54e9f53,0x8fb81ce5138d5e4f,0x255daaf8cd7fba2e,])), - field_new!(TweedleFr,BigInteger([0xa23054850faa19a,0xabce1c215fce82cf,0x11e602ed29969952,0x141e8a5470240d16,])), - field_new!(TweedleFr,BigInteger([0xc5479d44f4495019,0x9517b52757c8df1f,0x90c8782d13821a3e,0xca01f04d0e6b51,])), - field_new!(TweedleFr,BigInteger([0x7808ea626b554cdc,0x5984f3c9d12a886f,0xdbf2dc8b8b4dc62c,0x13544ea0756f1e52,])), - field_new!(TweedleFr,BigInteger([0x3143068f358657d9,0xd2884887574cfec4,0x6771d946a01d9ba,0x1ce6165523ee56e3,])), - field_new!(TweedleFr,BigInteger([0x7c56376c7c49d8fb,0x4bb497eaecf25f94,0x900676807703d160,0x3983839a9fa907eb,])), - field_new!(TweedleFr,BigInteger([0x5962f38ae6258169,0x3636dfd3338ecf98,0x15a21dc9ef0b7069,0x3dbdfb167eadf9d6,])), - field_new!(TweedleFr,BigInteger([0xc1bf4a7451f40c0d,0x7d6c04fcaba2bc10,0x9efea209f61ff3a5,0x2b7e866b1e3486b5,])), - field_new!(TweedleFr,BigInteger([0xfbf25fef5e70191a,0x3ea2facb4e33fbf1,0xde3883ca4737c10d,0x128605fc3aa70821,])), - field_new!(TweedleFr,BigInteger([0xe4e730382838e84e,0xa339aef76b143312,0xdfb55dafcad4eead,0x3b57e837ae88e30a,])), - field_new!(TweedleFr,BigInteger([0x899cc5ce432282ac,0xa40e3a240d681196,0xd7123ac7f4bbe80,0x3dbbdb06f786c87a,])), - field_new!(TweedleFr,BigInteger([0x3603ae0a30c4e0ab,0x5fb0069dc23c4e0c,0x40a0b4367d1e1940,0xf76071a11359b34,])), - field_new!(TweedleFr,BigInteger([0xb2f5de4238440b3f,0x2df163160875eb5c,0x138986efd82b9bf9,0xc04833310c446b7,])), - field_new!(TweedleFr,BigInteger([0x7fb78f69bb24da10,0xa0dcdac828496beb,0x73473024f29ed6c,0x2c427c31ebb40280,])), - field_new!(TweedleFr,BigInteger([0x9b047a9aed6b285b,0xe7edb85af1244f99,0x4d5951ee0a4d944c,0x1ba6aab4f1f6dda7,])), - field_new!(TweedleFr,BigInteger([0x3ac3876bc3af6824,0x7ed62f6843cfe5bb,0x52ca0242d0afd07e,0x28bb2ebe7801bf3,])), - field_new!(TweedleFr,BigInteger([0xb2ec58c3fdb06bfb,0xd2124576148ab023,0x45e45cf3920e7a5f,0x1fa6736497b2ec7d,])), - field_new!(TweedleFr,BigInteger([0x683fbe5ba3701159,0x328d9a42a438cc89,0x10379ca4e7235ef8,0x1ec08556c43de00a,])), - field_new!(TweedleFr,BigInteger([0xfa98e83104c4281,0x78a7b989ceb63e6f,0x60e7a3401a353e4b,0x3a078be8189ac774,])), - field_new!(TweedleFr,BigInteger([0x21c40b74fcf0f0ff,0xf4331168872abf24,0x1e3858d5c495a389,0x2f1d896ba58b68fa,])), - field_new!(TweedleFr,BigInteger([0x8ec1cf148008e452,0x7a9341e95edd3d25,0x2ba8ef7c8dc857de,0x1a9b993468c6de97,])), - field_new!(TweedleFr,BigInteger([0x240d302dc52be2a,0x727cd6a5b639c1e7,0x1d77e1844488a06f,0x180d136543d0830d,])), - field_new!(TweedleFr,BigInteger([0xdbec2d05d799f1fa,0x57de7a4308c59f0e,0xa546dcf352194bd2,0x2f41451801c55d15,])), - field_new!(TweedleFr,BigInteger([0x5a6c23347fb73855,0xe435e2a4919f6741,0x5a8f0f4e3fb3fd48,0xfaea39d9f9ccd99,])), - field_new!(TweedleFr,BigInteger([0xb608ac024a19526b,0xc66db73c8de7a6ec,0x1410e5990760f215,0x2a04c75ce368123,])), - field_new!(TweedleFr,BigInteger([0x5dd1ec60ca5c4617,0x42f946e8ce1c9dd3,0xcc106a7eefbaa2f3,0x29982299d1ae0609,])), - field_new!(TweedleFr,BigInteger([0xef89c5de6185a1bc,0x729621e91c955a34,0xf80c8d198f1a55cd,0x246fdff7fca32b0f,])), - field_new!(TweedleFr,BigInteger([0xa437f9c38f5d3aa6,0x36026d6082870a81,0xada88b6442c914,0x7e35821968aa3f7,])), - field_new!(TweedleFr,BigInteger([0x468c722d26e6cc2f,0x2308f0e5395bfd20,0x8a5462e0bcca01cf,0x2c494a8af1252391,])), - field_new!(TweedleFr,BigInteger([0x9d570b88634578bf,0xf230b4402ac38819,0x18ffd5d42abbda4b,0x3df4128c07f339e7,])), - field_new!(TweedleFr,BigInteger([0xdf9a8ebc79ed3ca1,0xc0b9ce370274144c,0x8305ab76c01f900b,0x2aca620b1d284876,])), - field_new!(TweedleFr,BigInteger([0xcee0177dc89e8b79,0xd4c2b4a9b5419721,0xd367325278cc7f8a,0x356443ae1f0c10e0,])), - field_new!(TweedleFr,BigInteger([0x6f0ba77c0ffdd52f,0x138ba73e76a99e8a,0x8fc163237cf24127,0x197c71ca636246ef,])), - field_new!(TweedleFr,BigInteger([0x2821aeb46f75005b,0x2b8a1579e26d66db,0x4ed63ae3a9f04713,0x3ecdf3895ab694bb,])), - field_new!(TweedleFr,BigInteger([0x4e1c8067a64047b4,0xb0d76895f9d49a93,0xa8baefb3f95ca250,0x255b57dd4beb9c97,])), - field_new!(TweedleFr,BigInteger([0x652fcabcef1e5880,0x4e0d5e21bd34817,0x5919495683c909c9,0x3a48a1d8e0c1ac49,])), - field_new!(TweedleFr,BigInteger([0x5eb4c07f344eb756,0x13b503408e43fa77,0xaa3f79e6b2a21f58,0x39cd92dc336d98f4,])), - field_new!(TweedleFr,BigInteger([0xbabf83f00ba73378,0x58b409a005b39442,0xaf29495cde3171d0,0x39d4fddfe7a495fd,])), - field_new!(TweedleFr,BigInteger([0x88aa71ff4748eae7,0x15dcf8529e1b6e72,0x9dccb71d7792352f,0x29162325d6f93ddb,])), - field_new!(TweedleFr,BigInteger([0x58acb61d9baa4321,0x85c77bffa34019fc,0x25c55410de450ca3,0x373b0cb2d2b4ac16,])), - field_new!(TweedleFr,BigInteger([0x33a41d77a7608a21,0x4481ac32eb1027b9,0x1724325035373431,0x3b30aa0324f469cf,])), - field_new!(TweedleFr,BigInteger([0xce2c196c128ab161,0x7fcb3bf93a8233ef,0xe6a4e7d30e51b75,0xf5105739e560354,])), - field_new!(TweedleFr,BigInteger([0xb0ce75473b9c4756,0x4c327642dbc3e75f,0xe3ef959238048022,0x5f9cd07fb1b8439,])), - field_new!(TweedleFr,BigInteger([0xb24396c283123a29,0x116e5579eed619be,0x5d0f913ba5c91d75,0x19afb9d6135204cd,])), - field_new!(TweedleFr,BigInteger([0x38aa8cc700a2809d,0xbeb96eba49709a2a,0x372ac244e3ee29c3,0x2d7f802d1fa5f51d,])), - field_new!(TweedleFr,BigInteger([0xc3f4536bd1fca99d,0x4844f4e1be1b90d7,0x412a6aa7a9e84517,0x21e53326dbfbffbf,])), - field_new!(TweedleFr,BigInteger([0xf1385daff2a2f8ff,0xa4a80f1ddabbc58d,0x920706dd6fe726b0,0xe720ae572c3e8f,])), - field_new!(TweedleFr,BigInteger([0x395d623573714aeb,0xa7809c21b198a83,0x6f17eaabaf874dc3,0x2386323fefc3d0ee,])), - field_new!(TweedleFr,BigInteger([0xc4ca6a67617f9d9e,0x5921adbddcd1b3c1,0xdddb4bf80d1425a1,0x8c1f9e7337e332d,])), - field_new!(TweedleFr,BigInteger([0x18ae91f714426b6b,0xbcb7e69b5dbc1b8d,0x478f7087437efd7b,0x1f0e5d8508265b58,])), - field_new!(TweedleFr,BigInteger([0x2072743b5ed4d4e2,0x98cc3ebb858ce950,0x8d3edbd0198f8abf,0x1fff876354f7e8b9,])), - field_new!(TweedleFr,BigInteger([0x8c3d8559db6171f2,0x155f3df1ef7f27ab,0xf8bff91f29054e8,0x3afa4f78c62f4c27,])), - field_new!(TweedleFr,BigInteger([0xe07e955f891dd11d,0x9b3d78bedef1980d,0xd892d3929006398d,0x10b1f7cc5b24f2a8,])), - field_new!(TweedleFr,BigInteger([0xcb42a29a7699ac02,0x1ab5af42ef8615a7,0xb63959c4aba00405,0x32af39352a3b653,])), - field_new!(TweedleFr,BigInteger([0x43e8bbdba7be6c56,0xe0cb740d7ef4aa85,0x32da6558373c5eb3,0x24e230f9a0f7b47b,])), - field_new!(TweedleFr,BigInteger([0x61b487e28794a309,0x78d6a8f0ac2fe1d4,0xd930bba6ca33b916,0x225f7481b01be62c,])), - field_new!(TweedleFr,BigInteger([0xdf2dfdd71c9b2219,0x683f835d1f5f5358,0xa30e95f9c86c417b,0xe5031e83b6ce98b,])), - field_new!(TweedleFr,BigInteger([0x11baf726f345d1b0,0x7448d7020694b66b,0xb215793ab845ad64,0x1390dea862255442,])), - field_new!(TweedleFr,BigInteger([0x5c3b10e7e8b76d23,0x683d97736a642ee1,0x3c9d71ac14cfa293,0x11771bd30622685d,])), - field_new!(TweedleFr,BigInteger([0x5241adbb730f7c1c,0x54dd3ea4e2d99abc,0x252349664178cfeb,0x35680d800c726b0,])), - field_new!(TweedleFr,BigInteger([0x24a4c9059e0664a3,0x16966cf8daebdd3d,0xf79952fa5f5d66b0,0x1c5fd4ac6dc3a82d,])), - field_new!(TweedleFr,BigInteger([0x159db5003cafe2dd,0xed947b30c1c4c5f5,0x4f1efc23572fd36,0x33e175fcecb32ef,])), - field_new!(TweedleFr,BigInteger([0x7167bfbb4ec88831,0x2192e7554c53bc9,0xdc2c734c34c847ef,0x3a0c56c757ffd17e,])), - field_new!(TweedleFr,BigInteger([0x4be153e4b781ccfb,0x482b9b003141437a,0xad0a61ce105d2377,0x3da50efd2fbe3547,])), - field_new!(TweedleFr,BigInteger([0x37fe98a457b4d383,0xb84afb053ed9ccbf,0xc812b03968f051c5,0x3440b797f43d3fd7,])), - field_new!(TweedleFr,BigInteger([0x6e65d3bbd01ec57c,0x59bb8720a8017a3b,0x61ee625cfa32fc7b,0x2058eb99d35bd8c2,])), - field_new!(TweedleFr,BigInteger([0x4fb52802b9a65ef1,0x7ab6a7c8d938b810,0x22fd912083ea64cc,0x8951291638300dd,])), - field_new!(TweedleFr,BigInteger([0x5c86c97f3a293b3,0xfdd511e4b386a858,0xd96b567ced51dd86,0xd007d439444ee0d,])), - field_new!(TweedleFr,BigInteger([0x25e231c9c268a448,0x82211fcee85324dd,0xe5dc9e4d574104b,0x349f388ff4b39804,])), - field_new!(TweedleFr,BigInteger([0xc04e9aab4caea7a5,0x29323bc7287a055f,0x380ec44a8d950a11,0x8edc2b0f4dd49fb,])), - field_new!(TweedleFr,BigInteger([0xa4ec4b979c36ca86,0x3d04e4888ab2bc1,0x65d0e4a41702b77b,0x21a54769a20ad5a5,])), - field_new!(TweedleFr,BigInteger([0xe43a76d502a5dcf3,0x3d7d516ade3d4d85,0xf1a192ef8fb46ed9,0x16b82615513f3e,])), - field_new!(TweedleFr,BigInteger([0x1f27e6946eb3d237,0x90ea64c64592bb87,0xae18c2871965853b,0x95ed0bcc2552da8,])), - field_new!(TweedleFr,BigInteger([0xee0e74467719bd5c,0x71178d708d070d2a,0x1d5221ea476ddab1,0x3f4544eb857e6191,])), - field_new!(TweedleFr,BigInteger([0xe5b4c57255a42c98,0x60f5059d98537d1a,0x779592cb513f1037,0x5fb02fcd2bf22b2,])), - field_new!(TweedleFr,BigInteger([0x34afcb4d83bb75b0,0xe8b9a17e67c535a2,0x162a08bea063ad7f,0x173521cf52c3f703,])), - field_new!(TweedleFr,BigInteger([0x111fe0618da68686,0x72f18a8d1016a031,0x21573c0d83d8449d,0x1a1b2ddda60b2864,])), - field_new!(TweedleFr,BigInteger([0xecaeee5299feead7,0xaa2ac57af25fcf32,0x8aaed58c5c612676,0x278d19038a95a4ce,])), - field_new!(TweedleFr,BigInteger([0x4fd5a37933de40b2,0x48c3e4e86e6e293d,0x2bc19accce69855,0x3c2522dbcacc59ae,])), - field_new!(TweedleFr,BigInteger([0x900407bb54697e8b,0x8cda43619dac3e50,0xaa61a4853d1eb224,0x2dbbc58fc1045d3b,])), - field_new!(TweedleFr,BigInteger([0x4d319547aa417a31,0xbe595b394222cbf8,0x4810d1221885d698,0x3927befead0d255f,])), - field_new!(TweedleFr,BigInteger([0x6ef1931f91cc693e,0xbfd985c2d5a000b5,0x435ec5d0f7025e5a,0x1b6aadca0975c95e,])), - field_new!(TweedleFr,BigInteger([0x568719957fc6d3ea,0xdeab08bd7666e2a7,0xbefeaad6482ff79e,0x3b76bd6838874f64,])), - field_new!(TweedleFr,BigInteger([0xb545b477f84a9e35,0x6ace83435105609f,0xe06a154db6abcadf,0xaca980d1168ec6f,])), - field_new!(TweedleFr,BigInteger([0x1dc2bb904e3dc01a,0x7e8dbfc1655bcaab,0x25620195822cb50c,0x1e25bb92541cafcb,])), - field_new!(TweedleFr,BigInteger([0x13618fb6c1d1b02c,0x9b6067028fd1a00b,0x9789e13f148a731b,0x23d0fcbcf6ae6ff5,])), - field_new!(TweedleFr,BigInteger([0xa81e57dd6825855a,0x4ce86237606e33f1,0xf16a3a3f3188995,0x3bdd80b309dd37b1,])), - field_new!(TweedleFr,BigInteger([0xc85beb683624f94c,0x6f4252ccce0a7dcc,0xfc3378ed2cddbc89,0x372ed965844dc975,])), - field_new!(TweedleFr,BigInteger([0x57e21f1f7c543558,0x5488a759ec2ef3da,0x60885a9a7dc16ee1,0x39d019452439c6d4,])), - field_new!(TweedleFr,BigInteger([0xf82a8816dd040e44,0x95e825ac7adb359b,0x5b04e3a5845e1611,0x62354abd118cb9c,])), - field_new!(TweedleFr,BigInteger([0x5fe01ca6a8d4ab0c,0x7d80471e1674d1ce,0x72216b91c704740a,0x2056e8352f496387,])), - field_new!(TweedleFr,BigInteger([0x307d2640247e39c0,0x6be654cb1497f2a4,0xd453ca99df6af5b4,0x32ce7fcc0649737d,])), - field_new!(TweedleFr,BigInteger([0x2227b48e8b87838,0x9f02324c92f7c5e5,0x3ad9aad80fe64ed,0x2b06ce250895635d,])), - field_new!(TweedleFr,BigInteger([0xe33d93c6dc374234,0x4be10d1976c46cbe,0xcaaa44b7e3db976d,0x56cb6118685b436,])), - field_new!(TweedleFr,BigInteger([0xfb022765684373d4,0xaa65d769b1c7326d,0x1615e1b8394b938d,0x2b51b83c2ae929a0,])), - field_new!(TweedleFr,BigInteger([0xcecc85a407f6b66f,0x15ea963585bb4902,0xbc46166254b25807,0x2994c0eebd765a08,])), - field_new!(TweedleFr,BigInteger([0xf118c2aca29b807f,0x90d173ca245d1e93,0x5a51b0eeb97ec1a8,0x3cde6ce85af570e9,])), - field_new!(TweedleFr,BigInteger([0xd164861a1998b5de,0xe29b4e25c55e8dc,0x313ef23ae01c8eca,0x3f2964f0fbb924e3,])), - field_new!(TweedleFr,BigInteger([0x527b83ec285477b3,0xa57dbd1546a72bdf,0xabed7bec6ae182dc,0x250f1283efb3402e,])), - field_new!(TweedleFr,BigInteger([0x1a1f0d16e2ad5558,0x9913ecff1f996cec,0xcab6e3fe0c7ff1a7,0x32629665a97a0736,])), - field_new!(TweedleFr,BigInteger([0x3ffcc30c3ce947ad,0x43e76b15dbcd7b63,0x7094b67e3b9ceb7e,0xdac5c94e50cb421,])), - field_new!(TweedleFr,BigInteger([0x506bd32ba9a41489,0xecdf0e10e4f49c21,0x4b547abb2ac41851,0x2cb618b912b3275b,])), - field_new!(TweedleFr,BigInteger([0x8bfb64bfed59a43d,0xad01893d081d4a6b,0x625ea0318fb7b20,0x39b29446a805b481,])), - field_new!(TweedleFr,BigInteger([0x790e8f0fad9e8023,0x20d178d7d71a9cb5,0x86e9807744c00c5b,0x369aa6516d15022a,])), - field_new!(TweedleFr,BigInteger([0x5d236755881b6034,0xbff7a7d0de6eb989,0x41a3a6fac1592ae4,0x222fe06074625307,])), - field_new!(TweedleFr,BigInteger([0x4aeb6b34bc223516,0xef266585b07894af,0x5609ba88ed579aee,0xbb4f4c48be0cdd4,])), - field_new!(TweedleFr,BigInteger([0x54e9913fecea53e2,0xb0eb64c208568f6b,0x50c2d29fce02db3e,0x21d7131de1e1a5d3,])), - field_new!(TweedleFr,BigInteger([0x736a579502cda13a,0xaecf0a297d2cbd69,0x2c868f8e57238ca9,0xe821e4908b566c9,])), - field_new!(TweedleFr,BigInteger([0xedc6f03c4c5f083c,0x9ebb9f9ad7e6ed78,0x22777c2a480f6214,0x2e22941434a6506,])), - field_new!(TweedleFr,BigInteger([0x184e084e85f85d1f,0x190449a7dde4c2c1,0xe8ad81171857b7b1,0x186076659f3abd36,])), - field_new!(TweedleFr,BigInteger([0xa9bacbf9c4c65188,0xb52fd9e3080a9f6e,0x8428a1dc6e6bd3ee,0x373eda6df718f452,])), - field_new!(TweedleFr,BigInteger([0x2972b908b89cca5f,0x5bae7f65f450acab,0x52254ec09db43b3d,0x154a84f5e57d386a,])), - field_new!(TweedleFr,BigInteger([0xd54af914ac566405,0xc6852d2c81e91329,0x20650b0a5ca0764e,0xfd0742d537fed3f,])), - field_new!(TweedleFr,BigInteger([0x1c3749c7c2c5287d,0xd4bcf2b93cb992d8,0x358b6d7f6ae4583d,0x3fd85a692d050055,])), - field_new!(TweedleFr,BigInteger([0x607e31eb73a3a386,0x6ca076126d546ea,0x9ac086eaf45d7f3f,0x1cb8c8eeb2ba03f,])), - field_new!(TweedleFr,BigInteger([0x793b8ef2ecd39cdc,0xc4e0ef88d7a70e2d,0x8bd423711d21dc10,0x2868e5830cd05303,])), - field_new!(TweedleFr,BigInteger([0x806fd2e7e9f5163f,0xff971fcb05f2ab2b,0xb4e9eaa384a12a5b,0xd587f09ad218e2b,])), - field_new!(TweedleFr,BigInteger([0xc54eb1aa8981f94a,0x1cd5f841cd632951,0xd5f377b55b8e76a0,0x25fa7cac45ce43fe,])), - field_new!(TweedleFr,BigInteger([0x3e08c772d914cd28,0x935c3aad62487c58,0xa1ef643a2f5d82a9,0x32d4a044a4c30eb6,])), - field_new!(TweedleFr,BigInteger([0xc1bdb46862179331,0x32d662df696d345f,0x5b813b6f10eaabf0,0x32a2d759af2ab145,])), - field_new!(TweedleFr,BigInteger([0x81f15d1941e37eaf,0x85d465ade1fdaa9a,0xc742919021a71c8d,0x2b55fd86318a8a64,])), - field_new!(TweedleFr,BigInteger([0xd192ca1f2b2d9b2e,0xadaff0f2a200dd4e,0x9c916850d1b82ee7,0xc80e142a869ffa8,])), - field_new!(TweedleFr,BigInteger([0xf1cb558c36627467,0x7f91625550390817,0x6ab1bf431c34b292,0x1728fc3415dc43ff,])), - field_new!(TweedleFr,BigInteger([0x28daae31dedcd4f0,0x1f3c06c8b85b04dc,0x8a78a38a2b6d3d64,0x1cb6422e7277e29,])), - field_new!(TweedleFr,BigInteger([0x4e413ace6b75a4f3,0x9cc21be3f8aaef09,0xe0d1fe8d244095e7,0x25ae2e0fa0d16f05,])), - field_new!(TweedleFr,BigInteger([0xf18c6c5c70f0b16c,0xca1ce4c4ed58dde2,0xb9eebeae9f9b79da,0x288db0b85a834294,])), - field_new!(TweedleFr,BigInteger([0x408abb99bfceac0c,0x5c93e60a53d96d93,0x19eeb51561642058,0x23e057c909b4e7f,])), - field_new!(TweedleFr,BigInteger([0x959eee5939fa1d8d,0xa5ff39f32da04b94,0xb3d943403ab22524,0x5786ff2bc6634e8,])), - field_new!(TweedleFr,BigInteger([0xce4a6a9ed5c8be2f,0x4e91726d3a6165da,0xb9764561d8c0a61c,0x37fd4ba55133cb50,])), - field_new!(TweedleFr,BigInteger([0x30f7ac315201424e,0xf48df3350d1bb102,0xb44bd6fc8af28d5a,0x22362ab1e657b9a2,])), - field_new!(TweedleFr,BigInteger([0xbee5eb66070b29b5,0x876fa788634aaef0,0xcb31f2fe228c8caa,0x58fa540d0e81bbc,])), - field_new!(TweedleFr,BigInteger([0x20e02f2c84960d63,0x407397d2cd20e853,0xf111f6b11760f99b,0x2d2b58eed5623103,])), - field_new!(TweedleFr,BigInteger([0xe527a73a5cdb4e81,0xc1720d1b51f2182f,0x40d50001a5d1255b,0x3f929202e89e3433,])), - field_new!(TweedleFr,BigInteger([0x409848273fe1c7be,0x144ab08444211029,0x8a590797aca79994,0x22ba45bbc0e9b9f8,])), - field_new!(TweedleFr,BigInteger([0xcf2f8d8ad5b04792,0x95679d53d91ee4ea,0xed849b08ad6ca24c,0x21eae5337d2a5df8,])), - field_new!(TweedleFr,BigInteger([0xa9171cbcf537e388,0x8dcc539fab02c19f,0xd060595ad18dd32f,0x3c24dd140ba9714e,])), - field_new!(TweedleFr,BigInteger([0xafde8f05b7844422,0x56f3153a5924e1ba,0xc3ed59c72a2fdfa3,0x13e1243401fef48e,])), - field_new!(TweedleFr,BigInteger([0x51b23dd6592db68,0x8ec00ede32811417,0x78886dda3aca7d8a,0x353eca04fa8ee369,])), - field_new!(TweedleFr,BigInteger([0x800c229a1e14eb30,0x26de2bd2e5ab7287,0xf916231941575d5c,0x2b06b5f500362a3b,])), - field_new!(TweedleFr,BigInteger([0x60464d7ef79fe789,0x8199995aa96441ca,0x629c1a42b02cd714,0xd46c254408f437,])), - field_new!(TweedleFr,BigInteger([0xd83d818d1d5f7b,0xea3394b5eda41f71,0xb6e82bb0ba4d6cc2,0x2e418c94923b665d,])), - field_new!(TweedleFr,BigInteger([0xd713edb83238e015,0xda6cd708e2510972,0xff024b5398f41da,0xc5bc2c83d4ddd1c,])), - field_new!(TweedleFr,BigInteger([0xf546196560d08f11,0xd876ebb1b0f37609,0x7a0637e14cf66af8,0x7b96c1fce1a8c6b,])), - field_new!(TweedleFr,BigInteger([0xe657d91aa5e2276e,0x4ffdbfc4da2dd176,0xc8a99f1671106de5,0x1da55bb86670e7e5,])), - field_new!(TweedleFr,BigInteger([0xe7b37627ef49db09,0x8e87d458b42d6b53,0x27b36ee6f601cdb1,0x36b2bc604961c208,])), - field_new!(TweedleFr,BigInteger([0x77c590bd7cfe0788,0x99ec8f62fae2c79c,0xd37d21cce509ee88,0x2e01b20390ff227c,])), - field_new!(TweedleFr,BigInteger([0xf0e6625100d16470,0x29cd5b26a2297d4f,0xc519c471d87c7845,0x2cd220ee9a9ca3f3,])), - field_new!(TweedleFr,BigInteger([0x3288e8d42d7051de,0x5940b5fc34fd4c4c,0x598fad9caba6d447,0x2d36b62734d1e219,])), - field_new!(TweedleFr,BigInteger([0x53e04377615a99d,0xd83121cbf4205acc,0x53b34762460e3c33,0x3aaa4ce4a6f388ab,])), + field_new!( + TweedleFr, + BigInteger([ + 0x5b40ba7b683c32b4, + 0x5c84c551ca7a85da, + 0x4c7048d27b81a93b, + 0x3635a5ecd9890320, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xfaf17623b724080f, + 0x5147e68371f072d8, + 0x7b6db0e06026db4e, + 0x35568295f90299f1, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xdf23982dd9ab92ee, + 0x930337384ab1cf0f, + 0xa24fb33c6e0edf07, + 0x16f9cec4b30643d5, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x17a1f4e0ed300856, + 0xa2261565e18f8435, + 0x57023bb1ef5e4acc, + 0x29f74889b22b4f42, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x250b3c444dce8028, + 0xfc3256f01f8709aa, + 0xda2ced599d05a12b, + 0x2709632801b2fad5, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x45c1f93e5da9687d, + 0xf2a5b62ea2bc014e, + 0x8609bd7fb780d77, + 0x21984a539dd58517, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x842f4e299261f8ee, + 0x95e3ff6ae96ee780, + 0xe898ea9fcb19fb8a, + 0xe86cd5182be4ede, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x801561c22bef8ded, + 0x16f26b1df6fda550, + 0xb27e9b31bcde644, + 0x120e1d4f13fed959, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc8f8a96d4a4d6411, + 0xade9be9ac79de2bb, + 0x28d9f1b7afd1fa0d, + 0x2bd0d5cc0a8ec40d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc0232d0b802af29c, + 0xa7479c9b6937b309, + 0x9251392cf5507e3f, + 0x222efa635791e7f3, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x770afc56a6e9e7be, + 0x5eea5cfd5cbee98f, + 0xc7634888d523d361, + 0xc8db4523f0f6b37, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x3c4bef6b32ecfd5f, + 0x8faf86e61ae51801, + 0xa7aaf638e5419e61, + 0x1e8ac93cce7af18c, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xdba1e3b777225723, + 0x1c443440e9a57d18, + 0x355d465ae9214b, + 0x1ca702200dfb0714, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x7398405fa18eed64, + 0xae86c4847d5522c8, + 0xb83609d939ea39f8, + 0x3dca88087d7ca780, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x649ac2dbb3d71084, + 0x9908ffd822f3b422, + 0x9c28cee534c92fbf, + 0x19848720b9c422c2, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x768a4011e50059bd, + 0xcf9257823d2b4b52, + 0xe67ddb151a7e2620, + 0x1ee345166e7b78e4, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd5278574024ca4bb, + 0xd27510c90177e064, + 0xa68b6eb08e653734, + 0x2a4ec10e3c350990, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf2e2eeec26f0c782, + 0x54022078c1ea0f08, + 0x1f94580b1710ae0f, + 0x23acae47a518b433, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x3edcc3626063e349, + 0x24e01b80ad328575, + 0x6bbcd01882c1dc37, + 0x3f5be3b0c20a0297, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x6a6a2fcdf45f0f1d, + 0x4b4b6abdcb2485a4, + 0xff62dc01f4d5c6d3, + 0xefb1b1545a3d537, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc4d8909cb5f1508e, + 0xdce57a9ddf63bdc7, + 0x4e40f59531a4210b, + 0x2aacd0bab17f7e21, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf0b98b8c922917d9, + 0x2df4f5b90cc69f6c, + 0x879b95c03948656f, + 0x247cfd314dff147b, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4b19813492891dc5, + 0xb770bcb2c942e03f, + 0x7f36c6866501a12e, + 0x5c528ac418866d8, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x83b5862abd3a5869, + 0x6e9924a15a35e8e2, + 0x4ee02518bf9271b4, + 0x1810ab5d4db5526f, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x57a29928a3f89a83, + 0x44ce075e9efa5ab8, + 0xe5986769c012be2, + 0x1fa92e8d9ceb62a6, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x7f2a76be51108f7a, + 0xb22948b99ae4b573, + 0xb04820032d22d414, + 0x2d821e02f729b3b4, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd35d701a0855451d, + 0x86e98f69c3c8223f, + 0xd0dc2c5c4df590c1, + 0x14bbe1533e129537, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xaeb51b1954d37e64, + 0x41dde0df17f6ed05, + 0x69e41530ca17714b, + 0x14b01168e046deff, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xee99c169bd39e2be, + 0x9da34706ab01fe81, + 0xdd867f2a9f033fea, + 0xdf49fbdc0a3e246, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x68befc07dbfbe05c, + 0x21e68712d7529c29, + 0x5826ac469b436c5f, + 0x1ffca5b9f5623d08, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x531c7f1193f74903, + 0x3004cbceb702a130, + 0xde051b2c457bea98, + 0xfe4dee460343735, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd78591c4c24767e0, + 0xc00f76aae9605c7c, + 0x282d9be2a5dbcb3, + 0x2b8320190d37fc1d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc8ba5b82a4b8f36f, + 0xcd83353c928feb30, + 0xdc7d210da77da39f, + 0xd8b9729a1595850, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x69ab2f87d14a19d1, + 0xa50d9f2c2652b492, + 0x2e2d4ed8796f2095, + 0x24f017b692739e37, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd275c2c9c91d7810, + 0x422f2a583d3ed019, + 0x6c2d97876c962800, + 0x35c2b094b945aca8, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc209a45eab978019, + 0x4aea5d9c7feba34e, + 0x80330115db35a489, + 0xc8c3afb44b5e433, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xa31ea13afb07e3a9, + 0x576fda31d615e9c0, + 0x6c3fb6e0ccbc51e2, + 0x3589d714414c6ae6, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf066573facee6ae5, + 0x3f5780997add0273, + 0x96bf0cbfa9eb2d77, + 0xe1f6cdcc5cc4f82, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x82175011fcbc1132, + 0xd9f8835383b444ed, + 0xc936550b32a08e9f, + 0x3d2f6e9af6c701b3, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x6d1257d391aaab40, + 0x9d6bc81892ded952, + 0x8d494d23f2b6a450, + 0x2ab76afef15e4907, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4f2f36b61527cc9b, + 0x7c24b84bc9efaddb, + 0xf566d68c350e5ad1, + 0xb70be812bbd7984, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5c0bfb236fcd408d, + 0xa168f50ed8a2d3bc, + 0x3dd1b7f6d6a6c3de, + 0x9e7f31ca061f58a, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x529b2af2b6d2692a, + 0x5f7726eb988e29fb, + 0xf526ad2131c13565, + 0x2c2f89f61e0821b7, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc9a0042e7e8d9161, + 0x1ef6405cd54e9f53, + 0x8fb81ce5138d5e4f, + 0x255daaf8cd7fba2e, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xa23054850faa19a, + 0xabce1c215fce82cf, + 0x11e602ed29969952, + 0x141e8a5470240d16, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc5479d44f4495019, + 0x9517b52757c8df1f, + 0x90c8782d13821a3e, + 0xca01f04d0e6b51, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x7808ea626b554cdc, + 0x5984f3c9d12a886f, + 0xdbf2dc8b8b4dc62c, + 0x13544ea0756f1e52, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x3143068f358657d9, + 0xd2884887574cfec4, + 0x6771d946a01d9ba, + 0x1ce6165523ee56e3, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x7c56376c7c49d8fb, + 0x4bb497eaecf25f94, + 0x900676807703d160, + 0x3983839a9fa907eb, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5962f38ae6258169, + 0x3636dfd3338ecf98, + 0x15a21dc9ef0b7069, + 0x3dbdfb167eadf9d6, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc1bf4a7451f40c0d, + 0x7d6c04fcaba2bc10, + 0x9efea209f61ff3a5, + 0x2b7e866b1e3486b5, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xfbf25fef5e70191a, + 0x3ea2facb4e33fbf1, + 0xde3883ca4737c10d, + 0x128605fc3aa70821, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xe4e730382838e84e, + 0xa339aef76b143312, + 0xdfb55dafcad4eead, + 0x3b57e837ae88e30a, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x899cc5ce432282ac, + 0xa40e3a240d681196, + 0xd7123ac7f4bbe80, + 0x3dbbdb06f786c87a, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x3603ae0a30c4e0ab, + 0x5fb0069dc23c4e0c, + 0x40a0b4367d1e1940, + 0xf76071a11359b34, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xb2f5de4238440b3f, + 0x2df163160875eb5c, + 0x138986efd82b9bf9, + 0xc04833310c446b7, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x7fb78f69bb24da10, + 0xa0dcdac828496beb, + 0x73473024f29ed6c, + 0x2c427c31ebb40280, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x9b047a9aed6b285b, + 0xe7edb85af1244f99, + 0x4d5951ee0a4d944c, + 0x1ba6aab4f1f6dda7, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x3ac3876bc3af6824, + 0x7ed62f6843cfe5bb, + 0x52ca0242d0afd07e, + 0x28bb2ebe7801bf3, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xb2ec58c3fdb06bfb, + 0xd2124576148ab023, + 0x45e45cf3920e7a5f, + 0x1fa6736497b2ec7d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x683fbe5ba3701159, + 0x328d9a42a438cc89, + 0x10379ca4e7235ef8, + 0x1ec08556c43de00a, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xfa98e83104c4281, + 0x78a7b989ceb63e6f, + 0x60e7a3401a353e4b, + 0x3a078be8189ac774, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x21c40b74fcf0f0ff, + 0xf4331168872abf24, + 0x1e3858d5c495a389, + 0x2f1d896ba58b68fa, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x8ec1cf148008e452, + 0x7a9341e95edd3d25, + 0x2ba8ef7c8dc857de, + 0x1a9b993468c6de97, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x240d302dc52be2a, + 0x727cd6a5b639c1e7, + 0x1d77e1844488a06f, + 0x180d136543d0830d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xdbec2d05d799f1fa, + 0x57de7a4308c59f0e, + 0xa546dcf352194bd2, + 0x2f41451801c55d15, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5a6c23347fb73855, + 0xe435e2a4919f6741, + 0x5a8f0f4e3fb3fd48, + 0xfaea39d9f9ccd99, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xb608ac024a19526b, + 0xc66db73c8de7a6ec, + 0x1410e5990760f215, + 0x2a04c75ce368123, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5dd1ec60ca5c4617, + 0x42f946e8ce1c9dd3, + 0xcc106a7eefbaa2f3, + 0x29982299d1ae0609, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xef89c5de6185a1bc, + 0x729621e91c955a34, + 0xf80c8d198f1a55cd, + 0x246fdff7fca32b0f, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xa437f9c38f5d3aa6, + 0x36026d6082870a81, + 0xada88b6442c914, + 0x7e35821968aa3f7, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x468c722d26e6cc2f, + 0x2308f0e5395bfd20, + 0x8a5462e0bcca01cf, + 0x2c494a8af1252391, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x9d570b88634578bf, + 0xf230b4402ac38819, + 0x18ffd5d42abbda4b, + 0x3df4128c07f339e7, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xdf9a8ebc79ed3ca1, + 0xc0b9ce370274144c, + 0x8305ab76c01f900b, + 0x2aca620b1d284876, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xcee0177dc89e8b79, + 0xd4c2b4a9b5419721, + 0xd367325278cc7f8a, + 0x356443ae1f0c10e0, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x6f0ba77c0ffdd52f, + 0x138ba73e76a99e8a, + 0x8fc163237cf24127, + 0x197c71ca636246ef, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x2821aeb46f75005b, + 0x2b8a1579e26d66db, + 0x4ed63ae3a9f04713, + 0x3ecdf3895ab694bb, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4e1c8067a64047b4, + 0xb0d76895f9d49a93, + 0xa8baefb3f95ca250, + 0x255b57dd4beb9c97, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x652fcabcef1e5880, + 0x4e0d5e21bd34817, + 0x5919495683c909c9, + 0x3a48a1d8e0c1ac49, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5eb4c07f344eb756, + 0x13b503408e43fa77, + 0xaa3f79e6b2a21f58, + 0x39cd92dc336d98f4, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xbabf83f00ba73378, + 0x58b409a005b39442, + 0xaf29495cde3171d0, + 0x39d4fddfe7a495fd, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x88aa71ff4748eae7, + 0x15dcf8529e1b6e72, + 0x9dccb71d7792352f, + 0x29162325d6f93ddb, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x58acb61d9baa4321, + 0x85c77bffa34019fc, + 0x25c55410de450ca3, + 0x373b0cb2d2b4ac16, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x33a41d77a7608a21, + 0x4481ac32eb1027b9, + 0x1724325035373431, + 0x3b30aa0324f469cf, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xce2c196c128ab161, + 0x7fcb3bf93a8233ef, + 0xe6a4e7d30e51b75, + 0xf5105739e560354, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xb0ce75473b9c4756, + 0x4c327642dbc3e75f, + 0xe3ef959238048022, + 0x5f9cd07fb1b8439, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xb24396c283123a29, + 0x116e5579eed619be, + 0x5d0f913ba5c91d75, + 0x19afb9d6135204cd, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x38aa8cc700a2809d, + 0xbeb96eba49709a2a, + 0x372ac244e3ee29c3, + 0x2d7f802d1fa5f51d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc3f4536bd1fca99d, + 0x4844f4e1be1b90d7, + 0x412a6aa7a9e84517, + 0x21e53326dbfbffbf, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf1385daff2a2f8ff, + 0xa4a80f1ddabbc58d, + 0x920706dd6fe726b0, + 0xe720ae572c3e8f, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x395d623573714aeb, + 0xa7809c21b198a83, + 0x6f17eaabaf874dc3, + 0x2386323fefc3d0ee, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc4ca6a67617f9d9e, + 0x5921adbddcd1b3c1, + 0xdddb4bf80d1425a1, + 0x8c1f9e7337e332d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x18ae91f714426b6b, + 0xbcb7e69b5dbc1b8d, + 0x478f7087437efd7b, + 0x1f0e5d8508265b58, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x2072743b5ed4d4e2, + 0x98cc3ebb858ce950, + 0x8d3edbd0198f8abf, + 0x1fff876354f7e8b9, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x8c3d8559db6171f2, + 0x155f3df1ef7f27ab, + 0xf8bff91f29054e8, + 0x3afa4f78c62f4c27, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xe07e955f891dd11d, + 0x9b3d78bedef1980d, + 0xd892d3929006398d, + 0x10b1f7cc5b24f2a8, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xcb42a29a7699ac02, + 0x1ab5af42ef8615a7, + 0xb63959c4aba00405, + 0x32af39352a3b653, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x43e8bbdba7be6c56, + 0xe0cb740d7ef4aa85, + 0x32da6558373c5eb3, + 0x24e230f9a0f7b47b, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x61b487e28794a309, + 0x78d6a8f0ac2fe1d4, + 0xd930bba6ca33b916, + 0x225f7481b01be62c, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xdf2dfdd71c9b2219, + 0x683f835d1f5f5358, + 0xa30e95f9c86c417b, + 0xe5031e83b6ce98b, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x11baf726f345d1b0, + 0x7448d7020694b66b, + 0xb215793ab845ad64, + 0x1390dea862255442, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5c3b10e7e8b76d23, + 0x683d97736a642ee1, + 0x3c9d71ac14cfa293, + 0x11771bd30622685d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5241adbb730f7c1c, + 0x54dd3ea4e2d99abc, + 0x252349664178cfeb, + 0x35680d800c726b0, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x24a4c9059e0664a3, + 0x16966cf8daebdd3d, + 0xf79952fa5f5d66b0, + 0x1c5fd4ac6dc3a82d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x159db5003cafe2dd, + 0xed947b30c1c4c5f5, + 0x4f1efc23572fd36, + 0x33e175fcecb32ef, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x7167bfbb4ec88831, + 0x2192e7554c53bc9, + 0xdc2c734c34c847ef, + 0x3a0c56c757ffd17e, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4be153e4b781ccfb, + 0x482b9b003141437a, + 0xad0a61ce105d2377, + 0x3da50efd2fbe3547, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x37fe98a457b4d383, + 0xb84afb053ed9ccbf, + 0xc812b03968f051c5, + 0x3440b797f43d3fd7, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x6e65d3bbd01ec57c, + 0x59bb8720a8017a3b, + 0x61ee625cfa32fc7b, + 0x2058eb99d35bd8c2, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4fb52802b9a65ef1, + 0x7ab6a7c8d938b810, + 0x22fd912083ea64cc, + 0x8951291638300dd, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5c86c97f3a293b3, + 0xfdd511e4b386a858, + 0xd96b567ced51dd86, + 0xd007d439444ee0d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x25e231c9c268a448, + 0x82211fcee85324dd, + 0xe5dc9e4d574104b, + 0x349f388ff4b39804, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc04e9aab4caea7a5, + 0x29323bc7287a055f, + 0x380ec44a8d950a11, + 0x8edc2b0f4dd49fb, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xa4ec4b979c36ca86, + 0x3d04e4888ab2bc1, + 0x65d0e4a41702b77b, + 0x21a54769a20ad5a5, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xe43a76d502a5dcf3, + 0x3d7d516ade3d4d85, + 0xf1a192ef8fb46ed9, + 0x16b82615513f3e, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x1f27e6946eb3d237, + 0x90ea64c64592bb87, + 0xae18c2871965853b, + 0x95ed0bcc2552da8, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xee0e74467719bd5c, + 0x71178d708d070d2a, + 0x1d5221ea476ddab1, + 0x3f4544eb857e6191, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xe5b4c57255a42c98, + 0x60f5059d98537d1a, + 0x779592cb513f1037, + 0x5fb02fcd2bf22b2, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x34afcb4d83bb75b0, + 0xe8b9a17e67c535a2, + 0x162a08bea063ad7f, + 0x173521cf52c3f703, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x111fe0618da68686, + 0x72f18a8d1016a031, + 0x21573c0d83d8449d, + 0x1a1b2ddda60b2864, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xecaeee5299feead7, + 0xaa2ac57af25fcf32, + 0x8aaed58c5c612676, + 0x278d19038a95a4ce, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4fd5a37933de40b2, + 0x48c3e4e86e6e293d, + 0x2bc19accce69855, + 0x3c2522dbcacc59ae, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x900407bb54697e8b, + 0x8cda43619dac3e50, + 0xaa61a4853d1eb224, + 0x2dbbc58fc1045d3b, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4d319547aa417a31, + 0xbe595b394222cbf8, + 0x4810d1221885d698, + 0x3927befead0d255f, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x6ef1931f91cc693e, + 0xbfd985c2d5a000b5, + 0x435ec5d0f7025e5a, + 0x1b6aadca0975c95e, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x568719957fc6d3ea, + 0xdeab08bd7666e2a7, + 0xbefeaad6482ff79e, + 0x3b76bd6838874f64, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xb545b477f84a9e35, + 0x6ace83435105609f, + 0xe06a154db6abcadf, + 0xaca980d1168ec6f, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x1dc2bb904e3dc01a, + 0x7e8dbfc1655bcaab, + 0x25620195822cb50c, + 0x1e25bb92541cafcb, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x13618fb6c1d1b02c, + 0x9b6067028fd1a00b, + 0x9789e13f148a731b, + 0x23d0fcbcf6ae6ff5, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xa81e57dd6825855a, + 0x4ce86237606e33f1, + 0xf16a3a3f3188995, + 0x3bdd80b309dd37b1, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc85beb683624f94c, + 0x6f4252ccce0a7dcc, + 0xfc3378ed2cddbc89, + 0x372ed965844dc975, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x57e21f1f7c543558, + 0x5488a759ec2ef3da, + 0x60885a9a7dc16ee1, + 0x39d019452439c6d4, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf82a8816dd040e44, + 0x95e825ac7adb359b, + 0x5b04e3a5845e1611, + 0x62354abd118cb9c, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5fe01ca6a8d4ab0c, + 0x7d80471e1674d1ce, + 0x72216b91c704740a, + 0x2056e8352f496387, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x307d2640247e39c0, + 0x6be654cb1497f2a4, + 0xd453ca99df6af5b4, + 0x32ce7fcc0649737d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x2227b48e8b87838, + 0x9f02324c92f7c5e5, + 0x3ad9aad80fe64ed, + 0x2b06ce250895635d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xe33d93c6dc374234, + 0x4be10d1976c46cbe, + 0xcaaa44b7e3db976d, + 0x56cb6118685b436, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xfb022765684373d4, + 0xaa65d769b1c7326d, + 0x1615e1b8394b938d, + 0x2b51b83c2ae929a0, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xcecc85a407f6b66f, + 0x15ea963585bb4902, + 0xbc46166254b25807, + 0x2994c0eebd765a08, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf118c2aca29b807f, + 0x90d173ca245d1e93, + 0x5a51b0eeb97ec1a8, + 0x3cde6ce85af570e9, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd164861a1998b5de, + 0xe29b4e25c55e8dc, + 0x313ef23ae01c8eca, + 0x3f2964f0fbb924e3, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x527b83ec285477b3, + 0xa57dbd1546a72bdf, + 0xabed7bec6ae182dc, + 0x250f1283efb3402e, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x1a1f0d16e2ad5558, + 0x9913ecff1f996cec, + 0xcab6e3fe0c7ff1a7, + 0x32629665a97a0736, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x3ffcc30c3ce947ad, + 0x43e76b15dbcd7b63, + 0x7094b67e3b9ceb7e, + 0xdac5c94e50cb421, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x506bd32ba9a41489, + 0xecdf0e10e4f49c21, + 0x4b547abb2ac41851, + 0x2cb618b912b3275b, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x8bfb64bfed59a43d, + 0xad01893d081d4a6b, + 0x625ea0318fb7b20, + 0x39b29446a805b481, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x790e8f0fad9e8023, + 0x20d178d7d71a9cb5, + 0x86e9807744c00c5b, + 0x369aa6516d15022a, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x5d236755881b6034, + 0xbff7a7d0de6eb989, + 0x41a3a6fac1592ae4, + 0x222fe06074625307, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4aeb6b34bc223516, + 0xef266585b07894af, + 0x5609ba88ed579aee, + 0xbb4f4c48be0cdd4, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x54e9913fecea53e2, + 0xb0eb64c208568f6b, + 0x50c2d29fce02db3e, + 0x21d7131de1e1a5d3, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x736a579502cda13a, + 0xaecf0a297d2cbd69, + 0x2c868f8e57238ca9, + 0xe821e4908b566c9, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xedc6f03c4c5f083c, + 0x9ebb9f9ad7e6ed78, + 0x22777c2a480f6214, + 0x2e22941434a6506, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x184e084e85f85d1f, + 0x190449a7dde4c2c1, + 0xe8ad81171857b7b1, + 0x186076659f3abd36, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xa9bacbf9c4c65188, + 0xb52fd9e3080a9f6e, + 0x8428a1dc6e6bd3ee, + 0x373eda6df718f452, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x2972b908b89cca5f, + 0x5bae7f65f450acab, + 0x52254ec09db43b3d, + 0x154a84f5e57d386a, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd54af914ac566405, + 0xc6852d2c81e91329, + 0x20650b0a5ca0764e, + 0xfd0742d537fed3f, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x1c3749c7c2c5287d, + 0xd4bcf2b93cb992d8, + 0x358b6d7f6ae4583d, + 0x3fd85a692d050055, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x607e31eb73a3a386, + 0x6ca076126d546ea, + 0x9ac086eaf45d7f3f, + 0x1cb8c8eeb2ba03f, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x793b8ef2ecd39cdc, + 0xc4e0ef88d7a70e2d, + 0x8bd423711d21dc10, + 0x2868e5830cd05303, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x806fd2e7e9f5163f, + 0xff971fcb05f2ab2b, + 0xb4e9eaa384a12a5b, + 0xd587f09ad218e2b, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc54eb1aa8981f94a, + 0x1cd5f841cd632951, + 0xd5f377b55b8e76a0, + 0x25fa7cac45ce43fe, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x3e08c772d914cd28, + 0x935c3aad62487c58, + 0xa1ef643a2f5d82a9, + 0x32d4a044a4c30eb6, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xc1bdb46862179331, + 0x32d662df696d345f, + 0x5b813b6f10eaabf0, + 0x32a2d759af2ab145, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x81f15d1941e37eaf, + 0x85d465ade1fdaa9a, + 0xc742919021a71c8d, + 0x2b55fd86318a8a64, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd192ca1f2b2d9b2e, + 0xadaff0f2a200dd4e, + 0x9c916850d1b82ee7, + 0xc80e142a869ffa8, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf1cb558c36627467, + 0x7f91625550390817, + 0x6ab1bf431c34b292, + 0x1728fc3415dc43ff, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x28daae31dedcd4f0, + 0x1f3c06c8b85b04dc, + 0x8a78a38a2b6d3d64, + 0x1cb6422e7277e29, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x4e413ace6b75a4f3, + 0x9cc21be3f8aaef09, + 0xe0d1fe8d244095e7, + 0x25ae2e0fa0d16f05, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf18c6c5c70f0b16c, + 0xca1ce4c4ed58dde2, + 0xb9eebeae9f9b79da, + 0x288db0b85a834294, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x408abb99bfceac0c, + 0x5c93e60a53d96d93, + 0x19eeb51561642058, + 0x23e057c909b4e7f, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x959eee5939fa1d8d, + 0xa5ff39f32da04b94, + 0xb3d943403ab22524, + 0x5786ff2bc6634e8, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xce4a6a9ed5c8be2f, + 0x4e91726d3a6165da, + 0xb9764561d8c0a61c, + 0x37fd4ba55133cb50, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x30f7ac315201424e, + 0xf48df3350d1bb102, + 0xb44bd6fc8af28d5a, + 0x22362ab1e657b9a2, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xbee5eb66070b29b5, + 0x876fa788634aaef0, + 0xcb31f2fe228c8caa, + 0x58fa540d0e81bbc, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x20e02f2c84960d63, + 0x407397d2cd20e853, + 0xf111f6b11760f99b, + 0x2d2b58eed5623103, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xe527a73a5cdb4e81, + 0xc1720d1b51f2182f, + 0x40d50001a5d1255b, + 0x3f929202e89e3433, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x409848273fe1c7be, + 0x144ab08444211029, + 0x8a590797aca79994, + 0x22ba45bbc0e9b9f8, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xcf2f8d8ad5b04792, + 0x95679d53d91ee4ea, + 0xed849b08ad6ca24c, + 0x21eae5337d2a5df8, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xa9171cbcf537e388, + 0x8dcc539fab02c19f, + 0xd060595ad18dd32f, + 0x3c24dd140ba9714e, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xafde8f05b7844422, + 0x56f3153a5924e1ba, + 0xc3ed59c72a2fdfa3, + 0x13e1243401fef48e, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x51b23dd6592db68, + 0x8ec00ede32811417, + 0x78886dda3aca7d8a, + 0x353eca04fa8ee369, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x800c229a1e14eb30, + 0x26de2bd2e5ab7287, + 0xf916231941575d5c, + 0x2b06b5f500362a3b, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x60464d7ef79fe789, + 0x8199995aa96441ca, + 0x629c1a42b02cd714, + 0xd46c254408f437, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd83d818d1d5f7b, + 0xea3394b5eda41f71, + 0xb6e82bb0ba4d6cc2, + 0x2e418c94923b665d, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xd713edb83238e015, + 0xda6cd708e2510972, + 0xff024b5398f41da, + 0xc5bc2c83d4ddd1c, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf546196560d08f11, + 0xd876ebb1b0f37609, + 0x7a0637e14cf66af8, + 0x7b96c1fce1a8c6b, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xe657d91aa5e2276e, + 0x4ffdbfc4da2dd176, + 0xc8a99f1671106de5, + 0x1da55bb86670e7e5, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xe7b37627ef49db09, + 0x8e87d458b42d6b53, + 0x27b36ee6f601cdb1, + 0x36b2bc604961c208, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x77c590bd7cfe0788, + 0x99ec8f62fae2c79c, + 0xd37d21cce509ee88, + 0x2e01b20390ff227c, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf0e6625100d16470, + 0x29cd5b26a2297d4f, + 0xc519c471d87c7845, + 0x2cd220ee9a9ca3f3, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x3288e8d42d7051de, + 0x5940b5fc34fd4c4c, + 0x598fad9caba6d447, + 0x2d36b62734d1e219, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x53e04377615a99d, + 0xd83121cbf4205acc, + 0x53b34762460e3c33, + 0x3aaa4ce4a6f388ab, + ]) + ), ]; // The MDS matrix constants const MDS_CST: &'static [TweedleFr] = &[ // Constants in Montgomery representation - field_new!(TweedleFr,BigInteger([0x507c7c3801b065f4,0x55fad147f6ed8180,0xd824a2b1bf437c06,0x1dbf404c94728386,])), - field_new!(TweedleFr,BigInteger([0x706e8fa3b2cec138,0x99388f0ebd78e15,0xfaad8b4043083408,0xb25966789f42f5c,])), - field_new!(TweedleFr,BigInteger([0x6dfd051c6ee53b7f,0x1763b22c11853d87,0x67ea6c399e3b51ba,0xf16c3ae0f454f9,])), - field_new!(TweedleFr,BigInteger([0xfb30fbf09660ae7d,0xfb8e9f44f0253a7b,0x188d045b94fb48c0,0x303cc8c8367fc508,])), - field_new!(TweedleFr,BigInteger([0x6677cf4973709ad6,0x6140d5ad5d36bb65,0x5c78685811d582fb,0x1c493d93a2f4c8c5,])), - field_new!(TweedleFr,BigInteger([0xb591cd839a7494ef,0xd119192e17ee213f,0xfd146e4ff6037865,0x2ac07a9b7e18dc5e,])), - field_new!(TweedleFr,BigInteger([0x40985a4c90087b8d,0x3bbff3a8fa6519,0xb829e164c293b46d,0x23f178572c4f5003,])), - field_new!(TweedleFr,BigInteger([0x1bda396a735997f,0xb071a1ceecefb0a5,0xdd21e9b4ebfa39f6,0x448e9117e96ab82,])), - field_new!(TweedleFr,BigInteger([0xf8bfeb926376c2e4,0xbfe9ff853fbe09d7,0x95ee2f2bc6f81adf,0x29278abf7b87b845,])), + field_new!( + TweedleFr, + BigInteger([ + 0x507c7c3801b065f4, + 0x55fad147f6ed8180, + 0xd824a2b1bf437c06, + 0x1dbf404c94728386, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x706e8fa3b2cec138, + 0x99388f0ebd78e15, + 0xfaad8b4043083408, + 0xb25966789f42f5c, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x6dfd051c6ee53b7f, + 0x1763b22c11853d87, + 0x67ea6c399e3b51ba, + 0xf16c3ae0f454f9, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xfb30fbf09660ae7d, + 0xfb8e9f44f0253a7b, + 0x188d045b94fb48c0, + 0x303cc8c8367fc508, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x6677cf4973709ad6, + 0x6140d5ad5d36bb65, + 0x5c78685811d582fb, + 0x1c493d93a2f4c8c5, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xb591cd839a7494ef, + 0xd119192e17ee213f, + 0xfd146e4ff6037865, + 0x2ac07a9b7e18dc5e, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x40985a4c90087b8d, + 0x3bbff3a8fa6519, + 0xb829e164c293b46d, + 0x23f178572c4f5003, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0x1bda396a735997f, + 0xb071a1ceecefb0a5, + 0xdd21e9b4ebfa39f6, + 0x448e9117e96ab82, + ]) + ), + field_new!( + TweedleFr, + BigInteger([ + 0xf8bfeb926376c2e4, + 0xbfe9ff853fbe09d7, + 0x95ee2f2bc6f81adf, + 0x29278abf7b87b845, + ]) + ), ]; } pub type TweedleFrQuinticSbox = PoseidonQuinticSBox; -pub type TweedleFrPoseidonHash = PoseidonHash; -pub type TweedleFrBatchPoseidonHash = PoseidonBatchHash; \ No newline at end of file +pub type TweedleFrPoseidonHash = + PoseidonHash; +pub type TweedleFrBatchPoseidonHash = + PoseidonBatchHash; diff --git a/primitives/src/crh/poseidon/parameters/tweedle_dum.rs b/primitives/src/crh/poseidon/parameters/tweedle_dum.rs index c70c9653f..a916a3f4d 100644 --- a/primitives/src/crh/poseidon/parameters/tweedle_dum.rs +++ b/primitives/src/crh/poseidon/parameters/tweedle_dum.rs @@ -1,6 +1,5 @@ use crate::crh::{ - PoseidonParameters, - FieldBasedHashParameters, PoseidonHash, batched_crh::PoseidonBatchHash, + batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonParameters, PoseidonQuinticSBox, }; use algebra::fields::tweedle::Fq as TweedleFq; @@ -10,245 +9,1868 @@ use algebra::field_new; #[derive(Clone)] // x^5-POSEIDON-128 parameters for scalar field of the Tweedle Dum (=the Tweedle Dee Fq ). -// -// The number of rounds are computed by ./evidence/calc_round_numbers.py, round constants and matrix +// +// The number of rounds are computed by ./evidence/calc_round_numbers.py, round constants and matrix // are generated using the script ./evidence/generate_parameters_grain. pub struct TweedleFqPoseidonParameters; impl FieldBasedHashParameters for TweedleFqPoseidonParameters { type Fr = TweedleFq; - const R:usize = 2; // The rate of the hash function + const R: usize = 2; // The rate of the hash function } impl PoseidonParameters for TweedleFqPoseidonParameters { - - const T:usize = 3; // Size of the internal state (in field elements) - const R_F:i32 = 4; // Half number of full rounds (the R_f in the paper) - const R_P:i32 = 56; // Number of partial rounds + const T: usize = 3; // Size of the internal state (in field elements) + const R_F: i32 = 4; // Half number of full rounds (the R_f in the paper) + const R_P: i32 = 56; // Number of partial rounds // The zero element of the field - const ZERO:TweedleFq = field_new!(TweedleFq, BigInteger([0x0, 0x0, 0x0, 0x0])); - + const ZERO: TweedleFq = field_new!(TweedleFq, BigInteger([0x0, 0x0, 0x0, 0x0])); // State vector after permutation of zero state vector (Montgomery representation) const AFTER_ZERO_PERM: &'static [TweedleFq] = &[ - TweedleFq::new(BigInteger([0x46ef7b471f039f54,0x7516283cc67869f2,0x561a6334ba7a39f1,0x293842a1538ac01b,])), - TweedleFq::new(BigInteger([0x6f10ff3b97995e3b,0x7650f70901d51a88,0x9f13555ea4caf2eb,0x14ed7f5560a0a1e1,])), - TweedleFq::new(BigInteger([0x815126351fe00f44,0x921a5f3ad5a6e83c,0x5f614c0b1bdaf5f7,0x7733c69a8892f0e,])), + TweedleFq::new(BigInteger([ + 0x46ef7b471f039f54, + 0x7516283cc67869f2, + 0x561a6334ba7a39f1, + 0x293842a1538ac01b, + ])), + TweedleFq::new(BigInteger([ + 0x6f10ff3b97995e3b, + 0x7650f70901d51a88, + 0x9f13555ea4caf2eb, + 0x14ed7f5560a0a1e1, + ])), + TweedleFq::new(BigInteger([ + 0x815126351fe00f44, + 0x921a5f3ad5a6e83c, + 0x5f614c0b1bdaf5f7, + 0x7733c69a8892f0e, + ])), ]; // Array of round constants - const ROUND_CST: &'static[TweedleFq] = &[ - // Constants in Montgomery representation. - field_new!(TweedleFq,BigInteger([0xd06520c09450cbc9,0xcf4444f399d4b067,0xed3cdecf2c2ad3cf,0x2a922c6f74bce817,])), - field_new!(TweedleFq,BigInteger([0x60bde2740b39213d,0xba122180e7af3753,0x40090228e9cc5a42,0x177c72bbace07027,])), - field_new!(TweedleFq,BigInteger([0x5ebd43b701d85141,0x5ef573127baabe65,0xa2d0ea9e7ce5b31a,0x137d99e551df3b8c,])), - field_new!(TweedleFq,BigInteger([0x3b8cb91b343e1f20,0x331bd86e427016ce,0xa4840e40ad9803f4,0x394532179f75f4e9,])), - field_new!(TweedleFq,BigInteger([0x1ec59497ae56b237,0x8ecb653b831ff765,0x481804c446de69d6,0x29589666c81a56c0,])), - field_new!(TweedleFq,BigInteger([0xad127e17f428be96,0xe2c5762dce6fe30e,0xc4d71e24928723f9,0x221845f927a179e9,])), - field_new!(TweedleFq,BigInteger([0x44271158d30f729f,0xb406e2965f4375c4,0x4375f933a3a34235,0x57365228fa6b986,])), - field_new!(TweedleFq,BigInteger([0xcc9f09612486f55d,0x2ffd2a714c682c93,0xb5ed16b39623a446,0x263d2157ccacb99a,])), - field_new!(TweedleFq,BigInteger([0x9e0bd6388f96fdd8,0xf4929cda447d1ce5,0x6b19d7b86355bac9,0x2619b62891a9d045,])), - field_new!(TweedleFq,BigInteger([0x9b5fb0992b601a32,0xbd510112e9cf6070,0x67d04ffc1ea9d28f,0x1ca921e9af729fa9,])), - field_new!(TweedleFq,BigInteger([0x560e6fd9725a0309,0x6cf6d3c57b84652f,0x62aaf714fad16095,0xa7aa6c278e231ed,])), - field_new!(TweedleFq,BigInteger([0xa28bd230465173d8,0x3bc04513e6ce1021,0x214c1c122428f2e7,0x3165e00d7a5dd413,])), - field_new!(TweedleFq,BigInteger([0x4cecdb283a5a69db,0x9521b4517de78f68,0xa8bb82a76b3eed88,0x231cd67b00b98aa2,])), - field_new!(TweedleFq,BigInteger([0x8e77be72728462c2,0xc52aa77caf405120,0x14a07963ad5d358e,0x102aa22546b7d719,])), - field_new!(TweedleFq,BigInteger([0x5b68c4bb0f9d5e5,0xc74945e354355556,0x6b7d9835abe4d632,0xd238d491116c462,])), - field_new!(TweedleFq,BigInteger([0xa3887726bbe187e8,0x7864f962bc5df66f,0x7241b616fe237fdf,0x2c7302787042fefc,])), - field_new!(TweedleFq,BigInteger([0xaa60569d6e50c258,0x1a44fb8b57610147,0x59d036dce864e680,0x20ac6feef3b08be4,])), - field_new!(TweedleFq,BigInteger([0x8f272b18b5a21f7b,0xeff039bd961c59c0,0x7646e69e44f7067a,0x37e219036dc9d3d9,])), - field_new!(TweedleFq,BigInteger([0xe25ce8aba319b6be,0x4be8b7875763a64b,0xe187c96ddb272453,0x1d2e584b7a041675,])), - field_new!(TweedleFq,BigInteger([0xebabf749daf0d178,0xcaba4fe3d5bea6d9,0x1fee8dbf56bd1f8c,0x2c1d40320004af3e,])), - field_new!(TweedleFq,BigInteger([0x168887748abaecb8,0x5e6ff7fca8e44137,0x8873401c63b97f39,0x13af33d3f2377c1,])), - field_new!(TweedleFq,BigInteger([0x39c4beab8e437f52,0x6559c1909c79549f,0x596137029e44e4eb,0x152533e4bf376143,])), - field_new!(TweedleFq,BigInteger([0x152961fd5bda963e,0xf544a973034a0d84,0x2c63bb6abb3496ef,0xf41b4dc92158ecf,])), - field_new!(TweedleFq,BigInteger([0xbb2a82becc608b67,0x13227f8aad64efa9,0x9f74aaf9c5fb9327,0x13c82e3b22c41d6a,])), - field_new!(TweedleFq,BigInteger([0x4dce4021efdd1280,0x52b76e0989f74799,0x4a776ae91aaa507e,0xceace17b7b7a764,])), - field_new!(TweedleFq,BigInteger([0xc5b13e5ddf7b56dd,0x5dc878e444e6e6f1,0xc49444149accf9b6,0xa64b772af5d8572,])), - field_new!(TweedleFq,BigInteger([0xa93427ccd919b65d,0xd8a9bb882d024ef7,0x8d958861fc922d93,0x267dfa69a8ef550d,])), - field_new!(TweedleFq,BigInteger([0x8f7b037f277a6f8b,0x1e4da49ecad22320,0xd283993f470ca915,0x134914b4f3ba4d90,])), - field_new!(TweedleFq,BigInteger([0x7ec3247567085f75,0xe30f7d76f181b151,0x25284eed3e384a08,0x176f66b52c0b46fa,])), - field_new!(TweedleFq,BigInteger([0x2142adb9b1341668,0x591d0777c42566cc,0x6305acc460e4ac20,0x3458b9cb48eaaa92,])), - field_new!(TweedleFq,BigInteger([0xd70bd8df51d0bdcf,0xeaf18757227db4e3,0x402420db973d9abc,0x36e078236490d83,])), - field_new!(TweedleFq,BigInteger([0xa9d0af02a7975e25,0x775418692bdc072a,0x4c298c4ac7ef4d7e,0x1d9b69654b092496,])), - field_new!(TweedleFq,BigInteger([0xf5c57af0cb60207c,0xfb68232f1b658a36,0xca25a272d5cddc,0x1963116a927059e4,])), - field_new!(TweedleFq,BigInteger([0x49c23fd1c153a321,0x9d46ecb476087ea9,0x22ec5f03909ec1cf,0x1675657f03cc5429,])), - field_new!(TweedleFq,BigInteger([0x8b52631a8d0ef397,0x7aacb3eaf1a08300,0x6b16ddddc870d480,0x277fbd29939286ef,])), - field_new!(TweedleFq,BigInteger([0x62e3a2f5aa1af950,0xe18d6a90ba48b83b,0x208ee3982fa0c318,0x3ebaf313e212d0b2,])), - field_new!(TweedleFq,BigInteger([0xf0c8a432f5df17af,0x13706b0503c3f2fa,0xe71a6613bf1b48f7,0x1ac0630ec731f387,])), - field_new!(TweedleFq,BigInteger([0x9f92c6e38ff496a1,0x6f2b45d0e9f3f47b,0xe5b2fdb9402a5c55,0x251cbcf87cbf779c,])), - field_new!(TweedleFq,BigInteger([0x7f98d620d8605a53,0x22ee5bdb61a35e31,0x385a4034e6608dce,0x1355ab32c6fc7e32,])), - field_new!(TweedleFq,BigInteger([0xea4b91b36a316c16,0xabbd60800c7d2fec,0xb18a56b4d6b7f110,0x23bdf09f30cde6e9,])), - field_new!(TweedleFq,BigInteger([0xdc92f469c4e0993a,0xe27c4a1eb3bdb3ef,0xc456c9c418efafca,0x3414d3678bfd22b0,])), - field_new!(TweedleFq,BigInteger([0xe28e6e3b448c37a8,0x92a2cc8999ea5357,0xa52fdf68d625769,0x15845caaf5801b79,])), - field_new!(TweedleFq,BigInteger([0x2acb2a5f60478d13,0x7be04faeb4726db8,0x241039d5336a1818,0x7b37d5b9c5ac89d,])), - field_new!(TweedleFq,BigInteger([0xfdffe38f8f533391,0x3b555532c0629b3f,0x8d5c25204cd29ee6,0x8d6b43544d677a3,])), - field_new!(TweedleFq,BigInteger([0x622977857648fe76,0xab82905055e2835f,0x6de310a09c5e8ecd,0x119b72b411823820,])), - field_new!(TweedleFq,BigInteger([0x9540cf3e69c4cf64,0x78fa112a4d3c083f,0xd40cdb21b368fd97,0x187ab4574a382fb,])), - field_new!(TweedleFq,BigInteger([0xf70d118aa8dd0391,0xed5a78d9fd07ce64,0x25004cbb7c17784c,0x1d7ddcca9f892ba6,])), - field_new!(TweedleFq,BigInteger([0xed8b92c25cd6990c,0x5a4f8f6165037502,0xfa51afe6a59322ef,0x7bad5e6ab209a5b,])), - field_new!(TweedleFq,BigInteger([0xaf8b68cbcd165cd2,0xd9af037799bb5016,0x4252fde7f1b8deb5,0x18276cf868cda059,])), - field_new!(TweedleFq,BigInteger([0x473770910ad44d20,0xf6f11a221c2b76a4,0xaf7ea8799372fb02,0xb922b4baa02fe4a,])), - field_new!(TweedleFq,BigInteger([0x4bcb851aed6af574,0xac0400295712babb,0xe137d528d9afdc77,0x51b55216f3b3e93,])), - field_new!(TweedleFq,BigInteger([0xf4ea5fa58f6cd6d,0xc3178acb7474c919,0x1a78bc8d9509399e,0x3db8037d9c38ff34,])), - field_new!(TweedleFq,BigInteger([0x3c6c749ed14eba46,0x344bdf3052afb8d9,0xf3977e67a9ebf8bb,0x16df4d7e98c80bf6,])), - field_new!(TweedleFq,BigInteger([0x7baf3f8824575a0,0xcde0f99b13c6e28,0x548747dea88e6079,0xaee01ab05c6dea4,])), - field_new!(TweedleFq,BigInteger([0x7e061d9435def279,0xf3a24b07424e6ae,0x2100c0d0934960d3,0x1f3b1dcad7f56f8a,])), - field_new!(TweedleFq,BigInteger([0x655452f15d0764c3,0x909466bbdc1ba576,0x62174b4f659b8c35,0x3f6f0c7888ec2fa1,])), - field_new!(TweedleFq,BigInteger([0xa855b2cd69a4eb1f,0x29460295f793ad00,0x604d356e35d54832,0xd13d12b349693db,])), - field_new!(TweedleFq,BigInteger([0x32333b51dd9aaa45,0x32e806b7150aa1e,0xc8abc5e9050d23f7,0x1344a43160574a6,])), - field_new!(TweedleFq,BigInteger([0x97a9e3cf1825b286,0x5bbac70af2e88c38,0xe58a38a5639f7b32,0x2019ea88a902e9fc,])), - field_new!(TweedleFq,BigInteger([0xf0a46acac474f69d,0x3a3a61e8b06db5f8,0xf1eaa93c477ae56e,0x2e42b0ae69081932,])), - field_new!(TweedleFq,BigInteger([0xdb1ea311949b205b,0x21562d0ee469b95a,0x2c63f424bffbe637,0x3523c2ed61af226d,])), - field_new!(TweedleFq,BigInteger([0x222dddb1e4672218,0x86041d7a33c374d1,0xe60299662516084c,0x2dbd4098256d08a8,])), - field_new!(TweedleFq,BigInteger([0x6b8d0990380db1e2,0xdf3fc37d9964c8e,0xa3b6829c7c33b207,0x10280a8f1427bb50,])), - field_new!(TweedleFq,BigInteger([0xf3d0b271a7080558,0x39161202da1ad393,0x760bcf59312828ca,0x13adf40dd6f38e57,])), - field_new!(TweedleFq,BigInteger([0x974b96f23ff5810c,0x12764c15bbf0e1f,0xf2ef1a6b29656c55,0x1af98f964186f4e7,])), - field_new!(TweedleFq,BigInteger([0x37e75583964de4dc,0xc56d3cff9c0c15a2,0x5ab38905add1989b,0x27f9202b19a8c1fc,])), - field_new!(TweedleFq,BigInteger([0x4857f3c962a2a53d,0xa3b93bc71ecbae06,0x315133542bb793f2,0x3b1e0a0663ea9b42,])), - field_new!(TweedleFq,BigInteger([0xaec4b261ff7474a5,0xe7a70488b002fbb5,0x344cf0f6ade03bf9,0x1499398f55ce277b,])), - field_new!(TweedleFq,BigInteger([0x672c47ad3cb7d1d0,0xe0c18723e952133b,0xd3687190eb364496,0x2cc90a81db68a944,])), - field_new!(TweedleFq,BigInteger([0x1c46b006e3195a07,0x27bb8d1ce9758971,0x48f1eb13322429bb,0x2b98bf75fdcf851e,])), - field_new!(TweedleFq,BigInteger([0xb833c5e926e4c10,0x5611aa3077b80bd5,0xa7f6ff554ac0562d,0x1e000473b2d32d2,])), - field_new!(TweedleFq,BigInteger([0x353b6a3ebce1ced6,0x13725e68b968f853,0xdc8f79d8f5dad13d,0x166624ef6c67a00a,])), - field_new!(TweedleFq,BigInteger([0x38c4fbeb056345b6,0x11a02e57dd2f11e0,0xfede403f3374f85f,0x3eb7c21e913c5c35,])), - field_new!(TweedleFq,BigInteger([0xdccae5e8386703b,0xb31a1ea50d2a7717,0x47d019bd99985fed,0x114fb255c324d577,])), - field_new!(TweedleFq,BigInteger([0xee56bf8139a77a2e,0x98510872852a95e,0x6663e5c4f8bffda1,0x1b8bf2c55d150961,])), - field_new!(TweedleFq,BigInteger([0x54088598ab82479e,0x7de6d0dd599868a6,0x64757056522a99a7,0x567d6d7e5214c67,])), - field_new!(TweedleFq,BigInteger([0x90fbd2ab160a2077,0x56d8c1a682154058,0x8ea74449f95fd241,0x8d2decd7346979e,])), - field_new!(TweedleFq,BigInteger([0x4c26cd2feaee9bb4,0x6eb27cf9baa6617b,0xc53f3a92480249b4,0x7955b221ccd2f2a,])), - field_new!(TweedleFq,BigInteger([0x82d7e1e46119f4c9,0x94bc612484c75c05,0x913de5436beb861d,0x2f2585bb4972bee2,])), - field_new!(TweedleFq,BigInteger([0xb279e5a794487fcd,0x8b24792325c36a79,0xa714537f6011940c,0xc8c2492b4879b99,])), - field_new!(TweedleFq,BigInteger([0x63d57e521e8ae9a1,0xa1e752bac816b754,0xba29a03d2aa2fb57,0xdcf386abcb7cb8d,])), - field_new!(TweedleFq,BigInteger([0x347c9986b49599f8,0x72f2ef2559ed4ec8,0x56264735a89c1ac4,0x99687949ceb4068,])), - field_new!(TweedleFq,BigInteger([0x6ec1f7ff744a1735,0xb1e6de016c01c75b,0x78a8dbd5aa80dddd,0x38514a23bcc8f4b0,])), - field_new!(TweedleFq,BigInteger([0x302dadeaf69adebd,0x5452b2650e6ca229,0x5500a3254c516a1b,0x2409c023148c951e,])), - field_new!(TweedleFq,BigInteger([0x7dbec6915ec97f9b,0x943e2e5c6a356ff2,0x317efe07141b1ec5,0x324c1efdea46ce88,])), - field_new!(TweedleFq,BigInteger([0xd0f50a6d462127b2,0x9446c3021a7bf53f,0x416c7f50add287f3,0x17b731a8aafc706e,])), - field_new!(TweedleFq,BigInteger([0xc1eeba59730beccb,0xc24b94e34ed65702,0x28a4f7cca26c7953,0x257306c8c1d3af19,])), - field_new!(TweedleFq,BigInteger([0xbc52b1d38df16d31,0x21a3c7ccf0d891,0xca545364eaeb6df3,0x2c88eebdc6af1ee,])), - field_new!(TweedleFq,BigInteger([0xfcd67066cc2bb61,0xfe68b37e40e711ee,0xabda35ca0ddcc38,0x2ffc09d76b75e90f,])), - field_new!(TweedleFq,BigInteger([0xa624fdad219fcb93,0x6460ef69d345c2f6,0x4dbc49f470f0a7e1,0x387961b68350aa51,])), - field_new!(TweedleFq,BigInteger([0x43d6e7c05d9266d0,0xa5a163692450138b,0xf82a116a5afc87e8,0x3de40560ef761d40,])), - field_new!(TweedleFq,BigInteger([0xd8d6ffc8eb6e6277,0xe8e18a799fc5126f,0xa9644a81e16b5b9c,0x3f993383a7c23972,])), - field_new!(TweedleFq,BigInteger([0x3a0ac5eb4766ec7d,0x3198ff53b2adb167,0xf28ef94d26097a4c,0x2fbd3be0053d5a6,])), - field_new!(TweedleFq,BigInteger([0xb49d8797431a0c9,0xba1c1410d56745f3,0x3b1065f2dd7c0ff2,0x2114b5e8751567c8,])), - field_new!(TweedleFq,BigInteger([0x8bbde30b582dfe6,0x5b1e5d060df2e44b,0x1281cde698090095,0x2f464d231935fefa,])), - field_new!(TweedleFq,BigInteger([0x2b791ee66481197a,0x6cd4f83218728e42,0x8fc1eea2ba579e57,0x3537f3b7c8b77cd9,])), - field_new!(TweedleFq,BigInteger([0xe5e684314cb7d1f6,0x8f8773bd865a3e0d,0xd5457110a73e7a36,0x9e631f8f59385a3,])), - field_new!(TweedleFq,BigInteger([0xc70d2c6c76351f37,0xeadeb120a3a288cd,0xfa45f33187d73e4b,0x34d19d6b2bb6891a,])), - field_new!(TweedleFq,BigInteger([0x4c145703a0f65c5a,0x872a7b73d65ae391,0xc04a9502be8d11d3,0x382b732fd703049f,])), - field_new!(TweedleFq,BigInteger([0x8bd255cd5c63b046,0xa73376ab63955f78,0xf596f19f3b322255,0x1b4022852b574238,])), - field_new!(TweedleFq,BigInteger([0x2e9ffe0734efb324,0x328eb136d62f8075,0xc4775aaf9e3479db,0x318956d4778a2c4d,])), - field_new!(TweedleFq,BigInteger([0x6580d026a737d4f9,0x79ff495e98bd481d,0xfe371e26ec7f82f3,0x35824fb613f62887,])), - field_new!(TweedleFq,BigInteger([0x2b49570d9a864279,0x51bdc7586eeccec3,0x6e238aa8ca3b9266,0x35b9f3e72eb83a20,])), - field_new!(TweedleFq,BigInteger([0x49a386f863fc31b0,0xf03b8c3fa990ad5b,0xa3032bca0ecf90d2,0x2ee469b7ba351d26,])), - field_new!(TweedleFq,BigInteger([0x73e32f07f72a7583,0x351c5de9bb53ab35,0x645e44709c8c1321,0x3c321a08b1de4a7f,])), - field_new!(TweedleFq,BigInteger([0x1b67e844c7db0975,0xce362d81642fbefd,0xfa7b8dc0a81a016f,0x126455549205b031,])), - field_new!(TweedleFq,BigInteger([0x55e9a479f9c97e08,0x7816f197174e64c9,0x1ad279dd615311ce,0x2064e6cbb65804f0,])), - field_new!(TweedleFq,BigInteger([0xce6cd4e3d4fce9a7,0xe822393f9ebf762f,0x59a2eddda1e5b1d5,0x2106feb2fe430571,])), - field_new!(TweedleFq,BigInteger([0xa1ef764c23b78010,0x8e9e9642a952c712,0x83cb5bdfdfd6d5b7,0x1e6d5fc4bdd0ac79,])), - field_new!(TweedleFq,BigInteger([0x336046e9c07665c3,0xde0c19de2b08125f,0x478f0e4b0f4f5d1e,0x237ed53601cd9347,])), - field_new!(TweedleFq,BigInteger([0x45797d563e19873e,0x279f598657e17fd,0x3f11b7190e4bbcc5,0x1a5d4e4281453891,])), - field_new!(TweedleFq,BigInteger([0x2f113e422ac0200c,0xa2911f8b511524c5,0x1dfabcd02b236da3,0x1228e490d474145d,])), - field_new!(TweedleFq,BigInteger([0x44fcd6809d2f58b9,0x9c67df8aac844c77,0x23aa14ac3e8eaaed,0x3a38c40931533cd8,])), - field_new!(TweedleFq,BigInteger([0x6f2ace017f84e43,0x82ca7f271c4ce0d4,0xe4455173b7d37f55,0x378c060065995c33,])), - field_new!(TweedleFq,BigInteger([0x84122df7651efff4,0xa1262065add3756b,0x2870f402fbe4b098,0x85772dcd28b5f43,])), - field_new!(TweedleFq,BigInteger([0x23ced22bd196effe,0xfabc1691caf72b64,0x2675bbff45185873,0x16827abbe8bf5c1a,])), - field_new!(TweedleFq,BigInteger([0x78bf51313432c0c9,0xb45b87b5b331720,0x628226b161aa6f1c,0x147018c558346aeb,])), - field_new!(TweedleFq,BigInteger([0xcb0dc3eed4a78c5d,0xe5d819a9da1e4d01,0xff5760a100c27dbd,0x1a0573012c72716a,])), - field_new!(TweedleFq,BigInteger([0x8a64b2c2bcbf3965,0x71052e7d4cc7324b,0x7d72e3d1b7a2c673,0x12624be5b6dba8a7,])), - field_new!(TweedleFq,BigInteger([0xc40f02933b05559d,0x2b0ac41d1064a05e,0xa2c93e3f43b0cce9,0x2bfb08a933a97133,])), - field_new!(TweedleFq,BigInteger([0xe9cc32cea9ecd4e,0x64c96e64475949de,0x80959f26a7498cc3,0x3abf81aa0061f45e,])), - field_new!(TweedleFq,BigInteger([0xb8b025060eef4267,0x5526fd662193d888,0xd51ef595dd0609bc,0x127e4687f8cee79a,])), - field_new!(TweedleFq,BigInteger([0xd3c3a03feae61bda,0xe7ee363f94744c47,0x1cca28c045b2652d,0xe83f1ecbaaf15c3,])), - field_new!(TweedleFq,BigInteger([0xb8dce07aae9fb29e,0xcc273bf01dddf4dd,0x9fbaa628af7d8990,0x1b02d39bbe351d22,])), - field_new!(TweedleFq,BigInteger([0x20260191440c142e,0x3cc7bb9baeb18aca,0xebcd13882b77cf77,0x13fe5eead4e48752,])), - field_new!(TweedleFq,BigInteger([0xe1ab2499382e60ab,0x768c97276ef2af71,0x4be0a137b500e491,0xd4735c4c884f86a,])), - field_new!(TweedleFq,BigInteger([0x33877ec29306f25d,0x1b05f5fbf1c42533,0x64a9bec0fc89e32c,0x1a82259ca44cea68,])), - field_new!(TweedleFq,BigInteger([0x95dcf75be6cfea9a,0x85d3423677c948cb,0xd9060847bc119750,0x1ac7532b644135ee,])), - field_new!(TweedleFq,BigInteger([0x82faccfc948bc871,0x85e3a8ac48c9d96c,0x983fc71ec52b86d4,0x517e5205a9b73c9,])), - field_new!(TweedleFq,BigInteger([0x2f749915c1b09e72,0x6fd8fdfe9f58582d,0xaada9b529cf03ff6,0x23a81033de4de7b0,])), - field_new!(TweedleFq,BigInteger([0x376c83ee452272e,0x3e3fc0dbb30a0f78,0xecf7524be524ed25,0x3080a89317e433c7,])), - field_new!(TweedleFq,BigInteger([0x30ee0f65f95d9409,0x7d6d3a6f89645231,0x178183d19706d785,0x26304249500b9fe1,])), - field_new!(TweedleFq,BigInteger([0x9259f0791f526219,0xe53940a0a630a03a,0x29d3382a1fc137b6,0x3075f4ccf349baa4,])), - field_new!(TweedleFq,BigInteger([0xb195e1cec008c269,0x9395fc394104e7d,0x86a76ac3cb3d9211,0x112b313fe0fd4110,])), - field_new!(TweedleFq,BigInteger([0x35e2dec796f93e24,0x832bb9a48c157d3b,0x5d676a5936642407,0x1f1b0229254a5190,])), - field_new!(TweedleFq,BigInteger([0x85586e4db0530b22,0x72fcde33fe4c8f,0xd2965b5ab52860cb,0x3a02938b8b0ef048,])), - field_new!(TweedleFq,BigInteger([0x70ef952ad71afe4,0x75b1141ac27ea57,0x11a86faeaf6f4f6c,0x8b134fcf59d0a74,])), - field_new!(TweedleFq,BigInteger([0x33d5cbea9812649d,0xf6d9a5ddc7eee06f,0x7a34d1a9a0ba83b0,0x309c21af5733505d,])), - field_new!(TweedleFq,BigInteger([0x51bc324ea9aef8eb,0x1437004a299d1c64,0xd80781855426fe19,0x1d01df8b6551bd88,])), - field_new!(TweedleFq,BigInteger([0x34140103e51a2232,0x1beacaba435204ff,0xf066911073342009,0x1c857e675ffff50e,])), - field_new!(TweedleFq,BigInteger([0x5cb195a5a797436,0x29a185af45a71cbe,0x9fff4289eb38c32b,0x9d8670c9d9357fb,])), - field_new!(TweedleFq,BigInteger([0xda8043acf95ed2f4,0x34c7e40853516c24,0x264e7e31dfe9eccc,0x9292a89d8766587,])), - field_new!(TweedleFq,BigInteger([0x81080c771ce4e004,0xdfec5c0dd45e7da,0x6280878e6fc33f10,0xdf457da6ca530ef,])), - field_new!(TweedleFq,BigInteger([0x1ab27ee1cabbf602,0xc0b363a5dd618d0e,0xea010da956e611b0,0x1eccbe1724454cb5,])), - field_new!(TweedleFq,BigInteger([0x40e47d5653be560c,0xba93eeea04016d41,0x5ea05eb3d24bd272,0x30c6a7b21358c962,])), - field_new!(TweedleFq,BigInteger([0xfb6f0008570bb08f,0x26111a979ba489b5,0xdc3c4f80422afc9b,0x14277969cedd9b93,])), - field_new!(TweedleFq,BigInteger([0xec5f1716d9201408,0x14f2713b7733b2bb,0xa241b936abe355ad,0x512e1b932fe7699,])), - field_new!(TweedleFq,BigInteger([0x3cd445aa3129ee6c,0x2690b0285247652c,0x66c718618dd9b107,0x183d9558881fe158,])), - field_new!(TweedleFq,BigInteger([0x98701005d2aeae05,0x5219e22901202204,0x7acfbbc506eb7c11,0x4fc9e9026e21c2d,])), - field_new!(TweedleFq,BigInteger([0x78d2380de1e458d0,0xe1ce04cb4bb74633,0xf9c4732072a62349,0x237234667744fee5,])), - field_new!(TweedleFq,BigInteger([0x7f9dc29787eb031f,0x1f39fc6147476c6b,0xebdd8eaab42a7024,0x32f7561d6cfccbaf,])), - field_new!(TweedleFq,BigInteger([0xd10a3f72235adf0,0x461e588f2a5f48a2,0xe5494be3a6c95ec4,0xcb33f596537242b,])), - field_new!(TweedleFq,BigInteger([0x4fbcab519fcc6d57,0x9b81a91c4988c028,0xe28657e4039958ea,0x19b15cceba8b0483,])), - field_new!(TweedleFq,BigInteger([0x61e1df6f33c06bf6,0x44b547593fb293b,0x8b780846db7d404e,0x2daae30726a68f6,])), - field_new!(TweedleFq,BigInteger([0x11b2973c32b898d,0x340c0438b56cd0d3,0x821d2c15b8f34241,0x1d5437f9a47eeed3,])), - field_new!(TweedleFq,BigInteger([0xcf0e6ea1da84213c,0xfac4e4304058fe36,0x151986f461f70125,0xfb7e4a58ca307f8,])), - field_new!(TweedleFq,BigInteger([0x58d496e2096ab4c2,0xc676bff4f0011d33,0xb2ce66bf96b67181,0x13daf0071fae4fc3,])), - field_new!(TweedleFq,BigInteger([0x9329204a6e3c1f1e,0xbd40c63c1ba7b888,0x6e18819ddc9733ef,0x3538899738f6d55a,])), - field_new!(TweedleFq,BigInteger([0xf562f88a527d106f,0xbb9e9c9faa5d622,0x1111bf774e4eb0c1,0x20a5d0cb91f43e84,])), - field_new!(TweedleFq,BigInteger([0xfc3160148d5fae9f,0xc1709b0a7776a1ce,0xe48ab968f709fede,0x745ac72c84bf4fd,])), - field_new!(TweedleFq,BigInteger([0x81b565c10a4e043c,0x727804fd87b0bf19,0xe5d5abf0a1c3f365,0x338e5f28390f4754,])), - field_new!(TweedleFq,BigInteger([0xb049493743a007fb,0xad40da98d3ef18a2,0x6909e583e26716de,0x14e1c7592b5ed097,])), - field_new!(TweedleFq,BigInteger([0xf962ad243b775c10,0xa25ba5a903a96250,0xe0622b1e16f0dc50,0xff616b27de572b5,])), - field_new!(TweedleFq,BigInteger([0xfc534d0353f33b41,0xdf10e5229db8ad41,0xaa0530bd095ee54b,0x2e67afa178595796,])), - field_new!(TweedleFq,BigInteger([0x9f98afba65cff6a6,0x6fa75451d0763a2,0xb2a09f94da0ca724,0x1caa4d7d714d35c7,])), - field_new!(TweedleFq,BigInteger([0x85786aa62b5916c3,0x9aa72049ff22b4ec,0xdea1c5fb69569640,0x37a23002f991bae2,])), - field_new!(TweedleFq,BigInteger([0x7989abbeccad71d5,0xfcf81f66987b24c8,0x3dec6360a6330095,0x1810e3285fcf76d4,])), - field_new!(TweedleFq,BigInteger([0x2ca0d21c1b00c2be,0xe10bacda19ca4dcd,0xd7ebeee67e78143,0x142716ce713fe09a,])), - field_new!(TweedleFq,BigInteger([0x594affb623548671,0x6c20594401790915,0x9c5755f1d34936af,0x1b74ab0d83fee593,])), - field_new!(TweedleFq,BigInteger([0x9e3ed1c1b092fee1,0xc317b27fa3319bc2,0x417a19eff88c039,0x346b91833576d143,])), - field_new!(TweedleFq,BigInteger([0xb838b53580c4ff4a,0xd2b22f2e8813a33,0xda63b724dd4a8fe,0x1ce3f057b035eff3,])), - field_new!(TweedleFq,BigInteger([0xc2921ca7c6745455,0x8a791dace9deac85,0x23d4cea43cb1af4f,0x178ec2ac99498fea,])), - field_new!(TweedleFq,BigInteger([0x54ace3c36650034f,0x64fb9abdc2b3107e,0x895b5f9dd7db0bd2,0x32f5caf5fca100c4,])), - field_new!(TweedleFq,BigInteger([0xa630e1dd6f53e70a,0x6435af7d6f3d7488,0x6964840f11899405,0x31e033fc232eec89,])), - field_new!(TweedleFq,BigInteger([0x7a803b7f415df6c4,0x19a54556e1770d9f,0x44eece378ec7bfff,0x2186f08bacfa113,])), - field_new!(TweedleFq,BigInteger([0x5cf8ab8f0d6088,0xc516dd5cb19de234,0xf8c4087f093cc96,0xa6acb79530d8e13,])), - field_new!(TweedleFq,BigInteger([0xc61e5e028144670f,0xb0e6ebe550008399,0xe0a711e26f3807bc,0x257e2454f8b55cb9,])), - field_new!(TweedleFq,BigInteger([0xe74e3836a27b1bb5,0xc4b2f2ee1f2517b4,0xc698101bfc18dcf5,0x33030caaf369168a,])), - field_new!(TweedleFq,BigInteger([0x8c70022989fb1873,0x689cddd1ff5364e6,0xe43915e779987cd2,0xad70e658ca6fd5c,])), - field_new!(TweedleFq,BigInteger([0xfc809c9d2f122624,0x845541d87548a95f,0x807666ca0684c278,0x28f8db02d716f24a,])), - field_new!(TweedleFq,BigInteger([0x7f3cc106a057f763,0x95ff928143f13764,0xe78eb2931e4c48e3,0x18b6de0c9b8e51d3,])), - field_new!(TweedleFq,BigInteger([0xcad66b0f478d4938,0x679ceaf32b89ed02,0xc60d2aecdc6ae645,0x3a4f37edcef5fa6,])), - field_new!(TweedleFq,BigInteger([0xeb6f3accbb533090,0xe782b5cb3d80508,0xf6b0b0068cbe491a,0xbadc9d01924aca9,])), - field_new!(TweedleFq,BigInteger([0x8d6ec1034e6ee87b,0xdda576220a46f2bf,0x3b51df2a54e053e8,0x12ee47b96e8d9e01,])), - field_new!(TweedleFq,BigInteger([0x3685322867e98a64,0xbbdd37884e1f5315,0xa5b3251567724e8b,0x15db57f19953bab8,])), - field_new!(TweedleFq,BigInteger([0x1d69dcabdb96377e,0x84ca7f27ceacf2c4,0xe822a15978266d24,0x1d21c65affccf4e3,])), - field_new!(TweedleFq,BigInteger([0xe2c41ca381b9c749,0x3a03b66bb412d9df,0x9562225e852bac08,0x3113525ee441505e,])), - field_new!(TweedleFq,BigInteger([0x633a8256bca97d22,0xbc0b2a9d0eb546b8,0x709b703c8f011356,0x37bc0b8358f942cd,])), - field_new!(TweedleFq,BigInteger([0x1f3b9e5d89c6f992,0x393621c83ddf849,0x9786715da3a90989,0x1de654f726c14f93,])), - field_new!(TweedleFq,BigInteger([0x2d75ea8c4aead3da,0x8a06ee203ed7b3b0,0xe64881c6db3b5a3b,0x130186a1146523f2,])), - field_new!(TweedleFq,BigInteger([0x3afbc5adc5b66808,0x912bb29349446cc1,0x929d5727c17918d8,0x2dc89ed2282199ac,])), - field_new!(TweedleFq,BigInteger([0x57bbf8ee06cd5c1f,0xd443e91f71c98ab3,0x1d4a56187d6ffd47,0x29a32694e73c8c3,])), + const ROUND_CST: &'static [TweedleFq] = &[ + // Constants in Montgomery representation. + field_new!( + TweedleFq, + BigInteger([ + 0xd06520c09450cbc9, + 0xcf4444f399d4b067, + 0xed3cdecf2c2ad3cf, + 0x2a922c6f74bce817, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x60bde2740b39213d, + 0xba122180e7af3753, + 0x40090228e9cc5a42, + 0x177c72bbace07027, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x5ebd43b701d85141, + 0x5ef573127baabe65, + 0xa2d0ea9e7ce5b31a, + 0x137d99e551df3b8c, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x3b8cb91b343e1f20, + 0x331bd86e427016ce, + 0xa4840e40ad9803f4, + 0x394532179f75f4e9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x1ec59497ae56b237, + 0x8ecb653b831ff765, + 0x481804c446de69d6, + 0x29589666c81a56c0, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xad127e17f428be96, + 0xe2c5762dce6fe30e, + 0xc4d71e24928723f9, + 0x221845f927a179e9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x44271158d30f729f, + 0xb406e2965f4375c4, + 0x4375f933a3a34235, + 0x57365228fa6b986, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xcc9f09612486f55d, + 0x2ffd2a714c682c93, + 0xb5ed16b39623a446, + 0x263d2157ccacb99a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x9e0bd6388f96fdd8, + 0xf4929cda447d1ce5, + 0x6b19d7b86355bac9, + 0x2619b62891a9d045, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x9b5fb0992b601a32, + 0xbd510112e9cf6070, + 0x67d04ffc1ea9d28f, + 0x1ca921e9af729fa9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x560e6fd9725a0309, + 0x6cf6d3c57b84652f, + 0x62aaf714fad16095, + 0xa7aa6c278e231ed, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa28bd230465173d8, + 0x3bc04513e6ce1021, + 0x214c1c122428f2e7, + 0x3165e00d7a5dd413, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x4cecdb283a5a69db, + 0x9521b4517de78f68, + 0xa8bb82a76b3eed88, + 0x231cd67b00b98aa2, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8e77be72728462c2, + 0xc52aa77caf405120, + 0x14a07963ad5d358e, + 0x102aa22546b7d719, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x5b68c4bb0f9d5e5, + 0xc74945e354355556, + 0x6b7d9835abe4d632, + 0xd238d491116c462, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa3887726bbe187e8, + 0x7864f962bc5df66f, + 0x7241b616fe237fdf, + 0x2c7302787042fefc, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xaa60569d6e50c258, + 0x1a44fb8b57610147, + 0x59d036dce864e680, + 0x20ac6feef3b08be4, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8f272b18b5a21f7b, + 0xeff039bd961c59c0, + 0x7646e69e44f7067a, + 0x37e219036dc9d3d9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xe25ce8aba319b6be, + 0x4be8b7875763a64b, + 0xe187c96ddb272453, + 0x1d2e584b7a041675, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xebabf749daf0d178, + 0xcaba4fe3d5bea6d9, + 0x1fee8dbf56bd1f8c, + 0x2c1d40320004af3e, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x168887748abaecb8, + 0x5e6ff7fca8e44137, + 0x8873401c63b97f39, + 0x13af33d3f2377c1, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x39c4beab8e437f52, + 0x6559c1909c79549f, + 0x596137029e44e4eb, + 0x152533e4bf376143, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x152961fd5bda963e, + 0xf544a973034a0d84, + 0x2c63bb6abb3496ef, + 0xf41b4dc92158ecf, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xbb2a82becc608b67, + 0x13227f8aad64efa9, + 0x9f74aaf9c5fb9327, + 0x13c82e3b22c41d6a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x4dce4021efdd1280, + 0x52b76e0989f74799, + 0x4a776ae91aaa507e, + 0xceace17b7b7a764, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xc5b13e5ddf7b56dd, + 0x5dc878e444e6e6f1, + 0xc49444149accf9b6, + 0xa64b772af5d8572, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa93427ccd919b65d, + 0xd8a9bb882d024ef7, + 0x8d958861fc922d93, + 0x267dfa69a8ef550d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8f7b037f277a6f8b, + 0x1e4da49ecad22320, + 0xd283993f470ca915, + 0x134914b4f3ba4d90, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7ec3247567085f75, + 0xe30f7d76f181b151, + 0x25284eed3e384a08, + 0x176f66b52c0b46fa, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2142adb9b1341668, + 0x591d0777c42566cc, + 0x6305acc460e4ac20, + 0x3458b9cb48eaaa92, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xd70bd8df51d0bdcf, + 0xeaf18757227db4e3, + 0x402420db973d9abc, + 0x36e078236490d83, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa9d0af02a7975e25, + 0x775418692bdc072a, + 0x4c298c4ac7ef4d7e, + 0x1d9b69654b092496, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xf5c57af0cb60207c, + 0xfb68232f1b658a36, + 0xca25a272d5cddc, + 0x1963116a927059e4, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x49c23fd1c153a321, + 0x9d46ecb476087ea9, + 0x22ec5f03909ec1cf, + 0x1675657f03cc5429, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8b52631a8d0ef397, + 0x7aacb3eaf1a08300, + 0x6b16ddddc870d480, + 0x277fbd29939286ef, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x62e3a2f5aa1af950, + 0xe18d6a90ba48b83b, + 0x208ee3982fa0c318, + 0x3ebaf313e212d0b2, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xf0c8a432f5df17af, + 0x13706b0503c3f2fa, + 0xe71a6613bf1b48f7, + 0x1ac0630ec731f387, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x9f92c6e38ff496a1, + 0x6f2b45d0e9f3f47b, + 0xe5b2fdb9402a5c55, + 0x251cbcf87cbf779c, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7f98d620d8605a53, + 0x22ee5bdb61a35e31, + 0x385a4034e6608dce, + 0x1355ab32c6fc7e32, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xea4b91b36a316c16, + 0xabbd60800c7d2fec, + 0xb18a56b4d6b7f110, + 0x23bdf09f30cde6e9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xdc92f469c4e0993a, + 0xe27c4a1eb3bdb3ef, + 0xc456c9c418efafca, + 0x3414d3678bfd22b0, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xe28e6e3b448c37a8, + 0x92a2cc8999ea5357, + 0xa52fdf68d625769, + 0x15845caaf5801b79, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2acb2a5f60478d13, + 0x7be04faeb4726db8, + 0x241039d5336a1818, + 0x7b37d5b9c5ac89d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xfdffe38f8f533391, + 0x3b555532c0629b3f, + 0x8d5c25204cd29ee6, + 0x8d6b43544d677a3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x622977857648fe76, + 0xab82905055e2835f, + 0x6de310a09c5e8ecd, + 0x119b72b411823820, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x9540cf3e69c4cf64, + 0x78fa112a4d3c083f, + 0xd40cdb21b368fd97, + 0x187ab4574a382fb, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xf70d118aa8dd0391, + 0xed5a78d9fd07ce64, + 0x25004cbb7c17784c, + 0x1d7ddcca9f892ba6, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xed8b92c25cd6990c, + 0x5a4f8f6165037502, + 0xfa51afe6a59322ef, + 0x7bad5e6ab209a5b, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xaf8b68cbcd165cd2, + 0xd9af037799bb5016, + 0x4252fde7f1b8deb5, + 0x18276cf868cda059, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x473770910ad44d20, + 0xf6f11a221c2b76a4, + 0xaf7ea8799372fb02, + 0xb922b4baa02fe4a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x4bcb851aed6af574, + 0xac0400295712babb, + 0xe137d528d9afdc77, + 0x51b55216f3b3e93, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xf4ea5fa58f6cd6d, + 0xc3178acb7474c919, + 0x1a78bc8d9509399e, + 0x3db8037d9c38ff34, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x3c6c749ed14eba46, + 0x344bdf3052afb8d9, + 0xf3977e67a9ebf8bb, + 0x16df4d7e98c80bf6, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7baf3f8824575a0, + 0xcde0f99b13c6e28, + 0x548747dea88e6079, + 0xaee01ab05c6dea4, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7e061d9435def279, + 0xf3a24b07424e6ae, + 0x2100c0d0934960d3, + 0x1f3b1dcad7f56f8a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x655452f15d0764c3, + 0x909466bbdc1ba576, + 0x62174b4f659b8c35, + 0x3f6f0c7888ec2fa1, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa855b2cd69a4eb1f, + 0x29460295f793ad00, + 0x604d356e35d54832, + 0xd13d12b349693db, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x32333b51dd9aaa45, + 0x32e806b7150aa1e, + 0xc8abc5e9050d23f7, + 0x1344a43160574a6, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x97a9e3cf1825b286, + 0x5bbac70af2e88c38, + 0xe58a38a5639f7b32, + 0x2019ea88a902e9fc, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xf0a46acac474f69d, + 0x3a3a61e8b06db5f8, + 0xf1eaa93c477ae56e, + 0x2e42b0ae69081932, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xdb1ea311949b205b, + 0x21562d0ee469b95a, + 0x2c63f424bffbe637, + 0x3523c2ed61af226d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x222dddb1e4672218, + 0x86041d7a33c374d1, + 0xe60299662516084c, + 0x2dbd4098256d08a8, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x6b8d0990380db1e2, + 0xdf3fc37d9964c8e, + 0xa3b6829c7c33b207, + 0x10280a8f1427bb50, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xf3d0b271a7080558, + 0x39161202da1ad393, + 0x760bcf59312828ca, + 0x13adf40dd6f38e57, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x974b96f23ff5810c, + 0x12764c15bbf0e1f, + 0xf2ef1a6b29656c55, + 0x1af98f964186f4e7, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x37e75583964de4dc, + 0xc56d3cff9c0c15a2, + 0x5ab38905add1989b, + 0x27f9202b19a8c1fc, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x4857f3c962a2a53d, + 0xa3b93bc71ecbae06, + 0x315133542bb793f2, + 0x3b1e0a0663ea9b42, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xaec4b261ff7474a5, + 0xe7a70488b002fbb5, + 0x344cf0f6ade03bf9, + 0x1499398f55ce277b, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x672c47ad3cb7d1d0, + 0xe0c18723e952133b, + 0xd3687190eb364496, + 0x2cc90a81db68a944, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x1c46b006e3195a07, + 0x27bb8d1ce9758971, + 0x48f1eb13322429bb, + 0x2b98bf75fdcf851e, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb833c5e926e4c10, + 0x5611aa3077b80bd5, + 0xa7f6ff554ac0562d, + 0x1e000473b2d32d2, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x353b6a3ebce1ced6, + 0x13725e68b968f853, + 0xdc8f79d8f5dad13d, + 0x166624ef6c67a00a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x38c4fbeb056345b6, + 0x11a02e57dd2f11e0, + 0xfede403f3374f85f, + 0x3eb7c21e913c5c35, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xdccae5e8386703b, + 0xb31a1ea50d2a7717, + 0x47d019bd99985fed, + 0x114fb255c324d577, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xee56bf8139a77a2e, + 0x98510872852a95e, + 0x6663e5c4f8bffda1, + 0x1b8bf2c55d150961, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x54088598ab82479e, + 0x7de6d0dd599868a6, + 0x64757056522a99a7, + 0x567d6d7e5214c67, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x90fbd2ab160a2077, + 0x56d8c1a682154058, + 0x8ea74449f95fd241, + 0x8d2decd7346979e, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x4c26cd2feaee9bb4, + 0x6eb27cf9baa6617b, + 0xc53f3a92480249b4, + 0x7955b221ccd2f2a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x82d7e1e46119f4c9, + 0x94bc612484c75c05, + 0x913de5436beb861d, + 0x2f2585bb4972bee2, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb279e5a794487fcd, + 0x8b24792325c36a79, + 0xa714537f6011940c, + 0xc8c2492b4879b99, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x63d57e521e8ae9a1, + 0xa1e752bac816b754, + 0xba29a03d2aa2fb57, + 0xdcf386abcb7cb8d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x347c9986b49599f8, + 0x72f2ef2559ed4ec8, + 0x56264735a89c1ac4, + 0x99687949ceb4068, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x6ec1f7ff744a1735, + 0xb1e6de016c01c75b, + 0x78a8dbd5aa80dddd, + 0x38514a23bcc8f4b0, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x302dadeaf69adebd, + 0x5452b2650e6ca229, + 0x5500a3254c516a1b, + 0x2409c023148c951e, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7dbec6915ec97f9b, + 0x943e2e5c6a356ff2, + 0x317efe07141b1ec5, + 0x324c1efdea46ce88, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xd0f50a6d462127b2, + 0x9446c3021a7bf53f, + 0x416c7f50add287f3, + 0x17b731a8aafc706e, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xc1eeba59730beccb, + 0xc24b94e34ed65702, + 0x28a4f7cca26c7953, + 0x257306c8c1d3af19, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xbc52b1d38df16d31, + 0x21a3c7ccf0d891, + 0xca545364eaeb6df3, + 0x2c88eebdc6af1ee, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xfcd67066cc2bb61, + 0xfe68b37e40e711ee, + 0xabda35ca0ddcc38, + 0x2ffc09d76b75e90f, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa624fdad219fcb93, + 0x6460ef69d345c2f6, + 0x4dbc49f470f0a7e1, + 0x387961b68350aa51, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x43d6e7c05d9266d0, + 0xa5a163692450138b, + 0xf82a116a5afc87e8, + 0x3de40560ef761d40, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xd8d6ffc8eb6e6277, + 0xe8e18a799fc5126f, + 0xa9644a81e16b5b9c, + 0x3f993383a7c23972, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x3a0ac5eb4766ec7d, + 0x3198ff53b2adb167, + 0xf28ef94d26097a4c, + 0x2fbd3be0053d5a6, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb49d8797431a0c9, + 0xba1c1410d56745f3, + 0x3b1065f2dd7c0ff2, + 0x2114b5e8751567c8, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8bbde30b582dfe6, + 0x5b1e5d060df2e44b, + 0x1281cde698090095, + 0x2f464d231935fefa, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2b791ee66481197a, + 0x6cd4f83218728e42, + 0x8fc1eea2ba579e57, + 0x3537f3b7c8b77cd9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xe5e684314cb7d1f6, + 0x8f8773bd865a3e0d, + 0xd5457110a73e7a36, + 0x9e631f8f59385a3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xc70d2c6c76351f37, + 0xeadeb120a3a288cd, + 0xfa45f33187d73e4b, + 0x34d19d6b2bb6891a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x4c145703a0f65c5a, + 0x872a7b73d65ae391, + 0xc04a9502be8d11d3, + 0x382b732fd703049f, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8bd255cd5c63b046, + 0xa73376ab63955f78, + 0xf596f19f3b322255, + 0x1b4022852b574238, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2e9ffe0734efb324, + 0x328eb136d62f8075, + 0xc4775aaf9e3479db, + 0x318956d4778a2c4d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x6580d026a737d4f9, + 0x79ff495e98bd481d, + 0xfe371e26ec7f82f3, + 0x35824fb613f62887, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2b49570d9a864279, + 0x51bdc7586eeccec3, + 0x6e238aa8ca3b9266, + 0x35b9f3e72eb83a20, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x49a386f863fc31b0, + 0xf03b8c3fa990ad5b, + 0xa3032bca0ecf90d2, + 0x2ee469b7ba351d26, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x73e32f07f72a7583, + 0x351c5de9bb53ab35, + 0x645e44709c8c1321, + 0x3c321a08b1de4a7f, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x1b67e844c7db0975, + 0xce362d81642fbefd, + 0xfa7b8dc0a81a016f, + 0x126455549205b031, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x55e9a479f9c97e08, + 0x7816f197174e64c9, + 0x1ad279dd615311ce, + 0x2064e6cbb65804f0, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xce6cd4e3d4fce9a7, + 0xe822393f9ebf762f, + 0x59a2eddda1e5b1d5, + 0x2106feb2fe430571, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa1ef764c23b78010, + 0x8e9e9642a952c712, + 0x83cb5bdfdfd6d5b7, + 0x1e6d5fc4bdd0ac79, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x336046e9c07665c3, + 0xde0c19de2b08125f, + 0x478f0e4b0f4f5d1e, + 0x237ed53601cd9347, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x45797d563e19873e, + 0x279f598657e17fd, + 0x3f11b7190e4bbcc5, + 0x1a5d4e4281453891, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2f113e422ac0200c, + 0xa2911f8b511524c5, + 0x1dfabcd02b236da3, + 0x1228e490d474145d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x44fcd6809d2f58b9, + 0x9c67df8aac844c77, + 0x23aa14ac3e8eaaed, + 0x3a38c40931533cd8, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x6f2ace017f84e43, + 0x82ca7f271c4ce0d4, + 0xe4455173b7d37f55, + 0x378c060065995c33, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x84122df7651efff4, + 0xa1262065add3756b, + 0x2870f402fbe4b098, + 0x85772dcd28b5f43, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x23ced22bd196effe, + 0xfabc1691caf72b64, + 0x2675bbff45185873, + 0x16827abbe8bf5c1a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x78bf51313432c0c9, + 0xb45b87b5b331720, + 0x628226b161aa6f1c, + 0x147018c558346aeb, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xcb0dc3eed4a78c5d, + 0xe5d819a9da1e4d01, + 0xff5760a100c27dbd, + 0x1a0573012c72716a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8a64b2c2bcbf3965, + 0x71052e7d4cc7324b, + 0x7d72e3d1b7a2c673, + 0x12624be5b6dba8a7, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xc40f02933b05559d, + 0x2b0ac41d1064a05e, + 0xa2c93e3f43b0cce9, + 0x2bfb08a933a97133, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xe9cc32cea9ecd4e, + 0x64c96e64475949de, + 0x80959f26a7498cc3, + 0x3abf81aa0061f45e, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb8b025060eef4267, + 0x5526fd662193d888, + 0xd51ef595dd0609bc, + 0x127e4687f8cee79a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xd3c3a03feae61bda, + 0xe7ee363f94744c47, + 0x1cca28c045b2652d, + 0xe83f1ecbaaf15c3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb8dce07aae9fb29e, + 0xcc273bf01dddf4dd, + 0x9fbaa628af7d8990, + 0x1b02d39bbe351d22, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x20260191440c142e, + 0x3cc7bb9baeb18aca, + 0xebcd13882b77cf77, + 0x13fe5eead4e48752, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xe1ab2499382e60ab, + 0x768c97276ef2af71, + 0x4be0a137b500e491, + 0xd4735c4c884f86a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x33877ec29306f25d, + 0x1b05f5fbf1c42533, + 0x64a9bec0fc89e32c, + 0x1a82259ca44cea68, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x95dcf75be6cfea9a, + 0x85d3423677c948cb, + 0xd9060847bc119750, + 0x1ac7532b644135ee, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x82faccfc948bc871, + 0x85e3a8ac48c9d96c, + 0x983fc71ec52b86d4, + 0x517e5205a9b73c9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2f749915c1b09e72, + 0x6fd8fdfe9f58582d, + 0xaada9b529cf03ff6, + 0x23a81033de4de7b0, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x376c83ee452272e, + 0x3e3fc0dbb30a0f78, + 0xecf7524be524ed25, + 0x3080a89317e433c7, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x30ee0f65f95d9409, + 0x7d6d3a6f89645231, + 0x178183d19706d785, + 0x26304249500b9fe1, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x9259f0791f526219, + 0xe53940a0a630a03a, + 0x29d3382a1fc137b6, + 0x3075f4ccf349baa4, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb195e1cec008c269, + 0x9395fc394104e7d, + 0x86a76ac3cb3d9211, + 0x112b313fe0fd4110, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x35e2dec796f93e24, + 0x832bb9a48c157d3b, + 0x5d676a5936642407, + 0x1f1b0229254a5190, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x85586e4db0530b22, + 0x72fcde33fe4c8f, + 0xd2965b5ab52860cb, + 0x3a02938b8b0ef048, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x70ef952ad71afe4, + 0x75b1141ac27ea57, + 0x11a86faeaf6f4f6c, + 0x8b134fcf59d0a74, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x33d5cbea9812649d, + 0xf6d9a5ddc7eee06f, + 0x7a34d1a9a0ba83b0, + 0x309c21af5733505d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x51bc324ea9aef8eb, + 0x1437004a299d1c64, + 0xd80781855426fe19, + 0x1d01df8b6551bd88, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x34140103e51a2232, + 0x1beacaba435204ff, + 0xf066911073342009, + 0x1c857e675ffff50e, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x5cb195a5a797436, + 0x29a185af45a71cbe, + 0x9fff4289eb38c32b, + 0x9d8670c9d9357fb, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xda8043acf95ed2f4, + 0x34c7e40853516c24, + 0x264e7e31dfe9eccc, + 0x9292a89d8766587, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x81080c771ce4e004, + 0xdfec5c0dd45e7da, + 0x6280878e6fc33f10, + 0xdf457da6ca530ef, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x1ab27ee1cabbf602, + 0xc0b363a5dd618d0e, + 0xea010da956e611b0, + 0x1eccbe1724454cb5, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x40e47d5653be560c, + 0xba93eeea04016d41, + 0x5ea05eb3d24bd272, + 0x30c6a7b21358c962, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xfb6f0008570bb08f, + 0x26111a979ba489b5, + 0xdc3c4f80422afc9b, + 0x14277969cedd9b93, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xec5f1716d9201408, + 0x14f2713b7733b2bb, + 0xa241b936abe355ad, + 0x512e1b932fe7699, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x3cd445aa3129ee6c, + 0x2690b0285247652c, + 0x66c718618dd9b107, + 0x183d9558881fe158, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x98701005d2aeae05, + 0x5219e22901202204, + 0x7acfbbc506eb7c11, + 0x4fc9e9026e21c2d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x78d2380de1e458d0, + 0xe1ce04cb4bb74633, + 0xf9c4732072a62349, + 0x237234667744fee5, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7f9dc29787eb031f, + 0x1f39fc6147476c6b, + 0xebdd8eaab42a7024, + 0x32f7561d6cfccbaf, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xd10a3f72235adf0, + 0x461e588f2a5f48a2, + 0xe5494be3a6c95ec4, + 0xcb33f596537242b, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x4fbcab519fcc6d57, + 0x9b81a91c4988c028, + 0xe28657e4039958ea, + 0x19b15cceba8b0483, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x61e1df6f33c06bf6, + 0x44b547593fb293b, + 0x8b780846db7d404e, + 0x2daae30726a68f6, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x11b2973c32b898d, + 0x340c0438b56cd0d3, + 0x821d2c15b8f34241, + 0x1d5437f9a47eeed3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xcf0e6ea1da84213c, + 0xfac4e4304058fe36, + 0x151986f461f70125, + 0xfb7e4a58ca307f8, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x58d496e2096ab4c2, + 0xc676bff4f0011d33, + 0xb2ce66bf96b67181, + 0x13daf0071fae4fc3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x9329204a6e3c1f1e, + 0xbd40c63c1ba7b888, + 0x6e18819ddc9733ef, + 0x3538899738f6d55a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xf562f88a527d106f, + 0xbb9e9c9faa5d622, + 0x1111bf774e4eb0c1, + 0x20a5d0cb91f43e84, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xfc3160148d5fae9f, + 0xc1709b0a7776a1ce, + 0xe48ab968f709fede, + 0x745ac72c84bf4fd, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x81b565c10a4e043c, + 0x727804fd87b0bf19, + 0xe5d5abf0a1c3f365, + 0x338e5f28390f4754, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb049493743a007fb, + 0xad40da98d3ef18a2, + 0x6909e583e26716de, + 0x14e1c7592b5ed097, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xf962ad243b775c10, + 0xa25ba5a903a96250, + 0xe0622b1e16f0dc50, + 0xff616b27de572b5, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xfc534d0353f33b41, + 0xdf10e5229db8ad41, + 0xaa0530bd095ee54b, + 0x2e67afa178595796, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x9f98afba65cff6a6, + 0x6fa75451d0763a2, + 0xb2a09f94da0ca724, + 0x1caa4d7d714d35c7, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x85786aa62b5916c3, + 0x9aa72049ff22b4ec, + 0xdea1c5fb69569640, + 0x37a23002f991bae2, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7989abbeccad71d5, + 0xfcf81f66987b24c8, + 0x3dec6360a6330095, + 0x1810e3285fcf76d4, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2ca0d21c1b00c2be, + 0xe10bacda19ca4dcd, + 0xd7ebeee67e78143, + 0x142716ce713fe09a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x594affb623548671, + 0x6c20594401790915, + 0x9c5755f1d34936af, + 0x1b74ab0d83fee593, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x9e3ed1c1b092fee1, + 0xc317b27fa3319bc2, + 0x417a19eff88c039, + 0x346b91833576d143, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb838b53580c4ff4a, + 0xd2b22f2e8813a33, + 0xda63b724dd4a8fe, + 0x1ce3f057b035eff3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xc2921ca7c6745455, + 0x8a791dace9deac85, + 0x23d4cea43cb1af4f, + 0x178ec2ac99498fea, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x54ace3c36650034f, + 0x64fb9abdc2b3107e, + 0x895b5f9dd7db0bd2, + 0x32f5caf5fca100c4, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa630e1dd6f53e70a, + 0x6435af7d6f3d7488, + 0x6964840f11899405, + 0x31e033fc232eec89, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7a803b7f415df6c4, + 0x19a54556e1770d9f, + 0x44eece378ec7bfff, + 0x2186f08bacfa113, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x5cf8ab8f0d6088, + 0xc516dd5cb19de234, + 0xf8c4087f093cc96, + 0xa6acb79530d8e13, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xc61e5e028144670f, + 0xb0e6ebe550008399, + 0xe0a711e26f3807bc, + 0x257e2454f8b55cb9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xe74e3836a27b1bb5, + 0xc4b2f2ee1f2517b4, + 0xc698101bfc18dcf5, + 0x33030caaf369168a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8c70022989fb1873, + 0x689cddd1ff5364e6, + 0xe43915e779987cd2, + 0xad70e658ca6fd5c, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xfc809c9d2f122624, + 0x845541d87548a95f, + 0x807666ca0684c278, + 0x28f8db02d716f24a, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x7f3cc106a057f763, + 0x95ff928143f13764, + 0xe78eb2931e4c48e3, + 0x18b6de0c9b8e51d3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xcad66b0f478d4938, + 0x679ceaf32b89ed02, + 0xc60d2aecdc6ae645, + 0x3a4f37edcef5fa6, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xeb6f3accbb533090, + 0xe782b5cb3d80508, + 0xf6b0b0068cbe491a, + 0xbadc9d01924aca9, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x8d6ec1034e6ee87b, + 0xdda576220a46f2bf, + 0x3b51df2a54e053e8, + 0x12ee47b96e8d9e01, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x3685322867e98a64, + 0xbbdd37884e1f5315, + 0xa5b3251567724e8b, + 0x15db57f19953bab8, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x1d69dcabdb96377e, + 0x84ca7f27ceacf2c4, + 0xe822a15978266d24, + 0x1d21c65affccf4e3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xe2c41ca381b9c749, + 0x3a03b66bb412d9df, + 0x9562225e852bac08, + 0x3113525ee441505e, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x633a8256bca97d22, + 0xbc0b2a9d0eb546b8, + 0x709b703c8f011356, + 0x37bc0b8358f942cd, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x1f3b9e5d89c6f992, + 0x393621c83ddf849, + 0x9786715da3a90989, + 0x1de654f726c14f93, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x2d75ea8c4aead3da, + 0x8a06ee203ed7b3b0, + 0xe64881c6db3b5a3b, + 0x130186a1146523f2, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x3afbc5adc5b66808, + 0x912bb29349446cc1, + 0x929d5727c17918d8, + 0x2dc89ed2282199ac, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x57bbf8ee06cd5c1f, + 0xd443e91f71c98ab3, + 0x1d4a56187d6ffd47, + 0x29a32694e73c8c3, + ]) + ), ]; // The MDS matrix constants const MDS_CST: &'static [TweedleFq] = &[ - // Constants in Montgomery representation - field_new!(TweedleFq,BigInteger([0x29d29e3fc4327f37,0x4a71f5a80543ba53,0x28343f4d85113153,0x146244617e3208b3,])), - field_new!(TweedleFq,BigInteger([0xa139e38b29f41c27,0x789fab6072d358b4,0x2dcb2167e0b29b48,0x280dfccf1f6b9be1,])), - field_new!(TweedleFq,BigInteger([0x694c5a0ae9e2d07d,0xbb9d5f60decb65ca,0x45ab7d7951a783bb,0x17fa6ca9e15ab684,])), - field_new!(TweedleFq,BigInteger([0xb2faa16f5c3a45b1,0xd86b1eb52901aefe,0x1b45401c83c8af87,0x28e5fc140911a0bd,])), - field_new!(TweedleFq,BigInteger([0x4df780dc63cc6487,0xeb0e2f581e5c0167,0xb295a2dac1ae122d,0x2583cbe2f6410dcd,])), - field_new!(TweedleFq,BigInteger([0xfb3433ff98df4158,0x4f1e9cbb7bd9d830,0xd6c392b56e511eaf,0x29603ea841f482fc,])), - field_new!(TweedleFq,BigInteger([0x5d0f8c21f3103c0a,0x4bd7e380363ee1fa,0xbb51c3e6961a11e,0x147e0cefa92d20f7,])), - field_new!(TweedleFq,BigInteger([0xe3b5c1497d6063c8,0x50786edf4424e90,0x25767b9e7a9f6350,0x32d6a4ef51ad361d,])), - field_new!(TweedleFq,BigInteger([0x22d506c126f41925,0x68b0be1808f21e30,0xdf7490986a2a1e52,0x3f7d2f6090dde3f5,])), + // Constants in Montgomery representation + field_new!( + TweedleFq, + BigInteger([ + 0x29d29e3fc4327f37, + 0x4a71f5a80543ba53, + 0x28343f4d85113153, + 0x146244617e3208b3, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xa139e38b29f41c27, + 0x789fab6072d358b4, + 0x2dcb2167e0b29b48, + 0x280dfccf1f6b9be1, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x694c5a0ae9e2d07d, + 0xbb9d5f60decb65ca, + 0x45ab7d7951a783bb, + 0x17fa6ca9e15ab684, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xb2faa16f5c3a45b1, + 0xd86b1eb52901aefe, + 0x1b45401c83c8af87, + 0x28e5fc140911a0bd, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x4df780dc63cc6487, + 0xeb0e2f581e5c0167, + 0xb295a2dac1ae122d, + 0x2583cbe2f6410dcd, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xfb3433ff98df4158, + 0x4f1e9cbb7bd9d830, + 0xd6c392b56e511eaf, + 0x29603ea841f482fc, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x5d0f8c21f3103c0a, + 0x4bd7e380363ee1fa, + 0xbb51c3e6961a11e, + 0x147e0cefa92d20f7, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0xe3b5c1497d6063c8, + 0x50786edf4424e90, + 0x25767b9e7a9f6350, + 0x32d6a4ef51ad361d, + ]) + ), + field_new!( + TweedleFq, + BigInteger([ + 0x22d506c126f41925, + 0x68b0be1808f21e30, + 0xdf7490986a2a1e52, + 0x3f7d2f6090dde3f5, + ]) + ), ]; } pub type TweedleFqQuinticSbox = PoseidonQuinticSBox; -pub type TweedleFqPoseidonHash = PoseidonHash; -pub type TweedleFqBatchPoseidonHash = PoseidonBatchHash; \ No newline at end of file +pub type TweedleFqPoseidonHash = + PoseidonHash; +pub type TweedleFqBatchPoseidonHash = + PoseidonBatchHash; diff --git a/primitives/src/crh/poseidon/sbox.rs b/primitives/src/crh/poseidon/sbox.rs index 0fc4697ef..a80deeee7 100644 --- a/primitives/src/crh/poseidon/sbox.rs +++ b/primitives/src/crh/poseidon/sbox.rs @@ -1,5 +1,5 @@ +use crate::{BatchSBox, PoseidonParameters, SBox}; use algebra::PrimeField; -use crate::{PoseidonParameters, SBox, BatchSBox}; use std::marker::PhantomData; /// S-Box: S(x) = x^-1 @@ -54,14 +54,13 @@ impl> SBox for PoseidonInverseSBox< #[inline] fn apply_partial(state: &mut Vec) { - if state[0]!= F::zero() { + if state[0] != F::zero() { state[0] = state[0].inverse().unwrap(); } } } impl> BatchSBox for PoseidonInverseSBox { - // Uses batch inversion across all instances in the batch. fn apply_full_batch(vec_state: &mut [Vec]) { // Apply the S-BOX to each of the elements of the state vector diff --git a/primitives/src/crh/sbox.rs b/primitives/src/crh/sbox.rs index 52a3115f5..624443eeb 100644 --- a/primitives/src/crh/sbox.rs +++ b/primitives/src/crh/sbox.rs @@ -1,8 +1,6 @@ -use algebra::Field; use crate::FieldBasedHashParameters; -use rayon::iter::{ - ParallelIterator, IntoParallelRefMutIterator -}; +use algebra::Field; +use rayon::iter::{IntoParallelRefMutIterator, ParallelIterator}; pub trait SBox { type Field: Field; @@ -16,12 +14,13 @@ pub trait SBox { } pub trait BatchSBox: SBox { - fn apply_full_batch(vec_state: &mut [Vec]) { vec_state.par_iter_mut().for_each(|s| Self::apply_full(s)); } fn apply_partial_batch(vec_state: &mut [Vec]) { - vec_state.par_iter_mut().for_each(|s| Self::apply_partial(s)); + vec_state + .par_iter_mut() + .for_each(|s| Self::apply_partial(s)); } -} \ No newline at end of file +} diff --git a/primitives/src/lib.rs b/primitives/src/lib.rs index 802908aa2..46d9df0fc 100644 --- a/primitives/src/lib.rs +++ b/primitives/src/lib.rs @@ -32,7 +32,6 @@ pub mod vrf; #[cfg(feature = "vrf")] pub use self::vrf::*; - pub type Error = Box; #[derive(Debug)] @@ -49,12 +48,16 @@ pub enum CryptoError { impl std::fmt::Display for CryptoError { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { let msg = match self { - CryptoError::IncorrectInputLength(elem, len) => format!("{} length is wrong: {}", elem, len), + CryptoError::IncorrectInputLength(elem, len) => { + format!("{} length is wrong: {}", elem, len) + } CryptoError::InvalidElement(elem) => format!("{} is invalid", elem), CryptoError::NotPrimeOrder(elem) => format!("element {} is not prime order", elem), CryptoError::FailedVerification => "verification failed".to_owned(), CryptoError::InitializationError(message) => format!("{}", message), - CryptoError::HashingError(message) => format!("Failed to compute the hash: {}", message), + CryptoError::HashingError(message) => { + format!("Failed to compute the hash: {}", message) + } CryptoError::Other(message) => format!("{}", message), }; write!(f, "{}", msg) @@ -80,16 +83,14 @@ pub fn compute_truncation_size(modulus_from: i32, modulus_to: i32) -> usize { }) as usize } -use algebra::{ - PrimeField, FpParameters, -}; +use algebra::{FpParameters, PrimeField}; /// Return the number of bytes to skip in a little-endian byte order representation /// of a field element belonging to field `F`. #[allow(dead_code)] pub fn compute_bytes_truncation_size() -> usize { - let bigint_bytes = (F::Params::MODULUS_BITS + F::Params::REPR_SHAVE_BITS)/8; - let safe_bytes = F::Params::CAPACITY/8; + let bigint_bytes = (F::Params::MODULUS_BITS + F::Params::REPR_SHAVE_BITS) / 8; + let safe_bytes = F::Params::CAPACITY / 8; (bigint_bytes - safe_bytes) as usize } @@ -102,4 +103,4 @@ pub fn bytes_to_bits(bytes: &[u8]) -> Vec { } } bits -} \ No newline at end of file +} diff --git a/primitives/src/merkle_tree/field_based_mht/mod.rs b/primitives/src/merkle_tree/field_based_mht/mod.rs index 782e45d4b..d9238f487 100644 --- a/primitives/src/merkle_tree/field_based_mht/mod.rs +++ b/primitives/src/merkle_tree/field_based_mht/mod.rs @@ -10,17 +10,18 @@ pub use self::optimized::*; pub mod parameters; pub use self::parameters::*; -use algebra::{ - Field, ToBytes, FromBytes, +use crate::{ + BatchFieldBasedHash, Error, FieldBasedHash, FieldBasedHashParameters, MerkleTreeError, }; -use crate::{FieldBasedHash, BatchFieldBasedHash, Error, FieldBasedHashParameters, MerkleTreeError}; +use algebra::{Field, FromBytes, ToBytes}; +use serde::{Deserialize, Serialize}; use std::{clone::Clone, fmt::Debug}; -use serde::{Serialize, Deserialize}; /// Definition of parameters needed to implement and optimize a Merkle Tree whose nodes and leaves /// are Field elements. The trait is generic with respect to the arity of the Merkle Tree. pub trait FieldBasedMerkleTreeParameters: 'static + Clone { - type Data: Field; /// Actually unnecessary, but simplifies the overall design + type Data: Field; + /// Actually unnecessary, but simplifies the overall design type H: FieldBasedHash; /// The arity of the Merkle Tree const MERKLE_ARITY: usize; @@ -30,11 +31,7 @@ pub trait FieldBasedMerkleTreeParameters: 'static + Clone { /// Pre-computed hashes of the empty nodes for the different levels of the Merkle Tree #[derive(Derivative)] -#[derivative( - Debug(bound = ""), - Eq(bound = ""), - PartialEq(bound = ""), -)] +#[derivative(Debug(bound = ""), Eq(bound = ""), PartialEq(bound = ""))] pub struct FieldBasedMerkleTreePrecomputedZeroConstants<'a, H: FieldBasedHash> { pub nodes: &'a [H::Data], pub merkle_arity: usize, @@ -45,19 +42,21 @@ pub struct FieldBasedMerkleTreePrecomputedZeroConstants<'a, H: FieldBasedHash> { pub trait BatchFieldBasedMerkleTreeParameters: FieldBasedMerkleTreeParameters { type BH: BatchFieldBasedHash< Data = ::Data, - BaseHash = ::H + BaseHash = ::H, >; } -pub(crate) fn check_precomputed_parameters(tree_height: usize) -> bool -{ +pub(crate) fn check_precomputed_parameters( + tree_height: usize, +) -> bool { match T::ZERO_NODE_CST { Some(supported_params) => { - tree_height <= supported_params.nodes.len() && - T::MERKLE_ARITY == supported_params.merkle_arity && - T::MERKLE_ARITY == <::Parameters as FieldBasedHashParameters>::R + tree_height <= supported_params.nodes.len() + && T::MERKLE_ARITY == supported_params.merkle_arity + && T::MERKLE_ARITY + == <::Parameters as FieldBasedHashParameters>::R } - None => false + None => false, } } @@ -70,12 +69,15 @@ pub trait FieldBasedMerkleTree: Clone { type Parameters: FieldBasedMerkleTreeParameters; type MerklePath: FieldBasedMerkleTreePath< H = ::H, - Parameters = Self::Parameters + Parameters = Self::Parameters, >; /// Append a new leaf to the Merkle Tree. The moment in which the root will be computed /// is transparent to the user and obeys to pre-defined internal policies. - fn append(&mut self, leaf: ::Data) -> Result<&mut Self, Error>; + fn append( + &mut self, + leaf: ::Data, + ) -> Result<&mut Self, Error>; /// Force the computation of the root whatever its internal state and return an updated copy /// of the Merkle Tree. This function is idempotent, i.e. calling it multiple times will give @@ -105,35 +107,30 @@ pub trait FieldBasedMerkleTree: Clone { /// Definition of a Merkle Path for a Merkle Tree whose leaves and nodes are field elements. The /// trait is generic with respect to the arity of the Merkle Tree and to the hash function used. pub trait FieldBasedMerkleTreePath: - ToBytes + - FromBytes + - Serialize + - for<'a> Deserialize<'a> + - Eq + - PartialEq + - Clone + - Debug + - Default + ToBytes + FromBytes + Serialize + for<'a> Deserialize<'a> + Eq + PartialEq + Clone + Debug + Default { type H: FieldBasedHash; type Path: Clone + Debug + Serialize + for<'a> Deserialize<'a>; type Parameters: FieldBasedMerkleTreeParameters< Data = ::Data, - H = Self::H + H = Self::H, >; /// Return a new instance of the struct implementing this trait given the raw `path` fn new(path: Self::Path) -> Self; /// Compute the root of a Merkle Tree starting from a Merkle Path for a given `leaf` - fn compute_root(&self, leaf: &::Data) -> ::Data; + fn compute_root( + &self, + leaf: &::Data, + ) -> ::Data; /// Verify the Merkle Path for `leaf` given the `root` of a Merkle Tree with height `height`. fn verify( &self, height: usize, leaf: &::Data, - expected_root: &::Data + expected_root: &::Data, ) -> Result { let path_len = self.get_length(); if path_len != height { @@ -148,9 +145,8 @@ pub trait FieldBasedMerkleTreePath: fn verify_without_length_check( &self, leaf: &::Data, - expected_root: &::Data - ) -> bool - { + expected_root: &::Data, + ) -> bool { let actual_root = self.compute_root(leaf); &actual_root == expected_root } @@ -175,4 +171,4 @@ pub trait FieldBasedMerkleTreePath: /// Returns the index of the leaf, corresponding to the `self` Merkle Path, in the /// corresponding Merkle Tree. fn leaf_index(&self) -> usize; -} \ No newline at end of file +} diff --git a/primitives/src/merkle_tree/field_based_mht/naive/mod.rs b/primitives/src/merkle_tree/field_based_mht/naive/mod.rs index b0b3b6540..dca05b14a 100644 --- a/primitives/src/merkle_tree/field_based_mht/naive/mod.rs +++ b/primitives/src/merkle_tree/field_based_mht/naive/mod.rs @@ -1,7 +1,7 @@ -use algebra::Field; use crate::crh::FieldBasedHash; use crate::merkle_tree::*; use crate::Error; +use algebra::Field; /// Merkle Tree whose leaves are field elements, best with hash functions /// that works with field elements, such as Poseidon. This implementation @@ -16,17 +16,16 @@ use crate::Error; /// while this is ok for use cases where the Merkle Trees have always the /// same height, it's not for all the others. pub struct NaiveMerkleTree { - height: usize, - tree: Vec<::Data>, + height: usize, + tree: Vec<::Data>, padding_tree: Vec<( ::Data, ::Data, )>, - root: Option<::Data>, + root: Option<::Data>, } impl NaiveMerkleTree

{ - pub fn new(height: usize) -> Self { NaiveMerkleTree { height, @@ -34,13 +33,9 @@ impl NaiveMerkleTree

{ padding_tree: Vec::new(), root: None, } - } + } - pub fn append( - &mut self, - leaves: &[::Data], - ) -> Result<(), Error> - { + pub fn append(&mut self, leaves: &[::Data]) -> Result<(), Error> { // Deal with edge cases if self.height == 0 { // If height = 0, return tree with only the root @@ -57,7 +52,6 @@ impl NaiveMerkleTree

{ (*self).tree = vec![root.clone()]; (*self).root = Some(root); - } else { let new_time = start_timer!(|| "MerkleTree::New"); let num_leaves = leaves.len(); @@ -103,10 +97,8 @@ impl NaiveMerkleTree

{ let right_index = right_child(current_index); // Compute Hash(left || right). - tree[current_index] = hash_inner_node::( - tree[left_index], - tree[right_index], - )?; + tree[current_index] = + hash_inner_node::(tree[left_index], tree[right_index])?; } upper_bound = start_index; } @@ -152,17 +144,21 @@ impl NaiveMerkleTree

{ } #[inline] - pub fn height(&self) -> usize { self.height } + pub fn height(&self) -> usize { + self.height + } pub fn generate_proof( &self, index: usize, leaf: &::Data, - ) -> Result, Error> - { + ) -> Result, Error> { // Check that height is bigger than one if self.height == 0 { - Err(MerkleTreeError::Other("Unable to prove: no existence proof defined for Merkle Tree of trivial height".to_owned()))? + Err(MerkleTreeError::Other( + "Unable to prove: no existence proof defined for Merkle Tree of trivial height" + .to_owned(), + ))? } // Check that index is not bigger than num_leaves @@ -195,7 +191,10 @@ impl NaiveMerkleTree

{ } if path.len() > self.height { - Err(MerkleTreeError::IncorrectPathLength(path.len(), self.height))? + Err(MerkleTreeError::IncorrectPathLength( + path.len(), + self.height, + ))? } //Push the other elements of the padding tree @@ -205,7 +204,10 @@ impl NaiveMerkleTree

{ end_timer!(prove_time); if path.len() != self.height as usize { - Err(MerkleTreeError::IncorrectPathLength(path.len(), self.height))? + Err(MerkleTreeError::IncorrectPathLength( + path.len(), + self.height, + ))? } else { Ok(FieldBasedBinaryMHTPath::

::new(path)) } @@ -230,12 +232,12 @@ pub(crate) fn hash_empty() -> Result { #[cfg(test)] mod test { use crate::{ - crh::parameters::{MNT4PoseidonHash, MNT4BatchPoseidonHash}, - merkle_tree::field_based_mht::*, FieldBasedHash + crh::parameters::{MNT4BatchPoseidonHash, MNT4PoseidonHash}, + merkle_tree::field_based_mht::*, + FieldBasedHash, }; use algebra::{ - fields::mnt4753::Fr as MNT4753Fr, Field, - UniformRand, ToBytes, to_bytes, FromBytes, + fields::mnt4753::Fr as MNT4753Fr, to_bytes, Field, FromBytes, ToBytes, UniformRand, }; use rand::SeedableRng; use rand_xorshift::XorShiftRng; @@ -248,8 +250,9 @@ mod test { type Data = MNT4753Fr; type H = MNT4PoseidonHash; const MERKLE_ARITY: usize = 2; - const ZERO_NODE_CST: Option> = - Some(MNT4753_MHT_POSEIDON_PARAMETERS); + const ZERO_NODE_CST: Option< + FieldBasedMerkleTreePrecomputedZeroConstants<'static, Self::H>, + > = Some(MNT4753_MHT_POSEIDON_PARAMETERS); } impl BatchFieldBasedMerkleTreeParameters for MNT4753FieldBasedMerkleTreeParams { @@ -259,8 +262,7 @@ mod test { type MNT4753FieldBasedMerkleTree = NaiveMerkleTree; type MNT4PoseidonMHT = FieldBasedOptimizedMHT; - fn generate_merkle_tree(leaves: &[P::Data], height: usize) - { + fn generate_merkle_tree(leaves: &[P::Data], height: usize) { let mut tree = NaiveMerkleTree::

::new(height); tree.append(&leaves).unwrap(); let root = tree.root().unwrap(); @@ -275,13 +277,23 @@ mod test { // Check leaf index is the correct one assert_eq!(i, proof.leaf_index()); - if i == 0 { assert!(proof.is_leftmost()); } // leftmost check - else if i == 2usize.pow(height as u32) - 1 { assert!(proof.is_rightmost()) } //rightmost check - else { assert!(!proof.is_leftmost()); assert!(!proof.is_rightmost()); } // other cases check + if i == 0 { + assert!(proof.is_leftmost()); + } + // leftmost check + else if i == 2usize.pow(height as u32) - 1 { + assert!(proof.is_rightmost()) + } + //rightmost check + else { + assert!(!proof.is_leftmost()); + assert!(!proof.is_rightmost()); + } // other cases check // Serialization/deserialization test let proof_serialized = to_bytes!(proof).unwrap(); - let proof_deserialized = FieldBasedBinaryMHTPath::

::read(proof_serialized.as_slice()).unwrap(); + let proof_deserialized = + FieldBasedBinaryMHTPath::

::read(proof_serialized.as_slice()).unwrap(); assert_eq!(proof, proof_deserialized); } } else { @@ -307,13 +319,10 @@ mod test { let mut leaves = Vec::new(); for _ in 0..4 { leaves.push( - MNT4PoseidonHash::init_constant_length( - 1, - None - ) - .update(MNT4753Fr::rand(&mut rng)) - .finalize() - .unwrap() + MNT4PoseidonHash::init_constant_length(1, None) + .update(MNT4753Fr::rand(&mut rng)) + .finalize() + .unwrap(), ); } generate_merkle_tree::(&leaves, TEST_HEIGHT); @@ -335,8 +344,10 @@ mod test { generate_merkle_tree::(&leaves, TEST_HEIGHT); } - fn bad_merkle_tree_verify(leaves: &[P::Data], height: usize) - { + fn bad_merkle_tree_verify( + leaves: &[P::Data], + height: usize, + ) { let mut tree = NaiveMerkleTree::

::new(height); tree.append(&leaves).unwrap(); let root = ::zero(); @@ -347,13 +358,23 @@ mod test { // Check leaf index is the correct one assert_eq!(i, proof.leaf_index()); - if i == 0 { assert!(proof.is_leftmost()); } // leftmost check - else if i == 2usize.pow(height as u32) - 1 { assert!(proof.is_rightmost()) } //rightmost check - else { assert!(!proof.is_leftmost()); assert!(!proof.is_rightmost()); } // other cases check + if i == 0 { + assert!(proof.is_leftmost()); + } + // leftmost check + else if i == 2usize.pow(height as u32) - 1 { + assert!(proof.is_rightmost()) + } + //rightmost check + else { + assert!(!proof.is_leftmost()); + assert!(!proof.is_rightmost()); + } // other cases check // Serialization/deserialization test let proof_serialized = to_bytes!(proof).unwrap(); - let proof_deserialized = FieldBasedBinaryMHTPath::

::read(proof_serialized.as_slice()).unwrap(); + let proof_deserialized = + FieldBasedBinaryMHTPath::

::read(proof_serialized.as_slice()).unwrap(); assert_eq!(proof, proof_deserialized); } } @@ -366,13 +387,10 @@ mod test { let mut leaves = Vec::new(); for _ in 0..4 { leaves.push( - MNT4PoseidonHash::init_constant_length( - 1, - None - ) + MNT4PoseidonHash::init_constant_length(1, None) .update(MNT4753Fr::rand(&mut rng)) .finalize() - .unwrap() + .unwrap(), ); } bad_merkle_tree_verify::(&leaves, TEST_HEIGHT); @@ -415,7 +433,11 @@ mod test { tree.append(MNT4753Fr::rand(&mut rng)).unwrap(); } tree.finalize_in_place().unwrap(); - assert_eq!(tree.root().unwrap(), root1, "Outputs of the Merkle trees for MNT4 do not match."); + assert_eq!( + tree.root().unwrap(), + root1, + "Outputs of the Merkle trees for MNT4 do not match." + ); } #[test] @@ -436,7 +458,10 @@ mod test { for _ in 0..1 << TEST_HEIGHT { leaves.push(MNT4753Fr::rand(&mut rng)); } - assert!(std::panic::catch_unwind(|| generate_merkle_tree::(&leaves, TEST_HEIGHT)).is_err()); + assert!(std::panic::catch_unwind(|| generate_merkle_tree::< + MNT4753FieldBasedMerkleTreeParams, + >(&leaves, TEST_HEIGHT)) + .is_err()); } // HEIGHT == 1 @@ -453,7 +478,10 @@ mod test { for _ in 0..1 << TEST_HEIGHT { leaves.push(MNT4753Fr::rand(&mut rng)); } - assert!(std::panic::catch_unwind(|| generate_merkle_tree::(&leaves, 1)).is_err()); + assert!(std::panic::catch_unwind(|| generate_merkle_tree::< + MNT4753FieldBasedMerkleTreeParams, + >(&leaves, 1)) + .is_err()); } // HEIGHT == 0 @@ -469,7 +497,10 @@ mod test { // Generate Merkle Tree with only the root, passing more than one leaf. Assert error leaves.push(MNT4753Fr::rand(&mut rng)); - assert!(std::panic::catch_unwind(|| generate_merkle_tree::(&leaves, 0)).is_err()); + assert!(std::panic::catch_unwind(|| generate_merkle_tree::< + MNT4753FieldBasedMerkleTreeParams, + >(&leaves, 0)) + .is_err()); } } -} \ No newline at end of file +} diff --git a/primitives/src/merkle_tree/field_based_mht/optimized/mod.rs b/primitives/src/merkle_tree/field_based_mht/optimized/mod.rs index 608ef4fef..6a2d90437 100644 --- a/primitives/src/merkle_tree/field_based_mht/optimized/mod.rs +++ b/primitives/src/merkle_tree/field_based_mht/optimized/mod.rs @@ -1,5 +1,9 @@ +use crate::{ + check_precomputed_parameters, BatchFieldBasedHash, BatchFieldBasedMerkleTreeParameters, Error, + FieldBasedHash, FieldBasedHashParameters, FieldBasedMHTPath, FieldBasedMerkleTree, + FieldBasedMerkleTreePath, MerkleTreeError, +}; use algebra::Field; -use crate::{Error, BatchFieldBasedMerkleTreeParameters, BatchFieldBasedHash, FieldBasedMerkleTree, FieldBasedMerkleTreePath, FieldBasedMHTPath, FieldBasedHash, FieldBasedHashParameters, check_precomputed_parameters, MerkleTreeError}; use std::marker::PhantomData; /// An implementation of FieldBasedMerkleTree, optimized in time and memory, @@ -13,7 +17,7 @@ use std::marker::PhantomData; /// same height, it's not for all the others. /// TODO: Test with arity > 2 #[derive(Clone)] -pub struct FieldBasedOptimizedMHT{ +pub struct FieldBasedOptimizedMHT { root: T::Data, // Stores all MT nodes array_nodes: Vec, @@ -33,7 +37,6 @@ pub struct FieldBasedOptimizedMHT{ } impl FieldBasedOptimizedMHT { - /// Creates a new tree given its `height` and `processing_step`, that defines the /// number of leaves to store before triggering the computation of the hashes /// of the upper levels. Changing this parameter will affect the performances of @@ -42,10 +45,13 @@ impl FieldBasedOptimizedMHT { /// parameter according to your use case. pub fn init(height: usize, processing_step: usize) -> Result { if !check_precomputed_parameters::(height) { - Err(Box::new(MerkleTreeError::Other(format!( - "Unsupported height. Max supported height is: {}", - T::ZERO_NODE_CST.unwrap().nodes.len() - ).to_owned())))? + Err(Box::new(MerkleTreeError::Other( + format!( + "Unsupported height. Max supported height is: {}", + T::ZERO_NODE_CST.unwrap().nodes.len() + ) + .to_owned(), + )))? } let rate = <::Parameters as FieldBasedHashParameters>::R; @@ -55,10 +61,13 @@ impl FieldBasedOptimizedMHT { let last_level_size = T::MERKLE_ARITY.pow(height as u32); if processing_step == 0 || processing_step > last_level_size { - Err(Box::new(MerkleTreeError::Other(format!( - "Invalid processing step. Must be between 1 and {}", - last_level_size - ).to_owned())))? + Err(Box::new(MerkleTreeError::Other( + format!( + "Invalid processing step. Must be between 1 and {}", + last_level_size + ) + .to_owned(), + )))? } let mut initial_pos = Vec::new(); @@ -129,19 +138,18 @@ impl FieldBasedOptimizedMHT { /// all the nodes up until the root). fn compute_subtree(&mut self) -> Result<(), Error> { if self.height != 0 { - for i in 0..=self.height { - + for i in 0..=self.height { // Enter only if the number of nodes to process at this level is bigger than the rate if (self.new_elem_pos[i] - self.processed_pos[i]) >= self.rate { - // The number of chunks of rate nodes to be processed - let num_groups_nodes = (self.new_elem_pos[i] - self.processed_pos[i]) / self.rate; + let num_groups_nodes = + (self.new_elem_pos[i] - self.processed_pos[i]) / self.rate; // Take as input vec all the nodes in the current level and all their parents // (i.e. all the nodes at the next level) - let (input_vec, output_vec) = - self.array_nodes[self.initial_pos[i]..self.final_pos[i + 1]] - .split_at_mut(self.final_pos[i] - self.initial_pos[i]); + let (input_vec, output_vec) = self.array_nodes + [self.initial_pos[i]..self.final_pos[i + 1]] + .split_at_mut(self.final_pos[i] - self.initial_pos[i]); // The position of the last node in this level that will be affected by the changes. // It's recomputed in this way as num_groups_nodes may have a remainder if @@ -155,8 +163,10 @@ impl FieldBasedOptimizedMHT { // to isolate the nodes in this level and at parent level that are affected // by changes, leaving the other ones out of the computation. Self::batch_hash( - &mut input_vec[(self.processed_pos[i] - self.initial_pos[i])..(last_pos_to_process - self.initial_pos[i])], - &mut output_vec[(self.new_elem_pos[i + 1] - self.initial_pos[i + 1])..(new_pos_parent - self.initial_pos[i + 1])], + &mut input_vec[(self.processed_pos[i] - self.initial_pos[i]) + ..(last_pos_to_process - self.initial_pos[i])], + &mut output_vec[(self.new_elem_pos[i + 1] - self.initial_pos[i + 1]) + ..(new_pos_parent - self.initial_pos[i + 1])], i + 1, )?; @@ -175,8 +185,11 @@ impl FieldBasedOptimizedMHT { &self.array_nodes[self.initial_pos[0]..self.new_elem_pos[0]] } - fn batch_hash(input: &mut [T::Data], output: &mut [T::Data], parent_level: usize) -> Result<(), Error> { - + fn batch_hash( + input: &mut [T::Data], + output: &mut [T::Data], + parent_level: usize, + ) -> Result<(), Error> { let mut i = 0; let empty = T::ZERO_NODE_CST.unwrap().nodes[parent_level - 1]; @@ -204,11 +217,14 @@ impl FieldBasedOptimizedMHT { let mut to_hash_out = vec![::zero(); to_hash.len() / T::MERKLE_ARITY]; ::batch_evaluate_in_place( to_hash.as_mut_slice(), - to_hash_out.as_mut_slice() + to_hash_out.as_mut_slice(), )?; // Put the hashes in the correct positions in the output vec - to_hash_out.iter().enumerate().for_each(|(i, &h)| output[output_pos[i]] = h); + to_hash_out + .iter() + .enumerate() + .for_each(|(i, &h)| output[output_pos[i]] = h); } Ok(()) @@ -220,7 +236,6 @@ impl FieldBasedMerkleTree for FieldBased type MerklePath = FieldBasedMHTPath; fn append(&mut self, leaf: T::Data) -> Result<&mut Self, Error> { - // We can't take more leaves if self.processed_pos[0] == self.final_pos[0] { Err(MerkleTreeError::TooManyLeaves(self.height))? @@ -283,7 +298,9 @@ impl FieldBasedMerkleTree for FieldBased } // Reset all nodes values - self.array_nodes.iter_mut().for_each(|leaf| *leaf = ::zero()); + self.array_nodes + .iter_mut() + .for_each(|leaf| *leaf = ::zero()); // Reset finalized value self.finalized = false; @@ -294,14 +311,17 @@ impl FieldBasedMerkleTree for FieldBased fn root(&self) -> Option { match self.finalized { true => Some(self.root.clone()), - false => None + false => None, } } fn get_merkle_path(&self, leaf_index: usize) -> Option { let num_leaves = T::MERKLE_ARITY.pow(self.height as u32); if leaf_index >= num_leaves { - eprintln!("Invalid leaf index {} for num leaves {}", leaf_index, num_leaves); + eprintln!( + "Invalid leaf index {} for num leaves {}", + leaf_index, num_leaves + ); return None; } match self.finalized { @@ -314,7 +334,7 @@ impl FieldBasedMerkleTree for FieldBased let mut siblings = Vec::with_capacity(T::MERKLE_ARITY - 1); // Based on the index of the node, we must compute the index of the left-most children - let start_position = node_index - ( node_index % T::MERKLE_ARITY ); + let start_position = node_index - (node_index % T::MERKLE_ARITY); // Then, the right most children index is simply given by adding the arity let end_position = start_position + T::MERKLE_ARITY; @@ -330,46 +350,44 @@ impl FieldBasedMerkleTree for FieldBased merkle_path.push((siblings, node_index % T::MERKLE_ARITY)); // Get parent index for next iteration - node_index = num_leaves + (node_index/T::MERKLE_ARITY); + node_index = num_leaves + (node_index / T::MERKLE_ARITY); } // Sanity check: the last node_index must be the one of the root debug_assert_eq!(self.array_nodes[node_index], self.root); - Some( - FieldBasedMHTPath::::new(merkle_path) - ) - }, + Some(FieldBasedMHTPath::::new(merkle_path)) + } false => None, } } - fn height(&self) -> usize { self.height } + fn height(&self) -> usize { + self.height + } } #[cfg(test)] mod test { use algebra::{ biginteger::BigInteger768, - fields::{ - Field, - mnt4753::Fr as MNT4753Fr, mnt6753::Fr as MNT6753Fr - }, - UniformRand, - ToBytes, to_bytes, FromBytes, SemanticallyValid + fields::{mnt4753::Fr as MNT4753Fr, mnt6753::Fr as MNT6753Fr, Field}, + to_bytes, FromBytes, SemanticallyValid, ToBytes, UniformRand, }; - use rand::{SeedableRng, RngCore, thread_rng}; + use rand::{thread_rng, RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; use crate::{ - crh::parameters::{MNT4PoseidonHash, MNT4BatchPoseidonHash, MNT6PoseidonHash, MNT6BatchPoseidonHash}, + crh::parameters::{ + MNT4BatchPoseidonHash, MNT4PoseidonHash, MNT6BatchPoseidonHash, MNT6PoseidonHash, + }, merkle_tree::field_based_mht::{ - FieldBasedMerkleTree, NaiveMerkleTree, - FieldBasedMerkleTreePath, FieldBasedMerkleTreeParameters, - BatchFieldBasedMerkleTreeParameters, FieldBasedOptimizedMHT, - parameters::{ - MNT4753_MHT_POSEIDON_PARAMETERS, MNT6753_MHT_POSEIDON_PARAMETERS - } - }, FieldBasedMerkleTreePrecomputedZeroConstants, FieldBasedMHTPath}; + parameters::{MNT4753_MHT_POSEIDON_PARAMETERS, MNT6753_MHT_POSEIDON_PARAMETERS}, + BatchFieldBasedMerkleTreeParameters, FieldBasedMerkleTree, + FieldBasedMerkleTreeParameters, FieldBasedMerkleTreePath, FieldBasedOptimizedMHT, + NaiveMerkleTree, + }, + FieldBasedMHTPath, FieldBasedMerkleTreePrecomputedZeroConstants, + }; // OptimizedMHT definitions for tests below #[derive(Clone, Debug)] @@ -379,8 +397,9 @@ mod test { type Data = MNT4753Fr; type H = MNT4PoseidonHash; const MERKLE_ARITY: usize = 2; - const ZERO_NODE_CST: Option> = - Some(MNT4753_MHT_POSEIDON_PARAMETERS); + const ZERO_NODE_CST: Option< + FieldBasedMerkleTreePrecomputedZeroConstants<'static, Self::H>, + > = Some(MNT4753_MHT_POSEIDON_PARAMETERS); } impl BatchFieldBasedMerkleTreeParameters for MNT4753FieldBasedOptimizedMerkleTreeParams { @@ -394,8 +413,9 @@ mod test { type Data = MNT6753Fr; type H = MNT6PoseidonHash; const MERKLE_ARITY: usize = 2; - const ZERO_NODE_CST: Option> = - Some(MNT6753_MHT_POSEIDON_PARAMETERS); + const ZERO_NODE_CST: Option< + FieldBasedMerkleTreePrecomputedZeroConstants<'static, Self::H>, + > = Some(MNT6753_MHT_POSEIDON_PARAMETERS); } impl BatchFieldBasedMerkleTreeParameters for MNT6753FieldBasedOptimizedMerkleTreeParams { @@ -403,12 +423,11 @@ mod test { } fn merkle_tree_root_test( - height: usize, - num_leaves: usize, + height: usize, + num_leaves: usize, expected_root: T::Data, - mut rng: &mut R - ) - { + mut rng: &mut R, + ) { // Init in memory optimized tree let mut tree = FieldBasedOptimizedMHT::::init(height, num_leaves).unwrap(); @@ -416,7 +435,9 @@ mod test { let mut naive_mt = NaiveMerkleTree::::new(height); // Create leaves at random - let leaves = (0..num_leaves).map(|_| T::Data::rand(&mut rng)).collect::>(); + let leaves = (0..num_leaves) + .map(|_| T::Data::rand(&mut rng)) + .collect::>(); // Append leaves to tree leaves.iter().for_each(|leaf| { @@ -435,27 +456,25 @@ mod test { let optimized_root = tree.root().unwrap(); let naive_root = naive_mt.root().unwrap(); assert_eq!(naive_root, optimized_root); - assert_eq!( - tree.root().unwrap(), - expected_root, - ); + assert_eq!(tree.root().unwrap(), expected_root,); } /// Tests that effectively all the nodes of the tree are zeroed after a reset fn merkle_tree_reset_test( - height: usize, - num_leaves: usize, - mut rng: &mut R - ) - { + height: usize, + num_leaves: usize, + mut rng: &mut R, + ) { // Init in memory optimized tree let mut tree = FieldBasedOptimizedMHT::::init(height, num_leaves).unwrap(); // Create leaves at random - let leaves = (0..num_leaves).map(|_| T::Data::rand(&mut rng)).collect::>(); + let leaves = (0..num_leaves) + .map(|_| T::Data::rand(&mut rng)) + .collect::>(); // Add leaves to tree (don't fill the tree completely) - leaves[..num_leaves/2].iter().for_each(|leaf| { + leaves[..num_leaves / 2].iter().for_each(|leaf| { tree.append(leaf.clone()).unwrap(); }); @@ -464,7 +483,7 @@ mod test { let expected_root = tree.finalize().unwrap().root().unwrap(); // Finish filling the tree - leaves[num_leaves/2..].iter().for_each(|leaf| { + leaves[num_leaves / 2..].iter().for_each(|leaf| { tree.append(leaf.clone()).unwrap(); }); @@ -472,7 +491,7 @@ mod test { tree.finalize_in_place().unwrap().reset(); // Add the same leaves as we did initially - leaves[..num_leaves/2].iter().for_each(|leaf| { + leaves[..num_leaves / 2].iter().for_each(|leaf| { tree.append(leaf.clone()).unwrap(); }); @@ -560,14 +579,21 @@ mod test { 16287955982068396368, 2574770790166887043, 15847921958357229891, - 431926751316706 + 431926751316706, ])); let height = 10; let num_leaves = 2usize.pow(height as u32); let rng = &mut XorShiftRng::seed_from_u64(1231275789u64); - merkle_tree_root_test::(height, num_leaves, expected_output, rng); - merkle_tree_reset_test::(height, num_leaves,rng); + merkle_tree_root_test::( + height, + num_leaves, + expected_output, + rng, + ); + merkle_tree_reset_test::( + height, num_leaves, rng, + ); merkle_tree_test_edge_cases::(); } @@ -585,15 +611,22 @@ mod test { 14391757241795953360, 10971839229749467698, 17614506209597433225, - 374251447408225 + 374251447408225, ])); let height = 10; let num_leaves = 2usize.pow(height as u32); let rng = &mut XorShiftRng::seed_from_u64(1231275789u64); - merkle_tree_root_test::(height, num_leaves, expected_output, rng); - merkle_tree_reset_test::(height, num_leaves,rng); + merkle_tree_root_test::( + height, + num_leaves, + expected_output, + rng, + ); + merkle_tree_reset_test::( + height, num_leaves, rng, + ); merkle_tree_test_edge_cases::(); } @@ -610,14 +643,18 @@ mod test { } // Push them in a Naive Poseidon Merkle Tree and get the root - leaves.extend_from_slice(vec![::zero(); max_leaves - num_leaves].as_slice()); + leaves.extend_from_slice( + vec![::zero(); max_leaves - num_leaves].as_slice(), + ); let mut naive_mt = NaiveMerkleTree::::new(max_height); naive_mt.append(leaves.as_slice()).unwrap(); let naive_root = naive_mt.root().unwrap(); // Push them in a Poseidon Merkle Tree and get the root let mut mt = FieldBasedOptimizedMHT::::init(max_height, num_leaves).unwrap(); - leaves[0..num_leaves].iter().for_each(|&leaf| { mt.append(leaf).unwrap(); }); + leaves[0..num_leaves].iter().for_each(|&leaf| { + mt.append(leaf).unwrap(); + }); let root = mt.finalize_in_place().unwrap().root().unwrap(); assert_eq!(naive_root, root); @@ -628,22 +665,26 @@ mod test { for num_leaves in 1..=max_leaves { // Make half of the added leaves empty let mut leaves = Vec::with_capacity(num_leaves); - for _ in 0..num_leaves/2 { + for _ in 0..num_leaves / 2 { leaves.push(::zero()) } - for _ in num_leaves/2..num_leaves { + for _ in num_leaves / 2..num_leaves { leaves.push(T::Data::rand(&mut rng)) } // Push them in a Naive Poseidon Merkle Tree and get the root - leaves.extend_from_slice(vec![::zero(); max_leaves - num_leaves].as_slice()); + leaves.extend_from_slice( + vec![::zero(); max_leaves - num_leaves].as_slice(), + ); let mut naive_mt = NaiveMerkleTree::::new(max_height); naive_mt.append(leaves.as_slice()).unwrap(); let naive_root = naive_mt.root().unwrap(); // Push them in a Poseidon Merkle Tree and get the root let mut mt = FieldBasedOptimizedMHT::::init(max_height, num_leaves).unwrap(); - leaves[..].iter().for_each(|&leaf| { mt.append(leaf).unwrap(); }); + leaves[..].iter().for_each(|&leaf| { + mt.append(leaf).unwrap(); + }); let root = mt.finalize_in_place().unwrap().root().unwrap(); assert_eq!(naive_root, root); @@ -656,7 +697,9 @@ mod test { let max_height = 6; let max_leaves = 2usize.pow(max_height as u32); - merkle_tree_test_empty_leaves::(max_height, max_leaves, rng) + merkle_tree_test_empty_leaves::( + max_height, max_leaves, rng, + ) } #[test] @@ -665,7 +708,9 @@ mod test { let max_height = 6; let max_leaves = 2usize.pow(max_height as u32); - merkle_tree_test_empty_leaves::(max_height, max_leaves, rng) + merkle_tree_test_empty_leaves::( + max_height, max_leaves, rng, + ) } fn merkle_tree_path_test( @@ -677,12 +722,12 @@ mod test { let mut tree = FieldBasedOptimizedMHT::::init(height, num_leaves).unwrap(); // Generate random leaves, half of which empty - for _ in 0..num_leaves/2 { + for _ in 0..num_leaves / 2 { let leaf = T::Data::rand(&mut rng); tree.append(leaf).unwrap(); leaves.push(leaf); } - for _ in num_leaves/2..num_leaves { + for _ in num_leaves / 2..num_leaves { let leaf = ::zero(); leaves.push(leaf); } @@ -696,7 +741,6 @@ mod test { assert_eq!(root, naive_root); for i in 0..num_leaves { - // Create and verify a FieldBasedMHTPath let path = tree.get_merkle_path(i).unwrap(); assert!(path.is_valid()); @@ -705,7 +749,9 @@ mod test { // Create and verify a Naive path let naive_path = naive_tree.generate_proof(i, &leaves[i]).unwrap(); assert!(naive_path.is_valid()); - assert!(naive_path.verify(naive_tree.height(), &leaves[i], &naive_root ).unwrap()); + assert!(naive_path + .verify(naive_tree.height(), &leaves[i], &naive_root) + .unwrap()); // Assert the two paths are equal assert_eq!(naive_path, path); @@ -713,16 +759,17 @@ mod test { // Check leaf index is the correct one assert_eq!(i, path.leaf_index()); - if i == 0 { // leftmost check + if i == 0 { + // leftmost check assert!(path.is_leftmost()); - } - else if i == (num_leaves / 2) - 1 { // non-empty rightmost check + } else if i == (num_leaves / 2) - 1 { + // non-empty rightmost check assert!(path.are_right_leaves_empty()); - } - else if i == num_leaves - 1 { //rightmost check + } else if i == num_leaves - 1 { + //rightmost check assert!(path.is_rightmost()); - } - else { // Other cases check + } else { + // Other cases check assert!(!path.is_leftmost()); assert!(!path.is_rightmost()); @@ -736,17 +783,20 @@ mod test { // Serialization/deserialization test let path_serialized = to_bytes!(path).unwrap(); - let path_deserialized = FieldBasedMHTPath::::read(path_serialized.as_slice()).unwrap(); + let path_deserialized = + FieldBasedMHTPath::::read(path_serialized.as_slice()).unwrap(); assert_eq!(path, path_deserialized); } } - fn merkle_tree_path_are_right_leaves_empty_test( + fn merkle_tree_path_are_right_leaves_empty_test< + T: BatchFieldBasedMerkleTreeParameters, + R: RngCore, + >( height: usize, num_leaves: usize, mut rng: &mut R, - ) - { + ) { let mut tree = FieldBasedOptimizedMHT::::init(height, num_leaves).unwrap(); // Generate random leaves @@ -762,23 +812,29 @@ mod test { #[test] fn merkle_tree_path_test_mnt4() { - let height = 6; let num_leaves = 2usize.pow(height as u32); let rng = &mut XorShiftRng::seed_from_u64(1231275789u64); - merkle_tree_path_test::(height, num_leaves, rng); - merkle_tree_path_are_right_leaves_empty_test::(height, num_leaves, rng); + merkle_tree_path_test::( + height, num_leaves, rng, + ); + merkle_tree_path_are_right_leaves_empty_test::( + height, num_leaves, rng, + ); } #[test] fn merkle_tree_path_test_mnt6() { - let height = 6; let num_leaves = 2usize.pow(height as u32); let rng = &mut XorShiftRng::seed_from_u64(1231275789u64); - merkle_tree_path_test::(height, num_leaves, rng); - merkle_tree_path_are_right_leaves_empty_test::(height, num_leaves, rng); + merkle_tree_path_test::( + height, num_leaves, rng, + ); + merkle_tree_path_are_right_leaves_empty_test::( + height, num_leaves, rng, + ); } -} \ No newline at end of file +} diff --git a/primitives/src/merkle_tree/field_based_mht/parameters/bn382.rs b/primitives/src/merkle_tree/field_based_mht/parameters/bn382.rs index 5016337ff..5ecfba7b2 100644 --- a/primitives/src/merkle_tree/field_based_mht/parameters/bn382.rs +++ b/primitives/src/merkle_tree/field_based_mht/parameters/bn382.rs @@ -1,106 +1,410 @@ -use algebra::{ - fields::bn_382::Fr as BN382Fr, - biginteger::BigInteger384, - field_new, -}; +use algebra::{biginteger::BigInteger384, field_new, fields::bn_382::Fr as BN382Fr}; -use crate::{ - crh::poseidon::BN382FrPoseidonHash, - FieldBasedMerkleTreePrecomputedZeroConstants, -}; +use crate::{crh::poseidon::BN382FrPoseidonHash, FieldBasedMerkleTreePrecomputedZeroConstants}; // PoseidonHash("This represents an empty Merkle Root for a BN382FrPoseidonHash based Merkle Tree.") -pub const BN382_PHANTOM_MERKLE_ROOT: BN382Fr = - field_new!(BN382Fr, BigInteger384([ +pub const BN382_PHANTOM_MERKLE_ROOT: BN382Fr = field_new!( + BN382Fr, + BigInteger384([ 99773930179339435, 348923504295496314, 646079944679159593, 7944079026413204524, 7188710039817985762, 1508748032991309384 - ])); + ]) +); -pub const BN382_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants<'static, BN382FrPoseidonHash> = - FieldBasedMerkleTreePrecomputedZeroConstants { - nodes: &[ - field_new!(BN382Fr, BigInteger384([0, 0, 0, 0, 0, 0])), - field_new!(BN382Fr, BigInteger384([15745522788649903907, 16652409264296773101, 9580329627252538379, 14449588676843283900, 18075316901601731326, 2096864981361276526])), - field_new!(BN382Fr, BigInteger384([2268444023388143544, 17298360647738556748, 94373253860962130, 8702337489709032691, 9644208621815391130, 2264890757681590843])), - field_new!(BN382Fr, BigInteger384([7083298892765997525, 8892407521668137791, 9197215395346518622, 6847703070393882449, 15815800337722272215, 2146152396506143110])), - field_new!(BN382Fr, BigInteger384([750322402422095458, 16665857403862931511, 12073911270502074268, 8433108039675190344, 1300689657487132566, 1020791768747886572])), - field_new!(BN382Fr, BigInteger384([11281746813136010846, 18274249872713361110, 9851530189728317185, 3338120257635833108, 3801524501259031095, 248287800870448076])), - field_new!(BN382Fr, BigInteger384([2390950906608007984, 4903832209033298596, 2925749861501906773, 4464995168837234610, 9918609401679022161, 895224401408241737])), - field_new!(BN382Fr, BigInteger384([15795463120980401949, 13683817975310161826, 14943758995704371758, 2963047471043258611, 15560137637823847687, 1970079961753011829])), - field_new!(BN382Fr, BigInteger384([1525930063762604551, 7821861940372891874, 3288493529010705295, 10088419980085533439, 13145259179765681517, 1322404108891623173])), - field_new!(BN382Fr, BigInteger384([2684330210395719551, 11286208450053283994, 15699938099991331709, 18412623006990068853, 9501317450489141331, 172059031072665217])), - field_new!(BN382Fr, BigInteger384([5819165191195505318, 12153225337826917781, 12327240005547992139, 12207354228153053751, 3901867814770348889, 1438981947430405828])), - field_new!(BN382Fr, BigInteger384([11214241094396042753, 11173876455926953396, 15814145438405569553, 18144677296528908006, 18412396687004136456, 1258927997344890989])), - field_new!(BN382Fr, BigInteger384([10049953164942675478, 16416714521945791933, 17041185386399416490, 17642836562955912768, 18183804977083255435, 2419907683556989366])), - field_new!(BN382Fr, BigInteger384([5442062389265456001, 3809170157598981025, 171581856662145032, 7823864420716956396, 14190301556270692975, 1925674956519263100])), - field_new!(BN382Fr, BigInteger384([12294189776828093222, 9695787539924999054, 17265012360232765539, 15244771273107585498, 15265697462822524160, 846181752110206430])), - field_new!(BN382Fr, BigInteger384([11185085303686312588, 16902728784831515441, 13164449473289657618, 9549239001699138221, 13043374568401809638, 1642958620195066185])), - field_new!(BN382Fr, BigInteger384([1390697583764602093, 14358331455140202139, 9806658171340269129, 8251375617867637901, 12151248349977502804, 455921830939517914])), - field_new!(BN382Fr, BigInteger384([11612053044891427379, 5419547329233500692, 3523066411176134140, 15564341640990073183, 2067829022235025120, 702528074150429489])), - field_new!(BN382Fr, BigInteger384([15036289228239389000, 14265335863058877392, 11472396836099736148, 7427258307910247530, 10268179225463705622, 789369268217915113])), - field_new!(BN382Fr, BigInteger384([8435340205313937413, 10115055377697127058, 8316231521312999546, 3213801747455134400, 10644744892564093098, 194996373114334014])), - field_new!(BN382Fr, BigInteger384([4417166319706354555, 18059889370229157288, 599731290899030549, 17740477437781096438, 10743946805919141448, 1255980265141921671])), - field_new!(BN382Fr, BigInteger384([8379846358161539910, 6730457586677095487, 99799092274867936, 16494583908071785679, 6131352036353445598, 504757793675923016])), - field_new!(BN382Fr, BigInteger384([7618790430717705224, 12238331599640839364, 12280407896864119921, 137671061885254939, 6588285525951378421, 273021015830318700])), - field_new!(BN382Fr, BigInteger384([17528843338993259910, 11393449507679100721, 11488252380054515768, 18396438892385169693, 12522428348938437892, 1510220287719859806])), - field_new!(BN382Fr, BigInteger384([5232897846370952646, 12001959983773961376, 9990356515457113967, 4288647813762202340, 17920480461628008312, 103086131588975747])), - field_new!(BN382Fr, BigInteger384([10374214577556168333, 9568513405429223927, 4041489790504288062, 1760049514128843854, 10173782315457415666, 1025079754491591784])), - field_new!(BN382Fr, BigInteger384([3291658613665006523, 10085844144893116188, 7463547707207073869, 8938960150472038668, 6430176952637505497, 857170116659665625])), - field_new!(BN382Fr, BigInteger384([14336914415971211635, 1330236931851483464, 4008678658071972853, 17937936022335619031, 11606575996835638030, 33779966529900173])), - field_new!(BN382Fr, BigInteger384([4119134980068298511, 13571526693966906484, 1253155045129486578, 18284510512721817313, 167811198719422876, 2075510430651685609])), - field_new!(BN382Fr, BigInteger384([9941799784249624573, 9692743588374875612, 15318421689942954724, 809466338861083538, 16874927241240321727, 1626992884838856495])), - field_new!(BN382Fr, BigInteger384([2157626871658178935, 7767126464003660972, 10971073601222306380, 4429093238836685086, 10135931595697065579, 1849474545255355787])), - field_new!(BN382Fr, BigInteger384([4618320067891861322, 4616642654378070010, 15518097436041631420, 2843648375168158222, 9969860661831651300, 1847121686185607012])), - ], - merkle_arity: 2, - }; +pub const BN382_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants< + 'static, + BN382FrPoseidonHash, +> = FieldBasedMerkleTreePrecomputedZeroConstants { + nodes: &[ + field_new!(BN382Fr, BigInteger384([0, 0, 0, 0, 0, 0])), + field_new!( + BN382Fr, + BigInteger384([ + 15745522788649903907, + 16652409264296773101, + 9580329627252538379, + 14449588676843283900, + 18075316901601731326, + 2096864981361276526 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 2268444023388143544, + 17298360647738556748, + 94373253860962130, + 8702337489709032691, + 9644208621815391130, + 2264890757681590843 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 7083298892765997525, + 8892407521668137791, + 9197215395346518622, + 6847703070393882449, + 15815800337722272215, + 2146152396506143110 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 750322402422095458, + 16665857403862931511, + 12073911270502074268, + 8433108039675190344, + 1300689657487132566, + 1020791768747886572 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 11281746813136010846, + 18274249872713361110, + 9851530189728317185, + 3338120257635833108, + 3801524501259031095, + 248287800870448076 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 2390950906608007984, + 4903832209033298596, + 2925749861501906773, + 4464995168837234610, + 9918609401679022161, + 895224401408241737 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 15795463120980401949, + 13683817975310161826, + 14943758995704371758, + 2963047471043258611, + 15560137637823847687, + 1970079961753011829 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 1525930063762604551, + 7821861940372891874, + 3288493529010705295, + 10088419980085533439, + 13145259179765681517, + 1322404108891623173 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 2684330210395719551, + 11286208450053283994, + 15699938099991331709, + 18412623006990068853, + 9501317450489141331, + 172059031072665217 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 5819165191195505318, + 12153225337826917781, + 12327240005547992139, + 12207354228153053751, + 3901867814770348889, + 1438981947430405828 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 11214241094396042753, + 11173876455926953396, + 15814145438405569553, + 18144677296528908006, + 18412396687004136456, + 1258927997344890989 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 10049953164942675478, + 16416714521945791933, + 17041185386399416490, + 17642836562955912768, + 18183804977083255435, + 2419907683556989366 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 5442062389265456001, + 3809170157598981025, + 171581856662145032, + 7823864420716956396, + 14190301556270692975, + 1925674956519263100 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 12294189776828093222, + 9695787539924999054, + 17265012360232765539, + 15244771273107585498, + 15265697462822524160, + 846181752110206430 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 11185085303686312588, + 16902728784831515441, + 13164449473289657618, + 9549239001699138221, + 13043374568401809638, + 1642958620195066185 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 1390697583764602093, + 14358331455140202139, + 9806658171340269129, + 8251375617867637901, + 12151248349977502804, + 455921830939517914 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 11612053044891427379, + 5419547329233500692, + 3523066411176134140, + 15564341640990073183, + 2067829022235025120, + 702528074150429489 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 15036289228239389000, + 14265335863058877392, + 11472396836099736148, + 7427258307910247530, + 10268179225463705622, + 789369268217915113 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 8435340205313937413, + 10115055377697127058, + 8316231521312999546, + 3213801747455134400, + 10644744892564093098, + 194996373114334014 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 4417166319706354555, + 18059889370229157288, + 599731290899030549, + 17740477437781096438, + 10743946805919141448, + 1255980265141921671 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 8379846358161539910, + 6730457586677095487, + 99799092274867936, + 16494583908071785679, + 6131352036353445598, + 504757793675923016 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 7618790430717705224, + 12238331599640839364, + 12280407896864119921, + 137671061885254939, + 6588285525951378421, + 273021015830318700 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 17528843338993259910, + 11393449507679100721, + 11488252380054515768, + 18396438892385169693, + 12522428348938437892, + 1510220287719859806 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 5232897846370952646, + 12001959983773961376, + 9990356515457113967, + 4288647813762202340, + 17920480461628008312, + 103086131588975747 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 10374214577556168333, + 9568513405429223927, + 4041489790504288062, + 1760049514128843854, + 10173782315457415666, + 1025079754491591784 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 3291658613665006523, + 10085844144893116188, + 7463547707207073869, + 8938960150472038668, + 6430176952637505497, + 857170116659665625 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 14336914415971211635, + 1330236931851483464, + 4008678658071972853, + 17937936022335619031, + 11606575996835638030, + 33779966529900173 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 4119134980068298511, + 13571526693966906484, + 1253155045129486578, + 18284510512721817313, + 167811198719422876, + 2075510430651685609 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 9941799784249624573, + 9692743588374875612, + 15318421689942954724, + 809466338861083538, + 16874927241240321727, + 1626992884838856495 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 2157626871658178935, + 7767126464003660972, + 10971073601222306380, + 4429093238836685086, + 10135931595697065579, + 1849474545255355787 + ]) + ), + field_new!( + BN382Fr, + BigInteger384([ + 4618320067891861322, + 4616642654378070010, + 15518097436041631420, + 2843648375168158222, + 9969860661831651300, + 1847121686185607012 + ]) + ), + ], + merkle_arity: 2, +}; #[cfg(test)] mod test { - use algebra::{ - fields::bn_382::Fr, Field, - }; + use super::{BN382_MHT_POSEIDON_PARAMETERS, BN382_PHANTOM_MERKLE_ROOT}; use crate::{ crh::BN382FrPoseidonHash, merkle_tree::field_based_mht::parameters::{ - generate_phantom_merkle_root_from_magic_string, - generate_mht_empty_nodes, + generate_mht_empty_nodes, generate_phantom_merkle_root_from_magic_string, }, - FieldBasedMerkleTreePrecomputedZeroConstants - }; - use super::{ - BN382_PHANTOM_MERKLE_ROOT, BN382_MHT_POSEIDON_PARAMETERS + FieldBasedMerkleTreePrecomputedZeroConstants, }; + use algebra::{fields::bn_382::Fr, Field}; #[ignore] #[test] - fn test_generate_bn382_phantom_merkle_root(){ + fn test_generate_bn382_phantom_merkle_root() { let expected_root = generate_phantom_merkle_root_from_magic_string::( - "This represents an empty Merkle Root for a BN382FrPoseidonHash based Merkle Tree." + "This represents an empty Merkle Root for a BN382FrPoseidonHash based Merkle Tree.", ); assert_eq!(expected_root, BN382_PHANTOM_MERKLE_ROOT); } - #[ignore] #[test] fn test_generate_binary_bn382_mht_empty_nodes() { let merkle_arity = 2; let max_height = 32; - let empty_nodes = generate_mht_empty_nodes::(merkle_arity, max_height, Fr::zero()); + let empty_nodes = generate_mht_empty_nodes::( + merkle_arity, + max_height, + Fr::zero(), + ); assert_eq!(empty_nodes.len(), max_height); let params = FieldBasedMerkleTreePrecomputedZeroConstants:: { - nodes: empty_nodes.as_slice(), merkle_arity + nodes: empty_nodes.as_slice(), + merkle_arity, }; assert_eq!(params, BN382_MHT_POSEIDON_PARAMETERS) } } - - diff --git a/primitives/src/merkle_tree/field_based_mht/parameters/bn382_dual.rs b/primitives/src/merkle_tree/field_based_mht/parameters/bn382_dual.rs index d3e41f44f..936dcbcf2 100644 --- a/primitives/src/merkle_tree/field_based_mht/parameters/bn382_dual.rs +++ b/primitives/src/merkle_tree/field_based_mht/parameters/bn382_dual.rs @@ -1,106 +1,410 @@ -use algebra::{ - fields::bn_382::Fq as BN382Fq, - biginteger::BigInteger384, - field_new, -}; +use algebra::{biginteger::BigInteger384, field_new, fields::bn_382::Fq as BN382Fq}; -use crate::{ - crh::poseidon::BN382FqPoseidonHash, - FieldBasedMerkleTreePrecomputedZeroConstants, -}; +use crate::{crh::poseidon::BN382FqPoseidonHash, FieldBasedMerkleTreePrecomputedZeroConstants}; // PoseidonHash("This represents an empty Merkle Root for a BN382FqPoseidonHash based Merkle Tree.") -pub const BN382_DUAL_PHANTOM_MERKLE_ROOT: BN382Fq = - field_new!(BN382Fq, BigInteger384([ +pub const BN382_DUAL_PHANTOM_MERKLE_ROOT: BN382Fq = field_new!( + BN382Fq, + BigInteger384([ 8979936313940592922, 10215515058412413971, 2463279520739337462, 4275260645336182177, 15799583494722806682, 1056984384425758049 - ])); + ]) +); -pub const BN382_DUAL_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants<'static, BN382FqPoseidonHash> = - FieldBasedMerkleTreePrecomputedZeroConstants { - nodes: &[ - field_new!(BN382Fq, BigInteger384([0, 0, 0, 0, 0, 0])), - field_new!(BN382Fq, BigInteger384([7636599113261288821, 6557727936151308107, 3241378259940865905, 15871565890065558290, 16630733516914421307, 1324540765431294349])), - field_new!(BN382Fq, BigInteger384([287727488433006003, 1088464748192281431, 15827020881079220140, 1331775575232289584, 14242619047041217569, 2294212050388026625])), - field_new!(BN382Fq, BigInteger384([7993457779915725923, 3058943635510122026, 11798068799170575640, 3747175813576786677, 213663719667506195, 2366009504554367300])), - field_new!(BN382Fq, BigInteger384([10094926679317363223, 12737879176061019736, 10978848528492051076, 8544191473536318673, 14993933841124926991, 1753564439929246431])), - field_new!(BN382Fq, BigInteger384([6253365645214559243, 3039874498142218772, 14086580511026357838, 60728832917754024, 12440802359123561345, 1868834410540352685])), - field_new!(BN382Fq, BigInteger384([10244718802795623022, 9073840648386655020, 12838416835650713614, 538879495054185005, 11509536833050651406, 2209499366655055477])), - field_new!(BN382Fq, BigInteger384([15791776196425138106, 18050543454536645620, 4409269230443573299, 16052959955442985715, 17476738767950693842, 1162489713506798434])), - field_new!(BN382Fq, BigInteger384([11906109974361529725, 15306795184983549380, 4155387310588880274, 6180416274510671964, 4426996410962730186, 756896158125999840])), - field_new!(BN382Fq, BigInteger384([14181042564822222050, 701246605447797587, 3942336547730946105, 16518997589713930806, 11899361407177707139, 294911663167241463])), - field_new!(BN382Fq, BigInteger384([8374086877179825251, 2264591464122127576, 9873033896736374641, 11963981873350666843, 12789539683783406511, 1129194589538380767])), - field_new!(BN382Fq, BigInteger384([10318206452532065935, 926489713079204479, 8369752820101050575, 13314648291698513509, 3356859517339362616, 1701137969070502998])), - field_new!(BN382Fq, BigInteger384([16232534956374544732, 6535672643691604194, 7003415902683306923, 3908950359395080501, 4066480981470549601, 2159266056435576849])), - field_new!(BN382Fq, BigInteger384([15954235559928368471, 329174902064826244, 13693353038625206789, 4089766615010650733, 8549079267913927226, 771064911269106507])), - field_new!(BN382Fq, BigInteger384([4268341007039309198, 10992358117702254955, 13950870182267914824, 16873933335657922640, 14052707451643584138, 2584392839730574502])), - field_new!(BN382Fq, BigInteger384([16591735610660498492, 17781899935954572135, 16646937437426615184, 16885825544709802324, 1509988581114077405, 387939338750224824])), - field_new!(BN382Fq, BigInteger384([6058309965966798452, 6644057444231284713, 2295830477868038201, 12217652189600751773, 5254159715186605416, 2507118322499639480])), - field_new!(BN382Fq, BigInteger384([7702054529420740660, 10981409101497270706, 12686607366150108892, 2345022846441368089, 9581689281978686926, 720624324682027648])), - field_new!(BN382Fq, BigInteger384([17510253810687593896, 14145824575746044092, 10439406438570740625, 865563262725095441, 15244168470577504021, 403307286253798802])), - field_new!(BN382Fq, BigInteger384([3242933625238041304, 7516857600183387153, 14681761372990303868, 11821858222899815164, 2342338970153924341, 558069737956008935])), - field_new!(BN382Fq, BigInteger384([11054445124335614716, 1117249899233913763, 15016770458216493461, 580943470034605788, 946313509698390707, 1144207461194235289])), - field_new!(BN382Fq, BigInteger384([5108326149335296081, 916637417971728292, 12773431289048875076, 10663588607535394673, 5357114698443342084, 1859535361516593966])), - field_new!(BN382Fq, BigInteger384([6039373128271587854, 17076503937395488110, 5607663320819645576, 12559403026424961008, 15340818881534855517, 1463233461074269187])), - field_new!(BN382Fq, BigInteger384([3783571473052933352, 8178680838610435600, 9180592555174895913, 7714863233415873408, 457319677449427634, 1451651832847914870])), - field_new!(BN382Fq, BigInteger384([11029316711968334702, 6447067670798736477, 18202456233245781046, 3751685162424601534, 13094455818198547884, 415023143900494])), - field_new!(BN382Fq, BigInteger384([16476349059727283335, 6330408673109019023, 10585261604176662531, 3142395226077508802, 10945206475499651667, 731110813877675189])), - field_new!(BN382Fq, BigInteger384([8394119228450382902, 12242987121659750678, 17811696895679494957, 1826213441048614140, 10286928280372045535, 33606947057438694])), - field_new!(BN382Fq, BigInteger384([7579338831997647598, 10938359721409838789, 3620989515966661032, 12279287358576237610, 1732441136645988932, 631880799153210288])), - field_new!(BN382Fq, BigInteger384([9614010446177306678, 140499958558297497, 8766236305310369876, 3371793938909224669, 1853584933707828749, 2315035167232930591])), - field_new!(BN382Fq, BigInteger384([7669235534727065524, 14098755367771001900, 17471862328026666793, 2479192610632435840, 5147665581216066672, 1544540915203183068])), - field_new!(BN382Fq, BigInteger384([14637716683142119407, 14595866956389954699, 3611601429733342267, 14475802025677109666, 15569512102882598511, 1253541964638507110])), - field_new!(BN382Fq, BigInteger384([4861873046018910447, 14513869866199065053, 17908500805447214805, 2157190732543967413, 8159090070018505326, 1418105534948653812])), - ], - merkle_arity: 2, - }; +pub const BN382_DUAL_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants< + 'static, + BN382FqPoseidonHash, +> = FieldBasedMerkleTreePrecomputedZeroConstants { + nodes: &[ + field_new!(BN382Fq, BigInteger384([0, 0, 0, 0, 0, 0])), + field_new!( + BN382Fq, + BigInteger384([ + 7636599113261288821, + 6557727936151308107, + 3241378259940865905, + 15871565890065558290, + 16630733516914421307, + 1324540765431294349 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 287727488433006003, + 1088464748192281431, + 15827020881079220140, + 1331775575232289584, + 14242619047041217569, + 2294212050388026625 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 7993457779915725923, + 3058943635510122026, + 11798068799170575640, + 3747175813576786677, + 213663719667506195, + 2366009504554367300 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 10094926679317363223, + 12737879176061019736, + 10978848528492051076, + 8544191473536318673, + 14993933841124926991, + 1753564439929246431 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 6253365645214559243, + 3039874498142218772, + 14086580511026357838, + 60728832917754024, + 12440802359123561345, + 1868834410540352685 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 10244718802795623022, + 9073840648386655020, + 12838416835650713614, + 538879495054185005, + 11509536833050651406, + 2209499366655055477 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 15791776196425138106, + 18050543454536645620, + 4409269230443573299, + 16052959955442985715, + 17476738767950693842, + 1162489713506798434 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 11906109974361529725, + 15306795184983549380, + 4155387310588880274, + 6180416274510671964, + 4426996410962730186, + 756896158125999840 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 14181042564822222050, + 701246605447797587, + 3942336547730946105, + 16518997589713930806, + 11899361407177707139, + 294911663167241463 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 8374086877179825251, + 2264591464122127576, + 9873033896736374641, + 11963981873350666843, + 12789539683783406511, + 1129194589538380767 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 10318206452532065935, + 926489713079204479, + 8369752820101050575, + 13314648291698513509, + 3356859517339362616, + 1701137969070502998 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 16232534956374544732, + 6535672643691604194, + 7003415902683306923, + 3908950359395080501, + 4066480981470549601, + 2159266056435576849 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 15954235559928368471, + 329174902064826244, + 13693353038625206789, + 4089766615010650733, + 8549079267913927226, + 771064911269106507 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 4268341007039309198, + 10992358117702254955, + 13950870182267914824, + 16873933335657922640, + 14052707451643584138, + 2584392839730574502 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 16591735610660498492, + 17781899935954572135, + 16646937437426615184, + 16885825544709802324, + 1509988581114077405, + 387939338750224824 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 6058309965966798452, + 6644057444231284713, + 2295830477868038201, + 12217652189600751773, + 5254159715186605416, + 2507118322499639480 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 7702054529420740660, + 10981409101497270706, + 12686607366150108892, + 2345022846441368089, + 9581689281978686926, + 720624324682027648 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 17510253810687593896, + 14145824575746044092, + 10439406438570740625, + 865563262725095441, + 15244168470577504021, + 403307286253798802 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 3242933625238041304, + 7516857600183387153, + 14681761372990303868, + 11821858222899815164, + 2342338970153924341, + 558069737956008935 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 11054445124335614716, + 1117249899233913763, + 15016770458216493461, + 580943470034605788, + 946313509698390707, + 1144207461194235289 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 5108326149335296081, + 916637417971728292, + 12773431289048875076, + 10663588607535394673, + 5357114698443342084, + 1859535361516593966 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 6039373128271587854, + 17076503937395488110, + 5607663320819645576, + 12559403026424961008, + 15340818881534855517, + 1463233461074269187 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 3783571473052933352, + 8178680838610435600, + 9180592555174895913, + 7714863233415873408, + 457319677449427634, + 1451651832847914870 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 11029316711968334702, + 6447067670798736477, + 18202456233245781046, + 3751685162424601534, + 13094455818198547884, + 415023143900494 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 16476349059727283335, + 6330408673109019023, + 10585261604176662531, + 3142395226077508802, + 10945206475499651667, + 731110813877675189 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 8394119228450382902, + 12242987121659750678, + 17811696895679494957, + 1826213441048614140, + 10286928280372045535, + 33606947057438694 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 7579338831997647598, + 10938359721409838789, + 3620989515966661032, + 12279287358576237610, + 1732441136645988932, + 631880799153210288 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 9614010446177306678, + 140499958558297497, + 8766236305310369876, + 3371793938909224669, + 1853584933707828749, + 2315035167232930591 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 7669235534727065524, + 14098755367771001900, + 17471862328026666793, + 2479192610632435840, + 5147665581216066672, + 1544540915203183068 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 14637716683142119407, + 14595866956389954699, + 3611601429733342267, + 14475802025677109666, + 15569512102882598511, + 1253541964638507110 + ]) + ), + field_new!( + BN382Fq, + BigInteger384([ + 4861873046018910447, + 14513869866199065053, + 17908500805447214805, + 2157190732543967413, + 8159090070018505326, + 1418105534948653812 + ]) + ), + ], + merkle_arity: 2, +}; #[cfg(test)] mod test { - use algebra::{ - fields::bn_382::Fq, Field, - }; + use super::{BN382_DUAL_MHT_POSEIDON_PARAMETERS, BN382_DUAL_PHANTOM_MERKLE_ROOT}; use crate::{ crh::BN382FqPoseidonHash, merkle_tree::field_based_mht::parameters::{ - generate_phantom_merkle_root_from_magic_string, - generate_mht_empty_nodes, + generate_mht_empty_nodes, generate_phantom_merkle_root_from_magic_string, }, - FieldBasedMerkleTreePrecomputedZeroConstants - }; - use super::{ - BN382_DUAL_PHANTOM_MERKLE_ROOT, BN382_DUAL_MHT_POSEIDON_PARAMETERS + FieldBasedMerkleTreePrecomputedZeroConstants, }; + use algebra::{fields::bn_382::Fq, Field}; #[ignore] #[test] - fn test_generate_bn382_dual_phantom_merkle_root(){ + fn test_generate_bn382_dual_phantom_merkle_root() { let expected_root = generate_phantom_merkle_root_from_magic_string::( - "This represents an empty Merkle Root for a BN382FqPoseidonHash based Merkle Tree." + "This represents an empty Merkle Root for a BN382FqPoseidonHash based Merkle Tree.", ); assert_eq!(expected_root, BN382_DUAL_PHANTOM_MERKLE_ROOT); } - #[ignore] #[test] fn test_generate_binary_bn382_dual_mht_empty_nodes() { let merkle_arity = 2; let max_height = 32; - let empty_nodes = generate_mht_empty_nodes::(merkle_arity, max_height, Fq::zero()); + let empty_nodes = generate_mht_empty_nodes::( + merkle_arity, + max_height, + Fq::zero(), + ); assert_eq!(empty_nodes.len(), max_height); let params = FieldBasedMerkleTreePrecomputedZeroConstants:: { - nodes: empty_nodes.as_slice(), merkle_arity + nodes: empty_nodes.as_slice(), + merkle_arity, }; assert_eq!(params, BN382_DUAL_MHT_POSEIDON_PARAMETERS) } } - - diff --git a/primitives/src/merkle_tree/field_based_mht/parameters/mnt4753.rs b/primitives/src/merkle_tree/field_based_mht/parameters/mnt4753.rs index f2912a220..f7fc531c2 100644 --- a/primitives/src/merkle_tree/field_based_mht/parameters/mnt4753.rs +++ b/primitives/src/merkle_tree/field_based_mht/parameters/mnt4753.rs @@ -1,8 +1,4 @@ -use algebra::{ - fields::mnt4753::Fr as MNT4753Fr, - biginteger::BigInteger768, - field_new, -}; +use algebra::{biginteger::BigInteger768, field_new, fields::mnt4753::Fr as MNT4753Fr}; use crate::{ crh::poseidon::parameters::mnt4753::MNT4PoseidonHash, @@ -10,8 +6,9 @@ use crate::{ }; // PoseidonHash("This represents an empty Merkle Root for a MNT4753PoseidonHash based Merkle Tree.") padded with 0s -pub const MNT4753_PHANTOM_MERKLE_ROOT: MNT4753Fr = - field_new!(MNT4753Fr, BigInteger768([ +pub const MNT4753_PHANTOM_MERKLE_ROOT: MNT4753Fr = field_new!( + MNT4753Fr, + BigInteger768([ 13776568879588824265, 7211554190542477013, 6228527372657692958, @@ -27,82 +24,582 @@ pub const MNT4753_PHANTOM_MERKLE_ROOT: MNT4753Fr = ]) ); -pub const MNT4753_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants<'static, MNT4PoseidonHash> = - FieldBasedMerkleTreePrecomputedZeroConstants { - nodes: &[ - field_new!(MNT4753Fr, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - field_new!(MNT4753Fr, BigInteger768([8006651735201630156, 9690860117920174136, 17224466678789631133, 6780594604568324163, 10846822411885063383, 7705408890208139333, 17852453186369903215, 4603099682590023221, 6867488836877866745, 9012707624260102571, 2160379244411329684, 405517700872843])), - field_new!(MNT4753Fr, BigInteger768([9009078911095728295, 16880778409027731807, 13121109548980524388, 8671583285772432396, 1276712593148266536, 3846166368668027075, 987365742422813655, 4133721649779220685, 18214701760975815806, 2560296921114197075, 6735843989315866968, 258198083137644])), - field_new!(MNT4753Fr, BigInteger768([17950050146492127951, 16327866259413817165, 5325612456818009723, 13032332967517994116, 11606259928698780021, 18423757838658996228, 4947340578531384732, 11439818895821885783, 3806664898755278830, 7632322505775809872, 2138578042937164240, 256174925062235])), - field_new!(MNT4753Fr, BigInteger768([3440575764136291984, 4646597685838725417, 14120282487422853466, 51118828334671919, 5193412418438997247, 4943684452011438354, 17459644778321457702, 3482809443021974704, 14790384667283994535, 4282610666874864568, 11523700099217562075, 438967134548262])), - field_new!(MNT4753Fr, BigInteger768([7272168453534284373, 10958105035899260074, 15576269046001681679, 14787328550056102708, 16335226507289463986, 14720733464497687810, 7919383887301123260, 11066567550789535136, 15975211607681070022, 10296269259113856382, 10920143346057771676, 795252093138])), - field_new!(MNT4753Fr, BigInteger768([826904150116067538, 10237112221043249725, 6024061998080125997, 7753170609339516104, 2550092909420279384, 13448074323075115706, 17602829318749851898, 8101804824736693879, 8863089057636595414, 3661185237686557926, 6880021529183572516, 224308704083285])), - field_new!(MNT4753Fr, BigInteger768([14509017355779969101, 7602547500616040275, 6086256388237624346, 4549079082801452129, 7761772750489326265, 618337719571335897, 4128122185318597813, 9440684808288899728, 8297543190946064001, 12538498250612997391, 7746398219879848372, 339163394071224])), - field_new!(MNT4753Fr, BigInteger768([14897606205276046121, 18196472582659531638, 9919697950629599129, 17140679205180594759, 16248442797882106339, 13146452530658826299, 16400107791967239768, 6342701669832629563, 16711494074981700621, 6046242811920717474, 5069759035007581693, 426056598423805])), - field_new!(MNT4753Fr, BigInteger768([13832717954384852105, 4777087501933178325, 10106031147259565671, 15211034711597743161, 547067972737459710, 5316919614969511031, 13415111780447572134, 16379829099190731105, 16908825399490173118, 16761352258165638563, 2651363678930579874, 293001363772891])), - field_new!(MNT4753Fr, BigInteger768([3088196936201215579, 411195204763091569, 957689884939256150, 5344744660544593413, 9154072722752723086, 963708121815637048, 4118424780073651547, 9918483088405587381, 6505410768726408322, 15956201118139961263, 10672344634186514148, 425957272776980])), - field_new!(MNT4753Fr, BigInteger768([6890685290309250100, 10917145531760739102, 14719211770396917614, 6836210014783622731, 9469737138486471242, 11704140669979867438, 8610882305834650242, 4253753287292976407, 13528843874983492250, 11051662406992354237, 16903935879627839586, 115222354052225])), - field_new!(MNT4753Fr, BigInteger768([8759311244806062395, 16509615049142117685, 3506411235897307862, 7767703220974419464, 14475472100904919078, 17766403247755250385, 13229316555250281859, 14946820516798057054, 7340741730994031015, 15810923291459218960, 10362079008992189265, 386980203947789])), - field_new!(MNT4753Fr, BigInteger768([366542987704479593, 7491087030901403403, 1748599198260349709, 6309943162499683466, 361398753107610192, 11360939894264079925, 7626657954954560711, 17577555707395667460, 10633632359697441686, 15817452800923744911, 403589153351487455, 54683048474572])), - field_new!(MNT4753Fr, BigInteger768([13154894757714414076, 3942231991847132064, 6690438292706701404, 5187136559389623522, 11468763560636066712, 15777209099117347908, 15557153678423763992, 9189466820391742192, 15839277679467339510, 3459989245352632517, 11345523455559550518, 256660346462578])), - field_new!(MNT4753Fr, BigInteger768([8533897467025638584, 853672783164557803, 16830135038022363854, 475486368040139068, 3260361352581377157, 4122106333684655466, 17773998518179370950, 13641587981503405312, 3795487074609093445, 16023611769834333073, 5337729099241714681, 493836840226030])), - field_new!(MNT4753Fr, BigInteger768([6552160755121619290, 2226525113934313527, 6954790633464422916, 16957346923365632653, 13469259751022876076, 11864187307963093011, 13238904914713261525, 15403183584681544051, 14154916867329423447, 7986970947670157443, 18280476418258825294, 228704311229295])), - field_new!(MNT4753Fr, BigInteger768([13596214878413645653, 10028406174504822680, 7845267569665511043, 3693282426430836518, 1514235139990352786, 857984465806563760, 9585974967955267639, 18000847279993024473, 12297125587738349588, 117029454954467358, 2338341037152989597, 303099571637622])), - field_new!(MNT4753Fr, BigInteger768([11048222126519557396, 2520152213074532505, 15628570610647977335, 12805621240223884962, 11698211466308656146, 12202519382704857837, 13072516069182388655, 13296922864870589056, 2950220356565398516, 2151648312638372850, 7727404783418313044, 63356747261574])), - field_new!(MNT4753Fr, BigInteger768([1386779273207008297, 2955015462311940601, 874818772586304640, 7123568282054192624, 14728825476677172503, 11277308017749846363, 13887413010534581858, 1862300501765005774, 17419843084546291821, 11829961595472129903, 16681611922536747530, 136474265169304])), - field_new!(MNT4753Fr, BigInteger768([10713747124286135864, 9086161828076021229, 5555100427996659561, 1470306338995684623, 15916644495839627673, 411527644852328187, 9429826889012021043, 14705458484555255968, 5934062770407641818, 7683687020052766872, 15967386600965421401, 324259340549965])), - field_new!(MNT4753Fr, BigInteger768([2072741438367970421, 4869279828213690800, 1875566743164330033, 590116011439552749, 5221991567702673154, 807769010792921136, 13645737349377176564, 12513410160470767056, 13009173784400112441, 10235087766408319185, 16937559936578365283, 263276030266166])), - field_new!(MNT4753Fr, BigInteger768([4189523660368586602, 6278642172692533845, 13184214539129358565, 7147054310905220845, 4472437898681435196, 16982789820718370902, 18121036795751182908, 18095734241466597416, 14291779326773236488, 16926516653577162178, 17191881770261242965, 315621916526122])), - field_new!(MNT4753Fr, BigInteger768([8695210000102462032, 15281091069731234812, 18034746722218064816, 3857775695946977987, 17928559596415409273, 4066106753497997199, 4333954571268259110, 11641807671925441984, 3155765604983362588, 7167631261242370462, 7888315017560439451, 187213809801377])), - field_new!(MNT4753Fr, BigInteger768([16042571177330299509, 3430575175704009919, 13843356378333679723, 13119015426574444189, 14427312293676046772, 7776655594928021097, 16209496875272471676, 15025327164498019501, 629442338631307904, 1186666011763811140, 17991343667413250244, 489750359376125])), - field_new!(MNT4753Fr, BigInteger768([4666757560794445700, 17895882071873175795, 14883047586674553252, 13644409150349351825, 16830910159664700254, 14605622783619330462, 664513908433616482, 4446784349118490453, 12446027985342168617, 3680282527167199670, 8892860287022047794, 230448275925393])), - field_new!(MNT4753Fr, BigInteger768([4401327514159998030, 5039519046495110279, 8432520625830373109, 12177216553438111872, 6215116659635726957, 1868175308362502793, 13431583243355157928, 2598252129090361201, 15245982355931786796, 15849910380517498867, 2533181393696041767, 394426895967592])), - field_new!(MNT4753Fr, BigInteger768([946220579998252050, 14535231056231293743, 18100148845274371163, 15982549014249841099, 11616446266506416320, 2374800414550269618, 7125887514565359469, 11177213721427221030, 6980592791519673351, 1092813708430335244, 5226570270038420548, 275555306376678])), - field_new!(MNT4753Fr, BigInteger768([9909191784808659980, 7822980706219406110, 1354544939544130003, 15056941642501955912, 14072391732394087652, 10344801111318233482, 7352420520801904226, 9765345188288962489, 13806780619758456507, 15541928495496498891, 13587552134359280965, 369054404734421])), - field_new!(MNT4753Fr, BigInteger768([734954740240586689, 3913461705888992416, 3538814402350625490, 2015435145345959795, 17858599047997784687, 15946369341068671401, 17605111926286485052, 15705924544688110409, 6763684539455285602, 5871927759490994034, 11690260275509231658, 464384432133552])), - field_new!(MNT4753Fr, BigInteger768([13554528009218964275, 2182733947422982795, 12171945937773678001, 6979657033986228132, 18278526111914765457, 12988434810330026679, 7311038473130562404, 9892640641628910348, 9509839010239315562, 17481513471349160818, 946267090613631893, 26937341181169])), - field_new!(MNT4753Fr, BigInteger768([1214525150360138110, 16730010020447477237, 2974388837665379820, 239714683347011625, 1344568049668497831, 14614250391340271530, 8877516492314574160, 7020608802630085427, 10105119508116907748, 15166529063145820970, 14035625450675726455, 186843123237636])), - ], - merkle_arity: 2, - }; +pub const MNT4753_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants< + 'static, + MNT4PoseidonHash, +> = FieldBasedMerkleTreePrecomputedZeroConstants { + nodes: &[ + field_new!( + MNT4753Fr, + BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 8006651735201630156, + 9690860117920174136, + 17224466678789631133, + 6780594604568324163, + 10846822411885063383, + 7705408890208139333, + 17852453186369903215, + 4603099682590023221, + 6867488836877866745, + 9012707624260102571, + 2160379244411329684, + 405517700872843 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 9009078911095728295, + 16880778409027731807, + 13121109548980524388, + 8671583285772432396, + 1276712593148266536, + 3846166368668027075, + 987365742422813655, + 4133721649779220685, + 18214701760975815806, + 2560296921114197075, + 6735843989315866968, + 258198083137644 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 17950050146492127951, + 16327866259413817165, + 5325612456818009723, + 13032332967517994116, + 11606259928698780021, + 18423757838658996228, + 4947340578531384732, + 11439818895821885783, + 3806664898755278830, + 7632322505775809872, + 2138578042937164240, + 256174925062235 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 3440575764136291984, + 4646597685838725417, + 14120282487422853466, + 51118828334671919, + 5193412418438997247, + 4943684452011438354, + 17459644778321457702, + 3482809443021974704, + 14790384667283994535, + 4282610666874864568, + 11523700099217562075, + 438967134548262 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 7272168453534284373, + 10958105035899260074, + 15576269046001681679, + 14787328550056102708, + 16335226507289463986, + 14720733464497687810, + 7919383887301123260, + 11066567550789535136, + 15975211607681070022, + 10296269259113856382, + 10920143346057771676, + 795252093138 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 826904150116067538, + 10237112221043249725, + 6024061998080125997, + 7753170609339516104, + 2550092909420279384, + 13448074323075115706, + 17602829318749851898, + 8101804824736693879, + 8863089057636595414, + 3661185237686557926, + 6880021529183572516, + 224308704083285 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 14509017355779969101, + 7602547500616040275, + 6086256388237624346, + 4549079082801452129, + 7761772750489326265, + 618337719571335897, + 4128122185318597813, + 9440684808288899728, + 8297543190946064001, + 12538498250612997391, + 7746398219879848372, + 339163394071224 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 14897606205276046121, + 18196472582659531638, + 9919697950629599129, + 17140679205180594759, + 16248442797882106339, + 13146452530658826299, + 16400107791967239768, + 6342701669832629563, + 16711494074981700621, + 6046242811920717474, + 5069759035007581693, + 426056598423805 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 13832717954384852105, + 4777087501933178325, + 10106031147259565671, + 15211034711597743161, + 547067972737459710, + 5316919614969511031, + 13415111780447572134, + 16379829099190731105, + 16908825399490173118, + 16761352258165638563, + 2651363678930579874, + 293001363772891 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 3088196936201215579, + 411195204763091569, + 957689884939256150, + 5344744660544593413, + 9154072722752723086, + 963708121815637048, + 4118424780073651547, + 9918483088405587381, + 6505410768726408322, + 15956201118139961263, + 10672344634186514148, + 425957272776980 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 6890685290309250100, + 10917145531760739102, + 14719211770396917614, + 6836210014783622731, + 9469737138486471242, + 11704140669979867438, + 8610882305834650242, + 4253753287292976407, + 13528843874983492250, + 11051662406992354237, + 16903935879627839586, + 115222354052225 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 8759311244806062395, + 16509615049142117685, + 3506411235897307862, + 7767703220974419464, + 14475472100904919078, + 17766403247755250385, + 13229316555250281859, + 14946820516798057054, + 7340741730994031015, + 15810923291459218960, + 10362079008992189265, + 386980203947789 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 366542987704479593, + 7491087030901403403, + 1748599198260349709, + 6309943162499683466, + 361398753107610192, + 11360939894264079925, + 7626657954954560711, + 17577555707395667460, + 10633632359697441686, + 15817452800923744911, + 403589153351487455, + 54683048474572 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 13154894757714414076, + 3942231991847132064, + 6690438292706701404, + 5187136559389623522, + 11468763560636066712, + 15777209099117347908, + 15557153678423763992, + 9189466820391742192, + 15839277679467339510, + 3459989245352632517, + 11345523455559550518, + 256660346462578 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 8533897467025638584, + 853672783164557803, + 16830135038022363854, + 475486368040139068, + 3260361352581377157, + 4122106333684655466, + 17773998518179370950, + 13641587981503405312, + 3795487074609093445, + 16023611769834333073, + 5337729099241714681, + 493836840226030 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 6552160755121619290, + 2226525113934313527, + 6954790633464422916, + 16957346923365632653, + 13469259751022876076, + 11864187307963093011, + 13238904914713261525, + 15403183584681544051, + 14154916867329423447, + 7986970947670157443, + 18280476418258825294, + 228704311229295 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 13596214878413645653, + 10028406174504822680, + 7845267569665511043, + 3693282426430836518, + 1514235139990352786, + 857984465806563760, + 9585974967955267639, + 18000847279993024473, + 12297125587738349588, + 117029454954467358, + 2338341037152989597, + 303099571637622 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 11048222126519557396, + 2520152213074532505, + 15628570610647977335, + 12805621240223884962, + 11698211466308656146, + 12202519382704857837, + 13072516069182388655, + 13296922864870589056, + 2950220356565398516, + 2151648312638372850, + 7727404783418313044, + 63356747261574 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 1386779273207008297, + 2955015462311940601, + 874818772586304640, + 7123568282054192624, + 14728825476677172503, + 11277308017749846363, + 13887413010534581858, + 1862300501765005774, + 17419843084546291821, + 11829961595472129903, + 16681611922536747530, + 136474265169304 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 10713747124286135864, + 9086161828076021229, + 5555100427996659561, + 1470306338995684623, + 15916644495839627673, + 411527644852328187, + 9429826889012021043, + 14705458484555255968, + 5934062770407641818, + 7683687020052766872, + 15967386600965421401, + 324259340549965 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 2072741438367970421, + 4869279828213690800, + 1875566743164330033, + 590116011439552749, + 5221991567702673154, + 807769010792921136, + 13645737349377176564, + 12513410160470767056, + 13009173784400112441, + 10235087766408319185, + 16937559936578365283, + 263276030266166 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 4189523660368586602, + 6278642172692533845, + 13184214539129358565, + 7147054310905220845, + 4472437898681435196, + 16982789820718370902, + 18121036795751182908, + 18095734241466597416, + 14291779326773236488, + 16926516653577162178, + 17191881770261242965, + 315621916526122 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 8695210000102462032, + 15281091069731234812, + 18034746722218064816, + 3857775695946977987, + 17928559596415409273, + 4066106753497997199, + 4333954571268259110, + 11641807671925441984, + 3155765604983362588, + 7167631261242370462, + 7888315017560439451, + 187213809801377 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 16042571177330299509, + 3430575175704009919, + 13843356378333679723, + 13119015426574444189, + 14427312293676046772, + 7776655594928021097, + 16209496875272471676, + 15025327164498019501, + 629442338631307904, + 1186666011763811140, + 17991343667413250244, + 489750359376125 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 4666757560794445700, + 17895882071873175795, + 14883047586674553252, + 13644409150349351825, + 16830910159664700254, + 14605622783619330462, + 664513908433616482, + 4446784349118490453, + 12446027985342168617, + 3680282527167199670, + 8892860287022047794, + 230448275925393 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 4401327514159998030, + 5039519046495110279, + 8432520625830373109, + 12177216553438111872, + 6215116659635726957, + 1868175308362502793, + 13431583243355157928, + 2598252129090361201, + 15245982355931786796, + 15849910380517498867, + 2533181393696041767, + 394426895967592 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 946220579998252050, + 14535231056231293743, + 18100148845274371163, + 15982549014249841099, + 11616446266506416320, + 2374800414550269618, + 7125887514565359469, + 11177213721427221030, + 6980592791519673351, + 1092813708430335244, + 5226570270038420548, + 275555306376678 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 9909191784808659980, + 7822980706219406110, + 1354544939544130003, + 15056941642501955912, + 14072391732394087652, + 10344801111318233482, + 7352420520801904226, + 9765345188288962489, + 13806780619758456507, + 15541928495496498891, + 13587552134359280965, + 369054404734421 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 734954740240586689, + 3913461705888992416, + 3538814402350625490, + 2015435145345959795, + 17858599047997784687, + 15946369341068671401, + 17605111926286485052, + 15705924544688110409, + 6763684539455285602, + 5871927759490994034, + 11690260275509231658, + 464384432133552 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 13554528009218964275, + 2182733947422982795, + 12171945937773678001, + 6979657033986228132, + 18278526111914765457, + 12988434810330026679, + 7311038473130562404, + 9892640641628910348, + 9509839010239315562, + 17481513471349160818, + 946267090613631893, + 26937341181169 + ]) + ), + field_new!( + MNT4753Fr, + BigInteger768([ + 1214525150360138110, + 16730010020447477237, + 2974388837665379820, + 239714683347011625, + 1344568049668497831, + 14614250391340271530, + 8877516492314574160, + 7020608802630085427, + 10105119508116907748, + 15166529063145820970, + 14035625450675726455, + 186843123237636 + ]) + ), + ], + merkle_arity: 2, +}; #[cfg(test)] mod test { - use algebra::{ - fields::mnt4753::Fr, - Field, - }; - use crate::{crh::MNT4PoseidonHash, merkle_tree::field_based_mht::parameters::{ - generate_phantom_merkle_root_from_magic_string, - generate_mht_empty_nodes, - }, FieldBasedMerkleTreePrecomputedZeroConstants}; - use super::{ - MNT4753_PHANTOM_MERKLE_ROOT, MNT4753_MHT_POSEIDON_PARAMETERS + use super::{MNT4753_MHT_POSEIDON_PARAMETERS, MNT4753_PHANTOM_MERKLE_ROOT}; + use crate::{ + crh::MNT4PoseidonHash, + merkle_tree::field_based_mht::parameters::{ + generate_mht_empty_nodes, generate_phantom_merkle_root_from_magic_string, + }, + FieldBasedMerkleTreePrecomputedZeroConstants, }; + use algebra::{fields::mnt4753::Fr, Field}; #[ignore] #[test] - fn test_generate_mnt4753_phantom_merkle_root(){ + fn test_generate_mnt4753_phantom_merkle_root() { let expected_root = generate_phantom_merkle_root_from_magic_string::( - "This represents an empty Merkle Root for a MNT4753PoseidonHash based Merkle Tree." + "This represents an empty Merkle Root for a MNT4753PoseidonHash based Merkle Tree.", ); assert_eq!(expected_root, MNT4753_PHANTOM_MERKLE_ROOT); } - #[ignore] #[test] fn test_generate_binary_mnt4753_mht_empty_nodes() { let merkle_arity = 2; let max_height = 32; - let empty_nodes = generate_mht_empty_nodes::(merkle_arity, max_height, Fr::zero()); + let empty_nodes = + generate_mht_empty_nodes::(merkle_arity, max_height, Fr::zero()); assert_eq!(empty_nodes.len(), max_height); let params = FieldBasedMerkleTreePrecomputedZeroConstants:: { - nodes: empty_nodes.as_slice(), merkle_arity + nodes: empty_nodes.as_slice(), + merkle_arity, }; assert_eq!(params, MNT4753_MHT_POSEIDON_PARAMETERS) } -} \ No newline at end of file +} diff --git a/primitives/src/merkle_tree/field_based_mht/parameters/mnt6753.rs b/primitives/src/merkle_tree/field_based_mht/parameters/mnt6753.rs index 525804b1f..2f6f817f6 100644 --- a/primitives/src/merkle_tree/field_based_mht/parameters/mnt6753.rs +++ b/primitives/src/merkle_tree/field_based_mht/parameters/mnt6753.rs @@ -1,7 +1,4 @@ -use algebra::{ - field_new, biginteger::BigInteger768, - fields::mnt6753::Fr as MNT6753Fr -}; +use algebra::{biginteger::BigInteger768, field_new, fields::mnt6753::Fr as MNT6753Fr}; use crate::{ crh::poseidon::parameters::mnt6753::MNT6PoseidonHash, @@ -9,8 +6,9 @@ use crate::{ }; // PoseidonHash("This represents an empty Merkle Root for a MNT6753PoseidonHash based Merkle Tree.") padded with 0s -pub const MNT6753_PHANTOM_MERKLE_ROOT: MNT6753Fr = - field_new!(MNT6753Fr, BigInteger768([ +pub const MNT6753_PHANTOM_MERKLE_ROOT: MNT6753Fr = field_new!( + MNT6753Fr, + BigInteger768([ 17804545126199716292, 13504778789346325939, 8402790274902466878, @@ -26,81 +24,581 @@ pub const MNT6753_PHANTOM_MERKLE_ROOT: MNT6753Fr = ]) ); -pub const MNT6753_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants<'static, MNT6PoseidonHash> = - FieldBasedMerkleTreePrecomputedZeroConstants { - nodes: &[ - field_new!(MNT6753Fr, BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0])), - field_new!(MNT6753Fr, BigInteger768([6532273791827364841, 8129439058117860676, 11951671852543742466, 4932126643213168419, 3432346478526347932, 17290815965948604094, 16841611152871512489, 16265777562074717134, 10956818927095834646, 11239269346882274360, 10703980782105434237, 242741090634251])), - field_new!(MNT6753Fr, BigInteger768([6397115990560507784, 9148723575072162592, 9560680090269062678, 3358387075603874199, 2943549611989557818, 8422251740613038257, 3721287848425091675, 8855060931545600396, 16146169992572165792, 3515758596852444121, 3476512212786839045, 496282776658056])), - field_new!(MNT6753Fr, BigInteger768([8193435237322254950, 397416662091648072, 16350036082179069772, 9590057510410951207, 16709424488020097545, 9972310166730351408, 3768241609978433635, 8613155250097940260, 9383494548692779671, 7279136739588530718, 16346404903648601854, 12606752292290])), - field_new!(MNT6753Fr, BigInteger768([12373621395328213151, 7485305202183666277, 15851413934113610491, 5870086679580111567, 17485320997014930518, 12388669921953071164, 7554455377880544421, 7504804608945337937, 2484823991694123126, 15749759632839148553, 555592382807618863, 371867713016710])), - field_new!(MNT6753Fr, BigInteger768([18093975764471962643, 3666472202090579669, 16218428501104502931, 3494251062696523035, 16618138744281542044, 2303744553101494694, 13256865789347308871, 11526225850590367247, 7735627041796110725, 12904596097188100135, 15532045893935425642, 170176986382358])), - field_new!(MNT6753Fr, BigInteger768([3756105871785036419, 4065662201479226523, 9540057528274586837, 5039798590697787339, 1050116534895787179, 15480940572426055338, 16199923308809632907, 15474289492203021192, 15991912122991411762, 8917476369884613289, 12500272767462707678, 329947668046476])), - field_new!(MNT6753Fr, BigInteger768([16010371204820592836, 7011599899378550451, 2684322824964611783, 17742193331414468358, 14706367313712177515, 15495207825020000539, 6073726048041844123, 8614353322952801909, 11299010454287971352, 773910159520485849, 1850753278166510389, 75924681739002])), - field_new!(MNT6753Fr, BigInteger768([794403130545118313, 5101043865475270524, 15702429857764299907, 9919653825609994610, 9521745413436026279, 10462225413930324850, 7869742079022813329, 10324970627740942303, 17971590582333244023, 13404329769334042052, 580127322712779849, 439280434884595])), - field_new!(MNT6753Fr, BigInteger768([11482552263285250890, 10604737448313464782, 17862094694325007497, 15660968179388628036, 12176161070410249282, 6980015018713988634, 11261448373704770002, 10373172527710318907, 679135417846676667, 10099544898146858302, 17094142929775691921, 207090155613114])), - field_new!(MNT6753Fr, BigInteger768([10212005189921138049, 1731388169699505562, 1289559507310603998, 16988439089211854489, 3494220991927223608, 12136870715379239434, 3309411932679713584, 15519376684764760516, 12398049358025134723, 11565085907681961093, 17602152805125972860, 94938708740083])), - field_new!(MNT6753Fr, BigInteger768([3074487674322137518, 7793531452943931084, 12013378720014384008, 8554113024333850352, 5061975058787031682, 2479800213543457595, 8908267359163192954, 7971911860600108726, 17447381762657585797, 13382295392296925431, 6167239007805973407, 136675550452074])), - field_new!(MNT6753Fr, BigInteger768([17491742854997096545, 15146273778995160999, 14129140176484323206, 3632858126816120899, 5798922555083157345, 8284717930233163790, 17680470605283712180, 7754503984796689807, 6349022074948921736, 5657226674148234435, 2813293559832455344, 411781272050163])), - field_new!(MNT6753Fr, BigInteger768([11774712770431367476, 8462830471647010217, 13678995176551118152, 6043163109064753248, 8166717753325571695, 767901680110108379, 3605848228716349807, 14300779503184147030, 6370775021317117965, 7879026566538256232, 16369439687448943956, 387608534863697])), - field_new!(MNT6753Fr, BigInteger768([7645027089449308941, 12412349174432078586, 7993283570226734824, 14957429658733237619, 4956410016527733167, 18263624961863144740, 12351841146051952024, 16600297263984232345, 2726424323397795882, 3499875062110234443, 14291130706314125429, 101867929645697])), - field_new!(MNT6753Fr, BigInteger768([16065325380198326553, 2186426031755906773, 22545576011902322, 13499949550339568914, 6330038014686496734, 2672690388187593533, 12018191996919540847, 16663030407152560576, 14862643090082908897, 54525310766581332, 13485511352213383315, 193303572624703])), - field_new!(MNT6753Fr, BigInteger768([9059598820510117498, 9188436540497286313, 16188227685152310071, 2134701940771565699, 4161629512550412251, 14196286500897307380, 10780852978701816310, 6115435820788597012, 2852364532186258341, 10258019327236403086, 13036999023129561906, 375088429879001])), - field_new!(MNT6753Fr, BigInteger768([9598862696460783085, 1080984834427407511, 16485613359067559463, 16957526212315867534, 15502481473140036583, 4519893803854135974, 5107877999302114724, 2545265241550671869, 9081416678945077831, 484771691515777633, 5154416543963837978, 45608648987133])), - field_new!(MNT6753Fr, BigInteger768([13716427665047140884, 2075502376034677990, 13256455732100548018, 7974093355972877989, 4347808650120890559, 17259847505786586988, 6240725626197616495, 1855530573523266842, 4005406563460652820, 409515538624710010, 13650992360907576897, 228052535137342])), - field_new!(MNT6753Fr, BigInteger768([11101481243483205085, 17210210903078183870, 4322012201136479125, 10446985227641960927, 5539441656148903472, 12121210617279908097, 10211498308203777998, 2264490370510798309, 10081794249268382623, 15791888737308518638, 16942027707510004820, 47761764925972])), - field_new!(MNT6753Fr, BigInteger768([1147281875969033104, 12950023122422370632, 14308071174385673986, 12202823434772371218, 4755713887108038470, 17978833191653589187, 17771656437507378119, 5760992868553801011, 15499598564511468740, 6347244696152464986, 6444689746322097849, 491305921767844])), - field_new!(MNT6753Fr, BigInteger768([5464933467908036346, 5357747808011423258, 15896146360099043625, 3771197909278431925, 9470198461608789106, 4731405946371361499, 3983834152193584274, 15409387538868150979, 5707361705089200795, 9338823108567891504, 16606105623990147949, 493525379955592])), - field_new!(MNT6753Fr, BigInteger768([8743779181811038624, 1271135826285693645, 10331181025026049271, 15045420632252353089, 10426673481537010247, 5496742122291259672, 16828185989998029873, 18159882661333561265, 14090170749933154554, 2146775194765030955, 14040437295351564942, 92059859414488])), - field_new!(MNT6753Fr, BigInteger768([16102903578885489885, 12086305817737143574, 3125247939582240804, 8356512119453069100, 8835869137933890629, 8718546255489790634, 310309093738603225, 5199065039609564486, 1425248603053710432, 5608159777771994055, 8420963830191136937, 396898575763312])), - field_new!(MNT6753Fr, BigInteger768([2973076096573253709, 11941130816567704697, 16818712947046097441, 14665243141726638938, 13796641914494847964, 3006062735100874544, 14989082569564552350, 12583524336859840711, 12029573754303017166, 8956481097500682634, 11869416006027825656, 357489242544355])), - field_new!(MNT6753Fr, BigInteger768([14967216030866112393, 676193698416614878, 2328591331415235269, 12560251955335368780, 4398773412362438456, 1250634036568321184, 14490795618954382205, 13729892135340143916, 6067561844785088088, 2911181006550225208, 4748375130199100773, 350798232822697])), - field_new!(MNT6753Fr, BigInteger768([292356196722191993, 15985011389523096240, 9851262067956829627, 17650104737270571488, 9788206078127145516, 13228511398536198831, 2659479149006129969, 2012942778305651429, 12610992523318309950, 17117515683699945581, 10851147538124694478, 294926256393078])), - field_new!(MNT6753Fr, BigInteger768([5176092754286105563, 17084424016779855145, 3966964054171579805, 11062889913630949187, 176794351710939111, 9519095240363490382, 15448474919972035445, 13739324839369951461, 18047710611113136797, 7081897887306182115, 12117210779123289204, 289137842609290])), - field_new!(MNT6753Fr, BigInteger768([15568880424393099769, 15005743820481502521, 507426405232123037, 1720798598390792226, 10392432490016644011, 278975084664808106, 14362150584459907788, 1981223324889562482, 12026547713605877567, 3683978912835280072, 7024374486915732211, 234502500818062])), - field_new!(MNT6753Fr, BigInteger768([9685190619050728173, 18398841313063857095, 9229128000573795408, 2919741647173757252, 2747161783389641114, 15584504685849431512, 2306301231800676069, 12724073030490161519, 14676901776633680287, 12352120452083264307, 8823696394899338182, 312377075845553])), - field_new!(MNT6753Fr, BigInteger768([4013973122795951545, 3968395067503506117, 13439251809632626494, 18235293789157210684, 5619948957156507877, 16663850504748526369, 14217411656817237763, 15746115385138359655, 991511442697256284, 6535303136073949684, 8230314852819489074, 25644836342307])), - field_new!(MNT6753Fr, BigInteger768([5887384218151647282, 1734549474524408583, 8624295651914788199, 3361061284989788689, 8259278916655142581, 9496331895863691207, 6117844371204405787, 6718695458918184160, 2704639389498915098, 7105632944500388259, 12993183043340066352, 149539870692481])), - ], - merkle_arity: 2, - }; +pub const MNT6753_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants< + 'static, + MNT6PoseidonHash, +> = FieldBasedMerkleTreePrecomputedZeroConstants { + nodes: &[ + field_new!( + MNT6753Fr, + BigInteger768([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 6532273791827364841, + 8129439058117860676, + 11951671852543742466, + 4932126643213168419, + 3432346478526347932, + 17290815965948604094, + 16841611152871512489, + 16265777562074717134, + 10956818927095834646, + 11239269346882274360, + 10703980782105434237, + 242741090634251 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 6397115990560507784, + 9148723575072162592, + 9560680090269062678, + 3358387075603874199, + 2943549611989557818, + 8422251740613038257, + 3721287848425091675, + 8855060931545600396, + 16146169992572165792, + 3515758596852444121, + 3476512212786839045, + 496282776658056 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 8193435237322254950, + 397416662091648072, + 16350036082179069772, + 9590057510410951207, + 16709424488020097545, + 9972310166730351408, + 3768241609978433635, + 8613155250097940260, + 9383494548692779671, + 7279136739588530718, + 16346404903648601854, + 12606752292290 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 12373621395328213151, + 7485305202183666277, + 15851413934113610491, + 5870086679580111567, + 17485320997014930518, + 12388669921953071164, + 7554455377880544421, + 7504804608945337937, + 2484823991694123126, + 15749759632839148553, + 555592382807618863, + 371867713016710 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 18093975764471962643, + 3666472202090579669, + 16218428501104502931, + 3494251062696523035, + 16618138744281542044, + 2303744553101494694, + 13256865789347308871, + 11526225850590367247, + 7735627041796110725, + 12904596097188100135, + 15532045893935425642, + 170176986382358 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 3756105871785036419, + 4065662201479226523, + 9540057528274586837, + 5039798590697787339, + 1050116534895787179, + 15480940572426055338, + 16199923308809632907, + 15474289492203021192, + 15991912122991411762, + 8917476369884613289, + 12500272767462707678, + 329947668046476 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 16010371204820592836, + 7011599899378550451, + 2684322824964611783, + 17742193331414468358, + 14706367313712177515, + 15495207825020000539, + 6073726048041844123, + 8614353322952801909, + 11299010454287971352, + 773910159520485849, + 1850753278166510389, + 75924681739002 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 794403130545118313, + 5101043865475270524, + 15702429857764299907, + 9919653825609994610, + 9521745413436026279, + 10462225413930324850, + 7869742079022813329, + 10324970627740942303, + 17971590582333244023, + 13404329769334042052, + 580127322712779849, + 439280434884595 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 11482552263285250890, + 10604737448313464782, + 17862094694325007497, + 15660968179388628036, + 12176161070410249282, + 6980015018713988634, + 11261448373704770002, + 10373172527710318907, + 679135417846676667, + 10099544898146858302, + 17094142929775691921, + 207090155613114 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 10212005189921138049, + 1731388169699505562, + 1289559507310603998, + 16988439089211854489, + 3494220991927223608, + 12136870715379239434, + 3309411932679713584, + 15519376684764760516, + 12398049358025134723, + 11565085907681961093, + 17602152805125972860, + 94938708740083 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 3074487674322137518, + 7793531452943931084, + 12013378720014384008, + 8554113024333850352, + 5061975058787031682, + 2479800213543457595, + 8908267359163192954, + 7971911860600108726, + 17447381762657585797, + 13382295392296925431, + 6167239007805973407, + 136675550452074 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 17491742854997096545, + 15146273778995160999, + 14129140176484323206, + 3632858126816120899, + 5798922555083157345, + 8284717930233163790, + 17680470605283712180, + 7754503984796689807, + 6349022074948921736, + 5657226674148234435, + 2813293559832455344, + 411781272050163 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 11774712770431367476, + 8462830471647010217, + 13678995176551118152, + 6043163109064753248, + 8166717753325571695, + 767901680110108379, + 3605848228716349807, + 14300779503184147030, + 6370775021317117965, + 7879026566538256232, + 16369439687448943956, + 387608534863697 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 7645027089449308941, + 12412349174432078586, + 7993283570226734824, + 14957429658733237619, + 4956410016527733167, + 18263624961863144740, + 12351841146051952024, + 16600297263984232345, + 2726424323397795882, + 3499875062110234443, + 14291130706314125429, + 101867929645697 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 16065325380198326553, + 2186426031755906773, + 22545576011902322, + 13499949550339568914, + 6330038014686496734, + 2672690388187593533, + 12018191996919540847, + 16663030407152560576, + 14862643090082908897, + 54525310766581332, + 13485511352213383315, + 193303572624703 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 9059598820510117498, + 9188436540497286313, + 16188227685152310071, + 2134701940771565699, + 4161629512550412251, + 14196286500897307380, + 10780852978701816310, + 6115435820788597012, + 2852364532186258341, + 10258019327236403086, + 13036999023129561906, + 375088429879001 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 9598862696460783085, + 1080984834427407511, + 16485613359067559463, + 16957526212315867534, + 15502481473140036583, + 4519893803854135974, + 5107877999302114724, + 2545265241550671869, + 9081416678945077831, + 484771691515777633, + 5154416543963837978, + 45608648987133 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 13716427665047140884, + 2075502376034677990, + 13256455732100548018, + 7974093355972877989, + 4347808650120890559, + 17259847505786586988, + 6240725626197616495, + 1855530573523266842, + 4005406563460652820, + 409515538624710010, + 13650992360907576897, + 228052535137342 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 11101481243483205085, + 17210210903078183870, + 4322012201136479125, + 10446985227641960927, + 5539441656148903472, + 12121210617279908097, + 10211498308203777998, + 2264490370510798309, + 10081794249268382623, + 15791888737308518638, + 16942027707510004820, + 47761764925972 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 1147281875969033104, + 12950023122422370632, + 14308071174385673986, + 12202823434772371218, + 4755713887108038470, + 17978833191653589187, + 17771656437507378119, + 5760992868553801011, + 15499598564511468740, + 6347244696152464986, + 6444689746322097849, + 491305921767844 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 5464933467908036346, + 5357747808011423258, + 15896146360099043625, + 3771197909278431925, + 9470198461608789106, + 4731405946371361499, + 3983834152193584274, + 15409387538868150979, + 5707361705089200795, + 9338823108567891504, + 16606105623990147949, + 493525379955592 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 8743779181811038624, + 1271135826285693645, + 10331181025026049271, + 15045420632252353089, + 10426673481537010247, + 5496742122291259672, + 16828185989998029873, + 18159882661333561265, + 14090170749933154554, + 2146775194765030955, + 14040437295351564942, + 92059859414488 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 16102903578885489885, + 12086305817737143574, + 3125247939582240804, + 8356512119453069100, + 8835869137933890629, + 8718546255489790634, + 310309093738603225, + 5199065039609564486, + 1425248603053710432, + 5608159777771994055, + 8420963830191136937, + 396898575763312 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 2973076096573253709, + 11941130816567704697, + 16818712947046097441, + 14665243141726638938, + 13796641914494847964, + 3006062735100874544, + 14989082569564552350, + 12583524336859840711, + 12029573754303017166, + 8956481097500682634, + 11869416006027825656, + 357489242544355 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 14967216030866112393, + 676193698416614878, + 2328591331415235269, + 12560251955335368780, + 4398773412362438456, + 1250634036568321184, + 14490795618954382205, + 13729892135340143916, + 6067561844785088088, + 2911181006550225208, + 4748375130199100773, + 350798232822697 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 292356196722191993, + 15985011389523096240, + 9851262067956829627, + 17650104737270571488, + 9788206078127145516, + 13228511398536198831, + 2659479149006129969, + 2012942778305651429, + 12610992523318309950, + 17117515683699945581, + 10851147538124694478, + 294926256393078 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 5176092754286105563, + 17084424016779855145, + 3966964054171579805, + 11062889913630949187, + 176794351710939111, + 9519095240363490382, + 15448474919972035445, + 13739324839369951461, + 18047710611113136797, + 7081897887306182115, + 12117210779123289204, + 289137842609290 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 15568880424393099769, + 15005743820481502521, + 507426405232123037, + 1720798598390792226, + 10392432490016644011, + 278975084664808106, + 14362150584459907788, + 1981223324889562482, + 12026547713605877567, + 3683978912835280072, + 7024374486915732211, + 234502500818062 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 9685190619050728173, + 18398841313063857095, + 9229128000573795408, + 2919741647173757252, + 2747161783389641114, + 15584504685849431512, + 2306301231800676069, + 12724073030490161519, + 14676901776633680287, + 12352120452083264307, + 8823696394899338182, + 312377075845553 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 4013973122795951545, + 3968395067503506117, + 13439251809632626494, + 18235293789157210684, + 5619948957156507877, + 16663850504748526369, + 14217411656817237763, + 15746115385138359655, + 991511442697256284, + 6535303136073949684, + 8230314852819489074, + 25644836342307 + ]) + ), + field_new!( + MNT6753Fr, + BigInteger768([ + 5887384218151647282, + 1734549474524408583, + 8624295651914788199, + 3361061284989788689, + 8259278916655142581, + 9496331895863691207, + 6117844371204405787, + 6718695458918184160, + 2704639389498915098, + 7105632944500388259, + 12993183043340066352, + 149539870692481 + ]) + ), + ], + merkle_arity: 2, +}; #[cfg(test)] mod test { - use algebra::{ - fields::mnt6753::Fr, - Field, - }; - use crate::{crh::MNT6PoseidonHash, merkle_tree::field_based_mht::parameters::{ - generate_phantom_merkle_root_from_magic_string, - generate_mht_empty_nodes, - }, FieldBasedMerkleTreePrecomputedZeroConstants}; - use super::{ - MNT6753_PHANTOM_MERKLE_ROOT, MNT6753_MHT_POSEIDON_PARAMETERS + use super::{MNT6753_MHT_POSEIDON_PARAMETERS, MNT6753_PHANTOM_MERKLE_ROOT}; + use crate::{ + crh::MNT6PoseidonHash, + merkle_tree::field_based_mht::parameters::{ + generate_mht_empty_nodes, generate_phantom_merkle_root_from_magic_string, + }, + FieldBasedMerkleTreePrecomputedZeroConstants, }; + use algebra::{fields::mnt6753::Fr, Field}; #[ignore] #[test] - fn test_generate_mnt6753_phantom_merkle_root(){ + fn test_generate_mnt6753_phantom_merkle_root() { let expected_root = generate_phantom_merkle_root_from_magic_string::( - "This represents an empty Merkle Root for a MNT6753PoseidonHash based Merkle Tree." + "This represents an empty Merkle Root for a MNT6753PoseidonHash based Merkle Tree.", ); assert_eq!(expected_root, MNT6753_PHANTOM_MERKLE_ROOT); } - #[ignore] #[test] fn test_generate_binary_mnt6753_mht_empty_nodes() { let merkle_arity = 2; let max_height = 32; - let empty_nodes = generate_mht_empty_nodes::(merkle_arity, max_height, Fr::zero()); + let empty_nodes = + generate_mht_empty_nodes::(merkle_arity, max_height, Fr::zero()); assert_eq!(empty_nodes.len(), max_height); let params = FieldBasedMerkleTreePrecomputedZeroConstants:: { - nodes: empty_nodes.as_slice(), merkle_arity + nodes: empty_nodes.as_slice(), + merkle_arity, }; assert_eq!(params, MNT6753_MHT_POSEIDON_PARAMETERS) diff --git a/primitives/src/merkle_tree/field_based_mht/parameters/mod.rs b/primitives/src/merkle_tree/field_based_mht/parameters/mod.rs index 63dbda04e..773378fb0 100644 --- a/primitives/src/merkle_tree/field_based_mht/parameters/mod.rs +++ b/primitives/src/merkle_tree/field_based_mht/parameters/mod.rs @@ -28,18 +28,22 @@ pub mod bn382_dual; #[cfg(feature = "bn_382")] pub use self::bn382_dual::*; -use algebra::{PrimeField, ToConstraintField}; use crate::FieldBasedHash; +use algebra::{PrimeField, ToConstraintField}; #[allow(dead_code)] -pub(crate) fn generate_phantom_merkle_root_from_magic_string>( - magic_string: &str -) -> F -{ +pub(crate) fn generate_phantom_merkle_root_from_magic_string< + F: PrimeField, + H: FieldBasedHash, +>( + magic_string: &str, +) -> F { let magic_string_as_fes = magic_string.as_bytes().to_field_elements().unwrap(); let mut digest = H::init_constant_length(magic_string_as_fes.len(), None); - magic_string_as_fes.into_iter().for_each(|fe| { digest.update(fe); }); + magic_string_as_fes.into_iter().for_each(|fe| { + digest.update(fe); + }); digest.finalize().unwrap() } @@ -48,8 +52,7 @@ pub(crate) fn generate_mht_empty_nodes Vec -{ +) -> Vec { let mut empty_nodes = Vec::with_capacity(max_height); empty_nodes.push(empty_leaf.clone()); @@ -67,4 +70,4 @@ pub(crate) fn generate_mht_empty_nodes = - FieldBasedMerkleTreePrecomputedZeroConstants { - nodes: &[ - field_new!(TweedleFr, BigInteger256([0, 0, 0, 0])), - field_new!(TweedleFr, BigInteger256([6846511105464766538, 15768966942874777847, 16388715769057780159, 3605183713290623682])), - field_new!(TweedleFr, BigInteger256([9222333104797974540, 2988232145305907562, 16209565825461578695, 3126222989224963312])), - field_new!(TweedleFr, BigInteger256([14417722119675398228, 4278309788110750045, 4043558729910385260, 1385476922717649264])), - field_new!(TweedleFr, BigInteger256([12405703624929027638, 17686987702583161392, 14818595643264832920, 1298091960176016512])), - field_new!(TweedleFr, BigInteger256([11220962421518165700, 13583264328995303902, 3004999268640918219, 1836274747239137718])), - field_new!(TweedleFr, BigInteger256([9143319041823283548, 10625485209067256567, 3101953621268315084, 2784075795165174292])), - field_new!(TweedleFr, BigInteger256([7856896111698860209, 12274291086498461139, 12254863429498589520, 1157091047461829565])), - field_new!(TweedleFr, BigInteger256([12781995487914321830, 8909319778259688775, 9744152270041314391, 120486371160620658])), - field_new!(TweedleFr, BigInteger256([16887679367162088832, 3897372093715987906, 1678885614393805654, 3178520008167028611])), - field_new!(TweedleFr, BigInteger256([14480369559671180193, 7603632368518351521, 15818547859043187272, 2573528473272863098])), - field_new!(TweedleFr, BigInteger256([18229837180404920553, 15631813461238913726, 1585236863667313179, 1429740507100771895])), - field_new!(TweedleFr, BigInteger256([7597046153975937193, 7149755588864973802, 12498868822806140200, 3677394355095085380])), - field_new!(TweedleFr, BigInteger256([9816128661650764975, 9363556778543621599, 16728536662023759852, 4081025247655585206])), - field_new!(TweedleFr, BigInteger256([395144311372928536, 4050112514364960005, 10671415354094218204, 539401662144033117])), - field_new!(TweedleFr, BigInteger256([7786395140808940918, 9820478310629028028, 637683664312732797, 1223633973447551913])), - field_new!(TweedleFr, BigInteger256([16337123754752253291, 9321181451798296893, 14228134238565922823, 2055512899004156098])), - field_new!(TweedleFr, BigInteger256([7184362807226572198, 881197418286383995, 12302845140236449565, 3264750990323283693])), - field_new!(TweedleFr, BigInteger256([16713308676519013057, 6067655313659401642, 16860473533228667971, 1782908225150503344])), - field_new!(TweedleFr, BigInteger256([16396585298471795251, 13694615398856184131, 3261625920828783531, 3104500293296803657])), - field_new!(TweedleFr, BigInteger256([3841871426667137165, 4714827166841758205, 10093050349190081639, 3118264349018454210])), - field_new!(TweedleFr, BigInteger256([6711494586375705172, 1999689148281285955, 10635255840256041308, 1563702960800716865])), - field_new!(TweedleFr, BigInteger256([6209055503806423570, 14160757492870172822, 2585173026931081813, 45434336531305746])), - field_new!(TweedleFr, BigInteger256([14967778432602946057, 8401376301444944267, 163291714506409423, 1721295824263050447])), - field_new!(TweedleFr, BigInteger256([15893452450907463361, 15302997450958726322, 2883783336883997986, 192767118370846437])), - field_new!(TweedleFr, BigInteger256([1635644627404959933, 1389608663507338955, 2055512431619577463, 2018832189365185308])), - field_new!(TweedleFr, BigInteger256([12430793728438799303, 17460069178822475215, 5065750370745188226, 2955160172133821296])), - field_new!(TweedleFr, BigInteger256([6809777662530062064, 13028945633714685770, 7708962218143035851, 3805976379826616327])), - field_new!(TweedleFr, BigInteger256([16227885774693608785, 15582103355717546603, 13023980185169825094, 2292196543775082438])), - field_new!(TweedleFr, BigInteger256([7124941499245031893, 2481564590150069704, 15682136442122527111, 2927348525097878888])), - field_new!(TweedleFr, BigInteger256([1642502257843298186, 12569295554878034139, 2314986831057740561, 2218381406452172661])), - field_new!(TweedleFr, BigInteger256([11027003307842316033, 3331825336977729667, 9686421639239063727, 1895668150828362785])), - ], - merkle_arity: 2, - }; +pub const TWEEDLE_DEE_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants< + 'static, + TweedleFrPoseidonHash, +> = FieldBasedMerkleTreePrecomputedZeroConstants { + nodes: &[ + field_new!(TweedleFr, BigInteger256([0, 0, 0, 0])), + field_new!( + TweedleFr, + BigInteger256([ + 6846511105464766538, + 15768966942874777847, + 16388715769057780159, + 3605183713290623682 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 9222333104797974540, + 2988232145305907562, + 16209565825461578695, + 3126222989224963312 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 14417722119675398228, + 4278309788110750045, + 4043558729910385260, + 1385476922717649264 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 12405703624929027638, + 17686987702583161392, + 14818595643264832920, + 1298091960176016512 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 11220962421518165700, + 13583264328995303902, + 3004999268640918219, + 1836274747239137718 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 9143319041823283548, + 10625485209067256567, + 3101953621268315084, + 2784075795165174292 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 7856896111698860209, + 12274291086498461139, + 12254863429498589520, + 1157091047461829565 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 12781995487914321830, + 8909319778259688775, + 9744152270041314391, + 120486371160620658 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 16887679367162088832, + 3897372093715987906, + 1678885614393805654, + 3178520008167028611 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 14480369559671180193, + 7603632368518351521, + 15818547859043187272, + 2573528473272863098 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 18229837180404920553, + 15631813461238913726, + 1585236863667313179, + 1429740507100771895 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 7597046153975937193, + 7149755588864973802, + 12498868822806140200, + 3677394355095085380 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 9816128661650764975, + 9363556778543621599, + 16728536662023759852, + 4081025247655585206 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 395144311372928536, + 4050112514364960005, + 10671415354094218204, + 539401662144033117 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 7786395140808940918, + 9820478310629028028, + 637683664312732797, + 1223633973447551913 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 16337123754752253291, + 9321181451798296893, + 14228134238565922823, + 2055512899004156098 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 7184362807226572198, + 881197418286383995, + 12302845140236449565, + 3264750990323283693 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 16713308676519013057, + 6067655313659401642, + 16860473533228667971, + 1782908225150503344 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 16396585298471795251, + 13694615398856184131, + 3261625920828783531, + 3104500293296803657 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 3841871426667137165, + 4714827166841758205, + 10093050349190081639, + 3118264349018454210 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 6711494586375705172, + 1999689148281285955, + 10635255840256041308, + 1563702960800716865 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 6209055503806423570, + 14160757492870172822, + 2585173026931081813, + 45434336531305746 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 14967778432602946057, + 8401376301444944267, + 163291714506409423, + 1721295824263050447 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 15893452450907463361, + 15302997450958726322, + 2883783336883997986, + 192767118370846437 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 1635644627404959933, + 1389608663507338955, + 2055512431619577463, + 2018832189365185308 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 12430793728438799303, + 17460069178822475215, + 5065750370745188226, + 2955160172133821296 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 6809777662530062064, + 13028945633714685770, + 7708962218143035851, + 3805976379826616327 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 16227885774693608785, + 15582103355717546603, + 13023980185169825094, + 2292196543775082438 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 7124941499245031893, + 2481564590150069704, + 15682136442122527111, + 2927348525097878888 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 1642502257843298186, + 12569295554878034139, + 2314986831057740561, + 2218381406452172661 + ]) + ), + field_new!( + TweedleFr, + BigInteger256([ + 11027003307842316033, + 3331825336977729667, + 9686421639239063727, + 1895668150828362785 + ]) + ), + ], + merkle_arity: 2, +}; #[cfg(test)] mod test { - use algebra::{ - fields::tweedle::Fr, Field, - }; + use super::{TWEEDLE_DEE_MHT_POSEIDON_PARAMETERS, TWEEDLE_DEE_PHANTOM_MERKLE_ROOT}; use crate::{ crh::TweedleFrPoseidonHash, merkle_tree::field_based_mht::parameters::{ - generate_phantom_merkle_root_from_magic_string, - generate_mht_empty_nodes, + generate_mht_empty_nodes, generate_phantom_merkle_root_from_magic_string, }, - FieldBasedMerkleTreePrecomputedZeroConstants - }; - use super::{ - TWEEDLE_DEE_PHANTOM_MERKLE_ROOT, TWEEDLE_DEE_MHT_POSEIDON_PARAMETERS + FieldBasedMerkleTreePrecomputedZeroConstants, }; + use algebra::{fields::tweedle::Fr, Field}; #[ignore] #[test] - fn test_generate_tweedle_fr_phantom_merkle_root(){ - let expected_root = generate_phantom_merkle_root_from_magic_string::( - "This represents an empty Merkle Root for a TweedleDeePoseidonHash based Merkle Tree." + fn test_generate_tweedle_fr_phantom_merkle_root() { + let expected_root = generate_phantom_merkle_root_from_magic_string::< + Fr, + TweedleFrPoseidonHash, + >( + "This represents an empty Merkle Root for a TweedleDeePoseidonHash based Merkle Tree.", ); assert_eq!(expected_root, TWEEDLE_DEE_PHANTOM_MERKLE_ROOT); } - #[ignore] #[test] fn test_generate_binary_tweedle_fr_mht_empty_nodes() { let merkle_arity = 2; let max_height = 32; - let empty_nodes = generate_mht_empty_nodes::(merkle_arity, max_height, Fr::zero()); + let empty_nodes = generate_mht_empty_nodes::( + merkle_arity, + max_height, + Fr::zero(), + ); assert_eq!(empty_nodes.len(), max_height); let params = FieldBasedMerkleTreePrecomputedZeroConstants:: { - nodes: empty_nodes.as_slice(), merkle_arity + nodes: empty_nodes.as_slice(), + merkle_arity, }; assert_eq!(params, TWEEDLE_DEE_MHT_POSEIDON_PARAMETERS) } } - - diff --git a/primitives/src/merkle_tree/field_based_mht/parameters/tweedle_dum.rs b/primitives/src/merkle_tree/field_based_mht/parameters/tweedle_dum.rs index f123cb05d..c12e4f062 100644 --- a/primitives/src/merkle_tree/field_based_mht/parameters/tweedle_dum.rs +++ b/primitives/src/merkle_tree/field_based_mht/parameters/tweedle_dum.rs @@ -1,85 +1,328 @@ -use algebra::{ - fields::tweedle::Fq as TweedleFq, - biginteger::BigInteger256, - field_new, -}; +use algebra::{biginteger::BigInteger256, field_new, fields::tweedle::Fq as TweedleFq}; -use crate::{ - crh::poseidon::TweedleFqPoseidonHash, - FieldBasedMerkleTreePrecomputedZeroConstants, -}; +use crate::{crh::poseidon::TweedleFqPoseidonHash, FieldBasedMerkleTreePrecomputedZeroConstants}; // PoseidonHash("This represents an empty Merkle Root for a TweedleDumPoseidonHash based Merkle Tree.") -pub const TWEEDLE_DUM_PHANTOM_MERKLE_ROOT: TweedleFq = - field_new!(TweedleFq, BigInteger256([ +pub const TWEEDLE_DUM_PHANTOM_MERKLE_ROOT: TweedleFq = field_new!( + TweedleFq, + BigInteger256([ 4904612841964010928, 11732269297394565570, 6035769393555604445, 3097632584773363944 - ])); + ]) +); -pub const TWEEDLE_DUM_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants<'static, TweedleFqPoseidonHash> = - FieldBasedMerkleTreePrecomputedZeroConstants { - nodes: &[ - field_new!(TweedleFq, BigInteger256([0, 0, 0, 0])), - field_new!(TweedleFq, BigInteger256([6139372262132429377, 6616513606251009568, 10180936183985522127, 1871256090268734000])), - field_new!(TweedleFq, BigInteger256([16581232002391324140, 10128427957487402226, 14615445748711189182, 106768847887941616])), - field_new!(TweedleFq, BigInteger256([7422282436897880714, 2759687527703036765, 18261471787718551385, 4333102577557650426])), - field_new!(TweedleFq, BigInteger256([8960034495897434649, 5976620936990978514, 11770448562828825262, 420408715434692497])), - field_new!(TweedleFq, BigInteger256([1639501920800041527, 7047118941613450008, 8439584256723729208, 2340548282573108138])), - field_new!(TweedleFq, BigInteger256([17474590584127356599, 17005018111462329626, 9038520322116564398, 2842033007168063862])), - field_new!(TweedleFq, BigInteger256([17907603573830123375, 7485449917333291794, 8497334770128174690, 985616778997111667])), - field_new!(TweedleFq, BigInteger256([8437238815112828116, 7558012184601411834, 4810203110390380299, 3693304440212097843])), - field_new!(TweedleFq, BigInteger256([15867381531984164088, 14436926832167307336, 7771858470711342912, 4382274482182735339])), - field_new!(TweedleFq, BigInteger256([6780535927106125369, 893601027906750002, 2168364268659532015, 1398450762353999324])), - field_new!(TweedleFq, BigInteger256([761179424970697872, 18228584916778786433, 3789686406673394224, 315352039785223877])), - field_new!(TweedleFq, BigInteger256([10506753105967550322, 10479934490182553064, 4711731144016154768, 2619376882049526951])), - field_new!(TweedleFq, BigInteger256([5491581052635507564, 11596637832753061833, 15074841229727970086, 51841591242253653])), - field_new!(TweedleFq, BigInteger256([10751695168434495081, 11265029839378255208, 2292162601217563466, 2013346614746080729])), - field_new!(TweedleFq, BigInteger256([1065409681300367041, 14926577987640137998, 13035113752352820427, 777620396488025701])), - field_new!(TweedleFq, BigInteger256([17671398566235914769, 11145386535386684404, 14965778970796212802, 2548163089059524405])), - field_new!(TweedleFq, BigInteger256([4147123003843975335, 16801467547722941168, 9567918343610890265, 1232574073465013165])), - field_new!(TweedleFq, BigInteger256([11272246842976262912, 5714009969114434676, 13201780159870357255, 1761070557194703564])), - field_new!(TweedleFq, BigInteger256([13412942200607847147, 13612865033638762108, 4989519727612199232, 224999250619481366])), - field_new!(TweedleFq, BigInteger256([16131593917109878013, 2118354752416554125, 2560734345425875426, 265596394308507171])), - field_new!(TweedleFq, BigInteger256([8350852403008315484, 14236833013206637959, 1704211568971383225, 3223189361656905860])), - field_new!(TweedleFq, BigInteger256([2280418127254463522, 11760863143783095452, 14517820451477144924, 388576072386685144])), - field_new!(TweedleFq, BigInteger256([14719543229856123753, 7602837078929085760, 13722828357997036314, 3711455166874429393])), - field_new!(TweedleFq, BigInteger256([14339280075298071695, 9047408951566991594, 2938258787476493148, 154196581154821338])), - field_new!(TweedleFq, BigInteger256([14855917590773565952, 16320462695690950774, 13608606206008960107, 4021935482326785433])), - field_new!(TweedleFq, BigInteger256([5664553553817478280, 15018914933284007567, 12910027197340055896, 69535126663687267])), - field_new!(TweedleFq, BigInteger256([12939490041852130828, 13667911504789686466, 6125435652755305576, 1414802449081846718])), - field_new!(TweedleFq, BigInteger256([8636287925162701366, 8473826958806005476, 11034325557957988141, 2161057426287045498])), - field_new!(TweedleFq, BigInteger256([3540680633243804891, 11704818265718910048, 10222301835080698341, 1142989787151462434])), - field_new!(TweedleFq, BigInteger256([4048987655390738064, 8466268957972885142, 600328630911781217, 4059422043777361500])), - field_new!(TweedleFq, BigInteger256([10396877418832343447, 4626792818372145897, 1925158989055659802, 1880821489306116509])), - ], - merkle_arity: 2, - }; +pub const TWEEDLE_DUM_MHT_POSEIDON_PARAMETERS: FieldBasedMerkleTreePrecomputedZeroConstants< + 'static, + TweedleFqPoseidonHash, +> = FieldBasedMerkleTreePrecomputedZeroConstants { + nodes: &[ + field_new!(TweedleFq, BigInteger256([0, 0, 0, 0])), + field_new!( + TweedleFq, + BigInteger256([ + 6139372262132429377, + 6616513606251009568, + 10180936183985522127, + 1871256090268734000 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 16581232002391324140, + 10128427957487402226, + 14615445748711189182, + 106768847887941616 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 7422282436897880714, + 2759687527703036765, + 18261471787718551385, + 4333102577557650426 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 8960034495897434649, + 5976620936990978514, + 11770448562828825262, + 420408715434692497 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 1639501920800041527, + 7047118941613450008, + 8439584256723729208, + 2340548282573108138 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 17474590584127356599, + 17005018111462329626, + 9038520322116564398, + 2842033007168063862 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 17907603573830123375, + 7485449917333291794, + 8497334770128174690, + 985616778997111667 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 8437238815112828116, + 7558012184601411834, + 4810203110390380299, + 3693304440212097843 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 15867381531984164088, + 14436926832167307336, + 7771858470711342912, + 4382274482182735339 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 6780535927106125369, + 893601027906750002, + 2168364268659532015, + 1398450762353999324 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 761179424970697872, + 18228584916778786433, + 3789686406673394224, + 315352039785223877 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 10506753105967550322, + 10479934490182553064, + 4711731144016154768, + 2619376882049526951 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 5491581052635507564, + 11596637832753061833, + 15074841229727970086, + 51841591242253653 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 10751695168434495081, + 11265029839378255208, + 2292162601217563466, + 2013346614746080729 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 1065409681300367041, + 14926577987640137998, + 13035113752352820427, + 777620396488025701 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 17671398566235914769, + 11145386535386684404, + 14965778970796212802, + 2548163089059524405 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 4147123003843975335, + 16801467547722941168, + 9567918343610890265, + 1232574073465013165 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 11272246842976262912, + 5714009969114434676, + 13201780159870357255, + 1761070557194703564 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 13412942200607847147, + 13612865033638762108, + 4989519727612199232, + 224999250619481366 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 16131593917109878013, + 2118354752416554125, + 2560734345425875426, + 265596394308507171 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 8350852403008315484, + 14236833013206637959, + 1704211568971383225, + 3223189361656905860 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 2280418127254463522, + 11760863143783095452, + 14517820451477144924, + 388576072386685144 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 14719543229856123753, + 7602837078929085760, + 13722828357997036314, + 3711455166874429393 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 14339280075298071695, + 9047408951566991594, + 2938258787476493148, + 154196581154821338 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 14855917590773565952, + 16320462695690950774, + 13608606206008960107, + 4021935482326785433 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 5664553553817478280, + 15018914933284007567, + 12910027197340055896, + 69535126663687267 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 12939490041852130828, + 13667911504789686466, + 6125435652755305576, + 1414802449081846718 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 8636287925162701366, + 8473826958806005476, + 11034325557957988141, + 2161057426287045498 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 3540680633243804891, + 11704818265718910048, + 10222301835080698341, + 1142989787151462434 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 4048987655390738064, + 8466268957972885142, + 600328630911781217, + 4059422043777361500 + ]) + ), + field_new!( + TweedleFq, + BigInteger256([ + 10396877418832343447, + 4626792818372145897, + 1925158989055659802, + 1880821489306116509 + ]) + ), + ], + merkle_arity: 2, +}; #[cfg(test)] mod test { - use algebra::{ - fields::tweedle::Fq, Field, - }; + use super::{TWEEDLE_DUM_MHT_POSEIDON_PARAMETERS, TWEEDLE_DUM_PHANTOM_MERKLE_ROOT}; use crate::{ crh::TweedleFqPoseidonHash, merkle_tree::field_based_mht::parameters::{ - generate_phantom_merkle_root_from_magic_string, - generate_mht_empty_nodes, + generate_mht_empty_nodes, generate_phantom_merkle_root_from_magic_string, }, - FieldBasedMerkleTreePrecomputedZeroConstants - }; - use super::{ - TWEEDLE_DUM_PHANTOM_MERKLE_ROOT, TWEEDLE_DUM_MHT_POSEIDON_PARAMETERS + FieldBasedMerkleTreePrecomputedZeroConstants, }; + use algebra::{fields::tweedle::Fq, Field}; #[ignore] #[test] - fn test_generate_tweedle_fq_phantom_merkle_root(){ - let expected_root = generate_phantom_merkle_root_from_magic_string::( - "This represents an empty Merkle Root for a TweedleDumPoseidonHash based Merkle Tree." + fn test_generate_tweedle_fq_phantom_merkle_root() { + let expected_root = generate_phantom_merkle_root_from_magic_string::< + Fq, + TweedleFqPoseidonHash, + >( + "This represents an empty Merkle Root for a TweedleDumPoseidonHash based Merkle Tree.", ); assert_eq!(expected_root, TWEEDLE_DUM_PHANTOM_MERKLE_ROOT); } @@ -90,14 +333,17 @@ mod test { let merkle_arity = 2; let max_height = 32; - let empty_nodes = generate_mht_empty_nodes::(merkle_arity, max_height, Fq::zero()); + let empty_nodes = generate_mht_empty_nodes::( + merkle_arity, + max_height, + Fq::zero(), + ); assert_eq!(empty_nodes.len(), max_height); let params = FieldBasedMerkleTreePrecomputedZeroConstants:: { - nodes: empty_nodes.as_slice(), merkle_arity + nodes: empty_nodes.as_slice(), + merkle_arity, }; assert_eq!(params, TWEEDLE_DUM_MHT_POSEIDON_PARAMETERS) } } - - diff --git a/primitives/src/merkle_tree/field_based_mht/path.rs b/primitives/src/merkle_tree/field_based_mht/path.rs index b52d628d6..f280748db 100644 --- a/primitives/src/merkle_tree/field_based_mht/path.rs +++ b/primitives/src/merkle_tree/field_based_mht/path.rs @@ -1,12 +1,9 @@ -use algebra::{ - SemanticallyValid, serialize::* -}; -use crate::{ - crh::*, field_based_mht::*, -}; +use crate::{crh::*, field_based_mht::*}; +use algebra::{serialize::*, SemanticallyValid}; use std::{ - clone::Clone, io::{Write, Result as IoResult, Read}, + clone::Clone, convert::TryFrom, + io::{Read, Result as IoResult, Write}, }; /// An implementation of the FieldBasedMerkleTreePath trait, for a given FieldBasedHash and @@ -20,7 +17,7 @@ use std::{ Eq(bound = "") )] #[derive(Serialize, Deserialize, CanonicalSerialize, CanonicalDeserialize)] -pub struct FieldBasedMHTPath{ +pub struct FieldBasedMHTPath { path: Vec<(Vec<::Data>, usize)>, } @@ -28,7 +25,7 @@ impl SemanticallyValid for FieldBasedMHTPath< fn is_valid(&self) -> bool { for (fes, pos) in self.path.iter() { if fes.len() != T::MERKLE_ARITY - 1 || pos >= &T::MERKLE_ARITY || !fes.is_valid() { - return false + return false; } } true @@ -59,18 +56,19 @@ impl FieldBasedMerkleTreePath for FieldBasedM /// NOTE: Check path semantic validity before calling this function. fn compute_root( &self, - leaf: &::Data - ) -> ::Data - { + leaf: &::Data, + ) -> ::Data { // Rate may also be smaller than the arity actually, but this assertion // is reasonable and simplify the design. Should be also enforced by the // MerkleTree that creates this instance, but let's do it again. - assert_eq!(<::Parameters as FieldBasedHashParameters>::R, T::MERKLE_ARITY); + assert_eq!( + <::Parameters as FieldBasedHashParameters>::R, + T::MERKLE_ARITY + ); let mut digest = ::init_constant_length(T::MERKLE_ARITY, None); let mut prev_node = leaf.clone(); for (sibling_nodes, position) in self.path.iter() { - // Update the digest respecting the position of each sibling let mut sibling_idx = 0; for i in 0..T::MERKLE_ARITY { @@ -124,10 +122,8 @@ impl FieldBasedMerkleTreePath for FieldBasedM let mut height = 0usize; for &(ref siblings, direction) in &self.path { - // If the node on the path is not in the rightmost position if direction != T::MERKLE_ARITY - 1 { - // Save the empty node for this height let empty_node = T::ZERO_NODE_CST.unwrap().nodes[height].clone(); @@ -135,7 +131,7 @@ impl FieldBasedMerkleTreePath for FieldBasedM // cannot be the non empty rightmost at this height and for the // whole tree for i in direction..T::MERKLE_ARITY - 1 { - if siblings[i] != empty_node { + if siblings[i] != empty_node { return false; } } @@ -196,14 +192,16 @@ impl FromBytes for FieldBasedMHTPath { Eq(bound = "") )] #[derive(Serialize, Deserialize, CanonicalSerialize, CanonicalDeserialize)] -pub struct FieldBasedBinaryMHTPath{ +pub struct FieldBasedBinaryMHTPath { path: Vec<(::Data, bool)>, } impl SemanticallyValid for FieldBasedBinaryMHTPath { fn is_valid(&self) -> bool { for (fe, _) in self.path.iter() { - if !fe.is_valid() { return false } + if !fe.is_valid() { + return false; + } } true } @@ -226,17 +224,18 @@ impl FieldBasedMerkleTreePath for FieldBasedB fn compute_root( &self, - leaf: &::Data - ) -> ::Data - { + leaf: &::Data, + ) -> ::Data { // Rate may also be smaller than the arity actually, but this assertion // is reasonable and simplify the design. Should be also enforced by the // MerkleTree that creates this instance, but let's do it again. - assert_eq!(<::Parameters as FieldBasedHashParameters>::R, T::MERKLE_ARITY); + assert_eq!( + <::Parameters as FieldBasedHashParameters>::R, + T::MERKLE_ARITY + ); let mut digest = ::init_constant_length(2, None); let mut prev_node = leaf.clone(); for (sibling, direction) in self.path.iter() { - // Choose left and right hash according to direction let (left, right) = if !direction { (prev_node, sibling.clone()) @@ -245,11 +244,7 @@ impl FieldBasedMerkleTreePath for FieldBasedB }; // Compute the parent node - prev_node = digest - .update(left) - .update(right) - .finalize() - .unwrap(); + prev_node = digest.update(left).update(right).finalize().unwrap(); digest.reset(None); } @@ -291,10 +286,8 @@ impl FieldBasedMerkleTreePath for FieldBasedB let mut height = 0usize; for &(sibling, direction) in &self.path { - // If the node on the path is not in the rightmost position if !direction { - // If its following sibling is not the empty node, then the node // cannot be the non empty rightmost at this height and for the // whole tree @@ -310,12 +303,11 @@ impl FieldBasedMerkleTreePath for FieldBasedB #[inline] fn leaf_index(&self) -> usize { let mut leaf_index = 0; - self.path - .iter() - .enumerate() - .for_each(|(i, (_, pos))| { - if *pos { leaf_index += 1 << i } - }); + self.path.iter().enumerate().for_each(|(i, (_, pos))| { + if *pos { + leaf_index += 1 << i + } + }); leaf_index as usize } @@ -352,13 +344,15 @@ impl From> for Fie fn from(other: FieldBasedBinaryMHTPath) -> Self { let mut converted = Vec::with_capacity(other.path.len()); for &(node, direction) in &other.path { - converted.push((vec![node], if !direction {0} else {1})); + converted.push((vec![node], if !direction { 0 } else { 1 })); } FieldBasedMHTPath::::new(converted) } } -impl TryFrom> for FieldBasedBinaryMHTPath { +impl TryFrom> + for FieldBasedBinaryMHTPath +{ type Error = Error; fn try_from(other: FieldBasedMHTPath) -> Result { @@ -371,14 +365,16 @@ impl TryFrom> for FieldB Err(format!("Position must be only 0 or 1 for each element in the path to be able to perform conversion to a binary path"))? } - converted.push((nodes[0], if position == 0 {false} else {true})); + converted.push((nodes[0], if position == 0 { false } else { true })); } Ok(FieldBasedBinaryMHTPath::::new(converted)) } } -impl PartialEq> for FieldBasedBinaryMHTPath { +impl PartialEq> + for FieldBasedBinaryMHTPath +{ fn eq(&self, other: &FieldBasedMHTPath) -> bool { self == other } -} \ No newline at end of file +} diff --git a/primitives/src/merkle_tree/mod.rs b/primitives/src/merkle_tree/mod.rs index 83d0a515a..e563ec136 100644 --- a/primitives/src/merkle_tree/mod.rs +++ b/primitives/src/merkle_tree/mod.rs @@ -1,8 +1,8 @@ use crate::{crh::FixedLengthCRH, Error}; use algebra::bytes::ToBytes; +use serde::{Deserialize, Serialize}; use std::{fmt, rc::Rc}; -use serde::{Serialize, Deserialize}; pub mod field_based_mht; pub use self::field_based_mht::*; @@ -21,10 +21,7 @@ pub trait MerkleTreeConfig { )] #[derive(Serialize, Deserialize)] pub struct MerkleTreePath { - pub path: Vec<( - ::Output, - bool, - )>, + pub path: Vec<(::Output, bool)>, } pub type MerkleTreeParams

= <

::H as FixedLengthCRH>::Parameters; @@ -34,10 +31,7 @@ impl Default for MerkleTreePath

{ fn default() -> Self { let mut path = Vec::with_capacity(P::HEIGHT as usize); for _i in 1..P::HEIGHT as usize { - path.push(( - ::Output::default(), - false, - )); + path.push((::Output::default(), false)); } Self { path } } @@ -51,11 +45,17 @@ impl MerkleTreePath

{ leaf: &L, ) -> Result { if P::HEIGHT == 0 { - Err(MerkleTreeError::Other("Unable to verify: no existence proof defined for Merkle Tree of trivial height".to_owned()))? + Err(MerkleTreeError::Other( + "Unable to verify: no existence proof defined for Merkle Tree of trivial height" + .to_owned(), + ))? } if self.path.len() != P::HEIGHT as usize { - return Err(MerkleTreeError::IncorrectPathLength(self.path.len(), P::HEIGHT as usize))? + return Err(MerkleTreeError::IncorrectPathLength( + self.path.len(), + P::HEIGHT as usize, + ))?; } // Check that the given leaf matches the leaf in the membership proof. @@ -63,9 +63,8 @@ impl MerkleTreePath

{ // Check levels between leaf level and root. for &(ref sibling_hash, direction) in &self.path { - - // Check if the previous hash matches the correct current hash. - prev = { + // Check if the previous hash matches the correct current hash. + prev = { if direction { hash_inner_node::(parameters, sibling_hash, &prev) } else { @@ -89,13 +88,13 @@ impl MerkleTreePath

{ /// while this is ok for use cases where the Merkle Trees have always the /// same height, it's not for all the others. pub struct MerkleHashTree { - tree: Vec<::Output>, + tree: Vec<::Output>, padding_tree: Vec<( ::Output, ::Output, )>, - parameters: Rc<::Parameters>, - root: Option<::Output>, + parameters: Rc<::Parameters>, + root: Option<::Output>, } impl MerkleHashTree

{ @@ -114,7 +113,6 @@ impl MerkleHashTree

{ parameters: Rc<::Parameters>, leaves: &[L], ) -> Result { - // Deal with edge cases if Self::HEIGHT == 0 { // If height = 0, return tree with only the root @@ -133,7 +131,7 @@ impl MerkleHashTree

{ tree: vec![root.clone()], padding_tree: vec![], parameters, - root: Some(root) + root: Some(root), }) } else { // Otherwise, compute root normally @@ -223,10 +221,12 @@ impl MerkleHashTree

{ index: usize, leaf: &L, ) -> Result, Error> { - // Check that height is bigger than zero if P::HEIGHT == 0 { - Err(MerkleTreeError::Other("Unable to prove: no existence proof defined for Merkle Tree of trivial height".to_owned()))? + Err(MerkleTreeError::Other( + "Unable to prove: no existence proof defined for Merkle Tree of trivial height" + .to_owned(), + ))? } // Check that index is not bigger than num_leaves @@ -260,7 +260,10 @@ impl MerkleHashTree

{ } if path.len() > Self::HEIGHT as usize { - Err(MerkleTreeError::IncorrectPathLength(path.len(), Self::HEIGHT as usize))? + Err(MerkleTreeError::IncorrectPathLength( + path.len(), + Self::HEIGHT as usize, + ))? } //Push the other elements of the padding tree @@ -270,7 +273,10 @@ impl MerkleHashTree

{ end_timer!(prove_time); if path.len() != Self::HEIGHT as usize { - Err(MerkleTreeError::IncorrectPathLength(path.len(), Self::HEIGHT as usize))? + Err(MerkleTreeError::IncorrectPathLength( + path.len(), + Self::HEIGHT as usize, + ))? } else { Ok(MerkleTreePath { path }) } @@ -288,13 +294,19 @@ pub enum MerkleTreeError { impl std::fmt::Display for MerkleTreeError { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { let msg = match self { - MerkleTreeError::TooManyLeaves(height) => format!("Reached maximum number of leaves for a tree of height {}", height), + MerkleTreeError::TooManyLeaves(height) => format!( + "Reached maximum number of leaves for a tree of height {}", + height + ), MerkleTreeError::IncorrectLeafIndex(index) => { format!("incorrect leaf index: {}", index) - }, + } MerkleTreeError::IncorrectPathLength(actual_len, expected_len) => { - format!("Incorrect path length. Expected {}, found {}", expected_len, actual_len) - }, + format!( + "Incorrect path length. Expected {}, found {}", + expected_len, actual_len + ) + } MerkleTreeError::Other(err_str) => format!("{}", err_str), }; write!(f, "{}", msg) @@ -377,7 +389,7 @@ pub(crate) fn hash_inner_node( ) -> Result { use std::io::Cursor; - let buffer = vec![0u8; H::INPUT_SIZE_BITS/8]; + let buffer = vec![0u8; H::INPUT_SIZE_BITS / 8]; let mut writer = Cursor::new(buffer); // Construct left input. left.write(&mut writer)?; @@ -395,7 +407,7 @@ pub(crate) fn hash_leaf( leaf: &L, ) -> Result { use std::io::Cursor; - let buffer = vec![0u8; H::INPUT_SIZE_BITS/8]; + let buffer = vec![0u8; H::INPUT_SIZE_BITS / 8]; let mut writer = Cursor::new(buffer); leaf.write(&mut writer)?; @@ -437,9 +449,15 @@ mod test { type H = H; } - fn generate_merkle_tree>(leaves: &[L]) -> () + fn generate_merkle_tree< + L: ToBytes + Clone + Eq, + H: FixedLengthCRH, + P: MerkleTreeConfig, + >( + leaves: &[L], + ) -> () where - H::Output: std::fmt::Debug + H::Output: std::fmt::Debug, { let mut rng = XorShiftRng::seed_from_u64(9174123u64); @@ -465,14 +483,16 @@ mod test { if leaves.len() == 0 { assert_eq!(root, hash_empty::(&crh_parameters).unwrap()); } else { - assert_eq!(root, hash_leaf::(&crh_parameters, &leaves[0]).unwrap()); + assert_eq!( + root, + hash_leaf::(&crh_parameters, &leaves[0]).unwrap() + ); } } } #[test] fn good_root_test() { - //Test #leaves << 2^HEIGHT let mut leaves = Vec::new(); for i in 0..4u8 { @@ -495,7 +515,13 @@ mod test { generate_merkle_tree::<_, _, JubJubMerkleTreeParams>(&leaves); } - fn bad_merkle_tree_verify>(leaves: &[L]) -> () { + fn bad_merkle_tree_verify< + L: ToBytes + Clone + Eq, + H: FixedLengthCRH, + P: MerkleTreeConfig, + >( + leaves: &[L], + ) -> () { let mut rng = XorShiftRng::seed_from_u64(13423423u64); let crh_parameters = Rc::new(H::setup(&mut rng).unwrap()); @@ -528,7 +554,7 @@ mod test { for i in 0..32u8 { leaves.push([i, i, i, i, i, i, i, i]); } - bad_merkle_tree_verify::<_,_, JubJubMerkleTreeParams>(&leaves); + bad_merkle_tree_verify::<_, _, JubJubMerkleTreeParams>(&leaves); } // Params for Merkle Tree of height 0 @@ -563,7 +589,12 @@ mod test { for i in 0..32u8 { leaves.push(vec![i, i, i, i, i, i, i, i]); } - assert!(std::panic::catch_unwind(|| generate_merkle_tree::<_, _, JubJubMerkleTreeParams>(&leaves)).is_err()); + assert!(std::panic::catch_unwind(|| generate_merkle_tree::< + _, + _, + JubJubMerkleTreeParams, + >(&leaves)) + .is_err()); } // HEIGHT == 1 @@ -580,7 +611,12 @@ mod test { for i in 0..2u8 { leaves.push(vec![i, i, i, i, i, i, i, i]); } - assert!(std::panic::catch_unwind(|| generate_merkle_tree::<_, _, JubJubHeightOneMerkleTreeParams>(&leaves)).is_err()); + assert!(std::panic::catch_unwind(|| generate_merkle_tree::< + _, + _, + JubJubHeightOneMerkleTreeParams, + >(&leaves)) + .is_err()); } // HEIGHT == 0 @@ -596,7 +632,12 @@ mod test { // Generate Merkle Tree with only the root, passing more than one leaf. Assert error leaves.push(vec![2u8; 8]); - assert!(std::panic::catch_unwind(|| generate_merkle_tree::<_, _, JubJubOnlyRootMerkleTreeParams>(&leaves)).is_err()); + assert!(std::panic::catch_unwind(|| generate_merkle_tree::< + _, + _, + JubJubOnlyRootMerkleTreeParams, + >(&leaves)) + .is_err()); } } -} \ No newline at end of file +} diff --git a/primitives/src/prf/mod.rs b/primitives/src/prf/mod.rs index 0ec815bb2..e02b1b8c9 100644 --- a/primitives/src/prf/mod.rs +++ b/primitives/src/prf/mod.rs @@ -5,7 +5,7 @@ use crate::CryptoError; pub mod blake2s; pub use self::blake2s::*; -use serde::{Serialize, Deserialize}; +use serde::{Deserialize, Serialize}; pub trait PRF { type Input: FromBytes + Serialize + for<'a> Deserialize<'a> + Default; diff --git a/primitives/src/signature/mod.rs b/primitives/src/signature/mod.rs index da99ea7a7..ccd2bd3cf 100644 --- a/primitives/src/signature/mod.rs +++ b/primitives/src/signature/mod.rs @@ -1,17 +1,26 @@ use crate::Error; -use algebra::{bytes::{ - ToBytes, FromBytes -}, Field, FromBytesChecked, UniformRand}; +use algebra::{ + bytes::{FromBytes, ToBytes}, + Field, FromBytesChecked, UniformRand, +}; use rand::Rng; -use std::hash::Hash; +use serde::{Deserialize, Serialize}; use std::fmt::Debug; -use serde::{Serialize, Deserialize}; +use std::hash::Hash; pub mod schnorr; pub trait SignatureScheme { type Parameters: Clone + Send + Sync + Serialize + for<'a> Deserialize<'a>; - type PublicKey: ToBytes + Serialize + for<'a> Deserialize<'a> + Hash + Eq + Clone + Default + Send + Sync; + type PublicKey: ToBytes + + Serialize + + for<'a> Deserialize<'a> + + Hash + + Eq + + Clone + + Default + + Send + + Sync; type SecretKey: ToBytes + Serialize + for<'a> Deserialize<'a> + Clone + Default; type Signature: Serialize + for<'a> Deserialize<'a> + Clone + Default + Send + Sync; @@ -50,23 +59,39 @@ pub trait SignatureScheme { } pub trait FieldBasedSignatureScheme { - type Data: Field; - type PublicKey: FromBytes + FromBytesChecked + ToBytes + Hash + Eq + Copy + - Clone + Default + Debug + Send + Sync + UniformRand - + Serialize + for<'a> Deserialize<'a>; + type PublicKey: FromBytes + + FromBytesChecked + + ToBytes + + Hash + + Eq + + Copy + + Clone + + Default + + Debug + + Send + + Sync + + UniformRand + + Serialize + + for<'a> Deserialize<'a>; type SecretKey: ToBytes + Clone + Default + Serialize + for<'a> Deserialize<'a>; - type Signature: Copy + Clone + Default + Send + Sync + Debug + Eq + PartialEq - + ToBytes + FromBytes + FromBytesChecked + Serialize - + for<'a> Deserialize<'a>; + type Signature: Copy + + Clone + + Default + + Send + + Sync + + Debug + + Eq + + PartialEq + + ToBytes + + FromBytes + + FromBytesChecked + + Serialize + + for<'a> Deserialize<'a>; - fn keygen( - rng: &mut R, - ) -> (Self::PublicKey, Self::SecretKey); + fn keygen(rng: &mut R) -> (Self::PublicKey, Self::SecretKey); - fn get_public_key( - sk: &Self::SecretKey - ) -> Self::PublicKey; + fn get_public_key(sk: &Self::SecretKey) -> Self::PublicKey; fn sign( rng: &mut R, @@ -81,7 +106,5 @@ pub trait FieldBasedSignatureScheme { signature: &Self::Signature, ) -> Result; - fn keyverify( - pk: &Self::PublicKey, - ) -> bool; -} \ No newline at end of file + fn keyverify(pk: &Self::PublicKey) -> bool; +} diff --git a/primitives/src/signature/schnorr/field_based_schnorr.rs b/primitives/src/signature/schnorr/field_based_schnorr.rs index 7a57da271..1a79cf06f 100644 --- a/primitives/src/signature/schnorr/field_based_schnorr.rs +++ b/primitives/src/signature/schnorr/field_based_schnorr.rs @@ -1,56 +1,54 @@ -use crate::{crh::FieldBasedHash, signature::FieldBasedSignatureScheme, Error, compute_truncation_size}; +use crate::{ + compute_truncation_size, crh::FieldBasedHash, signature::FieldBasedSignatureScheme, Error, +}; use algebra::{ - Field, PrimeField, Group, UniformRand, ProjectiveCurve, - convert, leading_zeros, ToBits, ToConstraintField, ToBytes, - FromBytes, SemanticallyValid, FromBytesChecked, - serialize::*, + convert, leading_zeros, serialize::*, Field, FromBytes, FromBytesChecked, Group, PrimeField, + ProjectiveCurve, SemanticallyValid, ToBits, ToBytes, ToConstraintField, UniformRand, }; -use std::marker::PhantomData; -use rand::Rng; -use std::io::{Write, Read, Result as IoResult, Error as IoError, ErrorKind}; use rand::distributions::{Distribution, Standard}; -use serde::{Serialize, Deserialize}; +use rand::Rng; +use serde::{Deserialize, Serialize}; +use std::io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}; +use std::marker::PhantomData; #[allow(dead_code)] -pub struct FieldBasedSchnorrSignatureScheme< - F: PrimeField, - G: Group, - H: FieldBasedHash, -> -{ - _field: PhantomData, - _group: PhantomData, - _hash: PhantomData, +pub struct FieldBasedSchnorrSignatureScheme { + _field: PhantomData, + _group: PhantomData, + _hash: PhantomData, } #[derive(Derivative)] #[derivative( -Copy(bound = "F: PrimeField, G: Group"), -Clone(bound = "F: PrimeField, G: Group"), -Default(bound = "F: PrimeField, G: Group"), -Eq(bound = "F: PrimeField, G: Group"), -PartialEq(bound = "F: PrimeField, G: Group"), -Debug(bound = "F: PrimeField, G: Group") + Copy(bound = "F: PrimeField, G: Group"), + Clone(bound = "F: PrimeField, G: Group"), + Default(bound = "F: PrimeField, G: Group"), + Eq(bound = "F: PrimeField, G: Group"), + PartialEq(bound = "F: PrimeField, G: Group"), + Debug(bound = "F: PrimeField, G: Group") )] #[derive(Serialize, Deserialize)] #[serde(bound(serialize = "F: PrimeField, G: Group"))] #[serde(bound(deserialize = "F: PrimeField, G: Group"))] #[derive(CanonicalSerialize, CanonicalDeserialize)] pub struct FieldBasedSchnorrSignature { - pub e: F, - pub s: F, + pub e: F, + pub s: F, #[serde(skip)] - _group: PhantomData, + _group: PhantomData, } impl FieldBasedSchnorrSignature { #[allow(dead_code)] pub fn new(e: F, s: F) -> Self { - Self{ e, s, _group: PhantomData } + Self { + e, + s, + _group: PhantomData, + } } } - impl ToBytes for FieldBasedSchnorrSignature { fn write(&self, mut writer: W) -> IoResult<()> { self.e.write(&mut writer)?; @@ -62,7 +60,11 @@ impl FromBytes for FieldBasedSchnorrSignature { fn read(mut reader: R) -> IoResult { let e = F::read(&mut reader)?; let s = F::read(&mut reader)?; - Ok(Self{ e, s, _group: PhantomData} ) + Ok(Self { + e, + s, + _group: PhantomData, + }) } } @@ -74,7 +76,13 @@ impl FromBytesChecked for FieldBasedSchnorrSignature= G::ScalarField::size_in_bits() { - return Err(IoError::new(ErrorKind::InvalidData, format!("Invalid bit-length for signature.e: {}", e_bits.len() - e_leading_zeros))) + return Err(IoError::new( + ErrorKind::InvalidData, + format!( + "Invalid bit-length for signature.e: {}", + e_bits.len() - e_leading_zeros + ), + )); } Ok(e) })?; @@ -83,32 +91,41 @@ impl FromBytesChecked for FieldBasedSchnorrSignature= F::size_in_bits(){ - return Err(IoError::new(ErrorKind::InvalidData, format!("Invalid bit-length for signature.s: {}", s_bits.len() - s_leading_zeros))) + if (G::ScalarField::size_in_bits() - s_leading_zeros) >= F::size_in_bits() { + return Err(IoError::new( + ErrorKind::InvalidData, + format!( + "Invalid bit-length for signature.s: {}", + s_bits.len() - s_leading_zeros + ), + )); } Ok(s) })?; - Ok(Self{ e, s, _group: PhantomData }) + Ok(Self { + e, + s, + _group: PhantomData, + }) } } impl SemanticallyValid for FieldBasedSchnorrSignature { fn is_valid(&self) -> bool { - self.e.is_valid() && - { - //Checks e had proper bit-length when converted into a G::ScalarField element - let e_bits = self.e.write_bits(); - let e_leading_zeros = leading_zeros(e_bits.as_slice()) as usize; - F::size_in_bits() - e_leading_zeros < G::ScalarField::size_in_bits() - } - && - self.s.is_valid() && - { - //Checks s had proper bit-length when converted into a F element - let s_bits = self.s.write_bits(); - let s_leading_zeros = leading_zeros(s_bits.as_slice()) as usize; - G::ScalarField::size_in_bits() - s_leading_zeros < F::size_in_bits() - } + self.e.is_valid() + && { + //Checks e had proper bit-length when converted into a G::ScalarField element + let e_bits = self.e.write_bits(); + let e_leading_zeros = leading_zeros(e_bits.as_slice()) as usize; + F::size_in_bits() - e_leading_zeros < G::ScalarField::size_in_bits() + } + && self.s.is_valid() + && { + //Checks s had proper bit-length when converted into a F element + let s_bits = self.s.write_bits(); + let s_leading_zeros = leading_zeros(s_bits.as_slice()) as usize; + G::ScalarField::size_in_bits() - s_leading_zeros < F::size_in_bits() + } } } @@ -120,7 +137,7 @@ impl SemanticallyValid for FieldBasedSchnorrSignature ToBytes for FieldBasedSchnorrPk { impl FromBytes for FieldBasedSchnorrPk { fn read(mut reader: R) -> IoResult { let pk = G::read(&mut reader)?; - Ok( Self(pk) ) + Ok(Self(pk)) } } @@ -154,10 +171,15 @@ impl FromBytesChecked for FieldBasedSchnorrPk { let pk = G::read_checked(&mut reader) .map_err(|e| IoError::new(ErrorKind::InvalidData, format!("invalid schnorr pk: {}", e))) .and_then(|p| { - if p.is_zero() { return Err(IoError::new(ErrorKind::InvalidData, "invalid schnorr pk: point at infinity")); } + if p.is_zero() { + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid schnorr pk: point at infinity", + )); + } Ok(p) })?; - Ok( Self(pk) ) + Ok(Self(pk)) } } @@ -175,24 +197,24 @@ impl SemanticallyValid for FieldBasedSchnorrPk { // Low-level crypto for the length-restricted Schnorr Signature, does not perform any // input validity check. It's responsibility of the caller to do so, through keyverify() // function for the PublicKey, read() or is_valid() functions for FieldBasedSchnorrSignature. -impl, H: FieldBasedHash> FieldBasedSignatureScheme for -FieldBasedSchnorrSignatureScheme +impl, H: FieldBasedHash> + FieldBasedSignatureScheme for FieldBasedSchnorrSignatureScheme { type Data = H::Data; type PublicKey = FieldBasedSchnorrPk; type SecretKey = G::ScalarField; type Signature = FieldBasedSchnorrSignature; - fn keygen(rng: &mut R) -> (Self::PublicKey, Self::SecretKey) - { + fn keygen(rng: &mut R) -> (Self::PublicKey, Self::SecretKey) { let secret_key = loop { let r = G::ScalarField::rand(rng); // Reject sk = 0 to avoid generating obviously weak keypair. See keyverify() function // for additional explanations. - if !r.is_zero() { break(r) } + if !r.is_zero() { + break (r); + } }; - let public_key = G::prime_subgroup_generator() - .mul(&secret_key); + let public_key = G::prime_subgroup_generator().mul(&secret_key); (FieldBasedSchnorrPk(public_key), secret_key) } @@ -205,8 +227,7 @@ FieldBasedSchnorrSignatureScheme pk: &Self::PublicKey, sk: &Self::SecretKey, message: Self::Data, - )-> Result - { + ) -> Result { let required_leading_zeros_e = compute_truncation_size( F::size_in_bits() as i32, G::ScalarField::size_in_bits() as i32, @@ -221,13 +242,11 @@ FieldBasedSchnorrSignatureScheme let pk_coords = pk.0.to_field_elements()?; let (e, s) = loop { - //Sample random element let k = G::ScalarField::rand(rng); //R = k * G - let r = G::prime_subgroup_generator() - .mul(&k); + let r = G::prime_subgroup_generator().mul(&k); //Affine coordinates of R (even if R is infinity) let r_coords = r.to_field_elements()?; @@ -236,7 +255,9 @@ FieldBasedSchnorrSignatureScheme let e = { let mut digest = H::init_constant_length(4, None); digest.update(message); - r_coords.into_iter().for_each(|coord| { digest.update(coord); }); + r_coords.into_iter().for_each(|coord| { + digest.update(coord); + }); digest.update(pk_coords[0]); digest.finalize() }?; @@ -245,7 +266,9 @@ FieldBasedSchnorrSignatureScheme let e_leading_zeros = leading_zeros(e_bits.as_slice()) as usize; //Enforce e bit length is strictly smaller than G::ScalarField modulus bit length - if e_leading_zeros < required_leading_zeros_e {continue}; + if e_leading_zeros < required_leading_zeros_e { + continue; + }; //We can now safely convert it to the other field let e_conv = convert::(e_bits)?; @@ -255,24 +278,27 @@ FieldBasedSchnorrSignatureScheme let s_bits = s.write_bits(); let s_leading_zeros = leading_zeros(s_bits.as_slice()) as usize; - if s_leading_zeros < required_leading_zeros_s {continue}; + if s_leading_zeros < required_leading_zeros_s { + continue; + }; let s_conv = convert::(s_bits)?; break (e, s_conv); }; - Ok(FieldBasedSchnorrSignature {e, s, _group: PhantomData}) + Ok(FieldBasedSchnorrSignature { + e, + s, + _group: PhantomData, + }) } fn verify( pk: &Self::PublicKey, message: Self::Data, - signature: &Self::Signature - ) - -> Result - { - + signature: &Self::Signature, + ) -> Result { let pk_coords = pk.0.to_field_elements()?; //Compute R' = s*G - e * pk @@ -281,7 +307,7 @@ FieldBasedSchnorrSignatureScheme let s_conv = convert::(s_bits)?; let e_bits = signature.e.write_bits(); - let e_conv = convert::(e_bits)?; + let e_conv = convert::(e_bits)?; let s_times_g = G::prime_subgroup_generator().mul(&s_conv); let neg_e_times_pk = pk.0.neg().mul(&e_conv); @@ -294,7 +320,9 @@ FieldBasedSchnorrSignatureScheme let e_prime = { let mut digest = H::init_constant_length(4, None); digest.update(message); - r_prime_coords.into_iter().for_each(|coord| { digest.update(coord); }); + r_prime_coords.into_iter().for_each(|coord| { + digest.update(coord); + }); digest.update(pk_coords[0]); digest.finalize() }?; @@ -302,26 +330,23 @@ FieldBasedSchnorrSignatureScheme Ok(signature.e == e_prime) } - #[inline] - fn keyverify(pk: &Self::PublicKey) -> bool { pk.is_valid() } + fn keyverify(pk: &Self::PublicKey) -> bool { + pk.is_valid() + } } #[cfg(test)] mod test { - use algebra::curves::{ - mnt4753::G1Projective as MNT4G1Projective, - mnt6753::G1Projective as MNT6G1Projective, - }; - use algebra::fields::{ - mnt4753::Fr as MNT4Fr, - mnt6753::Fr as MNT6Fr, - }; - use algebra::{ToBytes, to_bytes, FromBytes, FromBytesChecked, SemanticallyValid}; use crate::crh::{MNT4PoseidonHash, MNT6PoseidonHash}; - use crate::signature::FieldBasedSignatureScheme; use crate::signature::schnorr::field_based_schnorr::FieldBasedSchnorrSignatureScheme; - use rand::{Rng, thread_rng}; + use crate::signature::FieldBasedSignatureScheme; + use algebra::curves::{ + mnt4753::G1Projective as MNT4G1Projective, mnt6753::G1Projective as MNT6G1Projective, + }; + use algebra::fields::{mnt4753::Fr as MNT4Fr, mnt6753::Fr as MNT6Fr}; + use algebra::{to_bytes, FromBytes, FromBytesChecked, SemanticallyValid, ToBytes}; + use rand::{thread_rng, Rng}; type SchnorrMNT4 = FieldBasedSchnorrSignatureScheme; type SchnorrMNT6 = FieldBasedSchnorrSignatureScheme; @@ -336,13 +361,21 @@ mod test { //Serialization/deserialization test let sig_serialized = to_bytes!(sig).unwrap(); - let sig_deserialized = ::Signature::read(sig_serialized.as_slice()).unwrap(); + let sig_deserialized = + ::Signature::read(sig_serialized.as_slice()).unwrap(); assert_eq!(sig, sig_deserialized); - assert!(::Signature::read_checked(sig_serialized.as_slice()).is_ok()); + assert!(::Signature::read_checked( + sig_serialized.as_slice() + ) + .is_ok()); assert!(S::verify(&pk, message, &sig_deserialized).unwrap()); } - fn failed_verification(rng: &mut R, message: S::Data, bad_message: S::Data) { + fn failed_verification( + rng: &mut R, + message: S::Data, + bad_message: S::Data, + ) { let (pk, sk) = S::keygen(rng); assert!(S::keyverify(&pk)); assert_eq!(pk, S::get_public_key(&sk)); @@ -376,11 +409,11 @@ mod test { fn mnt6_schnorr_test() { let rng = &mut thread_rng(); let samples = 100; - for _ in 0..samples{ + for _ in 0..samples { let f: MNT6Fr = rng.gen(); let g: MNT6Fr = rng.gen(); - sign_and_verify::(rng,f); + sign_and_verify::(rng, f); failed_verification::(rng, f, g); } } -} \ No newline at end of file +} diff --git a/primitives/src/signature/schnorr/mod.rs b/primitives/src/signature/schnorr/mod.rs index 5ccbab92a..e4c75b52d 100644 --- a/primitives/src/signature/schnorr/mod.rs +++ b/primitives/src/signature/schnorr/mod.rs @@ -1,4 +1,4 @@ -use crate::{Error, SignatureScheme, bytes_to_bits}; +use crate::{bytes_to_bits, Error, SignatureScheme}; use algebra::{ bytes::ToBytes, fields::{Field, PrimeField}, @@ -7,19 +7,18 @@ use algebra::{ }; use digest::Digest; use rand::Rng; +use serde::{Deserialize, Serialize}; use std::{ hash::Hash, io::{Result as IoResult, Write}, marker::PhantomData, }; -use serde::{Serialize, Deserialize}; pub mod field_based_schnorr; - pub struct SchnorrSignature { _group: PhantomData, - _hash: PhantomData, + _hash: PhantomData, } #[derive(Derivative)] @@ -29,9 +28,9 @@ pub struct SchnorrSignature { #[serde(bound(deserialize = "G: Group, H: Digest"))] pub struct SchnorrSigParameters { #[serde(skip)] - _hash: PhantomData, + _hash: PhantomData, pub generator: G, - pub salt: [u8; 32], + pub salt: [u8; 32], } pub type SchnorrPublicKey = G; @@ -57,13 +56,13 @@ impl ToBytes for SchnorrSecretKey { #[serde(bound(serialize = "G: Group"))] #[serde(bound(deserialize = "G: Group"))] pub struct SchnorrSig { - pub prover_response: G::ScalarField, + pub prover_response: G::ScalarField, pub verifier_challenge: G::ScalarField, } impl SignatureScheme for SchnorrSignature - where - G::ScalarField: PrimeField, +where + G::ScalarField: PrimeField, { type Parameters = SchnorrSigParameters; type PublicKey = G; @@ -121,7 +120,7 @@ impl SignatureScheme for SchnorrSignat // Compute the supposed verifier response: e := H(salt || r || msg); if let Some(verifier_challenge) = - ::from_random_bytes(&D::digest(&hash_input)) + ::from_random_bytes(&D::digest(&hash_input)) { break (random_scalar, verifier_challenge); }; @@ -160,7 +159,7 @@ impl SignatureScheme for SchnorrSignat hash_input.extend_from_slice(&message); let obtained_verifier_challenge = if let Some(obtained_verifier_challenge) = - ::from_random_bytes(&D::digest(&hash_input)) + ::from_random_bytes(&D::digest(&hash_input)) { obtained_verifier_challenge } else { @@ -213,7 +212,7 @@ impl SignatureScheme for SchnorrSignat } let new_sig = SchnorrSig { - prover_response: *prover_response - &(*verifier_challenge * &multiplier), + prover_response: *prover_response - &(*verifier_challenge * &multiplier), verifier_challenge: *verifier_challenge, }; end_timer!(rand_signature_time); @@ -222,7 +221,7 @@ impl SignatureScheme for SchnorrSignat } impl, D: Digest> -ToConstraintField for SchnorrSigParameters + ToConstraintField for SchnorrSigParameters { #[inline] fn to_field_elements(&self) -> Result, Error> { @@ -282,4 +281,4 @@ mod test { &random_scalar.as_slice(), ); } -} \ No newline at end of file +} diff --git a/primitives/src/vrf/ecvrf/mod.rs b/primitives/src/vrf/ecvrf/mod.rs index 423899cd3..e7c93e7c9 100644 --- a/primitives/src/vrf/ecvrf/mod.rs +++ b/primitives/src/vrf/ecvrf/mod.rs @@ -1,46 +1,44 @@ -use algebra::{Field, PrimeField, convert, leading_zeros, Group, AffineCurve, - ProjectiveCurve, ToBytes, to_bytes, ToBits, UniformRand, ToConstraintField, FromBytes, - FromBytesChecked, SemanticallyValid, serialize::*, +use crate::{ + compute_truncation_size, + crh::{FieldBasedHash, FixedLengthCRH}, + vrf::FieldBasedVrf, + CryptoError, Error, +}; +use algebra::{ + convert, leading_zeros, serialize::*, to_bytes, AffineCurve, Field, FromBytes, + FromBytesChecked, Group, PrimeField, ProjectiveCurve, SemanticallyValid, ToBits, ToBytes, + ToConstraintField, UniformRand, }; -use crate::{crh::{ - FieldBasedHash, FixedLengthCRH, -}, vrf::FieldBasedVrf, Error, CryptoError, compute_truncation_size}; -use std::marker::PhantomData; -use rand::Rng; -use std::io::{self, Read, Result as IoResult, Write, Error as IoError, ErrorKind}; use rand::distributions::{Distribution, Standard}; -use serde::{Serialize, Deserialize}; +use rand::Rng; +use serde::{Deserialize, Serialize}; +use std::io::{self, Error as IoError, ErrorKind, Read, Result as IoResult, Write}; +use std::marker::PhantomData; -pub struct FieldBasedEcVrf< - F: PrimeField, - G: Group, - FH: FieldBasedHash, - GH: FixedLengthCRH, -> -{ - _field: PhantomData, - _group: PhantomData, - _field_hash: PhantomData, - _group_hash: PhantomData, +pub struct FieldBasedEcVrf { + _field: PhantomData, + _group: PhantomData, + _field_hash: PhantomData, + _group_hash: PhantomData, } #[derive(Derivative)] #[derivative( -Copy(bound = "F: PrimeField, G: ProjectiveCurve"), -Clone(bound = "F: PrimeField, G: ProjectiveCurve"), -Default(bound = "F: PrimeField, G: ProjectiveCurve"), -Eq(bound = "F: PrimeField, G: ProjectiveCurve"), -PartialEq(bound = "F: PrimeField, G: ProjectiveCurve"), -Debug(bound = "F: PrimeField, G: ProjectiveCurve") + Copy(bound = "F: PrimeField, G: ProjectiveCurve"), + Clone(bound = "F: PrimeField, G: ProjectiveCurve"), + Default(bound = "F: PrimeField, G: ProjectiveCurve"), + Eq(bound = "F: PrimeField, G: ProjectiveCurve"), + PartialEq(bound = "F: PrimeField, G: ProjectiveCurve"), + Debug(bound = "F: PrimeField, G: ProjectiveCurve") )] #[derive(Serialize, Deserialize)] #[serde(bound(serialize = "F: PrimeField, G: ProjectiveCurve"))] #[serde(bound(deserialize = "F: PrimeField, G: ProjectiveCurve"))] #[derive(CanonicalSerialize, CanonicalDeserialize)] pub struct FieldBasedEcVrfProof { - pub gamma: G, - pub c: F, - pub s: F, + pub gamma: G, + pub c: F, + pub s: F, } impl ToBytes for FieldBasedEcVrfProof { @@ -56,73 +54,111 @@ impl FromBytes for FieldBasedEcVrfProof let gamma = G::Affine::read(&mut reader)?; let c = F::read(&mut reader)?; let s = F::read(&mut reader)?; - Ok(Self{ gamma: gamma.into_projective(), c, s }) + Ok(Self { + gamma: gamma.into_projective(), + c, + s, + }) } } impl FromBytesChecked for FieldBasedEcVrfProof { fn read_checked(mut reader: R) -> IoResult { let gamma = G::Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid proof.gamma: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid proof.gamma: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid proof.gamma: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid proof.gamma: point at infinity", + )); + } Ok(p) })?; let c = F::read_checked(&mut reader) - .map_err(|err| io::Error::new(io::ErrorKind::InvalidData, format!("invalid proof.c: {}", err))) + .map_err(|err| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid proof.c: {}", err), + ) + }) .and_then(|c| { let c_bits = c.write_bits(); let c_leading_zeros = leading_zeros(c_bits.as_slice()) as usize; if (F::size_in_bits() - c_leading_zeros) >= G::ScalarField::size_in_bits() { - return Err(io::Error::new(io::ErrorKind::InvalidData, format!("Invalid bit-length for proof.c: {}", c_bits.len() - c_leading_zeros))) + return Err(io::Error::new( + io::ErrorKind::InvalidData, + format!( + "Invalid bit-length for proof.c: {}", + c_bits.len() - c_leading_zeros + ), + )); } Ok(c) })?; let s = F::read_checked(&mut reader) - .map_err(|err| io::Error::new(io::ErrorKind::InvalidData, format!("invalid proof.s: {}", err))) + .map_err(|err| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid proof.s: {}", err), + ) + }) .and_then(|s| { let s_bits = s.write_bits(); let s_leading_zeros = leading_zeros(s_bits.as_slice()) as usize; - if (G::ScalarField::size_in_bits() - s_leading_zeros) >= F::size_in_bits(){ - return Err(io::Error::new(io::ErrorKind::InvalidData, format!("Invalid bit-length for proof.s: {}", s_bits.len() - s_leading_zeros))) + if (G::ScalarField::size_in_bits() - s_leading_zeros) >= F::size_in_bits() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + format!( + "Invalid bit-length for proof.s: {}", + s_bits.len() - s_leading_zeros + ), + )); } Ok(s) })?; - Ok(Self{ gamma: gamma.into_projective(), c, s }) + Ok(Self { + gamma: gamma.into_projective(), + c, + s, + }) } } impl SemanticallyValid for FieldBasedEcVrfProof { fn is_valid(&self) -> bool { - ( self.gamma.is_valid() && !self.gamma.is_zero() ) - && - self.c.is_valid() && - { - //Checks c had proper bit-length when converted into a G::ScalarField element - let c_bits = self.c.write_bits(); - let c_leading_zeros = leading_zeros(c_bits.as_slice()) as usize; - F::size_in_bits() - c_leading_zeros < G::ScalarField::size_in_bits() - } - && - self.s.is_valid() && - { - //Checks s had proper bit-length when converted into a F element - let s_bits = self.s.write_bits(); - let s_leading_zeros = leading_zeros(s_bits.as_slice()) as usize; - G::ScalarField::size_in_bits() - s_leading_zeros < F::size_in_bits() - } + (self.gamma.is_valid() && !self.gamma.is_zero()) + && self.c.is_valid() + && { + //Checks c had proper bit-length when converted into a G::ScalarField element + let c_bits = self.c.write_bits(); + let c_leading_zeros = leading_zeros(c_bits.as_slice()) as usize; + F::size_in_bits() - c_leading_zeros < G::ScalarField::size_in_bits() + } + && self.s.is_valid() + && { + //Checks s had proper bit-length when converted into a F element + let s_bits = self.s.write_bits(); + let s_leading_zeros = leading_zeros(s_bits.as_slice()) as usize; + G::ScalarField::size_in_bits() - s_leading_zeros < F::size_in_bits() + } } } #[derive(Derivative)] #[derivative( -Copy(bound = "G: Group"), -Clone(bound = "G: Group"), -Default(bound = "G: Group"), -Hash(bound = "G: Group"), -Eq(bound = "G: Group"), -PartialEq(bound = "G: Group"), -Debug(bound = "G: Group"), + Copy(bound = "G: Group"), + Clone(bound = "G: Group"), + Default(bound = "G: Group"), + Hash(bound = "G: Group"), + Eq(bound = "G: Group"), + PartialEq(bound = "G: Group"), + Debug(bound = "G: Group") )] #[derive(Serialize, Deserialize)] #[serde(bound(serialize = "G: Group"))] @@ -147,7 +183,7 @@ impl ToBytes for FieldBasedEcVrfPk { impl FromBytes for FieldBasedEcVrfPk { fn read(mut reader: R) -> IoResult { let pk = G::read(&mut reader)?; - Ok( Self(pk) ) + Ok(Self(pk)) } } @@ -156,10 +192,15 @@ impl FromBytesChecked for FieldBasedEcVrfPk { let pk = G::read_checked(&mut reader) .map_err(|e| IoError::new(ErrorKind::InvalidData, format!("invalid ecvrf pk: {}", e))) .and_then(|p| { - if p.is_zero() { return Err(IoError::new(ErrorKind::InvalidData, "invalid ecvrf pk: point at infinity")); } + if p.is_zero() { + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid ecvrf pk: point at infinity", + )); + } Ok(p) })?; - Ok( Self(pk) ) + Ok(Self(pk)) } } @@ -178,11 +219,11 @@ impl SemanticallyValid for FieldBasedEcVrfPk { // input validity check. It's responsibility of the caller to do so, through keyverify() // function for the PublicKey, read() or is_valid() functions for FieldBasedEcVrfProof. impl FieldBasedVrf for FieldBasedEcVrf - where - F: PrimeField, - G: ProjectiveCurve + ToConstraintField, - FH: FieldBasedHash, - GH: FixedLengthCRH, +where + F: PrimeField, + G: ProjectiveCurve + ToConstraintField, + FH: FieldBasedHash, + GH: FixedLengthCRH, { type Data = FH::Data; type PublicKey = FieldBasedEcVrfPk; @@ -190,16 +231,16 @@ impl FieldBasedVrf for FieldBasedEcVrf type Proof = FieldBasedEcVrfProof; type GHParams = GH::Parameters; - fn keygen(rng: &mut R) -> (Self::PublicKey, Self::SecretKey) - { + fn keygen(rng: &mut R) -> (Self::PublicKey, Self::SecretKey) { let secret_key = loop { let r = G::ScalarField::rand(rng); // Reject sk = 0 to avoid generating obviously weak keypair. See keyverify() function // for additional explanations. - if !r.is_zero() { break(r) } + if !r.is_zero() { + break (r); + } }; - let public_key = G::prime_subgroup_generator() - .mul(&secret_key); + let public_key = G::prime_subgroup_generator().mul(&secret_key); (FieldBasedEcVrfPk(public_key), secret_key) } @@ -208,15 +249,15 @@ impl FieldBasedVrf for FieldBasedEcVrf } fn prove( - rng: &mut R, + rng: &mut R, group_hash_params: &Self::GHParams, - pk: &Self::PublicKey, - sk: &Self::SecretKey, - message: Self::Data, - )-> Result - { + pk: &Self::PublicKey, + sk: &Self::SecretKey, + message: Self::Data, + ) -> Result { //Compute mh = hash_to_curve(message) - let message_on_curve = GH::evaluate(group_hash_params, to_bytes!(&message).unwrap().as_slice())?; + let message_on_curve = + GH::evaluate(group_hash_params, to_bytes!(&message).unwrap().as_slice())?; //Compute gamma = message_on_curve^sk let gamma = message_on_curve.mul(sk); @@ -232,7 +273,6 @@ impl FieldBasedVrf for FieldBasedEcVrf ); let (c, s) = loop { - //Choose random scalar let r = G::ScalarField::rand(rng); @@ -257,7 +297,9 @@ impl FieldBasedVrf for FieldBasedEcVrf let c_leading_zeros = leading_zeros(c_bits.as_slice()) as usize; //Enforce c bit length is strictly smaller than G::ScalarField modulus bit length - if c_leading_zeros < required_leading_zeros_c {continue}; + if c_leading_zeros < required_leading_zeros_c { + continue; + }; let c_conv = convert::(c_bits)?; @@ -266,26 +308,27 @@ impl FieldBasedVrf for FieldBasedEcVrf let s_bits = s.write_bits(); let s_leading_zeros = leading_zeros(s_bits.as_slice()) as usize; - if s_leading_zeros < required_leading_zeros_s {continue}; + if s_leading_zeros < required_leading_zeros_s { + continue; + }; let s_conv = convert::(s_bits)?; - break (c, s_conv) + break (c, s_conv); }; - Ok(FieldBasedEcVrfProof {gamma, c, s}) + Ok(FieldBasedEcVrfProof { gamma, c, s }) } fn proof_to_hash( group_hash_params: &Self::GHParams, - pk: &Self::PublicKey, - message: Self::Data, - proof: &Self::Proof - ) - -> Result - { + pk: &Self::PublicKey, + message: Self::Data, + proof: &Self::Proof, + ) -> Result { //Compute mh = hash_to_curve(message) - let message_on_curve = GH::evaluate(group_hash_params, to_bytes!(&message).unwrap().as_slice())?; + let message_on_curve = + GH::evaluate(group_hash_params, to_bytes!(&message).unwrap().as_slice())?; let c_bits = proof.c.write_bits(); let s_bits = proof.s.write_bits(); @@ -320,7 +363,9 @@ impl FieldBasedVrf for FieldBasedEcVrf let output = { let mut digest = FH::init_constant_length(3, None); digest.update(message); - gamma_coords.into_iter().for_each(|c| { digest.update(c); }); + gamma_coords.into_iter().for_each(|c| { + digest.update(c); + }); digest.finalize() }?; @@ -330,35 +375,27 @@ impl FieldBasedVrf for FieldBasedEcVrf } } - fn keyverify( - pk: &Self::PublicKey, - ) -> bool { pk.is_valid() } + fn keyverify(pk: &Self::PublicKey) -> bool { + pk.is_valid() + } } #[cfg(test)] mod test { - use algebra::curves::{ - mnt4753::G1Projective as MNT4G1Projective, - mnt6753::G1Projective as MNT6G1Projective, - }; - use algebra::fields::{ - mnt4753::Fr as MNT4Fr, - mnt6753::Fr as MNT6Fr, - }; - use algebra::{ToBytes, FromBytes, FromBytesChecked, SemanticallyValid, to_bytes}; use crate::{ crh::{ - MNT4PoseidonHash, MNT6PoseidonHash, - bowe_hopwood::BoweHopwoodPedersenCRH, - pedersen::PedersenWindow, - }, - vrf::{ - FieldBasedVrf, - ecvrf::FieldBasedEcVrf, + bowe_hopwood::BoweHopwoodPedersenCRH, pedersen::PedersenWindow, MNT4PoseidonHash, + MNT6PoseidonHash, }, - FixedLengthCRH + vrf::{ecvrf::FieldBasedEcVrf, FieldBasedVrf}, + FixedLengthCRH, }; - use rand::{Rng, thread_rng}; + use algebra::curves::{ + mnt4753::G1Projective as MNT4G1Projective, mnt6753::G1Projective as MNT6G1Projective, + }; + use algebra::fields::{mnt4753::Fr as MNT4Fr, mnt6753::Fr as MNT6Fr}; + use algebra::{to_bytes, FromBytes, FromBytesChecked, SemanticallyValid, ToBytes}; + use rand::{thread_rng, Rng}; #[derive(Clone)] struct TestWindow {} @@ -383,7 +420,12 @@ mod test { assert!(S::proof_to_hash(pp, &pk, message, &proof).is_ok()); } - fn failed_verification(rng: &mut R, message: S::Data, bad_message: S::Data, pp: &S::GHParams) { + fn failed_verification( + rng: &mut R, + message: S::Data, + bad_message: S::Data, + pp: &S::GHParams, + ) { let (pk, sk) = S::keygen(rng); assert!(S::keyverify(&pk)); assert_eq!(pk, S::get_public_key(&sk)); @@ -401,13 +443,18 @@ mod test { assert!(S::proof_to_hash(pp, &new_pk, message, &proof).is_err()); } - fn serialize_deserialize(rng: &mut R, message: S::Data, pp: &S::GHParams) { + fn serialize_deserialize( + rng: &mut R, + message: S::Data, + pp: &S::GHParams, + ) { let (pk, sk) = S::keygen(rng); let proof = S::prove(rng, pp, &pk, &sk, message).unwrap(); let proof_serialized = to_bytes!(proof).unwrap(); - let proof_deserialized = ::Proof::read(proof_serialized.as_slice()).unwrap(); + let proof_deserialized = + ::Proof::read(proof_serialized.as_slice()).unwrap(); assert_eq!(proof, proof_deserialized); assert!(::Proof::read_checked(proof_serialized.as_slice()).is_ok()); assert!(S::proof_to_hash(pp, &pk, message, &proof_deserialized).is_ok()); @@ -440,4 +487,4 @@ mod test { serialize_deserialize::(rng, f, &pp); } } -} \ No newline at end of file +} diff --git a/primitives/src/vrf/mod.rs b/primitives/src/vrf/mod.rs index d80a7e30f..9d366a947 100644 --- a/primitives/src/vrf/mod.rs +++ b/primitives/src/vrf/mod.rs @@ -1,47 +1,63 @@ -use algebra::{Field, ToBytes, FromBytes, FromBytesChecked, SemanticallyValid, UniformRand}; -use rand::Rng; -use std::{hash::Hash, fmt::Debug}; use crate::Error; -use serde::{Serialize, Deserialize}; +use algebra::{Field, FromBytes, FromBytesChecked, SemanticallyValid, ToBytes, UniformRand}; +use rand::Rng; +use serde::{Deserialize, Serialize}; +use std::{fmt::Debug, hash::Hash}; pub mod ecvrf; pub trait FieldBasedVrf { type Data: Field; - type PublicKey: FromBytes + FromBytesChecked + ToBytes + Hash + Eq + Copy + - Clone + Default + Debug + Send + Sync + UniformRand - + Serialize + for<'a> Deserialize<'a>; + type PublicKey: FromBytes + + FromBytesChecked + + ToBytes + + Hash + + Eq + + Copy + + Clone + + Default + + Debug + + Send + + Sync + + UniformRand + + Serialize + + for<'a> Deserialize<'a>; type SecretKey: ToBytes + Clone + Default + Serialize + for<'a> Deserialize<'a>; - type Proof: Copy + Clone + Default + Send + Sync + Debug + Eq + PartialEq + ToBytes - + FromBytes + FromBytesChecked + SemanticallyValid - + Serialize + for<'a> Deserialize<'a>; + type Proof: Copy + + Clone + + Default + + Send + + Sync + + Debug + + Eq + + PartialEq + + ToBytes + + FromBytes + + FromBytesChecked + + SemanticallyValid + + Serialize + + for<'a> Deserialize<'a>; type GHParams: Clone + Default; - fn keygen( - rng: &mut R, - ) -> (Self::PublicKey, Self::SecretKey); + fn keygen(rng: &mut R) -> (Self::PublicKey, Self::SecretKey); - fn get_public_key( - sk: &Self::SecretKey - ) -> Self::PublicKey; + fn get_public_key(sk: &Self::SecretKey) -> Self::PublicKey; - fn prove - ( - rng: &mut R, - pp: &Self::GHParams, - pk: &Self::PublicKey, - sk: &Self::SecretKey, + fn prove( + rng: &mut R, + pp: &Self::GHParams, + pk: &Self::PublicKey, + sk: &Self::SecretKey, message: Self::Data, ) -> Result; // Verifies the VRF proof and returns the VRF output - fn proof_to_hash - ( - pp: &Self::GHParams, - pk: &Self::PublicKey, + fn proof_to_hash( + pp: &Self::GHParams, + pk: &Self::PublicKey, message: Self::Data, - proof: &Self::Proof, + proof: &Self::Proof, ) -> Result; fn keyverify(pk: &Self::PublicKey) -> bool; -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/accumulators/dlog.rs b/proof-systems/src/darlin/accumulators/dlog.rs index ffdb382b5..b6b3cba21 100644 --- a/proof-systems/src/darlin/accumulators/dlog.rs +++ b/proof-systems/src/darlin/accumulators/dlog.rs @@ -1,38 +1,38 @@ //! Halo's amortization strategy for the hard parts of the dlog/IPA commitment scheme //! as separate public aggregation/accumulation scheme according to [BCMS20](https://eprint.iacr.org/2020/499). -//! The hard part consists of checking that the final committer key G_f (after all the +//! The hard part consists of checking that the final committer key G_f (after all the //! reduction steps) is the polynomial commitment of the succinct 'reduction polynomial' //! h(X) = (1 + xi_d * X^1)*(1 + xi_{d-1} * X^2) * ... (1 + xi_{1}*X^{2^d}), //! where the xi_1,...,xi_d are the challenges of the dlog reduction. -use algebra::{SemanticallyValid, Field, AffineCurve, ProjectiveCurve, ToBytes, to_bytes, UniformRand, serialize::*}; +use crate::darlin::accumulators::{AccumulationProof, ItemAccumulator}; use algebra::polynomial::DensePolynomial as Polynomial; -use poly_commit::{ipa_pc::{ - InnerProductArgPC, - Commitment, - VerifierKey, CommitterKey, - SuccinctCheckPolynomial, -}, fiat_shamir_rng::{FiatShamirRng, FiatShamirRngSeed}, LabeledCommitment, Error, PolynomialCommitment, DomainExtendedCommitment, DomainExtendedPolynomialCommitment}; -use crate::darlin::accumulators::{ - ItemAccumulator, AccumulationProof, +use algebra::{ + serialize::*, to_bytes, AffineCurve, Field, ProjectiveCurve, SemanticallyValid, ToBytes, + UniformRand, }; -use rayon::prelude::*; -use rand::RngCore; use digest::Digest; +use poly_commit::{ + fiat_shamir_rng::{FiatShamirRng, FiatShamirRngSeed}, + ipa_pc::{Commitment, CommitterKey, InnerProductArgPC, SuccinctCheckPolynomial, VerifierKey}, + DomainExtendedCommitment, DomainExtendedPolynomialCommitment, Error, LabeledCommitment, + PolynomialCommitment, +}; +use rand::RngCore; +use rayon::prelude::*; use std::marker::PhantomData; /// This implements the public aggregator for the IPA/DLOG commitment scheme. #[derive(Clone, Debug, Eq, PartialEq)] pub struct DLogItem { /// Final committer key after the DLOG reduction. - pub(crate) g_final: DomainExtendedCommitment>, + pub(crate) g_final: DomainExtendedCommitment>, /// Challenges of the DLOG reduction. - pub(crate) xi_s: SuccinctCheckPolynomial, + pub(crate) xi_s: SuccinctCheckPolynomial, } impl CanonicalSerialize for DLogItem { fn serialize(&self, mut writer: W) -> Result<(), SerializationError> { - // GFinal will always be 1 segment and without any shift CanonicalSerialize::serialize(&self.g_final.items[0], &mut writer)?; @@ -40,18 +40,19 @@ impl CanonicalSerialize for DLogItem { } fn serialized_size(&self) -> usize { - self.g_final.items[0].serialized_size() + self.xi_s.serialized_size() } - fn serialize_without_metadata(&self, mut writer: W) -> Result<(), SerializationError> { + fn serialize_without_metadata( + &self, + mut writer: W, + ) -> Result<(), SerializationError> { CanonicalSerialize::serialize_without_metadata(&self.g_final.items[0], &mut writer)?; CanonicalSerialize::serialize_without_metadata(&self.xi_s, &mut writer) } fn serialize_uncompressed(&self, mut writer: W) -> Result<(), SerializationError> { - // GFinal will always be 1 segment and without any shift CanonicalSerialize::serialize_uncompressed(&self.g_final.items[0], &mut writer)?; @@ -59,78 +60,64 @@ impl CanonicalSerialize for DLogItem { } fn uncompressed_size(&self) -> usize { - self.g_final.items[0].uncompressed_size() + self.xi_s.uncompressed_size() } - } impl CanonicalDeserialize for DLogItem { - fn deserialize(mut reader: R) -> Result - { + fn deserialize(mut reader: R) -> Result { // GFinal will always be 1 segment and without any shift - let g_final = DomainExtendedCommitment::new( - vec![CanonicalDeserialize::deserialize(&mut reader)?] - ); + let g_final = + DomainExtendedCommitment::new(vec![CanonicalDeserialize::deserialize(&mut reader)?]); let xi_s = CanonicalDeserialize::deserialize(&mut reader)?; - Ok(Self { - g_final, - xi_s - }) + Ok(Self { g_final, xi_s }) } fn deserialize_unchecked(mut reader: R) -> Result { // GFinal will always be 1 segment and without any shift - let g_final = DomainExtendedCommitment::new( - vec![CanonicalDeserialize::deserialize_unchecked(&mut reader)?] - ); + let g_final = + DomainExtendedCommitment::new(vec![CanonicalDeserialize::deserialize_unchecked( + &mut reader, + )?]); let xi_s = CanonicalDeserialize::deserialize_unchecked(&mut reader)?; - Ok(Self { - g_final, - xi_s - }) + Ok(Self { g_final, xi_s }) } #[inline] fn deserialize_uncompressed(mut reader: R) -> Result { // GFinal will always be 1 segment and without any shift - let g_final = DomainExtendedCommitment::new( - vec![CanonicalDeserialize::deserialize_uncompressed(&mut reader)?] - ); + let g_final = + DomainExtendedCommitment::new(vec![CanonicalDeserialize::deserialize_uncompressed( + &mut reader, + )?]); let xi_s = CanonicalDeserialize::deserialize_uncompressed(&mut reader)?; - Ok(Self { - g_final, - xi_s - }) + Ok(Self { g_final, xi_s }) } #[inline] - fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + fn deserialize_uncompressed_unchecked( + mut reader: R, + ) -> Result { // GFinal will always be 1 segment and without any shift - let g_final = DomainExtendedCommitment::new( - vec![CanonicalDeserialize::deserialize_uncompressed_unchecked(&mut reader)?] - ); + let g_final = DomainExtendedCommitment::new(vec![ + CanonicalDeserialize::deserialize_uncompressed_unchecked(&mut reader)?, + ]); let xi_s = CanonicalDeserialize::deserialize_uncompressed_unchecked(&mut reader)?; - Ok(Self { - g_final, - xi_s - }) + Ok(Self { g_final, xi_s }) } } impl SemanticallyValid for DLogItem { fn is_valid(&self) -> bool { - self.g_final.is_valid() && - self.g_final.items.len() == 1 && - self.xi_s.0.is_valid() + self.g_final.is_valid() && self.g_final.items.len() == 1 && self.xi_s.0.is_valid() } } @@ -138,7 +125,7 @@ impl Default for DLogItem { fn default() -> Self { Self { g_final: DomainExtendedCommitment::>::default(), - xi_s: SuccinctCheckPolynomial(vec![]) + xi_s: SuccinctCheckPolynomial(vec![]), } } } @@ -148,37 +135,37 @@ impl ToBytes for DLogItem { use std::io::{Error, ErrorKind}; self.serialize_without_metadata(writer) - .map_err(|e| Error::new(ErrorKind::Other, format!{"{:?}", e})) + .map_err(|e| Error::new(ErrorKind::Other, format! {"{:?}", e})) } } pub struct DLogItemAccumulator { _digest: PhantomData, - _group: PhantomData, + _group: PhantomData, } impl DLogItemAccumulator { - /// The personalization string for this protocol. Used to personalize the /// Fiat-Shamir rng. pub const PROTOCOL_NAME: &'static [u8] = b"DL-ACC-2021"; - pub fn get_instance() -> Self - { - Self { _group: PhantomData, _digest: PhantomData } + pub fn get_instance() -> Self { + Self { + _group: PhantomData, + _digest: PhantomData, + } } /// This implementation handles the succinct verification of an aggregation proof - /// for dlog "items". - /// Recall that in the special situation of dlog items, the accumulated item - /// is part of the proof itself. However, as we use size-optimized proofs, the + /// for dlog "items". + /// Recall that in the special situation of dlog items, the accumulated item + /// is part of the proof itself. However, as we use size-optimized proofs, the /// xi_s are recomputed from the proof and returned by the verifier (if successful). pub fn succinct_verify_accumulated_items( - vk: &VerifierKey, + vk: &VerifierKey, previous_accumulators: Vec>, - proof: &AccumulationProof, - ) -> Result>, Error> - { + proof: &AccumulationProof, + ) -> Result>, Error> { let succinct_time = start_timer!(|| "Succinct verify accumulate"); let poly_time = start_timer!(|| "Compute Bullet Polys evaluations"); @@ -195,7 +182,10 @@ impl DLogItemAccumulator { seed_builder.add_bytes(&previous_accumulators)?; seed_builder.finalize() }; - let mut fs_rng = as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_init_seed); + let mut fs_rng = + as PolynomialCommitment>::RandomOracle::from_seed( + fs_rng_init_seed, + ); // Sample a new challenge z let z = fs_rng.squeeze_128_bits_challenge::(); @@ -209,35 +199,42 @@ impl DLogItemAccumulator { // Create a LabeledCommitment out of the g_final let labeled_comm = { - let comm = DomainExtendedCommitment::new( - final_comm_key, - ); - - LabeledCommitment::new( - format!("check_poly_{}", i), - comm, - ) + let comm = DomainExtendedCommitment::new(final_comm_key); + + LabeledCommitment::new(format!("check_poly_{}", i), comm) }; // Compute the expected value, i.e. the value of the reduction polynomial at z. let eval = xi_s.evaluate(z); (labeled_comm, eval) - }).collect::>(); + }) + .collect::>(); // Save the evaluations into a separate vec - let values = comms_values.iter().map(|(_, val)| val.clone()).collect::>(); + let values = comms_values + .iter() + .map(|(_, val)| val.clone()) + .collect::>(); // Save comms into a separate vector - let comms = comms_values.into_iter().map(|(comm, _)| comm).collect::>(); + let comms = comms_values + .into_iter() + .map(|(comm, _)| comm) + .collect::>(); end_timer!(poly_time); let check_time = start_timer!(|| "Succinct check IPA proof"); - fs_rng.absorb(&values.iter().flat_map(|val| to_bytes!(val).unwrap()).collect::>()); + fs_rng.absorb( + &values + .iter() + .flat_map(|val| to_bytes!(val).unwrap()) + .collect::>(), + ); - // Succinctly verify the dlog opening proof, + // Succinctly verify the dlog opening proof, // and get the new reduction polynomial (the new xi's). let verifier_state = DomainExtendedPolynomialCommitment::>::succinct_single_point_multi_poly_verify( vk, comms.iter(), z, values, &proof.pc_proof, &mut fs_rng @@ -252,10 +249,10 @@ impl DLogItemAccumulator { if verifier_state.is_some() { let verifier_state = verifier_state.unwrap(); - Ok(Some(DLogItem::{ - g_final: DomainExtendedCommitment::>::new( - vec![ Commitment:: { comm: verifier_state.final_comm_key.clone() } ] - ), + Ok(Some(DLogItem:: { + g_final: DomainExtendedCommitment::>::new(vec![Commitment:: { + comm: verifier_state.final_comm_key.clone(), + }]), xi_s: verifier_state.check_poly.clone(), })) } else { @@ -275,13 +272,19 @@ impl ItemAccumulator for DLogItemAccumulato fn check_items( vk: &Self::AccumulatorVerifierKey, accumulators: &[Self::Item], - rng: &mut R - ) -> Result - { + rng: &mut R, + ) -> Result { let check_time = start_timer!(|| "Check accumulators"); - let final_comm_keys = accumulators.iter().flat_map(|acc| acc.g_final.items.clone()).map(|commitment| commitment.comm).collect::>(); - let xi_s_vec = accumulators.iter().map(|acc| acc.xi_s.clone()).collect::>(); + let final_comm_keys = accumulators + .iter() + .flat_map(|acc| acc.g_final.items.clone()) + .map(|commitment| commitment.comm) + .collect::>(); + let xi_s_vec = accumulators + .iter() + .map(|acc| acc.xi_s.clone()) + .collect::>(); let batching_time = start_timer!(|| "Combine check polynomials and final comm keys"); @@ -303,7 +306,11 @@ impl ItemAccumulator for DLogItemAccumulato .zip(xi_s_vec) .map(|(&chal, xi_s)| { Polynomial::from_coefficients_vec(xi_s.compute_scaled_coeffs(-chal)) - }).reduce(|| Polynomial::zero(), |acc, scaled_poly| &acc + &scaled_poly); + }) + .reduce( + || Polynomial::zero(), + |acc, scaled_poly| &acc + &scaled_poly, + ); end_timer!(batching_time); // The dlog "hard part", checking that G_bar = sum_k lambda^k * G_f[k] == Comm(h_bar(X)) @@ -317,10 +324,15 @@ impl ItemAccumulator for DLogItemAccumulato // the bases in order to be as big as the scalars vector, so no need to explicitly // trim the vk here. &[final_comm_keys.as_slice(), vk.comm_key.as_slice()].concat(), - &[batching_chal_pows.as_slice(), combined_check_poly.coeffs.as_slice()].concat(), + &[ + batching_chal_pows.as_slice(), + combined_check_poly.coeffs.as_slice(), + ] + .concat(), None, None, - ).map_err(|e| Error::IncorrectInputLength(e.to_string()))?; + ) + .map_err(|e| Error::IncorrectInputLength(e.to_string()))?; end_timer!(hard_time); if !ProjectiveCurve::is_zero(&final_val) { @@ -331,17 +343,16 @@ impl ItemAccumulator for DLogItemAccumulato Ok(true) } - /// Accumulate dlog "items" via the dlog amortization strategy: - /// The given dlog items are challenged at a random query point and compared against - /// the expected value. The item returned is a just the default dlog item to be discarded, - /// the new "aggregated" dlog item is part of the aggregation proof itself. - /// However, we do not explicitly provide the reduction challenges (the xi's) as they can + /// Accumulate dlog "items" via the dlog amortization strategy: + /// The given dlog items are challenged at a random query point and compared against + /// the expected value. The item returned is a just the default dlog item to be discarded, + /// the new "aggregated" dlog item is part of the aggregation proof itself. + /// However, we do not explicitly provide the reduction challenges (the xi's) as they can /// be reconstructed from the proof. fn accumulate_items( ck: &Self::AccumulatorProverKey, accumulators: Vec, - ) -> Result<(Self::Item, Self::AccumulationProof), Error> - { + ) -> Result<(Self::Item, Self::AccumulationProof), Error> { let accumulate_time = start_timer!(|| "Accumulate"); // Initialize Fiat-Shamir rng @@ -353,30 +364,31 @@ impl ItemAccumulator for DLogItemAccumulato seed_builder.add_bytes(&accumulators)?; seed_builder.finalize() }; - let mut fs_rng = as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_init_seed); + let mut fs_rng = + as PolynomialCommitment>::RandomOracle::from_seed( + fs_rng_init_seed, + ); // Sample a new challenge z let z = fs_rng.squeeze_128_bits_challenge::(); // Collect xi_s from the accumulators - let xi_s = accumulators.into_iter().map(|acc| { - acc.xi_s - }).collect::>(); + let xi_s = accumulators + .into_iter() + .map(|acc| acc.xi_s) + .collect::>(); let poly_time = start_timer!(|| "Open Bullet Polys"); - // Compute multi-poly single-point opening proof for the G_f's, i.e. + // Compute multi-poly single-point opening proof for the G_f's, i.e. // the commitments of the item polys. - let opening_proof = InnerProductArgPC::::open_reduction_polynomials( - &ck, - xi_s.iter(), - z, - &mut fs_rng - ).map_err(|e| { - end_timer!(poly_time); - end_timer!(accumulate_time); - e - })?; + let opening_proof = + InnerProductArgPC::::open_reduction_polynomials(&ck, xi_s.iter(), z, &mut fs_rng) + .map_err(|e| { + end_timer!(poly_time); + end_timer!(accumulate_time); + e + })?; end_timer!(poly_time); @@ -387,7 +399,7 @@ impl ItemAccumulator for DLogItemAccumulato let mut accumulation_proof = AccumulationProof::::default(); // We consider the items to be accumulated as common inputs (of - // the protocol), and the challenge z can be reconstructed from them, + // the protocol), and the challenge z can be reconstructed from them, // hence the accumulation proof consists only of the dlog opening proof. accumulation_proof.pc_proof = opening_proof; @@ -396,16 +408,15 @@ impl ItemAccumulator for DLogItemAccumulato Ok((accumulator, accumulation_proof)) } - /// Full verification of an aggregation proof for dlog "items". + /// Full verification of an aggregation proof for dlog "items". /// Calls the succinct verifier and then does the remaining check of the aggregated item. fn verify_accumulated_items( _current_acc: &Self::Item, vk: &Self::AccumulatorVerifierKey, previous_accumulators: Vec, proof: &Self::AccumulationProof, - rng: &mut R - ) -> Result - { + rng: &mut R, + ) -> Result { let check_acc_time = start_timer!(|| "Verify Accumulation"); // Succinct part: verify the "easy" part of the aggregation proof @@ -416,17 +427,16 @@ impl ItemAccumulator for DLogItemAccumulato })?; if new_acc.is_none() { end_timer!(check_acc_time); - return Ok(false) + return Ok(false); } // Verify the aggregated accumulator let hard_time = start_timer!(|| "DLOG hard part"); - let result = Self::check_items::(vk, &vec![new_acc.unwrap()], rng) - .map_err(|e| { - end_timer!(hard_time); - end_timer!(check_acc_time); - e - })?; + let result = Self::check_items::(vk, &vec![new_acc.unwrap()], rng).map_err(|e| { + end_timer!(hard_time); + end_timer!(check_acc_time); + e + })?; end_timer!(hard_time); end_timer!(check_acc_time); @@ -447,27 +457,29 @@ impl ToBytes for DualDLogItem { fn write(&self, mut writer: W) -> std::io::Result<()> { use std::io::{Error, ErrorKind}; - self.0.serialize_without_metadata(&mut writer) - .map_err(|e| Error::new(ErrorKind::Other, format!{"{:?}", e}))?; + self.0 + .serialize_without_metadata(&mut writer) + .map_err(|e| Error::new(ErrorKind::Other, format! {"{:?}", e}))?; - self.1.serialize_without_metadata(writer) - .map_err(|e| Error::new(ErrorKind::Other, format!{"{:?}", e})) + self.1 + .serialize_without_metadata(writer) + .map_err(|e| Error::new(ErrorKind::Other, format! {"{:?}", e})) } } pub struct DualDLogItemAccumulator<'a, G1: AffineCurve, G2: AffineCurve, D: Digest> { _lifetime: PhantomData<&'a ()>, - _group_1: PhantomData, - _group_2: PhantomData, - _digest: PhantomData, + _group_1: PhantomData, + _group_2: PhantomData, + _digest: PhantomData, } // Straight-forward generalization of the dlog item aggregation to DualDLogItem. impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> - where - G1: AffineCurve::ScalarField>, - G2: AffineCurve::ScalarField>, - D: Digest + 'static, +where + G1: AffineCurve::ScalarField>, + G2: AffineCurve::ScalarField>, + D: Digest + 'static, { type AccumulatorProverKey = (&'a CommitterKey, &'a CommitterKey); type AccumulatorVerifierKey = (&'a VerifierKey, &'a VerifierKey); @@ -477,17 +489,24 @@ impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> fn check_items( vk: &Self::AccumulatorVerifierKey, accumulators: &[Self::Item], - rng: &mut R - ) -> Result - { - let g1_accumulators = accumulators.iter().flat_map(|acc| { acc.0.clone() }).collect::>(); - if !DLogItemAccumulator::::check_items::(&vk.0, g1_accumulators.as_slice(), rng)? { - return Ok(false) + rng: &mut R, + ) -> Result { + let g1_accumulators = accumulators + .iter() + .flat_map(|acc| acc.0.clone()) + .collect::>(); + if !DLogItemAccumulator::::check_items::(&vk.0, g1_accumulators.as_slice(), rng)? + { + return Ok(false); } - let g2_accumulators = accumulators.iter().flat_map(|acc| { acc.1.clone() }).collect::>(); - if !DLogItemAccumulator::::check_items::(&vk.1, g2_accumulators.as_slice(), rng)? { - return Ok(false) + let g2_accumulators = accumulators + .iter() + .flat_map(|acc| acc.1.clone()) + .collect::>(); + if !DLogItemAccumulator::::check_items::(&vk.1, g2_accumulators.as_slice(), rng)? + { + return Ok(false); } Ok(true) @@ -496,15 +515,25 @@ impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> fn accumulate_items( ck: &Self::AccumulatorProverKey, accumulators: Vec, - ) -> Result<(Self::Item, Self::AccumulationProof), Error> - { - let g1_accumulators = accumulators.iter().flat_map(|acc| { acc.0.clone() }).collect::>(); - let (_, g1_acc_proof) = DLogItemAccumulator::::accumulate_items(&ck.0, g1_accumulators)?; - - let g2_accumulators = accumulators.into_iter().flat_map(|acc| { acc.1 }).collect::>(); - let (_, g2_acc_proof) = DLogItemAccumulator::::accumulate_items(&ck.1, g2_accumulators)?; - - let accumulator = DualDLogItem::(vec![DLogItem::::default()], vec![DLogItem::::default()]); + ) -> Result<(Self::Item, Self::AccumulationProof), Error> { + let g1_accumulators = accumulators + .iter() + .flat_map(|acc| acc.0.clone()) + .collect::>(); + let (_, g1_acc_proof) = + DLogItemAccumulator::::accumulate_items(&ck.0, g1_accumulators)?; + + let g2_accumulators = accumulators + .into_iter() + .flat_map(|acc| acc.1) + .collect::>(); + let (_, g2_acc_proof) = + DLogItemAccumulator::::accumulate_items(&ck.1, g2_accumulators)?; + + let accumulator = DualDLogItem::( + vec![DLogItem::::default()], + vec![DLogItem::::default()], + ); let accumulation_proof = (g1_acc_proof, g2_acc_proof); Ok((accumulator, accumulation_proof)) @@ -515,17 +544,34 @@ impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> vk: &Self::AccumulatorVerifierKey, previous_accumulators: Vec, proof: &Self::AccumulationProof, - rng: &mut R - ) -> Result - { - let g1_accumulators = previous_accumulators.iter().flat_map(|acc| { acc.0.clone() }).collect(); - if !DLogItemAccumulator::::verify_accumulated_items::(&DLogItem::::default(), &vk.0, g1_accumulators, &proof.0, rng)? { - return Ok(false) + rng: &mut R, + ) -> Result { + let g1_accumulators = previous_accumulators + .iter() + .flat_map(|acc| acc.0.clone()) + .collect(); + if !DLogItemAccumulator::::verify_accumulated_items::( + &DLogItem::::default(), + &vk.0, + g1_accumulators, + &proof.0, + rng, + )? { + return Ok(false); } - let g2_accumulators = previous_accumulators.into_iter().flat_map(|acc| { acc.1 }).collect(); - if !DLogItemAccumulator::::verify_accumulated_items::(&DLogItem::::default(), &vk.1, g2_accumulators, &proof.1, rng)? { - return Ok(false) + let g2_accumulators = previous_accumulators + .into_iter() + .flat_map(|acc| acc.1) + .collect(); + if !DLogItemAccumulator::::verify_accumulated_items::( + &DLogItem::::default(), + &vk.1, + g2_accumulators, + &proof.1, + rng, + )? { + return Ok(false); } Ok(true) @@ -535,21 +581,25 @@ impl<'a, G1, G2, D> ItemAccumulator for DualDLogItemAccumulator<'a, G1, G2, D> #[cfg(test)] mod test { use super::*; - use poly_commit::{QuerySet, Evaluations, LabeledPolynomial, ipa_pc::{ - Proof, Parameters, - }, PCParameters, PolynomialCommitment, DomainExtendedMultiPointProof}; + use poly_commit::{ + ipa_pc::{Parameters, Proof}, + DomainExtendedMultiPointProof, Evaluations, LabeledPolynomial, PCParameters, + PolynomialCommitment, QuerySet, + }; + use blake2::Blake2s; + use digest::Digest; use rand::{distributions::Distribution, thread_rng, Rng}; use std::marker::PhantomData; - use digest::Digest; - use blake2::Blake2s; - fn get_test_fs_rng() -> as PolynomialCommitment>::RandomOracle - { + fn get_test_fs_rng( + ) -> as PolynomialCommitment>::RandomOracle { let mut seed_builder = <> as PolynomialCommitment>::RandomOracle as FiatShamirRng>::Seed::new(); seed_builder.add_bytes(b"TEST_SEED").unwrap(); let fs_rng_seed = seed_builder.finalize(); - > as PolynomialCommitment>::RandomOracle::from_seed(fs_rng_seed) + > as PolynomialCommitment< + G, + >>::RandomOracle::from_seed(fs_rng_seed) } #[derive(Copy, Clone, Default)] @@ -559,54 +609,58 @@ mod test { num_polynomials: usize, hiding: bool, max_num_queries: usize, - segmented: bool + segmented: bool, } #[derive(Derivative)] #[derivative(Clone(bound = ""))] struct VerifierData<'a, G: AffineCurve> { - vk: VerifierKey, - comms: Vec>>>, - query_set: QuerySet<'a, G::ScalarField>, - values: Evaluations<'a, G::ScalarField>, - proof: DomainExtendedMultiPointProof, Proof>, - polynomials: Vec>, - num_polynomials: usize, + vk: VerifierKey, + comms: Vec>>>, + query_set: QuerySet<'a, G::ScalarField>, + values: Evaluations<'a, G::ScalarField>, + proof: DomainExtendedMultiPointProof, Proof>, + polynomials: Vec>, + num_polynomials: usize, num_points_in_query_set: usize, - _m: PhantomData<&'a G::ScalarField>, // To avoid compilation issue 'a + _m: PhantomData<&'a G::ScalarField>, // To avoid compilation issue 'a } - // Samples a random instance of a dlog multi-point multi-poly opening proof according to the - // specifications in the TestInfo. + // Samples a random instance of a dlog multi-point multi-poly opening proof according to the + // specifications in the TestInfo. fn get_data_for_verifier<'a, G, D>( info: TestInfo, - pp: Option> + pp: Option>, ) -> Result, Error> - where - G: AffineCurve, - D: Digest + where + G: AffineCurve, + D: Digest, { let TestInfo { - max_degree, // maximum degree supported by the dlog commitment scheme + max_degree, // maximum degree supported by the dlog commitment scheme supported_degree, // the supported maximum degree after trimming - num_polynomials, // number of random polynomials involved in the opening proof - max_num_queries, // size of the random query set for the opening proof - segmented, // use segmentation or not - hiding, // hiding or not + num_polynomials, // number of random polynomials involved in the opening proof + max_num_queries, // size of the random query set for the opening proof + segmented, // use segmentation or not + hiding, // hiding or not .. } = info; let rng = &mut thread_rng(); let max_degree = max_degree.unwrap_or(rand::distributions::Uniform::from(2..=64).sample(rng)); - let pp = if pp.is_some() { pp.unwrap() } else { DomainExtendedPolynomialCommitment::>::setup(max_degree)? }; + let pp = if pp.is_some() { + pp.unwrap() + } else { + DomainExtendedPolynomialCommitment::>::setup(max_degree)? + }; test_canonical_serialize_deserialize(true, &pp); let supported_degree = match supported_degree { Some(0) => 0, Some(d) => d, - None => rand::distributions::Uniform::from(1..=max_degree).sample(rng) + None => rand::distributions::Uniform::from(1..=max_degree).sample(rng), }; assert!( max_degree >= supported_degree, @@ -641,23 +695,22 @@ mod test { } let poly = Polynomial::rand(degree, rng); - polynomials.push(LabeledPolynomial::new( - label, - poly, - hiding, - )) + polynomials.push(LabeledPolynomial::new(label, poly, hiding)) } println!("supported degree: {:?}", supported_degree); println!("num_points_in_query_set: {:?}", num_points_in_query_set); - let (ck, vk) = pp.trim( - supported_degree, - )?; + let (ck, vk) = pp.trim(supported_degree)?; println!("Trimmed"); test_canonical_serialize_deserialize(true, &ck); test_canonical_serialize_deserialize(true, &vk); - let (comms, rands) = DomainExtendedPolynomialCommitment::>::commit_vec(&ck, &polynomials, Some(rng))?; + let (comms, rands) = + DomainExtendedPolynomialCommitment::>::commit_vec( + &ck, + &polynomials, + Some(rng), + )?; // Construct "symmetric" query set: every polynomial is evaluated at every // point. @@ -703,9 +756,9 @@ mod test { // We sample random instances of multi-point multi-poly dlog opening proofs, // produce aggregation proofs for their dlog items and fully verify these aggregation proofs. fn accumulation_test() -> Result<(), Error> - where - G: AffineCurve, - D: Digest, + where + G: AffineCurve, + D: Digest, { let rng = &mut thread_rng(); let max_degree = rand::distributions::Uniform::from(2..=128).sample(rng); @@ -718,7 +771,8 @@ mod test { ..Default::default() }; - let pp = DomainExtendedPolynomialCommitment::>::setup(max_degree)?; + let pp = + DomainExtendedPolynomialCommitment::>::setup(max_degree)?; test_canonical_serialize_deserialize(true, &pp); @@ -728,7 +782,6 @@ mod test { test_canonical_serialize_deserialize(true, &vk); for num_proofs in 1..20 { - let mut verifier_data_vec = Vec::with_capacity(num_proofs); // Generate all proofs and the data needed by the verifier to verify them @@ -736,7 +789,8 @@ mod test { // Modify requirements at random info.hiding = rng.gen(); info.segmented = rng.gen(); - verifier_data_vec.push(get_data_for_verifier::(info, Some(pp.clone())).unwrap()) + verifier_data_vec + .push(get_data_for_verifier::(info, Some(pp.clone())).unwrap()) } let mut comms = Vec::new(); @@ -758,7 +812,10 @@ mod test { }); // extract the xi's and G_fin's from the proof - let (xi_s_vec, g_fins) = DomainExtendedPolynomialCommitment::>::batch_succinct_verify( + let (xi_s_vec, g_fins) = DomainExtendedPolynomialCommitment::< + G, + InnerProductArgPC, + >::batch_succinct_verify( &vk, comms.clone(), query_sets.clone(), @@ -771,33 +828,35 @@ mod test { .into_iter() .zip(g_fins) .map(|(xi_s, g_final)| { - let acc = DLogItem:: { g_final: Commitment:: {comm: vec![g_final]}, xi_s }; + let acc = DLogItem:: { + g_final: Commitment:: { + comm: vec![g_final], + }, + xi_s, + }; test_canonical_serialize_deserialize(true, &acc); acc - }).collect::>(); + }) + .collect::>(); assert!(accumulators.is_valid()); // provide aggregation proof of the extracted dlog items - let (_, proof) = DLogItemAccumulator::::accumulate_items( - &ck, - accumulators.clone(), - )?; + let (_, proof) = + DLogItemAccumulator::::accumulate_items(&ck, accumulators.clone())?; test_canonical_serialize_deserialize(true, &proof); // Verifier side let dummy = DLogItem::::default(); - assert!( - DLogItemAccumulator::::verify_accumulated_items( - &dummy, - &vk, - // Actually the verifier should recompute the accumulators with the succinct verification - accumulators, - &proof, - rng - )? - ); + assert!(DLogItemAccumulator::::verify_accumulated_items( + &dummy, + &vk, + // Actually the verifier should recompute the accumulators with the succinct verification + accumulators, + &proof, + rng + )?); } Ok(()) } @@ -805,9 +864,9 @@ mod test { // We sample random instances of multi-point multi-poly dlog opening proofs, // and batch verify their dlog items. fn batch_verification_test() -> Result<(), Error> - where - G: AffineCurve, - D: Digest, + where + G: AffineCurve, + D: Digest, { let rng = &mut thread_rng(); let max_degree = rand::distributions::Uniform::from(2..=128).sample(rng); @@ -820,14 +879,14 @@ mod test { ..Default::default() }; - let pp = DomainExtendedPolynomialCommitment::>::setup(max_degree)?; + let pp = + DomainExtendedPolynomialCommitment::>::setup(max_degree)?; let (_, vk) = pp.trim(max_degree)?; test_canonical_serialize_deserialize(true, &pp); test_canonical_serialize_deserialize(true, &vk); for num_proofs in 1..20 { - let mut verifier_data_vec = Vec::with_capacity(num_proofs); // Generate all proofs and the data needed by the verifier to verify them @@ -835,7 +894,8 @@ mod test { // Modify requirements at random info.hiding = rng.gen(); info.segmented = rng.gen(); - verifier_data_vec.push(get_data_for_verifier::(info, Some(pp.clone())).unwrap()) + verifier_data_vec + .push(get_data_for_verifier::(info, Some(pp.clone())).unwrap()) } let mut comms = Vec::new(); @@ -857,7 +917,10 @@ mod test { }); // extract the xi's and G_fin's from the proof - let (xi_s_vec, g_fins) = DomainExtendedPolynomialCommitment::>::batch_succinct_verify( + let (xi_s_vec, g_fins) = DomainExtendedPolynomialCommitment::< + G, + InnerProductArgPC, + >::batch_succinct_verify( &vk, comms.clone(), query_sets.clone(), @@ -870,29 +933,30 @@ mod test { .into_iter() .zip(g_fins) .map(|(xi_s, g_final)| { - let acc = DLogItem:: { g_final: Commitment:: {comm: vec![g_final]}, xi_s }; + let acc = DLogItem:: { + g_final: Commitment:: { + comm: vec![g_final], + }, + xi_s, + }; test_canonical_serialize_deserialize(true, &acc); acc - }).collect::>(); + }) + .collect::>(); assert!(accumulators.is_valid()); // batch verify the extracted dlog items - assert!( - DLogItemAccumulator::::check_items( - &vk, - &accumulators, - rng - )? - ); + assert!(DLogItemAccumulator::::check_items( + &vk, + &accumulators, + rng + )?); } Ok(()) } - use algebra::curves::tweedle::{ - dee::Affine as TweedleDee, - dum::Affine as TweedleDum, - }; + use algebra::curves::tweedle::{dee::Affine as TweedleDee, dum::Affine as TweedleDum}; #[test] fn test_tweedle_accumulate_verify() { @@ -905,4 +969,4 @@ mod test { batch_verification_test::().unwrap(); batch_verification_test::().unwrap(); } -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/accumulators/mod.rs b/proof-systems/src/darlin/accumulators/mod.rs index 9b3ec84fc..50de9a12b 100644 --- a/proof-systems/src/darlin/accumulators/mod.rs +++ b/proof-systems/src/darlin/accumulators/mod.rs @@ -1,18 +1,15 @@ //! Trait for general (public, or "atomic") accumulation schemes [BCMS20](https://eprint.iacr.org/2020/499). -//! Comes with the aggregation/verification of "items", i.e. some data structure typically satisfying a +//! Comes with the aggregation/verification of "items", i.e. some data structure typically satisfying a //! non-efficient predicate). //! The trait applies to mixed type accumulators as described in our Darlin Proof Tree document: -//! There, a (full) accumulator is a composite structure of dlog and inner sumcheck ("single") accumulators, -//! from both groups of the EC cycle (the "current", and the "collected" ones). +//! There, a (full) accumulator is a composite structure of dlog and inner sumcheck ("single") accumulators, +//! from both groups of the EC cycle (the "current", and the "collected" ones). //! Although within recursion we do not separate accumulation strategy from the SNARK on protocol level, //! we nevertheless serve this functionality for post processing outside the PCD. -use algebra::{AffineCurve, serialize::*}; -use rand::RngCore; -use poly_commit::{ - ipa_pc::Proof, - Error -}; +use algebra::{serialize::*, AffineCurve}; use poly_commit::ipa_pc::Commitment; +use poly_commit::{ipa_pc::Proof, Error}; +use rand::RngCore; pub mod dlog; @@ -32,9 +29,9 @@ pub struct AccumulationProof { /// and verifying aggregation, as well as checking ("deciding") if an item /// satisfies the predicate. /// It applies to mixed type accumulators as described in our [Darlin Proof Tree doc](TODO: add link): -/// There, a (full) accumulator is a composite structure of dlog and inner -/// sumcheck ("single") accumulators, from both groups of the EC cycle (the -/// "current", and the "collected" ones). Although within recursion we do +/// There, a (full) accumulator is a composite structure of dlog and inner +/// sumcheck ("single") accumulators, from both groups of the EC cycle (the +/// "current", and the "collected" ones). Although within recursion we do /// not separate accumulation strategy from the SNARK on protocol level, /// we nevertheless serve this functionality for post processing outside the PCD. pub trait ItemAccumulator { @@ -69,4 +66,4 @@ pub trait ItemAccumulator { proof: &Self::AccumulationProof, rng: &mut R, ) -> Result; -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/benches/accumulate_verify.rs b/proof-systems/src/darlin/benches/accumulate_verify.rs index 262d2b30f..d62c45385 100644 --- a/proof-systems/src/darlin/benches/accumulate_verify.rs +++ b/proof-systems/src/darlin/benches/accumulate_verify.rs @@ -1,20 +1,14 @@ use algebra::{AffineCurve, ToConstraintField}; -use poly_commit::{ - PolynomialCommitment, - ipa_pc::InnerProductArgPC -}; +use blake2::Blake2s; +use criterion::*; +use digest::Digest; +use poly_commit::{ipa_pc::InnerProductArgPC, PolynomialCommitment}; +use proof_systems::darlin::pcd::GeneralPCD; use proof_systems::darlin::{ - tests::{ - get_keys, - final_darlin::generate_test_data as generate_final_darlin_test_data - }, proof_aggregator::{accumulate_proofs, verify_aggregated_proofs}, + tests::{final_darlin::generate_test_data as generate_final_darlin_test_data, get_keys}, }; -use digest::Digest; -use criterion::*; use rand::{thread_rng, SeedableRng}; -use blake2::Blake2s; -use proof_systems::darlin::pcd::GeneralPCD; use rand_xorshift::XorShiftRng; fn bench_verify( @@ -22,10 +16,11 @@ fn bench_verify( bench_name: &str, segment_size: usize, max_proofs: Vec, -) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +) where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); let mut group = c.benchmark_group(bench_name); @@ -35,11 +30,8 @@ fn bench_verify( let params_g1 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); let params_g2 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); - let ( - committer_key_g1, verifier_key_g1, - committer_key_g2, verifier_key_g2 - ) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); - + let (committer_key_g1, verifier_key_g1, committer_key_g2, verifier_key_g2) = + get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( num_constraints - 1, @@ -47,12 +39,11 @@ fn bench_verify( ¶ms_g1, ¶ms_g2, 1, - rng + rng, ); // Generate proofs and bench for num_proofs in max_proofs.into_iter() { - // Collect PCDs and vks let pcds = vec![GeneralPCD::FinalDarlin(final_darlin_pcd[0].clone()); num_proofs]; let vks = vec![index_vk[0].clone(); num_proofs]; @@ -62,23 +53,29 @@ fn bench_verify( pcds.as_slice(), vks.as_slice(), &committer_key_g1, - &committer_key_g2 - ).unwrap(); - - group.bench_with_input(BenchmarkId::from_parameter(num_proofs), &num_proofs, |bn, _num_proofs| { - bn.iter(|| { - // Verify accumulation - assert!(verify_aggregated_proofs::( - pcds.as_slice(), - vks.as_slice(), - &proof_g1, - &proof_g2, - &verifier_key_g1, - &verifier_key_g2, - &mut thread_rng(), - ).unwrap()) - }); - }); + &committer_key_g2, + ) + .unwrap(); + + group.bench_with_input( + BenchmarkId::from_parameter(num_proofs), + &num_proofs, + |bn, _num_proofs| { + bn.iter(|| { + // Verify accumulation + assert!(verify_aggregated_proofs::( + pcds.as_slice(), + vks.as_slice(), + &proof_g1, + &proof_g2, + &verifier_key_g1, + &verifier_key_g2, + &mut thread_rng(), + ) + .unwrap()) + }); + }, + ); } group.finish(); } @@ -88,10 +85,11 @@ fn bench_accumulate( bench_name: &str, segment_size: usize, max_proofs: Vec, -) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +) where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); let mut group = c.benchmark_group(bench_name); @@ -101,13 +99,7 @@ fn bench_accumulate( let params_g1 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); let params_g2 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); - let ( - committer_key_g1, _, - committer_key_g2, _, - ) = get_keys::<_, _, D>( - ¶ms_g1, - ¶ms_g2 - ); + let (committer_key_g1, _, committer_key_g2, _) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( num_constraints - 1, @@ -115,26 +107,30 @@ fn bench_accumulate( ¶ms_g1, ¶ms_g2, 1, - rng + rng, ); // Generate proofs and bench for num_proofs in max_proofs.into_iter() { - // Collect PCDs and vks let pcds = vec![GeneralPCD::FinalDarlin(final_darlin_pcd[0].clone()); num_proofs]; let vks = vec![index_vk[0].clone(); num_proofs]; - group.bench_with_input(BenchmarkId::from_parameter(num_proofs), &num_proofs, |bn, _num_proofs| { - bn.iter(|| { - accumulate_proofs::( - pcds.as_slice(), - vks.as_slice(), - &committer_key_g1, - &committer_key_g2 - ).unwrap() - }); - }); + group.bench_with_input( + BenchmarkId::from_parameter(num_proofs), + &num_proofs, + |bn, _num_proofs| { + bn.iter(|| { + accumulate_proofs::( + pcds.as_slice(), + vks.as_slice(), + &committer_key_g1, + &committer_key_g2, + ) + .unwrap() + }); + }, + ); } group.finish(); } @@ -143,11 +139,7 @@ fn bench_accumulate( // Segment size |H| => 42, segment size |H|/2 => 84 fn bench_verify_tweedle(c: &mut Criterion) { - - use algebra::curves::tweedle::{ - dee::Affine as TweedleDee, - dum::Affine as TweedleDum, - }; + use algebra::curves::tweedle::{dee::Affine as TweedleDee, dum::Affine as TweedleDum}; bench_verify::( c, @@ -172,11 +164,7 @@ fn bench_verify_tweedle(c: &mut Criterion) { } fn bench_accumulate_tweedle(c: &mut Criterion) { - - use algebra::curves::tweedle::{ - dee::Affine as TweedleDee, - dum::Affine as TweedleDum, - }; + use algebra::curves::tweedle::{dee::Affine as TweedleDee, dum::Affine as TweedleDum}; bench_accumulate::( c, @@ -206,4 +194,4 @@ config = Criterion::default().sample_size(10); targets = bench_verify_tweedle, bench_accumulate_tweedle ); -criterion_main!(accumulate_verify); \ No newline at end of file +criterion_main!(accumulate_verify); diff --git a/proof-systems/src/darlin/benches/batch_verification.rs b/proof-systems/src/darlin/benches/batch_verification.rs index c9583d34a..44a10492b 100644 --- a/proof-systems/src/darlin/benches/batch_verification.rs +++ b/proof-systems/src/darlin/benches/batch_verification.rs @@ -1,20 +1,14 @@ use algebra::{AffineCurve, ToConstraintField}; -use poly_commit::{ - PolynomialCommitment, - ipa_pc::InnerProductArgPC -}; +use blake2::Blake2s; +use criterion::*; +use digest::Digest; +use poly_commit::{ipa_pc::InnerProductArgPC, PolynomialCommitment}; +use proof_systems::darlin::pcd::GeneralPCD; use proof_systems::darlin::{ - tests::{ - get_keys, - final_darlin::generate_test_data as generate_final_darlin_test_data - }, proof_aggregator::batch_verify_proofs, + tests::{final_darlin::generate_test_data as generate_final_darlin_test_data, get_keys}, }; -use digest::Digest; -use criterion::*; use rand::{thread_rng, SeedableRng}; -use blake2::Blake2s; -use proof_systems::darlin::pcd::GeneralPCD; use rand_xorshift::XorShiftRng; fn bench_batch_verification( @@ -22,10 +16,11 @@ fn bench_batch_verification, -) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +) where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); let mut group = c.benchmark_group(bench_name); @@ -35,10 +30,7 @@ fn bench_batch_verification::setup(segment_size - 1).unwrap(); let params_g2 = InnerProductArgPC::::setup(segment_size - 1).unwrap(); - let ( - _, verifier_key_g1, - _, verifier_key_g2 - ) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); + let (_, verifier_key_g1, _, verifier_key_g2) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( num_constraints - 1, @@ -46,27 +38,31 @@ fn bench_batch_verification( - pcds.as_slice(), - vks.as_slice(), - &verifier_key_g1, - &verifier_key_g2, - &mut thread_rng() - ).unwrap()); - }); - }); + group.bench_with_input( + BenchmarkId::from_parameter(num_proofs), + &num_proofs, + |bn, _num_proofs| { + bn.iter(|| { + assert!(batch_verify_proofs::( + pcds.as_slice(), + vks.as_slice(), + &verifier_key_g1, + &verifier_key_g2, + &mut thread_rng() + ) + .unwrap()); + }); + }, + ); } group.finish(); } @@ -75,11 +71,7 @@ fn bench_batch_verification 42, segment size |H|/2 => 84 fn bench_batch_verification_tweedle(c: &mut Criterion) { - - use algebra::curves::tweedle::{ - dee::Affine as TweedleDee, - dum::Affine as TweedleDum, - }; + use algebra::curves::tweedle::{dee::Affine as TweedleDee, dum::Affine as TweedleDum}; bench_batch_verification::( c, @@ -109,4 +101,4 @@ config = Criterion::default().sample_size(10); targets = bench_batch_verification_tweedle ); -criterion_main!(batch_verification); \ No newline at end of file +criterion_main!(batch_verification); diff --git a/proof-systems/src/darlin/benches/batch_verification_detailed.rs b/proof-systems/src/darlin/benches/batch_verification_detailed.rs index 7c0a18814..777136a9a 100644 --- a/proof-systems/src/darlin/benches/batch_verification_detailed.rs +++ b/proof-systems/src/darlin/benches/batch_verification_detailed.rs @@ -1,27 +1,21 @@ -use algebra::{AffineCurve, ToConstraintField, serialize::*}; -use poly_commit::{ - PolynomialCommitment, - ipa_pc::InnerProductArgPC -}; +use algebra::{serialize::*, AffineCurve, ToConstraintField}; +use blake2::Blake2s; +use criterion::*; +use digest::Digest; +use poly_commit::{ipa_pc::InnerProductArgPC, PolynomialCommitment}; +use proof_systems::darlin::accumulators::dlog::DLogItemAccumulator; +use proof_systems::darlin::accumulators::ItemAccumulator; +use proof_systems::darlin::pcd::{DualPCDVerifierKey, GeneralPCD}; +use proof_systems::darlin::proof_aggregator::batch_verify_proofs; +use proof_systems::darlin::proof_aggregator::get_accumulators; use proof_systems::darlin::{ - tests::{ - get_keys, - final_darlin::generate_test_data as generate_final_darlin_test_data - }, pcd::PCD, + tests::{final_darlin::generate_test_data as generate_final_darlin_test_data, get_keys}, }; -use digest::Digest; -use criterion::*; -use rand::SeedableRng; use rand::thread_rng; -use blake2::Blake2s; -use proof_systems::darlin::pcd::{GeneralPCD, DualPCDVerifierKey}; +use rand::SeedableRng; use rand_xorshift::XorShiftRng; use rayon::prelude::*; -use proof_systems::darlin::proof_aggregator::get_accumulators; -use proof_systems::darlin::accumulators::dlog::DLogItemAccumulator; -use proof_systems::darlin::accumulators::ItemAccumulator; -use proof_systems::darlin::proof_aggregator::batch_verify_proofs; fn bench_succinct_part_batch_verification( c: &mut Criterion, @@ -29,10 +23,11 @@ fn bench_succinct_part_batch_verification, num_proofs: usize, -) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +) where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); let mut group = c.benchmark_group(bench_name); @@ -43,35 +38,44 @@ fn bench_succinct_part_batch_verification(¶ms_g1, ¶ms_g2); + let (_, verifier_key_g1, _, verifier_key_g2) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); // Generate proofs and bench for num_constraints in num_constraints.into_iter() { - let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( num_constraints - 1, segment_size, ¶ms_g1, ¶ms_g2, 1, - rng + rng, ); - println!("Proof size: {}", final_darlin_pcd[0].final_darlin_proof.serialized_size()); + println!( + "Proof size: {}", + final_darlin_pcd[0].final_darlin_proof.serialized_size() + ); println!("Vk size: {}", index_vk[0].serialized_size()); // Collect PCDs and vks let pcds = vec![GeneralPCD::FinalDarlin(final_darlin_pcd[0].clone()); num_proofs]; let vks = vec![index_vk[0].clone(); num_proofs]; - group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _num_constraints| { - bn.iter(|| { - let _ = get_accumulators::(pcds.as_slice(), vks.as_slice(), &verifier_key_g1, &verifier_key_g2).unwrap(); - }); - }); + group.bench_with_input( + BenchmarkId::from_parameter(num_constraints), + &num_constraints, + |bn, _num_constraints| { + bn.iter(|| { + let _ = get_accumulators::( + pcds.as_slice(), + vks.as_slice(), + &verifier_key_g1, + &verifier_key_g2, + ) + .unwrap(); + }); + }, + ); } group.finish(); } @@ -82,10 +86,11 @@ fn bench_hard_part_batch_verification, num_proofs: usize, -) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +) where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); let mut group = c.benchmark_group(bench_name); @@ -96,24 +101,23 @@ fn bench_hard_part_batch_verification(¶ms_g1, ¶ms_g2); + let (_, verifier_key_g1, _, verifier_key_g2) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); // Generate proofs and bench for num_constraints in num_constraints.into_iter() { - let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( num_constraints - 1, segment_size, ¶ms_g1, ¶ms_g2, 1, - rng + rng, ); - println!("Proof size: {}", final_darlin_pcd[0].final_darlin_proof.serialized_size()); + println!( + "Proof size: {}", + final_darlin_pcd[0].final_darlin_proof.serialized_size() + ); println!("Vk size: {}", index_vk[0].serialized_size()); // Collect PCDs and vks @@ -121,22 +125,28 @@ fn bench_hard_part_batch_verification(&pcds, &vks, &verifier_key_g1, &verifier_key_g2).unwrap(); - - group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _num_constraints| { - bn.iter(|| { - // Verify accumulators (hard part) - assert!( - DLogItemAccumulator::::check_items( - &verifier_key_g1, &accs_g1, rng - ).unwrap() - && - DLogItemAccumulator::::check_items( - &verifier_key_g2, &accs_g2, rng - ).unwrap() - ); - }); - }); + let (accs_g1, accs_g2) = + get_accumulators::(&pcds, &vks, &verifier_key_g1, &verifier_key_g2).unwrap(); + + group.bench_with_input( + BenchmarkId::from_parameter(num_constraints), + &num_constraints, + |bn, _num_constraints| { + bn.iter(|| { + // Verify accumulators (hard part) + assert!( + DLogItemAccumulator::::check_items(&verifier_key_g1, &accs_g1, rng) + .unwrap() + && DLogItemAccumulator::::check_items( + &verifier_key_g2, + &accs_g2, + rng + ) + .unwrap() + ); + }); + }, + ); } group.finish(); } @@ -147,10 +157,11 @@ fn bench_batch_verification_complete, num_proofs: usize, -) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +) where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let rng = &mut XorShiftRng::seed_from_u64(1234567890u64); let mut group = c.benchmark_group(bench_name); @@ -161,41 +172,45 @@ fn bench_batch_verification_complete(¶ms_g1, ¶ms_g2); + let (_, verifier_key_g1, _, verifier_key_g2) = get_keys::<_, _, D>(¶ms_g1, ¶ms_g2); // Generate proofs and bench for num_constraints in num_constraints.into_iter() { - let (final_darlin_pcd, index_vk) = generate_final_darlin_test_data::( num_constraints - 1, segment_size, ¶ms_g1, ¶ms_g2, 1, - rng + rng, ); - println!("Proof size: {}", final_darlin_pcd[0].final_darlin_proof.serialized_size()); + println!( + "Proof size: {}", + final_darlin_pcd[0].final_darlin_proof.serialized_size() + ); println!("Vk size: {}", index_vk[0].serialized_size()); // Collect PCDs and vks let pcds = vec![GeneralPCD::FinalDarlin(final_darlin_pcd[0].clone()); num_proofs]; let vks = vec![index_vk[0].clone(); num_proofs]; - group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _num_constraints| { - bn.iter(|| { - assert!(batch_verify_proofs::( - pcds.as_slice(), - vks.as_slice(), - &verifier_key_g1, - &verifier_key_g2, - &mut thread_rng() - ).unwrap()); - }); - }); + group.bench_with_input( + BenchmarkId::from_parameter(num_constraints), + &num_constraints, + |bn, _num_constraints| { + bn.iter(|| { + assert!(batch_verify_proofs::( + pcds.as_slice(), + vks.as_slice(), + &verifier_key_g1, + &verifier_key_g2, + &mut thread_rng() + ) + .unwrap()); + }); + }, + ); } group.finish(); } @@ -206,11 +221,7 @@ fn bench_batch_verification_complete>(); @@ -218,10 +229,14 @@ fn bench_batch_verification_complete_tweedle(c: &mut Criterion) { for log_segment_size in 14..=18 { bench_batch_verification_complete::( c, - format!("tweedle-dee, segment_size = 1 << {}, num_constraints", log_segment_size).as_str(), + format!( + "tweedle-dee, segment_size = 1 << {}, num_constraints", + log_segment_size + ) + .as_str(), 1 << log_segment_size, num_constraints.clone(), - num_proofs + num_proofs, ); } } @@ -232,11 +247,7 @@ fn bench_batch_verification_complete_tweedle(c: &mut Criterion) { // Segment size: [1 << 14, ... , 1 << 18] // Num constraints: [1 << 10, ..., 1 << 20] fn bench_succinct_part_batch_verification_tweedle(c: &mut Criterion) { - - use algebra::curves::tweedle::{ - dee::Affine as TweedleDee, - dum::Affine as TweedleDum, - }; + use algebra::curves::tweedle::{dee::Affine as TweedleDee, dum::Affine as TweedleDum}; let num_proofs = 100; let num_constraints = (10..=20).map(|pow| 1 << pow).collect::>(); @@ -244,10 +255,14 @@ fn bench_succinct_part_batch_verification_tweedle(c: &mut Criterion) { for log_segment_size in 14..=18 { bench_succinct_part_batch_verification::( c, - format!("succinct_part, tweedle-dee, segment_size = 1 << {}, num_constraints", log_segment_size).as_str(), + format!( + "succinct_part, tweedle-dee, segment_size = 1 << {}, num_constraints", + log_segment_size + ) + .as_str(), 1 << log_segment_size, num_constraints.clone(), - num_proofs + num_proofs, ); } } @@ -258,11 +273,7 @@ fn bench_succinct_part_batch_verification_tweedle(c: &mut Criterion) { // Segment size: [1 << 14, ... , 1 << 18] // Num constraints: [1 << 10, ..., 1 << 20] fn bench_hard_part_batch_verification_tweedle(c: &mut Criterion) { - - use algebra::curves::tweedle::{ - dee::Affine as TweedleDee, - dum::Affine as TweedleDum, - }; + use algebra::curves::tweedle::{dee::Affine as TweedleDee, dum::Affine as TweedleDum}; let num_proofs = 100; let num_constraints = (10..=20).map(|pow| 1 << pow).collect::>(); @@ -270,10 +281,14 @@ fn bench_hard_part_batch_verification_tweedle(c: &mut Criterion) { for log_segment_size in 14..=18 { bench_hard_part_batch_verification::( c, - format!("hard_part, tweedle-dee, segment_size = 1 << {}, num_constraints", log_segment_size).as_str(), + format!( + "hard_part, tweedle-dee, segment_size = 1 << {}, num_constraints", + log_segment_size + ) + .as_str(), 1 << log_segment_size, num_constraints.clone(), - num_proofs + num_proofs, ); } } @@ -284,4 +299,4 @@ config = Criterion::default().sample_size(10); targets = bench_batch_verification_complete_tweedle, bench_succinct_part_batch_verification_tweedle, bench_hard_part_batch_verification_tweedle ); -criterion_main!(batch_verification); \ No newline at end of file +criterion_main!(batch_verification); diff --git a/proof-systems/src/darlin/data_structures.rs b/proof-systems/src/darlin/data_structures.rs index dee56f9b4..508cb4089 100644 --- a/proof-systems/src/darlin/data_structures.rs +++ b/proof-systems/src/darlin/data_structures.rs @@ -1,18 +1,17 @@ //! The proof data struct (and its components) of a final Darlin, i.e. last node of //! our conversion/exiting chain. +use crate::darlin::{accumulators::dlog::DLogItem, pcd::simple_marlin::MarlinProof}; use algebra::{ - PrimeField, AffineCurve, ToConstraintField, ToBits, - ProjectiveCurve, UniformRand, serialize::*, SemanticallyValid + serialize::*, AffineCurve, PrimeField, ProjectiveCurve, SemanticallyValid, ToBits, + ToConstraintField, UniformRand, }; -use crate::darlin::{ - pcd::simple_marlin::MarlinProof, - accumulators::dlog::DLogItem -}; -use poly_commit::{ipa_pc::{ - SuccinctCheckPolynomial, InnerProductArgPC, - CommitterKey as DLogCommitterKey, Commitment, -}, DomainExtendedCommitment}; use digest::Digest; +use poly_commit::{ + ipa_pc::{ + Commitment, CommitterKey as DLogCommitterKey, InnerProductArgPC, SuccinctCheckPolynomial, + }, + DomainExtendedCommitment, +}; use rand::RngCore; /// The `FinalDarlinDeferredData`, assuming that the final node is in G1. @@ -23,53 +22,58 @@ use rand::RngCore; #[derive(Default, Clone, Debug, Eq, PartialEq, CanonicalSerialize, CanonicalDeserialize)] pub struct FinalDarlinDeferredData { // the dlog accumulator from the previous node, a Rainbow-Marlin node in G2 - pub(crate) previous_acc: DLogItem, + pub(crate) previous_acc: DLogItem, // the dlog accumulator from the pre-previous node, a Rainbow-Marlin node in G1 - pub(crate) pre_previous_acc: DLogItem, + pub(crate) pre_previous_acc: DLogItem, } -impl SemanticallyValid for FinalDarlinDeferredData -{ +impl SemanticallyValid for FinalDarlinDeferredData { fn is_valid(&self) -> bool { self.previous_acc.is_valid() && self.pre_previous_acc.is_valid() } } impl FinalDarlinDeferredData - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { // generates random FinalDarlinDeferredData, for test purposes only. pub fn generate_random( rng: &mut R, committer_key_g1: &DLogCommitterKey, - committer_key_g2: &DLogCommitterKey - ) -> Self - { + committer_key_g2: &DLogCommitterKey, + ) -> Self { // Generate valid accumulator over G1 starting from random xi_s let log_key_len_g1 = algebra::log2(committer_key_g1.comm_key.len()); let random_xi_s_g1 = SuccinctCheckPolynomial::( - (0..log_key_len_g1 as usize).map(|_| u128::rand(rng).into()).collect() + (0..log_key_len_g1 as usize) + .map(|_| u128::rand(rng).into()) + .collect(), ); let g_final_g1 = InnerProductArgPC::::inner_commit( committer_key_g1.comm_key.as_slice(), random_xi_s_g1.compute_coeffs().as_slice(), None, None, - ).unwrap(); + ) + .unwrap(); let acc_g1 = DLogItem:: { - g_final: DomainExtendedCommitment::>::new ( - vec! [ Commitment:: { comm: g_final_g1.into_affine() } ] - ), - xi_s: random_xi_s_g1 + g_final: DomainExtendedCommitment::>::new(vec![Commitment:: { + comm: g_final_g1.into_affine(), + }]), + xi_s: random_xi_s_g1, }; // Generate valid accumulator over G2 starting from random xi_s let log_key_len_g2 = algebra::log2(committer_key_g2.comm_key.len()); let random_xi_s_g2 = SuccinctCheckPolynomial::( - (0..log_key_len_g2 as usize).map(|_| u128::rand(rng).into()).collect() + (0..log_key_len_g2 as usize) + .map(|_| u128::rand(rng).into()) + .collect(), ); let g_final_g2 = InnerProductArgPC::::inner_commit( @@ -77,27 +81,30 @@ impl FinalDarlinDeferredData random_xi_s_g2.compute_coeffs().as_slice(), None, None, - ).unwrap(); + ) + .unwrap(); let acc_g2 = DLogItem:: { - g_final: DomainExtendedCommitment::>::new ( - vec! [ Commitment:: { comm: g_final_g2.into_affine() } ] - ), - xi_s: random_xi_s_g2 + g_final: DomainExtendedCommitment::>::new(vec![Commitment:: { + comm: g_final_g2.into_affine(), + }]), + xi_s: random_xi_s_g2, }; // Return accumulators in deferred struct Self { previous_acc: acc_g2, - pre_previous_acc: acc_g1 + pre_previous_acc: acc_g1, } } } impl ToConstraintField for FinalDarlinDeferredData - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { /// Conversion of the MarlinDeferredData to circuit inputs, which are elements /// over G1::ScalarField. @@ -124,14 +131,16 @@ impl ToConstraintField for FinalDarlinDeferredData>::to_field_elements(&bits[to_skip..]).unwrap()[0] == fe + <[bool] as ToConstraintField>::to_field_elements(&bits[to_skip..]) + .unwrap()[0] + == fe ); xi_s_bits.extend_from_slice(&bits[to_skip..]); } fes.append(&mut xi_s_bits.to_field_elements()?); // Convert the pre-previous acc into native field elements. - + // The G_final of the pre-previous node is in G1, hence over G2::ScalarField. // We serialize them all to bits and pack them safely into native field elements let g_final_g1 = self.pre_previous_acc.g_final.items.clone(); @@ -155,7 +164,9 @@ impl ToConstraintField for FinalDarlinDeferredData>::to_field_elements(&bits[to_skip..]).unwrap()[0] == fe + <[bool] as ToConstraintField>::to_field_elements(&bits[to_skip..]) + .unwrap()[0] + == fe ); xi_s_bits.extend_from_slice(&bits[to_skip..]); } @@ -166,20 +177,26 @@ impl ToConstraintField for FinalDarlinDeferredData { /// Full Marlin proof without deferred arithmetics in G1. - pub proof: MarlinProof, + pub proof: MarlinProof, /// Deferred accumulators - pub deferred: FinalDarlinDeferredData, + pub deferred: FinalDarlinDeferredData, } -impl SemanticallyValid for FinalDarlinProof +impl SemanticallyValid + for FinalDarlinProof { fn is_valid(&self) -> bool { self.proof.is_valid() && self.deferred.is_valid() } -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/error.rs b/proof-systems/src/darlin/error.rs index 39629a331..21e300005 100644 --- a/proof-systems/src/darlin/error.rs +++ b/proof-systems/src/darlin/error.rs @@ -1,6 +1,6 @@ +use crate::darlin::pcd::error::PCDError; use marlin::Error as MarlinError; use poly_commit::Error as PCError; -use crate::darlin::pcd::error::PCDError; #[derive(Debug)] pub enum FinalDarlinError { @@ -14,7 +14,7 @@ impl std::fmt::Display for FinalDarlinError { match self { FinalDarlinError::MarlinError(err) => write!(f, "{}", err), FinalDarlinError::PCDError(err) => write!(f, "{}", err), - FinalDarlinError::Other(err) =>write!(f, "{}", err) + FinalDarlinError::Other(err) => write!(f, "{}", err), } } } @@ -31,4 +31,4 @@ impl From for FinalDarlinError { } } -impl std::error::Error for FinalDarlinError {} \ No newline at end of file +impl std::error::Error for FinalDarlinError {} diff --git a/proof-systems/src/darlin/mod.rs b/proof-systems/src/darlin/mod.rs index 03082bd09..8d5e42e21 100644 --- a/proof-systems/src/darlin/mod.rs +++ b/proof-systems/src/darlin/mod.rs @@ -1,50 +1,48 @@ -//! The module for our Darlin proof carrying data (PCD) scheme as described in -//! our [DarlinProofTree doc](TODO: link). -//! The Darlin PCD scheme is based on (a variant of) Marlin/dlog, aggregating -//! the dlog "hard parts" as well as the inner sumchecks across multiple -//! circuits. -//! For now the module serves only basic structs and functions for the final -//! nodes of our conversion/exiting chain (which is either a "Simple Marlin", +//! The module for our Darlin proof carrying data (PCD) scheme as described in +//! our [DarlinProofTree doc](TODO: link). +//! The Darlin PCD scheme is based on (a variant of) Marlin/dlog, aggregating +//! the dlog "hard parts" as well as the inner sumchecks across multiple +//! circuits. +//! For now the module serves only basic structs and functions for the final +//! nodes of our conversion/exiting chain (which is either a "Simple Marlin", //! or a "Final Darlin"). It is split into the following submodules -//! - `accumulators`: accumulator structs and their aggregation schemes as +//! - `accumulators`: accumulator structs and their aggregation schemes as //! stand-alone non-interactive arguments. Although the stand-alone NI arguments //! are not applied in recursion, they are useful for post-prossing. -//! - `pcd`: Proof carrying data from the verifier point of view. -//! - `proof_aggregator`: utilities for proof post-processing, such as batch +//! - `pcd`: Proof carrying data from the verifier point of view. +//! - `proof_aggregator`: utilities for proof post-processing, such as batch //! verification and aggregation of their dlog hard parts. -pub mod pcd; pub mod accumulators; -pub mod proof_aggregator; pub mod data_structures; pub mod error; +pub mod pcd; +pub mod proof_aggregator; pub mod tests; -use algebra::{AffineCurve, ToConstraintField}; -use poly_commit::{ ipa_pc::{ - Parameters, InnerProductArgPC, - CommitterKey as DLogProverKey, - VerifierKey as DLogVerifierKey, - Commitment -}, PolynomialCommitment, DomainExtendedPolynomialCommitment, DomainExtendedCommitment, QuerySet, LabeledCommitment, Evaluations}; -use marlin::{ - Marlin, - ProverKey as MarlinProverKey, VerifierKey as MarlinVerifierKey, -}; use crate::darlin::{ data_structures::*, + error::FinalDarlinError, pcd::{ - PCD, PCDCircuit, + final_darlin::{FinalDarlinPCD, FinalDarlinPCDVerifierKey}, simple_marlin::MarlinProof, - final_darlin::{FinalDarlinPCD, FinalDarlinPCDVerifierKey} + PCDCircuit, PCD, }, - error::FinalDarlinError, }; -use rand::RngCore; +use algebra::{AffineCurve, ToConstraintField}; use digest::Digest; +use marlin::{Marlin, ProverKey as MarlinProverKey, VerifierKey as MarlinVerifierKey}; +use poly_commit::{ + ipa_pc::{ + Commitment, CommitterKey as DLogProverKey, InnerProductArgPC, Parameters, + VerifierKey as DLogVerifierKey, + }, + DomainExtendedCommitment, DomainExtendedPolynomialCommitment, Evaluations, LabeledCommitment, + PolynomialCommitment, QuerySet, +}; +use rand::RngCore; use std::marker::PhantomData; - /// FinalDarlin proof system. It is simply a (coboundary) Marlin SNARK of a dedicated /// recursive `PCDCircuit`. pub type FinalDarlinProverKey = MarlinProverKey; @@ -55,120 +53,127 @@ pub struct FinalDarlin<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'static #[doc(hidden)] PhantomData, #[doc(hidden)] PhantomData, #[doc(hidden)] PhantomData, - #[doc(hidden)] PhantomData<&'a ()> + #[doc(hidden)] PhantomData<&'a ()>, ); -impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - D: Digest + 'static, +impl<'a, G1, G2, D> FinalDarlin<'a, G1, G2, D> +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + D: Digest + 'static, { /// Generate the universal prover and verifier keys for Marlin. pub fn universal_setup( num_constraints: usize, num_variables: usize, num_non_zero: usize, - zk: bool, - ) -> Result<( - Parameters, - Parameters, - ), FinalDarlinError> - { - let srs_g1 = Marlin::>, D>::universal_setup( - num_constraints, - num_variables, - num_non_zero, - zk - )?; - - let srs_g2 = Marlin::>, D>::universal_setup( - num_constraints, - num_variables, - num_non_zero, - zk - )?; + zk: bool, + ) -> Result<(Parameters, Parameters), FinalDarlinError> { + let srs_g1 = Marlin::< + G1, + DomainExtendedPolynomialCommitment>, + D, + >::universal_setup(num_constraints, num_variables, num_non_zero, zk)?; + + let srs_g2 = Marlin::< + G2, + DomainExtendedPolynomialCommitment>, + D, + >::universal_setup(num_constraints, num_variables, num_non_zero, zk)?; Ok((srs_g1, srs_g2)) } /// Generate the index-specific (i.e., circuit-specific) prover and verifier - /// keys from the dedicated PCDCircuit. + /// keys from the dedicated PCDCircuit. /// This is a deterministic algorithm that anyone can rerun. pub fn index>( committer_key: &DLogProverKey, - config: C::SetupData, - ) -> Result<( - FinalDarlinProverKey>>, - FinalDarlinVerifierKey>>, - ), FinalDarlinError> - { + config: C::SetupData, + ) -> Result< + ( + FinalDarlinProverKey< + G1, + DomainExtendedPolynomialCommitment>, + >, + FinalDarlinVerifierKey< + G1, + DomainExtendedPolynomialCommitment>, + >, + ), + FinalDarlinError, + > { let c = C::init(config); let res = Marlin::>, D>::index(committer_key, c)?; Ok(res) } - /// Create and return a FinalDarlinPCD, given previous PCDs and a PCDCircuit + /// Create and return a FinalDarlinPCD, given previous PCDs and a PCDCircuit /// that (partially) verify them along with some additional data. pub fn prove( - index_pk: &FinalDarlinProverKey>>, - pc_pk: &DLogProverKey, - config: C::SetupData, + index_pk: &FinalDarlinProverKey< + G1, + DomainExtendedPolynomialCommitment>, + >, + pc_pk: &DLogProverKey, + config: C::SetupData, // In future, this will be explicitly a RainbowDarlinPCD - previous: Vec, - previous_vks: Vec<::PCDVerifierKey>, + previous: Vec, + previous_vks: Vec<::PCDVerifierKey>, additional_data: C::AdditionalData, - zk: bool, - zk_rng: Option<&mut dyn RngCore>, + zk: bool, + zk_rng: Option<&mut dyn RngCore>, ) -> Result, FinalDarlinError> - where - C: PCDCircuit>, + where + C: PCDCircuit>, { // init the recursive circuit using the previous PCDs and the additional data. - let c = C::init_state( - config, - previous, - previous_vks, - additional_data - ); - - // get the system and user inputs from the recursive circuit + let c = C::init_state(config, previous, previous_vks, additional_data); + + // get the system and user inputs from the recursive circuit let sys_ins = c.get_sys_ins()?.clone(); let usr_ins = c.get_usr_ins()?; // run the Marlin prover on the initialized recursive circuit - let proof = Marlin::>, D>::prove( - index_pk, pc_pk, c, zk, zk_rng - )?; - - let proof = FinalDarlinProof:: { proof: MarlinProof(proof), deferred: sys_ins }; - let usr_ins = usr_ins - .to_field_elements() - .map_err(|_| FinalDarlinError::Other("Failed to convert usr ins to field elements".to_owned()))?; + let proof = Marlin::< + G1, + DomainExtendedPolynomialCommitment>, + D, + >::prove(index_pk, pc_pk, c, zk, zk_rng)?; + + let proof = FinalDarlinProof:: { + proof: MarlinProof(proof), + deferred: sys_ins, + }; + let usr_ins = usr_ins.to_field_elements().map_err(|_| { + FinalDarlinError::Other("Failed to convert usr ins to field elements".to_owned()) + })?; Ok(FinalDarlinPCD::::new(proof, usr_ins)) } - /// Fully verify a `FinalDarlinProof` from the PCDCircuit `C`, using the PCD implementation for + /// Fully verify a `FinalDarlinProof` from the PCDCircuit `C`, using the PCD implementation for /// the FinalDarlinPCD. pub fn verify( - index_vk: &FinalDarlinVerifierKey>>, - pc_vk_g1: &DLogVerifierKey, - pc_vk_g2: &DLogVerifierKey, - usr_ins: &[G1::ScalarField], - proof: &FinalDarlinProof, - rng: &mut R, - ) -> Result - { - let final_darlin_pcd = FinalDarlinPCD::::new( - proof.clone(), usr_ins.to_vec() - ); - - let final_darlin_pcd_vk = FinalDarlinPCDVerifierKey::{ + index_vk: &FinalDarlinVerifierKey< + G1, + DomainExtendedPolynomialCommitment>, + >, + pc_vk_g1: &DLogVerifierKey, + pc_vk_g2: &DLogVerifierKey, + usr_ins: &[G1::ScalarField], + proof: &FinalDarlinProof, + rng: &mut R, + ) -> Result { + let final_darlin_pcd = FinalDarlinPCD::::new(proof.clone(), usr_ins.to_vec()); + + let final_darlin_pcd_vk = FinalDarlinPCDVerifierKey:: { final_darlin_vk: index_vk, - dlog_vks: (pc_vk_g1, pc_vk_g2) + dlog_vks: (pc_vk_g1, pc_vk_g2), }; let res = final_darlin_pcd.verify(&final_darlin_pcd_vk, rng)?; @@ -176,7 +181,7 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> Ok(res) } - /// Verifies only the IOP part of a `FinalDarlinProof`, i.e. a Marlin AHP + /// Verifies only the IOP part of a `FinalDarlinProof`, i.e. a Marlin AHP /// for the PCDCircuit with correctly combined system and user inputs. pub fn verify_ahp( pc_vk: &DLogVerifierKey, @@ -192,7 +197,9 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> { // Get "system inputs" let mut public_inputs = proof.deferred.to_field_elements().map_err(|_| { - FinalDarlinError::Other("Unable to convert proof.deferred to native field elements".to_owned()) + FinalDarlinError::Other( + "Unable to convert proof.deferred to native field elements".to_owned(), + ) })?; // Append user inputs @@ -206,21 +213,20 @@ impl<'a, G1, G2, D>FinalDarlin<'a, G1, G2, D> Ok(res) } - /// Verifies the dlog open part of a `FinalDarlinProof`. This also checks the + /// Verifies the dlog open part of a `FinalDarlinProof`. This also checks the /// "hard part" of the opening proof. pub fn verify_opening( - pc_vk: &DLogVerifierKey, - proof: &FinalDarlinProof, - labeled_comms: Vec>>>, - query_set: QuerySet<'a, G1::ScalarField>, - evaluations: Evaluations<'a, G1::ScalarField>, + pc_vk: &DLogVerifierKey, + proof: &FinalDarlinProof, + labeled_comms: Vec>>>, + query_set: QuerySet<'a, G1::ScalarField>, + evaluations: Evaluations<'a, G1::ScalarField>, fs_rng: &mut > as PolynomialCommitment>::RandomOracle, - ) -> Result - { + ) -> Result { let res = Marlin::>, D>::verify_opening( pc_vk, &proof.proof, labeled_comms, query_set, evaluations, fs_rng )?; Ok(res) } -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/pcd/error.rs b/proof-systems/src/darlin/pcd/error.rs index 0ba3fa303..f4e390cdd 100644 --- a/proof-systems/src/darlin/pcd/error.rs +++ b/proof-systems/src/darlin/pcd/error.rs @@ -9,12 +9,18 @@ pub enum PCDError { impl std::fmt::Display for PCDError { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { match self { - PCDError::FailedSuccinctVerification(err) => write!(f, "Succinct check failed: {}", err), + PCDError::FailedSuccinctVerification(err) => { + write!(f, "Succinct check failed: {}", err) + } PCDError::FailedHardVerification(err) => write!(f, "Hard check failed: {}", err), - PCDError::MissingSystemInputs(missing_field) => write!(f, "Unable to retrieve system input: {}", missing_field), - PCDError::MissingUserInputs(missing_field) => write!(f, "Unable to retrieve user input: {}", missing_field), + PCDError::MissingSystemInputs(missing_field) => { + write!(f, "Unable to retrieve system input: {}", missing_field) + } + PCDError::MissingUserInputs(missing_field) => { + write!(f, "Unable to retrieve user input: {}", missing_field) + } } } } -impl std::error::Error for PCDError {} \ No newline at end of file +impl std::error::Error for PCDError {} diff --git a/proof-systems/src/darlin/pcd/final_darlin.rs b/proof-systems/src/darlin/pcd/final_darlin.rs index bf73ac3b6..9e8c52d88 100644 --- a/proof-systems/src/darlin/pcd/final_darlin.rs +++ b/proof-systems/src/darlin/pcd/final_darlin.rs @@ -1,25 +1,20 @@ -//! Final Darlin proof carrying data. The final Darlin is the last node of the +//! Final Darlin proof carrying data. The final Darlin is the last node of the //! exiting/conversion chain of our Darlin PCD scheme, and provides a (coboundary) //! Marlin proof plus the dlog accumulators of the previous and pre-previous node. -use algebra::{AffineCurve, ToConstraintField}; -use digest::Digest; -use poly_commit::{ - ipa_pc::{ - InnerProductArgPC, - VerifierKey as DLogVerifierKey, - Commitment, - }, - PolynomialCommitment, - DomainExtendedPolynomialCommitment, DomainExtendedCommitment, - fiat_shamir_rng::FiatShamirRng, -}; use crate::darlin::{ accumulators::dlog::{DLogItem, DualDLogItem, DualDLogItemAccumulator}, - pcd::{PCD, error::PCDError}, - data_structures::*, accumulators::ItemAccumulator, + data_structures::*, + pcd::{error::PCDError, PCD}, FinalDarlin, FinalDarlinVerifierKey, }; +use algebra::{AffineCurve, ToConstraintField}; +use digest::Digest; +use poly_commit::{ + fiat_shamir_rng::FiatShamirRng, + ipa_pc::{Commitment, InnerProductArgPC, VerifierKey as DLogVerifierKey}, + DomainExtendedCommitment, DomainExtendedPolynomialCommitment, PolynomialCommitment, +}; use std::marker::PhantomData; /// As every PCD, the `FinalDarlinPCD` comes as a proof plus "statement". @@ -29,38 +24,44 @@ pub struct FinalDarlinPCD<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'sta /// A `FinalDarlinProof` is a Marlin proof plus deferred dlog accumulators pub final_darlin_proof: FinalDarlinProof, /// The user inputs form essentially the "statement" of the recursive proof. - pub usr_ins: Vec, - _lifetime: PhantomData<&'a ()>, + pub usr_ins: Vec, + _lifetime: PhantomData<&'a ()>, } impl<'a, G1, G2, D> FinalDarlinPCD<'a, G1, G2, D> - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - D: Digest + 'a, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + D: Digest + 'a, { pub fn new( final_darlin_proof: FinalDarlinProof, - usr_ins: Vec - ) -> Self - { - Self { final_darlin_proof, usr_ins, _lifetime: PhantomData } + usr_ins: Vec, + ) -> Self { + Self { + final_darlin_proof, + usr_ins, + _lifetime: PhantomData, + } } } -/// To verify the PCD of a final Darlin we only need the `FinalDarlinVerifierKey` (or, the +/// To verify the PCD of a final Darlin we only need the `FinalDarlinVerifierKey` (or, the /// IOP verifier key) of the final circuit and the two dlog committer keys for G1 and G2. pub struct FinalDarlinPCDVerifierKey<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'static> { - pub final_darlin_vk: &'a FinalDarlinVerifierKey>>, - pub dlog_vks: (&'a DLogVerifierKey, &'a DLogVerifierKey) + pub final_darlin_vk: &'a FinalDarlinVerifierKey< + G1, + DomainExtendedPolynomialCommitment>, + >, + pub dlog_vks: (&'a DLogVerifierKey, &'a DLogVerifierKey), } -impl< - 'a, - G1: AffineCurve, - G2: AffineCurve, - D: Digest -> AsRef<(&'a DLogVerifierKey, &'a DLogVerifierKey)> for FinalDarlinPCDVerifierKey<'a, G1, G2, D> { +impl<'a, G1: AffineCurve, G2: AffineCurve, D: Digest> + AsRef<(&'a DLogVerifierKey, &'a DLogVerifierKey)> + for FinalDarlinPCDVerifierKey<'a, G1, G2, D> +{ fn as_ref(&self) -> &(&'a DLogVerifierKey, &'a DLogVerifierKey) { &self.dlog_vks } @@ -68,8 +69,10 @@ impl< impl<'a, G1, G2, D> PCD for FinalDarlinPCD<'a, G1, G2, D> where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, D: Digest + 'static, { type PCDAccumulator = DualDLogItemAccumulator<'a, G1, G2, D>; @@ -78,20 +81,24 @@ where fn succinct_verify( &self, vk: &Self::PCDVerifierKey, - ) -> Result<::Item, PCDError> - { + ) -> Result<::Item, PCDError> { let succinct_time = start_timer!(|| "Finalized Darlin succinct verifier"); // let ahp_verify_time = start_timer!(|| "AHP verify"); // Verify sumchecks - let (query_set, evaluations, labeled_comms, mut fs_rng) = FinalDarlin::::verify_ahp( - vk.dlog_vks.0, vk.final_darlin_vk, self.usr_ins.as_slice(), &self.final_darlin_proof - ).map_err(|e| { - // end_timer!(ahp_verify_time); - end_timer!(succinct_time); - PCDError::FailedSuccinctVerification(format!("{:?}", e)) - })?; + let (query_set, evaluations, labeled_comms, mut fs_rng) = + FinalDarlin::::verify_ahp( + vk.dlog_vks.0, + vk.final_darlin_vk, + self.usr_ins.as_slice(), + &self.final_darlin_proof, + ) + .map_err(|e| { + // end_timer!(ahp_verify_time); + end_timer!(succinct_time); + PCDError::FailedSuccinctVerification(format!("{:?}", e)) + })?; // end_timer!(ahp_verify_time); @@ -118,26 +125,28 @@ where if verifier_state.is_none() { end_timer!(succinct_time); - Err(PCDError::FailedSuccinctVerification("Succinct verify failed".to_owned()))? + Err(PCDError::FailedSuccinctVerification( + "Succinct verify failed".to_owned(), + ))? } let verifier_state = verifier_state.unwrap(); // Verification successfull: return new accumulator let acc = DLogItem:: { - g_final: DomainExtendedCommitment::>::new( - vec![ Commitment:: { comm: verifier_state.final_comm_key.clone() } ] - ), + g_final: DomainExtendedCommitment::>::new(vec![Commitment:: { + comm: verifier_state.final_comm_key.clone(), + }]), xi_s: verifier_state.check_poly.clone(), }; end_timer!(succinct_time); - Ok(DualDLogItem::(vec![ + Ok(DualDLogItem::( + vec![ acc, - self.final_darlin_proof.deferred.pre_previous_acc.clone() + self.final_darlin_proof.deferred.pre_previous_acc.clone(), ], - vec![self.final_darlin_proof.deferred.previous_acc.clone()] + vec![self.final_darlin_proof.deferred.previous_acc.clone()], )) } } - diff --git a/proof-systems/src/darlin/pcd/mod.rs b/proof-systems/src/darlin/pcd/mod.rs index f3e365cf1..cf2523212 100644 --- a/proof-systems/src/darlin/pcd/mod.rs +++ b/proof-systems/src/darlin/pcd/mod.rs @@ -1,42 +1,38 @@ -//! Proof carrying data from accumulator SNARKS. For now, it includes only the +//! Proof carrying data from accumulator SNARKS. For now, it includes only the //! following basic elements: //! - trait for recursive circuits, -//! - verifier trait for proof carrying data, and their implementation +//! - verifier trait for proof carrying data, and their implementation //! for SimpleMarlin and FinalDarlin PCDs. -use algebra::{AffineCurve, ToConstraintField, UniformRand}; -use r1cs_core::ConstraintSynthesizer; -use poly_commit::{ - PCParameters, - ipa_pc::{ - Parameters, - CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, - }, - Error as PCError -}; use crate::darlin::{ accumulators::{ - ItemAccumulator, dlog::{DualDLogItem, DualDLogItemAccumulator}, + ItemAccumulator, }, + data_structures::FinalDarlinDeferredData, pcd::{ + error::PCDError, final_darlin::{FinalDarlinPCD, FinalDarlinPCDVerifierKey}, simple_marlin::{SimpleMarlinPCD, SimpleMarlinPCDVerifierKey}, - error::PCDError, }, - data_structures::FinalDarlinDeferredData, }; -use rand::RngCore; +use algebra::{AffineCurve, ToConstraintField, UniformRand}; use digest::Digest; +use poly_commit::{ + ipa_pc::{CommitterKey as DLogCommitterKey, Parameters, VerifierKey as DLogVerifierKey}, + Error as PCError, PCParameters, +}; +use r1cs_core::ConstraintSynthesizer; +use rand::RngCore; use std::fmt::Debug; -pub mod simple_marlin; -pub mod final_darlin; pub mod error; +pub mod final_darlin; +pub mod simple_marlin; /// Configuration parameters for the PCD scheme: for now, just the size of the /// committer key to be used throughout the PCD scheme. pub struct PCDParameters { - pub segment_size: usize + pub segment_size: usize, } impl PCDParameters { @@ -45,40 +41,36 @@ impl PCDParameters { /// specified in the config. pub fn universal_setup( &self, - params: &Parameters - ) -> Result<(DLogCommitterKey, DLogVerifierKey), PCError> - { - params.trim( - self.segment_size - 1, - ) + params: &Parameters, + ) -> Result<(DLogCommitterKey, DLogVerifierKey), PCError> { + params.trim(self.segment_size - 1) } } /// Trait for the recursive circuit of a PCD node in G. Both witnesses and public inputs /// are derived from previous proofs (PCDs) and some additional data ("payload"). -/// A recursive circuit comes with a universal circuit interface, comprised of -/// - `user inputs` (i.e. the proof "statement") and -/// - `system inputs`, which is the data due to amortization and split verification, -/// aka deferred checks. +/// A recursive circuit comes with a universal circuit interface, comprised of +/// - `user inputs` (i.e. the proof "statement") and +/// - `system inputs`, which is the data due to amortization and split verification, +/// aka deferred checks. /// The additional data is used only by dedicated circuits such as a base proofs or /// a finalizing block proofs. For the ordinary merger nodes, it is simply `None`. pub trait PCDCircuit: ConstraintSynthesizer { - /// Any data that may be needed to bootstrap the circuit that is not covered by the other - /// fields. + /// fields. type SetupData: Clone; - /// Additional data to be processed by the circuit. + /// Additional data to be processed by the circuit. /// This might be related to recursion (incremental "payload"). In our PCD it is /// supplementary witness data to serve additional business logic of the circuit. type AdditionalData; - /// Elements that are deferred during recursion. The are derived from the PCDs - /// passed by the nodes "below" + /// Elements that are deferred during recursion. The are derived from the PCDs + /// passed by the nodes "below" type SystemInputs: ToConstraintField + Debug + Clone; /// PCD type the circuit needs to verify - type PreviousPCD: PCD; + type PreviousPCD: PCD; /// Initialize the circuit state without explicitly assigning inputs and witnesses. /// To be used to generate pk and vk. @@ -87,10 +79,10 @@ pub trait PCDCircuit: ConstraintSynthesizer { /// Assign a concrete state to the circuit, using previous proofs and some "payload". /// As the circuit needs to verify previous proofs, it also needs the corresponding vks; fn init_state( - config: Self::SetupData, + config: Self::SetupData, previous_proofs_data: Vec, - previous_proofs_vks: Vec<::PCDVerifierKey>, - additional_data: Self::AdditionalData, + previous_proofs_vks: Vec<::PCDVerifierKey>, + additional_data: Self::AdditionalData, ) -> Self; /// Extract the system inputs from a concrete instantiation of the circuit. @@ -106,21 +98,21 @@ pub trait PCDCircuit: ConstraintSynthesizer { } /// This trait expresses the verifier for proof carrying data from accumulator SNARKs. -/// The PCD is assumed to process a set of proof carrying data consisting of -/// - a statement, +/// The PCD is assumed to process a set of proof carrying data consisting of +/// - a statement, /// - accumulator SNARK proof (i.e. a SNARK proof plus its accumulator) pub trait PCD: Sized + Send + Sync { type PCDAccumulator: ItemAccumulator; type PCDVerifierKey: AsRef<::AccumulatorVerifierKey>; /// Perform only the efficient part (i.e. sublinear w.r.t. the circuit size) of proof verification. - /// Typically includes few algebraic operations, e.g. the verification of Marlin's sumcheck - /// equations, batching commitments and their claimed openings, dlog reduction,and so on. + /// Typically includes few algebraic operations, e.g. the verification of Marlin's sumcheck + /// equations, batching commitments and their claimed openings, dlog reduction,and so on. /// Return the accumulator for the proof if verification was successful, /// Error otherwise. fn succinct_verify( &self, - vk: &Self::PCDVerifierKey, + vk: &Self::PCDVerifierKey, ) -> Result<::Item, PCDError>; /// Perform the non-efficient part of proof verification. @@ -128,21 +120,16 @@ pub trait PCD: Sized + Send + Sync { /// Typically involves one or several MSMs. fn hard_verify( &self, - acc: ::Item, - vk: &Self::PCDVerifierKey, - rng: &mut R, - ) -> Result - { ::check_items::(vk.as_ref(), &[acc], rng) - .map_err(|e| PCDError::FailedHardVerification(e.to_string())) + acc: ::Item, + vk: &Self::PCDVerifierKey, + rng: &mut R, + ) -> Result { + ::check_items::(vk.as_ref(), &[acc], rng) + .map_err(|e| PCDError::FailedHardVerification(e.to_string())) } /// Perform full verification of `self`, i.e. both succinct and hard part. - fn verify( - &self, - vk: &Self::PCDVerifierKey, - rng: &mut R, - ) -> Result - { + fn verify(&self, vk: &Self::PCDVerifierKey, rng: &mut R) -> Result { let acc = self.succinct_verify(vk)?; self.hard_verify::(acc, vk, rng) } @@ -154,27 +141,25 @@ pub trait PCD: Sized + Send + Sync { /// the proof aggregation implementation and testing. pub enum GeneralPCD<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'static> { SimpleMarlin(SimpleMarlinPCD<'a, G1, D>), - FinalDarlin(FinalDarlinPCD<'a, G1, G2, D>) + FinalDarlin(FinalDarlinPCD<'a, G1, G2, D>), } // Testing functions impl<'a, G1, G2, D> GeneralPCD<'a, G1, G2, D> - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - D: Digest, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + D: Digest, { - pub fn randomize_usr_ins( - &mut self, - rng: &mut R - ) - { + pub fn randomize_usr_ins(&mut self, rng: &mut R) { match self { Self::SimpleMarlin(simple_marlin) => { // No sys ins (for now) for SimpleMarlin, so modify the usr_ins instead let ins_len = simple_marlin.usr_ins.len(); simple_marlin.usr_ins = (0..ins_len).map(|_| G1::ScalarField::rand(rng)).collect(); - }, + } Self::FinalDarlin(final_darlin) => { let ins_len = final_darlin.usr_ins.len(); final_darlin.usr_ins = (0..ins_len).map(|_| G1::ScalarField::rand(rng)).collect(); @@ -186,19 +171,17 @@ impl<'a, G1, G2, D> GeneralPCD<'a, G1, G2, D> &mut self, ck_g1: &DLogCommitterKey, ck_g2: &DLogCommitterKey, - rng: &mut R - ) - { + rng: &mut R, + ) { match self { Self::SimpleMarlin(simple_marlin) => { // No sys ins (for now) for SimpleMarlin, so modify the usr_ins instead let ins_len = simple_marlin.usr_ins.len(); simple_marlin.usr_ins = (0..ins_len).map(|_| G1::ScalarField::rand(rng)).collect(); - }, + } Self::FinalDarlin(final_darlin) => { - final_darlin.final_darlin_proof.deferred = FinalDarlinDeferredData::::generate_random::( - rng, ck_g1, ck_g2 - ); + final_darlin.final_darlin_proof.deferred = + FinalDarlinDeferredData::::generate_random::(rng, ck_g1, ck_g2); } } } @@ -211,8 +194,10 @@ pub type DualPCDVerifierKey<'a, G1, G2, D> = FinalDarlinPCDVerifierKey<'a, G1, G impl<'a, G1, G2, D> PCD for GeneralPCD<'a, G1, G2, D> where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, D: Digest + 'static, { type PCDAccumulator = DualDLogItemAccumulator<'a, G1, G2, D>; @@ -221,18 +206,16 @@ where fn succinct_verify( &self, vk: &Self::PCDVerifierKey, - ) -> Result<::Item, PCDError> - { + ) -> Result<::Item, PCDError> { match self { Self::SimpleMarlin(simple_marlin) => { // Works because a FinalDarlinVk is a MarlinVk - let simple_marlin_vk = SimpleMarlinPCDVerifierKey (vk.final_darlin_vk, vk.dlog_vks.0); + let simple_marlin_vk = + SimpleMarlinPCDVerifierKey(vk.final_darlin_vk, vk.dlog_vks.0); let acc = simple_marlin.succinct_verify(&simple_marlin_vk)?; - Ok(DualDLogItem (vec![acc], vec![])) - }, - Self::FinalDarlin(final_darlin) => { - final_darlin.succinct_verify(vk) + Ok(DualDLogItem(vec![acc], vec![])) } + Self::FinalDarlin(final_darlin) => final_darlin.succinct_verify(vk), } } -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/pcd/simple_marlin.rs b/proof-systems/src/darlin/pcd/simple_marlin.rs index 911462276..024306e46 100644 --- a/proof-systems/src/darlin/pcd/simple_marlin.rs +++ b/proof-systems/src/darlin/pcd/simple_marlin.rs @@ -1,29 +1,34 @@ //! Simple Marlin "proof carrying data". This corresponds to non-recursive applications. -use algebra::{AffineCurve, SemanticallyValid, serialize::*}; -use digest::Digest; -use marlin::{VerifierKey as MarlinVerifierKey, Proof, Marlin, AHPForR1CS}; -use poly_commit::{ - PolynomialCommitment, - DomainExtendedPolynomialCommitment, DomainExtendedCommitment, - ipa_pc::{ - InnerProductArgPC, VerifierKey as DLogVerifierKey, - }, - fiat_shamir_rng::FiatShamirRng, -}; use crate::darlin::{ - pcd::{PCD, error::PCDError}, accumulators::{ - dlog::{DLogItem, DLogItemAccumulator}, ItemAccumulator + dlog::{DLogItem, DLogItemAccumulator}, + ItemAccumulator, }, + pcd::{error::PCDError, PCD}, }; +use algebra::{serialize::*, AffineCurve, SemanticallyValid}; +use digest::Digest; +use marlin::{AHPForR1CS, Marlin, Proof, VerifierKey as MarlinVerifierKey}; use poly_commit::ipa_pc::Commitment; -use std::ops::{Deref, DerefMut}; +use poly_commit::{ + fiat_shamir_rng::FiatShamirRng, + ipa_pc::{InnerProductArgPC, VerifierKey as DLogVerifierKey}, + DomainExtendedCommitment, DomainExtendedPolynomialCommitment, PolynomialCommitment, +}; use std::marker::PhantomData; +use std::ops::{Deref, DerefMut}; #[derive(Derivative)] -#[derivative(Clone(bound = ""), Debug(bound = ""), Eq(bound = ""), PartialEq(bound = ""))] +#[derivative( + Clone(bound = ""), + Debug(bound = ""), + Eq(bound = ""), + PartialEq(bound = "") +)] #[derive(CanonicalSerialize, CanonicalDeserialize)] -pub struct MarlinProof(pub Proof>>); +pub struct MarlinProof( + pub Proof>>, +); impl Deref for MarlinProof { type Target = Proof>>; @@ -34,7 +39,9 @@ impl Deref for MarlinProof { } impl DerefMut for MarlinProof { - fn deref_mut(&mut self) -> &mut Self::Target { &mut self.0 } + fn deref_mut(&mut self) -> &mut Self::Target { + &mut self.0 + } } impl SemanticallyValid for MarlinProof { @@ -44,16 +51,20 @@ impl SemanticallyValid for MarlinProof { let comms_per_round = vec![3, 3, 2]; // Check commitments are grouped into correct num_rounds - if self.commitments.len() != num_rounds { return false }; + if self.commitments.len() != num_rounds { + return false; + }; // Check that each round has the expected number of commitments for i in 0..comms_per_round.len() { - if self.commitments[i].len() != comms_per_round[i] { return false }; + if self.commitments[i].len() != comms_per_round[i] { + return false; + }; } // Check evaluations num - let num_polys = AHPForR1CS::::PROVER_POLYNOMIALS.len() + - AHPForR1CS::::INDEXER_POLYNOMIALS.len(); + let num_polys = AHPForR1CS::::PROVER_POLYNOMIALS.len() + + AHPForR1CS::::INDEXER_POLYNOMIALS.len(); let evaluations_num = num_polys + 2; self.commitments.is_valid() && // Check that each commitment is valid @@ -69,45 +80,50 @@ impl SemanticallyValid for MarlinProof { #[derive(Derivative)] #[derivative(Clone(bound = ""))] pub struct SimpleMarlinPCD<'a, G: AffineCurve, D: Digest + 'static> { - pub proof: MarlinProof, - pub usr_ins: Vec, - _lifetime: PhantomData<&'a ()>, + pub proof: MarlinProof, + pub usr_ins: Vec, + _lifetime: PhantomData<&'a ()>, } /// As every PCD, the `SimpleMarlinPCD` comes as a proof plus "statement". impl<'a, G, D> SimpleMarlinPCD<'a, G, D> - where - G: AffineCurve, - D: Digest + 'a, +where + G: AffineCurve, + D: Digest + 'a, { pub fn new( // A normal (coboundary) Marlin proof - proof: MarlinProof, + proof: MarlinProof, // The "statement" of the proof. Typically the full public inputs - usr_ins: Vec - ) -> Self - { - Self { proof, usr_ins, _lifetime: PhantomData } + usr_ins: Vec, + ) -> Self { + Self { + proof, + usr_ins, + _lifetime: PhantomData, + } } } -/// To verify the PCD of a simple Marlin we only need the `MarlinVerifierKey` (or, the +/// To verify the PCD of a simple Marlin we only need the `MarlinVerifierKey` (or, the /// IOP verifier key) of the circuit, and the two dlog committer keys for G1 and G2. pub struct SimpleMarlinPCDVerifierKey<'a, G: AffineCurve, D: Digest + 'static>( pub &'a MarlinVerifierKey>>, - pub &'a DLogVerifierKey + pub &'a DLogVerifierKey, ); -impl<'a, G: AffineCurve, D: Digest> AsRef> for SimpleMarlinPCDVerifierKey<'a, G, D> { +impl<'a, G: AffineCurve, D: Digest> AsRef> + for SimpleMarlinPCDVerifierKey<'a, G, D> +{ fn as_ref(&self) -> &DLogVerifierKey { &self.1 } } impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> - where - G: AffineCurve, - D: Digest + 'static, +where + G: AffineCurve, + D: Digest + 'static, { type PCDAccumulator = DLogItemAccumulator; type PCDVerifierKey = SimpleMarlinPCDVerifierKey<'a, G, D>; @@ -115,17 +131,21 @@ impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> fn succinct_verify( &self, vk: &Self::PCDVerifierKey, - ) -> Result<::Item, PCDError> - { + ) -> Result<::Item, PCDError> { let succinct_time = start_timer!(|| "Marlin succinct verifier"); - // Verify the IOP/AHP - let (query_set, evaluations, labeled_comms, mut fs_rng) = Marlin::>, D>::verify_ahp( + // Verify the IOP/AHP + let (query_set, evaluations, labeled_comms, mut fs_rng) = Marlin::< + G, + DomainExtendedPolynomialCommitment>, + D, + >::verify_ahp( &vk.1, &vk.0, self.usr_ins.as_slice(), &self.proof, - ).map_err(|e| { + ) + .map_err(|e| { end_timer!(succinct_time); PCDError::FailedSuccinctVerification(format!("{:?}", e)) })?; @@ -148,20 +168,22 @@ impl<'a, G, D> PCD for SimpleMarlinPCD<'a, G, D> if verifier_state.is_none() { end_timer!(succinct_time); - Err(PCDError::FailedSuccinctVerification("Succinct verify failed".to_owned()))? + Err(PCDError::FailedSuccinctVerification( + "Succinct verify failed".to_owned(), + ))? } let verifier_state = verifier_state.unwrap(); // Successfull verification: return current accumulator let acc = DLogItem:: { - g_final: DomainExtendedCommitment::>::new( - vec![ Commitment:: { comm: verifier_state.final_comm_key.clone() } ] - ), + g_final: DomainExtendedCommitment::>::new(vec![Commitment:: { + comm: verifier_state.final_comm_key.clone(), + }]), xi_s: verifier_state.check_poly.clone(), }; end_timer!(succinct_time); Ok(acc) } -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/proof_aggregator.rs b/proof-systems/src/darlin/proof_aggregator.rs index 290ba3376..9d9b972bb 100644 --- a/proof-systems/src/darlin/proof_aggregator.rs +++ b/proof-systems/src/darlin/proof_aggregator.rs @@ -1,44 +1,42 @@ -//! Utilities for proof post-processing of `GeneralPCD`, i.e. SimpleMarlin and +//! Utilities for proof post-processing of `GeneralPCD`, i.e. SimpleMarlin and //! FinalDarlin PCD, using batch verification and aggregation of their dlog hard parts. -use algebra::{ - AffineCurve, ToConstraintField +use crate::darlin::{ + accumulators::{ + dlog::{DLogItem, DLogItemAccumulator}, + AccumulationProof, ItemAccumulator, + }, + pcd::{DualPCDVerifierKey, GeneralPCD, PCD}, }; +use algebra::{AffineCurve, ToConstraintField}; +use digest::Digest; use marlin::VerifierKey as MarlinVerifierKey; use poly_commit::{ + ipa_pc::{CommitterKey as DLogCommitterKey, InnerProductArgPC, VerifierKey as DLogVerifierKey}, DomainExtendedPolynomialCommitment, - ipa_pc::{ - InnerProductArgPC, - CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, - }, -}; -use crate::darlin::{ - accumulators::{ - dlog::{DLogItemAccumulator, DLogItem}, - ItemAccumulator, AccumulationProof - }, - pcd::{ - PCD, GeneralPCD, DualPCDVerifierKey - }, }; use rand::RngCore; -use digest::Digest; // use rayon::prelude::*; /// Given a set of PCDs, their corresponding Marlin verification keys, and the DLogCommitterKey(s) /// over two groups of a curve cycle, compute and return the associated accumulators via the -/// succinct verification of them. +/// succinct verification of them. /// In case of failure, return the indices of the proofs that have caused the failure (if it's possible -/// to establish it). +/// to establish it). /// The PCDs are allowed to use different size restrictions of the DLogCommitterKey `g1_ck` and `g2_ck`. pub fn get_accumulators( - pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>>], - g1_ck: &DLogCommitterKey, - g2_ck: &DLogCommitterKey, + pcds: &[GeneralPCD], + vks: &[MarlinVerifierKey< + G1, + DomainExtendedPolynomialCommitment>, + >], + g1_ck: &DLogCommitterKey, + g2_ck: &DLogCommitterKey, ) -> Result<(Vec>, Vec>), Option>> - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let accumulators_time = start_timer!(|| "Compute accumulators"); @@ -53,23 +51,30 @@ pub fn get_accumulators( .map(|(i, (pcd, vk))| { // recall that we use FinalDarlinVerifierKeys to handle // polymorphic verification of final Darlin/simpleM arlin PCDs - let vk = DualPCDVerifierKey::{ + let vk = DualPCDVerifierKey:: { final_darlin_vk: vk, - dlog_vks: (g1_ck, g2_ck) + dlog_vks: (g1_ck, g2_ck), }; // No need to trim the vk here to the specific segment size used // to generate the proof for this pcd, as the IPA succinct_check // function doesn't use vk.comm_key at all. pcd.succinct_verify(&vk).map_err(|_| i) - }).partition(Result::is_ok); + }) + .partition(Result::is_ok); end_timer!(accumulators_time); let accs = accs.into_iter().map(Result::unwrap).collect::>(); - let mut failing_indices = failing_indices.into_iter().map(Result::unwrap_err).collect::>(); + let mut failing_indices = failing_indices + .into_iter() + .map(Result::unwrap_err) + .collect::>(); if failing_indices.is_empty() { // All succinct verifications passed: collect and return the accumulators - let accs_g1 = accs.iter().flat_map(|acc| acc.0.clone()).collect::>(); + let accs_g1 = accs + .iter() + .flat_map(|acc| acc.0.clone()) + .collect::>(); let accs_g2 = accs.into_iter().flat_map(|acc| acc.1).collect::>(); Ok((accs_g1, accs_g2)) } else { @@ -81,30 +86,31 @@ pub fn get_accumulators( } /// Given a set of PCDs, their corresponding Marlin verification keys, and the DLogCommitterKey(s) -/// from both groups of our EC cycle, compute and return an accumulation proof(s) for +/// from both groups of our EC cycle, compute and return an accumulation proof(s) for /// the dlog accumulators/"items". /// In case of failure, returns the indices of the proofs which caused it (if possible). -/// The PCDs are allowed to use different size restrictions of the DLogCommitterKey +/// The PCDs are allowed to use different size restrictions of the DLogCommitterKey /// `g1_ck` and `g2_ck`. pub fn accumulate_proofs( - pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>>], - g1_ck: &DLogCommitterKey, - g2_ck: &DLogCommitterKey, -) -> Result< - ( - Option>, - Option>, - ), Option>> - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, + pcds: &[GeneralPCD], + vks: &[MarlinVerifierKey< + G1, + DomainExtendedPolynomialCommitment>, + >], + g1_ck: &DLogCommitterKey, + g2_ck: &DLogCommitterKey, +) -> Result<(Option>, Option>), Option>> +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let accumulation_time = start_timer!(|| "Accumulate proofs"); // Get accumulators from pcds - let (accs_g1, accs_g2) = get_accumulators::(pcds, vks, g1_ck, g2_ck) - .map_err(|e| { + let (accs_g1, accs_g2) = + get_accumulators::(pcds, vks, g1_ck, g2_ck).map_err(|e| { end_timer!(accumulation_time); e })?; @@ -115,11 +121,11 @@ pub fn accumulate_proofs( } else { Some( DLogItemAccumulator::::accumulate_items(g1_ck, accs_g1) - .map_err(|_| { - end_timer!(accumulation_time); - None - })? - .1 + .map_err(|_| { + end_timer!(accumulation_time); + None + })? + .1, ) }; @@ -132,7 +138,7 @@ pub fn accumulate_proofs( end_timer!(accumulation_time); None })? - .1 + .1, ) }; @@ -141,31 +147,35 @@ pub fn accumulate_proofs( Ok((acc_proof_g1, acc_proof_g2)) } - /// Verifies a set of PCDs which is augmented by an accumulation proof for their /// dlog items. (This is cheaper than batch verification, as it doesn't need to /// do any batching of witnesses.) /// In case of failure, returns the indices of the proofs which caused it (if possible). -/// The PCDs are allowed to use different size restrictions of the DLogCommitterKey +/// The PCDs are allowed to use different size restrictions of the DLogCommitterKey /// `g1_ck` and `g2_ck`. pub fn verify_aggregated_proofs( - pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>>], - accumulation_proof_g1: &Option>, - accumulation_proof_g2: &Option>, - g1_vk: &DLogVerifierKey, - g2_vk: &DLogVerifierKey, - rng: &mut R + pcds: &[GeneralPCD], + vks: &[MarlinVerifierKey< + G1, + DomainExtendedPolynomialCommitment>, + >], + accumulation_proof_g1: &Option>, + accumulation_proof_g2: &Option>, + g1_vk: &DLogVerifierKey, + g2_vk: &DLogVerifierKey, + rng: &mut R, ) -> Result>> - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let verification_time = start_timer!(|| "Verify aggregated proofs"); // Do the succinct verification of the PCDs and get their accumulators - let (accs_g1, accs_g2) = get_accumulators::(pcds, vks, g1_vk, g2_vk) - .map_err(|e| { + let (accs_g1, accs_g2) = + get_accumulators::(pcds, vks, g1_vk, g2_vk).map_err(|e| { end_timer!(verification_time); e })?; @@ -174,8 +184,13 @@ pub fn verify_aggregated_proofs( let result_accumulate_g1 = if accumulation_proof_g1.is_some() { let dummy_g1 = DLogItem::::default(); DLogItemAccumulator::::verify_accumulated_items::( - &dummy_g1, g1_vk, accs_g1, accumulation_proof_g1.as_ref().unwrap(), rng - ).map_err(|_| { + &dummy_g1, + g1_vk, + accs_g1, + accumulation_proof_g1.as_ref().unwrap(), + rng, + ) + .map_err(|_| { end_timer!(verification_time); None })? @@ -187,8 +202,13 @@ pub fn verify_aggregated_proofs( let result_accumulate_g2 = if accumulation_proof_g2.is_some() { let dummy_g2 = DLogItem::::default(); DLogItemAccumulator::::verify_accumulated_items::( - &dummy_g2, g2_vk, accs_g2, accumulation_proof_g2.as_ref().unwrap(), rng - ).map_err(|_| { + &dummy_g2, + g2_vk, + accs_g2, + accumulation_proof_g2.as_ref().unwrap(), + rng, + ) + .map_err(|_| { end_timer!(verification_time); None })? @@ -201,28 +221,33 @@ pub fn verify_aggregated_proofs( Ok(result_accumulate_g1 && result_accumulate_g2) } -/// Batch verification of PCDs consisting of FinalDarlin/SimpleMarlin PCDs. -/// The succinct parts are processed in serial, the dlog items (in both of the groups G1 +/// Batch verification of PCDs consisting of FinalDarlin/SimpleMarlin PCDs. +/// The succinct parts are processed in serial, the dlog items (in both of the groups G1 /// and G2) are verified in batch. /// In case of failure, returns the indices of the proofs which caused it (if possible). -/// The PCDs are allowed to use different size restrictions of the DLogCommitterKey +/// The PCDs are allowed to use different size restrictions of the DLogCommitterKey /// `g1_ck` and `g2_ck`. pub fn batch_verify_proofs( - pcds: &[GeneralPCD], - vks: &[MarlinVerifierKey>>], - g1_vk: &DLogVerifierKey, - g2_vk: &DLogVerifierKey, - rng: &mut R + pcds: &[GeneralPCD], + vks: &[MarlinVerifierKey< + G1, + DomainExtendedPolynomialCommitment>, + >], + g1_vk: &DLogVerifierKey, + g2_vk: &DLogVerifierKey, + rng: &mut R, ) -> Result>> - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { let verification_time = start_timer!(|| "Batch verify proofs"); // Do the succinct verification of the PCDs and get their accumulators - let (accs_g1, accs_g2) = get_accumulators::(pcds, vks, g1_vk, g2_vk) - .map_err(|e| { + let (accs_g1, accs_g2) = + get_accumulators::(pcds, vks, g1_vk, g2_vk).map_err(|e| { end_timer!(verification_time); e })?; @@ -231,9 +256,7 @@ pub fn batch_verify_proofs( let result_g1 = if accs_g1.is_empty() { true } else { - DLogItemAccumulator::::check_items::( - g1_vk, &accs_g1, rng - ).map_err(|_| { + DLogItemAccumulator::::check_items::(g1_vk, &accs_g1, rng).map_err(|_| { end_timer!(verification_time); None })? @@ -242,9 +265,7 @@ pub fn batch_verify_proofs( let result_g2 = if accs_g2.is_empty() { true } else { - DLogItemAccumulator::::check_items::( - g2_vk, &accs_g2, rng - ).map_err(|_| { + DLogItemAccumulator::::check_items::(g2_vk, &accs_g2, rng).map_err(|_| { end_timer!(verification_time); None })? @@ -253,4 +274,4 @@ pub fn batch_verify_proofs( end_timer!(verification_time); Ok(result_g1 && result_g2) -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/tests/final_darlin.rs b/proof-systems/src/darlin/tests/final_darlin.rs index 5a0bb8b22..77ed496f1 100644 --- a/proof-systems/src/darlin/tests/final_darlin.rs +++ b/proof-systems/src/darlin/tests/final_darlin.rs @@ -1,31 +1,22 @@ //! A test circuit which, besides processing additional data according to //! a simple quadratic relation, allocates a given instance of `FinalDarlinDeferredData`, //! and wires it to the outside via system inputs. -use algebra::{AffineCurve, ToConstraintField, UniformRand}; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use crate::darlin::{ - pcd::{ - PCD, PCDParameters, PCDCircuit, - final_darlin::FinalDarlinPCD, - error::PCDError, - }, accumulators::ItemAccumulator, data_structures::FinalDarlinDeferredData, - FinalDarlinProverKey, FinalDarlinVerifierKey, FinalDarlin, + pcd::{error::PCDError, final_darlin::FinalDarlinPCD, PCDCircuit, PCDParameters, PCD}, + FinalDarlin, FinalDarlinProverKey, FinalDarlinVerifierKey, }; +use algebra::{AffineCurve, ToConstraintField, UniformRand}; use poly_commit::{ - DomainExtendedPolynomialCommitment, - ipa_pc::{InnerProductArgPC, CommitterKey, Parameters}, - Error as PCError + ipa_pc::{CommitterKey, InnerProductArgPC, Parameters}, + DomainExtendedPolynomialCommitment, Error as PCError, }; +use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; //use rand::{ Rng, RngCore }; -use rand::RngCore; use digest::Digest; -use r1cs_std::{ - alloc::AllocGadget, - fields::fp::FpGadget, - eq::EqGadget, -}; +use r1cs_std::{alloc::AllocGadget, eq::EqGadget, fields::fp::FpGadget}; +use rand::RngCore; // Dummy Acc used for testing pub struct TestAcc {} @@ -39,17 +30,15 @@ impl ItemAccumulator for TestAcc { fn check_items( _vk: &Self::AccumulatorVerifierKey, _accumulators: &[Self::Item], - _rng: &mut R - ) -> Result - { + _rng: &mut R, + ) -> Result { Ok(true) } fn accumulate_items( _ck: &Self::AccumulatorProverKey, - _accumulators: Vec - ) -> Result<(Self::Item, Self::AccumulationProof), PCError> - { + _accumulators: Vec, + ) -> Result<(Self::Item, Self::AccumulationProof), PCError> { Ok(((), ())) } @@ -58,9 +47,8 @@ impl ItemAccumulator for TestAcc { _vk: &Self::AccumulatorVerifierKey, _previous_accumulators: Vec, _proof: &Self::AccumulationProof, - _rng: &mut R - ) -> Result - { + _rng: &mut R, + ) -> Result { Ok(true) } } @@ -68,9 +56,10 @@ impl ItemAccumulator for TestAcc { // Test PCDVk pub struct TestPCDVk {} -impl AsRef<()> for TestPCDVk -{ - fn as_ref(&self) -> &() { &() } +impl AsRef<()> for TestPCDVk { + fn as_ref(&self) -> &() { + &() + } } /// For testing purposes, TestPrevPCD already serves correct sys_ins and usr_ins @@ -81,15 +70,20 @@ pub struct TestPrevPCD { } impl PCD for TestPrevPCD - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { type PCDAccumulator = TestAcc; type PCDVerifierKey = TestPCDVk; // there is nothing to succinctly verify - fn succinct_verify(&self, _vk: &Self::PCDVerifierKey) -> Result<::Item, PCDError> { + fn succinct_verify( + &self, + _vk: &Self::PCDVerifierKey, + ) -> Result<::Item, PCDError> { Ok(()) } } @@ -98,14 +92,13 @@ impl PCD for TestPrevPCD #[derive(Clone)] pub struct CircuitInfo { pub num_constraints: usize, - pub num_variables: usize, + pub num_variables: usize, /// just used to deduce the number of field elements to allocate on the /// circuit for simplicity. Would've been the same passing a parameter /// like "number_of_deferred_field_element_to_allocate" - pub dummy_deferred: FinalDarlinDeferredData, + pub dummy_deferred: FinalDarlinDeferredData, } - /// This test circuit simply allocates `deferred`, i.e. a valid instance of FinalDarlinDeferredData, /// and wires it to the outside via system inputs. /// The user inputs are the field elements c, d, used along the user inputs (c_prev, d_prev) @@ -118,7 +111,6 @@ pub struct CircuitInfo { /// dummy witness variables are allocated. #[derive(Clone, Default)] pub struct TestCircuit { - /// Incremental data (to be allocated as witnesses) pub a: Option, pub b: Option, @@ -140,15 +132,16 @@ pub struct TestCircuit { } impl ConstraintSynthesizer for TestCircuit - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { fn generate_constraints>( self, cs: &mut CS, - ) -> Result<(), SynthesisError> - { + ) -> Result<(), SynthesisError> { // convert the FinalDarlinDeferred efficiently to circuit inputs let deferred_as_native_fes = self.deferred.to_field_elements().unwrap(); let deferred_len = deferred_as_native_fes.len(); @@ -158,7 +151,7 @@ impl ConstraintSynthesizer for TestCircuit for (i, fe) in deferred_as_native_fes.iter().enumerate() { let ins_g = FpGadget::::alloc_input( cs.ns(|| format!("Alloc input deferred elem {}", i)), - || Ok(fe) + || Ok(fe), )?; deferred_input_gs.push(ins_g); } @@ -168,39 +161,41 @@ impl ConstraintSynthesizer for TestCircuit for (i, fe) in deferred_as_native_fes.into_iter().enumerate() { let witness_g = FpGadget::::alloc( cs.ns(|| format!("Alloc deferred elem {}", i)), - || Ok(fe) + || Ok(fe), )?; deferred_gs.push(witness_g); } // Enforce the system inputs to the circuit to be equal to the allocated `deferred`. - // This is a simple way to allow test cases where sys data (i.e. the deferred + // This is a simple way to allow test cases where sys data (i.e. the deferred // accumulators) are wrong. let mut test_constraints = cs.num_constraints(); - for (i, (deferred_w, deferred_ins)) in deferred_input_gs.into_iter().zip(deferred_gs).enumerate() { + for (i, (deferred_w, deferred_ins)) in + deferred_input_gs.into_iter().zip(deferred_gs).enumerate() + { deferred_w.enforce_equal( cs.ns(|| format!("enforce deferred equal {}", i)), - &deferred_ins + &deferred_ins, )?; } test_constraints = cs.num_constraints() - test_constraints; // The following is equal to the SimpleMarlin circuit - // TODO: although this circuit fortunately does not produce undersized Marlin polynomials, - // let us pad with constraints in a more careful manner (e.g., as in our test circuit 1c - // of Marlin. + // TODO: although this circuit fortunately does not produce undersized Marlin polynomials, + // let us pad with constraints in a more careful manner (e.g., as in our test circuit 1c + // of Marlin. let a = cs.alloc(|| "a", || self.a.ok_or(SynthesisError::AssignmentMissing))?; let b = cs.alloc(|| "b", || self.b.ok_or(SynthesisError::AssignmentMissing))?; - let c_prev = cs.alloc(|| "c_prev", || self.c_prev.ok_or(SynthesisError::AssignmentMissing))?; - let d_prev = cs.alloc(|| "d_prev", || self.d_prev.ok_or(SynthesisError::AssignmentMissing))?; - let c = cs.alloc_input( - || "c", - || self.c.ok_or(SynthesisError::AssignmentMissing) + let c_prev = cs.alloc( + || "c_prev", + || self.c_prev.ok_or(SynthesisError::AssignmentMissing), )?; - let d = cs.alloc_input( - || "d", - || self.d.ok_or(SynthesisError::AssignmentMissing) + let d_prev = cs.alloc( + || "d_prev", + || self.d_prev.ok_or(SynthesisError::AssignmentMissing), )?; + let c = cs.alloc_input(|| "c", || self.c.ok_or(SynthesisError::AssignmentMissing))?; + let d = cs.alloc_input(|| "d", || self.d.ok_or(SynthesisError::AssignmentMissing))?; for i in 0..(self.num_variables - 7 - (4 * deferred_len)) { let _ = cs.alloc( @@ -209,7 +204,7 @@ impl ConstraintSynthesizer for TestCircuit )?; } - for i in 0..(self.num_constraints - 1 - test_constraints){ + for i in 0..(self.num_constraints - 1 - test_constraints) { cs.enforce( || format!("constraint {}", i), |lc| lc + a, @@ -229,14 +224,16 @@ impl ConstraintSynthesizer for TestCircuit } impl PCDCircuit for TestCircuit - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { - type SetupData = CircuitInfo; - type AdditionalData = (G1::ScalarField, G1::ScalarField); - type SystemInputs = FinalDarlinDeferredData; - type PreviousPCD = TestPrevPCD; + type SetupData = CircuitInfo; + type AdditionalData = (G1::ScalarField, G1::ScalarField); + type SystemInputs = FinalDarlinDeferredData; + type PreviousPCD = TestPrevPCD; fn init(config: Self::SetupData) -> Self { Self { @@ -248,17 +245,16 @@ impl PCDCircuit for TestCircuit d: None, num_constraints: config.num_constraints, num_variables: config.num_variables, - deferred: config.dummy_deferred.clone() + deferred: config.dummy_deferred.clone(), } } fn init_state( - config: Self::SetupData, + config: Self::SetupData, previous_proofs_data: Vec, _previous_proofs_vks: Vec<::PCDVerifierKey>, - additional_data: Self::AdditionalData - ) -> Self - { + additional_data: Self::AdditionalData, + ) -> Self { assert_eq!(previous_proofs_data.len(), 1); let a = additional_data.0; @@ -293,27 +289,31 @@ impl PCDCircuit for TestCircuit } } -/// Generates a FinalDarlinPCD from TestCircuit1, given an instance of -/// FinalDarlinDeferred as previous PCD (via CircuitInfo). +/// Generates a FinalDarlinPCD from TestCircuit1, given an instance of +/// FinalDarlinDeferred as previous PCD (via CircuitInfo). /// The additional data a,b is sampled randomly. #[allow(dead_code)] -pub fn generate_test_pcd<'a, G1: AffineCurve, G2:AffineCurve, D: Digest + 'a, R: RngCore>( +pub fn generate_test_pcd<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'a, R: RngCore>( pc_ck_g1: &CommitterKey, - final_darlin_pk: &FinalDarlinProverKey>>, + final_darlin_pk: &FinalDarlinProverKey< + G1, + DomainExtendedPolynomialCommitment>, + >, info: CircuitInfo, zk: bool, rng: &mut R, ) -> FinalDarlinPCD<'a, G1, G2, D> - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { - let prev_pcd = TestPrevPCD:: { // as we have already generated a dummy deferred for CircuitInfo, let's // just re-use it sys_ins: info.dummy_deferred.clone(), - usr_ins: (G1::ScalarField::rand(rng), G1::ScalarField::rand(rng)) + usr_ins: (G1::ScalarField::rand(rng), G1::ScalarField::rand(rng)), }; // our additional data witnesses @@ -328,11 +328,12 @@ pub fn generate_test_pcd<'a, G1: AffineCurve, G2:AffineCurve, D: Digest + 'a, R: vec![], (a, b), zk, - if zk { Some(rng) } else { None } - ).unwrap() + if zk { Some(rng) } else { None }, + ) + .unwrap() } -/// Generates `num_proofs` random instances of FinalDarlinPCDs for TestCircuit1 at given +/// Generates `num_proofs` random instances of FinalDarlinPCDs for TestCircuit1 at given /// `num_constraints`, using `segment_size` for the dlog commitment scheme. #[allow(dead_code)] pub fn generate_test_data<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'a, R: RngCore>( @@ -344,11 +345,18 @@ pub fn generate_test_data<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'a, rng: &mut R, ) -> ( Vec>, - Vec>>> + Vec< + FinalDarlinVerifierKey< + G1, + DomainExtendedPolynomialCommitment>, + >, + >, ) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, +where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { // Trim committer key and verifier key let config = PCDParameters { segment_size }; @@ -368,19 +376,16 @@ pub fn generate_test_data<'a, G1: AffineCurve, G2: AffineCurve, D: Digest + 'a, dummy_deferred, }; - let (index_pk, index_vk) = FinalDarlin::::index::>( - &committer_key_g1, - info.clone() - ).unwrap(); + let (index_pk, index_vk) = + FinalDarlin::::index::>(&committer_key_g1, info.clone()) + .unwrap(); // Generate Final Darlin PCDs - let final_darlin_pcd = generate_test_pcd::( - &committer_key_g1, - &index_pk, - info, - true, - rng, - ); + let final_darlin_pcd = + generate_test_pcd::(&committer_key_g1, &index_pk, info, true, rng); - (vec![final_darlin_pcd; num_proofs], vec![index_vk; num_proofs]) + ( + vec![final_darlin_pcd; num_proofs], + vec![index_vk; num_proofs], + ) } diff --git a/proof-systems/src/darlin/tests/mod.rs b/proof-systems/src/darlin/tests/mod.rs index b498e900d..77c105e47 100644 --- a/proof-systems/src/darlin/tests/mod.rs +++ b/proof-systems/src/darlin/tests/mod.rs @@ -1,31 +1,28 @@ //! Test suite for PCD post processing (batch-verification, aggregation) use algebra::AffineCurve; +use digest::Digest; use poly_commit::{ + ipa_pc::{CommitterKey as DLogCommitterKey, Parameters, VerifierKey as DLogVerifierKey}, PCParameters, - ipa_pc::{ - Parameters, - CommitterKey as DLogCommitterKey, VerifierKey as DLogVerifierKey, - } }; -use digest::Digest; -pub mod simple_marlin; pub mod final_darlin; +pub mod simple_marlin; #[allow(dead_code)] /// Extract DLogCommitterKey and DLogVerifierKey from Parameters struct pub fn get_keys( params_g1: &Parameters, params_g2: &Parameters, -) -> (DLogCommitterKey, DLogVerifierKey, DLogCommitterKey, DLogVerifierKey) -{ - let (ck_g1, vk_g1) = params_g1.trim( - params_g1.max_degree(), - ).unwrap(); +) -> ( + DLogCommitterKey, + DLogVerifierKey, + DLogCommitterKey, + DLogVerifierKey, +) { + let (ck_g1, vk_g1) = params_g1.trim(params_g1.max_degree()).unwrap(); - let (ck_g2, vk_g2) = params_g2.trim( - params_g2.max_degree(), - ).unwrap(); + let (ck_g2, vk_g2) = params_g2.trim(params_g2.max_degree()).unwrap(); (ck_g1, vk_g1, ck_g2, vk_g2) } @@ -33,32 +30,32 @@ pub fn get_keys( #[cfg(test)] mod test { use super::*; - use algebra::{curves::tweedle::{ - dee::Affine as DeeAffine, dum::Affine as DumAffine, - }, UniformRand, ToConstraintField, serialize::test_canonical_serialize_deserialize, SemanticallyValid, CanonicalSerialize, CanonicalDeserialize}; - use poly_commit::{ - PolynomialCommitment, - ipa_pc::InnerProductArgPC - }; - use marlin::VerifierKey as MarlinVerifierKey; + use crate::darlin::data_structures::FinalDarlinProof; use crate::darlin::{ pcd::GeneralPCD, - proof_aggregator::{accumulate_proofs, verify_aggregated_proofs, batch_verify_proofs}, + proof_aggregator::{accumulate_proofs, batch_verify_proofs, verify_aggregated_proofs}, tests::{ - simple_marlin::generate_test_data as generate_simple_marlin_test_data, final_darlin::generate_test_data as generate_final_darlin_test_data, - } + simple_marlin::generate_test_data as generate_simple_marlin_test_data, + }, + }; + use algebra::{ + curves::tweedle::{dee::Affine as DeeAffine, dum::Affine as DumAffine}, + serialize::test_canonical_serialize_deserialize, + CanonicalDeserialize, CanonicalSerialize, SemanticallyValid, ToConstraintField, + UniformRand, }; use blake2::Blake2s; - use rand::{Rng, RngCore, SeedableRng, thread_rng}; + use marlin::VerifierKey as MarlinVerifierKey; + use poly_commit::{ipa_pc::InnerProductArgPC, PolynomialCommitment}; + use rand::{thread_rng, Rng, RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; - use std::path::Path; - use std::fs::File; use std::collections::HashSet; - use crate::darlin::data_structures::FinalDarlinProof; + use std::fs::File; + use std::path::Path; fn get_unique_random_proof_indices(pcds_len: usize, rng: &mut R) -> Vec { - let num_proofs_to_randomize: usize = rng.gen_range(1..pcds_len/2); + let num_proofs_to_randomize: usize = rng.gen_range(1..pcds_len / 2); let mut indices = (0..num_proofs_to_randomize) .map(|_| rng.gen_range(0..pcds_len)) .collect::>() @@ -78,19 +75,16 @@ mod test { verifier_key_g2: &DLogVerifierKey, fake_pcds: Option<&[GeneralPCD<'a, G1, G2, D>]>, fake_vks: Option<&[MarlinVerifierKey>]>, - rng: &mut R - ) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, + rng: &mut R, + ) where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { // Accumulate PCDs - let (proof_g1, proof_g2) = accumulate_proofs::( - pcds, - vks, - committer_key_g1, - committer_key_g2 - ).unwrap(); + let (proof_g1, proof_g2) = + accumulate_proofs::(pcds, vks, committer_key_g1, committer_key_g2).unwrap(); // Verify accumulation assert!(verify_aggregated_proofs::( @@ -101,7 +95,8 @@ mod test { verifier_key_g1, verifier_key_g2, rng - ).unwrap()); + ) + .unwrap()); // Pass wrong accumulation proof and check verification fails // Change one element in proof_g1 @@ -115,17 +110,21 @@ mod test { verifier_key_g1, verifier_key_g2, rng - ).unwrap()); + ) + .unwrap()); // Randomize usr_ins for some PCDs and assert AHP verification fails let indices = get_unique_random_proof_indices(pcds.len(), rng); // Save original pcds and randomize existing ones - let original_pcds = indices.iter().map(|&idx| { - let copy = pcds[idx].clone(); - pcds[idx].randomize_usr_ins(rng); - copy - }).collect::>(); + let original_pcds = indices + .iter() + .map(|&idx| { + let copy = pcds[idx].clone(); + pcds[idx].randomize_usr_ins(rng); + copy + }) + .collect::>(); let result = verify_aggregated_proofs::( pcds, @@ -134,7 +133,7 @@ mod test { &proof_g2, verifier_key_g1, verifier_key_g2, - rng + rng, ); // Check AHP failed @@ -144,17 +143,23 @@ mod test { assert_eq!(result.unwrap_err().unwrap(), indices); // Restore correct PCDs - indices.into_iter().zip(original_pcds).for_each(|(idx, original_pcd)| pcds[idx] = original_pcd); + indices + .into_iter() + .zip(original_pcds) + .for_each(|(idx, original_pcd)| pcds[idx] = original_pcd); // Randomize sys_ins for some PCDs and assert AHP verification fails let indices = get_unique_random_proof_indices(pcds.len(), rng); // Save original pcds and randomize existing ones - let original_pcds = indices.iter().map(|&idx| { - let copy = pcds[idx].clone(); - pcds[idx].randomize_sys_ins(committer_key_g1, committer_key_g2, rng); - copy - }).collect::>(); + let original_pcds = indices + .iter() + .map(|&idx| { + let copy = pcds[idx].clone(); + pcds[idx].randomize_sys_ins(committer_key_g1, committer_key_g2, rng); + copy + }) + .collect::>(); let result = verify_aggregated_proofs::( pcds, @@ -163,7 +168,7 @@ mod test { &proof_g2, verifier_key_g1, verifier_key_g2, - rng + rng, ); // Check AHP failed @@ -173,10 +178,12 @@ mod test { assert_eq!(result.unwrap_err().unwrap(), indices); // Restore correct PCDs - indices.into_iter().zip(original_pcds).for_each(|(idx, original_pcd)| pcds[idx] = original_pcd); + indices + .into_iter() + .zip(original_pcds) + .for_each(|(idx, original_pcd)| pcds[idx] = original_pcd); if fake_pcds.is_some() && fake_vks.is_some() { - let idx: usize = rng.gen_range(0..pcds.len()); let original_pcd = pcds[idx].clone(); // Save correct pcd let original_vk = vks[idx].clone(); // Save correct pcd @@ -190,11 +197,14 @@ mod test { &proof_g2, verifier_key_g1, verifier_key_g2, - rng + rng, ); // Check accumulation verification failed in hard part - assert!((result.is_err() && result.clone().unwrap_err().is_none()) || (result.is_ok() && !result.clone().unwrap())); + assert!( + (result.is_err() && result.clone().unwrap_err().is_none()) + || (result.is_ok() && !result.clone().unwrap()) + ); // Restore correct PCD pcds[idx] = original_pcd; @@ -212,11 +222,12 @@ mod test { verifier_key_g2: &DLogVerifierKey, fake_pcds: Option<&[GeneralPCD<'a, G1, G2, D>]>, fake_vks: Option<&[MarlinVerifierKey>]>, - rng: &mut R - ) - where - G1: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, - G2: AffineCurve::ScalarField> + ToConstraintField<::ScalarField>, + rng: &mut R, + ) where + G1: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, + G2: AffineCurve::ScalarField> + + ToConstraintField<::ScalarField>, { // Batch Verify assert!(batch_verify_proofs::( @@ -225,25 +236,24 @@ mod test { verifier_key_g1, verifier_key_g2, rng - ).unwrap()); + ) + .unwrap()); // Randomize usr_ins for some PCDs and assert AHP verification fails let indices = get_unique_random_proof_indices(pcds.len(), rng); // Save original pcds and randomize existing ones - let original_pcds = indices.iter().map(|&idx| { - let copy = pcds[idx].clone(); - pcds[idx].randomize_usr_ins(rng); - copy - }).collect::>(); + let original_pcds = indices + .iter() + .map(|&idx| { + let copy = pcds[idx].clone(); + pcds[idx].randomize_usr_ins(rng); + copy + }) + .collect::>(); - let result = batch_verify_proofs::( - pcds, - vks, - verifier_key_g1, - verifier_key_g2, - rng - ); + let result = + batch_verify_proofs::(pcds, vks, verifier_key_g1, verifier_key_g2, rng); // Check AHP failed assert!(result.is_err()); @@ -252,25 +262,26 @@ mod test { assert_eq!(result.unwrap_err().unwrap(), indices); // Restore correct PCDs - indices.into_iter().zip(original_pcds).for_each(|(idx, original_pcd)| pcds[idx] = original_pcd); + indices + .into_iter() + .zip(original_pcds) + .for_each(|(idx, original_pcd)| pcds[idx] = original_pcd); // Randomize sys_ins for some PCDs and assert AHP verification fails let indices = get_unique_random_proof_indices(pcds.len(), rng); // Save original pcds and randomize existing ones - let original_pcds = indices.iter().map(|&idx| { - let copy = pcds[idx].clone(); - pcds[idx].randomize_sys_ins(verifier_key_g1, verifier_key_g2, rng); - copy - }).collect::>(); + let original_pcds = indices + .iter() + .map(|&idx| { + let copy = pcds[idx].clone(); + pcds[idx].randomize_sys_ins(verifier_key_g1, verifier_key_g2, rng); + copy + }) + .collect::>(); - let result = batch_verify_proofs::( - pcds, - vks, - verifier_key_g1, - verifier_key_g2, - rng - ); + let result = + batch_verify_proofs::(pcds, vks, verifier_key_g1, verifier_key_g2, rng); // Check AHP failed assert!(result.is_err()); @@ -279,10 +290,12 @@ mod test { assert_eq!(result.unwrap_err().unwrap(), indices); // Restore correct PCDs - indices.into_iter().zip(original_pcds).for_each(|(idx, original_pcd)| pcds[idx] = original_pcd); + indices + .into_iter() + .zip(original_pcds) + .for_each(|(idx, original_pcd)| pcds[idx] = original_pcd); if fake_pcds.is_some() && fake_vks.is_some() { - let idx: usize = rng.gen_range(0..pcds.len()); let original_pcd = pcds[idx].clone(); // Save correct pcd let original_vk = vks[idx].clone(); // Save correct pcd @@ -294,7 +307,7 @@ mod test { vks, verifier_key_g1, verifier_key_g2, - rng + rng, ); // Check not failed in succinct part @@ -327,13 +340,12 @@ mod test { let params_g1 = TestIPAPCDee::setup(segment_size - 1).unwrap(); let params_g2 = TestIPAPCDum::setup(segment_size - 1).unwrap(); - let ( - committer_key_g1, verifier_key_g1, - committer_key_g2, verifier_key_g2 - ) = get_keys::<_, _, Blake2s>(¶ms_g1, ¶ms_g2); + let (committer_key_g1, verifier_key_g1, committer_key_g2, verifier_key_g2) = + get_keys::<_, _, Blake2s>(¶ms_g1, ¶ms_g2); //Generate fake params - let mut params_g1_fake = TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); + let mut params_g1_fake = + TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); params_g1_fake.ut_copy_params(¶ms_g1); test_canonical_serialize_deserialize(true, &committer_key_g1); @@ -362,7 +374,7 @@ mod test { iteration_segment_size, ¶ms_g1, iteration_num_proofs, - generation_rng + generation_rng, ); assert!(&iteration_pcds[0].proof.is_valid()); @@ -372,13 +384,14 @@ mod test { pcds.append(&mut iteration_pcds); simple_marlin_vks.append(&mut iteration_vks); - let (mut iteration_pcds_fake, mut iteration_vks_fake) = generate_simple_marlin_test_data( - iteration_num_constraints - 1, - iteration_segment_size, - ¶ms_g1_fake, - iteration_num_proofs, - generation_rng - ); + let (mut iteration_pcds_fake, mut iteration_vks_fake) = + generate_simple_marlin_test_data( + iteration_num_constraints - 1, + iteration_segment_size, + ¶ms_g1_fake, + iteration_num_proofs, + generation_rng, + ); pcds_fake.append(&mut iteration_pcds_fake); simple_marlin_vks_fake.append(&mut iteration_vks_fake); @@ -387,7 +400,9 @@ mod test { // Collect PCDs let mut simple_marlin_pcds = pcds .into_iter() - .map(|simple_marlin_pcd| GeneralPCD::SimpleMarlin::(simple_marlin_pcd)) + .map(|simple_marlin_pcd| { + GeneralPCD::SimpleMarlin::(simple_marlin_pcd) + }) .collect::>(); let simple_marlin_pcds_fake = pcds_fake @@ -405,7 +420,7 @@ mod test { &verifier_key_g2, Some(simple_marlin_pcds_fake.as_slice()), Some(simple_marlin_vks_fake.as_slice()), - rng + rng, ); println!("Test batch verification"); @@ -416,7 +431,7 @@ mod test { &verifier_key_g2, Some(simple_marlin_pcds_fake.as_slice()), Some(simple_marlin_vks_fake.as_slice()), - rng + rng, ); } @@ -433,15 +448,15 @@ mod test { let params_g1 = TestIPAPCDee::setup(segment_size - 1).unwrap(); let params_g2 = TestIPAPCDum::setup(segment_size - 1).unwrap(); - let ( - committer_key_g1, verifier_key_g1, - committer_key_g2, verifier_key_g2 - ) = get_keys::<_, _, Blake2s>(¶ms_g1, ¶ms_g2); + let (committer_key_g1, verifier_key_g1, committer_key_g2, verifier_key_g2) = + get_keys::<_, _, Blake2s>(¶ms_g1, ¶ms_g2); //Generate fake params - let mut params_g1_fake = TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); + let mut params_g1_fake = + TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); params_g1_fake.ut_copy_params(¶ms_g1); - let mut params_g2_fake = TestIPAPCDum::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); + let mut params_g2_fake = + TestIPAPCDum::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); params_g2_fake.ut_copy_params(¶ms_g2); test_canonical_serialize_deserialize(true, &committer_key_g1); @@ -471,7 +486,7 @@ mod test { ¶ms_g1, ¶ms_g2, iteration_num_proofs, - generation_rng + generation_rng, ); assert!(&iteration_pcds[0].final_darlin_proof.is_valid()); @@ -487,7 +502,7 @@ mod test { ¶ms_g1_fake, ¶ms_g2_fake, iteration_num_proofs, - generation_rng + generation_rng, ); pcds_fake.append(&mut iteration_pcds_fake); @@ -515,7 +530,7 @@ mod test { &verifier_key_g2, Some(final_darlin_pcds_fake.as_slice()), Some(final_darlin_vks_fake.as_slice()), - rng + rng, ); println!("Test batch verification"); @@ -526,7 +541,7 @@ mod test { &verifier_key_g2, Some(final_darlin_pcds_fake.as_slice()), Some(final_darlin_vks_fake.as_slice()), - rng + rng, ); } @@ -543,15 +558,15 @@ mod test { let params_g1 = TestIPAPCDee::setup(segment_size - 1).unwrap(); let params_g2 = TestIPAPCDum::setup(segment_size - 1).unwrap(); - let ( - committer_key_g1, verifier_key_g1, - committer_key_g2, verifier_key_g2 - ) = get_keys::<_, _, Blake2s>(¶ms_g1, ¶ms_g2); + let (committer_key_g1, verifier_key_g1, committer_key_g2, verifier_key_g2) = + get_keys::<_, _, Blake2s>(¶ms_g1, ¶ms_g2); //Generate fake params - let mut params_g1_fake = TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); + let mut params_g1_fake = + TestIPAPCDee::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); params_g1_fake.ut_copy_params(¶ms_g1); - let mut params_g2_fake = TestIPAPCDum::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); + let mut params_g2_fake = + TestIPAPCDum::setup_from_seed(segment_size - 1, b"FAKE PROTOCOL").unwrap(); params_g2_fake.ut_copy_params(¶ms_g2); test_canonical_serialize_deserialize(true, &committer_key_g1); @@ -584,31 +599,37 @@ mod test { iteration_segment_size, ¶ms_g1, iteration_num_proofs, - generation_rng + generation_rng, ); assert!(&iteration_pcds[0].proof.is_valid()); test_canonical_serialize_deserialize(true, &iteration_pcds[0].proof); test_canonical_serialize_deserialize(true, &iteration_vks[0]); - let mut iteration_pcds = iteration_pcds.into_iter().map(|pcd| GeneralPCD::SimpleMarlin(pcd)).collect::>(); + let mut iteration_pcds = iteration_pcds + .into_iter() + .map(|pcd| GeneralPCD::SimpleMarlin(pcd)) + .collect::>(); pcds.append(&mut iteration_pcds); vks.append(&mut iteration_vks); - let (iteration_pcds_fake, mut iteration_vks_fake) = generate_simple_marlin_test_data( - iteration_num_constraints - 1, - iteration_segment_size, - ¶ms_g1_fake, - iteration_num_proofs, - generation_rng - ); + let (iteration_pcds_fake, mut iteration_vks_fake) = + generate_simple_marlin_test_data( + iteration_num_constraints - 1, + iteration_segment_size, + ¶ms_g1_fake, + iteration_num_proofs, + generation_rng, + ); - let mut iteration_pcds_fake = iteration_pcds_fake.into_iter().map(|pcd| GeneralPCD::SimpleMarlin(pcd)).collect::>(); + let mut iteration_pcds_fake = iteration_pcds_fake + .into_iter() + .map(|pcd| GeneralPCD::SimpleMarlin(pcd)) + .collect::>(); pcds_fake.append(&mut iteration_pcds_fake); vks_fake.append(&mut iteration_vks_fake); - } else { let (iteration_pcds, mut iteration_vks) = generate_final_darlin_test_data( iteration_num_constraints - 1, @@ -616,14 +637,17 @@ mod test { ¶ms_g1, ¶ms_g2, iteration_num_proofs, - generation_rng + generation_rng, ); assert!(&iteration_pcds[0].final_darlin_proof.is_valid()); test_canonical_serialize_deserialize(true, &iteration_pcds[0].final_darlin_proof); test_canonical_serialize_deserialize(true, &iteration_vks[0]); - let mut iteration_pcds = iteration_pcds.into_iter().map(|pcd| GeneralPCD::FinalDarlin(pcd)).collect::>(); + let mut iteration_pcds = iteration_pcds + .into_iter() + .map(|pcd| GeneralPCD::FinalDarlin(pcd)) + .collect::>(); pcds.append(&mut iteration_pcds); vks.append(&mut iteration_vks); @@ -634,10 +658,13 @@ mod test { ¶ms_g1_fake, ¶ms_g2_fake, iteration_num_proofs, - generation_rng + generation_rng, ); - let mut iteration_pcds_fake = iteration_pcds_fake.into_iter().map(|pcd| GeneralPCD::FinalDarlin(pcd)).collect::>(); + let mut iteration_pcds_fake = iteration_pcds_fake + .into_iter() + .map(|pcd| GeneralPCD::FinalDarlin(pcd)) + .collect::>(); pcds_fake.append(&mut iteration_pcds_fake); vks_fake.append(&mut iteration_vks_fake); @@ -654,7 +681,7 @@ mod test { &verifier_key_g2, Some(pcds_fake.as_slice()), Some(vks_fake.as_slice()), - rng + rng, ); println!("Test batch verification"); @@ -665,14 +692,13 @@ mod test { &verifier_key_g2, Some(pcds_fake.as_slice()), Some(vks_fake.as_slice()), - rng + rng, ); } #[ignore] #[test] fn test_final_darlin_size() { - // Set params let num_constraints = 1 << 19; let segment_size = 1 << 17; @@ -687,19 +713,16 @@ mod test { let proof; if Path::new(file_path).exists() { - let fs = File::open(file_path).unwrap(); proof = FinalDarlinProof::deserialize(fs).unwrap(); - } else { - let (iteration_pcds, _) = generate_final_darlin_test_data::<_, _, Blake2s, _>( num_constraints - 1, segment_size, ¶ms_g1, ¶ms_g2, 1, - generation_rng + generation_rng, ); proof = iteration_pcds[0].final_darlin_proof.clone(); @@ -713,22 +736,58 @@ mod test { println!("{} - FinalDarlinProof", proof.serialized_size()); println!("-- {} - MarlinProof", proof.proof.serialized_size()); - println!("---- {} - commitments ({})", - proof.proof.commitments.serialized_size() - - (proof.proof.commitments.iter().flatten().collect::>().len() * 4), - proof.proof.commitments.iter().flatten().collect::>().len() + println!( + "---- {} - commitments ({})", + proof.proof.commitments.serialized_size() + - (proof + .proof + .commitments + .iter() + .flatten() + .collect::>() + .len() + * 4), + proof + .proof + .commitments + .iter() + .flatten() + .collect::>() + .len() ); - println!("---- {} - evaluations ({})", - proof.proof.evaluations.serialized_size() - 8, - proof.proof.evaluations.len() + println!( + "---- {} - evaluations ({})", + proof.proof.evaluations.serialized_size() - 8, + proof.proof.evaluations.len() ); println!("---- {} - pc_proof", proof.proof.pc_proof.serialized_size()); - println!("-- {} - FinalDarlinDeferredData", proof.deferred.serialized_size()); - println!("---- {} - DLogAccumulatorG1", proof.deferred.pre_previous_acc.serialized_size()); - println!("------ {} - G_final", proof.deferred.pre_previous_acc.g_final.serialized_size()); - println!("------ {} - xi_s", proof.deferred.pre_previous_acc.xi_s.serialized_size()); - println!("---- {} - DLogAccumulatorG2", proof.deferred.previous_acc.serialized_size()); - println!("------ {} - G_final", proof.deferred.previous_acc.g_final.serialized_size()); - println!("------ {} - xi_s", proof.deferred.previous_acc.xi_s.serialized_size()); + println!( + "-- {} - FinalDarlinDeferredData", + proof.deferred.serialized_size() + ); + println!( + "---- {} - DLogAccumulatorG1", + proof.deferred.pre_previous_acc.serialized_size() + ); + println!( + "------ {} - G_final", + proof.deferred.pre_previous_acc.g_final.serialized_size() + ); + println!( + "------ {} - xi_s", + proof.deferred.pre_previous_acc.xi_s.serialized_size() + ); + println!( + "---- {} - DLogAccumulatorG2", + proof.deferred.previous_acc.serialized_size() + ); + println!( + "------ {} - G_final", + proof.deferred.previous_acc.g_final.serialized_size() + ); + println!( + "------ {} - xi_s", + proof.deferred.previous_acc.xi_s.serialized_size() + ); } -} \ No newline at end of file +} diff --git a/proof-systems/src/darlin/tests/simple_marlin.rs b/proof-systems/src/darlin/tests/simple_marlin.rs index d64d7de5f..cb97ba6e0 100644 --- a/proof-systems/src/darlin/tests/simple_marlin.rs +++ b/proof-systems/src/darlin/tests/simple_marlin.rs @@ -1,18 +1,17 @@ -//! A R1CS density one test circuit of specified number of constraints, which processes +//! A R1CS density one test circuit of specified number of constraints, which processes //! two public inputs satisfying a simple quadratic relation. -use algebra::{Field, AffineCurve, UniformRand}; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; -use poly_commit::ipa_pc::{InnerProductArgPC, CommitterKey, Parameters}; -use marlin::{ - Marlin, ProverKey as MarlinProverKey, VerifierKey as MarlinVerifierKey, -}; use crate::darlin::pcd::{ - PCDParameters, simple_marlin::{SimpleMarlinPCD, MarlinProof} + simple_marlin::{MarlinProof, SimpleMarlinPCD}, + PCDParameters, }; -use rand::{ Rng, RngCore }; +use algebra::{AffineCurve, Field, UniformRand}; use digest::Digest; -use std::ops::MulAssign; +use marlin::{Marlin, ProverKey as MarlinProverKey, VerifierKey as MarlinVerifierKey}; +use poly_commit::ipa_pc::{CommitterKey, InnerProductArgPC, Parameters}; use poly_commit::DomainExtendedPolynomialCommitment; +use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; +use rand::{Rng, RngCore}; +use std::ops::MulAssign; /// A simple test circuit with two field elements c,d as inputs, enforced to satisfy /// (c,d) = a*(b,b^2), @@ -65,7 +64,7 @@ impl ConstraintSynthesizer for Circuit( num_constraints: usize, zk: bool, rng: &mut R, -) -> SimpleMarlinPCD<'a, G, D> -{ +) -> SimpleMarlinPCD<'a, G, D> { let a = G::ScalarField::rand(rng); let b = G::ScalarField::rand(rng); let mut c = a; @@ -108,19 +106,21 @@ pub fn generate_test_pcd<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( num_variables: num_constraints, }; - let proof = Marlin::>, D>::prove( - marlin_pk, - pc_ck, - circ, - zk, - if zk { Some(rng) } else { None } - ).unwrap(); + let proof = + Marlin::>, D>::prove( + marlin_pk, + pc_ck, + circ, + zk, + if zk { Some(rng) } else { None }, + ) + .unwrap(); SimpleMarlinPCD::<'a, G, D>::new(MarlinProof::(proof), vec![c, d]) } /// Generates `num_proofs` random instances of SimpleMarlinPCDs for `Circuit` with -/// `num_constraints`, using the given `segment_size` for the dlog commitment scheme. +/// `num_constraints`, using the given `segment_size` for the dlog commitment scheme. #[allow(dead_code)] pub fn generate_test_data<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( num_constraints: usize, @@ -130,9 +130,8 @@ pub fn generate_test_data<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( rng: &mut R, ) -> ( Vec>, - Vec>>> -) -{ + Vec>>>, +) { // Trim committer key and verifier key let config = PCDParameters { segment_size }; let (committer_key, _) = config.universal_setup::<_, D>(params).unwrap(); @@ -145,18 +144,19 @@ pub fn generate_test_data<'a, G: AffineCurve, D: Digest + 'a, R: RngCore>( num_variables: num_constraints, }; - let (index_pk, index_vk) = Marlin::>, D>::index( - &committer_key, circ.clone() - ).unwrap(); + let (index_pk, index_vk) = Marlin::< + G, + DomainExtendedPolynomialCommitment>, + D, + >::index(&committer_key, circ.clone()) + .unwrap(); // Generate Marlin PCDs - let simple_marlin_pcd = generate_test_pcd::( - &committer_key, - &index_pk, - num_constraints, - rng.gen(), - rng, - ); + let simple_marlin_pcd = + generate_test_pcd::(&committer_key, &index_pk, num_constraints, rng.gen(), rng); - (vec![simple_marlin_pcd; num_proofs], vec![index_vk; num_proofs]) -} \ No newline at end of file + ( + vec![simple_marlin_pcd; num_proofs], + vec![index_vk; num_proofs], + ) +} diff --git a/proof-systems/src/gm17/examples/recursive-snark/constraints.rs b/proof-systems/src/gm17/examples/recursive-snark/constraints.rs index 32e7d6833..2db12dbf7 100644 --- a/proof-systems/src/gm17/examples/recursive-snark/constraints.rs +++ b/proof-systems/src/gm17/examples/recursive-snark/constraints.rs @@ -1,20 +1,17 @@ -// This example uses Groth17 over Coda's MNT cycle to wrap a base circuit (the "inner circuit") of -// specified number of inputs and constraints twice. See the description of the Groth16 example for +// This example uses Groth17 over Coda's MNT cycle to wrap a base circuit (the "inner circuit") of +// specified number of inputs and constraints twice. See the description of the Groth16 example for // details. -use algebra::{fields::FpParameters, Field, PrimeField, PairingEngine, ToConstraintField, ToBits}; +use algebra::{fields::FpParameters, Field, PairingEngine, PrimeField, ToBits, ToConstraintField}; +use proof_systems::gm17::{Parameters, Proof}; +use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use r1cs_crypto::nizk::{ + gm17::{Gm17, Gm17VerifierGadget, ProofGadget, VerifyingKeyGadget}, NIZKVerifierGadget, - gm17::{ - Gm17VerifierGadget, ProofGadget, VerifyingKeyGadget, - Gm17, - }, }; -use proof_systems::gm17::{Parameters, Proof}; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use r1cs_std::{ alloc::AllocGadget, bits::ToBitsGadget, boolean::Boolean, fields::fp::FpGadget, - pairing::PairingGadget as PG + pairing::PairingGadget as PG, }; use std::marker::PhantomData; @@ -152,9 +149,7 @@ impl MiddleCircuit { ) -> Vec<::Fr> { let input_bits = inputs .iter() - .flat_map(|input| { - input.write_bits() - }) + .flat_map(|input| input.write_bits()) .collect::>(); input_bits[..].to_field_elements().unwrap() @@ -178,15 +173,14 @@ impl ConstraintSynthesizer< // Chain all input values in one large bit array. let input_bits = inputs .into_iter() - .flat_map(|input| { - input.write_bits() - }) + .flat_map(|input| input.write_bits()) .collect::>(); // Allocate this bit array as input packed into field elements. let input_bits = Boolean::alloc_input_vec(cs.ns(|| "Input"), &input_bits[..])?; - let element_size = <::Fr as PrimeField>::Params::MODULUS_BITS; + let element_size = + <::Fr as PrimeField>::Params::MODULUS_BITS; input_gadgets = input_bits .chunks(element_size as usize) .map(|chunk| { diff --git a/proof-systems/src/gm17/examples/recursive-snark/gm17.rs b/proof-systems/src/gm17/examples/recursive-snark/gm17.rs index 045185cef..0f4ea85c7 100644 --- a/proof-systems/src/gm17/examples/recursive-snark/gm17.rs +++ b/proof-systems/src/gm17/examples/recursive-snark/gm17.rs @@ -29,11 +29,8 @@ use csv; // For randomness (during paramgen and proof generation) use algebra::{ - curves::{ - mnt4753::MNT4 as MNT4_753, - mnt6753::MNT6 as MNT6_753, - }, - UniformRand, PairingEngine + curves::{mnt4753::MNT4 as MNT4_753, mnt6753::MNT6 as MNT6_753}, + PairingEngine, UniformRand, }; use r1cs_std::instantiated::{ diff --git a/proof-systems/src/gm17/examples/snark-scalability/constraints.rs b/proof-systems/src/gm17/examples/snark-scalability/constraints.rs index 991f3fe75..2942c836e 100644 --- a/proof-systems/src/gm17/examples/snark-scalability/constraints.rs +++ b/proof-systems/src/gm17/examples/snark-scalability/constraints.rs @@ -4,7 +4,7 @@ use std::marker::PhantomData; pub struct Benchmark { num_constraints: usize, - _engine: PhantomData, + _engine: PhantomData, } impl Benchmark { @@ -17,7 +17,10 @@ impl Benchmark { } impl ConstraintSynthesizer for Benchmark { - fn generate_constraints>(self, cs: &mut CS) -> Result<(), SynthesisError> { + fn generate_constraints>( + self, + cs: &mut CS, + ) -> Result<(), SynthesisError> { let mut assignments = Vec::new(); let mut a_val = F::one(); diff --git a/proof-systems/src/gm17/generator.rs b/proof-systems/src/gm17/generator.rs index 7b49a73ce..8fe37f13f 100644 --- a/proof-systems/src/gm17/generator.rs +++ b/proof-systems/src/gm17/generator.rs @@ -1,18 +1,14 @@ +use algebra::fft::domain::{get_best_evaluation_domain, sample_element_outside_domain}; use algebra::msm::FixedBaseMSM; -use algebra::fft::domain::{ - get_best_evaluation_domain, sample_element_outside_domain, -}; -use algebra::{ - UniformRand, - AffineCurve, Field, PairingEngine, PrimeField, ProjectiveCurve, -}; +use algebra::{AffineCurve, Field, PairingEngine, PrimeField, ProjectiveCurve, UniformRand}; +use r1cs_core::{ + ConstraintSynthesizer, ConstraintSystem, Index, LinearCombination, SynthesisError, Variable, +}; use rand::Rng; use rayon::prelude::*; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, Index, LinearCombination, SynthesisError, Variable}; - -use crate::gm17::{Parameters, VerifyingKey, r1cs_to_sap::R1CStoSAP}; +use crate::gm17::{r1cs_to_sap::R1CStoSAP, Parameters, VerifyingKey}; /// Generates a random common reference string for /// a circuit. @@ -37,12 +33,12 @@ where /// This is our assembly structure that we'll use to synthesize the /// circuit into a SAP. pub struct KeypairAssembly { - pub(crate) num_inputs: usize, - pub(crate) num_aux: usize, + pub(crate) num_inputs: usize, + pub(crate) num_aux: usize, pub(crate) num_constraints: usize, - pub(crate) at: Vec>, - pub(crate) bt: Vec>, - pub(crate) ct: Vec>, + pub(crate) at: Vec>, + pub(crate) bt: Vec>, + pub(crate) ct: Vec>, } impl ConstraintSystem for KeypairAssembly { @@ -161,12 +157,12 @@ where R: Rng, { let mut assembly = KeypairAssembly { - num_inputs: 0, - num_aux: 0, + num_inputs: 0, + num_aux: 0, num_constraints: 0, - at: vec![], - bt: vec![], - ct: vec![], + at: vec![], + bt: vec![], + ct: vec![], }; // Allocate the "one" input variable @@ -302,8 +298,6 @@ where )?; end_timer!(b_time); - - end_timer!(proving_key_time); // Generate R1CS verification key @@ -313,12 +307,12 @@ where end_timer!(verifying_key_time); let vk = VerifyingKey:: { - h_g2: h.into_affine(), + h_g2: h.into_affine(), g_alpha_g1: g_alpha.into_affine(), - h_beta_g2: h_beta.into_affine(), + h_beta_g2: h_beta.into_affine(), g_gamma_g1: g_gamma.into_affine(), h_gamma_g2: h_gamma.into_affine(), - query: verifier_query + query: verifier_query .into_par_iter() .map(|e| e.into_affine()) .collect(), diff --git a/proof-systems/src/gm17/mod.rs b/proof-systems/src/gm17/mod.rs index 210bddf0f..a8e3baaf1 100644 --- a/proof-systems/src/gm17/mod.rs +++ b/proof-systems/src/gm17/mod.rs @@ -2,8 +2,8 @@ //! [GM17]: https://eprint.iacr.org/2017/540 use algebra::{bytes::ToBytes, PairingEngine}; use r1cs_core::SynthesisError; +use serde::{Deserialize, Serialize}; use std::io::{self, Read, Result as IoResult, Write}; -use serde::{Serialize, Deserialize}; /// Reduce an R1CS instance to a *Square Arithmetic Program* instance. pub mod r1cs_to_sap; @@ -56,7 +56,7 @@ impl Default for Proof { } impl Proof { - /// Serialize the proof into bytes, for storage on disk or transmission + /// Serialize the proof into bytes, for storage on disk or transmission /// over the network. pub fn write(&self, mut _writer: W) -> io::Result<()> { // TODO: implement serialization @@ -73,12 +73,12 @@ impl Proof { /// A verification key in the GM17 SNARK. #[derive(Clone, Serialize, Deserialize)] pub struct VerifyingKey { - pub h_g2: E::G2Affine, + pub h_g2: E::G2Affine, pub g_alpha_g1: E::G1Affine, - pub h_beta_g2: E::G2Affine, + pub h_beta_g2: E::G2Affine, pub g_gamma_g1: E::G1Affine, pub h_gamma_g2: E::G2Affine, - pub query: Vec, + pub query: Vec, } impl ToBytes for VerifyingKey { @@ -98,12 +98,12 @@ impl ToBytes for VerifyingKey { impl Default for VerifyingKey { fn default() -> Self { Self { - h_g2: E::G2Affine::default(), + h_g2: E::G2Affine::default(), g_alpha_g1: E::G1Affine::default(), - h_beta_g2: E::G2Affine::default(), + h_beta_g2: E::G2Affine::default(), g_gamma_g1: E::G1Affine::default(), h_gamma_g2: E::G2Affine::default(), - query: Vec::new(), + query: Vec::new(), } } } @@ -120,7 +120,7 @@ impl PartialEq for VerifyingKey { } impl VerifyingKey { - /// Serialize the verification key into bytes, for storage on disk + /// Serialize the verification key into bytes, for storage on disk /// or transmission over the network. pub fn write(&self, mut _writer: W) -> io::Result<()> { // TODO: implement serialization @@ -137,15 +137,15 @@ impl VerifyingKey { /// Full public (prover and verifier) parameters for the GM17 zkSNARK. #[derive(Clone, Serialize, Deserialize)] pub struct Parameters { - pub vk: VerifyingKey, - pub a_query: Vec, - pub b_query: Vec, - pub c_query_1: Vec, - pub c_query_2: Vec, - pub g_gamma_z: E::G1Affine, - pub h_gamma_z: E::G2Affine, + pub vk: VerifyingKey, + pub a_query: Vec, + pub b_query: Vec, + pub c_query_1: Vec, + pub c_query_2: Vec, + pub g_gamma_z: E::G1Affine, + pub h_gamma_z: E::G2Affine, pub g_ab_gamma_z: E::G1Affine, - pub g_gamma2_z2: E::G1Affine, + pub g_gamma2_z2: E::G1Affine, pub g_gamma2_z_t: Vec, } @@ -182,14 +182,14 @@ impl Parameters { /// at the expense of larger size in memory. #[derive(Clone, Serialize, Deserialize)] pub struct PreparedVerifyingKey { - pub vk: VerifyingKey, - pub g_alpha: E::G1Affine, - pub h_beta: E::G2Affine, + pub vk: VerifyingKey, + pub g_alpha: E::G1Affine, + pub h_beta: E::G2Affine, pub g_alpha_h_beta_ml: E::Fqk, - pub g_gamma_pc: E::G1Prepared, - pub h_gamma_pc: E::G2Prepared, - pub h_pc: E::G2Prepared, - pub query: Vec, + pub g_gamma_pc: E::G1Prepared, + pub h_gamma_pc: E::G2Prepared, + pub h_pc: E::G2Prepared, + pub query: Vec, } impl From> for VerifyingKey { @@ -207,14 +207,14 @@ impl From> for PreparedVerifyingKey { impl Default for PreparedVerifyingKey { fn default() -> Self { Self { - vk: VerifyingKey::default(), - g_alpha: E::G1Affine::default(), - h_beta: E::G2Affine::default(), + vk: VerifyingKey::default(), + g_alpha: E::G1Affine::default(), + h_beta: E::G2Affine::default(), g_alpha_h_beta_ml: E::Fqk::default(), - g_gamma_pc: E::G1Prepared::default(), - h_gamma_pc: E::G2Prepared::default(), - h_pc: E::G2Prepared::default(), - query: Vec::new(), + g_gamma_pc: E::G1Prepared::default(), + h_gamma_pc: E::G2Prepared::default(), + h_pc: E::G2Prepared::default(), + query: Vec::new(), } } } diff --git a/proof-systems/src/gm17/prover.rs b/proof-systems/src/gm17/prover.rs index 364fc3a43..ed80d3e64 100644 --- a/proof-systems/src/gm17/prover.rs +++ b/proof-systems/src/gm17/prover.rs @@ -1,15 +1,15 @@ use rand::Rng; use rayon::prelude::*; -use algebra::{ - UniformRand, AffineCurve, Field, PairingEngine, PrimeField, ProjectiveCurve, -}; use algebra::msm::VariableBaseMSM; +use algebra::{AffineCurve, Field, PairingEngine, PrimeField, ProjectiveCurve, UniformRand}; -use crate::gm17::{Parameters, Proof}; use crate::gm17::r1cs_to_sap::R1CStoSAP; +use crate::gm17::{Parameters, Proof}; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, Index, LinearCombination, SynthesisError, Variable}; +use r1cs_core::{ + ConstraintSynthesizer, ConstraintSystem, Index, LinearCombination, SynthesisError, Variable, +}; use smallvec::SmallVec; @@ -37,11 +37,11 @@ fn eval( Index::Input(i) => { constraints[this_constraint].push((coeff, Index::Input(i))); tmp = input_assignment[i]; - }, + } Index::Aux(i) => { constraints[this_constraint].push((coeff, Index::Aux(i))); tmp = aux_assignment[i]; - }, + } } if coeff.is_one() { @@ -68,10 +68,10 @@ pub struct ProvingAssignment { // Assignments of variables pub(crate) input_assignment: Vec, - pub(crate) aux_assignment: Vec, - pub(crate) num_inputs: usize, - pub(crate) num_aux: usize, - pub(crate) num_constraints: usize, + pub(crate) aux_assignment: Vec, + pub(crate) num_inputs: usize, + pub(crate) num_aux: usize, + pub(crate) num_constraints: usize, } impl ProvingAssignment { @@ -208,17 +208,17 @@ where { let prover_time = start_timer!(|| "Prover"); let mut prover = ProvingAssignment { - at: vec![], - bt: vec![], - ct: vec![], - a: vec![], - b: vec![], - c: vec![], + at: vec![], + bt: vec![], + ct: vec![], + a: vec![], + b: vec![], + c: vec![], input_assignment: vec![], - aux_assignment: vec![], - num_inputs: 0, - num_aux: 0, - num_constraints: 0, + aux_assignment: vec![], + num_inputs: 0, + num_aux: 0, + num_constraints: 0, }; // Allocate the "one" input variable diff --git a/proof-systems/src/gm17/r1cs_to_sap.rs b/proof-systems/src/gm17/r1cs_to_sap.rs index 20c6077ea..dc719741e 100644 --- a/proof-systems/src/gm17/r1cs_to_sap.rs +++ b/proof-systems/src/gm17/r1cs_to_sap.rs @@ -234,7 +234,9 @@ impl R1CStoSAP { domain.ifft_in_place(&mut c); domain.coset_fft_in_place(&mut c); - aa.par_iter_mut().zip(c).for_each(|(aa_i, c_i)| *aa_i -= &c_i); + aa.par_iter_mut() + .zip(c) + .for_each(|(aa_i, c_i)| *aa_i -= &c_i); domain.divide_by_vanishing_poly_on_coset_in_place(&mut aa); domain.coset_ifft_in_place(&mut aa); diff --git a/proof-systems/src/gm17/test.rs b/proof-systems/src/gm17/test.rs index 58911e76e..164c1615f 100644 --- a/proof-systems/src/gm17/test.rs +++ b/proof-systems/src/gm17/test.rs @@ -21,7 +21,7 @@ impl ConstraintSynthesizer for MySillyCircuit ConstraintSynthesizer for MySillyCircuit(); test_prove_and_verify::(); } -} \ No newline at end of file +} diff --git a/proof-systems/src/gm17/verifier.rs b/proof-systems/src/gm17/verifier.rs index 26058f525..a9dfc04f4 100644 --- a/proof-systems/src/gm17/verifier.rs +++ b/proof-systems/src/gm17/verifier.rs @@ -6,18 +6,18 @@ use crate::gm17::SynthesisError; use std::ops::{AddAssign, MulAssign, Neg}; -pub fn prepare_verifying_key(vk: &VerifyingKey) -> Result, SynthesisError> { +pub fn prepare_verifying_key( + vk: &VerifyingKey, +) -> Result, SynthesisError> { Ok(PreparedVerifyingKey { - vk: vk.clone(), - g_alpha: vk.g_alpha_g1, - h_beta: vk.h_beta_g2, - g_alpha_h_beta_ml: E::miller_loop( - [(vk.g_alpha_g1.into(), vk.h_beta_g2.into())].iter(), - )?, - g_gamma_pc: vk.g_gamma_g1.into(), - h_gamma_pc: vk.h_gamma_g2.into(), - h_pc: vk.h_g2.into(), - query: vk.query.clone(), + vk: vk.clone(), + g_alpha: vk.g_alpha_g1, + h_beta: vk.h_beta_g2, + g_alpha_h_beta_ml: E::miller_loop([(vk.g_alpha_g1.into(), vk.h_beta_g2.into())].iter())?, + g_gamma_pc: vk.g_gamma_g1.into(), + h_gamma_pc: vk.h_gamma_g2.into(), + h_pc: vk.h_g2.into(), + query: vk.query.clone(), }) } diff --git a/proof-systems/src/groth16/benches/bn382_gro16_test_circuits.rs b/proof-systems/src/groth16/benches/bn382_gro16_test_circuits.rs index a556c014c..7b44f30d9 100644 --- a/proof-systems/src/groth16/benches/bn382_gro16_test_circuits.rs +++ b/proof-systems/src/groth16/benches/bn382_gro16_test_circuits.rs @@ -1,22 +1,16 @@ -use algebra::{ - fields::bn_382::Fr, - curves::bn_382::Bn382, - UniformRand, PrimeField, -}; -use r1cs_core::{SynthesisError, ConstraintSynthesizer, ConstraintSystem}; -use proof_systems::groth16::{generate_random_parameters, create_random_proof}; - -use criterion::{BenchmarkId, BatchSize}; +use algebra::{curves::bn_382::Bn382, fields::bn_382::Fr, PrimeField, UniformRand}; +use proof_systems::groth16::{create_random_proof, generate_random_parameters}; +use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; + use criterion::Criterion; -use r1cs_std::Assignment; -use r1cs_std::fields::fp::FpGadget; +use criterion::{BatchSize, BenchmarkId}; +use r1cs_std::alloc::AllocGadget; use r1cs_std::eq::EqGadget; +use r1cs_std::fields::fp::FpGadget; use r1cs_std::fields::FieldGadget; -use r1cs_std::alloc::AllocGadget; +use r1cs_std::Assignment; -use rand::{ - rngs::OsRng, thread_rng -}; +use rand::{rngs::OsRng, thread_rng}; use std::time::{SystemTime, UNIX_EPOCH}; @@ -46,44 +40,38 @@ impl ConstraintSynthesizer for TestCircuit1 { self, cs: &mut CS, ) -> Result<(), SynthesisError> { + let mut a_k_minus_1 = FpGadget::::alloc_input(cs.ns(|| "alloc a"), || { + self.a.ok_or(SynthesisError::AssignmentMissing) + })?; - let mut a_k_minus_1 = FpGadget::::alloc_input( - cs.ns(|| "alloc a"), - || self.a.ok_or(SynthesisError::AssignmentMissing) - )?; - - let mut b_k_minus_1 = FpGadget::::alloc_input( - cs.ns(|| "alloc b"), - || self.b.ok_or(SynthesisError::AssignmentMissing) - )?; + let mut b_k_minus_1 = FpGadget::::alloc_input(cs.ns(|| "alloc b"), || { + self.b.ok_or(SynthesisError::AssignmentMissing) + })?; let zero = FpGadget::::zero(cs.ns(|| "alloc zero"))?; a_k_minus_1.enforce_not_equal(cs.ns(|| "a_0 != 0"), &zero)?; b_k_minus_1.enforce_not_equal(cs.ns(|| "b_0 != 0"), &zero)?; - for k in 0..(self.num_constraints - 5)/2 { - - let a_k = FpGadget::::alloc( - cs.ns(|| format!("alloc a_{}", k)), - || Ok(a_k_minus_1.value.get()? * &b_k_minus_1.value.get()?) - )?; + for k in 0..(self.num_constraints - 5) / 2 { + let a_k = FpGadget::::alloc(cs.ns(|| format!("alloc a_{}", k)), || { + Ok(a_k_minus_1.value.get()? * &b_k_minus_1.value.get()?) + })?; - let b_k = FpGadget::::alloc( - cs.ns(|| format!("alloc b_{}", k)), - || Ok(b_k_minus_1.value.get()? * &a_k_minus_1.value.get()?) - )?; + let b_k = FpGadget::::alloc(cs.ns(|| format!("alloc b_{}", k)), || { + Ok(b_k_minus_1.value.get()? * &a_k_minus_1.value.get()?) + })?; a_k_minus_1.mul_equals( cs.ns(|| format!("a_{} * b_{} = a_{}", k - 1, k - 1, k)), &b_k_minus_1, - &a_k + &a_k, )?; b_k_minus_1.mul_equals( cs.ns(|| format!("b_{} * a_{} = b_{}", k - 1, k - 1, k)), &a_k_minus_1, - &b_k + &b_k, )?; a_k_minus_1 = a_k; @@ -99,44 +87,38 @@ impl ConstraintSynthesizer for TestCircuit2 { self, cs: &mut CS, ) -> Result<(), SynthesisError> { + let mut a_k_minus_1 = FpGadget::::alloc_input(cs.ns(|| "alloc a"), || { + self.a.ok_or(SynthesisError::AssignmentMissing) + })?; - let mut a_k_minus_1 = FpGadget::::alloc_input( - cs.ns(|| "alloc a"), - || self.a.ok_or(SynthesisError::AssignmentMissing) - )?; - - let mut b_k_minus_1 = FpGadget::::alloc_input( - cs.ns(|| "alloc b"), - || self.b.ok_or(SynthesisError::AssignmentMissing) - )?; + let mut b_k_minus_1 = FpGadget::::alloc_input(cs.ns(|| "alloc b"), || { + self.b.ok_or(SynthesisError::AssignmentMissing) + })?; let zero = FpGadget::::zero(cs.ns(|| "alloc zero"))?; a_k_minus_1.enforce_not_equal(cs.ns(|| "a_0 != 0"), &zero)?; b_k_minus_1.enforce_not_equal(cs.ns(|| "b_0 != 0"), &zero)?; - for k in 0..(self.num_constraints - 5)/2 { + for k in 0..(self.num_constraints - 5) / 2 { + let a_k = FpGadget::::alloc(cs.ns(|| format!("alloc a_{}", k)), || { + Ok(a_k_minus_1.value.get()? * &b_k_minus_1.value.get()?.inverse().get()?) + })?; - let a_k = FpGadget::::alloc( - cs.ns(|| format!("alloc a_{}", k)), - || Ok(a_k_minus_1.value.get()? * &b_k_minus_1.value.get()?.inverse().get()?) - )?; - - let b_k = FpGadget::::alloc( - cs.ns(|| format!("alloc b_{}", k)), - || Ok(b_k_minus_1.value.get()? * &a_k_minus_1.value.get()?) - )?; + let b_k = FpGadget::::alloc(cs.ns(|| format!("alloc b_{}", k)), || { + Ok(b_k_minus_1.value.get()? * &a_k_minus_1.value.get()?) + })?; a_k.mul_equals( cs.ns(|| format!("a_{} * b_{} = a_{}", k, k - 1, k - 1)), &b_k_minus_1, - &a_k_minus_1 + &a_k_minus_1, )?; b_k_minus_1.mul_equals( cs.ns(|| format!("b_{} * a_{} = b_{}", k - 1, k - 1, k)), &a_k_minus_1, - &b_k + &b_k, )?; a_k_minus_1 = a_k; @@ -147,27 +129,38 @@ impl ConstraintSynthesizer for TestCircuit2 { } } -fn bench_prover_circuit1(c: &mut Criterion){ - +fn bench_prover_circuit1(c: &mut Criterion) { let mut rng = thread_rng(); let mut group = c.benchmark_group("gro16-bn382-test circuit 1-variable constraints"); let num_constraints = (14..=22).map(|i| 2usize.pow(i)).collect::>(); - for &num_constraints in num_constraints.iter() - { - let params = { - let c = TestCircuit1::{ num_constraints, a: None, b: None }; - generate_random_parameters::(c, &mut rng).unwrap() + for &num_constraints in num_constraints.iter() { + let params = { + let c = TestCircuit1:: { + num_constraints, + a: None, + b: None, }; - - add_to_trace!( - || format!("****************{}*******************", num_constraints), - || format!("--->START TIMESTAMP: {:?}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) - ); - - group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _constraints| { + generate_random_parameters::(c, &mut rng).unwrap() + }; + + add_to_trace!( + || format!("****************{}*******************", num_constraints), + || format!( + "--->START TIMESTAMP: {:?}", + SystemTime::now() + .duration_since(UNIX_EPOCH) + .unwrap() + .as_secs() + ) + ); + + group.bench_with_input( + BenchmarkId::from_parameter(num_constraints), + &num_constraints, + |bn, _constraints| { bn.iter_batched( || { let mut rng = OsRng::default(); @@ -176,45 +169,63 @@ fn bench_prover_circuit1(c: &mut Criterion){ (a, b) }, |(a, b)| { - let c = TestCircuit1{ num_constraints, a: Some(a), b: Some(b) }; - - create_random_proof( - c, - ¶ms, - &mut rng, - ) - .unwrap(); + let c = TestCircuit1 { + num_constraints, + a: Some(a), + b: Some(b), + }; + create_random_proof(c, ¶ms, &mut rng).unwrap(); }, - BatchSize::PerIteration + BatchSize::PerIteration, ); - }); - add_to_trace!( - || format!("****************{}*******************", num_constraints), - || format!("--->END TIMESTAMP: {:?}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) - ); } + }, + ); + add_to_trace!( + || format!("****************{}*******************", num_constraints), + || format!( + "--->END TIMESTAMP: {:?}", + SystemTime::now() + .duration_since(UNIX_EPOCH) + .unwrap() + .as_secs() + ) + ); + } group.finish(); } -fn bench_prover_circuit2(c: &mut Criterion){ +fn bench_prover_circuit2(c: &mut Criterion) { let mut rng = thread_rng(); let mut group = c.benchmark_group("gro16-bn382-test circuit 2-variable constraints"); let num_constraints = (14..=22).map(|i| 2usize.pow(i)).collect::>(); - for &num_constraints in num_constraints.iter() - { - let params = { - let c = TestCircuit2::{ num_constraints, a: None, b: None }; - generate_random_parameters::(c, &mut rng).unwrap() + for &num_constraints in num_constraints.iter() { + let params = { + let c = TestCircuit2:: { + num_constraints, + a: None, + b: None, }; - - add_to_trace!( - || format!("****************{}*******************", num_constraints), - || format!("--->START TIMESTAMP: {:?}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) - ); - group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _constraints| { + generate_random_parameters::(c, &mut rng).unwrap() + }; + + add_to_trace!( + || format!("****************{}*******************", num_constraints), + || format!( + "--->START TIMESTAMP: {:?}", + SystemTime::now() + .duration_since(UNIX_EPOCH) + .unwrap() + .as_secs() + ) + ); + group.bench_with_input( + BenchmarkId::from_parameter(num_constraints), + &num_constraints, + |bn, _constraints| { bn.iter_batched( || { let mut rng = OsRng::default(); @@ -223,22 +234,29 @@ fn bench_prover_circuit2(c: &mut Criterion){ (a, b) }, |(a, b)| { - let c = TestCircuit2{ num_constraints, a: Some(a), b: Some(b) }; + let c = TestCircuit2 { + num_constraints, + a: Some(a), + b: Some(b), + }; - create_random_proof( - c, - ¶ms, - &mut rng, - ).unwrap(); + create_random_proof(c, ¶ms, &mut rng).unwrap(); }, - BatchSize::PerIteration + BatchSize::PerIteration, ); - }); - add_to_trace!( - || format!("****************{}*******************", num_constraints), - || format!("--->END TIMESTAMP: {:?}", SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs()) - ); - } + }, + ); + add_to_trace!( + || format!("****************{}*******************", num_constraints), + || format!( + "--->END TIMESTAMP: {:?}", + SystemTime::now() + .duration_since(UNIX_EPOCH) + .unwrap() + .as_secs() + ) + ); + } group.finish(); } @@ -248,4 +266,4 @@ config = Criterion::default().sample_size(10); targets = bench_prover_circuit1, bench_prover_circuit2 ); -criterion_main!(bn382_gro16_test_circuits); \ No newline at end of file +criterion_main!(bn382_gro16_test_circuits); diff --git a/proof-systems/src/groth16/benches/gro16_bench.rs b/proof-systems/src/groth16/benches/gro16_bench.rs index 023cb8b05..0a9badb36 100644 --- a/proof-systems/src/groth16/benches/gro16_bench.rs +++ b/proof-systems/src/groth16/benches/gro16_bench.rs @@ -1,19 +1,15 @@ #[macro_use] extern crate criterion; -use algebra::{ - fields::bn_382::Fr, - curves::bn_382::Bn382, - UniformRand, PrimeField, Field, -}; -use r1cs_core::{SynthesisError, ConstraintSynthesizer, ConstraintSystem, LinearCombination}; -use proof_systems::groth16::{generate_random_parameters, create_random_proof}; +use algebra::{curves::bn_382::Bn382, fields::bn_382::Fr, Field, PrimeField, UniformRand}; +use proof_systems::groth16::{create_random_proof, generate_random_parameters}; +use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, LinearCombination, SynthesisError}; use rand::SeedableRng; use rand_xorshift::XorShiftRng; -use criterion::{BenchmarkId, BatchSize}; use criterion::Criterion; +use criterion::{BatchSize, BenchmarkId}; use std::marker::PhantomData; @@ -44,8 +40,8 @@ impl ConstraintSynthesizer for Benchmark { let new_entry = { let (input_1_val, input_1_var) = variables[i]; let (input_2_val, input_2_var) = variables[i + 1]; - let result_val = input_1_val - .and_then(|input_1| input_2_val.map(|input_2| input_1 * &input_2)); + let result_val = + input_1_val.and_then(|input_1| input_2_val.map(|input_2| input_1 * &input_2)); let result_var = cs.alloc( || format!("Result {}", i), || result_val.ok_or(SynthesisError::AssignmentMissing), @@ -66,7 +62,7 @@ impl ConstraintSynthesizer for Benchmark { pub struct BenchmarkHighDensities { num_constraints: usize, - _engine: PhantomData, + _engine: PhantomData, } impl ConstraintSynthesizer for BenchmarkHighDensities { @@ -144,71 +140,97 @@ impl ConstraintSynthesizer for BenchmarkHighDensities { } } -fn bench_prover_circuit_high_densities(c: &mut Criterion){ +fn bench_prover_circuit_high_densities(c: &mut Criterion) { let mut rng = XorShiftRng::seed_from_u64(1234567890u64); let mut group = c.benchmark_group("bench gro16 prover varying the number of constraints"); let num_constraints = (15..=23).map(|i| 2usize.pow(i) - 3).collect::>(); - for &num_constraints in num_constraints.iter() - { - println!("************************{}************************", num_constraints); - let params = { - let c = BenchmarkHighDensities::{ num_constraints, _engine: PhantomData }; - generate_random_parameters::(c, &mut rng).unwrap() + for &num_constraints in num_constraints.iter() { + println!( + "************************{}************************", + num_constraints + ); + let params = { + let c = BenchmarkHighDensities:: { + num_constraints, + _engine: PhantomData, }; - - group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _constraints| { - bn.iter( - || { - let c = BenchmarkHighDensities::{ num_constraints, _engine: PhantomData }; - create_random_proof(c, ¶ms, &mut rng).unwrap(); - }, - ); - }); - } + generate_random_parameters::(c, &mut rng).unwrap() + }; + + group.bench_with_input( + BenchmarkId::from_parameter(num_constraints), + &num_constraints, + |bn, _constraints| { + bn.iter(|| { + let c = BenchmarkHighDensities:: { + num_constraints, + _engine: PhantomData, + }; + create_random_proof(c, ¶ms, &mut rng).unwrap(); + }); + }, + ); + } group.finish(); } -fn bench_prover_circuit(c: &mut Criterion){ +fn bench_prover_circuit(c: &mut Criterion) { let mut rng = XorShiftRng::seed_from_u64(1234567890u64); - let mut group = c.benchmark_group("bench gro16 prover varying the number of constraints high densities"); + let mut group = + c.benchmark_group("bench gro16 prover varying the number of constraints high densities"); let num_inputs = 2; - let num_constraints = (15..=23).map(|i| 2usize.pow(i) - (num_inputs + 1)).collect::>(); - - for &num_constraints in num_constraints.iter() - { - println!("************************{}************************", num_constraints); - let params = { - let c = Benchmark::{ num_constraints, inputs: vec![None; num_inputs] }; - generate_random_parameters::(c, &mut rng).unwrap() + let num_constraints = (15..=23) + .map(|i| 2usize.pow(i) - (num_inputs + 1)) + .collect::>(); + + for &num_constraints in num_constraints.iter() { + println!( + "************************{}************************", + num_constraints + ); + let params = { + let c = Benchmark:: { + num_constraints, + inputs: vec![None; num_inputs], }; + generate_random_parameters::(c, &mut rng).unwrap() + }; - group.bench_with_input(BenchmarkId::from_parameter(num_constraints), &num_constraints, |bn, _constraints| { + group.bench_with_input( + BenchmarkId::from_parameter(num_constraints), + &num_constraints, + |bn, _constraints| { bn.iter_batched( || { let mut rng = XorShiftRng::seed_from_u64(num_constraints as u64); let mut v = Vec::with_capacity(num_inputs); - for _ in 0..num_inputs { v.push(Some(Fr::rand(&mut rng)))} + for _ in 0..num_inputs { + v.push(Some(Fr::rand(&mut rng))) + } v }, |v| { - let c = Benchmark::{ num_constraints, inputs: v }; + let c = Benchmark:: { + num_constraints, + inputs: v, + }; create_random_proof(c, ¶ms, &mut rng).unwrap(); }, - BatchSize::PerIteration + BatchSize::PerIteration, ); - }); - } + }, + ); + } group.finish(); } - criterion_group!( name = gro16_bench; config = Criterion::default().sample_size(10); targets = bench_prover_circuit, bench_prover_circuit_high_densities ); -criterion_main!(gro16_bench); \ No newline at end of file +criterion_main!(gro16_bench); diff --git a/proof-systems/src/groth16/examples/recursive-snark/constraints.rs b/proof-systems/src/groth16/examples/recursive-snark/constraints.rs index 15ab92e66..11e784b53 100644 --- a/proof-systems/src/groth16/examples/recursive-snark/constraints.rs +++ b/proof-systems/src/groth16/examples/recursive-snark/constraints.rs @@ -1,16 +1,13 @@ -// This example uses Groth16 over Coda's MNT cycle to wrap a base circuit (the "inner circuit") of -// specified number of inputs and constraints twice. -use algebra::{fields::FpParameters, Field, PrimeField, PairingEngine, ToConstraintField, ToBits}; +// This example uses Groth16 over Coda's MNT cycle to wrap a base circuit (the "inner circuit") of +// specified number of inputs and constraints twice. +use algebra::{fields::FpParameters, Field, PairingEngine, PrimeField, ToBits, ToConstraintField}; +use proof_systems::groth16::{Parameters, Proof}; +use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use r1cs_crypto::nizk::{ + groth16::{Groth16, Groth16VerifierGadget, ProofGadget, VerifyingKeyGadget}, NIZKVerifierGadget, - groth16::{ - Groth16VerifierGadget, ProofGadget, VerifyingKeyGadget, - Groth16, - }, }; -use proof_systems::groth16::{Parameters, Proof}; -use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use r1cs_std::{ alloc::AllocGadget, bits::ToBitsGadget, boolean::Boolean, fields::fp::FpGadget, pairing::PairingGadget as PG, @@ -39,7 +36,7 @@ type InnerProofSystem = Groth16< InnerCircuit<<::PairingEngineTick as PairingEngine>::Fr>, <::PairingEngineTick as PairingEngine>::Fr, >; -// Proof, key and verifier of a base proof are over the base field of the Tick, which is the scalar field +// Proof, key and verifier of a base proof are over the base field of the Tick, which is the scalar field // of the Tock. type InnerVerifierGadget = Groth16VerifierGadget< ::PairingEngineTick, @@ -63,7 +60,7 @@ type MiddleProofSystem = Groth16< MiddleCircuit, <::PairingEngineTock as PairingEngine>::Fr, >; -// Proof, key and verifier of the wrap are over the base field of the Tock, which is the scalar field +// Proof, key and verifier of the wrap are over the base field of the Tock, which is the scalar field // of the Tick. type MiddleVerifierGadget = Groth16VerifierGadget< ::PairingEngineTock, @@ -100,15 +97,15 @@ impl InnerCircuit { // The inner circuit is designed so that it produces typical timings for the Groth16 prover // but keeps the synthesizer costs low (no field inversions used): -// Its R1CS has m= |num_inputs|+|num_constraints| variables, and n = num_constraints simple -// multiplication constraints (R1CS density = 1 for all matrices). All QAP polynomials -// u_i(X), v_i(X) and w_i(X) are non-trivial, hence the prover key overwhelmingly consists -// of non-trivial elements only. +// Its R1CS has m= |num_inputs|+|num_constraints| variables, and n = num_constraints simple +// multiplication constraints (R1CS density = 1 for all matrices). All QAP polynomials +// u_i(X), v_i(X) and w_i(X) are non-trivial, hence the prover key overwhelmingly consists +// of non-trivial elements only. // The circuit accepts any vector of field elements as inputs, and extends this vector recursively // by setting each new variable as the product of its two previous ones. (This is done until the number -// of constraints reaches the targeted one.) If the inputs are all non-zero, then all other -// witnesses are non-zero too, hence the computation of the proof elements A,B,C involve full -// length MSMs. +// of constraints reaches the targeted one.) If the inputs are all non-zero, then all other +// witnesses are non-zero too, hence the computation of the proof elements A,B,C involve full +// length MSMs. impl ConstraintSynthesizer for InnerCircuit { fn generate_constraints>( self, @@ -144,7 +141,7 @@ impl ConstraintSynthesizer for InnerCircuit { } pub struct MiddleCircuit { - // the inputs for the base circuit are in the scalar field of the Tick, which are + // the inputs for the base circuit are in the scalar field of the Tick, which are // non-native field elements for a Tock proof system inputs: Vec<::Fr>, params: Parameters, @@ -172,9 +169,7 @@ impl MiddleCircuit { ) -> Vec<::Fr> { let input_bits = inputs .iter() - .flat_map(|input| { - input.write_bits() - }) + .flat_map(|input| input.write_bits()) .collect::>(); input_bits[..].to_field_elements().unwrap() @@ -200,15 +195,14 @@ impl ConstraintSynthesizer< // Chain all input values in one large bit array. let input_bits = inputs .into_iter() - .flat_map(|input| { - input.write_bits() - }) + .flat_map(|input| input.write_bits()) .collect::>(); // Allocate this bit array as input packed into field elements. let input_bits = Boolean::alloc_input_vec(cs.ns(|| "Input"), &input_bits[..])?; - let element_size = <::Fr as PrimeField>::Params::MODULUS_BITS; + let element_size = + <::Fr as PrimeField>::Params::MODULUS_BITS; input_gadgets = input_bits .chunks(element_size as usize) .map(|chunk| { diff --git a/proof-systems/src/groth16/examples/recursive-snark/groth16.rs b/proof-systems/src/groth16/examples/recursive-snark/groth16.rs index d014c95e1..cfba0d13e 100644 --- a/proof-systems/src/groth16/examples/recursive-snark/groth16.rs +++ b/proof-systems/src/groth16/examples/recursive-snark/groth16.rs @@ -29,11 +29,8 @@ use csv; // For randomness (during paramgen and proof generation) use algebra::{ - curves::{ - mnt4753::MNT4 as MNT4_753, - mnt6753::MNT6 as MNT6_753, - }, - UniformRand, PairingEngine + curves::{mnt4753::MNT4 as MNT4_753, mnt6753::MNT6 as MNT6_753}, + PairingEngine, UniformRand, }; use r1cs_std::instantiated::{ diff --git a/proof-systems/src/groth16/examples/snark-scalability/constraints.rs b/proof-systems/src/groth16/examples/snark-scalability/constraints.rs index 6cd5edc90..2942c836e 100644 --- a/proof-systems/src/groth16/examples/snark-scalability/constraints.rs +++ b/proof-systems/src/groth16/examples/snark-scalability/constraints.rs @@ -4,7 +4,7 @@ use std::marker::PhantomData; pub struct Benchmark { num_constraints: usize, - _engine: PhantomData, + _engine: PhantomData, } impl Benchmark { diff --git a/proof-systems/src/groth16/generator.rs b/proof-systems/src/groth16/generator.rs index 82df87334..4bdbb512a 100644 --- a/proof-systems/src/groth16/generator.rs +++ b/proof-systems/src/groth16/generator.rs @@ -1,8 +1,6 @@ -use algebra::{groups::Group, Field, PairingEngine, PrimeField, ProjectiveCurve, UniformRand}; +use algebra::fft::domain::{get_best_evaluation_domain, sample_element_outside_domain}; use algebra::msm::FixedBaseMSM; -use algebra::fft::domain::{ - get_best_evaluation_domain, sample_element_outside_domain -}; +use algebra::{groups::Group, Field, PairingEngine, PrimeField, ProjectiveCurve, UniformRand}; use r1cs_core::{ ConstraintSynthesizer, ConstraintSystem, Index, LinearCombination, SynthesisError, Variable, @@ -10,7 +8,7 @@ use r1cs_core::{ use rand::Rng; use rayon::prelude::*; -use crate::groth16::{r1cs_to_qap::R1CStoQAP, Parameters, VerifyingKey, push_constraints}; +use crate::groth16::{push_constraints, r1cs_to_qap::R1CStoQAP, Parameters, VerifyingKey}; /// Generates a random common reference string for /// a circuit. @@ -18,10 +16,10 @@ pub fn generate_random_parameters( circuit: C, rng: &mut R, ) -> Result, SynthesisError> - where - E: PairingEngine, - C: ConstraintSynthesizer, - R: Rng, +where + E: PairingEngine, + C: ConstraintSynthesizer, + R: Rng, { let alpha = E::Fr::rand(rng); let beta = E::Fr::rand(rng); @@ -34,12 +32,12 @@ pub fn generate_random_parameters( /// This is our assembly structure that we'll use to synthesize the /// circuit into a QAP. pub struct KeypairAssembly { - pub(crate) num_inputs: usize, - pub(crate) num_aux: usize, + pub(crate) num_inputs: usize, + pub(crate) num_aux: usize, pub(crate) num_constraints: usize, - pub(crate) at: Vec>, - pub(crate) bt: Vec>, - pub(crate) ct: Vec>, + pub(crate) at: Vec>, + pub(crate) bt: Vec>, + pub(crate) ct: Vec>, } impl ConstraintSystem for KeypairAssembly { @@ -47,10 +45,10 @@ impl ConstraintSystem for KeypairAssembly { #[inline] fn alloc(&mut self, _: A, _: F) -> Result - where - F: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, + where + F: FnOnce() -> Result, + A: FnOnce() -> AR, + AR: Into, { // There is no assignment, so we don't invoke the // function for obtaining one. @@ -63,10 +61,10 @@ impl ConstraintSystem for KeypairAssembly { #[inline] fn alloc_input(&mut self, _: A, _: F) -> Result - where - F: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, + where + F: FnOnce() -> Result, + A: FnOnce() -> AR, + AR: Into, { // There is no assignment, so we don't invoke the // function for obtaining one. @@ -78,14 +76,13 @@ impl ConstraintSystem for KeypairAssembly { } fn enforce(&mut self, _: A, a: LA, b: LB, c: LC) - where - A: FnOnce() -> AR, - AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + where + A: FnOnce() -> AR, + AR: Into, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { - self.at.push(vec![]); self.bt.push(vec![]); self.ct.push(vec![]); @@ -110,9 +107,9 @@ impl ConstraintSystem for KeypairAssembly { } fn push_namespace(&mut self, _: N) - where - NR: Into, - N: FnOnce() -> NR, + where + NR: Into, + N: FnOnce() -> NR, { // Do nothing; we don't care about namespaces in this context. } @@ -139,18 +136,18 @@ pub fn generate_parameters( delta: E::Fr, rng: &mut R, ) -> Result, SynthesisError> - where - E: PairingEngine, - C: ConstraintSynthesizer, - R: Rng, +where + E: PairingEngine, + C: ConstraintSynthesizer, + R: Rng, { let mut assembly = KeypairAssembly { - num_inputs: 0, - num_aux: 0, + num_inputs: 0, + num_aux: 0, num_constraints: 0, - at: vec![], - bt: vec![], - ct: vec![], + at: vec![], + bt: vec![], + ct: vec![], }; // Allocate the "one" input variable @@ -293,8 +290,8 @@ pub fn generate_parameters( let vk = VerifyingKey:: { alpha_g1_beta_g2, - gamma_g2: gamma_g2.into_affine(), - delta_g2: delta_g2.into_affine(), + gamma_g2: gamma_g2.into_affine(), + delta_g2: delta_g2.into_affine(), gamma_abc_g1: gamma_abc_g1 .par_iter() .map(|p| p.into_affine()) @@ -322,4 +319,4 @@ pub fn generate_parameters( h_query: h_query.into_iter().map(Into::into).collect(), l_query: l_query.into_iter().map(Into::into).collect(), }) -} \ No newline at end of file +} diff --git a/proof-systems/src/groth16/mod.rs b/proof-systems/src/groth16/mod.rs index dc376974c..0656e4f5f 100644 --- a/proof-systems/src/groth16/mod.rs +++ b/proof-systems/src/groth16/mod.rs @@ -1,12 +1,13 @@ //! An implementation of the [Groth][Groth16] zkSNARK. //! [Groth16]: https://eprint.iacr.org/2016/260.pdf -use algebra::{Field, bytes::{ - ToBytes, FromBytes, -}, PairingEngine, FromBytesChecked, SemanticallyValid}; -use r1cs_core::{SynthesisError, Index, LinearCombination}; -use std::io::{self, Read, Result as IoResult, Write}; +use algebra::{ + bytes::{FromBytes, ToBytes}, + Field, FromBytesChecked, PairingEngine, SemanticallyValid, +}; use byteorder::{BigEndian, ReadBytesExt, WriteBytesExt}; -use serde::{Serialize, Deserialize}; +use r1cs_core::{Index, LinearCombination, SynthesisError}; +use serde::{Deserialize, Serialize}; +use std::io::{self, Read, Result as IoResult, Write}; /// Reduce an R1CS instance to a *Quadratic Arithmetic Program* instance. pub mod r1cs_to_qap; @@ -52,16 +53,14 @@ impl FromBytes for Proof { .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; let c = E::G1Affine::read(&mut reader) .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; - Ok(Proof{a, b, c}) + Ok(Proof { a, b, c }) } } impl SemanticallyValid for Proof { #[inline] fn is_valid(&self) -> bool { - self.a.is_valid() && - self.b.is_valid() && - self.c.is_valid() + self.a.is_valid() && self.b.is_valid() && self.c.is_valid() } } @@ -69,23 +68,53 @@ impl FromBytesChecked for Proof { #[inline] fn read_checked(mut reader: R) -> IoResult { let a = E::G1Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point A: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point A: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point A: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point A: point at infinity", + )); + } Ok(p) })?; let b = E::G2Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point B: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point B: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point B: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point B: point at infinity", + )); + } Ok(p) })?; let c = E::G1Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point C: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point C: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point C: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point C: point at infinity", + )); + } Ok(p) })?; @@ -111,14 +140,22 @@ impl Default for Proof { use algebra::curves::AffineCurve; -fn read_affine_vec_checked(len: usize, zero_check: bool, mut reader: R) -> IoResult> { +fn read_affine_vec_checked( + len: usize, + zero_check: bool, + mut reader: R, +) -> IoResult> { let mut v = vec![]; for i in 0..len { let g = G::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point {}: {}", i, e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point {}: {}", i, e), + ) + }) .and_then(|p| { - if zero_check && p.is_zero() - { + if zero_check && p.is_zero() { return Err(io::Error::new( io::ErrorKind::InvalidData, format!("invalid point {}: point at infinity", i), @@ -134,8 +171,12 @@ fn read_affine_vec_checked(len: usize, zero_check: bool fn read_affine_vec(len: usize, mut reader: R) -> IoResult> { let mut v = vec![]; for i in 0..len { - let g = G::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point {}: {}", i, e)))?; + let g = G::read(&mut reader).map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point {}: {}", i, e), + ) + })?; v.push(g); } Ok(v) @@ -144,10 +185,10 @@ fn read_affine_vec(len: usize, mut reader: R) -> IoResu /// A verification key in the Groth16 SNARK. #[derive(Clone, Debug, Serialize, Deserialize)] pub struct VerifyingKey { - pub alpha_g1_beta_g2: E::Fqk, - pub gamma_g2: E::G2Affine, - pub delta_g2: E::G2Affine, - pub gamma_abc_g1: Vec, + pub alpha_g1_beta_g2: E::Fqk, + pub gamma_g2: E::G2Affine, + pub delta_g2: E::G2Affine, + pub gamma_abc_g1: Vec, } impl VerifyingKey { @@ -165,7 +206,10 @@ impl VerifyingKey { if p1 == p2 { return Err(io::Error::new( io::ErrorKind::InvalidData, - format!("duplicate points: gamma_abc_g1[{}] = gamma_abc_g1[{}]", i, j), + format!( + "duplicate points: gamma_abc_g1[{}] = gamma_abc_g1[{}]", + i, j + ), )); } if p1 == p2.neg() { @@ -196,12 +240,19 @@ impl ToBytes for VerifyingKey { impl SemanticallyValid for VerifyingKey { #[inline] fn is_valid(&self) -> bool { - self.alpha_g1_beta_g2.is_valid() && !self.alpha_g1_beta_g2.is_zero() && - self.gamma_g2.is_valid() && !self.gamma_g2.is_zero() && - self.delta_g2.is_valid() && !self.delta_g2.is_zero() && - self.gamma_abc_g1.iter().filter(|&p| !p.is_valid() || p.is_zero()) - .collect::>().is_empty() && - Self::check_gamma_abc_g1_points(self.gamma_abc_g1.as_slice()).is_ok() + self.alpha_g1_beta_g2.is_valid() + && !self.alpha_g1_beta_g2.is_zero() + && self.gamma_g2.is_valid() + && !self.gamma_g2.is_zero() + && self.delta_g2.is_valid() + && !self.delta_g2.is_zero() + && self + .gamma_abc_g1 + .iter() + .filter(|&p| !p.is_valid() || p.is_zero()) + .collect::>() + .is_empty() + && Self::check_gamma_abc_g1_points(self.gamma_abc_g1.as_slice()).is_ok() } } @@ -209,33 +260,77 @@ impl FromBytesChecked for VerifyingKey { #[inline] fn read_checked(mut reader: R) -> IoResult { let alpha_g1_beta_g2 = E::Fqk::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid alpha_g1_beta_g2: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid alpha_g1_beta_g2: {}", e), + ) + }) .and_then(|f| { - if f.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid alpha_g1_beta_g2: zero")); } + if f.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid alpha_g1_beta_g2: zero", + )); + } Ok(f) })?; let gamma_g2 = E::G2Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point gamma_g2: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point gamma_g2: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point gamma_g2: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point gamma_g2: point at infinity", + )); + } Ok(p) })?; let delta_g2 = E::G2Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point delta_g2: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point delta_g2: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point delta_g2: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point delta_g2: point at infinity", + )); + } Ok(p) })?; let ic_len = reader.read_u32::()? as usize; let gamma_abc_g1 = read_affine_vec_checked::(ic_len, true, &mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid gamma_abc_g1: {}", e)))?; - Self::check_gamma_abc_g1_points(gamma_abc_g1.as_slice()) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid gamma_abc_g1: {}", e)))?; - - Ok(VerifyingKey { alpha_g1_beta_g2, gamma_g2, delta_g2, gamma_abc_g1 }) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid gamma_abc_g1: {}", e), + ) + })?; + Self::check_gamma_abc_g1_points(gamma_abc_g1.as_slice()).map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid gamma_abc_g1: {}", e), + ) + })?; + + Ok(VerifyingKey { + alpha_g1_beta_g2, + gamma_g2, + delta_g2, + gamma_abc_g1, + }) } } @@ -243,8 +338,8 @@ impl FromBytes for VerifyingKey { /// Doesn't perform group membership check for deserialized points #[inline] fn read(mut reader: R) -> IoResult { - let alpha_g1_beta_g2 = E::Fqk::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; + let alpha_g1_beta_g2 = + E::Fqk::read(&mut reader).map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; let gamma_g2 = E::G2Affine::read(&mut reader) .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; let delta_g2 = E::G2Affine::read(&mut reader) @@ -253,18 +348,22 @@ impl FromBytes for VerifyingKey { let ic_len = reader.read_u32::()? as usize; let gamma_abc_g1 = read_affine_vec::(ic_len, &mut reader)?; - Ok(VerifyingKey{alpha_g1_beta_g2, gamma_g2, delta_g2, gamma_abc_g1}) + Ok(VerifyingKey { + alpha_g1_beta_g2, + gamma_g2, + delta_g2, + gamma_abc_g1, + }) } } - impl Default for VerifyingKey { fn default() -> Self { Self { - alpha_g1_beta_g2: E::Fqk::default(), - gamma_g2: E::G2Affine::default(), - delta_g2: E::G2Affine::default(), - gamma_abc_g1: Vec::new(), + alpha_g1_beta_g2: E::Fqk::default(), + gamma_g2: E::G2Affine::default(), + delta_g2: E::G2Affine::default(), + gamma_abc_g1: Vec::new(), } } } @@ -294,17 +393,17 @@ pub(crate) fn push_constraints( /// Full public (prover and verifier) parameters for the Groth16 zkSNARK. #[derive(Clone, Debug, Serialize, Deserialize)] pub struct Parameters { - pub vk: VerifyingKey, - pub alpha_g1: E::G1Affine, - pub beta_g1: E::G1Affine, - pub beta_g2: E::G2Affine, - pub delta_g1: E::G1Affine, - pub delta_g2: E::G2Affine, - pub a_query: Vec, + pub vk: VerifyingKey, + pub alpha_g1: E::G1Affine, + pub beta_g1: E::G1Affine, + pub beta_g2: E::G2Affine, + pub delta_g1: E::G1Affine, + pub delta_g2: E::G2Affine, + pub a_query: Vec, pub b_g1_query: Vec, pub b_g2_query: Vec, - pub h_query: Vec, - pub l_query: Vec, + pub h_query: Vec, + pub l_query: Vec, } impl PartialEq for Parameters { @@ -323,7 +422,7 @@ impl PartialEq for Parameters { } } -impl ToBytes for Parameters{ +impl ToBytes for Parameters { #[inline] fn write(&self, mut writer: W) -> IoResult<()> { self.vk.write(&mut writer)?; @@ -333,15 +432,25 @@ impl ToBytes for Parameters{ self.delta_g1.write(&mut writer)?; self.delta_g2.write(&mut writer)?; writer.write_u32::(self.a_query.len() as u32)?; - for a in self.a_query.clone() {a.write(&mut writer)?;} + for a in self.a_query.clone() { + a.write(&mut writer)?; + } writer.write_u32::(self.b_g1_query.len() as u32)?; - for a in self.b_g1_query.clone() {a.write(&mut writer)?;} + for a in self.b_g1_query.clone() { + a.write(&mut writer)?; + } writer.write_u32::(self.b_g2_query.len() as u32)?; - for a in self.b_g2_query.clone() {a.write(&mut writer)?;} + for a in self.b_g2_query.clone() { + a.write(&mut writer)?; + } writer.write_u32::(self.h_query.len() as u32)?; - for a in self.h_query.clone() {a.write(&mut writer)?;} + for a in self.h_query.clone() { + a.write(&mut writer)?; + } writer.write_u32::(self.l_query.len() as u32)?; - for a in self.l_query.clone() {a.write(&mut writer)?;} + for a in self.l_query.clone() { + a.write(&mut writer)?; + } Ok(()) } } @@ -349,22 +458,47 @@ impl ToBytes for Parameters{ impl SemanticallyValid for Parameters { #[inline] fn is_valid(&self) -> bool { - self.vk.is_valid() && - self.alpha_g1.is_valid() && !self.alpha_g1.is_zero() && - self.beta_g1.is_valid() && !self.beta_g1.is_zero() && - self.beta_g2.is_valid() && !self.beta_g2.is_zero() && - self.delta_g1.is_valid() && !self.delta_g1.is_zero() && - self.delta_g2.is_valid() && !self.delta_g2.is_zero() && - self.a_query.iter().filter(|&p| !p.is_valid()) - .collect::>().is_empty() && - self.b_g1_query.iter().filter(|&p| !p.is_valid()) - .collect::>().is_empty() && - self.b_g2_query.iter().filter(|&p| !p.is_valid()) - .collect::>().is_empty() && - self.h_query.iter().filter(|&p| !p.is_valid() || p.is_zero()) - .collect::>().is_empty() && - self.l_query.iter().filter(|&p| !p.is_valid() || p.is_zero()) - .collect::>().is_empty() + self.vk.is_valid() + && self.alpha_g1.is_valid() + && !self.alpha_g1.is_zero() + && self.beta_g1.is_valid() + && !self.beta_g1.is_zero() + && self.beta_g2.is_valid() + && !self.beta_g2.is_zero() + && self.delta_g1.is_valid() + && !self.delta_g1.is_zero() + && self.delta_g2.is_valid() + && !self.delta_g2.is_zero() + && self + .a_query + .iter() + .filter(|&p| !p.is_valid()) + .collect::>() + .is_empty() + && self + .b_g1_query + .iter() + .filter(|&p| !p.is_valid()) + .collect::>() + .is_empty() + && self + .b_g2_query + .iter() + .filter(|&p| !p.is_valid()) + .collect::>() + .is_empty() + && self + .h_query + .iter() + .filter(|&p| !p.is_valid() || p.is_zero()) + .collect::>() + .is_empty() + && self + .l_query + .iter() + .filter(|&p| !p.is_valid() || p.is_zero()) + .collect::>() + .is_empty() } } @@ -375,37 +509,87 @@ impl FromBytesChecked for Parameters { .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; let alpha_g1 = E::G1Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point alpha_g1: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point alpha_g1: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point alpha_g1: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point alpha_g1: point at infinity", + )); + } Ok(p) })?; let beta_g1 = E::G1Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point beta_g1: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point beta_g1: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point beta_g1: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point beta_g1: point at infinity", + )); + } Ok(p) })?; let beta_g2 = E::G2Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point beta_g2: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point beta_g2: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point beta_g2: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point beta_g2: point at infinity", + )); + } Ok(p) })?; let delta_g1 = E::G1Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point delta_g1: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point delta_g1: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point delta_g1: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point delta_g1: point at infinity", + )); + } Ok(p) })?; let delta_g2 = E::G2Affine::read_checked(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid point delta_g2: {}", e))) + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid point delta_g2: {}", e), + ) + }) .and_then(|p| { - if p.is_zero() { return Err(io::Error::new(io::ErrorKind::InvalidData, "invalid point delta_g2: point at infinity")); } + if p.is_zero() { + return Err(io::Error::new( + io::ErrorKind::InvalidData, + "invalid point delta_g2: point at infinity", + )); + } Ok(p) })?; @@ -414,25 +598,62 @@ impl FromBytesChecked for Parameters { // TODO: Exclude the points above from the generation procedure let a_len = reader.read_u32::()? as usize; let a_query = read_affine_vec_checked::(a_len, false, &mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid a_query: {}", e)))?; + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid a_query: {}", e), + ) + })?; let b_g1_len = reader.read_u32::()? as usize; let b_g1_query = read_affine_vec_checked::(b_g1_len, false, &mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid b_g1_query: {}", e)))?; + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid b_g1_query: {}", e), + ) + })?; let b_g2_len = reader.read_u32::()? as usize; let b_g2_query = read_affine_vec_checked::(b_g2_len, false, &mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid b_g2_query: {}", e)))?; + .map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid b_g2_query: {}", e), + ) + })?; let h_len = reader.read_u32::()? as usize; - let h_query = read_affine_vec_checked::(h_len, true, &mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid h_query: {}", e)))?; + let h_query = + read_affine_vec_checked::(h_len, true, &mut reader).map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid h_query: {}", e), + ) + })?; let l_len = reader.read_u32::()? as usize; - let l_query = read_affine_vec_checked::(l_len, true, &mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, format!("invalid l_query: {}", e)))?; + let l_query = + read_affine_vec_checked::(l_len, true, &mut reader).map_err(|e| { + io::Error::new( + io::ErrorKind::InvalidData, + format!("invalid l_query: {}", e), + ) + })?; - Ok(Parameters { vk, alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, a_query, b_g1_query, b_g2_query, h_query, l_query }) + Ok(Parameters { + vk, + alpha_g1, + beta_g1, + beta_g2, + delta_g1, + delta_g2, + a_query, + b_g1_query, + b_g2_query, + h_query, + l_query, + }) } } @@ -461,7 +682,19 @@ impl FromBytes for Parameters { let h_query = read_affine_vec::(h_len, &mut reader)?; let l_len = reader.read_u32::()? as usize; let l_query = read_affine_vec::(l_len, &mut reader)?; - Ok(Parameters{vk, alpha_g1, beta_g1, beta_g2, delta_g1, delta_g2, a_query, b_g1_query, b_g2_query, h_query, l_query}) + Ok(Parameters { + vk, + alpha_g1, + beta_g1, + beta_g2, + delta_g1, + delta_g2, + a_query, + b_g1_query, + b_g2_query, + h_query, + l_query, + }) } } @@ -470,9 +703,9 @@ impl FromBytes for Parameters { #[derive(Clone, Debug, Serialize, Deserialize)] pub struct PreparedVerifyingKey { pub alpha_g1_beta_g2: E::Fqk, - pub gamma_g2_neg_pc: E::G2Prepared, - pub delta_g2_neg_pc: E::G2Prepared, - pub gamma_abc_g1: Vec, + pub gamma_g2_neg_pc: E::G2Prepared, + pub delta_g2_neg_pc: E::G2Prepared, + pub gamma_abc_g1: Vec, } impl From> for PreparedVerifyingKey { @@ -485,9 +718,9 @@ impl Default for PreparedVerifyingKey { fn default() -> Self { Self { alpha_g1_beta_g2: E::Fqk::default(), - gamma_g2_neg_pc: E::G2Prepared::default(), - delta_g2_neg_pc: E::G2Prepared::default(), - gamma_abc_g1: Vec::new(), + gamma_g2_neg_pc: E::G2Prepared::default(), + delta_g2_neg_pc: E::G2Prepared::default(), + gamma_abc_g1: Vec::new(), } } } @@ -509,9 +742,8 @@ impl ToBytes for PreparedVerifyingKey { impl FromBytes for PreparedVerifyingKey { #[inline] fn read(mut reader: R) -> IoResult { - - let alpha_g1_beta_g2 = E::Fqk::read(&mut reader) - .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; + let alpha_g1_beta_g2 = + E::Fqk::read(&mut reader).map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; let gamma_g2_neg_pc = E::G2Prepared::read(&mut reader) .map_err(|e| io::Error::new(io::ErrorKind::InvalidData, e))?; let delta_g2_neg_pc = E::G2Prepared::read(&mut reader) @@ -596,4 +828,4 @@ impl Parameters { pub fn get_l_query_full(&self) -> Result<&[E::G1Affine], SynthesisError> { Ok(&self.l_query) } -} \ No newline at end of file +} diff --git a/proof-systems/src/groth16/prover.rs b/proof-systems/src/groth16/prover.rs index a5214e997..a1d9bd9f9 100644 --- a/proof-systems/src/groth16/prover.rs +++ b/proof-systems/src/groth16/prover.rs @@ -1,11 +1,10 @@ use rand::Rng; use rayon::prelude::*; +use algebra::msm::VariableBaseMSM; use algebra::{ - groups::Group, AffineCurve, Field, PairingEngine, PrimeField, - ProjectiveCurve, UniformRand, + groups::Group, AffineCurve, Field, PairingEngine, PrimeField, ProjectiveCurve, UniformRand, }; -use algebra::msm::VariableBaseMSM; use crate::groth16::{push_constraints, r1cs_to_qap::R1CStoQAP, Parameters, Proof}; @@ -26,7 +25,7 @@ pub struct ProvingAssignment { // Assignments of variables pub(crate) input_assignment: Vec, - pub(crate) aux_assignment: Vec, + pub(crate) aux_assignment: Vec, } impl ConstraintSystem for ProvingAssignment { @@ -119,9 +118,9 @@ pub fn create_proof_no_zk( circuit: C, params: &Parameters, ) -> Result, SynthesisError> - where - E: PairingEngine, - C: ConstraintSynthesizer, +where + E: PairingEngine, + C: ConstraintSynthesizer, { create_proof::(circuit, params, E::Fr::zero(), E::Fr::zero()) } @@ -138,11 +137,11 @@ where { let prover_time = start_timer!(|| "Prover"); let mut prover = ProvingAssignment { - at: vec![], - bt: vec![], - ct: vec![], + at: vec![], + bt: vec![], + ct: vec![], input_assignment: vec![], - aux_assignment: vec![], + aux_assignment: vec![], }; // Allocate the "one" input variable @@ -165,7 +164,8 @@ where ); let aux_assignment = Arc::new( - prover.aux_assignment + prover + .aux_assignment .into_par_iter() .map(|s| s.into_repr()) .collect::>(), @@ -198,7 +198,6 @@ where ::zero() }; - // Compute B in G2 let b_g2_acc_time = start_timer!(|| "Compute B in G2"); diff --git a/proof-systems/src/groth16/r1cs_to_qap.rs b/proof-systems/src/groth16/r1cs_to_qap.rs index 556c22b64..5863303a5 100644 --- a/proof-systems/src/groth16/r1cs_to_qap.rs +++ b/proof-systems/src/groth16/r1cs_to_qap.rs @@ -1,5 +1,5 @@ -use algebra::{Field, PairingEngine}; use algebra::fft::domain::get_best_evaluation_domain; +use algebra::{Field, PairingEngine}; use crate::groth16::{generator::KeypairAssembly, prover::ProvingAssignment}; use r1cs_core::{ConstraintSystem, Index, SynthesisError}; @@ -14,23 +14,21 @@ fn evaluate_constraint<'a, E: PairingEngine>( terms: &'a [(E::Fr, Index)], assignment: &'a [E::Fr], num_inputs: usize, -) -> E::Fr -{ +) -> E::Fr { terms .par_iter() - .map(|(coeff, index)| - { - let val = match index { - Index::Input(i) => assignment[*i], - Index::Aux(i) => assignment[num_inputs + i], - }; - - if coeff.is_one() { - val - } else { - val.mul(coeff) - } - }) + .map(|(coeff, index)| { + let val = match index { + Index::Input(i) => assignment[*i], + Index::Aux(i) => assignment[num_inputs + i], + }; + + if coeff.is_one() { + val + } else { + val.mul(coeff) + } + }) .reduce(|| E::Fr::zero(), |sum, val| sum + &val) } /*A R1CS consisting of n constraints in m variables @@ -38,12 +36,12 @@ fn evaluate_constraint<'a, E: PairingEngine>( (a_{i,0} + Sum_j x_j a_{i,j}) * (b_{i,0} + Sum_{j=1}^m x_j b_{i,j}) = c (c_{i,0} + Sum_{j=1}^m x_j c_{i,j}), -i=1..n, translated into the QAP is +i=1..n, translated into the QAP is (a_0(Z) + Sum_j x_j a_j(Z)) * (b_0(Z) + Sum_j x_j b_j(Z)) = - (c_0(Z) + Sum_j x_j c_j(Z)) + (c_0(Z) + Sum_j x_j c_j(Z)) -in F[Z]/(Z^N-1). The polynomials a_j(Z),b_j(Z),c_j(Z) correspond to the column vectors +in F[Z]/(Z^N-1). The polynomials a_j(Z),b_j(Z),c_j(Z) correspond to the column vectors a_{*,j}, b_{*,j}, c_{*,j} regarded as functions on the FFT domain H = {z^N - 1} = {z_1,..z_N}, a_j(Z) = Sum_{i=1}^N a_{i,j} L_i (Z), @@ -53,16 +51,16 @@ and similarly to b, c (here, L_i is the Lagrange polynomial at z_i). impl R1CStoQAP { #[inline] ///Given a KeypairAssembly, i.e. the constraint-wise description of the R1CS, this function - ///returns + ///returns /// - the column polynomials a_j(Z), b_j(Z), c_j(Z) evaluated at the secret point t, - /// as vectors - /// a = (a_j(t))_{j=0}^m, b=(b_j(t))_{j=0}^m, c=(c_j(t))_{j=0}^m, + /// as vectors + /// a = (a_j(t))_{j=0}^m, b=(b_j(t))_{j=0}^m, c=(c_j(t))_{j=0}^m, /// as well as /// - the vanishing polynomial of the FFT domain H evaluated at t, /// zt= v_H(t), - /// and - /// - the number qap_num_ variables = m of QAP variables, as well as - /// - the domain size |H|. + /// and + /// - the number qap_num_ variables = m of QAP variables, as well as + /// - the domain size |H|. pub(crate) fn instance_map_with_evaluation( assembly: &KeypairAssembly, t: &E::Fr, @@ -86,19 +84,19 @@ impl R1CStoQAP { let mut b = vec![E::Fr::zero(); qap_num_variables + 1]; let mut c = vec![E::Fr::zero(); qap_num_variables + 1]; - //The points i= n, n+1, .. ,n +l-1 correspond to the copy-paste constraints to + //The points i= n, n+1, .. ,n +l-1 correspond to the copy-paste constraints to //load x_1,..,x_l with the public input for i in 0..assembly.num_inputs { a[i] = u[assembly.num_constraints + i]; } - //constraint-wise, i.e. row-wise scanning of m_{i,j}!=0 + //constraint-wise, i.e. row-wise scanning of m_{i,j}!=0 //and incrementing column m_j(t), m=a,b,c. for i in 0..assembly.num_constraints { for &(ref coeff, index) in assembly.at[i].iter() { //convert R1CS index into the corresponding number from [0,...,m] let index = match index { - Index::Input(j) => j, //if index is an input variable, return it as it is + Index::Input(j) => j, //if index is an input variable, return it as it is Index::Aux(j) => assembly.num_inputs + j, //if index is a private variable, shift it }; //update the column sum corresponding to the variable. @@ -125,34 +123,33 @@ impl R1CStoQAP { Ok((a, b, c, zt, qap_num_variables, domain_size)) } - //computes the coefficients of the quotient polynomial - // h(Z) = (a(Z)*b(Z)-c(Z))/v_H(Z) - //from the witness assignments of the circuit. + //computes the coefficients of the quotient polynomial + // h(Z) = (a(Z)*b(Z)-c(Z))/v_H(Z) + //from the witness assignments of the circuit. //We have deg(h(Z))= deg(a(Z))+deg(b(Z)) - deg v_H(Z) <= |H|-1 + |H|-1 - |H| // = |H|-2. #[inline] pub(crate) fn witness_map( prover: &ProvingAssignment, ) -> Result, SynthesisError> { - let zero = E::Fr::zero(); let num_inputs = prover.input_assignment.len(); let num_constraints = prover.num_constraints(); - let full_input_assignment = [&prover.input_assignment[..], &prover.aux_assignment[..]].concat(); + let full_input_assignment = + [&prover.input_assignment[..], &prover.aux_assignment[..]].concat(); // including the copy-paste constraints for the public inputs, the full // number of constraints equals 'num_constraints + num_inputs'. - let domain = - get_best_evaluation_domain::(num_constraints + num_inputs) - .ok_or(SynthesisError::PolynomialDegreeTooLarge)?; + let domain = get_best_evaluation_domain::(num_constraints + num_inputs) + .ok_or(SynthesisError::PolynomialDegreeTooLarge)?; let domain_size = domain.size(); -/* - println!("num_constraints: {}", num_constraints); - println!("num_inputs: {}", num_inputs); - println!("Domain H size: {}", domain_size); -*/ + /* + println!("num_constraints: {}", num_constraints); + println!("num_inputs: {}", num_inputs); + println!("Domain H size: {}", domain_size); + */ let mut a = vec![zero; domain_size]; let mut b = vec![zero; domain_size]; //compute the evaluations of a(Z), b(Z) on H @@ -166,7 +163,7 @@ impl R1CStoQAP { *a = evaluate_constraint::(&at_i, &full_input_assignment, num_inputs); *b = evaluate_constraint::(&bt_i, &full_input_assignment, num_inputs); }); - //the further a_i, i=n+1,..,n+l are for the public inputs + //the further a_i, i=n+1,..,n+l are for the public inputs for i in 0..num_inputs { a[num_constraints + i] = full_input_assignment[i]; } @@ -191,14 +188,10 @@ impl R1CStoQAP { .par_iter_mut() .enumerate() .for_each(|(i, c)| { - *c = evaluate_constraint::( - &prover.ct[i], - &full_input_assignment, - num_inputs, - ); + *c = evaluate_constraint::(&prover.ct[i], &full_input_assignment, num_inputs); }); - //extrapolate c(Z) from H to the coset of H and + //extrapolate c(Z) from H to the coset of H and //compute a(Z)*b(Z)-c(Z) on this coset of H domain.ifft_in_place(&mut c); domain.coset_fft_in_place(&mut c); @@ -207,8 +200,8 @@ impl R1CStoQAP { .zip(c) .for_each(|(ab_i, c_i)| *ab_i -= &c_i); - // compute quotient polynomial (a(Z)*b(Z)-c(Z))/v_H(Z) - // from the coset evaluations + // compute quotient polynomial (a(Z)*b(Z)-c(Z))/v_H(Z) + // from the coset evaluations domain.divide_by_vanishing_poly_on_coset_in_place(&mut ab); domain.coset_ifft_in_place(&mut ab); diff --git a/proof-systems/src/groth16/test.rs b/proof-systems/src/groth16/test.rs index 09a8d8044..ed54fe1f9 100644 --- a/proof-systems/src/groth16/test.rs +++ b/proof-systems/src/groth16/test.rs @@ -37,9 +37,12 @@ impl ConstraintSynthesizer for MySillyCircuit::read_checked(params_serialized.as_slice()).unwrap(); + let params_deserialized = + Parameters::::read_checked(params_serialized.as_slice()).unwrap(); assert_eq!(params, params_deserialized); let vk_serialized = to_bytes!(vk).unwrap(); @@ -111,14 +117,16 @@ mod test { ¶ms_deserialized, rng, ) - .unwrap(); + .unwrap(); - let proof_deserialized = Proof::::read_checked(to_bytes!(proof).unwrap().as_slice()).unwrap(); + let proof_deserialized = + Proof::::read_checked(to_bytes!(proof).unwrap().as_slice()).unwrap(); assert_eq!(proof, proof_deserialized); drop(proof); let pvk = prepare_verifying_key(&vk_deserialized); - let pvk_deserialized = PreparedVerifyingKey::::read(to_bytes!(pvk).unwrap().as_slice()).unwrap(); + let pvk_deserialized = + PreparedVerifyingKey::::read(to_bytes!(pvk).unwrap().as_slice()).unwrap(); assert_eq!(pvk, pvk_deserialized); assert!(verify_proof(&pvk_deserialized, &proof_deserialized, &[c]).unwrap()) @@ -158,4 +166,4 @@ mod test { prove_and_verify::(false); serialize_deserialize::(); } -} \ No newline at end of file +} diff --git a/proof-systems/src/groth16/verifier.rs b/proof-systems/src/groth16/verifier.rs index f2e813545..9f7c7cef9 100644 --- a/proof-systems/src/groth16/verifier.rs +++ b/proof-systems/src/groth16/verifier.rs @@ -9,9 +9,9 @@ use std::ops::{AddAssign, Neg}; pub fn prepare_verifying_key(vk: &VerifyingKey) -> PreparedVerifyingKey { PreparedVerifyingKey { alpha_g1_beta_g2: vk.alpha_g1_beta_g2.clone(), - gamma_g2_neg_pc: vk.gamma_g2.neg().into(), - delta_g2_neg_pc: vk.delta_g2.neg().into(), - gamma_abc_g1: vk.gamma_abc_g1.clone(), + gamma_g2_neg_pc: vk.gamma_g2.neg().into(), + delta_g2_neg_pc: vk.delta_g2.neg().into(), + gamma_abc_g1: vk.gamma_abc_g1.clone(), } } @@ -43,10 +43,10 @@ pub fn verify_proof( (g_ic.into_affine().into(), pvk.gamma_g2_neg_pc.clone()), (proof.c.into(), pvk.delta_g2_neg_pc.clone()), ] - .iter(), + .iter(), )?; let test = E::final_exponentiation(&qap)?; Ok(test == pvk.alpha_g1_beta_g2) -} \ No newline at end of file +} diff --git a/proof-systems/src/lib.rs b/proof-systems/src/lib.rs index 0e1ee5385..14ae08aae 100644 --- a/proof-systems/src/lib.rs +++ b/proof-systems/src/lib.rs @@ -20,4 +20,4 @@ pub mod darlin; pub mod groth16; #[cfg(feature = "gm17")] -pub mod gm17; \ No newline at end of file +pub mod gm17; diff --git a/r1cs/core/src/constraint_system.rs b/r1cs/core/src/constraint_system.rs index f4e2e0d78..28b8c938a 100644 --- a/r1cs/core/src/constraint_system.rs +++ b/r1cs/core/src/constraint_system.rs @@ -1,7 +1,7 @@ -use std::marker::PhantomData; use algebra::Field; +use std::marker::PhantomData; -use crate::{Index, Variable, LinearCombination, SynthesisError}; +use crate::{Index, LinearCombination, SynthesisError, Variable}; /// Represents a constraint system which can have new variables /// allocated and constrains between them formed. @@ -20,36 +20,36 @@ pub trait ConstraintSystem: Sized { /// given `annotation` function is invoked in testing contexts in order /// to derive a unique name for this variable in the current namespace. fn alloc(&mut self, annotation: A, f: FN) -> Result - where - FN: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into; + where + FN: FnOnce() -> Result, + A: FnOnce() -> AR, + AR: Into; /// Allocate a public variable in the constraint system. The provided /// function is used to determine the assignment of the variable. fn alloc_input(&mut self, annotation: A, f: FN) -> Result - where - FN: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into; + where + FN: FnOnce() -> Result, + A: FnOnce() -> AR, + AR: Into; /// Enforce that `A` * `B` = `C`. The `annotation` function is invoked in /// testing contexts in order to derive a unique name for the constraint /// in the current namespace. fn enforce(&mut self, annotation: A, a: LA, b: LB, c: LC) - where - A: FnOnce() -> AR, - AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination; + where + A: FnOnce() -> AR, + AR: Into, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination; /// Create a new (sub)namespace and enter into it. Not intended /// for downstream use; use `namespace` instead. fn push_namespace(&mut self, name_fn: N) - where - NR: Into, - N: FnOnce() -> NR; + where + NR: Into, + N: FnOnce() -> NR; /// Exit out of the existing namespace. Not intended for /// downstream use; use `namespace` instead. @@ -61,9 +61,9 @@ pub trait ConstraintSystem: Sized { /// Begin a namespace for this constraint system. fn ns<'a, NR, N>(&'a mut self, name_fn: N) -> Namespace<'a, F, Self::Root> - where - NR: Into, - N: FnOnce() -> NR, + where + NR: Into, + N: FnOnce() -> NR, { self.get_root().push_namespace(name_fn); @@ -84,10 +84,12 @@ pub struct Namespace<'a, F: Field, CS: ConstraintSystem>(&'a mut CS, PhantomD /// both CRS generation and for proving. pub trait ConstraintSynthesizer { /// Drives generation of new constraints inside `CS`. - fn generate_constraints>(self, cs: &mut CS) -> Result<(), SynthesisError>; + fn generate_constraints>( + self, + cs: &mut CS, + ) -> Result<(), SynthesisError>; } - impl> ConstraintSystem for Namespace<'_, F, CS> { type Root = CS::Root; @@ -98,32 +100,32 @@ impl> ConstraintSystem for Namespace<'_, F, #[inline] fn alloc(&mut self, annotation: A, f: FN) -> Result - where - FN: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, + where + FN: FnOnce() -> Result, + A: FnOnce() -> AR, + AR: Into, { self.0.alloc(annotation, f) } #[inline] fn alloc_input(&mut self, annotation: A, f: FN) -> Result - where - FN: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, + where + FN: FnOnce() -> Result, + A: FnOnce() -> AR, + AR: Into, { self.0.alloc_input(annotation, f) } #[inline] fn enforce(&mut self, annotation: A, a: LA, b: LB, c: LC) - where - A: FnOnce() -> AR, - AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + where + A: FnOnce() -> AR, + AR: Into, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { self.0.enforce(annotation, a, b, c) } @@ -134,9 +136,9 @@ impl> ConstraintSystem for Namespace<'_, F, #[inline] fn push_namespace(&mut self, _: N) - where - NR: Into, - N: FnOnce() -> NR, + where + NR: Into, + N: FnOnce() -> NR, { panic!("only the root's push_namespace should be called"); } @@ -176,41 +178,41 @@ impl> ConstraintSystem for &mut CS { #[inline] fn alloc(&mut self, annotation: A, f: FN) -> Result - where - FN: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, + where + FN: FnOnce() -> Result, + A: FnOnce() -> AR, + AR: Into, { (**self).alloc(annotation, f) } #[inline] fn alloc_input(&mut self, annotation: A, f: FN) -> Result - where - FN: FnOnce() -> Result, - A: FnOnce() -> AR, - AR: Into, + where + FN: FnOnce() -> Result, + A: FnOnce() -> AR, + AR: Into, { (**self).alloc_input(annotation, f) } #[inline] fn enforce(&mut self, annotation: A, a: LA, b: LB, c: LC) - where - A: FnOnce() -> AR, - AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + where + A: FnOnce() -> AR, + AR: Into, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { (**self).enforce(annotation, a, b, c) } #[inline] fn push_namespace(&mut self, name_fn: N) - where - NR: Into, - N: FnOnce() -> NR, + where + NR: Into, + N: FnOnce() -> NR, { (**self).push_namespace(name_fn) } diff --git a/r1cs/core/src/error.rs b/r1cs/core/src/error.rs index 5350913d4..f0ea78dc4 100644 --- a/r1cs/core/src/error.rs +++ b/r1cs/core/src/error.rs @@ -39,17 +39,23 @@ impl From> for SynthesisError { impl std::fmt::Display for SynthesisError { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { match self { - SynthesisError::AssignmentMissing => write!(f, "an assignment for a variable could not be computed"), + SynthesisError::AssignmentMissing => { + write!(f, "an assignment for a variable could not be computed") + } SynthesisError::DivisionByZero => write!(f, "division by zero"), SynthesisError::Unsatisfiable => write!(f, "unsatisfiable constraint system"), SynthesisError::PolynomialDegreeTooLarge => write!(f, "polynomial degree is too large"), - SynthesisError::UnexpectedIdentity => write!(f, "encountered an identity element in the CRS"), + SynthesisError::UnexpectedIdentity => { + write!(f, "encountered an identity element in the CRS") + } SynthesisError::IoError(e) => write!(f, "{:?}", e), SynthesisError::MalformedVerifyingKey => write!(f, "malformed verifying key"), - SynthesisError::UnconstrainedVariable => write!(f, "auxiliary variable was unconstrained"), + SynthesisError::UnconstrainedVariable => { + write!(f, "auxiliary variable was unconstrained") + } SynthesisError::Other(e) => write!(f, "{:?}", e), } } } -impl std::error::Error for SynthesisError {} \ No newline at end of file +impl std::error::Error for SynthesisError {} diff --git a/r1cs/core/src/impl_constraint_var.rs b/r1cs/core/src/impl_constraint_var.rs index edf9d74a6..567a7ea1a 100644 --- a/r1cs/core/src/impl_constraint_var.rs +++ b/r1cs/core/src/impl_constraint_var.rs @@ -1,6 +1,6 @@ -use algebra::Field; use crate::ConstraintVar::*; -use crate::{LinearCombination, Variable, ConstraintVar}; +use crate::{ConstraintVar, LinearCombination, Variable}; +use algebra::Field; use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub}; impl From for ConstraintVar { diff --git a/r1cs/core/src/impl_lc.rs b/r1cs/core/src/impl_lc.rs index 7ba872bb4..0dfcc1c3f 100644 --- a/r1cs/core/src/impl_lc.rs +++ b/r1cs/core/src/impl_lc.rs @@ -1,8 +1,8 @@ -use smallvec::smallvec; use crate::SmallVec; -use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub}; -use algebra::Field; use crate::{LinearCombination, Variable}; +use algebra::Field; +use smallvec::smallvec; +use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub}; impl AsRef<[(Variable, F)]> for LinearCombination { #[inline] diff --git a/r1cs/core/src/lib.rs b/r1cs/core/src/lib.rs index abc761120..df55c48b5 100644 --- a/r1cs/core/src/lib.rs +++ b/r1cs/core/src/lib.rs @@ -6,17 +6,16 @@ #![deny(unused_attributes, unused_imports, unused_mut, missing_docs)] #![deny(renamed_and_removed_lints, stable_features, unused_allocation)] #![deny(unused_comparisons, bare_trait_objects, unused_must_use, const_err)] - #![forbid(unsafe_code)] mod constraint_system; mod error; -mod impl_lc; mod impl_constraint_var; +mod impl_lc; -pub use constraint_system::{ConstraintSystem, ConstraintSynthesizer, Namespace}; -pub use error::SynthesisError; pub use algebra::ToConstraintField; +pub use constraint_system::{ConstraintSynthesizer, ConstraintSystem, Namespace}; +pub use error::SynthesisError; use algebra::Field; use smallvec::SmallVec as StackVec; @@ -68,7 +67,6 @@ impl Ord for Index { } } - /// This represents a linear combination of some variables, with coefficients /// in the field `F`. /// The `(coeff, var)` pairs in a `LinearCombination` are kept sorted according @@ -76,7 +74,6 @@ impl Ord for Index { #[derive(Debug, Clone)] pub struct LinearCombination(pub SmallVec); - /// Either a `Variable` or a `LinearCombination`. #[derive(Clone, Debug)] pub enum ConstraintVar { diff --git a/r1cs/gadgets/crypto/src/commitment/blake2s/mod.rs b/r1cs/gadgets/crypto/src/commitment/blake2s/mod.rs index 656e98955..a579750bc 100644 --- a/r1cs/gadgets/crypto/src/commitment/blake2s/mod.rs +++ b/r1cs/gadgets/crypto/src/commitment/blake2s/mod.rs @@ -1,10 +1,10 @@ -use r1cs_core::{ConstraintSystem, SynthesisError}; -use primitives::{commitment::blake2s::Blake2sCommitment}; use crate::{ prf::blake2s::{blake2s_gadget, Blake2sOutputGadget}, CommitmentGadget, }; use algebra::{Field, PrimeField}; +use primitives::commitment::blake2s::Blake2sCommitment; +use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; use std::borrow::Borrow; @@ -109,20 +109,15 @@ impl AllocGadget<[u8; 32], ConstraintF> for Blake2sRand #[cfg(test)] mod test { - use algebra::fields::bls12_381::Fr; - use rand::{thread_rng, Rng}; - use primitives::commitment::{ - blake2s::Blake2sCommitment, - CommitmentScheme, - }; use crate::{ - commitment::blake2s::{ - Blake2sCommitmentGadget, Blake2sRandomnessGadget, - }, + commitment::blake2s::{Blake2sCommitmentGadget, Blake2sRandomnessGadget}, *, }; + use algebra::fields::bls12_381::Fr; + use primitives::commitment::{blake2s::Blake2sCommitment, CommitmentScheme}; use r1cs_core::ConstraintSystem; use r1cs_std::{prelude::*, test_constraint_system::TestConstraintSystem}; + use rand::{thread_rng, Rng}; #[test] fn commitment_gadget_test() { @@ -141,15 +136,14 @@ mod test { let parameters = (); let primitive_result = Blake2sCommitment::commit(¶meters, &input, &randomness).unwrap(); - let input_bytes = UInt8::alloc_input_vec( - cs.ns(|| "alloc input bytes as public input"), - &input - ).unwrap(); + let input_bytes = + UInt8::alloc_input_vec(cs.ns(|| "alloc input bytes as public input"), &input).unwrap(); let randomness_bytes = UInt8::alloc_input_vec( cs.ns(|| "alloc randomness bytes as public input"), - &randomness - ).unwrap(); + &randomness, + ) + .unwrap(); let randomness_bytes = Blake2sRandomnessGadget(randomness_bytes); diff --git a/r1cs/gadgets/crypto/src/commitment/injective_map/mod.rs b/r1cs/gadgets/crypto/src/commitment/injective_map/mod.rs index 95e26d592..c44062a86 100644 --- a/r1cs/gadgets/crypto/src/commitment/injective_map/mod.rs +++ b/r1cs/gadgets/crypto/src/commitment/injective_map/mod.rs @@ -6,7 +6,7 @@ use primitives::{ use crate::commitment::{ pedersen::{ - PedersenCommitmentGadget, PedersenCommitmentGadgetParameters, PedersenRandomnessGadget + PedersenCommitmentGadget, PedersenCommitmentGadgetParameters, PedersenRandomnessGadget, }, CommitmentGadget, }; @@ -26,9 +26,9 @@ where GG: GroupGadget, IG: InjectiveMapGadget, { - _compressor: PhantomData, + _compressor: PhantomData, _compressor_gadget: PhantomData, - _crh: PedersenCommitmentGadget, + _crh: PedersenCommitmentGadget, } impl CommitmentGadget, ConstraintF> diff --git a/r1cs/gadgets/crypto/src/commitment/mod.rs b/r1cs/gadgets/crypto/src/commitment/mod.rs index 2921982b7..a879405b6 100644 --- a/r1cs/gadgets/crypto/src/commitment/mod.rs +++ b/r1cs/gadgets/crypto/src/commitment/mod.rs @@ -1,5 +1,5 @@ -use primitives::CommitmentScheme; use algebra::Field; +use primitives::CommitmentScheme; use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; use std::fmt::Debug; diff --git a/r1cs/gadgets/crypto/src/commitment/pedersen/mod.rs b/r1cs/gadgets/crypto/src/commitment/pedersen/mod.rs index c49932340..802f63b07 100644 --- a/r1cs/gadgets/crypto/src/commitment/pedersen/mod.rs +++ b/r1cs/gadgets/crypto/src/commitment/pedersen/mod.rs @@ -1,8 +1,8 @@ +use algebra::{to_bytes, Group, ToBytes}; use primitives::{ commitment::pedersen::{PedersenCommitment, PedersenParameters, PedersenRandomness}, crh::pedersen::PedersenWindow, }; -use algebra::{to_bytes, Group, ToBytes}; use r1cs_core::{ConstraintSystem, SynthesisError}; use crate::commitment::CommitmentGadget; @@ -50,10 +50,9 @@ where r: &Self::RandomnessGadget, ) -> Result { if (input.len() * 8) > (W::WINDOW_SIZE * W::NUM_WINDOWS) { - Err(SynthesisError::Other(format!( - "incorrect input length: {:?}", - input.len() - ).to_owned()))? + Err(SynthesisError::Other( + format!("incorrect input length: {:?}", input.len()).to_owned(), + ))? } let mut padded_input = input.to_vec(); @@ -66,14 +65,19 @@ where } if padded_input.len() * 8 != W::WINDOW_SIZE * W::NUM_WINDOWS { - Err(SynthesisError::Other("padded input length verification failed".to_owned()))? + Err(SynthesisError::Other( + "padded input length verification failed".to_owned(), + ))? } if parameters.params.generators.len() != W::NUM_WINDOWS { - Err(SynthesisError::Other(format!( - "Number of generators: {} not enough for the selected num_windows: {}", - parameters.params.generators.len(), - W::NUM_WINDOWS - ).to_owned()))? + Err(SynthesisError::Other( + format!( + "Number of generators: {} not enough for the selected num_windows: {}", + parameters.params.generators.len(), + W::NUM_WINDOWS + ) + .to_owned(), + ))? } // Allocate new variable for commitment output. @@ -120,8 +124,8 @@ where let parameters = temp.borrow().clone(); Ok(PedersenCommitmentGadgetParameters { - params: parameters, - _group: PhantomData, + params: parameters, + _group: PhantomData, _engine: PhantomData, _window: PhantomData, }) @@ -139,8 +143,8 @@ where let parameters = temp.borrow().clone(); Ok(PedersenCommitmentGadgetParameters { - params: parameters, - _group: PhantomData, + params: parameters, + _group: PhantomData, _engine: PhantomData, _window: PhantomData, }) @@ -184,27 +188,25 @@ where #[cfg(test)] mod test { + use crate::commitment::{pedersen::PedersenCommitmentGadget, CommitmentGadget}; + use algebra::curves::{jubjub::JubJubProjective as JubJub, ProjectiveCurve}; use algebra::{ fields::jubjub::{fq::Fq, fr::Fr}, UniformRand, }; - use rand::thread_rng; use primitives::{ commitment::{ pedersen::{PedersenCommitment, PedersenRandomness}, - CommitmentScheme + CommitmentScheme, }, crh::pedersen::PedersenWindow, }; - use crate::commitment::{ - pedersen::PedersenCommitmentGadget, - CommitmentGadget, - }; - use algebra::curves::{jubjub::JubJubProjective as JubJub, ProjectiveCurve}; use r1cs_core::ConstraintSystem; use r1cs_std::{ - instantiated::jubjub::JubJubGadget, prelude::*, test_constraint_system::TestConstraintSystem, + instantiated::jubjub::JubJubGadget, prelude::*, + test_constraint_system::TestConstraintSystem, }; + use rand::thread_rng; #[test] fn commitment_gadget_test() { @@ -231,10 +233,8 @@ mod test { let primitive_result = PedersenCommitment::::commit(¶meters, &input, &randomness).unwrap(); - let input_bytes = UInt8::alloc_input_vec( - cs.ns(|| "alloc input bytes as public input"), - &input - ).unwrap(); + let input_bytes = + UInt8::alloc_input_vec(cs.ns(|| "alloc input bytes as public input"), &input).unwrap(); let randomness = >::RandomnessGadget::alloc_input( diff --git a/r1cs/gadgets/crypto/src/crh/bowe_hopwood/mod.rs b/r1cs/gadgets/crypto/src/crh/bowe_hopwood/mod.rs index 38c0a793d..d272252d6 100644 --- a/r1cs/gadgets/crypto/src/crh/bowe_hopwood/mod.rs +++ b/r1cs/gadgets/crypto/src/crh/bowe_hopwood/mod.rs @@ -1,12 +1,12 @@ +use crate::crh::FixedLengthCRHGadget; use algebra::Field; use std::hash::Hash; -use crate::crh::FixedLengthCRHGadget; +use algebra::groups::Group; use primitives::{ bowe_hopwood::{BoweHopwoodPedersenCRH, BoweHopwoodPedersenParameters, CHUNK_SIZE}, crh::pedersen::PedersenWindow, }; -use algebra::groups::Group; use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::{alloc::AllocGadget, groups::GroupGadget, uint8::UInt8}; @@ -23,10 +23,10 @@ pub struct BoweHopwoodPedersenCRHGadgetParameters< ConstraintF: Field, GG: GroupGadget, > { - params: BoweHopwoodPedersenParameters, + params: BoweHopwoodPedersenParameters, _group_g: PhantomData, - _engine: PhantomData, - _window: PhantomData, + _engine: PhantomData, + _window: PhantomData, } pub struct BoweHopwoodPedersenCRHGadget< @@ -34,9 +34,9 @@ pub struct BoweHopwoodPedersenCRHGadget< ConstraintF: Field, GG: GroupGadget, > { - _group: PhantomData<*const G>, + _group: PhantomData<*const G>, _group_gadget: PhantomData<*const GG>, - _engine: PhantomData, + _engine: PhantomData, } impl FixedLengthCRHGadget, ConstraintF> @@ -64,20 +64,26 @@ where } } if input_in_bits.len() % CHUNK_SIZE != 0 { - Err(SynthesisError::Other(format!( - "Input is not multiple of the chunk size. Input len: {}, chunk size: {}", - input_in_bits.len(), - CHUNK_SIZE, - ).to_owned()))? + Err(SynthesisError::Other( + format!( + "Input is not multiple of the chunk size. Input len: {}, chunk size: {}", + input_in_bits.len(), + CHUNK_SIZE, + ) + .to_owned(), + ))? } if parameters.params.generators.len() != W::NUM_WINDOWS { - Err(SynthesisError::Other(format!( - "Incorrect pp of size {:?} for window params {:?}x{:?}x{}", - parameters.params.generators.len(), - W::WINDOW_SIZE, - W::NUM_WINDOWS, - CHUNK_SIZE - ).to_owned()))? + Err(SynthesisError::Other( + format!( + "Incorrect pp of size {:?} for window params {:?}x{:?}x{}", + parameters.params.generators.len(), + W::WINDOW_SIZE, + W::NUM_WINDOWS, + CHUNK_SIZE + ) + .to_owned(), + ))? } for generators in parameters.params.generators.iter() { if generators.len() != W::WINDOW_SIZE { @@ -145,23 +151,18 @@ impl; type TestCRHGadget = BoweHopwoodPedersenCRHGadget; diff --git a/r1cs/gadgets/crypto/src/crh/injective_map/mod.rs b/r1cs/gadgets/crypto/src/crh/injective_map/mod.rs index 185b9ca0f..8dfdd35e0 100644 --- a/r1cs/gadgets/crypto/src/crh/injective_map/mod.rs +++ b/r1cs/gadgets/crypto/src/crh/injective_map/mod.rs @@ -1,8 +1,8 @@ -use std::{fmt::Debug, marker::PhantomData}; use primitives::crh::{ injective_map::{InjectiveMap, PedersenCRHCompressor, TECompressor}, pedersen::PedersenWindow, }; +use std::{fmt::Debug, marker::PhantomData}; use crate::crh::{ pedersen::{PedersenCRHGadget, PedersenCRHGadgetParameters}, @@ -97,9 +97,9 @@ where GG: GroupGadget, IG: InjectiveMapGadget, { - _compressor: PhantomData, + _compressor: PhantomData, _compressor_gadget: PhantomData, - _crh: PedersenCRHGadget, + _crh: PedersenCRHGadget, } impl FixedLengthCRHGadget, ConstraintF> diff --git a/r1cs/gadgets/crypto/src/crh/mod.rs b/r1cs/gadgets/crypto/src/crh/mod.rs index 40d348e5f..145eca037 100644 --- a/r1cs/gadgets/crypto/src/crh/mod.rs +++ b/r1cs/gadgets/crypto/src/crh/mod.rs @@ -1,9 +1,7 @@ use algebra::Field; use std::fmt::Debug; -use primitives::crh::{ - FieldBasedHash, FixedLengthCRH -}; +use primitives::crh::{FieldBasedHash, FixedLengthCRH}; use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; @@ -35,7 +33,9 @@ pub trait FixedLengthCRHGadget: Sized { ) -> Result; } -pub trait FieldBasedHashGadget, ConstraintF: Field>: Sized { +pub trait FieldBasedHashGadget, ConstraintF: Field>: + Sized +{ type DataGadget: FieldGadget; fn enforce_hash_constant_length>( @@ -47,61 +47,61 @@ pub trait FieldBasedHashGadget, Constraint pub trait FieldHasherGadget< H: FieldBasedHash, ConstraintF: Field, - HG: FieldBasedHashGadget + HG: FieldBasedHashGadget, > { fn enforce_hash>( &self, cs: CS, - personalization: Option<&[HG::DataGadget]> + personalization: Option<&[HG::DataGadget]>, ) -> Result; } #[cfg(test)] mod test { + use crate::FieldBasedHashGadget; use algebra::PrimeField; use primitives::FieldBasedHash; - use crate::FieldBasedHashGadget; + use r1cs_core::ConstraintSystem; use r1cs_std::{ - fields::fp::FpGadget, - test_constraint_system::TestConstraintSystem, - alloc::AllocGadget, + alloc::AllocGadget, fields::fp::FpGadget, test_constraint_system::TestConstraintSystem, }; - use r1cs_core::ConstraintSystem; pub(crate) fn constant_length_field_based_hash_gadget_native_test< F: PrimeField, H: FieldBasedHash, - HG: FieldBasedHashGadget> - >(inputs: Vec) - { + HG: FieldBasedHashGadget>, + >( + inputs: Vec, + ) { let mut cs = TestConstraintSystem::::new(); let primitive_result = { let mut digest = H::init_constant_length(inputs.len(), None); - inputs.iter().for_each(|elem| { digest.update(*elem); }); + inputs.iter().for_each(|elem| { + digest.update(*elem); + }); digest.finalize().unwrap() }; let mut input_gadgets = Vec::with_capacity(inputs.len()); inputs.into_iter().enumerate().for_each(|(i, elem)| { - let elem_gadget = HG::DataGadget::alloc( - cs.ns(|| format!("alloc input {}", i)), - || Ok(elem) - ).unwrap(); + let elem_gadget = + HG::DataGadget::alloc(cs.ns(|| format!("alloc input {}", i)), || Ok(elem)).unwrap(); input_gadgets.push(elem_gadget); }); let gadget_result = HG::enforce_hash_constant_length( cs.ns(|| "check_poseidon_gadget"), - input_gadgets.as_slice() - ).unwrap(); + input_gadgets.as_slice(), + ) + .unwrap(); assert_eq!(primitive_result, gadget_result.value.unwrap()); - if !cs.is_satisfied(){ + if !cs.is_satisfied() { println!("{:?}", cs.which_is_unsatisfied()); } assert!(cs.is_satisfied()); } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/crh/pedersen/mod.rs b/r1cs/gadgets/crypto/src/crh/pedersen/mod.rs index 97e45b5fe..4a1560e48 100644 --- a/r1cs/gadgets/crypto/src/crh/pedersen/mod.rs +++ b/r1cs/gadgets/crypto/src/crh/pedersen/mod.rs @@ -1,6 +1,6 @@ -use primitives::crh::pedersen::{PedersenCRH, PedersenParameters, PedersenWindow}; use crate::FixedLengthCRHGadget; use algebra::{Field, Group}; +use primitives::crh::pedersen::{PedersenCRH, PedersenParameters, PedersenWindow}; use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; use std::{borrow::Borrow, marker::PhantomData}; @@ -15,10 +15,10 @@ pub struct PedersenCRHGadgetParameters< ConstraintF: Field, GG: GroupGadget, > { - params: PedersenParameters, + params: PedersenParameters, _group_g: PhantomData, - _engine: PhantomData, - _window: PhantomData, + _engine: PhantomData, + _window: PhantomData, } pub struct PedersenCRHGadget> { @@ -55,16 +55,21 @@ where } } if padded_input.len() * 8 != W::WINDOW_SIZE * W::NUM_WINDOWS { - Err(SynthesisError::Other("padded input length verification failed".to_owned()))? + Err(SynthesisError::Other( + "padded input length verification failed".to_owned(), + ))? } if parameters.params.generators.len() != W::NUM_WINDOWS { - Err(SynthesisError::Other(format!( - "Incorrect pp of size {:?}x{:?} for window params {:?}x{:?}", - parameters.params.generators[0].len(), - parameters.params.generators.len(), - W::WINDOW_SIZE, - W::NUM_WINDOWS - ).to_owned()))? + Err(SynthesisError::Other( + format!( + "Incorrect pp of size {:?}x{:?} for window params {:?}x{:?}", + parameters.params.generators[0].len(), + parameters.params.generators.len(), + W::WINDOW_SIZE, + W::NUM_WINDOWS + ) + .to_owned(), + ))? } // Allocate new variable for the result. @@ -124,12 +129,9 @@ mod test { use algebra::fields::bls12_381::fr::Fr; use rand::{thread_rng, Rng}; - use primitives::crh::pedersen::{PedersenCRH, PedersenWindow}; - use crate::crh::{ - pedersen::PedersenCRHGadget, - FixedLengthCRH, FixedLengthCRHGadget, - }; + use crate::crh::{pedersen::PedersenCRHGadget, FixedLengthCRH, FixedLengthCRHGadget}; use algebra::curves::{jubjub::JubJubProjective as JubJub, ProjectiveCurve}; + use primitives::crh::pedersen::{PedersenCRH, PedersenWindow}; use r1cs_core::ConstraintSystem; use r1cs_std::{ instantiated::jubjub::JubJubGadget, prelude::*, diff --git a/r1cs/gadgets/crypto/src/crh/poseidon/bn382.rs b/r1cs/gadgets/crypto/src/crh/poseidon/bn382.rs index 9f5523176..7743ec672 100644 --- a/r1cs/gadgets/crypto/src/crh/poseidon/bn382.rs +++ b/r1cs/gadgets/crypto/src/crh/poseidon/bn382.rs @@ -1,16 +1,7 @@ -use algebra::fields::bn_382::{ - Fq as BN382Fq, - Fr as BN382Fr, -}; +use crate::crh::{poseidon::PoseidonHashGadget, sbox::QuinticSBoxGadget}; +use algebra::fields::bn_382::{Fq as BN382Fq, Fr as BN382Fr}; use primitives::crh::parameters::{ - BN382FqPoseidonParameters, - BN382FrPoseidonParameters, - BN382FqQuinticSbox, - BN382FrQuinticSbox -}; -use crate::crh::{ - sbox::QuinticSBoxGadget, - poseidon::PoseidonHashGadget, + BN382FqPoseidonParameters, BN382FqQuinticSbox, BN382FrPoseidonParameters, BN382FrQuinticSbox, }; type BN382FqQuinticSBoxGadget = QuinticSBoxGadget; @@ -27,4 +18,4 @@ pub type BN382FrPoseidonHashGadget = PoseidonHashGadget< BN382FrPoseidonParameters, BN382FrQuinticSbox, BN382FrQuinticSBoxGadget, ->; \ No newline at end of file +>; diff --git a/r1cs/gadgets/crypto/src/crh/poseidon/mnt4753.rs b/r1cs/gadgets/crypto/src/crh/poseidon/mnt4753.rs index 9dbf2010f..af2a3a6d2 100644 --- a/r1cs/gadgets/crypto/src/crh/poseidon/mnt4753.rs +++ b/r1cs/gadgets/crypto/src/crh/poseidon/mnt4753.rs @@ -1,16 +1,11 @@ +use crate::crh::{poseidon::PoseidonHashGadget, sbox::InverseSBoxGadget}; use algebra::fields::mnt4753::Fr as MNT4753Fr; -use primitives::crh::parameters::{ - MNT4753PoseidonParameters, MNT4InversePoseidonSBox, -}; -use crate::crh::{ - sbox::InverseSBoxGadget, - poseidon::PoseidonHashGadget, -}; +use primitives::crh::parameters::{MNT4753PoseidonParameters, MNT4InversePoseidonSBox}; type MNT4InverseSBoxGadget = InverseSBoxGadget; pub type MNT4PoseidonHashGadget = PoseidonHashGadget< MNT4753Fr, MNT4753PoseidonParameters, MNT4InversePoseidonSBox, - MNT4InverseSBoxGadget + MNT4InverseSBoxGadget, >; diff --git a/r1cs/gadgets/crypto/src/crh/poseidon/mnt6753.rs b/r1cs/gadgets/crypto/src/crh/poseidon/mnt6753.rs index b48bcfb35..006cc598e 100644 --- a/r1cs/gadgets/crypto/src/crh/poseidon/mnt6753.rs +++ b/r1cs/gadgets/crypto/src/crh/poseidon/mnt6753.rs @@ -1,16 +1,11 @@ +use crate::crh::{poseidon::PoseidonHashGadget, sbox::InverseSBoxGadget}; use algebra::fields::mnt6753::Fr as MNT6753Fr; -use primitives::crh::parameters::{ - MNT6753PoseidonParameters, MNT6InversePoseidonSBox -}; -use crate::crh::{ - sbox::InverseSBoxGadget, - poseidon::PoseidonHashGadget, -}; +use primitives::crh::parameters::{MNT6753PoseidonParameters, MNT6InversePoseidonSBox}; type MNT6InverseSBoxGadget = InverseSBoxGadget; pub type MNT6PoseidonHashGadget = PoseidonHashGadget< MNT6753Fr, MNT6753PoseidonParameters, MNT6InversePoseidonSBox, - MNT6InverseSBoxGadget + MNT6InverseSBoxGadget, >; diff --git a/r1cs/gadgets/crypto/src/crh/poseidon/mod.rs b/r1cs/gadgets/crypto/src/crh/poseidon/mod.rs index e8bee7261..b3482d502 100644 --- a/r1cs/gadgets/crypto/src/crh/poseidon/mod.rs +++ b/r1cs/gadgets/crypto/src/crh/poseidon/mod.rs @@ -1,17 +1,11 @@ +use crate::crh::{FieldBasedHashGadget, SBoxGadget}; use algebra::PrimeField; -use primitives::crh::poseidon::{ - PoseidonHash, PoseidonParameters -}; -use crate::crh::{ - SBoxGadget, FieldBasedHashGadget -}; +use primitives::crh::poseidon::{PoseidonHash, PoseidonParameters}; +use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::{ - fields::{ - FieldGadget, fp::FpGadget - }, alloc::ConstantGadget, + fields::{fp::FpGadget, FieldGadget}, }; -use r1cs_core::{ConstraintSystem, SynthesisError}; use std::marker::PhantomData; #[cfg(feature = "mnt4_753")] @@ -36,39 +30,34 @@ pub use self::bn382::*; use primitives::SBox; -pub struct PoseidonHashGadget -< +pub struct PoseidonHashGadget< ConstraintF: PrimeField, - P: PoseidonParameters, - SB: SBox, - SBG: SBoxGadget, -> -{ - _field: PhantomData, - _parameters: PhantomData

, - _sbox: PhantomData, - _sbox_gadget: PhantomData, + P: PoseidonParameters, + SB: SBox, + SBG: SBoxGadget, +> { + _field: PhantomData, + _parameters: PhantomData

, + _sbox: PhantomData, + _sbox_gadget: PhantomData, } impl< - ConstraintF: PrimeField, - P: PoseidonParameters, - SB: SBox, - SBG: SBoxGadget -> PoseidonHashGadget + ConstraintF: PrimeField, + P: PoseidonParameters, + SB: SBox, + SBG: SBoxGadget, + > PoseidonHashGadget { - fn poseidon_perm>( mut cs: CS, state: &mut [FpGadget], - ) -> Result<(), SynthesisError> - { + ) -> Result<(), SynthesisError> { // index that goes over the round constants let mut round_cst_idx = 0; // First full rounds for i in 0..P::R_F { - // Add the round constants to the state vector for d in state.iter_mut() { // Temporary workaround: hardcoding the round constant and using it @@ -76,7 +65,7 @@ impl< // helps reducing the R1CS density a little. let rc = FpGadget::::from_value( cs.ns(|| format!("hardcode round constant {}", round_cst_idx)), - &P::ROUND_CST[round_cst_idx] + &P::ROUND_CST[round_cst_idx], ); *d = rc.add(cs.ns(|| format!("add_constant_{}", round_cst_idx)), d)?; round_cst_idx += 1; @@ -84,17 +73,18 @@ impl< // Apply the S-BOX to each of the elements of the state vector for (j, d) in state.iter_mut().enumerate() { - SBG::apply(cs.ns(||format!("S-Box_1_{}_{}",i, j)), d)?; + SBG::apply(cs.ns(|| format!("S-Box_1_{}_{}", i, j)), d)?; } // Perform the matrix mix - Self::matrix_mix (cs.ns(|| format!("poseidon_mix_matrix_first_full_round_{}", i)), state)?; - + Self::matrix_mix( + cs.ns(|| format!("poseidon_mix_matrix_first_full_round_{}", i)), + state, + )?; } // Partial rounds for _i in 0..P::R_P { - // Add the round constants to the state vector for d in state.iter_mut() { // Temporary workaround: hardcoding the round constant and using it @@ -102,25 +92,24 @@ impl< // helps reducing the R1CS density a little. let rc = FpGadget::::from_value( cs.ns(|| format!("hardcode round constant {}", round_cst_idx)), - &P::ROUND_CST[round_cst_idx] + &P::ROUND_CST[round_cst_idx], ); *d = rc.add(cs.ns(|| format!("add_constant_{}", round_cst_idx)), d)?; round_cst_idx += 1; } // Apply S-Box only to the first element of the state vector - SBG::apply( - cs.ns(||format!("S-Box_2_{}_{}",_i, 0)), - &mut state[0] - )?; + SBG::apply(cs.ns(|| format!("S-Box_2_{}_{}", _i, 0)), &mut state[0])?; // Perform the matrix mix - Self::matrix_mix (cs.ns(|| format!("poseidon_mix_matrix_partial_round_{}", _i)), state)?; + Self::matrix_mix( + cs.ns(|| format!("poseidon_mix_matrix_partial_round_{}", _i)), + state, + )?; } // Second full rounds for _i in 0..P::R_F { - // Add the round constants to the state vector for d in state.iter_mut() { // Temporary workaround: hardcoding the round constant and using it @@ -128,7 +117,7 @@ impl< // helps reducing the R1CS density a little. let rc = FpGadget::::from_value( cs.ns(|| format!("hardcode round constant {}", round_cst_idx)), - &P::ROUND_CST[round_cst_idx] + &P::ROUND_CST[round_cst_idx], ); *d = rc.add(cs.ns(|| format!("add_constant_{}", round_cst_idx)), d)?; round_cst_idx += 1; @@ -140,7 +129,10 @@ impl< } // Perform the matrix mix - Self::matrix_mix(cs.ns(|| format!("poseidon_mix_matrix_second_full_round_{}", _i)), state)?; + Self::matrix_mix( + cs.ns(|| format!("poseidon_mix_matrix_second_full_round_{}", _i)), + state, + )?; } Ok(()) } @@ -151,12 +143,17 @@ impl< res: &mut FpGadget, state: &mut [FpGadget], mut start_idx_cst: usize, - ) -> Result<(), SynthesisError> - { + ) -> Result<(), SynthesisError> { for x in state.iter() { - let elem = x.mul_by_constant(cs.ns(|| format!("partial_product_{}", start_idx_cst)), &P::MDS_CST[start_idx_cst])?; + let elem = x.mul_by_constant( + cs.ns(|| format!("partial_product_{}", start_idx_cst)), + &P::MDS_CST[start_idx_cst], + )?; start_idx_cst += 1; - (*res).add_in_place(cs.ns(|| format!("add_partial_product_{}", start_idx_cst)), &elem)?; + (*res).add_in_place( + cs.ns(|| format!("add_partial_product_{}", start_idx_cst)), + &elem, + )?; } Ok(()) @@ -166,9 +163,7 @@ impl< fn matrix_mix>( mut cs: CS, state: &mut [FpGadget], - ) -> Result<(), SynthesisError> - { - + ) -> Result<(), SynthesisError> { // Check that the length of the state vector is t assert_eq!(state.len(), P::T); @@ -177,14 +172,22 @@ impl< // Initialize new destination state vector with zero elements for i in 0..P::T { - let elem = FpGadget::::from_value(cs.ns(|| format!("hardcode_new_state_elem_{}", i)), &P::ZERO); + let elem = FpGadget::::from_value( + cs.ns(|| format!("hardcode_new_state_elem_{}", i)), + &P::ZERO, + ); new_state.push(elem); } // Performs the dot products let mut idx_cst = 0; for i in 0..P::T { - Self::dot_prod(cs.ns(|| format!("poseidon_dot_product_{}", i)), &mut new_state[i], state, idx_cst)?; + Self::dot_prod( + cs.ns(|| format!("poseidon_dot_product_{}", i)), + &mut new_state[i], + state, + idx_cst, + )?; idx_cst += P::T; } @@ -199,11 +202,11 @@ impl< impl FieldBasedHashGadget, ConstraintF> for PoseidonHashGadget - where - ConstraintF: PrimeField, - P: PoseidonParameters, - SB: SBox, - SBG: SBoxGadget, +where + ConstraintF: PrimeField, + P: PoseidonParameters, + SB: SBox, + SBG: SBoxGadget, { type DataGadget = FpGadget; @@ -211,18 +214,20 @@ impl FieldBasedHashGadget Result - // Assumption: +// Assumption: // capacity c = 1 { if input.len() == 0 { - Err(SynthesisError::Other("Input data array does not contain any data".to_owned()))? + Err(SynthesisError::Other( + "Input data array does not contain any data".to_owned(), + ))? } let mut state = Vec::new(); for i in 0..P::T { let elem = FpGadget::::from_value( - cs.ns(|| format!("hardcode_state_{}",i)), - &P::AFTER_ZERO_PERM[i] + cs.ns(|| format!("hardcode_state_{}", i)), + &P::AFTER_ZERO_PERM[i], ); state.push(elem); } @@ -240,7 +245,10 @@ impl FieldBasedHashGadget FieldBasedHashGadget FieldBasedHashGadget(num: usize) -> Vec{ + fn generate_inputs(num: usize) -> Vec { let mut inputs = Vec::with_capacity(num); for i in 1..=num { let input = F::from(i as u32); @@ -283,7 +294,9 @@ mod test { use crate::MNT4PoseidonHashGadget; for ins in 1..=3 { - constant_length_field_based_hash_gadget_native_test::<_, _, MNT4PoseidonHashGadget>(generate_inputs(ins)); + constant_length_field_based_hash_gadget_native_test::<_, _, MNT4PoseidonHashGadget>( + generate_inputs(ins), + ); } } @@ -293,7 +306,9 @@ mod test { use crate::MNT6PoseidonHashGadget; for ins in 1..=3 { - constant_length_field_based_hash_gadget_native_test::<_, _, MNT6PoseidonHashGadget>(generate_inputs(ins)); + constant_length_field_based_hash_gadget_native_test::<_, _, MNT6PoseidonHashGadget>( + generate_inputs(ins), + ); } } @@ -303,7 +318,9 @@ mod test { use crate::BN382FrPoseidonHashGadget; for ins in 1..=3 { - constant_length_field_based_hash_gadget_native_test::<_, _, BN382FrPoseidonHashGadget>(generate_inputs(ins)); + constant_length_field_based_hash_gadget_native_test::<_, _, BN382FrPoseidonHashGadget>( + generate_inputs(ins), + ); } } @@ -313,7 +330,9 @@ mod test { use crate::BN382FqPoseidonHashGadget; for ins in 1..=3 { - constant_length_field_based_hash_gadget_native_test::<_, _, BN382FqPoseidonHashGadget>(generate_inputs(ins)); + constant_length_field_based_hash_gadget_native_test::<_, _, BN382FqPoseidonHashGadget>( + generate_inputs(ins), + ); } } @@ -323,7 +342,9 @@ mod test { use crate::TweedleFrPoseidonHashGadget; for ins in 1..=3 { - constant_length_field_based_hash_gadget_native_test::<_, _, TweedleFrPoseidonHashGadget>(generate_inputs(ins)); + constant_length_field_based_hash_gadget_native_test::<_, _, TweedleFrPoseidonHashGadget>( + generate_inputs(ins), + ); } } @@ -333,7 +354,9 @@ mod test { use crate::TweedleFqPoseidonHashGadget; for ins in 1..=3 { - constant_length_field_based_hash_gadget_native_test::<_, _, TweedleFqPoseidonHashGadget>(generate_inputs(ins)); + constant_length_field_based_hash_gadget_native_test::<_, _, TweedleFqPoseidonHashGadget>( + generate_inputs(ins), + ); } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/crh/poseidon/tweedle.rs b/r1cs/gadgets/crypto/src/crh/poseidon/tweedle.rs index 114958e14..3083f084d 100644 --- a/r1cs/gadgets/crypto/src/crh/poseidon/tweedle.rs +++ b/r1cs/gadgets/crypto/src/crh/poseidon/tweedle.rs @@ -1,11 +1,8 @@ +use crate::crh::{poseidon::PoseidonHashGadget, sbox::QuinticSBoxGadget}; use algebra::fields::tweedle::{Fq, Fr}; use primitives::crh::parameters::{ - TweedleFqPoseidonParameters, TweedleFqQuinticSbox, - TweedleFrPoseidonParameters, TweedleFrQuinticSbox, -}; -use crate::crh::{ - sbox::QuinticSBoxGadget, - poseidon::PoseidonHashGadget, + TweedleFqPoseidonParameters, TweedleFqQuinticSbox, TweedleFrPoseidonParameters, + TweedleFrQuinticSbox, }; type TweedleFqQuinticSboxGadget = QuinticSBoxGadget; @@ -13,7 +10,7 @@ pub type TweedleFqPoseidonHashGadget = PoseidonHashGadget< Fq, TweedleFqPoseidonParameters, TweedleFqQuinticSbox, - TweedleFqQuinticSboxGadget + TweedleFqQuinticSboxGadget, >; type TweedleFrQuinticSboxGadget = QuinticSBoxGadget; @@ -21,5 +18,5 @@ pub type TweedleFrPoseidonHashGadget = PoseidonHashGadget< Fr, TweedleFrPoseidonParameters, TweedleFrQuinticSbox, - TweedleFrQuinticSboxGadget + TweedleFrQuinticSboxGadget, >; diff --git a/r1cs/gadgets/crypto/src/crh/sbox.rs b/r1cs/gadgets/crypto/src/crh/sbox.rs index 9dac30dc8..30c654f1f 100644 --- a/r1cs/gadgets/crypto/src/crh/sbox.rs +++ b/r1cs/gadgets/crypto/src/crh/sbox.rs @@ -1,22 +1,21 @@ use algebra::PrimeField; -use r1cs_core::{ - ConstraintSystem, SynthesisError -}; use primitives::SBox; +use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::{ - fields::{ - fp::FpGadget, FieldGadget, - }, - bits::boolean::Boolean, alloc::AllocGadget, + bits::boolean::Boolean, eq::EqGadget, - Assignment + fields::{fp::FpGadget, FieldGadget}, + Assignment, }; use std::marker::PhantomData; pub trait SBoxGadget> { /// Enforce S(x) - fn apply>(cs: CS, x: &mut FpGadget) -> Result<(), SynthesisError>; + fn apply>( + cs: CS, + x: &mut FpGadget, + ) -> Result<(), SynthesisError>; } pub struct InverseSBoxGadget> { @@ -24,10 +23,14 @@ pub struct InverseSBoxGadget, } -impl> SBoxGadget for InverseSBoxGadget { - +impl> SBoxGadget + for InverseSBoxGadget +{ // Enforce S(x) = X^-1 if X != 0 otherwise X - fn apply>(mut cs: CS, x: &mut FpGadget) -> Result<(), SynthesisError>{ + fn apply>( + mut cs: CS, + x: &mut FpGadget, + ) -> Result<(), SynthesisError> { let b = Boolean::alloc(cs.ns(|| "alloc b"), || { let x_val = x.get_value().get()?; if x_val == ConstraintF::zero() { @@ -65,15 +68,16 @@ pub struct QuinticSBoxGadget, } -impl> SBoxGadget for QuinticSBoxGadget { - +impl> SBoxGadget + for QuinticSBoxGadget +{ // Enforce S(X) = X^5 - fn apply>(mut cs: CS, x: &mut FpGadget) -> Result<(), SynthesisError> - { - let x4 = x - .square(cs.ns(|| "x^2"))? - .square(cs.ns(|| "x^4"))?; + fn apply>( + mut cs: CS, + x: &mut FpGadget, + ) -> Result<(), SynthesisError> { + let x4 = x.square(cs.ns(|| "x^2"))?.square(cs.ns(|| "x^4"))?; x.mul_in_place(cs.ns(|| "x^5"), &x4)?; Ok(()) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/lib.rs b/r1cs/gadgets/crypto/src/lib.rs index 869705588..e8740b6c9 100644 --- a/r1cs/gadgets/crypto/src/lib.rs +++ b/r1cs/gadgets/crypto/src/lib.rs @@ -32,4 +32,4 @@ pub use self::vrf::*; #[cfg(feature = "nizk")] pub mod nizk; #[cfg(feature = "nizk")] -pub use self::nizk::*; \ No newline at end of file +pub use self::nizk::*; diff --git a/r1cs/gadgets/crypto/src/merkle_tree/field_based_mht/mod.rs b/r1cs/gadgets/crypto/src/merkle_tree/field_based_mht/mod.rs index ac3d7b5d4..782c59207 100644 --- a/r1cs/gadgets/crypto/src/merkle_tree/field_based_mht/mod.rs +++ b/r1cs/gadgets/crypto/src/merkle_tree/field_based_mht/mod.rs @@ -1,16 +1,10 @@ -use algebra::{Field, PrimeField, FpParameters}; +use algebra::{Field, FpParameters, PrimeField}; use r1cs_core::{ConstraintSystem, SynthesisError}; -use r1cs_std::{ - prelude::*, - fields::fp::FpGadget, -}; - -use primitives::{ - crh::FieldBasedHash, - merkle_tree::field_based_mht::*, -}; +use r1cs_std::{fields::fp::FpGadget, prelude::*}; + use crate::crh::FieldBasedHashGadget; use crate::FieldBasedMerkleTreePathGadget; +use primitives::{crh::FieldBasedHash, merkle_tree::field_based_mht::*}; use std::borrow::Borrow; use std::marker::PhantomData; @@ -19,29 +13,28 @@ use std::marker::PhantomData; #[derivative( PartialEq(bound = "P: FieldBasedMerkleTreeParameters"), Eq(bound = "P: FieldBasedMerkleTreeParameters"), - Clone(bound = "P: FieldBasedMerkleTreeParameters"), + Clone(bound = "P: FieldBasedMerkleTreeParameters") )] pub struct FieldBasedBinaryMerkleTreePathGadget - where - P: FieldBasedMerkleTreeParameters, - HGadget: FieldBasedHashGadget, - ConstraintF: Field, +where + P: FieldBasedMerkleTreeParameters, + HGadget: FieldBasedHashGadget, + ConstraintF: Field, { path: Vec<(HGadget::DataGadget, Boolean)>, } impl FieldBasedBinaryMerkleTreePathGadget - where - P: FieldBasedMerkleTreeParameters, - HGadget: FieldBasedHashGadget, - ConstraintF: PrimeField, +where + P: FieldBasedMerkleTreeParameters, + HGadget: FieldBasedHashGadget, + ConstraintF: PrimeField, { pub fn enforce_leaf_index_bits>( &self, cs: CS, leaf_index_bits: &[Boolean], - ) -> Result<(), SynthesisError> - { + ) -> Result<(), SynthesisError> { self.conditionally_enforce_leaf_index_bits(cs, leaf_index_bits, &Boolean::Constant(true)) } @@ -49,29 +42,32 @@ impl FieldBasedBinaryMerkleTreePathGadget Result<(), SynthesisError> - { - for (i, ((_, path_bit), leaf_index_bit)) in self.path - .iter().zip(leaf_index_bits.iter().rev()).enumerate() - { - path_bit.conditional_enforce_equal( - cs.ns(|| format!("index_equality_{}", i)), - leaf_index_bit, - should_enforce - )?; - } + should_enforce: &Boolean, + ) -> Result<(), SynthesisError> { + for (i, ((_, path_bit), leaf_index_bit)) in self + .path + .iter() + .zip(leaf_index_bits.iter().rev()) + .enumerate() + { + path_bit.conditional_enforce_equal( + cs.ns(|| format!("index_equality_{}", i)), + leaf_index_bit, + should_enforce, + )?; + } Ok(()) } } -impl FieldBasedMerkleTreePathGadget, P::H, HGadget, ConstraintF> -for FieldBasedBinaryMerkleTreePathGadget - where - P: FieldBasedMerkleTreeParameters, - HGadget: FieldBasedHashGadget, - ConstraintF: PrimeField, +impl + FieldBasedMerkleTreePathGadget, P::H, HGadget, ConstraintF> + for FieldBasedBinaryMerkleTreePathGadget +where + P: FieldBasedMerkleTreeParameters, + HGadget: FieldBasedHashGadget, + ConstraintF: PrimeField, { fn length(&self) -> usize { self.path.len() @@ -87,19 +83,20 @@ for FieldBasedBinaryMerkleTreePathGadget let mut previous_hash = (*leaf).clone(); for (i, &(ref sibling_hash, ref direction)) in self.path.iter().enumerate() { - //Select left hash based on direction - let lhs = HGadget::DataGadget::conditionally_select(cs.ns(|| format!("Choose left hash {}", i)), - direction, - &sibling_hash, - &previous_hash + let lhs = HGadget::DataGadget::conditionally_select( + cs.ns(|| format!("Choose left hash {}", i)), + direction, + &sibling_hash, + &previous_hash, )?; //Select right hash based on direction - let rhs = HGadget::DataGadget::conditionally_select(cs.ns(|| format!("Choose right hash {}", i)), - direction, - &previous_hash, - &sibling_hash + let rhs = HGadget::DataGadget::conditionally_select( + cs.ns(|| format!("Choose right hash {}", i)), + direction, + &previous_hash, + &sibling_hash, )?; previous_hash = hash_inner_node_gadget::( @@ -119,18 +116,17 @@ for FieldBasedBinaryMerkleTreePathGadget &self, mut cs: CS, leaf_index: &FpGadget, - should_enforce: &Boolean - ) -> Result<(), SynthesisError> - { + should_enforce: &Boolean, + ) -> Result<(), SynthesisError> { let leaf_index_bits = leaf_index.to_bits_with_length_restriction( cs.ns(|| "get leaf index bits"), - (ConstraintF::Params::MODULUS_BITS as usize) - self.path.len() + (ConstraintF::Params::MODULUS_BITS as usize) - self.path.len(), )?; self.conditionally_enforce_leaf_index_bits( cs.ns(|| "enforce leaf index bits"), leaf_index_bits.as_slice(), - should_enforce + should_enforce, )?; Ok(()) @@ -138,24 +134,23 @@ for FieldBasedBinaryMerkleTreePathGadget } pub struct FieldBasedMerkleTreeGadget - where - P: FieldBasedMerkleTreeParameters, - HGadget: FieldBasedHashGadget, - ConstraintF: PrimeField, +where + P: FieldBasedMerkleTreeParameters, + HGadget: FieldBasedHashGadget, + ConstraintF: PrimeField, { - _params: PhantomData

, - _hash_gadget: PhantomData, - _field: PhantomData, + _params: PhantomData

, + _hash_gadget: PhantomData, + _field: PhantomData, } impl FieldBasedMerkleTreeGadget - where - P: FieldBasedMerkleTreeParameters, - HGadget: FieldBasedHashGadget, - ConstraintF: PrimeField, +where + P: FieldBasedMerkleTreeParameters, + HGadget: FieldBasedHashGadget, + ConstraintF: PrimeField, { - pub fn check_leaves> - ( + pub fn check_leaves>( cs: CS, leaves: &[HGadget::DataGadget], root: &HGadget::DataGadget, @@ -167,8 +162,7 @@ impl FieldBasedMerkleTreeGadget> - ( + pub fn conditionally_check_leaves>( mut cs: CS, leaves: &[HGadget::DataGadget], root: &HGadget::DataGadget, @@ -176,7 +170,9 @@ impl FieldBasedMerkleTreeGadget Result<(), SynthesisError> { if leaves.len() != 2_usize.pow(height as u32) { - Err(SynthesisError::Other("Leaves number must be a power of 2".to_owned()))? + Err(SynthesisError::Other( + "Leaves number must be a power of 2".to_owned(), + ))? } let mut prev_level_nodes = leaves.to_vec(); @@ -220,29 +216,29 @@ pub(crate) fn hash_inner_node_gadget( left_child: HG::DataGadget, right_child: HG::DataGadget, ) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, - H: FieldBasedHash, - HG: FieldBasedHashGadget, +where + ConstraintF: Field, + CS: ConstraintSystem, + H: FieldBasedHash, + HG: FieldBasedHashGadget, { HG::enforce_hash_constant_length(cs, &[left_child, right_child]) } impl AllocGadget, ConstraintF> -for FieldBasedBinaryMerkleTreePathGadget - where - P: FieldBasedMerkleTreeParameters, - HGadget: FieldBasedHashGadget, - ConstraintF: Field, + for FieldBasedBinaryMerkleTreePathGadget +where + P: FieldBasedMerkleTreeParameters, + HGadget: FieldBasedHashGadget, + ConstraintF: Field, { fn alloc>( mut cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let mut path = Vec::new(); for (i, &(ref sibling, ref d)) in value_gen()?.borrow().get_raw_path().iter().enumerate() { @@ -251,9 +247,7 @@ for FieldBasedBinaryMerkleTreePathGadget Ok(sibling) })?; let direction = - Boolean::alloc(&mut cs.ns(|| format!("direction_bit_{}", i)), || { - Ok(d) - })?; + Boolean::alloc(&mut cs.ns(|| format!("direction_bit_{}", i)), || Ok(d))?; path.push((sibling_hash, direction)); } Ok(FieldBasedBinaryMerkleTreePathGadget { path }) @@ -263,20 +257,18 @@ for FieldBasedBinaryMerkleTreePathGadget mut cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let mut path = Vec::new(); for (i, &(ref sibling, ref d)) in value_gen()?.borrow().get_raw_path().iter().enumerate() { - let sibling_hash = - HGadget::DataGadget::alloc_input(&mut cs.ns(|| format!("sibling_hash_{}", i)), || { - Ok(sibling) - })?; + let sibling_hash = HGadget::DataGadget::alloc_input( + &mut cs.ns(|| format!("sibling_hash_{}", i)), + || Ok(sibling), + )?; let direction = - Boolean::alloc_input(&mut cs.ns(|| format!("direction_bit_{}", i)), || { - Ok(d) - })?; + Boolean::alloc_input(&mut cs.ns(|| format!("direction_bit_{}", i)), || Ok(d))?; path.push((sibling_hash, direction)); } Ok(FieldBasedBinaryMerkleTreePathGadget { path }) @@ -284,18 +276,21 @@ for FieldBasedBinaryMerkleTreePathGadget } impl ConstantGadget, ConstraintF> -for FieldBasedBinaryMerkleTreePathGadget - where - P: FieldBasedMerkleTreeParameters, - HGadget: FieldBasedHashGadget, - ConstraintF: Field, + for FieldBasedBinaryMerkleTreePathGadget +where + P: FieldBasedMerkleTreeParameters, + HGadget: FieldBasedHashGadget, + ConstraintF: Field, { - fn from_value>(mut cs: CS, value: &FieldBasedBinaryMHTPath

) -> Self { + fn from_value>( + mut cs: CS, + value: &FieldBasedBinaryMHTPath

, + ) -> Self { let mut path = Vec::new(); for (i, (sibling, d)) in value.get_raw_path().iter().enumerate() { let sibling_hash = HGadget::DataGadget::from_value( cs.ns(|| format!("hardcode sibling {}", i)), - sibling + sibling, ); let direction = Boolean::Constant(*d); path.push((sibling_hash, direction)); @@ -315,25 +310,36 @@ for FieldBasedBinaryMerkleTreePathGadget } impl EqGadget -for FieldBasedBinaryMerkleTreePathGadget - where - P: FieldBasedMerkleTreeParameters, - HGadget: FieldBasedHashGadget, - ConstraintF: Field, + for FieldBasedBinaryMerkleTreePathGadget +where + P: FieldBasedMerkleTreeParameters, + HGadget: FieldBasedHashGadget, + ConstraintF: Field, { - fn is_eq>(&self, mut cs: CS, other: &Self) -> Result { + fn is_eq>( + &self, + mut cs: CS, + other: &Self, + ) -> Result { let mut v = Vec::new(); let len = self.path.len(); if self.path.len() != other.path.len() { - Err(SynthesisError::Other(format!( - "Paths length must be the same. Self len:{}, Other len: {}", - self.path.len(), - other.path.len() - ).to_owned()))? + Err(SynthesisError::Other( + format!( + "Paths length must be the same. Self len:{}, Other len: {}", + self.path.len(), + other.path.len() + ) + .to_owned(), + ))? } for i in 0..len { - let b1_i = &self.path[i].0.is_eq(cs.ns(|| format!("b1_{}", i)), &other.path[i].0)?; - let b2_i = &self.path[i].1.is_eq(cs.ns(|| format!("b2_{}", i)), &other.path[i].1)?; + let b1_i = &self.path[i] + .0 + .is_eq(cs.ns(|| format!("b1_{}", i)), &other.path[i].0)?; + let b2_i = &self.path[i] + .1 + .is_eq(cs.ns(|| format!("b2_{}", i)), &other.path[i].1)?; let b_i = Boolean::and(cs.ns(|| format!("b1_{} && b2_{}", i, i)), &b1_i, &b2_i)?; v.push(b_i); } @@ -344,19 +350,30 @@ for FieldBasedBinaryMerkleTreePathGadget &self, mut cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { let len = self.path.len(); if self.path.len() != other.path.len() { - Err(SynthesisError::Other(format!( - "Paths length must be the same. Self len:{}, Other len: {}", - self.path.len(), - other.path.len() - ).to_owned()))? + Err(SynthesisError::Other( + format!( + "Paths length must be the same. Self len:{}, Other len: {}", + self.path.len(), + other.path.len() + ) + .to_owned(), + ))? } for i in 0..len { - &self.path[i].0.conditional_enforce_equal(cs.ns(|| format!("conditional_eq_1_{}", i)), &other.path[i].0, should_enforce)?; - &self.path[i].1.conditional_enforce_equal(cs.ns(|| format!("conditional_eq_2_{}", i)), &other.path[i].1, should_enforce)?; + &self.path[i].0.conditional_enforce_equal( + cs.ns(|| format!("conditional_eq_1_{}", i)), + &other.path[i].0, + should_enforce, + )?; + &self.path[i].1.conditional_enforce_equal( + cs.ns(|| format!("conditional_eq_2_{}", i)), + &other.path[i].1, + should_enforce, + )?; } Ok(()) } @@ -365,19 +382,30 @@ for FieldBasedBinaryMerkleTreePathGadget &self, mut cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { let len = self.path.len(); if self.path.len() != other.path.len() { - Err(SynthesisError::Other(format!( - "Paths length must be the same. Self len:{}, Other len: {}", - self.path.len(), - other.path.len() - ).to_owned()))? + Err(SynthesisError::Other( + format!( + "Paths length must be the same. Self len:{}, Other len: {}", + self.path.len(), + other.path.len() + ) + .to_owned(), + ))? } for i in 0..len { - &self.path[i].0.conditional_enforce_not_equal(cs.ns(|| format!("conditional_neq_1_{}", i)), &other.path[i].0, should_enforce)?; - &self.path[i].1.conditional_enforce_not_equal(cs.ns(|| format!("conditional_neq_2_{}", i)), &other.path[i].1, should_enforce)?; + &self.path[i].0.conditional_enforce_not_equal( + cs.ns(|| format!("conditional_neq_1_{}", i)), + &other.path[i].0, + should_enforce, + )?; + &self.path[i].1.conditional_enforce_not_equal( + cs.ns(|| format!("conditional_neq_2_{}", i)), + &other.path[i].1, + should_enforce, + )?; } Ok(()) } @@ -385,20 +413,16 @@ for FieldBasedBinaryMerkleTreePathGadget #[cfg(test)] mod test { - use primitives::{ - crh::MNT4PoseidonHash, - merkle_tree::field_based_mht::*, - }; + use super::*; use crate::crh::MNT4PoseidonHashGadget; use algebra::fields::mnt4753::Fr; + use primitives::{crh::MNT4PoseidonHash, merkle_tree::field_based_mht::*}; use r1cs_core::ConstraintSystem; - use rand::{Rng, SeedableRng}; - use rand_xorshift::XorShiftRng; - use super::*; use r1cs_std::{ - instantiated::mnt6_753::FqGadget, - test_constraint_system::TestConstraintSystem, + instantiated::mnt6_753::FqGadget, test_constraint_system::TestConstraintSystem, }; + use rand::{Rng, SeedableRng}; + use rand_xorshift::XorShiftRng; #[derive(Clone)] struct MNT4753FieldBasedMerkleTreeParams; @@ -407,7 +431,9 @@ mod test { type Data = Fr; type H = MNT4PoseidonHash; const MERKLE_ARITY: usize = 2; - const ZERO_NODE_CST: Option> = None; + const ZERO_NODE_CST: Option< + FieldBasedMerkleTreePrecomputedZeroConstants<'static, Self::H>, + > = None; } type MNT4753FieldBasedMerkleTree = NaiveMerkleTree; @@ -417,7 +443,6 @@ mod test { const TEST_HEIGHT: usize = 5; fn check_merkle_paths(leaves: &[Fr], use_bad_root: bool) -> bool { - let mut tree = MNT4753FieldBasedMerkleTree::new(TEST_HEIGHT); tree.append(leaves).unwrap(); let root = tree.root().unwrap(); @@ -430,17 +455,14 @@ mod test { assert!(proof.verify(TEST_HEIGHT, &leaf, &root).unwrap()); // Allocate Merkle Tree Root - let root = FqGadget::alloc( - &mut cs.ns(|| format!("new_digest_{}", i)), - || { - if use_bad_root { - Ok(Fr::zero()) - } else { - Ok(root) - } - }, - ) - .unwrap(); + let root = FqGadget::alloc(&mut cs.ns(|| format!("new_digest_{}", i)), || { + if use_bad_root { + Ok(Fr::zero()) + } else { + Ok(root) + } + }) + .unwrap(); // Allocate Leaf let leaf_g = FqGadget::alloc(cs.ns(|| "alloc leaf"), || Ok(leaf)).unwrap(); @@ -450,7 +472,7 @@ mod test { &mut cs.ns(|| format!("new_witness_{}", i)), || Ok(proof), ) - .unwrap(); + .unwrap(); // Check_membership test cw.check_membership( @@ -458,30 +480,32 @@ mod test { &root, &leaf_g, ) - .unwrap(); + .unwrap(); // Enforce Merkle Path test - let root_1 = cw.enforce_root_from_leaf( - &mut cs.ns(|| format!("enforce_root_from_leaf_{}", i)), - &leaf_g, - ).unwrap(); + let root_1 = cw + .enforce_root_from_leaf( + &mut cs.ns(|| format!("enforce_root_from_leaf_{}", i)), + &leaf_g, + ) + .unwrap(); root.enforce_equal( &mut cs.ns(|| format!("check_{} root == root_1", i)), &root_1, - ).unwrap(); + ) + .unwrap(); // Enforce leaf_index check let fe_index = Fr::from(i as u32); - let fe_index_g = FqGadget::alloc( - cs.ns(|| format!("alloc_index_{}", i)), - || Ok(fe_index) - ).unwrap(); + let fe_index_g = + FqGadget::alloc(cs.ns(|| format!("alloc_index_{}", i)), || Ok(fe_index)).unwrap(); cw.enforce_leaf_index( &mut cs.ns(|| format!("enforce_leaf_index_{}", i)), - &fe_index_g - ).unwrap(); + &fe_index_g, + ) + .unwrap(); if !cs.is_satisfied() { satisfied = false; @@ -496,7 +520,6 @@ mod test { } fn check_leaves(leaves: &[Fr], use_bad_root: bool) -> bool { - let mut tree = MNT4753FieldBasedMerkleTree::new(TEST_HEIGHT); tree.append(leaves).unwrap(); let root = tree.root().unwrap(); @@ -505,22 +528,20 @@ mod test { let mut cs = TestConstraintSystem::::new(); // Allocate Merkle Tree Root - let root = FqGadget::alloc( - &mut cs.ns(|| "root_digest_{}"), - || { - if use_bad_root { - Ok(Fr::zero()) - } else { - Ok(root) - } - }, - ) - .unwrap(); + let root = FqGadget::alloc(&mut cs.ns(|| "root_digest_{}"), || { + if use_bad_root { + Ok(Fr::zero()) + } else { + Ok(root) + } + }) + .unwrap(); //Alloc leaves let mut leaves_g = vec![]; for (i, leaf) in leaves.iter().enumerate() { - leaves_g.push(FqGadget::alloc(cs.ns(|| format!("alloc leaf_{}", i)), || Ok(leaf)).unwrap()); + leaves_g + .push(FqGadget::alloc(cs.ns(|| format!("alloc leaf_{}", i)), || Ok(leaf)).unwrap()); } //Check MR from leaves @@ -528,8 +549,9 @@ mod test { &mut cs.ns(|| "check all leaves belong to MT"), &leaves_g, &root, - TEST_HEIGHT - ).unwrap(); + TEST_HEIGHT, + ) + .unwrap(); if !cs.is_satisfied() { println!( @@ -600,4 +622,4 @@ mod test { assert!(!check_merkle_paths(&leaves, true)); assert!(!check_leaves(&leaves, true)); } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/merkle_tree/mod.rs b/r1cs/gadgets/crypto/src/merkle_tree/mod.rs index afa9a62c4..fef2759ee 100644 --- a/r1cs/gadgets/crypto/src/merkle_tree/mod.rs +++ b/r1cs/gadgets/crypto/src/merkle_tree/mod.rs @@ -2,21 +2,21 @@ use algebra::{Field, PrimeField}; use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; +use crate::{FieldBasedHashGadget, FixedLengthCRHGadget}; use primitives::{crh::FixedLengthCRH, merkle_tree::*, FieldBasedHash}; -use crate::{FixedLengthCRHGadget, FieldBasedHashGadget}; -use std::borrow::Borrow; use r1cs_std::fields::fp::FpGadget; +use std::borrow::Borrow; pub mod field_based_mht; pub trait FieldBasedMerkleTreePathGadget< P: FieldBasedMerkleTreePath, - H: FieldBasedHash, + H: FieldBasedHash, HGadget: FieldBasedHashGadget, ConstraintF: PrimeField, ->: AllocGadget + ConstantGadget + EqGadget + Clone -where +>: + AllocGadget + ConstantGadget + EqGadget + Clone { /// Return the length of the `self` path. fn length(&self) -> usize; @@ -40,18 +40,10 @@ where expected_root: &HGadget::DataGadget, leaf: &HGadget::DataGadget, should_enforce: &Boolean, - ) -> Result<(), SynthesisError> - { - let root = self.enforce_root_from_leaf( - cs.ns(|| "reconstruct root"), - leaf - )?; + ) -> Result<(), SynthesisError> { + let root = self.enforce_root_from_leaf(cs.ns(|| "reconstruct root"), leaf)?; - root.conditional_enforce_equal( - &mut cs.ns(|| "root_is_last"), - expected_root, - should_enforce, - ) + root.conditional_enforce_equal(&mut cs.ns(|| "root_is_last"), expected_root, should_enforce) } /// Enforce correct reconstruction of the root of the Merkle Tree @@ -69,12 +61,10 @@ where &self, cs: CS, leaf_index: &FpGadget, - ) -> Result<(), SynthesisError> - { + ) -> Result<(), SynthesisError> { self.conditionally_enforce_leaf_index(cs, leaf_index, &Boolean::Constant(true)) } - /// Given a field element `leaf_index` representing the position of a leaf in a /// Merkle Tree, enforce that the leaf index corresponding to `self` path is the /// same of `leaf_index` if `should_enforce` is True, otherwise enforce nothing. @@ -82,7 +72,7 @@ where &self, cs: CS, leaf_index: &FpGadget, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError>; } @@ -120,11 +110,14 @@ where should_enforce: &Boolean, ) -> Result<(), SynthesisError> { if self.path.len() != P::HEIGHT { - return Err(SynthesisError::Other(format!( - "Path length must be equal to height. Path len: {}, Height: {}", - self.path.len(), - P::HEIGHT - ).to_owned())); + return Err(SynthesisError::Other( + format!( + "Path length must be equal to height. Path len: {}, Height: {}", + self.path.len(), + P::HEIGHT + ) + .to_owned(), + )); } // Check that the hash of the given leaf matches the leaf hash in the membership @@ -139,19 +132,20 @@ where // Check levels between leaf level and root. let mut previous_hash = leaf_hash; for (i, &(ref sibling_hash, ref direction)) in self.path.iter().enumerate() { - //Select left hash based on direction - let lhs = CRHGadget::OutputGadget::conditionally_select(cs.ns(|| format!("Choose left hash {}", i)), - direction, - &sibling_hash, - &previous_hash + let lhs = CRHGadget::OutputGadget::conditionally_select( + cs.ns(|| format!("Choose left hash {}", i)), + direction, + &sibling_hash, + &previous_hash, )?; //Select right hash based on direction - let rhs = CRHGadget::OutputGadget::conditionally_select(cs.ns(|| format!("Choose right hash {}", i)), - direction, - &previous_hash, - &sibling_hash + let rhs = CRHGadget::OutputGadget::conditionally_select( + cs.ns(|| format!("Choose right hash {}", i)), + direction, + &previous_hash, + &sibling_hash, )?; previous_hash = hash_inner_node_gadget::( @@ -212,9 +206,7 @@ where Ok(sibling) })?; let direction = - Boolean::alloc(&mut cs.ns(|| format!("direction_bit_{}", i)), || { - Ok(d) - })?; + Boolean::alloc(&mut cs.ns(|| format!("direction_bit_{}", i)), || Ok(d))?; path.push((sibling_hash, direction)); } Ok(MerkleTreePathGadget { path }) @@ -230,14 +222,12 @@ where { let mut path = Vec::new(); for (i, &(ref sibling, ref d)) in value_gen()?.borrow().path.iter().enumerate() { - let sibling_hash = - HGadget::OutputGadget::alloc_input(&mut cs.ns(|| format!("sibling_hash_{}", i)), || { - Ok(sibling) - })?; + let sibling_hash = HGadget::OutputGadget::alloc_input( + &mut cs.ns(|| format!("sibling_hash_{}", i)), + || Ok(sibling), + )?; let direction = - Boolean::alloc_input(&mut cs.ns(|| format!("direction_bit_{}", i)), || { - Ok(d) - })?; + Boolean::alloc_input(&mut cs.ns(|| format!("direction_bit_{}", i)), || Ok(d))?; path.push((sibling_hash, direction)); } Ok(MerkleTreePathGadget { path }) @@ -248,27 +238,26 @@ where mod test { use std::rc::Rc; + use super::*; + use crate::crh::{ + injective_map::{PedersenCRHCompressorGadget, TECompressorGadget}, + FixedLengthCRHGadget, + }; + use algebra::{curves::jubjub::JubJubAffine as JubJub, fields::jubjub::fq::Fq}; use primitives::{ crh::{ - FixedLengthCRH, - pedersen::PedersenWindow, injective_map::{PedersenCRHCompressor, TECompressor}, + pedersen::PedersenWindow, + FixedLengthCRH, }, merkle_tree::*, }; - use crate::crh::{ - FixedLengthCRHGadget, - injective_map::{PedersenCRHCompressorGadget, TECompressorGadget}, - }; - use algebra::{curves::jubjub::JubJubAffine as JubJub, fields::jubjub::fq::Fq}; use r1cs_core::ConstraintSystem; - use rand::SeedableRng; - use rand_xorshift::XorShiftRng; - use super::*; use r1cs_std::{ - instantiated::jubjub::JubJubGadget, - test_constraint_system::TestConstraintSystem, + instantiated::jubjub::JubJubGadget, test_constraint_system::TestConstraintSystem, }; + use rand::SeedableRng; + use rand_xorshift::XorShiftRng; #[derive(Clone)] pub(super) struct Window4x128; @@ -278,7 +267,8 @@ mod test { } type H = PedersenCRHCompressor; - type HG = PedersenCRHCompressorGadget; + type HG = + PedersenCRHCompressorGadget; struct JubJubMerkleTreeParams; @@ -312,7 +302,7 @@ mod test { } }, ) - .unwrap(); + .unwrap(); let constraints_from_digest = cs.num_constraints(); println!("constraints from digest: {}", constraints_from_digest); @@ -322,7 +312,7 @@ mod test { &mut cs.ns(|| format!("new_parameters_{}", i)), || Ok(crh_parameters.clone()), ) - .unwrap(); + .unwrap(); let constraints_from_parameters = cs.num_constraints() - constraints_from_digest; println!( @@ -342,7 +332,7 @@ mod test { &mut cs.ns(|| format!("new_witness_{}", i)), || Ok(proof), ) - .unwrap(); + .unwrap(); let constraints_from_path = cs.num_constraints() - constraints_from_parameters @@ -356,7 +346,7 @@ mod test { &root, &leaf_g, ) - .unwrap(); + .unwrap(); if !cs.is_satisfied() { satisfied = false; println!( @@ -379,7 +369,6 @@ mod test { #[test] fn good_root_test() { - //Test #leaves << 2^HEIGHT let mut leaves = Vec::new(); for i in 0..2u8 { @@ -407,7 +396,6 @@ mod test { #[test] fn bad_root_test() { - //Test #leaves << 2^HEIGHT let mut leaves = Vec::new(); for i in 0..2u8 { @@ -432,4 +420,4 @@ mod test { } assert!(!generate_merkle_tree(&leaves, true)); } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/nizk/gm17/mod.rs b/r1cs/gadgets/crypto/src/nizk/gm17/mod.rs index 7cc2f3d78..5943a9648 100644 --- a/r1cs/gadgets/crypto/src/nizk/gm17/mod.rs +++ b/r1cs/gadgets/crypto/src/nizk/gm17/mod.rs @@ -1,12 +1,10 @@ use algebra::{AffineCurve, Field, PairingEngine, ToConstraintField}; -use proof_systems::gm17::{ - Parameters, PreparedVerifyingKey, Proof, VerifyingKey, -}; +use proof_systems::gm17::{Parameters, PreparedVerifyingKey, Proof, VerifyingKey}; use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; use std::{borrow::Borrow, marker::PhantomData}; -use super::{NIZK, NIZKVerifierGadget}; +use super::{NIZKVerifierGadget, NIZK}; /// Note: V should serialize its contents to `Vec` in the same order as /// during the constraint generation. @@ -49,7 +47,7 @@ pub struct ProofGadget< #[derive(Derivative)] #[derivative(Clone( -bound = "P::G1Gadget: Clone, P::GTGadget: Clone, P::G1PreparedGadget: Clone, \ + bound = "P::G1Gadget: Clone, P::GTGadget: Clone, P::G1PreparedGadget: Clone, \ P::G2PreparedGadget: Clone, " ))] pub struct VerifyingKeyGadget< @@ -57,16 +55,16 @@ pub struct VerifyingKeyGadget< ConstraintF: Field, P: PairingGadget, > { - pub h_g2: P::G2Gadget, + pub h_g2: P::G2Gadget, pub g_alpha_g1: P::G1Gadget, - pub h_beta_g2: P::G2Gadget, + pub h_beta_g2: P::G2Gadget, pub g_gamma_g1: P::G1Gadget, pub h_gamma_g2: P::G2Gadget, - pub query: Vec, + pub query: Vec, } impl> -VerifyingKeyGadget + VerifyingKeyGadget { pub fn prepare>( &self, @@ -93,7 +91,7 @@ VerifyingKeyGadget #[derive(Derivative)] #[derivative(Clone( -bound = "P::G1Gadget: Clone, P::GTGadget: Clone, P::G1PreparedGadget: Clone, \ + bound = "P::G1Gadget: Clone, P::GTGadget: Clone, P::G1PreparedGadget: Clone, \ P::G2PreparedGadget: Clone, " ))] pub struct PreparedVerifyingKeyGadget< @@ -101,35 +99,35 @@ pub struct PreparedVerifyingKeyGadget< ConstraintF: Field, P: PairingGadget, > { - pub g_alpha: P::G1Gadget, - pub h_beta: P::G2Gadget, + pub g_alpha: P::G1Gadget, + pub h_beta: P::G2Gadget, pub g_alpha_pc: P::G1PreparedGadget, - pub h_beta_pc: P::G2PreparedGadget, + pub h_beta_pc: P::G2PreparedGadget, pub g_gamma_pc: P::G1PreparedGadget, pub h_gamma_pc: P::G2PreparedGadget, - pub h_pc: P::G2PreparedGadget, - pub query: Vec, + pub h_pc: P::G2PreparedGadget, + pub query: Vec, } pub struct Gm17VerifierGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - P: PairingGadget, +where + PairingE: PairingEngine, + ConstraintF: Field, + P: PairingGadget, { _pairing_engine: PhantomData, - _engine: PhantomData, + _engine: PhantomData, _pairing_gadget: PhantomData

, } impl NIZKVerifierGadget, ConstraintF> -for Gm17VerifierGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - C: ConstraintSynthesizer, - V: ToConstraintField, - P: PairingGadget, + for Gm17VerifierGadget +where + PairingE: PairingEngine, + ConstraintF: Field, + C: ConstraintSynthesizer, + V: ToConstraintField, + P: PairingGadget, { type VerificationKeyGadget = VerifyingKeyGadget; type ProofGadget = ProofGadget; @@ -140,10 +138,10 @@ for Gm17VerifierGadget mut public_inputs: I, proof: &Self::ProofGadget, ) -> Result<(), SynthesisError> - where - CS: ConstraintSystem, - I: Iterator, - T: 'a + ToBitsGadget + ?Sized, + where + CS: ConstraintSystem, + I: Iterator, + T: 'a + ToBitsGadget + ?Sized, { let pvk = vk.prepare(&mut cs.ns(|| "Prepare vk"))?; // e(A*G^{alpha}, B*H^{beta}) = e(G^{alpha}, H^{beta}) * e(G^{psi}, H^{gamma}) * @@ -157,19 +155,22 @@ for Gm17VerifierGadget .by_ref() .zip(pvk.query.iter().skip(1)) .enumerate() - { - let input_bits = input.to_bits(cs.ns(|| format!("Input {}", i)))?; - g_psi = b.mul_bits(cs.ns(|| format!("Mul {}", i)), &g_psi, input_bits.iter())?; - input_len += 1; - } + { + let input_bits = input.to_bits(cs.ns(|| format!("Input {}", i)))?; + g_psi = b.mul_bits(cs.ns(|| format!("Mul {}", i)), &g_psi, input_bits.iter())?; + input_len += 1; + } // Check that the input and the query in the verification are of the // same length. if input_len != pvk.query.len() || public_inputs.next().is_some() { - Err(SynthesisError::Other(format!( - "Input and query must have the same length. Input len: {}, Query len: {}", - input_len, - pvk.query.len() - ).to_owned()))? + Err(SynthesisError::Other( + format!( + "Input and query must have the same length. Input len: {}, Query len: {}", + input_len, + pvk.query.len() + ) + .to_owned(), + ))? } g_psi }; @@ -228,20 +229,20 @@ for Gm17VerifierGadget } impl AllocGadget, ConstraintF> -for VerifyingKeyGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - P: PairingGadget, + for VerifyingKeyGadget +where + PairingE: PairingEngine, + ConstraintF: Field, + P: PairingGadget, { #[inline] fn alloc>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|vk| { let VerifyingKey { @@ -289,9 +290,9 @@ for VerifyingKeyGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|vk| { let VerifyingKey { @@ -338,20 +339,20 @@ for VerifyingKeyGadget } impl AllocGadget, ConstraintF> -for ProofGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - P: PairingGadget, + for ProofGadget +where + PairingE: PairingEngine, + ConstraintF: Field, + P: PairingGadget, { #[inline] fn alloc>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|proof| { let Proof { a, b, c } = proof.borrow().clone(); @@ -367,9 +368,9 @@ for ProofGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|proof| { let Proof { a, b, c } = proof.borrow().clone(); @@ -384,11 +385,11 @@ for ProofGadget } impl ToBytesGadget -for VerifyingKeyGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - P: PairingGadget, + for VerifyingKeyGadget +where + PairingE: PairingEngine, + ConstraintF: Field, + P: PairingGadget, { #[inline] fn to_bytes>( @@ -463,6 +464,7 @@ mod test { use proof_systems::gm17::*; use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; + use super::*; use algebra::{ curves::bls12_377::Bls12_377, fields::bls12_377::{Fq, Fr}, @@ -472,7 +474,6 @@ mod test { boolean::Boolean, instantiated::bls12_377::PairingGadget as Bls12_377PairingGadget, test_constraint_system::TestConstraintSystem, }; - use super::*; use rand::{thread_rng, Rng}; type TestProofSystem = Gm17, Fr>; @@ -481,7 +482,7 @@ mod test { type TestVkGadget = VerifyingKeyGadget; struct Bench { - inputs: Vec>, + inputs: Vec>, num_constraints: usize, } @@ -569,9 +570,11 @@ mod test { // Input must be in little-endian, but BitIterator outputs in big-endian. input_bits.reverse(); - let input_bits = - Boolean::alloc_input_vec(cs.ns(|| format!("Input {}", i)), input_bits.as_slice()) - .unwrap(); + let input_bits = Boolean::alloc_input_vec( + cs.ns(|| format!("Input {}", i)), + input_bits.as_slice(), + ) + .unwrap(); input_gadgets.push(input_bits); } } @@ -586,7 +589,7 @@ mod test { input_gadgets.iter(), &proof_gadget, ) - .unwrap(); + .unwrap(); if !cs.is_satisfied() { println!("========================================================="); println!("Unsatisfied constraints:"); @@ -598,4 +601,4 @@ mod test { assert!(cs.is_satisfied()); } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/nizk/groth16/mod.rs b/r1cs/gadgets/crypto/src/nizk/groth16/mod.rs index 9911e4e72..fc18fb943 100644 --- a/r1cs/gadgets/crypto/src/nizk/groth16/mod.rs +++ b/r1cs/gadgets/crypto/src/nizk/groth16/mod.rs @@ -1,12 +1,10 @@ use algebra::{AffineCurve, Field, PairingEngine, ToConstraintField}; -use proof_systems::groth16::{ - Parameters, PreparedVerifyingKey, Proof, VerifyingKey, -}; +use proof_systems::groth16::{Parameters, PreparedVerifyingKey, Proof, VerifyingKey}; use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; use std::{borrow::Borrow, marker::PhantomData}; -use super::{NIZK, NIZKVerifierGadget}; +use super::{NIZKVerifierGadget, NIZK}; /// Note: V should serialize its contents to `Vec` in the same order as /// during the constraint generation. @@ -49,7 +47,7 @@ pub struct ProofGadget< #[derive(Derivative)] #[derivative(Clone( -bound = "P::G1Gadget: Clone, P::GTGadget: Clone, P::G1PreparedGadget: Clone, \ + bound = "P::G1Gadget: Clone, P::GTGadget: Clone, P::G1PreparedGadget: Clone, \ P::G2PreparedGadget: Clone, " ))] pub struct VerifyingKeyGadget< @@ -58,13 +56,13 @@ pub struct VerifyingKeyGadget< P: PairingGadget, > { pub alpha_g1_beta_g2: P::GTGadget, - pub gamma_g2: P::G2Gadget, - pub delta_g2: P::G2Gadget, - pub gamma_abc_g1: Vec, + pub gamma_g2: P::G2Gadget, + pub delta_g2: P::G2Gadget, + pub gamma_abc_g1: Vec, } impl> -VerifyingKeyGadget + VerifyingKeyGadget { pub fn prepare>( &self, @@ -89,7 +87,7 @@ VerifyingKeyGadget #[derive(Derivative)] #[derivative(Clone( -bound = "P::G1Gadget: Clone, P::GTGadget: Clone, P::G1PreparedGadget: Clone, \ + bound = "P::G1Gadget: Clone, P::GTGadget: Clone, P::G1PreparedGadget: Clone, \ P::G2PreparedGadget: Clone, " ))] pub struct PreparedVerifyingKeyGadget< @@ -98,30 +96,30 @@ pub struct PreparedVerifyingKeyGadget< P: PairingGadget, > { pub alpha_g1_beta_g2: P::GTGadget, - pub gamma_g2_neg_pc: P::G2PreparedGadget, - pub delta_g2_neg_pc: P::G2PreparedGadget, - pub gamma_abc_g1: Vec, + pub gamma_g2_neg_pc: P::G2PreparedGadget, + pub delta_g2_neg_pc: P::G2PreparedGadget, + pub gamma_abc_g1: Vec, } pub struct Groth16VerifierGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - P: PairingGadget, +where + PairingE: PairingEngine, + ConstraintF: Field, + P: PairingGadget, { _pairing_engine: PhantomData, - _engine: PhantomData, + _engine: PhantomData, _pairing_gadget: PhantomData

, } impl NIZKVerifierGadget, ConstraintF> -for Groth16VerifierGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - C: ConstraintSynthesizer, - V: ToConstraintField, - P: PairingGadget, + for Groth16VerifierGadget +where + PairingE: PairingEngine, + ConstraintF: Field, + C: ConstraintSynthesizer, + V: ToConstraintField, + P: PairingGadget, { type VerificationKeyGadget = VerifyingKeyGadget; type ProofGadget = ProofGadget; @@ -132,10 +130,10 @@ for Groth16VerifierGadget mut public_inputs: I, proof: &Self::ProofGadget, ) -> Result<(), SynthesisError> - where - CS: ConstraintSystem, - I: Iterator, - T: 'a + ToBitsGadget + ?Sized, + where + CS: ConstraintSystem, + I: Iterator, + T: 'a + ToBitsGadget + ?Sized, { let pvk = vk.prepare(&mut cs.ns(|| "Prepare vk"))?; @@ -147,11 +145,11 @@ for Groth16VerifierGadget .by_ref() .zip(pvk.gamma_abc_g1.iter().skip(1)) .enumerate() - { - let input_bits = input.to_bits(cs.ns(|| format!("Input {}", i)))?; - g_ic = b.mul_bits(cs.ns(|| format!("Mul {}", i)), &g_ic, input_bits.iter())?; - input_len += 1; - } + { + let input_bits = input.to_bits(cs.ns(|| format!("Input {}", i)))?; + g_ic = b.mul_bits(cs.ns(|| format!("Mul {}", i)), &g_ic, input_bits.iter())?; + input_len += 1; + } // Check that the input and the query in the verification are of the // same length. if input_len != pvk.gamma_abc_g1.len() || public_inputs.next().is_some() { @@ -190,21 +188,20 @@ for Groth16VerifierGadget } impl AllocGadget, ConstraintF> -for VerifyingKeyGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - P: PairingGadget, + for VerifyingKeyGadget +where + PairingE: PairingEngine, + ConstraintF: Field, + P: PairingGadget, { - #[inline] fn alloc_without_check>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|vk| { let VerifyingKey { @@ -214,11 +211,15 @@ for VerifyingKeyGadget gamma_abc_g1, } = vk.borrow().clone(); let alpha_g1_beta_g2 = - P::GTGadget::alloc_without_check(cs.ns(|| "alpha_g1_beta_g2"), || Ok(alpha_g1_beta_g2))?; - let gamma_g2 = - P::G2Gadget::alloc_without_check(cs.ns(|| "gamma_g2"), || Ok(gamma_g2.into_projective()))?; - let delta_g2 = - P::G2Gadget::alloc_without_check(cs.ns(|| "delta_g2"), || Ok(delta_g2.into_projective()))?; + P::GTGadget::alloc_without_check(cs.ns(|| "alpha_g1_beta_g2"), || { + Ok(alpha_g1_beta_g2) + })?; + let gamma_g2 = P::G2Gadget::alloc_without_check(cs.ns(|| "gamma_g2"), || { + Ok(gamma_g2.into_projective()) + })?; + let delta_g2 = P::G2Gadget::alloc_without_check(cs.ns(|| "delta_g2"), || { + Ok(delta_g2.into_projective()) + })?; let gamma_abc_g1 = gamma_abc_g1 .iter() @@ -245,9 +246,9 @@ for VerifyingKeyGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|vk| { let VerifyingKey { @@ -258,19 +259,20 @@ for VerifyingKeyGadget } = vk.borrow().clone(); let alpha_g1_beta_g2 = P::GTGadget::alloc(cs.ns(|| "alpha_g1_beta_g2"), || Ok(alpha_g1_beta_g2)) - .and_then(|alpha_g1_beta_g2_g|{ - let zero_g = P::GTGadget::zero(cs.ns(|| "alloc zero for alpha_g1_beta_g2 comparison"))?; - alpha_g1_beta_g2_g - .enforce_not_equal( - cs.ns(|| "alpha_g1_beta_g2 must not be zero"), - &zero_g, - )?; + .and_then(|alpha_g1_beta_g2_g| { + let zero_g = P::GTGadget::zero( + cs.ns(|| "alloc zero for alpha_g1_beta_g2 comparison"), + )?; + alpha_g1_beta_g2_g.enforce_not_equal( + cs.ns(|| "alpha_g1_beta_g2 must not be zero"), + &zero_g, + )?; Ok(alpha_g1_beta_g2_g) })?; let gamma_g2 = P::G2Gadget::alloc(cs.ns(|| "gamma_g2"), || Ok(gamma_g2.into_projective())) - .and_then(|gamma_g2_g|{ + .and_then(|gamma_g2_g| { gamma_g2_g .is_zero(cs.ns(|| "is gamma_g2 zero"))? .enforce_equal( @@ -282,7 +284,7 @@ for VerifyingKeyGadget let delta_g2 = P::G2Gadget::alloc(cs.ns(|| "delta_g2"), || Ok(delta_g2.into_projective())) - .and_then(|delta_g2_g|{ + .and_then(|delta_g2_g| { delta_g2_g .is_zero(cs.ns(|| "is delta_g2 zero"))? .enforce_equal( @@ -299,15 +301,15 @@ for VerifyingKeyGadget P::G1Gadget::alloc(cs.ns(|| format!("gamma_abc_{}", i)), || { Ok(gamma_abc_i.into_projective()) }) - .and_then(|input_g| { - input_g - .is_zero(cs.ns(|| format!("is input {} zero", i)))? - .enforce_equal( - cs.ns(|| format!("input {} must not be zero", i)), - &Boolean::constant(false), - )?; - Ok(input_g) - }) + .and_then(|input_g| { + input_g + .is_zero(cs.ns(|| format!("is input {} zero", i)))? + .enforce_equal( + cs.ns(|| format!("input {} must not be zero", i)), + &Boolean::constant(false), + )?; + Ok(input_g) + }) }) .collect::>() .into_iter() @@ -326,9 +328,9 @@ for VerifyingKeyGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|vk| { let VerifyingKey { @@ -339,19 +341,19 @@ for VerifyingKeyGadget } = vk.borrow().clone(); let alpha_g1_beta_g2 = P::GTGadget::alloc_checked(cs.ns(|| "alpha_g1_beta_g2"), || Ok(alpha_g1_beta_g2)) - .and_then(|alpha_g1_beta_g2_g|{ - let zero_g = P::GTGadget::zero(cs.ns(|| "alloc zero for alpha_g1_beta_g2 comparison"))?; - alpha_g1_beta_g2_g - .enforce_not_equal( - cs.ns(|| "alpha_g1_beta_g2 must not be zero"), - &zero_g, - )?; - Ok(alpha_g1_beta_g2_g) - })?; + .and_then(|alpha_g1_beta_g2_g| { + let zero_g = + P::GTGadget::zero(cs.ns(|| "alloc zero for alpha_g1_beta_g2 comparison"))?; + alpha_g1_beta_g2_g.enforce_not_equal( + cs.ns(|| "alpha_g1_beta_g2 must not be zero"), + &zero_g, + )?; + Ok(alpha_g1_beta_g2_g) + })?; let gamma_g2 = P::G2Gadget::alloc_checked(cs.ns(|| "gamma_g2"), || Ok(gamma_g2.into_projective())) - .and_then(|gamma_g2_g|{ + .and_then(|gamma_g2_g| { gamma_g2_g .is_zero(cs.ns(|| "is gamma_g2 zero"))? .enforce_equal( @@ -363,7 +365,7 @@ for VerifyingKeyGadget let delta_g2 = P::G2Gadget::alloc_checked(cs.ns(|| "delta_g2"), || Ok(delta_g2.into_projective())) - .and_then(|delta_g2_g|{ + .and_then(|delta_g2_g| { delta_g2_g .is_zero(cs.ns(|| "is delta_g2 zero"))? .enforce_equal( @@ -380,15 +382,15 @@ for VerifyingKeyGadget P::G1Gadget::alloc_checked(cs.ns(|| format!("gamma_abc_{}", i)), || { Ok(gamma_abc_i.into_projective()) }) - .and_then(|input_g| { - input_g - .is_zero(cs.ns(|| format!("is input {} zero", i)))? - .enforce_equal( - cs.ns(|| format!("input {} must not be zero", i)), - &Boolean::constant(false), - )?; - Ok(input_g) - }) + .and_then(|input_g| { + input_g + .is_zero(cs.ns(|| format!("is input {} zero", i)))? + .enforce_equal( + cs.ns(|| format!("input {} must not be zero", i)), + &Boolean::constant(false), + )?; + Ok(input_g) + }) }) .collect::>() .into_iter() @@ -407,9 +409,9 @@ for VerifyingKeyGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|vk| { let VerifyingKey { @@ -448,54 +450,42 @@ for VerifyingKeyGadget } impl AllocGadget, ConstraintF> -for ProofGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - P: PairingGadget, + for ProofGadget +where + PairingE: PairingEngine, + ConstraintF: Field, + P: PairingGadget, { #[inline] fn alloc>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|proof| { let Proof { a, b, c } = proof.borrow().clone(); let a = P::G1Gadget::alloc_checked(cs.ns(|| "a"), || Ok(a.into_projective())) - .and_then(|a_g|{ - a_g - .is_zero(cs.ns(|| "is a zero"))? - .enforce_equal( - cs.ns(|| "a must not be zero"), - &Boolean::constant(false), - )?; + .and_then(|a_g| { + a_g.is_zero(cs.ns(|| "is a zero"))? + .enforce_equal(cs.ns(|| "a must not be zero"), &Boolean::constant(false))?; Ok(a_g) })?; let b = P::G2Gadget::alloc_checked(cs.ns(|| "b"), || Ok(b.into_projective())) .and_then(|b_g| { - b_g - .is_zero(cs.ns(|| "is b zero"))? - .enforce_equal( - cs.ns(|| "b must not be zero"), - &Boolean::constant(false), - )?; + b_g.is_zero(cs.ns(|| "is b zero"))? + .enforce_equal(cs.ns(|| "b must not be zero"), &Boolean::constant(false))?; Ok(b_g) })?; let c = P::G1Gadget::alloc_checked(cs.ns(|| "c"), || Ok(c.into_projective())) .and_then(|c_g| { - c_g - .is_zero(cs.ns(|| "is c zero"))? - .enforce_equal( - cs.ns(|| "c must not be zero"), - &Boolean::constant(false), - )?; + c_g.is_zero(cs.ns(|| "is c zero"))? + .enforce_equal(cs.ns(|| "c must not be zero"), &Boolean::constant(false))?; Ok(c_g) })?; @@ -508,9 +498,9 @@ for ProofGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { value_gen().and_then(|proof| { let Proof { a, b, c } = proof.borrow().clone(); @@ -525,11 +515,11 @@ for ProofGadget } impl ToBytesGadget -for VerifyingKeyGadget - where - PairingE: PairingEngine, - ConstraintF: Field, - P: PairingGadget, + for VerifyingKeyGadget +where + PairingE: PairingEngine, + ConstraintF: Field, + P: PairingGadget, { #[inline] fn to_bytes>( @@ -537,7 +527,11 @@ for VerifyingKeyGadget mut cs: CS, ) -> Result, SynthesisError> { let mut bytes = Vec::new(); - bytes.extend_from_slice(&self.alpha_g1_beta_g2.to_bytes(&mut cs.ns(|| "alpha_g1_beta_g2 to bytes"))?); + bytes.extend_from_slice( + &self + .alpha_g1_beta_g2 + .to_bytes(&mut cs.ns(|| "alpha_g1_beta_g2 to bytes"))?, + ); bytes.extend_from_slice(&self.gamma_g2.to_bytes(&mut cs.ns(|| "gamma_g2 to bytes"))?); bytes.extend_from_slice(&self.delta_g2.to_bytes(&mut cs.ns(|| "delta_g2 to bytes"))?); for (i, g) in self.gamma_abc_g1.iter().enumerate() { @@ -552,9 +546,21 @@ for VerifyingKeyGadget mut cs: CS, ) -> Result, SynthesisError> { let mut bytes = Vec::new(); - bytes.extend_from_slice(&self.alpha_g1_beta_g2.to_bytes_strict(&mut cs.ns(|| "alpha_g1_beta_g2 to bytes"))?); - bytes.extend_from_slice(&self.gamma_g2.to_bytes_strict(&mut cs.ns(|| "gamma_g2 to bytes"))?); - bytes.extend_from_slice(&self.delta_g2.to_bytes_strict(&mut cs.ns(|| "delta_g2 to bytes"))?); + bytes.extend_from_slice( + &self + .alpha_g1_beta_g2 + .to_bytes_strict(&mut cs.ns(|| "alpha_g1_beta_g2 to bytes"))?, + ); + bytes.extend_from_slice( + &self + .gamma_g2 + .to_bytes_strict(&mut cs.ns(|| "gamma_g2 to bytes"))?, + ); + bytes.extend_from_slice( + &self + .delta_g2 + .to_bytes_strict(&mut cs.ns(|| "delta_g2 to bytes"))?, + ); for (i, g) in self.gamma_abc_g1.iter().enumerate() { let mut cs = cs.ns(|| format!("Iteration {}", i)); bytes.extend_from_slice(&g.to_bytes_strict(&mut cs.ns(|| "g"))?); @@ -572,17 +578,12 @@ mod test { use r1cs_core::{ConstraintSynthesizer, ConstraintSystem, SynthesisError}; use super::*; - use algebra::{ - BitIterator, PrimeField, UniformRand - }; - use r1cs_std::{ - boolean::Boolean, test_constraint_system::TestConstraintSystem - }; + use algebra::{BitIterator, PrimeField, UniformRand}; + use r1cs_std::{boolean::Boolean, test_constraint_system::TestConstraintSystem}; use rand::thread_rng; - struct Bench { - inputs: Vec>, + inputs: Vec>, num_constraints: usize, } @@ -628,7 +629,6 @@ mod test { } fn groth16_verifier_test>() { - let num_inputs = 2; let num_constraints = 100; let rng = &mut thread_rng(); @@ -670,27 +670,34 @@ mod test { // Input must be in little-endian, but BitIterator outputs in big-endian. input_bits.reverse(); - let input_bits = - Boolean::alloc_input_vec(cs.ns(|| format!("Input {}", i)), input_bits.as_slice()) - .unwrap(); + let input_bits = Boolean::alloc_input_vec( + cs.ns(|| format!("Input {}", i)), + input_bits.as_slice(), + ) + .unwrap(); input_gadgets.push(input_bits); } } let vk_gadget = - VerifyingKeyGadget::::alloc_input(cs.ns(|| "Vk"), || Ok(¶ms.vk)).unwrap(); + VerifyingKeyGadget::::alloc_input(cs.ns(|| "Vk"), || Ok(¶ms.vk)) + .unwrap(); let proof_gadget = - ProofGadget::::alloc(cs.ns(|| "Proof"), || Ok(proof.clone())).unwrap(); + ProofGadget::::alloc(cs.ns(|| "Proof"), || Ok(proof.clone())) + .unwrap(); println!("Time to verify!\n\n\n\n"); - as NIZKVerifierGadget, E::Fr>, E::Fq>>::check_verify( + as NIZKVerifierGadget< + Groth16, E::Fr>, + E::Fq, + >>::check_verify( cs.ns(|| "Verify"), &vk_gadget, input_gadgets.iter(), &proof_gadget, ) - .unwrap(); + .unwrap(); if !cs.is_satisfied() { println!("========================================================="); println!("Unsatisfied constraints:"); @@ -735,4 +742,4 @@ mod test { groth16_verifier_test::(); } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/nizk/mod.rs b/r1cs/gadgets/crypto/src/nizk/mod.rs index 562b42be6..137073f45 100644 --- a/r1cs/gadgets/crypto/src/nizk/mod.rs +++ b/r1cs/gadgets/crypto/src/nizk/mod.rs @@ -1,13 +1,10 @@ -use algebra::{ - Field, bytes::ToBytes -}; +use algebra::{bytes::ToBytes, Field}; use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; pub mod gm17; pub mod groth16; - pub trait NIZK { type Circuit; type AssignedCircuit; @@ -20,7 +17,7 @@ pub trait NIZK { pub trait NIZKVerifierGadget { type VerificationKeyGadget: AllocGadget - + ToBytesGadget; + + ToBytesGadget; type ProofGadget: AllocGadget; @@ -30,8 +27,8 @@ pub trait NIZKVerifierGadget { input: I, proof: &Self::ProofGadget, ) -> Result<(), SynthesisError> - where - CS: ConstraintSystem, - I: Iterator, - T: 'a + ToBitsGadget + ?Sized; -} \ No newline at end of file + where + CS: ConstraintSystem, + I: Iterator, + T: 'a + ToBitsGadget + ?Sized; +} diff --git a/r1cs/gadgets/crypto/src/prf/blake2s/mod.rs b/r1cs/gadgets/crypto/src/prf/blake2s/mod.rs index 0dfa5f8e3..2a7efe493 100644 --- a/r1cs/gadgets/crypto/src/prf/blake2s/mod.rs +++ b/r1cs/gadgets/crypto/src/prf/blake2s/mod.rs @@ -389,7 +389,7 @@ impl EqGadget for Blake2sOutputGadget { fn is_eq>( &self, cs: CS, - other: &Self + other: &Self, ) -> Result { self.0.is_eq(cs, &other.0) } @@ -507,14 +507,14 @@ impl PRFGadget for Blake2sGadget #[cfg(test)] mod test { + use crate::prf::blake2s::blake2s_gadget; use algebra::fields::bls12_377::fr::Fr; + use blake2::Blake2s; use digest::{Digest, FixedOutput}; - use rand::{Rng, SeedableRng}; - use rand_xorshift::XorShiftRng; use primitives::prf::blake2s::Blake2s as B2SPRF; - use crate::prf::blake2s::blake2s_gadget; - use blake2::Blake2s; use r1cs_core::ConstraintSystem; + use rand::{Rng, SeedableRng}; + use rand_xorshift::XorShiftRng; use super::Blake2sGadget; use r1cs_std::{ @@ -538,8 +538,8 @@ mod test { #[test] fn test_blake2s_prf() { - use primitives::prf::PRF; use crate::prf::PRFGadget; + use primitives::prf::PRF; use rand::Rng; let mut rng = XorShiftRng::seed_from_u64(1231275789u64); @@ -652,14 +652,14 @@ mod test { match b { Boolean::Is(b) => { assert!(s.next().unwrap() == b.get_value().unwrap()); - }, + } Boolean::Not(b) => { assert!(s.next().unwrap() != b.get_value().unwrap()); - }, + } Boolean::Constant(b) => { assert!(input_len == 0); assert!(s.next().unwrap() == b); - }, + } } } } diff --git a/r1cs/gadgets/crypto/src/signature/mod.rs b/r1cs/gadgets/crypto/src/signature/mod.rs index 70aa2c827..79353d4f6 100644 --- a/r1cs/gadgets/crypto/src/signature/mod.rs +++ b/r1cs/gadgets/crypto/src/signature/mod.rs @@ -1,9 +1,7 @@ use algebra::{Field, PrimeField}; +use primitives::signature::{FieldBasedSignatureScheme, SignatureScheme}; use r1cs_core::{ConstraintSystem, SynthesisError}; use r1cs_std::prelude::*; -use primitives::signature::{ - SignatureScheme, FieldBasedSignatureScheme, -}; use r1cs_std::to_field_gadget_vec::ToConstraintFieldGadget; pub mod schnorr; @@ -24,37 +22,41 @@ pub trait SigRandomizePkGadget { ) -> Result; } - pub trait FieldBasedSigGadget { + type DataGadget: FieldGadget; + type SignatureGadget: AllocGadget + + ConstantGadget + + EqGadget + + ToConstraintFieldGadget; - type DataGadget: FieldGadget; - type SignatureGadget: AllocGadget + - ConstantGadget + - EqGadget + - ToConstraintFieldGadget; - - type PublicKeyGadget: AllocGadget + - ConstantGadget + - EqGadget + - ToConstraintFieldGadget; + type PublicKeyGadget: AllocGadget + + ConstantGadget + + EqGadget + + ToConstraintFieldGadget; /// Enforce `signature` verification with `public_key` on `message`, returning a Boolean /// enforced to be `true` if signature verification is successful, and `false` otherwise. fn enforce_signature_verdict>( cs: CS, public_key: &Self::PublicKeyGadget, - signature: &Self::SignatureGadget, - message: Self::DataGadget, + signature: &Self::SignatureGadget, + message: Self::DataGadget, ) -> Result; /// Enforce `signature` verification with `public_key` on `message` to be successful. fn enforce_signature_verification>( cs: CS, public_key: &Self::PublicKeyGadget, - signature: &Self::SignatureGadget, - message: Self::DataGadget, + signature: &Self::SignatureGadget, + message: Self::DataGadget, ) -> Result<(), SynthesisError> { - Self::conditionally_enforce_signature_verification(cs, public_key, signature, message, &Boolean::Constant(true)) + Self::conditionally_enforce_signature_verification( + cs, + public_key, + signature, + message, + &Boolean::Constant(true), + ) } /// Enforce or not enforce, according to `should_enforce` value, `signature` verification with @@ -62,8 +64,8 @@ pub trait FieldBasedSigGadget>( cs: CS, public_key: &Self::PublicKeyGadget, - signature: &Self::SignatureGadget, - message: Self::DataGadget, + signature: &Self::SignatureGadget, + message: Self::DataGadget, should_enforce: &Boolean, ) -> Result<(), SynthesisError>; -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/signature/schnorr/field_based_schnorr.rs b/r1cs/gadgets/crypto/src/signature/schnorr/field_based_schnorr.rs index ef9a98e35..e325cd517 100644 --- a/r1cs/gadgets/crypto/src/signature/schnorr/field_based_schnorr.rs +++ b/r1cs/gadgets/crypto/src/signature/schnorr/field_based_schnorr.rs @@ -1,31 +1,21 @@ -use algebra::{PrimeField, ProjectiveCurve, Group, ToConstraintField}; -use crate::{ - signature::FieldBasedSigGadget, - crh::FieldBasedHashGadget, -}; +use crate::{crh::FieldBasedHashGadget, signature::FieldBasedSigGadget}; +use algebra::{Group, PrimeField, ProjectiveCurve, ToConstraintField}; +use primitives::signature::schnorr::field_based_schnorr::FieldBasedSchnorrPk; use primitives::{ - signature::{ - schnorr::field_based_schnorr::{FieldBasedSchnorrSignature, FieldBasedSchnorrSignatureScheme}, - }, + compute_truncation_size, crh::FieldBasedHash, - compute_truncation_size -}; -use r1cs_std::{ - fields::fp::FpGadget, - to_field_gadget_vec::ToConstraintFieldGadget, - alloc::AllocGadget, - eq::EqGadget, - groups::GroupGadget, - bits::boolean::Boolean, + signature::schnorr::field_based_schnorr::{ + FieldBasedSchnorrSignature, FieldBasedSchnorrSignatureScheme, + }, }; use r1cs_core::{ConstraintSystem, SynthesisError}; -use std::{ - borrow::Borrow, - marker::PhantomData, +use r1cs_std::alloc::ConstantGadget; +use r1cs_std::{ + alloc::AllocGadget, bits::boolean::Boolean, eq::EqGadget, fields::fp::FpGadget, + groups::GroupGadget, to_field_gadget_vec::ToConstraintFieldGadget, }; use rand::rngs::OsRng; -use primitives::signature::schnorr::field_based_schnorr::FieldBasedSchnorrPk; -use r1cs_std::alloc::ConstantGadget; +use std::{borrow::Borrow, marker::PhantomData}; #[derive(Derivative)] #[derivative( @@ -34,33 +24,32 @@ use r1cs_std::alloc::ConstantGadget; PartialEq(bound = "ConstraintF: PrimeField, G: Group"), Eq(bound = "ConstraintF: PrimeField, G: Group") )] -pub struct FieldBasedSchnorrSigGadget< - ConstraintF: PrimeField, - G: Group, -> -{ - pub e: FpGadget, - pub s: FpGadget, - _field: PhantomData, - _group: PhantomData, +pub struct FieldBasedSchnorrSigGadget { + pub e: FpGadget, + pub s: FpGadget, + _field: PhantomData, + _group: PhantomData, } impl AllocGadget, ConstraintF> -for FieldBasedSchnorrSigGadget - where - ConstraintF: PrimeField, - G: Group, + for FieldBasedSchnorrSigGadget +where + ConstraintF: PrimeField, + G: Group, { - fn alloc>(mut cs: CS, f: FN) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + fn alloc>( + mut cs: CS, + f: FN, + ) -> Result + where + FN: FnOnce() -> Result, + T: Borrow>, { let (e, s) = match f() { Ok(sig) => { let sig = *sig.borrow(); (Ok(sig.e), Ok(sig.s)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -69,19 +58,27 @@ for FieldBasedSchnorrSigGadget let e = FpGadget::::alloc(cs.ns(|| "alloc e"), || e)?; let s = FpGadget::::alloc(cs.ns(|| "alloc s"), || s)?; - Ok(Self{e, s, _field: PhantomData, _group: PhantomData}) + Ok(Self { + e, + s, + _field: PhantomData, + _group: PhantomData, + }) } - fn alloc_input>(mut cs: CS, f: FN) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + fn alloc_input>( + mut cs: CS, + f: FN, + ) -> Result + where + FN: FnOnce() -> Result, + T: Borrow>, { let (e, s) = match f() { Ok(sig) => { let sig = *sig.borrow(); (Ok(sig.e), Ok(sig.s)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -90,27 +87,36 @@ for FieldBasedSchnorrSigGadget let e = FpGadget::::alloc_input(cs.ns(|| "alloc e"), || e)?; let s = FpGadget::::alloc_input(cs.ns(|| "alloc s"), || s)?; - Ok(Self{e, s, _field: PhantomData, _group: PhantomData}) + Ok(Self { + e, + s, + _field: PhantomData, + _group: PhantomData, + }) } } impl ConstantGadget, ConstraintF> -for FieldBasedSchnorrSigGadget - where - ConstraintF: PrimeField, - G: Group, + for FieldBasedSchnorrSigGadget +where + ConstraintF: PrimeField, + G: Group, { fn from_value>( mut cs: CS, - value: &FieldBasedSchnorrSignature + value: &FieldBasedSchnorrSignature, ) -> Self { let e = FpGadget::::from_value(cs.ns(|| "hardcode e"), &value.e); let s = FpGadget::::from_value(cs.ns(|| "hardcode s"), &value.s); - Self{ e, s, _field: PhantomData, _group: PhantomData } + Self { + e, + s, + _field: PhantomData, + _group: PhantomData, + } } - fn get_constant(&self) -> FieldBasedSchnorrSignature - { + fn get_constant(&self) -> FieldBasedSchnorrSignature { let e = self.e.value.unwrap(); let s = self.s.value.unwrap(); FieldBasedSchnorrSignature::::new(e, s) @@ -118,11 +124,15 @@ for FieldBasedSchnorrSigGadget } impl EqGadget for FieldBasedSchnorrSigGadget - where - ConstraintF: PrimeField, - G: Group, +where + ConstraintF: PrimeField, + G: Group, { - fn is_eq>(&self, mut cs: CS, other: &Self) -> Result { + fn is_eq>( + &self, + mut cs: CS, + other: &Self, + ) -> Result { let b1 = self.e.is_eq(cs.ns(|| "b1"), &other.e)?; let b2 = self.s.is_eq(cs.ns(|| "b2"), &other.s)?; Boolean::and(cs.ns(|| "b1 && b2"), &b1, &b2) @@ -132,10 +142,18 @@ impl EqGadget for FieldBasedSchnorrSigGadget Result<(), SynthesisError> { - self.e.conditional_enforce_equal(cs.ns(|| "self.e =? other.e"), &other.e, should_enforce)?; - self.s.conditional_enforce_equal(cs.ns(|| "self.s =? other.s"), &other.s, should_enforce)?; + self.e.conditional_enforce_equal( + cs.ns(|| "self.e =? other.e"), + &other.e, + should_enforce, + )?; + self.s.conditional_enforce_equal( + cs.ns(|| "self.s =? other.s"), + &other.s, + should_enforce, + )?; Ok(()) } @@ -143,26 +161,34 @@ impl EqGadget for FieldBasedSchnorrSigGadget Result<(), SynthesisError> { - self.e.conditional_enforce_not_equal(cs.ns(|| "self.e !=? other.e"), &other.e, should_enforce)?; - self.s.conditional_enforce_not_equal(cs.ns(|| "self.s !=? other.s"), &other.s, should_enforce)?; + self.e.conditional_enforce_not_equal( + cs.ns(|| "self.e !=? other.e"), + &other.e, + should_enforce, + )?; + self.s.conditional_enforce_not_equal( + cs.ns(|| "self.s !=? other.s"), + &other.s, + should_enforce, + )?; Ok(()) } } -impl ToConstraintFieldGadget for FieldBasedSchnorrSigGadget - where - ConstraintF: PrimeField, - G: Group, +impl ToConstraintFieldGadget + for FieldBasedSchnorrSigGadget +where + ConstraintF: PrimeField, + G: Group, { type FieldGadget = FpGadget; fn to_field_gadget_elements>( &self, - _cs: CS - ) -> Result, SynthesisError> - { + _cs: CS, + ) -> Result, SynthesisError> { Ok(vec![self.e.clone(), self.s.clone()]) } } @@ -172,81 +198,111 @@ pub struct FieldBasedSchnorrPkGadget< ConstraintF: PrimeField, G: Group, GG: GroupGadget, -> -{ +> { pub pk: GG, _field: PhantomData, _group: PhantomData, } impl AllocGadget, ConstraintF> -for FieldBasedSchnorrPkGadget - where - ConstraintF: PrimeField, - G: Group, - GG: GroupGadget, + for FieldBasedSchnorrPkGadget +where + ConstraintF: PrimeField, + G: Group, + GG: GroupGadget, { - fn alloc>(mut cs: CS, f: F) -> Result where + fn alloc>( + mut cs: CS, + f: F, + ) -> Result + where F: FnOnce() -> Result, - T: Borrow> + T: Borrow>, { - let pk = GG::alloc(cs.ns(|| "alloc pk"), || f().map(|pk| pk.borrow().0)) - .and_then(|pk_g|{ - pk_g - .is_zero(cs.ns(|| "is pk zero"))? - .enforce_equal( - cs.ns(|| "pk must not be zero"), - &Boolean::constant(false), - )?; + let pk = + GG::alloc(cs.ns(|| "alloc pk"), || f().map(|pk| pk.borrow().0)).and_then(|pk_g| { + pk_g.is_zero(cs.ns(|| "is pk zero"))? + .enforce_equal(cs.ns(|| "pk must not be zero"), &Boolean::constant(false))?; Ok(pk_g) })?; - Ok( Self{ pk, _field: PhantomData, _group: PhantomData } ) + Ok(Self { + pk, + _field: PhantomData, + _group: PhantomData, + }) } - fn alloc_without_check>(mut cs: CS, f: F) -> Result where + fn alloc_without_check>( + mut cs: CS, + f: F, + ) -> Result + where F: FnOnce() -> Result, T: Borrow>, { let pk = GG::alloc_without_check(cs.ns(|| "alloc pk"), || f().map(|pk| pk.borrow().0))?; - Ok( Self{ pk, _field: PhantomData, _group: PhantomData } ) + Ok(Self { + pk, + _field: PhantomData, + _group: PhantomData, + }) } - fn alloc_checked>(mut cs: CS, f: F) -> Result where + fn alloc_checked>( + mut cs: CS, + f: F, + ) -> Result + where F: FnOnce() -> Result, T: Borrow>, { let pk = GG::alloc_checked(cs.ns(|| "alloc pk checked"), || f().map(|pk| pk.borrow().0)) - .and_then(|pk_g|{ - pk_g - .is_zero(cs.ns(|| "is pk zero"))? - .enforce_equal( - cs.ns(|| "pk must not be zero"), - &Boolean::constant(false), - )?; + .and_then(|pk_g| { + pk_g.is_zero(cs.ns(|| "is pk zero"))? + .enforce_equal(cs.ns(|| "pk must not be zero"), &Boolean::constant(false))?; Ok(pk_g) })?; - Ok( Self{ pk, _field: PhantomData, _group: PhantomData } ) + Ok(Self { + pk, + _field: PhantomData, + _group: PhantomData, + }) } - fn alloc_input>(mut cs: CS, f: F) -> Result where + fn alloc_input>( + mut cs: CS, + f: F, + ) -> Result + where F: FnOnce() -> Result, - T: Borrow> + T: Borrow>, { let pk = GG::alloc_input(cs.ns(|| "alloc pk"), || f().map(|pk| pk.borrow().0))?; - Ok( Self{ pk, _field: PhantomData, _group: PhantomData } ) + Ok(Self { + pk, + _field: PhantomData, + _group: PhantomData, + }) } } impl ConstantGadget, ConstraintF> -for FieldBasedSchnorrPkGadget - where - ConstraintF: PrimeField, - G: Group, - GG: GroupGadget, + for FieldBasedSchnorrPkGadget +where + ConstraintF: PrimeField, + G: Group, + GG: GroupGadget, { - fn from_value>(mut cs: CS, value: &FieldBasedSchnorrPk) -> Self { + fn from_value>( + mut cs: CS, + value: &FieldBasedSchnorrPk, + ) -> Self { let pk = GG::from_value(cs.ns(|| "hardcode pk"), &value.0); - Self{ pk, _field: PhantomData, _group: PhantomData } + Self { + pk, + _field: PhantomData, + _group: PhantomData, + } } fn get_constant(&self) -> FieldBasedSchnorrPk { @@ -255,7 +311,7 @@ for FieldBasedSchnorrPkGadget } impl EqGadget for FieldBasedSchnorrPkGadget - where +where ConstraintF: PrimeField, G: Group, GG: GroupGadget, @@ -263,7 +319,7 @@ impl EqGadget for FieldBasedSchnorrPkGadget>( &self, cs: CS, - other: &Self + other: &Self, ) -> Result { self.pk.is_eq(cs, &other.pk) } @@ -274,11 +330,8 @@ impl EqGadget for FieldBasedSchnorrPkGadget Result<(), SynthesisError> { - self.pk.conditional_enforce_equal( - cs, - &other.pk, - should_enforce - ) + self.pk + .conditional_enforce_equal(cs, &other.pk, should_enforce) } fn conditional_enforce_not_equal>( @@ -287,25 +340,24 @@ impl EqGadget for FieldBasedSchnorrPkGadget Result<(), SynthesisError> { - self.pk.conditional_enforce_not_equal( - cs, - &other.pk, - should_enforce - ) + self.pk + .conditional_enforce_not_equal(cs, &other.pk, should_enforce) } } -impl ToConstraintFieldGadget for FieldBasedSchnorrPkGadget - where - ConstraintF: PrimeField, - G: Group, - GG: GroupGadget + ToConstraintFieldGadget>, +impl ToConstraintFieldGadget + for FieldBasedSchnorrPkGadget +where + ConstraintF: PrimeField, + G: Group, + GG: GroupGadget + + ToConstraintFieldGadget>, { type FieldGadget = FpGadget; fn to_field_gadget_elements>( &self, - cs: CS + cs: CS, ) -> Result, SynthesisError> { self.pk.to_field_gadget_elements(cs) } @@ -313,17 +365,16 @@ impl ToConstraintFieldGadget for FieldBasedSchn pub struct FieldBasedSchnorrSigVerificationGadget< ConstraintF: PrimeField, - G: Group, + G: Group, GG: GroupGadget, - H: FieldBasedHash, + H: FieldBasedHash, HG: FieldBasedHashGadget, -> -{ - _field: PhantomData, - _group: PhantomData, - _group_gadget: PhantomData, - _hash: PhantomData, - _hash_gadget: PhantomData, +> { + _field: PhantomData, + _group: PhantomData, + _group_gadget: PhantomData, + _hash: PhantomData, + _hash_gadget: PhantomData, } // This implementation supports both complete and incomplete (safe) point addition. @@ -336,12 +387,13 @@ pub struct FieldBasedSchnorrSigVerificationGadget< // if e * pk = s * G, i.e. when R' is trivial (therefore leaking the sk), then // the circuit is not satisfiable. impl FieldBasedSchnorrSigVerificationGadget - where - ConstraintF: PrimeField, - G: ProjectiveCurve + ToConstraintField, - GG: GroupGadget + ToConstraintFieldGadget, - H: FieldBasedHash, - HG: FieldBasedHashGadget>, +where + ConstraintF: PrimeField, + G: ProjectiveCurve + ToConstraintField, + GG: GroupGadget + + ToConstraintFieldGadget, + H: FieldBasedHash, + HG: FieldBasedHashGadget>, { fn enforce_signature_computation>( mut cs: CS, @@ -349,17 +401,16 @@ impl FieldBasedSchnorrSigVerificationGadget, message: FpGadget, ) -> Result, SynthesisError> { - //Enforce e' * pk let e_bits = { - //Serialize e taking into account the length restriction let to_skip = compute_truncation_size( ConstraintF::size_in_bits() as i32, G::ScalarField::size_in_bits() as i32, ); - let e_bits = signature.e + let e_bits = signature + .e .to_bits_with_length_restriction(cs.ns(|| "e_to_bits"), to_skip)?; debug_assert!(e_bits.len() == ConstraintF::size_in_bits() - to_skip); @@ -374,31 +425,39 @@ impl FieldBasedSchnorrSigVerificationGadget 0 {moduli_diff} else {0}) as usize; + let moduli_diff = + ConstraintF::size_in_bits() as i32 - G::ScalarField::size_in_bits() as i32; + let to_skip_init = (if moduli_diff > 0 { moduli_diff } else { 0 }) as usize; //Now we can compare the two moduli and decide the bits to truncate - let to_skip = to_skip_init + compute_truncation_size( - G::ScalarField::size_in_bits() as i32, - ConstraintF::size_in_bits() as i32, - ); - - let s_bits = signature.s + let to_skip = to_skip_init + + compute_truncation_size( + G::ScalarField::size_in_bits() as i32, + ConstraintF::size_in_bits() as i32, + ); + + let s_bits = signature + .s .to_bits_with_length_restriction(cs.ns(|| "s_to_bits"), to_skip as usize)?; debug_assert!(s_bits.len() == G::ScalarField::size_in_bits() + to_skip_init - to_skip); @@ -406,7 +465,10 @@ impl FieldBasedSchnorrSigVerificationGadget FieldBasedSchnorrSigVerificationGadget FieldBasedSigGadget, ConstraintF> -for FieldBasedSchnorrSigVerificationGadget - where - ConstraintF: PrimeField, - G: ProjectiveCurve + ToConstraintField, - GG: GroupGadget + ToConstraintFieldGadget, - H: FieldBasedHash, - HG: FieldBasedHashGadget>, +impl + FieldBasedSigGadget, ConstraintF> + for FieldBasedSchnorrSigVerificationGadget +where + ConstraintF: PrimeField, + G: ProjectiveCurve + ToConstraintField, + GG: GroupGadget + + ToConstraintFieldGadget, + H: FieldBasedHash, + HG: FieldBasedHashGadget>, { type DataGadget = FpGadget; type SignatureGadget = FieldBasedSchnorrSigGadget; @@ -450,9 +516,8 @@ for FieldBasedSchnorrSigVerificationGadget mut cs: CS, public_key: &Self::PublicKeyGadget, signature: &Self::SignatureGadget, - message: Self::DataGadget + message: Self::DataGadget, ) -> Result { - let e_prime = Self::enforce_signature_computation( cs.ns(|| "is sig verified"), &public_key.pk, @@ -473,17 +538,16 @@ for FieldBasedSchnorrSigVerificationGadget message: Self::DataGadget, should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - let e_prime = Self::enforce_signature_computation( cs.ns(|| "is sig verified"), &public_key.pk, signature, - message + message, )?; signature.e.conditional_enforce_equal( cs.ns(|| "conditional verify signature"), &e_prime, - should_enforce + should_enforce, )?; Ok(()) } @@ -492,39 +556,29 @@ for FieldBasedSchnorrSigVerificationGadget #[cfg(test)] mod test { use algebra::curves::{ - mnt4753::G1Projective as MNT4G1Projective, - mnt6753::G1Projective as MNT6G1Projective, - - }; - use algebra::fields::{ - mnt4753::Fr as MNT4Fr, - mnt6753::Fr as MNT6Fr, + mnt4753::G1Projective as MNT4G1Projective, mnt6753::G1Projective as MNT6G1Projective, }; + use algebra::fields::{mnt4753::Fr as MNT4Fr, mnt6753::Fr as MNT6Fr}; use primitives::{ - signature::{ - FieldBasedSignatureScheme, schnorr::field_based_schnorr::*, - }, crh::{MNT4PoseidonHash, MNT6PoseidonHash}, + signature::{schnorr::field_based_schnorr::*, FieldBasedSignatureScheme}, }; use crate::{ - signature::{ - FieldBasedSigGadget, schnorr::field_based_schnorr::*, - }, crh::{MNT4PoseidonHashGadget, MNT6PoseidonHashGadget}, + signature::{schnorr::field_based_schnorr::*, FieldBasedSigGadget}, }; use r1cs_core::ConstraintSystem; use r1cs_std::alloc::AllocGadget; use r1cs_std::instantiated::{ - mnt4_753::G1Gadget as MNT4G1Gadget, - mnt6_753::G1Gadget as MNT6G1Gadget, + mnt4_753::G1Gadget as MNT4G1Gadget, mnt6_753::G1Gadget as MNT6G1Gadget, }; - use rand::{Rng, thread_rng}; use r1cs_std::test_constraint_system::TestConstraintSystem; + use rand::{thread_rng, Rng}; type SchnorrMNT4 = FieldBasedSchnorrSignatureScheme; type SchnorrMNT6 = FieldBasedSchnorrSignatureScheme; @@ -536,21 +590,35 @@ mod test { type SchnorrMNT6Pk = FieldBasedSchnorrPk; type SchnorrMNT4Gadget = FieldBasedSchnorrSigVerificationGadget< - MNT4Fr, MNT6G1Projective, MNT6G1Gadget, MNT4PoseidonHash, MNT4PoseidonHashGadget + MNT4Fr, + MNT6G1Projective, + MNT6G1Gadget, + MNT4PoseidonHash, + MNT4PoseidonHashGadget, >; type SchnorrMNT6Gadget = FieldBasedSchnorrSigVerificationGadget< - MNT6Fr, MNT4G1Projective, MNT4G1Gadget, MNT6PoseidonHash, MNT6PoseidonHashGadget + MNT6Fr, + MNT4G1Projective, + MNT4G1Gadget, + MNT6PoseidonHash, + MNT6PoseidonHashGadget, >; - fn sign(rng: &mut R, message: S::Data) -> (S::Signature, S::PublicKey) - { + fn sign( + rng: &mut R, + message: S::Data, + ) -> (S::Signature, S::PublicKey) { let (pk, sk) = S::keygen(rng); assert!(S::keyverify(&pk)); let sig = S::sign(rng, &pk, &sk, message).unwrap(); (sig, pk) } - fn mnt4_schnorr_gadget_generate_constraints(message: MNT4Fr, pk: &SchnorrMNT4Pk, sig: SchnorrMNT4Sig) -> bool { + fn mnt4_schnorr_gadget_generate_constraints( + message: MNT4Fr, + pk: &SchnorrMNT4Pk, + sig: SchnorrMNT4Sig, + ) -> bool { let mut cs = TestConstraintSystem::::new(); //Alloc signature, pk and message @@ -559,18 +627,21 @@ mod test { || Ok(sig) ).unwrap(); let pk_g = >::PublicKeyGadget::alloc(cs.ns(|| "alloc pk"), || Ok(pk)).unwrap(); - let message_g = >::DataGadget::alloc( - cs.ns(|| "alloc message"), - || Ok(message) - ).unwrap(); + let message_g = + >::DataGadget::alloc( + cs.ns(|| "alloc message"), + || Ok(message), + ) + .unwrap(); //Verify sig SchnorrMNT4Gadget::enforce_signature_verification( cs.ns(|| "verify sig1"), &pk_g, &sig_g, - message_g.clone() - ).unwrap(); + message_g.clone(), + ) + .unwrap(); let is_cs_satisfied = cs.is_satisfied(); @@ -579,8 +650,9 @@ mod test { cs.ns(|| "sig1 result"), &pk_g, &sig_g, - message_g - ).unwrap(); + message_g, + ) + .unwrap(); assert_eq!(is_verified.get_value().unwrap(), is_cs_satisfied); @@ -604,18 +676,30 @@ mod test { //Change message let wrong_message: MNT4Fr = rng.gen(); - assert!(!mnt4_schnorr_gadget_generate_constraints(wrong_message, &pk, sig)); + assert!(!mnt4_schnorr_gadget_generate_constraints( + wrong_message, + &pk, + sig + )); //Change pk let wrong_pk: SchnorrMNT4Pk = rng.gen(); - assert!(!mnt4_schnorr_gadget_generate_constraints(message, &wrong_pk, sig)); + assert!(!mnt4_schnorr_gadget_generate_constraints( + message, &wrong_pk, sig + )); //Change sig let (wrong_sig, _) = sign::(rng, wrong_message); - assert!(!mnt4_schnorr_gadget_generate_constraints(message, &pk, wrong_sig)); + assert!(!mnt4_schnorr_gadget_generate_constraints( + message, &pk, wrong_sig + )); } - fn mnt6_schnorr_gadget_generate_constraints(message: MNT6Fr, pk: &SchnorrMNT6Pk, sig: SchnorrMNT6Sig) -> bool { + fn mnt6_schnorr_gadget_generate_constraints( + message: MNT6Fr, + pk: &SchnorrMNT6Pk, + sig: SchnorrMNT6Sig, + ) -> bool { let mut cs = TestConstraintSystem::::new(); //Alloc signature, pk and message @@ -624,18 +708,21 @@ mod test { || Ok(sig) ).unwrap(); let pk_g = >::PublicKeyGadget::alloc(cs.ns(|| "alloc pk"), || Ok(pk)).unwrap(); - let message_g = >::DataGadget::alloc( - cs.ns(|| "alloc message"), - || Ok(message) - ).unwrap(); + let message_g = + >::DataGadget::alloc( + cs.ns(|| "alloc message"), + || Ok(message), + ) + .unwrap(); //Verify sig SchnorrMNT6Gadget::enforce_signature_verification( cs.ns(|| "verify sig1"), &pk_g, &sig_g, - message_g.clone() - ).unwrap(); + message_g.clone(), + ) + .unwrap(); let is_cs_satisfied = cs.is_satisfied(); @@ -643,8 +730,9 @@ mod test { cs.ns(|| "sig1 result"), &pk_g, &sig_g, - message_g - ).unwrap(); + message_g, + ) + .unwrap(); assert_eq!(is_verified.get_value().unwrap(), is_cs_satisfied); @@ -669,15 +757,23 @@ mod test { //Change message let wrong_message: MNT6Fr = rng.gen(); - assert!(!mnt6_schnorr_gadget_generate_constraints(wrong_message, &pk, sig)); + assert!(!mnt6_schnorr_gadget_generate_constraints( + wrong_message, + &pk, + sig + )); //Change pk let wrong_pk: SchnorrMNT6Pk = rng.gen(); - assert!(!mnt6_schnorr_gadget_generate_constraints(message, &wrong_pk, sig)); + assert!(!mnt6_schnorr_gadget_generate_constraints( + message, &wrong_pk, sig + )); //Change sig let (wrong_sig, _) = sign::(rng, wrong_message); - assert!(!mnt6_schnorr_gadget_generate_constraints(message, &pk, wrong_sig)); + assert!(!mnt6_schnorr_gadget_generate_constraints( + message, &pk, wrong_sig + )); } #[ignore] @@ -702,18 +798,21 @@ mod test { || Ok(pk) ).unwrap(); - let message_g = >::DataGadget::alloc( - cs.ns(|| "alloc message"), - || Ok(message) - ).unwrap(); + let message_g = + >::DataGadget::alloc( + cs.ns(|| "alloc message"), + || Ok(message), + ) + .unwrap(); //Verify sig let is_verified = SchnorrMNT4Gadget::enforce_signature_verdict( cs.ns(|| "sig result"), &pk_g, &sig_g, - message_g.clone() - ).unwrap(); + message_g.clone(), + ) + .unwrap(); assert!(is_verified.get_value().unwrap()); @@ -721,24 +820,28 @@ mod test { cs.ns(|| "verify sig"), &pk_g, &sig_g, - message_g - ).unwrap(); + message_g, + ) + .unwrap(); assert!(cs.is_satisfied()); //Negative case: wrong message (or wrong sig for another message) let new_message: MNT4Fr = rng.gen(); - let new_message_g = >::DataGadget::alloc( - cs.ns(|| "alloc new_message"), - || Ok(new_message) - ).unwrap(); + let new_message_g = + >::DataGadget::alloc( + cs.ns(|| "alloc new_message"), + || Ok(new_message), + ) + .unwrap(); let is_verified = SchnorrMNT4Gadget::enforce_signature_verdict( cs.ns(|| "new sig result"), &pk_g, &sig_g, - new_message_g.clone() - ).unwrap(); + new_message_g.clone(), + ) + .unwrap(); if !cs.is_satisfied() { println!("**********Unsatisfied constraints***********"); @@ -752,10 +855,11 @@ mod test { cs.ns(|| "verify new sig"), &pk_g, &sig_g, - new_message_g - ).unwrap(); + new_message_g, + ) + .unwrap(); assert!(!cs.is_satisfied()); } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/signature/schnorr/mod.rs b/r1cs/gadgets/crypto/src/signature/schnorr/mod.rs index e104f3d29..c5ef42760 100644 --- a/r1cs/gadgets/crypto/src/signature/schnorr/mod.rs +++ b/r1cs/gadgets/crypto/src/signature/schnorr/mod.rs @@ -6,36 +6,36 @@ use crate::signature::SigRandomizePkGadget; use std::{borrow::Borrow, marker::PhantomData}; -use primitives::signature::schnorr::{SchnorrPublicKey, SchnorrSigParameters, SchnorrSignature}; use digest::Digest; +use primitives::signature::schnorr::{SchnorrPublicKey, SchnorrSigParameters, SchnorrSignature}; pub mod field_based_schnorr; pub struct SchnorrSigGadgetParameters> { generator: GG, - _group: PhantomData<*const G>, - _engine: PhantomData<*const ConstraintF>, + _group: PhantomData<*const G>, + _engine: PhantomData<*const ConstraintF>, } impl> Clone -for SchnorrSigGadgetParameters + for SchnorrSigGadgetParameters { fn clone(&self) -> Self { Self { generator: self.generator.clone(), - _group: PhantomData, - _engine: PhantomData, + _group: PhantomData, + _engine: PhantomData, } } } #[derive(Derivative)] #[derivative( -Debug(bound = "G: Group, ConstraintF: Field, GG: GroupGadget"), -Clone(bound = "G: Group, ConstraintF: Field, GG: GroupGadget"), -PartialEq(bound = "G: Group, ConstraintF: Field, GG: GroupGadget"), -Eq(bound = "G: Group, ConstraintF: Field, GG: GroupGadget") + Debug(bound = "G: Group, ConstraintF: Field, GG: GroupGadget"), + Clone(bound = "G: Group, ConstraintF: Field, GG: GroupGadget"), + PartialEq(bound = "G: Group, ConstraintF: Field, GG: GroupGadget"), + Eq(bound = "G: Group, ConstraintF: Field, GG: GroupGadget") )] pub struct SchnorrSigGadgetPk> { pub_key: GG, @@ -55,12 +55,12 @@ pub struct SchnorrRandomizePkGadget SigRandomizePkGadget, ConstraintF> -for SchnorrRandomizePkGadget - where - G: Group, - GG: GroupGadget, - D: Digest + Send + Sync, - ConstraintF: Field, + for SchnorrRandomizePkGadget +where + G: Group, + GG: GroupGadget, + D: Digest + Send + Sync, + ConstraintF: Field, { type ParametersGadget = SchnorrSigGadgetParameters; type PublicKeyGadget = SchnorrSigGadgetPk; @@ -83,24 +83,24 @@ for SchnorrRandomizePkGadget )?; Ok(SchnorrSigGadgetPk { pub_key: rand_pk, - _group: PhantomData, + _group: PhantomData, _engine: PhantomData, }) } } impl AllocGadget, ConstraintF> -for SchnorrSigGadgetParameters - where - G: Group, - ConstraintF: Field, - GG: GroupGadget, - D: Digest, + for SchnorrSigGadgetParameters +where + G: Group, + ConstraintF: Field, + GG: GroupGadget, + D: Digest, { fn alloc>(cs: CS, f: F) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let generator = GG::alloc_checked(cs, || f().map(|pp| pp.borrow().generator))?; Ok(Self { @@ -114,9 +114,9 @@ for SchnorrSigGadgetParameters cs: CS, f: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let generator = GG::alloc_input(cs, || f().map(|pp| pp.borrow().generator))?; Ok(Self { @@ -128,16 +128,16 @@ for SchnorrSigGadgetParameters } impl AllocGadget, ConstraintF> -for SchnorrSigGadgetPk - where - G: Group, - ConstraintF: Field, - GG: GroupGadget, + for SchnorrSigGadgetPk +where + G: Group, + ConstraintF: Field, + GG: GroupGadget, { fn alloc>(cs: CS, f: F) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let pub_key = GG::alloc_input(cs, || f().map(|pk| *pk.borrow()))?; Ok(Self { @@ -151,9 +151,9 @@ for SchnorrSigGadgetPk cs: CS, f: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let pub_key = GG::alloc_input(cs, || f().map(|pk| *pk.borrow()))?; Ok(Self { @@ -165,16 +165,16 @@ for SchnorrSigGadgetPk } impl EqGadget for SchnorrSigGadgetPk - where - G: Group, - ConstraintF: Field, - GG: GroupGadget, +where + G: Group, + ConstraintF: Field, + GG: GroupGadget, { #[inline] fn is_eq>( &self, cs: CS, - other: &Self + other: &Self, ) -> Result { self.pub_key.is_eq(cs, &other.pub_key) } @@ -203,10 +203,10 @@ impl EqGadget for SchnorrSigGadgetPk ToBytesGadget for SchnorrSigGadgetPk - where - G: Group, - ConstraintF: Field, - GG: GroupGadget, +where + G: Group, + ConstraintF: Field, + GG: GroupGadget, { fn to_bytes>( &self, @@ -222,4 +222,4 @@ impl ToBytesGadget for SchnorrSigGadgetPk where ConstraintF: PrimeField, - G: Group, - GG: GroupGadget, + G: Group, + GG: GroupGadget, { - pub gamma: GG, - pub c: FpGadget, - pub s: FpGadget, - _field: PhantomData, - _group: PhantomData, + pub gamma: GG, + pub c: FpGadget, + pub s: FpGadget, + _field: PhantomData, + _group: PhantomData, } impl FieldBasedEcVrfProofGadget - where - ConstraintF: PrimeField, - G: ProjectiveCurve, - GG: GroupGadget, +where + ConstraintF: PrimeField, + G: ProjectiveCurve, + GG: GroupGadget, { fn alloc_internal>( mut cs: CS, @@ -59,15 +52,15 @@ impl FieldBasedEcVrfProofGadget gamma_on_curve: bool, gamma_prime_order: bool, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (gamma, c, s) = match f() { Ok(proof) => { let proof = *proof.borrow(); (Ok(proof.gamma), Ok(proof.c), Ok(proof.s)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -77,80 +70,89 @@ impl FieldBasedEcVrfProofGadget let gamma = match (gamma_on_curve, gamma_prime_order) { (false, false) => GG::alloc_without_check(cs.ns(|| "alloc gamma unchecked"), || gamma)?, - (true, false) => { - GG::alloc(cs.ns(|| "alloc gamma"), || gamma ) - .and_then(|gamma_g| { - gamma_g - .is_zero(cs.ns(|| "is gamma zero"))? - .enforce_equal( - cs.ns(|| "gamma must not be zero"), - &Boolean::constant(false), - )?; - Ok(gamma_g) - })? - }, - (true, true) => { - GG::alloc_checked(cs.ns(|| "alloc gamma checked"), || gamma ) - .and_then(|gamma_g| { - gamma_g - .is_zero(cs.ns(|| "is gamma zero"))? - .enforce_equal( - cs.ns(|| "gamma must not be zero"), - &Boolean::constant(false), - )?; - Ok(gamma_g) - })? - }, - _ => unreachable!() + (true, false) => GG::alloc(cs.ns(|| "alloc gamma"), || gamma).and_then(|gamma_g| { + gamma_g.is_zero(cs.ns(|| "is gamma zero"))?.enforce_equal( + cs.ns(|| "gamma must not be zero"), + &Boolean::constant(false), + )?; + Ok(gamma_g) + })?, + (true, true) => GG::alloc_checked(cs.ns(|| "alloc gamma checked"), || gamma).and_then( + |gamma_g| { + gamma_g.is_zero(cs.ns(|| "is gamma zero"))?.enforce_equal( + cs.ns(|| "gamma must not be zero"), + &Boolean::constant(false), + )?; + Ok(gamma_g) + }, + )?, + _ => unreachable!(), }; let c = FpGadget::::alloc(cs.ns(|| "alloc c"), || c)?; let s = FpGadget::::alloc(cs.ns(|| "alloc s"), || s)?; - Ok(Self{gamma, c, s, _field: PhantomData, _group: PhantomData}) + Ok(Self { + gamma, + c, + s, + _field: PhantomData, + _group: PhantomData, + }) } - } impl AllocGadget, ConstraintF> -for FieldBasedEcVrfProofGadget - where - ConstraintF: PrimeField, - G: ProjectiveCurve, - GG: GroupGadget, + for FieldBasedEcVrfProofGadget +where + ConstraintF: PrimeField, + G: ProjectiveCurve, + GG: GroupGadget, { - fn alloc_without_check>(cs: CS, f: FN) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + fn alloc_without_check>( + cs: CS, + f: FN, + ) -> Result + where + FN: FnOnce() -> Result, + T: Borrow>, { Self::alloc_internal(cs, f, false, false) } - fn alloc>(cs: CS, f: FN) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + fn alloc>( + cs: CS, + f: FN, + ) -> Result + where + FN: FnOnce() -> Result, + T: Borrow>, { Self::alloc_internal(cs, f, true, false) } - fn alloc_checked>(cs: CS, f: FN) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + fn alloc_checked>( + cs: CS, + f: FN, + ) -> Result + where + FN: FnOnce() -> Result, + T: Borrow>, { Self::alloc_internal(cs, f, true, true) } - fn alloc_input>(mut cs: CS, f: FN) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + fn alloc_input>( + mut cs: CS, + f: FN, + ) -> Result + where + FN: FnOnce() -> Result, + T: Borrow>, { let (gamma, c, s) = match f() { Ok(proof) => { let proof = *proof.borrow(); (Ok(proof.gamma), Ok(proof.c), Ok(proof.s)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -161,98 +163,124 @@ for FieldBasedEcVrfProofGadget let gamma = GG::alloc_input(cs.ns(|| "alloc gamma"), || gamma)?; let c = FpGadget::::alloc_input(cs.ns(|| "alloc c"), || c)?; let s = FpGadget::::alloc_input(cs.ns(|| "alloc s"), || s)?; - Ok(Self{gamma, c, s, _field: PhantomData, _group: PhantomData}) + Ok(Self { + gamma, + c, + s, + _field: PhantomData, + _group: PhantomData, + }) } } - pub struct FieldBasedEcVrfPkGadget< ConstraintF: PrimeField, G: Group, GG: GroupGadget, -> -{ +> { pub pk: GG, _field: PhantomData, _group: PhantomData, } impl AllocGadget, ConstraintF> -for FieldBasedEcVrfPkGadget - where - ConstraintF: PrimeField, - G: Group, - GG: GroupGadget, + for FieldBasedEcVrfPkGadget +where + ConstraintF: PrimeField, + G: Group, + GG: GroupGadget, { - fn alloc>(mut cs: CS, f: F) -> Result where + fn alloc>( + mut cs: CS, + f: F, + ) -> Result + where F: FnOnce() -> Result, - T: Borrow> + T: Borrow>, { - let pk = GG::alloc(cs.ns(|| "alloc pk"), || f().map(|pk| pk.borrow().0)) - .and_then(|pk_g|{ - pk_g - .is_zero(cs.ns(|| "is pk zero"))? - .enforce_equal( - cs.ns(|| "pk must not be zero"), - &Boolean::constant(false), - )?; + let pk = + GG::alloc(cs.ns(|| "alloc pk"), || f().map(|pk| pk.borrow().0)).and_then(|pk_g| { + pk_g.is_zero(cs.ns(|| "is pk zero"))? + .enforce_equal(cs.ns(|| "pk must not be zero"), &Boolean::constant(false))?; Ok(pk_g) - })?; - Ok( Self{ pk, _field: PhantomData, _group: PhantomData } ) + })?; + Ok(Self { + pk, + _field: PhantomData, + _group: PhantomData, + }) } - fn alloc_without_check>(mut cs: CS, f: F) -> Result where + fn alloc_without_check>( + mut cs: CS, + f: F, + ) -> Result + where F: FnOnce() -> Result, T: Borrow>, { let pk = GG::alloc_without_check(cs.ns(|| "alloc pk"), || f().map(|pk| pk.borrow().0))?; - Ok( Self{ pk, _field: PhantomData, _group: PhantomData } ) + Ok(Self { + pk, + _field: PhantomData, + _group: PhantomData, + }) } - fn alloc_checked>(mut cs: CS, f: F) -> Result where + fn alloc_checked>( + mut cs: CS, + f: F, + ) -> Result + where F: FnOnce() -> Result, T: Borrow>, { let pk = GG::alloc_checked(cs.ns(|| "alloc pk checked"), || f().map(|pk| pk.borrow().0)) - .and_then(|pk_g|{ - pk_g - .is_zero(cs.ns(|| "is pk zero"))? - .enforce_equal( - cs.ns(|| "pk must not be zero"), - &Boolean::constant(false), - )?; + .and_then(|pk_g| { + pk_g.is_zero(cs.ns(|| "is pk zero"))? + .enforce_equal(cs.ns(|| "pk must not be zero"), &Boolean::constant(false))?; Ok(pk_g) })?; - Ok( Self{ pk, _field: PhantomData, _group: PhantomData } ) + Ok(Self { + pk, + _field: PhantomData, + _group: PhantomData, + }) } - fn alloc_input>(mut cs: CS, f: F) -> Result where + fn alloc_input>( + mut cs: CS, + f: F, + ) -> Result + where F: FnOnce() -> Result, - T: Borrow> + T: Borrow>, { let pk = GG::alloc_input(cs.ns(|| "alloc pk"), || f().map(|pk| pk.borrow().0))?; - Ok( Self{ pk, _field: PhantomData, _group: PhantomData } ) + Ok(Self { + pk, + _field: PhantomData, + _group: PhantomData, + }) } } pub struct FieldBasedEcVrfProofVerificationGadget< ConstraintF: PrimeField, - G: ProjectiveCurve, + G: ProjectiveCurve, GG: GroupGadget, - FH: FieldBasedHash, + FH: FieldBasedHash, FHG: FieldBasedHashGadget, - GH: FixedLengthCRH, + GH: FixedLengthCRH, GHG: FixedLengthCRHGadget, -> -where -{ - _field: PhantomData, - _group: PhantomData, - _group_gadget: PhantomData, - _field_hash: PhantomData, - _field_hash_gadget: PhantomData, - _group_hash: PhantomData, - _group_hash_gadget: PhantomData, +> { + _field: PhantomData, + _group: PhantomData, + _group_gadget: PhantomData, + _field_hash: PhantomData, + _field_hash_gadget: PhantomData, + _group_hash: PhantomData, + _group_hash_gadget: PhantomData, } // This implementation supports both complete and incomplete (safe) point addition. @@ -265,16 +293,18 @@ where // - if c * pk = s * G, i.e. when u is trivial (therefore leaking the sk), OR // - if c * gamma = s * mh, i.e. when v is trivial (therefore also leaking the sk), THEN // the circuit is not satisfiable. -impl FieldBasedVrfGadget, ConstraintF> -for FieldBasedEcVrfProofVerificationGadget - where - ConstraintF: PrimeField, - G: ProjectiveCurve + ToConstraintField, - GG: GroupGadget + ToConstraintFieldGadget, - FH: FieldBasedHash, - FHG: FieldBasedHashGadget>, - GH: FixedLengthCRH, - GHG: FixedLengthCRHGadget, +impl + FieldBasedVrfGadget, ConstraintF> + for FieldBasedEcVrfProofVerificationGadget +where + ConstraintF: PrimeField, + G: ProjectiveCurve + ToConstraintField, + GG: GroupGadget + + ToConstraintFieldGadget, + FH: FieldBasedHash, + FHG: FieldBasedHashGadget>, + GH: FixedLengthCRH, + GHG: FixedLengthCRHGadget, { type DataGadget = FpGadget; type ProofGadget = FieldBasedEcVrfProofGadget; @@ -282,57 +312,56 @@ for FieldBasedEcVrfProofVerificationGadget type GHParametersGadget = GHG::ParametersGadget; fn enforce_proof_to_hash_verification>( - mut cs: CS, + mut cs: CS, group_hash_params: &Self::GHParametersGadget, - public_key: &Self::PublicKeyGadget, - proof: &Self::ProofGadget, - message: Self::DataGadget + public_key: &Self::PublicKeyGadget, + proof: &Self::ProofGadget, + message: Self::DataGadget, ) -> Result { - //Check mh = hash_to_curve(message) - let message_bytes = message.to_bytes_strict( - cs.ns(|| "message_to_bytes_restricted"), - )?; + let message_bytes = message.to_bytes_strict(cs.ns(|| "message_to_bytes_restricted"))?; let message_on_curve = GHG::check_evaluation_gadget( cs.ns(|| "check message_on_curve"), group_hash_params, - message_bytes.as_slice() + message_bytes.as_slice(), )?; //Serialize c and s let c_bits = { - //Serialize e taking into account the length restriction let to_skip = compute_truncation_size( ConstraintF::size_in_bits() as i32, G::ScalarField::size_in_bits() as i32, ); - let c_bits = proof.c + let c_bits = proof + .c .to_bits_with_length_restriction(cs.ns(|| "c_to_bits"), to_skip)?; - debug_assert!(c_bits.len() == ConstraintF::size_in_bits() - to_skip); + debug_assert!(c_bits.len() == ConstraintF::size_in_bits() - to_skip); c_bits }; let mut s_bits = { - //Serialize s taking into account the length restriction //Before computing the number of bits to truncate from s, we first have to normalize //it, i.e. considering its number of bits equals to G::ScalarField::MODULUS_BITS; - let moduli_diff = ConstraintF::size_in_bits() as i32 - G::ScalarField::size_in_bits() as i32; - let to_skip_init = (if moduli_diff > 0 {moduli_diff} else {0}) as usize; + let moduli_diff = + ConstraintF::size_in_bits() as i32 - G::ScalarField::size_in_bits() as i32; + let to_skip_init = (if moduli_diff > 0 { moduli_diff } else { 0 }) as usize; //Now we can compare the two moduli and decide the bits to truncate - let to_skip = to_skip_init + compute_truncation_size( - G::ScalarField::size_in_bits() as i32, - ConstraintF::size_in_bits() as i32, - ); - - let s_bits = proof.s + let to_skip = to_skip_init + + compute_truncation_size( + G::ScalarField::size_in_bits() as i32, + ConstraintF::size_in_bits() as i32, + ); + + let s_bits = proof + .s .to_bits_with_length_restriction(cs.ns(|| "s_to_bits"), to_skip as usize)?; debug_assert!(s_bits.len() == G::ScalarField::size_in_bits() + to_skip_init - to_skip); @@ -343,7 +372,7 @@ for FieldBasedEcVrfProofVerificationGadget //Hardcode g let g = GG::from_value( cs.ns(|| "hardcode generator"), - &G::prime_subgroup_generator() + &G::prime_subgroup_generator(), ); // Random shift to avoid exceptional cases if add is incomplete. @@ -354,15 +383,21 @@ for FieldBasedEcVrfProofVerificationGadget let mut rng = OsRng::default(); Ok(loop { let r = G::rand(&mut rng); - if !r.is_zero() { break(r) } + if !r.is_zero() { + break (r); + } }) })?; //Check u = g^s - pk^c - let u = - { - let neg_c_times_pk = public_key.pk - .mul_bits(cs.ns(|| "pk * c + shift"), &shift, c_bits.as_slice().iter().rev())? + let u = { + let neg_c_times_pk = public_key + .pk + .mul_bits( + cs.ns(|| "pk * c + shift"), + &shift, + c_bits.as_slice().iter().rev(), + )? .negate(cs.ns(|| "- (c * pk + shift)"))?; GG::mul_bits_fixed_base(&g.get_constant(), cs.ns(|| "(s * G + shift)"), @@ -373,10 +408,14 @@ for FieldBasedEcVrfProofVerificationGadget }; //Check v = mh^s - gamma^c - let v = - { - let neg_c_times_gamma = proof.gamma - .mul_bits(cs.ns(|| "c * gamma + shift"), &shift, c_bits.as_slice().iter().rev())? + let v = { + let neg_c_times_gamma = proof + .gamma + .mul_bits( + cs.ns(|| "c * gamma + shift"), + &shift, + c_bits.as_slice().iter().rev(), + )? .negate(cs.ns(|| "- (c * gamma + shift)"))?; message_on_curve .mul_bits(cs.ns(|| "(s * mh + shift)"), &shift, s_bits.as_slice().iter())? @@ -389,14 +428,18 @@ for FieldBasedEcVrfProofVerificationGadget // (or an odd number of field elements). let mut hash_input = Vec::new(); hash_input.push(message.clone()); - hash_input.push(public_key.pk.to_field_gadget_elements(cs.ns(|| "pk to fes")).unwrap()[0].clone()); + hash_input.push( + public_key + .pk + .to_field_gadget_elements(cs.ns(|| "pk to fes")) + .unwrap()[0] + .clone(), + ); hash_input.push(u.to_field_gadget_elements(cs.ns(|| "u to fes")).unwrap()[0].clone()); hash_input.push(v.to_field_gadget_elements(cs.ns(|| "v to fes")).unwrap()[0].clone()); - let c_prime = FHG::enforce_hash_constant_length( - cs.ns(|| "check c_prime"), - hash_input.as_slice(), - )?; + let c_prime = + FHG::enforce_hash_constant_length(cs.ns(|| "check c_prime"), hash_input.as_slice())?; //Enforce c = c' proof.c.enforce_equal(cs.ns(|| "check c == c'"), &c_prime)?; @@ -404,12 +447,16 @@ for FieldBasedEcVrfProofVerificationGadget //Check and return VRF output hash_input = Vec::new(); hash_input.push(message); - hash_input.extend_from_slice(proof.gamma.to_field_gadget_elements(cs.ns(|| "gamma to fes")).unwrap().as_slice()); + hash_input.extend_from_slice( + proof + .gamma + .to_field_gadget_elements(cs.ns(|| "gamma to fes")) + .unwrap() + .as_slice(), + ); - let vrf_output = FHG::enforce_hash_constant_length( - cs.ns(|| "check vrf_output"), - hash_input.as_slice(), - )?; + let vrf_output = + FHG::enforce_hash_constant_length(cs.ns(|| "check vrf_output"), hash_input.as_slice())?; Ok(vrf_output) } @@ -417,47 +464,38 @@ for FieldBasedEcVrfProofVerificationGadget #[cfg(test)] mod test { - use algebra::curves::{ - mnt4753::G1Projective as MNT4G1Projective, - mnt6753::G1Projective as MNT6G1Projective, + use crate::{ + crh::{ + bowe_hopwood::BoweHopwoodPedersenCRHGadget, MNT4PoseidonHashGadget, + MNT6PoseidonHashGadget, + }, + vrf::{ecvrf::FieldBasedEcVrfProofVerificationGadget, FieldBasedVrfGadget}, }; - use algebra::fields::{ - mnt4753::Fr as MNT4Fr, - mnt6753::Fr as MNT6Fr, + use algebra::curves::{ + mnt4753::G1Projective as MNT4G1Projective, mnt6753::G1Projective as MNT6G1Projective, }; + use algebra::fields::{mnt4753::Fr as MNT4Fr, mnt6753::Fr as MNT6Fr}; use primitives::{ - vrf::{ - FieldBasedVrf, - ecvrf::{FieldBasedEcVrf, FieldBasedEcVrfProof}, - }, crh::{ - MNT4PoseidonHash, MNT6PoseidonHash, bowe_hopwood::{BoweHopwoodPedersenCRH, BoweHopwoodPedersenParameters}, pedersen::PedersenWindow, - FixedLengthCRH, + FixedLengthCRH, MNT4PoseidonHash, MNT6PoseidonHash, }, - }; - use crate::{ vrf::{ - FieldBasedVrfGadget, - ecvrf::FieldBasedEcVrfProofVerificationGadget, + ecvrf::{FieldBasedEcVrf, FieldBasedEcVrfProof}, + FieldBasedVrf, }, - crh::{ - MNT4PoseidonHashGadget, MNT6PoseidonHashGadget, - bowe_hopwood::BoweHopwoodPedersenCRHGadget, - } }; use r1cs_core::ConstraintSystem; use r1cs_std::alloc::AllocGadget; use r1cs_std::instantiated::{ - mnt4_753::G1Gadget as MNT4G1Gadget, - mnt6_753::G1Gadget as MNT6G1Gadget, + mnt4_753::G1Gadget as MNT4G1Gadget, mnt6_753::G1Gadget as MNT6G1Gadget, }; use r1cs_std::test_constraint_system::TestConstraintSystem; - use rand::{Rng, thread_rng}; use primitives::vrf::ecvrf::FieldBasedEcVrfPk; + use rand::{thread_rng, Rng}; #[derive(Clone)] struct TestWindow {} @@ -491,7 +529,8 @@ mod test { MNT4PoseidonHash, MNT4PoseidonHashGadget, BHMNT6, - BHMNT4Gadget>; + BHMNT4Gadget, + >; type EcVrfMNT6Gadget = FieldBasedEcVrfProofVerificationGadget< MNT6Fr, @@ -500,35 +539,56 @@ mod test { MNT6PoseidonHash, MNT6PoseidonHashGadget, BHMNT4, - BHMNT6Gadget>; - - fn prove(rng: &mut R, pp: &S::GHParams, message: S::Data) - -> (S::Proof, S::PublicKey) - { + BHMNT6Gadget, + >; + + fn prove( + rng: &mut R, + pp: &S::GHParams, + message: S::Data, + ) -> (S::Proof, S::PublicKey) { let (pk, sk) = S::keygen(rng); assert!(S::keyverify(&pk)); let proof = S::prove(rng, pp, &pk, &sk, message).unwrap(); (proof, pk) } - fn mnt4_ecvrf_gadget_generate_constraints(message: MNT4Fr, pk: &EcVrfMNT4Pk, proof: EcVrfMNT4Proof, pp: &BHMNT4Parameters) -> bool { - + fn mnt4_ecvrf_gadget_generate_constraints( + message: MNT4Fr, + pk: &EcVrfMNT4Pk, + proof: EcVrfMNT4Proof, + pp: &BHMNT4Parameters, + ) -> bool { let mut cs = TestConstraintSystem::::new(); //Alloc proof, pk and message - let proof_g = >::ProofGadget::alloc( - cs.ns(|| "alloc proof"), - || Ok(proof) - ).unwrap(); + let proof_g = + >::ProofGadget::alloc( + cs.ns(|| "alloc proof"), + || Ok(proof), + ) + .unwrap(); - let pk_g = >::PublicKeyGadget::alloc(cs.ns(|| "alloc pk"), || Ok(pk)).unwrap(); + let pk_g = + >::PublicKeyGadget::alloc( + cs.ns(|| "alloc pk"), + || Ok(pk), + ) + .unwrap(); - let pp_g = >::GHParametersGadget::alloc(cs.ns(|| "alloc gh params"), || Ok(pp)).unwrap(); + let pp_g = + >::GHParametersGadget::alloc( + cs.ns(|| "alloc gh params"), + || Ok(pp), + ) + .unwrap(); - let message_g = >::DataGadget::alloc( - cs.ns(|| "alloc message"), - || Ok(message) - ).unwrap(); + let message_g = + >::DataGadget::alloc( + cs.ns(|| "alloc message"), + || Ok(message), + ) + .unwrap(); //Verify proof EcVrfMNT4Gadget::enforce_proof_to_hash_verification( @@ -536,8 +596,9 @@ mod test { &pp_g, &pk_g, &proof_g, - message_g - ).unwrap(); + message_g, + ) + .unwrap(); if !cs.is_satisfied() { println!("**********Unsatisfied constraints***********"); @@ -555,36 +616,68 @@ mod test { let (proof, pk) = prove::(rng, &pp, message); //Positive case - assert!(mnt4_ecvrf_gadget_generate_constraints(message, &pk, proof, &pp)); + assert!(mnt4_ecvrf_gadget_generate_constraints( + message, &pk, proof, &pp + )); //Change message let wrong_message: MNT4Fr = rng.gen(); - assert!(!mnt4_ecvrf_gadget_generate_constraints(wrong_message, &pk, proof, &pp)); + assert!(!mnt4_ecvrf_gadget_generate_constraints( + wrong_message, + &pk, + proof, + &pp + )); //Change pk let wrong_pk: EcVrfMNT4Pk = rng.gen(); - assert!(!mnt4_ecvrf_gadget_generate_constraints(message, &wrong_pk, proof, &pp)); + assert!(!mnt4_ecvrf_gadget_generate_constraints( + message, &wrong_pk, proof, &pp + )); //Change proof let (wrong_proof, _) = prove::(rng, &pp, wrong_message); - assert!(!mnt4_ecvrf_gadget_generate_constraints(message, &pk, wrong_proof, &pp)); + assert!(!mnt4_ecvrf_gadget_generate_constraints( + message, + &pk, + wrong_proof, + &pp + )); } - fn mnt6_ecvrf_gadget_generate_constraints(message: MNT6Fr, pk: &EcVrfMNT6Pk, proof: EcVrfMNT6Proof, pp: &BHMNT6Parameters) -> bool { - + fn mnt6_ecvrf_gadget_generate_constraints( + message: MNT6Fr, + pk: &EcVrfMNT6Pk, + proof: EcVrfMNT6Proof, + pp: &BHMNT6Parameters, + ) -> bool { let mut cs = TestConstraintSystem::::new(); //Alloc proof, pk and message - let proof_g = >::ProofGadget::alloc( - cs.ns(|| "alloc proof"), - || Ok(proof) - ).unwrap(); - let pk_g = >::PublicKeyGadget::alloc(cs.ns(|| "alloc pk"), || Ok(pk)).unwrap(); - let pp_g = >::GHParametersGadget::alloc(cs.ns(|| "alloc gh params"), || Ok(pp)).unwrap(); - let message_g = >::DataGadget::alloc( - cs.ns(|| "alloc message"), - || Ok(message) - ).unwrap(); + let proof_g = + >::ProofGadget::alloc( + cs.ns(|| "alloc proof"), + || Ok(proof), + ) + .unwrap(); + let pk_g = + >::PublicKeyGadget::alloc( + cs.ns(|| "alloc pk"), + || Ok(pk), + ) + .unwrap(); + let pp_g = + >::GHParametersGadget::alloc( + cs.ns(|| "alloc gh params"), + || Ok(pp), + ) + .unwrap(); + let message_g = + >::DataGadget::alloc( + cs.ns(|| "alloc message"), + || Ok(message), + ) + .unwrap(); //Verify proof EcVrfMNT6Gadget::enforce_proof_to_hash_verification( @@ -592,8 +685,9 @@ mod test { &pp_g, &pk_g, &proof_g, - message_g - ).unwrap(); + message_g, + ) + .unwrap(); if !cs.is_satisfied() { println!("**********Unsatisfied constraints***********"); @@ -612,25 +706,38 @@ mod test { let (proof, pk) = prove::(rng, &pp, message); //Positive case - assert!(mnt6_ecvrf_gadget_generate_constraints(message, &pk, proof, &pp)); + assert!(mnt6_ecvrf_gadget_generate_constraints( + message, &pk, proof, &pp + )); //Change message let wrong_message: MNT6Fr = rng.gen(); - assert!(!mnt6_ecvrf_gadget_generate_constraints(wrong_message, &pk, proof, &pp)); + assert!(!mnt6_ecvrf_gadget_generate_constraints( + wrong_message, + &pk, + proof, + &pp + )); //Change pk let wrong_pk: EcVrfMNT6Pk = rng.gen(); - assert!(!mnt6_ecvrf_gadget_generate_constraints(message, &wrong_pk, proof, &pp)); + assert!(!mnt6_ecvrf_gadget_generate_constraints( + message, &wrong_pk, proof, &pp + )); //Change proof let (wrong_proof, _) = prove::(rng, &pp, wrong_message); - assert!(!mnt6_ecvrf_gadget_generate_constraints(message, &pk, wrong_proof, &pp)); + assert!(!mnt6_ecvrf_gadget_generate_constraints( + message, + &pk, + wrong_proof, + &pp + )); } #[ignore] #[test] fn random_ecvrf_gadget_test() { - //Generate VRF proof for a random field element f and get the proof and the public key let rng = &mut thread_rng(); let pp = ::setup(rng).unwrap(); @@ -642,10 +749,12 @@ mod test { let mut cs = TestConstraintSystem::::new(); //Alloc proof, pk, hash params and message - let proof_g = >::ProofGadget::alloc( - cs.ns(|| "alloc proof"), - || Ok(sig) - ).unwrap(); + let proof_g = + >::ProofGadget::alloc( + cs.ns(|| "alloc proof"), + || Ok(sig), + ) + .unwrap(); let pk_g = >::PublicKeyGadget::alloc( cs.ns(|| "alloc pk"), @@ -657,10 +766,12 @@ mod test { || Ok(&pp) ).unwrap(); - let message_g = >::DataGadget::alloc( - cs.ns(|| "alloc message"), - || Ok(message) - ).unwrap(); + let message_g = + >::DataGadget::alloc( + cs.ns(|| "alloc message"), + || Ok(message), + ) + .unwrap(); //Verify proof EcVrfMNT4Gadget::enforce_proof_to_hash_verification( @@ -668,8 +779,9 @@ mod test { &pp_g, &pk_g, &proof_g, - message_g - ).unwrap(); + message_g, + ) + .unwrap(); if !cs.is_satisfied() { println!("**********Unsatisfied constraints***********"); @@ -681,20 +793,23 @@ mod test { //Negative case: wrong message (or wrong proof for another message) let new_message: MNT4Fr = rng.gen(); - let new_message_g = >::DataGadget::alloc( - cs.ns(|| "alloc new_message"), - || Ok(new_message) - ).unwrap(); + let new_message_g = + >::DataGadget::alloc( + cs.ns(|| "alloc new_message"), + || Ok(new_message), + ) + .unwrap(); EcVrfMNT4Gadget::enforce_proof_to_hash_verification( cs.ns(|| "verify new proof"), &pp_g, &pk_g, &proof_g, - new_message_g - ).unwrap(); + new_message_g, + ) + .unwrap(); assert!(!cs.is_satisfied()); } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/crypto/src/vrf/mod.rs b/r1cs/gadgets/crypto/src/vrf/mod.rs index cba36c1ad..386e71864 100644 --- a/r1cs/gadgets/crypto/src/vrf/mod.rs +++ b/r1cs/gadgets/crypto/src/vrf/mod.rs @@ -1,23 +1,22 @@ +use algebra::Field; use primitives::vrf::FieldBasedVrf; -use r1cs_std::fields::FieldGadget; -use r1cs_std::alloc::AllocGadget; use r1cs_core::{ConstraintSystem, SynthesisError}; -use algebra::Field; +use r1cs_std::alloc::AllocGadget; +use r1cs_std::fields::FieldGadget; pub mod ecvrf; pub trait FieldBasedVrfGadget { - - type DataGadget: FieldGadget; - type ProofGadget: AllocGadget; - type PublicKeyGadget: AllocGadget; - type GHParametersGadget: AllocGadget; + type DataGadget: FieldGadget; + type ProofGadget: AllocGadget; + type PublicKeyGadget: AllocGadget; + type GHParametersGadget: AllocGadget; fn enforce_proof_to_hash_verification>( - cs: CS, - pp: &Self::GHParametersGadget, + cs: CS, + pp: &Self::GHParametersGadget, public_key: &Self::PublicKeyGadget, - proof: &Self::ProofGadget, - message: Self::DataGadget, + proof: &Self::ProofGadget, + message: Self::DataGadget, ) -> Result; -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/alloc.rs b/r1cs/gadgets/std/src/alloc.rs index 45c3fb21d..9fc093fa2 100644 --- a/r1cs/gadgets/std/src/alloc.rs +++ b/r1cs/gadgets/std/src/alloc.rs @@ -12,10 +12,16 @@ where F: FnOnce() -> Result, T: Borrow; - fn alloc_without_check>(cs: CS, f: F) -> Result - where - F: FnOnce() -> Result, - T: Borrow, { Self::alloc(cs, f) } + fn alloc_without_check>( + cs: CS, + f: F, + ) -> Result + where + F: FnOnce() -> Result, + T: Borrow, + { + Self::alloc(cs, f) + } fn alloc_checked>( cs: CS, @@ -126,14 +132,11 @@ impl> AllocGadget<[I], Con /// Get a Gadget from the corresponding constant. At low level, the constant /// will be the coefficient of the CS::one() variable. pub trait ConstantGadget - where - Self: Sized, - V: Sized , +where + Self: Sized, + V: Sized, { - fn from_value>( - cs: CS, - value: &V - ) -> Self; + fn from_value>(cs: CS, value: &V) -> Self; fn get_constant(&self) -> V; -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/bits/boolean.rs b/r1cs/gadgets/std/src/bits/boolean.rs index 6cd3f65c9..beff71a92 100644 --- a/r1cs/gadgets/std/src/bits/boolean.rs +++ b/r1cs/gadgets/std/src/bits/boolean.rs @@ -1,16 +1,16 @@ use algebra::{BitIterator, Field, FpParameters, PrimeField, ToConstraintField}; +use crate::fields::fp::FpGadget; use crate::{prelude::*, Assignment}; -use r1cs_core::{ConstraintSystem, LinearCombination, SynthesisError, Variable, ConstraintVar}; +use r1cs_core::{ConstraintSystem, ConstraintVar, LinearCombination, SynthesisError, Variable}; use std::borrow::Borrow; -use crate::fields::fp::FpGadget; /// Represents a variable in the constraint system which is guaranteed /// to be either zero or one. #[derive(Copy, Clone, Debug)] pub struct AllocatedBit { variable: Variable, - value: Option, + value: Option, } impl AllocatedBit { @@ -25,9 +25,9 @@ impl AllocatedBit { /// Performs an XOR operation over the two operands, returning /// an `AllocatedBit`. pub fn xor(mut cs: CS, a: &Self, b: &Self) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let mut result_value = None; @@ -70,16 +70,16 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } /// Performs an AND operation over the two operands, returning /// an `AllocatedBit`. pub fn and(mut cs: CS, a: &Self, b: &Self) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let mut result_value = None; @@ -109,16 +109,16 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } /// Performs an OR operation over the two operands, returning /// an `AllocatedBit`. pub fn or(mut cs: CS, a: &Self, b: &Self) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let mut result_value = None; @@ -146,15 +146,15 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } /// Calculates `a AND (NOT b)`. pub fn and_not(mut cs: CS, a: &Self, b: &Self) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let mut result_value = None; @@ -184,15 +184,15 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } /// Calculates `(NOT a) AND (NOT b)`. pub fn nor(mut cs: CS, a: &Self, b: &Self) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let mut result_value = None; @@ -222,7 +222,7 @@ impl AllocatedBit { Ok(AllocatedBit { variable: result_var, - value: result_value, + value: result_value, }) } } @@ -240,9 +240,9 @@ impl AllocGadget for AllocatedBit { mut cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow, + where + F: FnOnce() -> Result, + T: Borrow, { let mut value = None; let var = cs.alloc( @@ -276,9 +276,9 @@ impl AllocGadget for AllocatedBit { mut cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow, + where + F: FnOnce() -> Result, + T: Borrow, { let mut value = None; let var = cs.alloc_input( @@ -339,9 +339,12 @@ fn cond_select_helper>( let result_var = cs.alloc( || "cond_select_result", || { - result_val = cond.get_value().and_then(|c| if c { first.0 } else { second.0 }); + result_val = cond + .get_value() + .and_then(|c| if c { first.0 } else { second.0 }); result_val.get().map(|v| F::from(v as u8)) - })?; + }, + )?; let first_var = first.1.into(); let second_var = second.1.into(); @@ -359,8 +362,10 @@ fn cond_select_helper>( |lc| ConstraintVar::from(result_var) - &second_var + lc, ); - Ok(AllocatedBit { value: result_val, variable: result_var }) - + Ok(AllocatedBit { + value: result_val, + variable: result_var, + }) } /// This is a boolean value which may be either a constant or @@ -396,11 +401,11 @@ impl Boolean { } else { LinearCombination::::zero() } - }, + } Boolean::Is(ref v) => (coeff, v.get_variable()).into(), Boolean::Not(ref v) => { LinearCombination::::zero() + (coeff, one) - (coeff, v.get_variable()) - }, + } } } @@ -431,9 +436,9 @@ impl Boolean { mut cs: CS, values: &[bool], ) -> Result, SynthesisError> - where - ConstraintF: PrimeField, - CS: ConstraintSystem, + where + ConstraintF: PrimeField, + CS: ConstraintSystem, { let field_elements: Vec = ToConstraintField::::to_field_elements(values).unwrap(); @@ -447,9 +452,10 @@ impl Boolean { .zip(values.chunks(max_size)) .enumerate() { - let fe = FpGadget::::alloc_input(&mut cs.ns(|| format!("Field element {}", i)), || { - Ok(field_element) - })?; + let fe = FpGadget::::alloc_input( + &mut cs.ns(|| format!("Field element {}", i)), + || Ok(field_element), + )?; // Let's use the length-restricted variant of the ToBitsGadget to remove the // padding: the padding bits are not constrained to be zero, so any field element @@ -460,7 +466,7 @@ impl Boolean { let to_skip = modulus_size - bit_chunk.len(); let fe_bits = fe.to_bits_with_length_restriction( cs.ns(|| format!("Convert fe to bits {}", i)), - to_skip + to_skip, )?; allocated_bits.extend_from_slice(fe_bits.as_slice()); @@ -488,9 +494,9 @@ impl Boolean { a: &'a Self, b: &'a Self, ) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { match (a, b) { (&Boolean::Constant(false), x) | (x, &Boolean::Constant(false)) => Ok(*x), @@ -499,35 +505,35 @@ impl Boolean { (is @ &Boolean::Is(_), not @ &Boolean::Not(_)) | (not @ &Boolean::Not(_), is @ &Boolean::Is(_)) => { Ok(Boolean::xor(cs, is, ¬.not())?.not()) - }, + } // a XOR b = (NOT a) XOR (NOT b) (&Boolean::Is(ref a), &Boolean::Is(ref b)) | (&Boolean::Not(ref a), &Boolean::Not(ref b)) => { Ok(Boolean::Is(AllocatedBit::xor(cs, a, b)?)) - }, + } } } /// Perform OR over two boolean operands pub fn or<'a, ConstraintF, CS>(cs: CS, a: &'a Self, b: &'a Self) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { match (a, b) { (&Boolean::Constant(false), x) | (x, &Boolean::Constant(false)) => Ok(*x), (&Boolean::Constant(true), _) | (_, &Boolean::Constant(true)) => { Ok(Boolean::Constant(true)) - }, + } // a OR b = NOT ((NOT a) AND b) (a @ &Boolean::Is(_), b @ &Boolean::Not(_)) | (b @ &Boolean::Not(_), a @ &Boolean::Is(_)) | (b @ &Boolean::Not(_), a @ &Boolean::Not(_)) => { Ok(Boolean::and(cs, &a.not(), &b.not())?.not()) - }, + } (&Boolean::Is(ref a), &Boolean::Is(ref b)) => { AllocatedBit::or(cs, a, b).map(Boolean::from) - }, + } } } @@ -537,37 +543,37 @@ impl Boolean { a: &'a Self, b: &'a Self, ) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { match (a, b) { // false AND x is always false (&Boolean::Constant(false), _) | (_, &Boolean::Constant(false)) => { Ok(Boolean::Constant(false)) - }, + } // true AND x is always x (&Boolean::Constant(true), x) | (x, &Boolean::Constant(true)) => Ok(*x), // a AND (NOT b) (&Boolean::Is(ref is), &Boolean::Not(ref not)) | (&Boolean::Not(ref not), &Boolean::Is(ref is)) => { Ok(Boolean::Is(AllocatedBit::and_not(cs, is, not)?)) - }, + } // (NOT a) AND (NOT b) = a NOR b (&Boolean::Not(ref a), &Boolean::Not(ref b)) => { Ok(Boolean::Is(AllocatedBit::nor(cs, a, b)?)) - }, + } // a AND b (&Boolean::Is(ref a), &Boolean::Is(ref b)) => { Ok(Boolean::Is(AllocatedBit::and(cs, a, b)?)) - }, + } } } pub fn kary_and(mut cs: CS, bits: &[Self]) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { assert!(!bits.is_empty()); let mut bits = bits.iter(); @@ -582,9 +588,9 @@ impl Boolean { /// Asserts that at least one operand is false. pub fn enforce_nand(mut cs: CS, bits: &[Self]) -> Result<(), SynthesisError> - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let res = Self::kary_and(&mut cs, bits)?; @@ -600,7 +606,7 @@ impl Boolean { ); Ok(()) - }, + } Boolean::Not(ref res) => { cs.enforce( || "enforce nand", @@ -610,7 +616,7 @@ impl Boolean { ); Ok(()) - }, + } } } @@ -620,9 +626,9 @@ impl Boolean { mut cs: CS, bits: &[Self], ) -> Result<(), SynthesisError> - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let mut bits_iter = bits.iter(); @@ -728,9 +734,9 @@ impl AllocGadget for Boolean { cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow, + where + F: FnOnce() -> Result, + T: Borrow, { AllocatedBit::alloc(cs, value_gen).map(Boolean::from) } @@ -739,16 +745,20 @@ impl AllocGadget for Boolean { cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow, + where + F: FnOnce() -> Result, + T: Borrow, { AllocatedBit::alloc_input(cs, value_gen).map(Boolean::from) } } impl EqGadget for Boolean { - fn is_eq>(&self, mut cs: CS, other: &Self) -> Result { + fn is_eq>( + &self, + mut cs: CS, + other: &Self, + ) -> Result { // self | other | XNOR(self, other) | self == other // -----|-------|-------------------|-------------- // 0 | 0 | 1 | 1 @@ -774,25 +784,25 @@ impl EqGadget for Boolean { // 1 - a (Constant(true), Is(a)) | (Is(a), Constant(true)) => { LinearCombination::zero() + one - a.get_variable() - }, + } // a - 0 = a (Constant(false), Is(a)) | (Is(a), Constant(false)) => { LinearCombination::zero() + a.get_variable() - }, + } // 1 - !a = 1 - (1 - a) = a (Constant(true), Not(a)) | (Not(a), Constant(true)) => { LinearCombination::zero() + a.get_variable() - }, + } // !a - 0 = !a = 1 - a (Constant(false), Not(a)) | (Not(a), Constant(false)) => { LinearCombination::zero() + one - a.get_variable() - }, + } // b - a, (Is(a), Is(b)) => LinearCombination::zero() + b.get_variable() - a.get_variable(), // !b - a = (1 - b) - a (Is(a), Not(b)) | (Not(b), Is(a)) => { LinearCombination::zero() + one - b.get_variable() - a.get_variable() - }, + } // !b - !a = (1 - b) - (1 - a) = a - b, (Not(a), Not(b)) => LinearCombination::zero() + a.get_variable() - b.get_variable(), }; @@ -824,26 +834,29 @@ impl EqGadget for Boolean { // false == false and true == true (Constant(_), Constant(_)) => return Err(SynthesisError::AssignmentMissing), // 1 - a - (Constant(true), Is(a)) | (Is(a), Constant(true)) => - LinearCombination::zero() + one - a.get_variable(), + (Constant(true), Is(a)) | (Is(a), Constant(true)) => { + LinearCombination::zero() + one - a.get_variable() + } // a - 0 = a - (Constant(false), Is(a)) | (Is(a), Constant(false)) => - LinearCombination::zero() + a.get_variable(), + (Constant(false), Is(a)) | (Is(a), Constant(false)) => { + LinearCombination::zero() + a.get_variable() + } // 1 - !a = 1 - (1 - a) = a - (Constant(true), Not(a)) | (Not(a), Constant(true)) => - LinearCombination::zero() + a.get_variable(), + (Constant(true), Not(a)) | (Not(a), Constant(true)) => { + LinearCombination::zero() + a.get_variable() + } // !a - 0 = !a = 1 - a - (Constant(false), Not(a)) | (Not(a), Constant(false)) => - LinearCombination::zero() + one - a.get_variable(), + (Constant(false), Not(a)) | (Not(a), Constant(false)) => { + LinearCombination::zero() + one - a.get_variable() + } // b - a, - (Is(a), Is(b)) => - LinearCombination::zero() + b.get_variable() - a.get_variable(), + (Is(a), Is(b)) => LinearCombination::zero() + b.get_variable() - a.get_variable(), // !b - a = (1 - b) - a - (Is(a), Not(b)) | (Not(b), Is(a)) => - LinearCombination::zero() + one - b.get_variable() - a.get_variable(), + (Is(a), Not(b)) | (Not(b), Is(a)) => { + LinearCombination::zero() + one - b.get_variable() - a.get_variable() + } // !b - !a = (1 - b) - (1 - a) = a - b, - (Not(a), Not(b)) => - LinearCombination::zero() + a.get_variable() - b.get_variable(), + (Not(a), Not(b)) => LinearCombination::zero() + a.get_variable() - b.get_variable(), }; if let Constant(false) = should_enforce { @@ -888,38 +901,30 @@ impl CondSelectGadget for Boolean { first: &Self, second: &Self, ) -> Result - where - CS: ConstraintSystem, + where + CS: ConstraintSystem, { match cond { Boolean::Constant(true) => Ok(first.clone()), Boolean::Constant(false) => Ok(second.clone()), cond @ Boolean::Not(_) => Self::conditionally_select(cs, &cond.not(), second, first), - cond @ Boolean::Is(_) => { - match (first, second) { - (x, &Boolean::Constant(false)) => { - Boolean::and(cs.ns(|| "and"), cond, x).into() - }, - (&Boolean::Constant(false), x) => { - Boolean::and(cs.ns(|| "and"), &cond.not(), x) - }, - (&Boolean::Constant(true), x) => { - Boolean::or(cs.ns(|| "or"), cond, x).into() - }, - (x, &Boolean::Constant(true)) => { - Boolean::or(cs.ns(|| "or"), &cond.not(), x) - }, - (a @ Boolean::Is(_), b @ Boolean::Is(_)) - | (a @ Boolean::Not(_), b @ Boolean::Not(_)) - | (a @ Boolean::Is(_), b @ Boolean::Not(_)) - | (a @ Boolean::Not(_), b @ Boolean::Is(_)) => { - let a_lc = a.lc(CS::one(), ConstraintF::one()); - let b_lc = b.lc(CS::one(), ConstraintF::one()); - Ok(cond_select_helper(cs, cond, (a.get_value(), a_lc), (b.get_value(), b_lc))?.into()) - }, + cond @ Boolean::Is(_) => match (first, second) { + (x, &Boolean::Constant(false)) => Boolean::and(cs.ns(|| "and"), cond, x).into(), + (&Boolean::Constant(false), x) => Boolean::and(cs.ns(|| "and"), &cond.not(), x), + (&Boolean::Constant(true), x) => Boolean::or(cs.ns(|| "or"), cond, x).into(), + (x, &Boolean::Constant(true)) => Boolean::or(cs.ns(|| "or"), &cond.not(), x), + (a @ Boolean::Is(_), b @ Boolean::Is(_)) + | (a @ Boolean::Not(_), b @ Boolean::Not(_)) + | (a @ Boolean::Is(_), b @ Boolean::Not(_)) + | (a @ Boolean::Not(_), b @ Boolean::Is(_)) => { + let a_lc = a.lc(CS::one(), ConstraintF::one()); + let b_lc = b.lc(CS::one(), ConstraintF::one()); + Ok( + cond_select_helper(cs, cond, (a.get_value(), a_lc), (b.get_value(), b_lc))? + .into(), + ) } - - } + }, } } @@ -928,15 +933,13 @@ impl CondSelectGadget for Boolean { } } - - #[cfg(test)] mod test { use super::{AllocatedBit, Boolean}; use crate::{prelude::*, test_constraint_system::TestConstraintSystem}; - use algebra::{fields::bls12_381::Fr, BitIterator, Field, PrimeField, UniformRand, ToBits}; + use algebra::{fields::bls12_381::Fr, BitIterator, Field, PrimeField, ToBits, UniformRand}; use r1cs_core::ConstraintSystem; - use rand::{SeedableRng, Rng}; + use rand::{Rng, SeedableRng}; use rand_xorshift::XorShiftRng; use std::str::FromStr; @@ -985,7 +988,8 @@ mod test { for i in 0..samples { // Test with random field let bit_vals = Fr::rand(rng).write_bits(); - let bits = Boolean::alloc_input_vec(cs.ns(|| format!("alloc value {}", i)), &bit_vals).unwrap(); + let bits = Boolean::alloc_input_vec(cs.ns(|| format!("alloc value {}", i)), &bit_vals) + .unwrap(); assert_eq!(bit_vals.len(), bits.len()); for (native_bit, gadget_bit) in bit_vals.into_iter().zip(bits) { assert_eq!(gadget_bit.get_value().unwrap(), native_bit); @@ -993,7 +997,9 @@ mod test { // Test with random bools let bit_vals = vec![rng.gen_bool(0.5); rng.gen_range(1..1600)]; - let bits = Boolean::alloc_input_vec(cs.ns(|| format!("alloc random value {}", i)), &bit_vals).unwrap(); + let bits = + Boolean::alloc_input_vec(cs.ns(|| format!("alloc random value {}", i)), &bit_vals) + .unwrap(); assert_eq!(bit_vals.len(), bits.len()); for (native_bit, gadget_bit) in bit_vals.into_iter().zip(bits) { assert_eq!(gadget_bit.get_value().unwrap(), native_bit); @@ -1073,10 +1079,10 @@ mod test { assert!( cs.get("and result") == if *a_val & *b_val { - Field::one() - } else { - Field::zero() - } + Field::one() + } else { + Field::zero() + } ); // Invert the result and check if the constraint system is still satisfied @@ -1109,10 +1115,10 @@ mod test { assert!( cs.get("and not result") == if *a_val & !*b_val { - Field::one() - } else { - Field::zero() - } + Field::one() + } else { + Field::zero() + } ); // Invert the result and check if the constraint system is still satisfied @@ -1145,10 +1151,10 @@ mod test { assert!( cs.get("nor result") == if !*a_val & !*b_val { - Field::one() - } else { - Field::zero() - } + Field::one() + } else { + Field::zero() + } ); // Invert the result and check if the constraint system is still satisfied @@ -1263,42 +1269,42 @@ mod test { let mut b = Boolean::from(AllocatedBit::alloc(&mut cs, || Ok(true)).unwrap()); match b { - Boolean::Is(_) => {}, + Boolean::Is(_) => {} _ => panic!("unexpected value"), } b = b.not(); match b { - Boolean::Not(_) => {}, + Boolean::Not(_) => {} _ => panic!("unexpected value"), } b = b.not(); match b { - Boolean::Is(_) => {}, + Boolean::Is(_) => {} _ => panic!("unexpected value"), } b = Boolean::constant(true); match b { - Boolean::Constant(true) => {}, + Boolean::Constant(true) => {} _ => panic!("unexpected value"), } b = b.not(); match b { - Boolean::Constant(false) => {}, + Boolean::Constant(false) => {} _ => panic!("unexpected value"), } b = b.not(); match b { - Boolean::Constant(true) => {}, + Boolean::Constant(true) => {} _ => panic!("unexpected value"), } } @@ -1340,16 +1346,16 @@ mod test { OperandType::False => Boolean::constant(false), OperandType::AllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) - }, + } OperandType::AllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) - }, + } OperandType::NegatedAllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()).not() - }, + } OperandType::NegatedAllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()).not() - }, + } } }; @@ -1362,22 +1368,22 @@ mod test { assert!(cs.is_satisfied()); match (first_operand, second_operand, c) { - (OperandType::True, OperandType::True, Boolean::Constant(false)) => {}, - (OperandType::True, OperandType::False, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::AllocatedTrue, Boolean::Not(_)) => {}, - (OperandType::True, OperandType::AllocatedFalse, Boolean::Not(_)) => {}, - (OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Is(_)) => {}, - (OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Is(_)) => {}, - - (OperandType::False, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::False, OperandType::False, Boolean::Constant(false)) => {}, - (OperandType::False, OperandType::AllocatedTrue, Boolean::Is(_)) => {}, - (OperandType::False, OperandType::AllocatedFalse, Boolean::Is(_)) => {}, - (OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {}, - (OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {}, - - (OperandType::AllocatedTrue, OperandType::True, Boolean::Not(_)) => {}, - (OperandType::AllocatedTrue, OperandType::False, Boolean::Is(_)) => {}, + (OperandType::True, OperandType::True, Boolean::Constant(false)) => {} + (OperandType::True, OperandType::False, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::AllocatedTrue, Boolean::Not(_)) => {} + (OperandType::True, OperandType::AllocatedFalse, Boolean::Not(_)) => {} + (OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Is(_)) => {} + (OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Is(_)) => {} + + (OperandType::False, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::False, OperandType::False, Boolean::Constant(false)) => {} + (OperandType::False, OperandType::AllocatedTrue, Boolean::Is(_)) => {} + (OperandType::False, OperandType::AllocatedFalse, Boolean::Is(_)) => {} + (OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {} + (OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {} + + (OperandType::AllocatedTrue, OperandType::True, Boolean::Not(_)) => {} + (OperandType::AllocatedTrue, OperandType::False, Boolean::Is(_)) => {} ( OperandType::AllocatedTrue, OperandType::AllocatedTrue, @@ -1385,7 +1391,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::AllocatedFalse, @@ -1393,7 +1399,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedTrue, @@ -1401,7 +1407,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedFalse, @@ -1409,10 +1415,10 @@ mod test { ) => { assert!(cs.get("xor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } - (OperandType::AllocatedFalse, OperandType::True, Boolean::Not(_)) => {}, - (OperandType::AllocatedFalse, OperandType::False, Boolean::Is(_)) => {}, + (OperandType::AllocatedFalse, OperandType::True, Boolean::Not(_)) => {} + (OperandType::AllocatedFalse, OperandType::False, Boolean::Is(_)) => {} ( OperandType::AllocatedFalse, OperandType::AllocatedTrue, @@ -1420,7 +1426,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedFalse, OperandType::AllocatedFalse, @@ -1428,7 +1434,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedTrue, @@ -1436,7 +1442,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedFalse, @@ -1444,10 +1450,10 @@ mod test { ) => { assert!(cs.get("xor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } - (OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Is(_)) => {}, - (OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Not(_)) => {}, + (OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Is(_)) => {} + (OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedTrue, @@ -1455,7 +1461,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedFalse, @@ -1463,7 +1469,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedTrue, @@ -1471,7 +1477,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedFalse, @@ -1479,10 +1485,10 @@ mod test { ) => { assert!(cs.get("xor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } - (OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Is(_)) => {}, - (OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Not(_)) => {}, + (OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Is(_)) => {} + (OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedTrue, @@ -1490,7 +1496,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedFalse, @@ -1498,7 +1504,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedTrue, @@ -1506,7 +1512,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedFalse, @@ -1514,7 +1520,7 @@ mod test { ) => { assert!(cs.get("xor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } _ => panic!("this should never be encountered"), } @@ -1551,16 +1557,18 @@ mod test { OperandType::False => Boolean::constant(false), OperandType::AllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) - }, + } OperandType::AllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) - }, + } OperandType::NegatedAllocatedTrue => { - Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()).not() - }, + Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) + .not() + } OperandType::NegatedAllocatedFalse => { - Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()).not() - }, + Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) + .not() + } } }; @@ -1580,7 +1588,14 @@ mod test { first_operand, second_operand, ); - assert_eq!(c.get_value(), if cond.get_value().unwrap() { a.get_value() } else { b.get_value() }); + assert_eq!( + c.get_value(), + if cond.get_value().unwrap() { + a.get_value() + } else { + b.get_value() + } + ); assert!(>::cost() >= after - before); } } @@ -1614,16 +1629,16 @@ mod test { OperandType::False => Boolean::constant(false), OperandType::AllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) - }, + } OperandType::AllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) - }, + } OperandType::NegatedAllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()).not() - }, + } OperandType::NegatedAllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()).not() - }, + } } }; @@ -1636,159 +1651,159 @@ mod test { assert!(cs.is_satisfied()); match (first_operand, second_operand, c) { - (OperandType::True, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::False, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::AllocatedTrue, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::AllocatedFalse, Boolean::Constant(true)) => {}, + (OperandType::True, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::False, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::AllocatedTrue, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::AllocatedFalse, Boolean::Constant(true)) => {} ( OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Constant(true), - ) => {}, + ) => {} ( OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Constant(true), - ) => {}, + ) => {} - (OperandType::False, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::False, OperandType::False, Boolean::Constant(false)) => {}, - (OperandType::False, OperandType::AllocatedTrue, Boolean::Is(_)) => {}, - (OperandType::False, OperandType::AllocatedFalse, Boolean::Is(_)) => {}, - (OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {}, - (OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {}, + (OperandType::False, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::False, OperandType::False, Boolean::Constant(false)) => {} + (OperandType::False, OperandType::AllocatedTrue, Boolean::Is(_)) => {} + (OperandType::False, OperandType::AllocatedFalse, Boolean::Is(_)) => {} + (OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {} + (OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {} - (OperandType::AllocatedTrue, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::AllocatedTrue, OperandType::False, Boolean::Is(_)) => {}, + (OperandType::AllocatedTrue, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::AllocatedTrue, OperandType::False, Boolean::Is(_)) => {} ( OperandType::AllocatedTrue, OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedTrue, OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } - (OperandType::AllocatedFalse, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::AllocatedFalse, OperandType::False, Boolean::Is(_)) => {}, + (OperandType::AllocatedFalse, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::AllocatedFalse, OperandType::False, Boolean::Is(_)) => {} ( OperandType::AllocatedFalse, OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedFalse, OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Constant(true), - ) => {}, - (OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Not(_)) => {}, + ) => {} + (OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Constant(true), - ) => {}, - (OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Not(_)) => {}, + ) => {} + (OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { assert_eq!(v.value, Some(false)); - }, + } _ => panic!( "this should never be encountered, in case: (a = {:?}, b = {:?}, c = {:?})", @@ -1826,16 +1841,16 @@ mod test { OperandType::False => Boolean::constant(false), OperandType::AllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()) - }, + } OperandType::AllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()) - }, + } OperandType::NegatedAllocatedTrue => { Boolean::from(AllocatedBit::alloc(cs, || Ok(true)).unwrap()).not() - }, + } OperandType::NegatedAllocatedFalse => { Boolean::from(AllocatedBit::alloc(cs, || Ok(false)).unwrap()).not() - }, + } } }; @@ -1848,33 +1863,31 @@ mod test { assert!(cs.is_satisfied()); match (first_operand, second_operand, c) { - (OperandType::True, OperandType::True, Boolean::Constant(true)) => {}, - (OperandType::True, OperandType::False, Boolean::Constant(false)) => {}, - (OperandType::True, OperandType::AllocatedTrue, Boolean::Is(_)) => {}, - (OperandType::True, OperandType::AllocatedFalse, Boolean::Is(_)) => {}, - (OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {}, - (OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {}, - - (OperandType::False, OperandType::True, Boolean::Constant(false)) => {}, - (OperandType::False, OperandType::False, Boolean::Constant(false)) => {}, - (OperandType::False, OperandType::AllocatedTrue, Boolean::Constant(false)) => { - }, + (OperandType::True, OperandType::True, Boolean::Constant(true)) => {} + (OperandType::True, OperandType::False, Boolean::Constant(false)) => {} + (OperandType::True, OperandType::AllocatedTrue, Boolean::Is(_)) => {} + (OperandType::True, OperandType::AllocatedFalse, Boolean::Is(_)) => {} + (OperandType::True, OperandType::NegatedAllocatedTrue, Boolean::Not(_)) => {} + (OperandType::True, OperandType::NegatedAllocatedFalse, Boolean::Not(_)) => {} + + (OperandType::False, OperandType::True, Boolean::Constant(false)) => {} + (OperandType::False, OperandType::False, Boolean::Constant(false)) => {} + (OperandType::False, OperandType::AllocatedTrue, Boolean::Constant(false)) => {} (OperandType::False, OperandType::AllocatedFalse, Boolean::Constant(false)) => { - }, + } ( OperandType::False, OperandType::NegatedAllocatedTrue, Boolean::Constant(false), - ) => {}, + ) => {} ( OperandType::False, OperandType::NegatedAllocatedFalse, Boolean::Constant(false), - ) => {}, + ) => {} - (OperandType::AllocatedTrue, OperandType::True, Boolean::Is(_)) => {}, - (OperandType::AllocatedTrue, OperandType::False, Boolean::Constant(false)) => { - }, + (OperandType::AllocatedTrue, OperandType::True, Boolean::Is(_)) => {} + (OperandType::AllocatedTrue, OperandType::False, Boolean::Constant(false)) => {} ( OperandType::AllocatedTrue, OperandType::AllocatedTrue, @@ -1882,7 +1895,7 @@ mod test { ) => { assert!(cs.get("and result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::AllocatedTrue, OperandType::AllocatedFalse, @@ -1890,7 +1903,7 @@ mod test { ) => { assert!(cs.get("and result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedTrue, @@ -1898,7 +1911,7 @@ mod test { ) => { assert!(cs.get("and not result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedTrue, OperandType::NegatedAllocatedFalse, @@ -1906,11 +1919,11 @@ mod test { ) => { assert!(cs.get("and not result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } - (OperandType::AllocatedFalse, OperandType::True, Boolean::Is(_)) => {}, + (OperandType::AllocatedFalse, OperandType::True, Boolean::Is(_)) => {} (OperandType::AllocatedFalse, OperandType::False, Boolean::Constant(false)) => { - }, + } ( OperandType::AllocatedFalse, OperandType::AllocatedTrue, @@ -1918,7 +1931,7 @@ mod test { ) => { assert!(cs.get("and result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::AllocatedFalse, @@ -1926,7 +1939,7 @@ mod test { ) => { assert!(cs.get("and result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedTrue, @@ -1934,7 +1947,7 @@ mod test { ) => { assert!(cs.get("and not result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::AllocatedFalse, OperandType::NegatedAllocatedFalse, @@ -1942,14 +1955,14 @@ mod test { ) => { assert!(cs.get("and not result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } - (OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Not(_)) => {}, + (OperandType::NegatedAllocatedTrue, OperandType::True, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedTrue, OperandType::False, Boolean::Constant(false), - ) => {}, + ) => {} ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedTrue, @@ -1957,7 +1970,7 @@ mod test { ) => { assert!(cs.get("and not result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::AllocatedFalse, @@ -1965,7 +1978,7 @@ mod test { ) => { assert!(cs.get("and not result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedTrue, @@ -1973,7 +1986,7 @@ mod test { ) => { assert!(cs.get("nor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedTrue, OperandType::NegatedAllocatedFalse, @@ -1981,14 +1994,14 @@ mod test { ) => { assert!(cs.get("nor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } - (OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Not(_)) => {}, + (OperandType::NegatedAllocatedFalse, OperandType::True, Boolean::Not(_)) => {} ( OperandType::NegatedAllocatedFalse, OperandType::False, Boolean::Constant(false), - ) => {}, + ) => {} ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedTrue, @@ -1996,7 +2009,7 @@ mod test { ) => { assert!(cs.get("and not result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::AllocatedFalse, @@ -2004,7 +2017,7 @@ mod test { ) => { assert!(cs.get("and not result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedTrue, @@ -2012,7 +2025,7 @@ mod test { ) => { assert!(cs.get("nor result") == Field::zero()); assert_eq!(v.value, Some(false)); - }, + } ( OperandType::NegatedAllocatedFalse, OperandType::NegatedAllocatedFalse, @@ -2020,14 +2033,14 @@ mod test { ) => { assert!(cs.get("nor result") == Field::one()); assert_eq!(v.value, Some(true)); - }, + } _ => { panic!( "unexpected behavior at {:?} AND {:?}", first_operand, second_operand ); - }, + } } } } @@ -2125,7 +2138,7 @@ mod test { AllocatedBit::alloc(cs.ns(|| format!("bit_gadget {}", j)), || { Ok(b & 1 == 1) }) - .unwrap(), + .unwrap(), )); } else { bits.push( @@ -2134,9 +2147,9 @@ mod test { cs.ns(|| format!("bit_gadget {}", j)), || Ok(b & 1 == 0), ) - .unwrap(), + .unwrap(), ) - .not(), + .not(), ); } @@ -2176,7 +2189,7 @@ mod test { AllocatedBit::alloc(cs.ns(|| format!("bit_gadget {}", j)), || { Ok(b & 1 == 1) }) - .unwrap(), + .unwrap(), )); b >>= 1; } @@ -2188,10 +2201,10 @@ mod test { match r { Boolean::Is(ref r) => { assert_eq!(r.value.unwrap(), expected); - }, + } _ => unreachable!(), } } } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/bits/mod.rs b/r1cs/gadgets/std/src/bits/mod.rs index 95596fdbe..cfab26b89 100644 --- a/r1cs/gadgets/std/src/bits/mod.rs +++ b/r1cs/gadgets/std/src/bits/mod.rs @@ -3,8 +3,8 @@ use algebra::Field; use r1cs_core::{ConstraintSystem, SynthesisError}; pub mod boolean; -pub mod uint64; pub mod uint32; +pub mod uint64; pub mod uint8; pub trait ToBitsGadget { @@ -21,8 +21,8 @@ pub trait ToBitsGadget { } pub trait FromBitsGadget - where - Self: Sized +where + Self: Sized, { /// Given a bit representation `bits` of bit len not bigger than CAPACITY /// (i.e. MODULUS - 1) of `Self` in *big endian* form, reconstructs a `Self`. @@ -113,7 +113,6 @@ pub trait ToBytesGadget { } pub trait ToCompressedBitsGadget { - /// Enforce compression of an element through serialization of the x coordinate and storing /// a sign bit for the y coordinate. For GT elements we assume x <-> c1 and y <-> c0 to avoid /// confusion. When enforcing byte serialization of a field element, "x_in_field" and "y_in_field" diff --git a/r1cs/gadgets/std/src/bits/uint32.rs b/r1cs/gadgets/std/src/bits/uint32.rs index b85c4053f..3a34b975e 100644 --- a/r1cs/gadgets/std/src/bits/uint32.rs +++ b/r1cs/gadgets/std/src/bits/uint32.rs @@ -13,7 +13,7 @@ use crate::{ #[derive(Clone, Debug)] pub struct UInt32 { // Least significant bit_gadget first - bits: Vec, + bits: Vec, value: Option, } @@ -55,7 +55,7 @@ impl UInt32 { } v - }, + } None => vec![None; 32], }; @@ -94,19 +94,19 @@ impl UInt32 { if b { value.as_mut().map(|v| *v |= 1); } - }, + } &Boolean::Is(ref b) => match b.get_value() { Some(true) => { value.as_mut().map(|v| *v |= 1); - }, - Some(false) => {}, + } + Some(false) => {} None => value = None, }, &Boolean::Not(ref b) => match b.get_value() { Some(false) => { value.as_mut().map(|v| *v |= 1); - }, - Some(true) => {}, + } + Some(true) => {} None => value = None, }, } @@ -128,7 +128,7 @@ impl UInt32 { .collect(); UInt32 { - bits: new_bits, + bits: new_bits, value: self.value.map(|v| v.rotate_right(by as u32)), } } @@ -193,12 +193,12 @@ impl UInt32 { match op.value { Some(val) => { result_value.as_mut().map(|v| *v += u64::from(val)); - }, + } None => { // If any of our operands have unknown value, we won't // know the value of the result result_value = None; - }, + } } // Iterate over each bit_gadget of the operand and add the operand to @@ -211,18 +211,18 @@ impl UInt32 { // Add coeff * bit_gadget lc = lc + (coeff, bit.get_variable()); - }, + } Boolean::Not(ref bit) => { all_constants = false; // Add coeff * (1 - bit_gadget) = coeff * ONE - coeff * bit_gadget lc = lc + (coeff, CS::one()) - (coeff, bit.get_variable()); - }, + } Boolean::Constant(bit) => { if bit { lc = lc + (coeff, CS::one()); } - }, + } } coeff.double_in_place(); @@ -269,7 +269,7 @@ impl UInt32 { result_bits.truncate(32); Ok(UInt32 { - bits: result_bits, + bits: result_bits, value: modular_value, }) } @@ -298,7 +298,7 @@ impl ToBytesGadget for UInt32 { let mut bytes = Vec::new(); for (i, chunk8) in self.to_bits_le().chunks(8).into_iter().enumerate() { let byte = UInt8 { - bits: chunk8.to_vec(), + bits: chunk8.to_vec(), value: value_chunks[i], }; bytes.push(byte); @@ -327,7 +327,7 @@ impl EqGadget for UInt32 { fn is_eq>( &self, cs: CS, - other: &Self + other: &Self, ) -> Result { self.bits.as_slice().is_eq(cs, &other.bits) } @@ -336,18 +336,20 @@ impl EqGadget for UInt32 { &self, cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - self.bits.conditional_enforce_equal(cs, &other.bits, should_enforce) + self.bits + .conditional_enforce_equal(cs, &other.bits, should_enforce) } fn conditional_enforce_not_equal>( &self, cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - self.bits.conditional_enforce_not_equal(cs, &other.bits, should_enforce) + self.bits + .conditional_enforce_not_equal(cs, &other.bits, should_enforce) } } @@ -375,7 +377,7 @@ mod test { match bit_gadget { &Boolean::Constant(bit_gadget) => { assert!(bit_gadget == ((b.value.unwrap() >> i) & 1 == 1)); - }, + } _ => unreachable!(), } } @@ -384,8 +386,8 @@ mod test { for x in v.iter().zip(expected_to_be_same.iter()) { match x { - (&Boolean::Constant(true), &Boolean::Constant(true)) => {}, - (&Boolean::Constant(false), &Boolean::Constant(false)) => {}, + (&Boolean::Constant(true), &Boolean::Constant(true)) => {} + (&Boolean::Constant(false), &Boolean::Constant(false)) => {} _ => unreachable!(), } } @@ -420,13 +422,13 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - }, + } } expected >>= 1; @@ -461,7 +463,7 @@ mod test { &Boolean::Not(_) => panic!(), &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - }, + } } expected >>= 1; @@ -499,10 +501,10 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Constant(_) => unreachable!(), } @@ -538,7 +540,7 @@ mod test { match b { &Boolean::Constant(b) => { assert_eq!(b, tmp & 1 == 1); - }, + } _ => unreachable!(), } diff --git a/r1cs/gadgets/std/src/bits/uint64.rs b/r1cs/gadgets/std/src/bits/uint64.rs index 29ac3e1b4..1143238c2 100644 --- a/r1cs/gadgets/std/src/bits/uint64.rs +++ b/r1cs/gadgets/std/src/bits/uint64.rs @@ -13,12 +13,11 @@ use crate::{ #[derive(Clone, Debug)] pub struct UInt64 { // Least significant bit_gadget first - bits: Vec, + bits: Vec, value: Option, } impl UInt64 { - pub fn get_value(&self) -> Option { self.value } @@ -46,9 +45,9 @@ impl UInt64 { /// Allocate a `UInt64` in the constraint system pub fn alloc(mut cs: CS, value: Option) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let values = match value { Some(mut val) => { @@ -60,7 +59,7 @@ impl UInt64 { } v - }, + } None => vec![None; 64], }; @@ -99,19 +98,19 @@ impl UInt64 { if b { value.as_mut().map(|v| *v |= 1); } - }, + } &Boolean::Is(ref b) => match b.get_value() { Some(true) => { value.as_mut().map(|v| *v |= 1); - }, - Some(false) => {}, + } + Some(false) => {} None => value = None, }, &Boolean::Not(ref b) => match b.get_value() { Some(false) => { value.as_mut().map(|v| *v |= 1); - }, - Some(true) => {}, + } + Some(true) => {} None => value = None, }, } @@ -133,16 +132,16 @@ impl UInt64 { .collect(); UInt64 { - bits: new_bits, + bits: new_bits, value: self.value.map(|v| v.rotate_right(by as u32)), } } /// XOR this `UInt64` with another `UInt64` pub fn xor(&self, mut cs: CS, other: &Self) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let new_value = match (self.value, other.value) { (Some(a), Some(b)) => Some(a ^ b), @@ -165,9 +164,9 @@ impl UInt64 { /// Perform modular addition of several `UInt64` objects. pub fn addmany(mut cs: CS, operands: &[Self]) -> Result - where - ConstraintF: PrimeField, - CS: ConstraintSystem, + where + ConstraintF: PrimeField, + CS: ConstraintSystem, { // Make some arbitrary bounds for ourselves to avoid overflows // in the scalar field @@ -198,12 +197,12 @@ impl UInt64 { match op.value { Some(val) => { result_value.as_mut().map(|v| *v += u128::from(val)); - }, + } None => { // If any of our operands have unknown value, we won't // know the value of the result result_value = None; - }, + } } // Iterate over each bit_gadget of the operand and add the operand to @@ -216,18 +215,18 @@ impl UInt64 { // Add coeff * bit_gadget lc += (coeff, bit.get_variable()); - }, + } Boolean::Not(ref bit) => { all_constants = false; // Add coeff * (1 - bit_gadget) = coeff * ONE - coeff * bit_gadget lc = lc + (coeff, CS::one()) - (coeff, bit.get_variable()); - }, + } Boolean::Constant(bit) => { if bit { lc += (coeff, CS::one()); } - }, + } } coeff.double_in_place(); @@ -274,7 +273,7 @@ impl UInt64 { result_bits.truncate(64); Ok(UInt64 { - bits: result_bits, + bits: result_bits, value: modular_value, }) } @@ -307,7 +306,7 @@ impl ToBytesGadget for UInt64 { let mut bytes = Vec::new(); for (i, chunk8) in self.to_bits_le().chunks(8).enumerate() { let byte = UInt8 { - bits: chunk8.to_vec(), + bits: chunk8.to_vec(), value: value_chunks[i], }; bytes.push(byte); @@ -336,7 +335,7 @@ impl EqGadget for UInt64 { fn is_eq>( &self, cs: CS, - other: &Self + other: &Self, ) -> Result { self.bits.as_slice().is_eq(cs, &other.bits) } @@ -345,18 +344,20 @@ impl EqGadget for UInt64 { &self, cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - self.bits.conditional_enforce_equal(cs, &other.bits, should_enforce) + self.bits + .conditional_enforce_equal(cs, &other.bits, should_enforce) } fn conditional_enforce_not_equal>( &self, cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - self.bits.conditional_enforce_not_equal(cs, &other.bits, should_enforce) + self.bits + .conditional_enforce_not_equal(cs, &other.bits, should_enforce) } } @@ -364,9 +365,7 @@ impl EqGadget for UInt64 { mod test { use super::UInt64; use crate::{bits::boolean::Boolean, test_constraint_system::TestConstraintSystem}; - use algebra::fields::{ - bls12_381::Fr, Field - }; + use algebra::fields::{bls12_381::Fr, Field}; use r1cs_core::ConstraintSystem; use rand::{Rng, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -386,7 +385,7 @@ mod test { match bit_gadget { &Boolean::Constant(bit_gadget) => { assert!(bit_gadget == ((b.value.unwrap() >> i) & 1 == 1)); - }, + } _ => unreachable!(), } } @@ -395,8 +394,8 @@ mod test { for x in v.iter().zip(expected_to_be_same.iter()) { match x { - (&Boolean::Constant(true), &Boolean::Constant(true)) => {}, - (&Boolean::Constant(false), &Boolean::Constant(false)) => {}, + (&Boolean::Constant(true), &Boolean::Constant(true)) => {} + (&Boolean::Constant(false), &Boolean::Constant(false)) => {} _ => unreachable!(), } } @@ -431,13 +430,13 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - }, + } } expected >>= 1; @@ -472,7 +471,7 @@ mod test { &Boolean::Not(_) => panic!(), &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - }, + } } expected >>= 1; @@ -510,10 +509,10 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Constant(_) => unreachable!(), } @@ -549,7 +548,7 @@ mod test { match b { &Boolean::Constant(b) => { assert_eq!(b, tmp & 1 == 1); - }, + } _ => unreachable!(), } @@ -559,4 +558,4 @@ mod test { num = num.rotate_right(1); } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/bits/uint8.rs b/r1cs/gadgets/std/src/bits/uint8.rs index 268726d91..95067bd9d 100644 --- a/r1cs/gadgets/std/src/bits/uint8.rs +++ b/r1cs/gadgets/std/src/bits/uint8.rs @@ -10,7 +10,7 @@ use std::borrow::Borrow; #[derive(Clone, Debug)] pub struct UInt8 { // Least significant bit_gadget first - pub(crate) bits: Vec, + pub(crate) bits: Vec, pub(crate) value: Option, } @@ -92,10 +92,9 @@ impl UInt8 { .zip(values.chunks(max_size)) .enumerate() { - let fe = FpGadget::alloc_input( - &mut cs.ns(|| format!("Field element {}", i)), - || { Ok(field_element) } - )?; + let fe = FpGadget::alloc_input(&mut cs.ns(|| format!("Field element {}", i)), || { + Ok(field_element) + })?; // Let's use the length-restricted variant of the ToBitsGadget to remove the // padding: the padding bits are not constrained to be zero, so any field element @@ -103,10 +102,11 @@ impl UInt8 { // satisfy the constraints. This kind of freedom might not be desiderable in // recursive SNARK circuits, where the public inputs of the inner circuit are // usually involved in other kind of constraints inside the wrap circuit. - let to_skip: usize = ::Params::MODULUS_BITS as usize - (byte_chunk.len() * 8); + let to_skip: usize = + ::Params::MODULUS_BITS as usize - (byte_chunk.len() * 8); let mut fe_bits = fe.to_bits_with_length_restriction( cs.ns(|| format!("Convert fe to bits {}", i)), - to_skip + to_skip, )?; // FpGadget::to_bits outputs a big-endian binary representation of @@ -147,19 +147,19 @@ impl UInt8 { if b { value.as_mut().map(|v| *v |= 1); } - }, + } Boolean::Is(ref b) => match b.get_value() { Some(true) => { value.as_mut().map(|v| *v |= 1); - }, - Some(false) => {}, + } + Some(false) => {} None => value = None, }, Boolean::Not(ref b) => match b.get_value() { Some(false) => { value.as_mut().map(|v| *v |= 1); - }, - Some(true) => {}, + } + Some(true) => {} None => value = None, }, } @@ -195,9 +195,9 @@ impl UInt8 { /// OR this `UInt8` with another `UInt8` pub fn or(&self, mut cs: CS, other: &Self) -> Result - where - ConstraintF: Field, - CS: ConstraintSystem, + where + ConstraintF: Field, + CS: ConstraintSystem, { let new_value = match (self.value, other.value) { (Some(a), Some(b)) => Some(a | b), @@ -228,7 +228,11 @@ impl PartialEq for UInt8 { impl Eq for UInt8 {} impl EqGadget for UInt8 { - fn is_eq>(&self, cs: CS, other: &Self) -> Result { + fn is_eq>( + &self, + cs: CS, + other: &Self, + ) -> Result { self.bits.as_slice().is_eq(cs, &other.bits) } @@ -238,7 +242,8 @@ impl EqGadget for UInt8 { other: &Self, condition: &Boolean, ) -> Result<(), SynthesisError> { - self.bits.conditional_enforce_equal(cs, &other.bits, condition) + self.bits + .conditional_enforce_equal(cs, &other.bits, condition) } fn conditional_enforce_not_equal>( @@ -272,7 +277,7 @@ impl AllocGadget for UInt8 { } v - }, + } _ => vec![None; 8], }; @@ -311,7 +316,7 @@ impl AllocGadget for UInt8 { } v - }, + } _ => vec![None; 8], }; @@ -339,7 +344,7 @@ mod test { use crate::{prelude::*, test_constraint_system::TestConstraintSystem}; use algebra::fields::bls12_381::Fr; use r1cs_core::ConstraintSystem; - use rand::{Rng, SeedableRng, RngCore}; + use rand::{Rng, RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; #[test] @@ -355,7 +360,7 @@ mod test { #[test] fn test_uint8_alloc_input_vec() { - use algebra::{to_bytes, ToBytes, Field, PrimeField, FpParameters, UniformRand}; + use algebra::{to_bytes, Field, FpParameters, PrimeField, ToBytes, UniformRand}; use rand::thread_rng; let mut cs = TestConstraintSystem::::new(); @@ -364,10 +369,10 @@ mod test { //Random test let samples = 100; for i in 0..samples { - // Test with random field let byte_vals = to_bytes!(Fr::rand(rng)).unwrap(); - let bytes = UInt8::alloc_input_vec(cs.ns(|| format!("alloc value {}", i)), &byte_vals).unwrap(); + let bytes = + UInt8::alloc_input_vec(cs.ns(|| format!("alloc value {}", i)), &byte_vals).unwrap(); assert_eq!(byte_vals.len(), bytes.len()); for (native_byte, gadget_byte) in byte_vals.into_iter().zip(bytes) { assert_eq!(gadget_byte.get_value().unwrap(), native_byte); @@ -376,7 +381,8 @@ mod test { // Test with random bytes let mut byte_vals = vec![0u8; rng.gen_range(1..200)]; rng.fill_bytes(byte_vals.as_mut_slice()); - let bytes = UInt8::alloc_input_vec(cs.ns(|| format!("alloc random {}", i)), &byte_vals).unwrap(); + let bytes = UInt8::alloc_input_vec(cs.ns(|| format!("alloc random {}", i)), &byte_vals) + .unwrap(); assert_eq!(byte_vals.len(), bytes.len()); for (native_byte, gadget_byte) in byte_vals.into_iter().zip(bytes) { assert_eq!(gadget_byte.get_value().unwrap(), native_byte); @@ -400,7 +406,12 @@ mod test { } //Test over the modulus byte vec - let byte_vals = vec![std::u8::MAX; ((::Params::MODULUS_BITS + ::Params::REPR_SHAVE_BITS)/8) as usize]; + let byte_vals = vec![ + std::u8::MAX; + ((::Params::MODULUS_BITS + + ::Params::REPR_SHAVE_BITS) + / 8) as usize + ]; let bytes = UInt8::alloc_input_vec(cs.ns(|| "alloc all 1s byte vec"), &byte_vals).unwrap(); assert_eq!(byte_vals.len(), bytes.len()); for (native_byte, gadget_byte) in byte_vals.into_iter().zip(bytes) { @@ -423,7 +434,7 @@ mod test { match bit_gadget { &Boolean::Constant(bit_gadget) => { assert!(bit_gadget == ((b.value.unwrap() >> i) & 1 == 1)); - }, + } _ => unreachable!(), } } @@ -432,8 +443,8 @@ mod test { for x in v.iter().zip(expected_to_be_same.iter()) { match x { - (&Boolean::Constant(true), &Boolean::Constant(true)) => {}, - (&Boolean::Constant(false), &Boolean::Constant(false)) => {}, + (&Boolean::Constant(true), &Boolean::Constant(true)) => {} + (&Boolean::Constant(false), &Boolean::Constant(false)) => {} _ => unreachable!(), } } @@ -468,13 +479,13 @@ mod test { match b { &Boolean::Is(ref b) => { assert!(b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Not(ref b) => { assert!(!b.get_value().unwrap() == (expected & 1 == 1)); - }, + } &Boolean::Constant(b) => { assert!(b == (expected & 1 == 1)); - }, + } } expected >>= 1; diff --git a/r1cs/gadgets/std/src/eq.rs b/r1cs/gadgets/std/src/eq.rs index 1d859097e..3b1c000be 100644 --- a/r1cs/gadgets/std/src/eq.rs +++ b/r1cs/gadgets/std/src/eq.rs @@ -1,18 +1,24 @@ use crate::prelude::*; use algebra::Field; -use r1cs_core::{ - ConstraintSystem, SynthesisError -}; +use r1cs_core::{ConstraintSystem, SynthesisError}; /// Specifies how to generate constraints that check for equality for two variables of type `Self`. pub trait EqGadget: Eq { /// Output a `Boolean` value representing whether `self.value() == other.value()`. - fn is_eq>(&self, cs: CS, other: &Self) -> Result; + fn is_eq>( + &self, + cs: CS, + other: &Self, + ) -> Result; /// Output a `Boolean` value representing whether `self.value() != other.value()`. /// /// By default, this is defined as `self.is_eq(other)?.not()`. - fn is_neq>(&self, cs: CS, other: &Self) -> Result { + fn is_neq>( + &self, + cs: CS, + other: &Self, + ) -> Result { Ok(self.is_eq(cs, other)?.not()) } @@ -31,7 +37,11 @@ pub trait EqGadget: Eq { should_enforce: &Boolean, ) -> Result<(), SynthesisError> { self.is_eq(cs.ns(|| "is_eq(self, other)"), &other)? - .conditional_enforce_equal(cs.ns(|| "enforce condition"), &Boolean::constant(true), should_enforce) + .conditional_enforce_equal( + cs.ns(|| "enforce condition"), + &Boolean::constant(true), + should_enforce, + ) } /// Enforce that `self` and `other` are equal. @@ -41,7 +51,11 @@ pub trait EqGadget: Eq { /// /// More efficient specialized implementation may be possible; implementors /// are encouraged to carefully analyze the efficiency and safety of these. - fn enforce_equal>(&self, cs: CS, other: &Self) -> Result<(), SynthesisError> { + fn enforce_equal>( + &self, + cs: CS, + other: &Self, + ) -> Result<(), SynthesisError> { self.conditional_enforce_equal(cs, other, &Boolean::constant(true)) } @@ -60,7 +74,11 @@ pub trait EqGadget: Eq { should_enforce: &Boolean, ) -> Result<(), SynthesisError> { self.is_neq(cs.ns(|| "is_neq(self, other)"), &other)? - .conditional_enforce_equal(cs.ns(|| "enforce condition"), &Boolean::constant(true), should_enforce) + .conditional_enforce_equal( + cs.ns(|| "enforce condition"), + &Boolean::constant(true), + should_enforce, + ) } /// Enforce that `self` and `other` are *not* equal. @@ -70,17 +88,25 @@ pub trait EqGadget: Eq { /// /// More efficient specialized implementation may be possible; implementors /// are encouraged to carefully analyze the efficiency and safety of these. - fn enforce_not_equal>(&self, cs: CS, other: &Self) -> Result<(), SynthesisError> { + fn enforce_not_equal>( + &self, + cs: CS, + other: &Self, + ) -> Result<(), SynthesisError> { self.conditional_enforce_not_equal(cs, other, &Boolean::constant(true)) } } impl, ConstraintF: Field> EqGadget for [T] { - fn is_eq>(&self, mut cs: CS, other: &Self) -> Result { + fn is_eq>( + &self, + mut cs: CS, + other: &Self, + ) -> Result { assert_eq!(self.len(), other.len()); assert!(!self.is_empty()); let mut results = Vec::with_capacity(self.len()); - for (i ,(a, b)) in self.iter().zip(other).enumerate() { + for (i, (a, b)) in self.iter().zip(other).enumerate() { results.push(a.is_eq(cs.ns(|| format!("is_eq_{}", i)), b)?); } Boolean::kary_and(cs.ns(|| "kary and"), &results) @@ -97,7 +123,7 @@ impl, ConstraintF: Field> EqGadget for [T] a.conditional_enforce_equal( cs.ns(|| format!("conditional_enforce_equal_{}", i)), b, - condition + condition, )?; } Ok(()) @@ -123,4 +149,4 @@ impl, ConstraintF: Field> EqGadget for [T] Ok(()) } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/fields/cubic_extension.rs b/r1cs/gadgets/std/src/fields/cubic_extension.rs index 685d685b2..24b369d5e 100644 --- a/r1cs/gadgets/std/src/fields/cubic_extension.rs +++ b/r1cs/gadgets/std/src/fields/cubic_extension.rs @@ -1,13 +1,11 @@ -use algebra::{ - CubicExtField, CubicExtParameters, - Field, PrimeField, SquareRootField -}; +use algebra::{CubicExtField, CubicExtParameters, Field, PrimeField, SquareRootField}; use r1cs_core::{ConstraintSystem, SynthesisError}; use std::{borrow::Borrow, marker::PhantomData}; use crate::{fields::FieldGadget, prelude::*, Assignment}; -pub trait CubicExtParametersGadget: CubicExtParameters +pub trait CubicExtParametersGadget: + CubicExtParameters { type BaseFieldGadget: FieldGadget; @@ -27,10 +25,14 @@ pub trait CubicExtParametersGadget: CubicExtParameters< } #[derive(Derivative)] -#[derivative(Debug(bound = "P: CubicExtParametersGadget, ConstraintF: PrimeField + SquareRootField"))] +#[derivative(Debug( + bound = "P: CubicExtParametersGadget, ConstraintF: PrimeField + SquareRootField" +))] #[must_use] -pub struct CubicExtFieldGadget, ConstraintF: PrimeField + SquareRootField> -{ +pub struct CubicExtFieldGadget< + P: CubicExtParametersGadget, + ConstraintF: PrimeField + SquareRootField, +> { pub c0: P::BaseFieldGadget, pub c1: P::BaseFieldGadget, pub c2: P::BaseFieldGadget, @@ -38,7 +40,8 @@ pub struct CubicExtFieldGadget, Constra _params: PhantomData

, } -impl, ConstraintF: PrimeField + SquareRootField> CubicExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + CubicExtFieldGadget { #[inline] pub fn new(c0: P::BaseFieldGadget, c1: P::BaseFieldGadget, c2: P::BaseFieldGadget) -> Self { @@ -98,8 +101,12 @@ impl, ConstraintF: PrimeField + SquareR } #[inline] - fn conditionally_add_constant> - (&self, mut cs: CS, bit: &Boolean, coeff: CubicExtField

) -> Result { + fn conditionally_add_constant>( + &self, + mut cs: CS, + bit: &Boolean, + coeff: CubicExtField

, + ) -> Result { let c0 = self .c0 .conditionally_add_constant(cs.ns(|| "c0"), bit, coeff.c0)?; @@ -137,7 +144,10 @@ impl, ConstraintF: PrimeField + SquareR } #[inline] - fn negate>(&self, mut cs: CS) -> Result { + fn negate>( + &self, + mut cs: CS, + ) -> Result { let c0 = self.c0.negate(&mut cs.ns(|| "negate c0"))?; let c1 = self.c1.negate(&mut cs.ns(|| "negate c1"))?; let c2 = self.c2.negate(&mut cs.ns(|| "negate c2"))?; @@ -357,14 +367,11 @@ impl, ConstraintF: PrimeField + SquareR // that a(∞)b(∞) = lambda_1 at X = ∞. let lambda_1 = self.c2.mul(cs.ns(|| "lambda_1 <=> check 5"), &other.c2)?; - let lambda_2 = P::BaseFieldGadget::alloc( - cs.ns(|| "lambda_2"), - || { - let a1b2 = self.c1.get_value().get()? * &other.c2.get_value().get()?; - let a2b1 = self.c2.get_value().get()? * &other.c1.get_value().get()?; - Ok(a1b2 + &a2b1) - } - )?; + let lambda_2 = P::BaseFieldGadget::alloc(cs.ns(|| "lambda_2"), || { + let a1b2 = self.c1.get_value().get()? * &other.c2.get_value().get()?; + let a2b1 = self.c2.get_value().get()? * &other.c1.get_value().get()?; + Ok(a1b2 + &a2b1) + })?; let one = P::BaseField::one(); @@ -375,7 +382,8 @@ impl, ConstraintF: PrimeField + SquareR .negate(cs.ns(|| "-(nr * lambda_2)"))? .add(cs.ns(|| "c0 - nr * lambda_2"), &result.c0)?; - self.c0.mul_equals(cs.ns(|| "check 1"), &other.c0, &c0_plus_nr_lambda_2)?; + self.c0 + .mul_equals(cs.ns(|| "check 1"), &other.c0, &c0_plus_nr_lambda_2)?; } //(a0 + a1 + a2)(b0 + b1 + b2) = (c0 + c1 + c2) + (lambda_1 + lambda_2)*(1 - β) at X = 1 @@ -394,10 +402,15 @@ impl, ConstraintF: PrimeField + SquareR .add(cs.ns(|| "c0 + c1 + c2"), &result.c2)?; let lambda_1_plus_lambda_2_times_one_minus_nr = lambda_1 .add(cs.ns(|| "lambda_1 + lambda_2"), &lambda_2)? - .mul_by_constant(cs.ns(|| "(lambda_1 + lambda_2)*(1 - nr)"), &(one - &P::NONRESIDUE))?; - - let to_check = c0_plus_c1_plus_c2 - .add(cs.ns(|| "c0 + c1 + c2 + (lambda_1 + lambda_2)*(1 - nr)"), &lambda_1_plus_lambda_2_times_one_minus_nr)?; + .mul_by_constant( + cs.ns(|| "(lambda_1 + lambda_2)*(1 - nr)"), + &(one - &P::NONRESIDUE), + )?; + + let to_check = c0_plus_c1_plus_c2.add( + cs.ns(|| "c0 + c1 + c2 + (lambda_1 + lambda_2)*(1 - nr)"), + &lambda_1_plus_lambda_2_times_one_minus_nr, + )?; a0_plus_a1_plus_a2.mul_equals(cs.ns(|| "check 2"), &b0_plus_b1_plus_b2, &to_check)?; } @@ -417,32 +430,33 @@ impl, ConstraintF: PrimeField + SquareR .add(cs.ns(|| "c0 - c1 + c2"), &result.c2)?; let lambda_1_minus_lambda_2_times_one_plus_nr = lambda_1 .sub(cs.ns(|| "lambda_1 - lambda_2"), &lambda_2)? - .mul_by_constant(cs.ns(|| "(lambda_1 - lambda_2)*(1 + nr)"), &(one + &P::NONRESIDUE))?; - - let to_check = c0_minus_c1_plus_c2 - .add(cs.ns(|| "c0 - c1 + c2 + (lambda_1 - lambda_2)*(1 + nr)"), &lambda_1_minus_lambda_2_times_one_plus_nr)?; + .mul_by_constant( + cs.ns(|| "(lambda_1 - lambda_2)*(1 + nr)"), + &(one + &P::NONRESIDUE), + )?; + + let to_check = c0_minus_c1_plus_c2.add( + cs.ns(|| "c0 - c1 + c2 + (lambda_1 - lambda_2)*(1 + nr)"), + &lambda_1_minus_lambda_2_times_one_plus_nr, + )?; a0_minus_a1_plus_a2.mul_equals(cs.ns(|| "check 3"), &b0_minus_b1_plus_b2, &to_check)?; } // (a0 + 2a1 + 4a2)(b0 + 2b1 + 4b2) = (c0 + 2c1 + 4c2) + (2lambda_1 + lambda_2)(8 - β) at X = 2 { - let a0_plus_2_a1_plus_4_a2 = { - let a1_double = self.c1.double(cs.ns(|| "2 * a1"))?; let a2_quad = self .c2 .double(cs.ns(|| "2 * a2"))? .double(cs.ns(|| "4 * a2"))?; - self - .c0 + self.c0 .add(cs.ns(|| "a0 + 2a1"), &a1_double)? .add(cs.ns(|| "a0 + 2a1 + 4a2"), &a2_quad)? }; let b0_plus_2_b1_plus_4_b2 = { - let b1_double = other.c1.double(cs.ns(|| "2 * b1"))?; let b2_quad = other .c2 @@ -456,7 +470,6 @@ impl, ConstraintF: PrimeField + SquareR }; let c0_plus_2_c1_plus_4_c2 = { - let c1_double = result.c1.double(cs.ns(|| "2 * c1"))?; let c2_quad = result .c2 @@ -473,11 +486,20 @@ impl, ConstraintF: PrimeField + SquareR let two_lambda_1_plus_lambda_2_times_eight_minus_nr = lambda_1 .double(cs.ns(|| "2*lambda_1"))? .add(cs.ns(|| "2*lambda_1 + lambda_2"), &lambda_2)? - .mul_by_constant(cs.ns(|| "(2*lambda_1 + lambda_2)*(8 - nr)"), &(eight - &P::NONRESIDUE))?; - - let to_check = c0_plus_2_c1_plus_4_c2 - .add(cs.ns(|| "(c0 + 2c1 + 4c2) + (2*lambda_1 + lambda_2)*(8 - nr)"), &two_lambda_1_plus_lambda_2_times_eight_minus_nr)?; - a0_plus_2_a1_plus_4_a2.mul_equals(cs.ns(|| "check 4"), &b0_plus_2_b1_plus_4_b2, &to_check)?; + .mul_by_constant( + cs.ns(|| "(2*lambda_1 + lambda_2)*(8 - nr)"), + &(eight - &P::NONRESIDUE), + )?; + + let to_check = c0_plus_2_c1_plus_4_c2.add( + cs.ns(|| "(c0 + 2c1 + 4c2) + (2*lambda_1 + lambda_2)*(8 - nr)"), + &two_lambda_1_plus_lambda_2_times_eight_minus_nr, + )?; + a0_plus_2_a1_plus_4_a2.mul_equals( + cs.ns(|| "check 4"), + &b0_plus_2_b1_plus_4_b2, + &to_check, + )?; } Ok(()) @@ -519,8 +541,12 @@ impl, ConstraintF: PrimeField + SquareR // c0 = b0*a0 + β*b2*a1 + β*b1*a2, let c0 = { let a0_b0 = self.c0.mul_by_constant(cs.ns(|| "a0 * b0"), &other.c0)?; - let a1_b2_nr = self.c1.mul_by_constant(cs.ns(|| "a1 * b2 * nr"), &(other.c2 * &P::NONRESIDUE))?; - let a2_b1_nr = self.c2.mul_by_constant(cs.ns(|| "a2 * b1 * nr"), &(other.c1 * &P::NONRESIDUE))?; + let a1_b2_nr = self + .c1 + .mul_by_constant(cs.ns(|| "a1 * b2 * nr"), &(other.c2 * &P::NONRESIDUE))?; + let a2_b1_nr = self + .c2 + .mul_by_constant(cs.ns(|| "a2 * b1 * nr"), &(other.c1 * &P::NONRESIDUE))?; a0_b0 .add(cs.ns(|| "a0 * b0 + a1 * b2 * nr"), &a1_b2_nr)? @@ -531,7 +557,9 @@ impl, ConstraintF: PrimeField + SquareR let c1 = { let a0_b1 = self.c0.mul_by_constant(cs.ns(|| "a0 * b1"), &other.c1)?; let a1_b0 = self.c1.mul_by_constant(cs.ns(|| "a1 * b0"), &other.c0)?; - let a2_b2_nr = self.c2.mul_by_constant(cs.ns(|| "a2 * b2 * nr"), &(other.c2 * &P::NONRESIDUE))?; + let a2_b2_nr = self + .c2 + .mul_by_constant(cs.ns(|| "a2 * b2 * nr"), &(other.c2 * &P::NONRESIDUE))?; a0_b1 .add(cs.ns(|| "a0 * b1 + a1 * b0"), &a1_b0)? @@ -575,7 +603,8 @@ impl, ConstraintF: PrimeField + SquareR &mut cs.ns(|| "c1 and c2 powers"), &mut self.c1, &mut self.c2, - power)?; + power, + )?; Ok(self) } @@ -591,27 +620,32 @@ impl, ConstraintF: PrimeField + SquareR fn cost_of_inv() -> usize { Self::cost_of_mul_equals() } - } -impl, ConstraintF: PrimeField + SquareRootField> PartialEq for CubicExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> PartialEq + for CubicExtFieldGadget { fn eq(&self, other: &Self) -> bool { self.c0 == other.c0 && self.c1 == other.c1 && self.c2 == other.c2 } } -impl, ConstraintF: PrimeField + SquareRootField> Eq for CubicExtFieldGadget {} +impl, ConstraintF: PrimeField + SquareRootField> Eq + for CubicExtFieldGadget +{ +} -impl, ConstraintF: PrimeField + SquareRootField> EqGadget for CubicExtFieldGadget { +impl, ConstraintF: PrimeField + SquareRootField> + EqGadget for CubicExtFieldGadget +{ fn is_eq>( &self, mut cs: CS, - other: &Self + other: &Self, ) -> Result { let b0 = self.c0.is_eq(cs.ns(|| "c0"), &other.c0)?; - let b1 = self.c1.is_eq(cs.ns(|| "c1"),&other.c1)?; - let b2 = self.c2.is_eq(cs.ns(|| "c2"),&other.c2)?; + let b1 = self.c1.is_eq(cs.ns(|| "c1"), &other.c1)?; + let b2 = self.c2.is_eq(cs.ns(|| "c2"), &other.c2)?; let temp = Boolean::and(cs.ns(|| "b0 AND b1"), &b0, &b1)?; Boolean::and(cs.ns(|| "b0 AND b1 AND b2"), &temp, &b2) } @@ -621,11 +655,14 @@ impl, ConstraintF: PrimeField + SquareR &self, mut cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - self.c0.conditional_enforce_equal(cs.ns(|| "c0"),&other.c0, should_enforce)?; - self.c1.conditional_enforce_equal(cs.ns(|| "c1"),&other.c1, should_enforce)?; - self.c2.conditional_enforce_equal(cs.ns(|| "c2"),&other.c2, should_enforce)?; + self.c0 + .conditional_enforce_equal(cs.ns(|| "c0"), &other.c0, should_enforce)?; + self.c1 + .conditional_enforce_equal(cs.ns(|| "c1"), &other.c1, should_enforce)?; + self.c2 + .conditional_enforce_equal(cs.ns(|| "c2"), &other.c2, should_enforce)?; Ok(()) } @@ -634,17 +671,28 @@ impl, ConstraintF: PrimeField + SquareR &self, mut cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { let is_equal = self.is_eq(cs.ns(|| "is_eq(self, other)"), other)?; - Boolean::and(cs.ns(|| "is_equal AND should_enforce"), &is_equal, should_enforce)? - .enforce_equal(cs.ns(|| "is_equal AND should_enforce == false"), &Boolean::Constant(false)) + Boolean::and( + cs.ns(|| "is_equal AND should_enforce"), + &is_equal, + should_enforce, + )? + .enforce_equal( + cs.ns(|| "is_equal AND should_enforce == false"), + &Boolean::Constant(false), + ) } } -impl, ConstraintF: PrimeField + SquareRootField> ToBitsGadget for CubicExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + ToBitsGadget for CubicExtFieldGadget { - fn to_bits>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bits>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut c0 = self.c0.to_bits(&mut cs)?; let mut c1 = self.c1.to_bits(&mut cs)?; let mut c2 = self.c2.to_bits(cs)?; @@ -670,10 +718,13 @@ impl, ConstraintF: PrimeField + SquareR } } -impl, ConstraintF: PrimeField + SquareRootField> ToBytesGadget for CubicExtFieldGadget - +impl, ConstraintF: PrimeField + SquareRootField> + ToBytesGadget for CubicExtFieldGadget { - fn to_bytes>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut c0 = self.c0.to_bytes(cs.ns(|| "c0"))?; let mut c1 = self.c1.to_bytes(cs.ns(|| "c1"))?; let mut c2 = self.c2.to_bytes(cs.ns(|| "c2"))?; @@ -699,15 +750,16 @@ impl, ConstraintF: PrimeField + SquareR } } -impl, ConstraintF: PrimeField + SquareRootField> Clone for CubicExtFieldGadget - +impl, ConstraintF: PrimeField + SquareRootField> Clone + for CubicExtFieldGadget { fn clone(&self) -> Self { Self::new(self.c0.clone(), self.c1.clone(), self.c2.clone()) } } -impl , ConstraintF: PrimeField + SquareRootField> CondSelectGadget for CubicExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + CondSelectGadget for CubicExtFieldGadget { #[inline] fn conditionally_select>( @@ -743,7 +795,8 @@ impl , ConstraintF: PrimeField + Square } } -impl , ConstraintF: PrimeField + SquareRootField> TwoBitLookupGadget for CubicExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + TwoBitLookupGadget for CubicExtFieldGadget { type TableConstant = CubicExtField

; fn two_bit_lookup>( @@ -764,8 +817,8 @@ impl , ConstraintF: PrimeField + Square mut cs: CS, precomp: &Boolean, b: &[Boolean], - c: &[Self::TableConstant]) - -> Result { + c: &[Self::TableConstant], + ) -> Result { let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); let c2s = c.iter().map(|f| f.c2).collect::>(); @@ -781,7 +834,7 @@ impl , ConstraintF: PrimeField + Square } impl, ConstraintF: PrimeField + SquareRootField> -ThreeBitCondNegLookupGadget for CubicExtFieldGadget + ThreeBitCondNegLookupGadget for CubicExtFieldGadget { type TableConstant = CubicExtField

; @@ -794,9 +847,12 @@ ThreeBitCondNegLookupGadget for CubicExtFieldGadget let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); let c2s = c.iter().map(|f| f.c2).collect::>(); - let c0 = P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c0"), b, b0b1, &c0s)?; - let c1 = P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c1"), b, b0b1, &c1s)?; - let c2 = P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c2"), b, b0b1, &c2s)?; + let c0 = + P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c0"), b, b0b1, &c0s)?; + let c1 = + P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c1"), b, b0b1, &c1s)?; + let c2 = + P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c2"), b, b0b1, &c2s)?; Ok(Self::new(c0, c1, c2)) } @@ -806,22 +862,22 @@ ThreeBitCondNegLookupGadget for CubicExtFieldGadget } impl, ConstraintF: PrimeField + SquareRootField> -AllocGadget, ConstraintF> for CubicExtFieldGadget + AllocGadget, ConstraintF> for CubicExtFieldGadget { #[inline] fn alloc>( mut cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let (c0, c1, c2) = match value_gen() { Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1), Ok(fe.c2)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -840,15 +896,15 @@ AllocGadget, ConstraintF> for CubicExtFieldGadget Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let (c0, c1, c2) = match value_gen() { Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1), Ok(fe.c2)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -864,14 +920,10 @@ AllocGadget, ConstraintF> for CubicExtFieldGadget, ConstraintF: PrimeField + SquareRootField> -ConstantGadget, ConstraintF> for CubicExtFieldGadget + ConstantGadget, ConstraintF> for CubicExtFieldGadget { #[inline] - fn from_value>( - mut cs: CS, - value: &CubicExtField

, - ) -> Self - { + fn from_value>(mut cs: CS, value: &CubicExtField

) -> Self { let c0 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c0"), &value.c0); let c1 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c1"), &value.c1); let c2 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c2"), &value.c2); diff --git a/r1cs/gadgets/std/src/fields/fp.rs b/r1cs/gadgets/std/src/fields/fp.rs index 57ac62deb..0be49c0d5 100644 --- a/r1cs/gadgets/std/src/fields/fp.rs +++ b/r1cs/gadgets/std/src/fields/fp.rs @@ -11,22 +11,18 @@ use crate::{boolean::AllocatedBit, prelude::*, Assignment}; #[derive(Debug)] pub struct FpGadget { - pub value: Option, + pub value: Option, pub variable: ConstraintVar, } impl FpGadget { - #[inline] pub fn from>(mut cs: CS, value: &F) -> Self { Self::alloc(cs.ns(|| "from"), || Ok(*value)).unwrap() } #[inline] - pub fn is_odd>( - &self, - mut cs: CS, - ) -> Result { + pub fn is_odd>(&self, mut cs: CS) -> Result { let bits = self.to_bits_strict(cs.ns(|| "to bits strict"))?; Ok(bits[bits.len() - 1]) } @@ -39,9 +35,11 @@ impl FpGadget { ) -> Result, SynthesisError> { let num_bits = F::Params::MODULUS_BITS; let bit_values = match self.value { - Some(value) => { - value.write_bits().iter().map(|b| Some(*b)).collect::>() - }, + Some(value) => value + .write_bits() + .iter() + .map(|b| Some(*b)) + .collect::>(), None => vec![None; num_bits as usize], }; @@ -72,7 +70,7 @@ impl FpGadget { pub fn to_bytes_with_length_restriction>( &self, mut cs: CS, - to_skip: usize + to_skip: usize, ) -> Result, SynthesisError> { let mut byte_values = match self.value { Some(value) => to_bytes![&value.into_repr()]? @@ -83,10 +81,12 @@ impl FpGadget { let default = F::default(); let default_len = to_bytes![&default].unwrap().len(); vec![None; default_len] - }, + } }; - for _ in 0..to_skip {byte_values.pop();} + for _ in 0..to_skip { + byte_values.pop(); + } let bytes = UInt8::alloc_vec(cs.ns(|| "Alloc bytes"), &byte_values)?; @@ -96,15 +96,15 @@ impl FpGadget { for bit in bytes .iter() .flat_map(|byte_gadget| byte_gadget.bits.clone()) - { - match bit { - Boolean::Is(bit) => { - lc = lc + (coeff, bit.get_variable()); - coeff.double_in_place(); - }, - Boolean::Constant(_) | Boolean::Not(_) => unreachable!(), + { + match bit { + Boolean::Is(bit) => { + lc = lc + (coeff, bit.get_variable()); + coeff.double_in_place(); } + Boolean::Constant(_) | Boolean::Not(_) => unreachable!(), } + } lc = &self.variable - lc; @@ -112,7 +112,6 @@ impl FpGadget { Ok(bytes) } - } impl FieldGadget for FpGadget { @@ -364,7 +363,9 @@ impl FieldGadget for FpGadget { 1 } - fn cost_of_mul_equals() -> usize { 1 } + fn cost_of_mul_equals() -> usize { + 1 + } fn cost_of_inv() -> usize { 1 @@ -380,7 +381,11 @@ impl PartialEq for FpGadget { impl Eq for FpGadget {} impl EqGadget for FpGadget { - fn is_eq>(&self, mut cs: CS, other: &Self) -> Result { + fn is_eq>( + &self, + mut cs: CS, + other: &Self, + ) -> Result { // The Boolean we want to constrain. let v = Boolean::alloc(cs.ns(|| "alloc verdict"), || { let self_val = self.get_value().get()?; @@ -394,8 +399,7 @@ impl EqGadget for FpGadget { let v_val = v.get_value().get()?; if v_val { Ok(F::one()) //Just one random value - } - else { + } else { let self_val = self.get_value().get()?; let other_val = other.get_value().get()?; Ok((self_val - &other_val).inverse().get()?) @@ -444,9 +448,7 @@ impl EqGadget for FpGadget { other: &Self, should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - let multiplier = Self::alloc( - cs.ns(|| "alloc multiplier"), - || { + let multiplier = Self::alloc(cs.ns(|| "alloc multiplier"), || { if should_enforce.get_value().get()? { (self.value.get()? - &other.value.get()?).inverse().get() } else { @@ -457,7 +459,7 @@ impl EqGadget for FpGadget { || "conditional enforce not equal", |lc| &self.variable - &other.variable + lc, |lc| &multiplier.variable + lc, - |lc| lc + &should_enforce.lc(CS::one(), F::one()) + |lc| lc + &should_enforce.lc(CS::one(), F::one()), ); Ok(()) } @@ -482,8 +484,10 @@ impl ToBitsGadget for FpGadget { } impl FromBitsGadget for FpGadget { - fn from_bits>(mut cs: CS, bits: &[Boolean]) -> Result { - + fn from_bits>( + mut cs: CS, + bits: &[Boolean], + ) -> Result { //A malicious prover may pass a bigger input so we enforce considering exactly //CAPACITY bits in the linear combination calculation. let bits = bits.chunks(F::Params::CAPACITY as usize).next().unwrap(); @@ -494,26 +498,18 @@ impl FromBitsGadget for FpGadget { // Need to reverse in order to reconstruct the field element, because we // assume having a *big_endian* bit representation of `Self`. for (j, bit) in bits.iter().rev().enumerate() { - // Use a support FpGadget to hold the linear combination (needed because // the allocated bit won't have a value until proving time. - num = num.conditionally_add_constant( - cs.ns(|| format!("add_bit_{}", j)), - bit, - coeff, - )?; + num = num.conditionally_add_constant(cs.ns(|| format!("add_bit_{}", j)), bit, coeff)?; coeff.double_in_place(); } //Alloc the field gadget with the value resulting from bit linear combination - let variable = Self::alloc( - cs.ns(|| "variable"), - || { - let value = num.get_value().get()?; - Ok(value) - } - )?; + let variable = Self::alloc(cs.ns(|| "variable"), || { + let value = num.get_value().get()?; + Ok(value) + })?; // num * 1 = variable cs.enforce( @@ -621,26 +617,21 @@ impl TwoBitLookupGadget for FpGadget { Ok(result) } - fn two_bit_lookup_lc> - ( mut cs: CS, + fn two_bit_lookup_lc>( + mut cs: CS, precomp: &Boolean, b: &[Boolean], - c: &[Self::TableConstant] + c: &[Self::TableConstant], ) -> Result { - let result = Self::zero(cs.ns(|| "alloc result"))? - .conditionally_add_constant(cs.ns(|| "add constant"), - &Boolean::constant(true), - c[0])? - .conditionally_add_constant(cs.ns(|| "add b0"), - &b[0], - c[1] - &c[0])? - .conditionally_add_constant(cs.ns(|| "add b1"), - &b[1], - c[2] - &c[0])? - .conditionally_add_constant(cs.ns(|| "add b0 AND b1"), - &precomp, - c[3] + &c[0] - &c[1] - &c[2])?; + .conditionally_add_constant(cs.ns(|| "add constant"), &Boolean::constant(true), c[0])? + .conditionally_add_constant(cs.ns(|| "add b0"), &b[0], c[1] - &c[0])? + .conditionally_add_constant(cs.ns(|| "add b1"), &b[1], c[2] - &c[0])? + .conditionally_add_constant( + cs.ns(|| "add b0 AND b1"), + &precomp, + c[3] + &c[0] - &c[1] - &c[2], + )?; Ok(result) } @@ -699,7 +690,7 @@ impl ThreeBitCondNegLookupGadget for FpGadget { impl Clone for FpGadget { fn clone(&self) -> Self { Self { - value: self.value.clone(), + value: self.value.clone(), variable: self.variable.clone(), } } @@ -757,13 +748,8 @@ impl AllocGadget for FpGadget { } impl ConstantGadget for FpGadget { - #[inline] - fn from_value>( - _cs: CS, - value: &F, - ) -> Self - { + fn from_value>(_cs: CS, value: &F) -> Self { let value = *value; FpGadget { value: Some(value), @@ -775,4 +761,4 @@ impl ConstantGadget for FpGadget { fn get_constant(&self) -> F { self.get_value().unwrap() } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/fields/fp12.rs b/r1cs/gadgets/std/src/fields/fp12.rs index 89890f4d6..e592ef1f6 100644 --- a/r1cs/gadgets/std/src/fields/fp12.rs +++ b/r1cs/gadgets/std/src/fields/fp12.rs @@ -2,43 +2,46 @@ use r1cs_core::{ConstraintSystem, SynthesisError}; use algebra::{ fields::{ - fp12_2over3over2::{Fp12, Fp12Parameters, Fp12ParamsWrapper, characteristic_square_mod_6_is_one}, + fp12_2over3over2::{ + characteristic_square_mod_6_is_one, Fp12, Fp12Parameters, Fp12ParamsWrapper, + }, fp6_3over2::{Fp6Parameters, Fp6ParamsWrapper}, Fp2Parameters, }, - Field, PrimeField, SquareRootField + Field, PrimeField, SquareRootField, }; use crate::{ - prelude::*, fields::{ - fp2::Fp2Gadget, fp6_3over2::Fp6Gadget - }, + fields::{fp2::Fp2Gadget, fp6_3over2::Fp6Gadget}, + prelude::*, }; -impl QuadExtParametersGadget for Fp12ParamsWrapper

- where - P: Fp12Parameters, - ::Fp2Params: Fp2Parameters, +impl QuadExtParametersGadget + for Fp12ParamsWrapper

+where + P: Fp12Parameters, + ::Fp2Params: Fp2Parameters, { type BaseFieldGadget = Fp6Gadget; fn mul_base_field_gadget_by_nonresidue>( cs: CS, - fe: &Self::BaseFieldGadget - ) -> Result - { - let new_c0 = Fp6ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c2)?; + fe: &Self::BaseFieldGadget, + ) -> Result { + let new_c0 = + Fp6ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c2)?; let new_c1 = fe.c0.clone(); let new_c2 = fe.c1.clone(); - Ok(Fp6Gadget::::new(new_c0, new_c1, new_c2)) + Ok(Fp6Gadget::::new( + new_c0, new_c1, new_c2, + )) } fn mul_base_field_gadget_by_frobenius_coeff>( mut cs: CS, c1: &mut Self::BaseFieldGadget, - power: usize - ) -> Result<(), SynthesisError> - { + power: usize, + ) -> Result<(), SynthesisError> { c1.c0 .mul_by_constant_in_place(cs.ns(|| "mul1"), &P::FROBENIUS_COEFF_FP12_C1[power % 12])?; c1.c1 @@ -50,11 +53,11 @@ impl QuadExtParametersGadget>( mut cs: CS, - fe: &QuadExtFieldGadget - ) -> Result, SynthesisError> - { + fe: &QuadExtFieldGadget, + ) -> Result, SynthesisError> { if characteristic_square_mod_6_is_one(Fp12::

::characteristic()) { - let mut result = QuadExtFieldGadget::::zero(cs.ns(|| "alloc result"))?; + let mut result = + QuadExtFieldGadget::::zero(cs.ns(|| "alloc result"))?; let fp2_nr = ::NONRESIDUE; let z0 = &fe.c0.c0; @@ -180,9 +183,9 @@ impl QuadExtParametersGadget = QuadExtFieldGadget, ConstraintF>; impl Fp12Gadget - where - P: Fp12Parameters, - ::Fp2Params: Fp2Parameters, +where + P: Fp12Parameters, + ::Fp2Params: Fp2Parameters, { /// Multiplies by an element of the form (c0 = (c0, c1, 0), c1 = (0, d1, 0)) #[inline] @@ -195,8 +198,11 @@ impl Fp12Gadget ) -> Result { let v0 = self.c0.mul_by_c0_c1_0(cs.ns(|| "v0"), &c0, &c1)?; let v1 = self.c1.mul_by_0_c1_0(cs.ns(|| "v1"), &d1)?; - let new_c0 = Fp12ParamsWrapper::

::mul_base_field_gadget_by_nonresidue(cs.ns(|| "first mul_by_nr"), &v1)? - .add(cs.ns(|| "v0 + nonresidue * v1"), &v0)?; + let new_c0 = Fp12ParamsWrapper::

::mul_base_field_gadget_by_nonresidue( + cs.ns(|| "first mul_by_nr"), + &v1, + )? + .add(cs.ns(|| "v0 + nonresidue * v1"), &v0)?; let c1 = { let tmp = c1.add(cs.ns(|| "c1 + d1"), &d1)?; @@ -232,11 +238,10 @@ impl Fp12Gadget .mul_by_c0_c1_0(cs.ns(|| "compute e"), &c0, &c1)?; let a_plus_b = a.add(cs.ns(|| "a + b"), &b)?; let c1 = e.sub(cs.ns(|| "e - (a + b)"), &a_plus_b)?; - let c0 = Fp12ParamsWrapper::

::mul_base_field_gadget_by_nonresidue( - cs.ns(|| "b *nr"), - &b)? - .add(cs.ns(|| "plus a"), &a)?; + let c0 = + Fp12ParamsWrapper::

::mul_base_field_gadget_by_nonresidue(cs.ns(|| "b *nr"), &b)? + .add(cs.ns(|| "plus a"), &a)?; Ok(Self::new(c0, c1)) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/fields/fp2.rs b/r1cs/gadgets/std/src/fields/fp2.rs index b6ddba91a..5bea4cc31 100644 --- a/r1cs/gadgets/std/src/fields/fp2.rs +++ b/r1cs/gadgets/std/src/fields/fp2.rs @@ -1,5 +1,5 @@ use algebra::{ - fields::{QuadExtParameters, Fp2Parameters, Fp2ParamsWrapper}, + fields::{Fp2Parameters, Fp2ParamsWrapper, QuadExtParameters}, PrimeField, SquareRootField, }; use r1cs_core::{ConstraintSystem, SynthesisError}; @@ -13,18 +13,16 @@ impl, ConstraintF: PrimeField + SquareRootFie fn mul_base_field_gadget_by_nonresidue>( cs: CS, - fe: &Self::BaseFieldGadget - ) -> Result - { + fe: &Self::BaseFieldGadget, + ) -> Result { fe.mul_by_constant(cs, &Self::NONRESIDUE) } fn mul_base_field_gadget_by_frobenius_coeff>( cs: CS, c1: &mut Self::BaseFieldGadget, - power: usize - ) -> Result<(), SynthesisError> - { + power: usize, + ) -> Result<(), SynthesisError> { c1.mul_by_constant_in_place(cs, &Self::FROBENIUS_COEFF_C1[power % 2])?; Ok(()) } @@ -40,10 +38,9 @@ impl, ConstraintF: PrimeField + SquareRootFie &mut self, mut cs: CS, fe: &FpGadget, - ) -> Result<&mut Self, SynthesisError> - { - self.c0.mul_in_place(cs.ns(||"compute new_c0"), &fe)?; - self.c1.mul_in_place(cs.ns(||"compute new_c1"), &fe)?; + ) -> Result<&mut Self, SynthesisError> { + self.c0.mul_in_place(cs.ns(|| "compute new_c0"), &fe)?; + self.c1.mul_in_place(cs.ns(|| "compute new_c1"), &fe)?; Ok(self) } @@ -68,4 +65,4 @@ impl, ConstraintF: PrimeField + SquareRootFie result.mul_by_base_field_constant_in_place(cs, fe)?; Ok(result) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/fields/fp3.rs b/r1cs/gadgets/std/src/fields/fp3.rs index e715c6609..51f95529e 100644 --- a/r1cs/gadgets/std/src/fields/fp3.rs +++ b/r1cs/gadgets/std/src/fields/fp3.rs @@ -1,6 +1,6 @@ use algebra::{ fields::{Fp3Parameters, Fp3ParamsWrapper}, - PrimeField, SquareRootField + PrimeField, SquareRootField, }; use r1cs_core::{ConstraintSystem, SynthesisError}; @@ -13,9 +13,8 @@ impl, ConstraintF: PrimeField + SquareRootFie fn mul_base_field_gadget_by_nonresidue>( cs: CS, - fe: &Self::BaseFieldGadget - ) -> Result - { + fe: &Self::BaseFieldGadget, + ) -> Result { fe.mul_by_constant(cs, &P::NONRESIDUE) } @@ -23,17 +22,10 @@ impl, ConstraintF: PrimeField + SquareRootFie mut cs: CS, c1: &mut Self::BaseFieldGadget, c2: &mut Self::BaseFieldGadget, - power: usize - ) -> Result<(), SynthesisError> - { - c1.mul_by_constant_in_place( - cs.ns(|| "c1_power"), - &P::FROBENIUS_COEFF_FP3_C1[power % 3], - )?; - c2.mul_by_constant_in_place( - cs.ns(|| "c2_power"), - &P::FROBENIUS_COEFF_FP3_C2[power % 3], - )?; + power: usize, + ) -> Result<(), SynthesisError> { + c1.mul_by_constant_in_place(cs.ns(|| "c1_power"), &P::FROBENIUS_COEFF_FP3_C1[power % 3])?; + c2.mul_by_constant_in_place(cs.ns(|| "c2_power"), &P::FROBENIUS_COEFF_FP3_C2[power % 3])?; Ok(()) } @@ -41,7 +33,8 @@ impl, ConstraintF: PrimeField + SquareRootFie pub type Fp3Gadget = CubicExtFieldGadget, ConstraintF>; -impl, ConstraintF: PrimeField + SquareRootField> Fp3Gadget +impl, ConstraintF: PrimeField + SquareRootField> + Fp3Gadget { /// Multiply a Fp3Gadget by a Fp gadget. #[inline] @@ -55,4 +48,4 @@ impl, ConstraintF: PrimeField + SquareRootFie self.c2.mul_in_place(cs.ns(|| "c2"), fe)?; Ok(self) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/fields/fp4.rs b/r1cs/gadgets/std/src/fields/fp4.rs index 380d3f28b..056dc09e2 100644 --- a/r1cs/gadgets/std/src/fields/fp4.rs +++ b/r1cs/gadgets/std/src/fields/fp4.rs @@ -1,25 +1,28 @@ -use algebra::{fields::{ - fp4::{Fp4Parameters, Fp4ParamsWrapper}, - Field, Fp2Parameters, -}, PrimeField, Fp2, SquareRootField, Fp2ParamsWrapper}; +use algebra::{ + fields::{ + fp4::{Fp4Parameters, Fp4ParamsWrapper}, + Field, Fp2Parameters, + }, + Fp2, Fp2ParamsWrapper, PrimeField, SquareRootField, +}; use r1cs_core::{ConstraintSystem, SynthesisError}; -use crate::{ - prelude::*, fields::fp2::Fp2Gadget, -}; +use crate::{fields::fp2::Fp2Gadget, prelude::*}; -impl QuadExtParametersGadget for Fp4ParamsWrapper

- where - P: Fp4Parameters, - P::Fp2Params: Fp2Parameters, +impl QuadExtParametersGadget + for Fp4ParamsWrapper

+where + P: Fp4Parameters, + P::Fp2Params: Fp2Parameters, { type BaseFieldGadget = Fp2Gadget; fn mul_base_field_gadget_by_nonresidue>( cs: CS, - fe: &Self::BaseFieldGadget + fe: &Self::BaseFieldGadget, ) -> Result { - let new_c0 = Fp2ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c1)?; + let new_c0 = + Fp2ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c1)?; let new_c1 = fe.c0.clone(); Ok(Self::BaseFieldGadget::new(new_c0, new_c1)) } @@ -27,7 +30,7 @@ impl QuadExtParametersGadget>( mut cs: CS, c1: &mut Self::BaseFieldGadget, - power: usize + power: usize, ) -> Result<(), SynthesisError> { c1.c0.mul_by_constant_in_place( cs.ns(|| "c1_c0_power"), @@ -43,20 +46,20 @@ impl QuadExtParametersGadget>( mut cs: CS, - fe: &QuadExtFieldGadget - ) -> Result, SynthesisError> - { - let c1_squared = fe.c1.square(cs.ns(||"c1^2"))?; - let c1_squared_nr = Self::mul_base_field_gadget_by_nonresidue(cs.ns(||"nr * c1^2"), &c1_squared)?; + fe: &QuadExtFieldGadget, + ) -> Result, SynthesisError> { + let c1_squared = fe.c1.square(cs.ns(|| "c1^2"))?; + let c1_squared_nr = + Self::mul_base_field_gadget_by_nonresidue(cs.ns(|| "nr * c1^2"), &c1_squared)?; let one = Fp2::::one(); let c0 = { let c1_squared_nr_doubled = c1_squared_nr.double(cs.ns(|| "2(nr*c1^2)"))?; - c1_squared_nr_doubled.add_constant(cs.ns(|| "2(nr*c1^2) + 1"), &one)? + c1_squared_nr_doubled.add_constant(cs.ns(|| "2(nr*c1^2) + 1"), &one)? }; let c1 = { - let c1_plus_c0 = fe.c0.add(cs.ns(||"c1 + c0"), &fe.c1)?; + let c1_plus_c0 = fe.c0.add(cs.ns(|| "c1 + c0"), &fe.c1)?; let c1_plus_c0_squared = c1_plus_c0.square(cs.ns(|| "(c1 + c0)^2"))?; c1_plus_c0_squared .sub(cs.ns(|| "(c1 + c0)^2 - nr*c1^2"), &c1_squared_nr)? @@ -70,9 +73,9 @@ impl QuadExtParametersGadget = QuadExtFieldGadget, ConstraintF>; impl Fp4Gadget - where - P: Fp4Parameters, - P::Fp2Params: Fp2Parameters, +where + P: Fp4Parameters, + P::Fp2Params: Fp2Parameters, { #[inline] //Mul by an element of the form c0: (a, 0) c1:(c, d) @@ -81,16 +84,23 @@ impl Fp4Gadget mut cs: CS, other: &Self, ) -> Result { - let v0 = - { - let v0_c0 = self.c0.c0.mul(cs.ns(|| "self.c0.c0 * other.c0.c0"), &other.c0.c0)?; - let v0_c1 = self.c0.c1.mul(cs.ns(|| "self.c0.c1 * other.c0.c0"), &other.c0.c0)?; - Fp2Gadget::::new(v0_c0, v0_c1) - }; + let v0 = { + let v0_c0 = self + .c0 + .c0 + .mul(cs.ns(|| "self.c0.c0 * other.c0.c0"), &other.c0.c0)?; + let v0_c1 = self + .c0 + .c1 + .mul(cs.ns(|| "self.c0.c1 * other.c0.c0"), &other.c0.c0)?; + Fp2Gadget::::new(v0_c0, v0_c1) + }; let v1 = self.c1.mul(cs.ns(|| "self.c1 * other.c1"), &other.c1)?; let c0 = { - let non_residue_times_v1 = - Fp4ParamsWrapper::

::mul_base_field_gadget_by_nonresidue(cs.ns(|| "v1 mul_by_nr"), &v1)?; + let non_residue_times_v1 = Fp4ParamsWrapper::

::mul_base_field_gadget_by_nonresidue( + cs.ns(|| "v1 mul_by_nr"), + &v1, + )?; v0.add(cs.ns(|| "v0 + beta * v1"), &non_residue_times_v1)? }; let c1 = { @@ -105,4 +115,4 @@ impl Fp4Gadget Ok(Self::new(c0, c1)) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/fields/fp6_2over3.rs b/r1cs/gadgets/std/src/fields/fp6_2over3.rs index acd62dda2..2b4bcf2e9 100644 --- a/r1cs/gadgets/std/src/fields/fp6_2over3.rs +++ b/r1cs/gadgets/std/src/fields/fp6_2over3.rs @@ -1,37 +1,40 @@ -use algebra::{fields::{ - fp6_2over3::{Fp6Parameters, Fp6ParamsWrapper}, - fp3::{Fp3Parameters, Fp3ParamsWrapper}, -}, PrimeField, SquareRootField}; +use algebra::{ + fields::{ + fp3::{Fp3Parameters, Fp3ParamsWrapper}, + fp6_2over3::{Fp6Parameters, Fp6ParamsWrapper}, + }, + PrimeField, SquareRootField, +}; use r1cs_core::{ConstraintSystem, SynthesisError}; -use crate::{ - prelude::*, fields::fp3::Fp3Gadget, -}; +use crate::{fields::fp3::Fp3Gadget, prelude::*}; -impl QuadExtParametersGadget for Fp6ParamsWrapper

- where - P: Fp6Parameters, - P::Fp3Params: Fp3Parameters, +impl QuadExtParametersGadget + for Fp6ParamsWrapper

+where + P: Fp6Parameters, + P::Fp3Params: Fp3Parameters, { type BaseFieldGadget = Fp3Gadget; fn mul_base_field_gadget_by_nonresidue>( cs: CS, - fe: &Self::BaseFieldGadget - ) -> Result - { - let new_c0 = Fp3ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c2)?; + fe: &Self::BaseFieldGadget, + ) -> Result { + let new_c0 = + Fp3ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c2)?; let new_c1 = fe.c0.clone(); let new_c2 = fe.c1.clone(); - Ok(Fp3Gadget::::new(new_c0, new_c1, new_c2)) + Ok(Fp3Gadget::::new( + new_c0, new_c1, new_c2, + )) } fn mul_base_field_gadget_by_frobenius_coeff>( mut cs: CS, c1: &mut Self::BaseFieldGadget, - power: usize - ) -> Result<(), SynthesisError> - { + power: usize, + ) -> Result<(), SynthesisError> { c1.c0 .mul_by_constant_in_place(cs.ns(|| "mul1"), &P::FROBENIUS_COEFF_FP6_C1[power % 6])?; c1.c1 @@ -43,9 +46,8 @@ impl QuadExtParametersGadget>( mut cs: CS, - fe: &QuadExtFieldGadget - ) -> Result, SynthesisError> - { + fe: &QuadExtFieldGadget, + ) -> Result, SynthesisError> { let mut result = QuadExtFieldGadget::::zero(cs.ns(|| "alloc result"))?; let fp2_nr = ::NONRESIDUE; @@ -169,35 +171,47 @@ impl QuadExtParametersGadget = QuadExtFieldGadget, ConstraintF>; impl Fp6Gadget - where - P: Fp6Parameters, - P::Fp3Params: Fp3Parameters, +where + P: Fp6Parameters, + P::Fp3Params: Fp3Parameters, { #[inline] pub fn mul_by_2345>( &self, mut cs: CS, other: &Self, - ) -> Result - { + ) -> Result { let v0 = { - let t = Fp3ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs.ns(|| "other.c0.c2 * nr"), &other.c0.c2)?; + let t = Fp3ParamsWrapper::::mul_base_field_gadget_by_nonresidue( + cs.ns(|| "other.c0.c2 * nr"), + &other.c0.c2, + )?; let c0 = self.c0.c1.mul(cs.ns(|| "compute v0_c0"), &t)?; let c1 = self.c0.c2.mul(cs.ns(|| "compute v0_c1"), &t)?; let c2 = self.c0.c0.mul(cs.ns(|| "compute v0_c2"), &other.c0.c2)?; Fp3Gadget::::new(c0, c1, c2) }; let v1 = self.c1.mul(cs.ns(|| "compute v1"), &other.c1)?; - let beta_v1 = Fp6ParamsWrapper::

::mul_base_field_gadget_by_nonresidue(cs.ns(|| "v1*nr"), &v1)?; + let beta_v1 = + Fp6ParamsWrapper::

::mul_base_field_gadget_by_nonresidue(cs.ns(|| "v1*nr"), &v1)?; let c0 = v0.add(cs.ns(|| "compute result c0"), &beta_v1)?; let c1 = { let self_c0_plus_c1 = self.c0.add(cs.ns(|| "self.c0 + self.c1"), &self.c1)?; let other_c0_plus_c1 = other.c0.add(cs.ns(|| "other.c0 + other.c1"), &other.c1)?; self_c0_plus_c1 - .mul(cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1)"), &other_c0_plus_c1)? - .sub(cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1) - v0"), &v0)? - .sub(cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1) - v0 - v1"), &v1)? + .mul( + cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1)"), + &other_c0_plus_c1, + )? + .sub( + cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1) - v0"), + &v0, + )? + .sub( + cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1) - v0 - v1"), + &v1, + )? }; Ok(Self::new(c0, c1)) } diff --git a/r1cs/gadgets/std/src/fields/fp6_3over2.rs b/r1cs/gadgets/std/src/fields/fp6_3over2.rs index cc217681c..dc131d931 100644 --- a/r1cs/gadgets/std/src/fields/fp6_3over2.rs +++ b/r1cs/gadgets/std/src/fields/fp6_3over2.rs @@ -8,20 +8,20 @@ use algebra::{ }; use r1cs_core::{ConstraintSystem, SynthesisError}; -use crate::{prelude::*, fields::fp2::Fp2Gadget}; +use crate::{fields::fp2::Fp2Gadget, prelude::*}; -impl CubicExtParametersGadget for Fp6ParamsWrapper

- where - P: Fp6Parameters, - P::Fp2Params: Fp2Parameters, +impl CubicExtParametersGadget + for Fp6ParamsWrapper

+where + P: Fp6Parameters, + P::Fp2Params: Fp2Parameters, { type BaseFieldGadget = Fp2Gadget; fn mul_base_field_gadget_by_nonresidue>( cs: CS, - fe: &Self::BaseFieldGadget - ) -> Result - { + fe: &Self::BaseFieldGadget, + ) -> Result { fe.mul_by_constant(cs, &P::NONRESIDUE) } @@ -29,17 +29,10 @@ impl CubicExtParametersGadget Result<(), SynthesisError> - { - c1.mul_by_constant_in_place( - cs.ns(|| "c1_power"), - &P::FROBENIUS_COEFF_FP6_C1[power % 6], - )?; - c2.mul_by_constant_in_place( - cs.ns(|| "c2_power"), - &P::FROBENIUS_COEFF_FP6_C2[power % 6], - )?; + power: usize, + ) -> Result<(), SynthesisError> { + c1.mul_by_constant_in_place(cs.ns(|| "c1_power"), &P::FROBENIUS_COEFF_FP6_C1[power % 6])?; + c2.mul_by_constant_in_place(cs.ns(|| "c2_power"), &P::FROBENIUS_COEFF_FP6_C2[power % 6])?; Ok(()) } @@ -48,9 +41,9 @@ impl CubicExtParametersGadget = CubicExtFieldGadget, ConstraintF>; impl Fp6Gadget - where - P: Fp6Parameters, - P::Fp2Params: Fp2Parameters, +where + P: Fp6Parameters, + P::Fp2Params: Fp2Parameters, { #[inline] pub fn mul_by_0_c1_0>( @@ -133,4 +126,4 @@ impl Fp6Gadget Ok(Self::new(c0, c1, c2)) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/fields/mod.rs b/r1cs/gadgets/std/src/fields/mod.rs index c5fcd0759..ffd73b247 100644 --- a/r1cs/gadgets/std/src/fields/mod.rs +++ b/r1cs/gadgets/std/src/fields/mod.rs @@ -5,15 +5,15 @@ use std::fmt::Debug; use crate::{prelude::*, Assignment}; +pub mod cubic_extension; pub mod fp; pub mod fp12; pub mod fp2; pub mod fp3; pub mod fp4; -pub mod fp6_3over2; pub mod fp6_2over3; +pub mod fp6_3over2; pub mod quadratic_extension; -pub mod cubic_extension; pub trait FieldGadget: Sized @@ -248,20 +248,15 @@ pub trait FieldGadget: #[cfg(test)] pub(crate) mod tests { - use rand::{self, thread_rng, SeedableRng, Rng}; + use rand::{self, thread_rng, Rng, SeedableRng}; use rand_xorshift::XorShiftRng; - use crate::{prelude::*, test_constraint_system::TestConstraintSystem, fields::fp::FpGadget}; - use algebra::{BitIterator, Field, UniformRand, PrimeField, leading_zeros}; + use crate::{fields::fp::FpGadget, prelude::*, test_constraint_system::TestConstraintSystem}; + use algebra::{leading_zeros, BitIterator, Field, PrimeField, UniformRand}; use r1cs_core::ConstraintSystem; #[allow(dead_code)] - pub(crate) fn field_test< - FE: Field, - ConstraintF: Field, - F: FieldGadget, - >() - { + pub(crate) fn field_test>() { let mut cs = TestConstraintSystem::::new(); let mut rng = &mut thread_rng(); @@ -469,8 +464,9 @@ pub(crate) mod tests { FE: Field, ConstraintF: Field, F: FieldGadget, - >(maxpower: usize) - { + >( + maxpower: usize, + ) { let mut cs = TestConstraintSystem::::new(); let mut rng = XorShiftRng::seed_from_u64(1231275789u64); for i in 0..(maxpower + 1) { @@ -486,8 +482,7 @@ pub(crate) mod tests { } #[allow(dead_code)] - pub(crate) fn from_bits_fp_gadget_test() - { + pub(crate) fn from_bits_fp_gadget_test() { let mut rng = thread_rng(); let mut cs = TestConstraintSystem::::new(); @@ -497,19 +492,18 @@ pub(crate) mod tests { let val = ConstraintF::rand(&mut rng); let zeros = leading_zeros(val.write_bits().as_slice()); if zeros > 1 { - break (val, zeros as usize) + break (val, zeros as usize); } }; //Positive case - let f_g_bits = Vec::::alloc( - cs.ns(|| "alloc f bits"), - || Ok(f.write_bits()[leading_zeros..].to_vec()) - ).unwrap(); - let f_g = FpGadget::::from_bits( - cs.ns(|| "pack f_g_bits"), - f_g_bits.as_slice() - ).unwrap(); + let f_g_bits = Vec::::alloc(cs.ns(|| "alloc f bits"), || { + Ok(f.write_bits()[leading_zeros..].to_vec()) + }) + .unwrap(); + let f_g = + FpGadget::::from_bits(cs.ns(|| "pack f_g_bits"), f_g_bits.as_slice()) + .unwrap(); assert_eq!(f, f_g.get_value().unwrap()); assert!(cs.is_satisfied()); @@ -521,25 +515,44 @@ pub(crate) mod tests { } else { ConstraintF::one() }; - cs.set(format!("alloc f bits/value_{}/boolean", random_bit).as_ref(), new_value); + cs.set( + format!("alloc f bits/value_{}/boolean", random_bit).as_ref(), + new_value, + ); assert!(!cs.is_satisfied()); - assert_eq!("pack f_g_bits/packing constraint", cs.which_is_unsatisfied().unwrap()); + assert_eq!( + "pack f_g_bits/packing constraint", + cs.which_is_unsatisfied().unwrap() + ); //Let's change the value of the packed variable and check that the cs is not satisfied anymore //Bringing back the modified bit's value to its original one - let prev_value = if prev_value {ConstraintF::one()} else {ConstraintF::zero()}; - cs.set(format!("alloc f bits/value_{}/boolean", random_bit).as_ref(), prev_value); + let prev_value = if prev_value { + ConstraintF::one() + } else { + ConstraintF::zero() + }; + cs.set( + format!("alloc f bits/value_{}/boolean", random_bit).as_ref(), + prev_value, + ); assert!(cs.is_satisfied()); //Situation should be back to positive case //Modify packed value - cs.set(format!("pack f_g_bits/variable/alloc").as_ref(), ConstraintF::rand(&mut rng)); + cs.set( + format!("pack f_g_bits/variable/alloc").as_ref(), + ConstraintF::rand(&mut rng), + ); assert!(!cs.is_satisfied()); - assert_eq!("pack f_g_bits/packing constraint", cs.which_is_unsatisfied().unwrap()); + assert_eq!( + "pack f_g_bits/packing constraint", + cs.which_is_unsatisfied().unwrap() + ); } #[allow(dead_code)] - pub(crate) fn bit_fp_gadgets_test(){ + pub(crate) fn bit_fp_gadgets_test() { use crate::algebra::FpParameters; let mut rng = thread_rng(); @@ -547,16 +560,16 @@ pub(crate) mod tests { //Native to_bits test let a = ConstraintF::rand(&mut rng); - let a_g = FpGadget::::alloc( - cs.ns(|| "alloc a"), - || Ok(a), - ).unwrap(); + let a_g = FpGadget::::alloc(cs.ns(|| "alloc a"), || Ok(a)).unwrap(); let a_bits = a.write_bits(); let a_g_bits = a_g.to_bits(cs.ns(|| "a_to_bits")).unwrap(); assert_eq!( a_bits, - a_g_bits.iter().map(|b| b.get_value().unwrap()).collect::>(), + a_g_bits + .iter() + .map(|b| b.get_value().unwrap()) + .collect::>(), ); //Native from_bits test @@ -565,10 +578,7 @@ pub(crate) mod tests { let a_g_bits = a_g_bits[1..].as_ref(); let a_read = ConstraintF::read_bits(a_bits).unwrap(); - let a_g_read = FpGadget::::from_bits( - cs.ns(|| "read a_g"), - a_g_bits, - ).unwrap(); + let a_g_read = FpGadget::::from_bits(cs.ns(|| "read a_g"), a_g_bits).unwrap(); assert_eq!(a_read, a_g_read.get_value().unwrap()); @@ -577,48 +587,55 @@ pub(crate) mod tests { let val = ConstraintF::rand(&mut rng); let zeros = leading_zeros(val.write_bits().as_slice()); if zeros >= 3 { - break (val, zeros) + break (val, zeros); } }; - let b_g = FpGadget::::alloc( - cs.ns(|| "alloc b"), - || Ok(b), - ).unwrap(); + let b_g = FpGadget::::alloc(cs.ns(|| "alloc b"), || Ok(b)).unwrap(); //Positive case - let b_g_restricted_bits = b_g.to_bits_with_length_restriction( - cs.ns(|| "serialize with length restriction"), - leading_zeros as usize, - ).unwrap(); + let b_g_restricted_bits = b_g + .to_bits_with_length_restriction( + cs.ns(|| "serialize with length restriction"), + leading_zeros as usize, + ) + .unwrap(); - assert_eq!(b_g_restricted_bits.len() as u32, ConstraintF::Params::MODULUS_BITS - leading_zeros); + assert_eq!( + b_g_restricted_bits.len() as u32, + ConstraintF::Params::MODULUS_BITS - leading_zeros + ); //Of course we should be able to reconstruct the original field element let b_g_read = FpGadget::::from_bits( cs.ns(|| "read b_g_restricted"), b_g_restricted_bits.as_slice(), - ).unwrap(); - b_g.enforce_equal(cs.ns(|| "should pass"), &b_g_read).unwrap(); + ) + .unwrap(); + b_g.enforce_equal(cs.ns(|| "should pass"), &b_g_read) + .unwrap(); assert!(cs.is_satisfied()); //If we cut off more bits we will reconstruct a different field element - let bad_b_g_bits = b_g.to_bits_with_length_restriction( - cs.ns(|| "serialize bad with length restriction"), - leading_zeros as usize + 1, - ).unwrap(); + let bad_b_g_bits = b_g + .to_bits_with_length_restriction( + cs.ns(|| "serialize bad with length restriction"), + leading_zeros as usize + 1, + ) + .unwrap(); let bad_b_g_read = FpGadget::::from_bits( cs.ns(|| "read bad_b_g_restricted"), bad_b_g_bits.as_slice(), - ).unwrap(); - b_g.enforce_equal(cs.ns(|| "should not pass"), &bad_b_g_read).unwrap(); + ) + .unwrap(); + b_g.enforce_equal(cs.ns(|| "should not pass"), &bad_b_g_read) + .unwrap(); assert!(!cs.is_satisfied()); } #[allow(dead_code)] - pub(crate) fn equ_verdict_fp_gadget_test() - { + pub(crate) fn equ_verdict_fp_gadget_test() { let mut rng = thread_rng(); let a = ConstraintF::rand(&mut rng); @@ -626,25 +643,24 @@ pub(crate) mod tests { { let mut cs = TestConstraintSystem::::new(); - let a_gadget = FpGadget::::alloc( - cs.ns(|| "alloc a"), - || Ok(a) - ).unwrap(); + let a_gadget = FpGadget::::alloc(cs.ns(|| "alloc a"), || Ok(a)).unwrap(); //If a == b then v = True - let b_gadget = FpGadget::::alloc( - cs.ns(|| "alloc b"), - || Ok(a.clone()) - ).unwrap(); + let b_gadget = + FpGadget::::alloc(cs.ns(|| "alloc b"), || Ok(a.clone())).unwrap(); let v = a_gadget.is_eq(cs.ns(|| "a == b"), &b_gadget).unwrap(); - v.enforce_equal(cs.ns(|| " v == True"), &Boolean::constant(true)).unwrap(); + v.enforce_equal(cs.ns(|| " v == True"), &Boolean::constant(true)) + .unwrap(); assert!(cs.is_satisfied()); //If a == b but the prover maliciously witness v as False, cs will not be satisfied cs.set("a == b/alloc verdict/boolean", ConstraintF::zero()); assert!(!cs.is_satisfied()); - assert_eq!("a == b/1 - v = c * (x - y)", cs.which_is_unsatisfied().unwrap()); + assert_eq!( + "a == b/1 - v = c * (x - y)", + cs.which_is_unsatisfied().unwrap() + ); //If a == b the prover can freely choose c without invalidating any constraint cs.set("a == b/alloc verdict/boolean", ConstraintF::one()); //Let's bring back v to True @@ -657,32 +673,36 @@ pub(crate) mod tests { { let mut cs = TestConstraintSystem::::new(); - let a_gadget = FpGadget::::alloc( - cs.ns(|| "alloc a"), - || Ok(a) - ).unwrap(); + let a_gadget = FpGadget::::alloc(cs.ns(|| "alloc a"), || Ok(a)).unwrap(); //If a != b then v = False - let b_gadget = FpGadget::::alloc( - cs.ns(|| "alloc b"), - || Ok(ConstraintF::rand(&mut rng)) - ).unwrap(); + let b_gadget = FpGadget::::alloc(cs.ns(|| "alloc b"), || { + Ok(ConstraintF::rand(&mut rng)) + }) + .unwrap(); let v = a_gadget.is_eq(cs.ns(|| "a != b"), &b_gadget).unwrap(); - v.enforce_equal(cs.ns(|| " v == False"), &Boolean::constant(false)).unwrap(); + v.enforce_equal(cs.ns(|| " v == False"), &Boolean::constant(false)) + .unwrap(); assert!(cs.is_satisfied()); //If a != b but the prover maliciously witness v as True, cs will not be satisfied cs.set("a != b/alloc verdict/boolean", ConstraintF::one()); assert!(!cs.is_satisfied()); - assert_eq!("a != b/0 = v * (x - y)/conditional_equals", cs.which_is_unsatisfied().unwrap()); + assert_eq!( + "a != b/0 = v * (x - y)/conditional_equals", + cs.which_is_unsatisfied().unwrap() + ); //If a != b the prover is forced to choose c as 1/(a-b) cs.set("a != b/alloc verdict/boolean", ConstraintF::zero()); //Let's bring back v to False assert!(cs.is_satisfied()); //Situation should be back to normal cs.set("a != b/alloc c/alloc", ConstraintF::rand(&mut rng)); //Let's choose a random c assert!(!cs.is_satisfied()); - assert_eq!("a != b/1 - v = c * (x - y)", cs.which_is_unsatisfied().unwrap()); + assert_eq!( + "a != b/1 - v = c * (x - y)", + cs.which_is_unsatisfied().unwrap() + ); } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/fields/quadratic_extension.rs b/r1cs/gadgets/std/src/fields/quadratic_extension.rs index 0e22a949b..6a33e0bfb 100644 --- a/r1cs/gadgets/std/src/fields/quadratic_extension.rs +++ b/r1cs/gadgets/std/src/fields/quadratic_extension.rs @@ -1,14 +1,14 @@ use algebra::{ - QuadExtField, QuadExtParameters, - biginteger::arithmetic::find_wnaf, - Field, PrimeField, SquareRootField + biginteger::arithmetic::find_wnaf, Field, PrimeField, QuadExtField, QuadExtParameters, + SquareRootField, }; use r1cs_core::{ConstraintSystem, SynthesisError}; use std::{borrow::Borrow, marker::PhantomData}; use crate::{fields::FieldGadget, prelude::*}; -pub trait QuadExtParametersGadget: QuadExtParameters +pub trait QuadExtParametersGadget: + QuadExtParameters { type BaseFieldGadget: FieldGadget; @@ -30,24 +30,31 @@ pub trait QuadExtParametersGadget: QuadExtParameters, ) -> Result, SynthesisError> - where - ConstraintF: PrimeField + SquareRootField, + where + ConstraintF: PrimeField + SquareRootField, { fe.square(cs) } } #[derive(Derivative)] -#[derivative(Debug(bound = "P: QuadExtParametersGadget, ConstraintF: PrimeField + SquareRootField"))] +#[derivative(Debug( + bound = "P: QuadExtParametersGadget, ConstraintF: PrimeField + SquareRootField" +))] #[must_use] -pub struct QuadExtFieldGadget, ConstraintF: PrimeField + SquareRootField> { +pub struct QuadExtFieldGadget< + P: QuadExtParametersGadget, + ConstraintF: PrimeField + SquareRootField, +> { pub c0: P::BaseFieldGadget, pub c1: P::BaseFieldGadget, #[derivative(Debug = "ignore")] _params: PhantomData

, } -impl, ConstraintF: PrimeField + SquareRootField> QuadExtFieldGadget { +impl, ConstraintF: PrimeField + SquareRootField> + QuadExtFieldGadget +{ pub fn new(c0: P::BaseFieldGadget, c1: P::BaseFieldGadget) -> Self { Self { c0, @@ -88,7 +95,7 @@ impl, ConstraintF: PrimeField + SquareRo for (j, &value) in naf.iter().rev().enumerate() { if found_nonzero { - res = P::cyclotomic_square_gadget(cs.ns(||format!("res_square_{:?}", j)), &res)?; + res = P::cyclotomic_square_gadget(cs.ns(|| format!("res_square_{:?}", j)), &res)?; } if value != 0 { found_nonzero = true; @@ -457,7 +464,11 @@ impl, ConstraintF: PrimeField + SquareRo self.c0.frobenius_map_in_place(&mut cs.ns(|| "c0"), power)?; self.c1.frobenius_map_in_place(&mut cs.ns(|| "c1"), power)?; - P::mul_base_field_gadget_by_frobenius_coeff(&mut cs.ns(|| "c1_power"), &mut self.c1, power)?; + P::mul_base_field_gadget_by_frobenius_coeff( + &mut cs.ns(|| "c1_power"), + &mut self.c1, + power, + )?; Ok(self) } @@ -475,25 +486,28 @@ impl, ConstraintF: PrimeField + SquareRo } impl, ConstraintF: PrimeField + SquareRootField> PartialEq -for QuadExtFieldGadget + for QuadExtFieldGadget { fn eq(&self, other: &Self) -> bool { self.c0 == other.c0 && self.c1 == other.c1 } } -impl, ConstraintF: PrimeField + SquareRootField> Eq for QuadExtFieldGadget {} +impl, ConstraintF: PrimeField + SquareRootField> Eq + for QuadExtFieldGadget +{ +} -impl, ConstraintF: PrimeField + SquareRootField> EqGadget -for QuadExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + EqGadget for QuadExtFieldGadget { fn is_eq>( &self, mut cs: CS, - other: &Self + other: &Self, ) -> Result { let b0 = self.c0.is_eq(cs.ns(|| "c0"), &other.c0)?; - let b1 = self.c1.is_eq(cs.ns(|| "c1"),&other.c1)?; + let b1 = self.c1.is_eq(cs.ns(|| "c1"), &other.c1)?; Boolean::and(cs.ns(|| "b0 AND b1"), &b0, &b1) } @@ -502,10 +516,12 @@ for QuadExtFieldGadget &self, mut cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - self.c0.conditional_enforce_equal(cs.ns(|| "c0"),&other.c0, should_enforce)?; - self.c1.conditional_enforce_equal(cs.ns(|| "c1"),&other.c1, should_enforce)?; + self.c0 + .conditional_enforce_equal(cs.ns(|| "c0"), &other.c0, should_enforce)?; + self.c1 + .conditional_enforce_equal(cs.ns(|| "c1"), &other.c1, should_enforce)?; Ok(()) } @@ -514,16 +530,23 @@ for QuadExtFieldGadget &self, mut cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { let is_equal = self.is_eq(cs.ns(|| "is_eq(self, other)"), other)?; - Boolean::and(cs.ns(|| "is_equal AND should_enforce"), &is_equal, should_enforce)? - .enforce_equal(cs.ns(|| "is_equal AND should_enforce == false"), &Boolean::Constant(false)) + Boolean::and( + cs.ns(|| "is_equal AND should_enforce"), + &is_equal, + should_enforce, + )? + .enforce_equal( + cs.ns(|| "is_equal AND should_enforce == false"), + &Boolean::Constant(false), + ) } } -impl, ConstraintF: PrimeField + SquareRootField> ToBitsGadget -for QuadExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + ToBitsGadget for QuadExtFieldGadget { fn to_bits>( &self, @@ -546,8 +569,8 @@ for QuadExtFieldGadget } } -impl, ConstraintF: PrimeField + SquareRootField> ToBytesGadget -for QuadExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + ToBytesGadget for QuadExtFieldGadget { fn to_bytes>( &self, @@ -571,19 +594,19 @@ for QuadExtFieldGadget } impl, ConstraintF: PrimeField + SquareRootField> Clone -for QuadExtFieldGadget + for QuadExtFieldGadget { fn clone(&self) -> Self { Self { - c0: self.c0.clone(), - c1: self.c1.clone(), + c0: self.c0.clone(), + c1: self.c1.clone(), _params: PhantomData, } } } -impl, ConstraintF: PrimeField + SquareRootField> CondSelectGadget -for QuadExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + CondSelectGadget for QuadExtFieldGadget { #[inline] fn conditionally_select>( @@ -613,8 +636,8 @@ for QuadExtFieldGadget } } -impl, ConstraintF: PrimeField + SquareRootField> TwoBitLookupGadget -for QuadExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + TwoBitLookupGadget for QuadExtFieldGadget { type TableConstant = QuadExtField

; fn two_bit_lookup>( @@ -633,8 +656,8 @@ for QuadExtFieldGadget mut cs: CS, precomp: &Boolean, b: &[Boolean], - c: &[Self::TableConstant]) - -> Result { + c: &[Self::TableConstant], + ) -> Result { let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); let c0 = P::BaseFieldGadget::two_bit_lookup_lc(cs.ns(|| "Lookup c0"), precomp, b, &c0s)?; @@ -648,7 +671,7 @@ for QuadExtFieldGadget } impl, ConstraintF: PrimeField + SquareRootField> -ThreeBitCondNegLookupGadget for QuadExtFieldGadget + ThreeBitCondNegLookupGadget for QuadExtFieldGadget { type TableConstant = QuadExtField

; @@ -660,8 +683,10 @@ ThreeBitCondNegLookupGadget for QuadExtFieldGadget ) -> Result { let c0s = c.iter().map(|f| f.c0).collect::>(); let c1s = c.iter().map(|f| f.c1).collect::>(); - let c0 = P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c0"), b, b0b1, &c0s)?; - let c1 = P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c1"), b, b0b1, &c1s)?; + let c0 = + P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c0"), b, b0b1, &c0s)?; + let c1 = + P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c1"), b, b0b1, &c1s)?; Ok(Self::new(c0, c1)) } @@ -670,23 +695,23 @@ ThreeBitCondNegLookupGadget for QuadExtFieldGadget } } -impl, ConstraintF: PrimeField + SquareRootField> AllocGadget, ConstraintF> -for QuadExtFieldGadget +impl, ConstraintF: PrimeField + SquareRootField> + AllocGadget, ConstraintF> for QuadExtFieldGadget { #[inline] fn alloc>( mut cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let (c0, c1) = match value_gen() { Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -703,15 +728,15 @@ for QuadExtFieldGadget mut cs: CS, value_gen: F, ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, + where + F: FnOnce() -> Result, + T: Borrow>, { let (c0, c1) = match value_gen() { Ok(fe) => { let fe = *fe.borrow(); (Ok(fe.c0), Ok(fe.c1)) - }, + } Err(_) => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -725,14 +750,10 @@ for QuadExtFieldGadget } impl, ConstraintF: PrimeField + SquareRootField> -ConstantGadget, ConstraintF> for QuadExtFieldGadget + ConstantGadget, ConstraintF> for QuadExtFieldGadget { #[inline] - fn from_value>( - mut cs: CS, - value: &QuadExtField

, - ) -> Self - { + fn from_value>(mut cs: CS, value: &QuadExtField

) -> Self { let c0 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c0"), &value.c0); let c1 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c1"), &value.c1); Self::new(c0, c1) @@ -742,4 +763,4 @@ ConstantGadget, ConstraintF> for QuadExtFieldGadget QuadExtField

{ self.get_value().unwrap() } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bls12/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bls12/mod.rs index 84ee802f8..896d10ee6 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bls12/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bls12/mod.rs @@ -1,6 +1,7 @@ use algebra::{ curves::bls12::{Bls12Parameters, G1Prepared, TwistType}, - fields::Field, BitIterator, ProjectiveCurve, + fields::Field, + BitIterator, ProjectiveCurve, }; use r1cs_core::{ConstraintSystem, SynthesisError}; @@ -29,9 +30,7 @@ pub struct G1PreparedGadget(pub G1Gadget

); impl G1PreparedGadget

{ pub fn get_value(&self) -> Option> { - Some(G1Prepared::from( - self.0.get_value().unwrap().into_affine(), - )) + Some(G1Prepared::from(self.0.get_value().unwrap().into_affine())) } pub fn from_affine>( @@ -180,4 +179,4 @@ impl G2PreparedGadget

{ TwistType::D => Ok((f, g)), } } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bn/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bn/mod.rs index 4dd293c01..27f55e948 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bn/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bn/mod.rs @@ -19,12 +19,12 @@ pub type G1Gadget

= AffineGadget< >; pub type G2Gadget

= -AffineGadget<

::G2Parameters,

::Fp, Fp2G

>; + AffineGadget<

::G2Parameters,

::Fp, Fp2G

>; #[derive(Derivative)] #[derivative( -Clone(bound = "G1Gadget

: Clone"), -Debug(bound = "G1Gadget

: Debug") + Clone(bound = "G1Gadget

: Clone"), + Debug(bound = "G1Gadget

: Debug") )] pub struct G1PreparedGadget(pub G1Gadget

); @@ -52,7 +52,7 @@ impl ToBytesGadget for G1PreparedGadget

{ fn to_bytes_strict>( &self, - mut cs: CS + mut cs: CS, ) -> Result, SynthesisError> { self.0.to_bytes_strict(&mut cs.ns(|| "g_alpha to bytes")) } @@ -62,15 +62,14 @@ type Fp2G

= Fp2Gadget<

::Fp2Params,

::Fp type LCoeff

= (Fp2G

, Fp2G

); #[derive(Derivative)] #[derivative( -Clone(bound = "Fp2Gadget: Clone"), -Debug(bound = "Fp2Gadget: Debug") + Clone(bound = "Fp2Gadget: Clone"), + Debug(bound = "Fp2Gadget: Debug") )] pub struct G2PreparedGadget { pub ell_coeffs: Vec>, } impl ToBytesGadget for G2PreparedGadget

{ - #[inline] fn to_bytes>( &self, @@ -87,7 +86,7 @@ impl ToBytesGadget for G2PreparedGadget

{ fn to_bytes_strict>( &self, - mut cs: CS + mut cs: CS, ) -> Result, SynthesisError> { let mut bytes = Vec::new(); for (i, coeffs) in self.ell_coeffs.iter().enumerate() { @@ -101,7 +100,7 @@ impl ToBytesGadget for G2PreparedGadget

{ fn mul_by_char>( mut cs: CS, - q: &G2Gadget

+ q: &G2Gadget

, ) -> Result, SynthesisError> { let mut s = q.clone(); s.x.frobenius_map_in_place(cs.ns(|| "s.x.frobenius_map_1"), 1)?; @@ -132,7 +131,7 @@ impl G2PreparedGadget

{ match bit { 1 => ell_coeffs.push(Self::add(cs.ns(|| "add_q"), &mut r, &q)?), -1 => ell_coeffs.push(Self::add(cs.ns(|| "add_neg_q"), &mut r, &negq)?), - _ => continue + _ => continue, } } diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt4/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt4/mod.rs index 058b77dc6..97f9bda60 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt4/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt4/mod.rs @@ -1,43 +1,37 @@ use algebra::Field; -use crate::{fields::{ - FieldGadget, fp::FpGadget, fp2::Fp2Gadget, -}, groups::curves::short_weierstrass::short_weierstrass_projective::AffineGadget, - bits::uint8::UInt8, Assignment, +use crate::{ alloc::AllocGadget, - ToBytesGadget, + bits::uint8::UInt8, + fields::{fp::FpGadget, fp2::Fp2Gadget, FieldGadget}, + groups::curves::short_weierstrass::short_weierstrass_projective::AffineGadget, + Assignment, ToBytesGadget, }; -use r1cs_core::{ConstraintSystem, SynthesisError}; +use crate::bits::boolean::Boolean; use algebra::curves::models::mnt4::MNT4Parameters; +use r1cs_core::{ConstraintSystem, SynthesisError}; use std::fmt::Debug; use std::ops::Mul; -use crate::bits::boolean::Boolean; -pub type G1Gadget

= AffineGadget< -

::G1Parameters, -

::Fp, - FpG

->; -pub type G2Gadget

= AffineGadget< -

::G2Parameters, -

::Fp, - Fp2G

->; +pub type G1Gadget

= + AffineGadget<

::G1Parameters,

::Fp, FpG

>; +pub type G2Gadget

= + AffineGadget<

::G2Parameters,

::Fp, Fp2G

>; type FpG

= FpGadget<

::Fp>; type Fp2G

= Fp2Gadget<

::Fp2Params,

::Fp>; #[derive(Derivative)] #[derivative( -Clone(bound = "FpGadget: Clone"), -Clone(bound = "Fp2Gadget: Clone"), -Debug(bound = "FpGadget: Debug"), -Debug(bound = "Fp2Gadget: Debug"), + Clone(bound = "FpGadget: Clone"), + Clone(bound = "Fp2Gadget: Clone"), + Debug(bound = "FpGadget: Debug"), + Debug(bound = "Fp2Gadget: Debug") )] pub struct G1PreparedGadget { - pub p: G1Gadget

, - pub p_y_twist_squared: Fp2G

, + pub p: G1Gadget

, + pub p_y_twist_squared: Fp2G

, } impl G1PreparedGadget

{ @@ -45,91 +39,128 @@ impl G1PreparedGadget

{ mut cs: CS, value: &G1Gadget

, ) -> Result { - let p = value.clone(); let twist_squared = P::TWIST.square(); - let c0 = p.y.mul_by_constant(cs.ns(||"p.y * twist_squared.c0"), &twist_squared.c0)?; - let c1 = p.y.mul_by_constant(cs.ns(||"p.y * twist_squared.c1"), &twist_squared.c1)?; + let c0 = + p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c0"), &twist_squared.c0)?; + let c1 = + p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c1"), &twist_squared.c1)?; let p_y_twist_squared = Fp2G::

::new(c0, c1); - Ok(G1PreparedGadget{p, p_y_twist_squared}) + Ok(G1PreparedGadget { + p, + p_y_twist_squared, + }) } } impl ToBytesGadget for G1PreparedGadget

{ #[inline] - fn to_bytes>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut p = self.p.to_bytes(&mut cs.ns(|| "p to bytes"))?; - p.extend_from_slice(&self.p_y_twist_squared.to_bytes(&mut cs.ns(|| "p_y_twist_squared to bytes"))?); + p.extend_from_slice( + &self + .p_y_twist_squared + .to_bytes(&mut cs.ns(|| "p_y_twist_squared to bytes"))?, + ); Ok(p) } - fn to_bytes_strict>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes_strict>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut p = self.p.to_bytes_strict(&mut cs.ns(|| "p to bytes"))?; - p.extend_from_slice(&self.p_y_twist_squared.to_bytes_strict(&mut cs.ns(|| "p_y_twist_squared to bytes"))?); + p.extend_from_slice( + &self + .p_y_twist_squared + .to_bytes_strict(&mut cs.ns(|| "p_y_twist_squared to bytes"))?, + ); Ok(p) } } #[derive(Derivative)] #[derivative( -Clone(bound = "Fp2Gadget: Clone"), -Debug(bound = "Fp2Gadget: Debug") + Clone(bound = "Fp2Gadget: Clone"), + Debug(bound = "Fp2Gadget: Debug") )] pub struct G2CoefficientsGadget { - pub(crate) r_y: Fp2G

, - pub(crate) gamma: Fp2G

, - pub(crate) gamma_x: Fp2G

, + pub(crate) r_y: Fp2G

, + pub(crate) gamma: Fp2G

, + pub(crate) gamma_x: Fp2G

, } impl ToBytesGadget for G2CoefficientsGadget

{ #[inline] - fn to_bytes>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut x = self.r_y.to_bytes(&mut cs.ns(|| "r_y to bytes"))?; x.extend_from_slice(&self.gamma.to_bytes(&mut cs.ns(|| "gamma to bytes"))?); x.extend_from_slice(&self.gamma_x.to_bytes(&mut cs.ns(|| "gamma_x to bytes"))?); Ok(x) } - fn to_bytes_strict>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes_strict>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut x = self.r_y.to_bytes_strict(&mut cs.ns(|| "r_y to bytes"))?; - x.extend_from_slice(&self.gamma.to_bytes_strict(&mut cs.ns(|| "gamma to bytes"))?); - x.extend_from_slice(&self.gamma_x.to_bytes_strict(&mut cs.ns(|| "gamma_x to bytes"))?); + x.extend_from_slice( + &self + .gamma + .to_bytes_strict(&mut cs.ns(|| "gamma to bytes"))?, + ); + x.extend_from_slice( + &self + .gamma_x + .to_bytes_strict(&mut cs.ns(|| "gamma_x to bytes"))?, + ); Ok(x) } } #[derive(Derivative)] #[derivative( -Clone(bound = "Fp2Gadget: Clone"), -Debug(bound = "Fp2Gadget: Debug") + Clone(bound = "Fp2Gadget: Clone"), + Debug(bound = "Fp2Gadget: Debug") )] -pub struct G2PreparedGadget{ - pub q: G2Gadget

, - pub coeffs: Vec> +pub struct G2PreparedGadget { + pub q: G2Gadget

, + pub coeffs: Vec>, } -implG2PreparedGadget

{ +impl G2PreparedGadget

{ pub fn from_affine>( mut cs: CS, value: &G2Gadget

, ) -> Result { - let mut s = value.clone(); - let mut g2p = G2PreparedGadget{ + let mut g2p = G2PreparedGadget { q: s.clone(), - coeffs: vec![] + coeffs: vec![], }; - for (i, &n) in P::WNAF.iter().rev().enumerate(){ - + for (i, &n) in P::WNAF.iter().rev().enumerate() { let mut cs = cs.ns(|| format!("Iteration {}", i)); - let (s2, c) = Self::doubling_step_for_flipped_miller_loop(cs.ns(|| "double"), &s.clone())?; + let (s2, c) = + Self::doubling_step_for_flipped_miller_loop(cs.ns(|| "double"), &s.clone())?; g2p.coeffs.push(c); s = s2; if n != 0 { - let (s2, c) = Self::mixed_addition_step_for_flipped_miller_loop(cs.ns(|| "add"), &value.x, &value.y, &s.clone(), n)?; + let (s2, c) = Self::mixed_addition_step_for_flipped_miller_loop( + cs.ns(|| "add"), + &value.x, + &value.y, + &s.clone(), + n, + )?; g2p.coeffs.push(c); s = s2; } @@ -140,19 +171,21 @@ implG2PreparedGadget

{ fn doubling_step_for_flipped_miller_loop>( mut cs: CS, s: &G2Gadget

, - ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> - { + ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> { //Compute gamma - let s_x_squared = s.x.square(cs.ns(||"s_x^2"))?; + let s_x_squared = s.x.square(cs.ns(|| "s_x^2"))?; let three_sx_squared_plus_a = s_x_squared .double(cs.ns(|| "2s_x^2"))? .add(cs.ns(|| "3s_x^2"), &s_x_squared)? .add_constant(cs.ns(|| "3s_x^2 + a"), &P::TWIST_COEFF_A)?; - let two_sy = s.y.double(cs.ns(||"2s_y"))?; + let two_sy = s.y.double(cs.ns(|| "2s_y"))?; let gamma = Fp2G::

::alloc(cs.ns(|| "gamma"), || { - Ok(three_sx_squared_plus_a.get_value().get()?.mul(&two_sy.get_value().get()?.inverse().get()?)) + Ok(three_sx_squared_plus_a + .get_value() + .get()? + .mul(&two_sy.get_value().get()?.inverse().get()?)) })?; //Check gamma (gamma*2s_y = sx^2 + 3a) @@ -163,16 +196,21 @@ implG2PreparedGadget

{ //Compute and check new_sx let two_sx = s.x.double(cs.ns(|| "2s_x"))?; - let new_sx = gamma.square(cs.ns(|| "gamma^2"))? + let new_sx = gamma + .square(cs.ns(|| "gamma^2"))? .sub(cs.ns(|| "gamma^2 - 2s_x"), &two_sx)?; //Compute and check new_sy - let new_sy = s.x - .sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? - .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? - .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; - - let c = G2CoefficientsGadget{r_y: s.y.clone(), gamma, gamma_x}; + let new_sy = + s.x.sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? + .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? + .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; + + let c = G2CoefficientsGadget { + r_y: s.y.clone(), + gamma, + gamma_x, + }; let s2 = G2Gadget::

::new(new_sx, new_sy, Boolean::constant(false)); Ok((s2, c)) @@ -184,15 +222,13 @@ implG2PreparedGadget

{ y: &Fp2G

, s: &G2Gadget

, naf_i: i32, - ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> - { + ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> { //Compute gamma - let sx_minus_x = s.x - .sub(cs.ns(|| "s_x - x"), &x)?; + let sx_minus_x = s.x.sub(cs.ns(|| "s_x - x"), &x)?; - let sy_plus_y = s.y.add(cs.ns(||"(s_y + y)"), &y)?; + let sy_plus_y = s.y.add(cs.ns(|| "(s_y + y)"), &y)?; let sy_minus_y = s.y.sub(cs.ns(|| "(s_y - y)"), &y)?; - let numerator = if naf_i > 0 {sy_minus_y} else {sy_plus_y}; + let numerator = if naf_i > 0 { sy_minus_y } else { sy_plus_y }; let gamma = Fp2G::

::alloc(cs.ns(|| "Compute gamma"), || { let sx_minus_x_inv = sx_minus_x.get_value().get()?.inverse().get()?; @@ -200,50 +236,63 @@ implG2PreparedGadget

{ })?; //Check gamma - gamma.mul_equals(cs.ns(||"Check gamma"), &sx_minus_x, &numerator)?; + gamma.mul_equals(cs.ns(|| "Check gamma"), &sx_minus_x, &numerator)?; //Compute and check gamma_x let gamma_x = gamma.mul(cs.ns(|| "Compute gamma_x"), &x)?; //Compute and check new_sx - let new_sx = gamma.square(cs.ns(|| "gamma^2"))? + let new_sx = gamma + .square(cs.ns(|| "gamma^2"))? .sub(cs.ns(|| "gamma^2 - s_x"), &s.x)? .sub(cs.ns(|| "gamma^2 - s_x - x"), &x)?; //Compute and check new_sy - let new_sy = s.x - .sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? - .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? - .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; - - let c = G2CoefficientsGadget{r_y: s.y.clone(), gamma, gamma_x}; + let new_sy = + s.x.sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? + .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? + .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; + + let c = G2CoefficientsGadget { + r_y: s.y.clone(), + gamma, + gamma_x, + }; let s2 = G2Gadget::

::new(new_sx, new_sy, Boolean::constant(false)); Ok((s2, c)) } } -impl ToBytesGadget for G2PreparedGadget

-{ +impl ToBytesGadget for G2PreparedGadget

{ #[inline] - fn to_bytes>(&self, mut cs: CS) -> Result, SynthesisError> - { + fn to_bytes>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut x = self.q.to_bytes(&mut cs.ns(|| "q to bytes"))?; for (i, c) in self.coeffs.iter().enumerate() { - x.extend_from_slice(&c.to_bytes(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?); + x.extend_from_slice( + &c.to_bytes(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?, + ); } Ok(x) } - fn to_bytes_strict>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes_strict>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut x = self.q.to_bytes_strict(&mut cs.ns(|| "q to bytes"))?; for (i, c) in self.coeffs.iter().enumerate() { - x.extend_from_slice(&c.to_bytes_strict(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?); + x.extend_from_slice( + &c.to_bytes_strict(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?, + ); } Ok(x) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt6/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt6/mod.rs index b8f81d5fa..281420ed4 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt6/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt6/mod.rs @@ -1,42 +1,39 @@ use algebra::Field; -use crate::{fields::{ - FieldGadget, fp::FpGadget, fp3::Fp3Gadget, -}, groups::curves::short_weierstrass::short_weierstrass_projective::AffineGadget, - bits::ToBytesGadget, alloc::AllocGadget, - bits::uint8::UInt8, Assignment}; +use crate::{ + alloc::AllocGadget, + bits::uint8::UInt8, + bits::ToBytesGadget, + fields::{fp::FpGadget, fp3::Fp3Gadget, FieldGadget}, + groups::curves::short_weierstrass::short_weierstrass_projective::AffineGadget, + Assignment, +}; -use r1cs_core::{ConstraintSystem, SynthesisError}; use algebra::curves::models::mnt6::MNT6Parameters; +use r1cs_core::{ConstraintSystem, SynthesisError}; +use crate::bits::boolean::Boolean; use std::fmt::Debug; use std::ops::Mul; -use crate::bits::boolean::Boolean; -pub type G1Gadget

= AffineGadget< -

::G1Parameters, -

::Fp, - FpG

->; -pub type G2Gadget

= AffineGadget< -

::G2Parameters, -

::Fp, - Fp3G

->; +pub type G1Gadget

= + AffineGadget<

::G1Parameters,

::Fp, FpG

>; +pub type G2Gadget

= + AffineGadget<

::G2Parameters,

::Fp, Fp3G

>; type FpG

= FpGadget<

::Fp>; type Fp3G

= Fp3Gadget<

::Fp3Params,

::Fp>; #[derive(Derivative)] #[derivative( -Clone(bound = "FpGadget: Clone"), -Clone(bound = "Fp3Gadget: Clone"), -Debug(bound = "FpGadget: Debug"), -Debug(bound = "Fp3Gadget: Debug"), + Clone(bound = "FpGadget: Clone"), + Clone(bound = "Fp3Gadget: Clone"), + Debug(bound = "FpGadget: Debug"), + Debug(bound = "Fp3Gadget: Debug") )] pub struct G1PreparedGadget { - pub p: G1Gadget

, - pub p_y_twist_squared: Fp3G

, + pub p: G1Gadget

, + pub p_y_twist_squared: Fp3G

, } impl G1PreparedGadget

{ @@ -44,96 +41,133 @@ impl G1PreparedGadget

{ mut cs: CS, value: &G1Gadget

, ) -> Result { - let p = value.clone(); //Compute and check p_y_twist_squared let twist_squared = P::TWIST.square(); - let c0 = p.y.mul_by_constant(cs.ns(||"p.y * twist_squared.c0"), &twist_squared.c0)?; - let c1 = p.y.mul_by_constant(cs.ns(||"p.y * twist_squared.c1"), &twist_squared.c1)?; - let c2 = p.y.mul_by_constant(cs.ns(||"p.y * twist_squared.c2"), &twist_squared.c2)?; + let c0 = + p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c0"), &twist_squared.c0)?; + let c1 = + p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c1"), &twist_squared.c1)?; + let c2 = + p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c2"), &twist_squared.c2)?; let p_y_twist_squared = Fp3G::

::new(c0, c1, c2); - - Ok(G1PreparedGadget{p, p_y_twist_squared}) + Ok(G1PreparedGadget { + p, + p_y_twist_squared, + }) } } impl ToBytesGadget for G1PreparedGadget

{ #[inline] - fn to_bytes>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut p = self.p.to_bytes(&mut cs.ns(|| "p to bytes"))?; - p.extend_from_slice(&self.p_y_twist_squared.to_bytes(&mut cs.ns(|| "p_y_twist_squared to bytes"))?); + p.extend_from_slice( + &self + .p_y_twist_squared + .to_bytes(&mut cs.ns(|| "p_y_twist_squared to bytes"))?, + ); Ok(p) } - fn to_bytes_strict>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes_strict>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut p = self.p.to_bytes_strict(&mut cs.ns(|| "p to bytes"))?; - p.extend_from_slice(&self.p_y_twist_squared.to_bytes_strict(&mut cs.ns(|| "p_y_twist_squared to bytes"))?); + p.extend_from_slice( + &self + .p_y_twist_squared + .to_bytes_strict(&mut cs.ns(|| "p_y_twist_squared to bytes"))?, + ); Ok(p) } } #[derive(Derivative)] #[derivative( -Clone(bound = "Fp3Gadget: Clone"), -Debug(bound = "Fp3Gadget: Debug") + Clone(bound = "Fp3Gadget: Clone"), + Debug(bound = "Fp3Gadget: Debug") )] pub struct G2CoefficientsGadget { - pub(crate) r_y: Fp3G

, - pub(crate) gamma: Fp3G

, - pub(crate) gamma_x: Fp3G

, + pub(crate) r_y: Fp3G

, + pub(crate) gamma: Fp3G

, + pub(crate) gamma_x: Fp3G

, } impl ToBytesGadget for G2CoefficientsGadget

{ #[inline] - fn to_bytes>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut x = self.r_y.to_bytes(&mut cs.ns(|| "r_y to bytes"))?; x.extend_from_slice(&self.gamma.to_bytes(&mut cs.ns(|| "gamma to bytes"))?); x.extend_from_slice(&self.gamma_x.to_bytes(&mut cs.ns(|| "gamma_x to bytes"))?); Ok(x) } - fn to_bytes_strict>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes_strict>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut x = self.r_y.to_bytes_strict(&mut cs.ns(|| "r_y to bytes"))?; - x.extend_from_slice(&self.gamma.to_bytes_strict(&mut cs.ns(|| "gamma to bytes"))?); - x.extend_from_slice(&self.gamma_x.to_bytes_strict(&mut cs.ns(|| "gamma_x to bytes"))?); + x.extend_from_slice( + &self + .gamma + .to_bytes_strict(&mut cs.ns(|| "gamma to bytes"))?, + ); + x.extend_from_slice( + &self + .gamma_x + .to_bytes_strict(&mut cs.ns(|| "gamma_x to bytes"))?, + ); Ok(x) } } #[derive(Derivative)] #[derivative( -Clone(bound = "Fp3Gadget: Clone"), -Debug(bound = "Fp3Gadget: Debug") + Clone(bound = "Fp3Gadget: Clone"), + Debug(bound = "Fp3Gadget: Debug") )] -pub struct G2PreparedGadget{ - pub q: G2Gadget

, - pub coeffs: Vec> +pub struct G2PreparedGadget { + pub q: G2Gadget

, + pub coeffs: Vec>, } -implG2PreparedGadget

{ +impl G2PreparedGadget

{ pub fn from_affine>( mut cs: CS, value: &G2Gadget

, ) -> Result { - let mut s = value.clone(); - let mut g2p = G2PreparedGadget{ + let mut g2p = G2PreparedGadget { q: s.clone(), - coeffs: vec![] + coeffs: vec![], }; - for (i, &n) in P::WNAF.iter().rev().enumerate(){ - + for (i, &n) in P::WNAF.iter().rev().enumerate() { let mut cs = cs.ns(|| format!("Iteration {}", i)); - let (s2, c) = Self::doubling_step_for_flipped_miller_loop(cs.ns(|| "double"), &s.clone())?; + let (s2, c) = + Self::doubling_step_for_flipped_miller_loop(cs.ns(|| "double"), &s.clone())?; g2p.coeffs.push(c); s = s2; if n != 0 { - let (s2, c) = Self::mixed_addition_step_for_flipped_miller_loop(cs.ns(|| "add"), &value.x, &value.y, &s.clone(), n)?; + let (s2, c) = Self::mixed_addition_step_for_flipped_miller_loop( + cs.ns(|| "add"), + &value.x, + &value.y, + &s.clone(), + n, + )?; g2p.coeffs.push(c); s = s2; } @@ -144,19 +178,21 @@ implG2PreparedGadget

{ fn doubling_step_for_flipped_miller_loop>( mut cs: CS, s: &G2Gadget

, - ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> - { + ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> { //Compute gamma - let s_x_squared = s.x.square(cs.ns(||"s_x^2"))?; + let s_x_squared = s.x.square(cs.ns(|| "s_x^2"))?; let three_sx_squared_plus_a = s_x_squared .double(cs.ns(|| "2s_x^2"))? .add(cs.ns(|| "3s_x^2"), &s_x_squared)? .add_constant(cs.ns(|| "3s_x^2 + a"), &P::TWIST_COEFF_A)?; - let two_sy = s.y.double(cs.ns(||"2s_y"))?; + let two_sy = s.y.double(cs.ns(|| "2s_y"))?; let gamma = Fp3G::

::alloc(cs.ns(|| "gamma"), || { - Ok(three_sx_squared_plus_a.get_value().get()?.mul(&two_sy.get_value().get()?.inverse().get()?)) + Ok(three_sx_squared_plus_a + .get_value() + .get()? + .mul(&two_sy.get_value().get()?.inverse().get()?)) })?; //Check gamma (gamma*2s_y = 3sx^2 + a) @@ -167,16 +203,21 @@ implG2PreparedGadget

{ //Compute new_sx let two_sx = s.x.double(cs.ns(|| "2s_x"))?; - let new_sx = gamma.square(cs.ns(|| "gamma^2"))? + let new_sx = gamma + .square(cs.ns(|| "gamma^2"))? .sub(cs.ns(|| "gamma^2 - 2s_x"), &two_sx)?; //Compute and check new_sy - let new_sy = s.x - .sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? - .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? - .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; - - let c = G2CoefficientsGadget{r_y: s.y.clone(), gamma, gamma_x}; + let new_sy = + s.x.sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? + .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? + .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; + + let c = G2CoefficientsGadget { + r_y: s.y.clone(), + gamma, + gamma_x, + }; let s2 = G2Gadget::

::new(new_sx, new_sy, Boolean::constant(false)); Ok((s2, c)) @@ -188,15 +229,13 @@ implG2PreparedGadget

{ y: &Fp3G

, s: &G2Gadget

, naf_i: i32, - ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> - { + ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> { //Compute gamma - let sx_minus_x = s.x - .sub(cs.ns(|| "s_x - x"), &x)?; + let sx_minus_x = s.x.sub(cs.ns(|| "s_x - x"), &x)?; - let sy_plus_y = s.y.add(cs.ns(||"(s_y + y)"), &y)?; + let sy_plus_y = s.y.add(cs.ns(|| "(s_y + y)"), &y)?; let sy_minus_y = s.y.sub(cs.ns(|| "(s_y - y)"), &y)?; - let numerator = if naf_i > 0 {sy_minus_y} else {sy_plus_y}; + let numerator = if naf_i > 0 { sy_minus_y } else { sy_plus_y }; let gamma = Fp3G::

::alloc(cs.ns(|| "Compute gamma"), || { let sx_minus_x_inv = sx_minus_x.get_value().get()?.inverse().get()?; @@ -204,48 +243,61 @@ implG2PreparedGadget

{ })?; //Check gamma - gamma.mul_equals(cs.ns(||"Check gamma"), &sx_minus_x, &numerator)?; + gamma.mul_equals(cs.ns(|| "Check gamma"), &sx_minus_x, &numerator)?; //Compute and check gamma_x let gamma_x = gamma.mul(cs.ns(|| "Compute gamma_x"), &x)?; //Compute and check new_sx - let new_sx = gamma.square(cs.ns(|| "gamma^2"))? + let new_sx = gamma + .square(cs.ns(|| "gamma^2"))? .sub(cs.ns(|| "gamma^2 - s_x"), &s.x)? .sub(cs.ns(|| "gamma^2 - s_x - x"), &x)?; //Compute and check new_sy - let new_sy = s.x - .sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? - .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? - .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; - - let c = G2CoefficientsGadget{r_y: s.y.clone(), gamma, gamma_x}; + let new_sy = + s.x.sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? + .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? + .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; + + let c = G2CoefficientsGadget { + r_y: s.y.clone(), + gamma, + gamma_x, + }; let s2 = G2Gadget::

::new(new_sx, new_sy, Boolean::constant(false)); Ok((s2, c)) } } -impl ToBytesGadget for G2PreparedGadget

-{ +impl ToBytesGadget for G2PreparedGadget

{ #[inline] - fn to_bytes>(&self, mut cs: CS) -> Result, SynthesisError> - { + fn to_bytes>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut x = self.q.to_bytes(&mut cs.ns(|| "q to bytes"))?; for (i, c) in self.coeffs.iter().enumerate() { - x.extend_from_slice(&c.to_bytes(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?); + x.extend_from_slice( + &c.to_bytes(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?, + ); } Ok(x) } - fn to_bytes_strict>(&self, mut cs: CS) -> Result, SynthesisError> { + fn to_bytes_strict>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { let mut x = self.q.to_bytes_strict(&mut cs.ns(|| "q to bytes"))?; for (i, c) in self.coeffs.iter().enumerate() { - x.extend_from_slice(&c.to_bytes_strict(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?); + x.extend_from_slice( + &c.to_bytes_strict(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?, + ); } Ok(x) diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mod.rs index b12b9991c..86aff7884 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mod.rs @@ -1,2 +1,2 @@ pub mod mnt4; -pub mod mnt6; \ No newline at end of file +pub mod mnt6; diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs index 482380ce3..9ff645966 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs @@ -5,4 +5,4 @@ pub mod mnt; pub mod short_weierstrass_jacobian; pub use self::short_weierstrass_jacobian::*; -pub mod short_weierstrass_projective; \ No newline at end of file +pub mod short_weierstrass_projective; diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs index f581e1f6e..e629bb02f 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs @@ -1,7 +1,9 @@ use algebra::{ - curves::short_weierstrass_jacobian::{GroupAffine as SWAffine, GroupProjective as SWProjective}, - SWModelParameters, - AffineCurve, BitIterator, Field, PrimeField, ProjectiveCurve}; + curves::short_weierstrass_jacobian::{ + GroupAffine as SWAffine, GroupProjective as SWProjective, + }, + AffineCurve, BitIterator, Field, PrimeField, ProjectiveCurve, SWModelParameters, +}; use r1cs_core::{ConstraintSystem, SynthesisError}; use std::{borrow::Borrow, marker::PhantomData, ops::Neg}; @@ -15,19 +17,18 @@ pub struct AffineGadget< ConstraintF: Field, F: FieldGadget, > { - pub x: F, - pub y: F, - pub infinity: Boolean, + pub x: F, + pub y: F, + pub infinity: Boolean, _params: PhantomData

, _engine: PhantomData, } impl AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, - +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { pub fn new(x: F, y: F, infinity: Boolean) -> Self { Self { @@ -39,7 +40,6 @@ impl AffineGadget } } - #[inline] /// Incomplete addition: neither `self` nor `other` can be the neutral /// element. @@ -49,8 +49,7 @@ impl AffineGadget mut cs: CS, other: &Self, safe: bool, - ) -> Result - { + ) -> Result { // lambda = (B.y - A.y)/(B.x - A.x) // C.x = lambda^2 - A.x - B.x // C.y = lambda(A.x - C.x) - A.y @@ -76,7 +75,8 @@ impl AffineGadget }) } else { F::alloc(cs.ns(|| "lambda"), || { - Ok(y2_minus_y1.get_value().get()? * &x2_minus_x1.get_value().get()?.inverse().get()?) + Ok(y2_minus_y1.get_value().get()? + * &x2_minus_x1.get_value().get()?.inverse().get()?) }) }?; @@ -125,10 +125,10 @@ impl AffineGadget } impl PartialEq for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn eq(&self, other: &Self) -> bool { self.x == other.x && self.y == other.y @@ -136,29 +136,33 @@ impl PartialEq for AffineGadget } impl Eq for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { } impl GroupGadget, ConstraintF> -for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, + for AffineGadget +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { type Value = SWProjective

; type Variable = (F::Variable, F::Variable); #[inline] fn get_value(&self) -> Option { - match (self.x.get_value(), self.y.get_value(), self.infinity.get_value()) { + match ( + self.x.get_value(), + self.y.get_value(), + self.infinity.get_value(), + ) { (Some(x), Some(y), Some(infinity)) => { Some(SWAffine::new(x, y, infinity).into_projective()) - }, + } (None, None, None) => None, _ => unreachable!(), } @@ -179,7 +183,7 @@ for AffineGadget } #[inline] - fn is_zero>(&self, _: CS) -> Result{ + fn is_zero>(&self, _: CS) -> Result { Ok(self.infinity) } @@ -297,38 +301,35 @@ for AffineGadget lambda.mul_equals(cs.ns(|| "check lambda"), &two_y, &three_x_squared_plus_a)?; // Allocate fresh x and y as a temporary workaround to reduce the R1CS density. - let x = F::alloc( - cs.ns(|| "new x"), - || { - let lambda_val = lambda.get_value().get()?; - let x_val = self.x.get_value().get()?; - Ok((lambda_val * &lambda_val) - &x_val - &x_val) - } - )?; + let x = F::alloc(cs.ns(|| "new x"), || { + let lambda_val = lambda.get_value().get()?; + let x_val = self.x.get_value().get()?; + Ok((lambda_val * &lambda_val) - &x_val - &x_val) + })?; // lambda * lambda = new_x + 2_old_x - let new_x_plus_two_x = self.x + let new_x_plus_two_x = self + .x .add(cs.ns(|| "2old_x"), &self.x)? .add(cs.ns(|| "new_x + 2old_x"), &x)?; lambda.mul_equals(cs.ns(|| "check new x"), &lambda, &new_x_plus_two_x)?; - let y = F::alloc( - cs.ns(|| "new y"), - || { - let lambda_val = lambda.get_value().get()?; - let x_val = self.x.get_value().get()?; - let y_val = self.y.get_value().get()?; - let new_x_val = x.get_value().get()?; - Ok(((x_val - &new_x_val) * &lambda_val) - &y_val) - } - )?; + let y = F::alloc(cs.ns(|| "new y"), || { + let lambda_val = lambda.get_value().get()?; + let x_val = self.x.get_value().get()?; + let y_val = self.y.get_value().get()?; + let new_x_val = x.get_value().get()?; + Ok(((x_val - &new_x_val) * &lambda_val) - &y_val) + })?; //lambda * (old_x - new_x) = new_y + old_y - let old_x_minus_new_x = self.x - .sub(cs.ns(|| "old_x - new_x"), &x)?; - let old_y_plus_new_y = self.y - .add(cs.ns(|| "old_y + new_y"), &y)?; - lambda.mul_equals(cs.ns(|| "check new y"), &old_x_minus_new_x, &old_y_plus_new_y)?; + let old_x_minus_new_x = self.x.sub(cs.ns(|| "old_x - new_x"), &x)?; + let old_y_plus_new_y = self.y.add(cs.ns(|| "old_y + new_y"), &y)?; + lambda.mul_equals( + cs.ns(|| "check new y"), + &old_x_minus_new_x, + &old_y_plus_new_y, + )?; *self = Self::new(x, y, Boolean::constant(false)); Ok(()) @@ -341,7 +342,7 @@ for AffineGadget Ok(Self::new( self.x.clone(), self.y.negate(cs.ns(|| "negate y"))?, - self.infinity + self.infinity, )) } @@ -354,8 +355,7 @@ for AffineGadget mut cs: CS, result: &Self, bits: &[Boolean], - ) -> Result{ - + ) -> Result { let mut to_sub = SWProjective::

::zero(); let mut t = base.clone(); @@ -373,12 +373,7 @@ for AffineGadget for (i, bits) in bit_vec.chunks(2).enumerate() { let ti = t.clone(); let two_ti = ti.double(); - let mut table = [ - sigma, - sigma + &ti, - sigma + &two_ti, - sigma + &ti + &two_ti, - ]; + let mut table = [sigma, sigma + &ti, sigma + &two_ti, sigma + &ti + &two_ti]; //Compute constants SWProjective::batch_normalization(&mut table); @@ -387,12 +382,22 @@ for AffineGadget let precomp = Boolean::and(cs.ns(|| format!("b0 AND b1_{}", i)), &bits[0], &bits[1])?; //Lookup x and y - let x = F::two_bit_lookup_lc(cs.ns(|| format!("Lookup x_{}", i)), &precomp, &[bits[0], bits[1]], &x_coords)?; - let y = F::two_bit_lookup_lc(cs.ns(|| format!("Lookup y_{}", i)), &precomp, &[bits[0], bits[1]], &y_coords)?; + let x = F::two_bit_lookup_lc( + cs.ns(|| format!("Lookup x_{}", i)), + &precomp, + &[bits[0], bits[1]], + &x_coords, + )?; + let y = F::two_bit_lookup_lc( + cs.ns(|| format!("Lookup y_{}", i)), + &precomp, + &[bits[0], bits[1]], + &y_coords, + )?; //Perform addition let adder: Self = Self::new(x, y, Boolean::constant(false)); - result = result.add(cs.ns(||format!("Add_{}", i)), &adder)?; + result = result.add(cs.ns(|| format!("Add_{}", i)), &adder)?; t = t.double().double(); to_sub += σ } @@ -410,100 +415,89 @@ for AffineGadget bases: &[B], scalars: &[J], ) -> Result - where - CS: ConstraintSystem, - I: Borrow<[Boolean]>, - J: Borrow<[I]>, - B: Borrow<[SWProjective

]>, + where + CS: ConstraintSystem, + I: Borrow<[Boolean]>, + J: Borrow<[I]>, + B: Borrow<[SWProjective

]>, { const CHUNK_SIZE: usize = 3; let mut sw_result: Option> = None; let mut result: Option> = None; - let mut process_segment_result = - |mut cs: r1cs_core::Namespace<_, _>, - result: &AffineGadget| - -> Result<(), SynthesisError> { - let segment_result = result.clone(); - match sw_result { - None => { - sw_result = Some(segment_result); - }, - Some(ref mut sw_result) => { - *sw_result = segment_result.add_unsafe( - cs.ns(|| "sw outer addition"), - sw_result, - )?; - }, + let mut process_segment_result = |mut cs: r1cs_core::Namespace<_, _>, + result: &AffineGadget| + -> Result<(), SynthesisError> { + let segment_result = result.clone(); + match sw_result { + None => { + sw_result = Some(segment_result); } - Ok(()) - }; + Some(ref mut sw_result) => { + *sw_result = + segment_result.add_unsafe(cs.ns(|| "sw outer addition"), sw_result)?; + } + } + Ok(()) + }; // Compute ∏(h_i^{m_i}) for all i. for (segment_i, (segment_bits_chunks, segment_powers)) in scalars.into_iter().zip(bases.iter()).enumerate() + { + for (i, (bits, base_power)) in segment_bits_chunks + .borrow() + .into_iter() + .zip(segment_powers.borrow().iter()) + .enumerate() { - for (i, (bits, base_power)) in segment_bits_chunks - .borrow() - .into_iter() - .zip(segment_powers.borrow().iter()) - .enumerate() - { - let base_power = base_power.borrow(); - let mut acc_power = *base_power; - let mut coords = vec![]; - for _ in 0..4 { - coords.push(acc_power); - acc_power = acc_power + base_power; - } - let bits = bits.borrow().to_bits( - &mut cs.ns(|| format!("Convert Scalar {}, {} to bits", segment_i, i)), - )?; - if bits.len() != CHUNK_SIZE { - return Err(SynthesisError::Unsatisfiable); - } - let coords = coords - .iter() - .map(|p| { - p.into_affine() - }) - .collect::>(); - let x_coeffs = coords.iter().map(|p| p.x).collect::>(); - let y_coeffs = coords.iter().map(|p| p.y).collect::>(); - let precomp = Boolean::and( - cs.ns(|| format!("precomp in window {}, {}", segment_i, i)), - &bits[0], - &bits[1], - )?; - let x = F::two_bit_lookup_lc( - cs.ns(|| format!("x in window {}, {}", segment_i, i)), - &precomp, - &[bits[0], bits[1]], - &x_coeffs - )?; - let y = F::three_bit_cond_neg_lookup( - cs.ns(|| format!("y lookup in window {}, {}", segment_i, i)), - &bits, - &precomp, - &y_coeffs, + let base_power = base_power.borrow(); + let mut acc_power = *base_power; + let mut coords = vec![]; + for _ in 0..4 { + coords.push(acc_power); + acc_power = acc_power + base_power; + } + let bits = bits.borrow().to_bits( + &mut cs.ns(|| format!("Convert Scalar {}, {} to bits", segment_i, i)), + )?; + if bits.len() != CHUNK_SIZE { + return Err(SynthesisError::Unsatisfiable); + } + let coords = coords.iter().map(|p| p.into_affine()).collect::>(); + let x_coeffs = coords.iter().map(|p| p.x).collect::>(); + let y_coeffs = coords.iter().map(|p| p.y).collect::>(); + let precomp = Boolean::and( + cs.ns(|| format!("precomp in window {}, {}", segment_i, i)), + &bits[0], + &bits[1], + )?; + let x = F::two_bit_lookup_lc( + cs.ns(|| format!("x in window {}, {}", segment_i, i)), + &precomp, + &[bits[0], bits[1]], + &x_coeffs, + )?; + let y = F::three_bit_cond_neg_lookup( + cs.ns(|| format!("y lookup in window {}, {}", segment_i, i)), + &bits, + &precomp, + &y_coeffs, + )?; + let tmp = Self::new(x, y, Boolean::constant(false)); + match result { + None => { + result = Some(tmp); + } + Some(ref mut result) => { + *result = tmp.add_unsafe( + cs.ns(|| format!("addition of window {}, {}", segment_i, i)), + result, )?; - let tmp = Self::new(x, y, Boolean::constant(false)); - match result { - None => { - result = Some(tmp); - }, - Some(ref mut result) => { - *result = tmp.add_unsafe( - cs.ns(|| format!("addition of window {}, {}", segment_i, i)), - result, - )?; - }, - } } - process_segment_result( - cs.ns(|| format!("window {}", segment_i)), - &result.unwrap(), - )?; - result = None; + } } + process_segment_result(cs.ns(|| format!("window {}", segment_i)), &result.unwrap())?; + result = None; + } if result.is_some() { process_segment_result(cs.ns(|| "leftover"), &result.unwrap())?; } @@ -520,10 +514,10 @@ for AffineGadget } impl CondSelectGadget for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { #[inline] fn conditionally_select>( @@ -534,38 +528,46 @@ impl CondSelectGadget for AffineGadget Result { let x = F::conditionally_select(&mut cs.ns(|| "x"), cond, &first.x, &second.x)?; let y = F::conditionally_select(&mut cs.ns(|| "y"), cond, &first.y, &second.y)?; - let infinity = Boolean::conditionally_select(&mut cs.ns(|| "infinity"), cond, &first.infinity, &second.infinity)?; + let infinity = Boolean::conditionally_select( + &mut cs.ns(|| "infinity"), + cond, + &first.infinity, + &second.infinity, + )?; Ok(Self::new(x, y, infinity)) } fn cost() -> usize { - 2 * >::cost() + - >::cost() + 2 * >::cost() + + >::cost() } } impl EqGadget for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn is_eq>( &self, mut cs: CS, - other: &Self + other: &Self, ) -> Result { let b0 = self.x.is_eq(cs.ns(|| "x"), &other.x)?; - let b1 = self.y.is_eq(cs.ns(|| "y"),&other.y)?; + let b1 = self.y.is_eq(cs.ns(|| "y"), &other.y)?; let coordinates_equal = Boolean::and(cs.ns(|| "x AND y"), &b0, &b1)?; let both_are_zero = Boolean::and( cs.ns(|| "self.infinity AND other.infinity"), &self.infinity, - &other.infinity + &other.infinity, )?; - Boolean::or(cs.ns(|| "coordinates_equal OR both_are_zero"), &coordinates_equal, &both_are_zero) - + Boolean::or( + cs.ns(|| "coordinates_equal OR both_are_zero"), + &coordinates_equal, + &both_are_zero, + ) } #[inline] @@ -573,13 +575,13 @@ impl EqGadget for AffineGadget Result<(), SynthesisError> { - self - .is_eq(cs.ns(|| "is_eq(self, other)"), &other)? + self.is_eq(cs.ns(|| "is_eq(self, other)"), &other)? .conditional_enforce_equal( cs.ns(|| "enforce condition"), - &Boolean::constant(true), &should_enforce + &Boolean::constant(true), + &should_enforce, )?; Ok(()) } @@ -589,35 +591,42 @@ impl EqGadget for AffineGadget Result<(), SynthesisError> { let is_equal = self.is_eq(cs.ns(|| "is_eq(self, other)"), other)?; - Boolean::and(cs.ns(|| "is_equal AND should_enforce"), &is_equal, should_enforce)? - .enforce_equal(cs.ns(|| "is_equal AND should_enforce == false"), &Boolean::Constant(false)) + Boolean::and( + cs.ns(|| "is_equal AND should_enforce"), + &is_equal, + should_enforce, + )? + .enforce_equal( + cs.ns(|| "is_equal AND should_enforce == false"), + &Boolean::Constant(false), + ) } } impl AllocGadget, ConstraintF> -for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, + for AffineGadget +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { #[inline] fn alloc>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -651,15 +660,15 @@ for AffineGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -679,9 +688,9 @@ for AffineGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| -> Result { @@ -750,10 +759,7 @@ for AffineGadget Ok(ge) } }; - let ge = alloc_and_prime_order_check( - cs.ns(|| "alloc and prime order check"), - value_gen - )?; + let ge = alloc_and_prime_order_check(cs.ns(|| "alloc and prime order check"), value_gen)?; Ok(ge) } @@ -763,15 +769,15 @@ for AffineGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -800,17 +806,14 @@ for AffineGadget } } -impl ConstantGadget, ConstraintF> for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +impl ConstantGadget, ConstraintF> + for AffineGadget +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { - fn from_value>( - mut cs: CS, - value: &SWProjective

, - ) -> Self - { + fn from_value>(mut cs: CS, value: &SWProjective

) -> Self { let value = value.into_affine(); let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); @@ -819,12 +822,13 @@ impl ConstantGadget, ConstraintF> for AffineG Self::new(x, y, infinity) } - fn get_constant(&self) ->SWProjective

{ + fn get_constant(&self) -> SWProjective

{ let value_proj = SWAffine::

::new( self.x.get_value().unwrap(), self.y.get_value().unwrap(), - self.infinity.get_value().unwrap() - ).into_projective(); + self.infinity.get_value().unwrap(), + ) + .into_projective(); let x = value_proj.x; let y = value_proj.y; let z = value_proj.z; @@ -833,10 +837,10 @@ impl ConstantGadget, ConstraintF> for AffineG } impl ToBitsGadget for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn to_bits>( &self, @@ -867,10 +871,10 @@ impl ToBitsGadget for AffineGadget ToBytesGadget for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn to_bytes>( &self, @@ -905,18 +909,16 @@ impl ToBytesGadget for AffineGadget { - pub x: FpGadget, - pub y: FpGadget, - pub infinity: Boolean, +pub struct CompressAffinePointGadget { + pub x: FpGadget, + pub y: FpGadget, + pub infinity: Boolean, _engine: PhantomData, } impl CompressAffinePointGadget - where - ConstraintF: PrimeField, +where + ConstraintF: PrimeField, { pub fn new(x: FpGadget, y: FpGadget, infinity: Boolean) -> Self { Self { @@ -928,16 +930,18 @@ impl CompressAffinePointGadget } } -use crate::ToCompressedBitsGadget; use crate::fields::fp::FpGadget; +use crate::ToCompressedBitsGadget; impl ToCompressedBitsGadget for CompressAffinePointGadget - where - ConstraintF: PrimeField, +where + ConstraintF: PrimeField, { /// Enforce compression of a point through serialization of the x coordinate and storing /// a sign bit for the y coordinate. - fn to_compressed>(&self, mut cs: CS) - -> Result, SynthesisError> { + fn to_compressed>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { //Enforce x_coordinate to bytes let mut compressed_bits = self.x.to_bits_strict(cs.ns(|| "x_to_bits_strict"))?; compressed_bits.push(self.infinity); @@ -945,4 +949,4 @@ impl ToCompressedBitsGadget for CompressAffinePointGad compressed_bits.push(is_odd); Ok(compressed_bits) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs index 1c9fe1a36..bdb49de0f 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs @@ -1,7 +1,9 @@ use algebra::{ - curves::short_weierstrass_projective::{GroupAffine as SWAffine, GroupProjective as SWProjective}, - SWModelParameters, - AffineCurve, BitIterator, Field, PrimeField, ProjectiveCurve}; + curves::short_weierstrass_projective::{ + GroupAffine as SWAffine, GroupProjective as SWProjective, + }, + AffineCurve, BitIterator, Field, PrimeField, ProjectiveCurve, SWModelParameters, +}; use r1cs_core::{ConstraintSystem, SynthesisError}; use std::{borrow::Borrow, marker::PhantomData, ops::Neg}; @@ -15,19 +17,18 @@ pub struct AffineGadget< ConstraintF: Field, F: FieldGadget, > { - pub x: F, - pub y: F, - pub infinity: Boolean, + pub x: F, + pub y: F, + pub infinity: Boolean, _params: PhantomData

, _engine: PhantomData, } impl AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, - +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { pub fn new(x: F, y: F, infinity: Boolean) -> Self { Self { @@ -48,8 +49,7 @@ impl AffineGadget mut cs: CS, other: &Self, safe: bool, - ) -> Result - { + ) -> Result { // lambda = (B.y - A.y)/(B.x - A.x) // C.x = lambda^2 - A.x - B.x // C.y = lambda(A.x - C.x) - A.y @@ -75,7 +75,8 @@ impl AffineGadget }) } else { F::alloc(cs.ns(|| "lambda"), || { - Ok(y2_minus_y1.get_value().get()? * &x2_minus_x1.get_value().get()?.inverse().get()?) + Ok(y2_minus_y1.get_value().get()? + * &x2_minus_x1.get_value().get()?.inverse().get()?) }) }?; @@ -125,10 +126,10 @@ impl AffineGadget } impl PartialEq for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn eq(&self, other: &Self) -> bool { self.x == other.x && self.y == other.y @@ -136,29 +137,33 @@ impl PartialEq for AffineGadget } impl Eq for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { } impl GroupGadget, ConstraintF> -for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, + for AffineGadget +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { type Value = SWProjective

; type Variable = (F::Variable, F::Variable); #[inline] fn get_value(&self) -> Option { - match (self.x.get_value(), self.y.get_value(), self.infinity.get_value()) { + match ( + self.x.get_value(), + self.y.get_value(), + self.infinity.get_value(), + ) { (Some(x), Some(y), Some(infinity)) => { Some(SWAffine::new(x, y, infinity).into_projective()) - }, + } (None, None, None) => None, _ => unreachable!(), } @@ -179,7 +184,7 @@ for AffineGadget } #[inline] - fn is_zero>(&self, _: CS) -> Result{ + fn is_zero>(&self, _: CS) -> Result { Ok(self.infinity) } @@ -297,38 +302,35 @@ for AffineGadget lambda.mul_equals(cs.ns(|| "check lambda"), &two_y, &three_x_squared_plus_a)?; // Allocate fresh x and y as a temporary workaround to reduce the R1CS density. - let x = F::alloc( - cs.ns(|| "new x"), - || { - let lambda_val = lambda.get_value().get()?; - let x_val = self.x.get_value().get()?; - Ok((lambda_val * &lambda_val) - &x_val - &x_val) - } - )?; + let x = F::alloc(cs.ns(|| "new x"), || { + let lambda_val = lambda.get_value().get()?; + let x_val = self.x.get_value().get()?; + Ok((lambda_val * &lambda_val) - &x_val - &x_val) + })?; // lambda * lambda = new_x + 2_old_x - let new_x_plus_two_x = self.x + let new_x_plus_two_x = self + .x .add(cs.ns(|| "2old_x"), &self.x)? .add(cs.ns(|| "new_x + 2old_x"), &x)?; lambda.mul_equals(cs.ns(|| "check new x"), &lambda, &new_x_plus_two_x)?; - let y = F::alloc( - cs.ns(|| "new y"), - || { - let lambda_val = lambda.get_value().get()?; - let x_val = self.x.get_value().get()?; - let y_val = self.y.get_value().get()?; - let new_x_val = x.get_value().get()?; - Ok(((x_val - &new_x_val) * &lambda_val) - &y_val) - } - )?; + let y = F::alloc(cs.ns(|| "new y"), || { + let lambda_val = lambda.get_value().get()?; + let x_val = self.x.get_value().get()?; + let y_val = self.y.get_value().get()?; + let new_x_val = x.get_value().get()?; + Ok(((x_val - &new_x_val) * &lambda_val) - &y_val) + })?; //lambda * (old_x - new_x) = new_y + old_y - let old_x_minus_new_x = self.x - .sub(cs.ns(|| "old_x - new_x"), &x)?; - let old_y_plus_new_y = self.y - .add(cs.ns(|| "old_y + new_y"), &y)?; - lambda.mul_equals(cs.ns(|| "check new y"), &old_x_minus_new_x, &old_y_plus_new_y)?; + let old_x_minus_new_x = self.x.sub(cs.ns(|| "old_x - new_x"), &x)?; + let old_y_plus_new_y = self.y.add(cs.ns(|| "old_y + new_y"), &y)?; + lambda.mul_equals( + cs.ns(|| "check new y"), + &old_x_minus_new_x, + &old_y_plus_new_y, + )?; *self = Self::new(x, y, Boolean::constant(false)); Ok(()) @@ -341,7 +343,7 @@ for AffineGadget Ok(Self::new( self.x.clone(), self.y.negate(cs.ns(|| "negate y"))?, - self.infinity + self.infinity, )) } @@ -354,8 +356,7 @@ for AffineGadget mut cs: CS, result: &Self, bits: &[Boolean], - ) -> Result{ - + ) -> Result { let mut to_sub = SWProjective::

::zero(); let mut t = base.clone(); @@ -373,12 +374,7 @@ for AffineGadget for (i, bits) in bit_vec.chunks(2).enumerate() { let ti = t.clone(); let two_ti = ti.double(); - let mut table = [ - sigma, - sigma + &ti, - sigma + &two_ti, - sigma + &ti + &two_ti, - ]; + let mut table = [sigma, sigma + &ti, sigma + &two_ti, sigma + &ti + &two_ti]; //Compute constants SWProjective::batch_normalization(&mut table); @@ -387,12 +383,22 @@ for AffineGadget let precomp = Boolean::and(cs.ns(|| format!("b0 AND b1_{}", i)), &bits[0], &bits[1])?; //Lookup x and y - let x = F::two_bit_lookup_lc(cs.ns(|| format!("Lookup x_{}", i)), &precomp, &[bits[0], bits[1]], &x_coords)?; - let y = F::two_bit_lookup_lc(cs.ns(|| format!("Lookup y_{}", i)), &precomp, &[bits[0], bits[1]], &y_coords)?; + let x = F::two_bit_lookup_lc( + cs.ns(|| format!("Lookup x_{}", i)), + &precomp, + &[bits[0], bits[1]], + &x_coords, + )?; + let y = F::two_bit_lookup_lc( + cs.ns(|| format!("Lookup y_{}", i)), + &precomp, + &[bits[0], bits[1]], + &y_coords, + )?; //Perform addition let adder: Self = Self::new(x, y, Boolean::constant(false)); - result = result.add(cs.ns(||format!("Add_{}", i)), &adder)?; + result = result.add(cs.ns(|| format!("Add_{}", i)), &adder)?; t = t.double().double(); to_sub += σ } @@ -410,112 +416,101 @@ for AffineGadget bases: &[B], scalars: &[J], ) -> Result - where - CS: ConstraintSystem, - I: Borrow<[Boolean]>, - J: Borrow<[I]>, - B: Borrow<[SWProjective

]>, + where + CS: ConstraintSystem, + I: Borrow<[Boolean]>, + J: Borrow<[I]>, + B: Borrow<[SWProjective

]>, { const CHUNK_SIZE: usize = 3; let mut sw_result: Option> = None; let mut result: Option> = None; - let mut process_segment_result = - |mut cs: r1cs_core::Namespace<_, _>, - result: &AffineGadget| - -> Result<(), SynthesisError> { - let segment_result = result.clone(); - match sw_result { - None => { - sw_result = Some(segment_result); - }, - Some(ref mut sw_result) => { - *sw_result = segment_result.add_unsafe( - cs.ns(|| "sw outer addition"), - sw_result, - )?; - }, + let mut process_segment_result = |mut cs: r1cs_core::Namespace<_, _>, + result: &AffineGadget| + -> Result<(), SynthesisError> { + let segment_result = result.clone(); + match sw_result { + None => { + sw_result = Some(segment_result); + } + Some(ref mut sw_result) => { + *sw_result = + segment_result.add_unsafe(cs.ns(|| "sw outer addition"), sw_result)?; } + } - Ok(()) - }; + Ok(()) + }; // Compute ∏(h_i^{m_i}) for all i. for (segment_i, (segment_bits_chunks, segment_powers)) in scalars.into_iter().zip(bases.iter()).enumerate() + { + for (i, (bits, base_power)) in segment_bits_chunks + .borrow() + .into_iter() + .zip(segment_powers.borrow().iter()) + .enumerate() { - for (i, (bits, base_power)) in segment_bits_chunks - .borrow() - .into_iter() - .zip(segment_powers.borrow().iter()) - .enumerate() - { - let base_power = base_power.borrow(); - let mut acc_power = *base_power; - let mut coords = vec![]; - for _ in 0..4 { - coords.push(acc_power); - acc_power = acc_power + base_power; - } + let base_power = base_power.borrow(); + let mut acc_power = *base_power; + let mut coords = vec![]; + for _ in 0..4 { + coords.push(acc_power); + acc_power = acc_power + base_power; + } - let bits = bits.borrow().to_bits( - &mut cs.ns(|| format!("Convert Scalar {}, {} to bits", segment_i, i)), - )?; - if bits.len() != CHUNK_SIZE { - return Err(SynthesisError::Unsatisfiable); - } + let bits = bits.borrow().to_bits( + &mut cs.ns(|| format!("Convert Scalar {}, {} to bits", segment_i, i)), + )?; + if bits.len() != CHUNK_SIZE { + return Err(SynthesisError::Unsatisfiable); + } - let coords = coords - .iter() - .map(|p| { - p.into_affine() - }) - .collect::>(); + let coords = coords.iter().map(|p| p.into_affine()).collect::>(); - let x_coeffs = coords.iter().map(|p| p.x).collect::>(); - let y_coeffs = coords.iter().map(|p| p.y).collect::>(); + let x_coeffs = coords.iter().map(|p| p.x).collect::>(); + let y_coeffs = coords.iter().map(|p| p.y).collect::>(); - let precomp = Boolean::and( - cs.ns(|| format!("precomp in window {}, {}", segment_i, i)), - &bits[0], - &bits[1], - )?; + let precomp = Boolean::and( + cs.ns(|| format!("precomp in window {}, {}", segment_i, i)), + &bits[0], + &bits[1], + )?; - let x = F::two_bit_lookup_lc( - cs.ns(|| format!("x in window {}, {}", segment_i, i)), - &precomp, - &[bits[0], bits[1]], - &x_coeffs - )?; + let x = F::two_bit_lookup_lc( + cs.ns(|| format!("x in window {}, {}", segment_i, i)), + &precomp, + &[bits[0], bits[1]], + &x_coeffs, + )?; - let y = F::three_bit_cond_neg_lookup( - cs.ns(|| format!("y lookup in window {}, {}", segment_i, i)), - &bits, - &precomp, - &y_coeffs, - )?; + let y = F::three_bit_cond_neg_lookup( + cs.ns(|| format!("y lookup in window {}, {}", segment_i, i)), + &bits, + &precomp, + &y_coeffs, + )?; - let tmp = Self::new(x, y, Boolean::constant(false)); - - match result { - None => { - result = Some(tmp); - }, - Some(ref mut result) => { - *result = tmp.add_unsafe( - cs.ns(|| format!("addition of window {}, {}", segment_i, i)), - result, - )?; - }, - } - } + let tmp = Self::new(x, y, Boolean::constant(false)); - process_segment_result( - cs.ns(|| format!("window {}", segment_i)), - &result.unwrap(), - )?; - result = None; + match result { + None => { + result = Some(tmp); + } + Some(ref mut result) => { + *result = tmp.add_unsafe( + cs.ns(|| format!("addition of window {}, {}", segment_i, i)), + result, + )?; + } + } } + + process_segment_result(cs.ns(|| format!("window {}", segment_i)), &result.unwrap())?; + result = None; + } if result.is_some() { process_segment_result(cs.ns(|| "leftover"), &result.unwrap())?; } @@ -532,10 +527,10 @@ for AffineGadget } impl CondSelectGadget for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { #[inline] fn conditionally_select>( @@ -546,38 +541,46 @@ impl CondSelectGadget for AffineGadget Result { let x = F::conditionally_select(&mut cs.ns(|| "x"), cond, &first.x, &second.x)?; let y = F::conditionally_select(&mut cs.ns(|| "y"), cond, &first.y, &second.y)?; - let infinity = Boolean::conditionally_select(&mut cs.ns(|| "infinity"), cond, &first.infinity, &second.infinity)?; + let infinity = Boolean::conditionally_select( + &mut cs.ns(|| "infinity"), + cond, + &first.infinity, + &second.infinity, + )?; Ok(Self::new(x, y, infinity)) } fn cost() -> usize { - 2 * >::cost() + - >::cost() + 2 * >::cost() + + >::cost() } } impl EqGadget for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn is_eq>( &self, mut cs: CS, - other: &Self + other: &Self, ) -> Result { let b0 = self.x.is_eq(cs.ns(|| "x"), &other.x)?; - let b1 = self.y.is_eq(cs.ns(|| "y"),&other.y)?; + let b1 = self.y.is_eq(cs.ns(|| "y"), &other.y)?; let coordinates_equal = Boolean::and(cs.ns(|| "x AND y"), &b0, &b1)?; let both_are_zero = Boolean::and( cs.ns(|| "self.infinity AND other.infinity"), &self.infinity, - &other.infinity + &other.infinity, )?; - Boolean::or(cs.ns(|| "coordinates_equal OR both_are_zero"), &coordinates_equal, &both_are_zero) - + Boolean::or( + cs.ns(|| "coordinates_equal OR both_are_zero"), + &coordinates_equal, + &both_are_zero, + ) } #[inline] @@ -585,13 +588,13 @@ impl EqGadget for AffineGadget Result<(), SynthesisError> { - self - .is_eq(cs.ns(|| "is_eq(self, other)"), &other)? + self.is_eq(cs.ns(|| "is_eq(self, other)"), &other)? .conditional_enforce_equal( cs.ns(|| "enforce condition"), - &Boolean::constant(true), &should_enforce + &Boolean::constant(true), + &should_enforce, )?; Ok(()) } @@ -601,20 +604,27 @@ impl EqGadget for AffineGadget Result<(), SynthesisError> { let is_equal = self.is_eq(cs.ns(|| "is_eq(self, other)"), other)?; - Boolean::and(cs.ns(|| "is_equal AND should_enforce"), &is_equal, should_enforce)? - .enforce_equal(cs.ns(|| "is_equal AND should_enforce == false"), &Boolean::Constant(false)) + Boolean::and( + cs.ns(|| "is_equal AND should_enforce"), + &is_equal, + should_enforce, + )? + .enforce_equal( + cs.ns(|| "is_equal AND should_enforce == false"), + &Boolean::Constant(false), + ) } } impl AllocGadget, ConstraintF> -for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, + for AffineGadget +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { /// On curve test is performed on x and y coordinates regardless of the infinity flag. /// NOTE: Depending on the curve, this might be inconsistent with our default values @@ -624,15 +634,15 @@ for AffineGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -666,15 +676,15 @@ for AffineGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -698,9 +708,9 @@ for AffineGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| -> Result { @@ -775,10 +785,7 @@ for AffineGadget } }; - let ge = alloc_and_prime_order_check( - cs.ns(|| "alloc and prime order check"), - value_gen - )?; + let ge = alloc_and_prime_order_check(cs.ns(|| "alloc and prime order check"), value_gen)?; Ok(ge) } @@ -788,15 +795,15 @@ for AffineGadget mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -825,17 +832,14 @@ for AffineGadget } } -impl ConstantGadget, ConstraintF> for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +impl ConstantGadget, ConstraintF> + for AffineGadget +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { - fn from_value>( - mut cs: CS, - value: &SWProjective

, - ) -> Self - { + fn from_value>(mut cs: CS, value: &SWProjective

) -> Self { let value = value.into_affine(); let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); @@ -844,12 +848,13 @@ impl ConstantGadget, ConstraintF> for AffineG Self::new(x, y, infinity) } - fn get_constant(&self) ->SWProjective

{ + fn get_constant(&self) -> SWProjective

{ let value_proj = SWAffine::

::new( self.x.get_value().unwrap(), self.y.get_value().unwrap(), - self.infinity.get_value().unwrap() - ).into_projective(); + self.infinity.get_value().unwrap(), + ) + .into_projective(); let x = value_proj.x; let y = value_proj.y; let z = value_proj.z; @@ -858,10 +863,10 @@ impl ConstantGadget, ConstraintF> for AffineG } impl ToBitsGadget for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn to_bits>( &self, @@ -892,10 +897,10 @@ impl ToBitsGadget for AffineGadget ToBytesGadget for AffineGadget - where - P: SWModelParameters, - ConstraintF: Field, - F: FieldGadget, +where + P: SWModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn to_bytes>( &self, @@ -927,22 +932,19 @@ impl ToBytesGadget for AffineGadget { - pub x: FpGadget, - pub y: FpGadget, - pub infinity: Boolean, +pub struct CompressAffinePointGadget { + pub x: FpGadget, + pub y: FpGadget, + pub infinity: Boolean, _engine: PhantomData, } impl CompressAffinePointGadget - where - ConstraintF: PrimeField, +where + ConstraintF: PrimeField, { pub fn new(x: FpGadget, y: FpGadget, infinity: Boolean) -> Self { Self { @@ -954,18 +956,19 @@ impl CompressAffinePointGadget } } -use crate::ToCompressedBitsGadget; use crate::fields::fp::FpGadget; +use crate::ToCompressedBitsGadget; impl ToCompressedBitsGadget for CompressAffinePointGadget - where - ConstraintF: PrimeField, +where + ConstraintF: PrimeField, { - /// Enforce compression of a point through serialization of the x coordinate and storing /// a sign bit for the y coordinate. - fn to_compressed>(&self, mut cs: CS) - -> Result, SynthesisError> { + fn to_compressed>( + &self, + mut cs: CS, + ) -> Result, SynthesisError> { //Enforce x_coordinate to bytes let mut compressed_bits = self.x.to_bits_strict(cs.ns(|| "x_to_bits_strict"))?; compressed_bits.push(self.infinity); @@ -975,4 +978,4 @@ impl ToCompressedBitsGadget for CompressAffinePointGad Ok(compressed_bits) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/groups/curves/twisted_edwards/mod.rs b/r1cs/gadgets/std/src/groups/curves/twisted_edwards/mod.rs index 11cb61a60..8f1eaa8ba 100644 --- a/r1cs/gadgets/std/src/groups/curves/twisted_edwards/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/twisted_edwards/mod.rs @@ -92,7 +92,7 @@ mod montgomery_affine_impl { t0.mul_assign(&invy); Ok(t0) - }, + } None => Err(SynthesisError::DivisionByZero), } })?; @@ -110,7 +110,7 @@ mod montgomery_affine_impl { t0.mul_assign(&t1); Ok(t0) - }, + } None => Err(SynthesisError::DivisionByZero), } })?; @@ -142,7 +142,7 @@ mod montgomery_affine_impl { Some(d) => { n.mul_assign(&d); Ok(n) - }, + } None => Err(SynthesisError::DivisionByZero), } })?; @@ -273,7 +273,10 @@ mod affine_impl { //TODO: Implement this using enforce_verdict #[inline] - fn is_zero>(&self, _: CS) -> Result{ + fn is_zero>( + &self, + _: CS, + ) -> Result { unimplemented!() } @@ -491,7 +494,7 @@ mod affine_impl { Ok(ge) => { let ge = *ge.borrow(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -527,15 +530,15 @@ mod affine_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y) = match value_gen() { Ok(ge) => { let ge = *ge.borrow(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -553,85 +556,81 @@ mod affine_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { - let alloc_and_prime_order_check = - |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| -> Result { - let cofactor_weight = BitIterator::new(P::COFACTOR).filter(|b| *b).count(); - // If we multiply by r, we actually multiply by r - 2. - let r_minus_1 = (-P::ScalarField::one()).into_repr(); - let r_weight = BitIterator::new(&r_minus_1).filter(|b| *b).count(); - - // We pick the most efficient method of performing the prime order check: - // If the cofactor has lower hamming weight than the scalar field's modulus, - // we first multiply by the inverse of the cofactor, and then, after allocating, - // multiply by the cofactor. This ensures the resulting point has no cofactors - // - // Else, we multiply by the scalar field's modulus and ensure that the result - // is zero. - if cofactor_weight < r_weight { - let ge = Self::alloc(cs.ns(|| "Alloc checked"), || { - value_gen().map(|ge| { - ge.borrow() - .mul_by_cofactor_inv() - }) - })?; - let mut seen_one = false; - let mut result = Self::zero(cs.ns(|| "result"))?; - for (i, b) in BitIterator::new(P::COFACTOR).enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - - let old_seen_one = seen_one; - if seen_one { - result.double_in_place(cs.ns(|| "Double"))?; + let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, + value_gen: FN| + -> Result { + let cofactor_weight = BitIterator::new(P::COFACTOR).filter(|b| *b).count(); + // If we multiply by r, we actually multiply by r - 2. + let r_minus_1 = (-P::ScalarField::one()).into_repr(); + let r_weight = BitIterator::new(&r_minus_1).filter(|b| *b).count(); + + // We pick the most efficient method of performing the prime order check: + // If the cofactor has lower hamming weight than the scalar field's modulus, + // we first multiply by the inverse of the cofactor, and then, after allocating, + // multiply by the cofactor. This ensures the resulting point has no cofactors + // + // Else, we multiply by the scalar field's modulus and ensure that the result + // is zero. + if cofactor_weight < r_weight { + let ge = Self::alloc(cs.ns(|| "Alloc checked"), || { + value_gen().map(|ge| ge.borrow().mul_by_cofactor_inv()) + })?; + let mut seen_one = false; + let mut result = Self::zero(cs.ns(|| "result"))?; + for (i, b) in BitIterator::new(P::COFACTOR).enumerate() { + let mut cs = cs.ns(|| format!("Iteration {}", i)); + + let old_seen_one = seen_one; + if seen_one { + result.double_in_place(cs.ns(|| "Double"))?; + } else { + seen_one = b; + } + + if b { + result = if old_seen_one { + result.add(cs.ns(|| "Add"), &ge)? } else { - seen_one = b; - } - - if b { - result = if old_seen_one { - result.add(cs.ns(|| "Add"), &ge)? - } else { - ge.clone() - }; - } + ge.clone() + }; } - Ok(result) - } else { - let ge = Self::alloc(cs.ns(|| "Alloc checked"), value_gen)?; - let mut seen_one = false; - let mut result = Self::zero(cs.ns(|| "result"))?; - // Returns bits in big-endian order - for (i, b) in BitIterator::new(r_minus_1).enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - - let old_seen_one = seen_one; - if seen_one { - result.double_in_place(cs.ns(|| "Double"))?; + } + Ok(result) + } else { + let ge = Self::alloc(cs.ns(|| "Alloc checked"), value_gen)?; + let mut seen_one = false; + let mut result = Self::zero(cs.ns(|| "result"))?; + // Returns bits in big-endian order + for (i, b) in BitIterator::new(r_minus_1).enumerate() { + let mut cs = cs.ns(|| format!("Iteration {}", i)); + + let old_seen_one = seen_one; + if seen_one { + result.double_in_place(cs.ns(|| "Double"))?; + } else { + seen_one = b; + } + + if b { + result = if old_seen_one { + result.add(cs.ns(|| "Add"), &ge)? } else { - seen_one = b; - } - - if b { - result = if old_seen_one { - result.add(cs.ns(|| "Add"), &ge)? - } else { - ge.clone() - }; - } + ge.clone() + }; } - let neg_ge = ge.negate(cs.ns(|| "Negate ge"))?; - neg_ge.enforce_equal(cs.ns(|| "Check equals"), &result)?; - Ok(ge) } - }; + let neg_ge = ge.negate(cs.ns(|| "Negate ge"))?; + neg_ge.enforce_equal(cs.ns(|| "Check equals"), &result)?; + Ok(ge) + } + }; - let ge = alloc_and_prime_order_check( - cs.ns(|| "alloc and prime order check"), - value_gen - )?; + let ge = + alloc_and_prime_order_check(cs.ns(|| "alloc and prime order check"), value_gen)?; Ok(ge) } @@ -648,7 +647,7 @@ mod affine_impl { Ok(ge) => { let ge = *ge.borrow(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -681,18 +680,14 @@ mod affine_impl { } impl ConstantGadget, ConstraintF> for AffineGadget - where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, - Self: GroupGadget, ConstraintF>, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, + Self: GroupGadget, ConstraintF>, { #[inline] - fn from_value>( - mut cs: CS, - value: &TEAffine

, - ) -> Self - { + fn from_value>(mut cs: CS, value: &TEAffine

) -> Self { let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); @@ -700,7 +695,7 @@ mod affine_impl { } #[inline] - fn get_constant(&self) ->TEAffine

{ + fn get_constant(&self) -> TEAffine

{ let x = self.x.get_value().unwrap(); let y = self.y.get_value().unwrap(); @@ -751,7 +746,10 @@ mod projective_impl { //TODO: Implement this using enforce_verdict #[inline] - fn is_zero>(&self, _: CS) -> Result{ + fn is_zero>( + &self, + _: CS, + ) -> Result { unimplemented!() } @@ -1021,14 +1019,14 @@ mod projective_impl { match edwards_result { None => { edwards_result = Some(segment_result); - }, + } Some(ref mut edwards_result) => { *edwards_result = GroupGadget::, ConstraintF>::add( &segment_result, cs.ns(|| "edwards addition"), edwards_result, )?; - }, + } } Ok(()) @@ -1081,7 +1079,7 @@ mod projective_impl { cs.ns(|| format!("x in window {}, {}", segment_i, i)), &precomp, &[bits[0], bits[1]], - &x_coeffs + &x_coeffs, )?; let y = F::three_bit_cond_neg_lookup( @@ -1096,13 +1094,13 @@ mod projective_impl { match result { None => { result = Some(tmp); - }, + } Some(ref mut result) => { *result = tmp.add( cs.ns(|| format!("addition of window {}, {}", segment_i, i)), result, )?; - }, + } } } @@ -1147,7 +1145,7 @@ mod projective_impl { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -1183,15 +1181,15 @@ mod projective_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y) = match value_gen() { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -1209,87 +1207,86 @@ mod projective_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { - let alloc_and_prime_order_check = - |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| -> Result { - let cofactor_weight = BitIterator::new(P::COFACTOR).filter(|b| *b).count(); - // If we multiply by r, we actually multiply by r - 2. - let r_minus_1 = (-P::ScalarField::one()).into_repr(); - let r_weight = BitIterator::new(&r_minus_1).filter(|b| *b).count(); - - // We pick the most efficient method of performing the prime order check: - // If the cofactor has lower hamming weight than the scalar field's modulus, - // we first multiply by the inverse of the cofactor, and then, after allocating, - // multiply by the cofactor. This ensures the resulting point has no cofactors - // - // Else, we multiply by the scalar field's modulus and ensure that the result - // is zero. - if cofactor_weight < r_weight { - let ge = Self::alloc(cs.ns(|| "Alloc checked"), || { - value_gen().map(|ge| { - ge.borrow() - .into_affine() - .mul_by_cofactor_inv() - .into_projective() - }) - })?; - let mut seen_one = false; - let mut result = Self::zero(cs.ns(|| "result"))?; - for (i, b) in BitIterator::new(P::COFACTOR).enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - - let old_seen_one = seen_one; - if seen_one { - result.double_in_place(cs.ns(|| "Double"))?; + let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, + value_gen: FN| + -> Result { + let cofactor_weight = BitIterator::new(P::COFACTOR).filter(|b| *b).count(); + // If we multiply by r, we actually multiply by r - 2. + let r_minus_1 = (-P::ScalarField::one()).into_repr(); + let r_weight = BitIterator::new(&r_minus_1).filter(|b| *b).count(); + + // We pick the most efficient method of performing the prime order check: + // If the cofactor has lower hamming weight than the scalar field's modulus, + // we first multiply by the inverse of the cofactor, and then, after allocating, + // multiply by the cofactor. This ensures the resulting point has no cofactors + // + // Else, we multiply by the scalar field's modulus and ensure that the result + // is zero. + if cofactor_weight < r_weight { + let ge = Self::alloc(cs.ns(|| "Alloc checked"), || { + value_gen().map(|ge| { + ge.borrow() + .into_affine() + .mul_by_cofactor_inv() + .into_projective() + }) + })?; + let mut seen_one = false; + let mut result = Self::zero(cs.ns(|| "result"))?; + for (i, b) in BitIterator::new(P::COFACTOR).enumerate() { + let mut cs = cs.ns(|| format!("Iteration {}", i)); + + let old_seen_one = seen_one; + if seen_one { + result.double_in_place(cs.ns(|| "Double"))?; + } else { + seen_one = b; + } + + if b { + result = if old_seen_one { + result.add(cs.ns(|| "Add"), &ge)? } else { - seen_one = b; - } - - if b { - result = if old_seen_one { - result.add(cs.ns(|| "Add"), &ge)? - } else { - ge.clone() - }; - } + ge.clone() + }; } - Ok(result) - } else { - let ge = Self::alloc(cs.ns(|| "Alloc checked"), value_gen)?; - let mut seen_one = false; - let mut result = Self::zero(cs.ns(|| "result"))?; - // Returns bits in big-endian order - for (i, b) in BitIterator::new(r_minus_1).enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - - let old_seen_one = seen_one; - if seen_one { - result.double_in_place(cs.ns(|| "Double"))?; + } + Ok(result) + } else { + let ge = Self::alloc(cs.ns(|| "Alloc checked"), value_gen)?; + let mut seen_one = false; + let mut result = Self::zero(cs.ns(|| "result"))?; + // Returns bits in big-endian order + for (i, b) in BitIterator::new(r_minus_1).enumerate() { + let mut cs = cs.ns(|| format!("Iteration {}", i)); + + let old_seen_one = seen_one; + if seen_one { + result.double_in_place(cs.ns(|| "Double"))?; + } else { + seen_one = b; + } + + if b { + result = if old_seen_one { + result.add(cs.ns(|| "Add"), &ge)? } else { - seen_one = b; - } - - if b { - result = if old_seen_one { - result.add(cs.ns(|| "Add"), &ge)? - } else { - ge.clone() - }; - } + ge.clone() + }; } - let neg_ge = ge.negate(cs.ns(|| "Negate ge"))?; - neg_ge.enforce_equal(cs.ns(|| "Check equals"), &result)?; - Ok(ge) } - }; + let neg_ge = ge.negate(cs.ns(|| "Negate ge"))?; + neg_ge.enforce_equal(cs.ns(|| "Check equals"), &result)?; + Ok(ge) + } + }; - let ge = alloc_and_prime_order_check( - cs.ns(|| "alloc and prime order check"), - value_gen - )?; + let ge = + alloc_and_prime_order_check(cs.ns(|| "alloc and prime order check"), value_gen)?; Ok(ge) } @@ -1306,7 +1303,7 @@ mod projective_impl { Ok(ge) => { let ge = ge.borrow().into_affine(); (Ok(ge.x), Ok(ge.y)) - }, + } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), @@ -1338,19 +1335,19 @@ mod projective_impl { } } - impl ConstantGadget, ConstraintF> for AffineGadget - where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, - Self: GroupGadget, ConstraintF>, + impl ConstantGadget, ConstraintF> + for AffineGadget + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, + Self: GroupGadget, ConstraintF>, { #[inline] fn from_value>( mut cs: CS, value: &TEProjective

, - ) -> Self - { + ) -> Self { let value = value.into_affine(); let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); @@ -1359,11 +1356,10 @@ mod projective_impl { } #[inline] - fn get_constant(&self) ->TEProjective

{ - let value_proj = TEAffine::

::new( - self.x.get_value().unwrap(), - self.y.get_value().unwrap(), - ).into_projective(); + fn get_constant(&self) -> TEProjective

{ + let value_proj = + TEAffine::

::new(self.x.get_value().unwrap(), self.y.get_value().unwrap()) + .into_projective(); let x = value_proj.x; let y = value_proj.y; let t = value_proj.t; @@ -1406,10 +1402,10 @@ where fn is_eq>( &self, mut cs: CS, - other: &Self + other: &Self, ) -> Result { let b0 = self.x.is_eq(cs.ns(|| "x"), &other.x)?; - let b1 = self.y.is_eq(cs.ns(|| "y"),&other.y)?; + let b1 = self.y.is_eq(cs.ns(|| "y"), &other.y)?; Boolean::and(cs.ns(|| "x AND y"), &b0, &b1) } @@ -1418,10 +1414,12 @@ where &self, mut cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { - self.x.conditional_enforce_equal(cs.ns(|| "x"),&other.x, should_enforce)?; - self.y.conditional_enforce_equal(cs.ns(|| "y"),&other.y, should_enforce)?; + self.x + .conditional_enforce_equal(cs.ns(|| "x"), &other.x, should_enforce)?; + self.y + .conditional_enforce_equal(cs.ns(|| "y"), &other.y, should_enforce)?; Ok(()) } @@ -1430,11 +1428,18 @@ where &self, mut cs: CS, other: &Self, - should_enforce: &Boolean + should_enforce: &Boolean, ) -> Result<(), SynthesisError> { let is_equal = self.is_eq(cs.ns(|| "is_eq(self, other)"), other)?; - Boolean::and(cs.ns(|| "is_equal AND should_enforce"), &is_equal, should_enforce)? - .enforce_equal(cs.ns(|| "is_equal AND should_enforce == false"), &Boolean::Constant(false)) + Boolean::and( + cs.ns(|| "is_equal AND should_enforce"), + &is_equal, + should_enforce, + )? + .enforce_equal( + cs.ns(|| "is_equal AND should_enforce == false"), + &Boolean::Constant(false), + ) } } @@ -1497,19 +1502,17 @@ where #[cfg(test)] #[allow(dead_code)] pub(crate) fn test() - where - ConstraintF: Field, - P: TEModelParameters, - GG: GroupGadget, ConstraintF, Value = TEAffine

>, +where + ConstraintF: Field, + P: TEModelParameters, + GG: GroupGadget, ConstraintF, Value = TEAffine

>, { use crate::{ boolean::AllocatedBit, groups::test::group_test, prelude::*, test_constraint_system::TestConstraintSystem, }; use algebra::{Group, PrimeField, UniformRand}; - use rand::{ - thread_rng, Rng - }; + use rand::{thread_rng, Rng}; group_test::, GG>(); @@ -1557,5 +1560,3 @@ pub(crate) fn test() assert_eq!(add_cost, GG::cost_of_add()); assert!(cs.is_satisfied()); } - - diff --git a/r1cs/gadgets/std/src/groups/mod.rs b/r1cs/gadgets/std/src/groups/mod.rs index e255969bb..7c46672cd 100644 --- a/r1cs/gadgets/std/src/groups/mod.rs +++ b/r1cs/gadgets/std/src/groups/mod.rs @@ -28,7 +28,8 @@ pub trait GroupGadget: fn zero>(cs: CS) -> Result; - fn is_zero>(&self, cs: CS) -> Result; + fn is_zero>(&self, cs: CS) + -> Result; fn add>( &self, @@ -185,12 +186,7 @@ pub(crate) mod test { use rand::thread_rng; #[allow(dead_code)] - pub(crate) fn group_test< - ConstraintF: Field, - G: Group, - GG: GroupGadget, - >() - { + pub(crate) fn group_test>() { let mut cs = TestConstraintSystem::::new(); let a: G = UniformRand::rand(&mut thread_rng()); @@ -246,8 +242,7 @@ pub(crate) mod test { ConstraintF: Field, G: Group, GG: GroupGadget, - >() - { + >() { let mut cs = TestConstraintSystem::::new(); let a: G = UniformRand::rand(&mut thread_rng()); @@ -277,8 +272,11 @@ pub(crate) mod test { a2.double_in_place(cs.ns(|| "2a")).unwrap(); let a2_b = a2.add(cs.ns(|| "2a + b"), &b).unwrap(); - let a_b_a = a.add(cs.ns(|| "a + b"), &b).unwrap() - .add(cs.ns(|| "a + b + a"), &a).unwrap(); + let a_b_a = a + .add(cs.ns(|| "a + b"), &b) + .unwrap() + .add(cs.ns(|| "a + b + a"), &a) + .unwrap(); assert_eq!(a2_b, a_b_a); // (b.double() + a) = (b + a) + b: Testing double() using a as shift @@ -286,8 +284,11 @@ pub(crate) mod test { b2.double_in_place(cs.ns(|| "2b")).unwrap(); let b2_a = b2.add(cs.ns(|| "2b + a"), &a).unwrap(); - let b_a_b = b.add(cs.ns(|| "b + a"), &a).unwrap() - .add(cs.ns(|| "b + a + b"), &b).unwrap(); + let b_a_b = b + .add(cs.ns(|| "b + a"), &a) + .unwrap() + .add(cs.ns(|| "b + a + b"), &b) + .unwrap(); assert_eq!(b2_a, b_a_b); let _ = a.to_bytes(&mut cs.ns(|| "ToBytes")).unwrap(); @@ -298,4 +299,4 @@ pub(crate) mod test { .to_bytes_strict(&mut cs.ns(|| "b ToBytes Strict")) .unwrap(); } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/instantiated/bls12_377/curves.rs b/r1cs/gadgets/std/src/instantiated/bls12_377/curves.rs index 280572d70..50b3b8f55 100644 --- a/r1cs/gadgets/std/src/instantiated/bls12_377/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/bls12_377/curves.rs @@ -12,10 +12,6 @@ pub type G2PreparedGadget = Bls12G2PreparedGadget; #[test] fn test() { - crate::groups::test::group_test_with_unsafe_add::< - _, _, G1Gadget, - >(); - crate::groups::test::group_test_with_unsafe_add::< - _, _, G2Gadget, - >(); + crate::groups::test::group_test_with_unsafe_add::<_, _, G1Gadget>(); + crate::groups::test::group_test_with_unsafe_add::<_, _, G2Gadget>(); } diff --git a/r1cs/gadgets/std/src/instantiated/bls12_377/pairing.rs b/r1cs/gadgets/std/src/instantiated/bls12_377/pairing.rs index a150a07ac..7fb9a11b9 100644 --- a/r1cs/gadgets/std/src/instantiated/bls12_377/pairing.rs +++ b/r1cs/gadgets/std/src/instantiated/bls12_377/pairing.rs @@ -4,5 +4,6 @@ pub type PairingGadget = crate::pairing::bls12::PairingGadget; #[test] fn test() { - crate::pairing::tests::bilinearity_test::() + crate::pairing::tests::bilinearity_test::( + ) } diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/curves.rs b/r1cs/gadgets/std/src/instantiated/bn_382/curves.rs index de66da2ec..80fe7dbbf 100644 --- a/r1cs/gadgets/std/src/instantiated/bn_382/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/bn_382/curves.rs @@ -9,10 +9,6 @@ pub type G2PreparedGadget = bn::G2PreparedGadget; #[test] fn test() { - crate::groups::test::group_test_with_unsafe_add::< - _, _, G1Gadget, - >(); - crate::groups::test::group_test_with_unsafe_add::< - _, _, G2Gadget, - >(); + crate::groups::test::group_test_with_unsafe_add::<_, _, G1Gadget>(); + crate::groups::test::group_test_with_unsafe_add::<_, _, G2Gadget>(); } diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/g/curves.rs b/r1cs/gadgets/std/src/instantiated/bn_382/g/curves.rs index da65c7e6d..bda1f5d5a 100644 --- a/r1cs/gadgets/std/src/instantiated/bn_382/g/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/bn_382/g/curves.rs @@ -1,18 +1,9 @@ -use crate::{ - bn_382::g::FqGadget, - groups::curves::short_weierstrass::AffineGadget -}; -use algebra::{ - fields::bn_382::Fr, - curves::bn_382::g::Bn382GParameters, -}; +use crate::{bn_382::g::FqGadget, groups::curves::short_weierstrass::AffineGadget}; +use algebra::{curves::bn_382::g::Bn382GParameters, fields::bn_382::Fr}; pub type Bn382GGadget = AffineGadget; - #[test] fn test() { - crate::groups::test::group_test_with_unsafe_add::< - _, _, Bn382GGadget - >(); + crate::groups::test::group_test_with_unsafe_add::<_, _, Bn382GGadget>(); } diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/mod.rs b/r1cs/gadgets/std/src/instantiated/bn_382/mod.rs index 49d77c9c2..e67f27116 100644 --- a/r1cs/gadgets/std/src/instantiated/bn_382/mod.rs +++ b/r1cs/gadgets/std/src/instantiated/bn_382/mod.rs @@ -1,7 +1,7 @@ mod curves; mod fields; -mod pairing; pub mod g; +mod pairing; pub use curves::*; pub use fields::*; diff --git a/r1cs/gadgets/std/src/instantiated/edwards_bls12/curves.rs b/r1cs/gadgets/std/src/instantiated/edwards_bls12/curves.rs index eb6e2f13f..c92042750 100644 --- a/r1cs/gadgets/std/src/instantiated/edwards_bls12/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/edwards_bls12/curves.rs @@ -1,8 +1,5 @@ use crate::groups::curves::twisted_edwards::AffineGadget; -use algebra::{ - fields::edwards_bls12::fq::Fq, - curves::edwards_bls12::EdwardsParameters, -}; +use algebra::{curves::edwards_bls12::EdwardsParameters, fields::edwards_bls12::fq::Fq}; use crate::edwards_bls12::FqGadget; diff --git a/r1cs/gadgets/std/src/instantiated/edwards_bls12/fields.rs b/r1cs/gadgets/std/src/instantiated/edwards_bls12/fields.rs index 9e323d882..8b303461e 100644 --- a/r1cs/gadgets/std/src/instantiated/edwards_bls12/fields.rs +++ b/r1cs/gadgets/std/src/instantiated/edwards_bls12/fields.rs @@ -6,7 +6,7 @@ pub type FqGadget = FpGadget; #[test] fn test() { use crate::fields::tests::*; - + field_test::<_, Fq, FqGadget>(); frobenius_tests::(13); equ_verdict_fp_gadget_test::(); diff --git a/r1cs/gadgets/std/src/instantiated/edwards_sw6/curves.rs b/r1cs/gadgets/std/src/instantiated/edwards_sw6/curves.rs index 19ece3a8d..ce42c4720 100644 --- a/r1cs/gadgets/std/src/instantiated/edwards_sw6/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/edwards_sw6/curves.rs @@ -1,8 +1,5 @@ use crate::groups::curves::twisted_edwards::AffineGadget; -use algebra::{ - fields::edwards_sw6::fq::Fq, - curves::edwards_sw6::EdwardsParameters, -}; +use algebra::{curves::edwards_sw6::EdwardsParameters, fields::edwards_sw6::fq::Fq}; use crate::edwards_sw6::FqGadget; diff --git a/r1cs/gadgets/std/src/instantiated/jubjub/curves.rs b/r1cs/gadgets/std/src/instantiated/jubjub/curves.rs index e9c6dd6b1..16a8f06b6 100644 --- a/r1cs/gadgets/std/src/instantiated/jubjub/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/jubjub/curves.rs @@ -1,8 +1,5 @@ use crate::groups::curves::twisted_edwards::AffineGadget; -use algebra::{ - fields::jubjub::fq::Fq, - curves::jubjub::JubJubParameters, -}; +use algebra::{curves::jubjub::JubJubParameters, fields::jubjub::fq::Fq}; use crate::jubjub::FqGadget; diff --git a/r1cs/gadgets/std/src/instantiated/mnt4_753/curves.rs b/r1cs/gadgets/std/src/instantiated/mnt4_753/curves.rs index e37652626..14be2e7d9 100644 --- a/r1cs/gadgets/std/src/instantiated/mnt4_753/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/mnt4_753/curves.rs @@ -9,10 +9,6 @@ pub type G2PreparedGadget = mnt4::G2PreparedGadget; #[test] fn test() { - crate::groups::test::group_test_with_unsafe_add::< - _, _, G1Gadget, - >(); - crate::groups::test::group_test_with_unsafe_add::< - _, _, G2Gadget, - >(); + crate::groups::test::group_test_with_unsafe_add::<_, _, G1Gadget>(); + crate::groups::test::group_test_with_unsafe_add::<_, _, G2Gadget>(); } diff --git a/r1cs/gadgets/std/src/instantiated/mnt6_753/curves.rs b/r1cs/gadgets/std/src/instantiated/mnt6_753/curves.rs index cd16a777d..176a14486 100644 --- a/r1cs/gadgets/std/src/instantiated/mnt6_753/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/mnt6_753/curves.rs @@ -9,10 +9,6 @@ pub type G2PreparedGadget = mnt6::G2PreparedGadget; #[test] fn test() { - crate::groups::test::group_test_with_unsafe_add::< - _, _, G2Gadget, - >(); - crate::groups::test::group_test_with_unsafe_add::< - _, _, G2Gadget, - >(); + crate::groups::test::group_test_with_unsafe_add::<_, _, G2Gadget>(); + crate::groups::test::group_test_with_unsafe_add::<_, _, G2Gadget>(); } diff --git a/r1cs/gadgets/std/src/instantiated/tweedle/curves.rs b/r1cs/gadgets/std/src/instantiated/tweedle/curves.rs index 42779b9f5..a02d068bf 100644 --- a/r1cs/gadgets/std/src/instantiated/tweedle/curves.rs +++ b/r1cs/gadgets/std/src/instantiated/tweedle/curves.rs @@ -1,28 +1,21 @@ -use algebra::{ - fields::tweedle::{Fq, Fr}, - curves::tweedle::{ - dee::TweedledeeParameters, - dum::TweedledumParameters, - } -}; use crate::{ groups::curves::short_weierstrass::short_weierstrass_jacobian::AffineGadget, instantiated::tweedle::{FqGadget, FrGadget}, }; +use algebra::{ + curves::tweedle::{dee::TweedledeeParameters, dum::TweedledumParameters}, + fields::tweedle::{Fq, Fr}, +}; pub type TweedleDeeGadget = AffineGadget; pub type TweedleDumGadget = AffineGadget; #[test] fn test_dee() { - crate::groups::test::group_test_with_unsafe_add::< - _, _, TweedleDeeGadget - >(); + crate::groups::test::group_test_with_unsafe_add::<_, _, TweedleDeeGadget>(); } #[test] fn test_dum() { - crate::groups::test::group_test_with_unsafe_add::< - _, _, TweedleDumGadget - >(); -} \ No newline at end of file + crate::groups::test::group_test_with_unsafe_add::<_, _, TweedleDumGadget>(); +} diff --git a/r1cs/gadgets/std/src/instantiated/tweedle/fields.rs b/r1cs/gadgets/std/src/instantiated/tweedle/fields.rs index 245391285..4b7c1acde 100644 --- a/r1cs/gadgets/std/src/instantiated/tweedle/fields.rs +++ b/r1cs/gadgets/std/src/instantiated/tweedle/fields.rs @@ -1,5 +1,5 @@ -use algebra::fields::tweedle::{Fq, Fr}; use crate::fields::fp::FpGadget; +use algebra::fields::tweedle::{Fq, Fr}; pub type FqGadget = FpGadget; pub type FrGadget = FpGadget; @@ -24,4 +24,4 @@ fn test_fr() { equ_verdict_fp_gadget_test::(); from_bits_fp_gadget_test::(); bit_fp_gadgets_test::(); -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/instantiated/tweedle/mod.rs b/r1cs/gadgets/std/src/instantiated/tweedle/mod.rs index 5d9009b45..cd5e75810 100644 --- a/r1cs/gadgets/std/src/instantiated/tweedle/mod.rs +++ b/r1cs/gadgets/std/src/instantiated/tweedle/mod.rs @@ -2,4 +2,4 @@ mod curves; mod fields; pub use curves::*; -pub use fields::*; \ No newline at end of file +pub use fields::*; diff --git a/r1cs/gadgets/std/src/lib.rs b/r1cs/gadgets/std/src/lib.rs index 5a5b8a464..9bf736286 100644 --- a/r1cs/gadgets/std/src/lib.rs +++ b/r1cs/gadgets/std/src/lib.rs @@ -60,11 +60,12 @@ pub mod to_field_gadget_vec; pub mod prelude { pub use crate::{ alloc::*, - bits::{boolean::Boolean, uint32::UInt32, uint8::UInt8, ToBitsGadget, FromBitsGadget, ToBytesGadget}, - eq::*, - fields::{ - FieldGadget, quadratic_extension::*, cubic_extension::*, + bits::{ + boolean::Boolean, uint32::UInt32, uint8::UInt8, FromBitsGadget, ToBitsGadget, + ToBytesGadget, }, + eq::*, + fields::{cubic_extension::*, quadratic_extension::*, FieldGadget}, groups::GroupGadget, pairing::PairingGadget, select::*, diff --git a/r1cs/gadgets/std/src/pairing/bls12/mod.rs b/r1cs/gadgets/std/src/pairing/bls12/mod.rs index 79cf9d083..6c3c97d69 100644 --- a/r1cs/gadgets/std/src/pairing/bls12/mod.rs +++ b/r1cs/gadgets/std/src/pairing/bls12/mod.rs @@ -3,7 +3,7 @@ use r1cs_core::{ConstraintSystem, SynthesisError}; use super::PairingGadget as PG; use crate::{ - fields::{fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, FieldGadget, quadratic_extension::*}, + fields::{fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, quadratic_extension::*, FieldGadget}, groups::bls12::{G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget}, }; use algebra::{ @@ -36,7 +36,7 @@ impl PairingGadget

{ c1.c1 = c1.c1.mul(cs.ns(|| "mul c1.c1"), &p.x)?; *f = f.mul_by_014(cs.ns(|| "sparse mul f"), &c0, &c1, &c2)?; Ok(()) - }, + } TwistType::D => { let c0 = Fp2G::

::new(p.y.clone(), zero.clone()); let mut c1 = coeffs.0.clone(); @@ -46,7 +46,7 @@ impl PairingGadget

{ c1.c1 = c1.c1.mul(cs.ns(|| "mul c1.c1"), &p.x)?; *f = f.mul_by_034(cs.ns(|| "sparse mul f"), &c0, &c1, &c2)?; Ok(()) - }, + } } } @@ -62,8 +62,7 @@ impl PairingGadget

{ } } -impl PG, P::Fp> for PairingGadget

-{ +impl PG, P::Fp> for PairingGadget

{ type G1Gadget = G1Gadget

; type G2Gadget = G2Gadget

; type G1PreparedGadget = G1PreparedGadget

; @@ -134,12 +133,18 @@ impl PG, P::Fp> for PairingGadget

// Hard part of the final exponentation is below: // From https://eprint.iacr.org/2016/130.pdf, Table 1 - let mut y0 = Fp12ParamsWrapper::::cyclotomic_square_gadget(cs.ns(|| "cyclotomic_sq 1"), &r)?; + let mut y0 = Fp12ParamsWrapper::::cyclotomic_square_gadget( + cs.ns(|| "cyclotomic_sq 1"), + &r, + )?; y0.conjugate_in_place(&mut cs.ns(|| "conjugate 2"))?; let mut y5 = Self::exp_by_x(&mut cs.ns(|| "exp_by_x 1"), &r)?; - let mut y1 = Fp12ParamsWrapper::::cyclotomic_square_gadget(cs.ns(|| "square 1"), &y5)?; + let mut y1 = Fp12ParamsWrapper::::cyclotomic_square_gadget( + cs.ns(|| "square 1"), + &y5, + )?; let mut y3 = y0.mul(&mut cs.ns(|| "mul 1"), &y5)?; y0 = Self::exp_by_x(cs.ns(|| "exp_by_x 2"), &y3)?; let y2 = Self::exp_by_x(cs.ns(|| "exp_by_x 3"), &y0)?; diff --git a/r1cs/gadgets/std/src/pairing/bn/mod.rs b/r1cs/gadgets/std/src/pairing/bn/mod.rs index 278dc62a5..d4a5bc33e 100644 --- a/r1cs/gadgets/std/src/pairing/bn/mod.rs +++ b/r1cs/gadgets/std/src/pairing/bn/mod.rs @@ -4,14 +4,12 @@ use super::PairingGadget as PG; use crate::{ fields::{ - fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, FieldGadget, - quadratic_extension::QuadExtParametersGadget + fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, + quadratic_extension::QuadExtParametersGadget, FieldGadget, }, groups::bn::{G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget}, }; -use algebra::{ - fields::fp12_2over3over2::Fp12ParamsWrapper, curves::bn::*, -}; +use algebra::{curves::bn::*, fields::fp12_2over3over2::Fp12ParamsWrapper}; use std::marker::PhantomData; pub struct PairingGadget(PhantomData

); @@ -64,8 +62,7 @@ impl PairingGadget

{ } } -impl PG, P::Fp> for PairingGadget

-{ +impl PG, P::Fp> for PairingGadget

{ type G1Gadget = G1Gadget

; type G2Gadget = G2Gadget

; type G1PreparedGadget = G1PreparedGadget

; @@ -102,13 +99,13 @@ impl PG, P::Fp> for PairingGadget

let cs = cs.ns(|| format!("Addition input {}", k)); Self::ell(cs, &mut f, &coeffs.next().unwrap(), &p.0)?; } - }, + } -1 => { for (k, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { let cs = cs.ns(|| format!("Addition input {}", k)); Self::ell(cs, &mut f, &coeffs.next().unwrap(), &p.0)?; } - }, + } _ => continue, } } @@ -118,11 +115,21 @@ impl PG, P::Fp> for PairingGadget

} for (i, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - Self::ell(cs.ns(|| format!("Last addition step 1_{}", i)), &mut f, coeffs.next().unwrap(), &p.0)?; + Self::ell( + cs.ns(|| format!("Last addition step 1_{}", i)), + &mut f, + coeffs.next().unwrap(), + &p.0, + )?; } for (i, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - Self::ell(cs.ns(|| format!("Last addition step 2_{}", i)), &mut f, coeffs.next().unwrap(), &p.0)?; + Self::ell( + cs.ns(|| format!("Last addition step 2_{}", i)), + &mut f, + coeffs.next().unwrap(), + &p.0, + )?; } Ok(f) @@ -167,11 +174,20 @@ impl PG, P::Fp> for PairingGadget

// result = elt^( 2z * ( 6z^2 + 3z + 1 ) * (q^4 - q^2 + 1)/r ). let y0 = Self::exp_by_neg_x(cs.ns(|| "exp_by_neg_x_1"), &r)?; - let y1 = Fp12ParamsWrapper::::cyclotomic_square_gadget(cs.ns(|| "square_1"), &y0)?; - let y2 = Fp12ParamsWrapper::::cyclotomic_square_gadget(cs.ns(|| "square_2"), &y1)?; + let y1 = Fp12ParamsWrapper::::cyclotomic_square_gadget( + cs.ns(|| "square_1"), + &y0, + )?; + let y2 = Fp12ParamsWrapper::::cyclotomic_square_gadget( + cs.ns(|| "square_2"), + &y1, + )?; let mut y3 = y2.mul(cs.ns(|| "y3 = y2 * y1"), &y1)?; let y4 = Self::exp_by_neg_x(cs.ns(|| "exp_by_neg_x_2"), &y3)?; - let y5 = Fp12ParamsWrapper::::cyclotomic_square_gadget(cs.ns(|| "square_3"), &y4)?; + let y5 = Fp12ParamsWrapper::::cyclotomic_square_gadget( + cs.ns(|| "square_3"), + &y4, + )?; let mut y6 = Self::exp_by_neg_x(cs.ns(|| "exp_by_neg_x_3"), &y5)?; y3.conjugate_in_place(cs.ns(|| "conjugate 1"))?; y6.conjugate_in_place(cs.ns(|| "conjugate_2"))?; @@ -207,4 +223,4 @@ impl PG, P::Fp> for PairingGadget

) -> Result { Self::G2PreparedGadget::from_affine(cs, q) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/pairing/mnt4/mod.rs b/r1cs/gadgets/std/src/pairing/mnt4/mod.rs index 39d02d093..d8a9ec7d6 100644 --- a/r1cs/gadgets/std/src/pairing/mnt4/mod.rs +++ b/r1cs/gadgets/std/src/pairing/mnt4/mod.rs @@ -1,16 +1,19 @@ use r1cs_core::{ConstraintSystem, SynthesisError}; -use crate::{fields::{fp4::Fp4Gadget, FieldGadget}, groups::curves::short_weierstrass::mnt::mnt4::{G1Gadget, G2Gadget, G1PreparedGadget, G2PreparedGadget}, +use crate::{ + fields::{fp4::Fp4Gadget, FieldGadget}, + groups::curves::short_weierstrass::mnt::mnt4::{ + G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget, + }, }; use crate::pairing::PairingGadget; -use algebra::curves::models::mnt4::{MNT4p, MNT4Parameters}; +use algebra::curves::models::mnt4::{MNT4Parameters, MNT4p}; use std::marker::PhantomData; pub struct MNT4PairingGadget(PhantomData

); -impl PairingGadget, P::Fp> for MNT4PairingGadget

-{ +impl PairingGadget, P::Fp> for MNT4PairingGadget

{ type G1Gadget = G1Gadget

; type G2Gadget = G2Gadget

; type G1PreparedGadget = G1PreparedGadget

; @@ -21,13 +24,11 @@ impl PairingGadget, P::Fp> for MNT4PairingGadget

mut cs: CS, p: &[Self::G1PreparedGadget], q: &[Self::G2PreparedGadget], - ) -> Result - { + ) -> Result { let mut result = Self::GTGadget::one(cs.ns(|| "one"))?; let it = p.iter().zip(q.iter()); for (i, (ps, qs)) in it.into_iter().enumerate() { - let mut cs = cs.ns(|| format!("Pair_{}", i)); let mut f = Self::GTGadget::one(cs.ns(|| "f"))?; @@ -35,7 +36,6 @@ impl PairingGadget, P::Fp> for MNT4PairingGadget

let mut idx: usize = 0; for (j, &n) in P::WNAF.iter().rev().enumerate() { - let mut cs = cs.ns(|| format!("Iteration_{}", j)); let c = &qs.coeffs[idx]; @@ -45,9 +45,15 @@ impl PairingGadget, P::Fp> for MNT4PairingGadget

//Compute g_rr_at_p_c0 let g_rr_at_p_c0 = ps.clone().p_y_twist_squared; - let mut t = c.gamma.mul_by_constant(cs.ns(|| "double compute gamma_twist"), &P::TWIST)?; - t.mul_assign_by_base_field_gadget(cs.ns(|| "double gamma_twist * ps.p.x"), &ps.p.x)?; - let g_rr_at_p_c1 = c.gamma_x + let mut t = c + .gamma + .mul_by_constant(cs.ns(|| "double compute gamma_twist"), &P::TWIST)?; + t.mul_assign_by_base_field_gadget( + cs.ns(|| "double gamma_twist * ps.p.x"), + &ps.p.x, + )?; + let g_rr_at_p_c1 = c + .gamma_x .sub(cs.ns(|| "gamma_x - r_y"), &c.r_y)? .sub(cs.ns(|| "gamma_x - r_y - t"), &t)?; @@ -55,7 +61,9 @@ impl PairingGadget, P::Fp> for MNT4PairingGadget

let g_rr_at_p = Self::GTGadget::new(g_rr_at_p_c0.clone(), g_rr_at_p_c1); //Compute new_f - f = f.square(cs.ns(|| "f^2"))?.mul_by_023(cs.ns(||"double compute f"), &g_rr_at_p)?; + f = f + .square(cs.ns(|| "f^2"))? + .mul_by_023(cs.ns(|| "double compute f"), &g_rr_at_p)?; if n != 0 { //Addition Step @@ -66,11 +74,17 @@ impl PairingGadget, P::Fp> for MNT4PairingGadget

//Compute g_rq_at_p_c1 let neg_q_y = qs.q.y.negate(cs.ns(|| "- q.y"))?; - let q_y = if n > 0 {qs.clone().q.y} else {neg_q_y}; - - let mut t = c.gamma.mul_by_constant(cs.ns(|| "add compute gamma_twist"), &P::TWIST)?; - t.mul_assign_by_base_field_gadget(cs.ns(|| "add gamma_twist * ps.p.x"), &ps.p.x)?; - let g_rq_at_p_c1 = c.gamma_x + let q_y = if n > 0 { qs.clone().q.y } else { neg_q_y }; + + let mut t = c + .gamma + .mul_by_constant(cs.ns(|| "add compute gamma_twist"), &P::TWIST)?; + t.mul_assign_by_base_field_gadget( + cs.ns(|| "add gamma_twist * ps.p.x"), + &ps.p.x, + )?; + let g_rq_at_p_c1 = c + .gamma_x .sub(cs.ns(|| "gamma_x - q_y"), &q_y)? .sub(cs.ns(|| "gamma_x - q_y - t"), &t)?; @@ -78,7 +92,7 @@ impl PairingGadget, P::Fp> for MNT4PairingGadget

let g_rq_at_p = Self::GTGadget::new(g_rq_at_p_c0, g_rq_at_p_c1); //Compute and check f - f = f.mul_by_023(cs.ns(||"add compute f"), &g_rq_at_p)?; + f = f.mul_by_023(cs.ns(|| "add compute f"), &g_rq_at_p)?; } } if P::ATE_IS_LOOP_COUNT_NEG { @@ -92,51 +106,56 @@ impl PairingGadget, P::Fp> for MNT4PairingGadget

fn final_exponentiation>( mut cs: CS, value: &Self::GTGadget, - ) -> Result{ + ) -> Result { let value_inv = value.inverse(cs.ns(|| "value_inverse"))?; //Final exp first chunk //use the Frobenius map a to compute value^(q^2-1) - let elt = value.clone() + let elt = value + .clone() .frobenius_map(cs.ns(|| "value_frobenius_2"), 2)? .mul(cs.ns(|| "value_frobenius_2_div_value"), &value_inv)?; //Final exp last chunk (p^2 +1)/r = m_1*q + m_0, m_0 can be signed. //compute elt^q - let elt_q = elt.clone() + let elt_q = elt + .clone() .frobenius_map(cs.ns(|| "elt_q_frobenius_1"), 1)?; //compute elt^{m1*q} - let w1_part = elt_q - .cyclotomic_exp(cs.ns(|| "compute w1"), P::FINAL_EXPONENT_LAST_CHUNK_1)?; + let w1_part = + elt_q.cyclotomic_exp(cs.ns(|| "compute w1"), P::FINAL_EXPONENT_LAST_CHUNK_1)?; let w0_part = if P::FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG { // we need the inverse of elt in this case, by recomputing first chunk exp let elt_inv = value_inv .frobenius_map(cs.ns(|| "value_inv_frobenius_2"), 2)? .mul(cs.ns(|| "value_inv_frobenius_2_div_value"), &value)?; - elt_inv.cyclotomic_exp(cs.ns(|| "compute w0"),P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0) + elt_inv.cyclotomic_exp( + cs.ns(|| "compute w0"), + P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0, + ) } else { - elt.cyclotomic_exp(cs.ns(|| "compute w0"),P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0) + elt.cyclotomic_exp( + cs.ns(|| "compute w0"), + P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0, + ) }?; w1_part.mul(cs.ns(|| "w0 * w1"), &w0_part) - } fn prepare_g1>( cs: CS, q: &Self::G1Gadget, - ) -> Result - { + ) -> Result { Self::G1PreparedGadget::from_affine(cs, q) } fn prepare_g2>( cs: CS, q: &Self::G2Gadget, - ) -> Result - { + ) -> Result { Self::G2PreparedGadget::from_affine(cs, q) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/pairing/mnt6/mod.rs b/r1cs/gadgets/std/src/pairing/mnt6/mod.rs index fcbf419d0..8b1b00524 100644 --- a/r1cs/gadgets/std/src/pairing/mnt6/mod.rs +++ b/r1cs/gadgets/std/src/pairing/mnt6/mod.rs @@ -1,15 +1,19 @@ use r1cs_core::{ConstraintSystem, SynthesisError}; -use crate::{fields::{fp6_2over3::Fp6Gadget, FieldGadget}, groups::curves::short_weierstrass::mnt::mnt6::{G1Gadget, G2Gadget, G1PreparedGadget, G2PreparedGadget}}; +use crate::{ + fields::{fp6_2over3::Fp6Gadget, FieldGadget}, + groups::curves::short_weierstrass::mnt::mnt6::{ + G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget, + }, +}; use crate::pairing::PairingGadget; -use algebra::curves::models::mnt6::{MNT6p, MNT6Parameters}; +use algebra::curves::models::mnt6::{MNT6Parameters, MNT6p}; use std::marker::PhantomData; pub struct MNT6PairingGadget(PhantomData

); -impl PairingGadget, P::Fp> for MNT6PairingGadget

-{ +impl PairingGadget, P::Fp> for MNT6PairingGadget

{ type G1Gadget = G1Gadget

; type G2Gadget = G2Gadget

; type G1PreparedGadget = G1PreparedGadget

; @@ -20,13 +24,11 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

mut cs: CS, p: &[Self::G1PreparedGadget], q: &[Self::G2PreparedGadget], - ) -> Result - { + ) -> Result { let mut result = Self::GTGadget::one(cs.ns(|| "one"))?; let it = p.iter().zip(q.iter()); for (i, (ps, qs)) in it.into_iter().enumerate() { - let mut cs = cs.ns(|| format!("Pair_{}", i)); let mut f = Self::GTGadget::one(cs.ns(|| "f"))?; @@ -34,7 +36,6 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

let mut idx: usize = 0; for (j, &n) in P::WNAF.iter().rev().enumerate() { - let mut cs = cs.ns(|| format!("Iteration_{}", j)); let c = &qs.coeffs[idx]; @@ -44,9 +45,15 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

//Compute g_rr_at_p_c0 let g_rr_at_p_c0 = ps.clone().p_y_twist_squared; - let mut t = c.gamma.mul_by_constant(cs.ns(|| "double compute gamma_twist"), &P::TWIST)?; - t.mul_assign_by_base_field_gadget(cs.ns(|| "double gamma_twist * ps.p.x"), &ps.p.x)?; - let g_rr_at_p_c1 = c.gamma_x + let mut t = c + .gamma + .mul_by_constant(cs.ns(|| "double compute gamma_twist"), &P::TWIST)?; + t.mul_assign_by_base_field_gadget( + cs.ns(|| "double gamma_twist * ps.p.x"), + &ps.p.x, + )?; + let g_rr_at_p_c1 = c + .gamma_x .sub(cs.ns(|| "gamma_x - r_y"), &c.r_y)? .sub(cs.ns(|| "gamma_x - r_y - t"), &t)?; @@ -54,7 +61,9 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

let g_rr_at_p = Self::GTGadget::new(g_rr_at_p_c0.clone(), g_rr_at_p_c1); //Compute new_f - f = f.square(cs.ns(|| "f^2"))?.mul_by_2345(cs.ns(|| "double compute f"), &g_rr_at_p)?; + f = f + .square(cs.ns(|| "f^2"))? + .mul_by_2345(cs.ns(|| "double compute f"), &g_rr_at_p)?; if n != 0 { //Addition Step @@ -65,11 +74,17 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

//Compute g_rq_at_p_c1 let neg_q_y = qs.q.y.negate(cs.ns(|| "- q.y"))?; - let q_y = if n > 0 {qs.clone().q.y} else {neg_q_y}; - - let mut t = c.gamma.mul_by_constant(cs.ns(|| "add compute gamma_twist"), &P::TWIST)?; - t.mul_assign_by_base_field_gadget(cs.ns(|| "add gamma_twist * ps.p.x"), &ps.p.x)?; - let g_rq_at_p_c1 = c.gamma_x + let q_y = if n > 0 { qs.clone().q.y } else { neg_q_y }; + + let mut t = c + .gamma + .mul_by_constant(cs.ns(|| "add compute gamma_twist"), &P::TWIST)?; + t.mul_assign_by_base_field_gadget( + cs.ns(|| "add gamma_twist * ps.p.x"), + &ps.p.x, + )?; + let g_rq_at_p_c1 = c + .gamma_x .sub(cs.ns(|| "gamma_x - q_y"), &q_y)? .sub(cs.ns(|| "gamma_x - q_y - t"), &t)?; @@ -77,7 +92,7 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

let g_rq_at_p = Self::GTGadget::new(g_rq_at_p_c0, g_rq_at_p_c1); //Compute new f - f = f.mul_by_2345(cs.ns(||"add compute f"), &g_rq_at_p)?; + f = f.mul_by_2345(cs.ns(|| "add compute f"), &g_rq_at_p)?; } } if P::ATE_IS_LOOP_COUNT_NEG { @@ -91,13 +106,14 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

fn final_exponentiation>( mut cs: CS, value: &Self::GTGadget, - ) -> Result{ + ) -> Result { let value_inv = value.inverse(cs.ns(|| "value_inverse"))?; //Final exp first chunk //use the Frobenius map a to compute value^{(q^3-1)(q-1)} let elt = { - let elt_q3_over_elt = value.clone() + let elt_q3_over_elt = value + .clone() .frobenius_map(cs.ns(|| "elt^(q^3)"), 3)? .mul(cs.ns(|| "elt^(q^3-1)"), &value_inv)?; elt_q3_over_elt @@ -107,11 +123,12 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

//Final exp last chunk (q^2 -q +1)/r = m_1*q + m_0, m_0 can be signed. //compute elt^q - let elt_q = elt.clone() + let elt_q = elt + .clone() .frobenius_map(cs.ns(|| "elt_q_frobenius_1"), 1)?; - let w1_part = elt_q - .cyclotomic_exp(cs.ns(|| "compute w1"), P::FINAL_EXPONENT_LAST_CHUNK_1)?; + let w1_part = + elt_q.cyclotomic_exp(cs.ns(|| "compute w1"), P::FINAL_EXPONENT_LAST_CHUNK_1)?; let w0_part = if P::FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG { // we need the inverse of elt in this case, by recomputing first chunk exp @@ -123,28 +140,31 @@ impl PairingGadget, P::Fp> for MNT6PairingGadget

.frobenius_map(cs.ns(|| "elt_inv^((q^3-1) * q)"), 1)? .mul(cs.ns(|| "elt_inv^((q^3-1)*(q+1)"), &elt_inv_q3_over_elt_inv)? }; - elt_inv.cyclotomic_exp(cs.ns(|| "compute w0"),P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0) + elt_inv.cyclotomic_exp( + cs.ns(|| "compute w0"), + P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0, + ) } else { - elt.cyclotomic_exp(cs.ns(|| "compute w0"),P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0) + elt.cyclotomic_exp( + cs.ns(|| "compute w0"), + P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0, + ) }?; w1_part.mul(cs.ns(|| "w0 * w1"), &w0_part) - } fn prepare_g1>( cs: CS, q: &Self::G1Gadget, - ) -> Result - { + ) -> Result { Self::G1PreparedGadget::from_affine(cs, q) } fn prepare_g2>( cs: CS, q: &Self::G2Gadget, - ) -> Result - { + ) -> Result { Self::G2PreparedGadget::from_affine(cs, q) } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/pairing/mod.rs b/r1cs/gadgets/std/src/pairing/mod.rs index e08a05a6a..83ff9b02e 100644 --- a/r1cs/gadgets/std/src/pairing/mod.rs +++ b/r1cs/gadgets/std/src/pairing/mod.rs @@ -8,17 +8,13 @@ pub mod bn; pub mod mnt4; pub mod mnt6; - pub trait PairingGadget { - type G1Gadget: GroupGadget; type G2Gadget: GroupGadget; - type G1PreparedGadget: - ToBytesGadget + Clone + Debug; + type G1PreparedGadget: ToBytesGadget + Clone + Debug; - type G2PreparedGadget: - ToBytesGadget + Clone + Debug; + type G2PreparedGadget: ToBytesGadget + Clone + Debug; type GTGadget: FieldGadget + Clone; @@ -66,9 +62,7 @@ pub trait PairingGadget { #[cfg(test)] pub(crate) mod tests { - use crate::{ - bits::boolean::Boolean, prelude::*, test_constraint_system::TestConstraintSystem, - }; + use crate::{bits::boolean::Boolean, prelude::*, test_constraint_system::TestConstraintSystem}; use algebra::{BitIterator, Field, Group, PairingEngine, PrimeField, UniformRand}; use r1cs_core::ConstraintSystem; use rand; @@ -160,4 +154,4 @@ pub(crate) mod tests { } assert!(cs.is_satisfied(), "cs is not satisfied"); } -} \ No newline at end of file +} diff --git a/r1cs/gadgets/std/src/select.rs b/r1cs/gadgets/std/src/select.rs index 59f2737be..c34f8004e 100644 --- a/r1cs/gadgets/std/src/select.rs +++ b/r1cs/gadgets/std/src/select.rs @@ -29,16 +29,18 @@ where constants: &[Self::TableConstant], ) -> Result; - fn two_bit_lookup_lc> - ( cs: CS, + fn two_bit_lookup_lc>( + cs: CS, precomp: &Boolean, b: &[Boolean], - c: &[Self::TableConstant] + c: &[Self::TableConstant], ) -> Result; fn cost() -> usize; - fn cost_of_lc() -> usize { 0 } + fn cost_of_lc() -> usize { + 0 + } } /// Uses three bits to perform a lookup into a table, where the last bit diff --git a/r1cs/gadgets/std/src/test_constraint_system.rs b/r1cs/gadgets/std/src/test_constraint_system.rs index 3d61be76f..3de0159df 100644 --- a/r1cs/gadgets/std/src/test_constraint_system.rs +++ b/r1cs/gadgets/std/src/test_constraint_system.rs @@ -12,7 +12,7 @@ enum NamedObject { /// Constraint system for testing purposes. pub struct TestConstraintSystem { - named_objects: Trie, + named_objects: Trie, current_namespace: Vec, pub constraints: Vec<( LinearCombination, @@ -20,8 +20,8 @@ pub struct TestConstraintSystem { LinearCombination, String, )>, - inputs: Vec<(ConstraintF, String)>, - aux: Vec<(ConstraintF, String)>, + inputs: Vec<(ConstraintF, String)>, + aux: Vec<(ConstraintF, String)>, } impl TestConstraintSystem { @@ -55,11 +55,11 @@ impl TestConstraintSystem { ); TestConstraintSystem { - named_objects: map, + named_objects: map, current_namespace: vec![], - constraints: vec![], - inputs: vec![(ConstraintF::one(), "ONE".into())], - aux: vec![], + constraints: vec![], + inputs: vec![(ConstraintF::one(), "ONE".into())], + aux: vec![], } } diff --git a/r1cs/gadgets/std/src/to_field_gadget_vec.rs b/r1cs/gadgets/std/src/to_field_gadget_vec.rs index bc75fb019..49f921668 100644 --- a/r1cs/gadgets/std/src/to_field_gadget_vec.rs +++ b/r1cs/gadgets/std/src/to_field_gadget_vec.rs @@ -1,34 +1,33 @@ -use algebra::{ - curves::models::SWModelParameters, - curves::models::TEModelParameters, - PrimeField, -}; +use algebra::{curves::models::SWModelParameters, curves::models::TEModelParameters, PrimeField}; +use crate::fields::fp::FpGadget; use crate::{ fields::FieldGadget, groups::curves::short_weierstrass::{ - short_weierstrass_projective::AffineGadget as SWPAffineGadget, short_weierstrass_jacobian::AffineGadget as SWJAffineGadget, + short_weierstrass_projective::AffineGadget as SWPAffineGadget, }, groups::curves::twisted_edwards::AffineGadget as TEAffineGadget, }; -use crate::fields::fp::FpGadget; -use r1cs_core::{ - ConstraintSystem, SynthesisError as Error -}; +use r1cs_core::{ConstraintSystem, SynthesisError as Error}; /// Types that can be converted to a vector of elements that implement the `Field Gadget` trait. pub trait ToConstraintFieldGadget { - type FieldGadget: FieldGadget; - fn to_field_gadget_elements>(&self, cs: CS) -> Result, Error>; + fn to_field_gadget_elements>( + &self, + cs: CS, + ) -> Result, Error>; } impl ToConstraintFieldGadget for FpGadget { type FieldGadget = Self; - fn to_field_gadget_elements>(&self, _cs: CS) -> Result, Error> { + fn to_field_gadget_elements>( + &self, + _cs: CS, + ) -> Result, Error> { Ok(vec![self.clone()]) } } @@ -37,7 +36,10 @@ impl ToConstraintFieldGadget for [FpGadget type FieldGadget = FpGadget; #[inline] - fn to_field_gadget_elements>(&self, _cs: CS) -> Result, Error> { + fn to_field_gadget_elements>( + &self, + _cs: CS, + ) -> Result, Error> { Ok(self.to_vec()) } } @@ -46,22 +48,29 @@ impl ToConstraintFieldGadget for () { type FieldGadget = FpGadget; #[inline] - fn to_field_gadget_elements>(&self, _cs: CS) -> Result, Error> { + fn to_field_gadget_elements>( + &self, + _cs: CS, + ) -> Result, Error> { Ok(Vec::new()) } } -impl ToConstraintFieldGadget for SWPAffineGadget - where - M: SWModelParameters, - ConstraintF: PrimeField, - FG: FieldGadget + - ToConstraintFieldGadget>, +impl ToConstraintFieldGadget + for SWPAffineGadget +where + M: SWModelParameters, + ConstraintF: PrimeField, + FG: FieldGadget + + ToConstraintFieldGadget>, { type FieldGadget = FpGadget; #[inline] - fn to_field_gadget_elements>(&self, mut cs: CS) -> Result, Error> { + fn to_field_gadget_elements>( + &self, + mut cs: CS, + ) -> Result, Error> { let mut x_fe = self.x.to_field_gadget_elements(cs.ns(|| "x"))?; let y_fe = self.y.to_field_gadget_elements(cs.ns(|| "y"))?; x_fe.extend_from_slice(&y_fe); @@ -69,17 +78,21 @@ impl ToConstraintFieldGadget for SWPAffineGadge } } -impl ToConstraintFieldGadget for SWJAffineGadget - where - M: SWModelParameters, - ConstraintF: PrimeField, - FG: FieldGadget + - ToConstraintFieldGadget>, +impl ToConstraintFieldGadget + for SWJAffineGadget +where + M: SWModelParameters, + ConstraintF: PrimeField, + FG: FieldGadget + + ToConstraintFieldGadget>, { type FieldGadget = FpGadget; #[inline] - fn to_field_gadget_elements>(&self, mut cs: CS) -> Result, Error> { + fn to_field_gadget_elements>( + &self, + mut cs: CS, + ) -> Result, Error> { let mut x_fe = self.x.to_field_gadget_elements(cs.ns(|| "x"))?; let y_fe = self.y.to_field_gadget_elements(cs.ns(|| "y"))?; x_fe.extend_from_slice(&y_fe); @@ -88,19 +101,22 @@ impl ToConstraintFieldGadget for SWJAffineGadge } impl ToConstraintFieldGadget for TEAffineGadget - where - M: TEModelParameters, - ConstraintF: PrimeField, - FG: FieldGadget + - ToConstraintFieldGadget>, +where + M: TEModelParameters, + ConstraintF: PrimeField, + FG: FieldGadget + + ToConstraintFieldGadget>, { type FieldGadget = FpGadget; #[inline] - fn to_field_gadget_elements>(&self, mut cs: CS) -> Result, Error> { + fn to_field_gadget_elements>( + &self, + mut cs: CS, + ) -> Result, Error> { let mut x_fe = self.x.to_field_gadget_elements(cs.ns(|| "x"))?; let y_fe = self.y.to_field_gadget_elements(cs.ns(|| "y"))?; x_fe.extend_from_slice(&y_fe); Ok(x_fe) } -} \ No newline at end of file +} From fbce6413787bfa7c980feb63c3aa338ec3231634 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Tue, 16 Nov 2021 09:36:17 +0200 Subject: [PATCH 21/79] Reformat code (2) --- .../models/short_weierstrass_jacobian.rs | 13 ++++++++++--- .../models/short_weierstrass_projective.rs | 19 +++++++++++++------ .../models/twisted_edwards_extended/mod.rs | 19 +++++++++++++------ algebra/src/fields/mod.rs | 3 ++- .../signature/schnorr/field_based_schnorr.rs | 8 ++++---- r1cs/gadgets/crypto/src/vrf/ecvrf/mod.rs | 16 +++++++++++----- r1cs/gadgets/std/src/fields/fp.rs | 3 ++- rustfmt.toml | 13 ------------- 8 files changed, 55 insertions(+), 39 deletions(-) delete mode 100644 rustfmt.toml diff --git a/algebra/src/curves/models/short_weierstrass_jacobian.rs b/algebra/src/curves/models/short_weierstrass_jacobian.rs index 31c524b09..f2376b5f0 100644 --- a/algebra/src/curves/models/short_weierstrass_jacobian.rs +++ b/algebra/src/curves/models/short_weierstrass_jacobian.rs @@ -572,7 +572,8 @@ impl ProjectiveCurve for GroupProjective

{ // First pass: compute [a, ab, abc, ...] let mut prod = Vec::with_capacity(v.len()); let mut tmp = P::BaseField::one(); - for g in v.iter_mut() + for g in v + .iter_mut() // Ignore normalized elements .filter(|g| !g.is_normalized()) { @@ -584,13 +585,19 @@ impl ProjectiveCurve for GroupProjective

{ tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. // Second pass: iterate backwards to compute inverses - for (g, s) in v.iter_mut() + for (g, s) in v + .iter_mut() // Backwards .rev() // Ignore normalized elements .filter(|g| !g.is_normalized()) // Backwards, skip last element, fill in one for last term. - .zip(prod.into_iter().rev().skip(1).chain(Some(P::BaseField::one()))) + .zip( + prod.into_iter() + .rev() + .skip(1) + .chain(Some(P::BaseField::one())), + ) { // tmp := tmp * g.z; g.z := tmp * s = 1/z let newtmp = tmp * &g.z; diff --git a/algebra/src/curves/models/short_weierstrass_projective.rs b/algebra/src/curves/models/short_weierstrass_projective.rs index 2b080d23a..d39949873 100644 --- a/algebra/src/curves/models/short_weierstrass_projective.rs +++ b/algebra/src/curves/models/short_weierstrass_projective.rs @@ -576,7 +576,8 @@ impl ProjectiveCurve for GroupProjective

{ // First pass: compute [a, ab, abc, ...] let mut prod = Vec::with_capacity(v.len()); let mut tmp = P::BaseField::one(); - for g in v.iter_mut() + for g in v + .iter_mut() // Ignore normalized elements .filter(|g| !g.is_normalized()) { @@ -588,13 +589,19 @@ impl ProjectiveCurve for GroupProjective

{ tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. // Second pass: iterate backwards to compute inverses - for (g, s) in v.iter_mut() + for (g, s) in v + .iter_mut() // Backwards .rev() - // Ignore normalized elements - .filter(|g| !g.is_normalized()) - // Backwards, skip last element, fill in one for last term. - .zip(prod.into_iter().rev().skip(1).chain(Some(P::BaseField::one()))) + // Ignore normalized elements + .filter(|g| !g.is_normalized()) + // Backwards, skip last element, fill in one for last term. + .zip( + prod.into_iter() + .rev() + .skip(1) + .chain(Some(P::BaseField::one())), + ) { // tmp := tmp * g.z; g.z := tmp * s = 1/z let newtmp = tmp * &g.z; diff --git a/algebra/src/curves/models/twisted_edwards_extended/mod.rs b/algebra/src/curves/models/twisted_edwards_extended/mod.rs index 1ae6629fa..9c78a3ab4 100644 --- a/algebra/src/curves/models/twisted_edwards_extended/mod.rs +++ b/algebra/src/curves/models/twisted_edwards_extended/mod.rs @@ -557,7 +557,8 @@ impl ProjectiveCurve for GroupProjective

{ // First pass: compute [a, ab, abc, ...] let mut prod = Vec::with_capacity(v.len()); let mut tmp = P::BaseField::one(); - for g in v.iter_mut() + for g in v + .iter_mut() // Ignore normalized elements .filter(|g| !g.is_normalized()) { @@ -569,13 +570,19 @@ impl ProjectiveCurve for GroupProjective

{ tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. // Second pass: iterate backwards to compute inverses - for (g, s) in v.iter_mut() + for (g, s) in v + .iter_mut() // Backwards .rev() - // Ignore normalized elements - .filter(|g| !g.is_normalized()) - // Backwards, skip last element, fill in one for last term. - .zip(prod.into_iter().rev().skip(1).chain(Some(P::BaseField::one()))) + // Ignore normalized elements + .filter(|g| !g.is_normalized()) + // Backwards, skip last element, fill in one for last term. + .zip( + prod.into_iter() + .rev() + .skip(1) + .chain(Some(P::BaseField::one())), + ) { // tmp := tmp * g.z; g.z := tmp * s = 1/z let newtmp = tmp * &g.z; diff --git a/algebra/src/fields/mod.rs b/algebra/src/fields/mod.rs index db0be840d..ebb7e9e4d 100644 --- a/algebra/src/fields/mod.rs +++ b/algebra/src/fields/mod.rs @@ -496,7 +496,8 @@ pub fn batch_inversion(v: &mut [F]) { tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. // Second pass: iterate backwards to compute inverses - for (f, s) in v.iter_mut() + for (f, s) in v + .iter_mut() // Backwards .rev() // Ignore normalized elements diff --git a/r1cs/gadgets/crypto/src/signature/schnorr/field_based_schnorr.rs b/r1cs/gadgets/crypto/src/signature/schnorr/field_based_schnorr.rs index e325cd517..eea30ccbf 100644 --- a/r1cs/gadgets/crypto/src/signature/schnorr/field_based_schnorr.rs +++ b/r1cs/gadgets/crypto/src/signature/schnorr/field_based_schnorr.rs @@ -473,10 +473,10 @@ where &g.get_constant(), cs.ns(|| "(s * G + shift)"), &shift, - s_bits.as_slice() - )? - // If add is incomplete, and s * G - e * pk = 0, the circuit of the add won't be satisfiable - .add(cs.ns(|| "s * G - e * pk "), &neg_e_times_pk)?; + s_bits.as_slice(), + )? + // If add is incomplete, and s * G - e * pk = 0, the circuit of the add won't be satisfiable + .add(cs.ns(|| "s * G - e * pk "), &neg_e_times_pk)?; let r_prime_coords = r_prime.to_field_gadget_elements(cs.ns(|| "r_prime to fes"))?; diff --git a/r1cs/gadgets/crypto/src/vrf/ecvrf/mod.rs b/r1cs/gadgets/crypto/src/vrf/ecvrf/mod.rs index fb943756e..f6a4a01f1 100644 --- a/r1cs/gadgets/crypto/src/vrf/ecvrf/mod.rs +++ b/r1cs/gadgets/crypto/src/vrf/ecvrf/mod.rs @@ -399,10 +399,12 @@ where c_bits.as_slice().iter().rev(), )? .negate(cs.ns(|| "- (c * pk + shift)"))?; - GG::mul_bits_fixed_base(&g.get_constant(), - cs.ns(|| "(s * G + shift)"), - &shift, - s_bits.as_slice())? + GG::mul_bits_fixed_base( + &g.get_constant(), + cs.ns(|| "(s * G + shift)"), + &shift, + s_bits.as_slice(), + )? // If add is incomplete, and s * G - c * pk = 0, the circuit of the add won't be satisfiable .add(cs.ns(|| "(s * G) - (c * pk)"), &neg_c_times_pk)? }; @@ -418,7 +420,11 @@ where )? .negate(cs.ns(|| "- (c * gamma + shift)"))?; message_on_curve - .mul_bits(cs.ns(|| "(s * mh + shift)"), &shift, s_bits.as_slice().iter())? + .mul_bits( + cs.ns(|| "(s * mh + shift)"), + &shift, + s_bits.as_slice().iter(), + )? // If add is incomplete, and s * mh - c * gamma = 0, the circuit of the add won't be satisfiable .add(cs.ns(|| "(s * mh) - (c * gamma"), &neg_c_times_gamma)? }; diff --git a/r1cs/gadgets/std/src/fields/fp.rs b/r1cs/gadgets/std/src/fields/fp.rs index 0be49c0d5..6c6bdb54b 100644 --- a/r1cs/gadgets/std/src/fields/fp.rs +++ b/r1cs/gadgets/std/src/fields/fp.rs @@ -534,7 +534,8 @@ impl ToBytesGadget for FpGadget { let bytes = self.to_bytes(&mut cs)?; Boolean::enforce_in_field::<_, _, F>( &mut cs, - &bytes.iter() + &bytes + .iter() .flat_map(|byte_gadget| byte_gadget.into_bits_le()) // This reverse maps the bits into big-endian form, as required by `enforce_in_field`. .rev() diff --git a/rustfmt.toml b/rustfmt.toml deleted file mode 100644 index 0527c73ba..000000000 --- a/rustfmt.toml +++ /dev/null @@ -1,13 +0,0 @@ -reorder_imports = true -wrap_comments = true -normalize_comments = true -format_strings = true -struct_field_align_threshold = 40 -use_try_shorthand = true -match_block_trailing_comma = true -use_field_init_shorthand = true -edition = "2018" -condense_wildcard_suffixes = true -merge_imports = true -imports_layout = "Mixed" -unstable_features = true From 1bfed13771ea7bad27278b4fcdcbbaea0a82c295 Mon Sep 17 00:00:00 2001 From: Carlo Russo Date: Mon, 22 Nov 2021 18:20:07 +0100 Subject: [PATCH 22/79] enforce_in_field rewritten using new enforce_smaller_or_equal_than_le --- r1cs/gadgets/std/src/bits/boolean.rs | 71 ++-------------------------- 1 file changed, 5 insertions(+), 66 deletions(-) diff --git a/r1cs/gadgets/std/src/bits/boolean.rs b/r1cs/gadgets/std/src/bits/boolean.rs index d80eaa5b2..bb8e309cc 100644 --- a/r1cs/gadgets/std/src/bits/boolean.rs +++ b/r1cs/gadgets/std/src/bits/boolean.rs @@ -639,78 +639,17 @@ impl Boolean { ConstraintF: Field, CS: ConstraintSystem, { - let mut bits_iter = bits.iter(); - - // b = char() - 1 + // `bits` < F::characteristic() <==> `bits` <= F::characteristic() -1 let mut b = F::characteristic().to_vec(); assert_eq!(b[0] % 2, 1); - b[0] -= 1; - - // Runs of ones in r - let mut last_run = Boolean::constant(true); - let mut current_run = vec![]; - - let mut found_one = false; - let mut run_i = 0; - let mut nand_i = 0; - - let char_num_bits = ::Params::MODULUS_BITS as usize; - if bits.len() > char_num_bits { - let num_extra_bits = bits.len() - char_num_bits; - let mut or_result = Boolean::constant(false); - for (i, should_be_zero) in bits[0..num_extra_bits].iter().enumerate() { - or_result = Boolean::or( - &mut cs.ns(|| format!("Check {}-th or", i)), - &or_result, - should_be_zero, - )?; - let _ = bits_iter.next().unwrap(); - } - or_result.enforce_equal( - &mut cs.ns(|| "Check that or of extra bits is zero"), - &Boolean::constant(false), - )?; - } - - for b in BitIterator::new(b) { - // Skip over unset bits at the beginning - found_one |= b; - if !found_one { - continue; - } - - let a = bits_iter.next().unwrap(); - - if b { - // This is part of a run of ones. - current_run.push(*a); - } else { - if !current_run.is_empty() { - // This is the start of a run of zeros, but we need - // to k-ary AND against `last_run` first. - - current_run.push(last_run); - last_run = Self::kary_and(cs.ns(|| format!("run {}", run_i)), ¤t_run)?; - run_i += 1; - current_run.truncate(0); - } - - // If `last_run` is true, `a` must be false, or it would - // not be in the field. - // - // If `last_run` is false, `a` can be true or false. - // - // Ergo, at least one of `last_run` and `a` must be false. - Self::enforce_nand(cs.ns(|| format!("nand {}", nand_i)), &[last_run, *a])?; - nand_i += 1; - } - } - assert!(bits_iter.next().is_none()); + b[0] -= 1; // This works, because the LSB is one, so there's no borrows. + let run = Self::enforce_smaller_or_equal_than_le(cs.ns(|| "enforce_smaller_or_equal_than_le"), + bits.into_iter().rev().map(|&b| b).collect::>().as_slice(), b)?; // We should always end in a "run" of zeros, because // the characteristic is an odd prime. So, this should // be empty. - assert!(current_run.is_empty()); + assert!(run.is_empty()); Ok(()) } From ca0bd35dfd8eaf9499c95f8ebb3aa7cf5f4fd020 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Fri, 26 Nov 2021 00:35:50 +0200 Subject: [PATCH 23/79] Algebra refactored --- .../criterion_msm/variable_msm_tweedle.rs | 17 +- algebra/src/curves/mod.rs | 334 +--- .../mod.rs} | 1414 +++++++---------- .../mod.rs} | 1347 +++++++--------- .../models/twisted_edwards_extended/mod.rs | 1039 +++++------- algebra/src/curves/secp256k1/mod.rs | 5 +- algebra/src/curves/secp256k1/tests.rs | 98 +- algebra/src/curves/tests.rs | 609 ++++--- algebra/src/curves/tweedle/dee.rs | 5 +- algebra/src/curves/tweedle/dum.rs | 5 +- algebra/src/curves/tweedle/tests.rs | 84 +- algebra/src/fft/domain/domain_selector.rs | 13 +- algebra/src/fields/mod.rs | 4 +- algebra/src/groups/mod.rs | 70 +- algebra/src/groups/tests.rs | 4 +- algebra/src/lib.rs | 4 +- algebra/src/msm/fixed_base.rs | 8 +- algebra/src/msm/variable_base.rs | 125 +- 18 files changed, 2153 insertions(+), 3032 deletions(-) rename algebra/src/curves/models/{short_weierstrass_jacobian.rs => short_weierstrass_jacobian/mod.rs} (64%) rename algebra/src/curves/models/{short_weierstrass_projective.rs => short_weierstrass_projective/mod.rs} (59%) diff --git a/algebra/benches/criterion_msm/variable_msm_tweedle.rs b/algebra/benches/criterion_msm/variable_msm_tweedle.rs index f0509acb7..c99141076 100644 --- a/algebra/benches/criterion_msm/variable_msm_tweedle.rs +++ b/algebra/benches/criterion_msm/variable_msm_tweedle.rs @@ -8,8 +8,9 @@ use criterion::{BatchSize, BenchmarkId, Criterion}; use algebra::msm::VariableBaseMSM; use algebra::{ - curves::tweedle::dee::{Affine as G1Affine, Projective as G1Projective}, - BigInteger256, FromBytes, ProjectiveCurve, ToBytes, UniformRand, + Curve, + curves::tweedle::dee::DeeJacobian, + BigInteger256, FromBytes, ToBytes, UniformRand, }; use std::fs::File; @@ -25,7 +26,7 @@ fn save_data(samples: usize) { for _ in 0..samples { let elem1: BigInteger256 = BigInteger256::rand(rng); - let elem2: G1Affine = G1Projective::rand(rng).into_affine(); + let elem2: DeeJacobian = DeeJacobian::rand(rng); match elem1.write(&mut fs) { Ok(_) => {} Err(msg) => { @@ -41,7 +42,7 @@ fn save_data(samples: usize) { } } -fn load_data(samples: usize) -> (Vec, Vec) { +fn load_data(samples: usize) -> (Vec, Vec) { if !Path::new(DATA_PATH).exists() { save_data(1 << 23); } @@ -52,11 +53,13 @@ fn load_data(samples: usize) -> (Vec, Vec) { for _i in 0..samples { let elem1 = BigInteger256::read(&mut fs).unwrap(); - let elem2 = G1Affine::read(&mut fs).unwrap(); + let elem2 = DeeJacobian::read(&mut fs).unwrap(); v.push(elem1); g.push(elem2); } + DeeJacobian::batch_normalization(g.as_mut_slice()); + (v, g) } @@ -74,7 +77,7 @@ fn variable_msm(c: &mut Criterion) { b.iter_batched( || { let (v, g) = load_data(samples); - (v, g) + (v, DeeJacobian::batch_into_affine(g.as_slice())) }, |(v, g)| { add_to_trace!( @@ -87,7 +90,7 @@ fn variable_msm(c: &mut Criterion) { .as_secs() ) ); - VariableBaseMSM::multi_scalar_mul(g.as_slice(), v.as_slice()).unwrap(); + VariableBaseMSM::multi_scalar_mul::(g.as_slice(), v.as_slice()).unwrap(); add_to_trace!( || format!("****************{}*******************", samples), || format!( diff --git a/algebra/src/curves/mod.rs b/algebra/src/curves/mod.rs index 5c2b44b95..6968c1c4c 100644 --- a/algebra/src/curves/mod.rs +++ b/algebra/src/curves/mod.rs @@ -1,18 +1,14 @@ -use crate::UniformRand; use crate::{ - bits::{FromCompressedBits, ToCompressedBits}, - bytes::{FromBytes, ToBytes}, - fields::{Field, PrimeField, SquareRootField}, + Error, groups::Group, - CanonicalDeserialize, CanonicalSerialize, Error, FromBytesChecked, SemanticallyValid, + fields::{Field, SquareRootField, PrimeField, BitIterator}, }; -use serde::{Deserialize, Serialize}; use std::{ - fmt::{Debug, Display}, - hash::Hash, - ops::{Add, AddAssign, Neg, Sub, SubAssign}, + fmt::Debug, + convert::{TryFrom, TryInto}, }; + pub mod models; #[cfg(feature = "tweedle")] @@ -26,274 +22,84 @@ pub mod tests; pub use self::models::*; -pub trait PairingEngine: Sized + 'static + Copy + Debug + Sync + Send + Eq + PartialEq { - /// This is the scalar field of the G1/G2 groups. - type Fr: PrimeField + SquareRootField + Into<::BigInt>; - - /// The projective representation of an element in G1. - type G1Projective: ProjectiveCurve - + From - + Into; - - /// The affine representation of an element in G1. - type G1Affine: AffineCurve - + From - + Into - + Into; - - /// A G1 element that has been preprocessed for use in a pairing. - type G1Prepared: ToBytes - + FromBytes - + Serialize - + for<'a> Deserialize<'a> - + Default - + Clone - + Send - + Sync - + Debug - + From; - - /// The projective representation of an element in G2. - type G2Projective: ProjectiveCurve - + From - + Into; - - /// The affine representation of an element in G2. - type G2Affine: AffineCurve - + From - + Into - + Into; - - /// A G2 element that has been preprocessed for use in a pairing. - type G2Prepared: ToBytes - + FromBytes - + Serialize - + for<'a> Deserialize<'a> - + Default - + Eq - + PartialEq - + Clone - + Send - + Sync - + Debug - + From; - - /// The base field that hosts G1. - type Fq: PrimeField + SquareRootField; - - /// The extension field that hosts G2. - type Fqe: SquareRootField; - - /// The extension field that hosts the target group of the pairing. - type Fqk: Field; - - /// Perform a miller loop with some number of (G1, G2) pairs. - #[must_use] - fn miller_loop<'a, I>(i: I) -> Result - where - I: IntoIterator; +pub trait Curve: + Group + + From<::AffineRep> + + TryInto<::AffineRep, Error = Error> +{ + type BaseField: Field + SquareRootField; + type AffineRep: Sized + Sync + Copy + PartialEq + Debug + TryFrom; - /// Perform final exponentiation of the result of a miller loop. - #[must_use] - fn final_exponentiation(_: &Self::Fqk) -> Result; + #[inline] + fn into_affine(&self) -> Result { + TryInto::::try_into(*self) + } - /// Computes a product of pairings. - #[must_use] - fn product_of_pairings<'a, I>(i: I) -> Result - where - I: IntoIterator, - { - Self::final_exponentiation(&Self::miller_loop(i)?) + #[inline] + fn from_affine<'a>(other: &'a Self::AffineRep) -> Self { + Into::::into(*other) } - /// Performs multiple pairing operations - #[must_use] - fn pairing(p: G1, q: G2) -> Result - where - G1: Into, - G2: Into, + fn batch_from_affine<'a>(vec_affine: &'a [Self::AffineRep]) -> Vec { - let g1_prep = Self::G1Prepared::from(p.into()); - let g2_prep = Self::G2Prepared::from(q.into()); - Self::product_of_pairings(std::iter::once(&(g1_prep, g2_prep))) + vec_affine.iter().map(|&affine| affine.into()).collect::>() } -} - -/// Projective representation of an elliptic curve point guaranteed to be -/// in the correct prime order subgroup. -pub trait ProjectiveCurve: - Eq - + Sized - + ToBytes - + FromBytes - + Serialize - + for<'a> Deserialize<'a> - + CanonicalSerialize - + CanonicalDeserialize - + SemanticallyValid - + FromBytesChecked - + Copy - + Clone - + Default - + Send - + Sync - + Hash - + Debug - + Display - + UniformRand - + 'static - + Neg - + for<'a> Add<&'a Self, Output = Self> - + for<'a> Sub<&'a Self, Output = Self> - + for<'a> AddAssign<&'a Self> - + for<'a> SubAssign<&'a Self> -{ - type ScalarField: PrimeField + SquareRootField + Into<::BigInt>; - type BaseField: Field; - type Affine: AffineCurve; - - /// Returns the additive identity. - #[must_use] - fn zero() -> Self; - - /// Returns a fixed generator of unknown exponent. - #[must_use] - fn prime_subgroup_generator() -> Self; - /// Determines if this point is the point at infinity. - #[must_use] - fn is_zero(&self) -> bool; - - /// Checks that the current point is on curve and is in the - /// prime order subgroup - #[must_use] - fn group_membership_test(&self) -> bool; - - /// Normalizes a slice of projective elements so that - /// conversion to affine is cheap. - fn batch_normalization(v: &mut [Self]); - - fn batch_normalization_into_affine(mut v: Vec) -> Vec { - Self::batch_normalization(v.as_mut_slice()); - v.into_iter().map(|p| p.into_affine()).collect() + fn batch_into_affine<'a>(vec_self: &'a [Self]) -> Vec + { + vec_self.iter().map(|&projective| projective.into_affine().unwrap()).collect::>() } - /// Checks if the point is already "normalized" so that - /// cheap affine conversion is possible. - #[must_use] - fn is_normalized(&self) -> bool; + fn add_affine<'a>(&self, other: &'a Self::AffineRep) -> Self; - /// Doubles this element. - #[must_use] - fn double(&self) -> Self { - let mut copy = *self; - copy.double_in_place(); - copy - } + fn add_affine_assign<'a>(&mut self, other: &'a Self::AffineRep); - fn double_in_place(&mut self) -> &mut Self; + // TODO: move to group trait? + fn mul_bits>(&self, bits: BitIterator) -> Self; - /// Adds an affine element to this element. - fn add_assign_mixed(&mut self, other: &Self::Affine); + // TODO: implement + // fn mul_bits_affine<'a, S: AsRef<[u64]>>(affine: &'a Self::AffineRep, bits: BitIterator) -> Self; - /// Performs scalar multiplication of this element. - fn mul_assign::BigInt>>(&mut self, other: S); + fn scale_by_cofactor(&self) -> Self; - /// Converts this element into its affine representation. - #[must_use] - fn into_affine(&self) -> Self::Affine; - - /// Recommends a wNAF window table size given a scalar. Always returns a - /// number between 2 and 22, inclusive. - #[must_use] - fn recommended_wnaf_for_scalar(scalar: ::BigInt) -> usize; + fn is_normalized(&self) -> bool; - /// Recommends a wNAF window size given the number of scalars you intend to - /// multiply a base by. Always returns a number between 2 and 22, - /// inclusive. - #[must_use] - fn recommended_wnaf_for_num_scalars(num_scalars: usize) -> usize; -} + fn normalize(&self) -> Self; -/// Affine representation of an elliptic curve point guaranteed to be -/// in the correct prime order subgroup. -pub trait AffineCurve: - Eq - + Sized - + ToBytes - + FromBytes - + Serialize - + for<'a> Deserialize<'a> - + CanonicalSerialize - + CanonicalDeserialize - + SemanticallyValid - + FromBytesChecked - + ToCompressedBits - + FromCompressedBits - + Copy - + Clone - + Default - + Send - + Sync - + Hash - + Debug - + Display - + Neg - + 'static -{ - type ScalarField: PrimeField + SquareRootField + Into<::BigInt>; - type BaseField: Field; - type Projective: ProjectiveCurve; + fn normalize_assign(&mut self); - /// Returns the additive identity. - #[must_use] - fn zero() -> Self; + fn batch_normalization(v: &mut [Self]); /// Returns a fixed generator of unknown exponent. #[must_use] fn prime_subgroup_generator() -> Self; - /// Determines if this point represents the point at infinity; the - /// additive identity. - #[must_use] - fn is_zero(&self) -> bool; - - /// Returns a group element if the set of bytes forms a valid group element, - /// otherwise returns None. This function is primarily intended for sampling - /// random group elements from a hash-function or RNG output. - fn from_random_bytes(bytes: &[u8]) -> Option; - /// Checks that the current point is on curve and is in the /// prime order subgroup #[must_use] fn group_membership_test(&self) -> bool; - /// Adds, for each vector in 'to_add', its elements together - /// using Affine point arithmetic - fn add_points(to_add: &mut [Vec]); + fn is_on_curve(&self) -> bool; - /// Performs scalar multiplication of this element with mixed addition. - #[must_use] - fn mul::BigInt>>(&self, other: S) - -> Self::Projective; + fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool; - /// Converts this element into its projective representation. - #[must_use] - fn into_projective(&self) -> Self::Projective; + fn get_point_from_x(x: Self::BaseField, greatest: bool) -> Option; - /// Multiply this element by the cofactor. - #[must_use] - fn mul_by_cofactor(&self) -> Self; + fn get_point_from_x_and_parity(x: Self::BaseField, parity: bool) -> Option; - /// Multiply this element by the inverse of the cofactor modulo the size of - /// `Self::ScalarField`. - #[must_use] - fn mul_by_cofactor_inv(&self) -> Self; + fn from_random_bytes(bytes: &[u8]) -> Option; + + // TODO: check if used + fn recommended_wnaf_for_scalar(scalar: ::BigInt) -> usize; + + // TODO: check if used + fn recommended_wnaf_for_num_scalars(num_scalars: usize) -> usize; + + // TODO: check naming + fn sum_buckets_affine(to_add: &mut [Vec]); } -/// The `EndoMulCurve` trait for curves that have a non-trivial endomorphism -/// `Phi` of the form `Phi(x,y) = (zeta*x,y)`. -pub trait EndoMulCurve: AffineCurve { +pub trait EndoMulCurve: Curve { /// Apply `Phi` fn apply_endomorphism(&self) -> Self; @@ -303,43 +109,5 @@ pub trait EndoMulCurve: AffineCurve { /// Endomorphism-based multiplication of `&self` with `bits`, a little-endian /// endomorphism representation. - fn endo_mul(&self, bits: Vec) -> Result; -} - -impl Group for C { - type ScalarField = C::ScalarField; - #[must_use] - fn zero() -> Self { - ::zero() - } - - #[must_use] - fn is_zero(&self) -> bool { - ::is_zero(&self) - } - - #[inline] - #[must_use] - fn double(&self) -> Self { - let mut tmp = *self; - tmp += self; - tmp - } - - #[inline] - fn double_in_place(&mut self) -> &mut Self { - ::double_in_place(self) - } -} - -/// Preprocess a G1 element for use in a pairing. -pub fn prepare_g1(g: impl Into) -> E::G1Prepared { - let g: E::G1Affine = g.into(); - E::G1Prepared::from(g) -} - -/// Preprocess a G2 element for use in a pairing. -pub fn prepare_g2(g: impl Into) -> E::G2Prepared { - let g: E::G2Affine = g.into(); - E::G2Prepared::from(g) + fn endo_mul(&self, bits: Vec) -> Result; } diff --git a/algebra/src/curves/models/short_weierstrass_jacobian.rs b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs similarity index 64% rename from algebra/src/curves/models/short_weierstrass_jacobian.rs rename to algebra/src/curves/models/short_weierstrass_jacobian/mod.rs index e9cc38c2e..55d790784 100644 --- a/algebra/src/curves/models/short_weierstrass_jacobian.rs +++ b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs @@ -1,13 +1,15 @@ use crate::{ + /*FromBits, ToBits,*/ bytes::{FromBytes, ToBytes}, + groups::Group, curves::{ + Curve, EndoMulCurve, models::{EndoMulParameters as EndoParameters, SWModelParameters as Parameters}, - AffineCurve, EndoMulCurve, ProjectiveCurve, }, fields::{BitIterator, Field, PrimeField, SquareRootField}, - BitSerializationError, CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, - CanonicalSerializeWithFlags, Error, FromBytesChecked, FromCompressedBits, SWFlags, - SemanticallyValid, SerializationError, ToCompressedBits, UniformRand, + /* BitSerializationError,*/ CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, Error, FromBytesChecked,/* FromCompressedBits,*/ SWFlags, + SemanticallyValid, SerializationError,/* ToCompressedBits,*/ UniformRand, }; use rand::{ distributions::{Distribution, Standard}, @@ -18,6 +20,7 @@ use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}; use std::{ fmt::{Display, Formatter, Result as FmtResult}, io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}, + convert::TryFrom, marker::PhantomData, }; @@ -31,596 +34,411 @@ use std::{ Hash(bound = "P: Parameters") )] #[derive(Serialize, Deserialize)] -pub struct GroupAffine { +pub struct AffineRep { pub x: P::BaseField, pub y: P::BaseField, - pub infinity: bool, #[derivative(Debug = "ignore")] #[serde(skip)] _params: PhantomData

, } -impl PartialEq> for GroupAffine

{ - fn eq(&self, other: &GroupProjective

) -> bool { - self.into_projective() == *other +impl AffineRep

{ + pub fn new(x: P::BaseField, y: P::BaseField) -> Self { + Self { + x, + y, + _params: PhantomData, + } } } -impl PartialEq> for GroupProjective

{ - fn eq(&self, other: &GroupAffine

) -> bool { - *self == other.into_projective() +impl Display for AffineRep

{ + fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { + write!(f, "AffineRep(x={}, y={})", self.x, self.y) } } -impl Display for GroupAffine

{ - fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - if self.infinity { - write!(f, "GroupAffine(Infinity)") - } else { - write!(f, "GroupAffine(x={}, y={})", self.x, self.y) - } +impl Neg for AffineRep

{ + type Output = Self; + + #[inline] + fn neg(self) -> Self { + Self::new(self.x, -self.y) } } -impl GroupAffine

{ - pub fn new(x: P::BaseField, y: P::BaseField, infinity: bool) -> Self { +#[derive(Derivative)] +#[derivative( +Copy(bound = "P: Parameters"), +Clone(bound = "P: Parameters"), +Eq(bound = "P: Parameters"), +Debug(bound = "P: Parameters"), +Hash(bound = "P: Parameters") +)] +#[derive(Serialize, Deserialize)] +pub struct Jacobian { + pub x: P::BaseField, + pub y: P::BaseField, + pub z: P::BaseField, + #[derivative(Debug = "ignore")] + #[serde(skip)] + _params: PhantomData

, +} + +impl Jacobian

{ + pub fn new(x: P::BaseField, y: P::BaseField, z: P::BaseField) -> Self { Self { x, y, - infinity, + z, _params: PhantomData, } } +} - pub fn scale_by_cofactor(&self) -> GroupProjective

{ - let cofactor = BitIterator::new(P::COFACTOR); - self.mul_bits(cofactor) +impl Display for Jacobian

{ + fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { + write!(f, "Jacobian(x={}, y={}, z={})", self.x, self.y, self.z) } +} - /// WARNING: This implementation doesn't take costant time with respect - /// to the exponent, and therefore is susceptible to side-channel attacks. - /// Be sure to use it in applications where timing (or similar) attacks - /// are not possible. - /// TODO: Add a side-channel secure variant. - pub(crate) fn mul_bits>(&self, bits: BitIterator) -> GroupProjective

{ - let mut res = GroupProjective::zero(); - for i in bits { - res.double_in_place(); - if i { - res.add_assign_mixed(self) - } +impl PartialEq for Jacobian

{ + fn eq(&self, other: &Self) -> bool { + if self.is_zero() { + return other.is_zero(); } - res - } - - /// Attempts to construct an affine point given an x-coordinate. The - /// point is not guaranteed to be in the prime order subgroup. - /// - /// If and only if `greatest` is set will the lexicographically - /// largest y-coordinate be selected. - #[allow(dead_code)] - pub fn get_point_from_x(x: P::BaseField, greatest: bool) -> Option { - // Compute x^3 + ax + b - let x3b = P::add_b(&((x.square() * &x) + &P::mul_by_a(&x))); - - x3b.sqrt().map(|y| { - let negy = -y; - let y = if (y < negy) ^ greatest { y } else { negy }; - Self::new(x, y, false) - }) - } - /// Attempts to construct an affine point given an x-coordinate. The - /// point is not guaranteed to be in the prime order subgroup. - /// - /// If and only if `parity` is set will the odd y-coordinate be selected. - #[allow(dead_code)] - pub fn get_point_from_x_and_parity(x: P::BaseField, parity: bool) -> Option { - // Compute x^3 + ax + b - let x3b = P::add_b(&((x.square() * &x) + &P::mul_by_a(&x))); + if other.is_zero() { + return false; + } - x3b.sqrt().map(|y| { - let negy = -y; - let y = if y.is_odd() ^ parity { negy } else { y }; - Self::new(x, y, false) - }) - } + // The points (X, Y, Z) and (X', Y', Z') + // are equal when (X * Z^2) = (X' * Z'^2) + // and (Y * Z^3) = (Y' * Z'^3). + let z1 = self.z.square(); + let z2 = other.z.square(); - pub fn is_on_curve(&self) -> bool { - if self.is_zero() { - true + if (self.x * &z2 != other.x * &z1) + || (self.y * &(z2 * &other.z) != other.y * &(z1 * &self.z)) + { + false } else { - // Check that the point is on the curve - let y2 = self.y.square(); - let x3b = P::add_b(&((self.x.square() * &self.x) + &P::mul_by_a(&self.x))); - y2 == x3b + true } } +} +impl Distribution> for Standard { #[inline] - pub fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { - self.mul_bits(BitIterator::new(P::ScalarField::characteristic())) - .is_zero() + fn sample(&self, rng: &mut R) -> Jacobian

{ + let res = Jacobian::prime_subgroup_generator() * &P::ScalarField::rand(rng); + debug_assert!(res.is_in_correct_subgroup_assuming_on_curve()); + res } } -impl AffineCurve for GroupAffine

{ - type ScalarField = P::ScalarField; - type BaseField = P::BaseField; - type Projective = GroupProjective

; - +impl ToBytes for Jacobian

{ #[inline] - fn zero() -> Self { - Self::new(Self::BaseField::zero(), Self::BaseField::one(), true) + fn write(&self, mut writer: W) -> IoResult<()> { + self.x.write(&mut writer)?; + self.y.write(&mut writer)?; + self.z.write(writer) } +} +impl FromBytes for Jacobian

{ #[inline] - fn prime_subgroup_generator() -> Self { - Self::new( - P::AFFINE_GENERATOR_COEFFS.0, - P::AFFINE_GENERATOR_COEFFS.1, - false, - ) + fn read(mut reader: R) -> IoResult { + let x = P::BaseField::read(&mut reader)?; + let y = P::BaseField::read(&mut reader)?; + let z = P::BaseField::read(reader)?; + Ok(Self::new(x, y, z)) } +} - fn from_random_bytes(bytes: &[u8]) -> Option { - P::BaseField::from_random_bytes_with_flags::(bytes).and_then(|(x, flags)| { - // if x is valid and is zero and only the infinity flag is set, then parse this - // point as infinity. For all other choices, get the original point. - if x.is_zero() && flags.is_infinity() { - Some(Self::zero()) - } else if let Some(y_is_odd) = flags.is_odd() { - Self::get_point_from_x_and_parity(x, y_is_odd) // Unwrap is safe because it's not zero. - } else { - None - } - }) +impl FromBytesChecked for Jacobian

{ + fn read_checked(mut reader: R) -> IoResult { + let x = P::BaseField::read_checked(&mut reader)?; + let y = P::BaseField::read_checked(&mut reader)?; + let z = P::BaseField::read_checked(reader)?; + let point = Self::new(x, y, z); + if !point.group_membership_test() { + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid point: group membership test failed", + )); + } + Ok(point) } +} +impl Default for Jacobian

{ #[inline] - fn is_zero(&self) -> bool { - self.infinity + fn default() -> Self { + Self::zero() } +} - #[inline] - fn group_membership_test(&self) -> bool { - self.is_on_curve() - && if !self.is_zero() { - self.is_in_correct_subgroup_assuming_on_curve() - } else { - true - } +impl SemanticallyValid for Jacobian

{ + fn is_valid(&self) -> bool { + self.x.is_valid() && self.y.is_valid() && self.z.is_valid() && self.group_membership_test() } +} - fn add_points(to_add: &mut [Vec]) { - let zero = P::BaseField::zero(); - let one = P::BaseField::one(); - let length = to_add.iter().map(|l| l.len()).fold(0, |x, y| x + y); - let mut denoms = vec![zero; length / 2]; - - while to_add.iter().position(|x| x.len() > 1) != None { - let mut dx: usize = 0; - for p in to_add.iter_mut() { - if p.len() < 2 { - continue; - } - let len = if p.len() % 2 == 0 { - p.len() - } else { - p.len() - 1 - }; - for i in (0..len).step_by(2) { - denoms[dx] = { - if p[i].x == p[i + 1].x { - if p[i + 1].y == zero { - one - } else { - p[i + 1].y.double() - } - } else { - p[i].x - &p[i + 1].x - } - }; - dx += 1; - } - } - - denoms.truncate(dx); - crate::fields::batch_inversion(&mut denoms); - dx = 0; - - for p in to_add.iter_mut() { - if p.len() < 2 { - continue; - } - let len = if p.len() % 2 == 0 { - p.len() - } else { - p.len() - 1 - }; - - for i in (0..len).step_by(2) { - let j = i / 2; - if p[i + 1].is_zero() { - p[j] = p[i]; - } else if p[i].is_zero() { - p[j] = p[i + 1]; - } else if p[i + 1].x == p[i].x && (p[i + 1].y != p[i].y || p[i + 1].y.is_zero()) - { - p[j] = Self::zero(); - } else if p[i + 1].x == p[i].x && p[i + 1].y == p[i].y { - let sq = p[i].x.square(); - let s = (sq.double() + &sq + &P::COEFF_A) * &denoms[dx]; - let x = s.square() - &p[i].x.double(); - let y = -p[i].y - &(s * &(x - &p[i].x)); - p[j].x = x; - p[j].y = y; - p[j].infinity = false; - } else { - let s = (p[i].y - &p[i + 1].y) * &denoms[dx]; - let x = s.square() - &p[i].x - &p[i + 1].x; - let y = -p[i].y - &(s * &(x - &p[i].x)); - p[j].x = x; - p[j].y = y; - p[j].infinity = false; - } - dx += 1; - } - - let len = p.len(); - if len % 2 == 1 { - p[len / 2] = p[len - 1]; - p.truncate(len / 2 + 1); - } else { - p.truncate(len / 2); - } - } +impl CanonicalSerialize for Jacobian

{ + #[allow(unused_qualifications)] + #[inline] + fn serialize(&self, writer: W) -> Result<(), SerializationError> { + if self.is_zero() { + let flags = SWFlags::infinity(); + // Serialize 0. + P::BaseField::zero().serialize_with_flags(writer, flags) + } else { + let self_affine = self.into_affine().unwrap(); + let flags = SWFlags::from_y_parity(self_affine.y.is_odd()); + self_affine.x.serialize_with_flags(writer, flags) } } #[inline] - fn mul::BigInt>>(&self, by: S) -> GroupProjective

{ - let bits = BitIterator::new(by.into()); - self.mul_bits(bits) + fn serialized_size(&self) -> usize { + P::BaseField::zero().serialized_size_with_flags::() } + #[allow(unused_qualifications)] #[inline] - fn into_projective(&self) -> GroupProjective

{ - (*self).into() - } - - fn mul_by_cofactor(&self) -> Self { - self.scale_by_cofactor().into() + fn serialize_uncompressed(&self, mut writer: W) -> Result<(), SerializationError> { + if self.is_zero() { + CanonicalSerialize::serialize(&self.x, &mut writer)?; + self.y.serialize_with_flags(&mut writer, SWFlags::infinity())?; + } else { + let self_affine = self.into_affine().unwrap(); + CanonicalSerialize::serialize(&self_affine.x, &mut writer)?; + self_affine.y.serialize_with_flags(&mut writer, SWFlags::default())?; + }; + Ok(()) } - fn mul_by_cofactor_inv(&self) -> Self { - self.mul(P::COFACTOR_INV).into() + #[inline] + fn uncompressed_size(&self) -> usize { + self.x.serialized_size() + self.y.serialized_size_with_flags::() } } -impl EndoMulCurve for GroupAffine

{ - fn apply_endomorphism(&self) -> Self { - let mut self_e = self.clone(); - self_e.x.mul_assign(P::ENDO_COEFF); - self_e - } - - fn endo_rep_to_scalar(bits: Vec) -> Result { - let mut a: P::ScalarField = 2u64.into(); - let mut b: P::ScalarField = 2u64.into(); - - let one = P::ScalarField::one(); - let one_neg = one.neg(); - - let mut bits = bits; - if bits.len() % 2 == 1 { - bits.push(false); - } - - if bits.len() > P::LAMBDA { - Err("Endo mul bits length exceeds LAMBDA")? - } - - for i in (0..(bits.len() / 2)).rev() { - a.double_in_place(); - b.double_in_place(); - - let s = if bits[i * 2] { &one } else { &one_neg }; - - if bits[i * 2 + 1] { - a.add_assign(s); - } else { - b.add_assign(s); - } +impl CanonicalDeserialize for Jacobian

{ + #[allow(unused_qualifications)] + fn deserialize(reader: R) -> Result { + let p = Self::deserialize_unchecked(reader)?; + if !p.is_zero() && !p.is_in_correct_subgroup_assuming_on_curve() { + return Err(SerializationError::InvalidData); } - - Ok(a.mul(P::ENDO_SCALAR) + &b) + Ok(p) } - /// Endomorphism-based multiplication of a curve point - /// with a scalar in little-endian endomorphism representation. - fn endo_mul(&self, bits: Vec) -> Result { - let self_neg = self.neg(); - - let self_e = self.apply_endomorphism(); - let self_e_neg = self_e.neg(); - - let mut acc = self_e.into_projective(); - acc.add_assign_mixed(&self); - acc.double_in_place(); - - let mut bits = bits; - if bits.len() % 2 == 1 { - bits.push(false); - } - - if bits.len() > P::LAMBDA { - Err("Endo mul bits length exceeds LAMBDA")? + #[allow(unused_qualifications)] + fn deserialize_unchecked(reader: R) -> Result { + let (x, flags): (P::BaseField, SWFlags) = + CanonicalDeserializeWithFlags::deserialize_with_flags(reader)?; + if flags.is_infinity() { + Ok(Self::zero()) + } else { + let p = Jacobian::

::get_point_from_x_and_parity(x, flags.is_odd().unwrap()) + .ok_or(SerializationError::InvalidData)?; + Ok(p) } + } - for i in (0..(bits.len() / 2)).rev() { - let s = if bits[i * 2 + 1] { - if bits[i * 2] { - &self_e - } else { - &self_e_neg - } - } else { - if bits[i * 2] { - &self - } else { - &self_neg - } - }; + #[allow(unused_qualifications)] + fn deserialize_uncompressed(reader: R) -> Result { + let p = Self::deserialize_uncompressed_unchecked(reader)?; - acc.double_in_place(); - acc.add_assign_mixed(s); + if !p.group_membership_test() { + return Err(SerializationError::InvalidData); } - - Ok(acc) + Ok(p) } -} -impl SemanticallyValid for GroupAffine

{ - fn is_valid(&self) -> bool { - self.x.is_valid() && self.y.is_valid() && self.group_membership_test() + #[allow(unused_qualifications)] + fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; + let (y, flags): (P::BaseField, SWFlags) = + CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; + let p = Jacobian::

::new(x, y, if flags.is_infinity() { P::BaseField::zero() } else { P::BaseField::one() }); + Ok(p) } } -impl Neg for GroupAffine

{ +impl Neg for Jacobian

{ type Output = Self; #[inline] fn neg(self) -> Self { if !self.is_zero() { - Self::new(self.x, -self.y, false) + Self::new(self.x, -self.y, self.z) } else { self } } } -impl ToBytes for GroupAffine

{ - #[inline] - fn write(&self, mut writer: W) -> IoResult<()> { - self.x.write(&mut writer)?; - self.y.write(&mut writer)?; - self.infinity.write(&mut writer) - } -} +impl<'a, P: Parameters> Add<&'a Self> for Jacobian

{ + type Output = Self; -impl FromBytes for GroupAffine

{ #[inline] - fn read(mut reader: R) -> IoResult { - let x = P::BaseField::read(&mut reader)?; - let y = P::BaseField::read(&mut reader)?; - let infinity = bool::read(reader)?; - - Ok(Self::new(x, y, infinity)) + fn add(self, other: &'a Self) -> Self { + let mut copy = self; + copy += other; + copy } } -impl FromBytesChecked for GroupAffine

{ - #[inline] - fn read_checked(mut reader: R) -> IoResult { - let x = P::BaseField::read_checked(&mut reader)?; - let y = P::BaseField::read_checked(&mut reader)?; - let infinity = bool::read(reader)?; - let point = Self::new(x, y, infinity); - if !point.group_membership_test() { - return Err(IoError::new( - ErrorKind::InvalidData, - "invalid point: group membership test failed", - )); +impl<'a, P: Parameters> AddAssign<&'a Self> for Jacobian

{ + fn add_assign(&mut self, other: &'a Self) { + if self.is_zero() { + *self = *other; + return; } - Ok(point) - } -} -use crate::{FromBits, ToBits}; -impl ToCompressedBits for GroupAffine

{ - #[inline] - fn compress(&self) -> Vec { - // Strictly speaking, self.x is zero already when self.infinity is true, but - // to guard against implementation mistakes we do not assume this. - let p = if self.infinity { - P::BaseField::zero() + if other.is_zero() { + return; + } + + // http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl + // Works for all curves. + + // Z1Z1 = Z1^2 + let z1z1 = self.z.square(); + + // Z2Z2 = Z2^2 + let z2z2 = other.z.square(); + + // U1 = X1*Z2Z2 + let u1 = self.x * &z2z2; + + // U2 = X2*Z1Z1 + let u2 = other.x * &z1z1; + + // S1 = Y1*Z2*Z2Z2 + let s1 = self.y * &other.z * &z2z2; + + // S2 = Y2*Z1*Z1Z1 + let s2 = other.y * &self.z * &z1z1; + + if u1 == u2 && s1 == s2 { + // The two points are equal, so we double. + self.double_in_place(); } else { - self.x - }; - let mut res = p.write_bits(); + // If we're adding -a and a together, self.z becomes zero as H becomes zero. - // Add infinity flag - res.push(self.infinity); + // H = U2-U1 + let h = u2 - &u1; - // Add parity coordinate (set by default to false if self is infinity) - res.push(!self.infinity && self.y.is_odd()); + // I = (2*H)^2 + let i = (h.double()).square(); - res - } -} + // J = H*I + let j = h * &i; -impl FromCompressedBits for GroupAffine

{ - #[inline] - fn decompress(compressed: Vec) -> Result { - let len = compressed.len() - 1; - let parity_flag_set = compressed[len]; - let infinity_flag_set = compressed[len - 1]; - - //Mask away the flag bits and try to get the x coordinate - let x = P::BaseField::read_bits(compressed[0..(len - 1)].to_vec())?; - match (infinity_flag_set, parity_flag_set, x.is_zero()) { - //If the infinity flag is set, return the value assuming - //the x-coordinate is zero and the parity bit is not set. - (true, false, true) => Ok(Self::zero()), - - //If infinity flag is not set, then we attempt to construct - //a point from the x coordinate and the parity. - (false, _, _) => { - //Attempt to get the y coordinate from its parity and x - match Self::get_point_from_x_and_parity(x, parity_flag_set) { - //Check p belongs to the subgroup we expect - Some(p) => { - if p.is_in_correct_subgroup_assuming_on_curve() { - Ok(p) - } else { - let e = BitSerializationError::NotInCorrectSubgroup; - Err(Box::new(e)) - } - } - _ => Err(Box::new(BitSerializationError::NotOnCurve)), - } - } + // r = 2*(S2-S1) + let r = (s2 - &s1).double(); + + // V = U1*I + let v = u1 * &i; - //Other combinations are illegal - _ => Err(Box::new(BitSerializationError::InvalidFlags)), + // X3 = r^2 - J - 2*V + self.x = r.square() - &j - &(v.double()); + + // Y3 = r*(V - X3) - 2*S1*J + self.y = r * &(v - &self.x) - &*(s1 * &j).double_in_place(); + + // Z3 = ((Z1+Z2)^2 - Z1Z1 - Z2Z2)*H + self.z = ((self.z + &other.z).square() - &z1z1 - &z2z2) * &h; } } } -impl Default for GroupAffine

{ +impl<'a, P: Parameters> Sub<&'a Self> for Jacobian

{ + type Output = Self; + #[inline] - fn default() -> Self { - Self::zero() + fn sub(self, other: &'a Self) -> Self { + let mut copy = self; + copy -= other; + copy } } -#[derive(Derivative)] -#[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") -)] -#[derive(Serialize, Deserialize)] -pub struct GroupProjective { - pub x: P::BaseField, - pub y: P::BaseField, - pub z: P::BaseField, - #[derivative(Debug = "ignore")] - #[serde(skip)] - _params: PhantomData

, -} - -impl Display for GroupProjective

{ - fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "{}", self.into_affine()) +impl<'a, P: Parameters> SubAssign<&'a Self> for Jacobian

{ + fn sub_assign(&mut self, other: &'a Self) { + *self += &(-(*other)); } } -impl PartialEq for GroupProjective

{ - fn eq(&self, other: &Self) -> bool { - if self.is_zero() { - return other.is_zero(); - } - - if other.is_zero() { - return false; - } - - // The points (X, Y, Z) and (X', Y', Z') - // are equal when (X * Z^2) = (X' * Z'^2) - // and (Y * Z^3) = (Y' * Z'^3). - let z1 = self.z.square(); - let z2 = other.z.square(); +impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for Jacobian

{ - if (self.x * &z2 != other.x * &z1) - || (self.y * &(z2 * &other.z) != other.y * &(z1 * &self.z)) - { - false - } else { - true + /// WARNING: This implementation doesn't take costant time with respect + /// to the exponent, and therefore is susceptible to side-channel attacks. + /// Be sure to use it in applications where timing (or similar) attacks + /// are not possible. + /// TODO: Add a side-channel secure variant. + fn mul_assign(&mut self, other: &'a P::ScalarField) { + if !self.is_zero() { + *self = self.mul_bits(BitIterator::new(Into::<::BigInt>::into(*other))) } } } -impl Distribution> for Standard { - #[inline] - fn sample(&self, rng: &mut R) -> GroupProjective

{ - let res = GroupProjective::prime_subgroup_generator() * &P::ScalarField::rand(rng); - debug_assert!(res.into_affine().is_in_correct_subgroup_assuming_on_curve()); - res - } -} +impl<'a, P: Parameters> Mul<&'a P::ScalarField> for Jacobian

{ + type Output = Self; -impl ToBytes for GroupProjective

{ #[inline] - fn write(&self, mut writer: W) -> IoResult<()> { - self.x.write(&mut writer)?; - self.y.write(&mut writer)?; - self.z.write(writer) + fn mul(self, other: &'a P::ScalarField) -> Self { + let mut copy = self; + copy *= other; + copy } } -impl FromBytes for GroupProjective

{ +// The affine point X, Y is represented in the Jacobian +// coordinates with Z = 1. +impl From> for Jacobian

{ #[inline] - fn read(mut reader: R) -> IoResult { - let x = P::BaseField::read(&mut reader)?; - let y = P::BaseField::read(&mut reader)?; - let z = P::BaseField::read(reader)?; - Ok(Self::new(x, y, z)) + fn from(p: AffineRep

) -> Jacobian

{ + Self::new(p.x, p.y, P::BaseField::one()) } } -impl FromBytesChecked for GroupProjective

{ - fn read_checked(mut reader: R) -> IoResult { - let x = P::BaseField::read_checked(&mut reader)?; - let y = P::BaseField::read_checked(&mut reader)?; - let z = P::BaseField::read_checked(reader)?; - let point = Self::new(x, y, z); - if !point.group_membership_test() { - return Err(IoError::new( - ErrorKind::InvalidData, - "invalid point: group membership test failed", - )); - } - Ok(point) - } -} - -impl Default for GroupProjective

{ +// The projective point X, Y, Z is represented in the affine +// coordinates as X/Z^2, Y/Z^3. +impl TryFrom> for AffineRep

{ + type Error = Error; + #[inline] - fn default() -> Self { - Self::zero() - } -} + fn try_from(p: Jacobian

) -> Result, Error> { + if p.is_zero() { + Err("Zero projective cannot be convrted to affine".to_owned())? + } else if p.z.is_one() { + // If Z is one, the point is already normalized. + Ok(AffineRep::new(p.x, p.y)) + } else { + // Z is nonzero, so it must have an inverse in a field. + let zinv = p.z.inverse().unwrap(); + let zinv_squared = zinv.square(); -impl GroupProjective

{ - pub fn new(x: P::BaseField, y: P::BaseField, z: P::BaseField) -> Self { - Self { - x, - y, - z, - _params: PhantomData, + // X/Z^2 + let x = p.x * &zinv_squared; + + // Y/Z^3 + let y = p.y * &(zinv_squared * &zinv); + + Ok(AffineRep::new(x, y)) } } } -impl ProjectiveCurve for GroupProjective

{ - type BaseField = P::BaseField; + +impl Group for Jacobian

{ type ScalarField = P::ScalarField; - type Affine = GroupAffine

; // The point at infinity is conventionally represented as (1:1:0) #[inline] @@ -632,11 +450,6 @@ impl ProjectiveCurve for GroupProjective

{ ) } - #[inline] - fn prime_subgroup_generator() -> Self { - GroupAffine::prime_subgroup_generator().into() - } - // The point at infinity is always represented by // Z = 0. #[inline] @@ -644,78 +457,6 @@ impl ProjectiveCurve for GroupProjective

{ self.z.is_zero() } - #[inline] - fn is_normalized(&self) -> bool { - self.is_zero() || self.z.is_one() - } - - #[inline] - fn batch_normalization(v: &mut [Self]) { - // Montgomery’s Trick and Fast Implementation of Masked AES - // Genelle, Prouff and Quisquater - // Section 3.2 - - // First pass: compute [a, ab, abc, ...] - let mut prod = Vec::with_capacity(v.len()); - let mut tmp = P::BaseField::one(); - for g in v - .iter_mut() - // Ignore normalized elements - .filter(|g| !g.is_normalized()) - { - tmp.mul_assign(&g.z); - prod.push(tmp); - } - - // Invert `tmp`. - tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. - - // Second pass: iterate backwards to compute inverses - for (g, s) in v - .iter_mut() - // Backwards - .rev() - // Ignore normalized elements - .filter(|g| !g.is_normalized()) - // Backwards, skip last element, fill in one for last term. - .zip( - prod.into_iter() - .rev() - .skip(1) - .chain(Some(P::BaseField::one())), - ) - { - // tmp := tmp * g.z; g.z := tmp * s = 1/z - let newtmp = tmp * &g.z; - g.z = tmp * &s; - tmp = newtmp; - } - #[cfg(not(feature = "parallel"))] - { - // Perform affine transformations - for g in v.iter_mut().filter(|g| !g.is_normalized()) { - let z2 = g.z.square(); // 1/z - g.x *= &z2; // x/z^2 - g.y *= &(z2 * &g.z); // y/z^3 - g.z = P::BaseField::one(); // z = 1 - } - } - - #[cfg(feature = "parallel")] - { - use rayon::prelude::*; - // Perform affine transformations - v.par_iter_mut() - .filter(|g| !g.is_normalized()) - .for_each(|g| { - let z2 = g.z.square(); // 1/z - g.x *= &z2; // x/z^2 - g.y *= &(z2 * &g.z); // y/z^3 - g.z = P::BaseField::one(); // z = 1 - }); - } - } - fn double_in_place(&mut self) -> &mut Self { if self.is_zero() { return self; @@ -783,12 +524,21 @@ impl ProjectiveCurve for GroupProjective

{ self } } +} - fn add_assign_mixed(&mut self, other: &Self::Affine) { - if other.is_zero() { - return; - } +impl Curve for Jacobian

{ + type BaseField = P::BaseField; + type AffineRep = AffineRep

; + + fn add_affine<'a>(&self, other: &'a Self::AffineRep) -> Self + { + let mut copy = *self; + copy.add_affine_assign(other); + copy + } + fn add_affine_assign<'a>(&mut self, other: &'a Self::AffineRep) + { if self.is_zero() { self.x = other.x; self.y = other.y; @@ -859,349 +609,381 @@ impl ProjectiveCurve for GroupProjective

{ /// Be sure to use it in applications where timing (or similar) attacks /// are not possible. /// TODO: Add a side-channel secure variant. - fn mul_assign::BigInt>>(&mut self, other: S) { + fn mul_bits>(&self, bits: BitIterator) -> Self { + if self.is_zero() { + return *self; + } let mut res = Self::zero(); - - let mut found_one = false; - - for i in BitIterator::new(other.into()) { - if found_one { - res.double_in_place(); - } else { - found_one |= i; - } - + let self_affine = self.into_affine().unwrap(); + for i in bits { + res.double_in_place(); if i { - res.add_assign(self); + res.add_affine_assign(&self_affine); } } - - *self = res; - } - - #[inline] - fn into_affine(&self) -> GroupAffine

{ - (*self).into() + res } - #[inline] - fn recommended_wnaf_for_scalar(scalar: ::BigInt) -> usize { - P::empirical_recommended_wnaf_for_scalar(scalar) + fn scale_by_cofactor(&self) -> Self { + let cofactor = BitIterator::new(P::COFACTOR); + self.mul_bits(cofactor) } #[inline] - fn recommended_wnaf_for_num_scalars(num_scalars: usize) -> usize { - P::empirical_recommended_wnaf_for_num_scalars(num_scalars) + fn prime_subgroup_generator() -> Self { + Self::new( + P::AFFINE_GENERATOR_COEFFS.0, + P::AFFINE_GENERATOR_COEFFS.1, + P::BaseField::one(), + ) } #[inline] fn group_membership_test(&self) -> bool { - self.into_affine().group_membership_test() + self.is_on_curve() + && if !self.is_zero() { + self.is_in_correct_subgroup_assuming_on_curve() + } else { + true + } } -} -impl SemanticallyValid for GroupProjective

{ - fn is_valid(&self) -> bool { - self.x.is_valid() && self.y.is_valid() && self.z.is_valid() && self.group_membership_test() + fn is_on_curve(&self) -> bool { + if self.is_zero() { + true + } else { + // Check that the point is on the curve + let y2 = self.y.square(); + let x3b = P::add_b(&((self.x.square() * &self.x) + &P::mul_by_a(&self.x))); + y2 == x3b + } } -} - -impl Neg for GroupProjective

{ - type Output = Self; #[inline] - fn neg(self) -> Self { - if !self.is_zero() { - Self::new(self.x, -self.y, self.z) - } else { - self - } + fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { + self.mul_bits(BitIterator::new(P::ScalarField::characteristic())).is_zero() } -} -impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ - type Output = Self; + #[inline] + fn is_normalized(&self) -> bool { + self.is_zero() || self.z.is_one() + } #[inline] - fn add(self, other: &'a Self) -> Self { - let mut copy = self; - copy += other; + fn normalize(&self) -> Self { + let mut copy = *self; + copy.normalize_assign(); copy } -} - -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ - fn add_assign(&mut self, other: &'a Self) { - if self.is_zero() { - *self = *other; - return; - } - if other.is_zero() { - return; + fn normalize_assign(&mut self) { + if !self.is_normalized() { + let dz = self.z.inverse().unwrap(); + let dz2 = dz.square(); // 1/z + self.x *= &dz2; // x/z^2 + self.y *= &(dz2 * &dz); // y/z^3 + self.z = P::BaseField::one(); // z = 1 } + } - // http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl - // Works for all curves. - - // Z1Z1 = Z1^2 - let z1z1 = self.z.square(); - - // Z2Z2 = Z2^2 - let z2z2 = other.z.square(); + #[inline] + fn batch_normalization(v: &mut [Self]) { + // Montgomery’s Trick and Fast Implementation of Masked AES + // Genelle, Prouff and Quisquater + // Section 3.2 - // U1 = X1*Z2Z2 - let u1 = self.x * &z2z2; + // First pass: compute [a, ab, abc, ...] + let mut prod = Vec::with_capacity(v.len()); + let mut tmp = P::BaseField::one(); + for g in v + .iter_mut() + // Ignore normalized elements + .filter(|g| !g.is_normalized()) + { + tmp.mul_assign(&g.z); + prod.push(tmp); + } - // U2 = X2*Z1Z1 - let u2 = other.x * &z1z1; + // Invert `tmp`. + tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. - // S1 = Y1*Z2*Z2Z2 - let s1 = self.y * &other.z * &z2z2; + // Second pass: iterate backwards to compute inverses + for (g, s) in v + .iter_mut() + // Backwards + .rev() + // Ignore normalized elements + .filter(|g| !g.is_normalized()) + // Backwards, skip last element, fill in one for last term. + .zip( + prod.into_iter() + .rev() + .skip(1) + .chain(Some(P::BaseField::one())), + ) + { + // tmp := tmp * g.z; g.z := tmp * s = 1/z + let newtmp = tmp * &g.z; + g.z = tmp * &s; + tmp = newtmp; + } + #[cfg(not(feature = "parallel"))] + { + // Perform affine transformations + for g in v.iter_mut().filter(|g| !g.is_normalized()) { + let z2 = g.z.square(); // 1/z + g.x *= &z2; // x/z^2 + g.y *= &(z2 * &g.z); // y/z^3 + g.z = P::BaseField::one(); // z = 1 + } + } - // S2 = Y2*Z1*Z1Z1 - let s2 = other.y * &self.z * &z1z1; - - if u1 == u2 && s1 == s2 { - // The two points are equal, so we double. - self.double_in_place(); - } else { - // If we're adding -a and a together, self.z becomes zero as H becomes zero. - - // H = U2-U1 - let h = u2 - &u1; - - // I = (2*H)^2 - let i = (h.double()).square(); - - // J = H*I - let j = h * &i; - - // r = 2*(S2-S1) - let r = (s2 - &s1).double(); - - // V = U1*I - let v = u1 * &i; - - // X3 = r^2 - J - 2*V - self.x = r.square() - &j - &(v.double()); - - // Y3 = r*(V - X3) - 2*S1*J - self.y = r * &(v - &self.x) - &*(s1 * &j).double_in_place(); - - // Z3 = ((Z1+Z2)^2 - Z1Z1 - Z2Z2)*H - self.z = ((self.z + &other.z).square() - &z1z1 - &z2z2) * &h; + #[cfg(feature = "parallel")] + { + use rayon::prelude::*; + // Perform affine transformations + v.par_iter_mut() + .filter(|g| !g.is_normalized()) + .for_each(|g| { + let z2 = g.z.square(); // 1/z + g.x *= &z2; // x/z^2 + g.y *= &(z2 * &g.z); // y/z^3 + g.z = P::BaseField::one(); // z = 1 + }); } } -} -impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ - type Output = Self; + /// Attempts to construct an affine point given an x-coordinate. The + /// point is not guaranteed to be in the prime order subgroup. + /// + /// If and only if `greatest` is set will the lexicographically + /// largest y-coordinate be selected. + #[allow(dead_code)] + fn get_point_from_x(x: P::BaseField, greatest: bool) -> Option { + // Compute x^3 + ax + b + let x3b = P::add_b(&((x.square() * &x) + &P::mul_by_a(&x))); - #[inline] - fn sub(self, other: &'a Self) -> Self { - let mut copy = self; - copy -= other; - copy + x3b.sqrt().map(|y| { + let negy = -y; + let y = if (y < negy) ^ greatest { y } else { negy }; + Self::new(x, y, P::BaseField::one()) + }) } -} -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupProjective

{ - fn sub_assign(&mut self, other: &'a Self) { - *self += &(-(*other)); - } -} + /// Attempts to construct an affine point given an x-coordinate. The + /// point is not guaranteed to be in the prime order subgroup. + /// + /// If and only if `parity` is set will the odd y-coordinate be selected. + #[allow(dead_code)] + fn get_point_from_x_and_parity(x: P::BaseField, parity: bool) -> Option { + // Compute x^3 + ax + b + let x3b = P::add_b(&((x.square() * &x) + &P::mul_by_a(&x))); -impl<'a, P: Parameters> Mul<&'a P::ScalarField> for GroupProjective

{ - type Output = Self; + x3b.sqrt().map(|y| { + let negy = -y; + let y = if y.is_odd() ^ parity { negy } else { y }; + Self::new(x, y, P::BaseField::one()) + }) + } - #[inline] - fn mul(self, other: &'a P::ScalarField) -> Self { - let mut copy = self; - copy *= other; - copy + fn from_random_bytes(bytes: &[u8]) -> Option { + P::BaseField::from_random_bytes_with_flags::(bytes).and_then(|(x, flags)| { + // if x is valid and is zero and only the infinity flag is set, then parse this + // point as infinity. For all other choices, get the original point. + if x.is_zero() && flags.is_infinity() { + Some(Self::zero()) + } else if let Some(y_is_odd) = flags.is_odd() { + Self::get_point_from_x_and_parity(x, y_is_odd) // Unwrap is safe because it's not zero. + } else { + None + } + }) } -} -impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for GroupProjective

{ #[inline] - fn mul_assign(&mut self, other: &'a P::ScalarField) { - as ProjectiveCurve>::mul_assign(self, *other); + fn recommended_wnaf_for_scalar(scalar: ::BigInt) -> usize { + P::empirical_recommended_wnaf_for_scalar(scalar) } -} -// The affine point X, Y is represented in the Jacobian -// coordinates with Z = 1. -impl From> for GroupProjective

{ #[inline] - fn from(p: GroupAffine

) -> GroupProjective

{ - if p.is_zero() { - Self::zero() - } else { - Self::new(p.x, p.y, P::BaseField::one()) - } + fn recommended_wnaf_for_num_scalars(num_scalars: usize) -> usize { + P::empirical_recommended_wnaf_for_num_scalars(num_scalars) } -} -// The projective point X, Y, Z is represented in the affine -// coordinates as X/Z^2, Y/Z^3. -impl From> for GroupAffine

{ - #[inline] - fn from(p: GroupProjective

) -> GroupAffine

{ - if p.is_zero() { - GroupAffine::zero() - } else if p.z.is_one() { - // If Z is one, the point is already normalized. - GroupAffine::new(p.x, p.y, false) - } else { - // Z is nonzero, so it must have an inverse in a field. - let zinv = p.z.inverse().unwrap(); - let zinv_squared = zinv.square(); + fn sum_buckets_affine(to_add: &mut [Vec]) { + let zero = P::BaseField::zero(); + let one = P::BaseField::one(); + let length = to_add.iter().map(|l| l.len()).fold(0, |x, y| x + y); + let mut denoms = vec![zero; length / 2]; - // X/Z^2 - let x = p.x * &zinv_squared; + while to_add.iter().position(|x| x.len() > 1) != None { + let mut dx: usize = 0; + for p in to_add.iter_mut() { + if p.len() < 2 { + continue; + } + let len = if p.len() % 2 == 0 { + p.len() + } else { + p.len() - 1 + }; + for i in (0..len).step_by(2) { + denoms[dx] = { + if p[i].x == p[i + 1].x { + if p[i + 1].y == zero { + one + } else { + p[i + 1].y.double() + } + } else { + p[i].x - &p[i + 1].x + } + }; + dx += 1; + } + } - // Y/Z^3 - let y = p.y * &(zinv_squared * &zinv); + denoms.truncate(dx); + crate::fields::batch_inversion(&mut denoms); + dx = 0; - GroupAffine::new(x, y, false) - } - } -} + for p in to_add.iter_mut() { + if p.len() < 2 { + continue; + } + let len = if p.len() % 2 == 0 { + p.len() + } else { + p.len() - 1 + }; -impl CanonicalSerialize for GroupAffine

{ - #[allow(unused_qualifications)] - #[inline] - fn serialize(&self, writer: W) -> Result<(), SerializationError> { - if self.is_zero() { - let flags = SWFlags::infinity(); - // Serialize 0. - P::BaseField::zero().serialize_with_flags(writer, flags) - } else { - let flags = SWFlags::from_y_parity(self.y.is_odd()); - self.x.serialize_with_flags(writer, flags) + let mut zeros = vec![false; p.len()]; + + for i in (0..len).step_by(2) { + let j = i / 2; + if zeros[i + 1] { + p[j] = p[i]; + } else if zeros[i] { + p[j] = p[i + 1]; + } else if p[i + 1].x == p[i].x && (p[i + 1].y != p[i].y || p[i + 1].y.is_zero()) + { + zeros[j] = true; + } else if p[i + 1].x == p[i].x && p[i + 1].y == p[i].y { + let sq = p[i].x.square(); + let s = (sq.double() + &sq + &P::COEFF_A) * &denoms[dx]; + let x = s.square() - &p[i].x.double(); + let y = -p[i].y - &(s * &(x - &p[i].x)); + p[j].x = x; + p[j].y = y; + } else { + let s = (p[i].y - &p[i + 1].y) * &denoms[dx]; + let x = s.square() - &p[i].x - &p[i + 1].x; + let y = -p[i].y - &(s * &(x - &p[i].x)); + p[j].x = x; + p[j].y = y; + } + dx += 1; + } + + let len = p.len(); + if len % 2 == 1 { + p[len / 2] = p[len - 1]; + p.truncate(len / 2 + 1); + } else { + p.truncate(len / 2); + } + } } } +} - #[inline] - fn serialized_size(&self) -> usize { - P::BaseField::zero().serialized_size_with_flags::() +impl EndoMulCurve for Jacobian

{ + fn apply_endomorphism(&self) -> Self { + let mut self_e = self.clone(); + self_e.x.mul_assign(P::ENDO_COEFF); + self_e } - #[allow(unused_qualifications)] - #[inline] - fn serialize_uncompressed(&self, mut writer: W) -> Result<(), SerializationError> { - let flags = if self.is_zero() { - SWFlags::infinity() - } else { - SWFlags::default() - }; - CanonicalSerialize::serialize(&self.x, &mut writer)?; - self.y.serialize_with_flags(&mut writer, flags)?; - Ok(()) - } + fn endo_rep_to_scalar(bits: Vec) -> Result { + let mut a: P::ScalarField = 2u64.into(); + let mut b: P::ScalarField = 2u64.into(); - #[inline] - fn uncompressed_size(&self) -> usize { - self.x.serialized_size() + self.y.serialized_size_with_flags::() - } -} + let one = P::ScalarField::one(); + let one_neg = one.neg(); -impl CanonicalSerialize for GroupProjective

{ - #[allow(unused_qualifications)] - #[inline] - fn serialize(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(self.clone()); - CanonicalSerialize::serialize(&aff, writer) - } + let mut bits = bits; + if bits.len() % 2 == 1 { + bits.push(false); + } - #[inline] - fn serialized_size(&self) -> usize { - let aff = GroupAffine::

::from(self.clone()); - aff.serialized_size() - } + if bits.len() > P::LAMBDA { + Err("Endo mul bits length exceeds LAMBDA")? + } - #[allow(unused_qualifications)] - #[inline] - fn serialize_uncompressed(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(self.clone()); - aff.serialize_uncompressed(writer) - } + for i in (0..(bits.len() / 2)).rev() { + a.double_in_place(); + b.double_in_place(); - #[inline] - fn uncompressed_size(&self) -> usize { - let aff = GroupAffine::

::from(self.clone()); - aff.uncompressed_size() - } -} + let s = if bits[i * 2] { &one } else { &one_neg }; -impl CanonicalDeserialize for GroupAffine

{ - #[allow(unused_qualifications)] - fn deserialize(reader: R) -> Result { - let p = Self::deserialize_unchecked(reader)?; - if !p.is_zero() && !p.is_in_correct_subgroup_assuming_on_curve() { - return Err(SerializationError::InvalidData); + if bits[i * 2 + 1] { + a.add_assign(s); + } else { + b.add_assign(s); + } } - Ok(p) + + Ok(a.mul(P::ENDO_SCALAR) + &b) } - #[allow(unused_qualifications)] - fn deserialize_unchecked(reader: R) -> Result { - let (x, flags): (P::BaseField, SWFlags) = - CanonicalDeserializeWithFlags::deserialize_with_flags(reader)?; - if flags.is_infinity() { - Ok(Self::zero()) - } else { - let p = GroupAffine::

::get_point_from_x_and_parity(x, flags.is_odd().unwrap()) - .ok_or(SerializationError::InvalidData)?; - Ok(p) + /// Endomorphism-based multiplication of a curve point + /// with a scalar in little-endian endomorphism representation. + fn endo_mul(&self, bits: Vec) -> Result { + + let mut bits = bits; + if bits.len() % 2 == 1 { + bits.push(false); } - } - #[allow(unused_qualifications)] - fn deserialize_uncompressed(reader: R) -> Result { - let p = Self::deserialize_uncompressed_unchecked(reader)?; + if bits.len() > P::LAMBDA { + Err("Endo mul bits length exceeds LAMBDA")? + } - if !p.group_membership_test() { - return Err(SerializationError::InvalidData); + if self.is_zero() { + return Ok(*self); } - Ok(p) - } - #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked( - mut reader: R, - ) -> Result { - let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let (y, flags): (P::BaseField, SWFlags) = - CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; - let p = GroupAffine::

::new(x, y, flags.is_infinity()); - Ok(p) - } -} + let self_affine = self.into_affine().unwrap(); + let self_affine_neg = self_affine.neg(); -impl CanonicalDeserialize for GroupProjective

{ - #[allow(unused_qualifications)] - fn deserialize(reader: R) -> Result { - let aff = as CanonicalDeserialize>::deserialize(reader)?; - Ok(aff.into()) - } + let self_e = self.apply_endomorphism(); + let self_affine_e = self_e.into_affine().unwrap(); - #[allow(unused_qualifications)] - fn deserialize_unchecked(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_unchecked(reader)?; - Ok(aff.into()) - } + let self_affine_e_neg = self_affine_e.neg(); - #[allow(unused_qualifications)] - fn deserialize_uncompressed(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed(reader)?; - Ok(aff.into()) - } + let mut acc = self_e; + acc.add_affine_assign(&self_affine); + acc.double_in_place(); - #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed_unchecked(reader)?; - Ok(aff.into()) + for i in (0..(bits.len() / 2)).rev() { + let s = if bits[i * 2 + 1] { + if bits[i * 2] { + &self_affine_e + } else { + &self_affine_e_neg + } + } else { + if bits[i * 2] { + &self_affine + } else { + &self_affine_neg + } + }; + + acc.double_in_place(); + acc.add_affine_assign(s); + } + + Ok(acc) } -} +} \ No newline at end of file diff --git a/algebra/src/curves/models/short_weierstrass_projective.rs b/algebra/src/curves/models/short_weierstrass_projective/mod.rs similarity index 59% rename from algebra/src/curves/models/short_weierstrass_projective.rs rename to algebra/src/curves/models/short_weierstrass_projective/mod.rs index 6e74b3534..6546ec8c6 100644 --- a/algebra/src/curves/models/short_weierstrass_projective.rs +++ b/algebra/src/curves/models/short_weierstrass_projective/mod.rs @@ -1,13 +1,15 @@ use crate::{ + /*FromBits, ToBits,*/ bytes::{FromBytes, ToBytes}, + groups::Group, curves::{ + Curve, EndoMulCurve, models::{EndoMulParameters as EndoParameters, SWModelParameters as Parameters}, - AffineCurve, EndoMulCurve, ProjectiveCurve, }, fields::{BitIterator, Field, PrimeField, SquareRootField}, - BitSerializationError, CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, - CanonicalSerializeWithFlags, Error, FromBytesChecked, FromCompressedBits, SWFlags, - SemanticallyValid, SerializationError, ToCompressedBits, UniformRand, + /* BitSerializationError,*/ CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, Error, FromBytesChecked,/* FromCompressedBits,*/ SWFlags, + SemanticallyValid, SerializationError,/* ToCompressedBits,*/ UniformRand, }; use rand::{ distributions::{Distribution, Standard}, @@ -18,620 +20,403 @@ use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}; use std::{ fmt::{Display, Formatter, Result as FmtResult}, io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}, + convert::TryFrom, marker::PhantomData, }; #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - PartialEq(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") +Copy(bound = "P: Parameters"), +Clone(bound = "P: Parameters"), +PartialEq(bound = "P: Parameters"), +Eq(bound = "P: Parameters"), +Debug(bound = "P: Parameters"), +Hash(bound = "P: Parameters") )] #[derive(Serialize, Deserialize)] -pub struct GroupAffine { +pub struct AffineRep { pub x: P::BaseField, pub y: P::BaseField, - pub infinity: bool, #[derivative(Debug = "ignore")] #[serde(skip)] _params: PhantomData

, } -impl Display for GroupAffine

{ - fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - if self.infinity { - write!(f, "GroupAffine(Infinity)") - } else { - write!(f, "GroupAffine(x={}, y={})", self.x, self.y) +impl AffineRep

{ + pub fn new(x: P::BaseField, y: P::BaseField) -> Self { + Self { + x, + y, + _params: PhantomData, } } } -impl PartialEq> for GroupAffine

{ - fn eq(&self, other: &GroupProjective

) -> bool { - self.into_projective() == *other +impl Display for AffineRep

{ + fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { + write!(f, "AffineRep(x={}, y={})", self.x, self.y) } } -impl PartialEq> for GroupProjective

{ - fn eq(&self, other: &GroupAffine

) -> bool { - *self == other.into_projective() +impl Neg for AffineRep

{ + type Output = Self; + + #[inline] + fn neg(self) -> Self { + Self::new(self.x, -self.y) } } -impl GroupAffine

{ - pub fn new(x: P::BaseField, y: P::BaseField, infinity: bool) -> Self { +#[derive(Derivative)] +#[derivative( +Copy(bound = "P: Parameters"), +Clone(bound = "P: Parameters"), +Eq(bound = "P: Parameters"), +Debug(bound = "P: Parameters"), +Hash(bound = "P: Parameters") +)] +#[derive(Serialize, Deserialize)] +pub struct Projective { + pub x: P::BaseField, + pub y: P::BaseField, + pub z: P::BaseField, + #[derivative(Debug = "ignore")] + #[serde(skip)] + _params: PhantomData

, +} + +impl Projective

{ + pub fn new(x: P::BaseField, y: P::BaseField, z: P::BaseField) -> Self { Self { x, y, - infinity, + z, _params: PhantomData, } } +} - pub fn scale_by_cofactor(&self) -> ::Projective { - self.mul_bits(BitIterator::new(P::COFACTOR)) +impl Display for Projective

{ + fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { + write!(f, "Projective(x={}, y={}, z={})", self.x, self.y, self.z) } +} - /// WARNING: This implementation doesn't take costant time with respect - /// to the exponent, and therefore is susceptible to side-channel attacks. - /// Be sure to use it in applications where timing (or similar) attacks - /// are not possible. - /// TODO: Add a side-channel secure variant. - pub(crate) fn mul_bits>( - &self, - bits: BitIterator, - ) -> ::Projective { - let mut res = GroupProjective::zero(); - for i in bits { - res.double_in_place(); - if i { - res.add_assign_mixed(self) - } +impl PartialEq for Projective

{ + fn eq(&self, other: &Self) -> bool { + if self.is_zero() { + return other.is_zero(); } - res - } - - /// Attempts to construct an affine point given an x-coordinate. The - /// point is not guaranteed to be in the prime order subgroup. - /// - /// If and only if `greatest` is set will the lexicographically - /// largest y-coordinate be selected. - #[allow(dead_code)] - pub(crate) fn get_point_from_x(x: P::BaseField, greatest: bool) -> Option { - // Compute x^3 + ax + b - let x3b = P::add_b(&((x.square() * &x) + &P::mul_by_a(&x))); - - x3b.sqrt().map(|y| { - let negy = -y; - let y = if (y < negy) ^ greatest { y } else { negy }; - Self::new(x, y, false) - }) - } - - /// Attempts to construct an affine point given an x-coordinate. The - /// point is not guaranteed to be in the prime order subgroup. - /// - /// If and only if `parity` is set will the odd y-coordinate be selected. - #[allow(dead_code)] - pub fn get_point_from_x_and_parity(x: P::BaseField, parity: bool) -> Option { - // Compute x^3 + ax + b - let x3b = P::add_b(&((x.square() * &x) + &P::mul_by_a(&x))); - x3b.sqrt().map(|y| { - let negy = -y; - let y = if y.is_odd() ^ parity { negy } else { y }; - Self::new(x, y, false) - }) - } + if other.is_zero() { + return false; + } - /// Checks that the current point is on the elliptic curve. - pub fn is_on_curve(&self) -> bool { - if self.is_zero() { - true + if (self.x * &other.z) != (other.x * &self.z) || (self.y * &other.z) != (other.y * &self.z) + { + false } else { - // Check that the point is on the curve - let y2 = self.y.square(); - let x3b = P::add_b(&((self.x.square() * &self.x) + &P::mul_by_a(&self.x))); - y2 == x3b + true } } +} +impl Distribution> for Standard { #[inline] - pub fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { - self.mul_bits(BitIterator::new(P::ScalarField::characteristic())) - .is_zero() + fn sample(&self, rng: &mut R) -> Projective

{ + let res = Projective::prime_subgroup_generator() * &P::ScalarField::rand(rng); + debug_assert!(res.is_in_correct_subgroup_assuming_on_curve()); + res } } -impl AffineCurve for GroupAffine

{ - type ScalarField = P::ScalarField; - type BaseField = P::BaseField; - type Projective = GroupProjective

; - - // Altough the non-affine element is always handled only through the infinity flag, - // we still set x and y coordinates in a normalized manner. +impl ToBytes for Projective

{ #[inline] - fn zero() -> Self { - Self::new(Self::BaseField::zero(), Self::BaseField::one(), true) + fn write(&self, mut writer: W) -> IoResult<()> { + self.x.write(&mut writer)?; + self.y.write(&mut writer)?; + self.z.write(writer) } +} +impl FromBytes for Projective

{ #[inline] - fn prime_subgroup_generator() -> Self { - Self::new( - P::AFFINE_GENERATOR_COEFFS.0, - P::AFFINE_GENERATOR_COEFFS.1, - false, - ) + fn read(mut reader: R) -> IoResult { + let x = P::BaseField::read(&mut reader)?; + let y = P::BaseField::read(&mut reader)?; + let z = P::BaseField::read(reader)?; + Ok(Self::new(x, y, z)) } +} - fn from_random_bytes(bytes: &[u8]) -> Option { - P::BaseField::from_random_bytes_with_flags::(bytes).and_then(|(x, flags)| { - // if x is valid and is zero and only the infinity flag is set, then parse this - // point as infinity. For all other choices, get the original point. - if x.is_zero() && flags.is_infinity() { - Some(Self::zero()) - } else if let Some(y_is_odd) = flags.is_odd() { - Self::get_point_from_x_and_parity(x, y_is_odd) // Unwrap is safe because it's not zero. - } else { - None - } - }) +impl FromBytesChecked for Projective

{ + fn read_checked(mut reader: R) -> IoResult { + let x = P::BaseField::read_checked(&mut reader)?; + let y = P::BaseField::read_checked(&mut reader)?; + let z = P::BaseField::read_checked(reader)?; + let point = Self::new(x, y, z); + if !point.group_membership_test() { + return Err(IoError::new( + ErrorKind::InvalidData, + "invalid point: group membership test failed", + )); + } + Ok(point) } +} +impl Default for Projective

{ #[inline] - fn is_zero(&self) -> bool { - self.infinity + fn default() -> Self { + Self::zero() } +} - #[inline] - fn group_membership_test(&self) -> bool { - self.is_on_curve() - && if !self.is_zero() { - self.is_in_correct_subgroup_assuming_on_curve() - } else { - true - } +impl SemanticallyValid for Projective

{ + fn is_valid(&self) -> bool { + self.x.is_valid() && self.y.is_valid() && self.z.is_valid() && self.group_membership_test() } +} - fn add_points(to_add: &mut [Vec]) { - let zero = P::BaseField::zero(); - let one = P::BaseField::one(); - let length = to_add.iter().map(|l| l.len()).fold(0, |x, y| x + y); - let mut denoms = vec![zero; length / 2]; - - while to_add.iter().position(|x| x.len() > 1) != None { - let mut dx: usize = 0; - for p in to_add.iter_mut() { - if p.len() < 2 { - continue; - } - let len = if p.len() % 2 == 0 { - p.len() - } else { - p.len() - 1 - }; - for i in (0..len).step_by(2) { - denoms[dx] = { - if p[i].x == p[i + 1].x { - if p[i + 1].y == zero { - one - } else { - p[i + 1].y.double() - } - } else { - p[i].x - &p[i + 1].x - } - }; - dx += 1; - } - } - - denoms.truncate(dx); - crate::fields::batch_inversion(&mut denoms); - dx = 0; - - for p in to_add.iter_mut() { - if p.len() < 2 { - continue; - } - let len = if p.len() % 2 == 0 { - p.len() - } else { - p.len() - 1 - }; - - for i in (0..len).step_by(2) { - let j = i / 2; - if p[i + 1].is_zero() { - p[j] = p[i]; - } else if p[i].is_zero() { - p[j] = p[i + 1]; - } else if p[i + 1].x == p[i].x && (p[i + 1].y != p[i].y || p[i + 1].y.is_zero()) - { - p[j] = Self::zero(); - } else if p[i + 1].x == p[i].x && p[i + 1].y == p[i].y { - let sq = p[i].x.square(); - let s = (sq.double() + &sq + &P::COEFF_A) * &denoms[dx]; - let x = s.square() - &p[i].x.double(); - let y = -p[i].y - &(s * &(x - &p[i].x)); - p[j].x = x; - p[j].y = y; - p[j].infinity = false; - } else { - let s = (p[i].y - &p[i + 1].y) * &denoms[dx]; - let x = s.square() - &p[i].x - &p[i + 1].x; - let y = -p[i].y - &(s * &(x - &p[i].x)); - p[j].x = x; - p[j].y = y; - p[j].infinity = false; - } - dx += 1; - } - - let len = p.len(); - if len % 2 == 1 { - p[len / 2] = p[len - 1]; - p.truncate(len / 2 + 1); - } else { - p.truncate(len / 2); - } - } +impl CanonicalSerialize for Projective

{ + #[allow(unused_qualifications)] + #[inline] + fn serialize(&self, writer: W) -> Result<(), SerializationError> { + if self.is_zero() { + let flags = SWFlags::infinity(); + // Serialize 0. + P::BaseField::zero().serialize_with_flags(writer, flags) + } else { + let self_affine = self.into_affine().unwrap(); + let flags = SWFlags::from_y_parity(self_affine.y.is_odd()); + self_affine.x.serialize_with_flags(writer, flags) } } #[inline] - fn mul::BigInt>>(&self, by: S) -> GroupProjective

{ - let bits = BitIterator::new(by.into()); - self.mul_bits(bits) + fn serialized_size(&self) -> usize { + P::BaseField::zero().serialized_size_with_flags::() } + #[allow(unused_qualifications)] #[inline] - fn into_projective(&self) -> GroupProjective

{ - (*self).into() - } - - fn mul_by_cofactor(&self) -> Self { - self.scale_by_cofactor().into() + fn serialize_uncompressed(&self, mut writer: W) -> Result<(), SerializationError> { + if self.is_zero() { + CanonicalSerialize::serialize(&self.x, &mut writer)?; + self.y.serialize_with_flags(&mut writer, SWFlags::infinity())?; + } else { + let self_affine = self.into_affine().unwrap(); + CanonicalSerialize::serialize(&self_affine.x, &mut writer)?; + self_affine.y.serialize_with_flags(&mut writer, SWFlags::default())?; + }; + Ok(()) } - fn mul_by_cofactor_inv(&self) -> Self { - self.mul(P::COFACTOR_INV).into() + #[inline] + fn uncompressed_size(&self) -> usize { + self.x.serialized_size() + self.y.serialized_size_with_flags::() } } -impl EndoMulCurve for GroupAffine

{ - fn apply_endomorphism(&self) -> Self { - let mut self_e = self.clone(); - self_e.x.mul_assign(P::ENDO_COEFF); - self_e +impl CanonicalDeserialize for Projective

{ + #[allow(unused_qualifications)] + fn deserialize(reader: R) -> Result { + let p = Self::deserialize_unchecked(reader)?; + if !p.is_zero() && !p.is_in_correct_subgroup_assuming_on_curve() { + return Err(SerializationError::InvalidData); + } + Ok(p) } - fn endo_rep_to_scalar(bits: Vec) -> Result { - let mut a: P::ScalarField = 2u64.into(); - let mut b: P::ScalarField = 2u64.into(); - - let one = P::ScalarField::one(); - let one_neg = one.neg(); - - let mut bits = bits; - if bits.len() % 2 == 1 { - bits.push(false); - } - - if bits.len() > P::LAMBDA { - Err("Endo mul bits length exceeds LAMBDA")? - } - - for i in (0..(bits.len() / 2)).rev() { - a.double_in_place(); - b.double_in_place(); - - let s = if bits[i * 2] { &one } else { &one_neg }; - - if bits[i * 2 + 1] { - a.add_assign(s); - } else { - b.add_assign(s); - } + #[allow(unused_qualifications)] + fn deserialize_unchecked(reader: R) -> Result { + let (x, flags): (P::BaseField, SWFlags) = + CanonicalDeserializeWithFlags::deserialize_with_flags(reader)?; + if flags.is_infinity() { + Ok(Self::zero()) + } else { + let p = Projective::

::get_point_from_x_and_parity(x, flags.is_odd().unwrap()) + .ok_or(SerializationError::InvalidData)?; + Ok(p) } - - Ok(a.mul(P::ENDO_SCALAR) + &b) } - /// Performs scalar multiplication of this element with mixed addition. - fn endo_mul(&self, bits: Vec) -> Result { - let self_neg = self.neg(); - - let self_e = self.apply_endomorphism(); - let self_e_neg = self_e.neg(); - - let mut acc = self_e.into_projective(); - acc.add_assign_mixed(&self); - acc.double_in_place(); - - let mut bits = bits; - if bits.len() % 2 == 1 { - bits.push(false); - } - - if bits.len() > P::LAMBDA { - Err("Endo mul bits length exceeds LAMBDA")? - } - - for i in (0..(bits.len() / 2)).rev() { - let s = if bits[i * 2 + 1] { - if bits[i * 2] { - &self_e - } else { - &self_e_neg - } - } else { - if bits[i * 2] { - &self - } else { - &self_neg - } - }; + #[allow(unused_qualifications)] + fn deserialize_uncompressed(reader: R) -> Result { + let p = Self::deserialize_uncompressed_unchecked(reader)?; - acc.double_in_place(); - acc.add_assign_mixed(s); + if !p.group_membership_test() { + return Err(SerializationError::InvalidData); } - - Ok(acc) + Ok(p) } -} -impl SemanticallyValid for GroupAffine

{ - fn is_valid(&self) -> bool { - self.x.is_valid() && self.y.is_valid() && self.group_membership_test() + #[allow(unused_qualifications)] + fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; + let (y, flags): (P::BaseField, SWFlags) = + CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; + let p = Projective::

::new(x, y, if flags.is_infinity() { P::BaseField::zero() } else { P::BaseField::one() }); + Ok(p) } } -impl Neg for GroupAffine

{ +impl Neg for Projective

{ type Output = Self; + #[inline] fn neg(self) -> Self { if !self.is_zero() { - Self::new(self.x, -self.y, false) + Self::new(self.x, -self.y, self.z) } else { self } } } -impl ToBytes for GroupAffine

{ - #[inline] - fn write(&self, mut writer: W) -> IoResult<()> { - self.x.write(&mut writer)?; - self.y.write(&mut writer)?; - self.infinity.write(writer) - } -} +impl<'a, P: Parameters> Add<&'a Self> for Projective

{ + type Output = Self; -impl FromBytes for GroupAffine

{ #[inline] - fn read(mut reader: R) -> IoResult { - let x = P::BaseField::read(&mut reader)?; - let y = P::BaseField::read(&mut reader)?; - let infinity = bool::read(reader)?; - - Ok(Self::new(x, y, infinity)) + fn add(self, other: &'a Self) -> Self { + let mut copy = self; + copy += other; + copy } } -impl FromBytesChecked for GroupAffine

{ - #[inline] - fn read_checked(mut reader: R) -> IoResult { - let x = P::BaseField::read_checked(&mut reader)?; - let y = P::BaseField::read_checked(&mut reader)?; - let infinity = bool::read(reader)?; - let point = Self::new(x, y, infinity); - if !point.group_membership_test() { - return Err(IoError::new( - ErrorKind::InvalidData, - "invalid point: group membership test failed", - )); +impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ + fn add_assign(&mut self, other: &'a Self) { + if self.is_zero() { + *self = *other; + return; } - Ok(point) - } -} - -use crate::{FromBits, ToBits}; -impl ToCompressedBits for GroupAffine

{ - #[inline] - fn compress(&self) -> Vec { - // Strictly speaking, self.x is zero already when self.infinity is true, but - // to guard against implementation mistakes we do not assume this. - let p = if self.infinity { - P::BaseField::zero() - } else { - self.x - }; - let mut res = p.write_bits(); - - // Add infinity flag - res.push(self.infinity); - - // Add parity coordinate (set by default to false if self is infinity) - res.push(!self.infinity && self.y.is_odd()); - - res - } -} -impl FromCompressedBits for GroupAffine

{ - #[inline] - fn decompress(compressed: Vec) -> Result { - let len = compressed.len() - 1; - let parity_flag_set = compressed[len]; - let infinity_flag_set = compressed[len - 1]; - - //Mask away the flag bits and try to get the x coordinate - let x = P::BaseField::read_bits(compressed[0..(len - 1)].to_vec())?; - match (infinity_flag_set, parity_flag_set, x.is_zero()) { - //If the infinity flag is set, return the value assuming - //the x-coordinate is zero and the parity bit is not set. - (true, false, true) => Ok(Self::zero()), - - //If infinity flag is not set, then we attempt to construct - //a point from the x coordinate and the parity. - (false, _, _) => { - //Attempt to get the y coordinate from its parity and x - match Self::get_point_from_x_and_parity(x, parity_flag_set) { - //Check p belongs to the subgroup we expect - Some(p) => { - if p.is_in_correct_subgroup_assuming_on_curve() { - Ok(p) - } else { - let e = BitSerializationError::NotInCorrectSubgroup; - Err(Box::new(e)) - } - } - _ => Err(Box::new(BitSerializationError::NotOnCurve)), - } - } + if other.is_zero() { + return; + } - //Other combinations are illegal - _ => Err(Box::new(BitSerializationError::InvalidFlags)), + // https://www.hyperelliptic.org/EFD/g1p/data/shortw/projective/addition/add-1998-cmo-2 + if self == other { + self.double_in_place(); + } else { + // Y1Z2 = Y1*Z2 + let y1z2 = self.y * &other.z; + // X1Z2 = X1*Z2 + let x1z2 = self.x * &other.z; + // Z1Z2 = Z1*Z2 + let z1z2 = self.z * &other.z; + // u = Y2*Z1-Y1Z2 + let u = (self.z * &other.y) - &y1z2; + // uu = u^2 + let uu = u.square(); + // v = X2*Z1-X1Z2 + let v = (self.z * &other.x) - &x1z2; + // vv = v^2 + let vv = v.square(); + // vvv = v*vv + let vvv = v * &vv; + // R = vv*X1Z2 + let r = vv * &x1z2; + // A = uu*Z1Z2-vvv-2*R + let a = (uu * &z1z2) - &(vvv + &r + &r); + // X3 = v*A + self.x = v * &a; + // Y3 = u*(R-A)-vvv*Y1Z2 + self.y = ((r - &a) * &u) - &(vvv * &y1z2); + // Z3 = vvv*Z1Z2 + self.z = vvv * &z1z2; } } } -impl Default for GroupAffine

{ +impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ + type Output = Self; + #[inline] - fn default() -> Self { - Self::zero() + fn sub(self, other: &'a Self) -> Self { + let mut copy = self; + copy -= other; + copy } } -#[derive(Derivative)] -#[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") -)] -#[derive(Serialize, Deserialize)] -pub struct GroupProjective { - pub x: P::BaseField, - pub y: P::BaseField, - pub z: P::BaseField, - #[serde(skip)] - _params: PhantomData

, -} - -impl Display for GroupProjective

{ - fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "{}", self.into_affine()) +impl<'a, P: Parameters> SubAssign<&'a Self> for Projective

{ + fn sub_assign(&mut self, other: &'a Self) { + *self += &(-(*other)); } } -impl PartialEq for GroupProjective

{ - fn eq(&self, other: &Self) -> bool { - if self.is_zero() { - return other.is_zero(); - } - - if other.is_zero() { - return false; - } +impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for Projective

{ - if (self.x * &other.z) != (other.x * &self.z) || (self.y * &other.z) != (other.y * &self.z) - { - false - } else { - true + /// WARNING: This implementation doesn't take costant time with respect + /// to the exponent, and therefore is susceptible to side-channel attacks. + /// Be sure to use it in applications where timing (or similar) attacks + /// are not possible. + /// TODO: Add a side-channel secure variant. + fn mul_assign(&mut self, other: &'a P::ScalarField) { + if !self.is_zero() { + *self = self.mul_bits(BitIterator::new(Into::<::BigInt>::into(*other))) } } } -impl Distribution> for Standard { - #[inline] - fn sample(&self, rng: &mut R) -> GroupProjective

{ - let res = GroupProjective::prime_subgroup_generator() * &P::ScalarField::rand(rng); - debug_assert!(res.into_affine().is_in_correct_subgroup_assuming_on_curve()); - res - } -} +impl<'a, P: Parameters> Mul<&'a P::ScalarField> for Projective

{ + type Output = Self; -impl ToBytes for GroupProjective

{ #[inline] - fn write(&self, mut writer: W) -> IoResult<()> { - self.x.write(&mut writer)?; - self.y.write(&mut writer)?; - self.z.write(writer) + fn mul(self, other: &'a P::ScalarField) -> Self { + let mut copy = self; + copy *= other; + copy } } -impl FromBytes for GroupProjective

{ +// The affine point X, Y is represented in the Jacobian +// coordinates with Z = 1. +impl From> for Projective

{ #[inline] - fn read(mut reader: R) -> IoResult { - let x = P::BaseField::read(&mut reader)?; - let y = P::BaseField::read(&mut reader)?; - let z = P::BaseField::read(reader)?; - Ok(Self::new(x, y, z)) + fn from(p: AffineRep

) -> Projective

{ + Self::new(p.x, p.y, P::BaseField::one()) } } -impl FromBytesChecked for GroupProjective

{ - fn read_checked(mut reader: R) -> IoResult { - let x = P::BaseField::read_checked(&mut reader)?; - let y = P::BaseField::read_checked(&mut reader)?; - let z = P::BaseField::read_checked(reader)?; - let point = Self::new(x, y, z); - if !point.group_membership_test() { - return Err(IoError::new( - ErrorKind::InvalidData, - "invalid point: group membership test failed", - )); - } - Ok(point) - } -} +// The projective point X, Y, Z is represented in the affine +// coordinates as X/Z^2, Y/Z^3. +impl TryFrom> for AffineRep

{ + type Error = Error; -impl Default for GroupProjective

{ #[inline] - fn default() -> Self { - Self::zero() - } -} - -impl GroupProjective

{ - pub fn new(x: P::BaseField, y: P::BaseField, z: P::BaseField) -> Self { - Self { - x, - y, - z, - _params: PhantomData, + fn try_from(p: Projective

) -> Result, Error> { + if p.is_zero() { + Err("Zero projective cannot be convrted to affine".to_owned())? + } else if p.z.is_one() { + // If Z is one, the point is already normalized. + Ok(AffineRep::new(p.x, p.y)) + } else { + // Z is nonzero, so it must have an inverse in a field. + let z_inv = p.z.inverse().unwrap(); + let x = p.x * &z_inv; + let y = p.y * &z_inv; + Ok(AffineRep::new(x, y)) } } } -impl ProjectiveCurve for GroupProjective

{ - type BaseField = P::BaseField; + +impl Group for Projective

{ type ScalarField = P::ScalarField; - type Affine = GroupAffine

; - // The point at infinity is always represented by Z = 0. + // The point at infinity is conventionally represented as (1:1:0) #[inline] fn zero() -> Self { Self::new( - P::BaseField::zero(), + P::BaseField::one(), P::BaseField::one(), P::BaseField::zero(), ) } - #[inline] - fn prime_subgroup_generator() -> Self { - GroupAffine::prime_subgroup_generator().into() - } - // The point at infinity is always represented by // Z = 0. #[inline] @@ -639,65 +424,6 @@ impl ProjectiveCurve for GroupProjective

{ self.z.is_zero() } - #[inline] - fn group_membership_test(&self) -> bool { - self.into_affine().group_membership_test() - } - - #[inline] - fn is_normalized(&self) -> bool { - self.is_zero() || self.z.is_one() - } - - fn batch_normalization(v: &mut [Self]) { - // Montgomery’s Trick and Fast Implementation of Masked AES - // Genelle, Prouff and Quisquater - // Section 3.2 - - // First pass: compute [a, ab, abc, ...] - let mut prod = Vec::with_capacity(v.len()); - let mut tmp = P::BaseField::one(); - for g in v - .iter_mut() - // Ignore normalized elements - .filter(|g| !g.is_normalized()) - { - tmp.mul_assign(&g.z); - prod.push(tmp); - } - - // Invert `tmp`. - tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. - - // Second pass: iterate backwards to compute inverses - for (g, s) in v - .iter_mut() - // Backwards - .rev() - // Ignore normalized elements - .filter(|g| !g.is_normalized()) - // Backwards, skip last element, fill in one for last term. - .zip( - prod.into_iter() - .rev() - .skip(1) - .chain(Some(P::BaseField::one())), - ) - { - // tmp := tmp * g.z; g.z := tmp * s = 1/z - let newtmp = tmp * &g.z; - g.z = tmp * &s; - tmp = newtmp; - } - - // Perform affine transformations - for g in v.iter_mut().filter(|g| !g.is_normalized()) { - g.x *= &g.z; // x/z^2 - g.y *= &g.z; - g.z = P::BaseField::one(); // z = 1 - } - } - fn double_in_place(&mut self) -> &mut Self { if self.is_zero() { self @@ -734,11 +460,22 @@ impl ProjectiveCurve for GroupProjective

{ self } } +} - fn add_assign_mixed(&mut self, other: &Self::Affine) { - if other.is_zero() { - return; - } else if self.is_zero() { +impl Curve for Projective

{ + type BaseField = P::BaseField; + type AffineRep = AffineRep

; + + fn add_affine<'a>(&self, other: &'a Self::AffineRep) -> Self + { + let mut copy = *self; + copy.add_affine_assign(other); + copy + } + + fn add_affine_assign<'a>(&mut self, other: &'a Self::AffineRep) + { + if self.is_zero() { self.x = other.x; self.y = other.y; self.z = P::BaseField::one(); @@ -780,304 +517,360 @@ impl ProjectiveCurve for GroupProjective

{ /// Be sure to use it in applications where timing (or similar) attacks /// are not possible. /// TODO: Add a side-channel secure variant. - fn mul_assign::BigInt>>(&mut self, other: S) { + fn mul_bits>(&self, bits: BitIterator) -> Self { + if self.is_zero() { + return *self; + } let mut res = Self::zero(); - - let mut found_one = false; - - for i in BitIterator::new(other.into()) { - if found_one { - res.double_in_place(); - } else { - found_one = i; - } - + let self_affine = self.into_affine().unwrap(); + for i in bits { + res.double_in_place(); if i { - res.add_assign(self); + res.add_affine_assign(&self_affine); } } - - *self = res; - } - - fn into_affine(&self) -> GroupAffine

{ - (*self).into() - } - - fn recommended_wnaf_for_scalar(scalar: ::BigInt) -> usize { - P::empirical_recommended_wnaf_for_scalar(scalar) + res } - fn recommended_wnaf_for_num_scalars(num_scalars: usize) -> usize { - P::empirical_recommended_wnaf_for_num_scalars(num_scalars) + fn scale_by_cofactor(&self) -> Self { + let cofactor = BitIterator::new(P::COFACTOR); + self.mul_bits(cofactor) } -} -impl SemanticallyValid for GroupProjective

{ - fn is_valid(&self) -> bool { - self.x.is_valid() && self.y.is_valid() && self.z.is_valid() && self.group_membership_test() + #[inline] + fn prime_subgroup_generator() -> Self { + Self::new( + P::AFFINE_GENERATOR_COEFFS.0, + P::AFFINE_GENERATOR_COEFFS.1, + P::BaseField::one(), + ) } -} -impl Neg for GroupProjective

{ - type Output = Self; - fn neg(self) -> Self { - if !self.is_zero() { - Self::new(self.x, -self.y, self.z) + #[inline] + fn group_membership_test(&self) -> bool { + self.is_on_curve() + && if !self.is_zero() { + self.is_in_correct_subgroup_assuming_on_curve() } else { - self + true } } -} -impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ - type Output = Self; - fn add(self, other: &'a Self) -> Self { - let mut copy = self; - copy += other; - copy - } -} - -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ - fn add_assign(&mut self, other: &'a Self) { + fn is_on_curve(&self) -> bool { if self.is_zero() { - *self = *other; - return; - } - - if other.is_zero() { - return; - } - // https://www.hyperelliptic.org/EFD/g1p/data/shortw/projective/addition/add-1998-cmo-2 - - if self == other { - self.double_in_place(); + true } else { - // Y1Z2 = Y1*Z2 - let y1z2 = self.y * &other.z; - // X1Z2 = X1*Z2 - let x1z2 = self.x * &other.z; - // Z1Z2 = Z1*Z2 - let z1z2 = self.z * &other.z; - // u = Y2*Z1-Y1Z2 - let u = (self.z * &other.y) - &y1z2; - // uu = u^2 - let uu = u.square(); - // v = X2*Z1-X1Z2 - let v = (self.z * &other.x) - &x1z2; - // vv = v^2 - let vv = v.square(); - // vvv = v*vv - let vvv = v * &vv; - // R = vv*X1Z2 - let r = vv * &x1z2; - // A = uu*Z1Z2-vvv-2*R - let a = (uu * &z1z2) - &(vvv + &r + &r); - // X3 = v*A - self.x = v * &a; - // Y3 = u*(R-A)-vvv*Y1Z2 - self.y = ((r - &a) * &u) - &(vvv * &y1z2); - // Z3 = vvv*Z1Z2 - self.z = vvv * &z1z2; + // Check that the point is on the curve + let y2 = self.y.square(); + let x3b = P::add_b(&((self.x.square() * &self.x) + &P::mul_by_a(&self.x))); + y2 == x3b } } -} -impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ - type Output = Self; - fn sub(self, other: &'a Self) -> Self { - let mut copy = self; - copy -= other; - copy + #[inline] + fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { + self.mul_bits(BitIterator::new(P::ScalarField::characteristic())) + .is_zero() } -} -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupProjective

{ - fn sub_assign(&mut self, other: &'a Self) { - *self += &(-(*other)); + #[inline] + fn is_normalized(&self) -> bool { + self.is_zero() || self.z.is_one() } -} -impl<'a, P: Parameters> Mul<&'a P::ScalarField> for GroupProjective

{ - type Output = Self; - fn mul(self, other: &'a P::ScalarField) -> Self { - let mut copy = self; - copy *= other; + #[inline] + fn normalize(&self) -> Self { + let mut copy = *self; + copy.normalize_assign(); copy } -} -impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for GroupProjective

{ - fn mul_assign(&mut self, other: &'a P::ScalarField) { - as ProjectiveCurve>::mul_assign(self, other.into_repr()); + fn normalize_assign(&mut self) { + if !self.is_normalized() { + let dz = self.z.inverse().unwrap(); + self.x *= &dz; // x/z + self.y *= &dz; // y/z + self.z = P::BaseField::one(); // z = 1 + } } -} -// The affine point X, Y is represented in the jacobian -// coordinates with Z = 1. -impl From> for GroupProjective

{ - fn from(p: GroupAffine

) -> GroupProjective

{ - if p.is_zero() { - Self::zero() - } else { - Self::new(p.x, p.y, P::BaseField::one()) + #[inline] + fn batch_normalization(v: &mut [Self]) { + // Montgomery’s Trick and Fast Implementation of Masked AES + // Genelle, Prouff and Quisquater + // Section 3.2 + + // First pass: compute [a, ab, abc, ...] + let mut prod = Vec::with_capacity(v.len()); + let mut tmp = P::BaseField::one(); + for g in v + .iter_mut() + // Ignore normalized elements + .filter(|g| !g.is_normalized()) + { + tmp.mul_assign(&g.z); + prod.push(tmp); } - } -} -// The projective point X, Y, Z is represented in the affine -// coordinates as X/Z, Y/Z. -impl From> for GroupAffine

{ - fn from(p: GroupProjective

) -> GroupAffine

{ - if p.is_zero() { - GroupAffine::zero() - } else if p.z.is_one() { - // If Z is one, the point is already normalized. - GroupAffine::new(p.x, p.y, false) - } else { - // Z is nonzero, so it must have an inverse in a field. - let z_inv = p.z.inverse().unwrap(); - let x = p.x * &z_inv; - let y = p.y * &z_inv; - GroupAffine::new(x, y, false) + // Invert `tmp`. + tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. + + // Second pass: iterate backwards to compute inverses + for (g, s) in v + .iter_mut() + // Backwards + .rev() + // Ignore normalized elements + .filter(|g| !g.is_normalized()) + // Backwards, skip last element, fill in one for last term. + .zip( + prod.into_iter() + .rev() + .skip(1) + .chain(Some(P::BaseField::one())), + ) + { + // tmp := tmp * g.z; g.z := tmp * s = 1/z + let newtmp = tmp * &g.z; + g.z = tmp * &s; + tmp = newtmp; } - } -} -impl CanonicalSerialize for GroupAffine

{ - #[allow(unused_qualifications)] - #[inline] - fn serialize(&self, writer: W) -> Result<(), SerializationError> { - if self.is_zero() { - let flags = SWFlags::infinity(); - // Serialize 0. - P::BaseField::zero().serialize_with_flags(writer, flags) - } else { - let flags = SWFlags::from_y_parity(self.y.is_odd()); - self.x.serialize_with_flags(writer, flags) + // Perform affine transformations + for g in v.iter_mut().filter(|g| !g.is_normalized()) { + g.x *= &g.z; // x/z^2 + g.y *= &g.z; + g.z = P::BaseField::one(); // z = 1 } } - #[inline] - fn serialized_size(&self) -> usize { - P::BaseField::zero().serialized_size_with_flags::() - } + /// Attempts to construct an affine point given an x-coordinate. The + /// point is not guaranteed to be in the prime order subgroup. + /// + /// If and only if `greatest` is set will the lexicographically + /// largest y-coordinate be selected. + #[allow(dead_code)] + fn get_point_from_x(x: P::BaseField, greatest: bool) -> Option { + // Compute x^3 + ax + b + let x3b = P::add_b(&((x.square() * &x) + &P::mul_by_a(&x))); - #[allow(unused_qualifications)] - #[inline] - fn serialize_uncompressed(&self, mut writer: W) -> Result<(), SerializationError> { - let flags = if self.is_zero() { - SWFlags::infinity() - } else { - SWFlags::default() - }; - CanonicalSerialize::serialize(&self.x, &mut writer)?; - self.y.serialize_with_flags(&mut writer, flags)?; - Ok(()) + x3b.sqrt().map(|y| { + let negy = -y; + let y = if (y < negy) ^ greatest { y } else { negy }; + Self::new(x, y, P::BaseField::one()) + }) } - #[inline] - fn uncompressed_size(&self) -> usize { - self.x.serialized_size() + self.y.serialized_size_with_flags::() + /// Attempts to construct an affine point given an x-coordinate. The + /// point is not guaranteed to be in the prime order subgroup. + /// + /// If and only if `parity` is set will the odd y-coordinate be selected. + #[allow(dead_code)] + fn get_point_from_x_and_parity(x: P::BaseField, parity: bool) -> Option { + // Compute x^3 + ax + b + let x3b = P::add_b(&((x.square() * &x) + &P::mul_by_a(&x))); + + x3b.sqrt().map(|y| { + let negy = -y; + let y = if y.is_odd() ^ parity { negy } else { y }; + Self::new(x, y, P::BaseField::one()) + }) } -} -impl CanonicalSerialize for GroupProjective

{ - #[allow(unused_qualifications)] - #[inline] - fn serialize(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(self.clone()); - CanonicalSerialize::serialize(&aff, writer) + fn from_random_bytes(bytes: &[u8]) -> Option { + P::BaseField::from_random_bytes_with_flags::(bytes).and_then(|(x, flags)| { + // if x is valid and is zero and only the infinity flag is set, then parse this + // point as infinity. For all other choices, get the original point. + if x.is_zero() && flags.is_infinity() { + Some(Self::zero()) + } else if let Some(y_is_odd) = flags.is_odd() { + Self::get_point_from_x_and_parity(x, y_is_odd) // Unwrap is safe because it's not zero. + } else { + None + } + }) } #[inline] - fn serialized_size(&self) -> usize { - let aff = GroupAffine::

::from(self.clone()); - aff.serialized_size() + fn recommended_wnaf_for_scalar(scalar: ::BigInt) -> usize { + P::empirical_recommended_wnaf_for_scalar(scalar) } - #[allow(unused_qualifications)] #[inline] - fn serialize_uncompressed(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(self.clone()); - aff.serialize_uncompressed(writer) + fn recommended_wnaf_for_num_scalars(num_scalars: usize) -> usize { + P::empirical_recommended_wnaf_for_num_scalars(num_scalars) } - #[inline] - fn uncompressed_size(&self) -> usize { - let aff = GroupAffine::

::from(self.clone()); - aff.uncompressed_size() + fn sum_buckets_affine(to_add: &mut [Vec]) { + let zero = P::BaseField::zero(); + let one = P::BaseField::one(); + let length = to_add.iter().map(|l| l.len()).fold(0, |x, y| x + y); + let mut denoms = vec![zero; length / 2]; + + while to_add.iter().position(|x| x.len() > 1) != None { + let mut dx: usize = 0; + for p in to_add.iter_mut() { + if p.len() < 2 { + continue; + } + let len = if p.len() % 2 == 0 { + p.len() + } else { + p.len() - 1 + }; + for i in (0..len).step_by(2) { + denoms[dx] = { + if p[i].x == p[i + 1].x { + if p[i + 1].y == zero { + one + } else { + p[i + 1].y.double() + } + } else { + p[i].x - &p[i + 1].x + } + }; + dx += 1; + } + } + + denoms.truncate(dx); + crate::fields::batch_inversion(&mut denoms); + dx = 0; + + for p in to_add.iter_mut() { + if p.len() < 2 { + continue; + } + let len = if p.len() % 2 == 0 { + p.len() + } else { + p.len() - 1 + }; + + let mut zeros = vec![false; p.len()]; + + for i in (0..len).step_by(2) { + let j = i / 2; + if zeros[i + 1] { + p[j] = p[i]; + } else if zeros[i] { + p[j] = p[i + 1]; + } else if p[i + 1].x == p[i].x && (p[i + 1].y != p[i].y || p[i + 1].y.is_zero()) + { + zeros[j] = true; + } else if p[i + 1].x == p[i].x && p[i + 1].y == p[i].y { + let sq = p[i].x.square(); + let s = (sq.double() + &sq + &P::COEFF_A) * &denoms[dx]; + let x = s.square() - &p[i].x.double(); + let y = -p[i].y - &(s * &(x - &p[i].x)); + p[j].x = x; + p[j].y = y; + } else { + let s = (p[i].y - &p[i + 1].y) * &denoms[dx]; + let x = s.square() - &p[i].x - &p[i + 1].x; + let y = -p[i].y - &(s * &(x - &p[i].x)); + p[j].x = x; + p[j].y = y; + } + dx += 1; + } + + let len = p.len(); + if len % 2 == 1 { + p[len / 2] = p[len - 1]; + p.truncate(len / 2 + 1); + } else { + p.truncate(len / 2); + } + } + } } } -impl CanonicalDeserialize for GroupAffine

{ - #[allow(unused_qualifications)] - fn deserialize(reader: R) -> Result { - let p = Self::deserialize_unchecked(reader)?; - if !p.is_zero() && !p.is_in_correct_subgroup_assuming_on_curve() { - return Err(SerializationError::InvalidData); - } - Ok(p) +impl EndoMulCurve for Projective

{ + fn apply_endomorphism(&self) -> Self { + let mut self_e = self.clone(); + self_e.x.mul_assign(P::ENDO_COEFF); + self_e } - #[allow(unused_qualifications)] - fn deserialize_unchecked(reader: R) -> Result { - let (x, flags): (P::BaseField, SWFlags) = - CanonicalDeserializeWithFlags::deserialize_with_flags(reader)?; - if flags.is_infinity() { - Ok(Self::zero()) - } else { - let p = GroupAffine::

::get_point_from_x_and_parity(x, flags.is_odd().unwrap()) - .ok_or(SerializationError::InvalidData)?; - Ok(p) + fn endo_rep_to_scalar(bits: Vec) -> Result { + let mut a: P::ScalarField = 2u64.into(); + let mut b: P::ScalarField = 2u64.into(); + + let one = P::ScalarField::one(); + let one_neg = one.neg(); + + let mut bits = bits; + if bits.len() % 2 == 1 { + bits.push(false); } - } - #[allow(unused_qualifications)] - fn deserialize_uncompressed(reader: R) -> Result { - let p = Self::deserialize_uncompressed_unchecked(reader)?; + if bits.len() > P::LAMBDA { + Err("Endo mul bits length exceeds LAMBDA")? + } - if !p.group_membership_test() { - return Err(SerializationError::InvalidData); + for i in (0..(bits.len() / 2)).rev() { + a.double_in_place(); + b.double_in_place(); + + let s = if bits[i * 2] { &one } else { &one_neg }; + + if bits[i * 2 + 1] { + a.add_assign(s); + } else { + b.add_assign(s); + } } - Ok(p) - } - #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked( - mut reader: R, - ) -> Result { - let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let (y, flags): (P::BaseField, SWFlags) = - CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; - let p = GroupAffine::

::new(x, y, flags.is_infinity()); - Ok(p) + Ok(a.mul(P::ENDO_SCALAR) + &b) } -} -impl CanonicalDeserialize for GroupProjective

{ - #[allow(unused_qualifications)] - fn deserialize(reader: R) -> Result { - let aff = as CanonicalDeserialize>::deserialize(reader)?; - Ok(aff.into()) - } + /// Endomorphism-based multiplication of a curve point + /// with a scalar in little-endian endomorphism representation. + fn endo_mul(&self, bits: Vec) -> Result { - #[allow(unused_qualifications)] - fn deserialize_unchecked(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_unchecked(reader)?; - Ok(aff.into()) - } + let self_affine = self.into_affine()?; + let self_affine_neg = self_affine.neg(); - #[allow(unused_qualifications)] - fn deserialize_uncompressed(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed(reader)?; - Ok(aff.into()) - } + let self_e = self.apply_endomorphism(); + let self_affine_e = self_e.into_affine()?; - #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked(reader: R) -> Result { - let aff = GroupAffine::

::deserialize_uncompressed_unchecked(reader)?; - Ok(aff.into()) + let self_affine_e_neg = self_affine_e.neg(); + + let mut acc = self_e; + acc.add_affine_assign(&self_affine); + acc.double_in_place(); + + let mut bits = bits; + if bits.len() % 2 == 1 { + bits.push(false); + } + + if bits.len() > P::LAMBDA { + Err("Endo mul bits length exceeds LAMBDA")? + } + + for i in (0..(bits.len() / 2)).rev() { + let s = if bits[i * 2 + 1] { + if bits[i * 2] { + &self_affine_e + } else { + &self_affine_e_neg + } + } else { + if bits[i * 2] { + &self_affine + } else { + &self_affine_neg + } + }; + + acc.double_in_place(); + acc.add_affine_assign(s); + } + + Ok(acc) } } diff --git a/algebra/src/curves/models/twisted_edwards_extended/mod.rs b/algebra/src/curves/models/twisted_edwards_extended/mod.rs index f8b1cd0c9..3dd671eab 100644 --- a/algebra/src/curves/models/twisted_edwards_extended/mod.rs +++ b/algebra/src/curves/models/twisted_edwards_extended/mod.rs @@ -1,41 +1,43 @@ +use crate::{ + bytes::{FromBytes, ToBytes}, + groups::Group, + curves::{ + Curve, + models::MontgomeryModelParameters as MontgomeryParameters, + models::TEModelParameters as Parameters, + }, + fields::{BitIterator, Field, PrimeField, SquareRootField}, + CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, Error, FromBytesChecked, EdwardsFlags, + SemanticallyValid, SerializationError, UniformRand, +}; use rand::{ distributions::{Distribution, Standard}, Rng, }; +use serde::{Deserialize, Serialize}; +use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}; use std::{ fmt::{Display, Formatter, Result as FmtResult}, io::{Error as IoError, ErrorKind, Read, Result as IoResult, Write}, + convert::TryFrom, marker::PhantomData, - ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}, -}; - -use crate::{ - bytes::{FromBytes, ToBytes}, - curves::{ - models::MontgomeryModelParameters as MontgomeryParameters, - models::TEModelParameters as Parameters, AffineCurve, ProjectiveCurve, - }, - fields::{BitIterator, Field, PrimeField, SquareRootField}, - BitSerializationError, CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, - CanonicalSerializeWithFlags, EdwardsFlags, Error, FromBytesChecked, FromCompressedBits, - SemanticallyValid, SerializationError, ToCompressedBits, UniformRand, }; -use serde::{Deserialize, Serialize}; #[cfg(test)] pub mod tests; #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - PartialEq(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") +Copy(bound = "P: Parameters"), +Clone(bound = "P: Parameters"), +PartialEq(bound = "P: Parameters"), +Eq(bound = "P: Parameters"), +Debug(bound = "P: Parameters"), +Hash(bound = "P: Parameters") )] #[derive(Serialize, Deserialize)] -pub struct GroupAffine { +pub struct AffineRep { pub x: P::BaseField, pub y: P::BaseField, #[derivative(Debug = "ignore")] @@ -43,25 +45,7 @@ pub struct GroupAffine { _params: PhantomData

, } -impl PartialEq> for GroupAffine

{ - fn eq(&self, other: &GroupProjective

) -> bool { - self.into_projective() == *other - } -} - -impl PartialEq> for GroupProjective

{ - fn eq(&self, other: &GroupAffine

) -> bool { - *self == other.into_projective() - } -} - -impl Display for GroupAffine

{ - fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "GroupAffine(x={}, y={})", self.x, self.y) - } -} - -impl GroupAffine

{ +impl AffineRep

{ pub fn new(x: P::BaseField, y: P::BaseField) -> Self { Self { x, @@ -69,353 +53,33 @@ impl GroupAffine

{ _params: PhantomData, } } - - #[must_use] - pub fn scale_by_cofactor(&self) -> ::Projective { - self.mul_bits(BitIterator::new(P::COFACTOR)) - } - - /// WARNING: This implementation doesn't take costant time with respect - /// to the exponent, and therefore is susceptible to side-channel attacks. - /// Be sure to use it in applications where timing (or similar) attacks - /// are not possible. - /// TODO: Add a side-channel secure variant. - #[must_use] - pub(crate) fn mul_bits>( - &self, - bits: BitIterator, - ) -> ::Projective { - let mut res = GroupProjective::zero(); - for i in bits { - res.double_in_place(); - if i { - res.add_assign_mixed(self) - } - } - res - } - - /// Attempts to construct an affine point given an x-coordinate. The - /// point is not guaranteed to be in the prime order subgroup. - /// - /// If and only if `greatest` is set will the lexicographically - /// largest y-coordinate be selected. - #[allow(dead_code)] - pub(crate) fn get_point_from_x(x: P::BaseField, greatest: bool) -> Option { - let x2 = x.square(); - let one = P::BaseField::one(); - let numerator = P::mul_by_a(&x2) - &one; - let denominator = P::COEFF_D * &x2 - &one; - let y2 = denominator.inverse().map(|denom| denom * &numerator); - y2.and_then(|y2| y2.sqrt()).map(|y| { - let negy = -y; - let y = if (y < negy) ^ greatest { y } else { negy }; - Self::new(x, y) - }) - } - - /// Attempts to construct an affine point given an x-coordinate. The - /// point is not guaranteed to be in the prime order subgroup. - /// - /// If and only if `parity` is set will the odd y-coordinate be selected. - #[allow(dead_code)] - pub fn get_point_from_x_and_parity(x: P::BaseField, parity: bool) -> Option { - let x2 = x.square(); - let one = P::BaseField::one(); - let numerator = P::mul_by_a(&x2) - &one; - let denominator = P::COEFF_D * &x2 - &one; - let y2 = denominator.inverse().map(|denom| denom * &numerator); - y2.and_then(|y2| y2.sqrt()).map(|y| { - let negy = -y; - let y = if y.is_odd() ^ parity { negy } else { y }; - Self::new(x, y) - }) - } - - /// Checks that the current point is on the elliptic curve. - pub fn is_on_curve(&self) -> bool { - let x2 = self.x.square(); - let y2 = self.y.square(); - - let lhs = y2 + &P::mul_by_a(&x2); - let rhs = P::BaseField::one() + &(P::COEFF_D * &(x2 * &y2)); - - lhs == rhs - } - - #[inline] - pub fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { - self.mul_bits(BitIterator::new(P::ScalarField::characteristic())) - .is_zero() - } -} - -impl AffineCurve for GroupAffine

{ - type ScalarField = P::ScalarField; - type BaseField = P::BaseField; - type Projective = GroupProjective

; - - fn zero() -> Self { - Self::new(Self::BaseField::zero(), Self::BaseField::one()) - } - - fn prime_subgroup_generator() -> Self { - Self::new(P::AFFINE_GENERATOR_COEFFS.0, P::AFFINE_GENERATOR_COEFFS.1) - } - - fn from_random_bytes(bytes: &[u8]) -> Option { - P::BaseField::from_random_bytes_with_flags::(bytes).and_then(|(x, flags)| { - // if x is valid and is zero, then parse this - // point as infinity. - if x.is_zero() { - Some(Self::zero()) - } else { - Self::get_point_from_x_and_parity(x, flags.is_odd()) - } - }) - } - - fn is_zero(&self) -> bool { - self.x.is_zero() & self.y.is_one() - } - - fn group_membership_test(&self) -> bool { - self.is_on_curve() - && if !self.is_zero() { - self.is_in_correct_subgroup_assuming_on_curve() - } else { - true - } - } - - fn add_points(_: &mut [Vec]) { - unimplemented!() - } - - fn mul::BigInt>>(&self, by: S) -> GroupProjective

{ - self.mul_bits(BitIterator::new(by.into())) - } - - fn into_projective(&self) -> GroupProjective

{ - (*self).into() - } - - fn mul_by_cofactor(&self) -> Self { - self.scale_by_cofactor().into() - } - - fn mul_by_cofactor_inv(&self) -> Self { - self.mul(P::COFACTOR_INV).into() - } } -impl SemanticallyValid for GroupAffine

{ - fn is_valid(&self) -> bool { - self.x.is_valid() && self.y.is_valid() && self.group_membership_test() +impl Display for AffineRep

{ + fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { + write!(f, "AffineRep(x={}, y={})", self.x, self.y) } } -impl Neg for GroupAffine

{ +impl Neg for AffineRep

{ type Output = Self; + #[inline] fn neg(self) -> Self { Self::new(-self.x, self.y) } } -impl<'a, P: Parameters> Add<&'a Self> for GroupAffine

{ - type Output = Self; - fn add(self, other: &'a Self) -> Self { - let mut copy = self; - copy += other; - copy - } -} - -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupAffine

{ - fn add_assign(&mut self, other: &'a Self) { - let y1y2 = self.y * &other.y; - let x1x2 = self.x * &other.x; - let dx1x2y1y2 = P::COEFF_D * &y1y2 * &x1x2; - - let d1 = P::BaseField::one() + &dx1x2y1y2; - let d2 = P::BaseField::one() - &dx1x2y1y2; - - let x1y2 = self.x * &other.y; - let y1x2 = self.y * &other.x; - - self.x = (x1y2 + &y1x2) / &d1; - self.y = (y1y2 - &P::mul_by_a(&x1x2)) / &d2; - } -} - -impl<'a, P: Parameters> Sub<&'a Self> for GroupAffine

{ - type Output = Self; - fn sub(self, other: &'a Self) -> Self { - let mut copy = self; - copy -= other; - copy - } -} - -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupAffine

{ - fn sub_assign(&mut self, other: &'a Self) { - *self += &(-(*other)); - } -} - -impl<'a, P: Parameters> Mul<&'a P::ScalarField> for GroupAffine

{ - type Output = Self; - fn mul(self, other: &'a P::ScalarField) -> Self { - let mut copy = self; - copy *= other; - copy - } -} - -impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for GroupAffine

{ - fn mul_assign(&mut self, other: &'a P::ScalarField) { - *self = ::mul(self, other.into_repr()).into_affine(); - } -} - -impl ToBytes for GroupAffine

{ - #[inline] - fn write(&self, mut writer: W) -> IoResult<()> { - self.x.write(&mut writer)?; - self.y.write(&mut writer) - } -} - -impl FromBytes for GroupAffine

{ - #[inline] - fn read(mut reader: R) -> IoResult { - let x = P::BaseField::read(&mut reader)?; - let y = P::BaseField::read(&mut reader)?; - Ok(Self::new(x, y)) - } -} - -impl FromBytesChecked for GroupAffine

{ - #[inline] - fn read_checked(mut reader: R) -> IoResult { - let x = P::BaseField::read_checked(&mut reader)?; - let y = P::BaseField::read_checked(reader)?; - let p = Self::new(x, y); - if !p.group_membership_test() { - return Err(IoError::new( - ErrorKind::InvalidData, - "invalid point: group membership test failed", - )); - } - Ok(p) - } -} - -use crate::{FromBits, ToBits}; -impl ToCompressedBits for GroupAffine

{ - #[inline] - fn compress(&self) -> Vec { - let mut res = self.x.write_bits(); - - // Is the y-coordinate the odd one of the two associated with the - // x-coordinate? - res.push(self.y.is_odd()); - - res - } -} - -impl FromCompressedBits for GroupAffine

{ - #[inline] - fn decompress(compressed: Vec) -> Result { - let len = compressed.len() - 1; - let parity_flag_set = compressed[len]; - - //Mask away the flag bits and try to get the x coordinate - let x = P::BaseField::read_bits(compressed[0..(len - 1)].to_vec())?; - - //Attempt to get the y coordinate from its parity and x - match Self::get_point_from_x_and_parity(x, parity_flag_set) { - //Check p belongs to the subgroup we expect - Some(p) => { - if p.is_zero() || p.is_in_correct_subgroup_assuming_on_curve() { - Ok(p) - } else { - let e = BitSerializationError::NotPrimeOrder; - Err(Box::new(e)) - } - } - _ => Err(Box::new(BitSerializationError::NotOnCurve)), - } - } -} - -impl Default for GroupAffine

{ - #[inline] - fn default() -> Self { - Self::zero() - } -} - -impl Distribution> for Standard { - #[inline] - fn sample(&self, rng: &mut R) -> GroupAffine

{ - loop { - let x = P::BaseField::rand(rng); - let greatest = rng.gen(); - - if let Some(p) = GroupAffine::get_point_from_x(x, greatest) { - return p.scale_by_cofactor().into(); - } - } - } -} - -mod group_impl { - use super::*; - use crate::groups::Group; - - impl Group for GroupAffine

{ - type ScalarField = P::ScalarField; - fn zero() -> Self { - ::zero() - } - - fn is_zero(&self) -> bool { - ::is_zero(&self) - } - - #[inline] - #[must_use] - fn double(&self) -> Self { - let mut tmp = *self; - tmp += self; - tmp - } - - #[inline] - fn double_in_place(&mut self) -> &mut Self { - let mut tmp = *self; - tmp += self; - *self = tmp; - self - } - } -} - -////////////////////////////////////////////////////////////////////////////// - #[derive(Derivative)] #[derivative( - Copy(bound = "P: Parameters"), - Clone(bound = "P: Parameters"), - Eq(bound = "P: Parameters"), - Debug(bound = "P: Parameters"), - Hash(bound = "P: Parameters") +Copy(bound = "P: Parameters"), +Clone(bound = "P: Parameters"), +Eq(bound = "P: Parameters"), +Debug(bound = "P: Parameters"), +Hash(bound = "P: Parameters") )] #[derive(Serialize, Deserialize)] -pub struct GroupProjective { +pub struct TEExtended { pub x: P::BaseField, pub y: P::BaseField, pub t: P::BaseField, @@ -425,13 +89,25 @@ pub struct GroupProjective { _params: PhantomData

, } -impl Display for GroupProjective

{ +impl TEExtended

{ + pub fn new(x: P::BaseField, y: P::BaseField, t: P::BaseField, z: P::BaseField) -> Self { + Self { + x, + y, + t, + z, + _params: PhantomData, + } + } +} + +impl Display for TEExtended

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { - write!(f, "{}", self.into_affine()) + write!(f, "Projective(x={}, y={}, t={}, z={})", self.x, self.y, self.t, self.z) } } -impl PartialEq for GroupProjective

{ +impl PartialEq for TEExtended

{ fn eq(&self, other: &Self) -> bool { if self.is_zero() { return other.is_zero(); @@ -441,26 +117,25 @@ impl PartialEq for GroupProjective

{ return false; } - // x1/z1 == x2/z2 <==> x1 * z2 == x2 * z1 (self.x * &other.z) == (other.x * &self.z) && (self.y * &other.z) == (other.y * &self.z) } } -impl Distribution> for Standard { +impl Distribution> for Standard { #[inline] - fn sample(&self, rng: &mut R) -> GroupProjective

{ + fn sample(&self, rng: &mut R) -> TEExtended

{ loop { let x = P::BaseField::rand(rng); let greatest = rng.gen(); - if let Some(p) = GroupAffine::get_point_from_x(x, greatest) { + if let Some(p) = TEExtended::get_point_from_x(x, greatest) { return p.scale_by_cofactor(); } } } } -impl ToBytes for GroupProjective

{ +impl ToBytes for TEExtended

{ #[inline] fn write(&self, mut writer: W) -> IoResult<()> { self.x.write(&mut writer)?; @@ -470,7 +145,7 @@ impl ToBytes for GroupProjective

{ } } -impl FromBytes for GroupProjective

{ +impl FromBytes for TEExtended

{ #[inline] fn read(mut reader: R) -> IoResult { let x = P::BaseField::read(&mut reader)?; @@ -481,207 +156,122 @@ impl FromBytes for GroupProjective

{ } } -impl FromBytesChecked for GroupProjective

{ - #[inline] +impl FromBytesChecked for TEExtended

{ fn read_checked(mut reader: R) -> IoResult { let x = P::BaseField::read_checked(&mut reader)?; let y = P::BaseField::read_checked(&mut reader)?; let t = P::BaseField::read_checked(&mut reader)?; let z = P::BaseField::read_checked(reader)?; - let p = Self::new(x, y, t, z); - if !p.group_membership_test() { + let point = Self::new(x, y, t, z); + if !point.group_membership_test() { return Err(IoError::new( ErrorKind::InvalidData, "invalid point: group membership test failed", )); } - Ok(p) + Ok(point) } } -impl Default for GroupProjective

{ +impl Default for TEExtended

{ #[inline] fn default() -> Self { Self::zero() } } -impl GroupProjective

{ - pub fn new(x: P::BaseField, y: P::BaseField, t: P::BaseField, z: P::BaseField) -> Self { - Self { - x, - y, - t, - z, - _params: PhantomData, - } +impl SemanticallyValid for TEExtended

{ + fn is_valid(&self) -> bool { + self.x.is_valid() + && self.y.is_valid() + && self.z.is_valid() + && self.t.is_valid() + && self.group_membership_test() } } -impl ProjectiveCurve for GroupProjective

{ - type BaseField = P::BaseField; - type ScalarField = P::ScalarField; - type Affine = GroupAffine

; - - fn zero() -> Self { - Self::new( - P::BaseField::zero(), - P::BaseField::one(), - P::BaseField::zero(), - P::BaseField::one(), - ) - } - - fn prime_subgroup_generator() -> Self { - GroupAffine::prime_subgroup_generator().into() +impl CanonicalSerialize for TEExtended

{ + #[allow(unused_qualifications)] + #[inline] + fn serialize(&self, writer: W) -> Result<(), SerializationError> { + if self.is_zero() { + let flags = EdwardsFlags::default(); + // Serialize 0. + P::BaseField::zero().serialize_with_flags(writer, flags) + } else { + let self_affine = self.into_affine().unwrap(); + let flags = EdwardsFlags::from_y_parity(self_affine.y.is_odd()); + self_affine.x.serialize_with_flags(writer, flags) + } } - fn is_zero(&self) -> bool { - self.x.is_zero() && self.y == self.z && !self.y.is_zero() && self.t.is_zero() + #[inline] + fn serialized_size(&self) -> usize { + P::BaseField::zero().serialized_size_with_flags::() } + #[allow(unused_qualifications)] #[inline] - fn group_membership_test(&self) -> bool { - self.into_affine().group_membership_test() + fn serialize_uncompressed(&self, mut writer: W) -> Result<(), SerializationError> { + let self_affine = self.into_affine().unwrap(); + self_affine.x.serialize_uncompressed(&mut writer)?; + self_affine.y.serialize_uncompressed(&mut writer)?; + Ok(()) } - fn is_normalized(&self) -> bool { - self.z.is_one() + #[inline] + fn uncompressed_size(&self) -> usize { + self.x.serialized_size() + self.y.serialized_size() } +} - fn batch_normalization(v: &mut [Self]) { - // Montgomery’s Trick and Fast Implementation of Masked AES - // Genelle, Prouff and Quisquater - // Section 3.2 - - // First pass: compute [a, ab, abc, ...] - let mut prod = Vec::with_capacity(v.len()); - let mut tmp = P::BaseField::one(); - for g in v - .iter_mut() - // Ignore normalized elements - .filter(|g| !g.is_normalized()) - { - tmp.mul_assign(&g.z); - prod.push(tmp); - } - - // Invert `tmp`. - tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. - - // Second pass: iterate backwards to compute inverses - for (g, s) in v - .iter_mut() - // Backwards - .rev() - // Ignore normalized elements - .filter(|g| !g.is_normalized()) - // Backwards, skip last element, fill in one for last term. - .zip( - prod.into_iter() - .rev() - .skip(1) - .chain(Some(P::BaseField::one())), - ) - { - // tmp := tmp * g.z; g.z := tmp * s = 1/z - let newtmp = tmp * &g.z; - g.z = tmp * &s; - tmp = newtmp; - } - - // Perform affine transformations - for g in v.iter_mut().filter(|g| !g.is_normalized()) { - g.x *= &g.z; // x/z - g.y *= &g.z; - g.t *= &g.z; - g.z = P::BaseField::one(); // z = 1 +impl CanonicalDeserialize for TEExtended

{ + #[allow(unused_qualifications)] + fn deserialize(reader: R) -> Result { + let p = Self::deserialize_unchecked(reader)?; + if !p.is_zero() && !p.is_in_correct_subgroup_assuming_on_curve() { + return Err(SerializationError::InvalidData); } + Ok(p) } - fn double_in_place(&mut self) -> &mut Self { - let tmp = *self; - *self += &tmp; - self - } - - fn add_assign_mixed(&mut self, other: &Self::Affine) { - // A = X1*X2 - let a = self.x * &other.x; - // B = Y1*Y2 - let b = self.y * &other.y; - // C = T1*d*T2 - let c = P::COEFF_D * &self.t * &other.x * &other.y; - // D = Z1 - let d = self.z; - // E = (X1+Y1)*(X2+Y2)-A-B - let e = (self.x + &self.y) * &(other.x + &other.y) - &a - &b; - // F = D-C - let f = d - &c; - // G = D+C - let g = d + &c; - // H = B-a*A - let h = b - &P::mul_by_a(&a); - // X3 = E*F - self.x = e * &f; - // Y3 = G*H - self.y = g * &h; - // T3 = E*H - self.t = e * &h; - // Z3 = F*G - self.z = f * &g; - } - - /// WARNING: This implementation doesn't take costant time with respect - /// to the exponent, and therefore is susceptible to side-channel attacks. - /// Be sure to use it in applications where timing (or similar) attacks - /// are not possible. - /// TODO: Add a side-channel secure variant. - fn mul_assign::BigInt>>(&mut self, other: S) { - let mut res = Self::zero(); - - let mut found_one = false; - - for i in BitIterator::new(other.into()) { - if found_one { - res.double_in_place(); - } else { - found_one = i; - } - - if i { - res.add_assign(self); - } + #[allow(unused_qualifications)] + fn deserialize_unchecked(reader: R) -> Result { + let (x, flags): (P::BaseField, EdwardsFlags) = + CanonicalDeserializeWithFlags::deserialize_with_flags(reader)?; + if x == P::BaseField::zero() { + Ok(Self::zero()) + } else { + let p = TEExtended::

::get_point_from_x_and_parity(x, flags.is_odd()) + .ok_or(SerializationError::InvalidData)?; + Ok(p) } - - *self = res; } - fn into_affine(&self) -> GroupAffine

{ - (*self).into() - } + #[allow(unused_qualifications)] + fn deserialize_uncompressed(reader: R) -> Result { + let p = Self::deserialize_uncompressed_unchecked(reader)?; - fn recommended_wnaf_for_scalar(scalar: ::BigInt) -> usize { - P::empirical_recommended_wnaf_for_scalar(scalar) + if !p.group_membership_test() { + return Err(SerializationError::InvalidData); + } + Ok(p) } - fn recommended_wnaf_for_num_scalars(num_scalars: usize) -> usize { - P::empirical_recommended_wnaf_for_num_scalars(num_scalars) - } -} + #[allow(unused_qualifications)] + fn deserialize_uncompressed_unchecked(mut reader: R) -> Result { + let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; + let y: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; -impl SemanticallyValid for GroupProjective

{ - fn is_valid(&self) -> bool { - self.x.is_valid() - && self.y.is_valid() - && self.z.is_valid() - && self.t.is_valid() - && self.group_membership_test() + let p = TEExtended::

::new(x, y, x * &y, P::BaseField::one()); + Ok(p) } } -impl Neg for GroupProjective

{ +impl Neg for TEExtended

{ type Output = Self; + + #[inline] fn neg(mut self) -> Self { self.x = -self.x; self.t = -self.t; @@ -689,8 +279,10 @@ impl Neg for GroupProjective

{ } } -impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> Add<&'a Self> for TEExtended

{ type Output = Self; + + #[inline] fn add(self, other: &'a Self) -> Self { let mut copy = self; copy += other; @@ -698,7 +290,7 @@ impl<'a, P: Parameters> Add<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> AddAssign<&'a Self> for TEExtended

{ fn add_assign(&mut self, other: &'a Self) { // See "Twisted Edwards Curves Revisited" // Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson @@ -742,8 +334,10 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> Sub<&'a Self> for TEExtended

{ type Output = Self; + + #[inline] fn sub(self, other: &'a Self) -> Self { let mut copy = self; copy -= other; @@ -751,14 +345,30 @@ impl<'a, P: Parameters> Sub<&'a Self> for GroupProjective

{ } } -impl<'a, P: Parameters> SubAssign<&'a Self> for GroupProjective

{ +impl<'a, P: Parameters> SubAssign<&'a Self> for TEExtended

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } -impl<'a, P: Parameters> Mul<&'a P::ScalarField> for GroupProjective

{ +impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for TEExtended

{ + + /// WARNING: This implementation doesn't take costant time with respect + /// to the exponent, and therefore is susceptible to side-channel attacks. + /// Be sure to use it in applications where timing (or similar) attacks + /// are not possible. + /// TODO: Add a side-channel secure variant. + fn mul_assign(&mut self, other: &'a P::ScalarField) { + if !self.is_zero() { + *self = self.mul_bits(BitIterator::new(Into::<::BigInt>::into(*other))) + } + } +} + +impl<'a, P: Parameters> Mul<&'a P::ScalarField> for TEExtended

{ type Output = Self; + + #[inline] fn mul(self, other: &'a P::ScalarField) -> Self { let mut copy = self; copy *= other; @@ -766,170 +376,297 @@ impl<'a, P: Parameters> Mul<&'a P::ScalarField> for GroupProjective

{ } } -impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for GroupProjective

{ - fn mul_assign(&mut self, other: &'a P::ScalarField) { - ::mul_assign(self, other.into_repr()); - } -} - -// The affine point (X, Y) is represented in the Extended Projective coordinates -// with Z = 1. -impl From> for GroupProjective

{ - fn from(p: GroupAffine

) -> GroupProjective

{ +// The affine point X, Y is represented in the Jacobian +// coordinates with Z = 1. +impl From> for TEExtended

{ + #[inline] + fn from(p: AffineRep

) -> TEExtended

{ Self::new(p.x, p.y, p.x * &p.y, P::BaseField::one()) } } -// The projective point X, Y, T, Z is represented in the affine -// coordinates as X/Z, Y/Z. -impl From> for GroupAffine

{ - fn from(p: GroupProjective

) -> GroupAffine

{ +// The projective point X, Y, Z is represented in the affine +// coordinates as X/Z^2, Y/Z^3. +impl TryFrom> for AffineRep

{ + type Error = Error; + + #[inline] + fn try_from(p: TEExtended

) -> Result, Error> { if p.is_zero() { - GroupAffine::zero() + Ok(AffineRep::new(P::BaseField::zero(), P::BaseField::one())) } else if p.z.is_one() { // If Z is one, the point is already normalized. - GroupAffine::new(p.x, p.y) + Ok(AffineRep::new(p.x, p.y)) } else { // Z is nonzero, so it must have an inverse in a field. let z_inv = p.z.inverse().unwrap(); let x = p.x * &z_inv; let y = p.y * &z_inv; - GroupAffine::new(x, y) + Ok(AffineRep::new(x, y)) } } } -impl CanonicalSerialize for GroupAffine

{ - #[allow(unused_qualifications)] + +impl Group for TEExtended

{ + type ScalarField = P::ScalarField; + + // The point at infinity is conventionally represented as (1:1:0) #[inline] - fn serialize(&self, writer: W) -> Result<(), SerializationError> { - if self.is_zero() { - let flags = EdwardsFlags::default(); - // Serialize 0. - P::BaseField::zero().serialize_with_flags(writer, flags) - } else { - let flags = EdwardsFlags::from_y_parity(self.y.is_odd()); - self.x.serialize_with_flags(writer, flags) - } + fn zero() -> Self { + Self::new( + P::BaseField::zero(), + P::BaseField::one(), + P::BaseField::zero(), + P::BaseField::one(), + ) } + // The point at infinity is always represented by + // Z = 0. #[inline] - fn serialized_size(&self) -> usize { - P::BaseField::zero().serialized_size_with_flags::() + fn is_zero(&self) -> bool { + self.x.is_zero() && self.y == self.z && !self.y.is_zero() && self.t.is_zero() } - #[allow(unused_qualifications)] - #[inline] - fn serialize_uncompressed(&self, mut writer: W) -> Result<(), SerializationError> { - self.x.serialize_uncompressed(&mut writer)?; - self.y.serialize_uncompressed(&mut writer)?; - Ok(()) + fn double_in_place(&mut self) -> &mut Self { + let tmp = *self; + *self += &tmp; + self + } +} + +impl Curve for TEExtended

{ + type BaseField = P::BaseField; + type AffineRep = AffineRep

; + + fn add_affine<'a>(&self, other: &'a Self::AffineRep) -> Self + { + let mut copy = *self; + copy.add_affine_assign(other); + copy + } + + fn add_affine_assign<'a>(&mut self, other: &'a Self::AffineRep) + { + // A = X1*X2 + let a = self.x * &other.x; + // B = Y1*Y2 + let b = self.y * &other.y; + // C = T1*d*T2 + let c = P::COEFF_D * &self.t * &other.x * &other.y; + // D = Z1 + let d = self.z; + // E = (X1+Y1)*(X2+Y2)-A-B + let e = (self.x + &self.y) * &(other.x + &other.y) - &a - &b; + // F = D-C + let f = d - &c; + // G = D+C + let g = d + &c; + // H = B-a*A + let h = b - &P::mul_by_a(&a); + // X3 = E*F + self.x = e * &f; + // Y3 = G*H + self.y = g * &h; + // T3 = E*H + self.t = e * &h; + // Z3 = F*G + self.z = f * &g; + } + + /// WARNING: This implementation doesn't take costant time with respect + /// to the exponent, and therefore is susceptible to side-channel attacks. + /// Be sure to use it in applications where timing (or similar) attacks + /// are not possible. + /// TODO: Add a side-channel secure variant. + fn mul_bits>(&self, bits: BitIterator) -> Self { + let mut res = Self::zero(); + let self_affine = self.into_affine().unwrap(); + for i in bits { + res.double_in_place(); + if i { + res.add_affine_assign(&self_affine); + } + } + res + } + + fn scale_by_cofactor(&self) -> Self { + let cofactor = BitIterator::new(P::COFACTOR); + self.mul_bits(cofactor) } #[inline] - fn uncompressed_size(&self) -> usize { - // x + y - self.x.serialized_size() + self.y.serialized_size() + fn prime_subgroup_generator() -> Self { + Self::new( + P::AFFINE_GENERATOR_COEFFS.0, + P::AFFINE_GENERATOR_COEFFS.1, + P::AFFINE_GENERATOR_COEFFS.0 * &P::AFFINE_GENERATOR_COEFFS.1, + P::BaseField::one(), + ) } -} -impl CanonicalSerialize for GroupProjective

{ - #[allow(unused_qualifications)] #[inline] - fn serialize(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(self.clone()); - CanonicalSerialize::serialize(&aff, writer) + fn group_membership_test(&self) -> bool { + self.is_on_curve() + && if !self.is_zero() { + self.is_in_correct_subgroup_assuming_on_curve() + } else { + true + } + } + + fn is_on_curve(&self) -> bool { + let x2 = self.x.square(); + let y2 = self.y.square(); + + let lhs = y2 + &P::mul_by_a(&x2); + let rhs = P::BaseField::one() + &(P::COEFF_D * &(x2 * &y2)); + + lhs == rhs } #[inline] - fn serialized_size(&self) -> usize { - let aff = GroupAffine::

::from(self.clone()); - aff.serialized_size() + fn is_in_correct_subgroup_assuming_on_curve(&self) -> bool { + self.mul_bits(BitIterator::new(P::ScalarField::characteristic())) + .is_zero() } - #[allow(unused_qualifications)] #[inline] - fn serialize_uncompressed(&self, writer: W) -> Result<(), SerializationError> { - let aff = GroupAffine::

::from(self.clone()); - aff.serialize_uncompressed(writer) + fn is_normalized(&self) -> bool { + self.is_zero() || self.z.is_one() } #[inline] - fn uncompressed_size(&self) -> usize { - let aff = GroupAffine::

::from(self.clone()); - aff.uncompressed_size() + fn normalize(&self) -> Self { + let mut copy = *self; + copy.normalize_assign(); + copy } -} -impl CanonicalDeserialize for GroupAffine

{ - #[allow(unused_qualifications)] - fn deserialize(reader: R) -> Result { - let p = Self::deserialize_unchecked(reader)?; - if !p.is_zero() && !p.is_in_correct_subgroup_assuming_on_curve() { - return Err(SerializationError::InvalidData); + fn normalize_assign(&mut self) { + if !self.is_normalized() { + let dz = self.z.inverse().unwrap(); + self.x *= &dz; // x/z + self.y *= &dz; // y/z + self.t *= &dz; // y/z + self.z = P::BaseField::one(); // z = 1 } - Ok(p) } - #[allow(unused_qualifications)] - fn deserialize_unchecked(mut reader: R) -> Result { - let (x, flags): (P::BaseField, EdwardsFlags) = - CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; - if x == P::BaseField::zero() { - Ok(Self::zero()) - } else { - let p = GroupAffine::

::get_point_from_x_and_parity(x, flags.is_odd()) - .ok_or(SerializationError::InvalidData)?; - Ok(p) + #[inline] + fn batch_normalization(v: &mut [Self]) { + // Montgomery’s Trick and Fast Implementation of Masked AES + // Genelle, Prouff and Quisquater + // Section 3.2 + + // First pass: compute [a, ab, abc, ...] + let mut prod = Vec::with_capacity(v.len()); + let mut tmp = P::BaseField::one(); + for g in v + .iter_mut() + // Ignore normalized elements + .filter(|g| !g.is_normalized()) + { + tmp.mul_assign(&g.z); + prod.push(tmp); } - } - #[allow(unused_qualifications)] - fn deserialize_uncompressed(reader: R) -> Result { - let p = Self::deserialize_uncompressed_unchecked(reader)?; + // Invert `tmp`. + tmp = tmp.inverse().unwrap(); // Guaranteed to be nonzero. - if !p.group_membership_test() { - return Err(SerializationError::InvalidData); + // Second pass: iterate backwards to compute inverses + for (g, s) in v + .iter_mut() + // Backwards + .rev() + // Ignore normalized elements + .filter(|g| !g.is_normalized()) + // Backwards, skip last element, fill in one for last term. + .zip( + prod.into_iter() + .rev() + .skip(1) + .chain(Some(P::BaseField::one())), + ) + { + // tmp := tmp * g.z; g.z := tmp * s = 1/z + let newtmp = tmp * &g.z; + g.z = tmp * &s; + tmp = newtmp; + } + + // Perform affine transformations + for g in v.iter_mut().filter(|g| !g.is_normalized()) { + g.x *= &g.z; // x/z + g.y *= &g.z; + g.t *= &g.z; + g.z = P::BaseField::one(); // z = 1 } - Ok(p) } - #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked( - mut reader: R, - ) -> Result { - let x: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let y: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; + /// Attempts to construct an affine point given an x-coordinate. The + /// point is not guaranteed to be in the prime order subgroup. + /// + /// If and only if `greatest` is set will the lexicographically + /// largest y-coordinate be selected. + #[allow(dead_code)] + fn get_point_from_x(x: P::BaseField, greatest: bool) -> Option { + let x2 = x.square(); + let one = P::BaseField::one(); + let numerator = P::mul_by_a(&x2) - &one; + let denominator = P::COEFF_D * &x2 - &one; + let y2 = denominator.inverse().map(|denom| denom * &numerator); + y2.and_then(|y2| y2.sqrt()).map(|y| { + let negy = -y; + let y = if (y < negy) ^ greatest { y } else { negy }; + Self::new(x, y, x * &y, P::BaseField::one()) + }) + } - let p = GroupAffine::

::new(x, y); - Ok(p) + /// Attempts to construct an affine point given an x-coordinate. The + /// point is not guaranteed to be in the prime order subgroup. + /// + /// If and only if `parity` is set will the odd y-coordinate be selected. + #[allow(dead_code)] + fn get_point_from_x_and_parity(x: P::BaseField, parity: bool) -> Option { + let x2 = x.square(); + let one = P::BaseField::one(); + let numerator = P::mul_by_a(&x2) - &one; + let denominator = P::COEFF_D * &x2 - &one; + let y2 = denominator.inverse().map(|denom| denom * &numerator); + y2.and_then(|y2| y2.sqrt()).map(|y| { + let negy = -y; + let y = if y.is_odd() ^ parity { negy } else { y }; + Self::new(x, y, x * &y, P::BaseField::one()) + }) } -} -impl CanonicalDeserialize for GroupProjective

{ - #[allow(unused_qualifications)] - fn deserialize(reader: R) -> Result { - let aff = as CanonicalDeserialize>::deserialize(reader)?; - Ok(aff.into()) + fn from_random_bytes(bytes: &[u8]) -> Option { + P::BaseField::from_random_bytes_with_flags::(bytes).and_then(|(x, flags)| { + // if x is valid and is zero, then parse this + // point as infinity. + if x.is_zero() { + Some(Self::zero()) + } else { + Self::get_point_from_x_and_parity(x, flags.is_odd()) + } + }) } - #[allow(unused_qualifications)] - fn deserialize_unchecked(reader: R) -> Result { - let aff = as CanonicalDeserialize>::deserialize_unchecked(reader)?; - Ok(aff.into()) + #[inline] + fn recommended_wnaf_for_scalar(scalar: ::BigInt) -> usize { + P::empirical_recommended_wnaf_for_scalar(scalar) } - #[allow(unused_qualifications)] - fn deserialize_uncompressed(reader: R) -> Result { - let aff = as CanonicalDeserialize>::deserialize_uncompressed(reader)?; - Ok(aff.into()) + #[inline] + fn recommended_wnaf_for_num_scalars(num_scalars: usize) -> usize { + P::empirical_recommended_wnaf_for_num_scalars(num_scalars) } - #[allow(unused_qualifications)] - fn deserialize_uncompressed_unchecked(reader: R) -> Result { - let aff = - as CanonicalDeserialize>::deserialize_uncompressed_unchecked(reader)?; - Ok(aff.into()) + fn sum_buckets_affine(_: &mut [Vec]) { + unimplemented!() } } @@ -942,20 +679,20 @@ impl CanonicalDeserialize for GroupProjective

{ Debug(bound = "P: MontgomeryParameters"), Hash(bound = "P: MontgomeryParameters") )] -pub struct MontgomeryGroupAffine { +pub struct MontgomeryAffine { pub x: P::BaseField, pub y: P::BaseField, #[derivative(Debug = "ignore")] _params: PhantomData

, } -impl Display for MontgomeryGroupAffine

{ +impl Display for MontgomeryAffine

{ fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { write!(f, "MontgomeryGroupAffine(x={}, y={})", self.x, self.y) } } -impl MontgomeryGroupAffine

{ +impl MontgomeryAffine

{ pub fn new(x: P::BaseField, y: P::BaseField) -> Self { Self { x, diff --git a/algebra/src/curves/secp256k1/mod.rs b/algebra/src/curves/secp256k1/mod.rs index 5f8b35b83..74d6f9eec 100644 --- a/algebra/src/curves/secp256k1/mod.rs +++ b/algebra/src/curves/secp256k1/mod.rs @@ -3,7 +3,7 @@ use crate::biginteger::BigInteger320; use crate::curves::{ models::{ModelParameters, SWModelParameters}, - short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + short_weierstrass_jacobian::Jacobian, }; use crate::fields::secp256k1::{fq::Fq, fr::Fr}; use crate::{field_new, Field}; @@ -19,8 +19,7 @@ impl ModelParameters for Secp256k1Parameters { type ScalarField = Fr; } -pub type Affine = GroupAffine; -pub type Projective = GroupProjective; +pub type Secp256k1Jacobian = Jacobian; impl SWModelParameters for Secp256k1Parameters { /// COEFF_A = 0 diff --git a/algebra/src/curves/secp256k1/tests.rs b/algebra/src/curves/secp256k1/tests.rs index 903af929c..e6823ff32 100644 --- a/algebra/src/curves/secp256k1/tests.rs +++ b/algebra/src/curves/secp256k1/tests.rs @@ -1,148 +1,163 @@ -use crate::{ - curves::{ - secp256k1::{Affine, Projective, Secp256k1Parameters}, - tests::{curve_tests, sw_jacobian_curve_serialization_test}, - AffineCurve, ProjectiveCurve, - }, - fields::secp256k1::Fr, - groups::tests::group_test, - FromBytes, SemanticallyValid, -}; +use crate::{curves::{ + Curve, + secp256k1::{Secp256k1Jacobian, Secp256k1Parameters}, + tests::{curve_tests, sw_jacobian_curve_serialization_test}, +}, fields::secp256k1::Fr, groups::tests::group_test, FromBytes, SemanticallyValid}; use hex_literal::hex; use rand::{Rng, SeedableRng}; use rand_xorshift::XorShiftRng; #[test] -fn test_secp256k1_projective_curve() { - curve_tests::(); +fn test_secp256k1_curve() { + curve_tests::(); sw_jacobian_curve_serialization_test::(); } #[test] -fn test_secp256k1_projective_group() { +fn test_secp256k1_group() { let mut rng = XorShiftRng::seed_from_u64(1234567890u64); - let a: Projective = rng.gen(); - let b: Projective = rng.gen(); + let a: Secp256k1Jacobian = rng.gen(); + let b: Secp256k1Jacobian = rng.gen(); group_test(a, b); } #[test] fn test_secp256k1_generator() { - let generator = Affine::prime_subgroup_generator(); + let generator = Secp256k1Jacobian::prime_subgroup_generator(); assert!(generator.is_on_curve()); assert!(generator.is_in_correct_subgroup_assuming_on_curve()); } -fn to_internal_repr(mut x: Vec, mut y: Vec) -> Projective { +fn to_internal_repr(mut x: Vec, mut y: Vec, mut z: Vec) -> Secp256k1Jacobian { // Hex is in big-endian but FromBytes accepts only in little-endian, so we need to reverse. // Plus, we represent the Field using a BigInteger320, e.g. with 40 bytes instead of 32, so we need to pad. x.reverse(); x.append(&mut vec![0u8; 8]); y.reverse(); y.append(&mut vec![0u8; 8]); + z.reverse(); + z.append(&mut vec![0u8; 8]); // Collect both coordinates x.append(&mut y); - - // Push infinity flag being 0 - x.push(0u8); + x.append(&mut z); // Read point (let's use the FromBytes for simplicity) - Affine::read(&x[..]).unwrap().into_projective() + Secp256k1Jacobian::read(&x[..]).unwrap() } #[test] /// Repeated addition with the generator. Test vectors are taken from /// https://github.com/RustCrypto/elliptic-curves/blob/master/k256/src/test_vectors/group.rs fn test_secp256k1_addition_correctness() { - const ADD_TEST_VECTORS: &[([u8; 32], [u8; 32])] = &[ + const ADD_TEST_VECTORS: &[([u8; 32], [u8; 32], [u8; 32])] = &[ ( hex!("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"), hex!("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5"), hex!("1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9"), hex!("388F7B0F632DE8140FE337E62A37F3566500A99934C2231B6CB9FD7584B8E672"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("E493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13"), hex!("51ED993EA0D455B75642E2098EA51448D967AE33BFBDFE40CFE97BDC47739922"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4"), hex!("D8AC222636E5E3D6D4DBA9DDA6C9C426F788271BAB0D6840DCA87D3AA6AC62D6"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A1460297556"), hex!("AE12777AACFBB620F3BE96017F45C560DE80F0F6518FE4A03C870C36B075F297"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC"), hex!("6AEBCA40BA255960A3178D6D861A54DBA813D0B813FDE7B5A5082628087264DA"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("2F01E5E15CCA351DAFF3843FB70F3C2F0A1BDD05E5AF888A67784EF3E10A2A01"), hex!("5C4DA8A741539949293D082A132D13B4C2E213D6BA5B7617B5DA2CB76CBDE904"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("ACD484E2F0C7F65309AD178A9F559ABDE09796974C57E714C35F110DFC27CCBE"), hex!("CC338921B0A7D9FD64380971763B61E9ADD888A4375F8E0F05CC262AC64F9C37"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("A0434D9E47F3C86235477C7B1AE6AE5D3442D49B1943C2B752A68E2A47E247C7"), hex!("893ABA425419BC27A3B6C7E693A24C696F794C2ED877A1593CBEE53B037368D7"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("774AE7F858A9411E5EF4246B70C65AAC5649980BE5C17891BBEC17895DA008CB"), hex!("D984A032EB6B5E190243DD56D7B7B365372DB1E2DFF9D6A8301D74C9C953C61B"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("D01115D548E7561B15C38F004D734633687CF4419620095BC5B0F47070AFE85A"), hex!("A9F34FFDC815E0D7A8B64537E17BD81579238C5DD9A86D526B051B13F4062327"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8"), hex!("0AB0902E8D880A89758212EB65CDAF473A1A06DA521FA91F29B5CB52DB03ED81"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("499FDF9E895E719CFD64E67F07D38E3226AA7B63678949E6E49B241A60E823E4"), hex!("CAC2F6C4B54E855190F044E4A7B3D464464279C27A3F95BCC65F40D403A13F5B"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("D7924D4F7D43EA965A465AE3095FF41131E5946F3C85F79E44ADBCF8E27E080E"), hex!("581E2872A86C72A683842EC228CC6DEFEA40AF2BD896D3A5C504DC9FF6A26B58"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("E60FCE93B59E9EC53011AABC21C23E97B2A31369B87A5AE9C44EE89E2A6DEC0A"), hex!("F7E3507399E595929DB99F34F57937101296891E44D23F0BE1F32CCE69616821"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("DEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34"), hex!("4211AB0694635168E997B0EAD2A93DAECED1F4A04A95C0F6CFB199F69E56EB77"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("5601570CB47F238D2B0286DB4A990FA0F3BA28D1A319F5E7CF55C2A2444DA7CC"), hex!("C136C1DC0CBEB930E9E298043589351D81D8E0BC736AE2A1F5192E5E8B061D58"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("2B4EA0A797A443D293EF5CFF444F4979F06ACFEBD7E86D277475656138385B6C"), hex!("85E89BC037945D93B343083B5A1C86131A01F60C50269763B570C854E5C09B7A"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97"), hex!("12BA26DCB10EC1625DA61FA10A844C676162948271D96967450288EE9233DC3A"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ]; - let gen = Projective::prime_subgroup_generator(); + let gen = Secp256k1Jacobian::prime_subgroup_generator(); let mut curr_point = gen; - for (i, (x, y)) in ADD_TEST_VECTORS.iter().enumerate() { - let test_point = to_internal_repr(x.to_vec(), y.to_vec()); + for (i, (x, y, z)) in ADD_TEST_VECTORS.iter().enumerate() { + let test_point = to_internal_repr(x.to_vec(), y.to_vec(), z.to_vec()); assert!( test_point.is_valid(), "Validity test failed for point {}", @@ -163,138 +178,163 @@ fn test_secp256k1_addition_correctness() { fn test_secp256k1_mul_bits_correctness() { use std::ops::Mul; - pub const MUL_TEST_VECTORS: &[([u8; 32], [u8; 32], [u8; 32])] = &[ + pub const MUL_TEST_VECTORS: &[([u8; 32], [u8; 32], [u8; 32], [u8; 32])] = &[ ( hex!("000000000000000000000000000000000000000000000000018EBBB95EED0E13"), hex!("A90CC3D3F3E146DAADFC74CA1372207CB4B725AE708CEF713A98EDD73D99EF29"), hex!("5A79D6B289610C68BC3B47F3D72F9788A26A06868B4D8E433E1E2AD76FB7DC76"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("0000000000000000000000000000000000159D893D4CDD747246CDCA43590E13"), hex!("E5A2636BCFD412EBF36EC45B19BFB68A1BC5F8632E678132B885F7DF99C5E9B3"), hex!("736C1CE161AE27B405CAFD2A7520370153C2C861AC51D6C1D5985D9606B45F39"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAEABB739ABD2280EEFF497A3340D9050"), hex!("A6B594B38FB3E77C6EDF78161FADE2041F4E09FD8497DB776E546C41567FEB3C"), hex!("71444009192228730CD8237A490FEBA2AFE3D27D7CC1136BC97E439D13330D55"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0"), hex!("00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C63"), hex!("3F3979BF72AE8202983DC989AEC7F2FF2ED91BDD69CE02FC0700CA100E59DDF3"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0C0325AD0376782CCFDDC6E99C28B0F0"), hex!("E24CE4BEEE294AA6350FAA67512B99D388693AE4E7F53D19882A6EA169FC1CE1"), hex!("8B71E83545FC2B5872589F99D948C03108D36797C4DE363EBD3FF6A9E1A95B10"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412D"), hex!("4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97"), hex!("ED45D9234EF13E9DA259E05EF57BB3989E9D6B7D8E269698BAFD77106DCC1FF5"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412E"), hex!("2B4EA0A797A443D293EF5CFF444F4979F06ACFEBD7E86D277475656138385B6C"), hex!("7A17643FC86BA26C4CBCF7C4A5E379ECE5FE09F3AFD9689C4A8F37AA1A3F60B5"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412F"), hex!("5601570CB47F238D2B0286DB4A990FA0F3BA28D1A319F5E7CF55C2A2444DA7CC"), hex!("3EC93E23F34146CF161D67FBCA76CAE27E271F438C951D5E0AE6D1A074F9DED7"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364130"), hex!("DEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34"), hex!("BDEE54F96B9CAE9716684F152D56C251312E0B5FB56A3F09304E660861A910B8"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364131"), hex!("E60FCE93B59E9EC53011AABC21C23E97B2A31369B87A5AE9C44EE89E2A6DEC0A"), hex!("081CAF8C661A6A6D624660CB0A86C8EFED6976E1BB2DC0F41E0CD330969E940E"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364132"), hex!("D7924D4F7D43EA965A465AE3095FF41131E5946F3C85F79E44ADBCF8E27E080E"), hex!("A7E1D78D57938D597C7BD13DD733921015BF50D427692C5A3AFB235F095D90D7"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364133"), hex!("499FDF9E895E719CFD64E67F07D38E3226AA7B63678949E6E49B241A60E823E4"), hex!("353D093B4AB17AAE6F0FBB1B584C2B9BB9BD863D85C06A4339A0BF2AFC5EBCD4"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364134"), hex!("F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8"), hex!("F54F6FD17277F5768A7DED149A3250B8C5E5F925ADE056E0D64A34AC24FC0EAE"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364135"), hex!("D01115D548E7561B15C38F004D734633687CF4419620095BC5B0F47070AFE85A"), hex!("560CB00237EA1F285749BAC81E8427EA86DC73A2265792AD94FAE4EB0BF9D908"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364136"), hex!("774AE7F858A9411E5EF4246B70C65AAC5649980BE5C17891BBEC17895DA008CB"), hex!("267B5FCD1494A1E6FDBC22A928484C9AC8D24E1D20062957CFE28B3536AC3614"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364137"), hex!("A0434D9E47F3C86235477C7B1AE6AE5D3442D49B1943C2B752A68E2A47E247C7"), hex!("76C545BDABE643D85C4938196C5DB3969086B3D127885EA6C3411AC3FC8C9358"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364138"), hex!("ACD484E2F0C7F65309AD178A9F559ABDE09796974C57E714C35F110DFC27CCBE"), hex!("33CC76DE4F5826029BC7F68E89C49E165227775BC8A071F0FA33D9D439B05FF8"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364139"), hex!("2F01E5E15CCA351DAFF3843FB70F3C2F0A1BDD05E5AF888A67784EF3E10A2A01"), hex!("A3B25758BEAC66B6D6C2F7D5ECD2EC4B3D1DEC2945A489E84A25D3479342132B"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413A"), hex!("5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC"), hex!("951435BF45DAA69F5CE8729279E5AB2457EC2F47EC02184A5AF7D9D6F78D9755"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413B"), hex!("FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A1460297556"), hex!("51ED8885530449DF0C4169FE80BA3A9F217F0F09AE701B5FC378F3C84F8A0998"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413C"), hex!("2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4"), hex!("2753DDD9C91A1C292B24562259363BD90877D8E454F297BF235782C459539959"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413D"), hex!("E493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13"), hex!("AE1266C15F2BAA48A9BD1DF6715AEBB7269851CC404201BF30168422B88C630D"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413E"), hex!("F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9"), hex!("C77084F09CD217EBF01CC819D5C80CA99AFF5666CB3DDCE4934602897B4715BD"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413F"), hex!("C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5"), hex!("E51E970159C23CC65C3A7BE6B99315110809CD9ACD992F1EDC9BCE55AF301705"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ( hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140"), hex!("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"), hex!("B7C52588D95C3B9AA25B0403F1EEF75702E84BB7597AABE663B82F6F04EF2777"), + hex!("0000000000000000D10300000100000000000000000000000000000000000000"), ), ]; - let gen = Projective::prime_subgroup_generator(); + let gen = Secp256k1Jacobian::prime_subgroup_generator(); - for (i, (scalar, x, y)) in MUL_TEST_VECTORS.iter().enumerate() { - let test_point = to_internal_repr(x.to_vec(), y.to_vec()); + for (i, (scalar, x, y, z)) in MUL_TEST_VECTORS.iter().enumerate() { + let test_point = to_internal_repr(x.to_vec(), y.to_vec(), z.to_vec()); assert!( test_point.is_valid(), "Validity test failed for point {}", diff --git a/algebra/src/curves/tests.rs b/algebra/src/curves/tests.rs index 1a225b8da..fe677e47b 100644 --- a/algebra/src/curves/tests.rs +++ b/algebra/src/curves/tests.rs @@ -1,9 +1,10 @@ use crate::UniformRand; use crate::{ - curves::{AffineCurve, ProjectiveCurve}, - fields::{Field, PrimeField}, + groups::Group, + curves::Curve, + fields::{Field, PrimeField, BitIterator}, serialize::{CanonicalDeserialize, CanonicalSerialize}, - SWModelParameters, TEModelParameters, + SWModelParameters/*, TEModelParameters,*/ }; use rand::{thread_rng, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -11,24 +12,24 @@ use std::io::Cursor; pub const ITERATIONS: usize = 10; -fn random_addition_test() { +fn random_addition_test() { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); for _ in 0..ITERATIONS { let a = G::rand(&mut rng); let b = G::rand(&mut rng); let c = G::rand(&mut rng); - let a_affine = a.into_affine(); - let b_affine = b.into_affine(); - let c_affine = c.into_affine(); + let a_affine = a.into_affine().unwrap(); + let b_affine = b.into_affine().unwrap(); + let c_affine = c.into_affine().unwrap(); // a + a should equal the doubling { let mut aplusa = a; - aplusa.add_assign(&a); + aplusa += &a; let mut aplusamixed = a; - aplusamixed.add_assign_mixed(&a.into_affine()); + aplusamixed.add_affine_assign(&a.into_affine().unwrap()); let mut adouble = a; adouble.double_in_place(); @@ -51,19 +52,19 @@ fn random_addition_test() { // Mixed addition // (a + b) + c - tmp[3] = a_affine.into_projective(); - tmp[3].add_assign_mixed(&b_affine); - tmp[3].add_assign_mixed(&c_affine); + tmp[3] = G::from_affine(&a_affine); + tmp[3].add_affine_assign(&b_affine); + tmp[3].add_affine_assign(&c_affine); // a + (b + c) - tmp[4] = b_affine.into_projective(); - tmp[4].add_assign_mixed(&c_affine); - tmp[4].add_assign_mixed(&a_affine); + tmp[4] = G::from_affine(&b_affine); + tmp[4].add_affine_assign(&c_affine); + tmp[4].add_affine_assign(&a_affine); // (a + c) + b - tmp[5] = a_affine.into_projective(); - tmp[5].add_assign_mixed(&c_affine); - tmp[5].add_assign_mixed(&b_affine); + tmp[5] = G::from_affine(&a_affine); + tmp[5].add_affine_assign(&c_affine); + tmp[5].add_affine_assign(&b_affine); // Comparisons for i in 0..6 { @@ -73,8 +74,8 @@ fn random_addition_test() { } assert_eq!(tmp[i], tmp[j], "Associativity failed {} {}", i, j); assert_eq!( - tmp[i].into_affine(), - tmp[j].into_affine(), + tmp[i].into_affine().unwrap(), + tmp[j].into_affine().unwrap(), "Associativity failed" ); } @@ -90,39 +91,39 @@ fn random_addition_test() { } } -fn random_multiplication_test() { +fn random_multiplication_test() { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); for _ in 0..ITERATIONS { let mut a = G::rand(&mut rng); let mut b = G::rand(&mut rng); - let a_affine = a.into_affine(); - let b_affine = b.into_affine(); + let a_affine = a.into_affine().unwrap(); + let b_affine = b.into_affine().unwrap(); let s = G::ScalarField::rand(&mut rng); // s ( a + b ) let mut tmp1 = a; tmp1.add_assign(&b); - tmp1.mul_assign(s.into_repr()); + tmp1.mul_assign(&s); // sa + sb - a.mul_assign(s.into_repr()); - b.mul_assign(s.into_repr()); + a.mul_assign(&s); + b.mul_assign(&s); let mut tmp2 = a; tmp2.add_assign(&b); // Affine multiplication - let mut tmp3 = a_affine.mul(s.into_repr()); - tmp3.add_assign(&b_affine.mul(s.into_repr())); + let mut tmp3 = G::from_affine(&a_affine).mul_bits(BitIterator::new(s.into_repr())); + tmp3.add_assign(&G::from_affine(&b_affine).mul_bits(BitIterator::new(s.into_repr()))); assert_eq!(tmp1, tmp2); assert_eq!(tmp1, tmp3); } } -fn random_doubling_test() { +fn random_doubling_test() { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); for _ in 0..ITERATIONS { @@ -142,14 +143,14 @@ fn random_doubling_test() { tmp2.add_assign(&b); let mut tmp3 = a; - tmp3.add_assign_mixed(&b.into_affine()); + tmp3.add_affine_assign(&b.into_affine().unwrap()); assert_eq!(tmp1, tmp2); assert_eq!(tmp1, tmp3); } } -fn random_negation_test() { +fn random_negation_test() { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); for _ in 0..ITERATIONS { @@ -160,10 +161,10 @@ fn random_negation_test() { assert!((s + &sneg).is_zero()); let mut t1 = r; - t1.mul_assign(s); + t1.mul_assign(&s); let mut t2 = r; - t2.mul_assign(sneg); + t2.mul_assign(&sneg); let mut t3 = t1; t3.add_assign(&t2); @@ -171,7 +172,7 @@ fn random_negation_test() { assert!(t3.is_zero()); let mut t4 = t1; - t4.add_assign_mixed(&t2.into_affine()); + t4.add_affine_assign(&t2.into_affine().unwrap()); assert!(t4.is_zero()); t1 = -t1; @@ -179,13 +180,13 @@ fn random_negation_test() { } } -fn random_transformation_test() { +fn random_transformation_test() { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); for _ in 0..ITERATIONS { let g = G::rand(&mut rng); - let g_affine = g.into_affine(); - let g_projective = g_affine.into_projective(); + let g_affine = g.into_affine().unwrap(); + let g_projective = G::from_affine(&g_affine); assert_eq!(g, g_projective); } @@ -207,12 +208,16 @@ fn random_transformation_test() { } for _ in 0..5 { let s = between.sample(&mut rng); - v[s] = v[s].into_affine().into_projective(); + if v[s].is_zero() { + assert!(v[s].into_affine().is_err()); + } else { + v[s] = G::from_affine(&v[s].into_affine().unwrap()); + } } let expected_v = v .iter() - .map(|v| v.into_affine().into_projective()) + .map(|v| if v.is_zero() { G::zero() } else { G::from_affine(&v.into_affine().unwrap()) }) .collect::>(); G::batch_normalization(&mut v); @@ -224,7 +229,7 @@ fn random_transformation_test() { } } -pub fn curve_tests() { +pub fn curve_tests() { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); // Negation edge case with zero. @@ -246,19 +251,15 @@ pub fn curve_tests() { let rcopy = r; r.add_assign(&G::zero()); assert_eq!(r, rcopy); - r.add_assign_mixed(&G::Affine::zero()); - assert_eq!(r, rcopy); let mut z = G::zero(); z.add_assign(&G::zero()); assert!(z.is_zero()); - z.add_assign_mixed(&G::Affine::zero()); - assert!(z.is_zero()); let mut z2 = z; z2.add_assign(&r); - z.add_assign_mixed(&r.into_affine()); + z.add_affine_assign(&r.into_affine().unwrap()); assert_eq!(z, z2); assert_eq!(z, r); @@ -267,12 +268,8 @@ pub fn curve_tests() { // Transformations { let a = G::rand(&mut rng); - let b = a.into_affine().into_projective(); - let c = a - .into_affine() - .into_projective() - .into_affine() - .into_projective(); + let b = G::from_affine(&a.into_affine().unwrap()); + let c = G::from_affine(&G::from_affine(&a.into_affine().unwrap()).into_affine().unwrap()); assert_eq!(a, b); assert_eq!(b, c); } @@ -290,197 +287,74 @@ pub fn sw_jacobian_tests() { } pub fn sw_jacobian_from_random_bytes() { - use crate::curves::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}; + use crate::curves::models::short_weierstrass_jacobian::Jacobian; - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Jacobian::

::zero().serialized_size(); let rng = &mut thread_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(rng).into_affine(); + let a = Jacobian::

::rand(rng); { let mut serialized = vec![0; buf_size]; let mut cursor = Cursor::new(&mut serialized[..]); CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let p1 = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); - let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); + let p1 = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); + let p2 = Jacobian::

::from_random_bytes(&serialized).unwrap(); assert_eq!(p1, p2); } } } pub fn sw_jacobian_curve_serialization_test() { - use crate::curves::models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}; - - let buf_size = GroupAffine::

::zero().serialized_size(); - - let rng = &mut thread_rng(); - - for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(rng); - { - let mut a = a.into_affine(); - let mut serialized = vec![0; buf_size]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); - - let mut cursor = Cursor::new(&serialized[..]); - let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); - assert_eq!(a, b); - a.y = -a.y; - assert_ne!(a, b); - } - - { - let mut a = a.into_affine(); - a.y = -a.y; - let mut serialized = vec![0; buf_size]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); - let mut cursor = Cursor::new(&serialized[..]); - let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); - assert_eq!(a, b); - a.y = -a.y; - assert_ne!(a, b); - } - - { - let a = GroupAffine::

::zero(); - let mut serialized = vec![0; buf_size]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); - let mut cursor = Cursor::new(&serialized[..]); - let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); - assert_eq!(a, b); - } - - { - let a = GroupAffine::

::zero(); - let mut serialized = vec![0; buf_size - 1]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap_err(); - } - - { - let serialized = vec![0; buf_size - 1]; - let mut cursor = Cursor::new(&serialized[..]); - as CanonicalDeserialize>::deserialize(&mut cursor).unwrap_err(); - } - - { - let mut a = a.into_affine(); - let mut serialized = vec![0; a.uncompressed_size()]; - let mut cursor = Cursor::new(&mut serialized[..]); - a.serialize_uncompressed(&mut cursor).unwrap(); - - let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); - assert_eq!(a, b); - a.y = -a.y; - assert_ne!(a, b); - } - - { - let mut a = a.into_affine(); - a.y = -a.y; - let mut serialized = vec![0; a.uncompressed_size()]; - let mut cursor = Cursor::new(&mut serialized[..]); - a.serialize_uncompressed(&mut cursor).unwrap(); - let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); - assert_eq!(a, b); - a.y = -a.y; - assert_ne!(a, b); - } - - { - let a = GroupAffine::

::zero(); - let mut serialized = vec![0; a.uncompressed_size()]; - let mut cursor = Cursor::new(&mut serialized[..]); - a.serialize_uncompressed(&mut cursor).unwrap(); - let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); - assert_eq!(a, b); - } - } -} - -pub fn sw_projective_tests() { - sw_projective_curve_serialization_test::

(); - sw_projective_from_random_bytes::

(); -} - -pub fn sw_projective_from_random_bytes() { - use crate::curves::models::short_weierstrass_projective::{GroupAffine, GroupProjective}; - - let buf_size = GroupAffine::

::zero().serialized_size(); - - let rng = &mut thread_rng(); + use crate::curves::models::short_weierstrass_jacobian::Jacobian; - for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(rng).into_affine(); - { - let mut serialized = vec![0; buf_size]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); - - let mut cursor = Cursor::new(&serialized[..]); - let p1 = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); - let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); - assert_eq!(p1, p2); - } - } -} - -pub fn sw_projective_curve_serialization_test() { - use crate::curves::models::short_weierstrass_projective::{GroupAffine, GroupProjective}; - - let buf_size = GroupAffine::

::zero().serialized_size(); + let buf_size = Jacobian::

::zero().serialized_size(); let rng = &mut thread_rng(); for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(rng); + let a = Jacobian::

::rand(rng); { - let mut a = a.into_affine(); + let mut a = a; let mut serialized = vec![0; buf_size]; let mut cursor = Cursor::new(&mut serialized[..]); CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); + let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); a.y = -a.y; assert_ne!(a, b); } { - let mut a = a.into_affine(); + let mut a = a; a.y = -a.y; let mut serialized = vec![0; buf_size]; let mut cursor = Cursor::new(&mut serialized[..]); CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); + let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); a.y = -a.y; assert_ne!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Jacobian::

::zero(); let mut serialized = vec![0; buf_size]; let mut cursor = Cursor::new(&mut serialized[..]); CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); + let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); assert_eq!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Jacobian::

::zero(); let mut serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&mut serialized[..]); CanonicalSerialize::serialize(&a, &mut cursor).unwrap_err(); @@ -489,154 +363,277 @@ pub fn sw_projective_curve_serialization_test() { { let serialized = vec![0; buf_size - 1]; let mut cursor = Cursor::new(&serialized[..]); - as CanonicalDeserialize>::deserialize(&mut cursor).unwrap_err(); + as CanonicalDeserialize>::deserialize(&mut cursor).unwrap_err(); } { - let mut a = a.into_affine(); + let mut a = a; let mut serialized = vec![0; a.uncompressed_size()]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Jacobian::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); a.y = -a.y; assert_ne!(a, b); } { - let mut a = a.into_affine(); + let mut a = a; a.y = -a.y; let mut serialized = vec![0; a.uncompressed_size()]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Jacobian::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); a.y = -a.y; assert_ne!(a, b); } { - let a = GroupAffine::

::zero(); + let a = Jacobian::

::zero(); let mut serialized = vec![0; a.uncompressed_size()]; let mut cursor = Cursor::new(&mut serialized[..]); a.serialize_uncompressed(&mut cursor).unwrap(); let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); + let b = Jacobian::

::deserialize_uncompressed(&mut cursor).unwrap(); assert_eq!(a, b); } } } -pub fn edwards_tests() -where - P::BaseField: PrimeField, -{ - edwards_curve_serialization_test::

(); - edwards_from_random_bytes::

(); -} - -pub fn edwards_from_random_bytes() -where - P::BaseField: PrimeField, -{ - use crate::curves::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; - use crate::ToBytes; - - let buf_size = GroupAffine::

::zero().serialized_size(); - - let rng = &mut thread_rng(); - - for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(rng).into_affine(); - { - let mut serialized = vec![0; buf_size]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); - - let mut cursor = Cursor::new(&serialized[..]); - let p1 = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); - let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); - assert_eq!(p1, p2); - } - } - - for _ in 0..ITERATIONS { - let biginteger = - < as AffineCurve>::BaseField as PrimeField>::BigInt::rand(rng); - let mut bytes = to_bytes![biginteger].unwrap(); - let mut g = GroupAffine::

::from_random_bytes(&bytes); - while g.is_none() { - bytes.iter_mut().for_each(|i| *i = i.wrapping_sub(1)); - g = GroupAffine::

::from_random_bytes(&bytes); - } - let _g = g.unwrap(); - } -} - -pub fn edwards_curve_serialization_test() { - use crate::curves::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; - - let buf_size = GroupAffine::

::zero().serialized_size(); - - let rng = &mut thread_rng(); - - for _ in 0..ITERATIONS { - let a = GroupProjective::

::rand(rng); - let a = a.into_affine(); - { - let mut serialized = vec![0; buf_size]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); - - let mut cursor = Cursor::new(&serialized[..]); - let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); - assert_eq!(a, b); - } - - { - let a = GroupAffine::

::zero(); - let mut serialized = vec![0; buf_size]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); - let mut cursor = Cursor::new(&serialized[..]); - let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); - assert_eq!(a, b); - } - - { - let a = GroupAffine::

::zero(); - let mut serialized = vec![0; buf_size - 1]; - let mut cursor = Cursor::new(&mut serialized[..]); - CanonicalSerialize::serialize(&a, &mut cursor).unwrap_err(); - } - - { - let serialized = vec![0; buf_size - 1]; - let mut cursor = Cursor::new(&serialized[..]); - as CanonicalDeserialize>::deserialize(&mut cursor).unwrap_err(); - } - - { - let mut serialized = vec![0; a.uncompressed_size()]; - let mut cursor = Cursor::new(&mut serialized[..]); - a.serialize_uncompressed(&mut cursor).unwrap(); - - let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); - assert_eq!(a, b); - } - - { - let a = GroupAffine::

::zero(); - let mut serialized = vec![0; a.uncompressed_size()]; - let mut cursor = Cursor::new(&mut serialized[..]); - a.serialize_uncompressed(&mut cursor).unwrap(); - let mut cursor = Cursor::new(&serialized[..]); - let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); - assert_eq!(a, b); - } - } -} +// pub fn sw_projective_tests() { +// sw_projective_curve_serialization_test::

(); +// sw_projective_from_random_bytes::

(); +// } +// +// pub fn sw_projective_from_random_bytes() { +// use crate::curves::models::short_weierstrass_projective::{GroupAffine, GroupProjective}; +// +// let buf_size = GroupAffine::

::zero().serialized_size(); +// +// let rng = &mut thread_rng(); +// +// for _ in 0..ITERATIONS { +// let a = GroupProjective::

::rand(rng).into_affine(); +// { +// let mut serialized = vec![0; buf_size]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); +// +// let mut cursor = Cursor::new(&serialized[..]); +// let p1 = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); +// let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); +// assert_eq!(p1, p2); +// } +// } +// } +// +// pub fn sw_projective_curve_serialization_test() { +// use crate::curves::models::short_weierstrass_projective::{GroupAffine, GroupProjective}; +// +// let buf_size = GroupAffine::

::zero().serialized_size(); +// +// let rng = &mut thread_rng(); +// +// for _ in 0..ITERATIONS { +// let a = GroupProjective::

::rand(rng); +// { +// let mut a = a.into_affine(); +// let mut serialized = vec![0; buf_size]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); +// +// let mut cursor = Cursor::new(&serialized[..]); +// let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); +// assert_eq!(a, b); +// a.y = -a.y; +// assert_ne!(a, b); +// } +// +// { +// let mut a = a.into_affine(); +// a.y = -a.y; +// let mut serialized = vec![0; buf_size]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); +// let mut cursor = Cursor::new(&serialized[..]); +// let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); +// assert_eq!(a, b); +// a.y = -a.y; +// assert_ne!(a, b); +// } +// +// { +// let a = GroupAffine::

::zero(); +// let mut serialized = vec![0; buf_size]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); +// let mut cursor = Cursor::new(&serialized[..]); +// let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); +// assert_eq!(a, b); +// } +// +// { +// let a = GroupAffine::

::zero(); +// let mut serialized = vec![0; buf_size - 1]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap_err(); +// } +// +// { +// let serialized = vec![0; buf_size - 1]; +// let mut cursor = Cursor::new(&serialized[..]); +// as CanonicalDeserialize>::deserialize(&mut cursor).unwrap_err(); +// } +// +// { +// let mut a = a.into_affine(); +// let mut serialized = vec![0; a.uncompressed_size()]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// a.serialize_uncompressed(&mut cursor).unwrap(); +// +// let mut cursor = Cursor::new(&serialized[..]); +// let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); +// assert_eq!(a, b); +// a.y = -a.y; +// assert_ne!(a, b); +// } +// +// { +// let mut a = a.into_affine(); +// a.y = -a.y; +// let mut serialized = vec![0; a.uncompressed_size()]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// a.serialize_uncompressed(&mut cursor).unwrap(); +// let mut cursor = Cursor::new(&serialized[..]); +// let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); +// assert_eq!(a, b); +// a.y = -a.y; +// assert_ne!(a, b); +// } +// +// { +// let a = GroupAffine::

::zero(); +// let mut serialized = vec![0; a.uncompressed_size()]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// a.serialize_uncompressed(&mut cursor).unwrap(); +// let mut cursor = Cursor::new(&serialized[..]); +// let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); +// assert_eq!(a, b); +// } +// } +// } +// +// pub fn edwards_tests() +// where +// P::BaseField: PrimeField, +// { +// edwards_curve_serialization_test::

(); +// edwards_from_random_bytes::

(); +// } +// +// pub fn edwards_from_random_bytes() +// where +// P::BaseField: PrimeField, +// { +// use crate::curves::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; +// use crate::ToBytes; +// +// let buf_size = GroupAffine::

::zero().serialized_size(); +// +// let rng = &mut thread_rng(); +// +// for _ in 0..ITERATIONS { +// let a = GroupProjective::

::rand(rng).into_affine(); +// { +// let mut serialized = vec![0; buf_size]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); +// +// let mut cursor = Cursor::new(&serialized[..]); +// let p1 = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); +// let p2 = GroupAffine::

::from_random_bytes(&serialized).unwrap(); +// assert_eq!(p1, p2); +// } +// } +// +// for _ in 0..ITERATIONS { +// let biginteger = +// < as AffineCurve>::BaseField as PrimeField>::BigInt::rand(rng); +// let mut bytes = to_bytes![biginteger].unwrap(); +// let mut g = GroupAffine::

::from_random_bytes(&bytes); +// while g.is_none() { +// bytes.iter_mut().for_each(|i| *i = i.wrapping_sub(1)); +// g = GroupAffine::

::from_random_bytes(&bytes); +// } +// let _g = g.unwrap(); +// } +// } +// +// pub fn edwards_curve_serialization_test() { +// use crate::curves::models::twisted_edwards_extended::{GroupAffine, GroupProjective}; +// +// let buf_size = GroupAffine::

::zero().serialized_size(); +// +// let rng = &mut thread_rng(); +// +// for _ in 0..ITERATIONS { +// let a = GroupProjective::

::rand(rng); +// let a = a.into_affine(); +// { +// let mut serialized = vec![0; buf_size]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); +// +// let mut cursor = Cursor::new(&serialized[..]); +// let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); +// assert_eq!(a, b); +// } +// +// { +// let a = GroupAffine::

::zero(); +// let mut serialized = vec![0; buf_size]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap(); +// let mut cursor = Cursor::new(&serialized[..]); +// let b = as CanonicalDeserialize>::deserialize(&mut cursor).unwrap(); +// assert_eq!(a, b); +// } +// +// { +// let a = GroupAffine::

::zero(); +// let mut serialized = vec![0; buf_size - 1]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// CanonicalSerialize::serialize(&a, &mut cursor).unwrap_err(); +// } +// +// { +// let serialized = vec![0; buf_size - 1]; +// let mut cursor = Cursor::new(&serialized[..]); +// as CanonicalDeserialize>::deserialize(&mut cursor).unwrap_err(); +// } +// +// { +// let mut serialized = vec![0; a.uncompressed_size()]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// a.serialize_uncompressed(&mut cursor).unwrap(); +// +// let mut cursor = Cursor::new(&serialized[..]); +// let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); +// assert_eq!(a, b); +// } +// +// { +// let a = GroupAffine::

::zero(); +// let mut serialized = vec![0; a.uncompressed_size()]; +// let mut cursor = Cursor::new(&mut serialized[..]); +// a.serialize_uncompressed(&mut cursor).unwrap(); +// let mut cursor = Cursor::new(&serialized[..]); +// let b = GroupAffine::

::deserialize_uncompressed(&mut cursor).unwrap(); +// assert_eq!(a, b); +// } +// } +// } diff --git a/algebra/src/curves/tweedle/dee.rs b/algebra/src/curves/tweedle/dee.rs index f5d4c6f86..18590cede 100644 --- a/algebra/src/curves/tweedle/dee.rs +++ b/algebra/src/curves/tweedle/dee.rs @@ -2,7 +2,7 @@ use crate::field_new; use crate::{ biginteger::BigInteger256, curves::{ - models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + models::short_weierstrass_jacobian::Jacobian, EndoMulParameters, ModelParameters, SWModelParameters, }, fields::tweedle::*, @@ -17,8 +17,7 @@ impl ModelParameters for TweedledeeParameters { type ScalarField = Fr; } -pub type Affine = GroupAffine; -pub type Projective = GroupProjective; +pub type DeeJacobian = Jacobian; impl SWModelParameters for TweedledeeParameters { /// COEFF_A = 0 diff --git a/algebra/src/curves/tweedle/dum.rs b/algebra/src/curves/tweedle/dum.rs index cbf8a1d20..7c814fdef 100644 --- a/algebra/src/curves/tweedle/dum.rs +++ b/algebra/src/curves/tweedle/dum.rs @@ -1,7 +1,7 @@ use crate::{ biginteger::BigInteger256, curves::{ - models::short_weierstrass_jacobian::{GroupAffine, GroupProjective}, + models::short_weierstrass_jacobian::Jacobian, EndoMulParameters, ModelParameters, SWModelParameters, }, field_new, @@ -17,8 +17,7 @@ impl ModelParameters for TweedledumParameters { type ScalarField = Fq; } -pub type Affine = GroupAffine; -pub type Projective = GroupProjective; +pub type DumJacobian = Jacobian; impl SWModelParameters for TweedledumParameters { /// COEFF_A = 0 diff --git a/algebra/src/curves/tweedle/tests.rs b/algebra/src/curves/tweedle/tests.rs index a04dceb2d..13b3a7d80 100644 --- a/algebra/src/curves/tweedle/tests.rs +++ b/algebra/src/curves/tweedle/tests.rs @@ -1,13 +1,21 @@ use crate::{ biginteger::BigInteger, curves::{ - models::SWModelParameters, tests::curve_tests, tweedle::*, AffineCurve, EndoMulCurve, - ProjectiveCurve, + Curve, EndoMulCurve, + models::SWModelParameters, + tweedle::*, + tests::curve_tests, }, - fields::{tweedle::*, Field, PrimeField, SquareRootField}, - groups::tests::group_test, + fields::{ + Field, PrimeField, SquareRootField, + tweedle::*, + }, + groups::{ + Group, + tests::group_test, + } }; -use std::ops::{AddAssign, MulAssign}; +use std::ops::{AddAssign, MulAssign, Mul}; use std::str::FromStr; use crate::curves::tests::sw_jacobian_tests; @@ -18,43 +26,43 @@ use rand::{thread_rng, Rng, SeedableRng}; use rand_xorshift::XorShiftRng; #[test] -fn test_dee_projective_curve() { - curve_tests::(); +fn test_dee_curve() { + curve_tests::(); sw_jacobian_tests::() } #[test] -fn test_dee_projective_group() { +fn test_dee_group() { let mut rng = XorShiftRng::seed_from_u64(1234567890u64); - let a: dee::Projective = rng.gen(); - let b: dee::Projective = rng.gen(); + let a: dee::DeeJacobian = rng.gen(); + let b: dee::DeeJacobian = rng.gen(); group_test(a, b); } #[test] fn test_dee_generator() { - let generator = dee::Affine::prime_subgroup_generator(); + let generator = dee::DeeJacobian::prime_subgroup_generator(); assert!(generator.is_on_curve()); assert!(generator.is_in_correct_subgroup_assuming_on_curve()); } #[test] -fn test_dum_projective_curve() { - curve_tests::(); +fn test_dum_curve() { + curve_tests::(); sw_jacobian_tests::() } #[test] -fn test_dum_projective_group() { +fn test_dum_group() { let mut rng = XorShiftRng::seed_from_u64(1234567890u64); - let a: dum::Projective = rng.gen(); - let b: dum::Projective = rng.gen(); + let a: dum::DumJacobian = rng.gen(); + let b: dum::DumJacobian = rng.gen(); group_test(a, b); } #[test] fn test_dum_generator() { - let generator = dum::Affine::prime_subgroup_generator(); + let generator = dum::DumJacobian::prime_subgroup_generator(); assert!(generator.is_on_curve()); assert!(generator.is_in_correct_subgroup_assuming_on_curve()); } @@ -71,19 +79,18 @@ fn test_dee_generator_raw() { rhs.add_assign(&dee::TweedledeeParameters::COEFF_B); if let Some(y) = rhs.sqrt() { - let p = dee::Affine::new(x, if y < -y { y } else { -y }, false); + let p = dee::DeeJacobian::new(x, if y < -y { y } else { -y }, Fq::one()); assert!(p.is_in_correct_subgroup_assuming_on_curve()); let dee = p.scale_by_cofactor(); - assert_eq!(dee.into_affine(), p); + assert_eq!(dee, p); if !dee.is_zero() { assert_eq!(i, 1); - let dee = dee::Affine::from(dee); assert!(dee.is_in_correct_subgroup_assuming_on_curve()); - assert_eq!(dee, dee::Affine::prime_subgroup_generator()); + assert_eq!(dee, dee::DeeJacobian::prime_subgroup_generator()); break; } } @@ -105,19 +112,18 @@ fn test_dum_generator_raw() { rhs.add_assign(&dum::TweedledumParameters::COEFF_B); if let Some(y) = rhs.sqrt() { - let p = dum::Affine::new(x, if y < -y { y } else { -y }, false); + let p = dum::DumJacobian::new(x, if y < -y { y } else { -y }, Fr::one()); assert!(p.is_in_correct_subgroup_assuming_on_curve()); let dum = p.scale_by_cofactor(); - assert_eq!(dum.into_affine(), p); + assert_eq!(dum, p); if !dum.is_zero() { assert_eq!(i, 1); - let dum = dum::Affine::from(dum); assert!(dum.is_in_correct_subgroup_assuming_on_curve()); - assert_eq!(dum, dum::Affine::prime_subgroup_generator()); + assert_eq!(dum, dum::DumJacobian::prime_subgroup_generator()); break; } } @@ -129,7 +135,7 @@ fn test_dum_generator_raw() { #[test] fn test_dee_addition_correctness() { - let mut p = dee::Projective::new( + let mut p = dee::DeeJacobian::new( Fq::from_str( "17071515411234329267051251142008744532074161438140426170549136904789606209155", ) @@ -141,7 +147,7 @@ fn test_dee_addition_correctness() { Fq::one(), ); - p.add_assign(&dee::Projective::new( + p.add_assign(&dee::DeeJacobian::new( Fq::from_str( "5902988235118225415057554152593109689819081116067139376852243422243422684655", ) @@ -153,11 +159,9 @@ fn test_dee_addition_correctness() { Fq::one(), )); - let p = dee::Affine::from(p); - assert_eq!( p, - dee::Affine::new( + dee::DeeJacobian::new( Fq::from_str( "17272972729543522859996365140537720509583378385403153153034405894416507370075" ) @@ -166,14 +170,14 @@ fn test_dee_addition_correctness() { "10919319153241406943315020022865635527830995765162202572118118072098170575117" ) .unwrap(), - false, + Fq::one(), ) ); } #[test] fn test_dum_addition_correctness() { - let mut p = dum::Projective::new( + let mut p = dum::DumJacobian::new( Fr::from_str( "21118483776076764996122757821606091900059043860162004907989579660882026321197", ) @@ -185,7 +189,7 @@ fn test_dum_addition_correctness() { Fr::one(), ); - p.add_assign(&dum::Projective::new( + p.add_assign(&dum::DumJacobian::new( Fr::from_str( "20385173229981432379197513268506886433340219379830521001646291041798263137109", ) @@ -197,11 +201,9 @@ fn test_dum_addition_correctness() { Fr::one(), )); - let p = dum::Affine::from(p); - assert_eq!( p, - dum::Affine::new( + dum::DumJacobian::new( Fr::from_str( "3707088439511374954709258634608802460084680838305626554041952787711711292620" ) @@ -210,7 +212,7 @@ fn test_dum_addition_correctness() { "21427612888550306000000889405343941940930914059283626531936541886782117113518" ) .unwrap(), - false, + Fr::one(), ) ); } @@ -218,12 +220,12 @@ fn test_dum_addition_correctness() { #[test] fn test_dee_endo_mul() { for _ in 0..100 { - let p = dee::Projective::rand(&mut thread_rng()).into_affine(); + let p = dee::DeeJacobian::rand(&mut thread_rng()); let scalar: Fq = u128::rand(&mut thread_rng()).into(); let bits = scalar.into_repr().to_bits().as_slice()[0..128].to_vec(); - let p_mul = p.mul(dee::Affine::endo_rep_to_scalar(bits.clone()).unwrap()); + let p_mul = p.mul(&dee::DeeJacobian::endo_rep_to_scalar(bits.clone()).unwrap()); let pe_mul = p.endo_mul(bits.clone()).unwrap(); assert_eq!(p_mul, pe_mul); @@ -233,14 +235,14 @@ fn test_dee_endo_mul() { #[test] fn test_dum_endo_mul() { for _ in 0..100 { - let p = dum::Projective::rand(&mut thread_rng()).into_affine(); + let p = dum::DumJacobian::rand(&mut thread_rng()); let scalar: Fq = u128::rand(&mut thread_rng()).into(); let bits = scalar.into_repr().to_bits().as_slice()[0..128].to_vec(); println!("{}", bits.len()); - let p_mul = p.mul(dum::Affine::endo_rep_to_scalar(bits.clone()).unwrap()); + let p_mul = p.mul(&dum::DumJacobian::endo_rep_to_scalar(bits.clone()).unwrap()); let pe_mul = p.endo_mul(bits.clone()).unwrap(); assert_eq!(p_mul, pe_mul); diff --git a/algebra/src/fft/domain/domain_selector.rs b/algebra/src/fft/domain/domain_selector.rs index 3a3898f6d..4d5228584 100644 --- a/algebra/src/fft/domain/domain_selector.rs +++ b/algebra/src/fft/domain/domain_selector.rs @@ -64,7 +64,7 @@ mod test { domain_size = 5000; domain = get_best_evaluation_domain::(domain_size).unwrap(); //Expected Mixed to be chosen - assert_eq!(domain.size(), 5120, "Unexpected domain size"); + assert_eq!(domain.size(), 8192, "Unexpected domain size"); //Limit for the basic radix2 domain support domain_size = 32768; @@ -74,18 +74,11 @@ mod test { domain_size = 32769; //Expected Mixed to be chosen domain = get_best_evaluation_domain::(domain_size).unwrap(); - assert_eq!(domain.size(), 40960, "Unexpected domain size"); + assert_eq!(domain.size(), 65536, "Unexpected domain size"); //Limit for the mixed radix2 domain support domain_size = 819200; domain = get_best_evaluation_domain::(domain_size).unwrap(); - assert_eq!(domain.size(), 819200, "Unexpected domain size"); - - //No supported domain for this size should exist - domain_size = 819201; - match get_best_evaluation_domain::(domain_size) { - None => {} - _ => panic!("No domain should exists for this size"), - } + assert_eq!(domain.size(), 1048576, "Unexpected domain size"); } } diff --git a/algebra/src/fields/mod.rs b/algebra/src/fields/mod.rs index b5bd7236b..a6bc64d4d 100644 --- a/algebra/src/fields/mod.rs +++ b/algebra/src/fields/mod.rs @@ -72,7 +72,8 @@ pub trait MulShortAssign { /// The interface for a generic field. pub trait Field: - ToBytes + 'static + + ToBytes + FromBytes + FromBytesChecked + ToBits @@ -91,7 +92,6 @@ pub trait Field: + Default + Send + Sync - + 'static + Eq + Ord + Neg diff --git a/algebra/src/groups/mod.rs b/algebra/src/groups/mod.rs index a9a1f854d..fa3a901ff 100644 --- a/algebra/src/groups/mod.rs +++ b/algebra/src/groups/mod.rs @@ -1,11 +1,11 @@ use crate::UniformRand; use crate::{ - BitIterator, CanonicalDeserialize, CanonicalSerialize, FromBytesChecked, SemanticallyValid, + CanonicalDeserialize, CanonicalSerialize, FromBytesChecked, SemanticallyValid, }; use std::{ fmt::{Debug, Display}, hash::Hash, - ops::{Add, AddAssign, Neg, Sub, SubAssign}, + ops::{Neg, Add, AddAssign, Sub, SubAssign, Mul, MulAssign}, }; use crate::{ @@ -18,7 +18,8 @@ use serde::{Deserialize, Serialize}; pub mod tests; pub trait Group: - ToBytes + 'static + + ToBytes + FromBytes + FromBytesChecked + SemanticallyValid @@ -33,15 +34,22 @@ pub trait Group: + Default + Send + Sync - + 'static + Eq + Hash - + Neg + UniformRand + + Neg + // + Add + // + Sub + // + Mul<::ScalarField, Output = Self> + // + AddAssign + // + SubAssign + // + MulAssign<::ScalarField> + for<'a> Add<&'a Self, Output = Self> + for<'a> Sub<&'a Self, Output = Self> + + for<'a> Mul<&'a ::ScalarField, Output = Self> + for<'a> AddAssign<&'a Self> + for<'a> SubAssign<&'a Self> + + for<'a> MulAssign<&'a ::ScalarField> { type ScalarField: PrimeField + Into<::BigInt>; @@ -53,31 +61,43 @@ pub trait Group: /// Returns `self + self`. #[must_use] - fn double(&self) -> Self; + fn double(&self) -> Self { + let mut copy = *self; + copy.double_in_place(); + copy + } /// Sets `self := self + self`. fn double_in_place(&mut self) -> &mut Self; +} - #[must_use] - fn mul<'a>(&self, other: &'a Self::ScalarField) -> Self { - let mut copy = *self; - copy.mul_assign(other); - copy + +/// Generic struct of a formal linear combination +pub struct LinearCombination +{ + items: Vec<(G::ScalarField, G)> +} + +impl LinearCombination +{ + /// Consturcts general LC + pub fn new(items: Vec<(G::ScalarField, G)>) -> Self { + LinearCombination { + items + } + } + + /// Add term to LC + pub fn push(&mut self, coeff: G::ScalarField, item: G) { + self.items.push((coeff, item)) } - /// WARNING: This implementation doesn't take costant time with respect - /// to the exponent, and therefore is susceptible to side-channel attacks. - /// Be sure to use it in applications where timing (or similar) attacks - /// are not possible. - /// TODO: Add a side-channel secure variant. - fn mul_assign<'a>(&mut self, other: &'a Self::ScalarField) { - let mut res = Self::zero(); - for i in BitIterator::new(other.into_repr()) { - res.double_in_place(); - if i { - res += self - } + /// Combine LC + pub fn combine(&self) -> G { + let mut combined = G::zero(); + for (coeff, item) in self.items.iter() { + combined += &(*item * coeff); } - *self = res + combined } -} +} \ No newline at end of file diff --git a/algebra/src/groups/tests.rs b/algebra/src/groups/tests.rs index 631f5735f..cbd513c02 100644 --- a/algebra/src/groups/tests.rs +++ b/algebra/src/groups/tests.rs @@ -1,4 +1,4 @@ -use crate::{AffineCurve, Field, FromCompressedBits, Group, ToCompressedBits, UniformRand}; +use crate::{Field, FromCompressedBits, Group, ToCompressedBits, UniformRand}; use rand::SeedableRng; use rand_xorshift::XorShiftRng; @@ -69,7 +69,7 @@ pub fn group_test(a: G, mut b: G) { ); } -pub fn compression_test(even: T, odd: T) { +pub fn compression_test(even: T, odd: T) { //Test correct compression/de-compression of a non-zero point with even y let even_compressed = even.compress(); let even_len = even_compressed.len(); diff --git a/algebra/src/lib.rs b/algebra/src/lib.rs index 563246a9b..049b4e132 100644 --- a/algebra/src/lib.rs +++ b/algebra/src/lib.rs @@ -57,8 +57,8 @@ pub use self::validity::*; mod rand; pub use self::rand::*; -mod to_field_vec; -pub use to_field_vec::ToConstraintField; +// mod to_field_vec; +// pub use to_field_vec::ToConstraintField; #[cfg(feature = "parallel")] pub mod msm; diff --git a/algebra/src/msm/fixed_base.rs b/algebra/src/msm/fixed_base.rs index fd1e1f328..e8ee27f27 100644 --- a/algebra/src/msm/fixed_base.rs +++ b/algebra/src/msm/fixed_base.rs @@ -1,4 +1,4 @@ -use crate::{BigInteger, Error, FpParameters, PrimeField, ProjectiveCurve}; +use crate::{BigInteger, Error, FpParameters, PrimeField, Curve}; use rayon::prelude::*; pub struct FixedBaseMSM; @@ -12,7 +12,7 @@ impl FixedBaseMSM { } } - pub fn get_window_table( + pub fn get_window_table( scalar_size: usize, window: usize, g: T, @@ -42,7 +42,7 @@ impl FixedBaseMSM { multiples_of_g } - pub fn windowed_mul( + pub fn windowed_mul( outerc: usize, window: usize, multiples_of_g: &[Vec], @@ -67,7 +67,7 @@ impl FixedBaseMSM { res } - pub fn multi_scalar_mul( + pub fn multi_scalar_mul( scalar_size: usize, window: usize, table: &[Vec], diff --git a/algebra/src/msm/variable_base.rs b/algebra/src/msm/variable_base.rs index 3249214a6..74324f51e 100644 --- a/algebra/src/msm/variable_base.rs +++ b/algebra/src/msm/variable_base.rs @@ -1,4 +1,4 @@ -use crate::{AffineCurve, BigInteger, Error, Field, FpParameters, PrimeField, ProjectiveCurve}; +use crate::{BigInteger, Error, Field, FpParameters, PrimeField, Curve}; use rayon::prelude::*; pub struct VariableBaseMSM; @@ -9,11 +9,11 @@ impl VariableBaseMSM { /// to have the same length of the scalars; this may lead to potential message /// malleability issue: e.g. MSM([s1, s2], [b1, b2]) == MSM([s1, s2], [b1, b2, b3]), /// so use this function carefully. - pub fn multi_scalar_mul_affine_c( - bases: &[G], + pub fn msm_inner_affine_c( + bases: &[G::AffineRep], scalars: &[::BigInt], c: usize, - ) -> Result { + ) -> Result { // Sanity checks if c == 0 { Err(format!("Invalid window size value: 0"))? @@ -37,7 +37,7 @@ impl VariableBaseMSM { let num_bits = ::Params::MODULUS_BITS as usize; let fr_one = G::ScalarField::one().into_repr(); - let zero = G::zero().into_projective(); + let zero = G::zero(); let window_starts: Vec<_> = (0..num_bits).step_by(c).collect(); // Each window is of size `c`. @@ -55,7 +55,7 @@ impl VariableBaseMSM { .for_each(|(&scalar, base)| { if scalar == fr_one { // We only process unit scalars once in the first window. - if w_start == 0 && base.is_zero() == false { + if w_start == 0 { buckets[cc - 1].push(*base); } } else { @@ -71,22 +71,23 @@ impl VariableBaseMSM { // If the scalar is non-zero, we update the corresponding // bucket. // (Recall that `buckets` doesn't have a zero bucket.) - if scalar != 0 && base.is_zero() == false { + if scalar != 0 { buckets[(scalar - 1) as usize].push(*base); } } }); - G::add_points(&mut buckets); + + G::sum_buckets_affine(&mut buckets); let mut res = if buckets[cc - 1].len() == 0 { zero } else { - buckets[cc - 1][0].into_projective() + G::from_affine(&buckets[cc - 1][0]) }; let mut running_sum = zero; for b in buckets[0..cc - 1].iter_mut().rev() { - if b.len() != 0 && b[0].is_zero() == false { - running_sum.add_assign_mixed(&b[0]) + if b.len() != 0 { + running_sum.add_affine_assign(&b[0]); } res += &running_sum; } @@ -113,16 +114,26 @@ impl VariableBaseMSM { Ok(result) } + pub fn multi_scalar_mul( + bases: &[G::AffineRep], + scalars: &[::BigInt], + ) -> Result + { + let c = Self::get_optimal_window_size_for_msm_affine::(scalars.len()); + + Self::msm_inner_affine_c(bases, scalars, c) + } + /// WARNING: This function allows scalars and bases to have different length /// (as long as scalars.len() <= bases.len()): internally, bases are trimmed /// to have the same length of the scalars; this may lead to potential message /// malleability issue: e.g. MSM([s1, s2], [b1, b2]) == MSM([s1, s2], [b1, b2, b3]), /// so use this function carefully. - pub fn msm_inner_c( - bases: &[G], + pub fn msm_inner_c( + bases: &[G::AffineRep], scalars: &[::BigInt], c: usize, - ) -> Result { + ) -> Result { // Sanity checks if c == 0 { Err(format!("Invalid window size value: 0"))? @@ -144,7 +155,7 @@ impl VariableBaseMSM { let num_bits = ::Params::MODULUS_BITS as usize; let fr_one = G::ScalarField::one().into_repr(); - let zero = G::zero().into_projective(); + let zero = G::zero(); let window_starts: Vec<_> = (0..num_bits).step_by(c).collect(); // Each window is of size `c`. @@ -164,7 +175,7 @@ impl VariableBaseMSM { if scalar == fr_one { // We only process unit scalars once in the first window. if w_start == 0 { - res.add_assign_mixed(base); + res.add_affine_assign(base); } } else { let mut scalar = scalar; @@ -180,15 +191,20 @@ impl VariableBaseMSM { // bucket. // (Recall that `buckets` doesn't have a zero bucket.) if scalar != 0 { - buckets[(scalar - 1) as usize].add_assign_mixed(&base); + buckets[(scalar - 1) as usize].add_affine_assign(&base); } } }); - G::Projective::batch_normalization(&mut buckets); - - let mut running_sum = G::Projective::zero(); - for b in buckets.into_iter().map(|g| g.into_affine()).rev() { - running_sum.add_assign_mixed(&b); + G::batch_normalization(&mut buckets); + + let mut running_sum = G::zero(); + for b in buckets + .into_iter() + .filter(|g| !g.is_zero()) + .map(|g| g.into_affine().unwrap()) + .rev() + { + running_sum.add_affine_assign(&b); res += &running_sum; } @@ -215,10 +231,10 @@ impl VariableBaseMSM { Ok(result) } - pub fn msm_inner( - bases: &[G], + pub fn msm_inner( + bases: &[G::AffineRep], scalars: &[::BigInt], - ) -> Result { + ) -> Result { let scal_len = scalars.len(); let c: usize = if scal_len < 32 { @@ -230,46 +246,19 @@ impl VariableBaseMSM { Self::msm_inner_c(bases, scalars, c) } - pub fn multi_scalar_mul( - bases: &[G], - scalars: &[::BigInt], - ) -> Result - where - G::Projective: ProjectiveCurve, - { - let c = Self::get_optimal_window_size_for_msm_affine::(scalars.len()); - - Self::multi_scalar_mul_affine_c(bases, scalars, c) - } - /// Hardcoded window sizes below were chosen using results from benches in algebra/benches/criterion_msm/... - fn get_optimal_window_size_for_msm_affine(scalars_len: usize) -> usize { + fn get_optimal_window_size_for_msm_affine(scalars_len: usize) -> usize { let c: usize = if scalars_len < 32 { 3 } else { (2.0 / 3.0 * (f64::from(scalars_len as u32)).log2() - 2.0).ceil() as usize }; - #[cfg(feature = "bn_382")] - if std::any::TypeId::of::() == std::any::TypeId::of::() - || std::any::TypeId::of::() - == std::any::TypeId::of::() - || std::any::TypeId::of::() - == std::any::TypeId::of::() - { - return match scalars_len { - scalars_len if scalars_len <= 1 << 16 => c, - scalars_len if scalars_len <= 1 << 21 => 12, - scalars_len if scalars_len <= 1 << 23 => 16, - _ => c, - }; - } - #[cfg(feature = "tweedle")] if std::any::TypeId::of::() - == std::any::TypeId::of::() + == std::any::TypeId::of::() || std::any::TypeId::of::() - == std::any::TypeId::of::() + == std::any::TypeId::of::() { return 11; } @@ -282,47 +271,47 @@ impl VariableBaseMSM { mod test { use super::*; use crate::UniformRand; + use crate::fields::BitIterator; use rand::Rng; #[allow(dead_code)] - fn naive_var_base_msm( + fn naive_var_base_msm( bases: &[G], scalars: &[::BigInt], - ) -> G::Projective { - let mut acc = ::zero(); + ) -> G { + let mut acc = G::zero(); for (base, scalar) in bases.iter().zip(scalars.iter()) { - acc += &base.mul(*scalar); + acc += &base.mul_bits(BitIterator::new(scalar)); } acc } #[allow(dead_code)] - fn test_all_variants(samples: usize, rng: &mut R) { + fn test_all_variants(samples: usize, rng: &mut R) { let v = (0..samples) .map(|_| G::ScalarField::rand(rng).into_repr()) .collect::>(); let g = (0..samples) - .map(|_| G::rand(rng).into_affine()) + .map(|_| G::rand(rng)) .collect::>(); + let g_affine = G::batch_into_affine(g.as_slice()); + let naive = naive_var_base_msm(g.as_slice(), v.as_slice()); - let fast = VariableBaseMSM::msm_inner(g.as_slice(), v.as_slice()).unwrap(); - let affine = VariableBaseMSM::multi_scalar_mul(g.as_slice(), v.as_slice()).unwrap(); - let inner = VariableBaseMSM::msm_inner(g.as_slice(), v.as_slice()).unwrap(); + let fast = VariableBaseMSM::multi_scalar_mul(g_affine.as_slice(), v.as_slice()).unwrap(); + let affine = VariableBaseMSM::msm_inner(g_affine.as_slice(), v.as_slice()).unwrap(); assert_eq!(naive, fast); - assert_eq!(naive, affine); - assert_eq!(naive, inner); } #[cfg(feature = "tweedle")] #[test] fn test_all_variants_tweedle() { - use crate::curves::tweedle::dee::Projective as TweedleDee; - use crate::curves::tweedle::dum::Projective as TweedleDum; + use crate::curves::tweedle::dee::DeeJacobian as TweedleDee; + use crate::curves::tweedle::dum::DumJacobian as TweedleDum; use rand::SeedableRng; let rng = &mut rand_xorshift::XorShiftRng::seed_from_u64(234872845u64); From d99c83a410a6ea27d221a19c0523170ae79c089d Mon Sep 17 00:00:00 2001 From: Phoinic Date: Fri, 26 Nov 2021 01:58:31 +0200 Subject: [PATCH 24/79] Group trait for polynomial --- .../criterion_msm/variable_msm_tweedle.rs | 2 +- algebra/src/curves/mod.rs | 17 ++- algebra/src/fft/polynomial/dense.rs | 103 ++++++++++++++++-- algebra/src/groups/mod.rs | 20 ++-- algebra/src/msm/variable_base.rs | 2 +- 5 files changed, 115 insertions(+), 29 deletions(-) diff --git a/algebra/benches/criterion_msm/variable_msm_tweedle.rs b/algebra/benches/criterion_msm/variable_msm_tweedle.rs index c99141076..c8183b527 100644 --- a/algebra/benches/criterion_msm/variable_msm_tweedle.rs +++ b/algebra/benches/criterion_msm/variable_msm_tweedle.rs @@ -77,7 +77,7 @@ fn variable_msm(c: &mut Criterion) { b.iter_batched( || { let (v, g) = load_data(samples); - (v, DeeJacobian::batch_into_affine(g.as_slice())) + (v, DeeJacobian::batch_into_affine(g.as_slice()).unwrap()) }, |(v, g)| { add_to_trace!( diff --git a/algebra/src/curves/mod.rs b/algebra/src/curves/mod.rs index 6968c1c4c..b7677c311 100644 --- a/algebra/src/curves/mod.rs +++ b/algebra/src/curves/mod.rs @@ -24,6 +24,7 @@ pub use self::models::*; pub trait Curve: Group + + Copy + From<::AffineRep> + TryInto<::AffineRep, Error = Error> { @@ -45,15 +46,23 @@ pub trait Curve: vec_affine.iter().map(|&affine| affine.into()).collect::>() } - fn batch_into_affine<'a>(vec_self: &'a [Self]) -> Vec + fn batch_into_affine<'a>(vec_self: &'a [Self]) -> Result, Error> { - vec_self.iter().map(|&projective| projective.into_affine().unwrap()).collect::>() + vec_self.iter().map(|&projective| projective.into_affine()).collect::, _>>() } fn add_affine<'a>(&self, other: &'a Self::AffineRep) -> Self; fn add_affine_assign<'a>(&mut self, other: &'a Self::AffineRep); + /// Returns `self + self`. + #[must_use] + fn double(&self) -> Self { + let mut copy = *self; + copy.double_in_place(); + copy + } + // TODO: move to group trait? fn mul_bits>(&self, bits: BitIterator) -> Self; @@ -70,6 +79,10 @@ pub trait Curve: fn batch_normalization(v: &mut [Self]); + fn batch_normalization_into_affine(mut v: Vec) -> Result, Error> { + Self::batch_normalization(v.as_mut_slice()); + Self::batch_into_affine(v.as_slice()) + } /// Returns a fixed generator of unknown exponent. #[must_use] fn prime_subgroup_generator() -> Self; diff --git a/algebra/src/fft/polynomial/dense.rs b/algebra/src/fft/polynomial/dense.rs index e7c634cce..80182db3c 100644 --- a/algebra/src/fft/polynomial/dense.rs +++ b/algebra/src/fft/polynomial/dense.rs @@ -1,11 +1,15 @@ //! A polynomial represented in coefficient form. use crate::{get_best_evaluation_domain, DenseOrSparsePolynomial, EvaluationDomain, Evaluations}; -use crate::{serialize::*, Field, FromBytes, PrimeField, ToBytes}; -use rand::Rng; +use crate::{serialize::*, Field, Group, FromBytes, FromBytesChecked, SemanticallyValid, PrimeField, ToBytes}; +use rand::{ + distributions::{Distribution, Standard}, + Rng +}; use rayon::prelude::*; use std::fmt; -use std::ops::{Add, AddAssign, Deref, DerefMut, Div, Mul, Neg, Sub, SubAssign}; +use std::ops::{Add, AddAssign, Deref, DerefMut, Div, Mul, MulAssign, Neg, Sub, SubAssign}; +use std::io::{Read, Result as IoResult, Write}; /// Stores a polynomial in coefficient form. #[derive(Clone, PartialEq, Eq, Hash, Default, CanonicalSerialize, CanonicalDeserialize)] @@ -53,6 +57,21 @@ impl fmt::Debug for DensePolynomial { } } +impl fmt::Display for DensePolynomial { + fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> { + for (i, coeff) in self.coeffs.iter().enumerate().filter(|(_, c)| !c.is_zero()) { + if i == 0 { + write!(f, "\n{:?}", coeff)?; + } else if i == 1 { + write!(f, " + \n{:?} * x", coeff)?; + } else { + write!(f, " + \n{:?} * x^{}", coeff, i)?; + } + } + Ok(()) + } +} + impl Deref for DensePolynomial { type Target = [F]; @@ -382,25 +401,85 @@ impl<'a, 'b, F: PrimeField> Mul<&'a DensePolynomial> for &'b DensePolynomial< } } -impl Mul for DensePolynomial { +impl<'a, F: PrimeField> Mul<&'a F> for DensePolynomial { type Output = DensePolynomial; - fn mul(self, other: F) -> DensePolynomial { + fn mul(self, other: &'a F) -> DensePolynomial { <&DensePolynomial as Mul<&DensePolynomial>>::mul( &self, - &DensePolynomial::from_coefficients_slice(&[other]), + &DensePolynomial::from_coefficients_slice(&[*other]), ) } } -impl<'a, F: PrimeField> Mul for &'a DensePolynomial { +impl<'a, F: PrimeField> MulAssign<&'a F> for DensePolynomial { + + fn mul_assign(&mut self, other: &'a F) { + *self = self.clone() * other + } +} + +impl<'a, F: PrimeField> Add<&'a DensePolynomial> for DensePolynomial { type Output = DensePolynomial; - fn mul(self, other: F) -> DensePolynomial { - <&DensePolynomial as Mul<&DensePolynomial>>::mul( - &self, - &DensePolynomial::from_coefficients_slice(&[other]), - ) + fn add(self, other: &'a DensePolynomial) -> DensePolynomial { + &self + other + } +} + +impl<'a, F: PrimeField> Sub<&'a DensePolynomial> for DensePolynomial { + type Output = DensePolynomial; + + fn sub(self, other: &'a DensePolynomial) -> DensePolynomial { + &self - other + } +} + +// impl<'a, F: PrimeField> Mul for &'a DensePolynomial { +// type Output = DensePolynomial; +// +// fn mul(self, other: F) -> DensePolynomial { +// <&DensePolynomial as Mul<&DensePolynomial>>::mul( +// &self, +// &DensePolynomial::from_coefficients_slice(&[other]), +// ) +// } +// } + +impl Distribution> for Standard { + #[inline] + fn sample(&self, _rng: &mut R) -> DensePolynomial { + unimplemented!() + } +} + +impl FromBytesChecked for DensePolynomial { + fn read_checked(mut reader: R) -> IoResult { + Self::read(&mut reader) + } +} + + +impl SemanticallyValid for DensePolynomial { + fn is_valid(&self) -> bool { + return true; + } +} + +impl Group for DensePolynomial { + type ScalarField = F; + + fn zero() -> Self { + DensePolynomial::zero() + } + + fn is_zero(&self) -> bool { + self.is_zero() + } + + fn double_in_place(&mut self) -> &mut Self { + *self = self.clone() + self; + self } } diff --git a/algebra/src/groups/mod.rs b/algebra/src/groups/mod.rs index fa3a901ff..f2a1ebab4 100644 --- a/algebra/src/groups/mod.rs +++ b/algebra/src/groups/mod.rs @@ -12,7 +12,7 @@ use crate::{ bytes::{FromBytes, ToBytes}, fields::PrimeField, }; -use serde::{Deserialize, Serialize}; +// use serde::{Deserialize, Serialize}; #[cfg(test)] pub mod tests; @@ -23,11 +23,11 @@ pub trait Group: + FromBytes + FromBytesChecked + SemanticallyValid - + Serialize - + for<'a> Deserialize<'a> + // + Serialize + // + for<'a> Deserialize<'a> + CanonicalSerialize + CanonicalDeserialize - + Copy + // + Copy + Clone + Debug + Display @@ -38,12 +38,6 @@ pub trait Group: + Hash + UniformRand + Neg - // + Add - // + Sub - // + Mul<::ScalarField, Output = Self> - // + AddAssign - // + SubAssign - // + MulAssign<::ScalarField> + for<'a> Add<&'a Self, Output = Self> + for<'a> Sub<&'a Self, Output = Self> + for<'a> Mul<&'a ::ScalarField, Output = Self> @@ -51,7 +45,7 @@ pub trait Group: + for<'a> SubAssign<&'a Self> + for<'a> MulAssign<&'a ::ScalarField> { - type ScalarField: PrimeField + Into<::BigInt>; + type ScalarField: PrimeField; /// Returns the additive identity. fn zero() -> Self; @@ -62,7 +56,7 @@ pub trait Group: /// Returns `self + self`. #[must_use] fn double(&self) -> Self { - let mut copy = *self; + let mut copy = self.clone(); copy.double_in_place(); copy } @@ -96,7 +90,7 @@ impl LinearCombination pub fn combine(&self) -> G { let mut combined = G::zero(); for (coeff, item) in self.items.iter() { - combined += &(*item * coeff); + combined += &(item.clone() * coeff); } combined } diff --git a/algebra/src/msm/variable_base.rs b/algebra/src/msm/variable_base.rs index 74324f51e..e63504abd 100644 --- a/algebra/src/msm/variable_base.rs +++ b/algebra/src/msm/variable_base.rs @@ -296,7 +296,7 @@ mod test { .map(|_| G::rand(rng)) .collect::>(); - let g_affine = G::batch_into_affine(g.as_slice()); + let g_affine = G::batch_into_affine(g.as_slice()).unwrap(); let naive = naive_var_base_msm(g.as_slice(), v.as_slice()); From 12a32abaf70fb5b5aeca40d0f1971ee42b7b91ce Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sat, 27 Nov 2021 17:21:00 +0200 Subject: [PATCH 25/79] Unused fields models removed and field became a group --- .../models/short_weierstrass_jacobian/mod.rs | 5 +- .../models/twisted_edwards_extended/tests.rs | 6 +- algebra/src/curves/secp256k1/mod.rs | 2 +- algebra/src/curves/tests.rs | 2 +- algebra/src/curves/tweedle/dee.rs | 2 +- algebra/src/curves/tweedle/dum.rs | 2 +- algebra/src/fft/polynomial/dense.rs | 1 + algebra/src/fields/macros.rs | 56 +- algebra/src/fields/mod.rs | 15 +- algebra/src/fields/models/cubic_extension.rs | 589 ------------------ algebra/src/fields/models/fp12_2over3over2.rs | 222 ------- algebra/src/fields/models/fp2.rs | 52 -- algebra/src/fields/models/fp3.rs | 95 --- algebra/src/fields/models/fp4.rs | 152 ----- algebra/src/fields/models/fp6_2over3.rs | 190 ------ algebra/src/fields/models/fp6_3over2.rs | 140 ----- algebra/src/fields/models/mod.rs | 23 +- .../src/fields/models/quadratic_extension.rs | 584 ----------------- algebra/src/fields/tweedle/tests.rs | 1 + algebra/src/groups/mod.rs | 4 +- algebra/src/groups/tests.rs | 4 +- 21 files changed, 51 insertions(+), 2096 deletions(-) delete mode 100644 algebra/src/fields/models/cubic_extension.rs delete mode 100644 algebra/src/fields/models/fp12_2over3over2.rs delete mode 100644 algebra/src/fields/models/fp2.rs delete mode 100644 algebra/src/fields/models/fp3.rs delete mode 100644 algebra/src/fields/models/fp4.rs delete mode 100644 algebra/src/fields/models/fp6_2over3.rs delete mode 100644 algebra/src/fields/models/fp6_3over2.rs delete mode 100644 algebra/src/fields/models/quadratic_extension.rs diff --git a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs index 55d790784..7e2c9c687 100644 --- a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs +++ b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs @@ -653,8 +653,9 @@ impl Curve for Jacobian

{ true } else { // Check that the point is on the curve - let y2 = self.y.square(); - let x3b = P::add_b(&((self.x.square() * &self.x) + &P::mul_by_a(&self.x))); + let normalized = self.normalize(); + let y2 = normalized.y.square(); + let x3b = P::add_b(&((normalized.x.square() * &normalized.x) + &P::mul_by_a(&normalized.x))); y2 == x3b } } diff --git a/algebra/src/curves/models/twisted_edwards_extended/tests.rs b/algebra/src/curves/models/twisted_edwards_extended/tests.rs index 98623d1ef..6b23d1300 100644 --- a/algebra/src/curves/models/twisted_edwards_extended/tests.rs +++ b/algebra/src/curves/models/twisted_edwards_extended/tests.rs @@ -1,4 +1,8 @@ -use crate::{fields::Field, MontgomeryModelParameters, TEModelParameters}; +use crate::{ + groups::Group, + fields::Field, + MontgomeryModelParameters, TEModelParameters +}; #[allow(dead_code)] pub(crate) fn montgomery_conversion_test

() diff --git a/algebra/src/curves/secp256k1/mod.rs b/algebra/src/curves/secp256k1/mod.rs index 74d6f9eec..7f072308f 100644 --- a/algebra/src/curves/secp256k1/mod.rs +++ b/algebra/src/curves/secp256k1/mod.rs @@ -6,7 +6,7 @@ use crate::curves::{ short_weierstrass_jacobian::Jacobian, }; use crate::fields::secp256k1::{fq::Fq, fr::Fr}; -use crate::{field_new, Field}; +use crate::{field_new, Group}; #[cfg(test)] mod tests; diff --git a/algebra/src/curves/tests.rs b/algebra/src/curves/tests.rs index fe677e47b..0e7e9fd59 100644 --- a/algebra/src/curves/tests.rs +++ b/algebra/src/curves/tests.rs @@ -2,7 +2,7 @@ use crate::UniformRand; use crate::{ groups::Group, curves::Curve, - fields::{Field, PrimeField, BitIterator}, + fields::{PrimeField, BitIterator}, serialize::{CanonicalDeserialize, CanonicalSerialize}, SWModelParameters/*, TEModelParameters,*/ }; diff --git a/algebra/src/curves/tweedle/dee.rs b/algebra/src/curves/tweedle/dee.rs index 18590cede..b9663b9e6 100644 --- a/algebra/src/curves/tweedle/dee.rs +++ b/algebra/src/curves/tweedle/dee.rs @@ -6,7 +6,7 @@ use crate::{ EndoMulParameters, ModelParameters, SWModelParameters, }, fields::tweedle::*, - Field, + Group, }; #[derive(Copy, Clone, Default, PartialEq, Eq)] diff --git a/algebra/src/curves/tweedle/dum.rs b/algebra/src/curves/tweedle/dum.rs index 7c814fdef..287735188 100644 --- a/algebra/src/curves/tweedle/dum.rs +++ b/algebra/src/curves/tweedle/dum.rs @@ -6,7 +6,7 @@ use crate::{ }, field_new, fields::tweedle::*, - Field, + Group, }; #[derive(Copy, Clone, Default, PartialEq, Eq)] diff --git a/algebra/src/fft/polynomial/dense.rs b/algebra/src/fft/polynomial/dense.rs index 80182db3c..eff2e33e7 100644 --- a/algebra/src/fft/polynomial/dense.rs +++ b/algebra/src/fft/polynomial/dense.rs @@ -488,6 +488,7 @@ mod tests { use crate::domain::get_best_evaluation_domain; use crate::fields::tweedle::fr::Fr; use crate::fields::Field; + use crate::groups::Group; use crate::polynomial::*; use crate::UniformRand; use rand::thread_rng; diff --git a/algebra/src/fields/macros.rs b/algebra/src/fields/macros.rs index 67ee6bd3a..8d064b33b 100644 --- a/algebra/src/fields/macros.rs +++ b/algebra/src/fields/macros.rs @@ -142,32 +142,6 @@ macro_rules! impl_Fp { impl Field for $Fp

{ type BasePrimeField = Self; - #[inline] - fn zero() -> Self { - $Fp::

($BigInteger::from(0), PhantomData) - } - - #[inline] - fn is_zero(&self) -> bool { - self.0.is_zero() - } - - #[inline] - fn double(&self) -> Self { - let mut temp = *self; - temp.double_in_place(); - temp - } - - #[inline] - fn double_in_place(&mut self) -> &mut Self { - // This cannot exceed the backing capacity. - self.0.mul2(); - // However, it may need to be reduced. - self.reduce(); - self - } - #[inline] fn one() -> Self { $Fp::

(P::R, PhantomData) @@ -637,5 +611,35 @@ macro_rules! impl_Fp { self.mul_assign(&other.inverse().unwrap()); } } + + impl Group for $Fp

{ + type ScalarField = Self; + + #[inline] + fn zero() -> Self { + $Fp::

($BigInteger::from(0), PhantomData) + } + + #[inline] + fn is_zero(&self) -> bool { + self.0.is_zero() + } + + #[inline] + fn double(&self) -> Self { + let mut temp = *self; + temp.double_in_place(); + temp + } + + #[inline] + fn double_in_place(&mut self) -> &mut Self { + // This cannot exceed the backing capacity. + self.0.mul2(); + // However, it may need to be reduced. + self.reduce(); + self + } + } } } diff --git a/algebra/src/fields/mod.rs b/algebra/src/fields/mod.rs index a6bc64d4d..d3f7885ea 100644 --- a/algebra/src/fields/mod.rs +++ b/algebra/src/fields/mod.rs @@ -2,6 +2,7 @@ use crate::{ biginteger::BigInteger, bits::{FromBits, ToBits}, bytes::{FromBytes, ToBytes}, + Group, serialize::{ CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, CanonicalSerializeWithFlags, EmptyFlags, Flags, @@ -73,6 +74,7 @@ pub trait MulShortAssign { /// The interface for a generic field. pub trait Field: 'static + + Group + ToBytes + FromBytes + FromBytesChecked @@ -126,12 +128,6 @@ pub trait Field: { type BasePrimeField: PrimeField; - /// Returns the zero element of the field, the additive identity. - fn zero() -> Self; - - /// Returns true if and only if `self == Self::zero()`. - fn is_zero(&self) -> bool; - /// Returns the one element of the field, a field generator. fn one() -> Self; @@ -146,13 +142,6 @@ pub trait Field: Self::BasePrimeField::characteristic() } - /// Returns `self + self`. - #[must_use] - fn double(&self) -> Self; - - /// Doubles `self` in place. - fn double_in_place(&mut self) -> &mut Self; - /// Returns `self * self`. #[must_use] fn square(&self) -> Self; diff --git a/algebra/src/fields/models/cubic_extension.rs b/algebra/src/fields/models/cubic_extension.rs deleted file mode 100644 index 1a7e327ed..000000000 --- a/algebra/src/fields/models/cubic_extension.rs +++ /dev/null @@ -1,589 +0,0 @@ -use rand::{ - distributions::{Distribution, Standard}, - Rng, -}; -use std::{ - cmp::{Ord, Ordering, PartialOrd}, - fmt, - io::{Read, Result as IoResult, Write}, - marker::PhantomData, - ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}, -}; - -use crate::{ - bits::{FromBits, ToBits}, - bytes::{FromBytes, ToBytes}, - fields::{Field, FpParameters, PrimeField}, - CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, - CanonicalSerializeWithFlags, EmptyFlags, Error, Flags, SemanticallyValid, SerializationError, - UniformRand, -}; -use serde::{Deserialize, Serialize}; - -/// Model for cubic extension field of a prime field F=BasePrimeField -/// F3 = F[X]/(X^3-alpha), -/// with alpha being a (quadratic) "non-residue" (for which X^3-alpha is irreducible). -/// -/// We implement inversion according to -/// Beuchat, et al., High-Speed Software Implementation of the Optimal Ate Pairing over Barreto–Naehrig Curves -/// https://eprint.iacr.org/2010/354.pdf, -/// and square and Karatsuba multiplication according to -/// Devegili, et al., Multiplication and Squaring on Abstract Pairing-Friendly Fields -/// https://eprint.iacr.org/2006/471.pdf -pub trait CubicExtParameters: 'static + Send + Sync { - /// The prime field that this cubic extension is eventually an extension of. - type BasePrimeField: PrimeField; - /// The base field that this field is a cubic extension of. - type BaseField: Field; - /// The type of the coefficients for an efficient implementation of the - /// Frobenius endomorphism. - type FrobCoeff: Field; - - /// The degree of the extension over the base prime field. - const DEGREE_OVER_BASE_PRIME_FIELD: usize; - - /// The cubic non-residue used to construct the extension. - const NONRESIDUE: Self::BaseField; - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff]; - const FROBENIUS_COEFF_C2: &'static [Self::FrobCoeff]; - - /// A specializable method for multiplying an element of the base field by - /// the quadratic non-residue. This is used in multiplication and squaring. - #[inline(always)] - fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { - Self::NONRESIDUE * fe - } - - /// A specializable method for multiplying an element of the base field by - /// the appropriate Frobenius coefficient. - fn mul_base_field_by_frob_coeff( - c1: &mut Self::BaseField, - c2: &mut Self::BaseField, - power: usize, - ); -} - -#[derive(Derivative)] -#[derivative( - Default(bound = "P: CubicExtParameters"), - Hash(bound = "P: CubicExtParameters"), - Clone(bound = "P: CubicExtParameters"), - Copy(bound = "P: CubicExtParameters"), - Debug(bound = "P: CubicExtParameters"), - PartialEq(bound = "P: CubicExtParameters"), - Eq(bound = "P: CubicExtParameters") -)] -#[derive(Serialize, Deserialize)] -pub struct CubicExtField { - pub c0: P::BaseField, - pub c1: P::BaseField, - pub c2: P::BaseField, - #[derivative(Debug = "ignore")] - #[serde(skip)] - #[doc(hidden)] - pub _parameters: PhantomData

, -} - -impl CubicExtField

{ - pub fn new(c0: P::BaseField, c1: P::BaseField, c2: P::BaseField) -> Self { - CubicExtField { - c0, - c1, - c2, - _parameters: PhantomData, - } - } - - pub fn mul_assign_by_basefield(&mut self, value: &P::BaseField) { - self.c0.mul_assign(value); - self.c1.mul_assign(value); - self.c2.mul_assign(value); - } - - /// Calculate the norm of an element with respect to the base field `P::BaseField`. - pub fn norm(&self) -> P::BaseField { - let mut self_to_p = *self; - self_to_p.frobenius_map(1); - let mut self_to_p2 = *self; - self_to_p2.frobenius_map(2); - self_to_p *= &(self_to_p2 * self); - debug_assert!(self_to_p.c1.is_zero() && self_to_p.c2.is_zero()); - self_to_p.c0 - } -} - -impl Field for CubicExtField

{ - type BasePrimeField = P::BasePrimeField; - - fn zero() -> Self { - CubicExtField { - c0: P::BaseField::zero(), - c1: P::BaseField::zero(), - c2: P::BaseField::zero(), - _parameters: PhantomData, - } - } - - fn is_zero(&self) -> bool { - self.c0.is_zero() && self.c1.is_zero() && self.c2.is_zero() - } - - fn one() -> Self { - CubicExtField { - c0: P::BaseField::one(), - c1: P::BaseField::zero(), - c2: P::BaseField::zero(), - _parameters: PhantomData, - } - } - - fn is_one(&self) -> bool { - self.c0.is_one() && self.c1.is_zero() && self.c2.is_zero() - } - - fn is_odd(&self) -> bool { - self.c2.is_odd() - || (self.c2.is_zero() && self.c1.is_odd()) - || (self.c2.is_zero() && self.c1.is_zero() && self.c0.is_odd()) - } - - #[inline] - fn characteristic<'a>() -> &'a [u64] { - P::BaseField::characteristic() - } - - fn double(&self) -> Self { - let mut result = self.clone(); - result.double_in_place(); - result - } - - fn double_in_place(&mut self) -> &mut Self { - self.c0.double_in_place(); - self.c1.double_in_place(); - self.c2.double_in_place(); - self - } - - fn square(&self) -> Self { - let mut result = self.clone(); - result.square_in_place(); - result - } - - fn square_in_place(&mut self) -> &mut Self { - // Devegili OhEig Scott Dahab --- Multiplication and Squaring on - // AbstractPairing-Friendly - // Fields.pdf; Section 4 (CH-SQR2) - let a = self.c0.clone(); - let b = self.c1.clone(); - let c = self.c2.clone(); - - let s0 = a.square(); - let ab = a * &b; - let s1 = ab.double(); - let s2 = (a - &b + &c).square(); - let bc = b * &c; - let s3 = bc.double(); - let s4 = c.square(); - - self.c0 = s0 + &P::mul_base_field_by_nonresidue(&s3); - self.c1 = s1 + &P::mul_base_field_by_nonresidue(&s4); - self.c2 = s1 + &s2 + &s3 - &s0 - &s4; - self - } - - fn inverse(&self) -> Option { - if self.is_zero() { - None - } else { - // From "High-Speed Software Implementation of the Optimal Ate AbstractPairing - // over - // Barreto-Naehrig Curves"; Algorithm 17 - let t0 = self.c0.square(); - let t1 = self.c1.square(); - let t2 = self.c2.square(); - let mut t3 = self.c0.clone(); - t3.mul_assign(&self.c1); - let mut t4 = self.c0.clone(); - t4.mul_assign(&self.c2); - let mut t5 = self.c1.clone(); - t5.mul_assign(&self.c2); - let n5 = P::mul_base_field_by_nonresidue(&t5); - - let mut s0 = t0.clone(); - s0.sub_assign(&n5); - let mut s1 = P::mul_base_field_by_nonresidue(&t2); - s1.sub_assign(&t3); - let mut s2 = t1.clone(); - s2.sub_assign(&t4); // typo in paper referenced above. should be "-" as per Scott, but is "*" - - let mut a1 = self.c2.clone(); - a1.mul_assign(&s1); - let mut a2 = self.c1.clone(); - a2.mul_assign(&s2); - let mut a3 = a1.clone(); - a3.add_assign(&a2); - a3 = P::mul_base_field_by_nonresidue(&a3); - let mut t6 = self.c0.clone(); - t6.mul_assign(&s0); - t6.add_assign(&a3); - t6.inverse_in_place(); - - let mut c0 = t6.clone(); - c0.mul_assign(&s0); - let mut c1 = t6.clone(); - c1.mul_assign(&s1); - let mut c2 = t6.clone(); - c2.mul_assign(&s2); - - Some(Self::new(c0, c1, c2)) - } - } - - fn inverse_in_place(&mut self) -> Option<&mut Self> { - if let Some(inverse) = self.inverse() { - *self = inverse; - Some(self) - } else { - None - } - } - - fn frobenius_map(&mut self, power: usize) { - self.c0.frobenius_map(power); - self.c1.frobenius_map(power); - self.c2.frobenius_map(power); - - P::mul_base_field_by_frob_coeff(&mut self.c1, &mut self.c2, power); - } - - #[inline] - fn from_random_bytes_with_flags(bytes: &[u8]) -> Option<(Self, F)> { - let split_at = bytes.len() / 3; - if let Some(c0) = P::BaseField::from_random_bytes(&bytes[..split_at]) { - if let Some(c1) = P::BaseField::from_random_bytes(&bytes[split_at..2 * split_at]) { - if let Some((c2, flags)) = - P::BaseField::from_random_bytes_with_flags(&bytes[2 * split_at..]) - { - return Some((CubicExtField::new(c0, c1, c2), flags)); - } - } - } - None - } - - #[inline] - fn from_random_bytes(bytes: &[u8]) -> Option { - Self::from_random_bytes_with_flags::(bytes).map(|f| f.0) - } -} - -/// `CubicExtField` elements are ordered lexicographically. -impl Ord for CubicExtField

{ - #[inline(always)] - fn cmp(&self, other: &Self) -> Ordering { - let c2_cmp = self.c2.cmp(&other.c2); - let c1_cmp = self.c1.cmp(&other.c1); - let c0_cmp = self.c0.cmp(&other.c0); - if c2_cmp == Ordering::Equal { - if c1_cmp == Ordering::Equal { - c0_cmp - } else { - c1_cmp - } - } else { - c2_cmp - } - } -} - -impl PartialOrd for CubicExtField

{ - #[inline(always)] - fn partial_cmp(&self, other: &Self) -> Option { - Some(self.cmp(other)) - } -} - -impl From for CubicExtField

-where - P::BaseField: From, -{ - fn from(other: u128) -> Self { - let fe: P::BaseField = other.into(); - Self::new(fe, P::BaseField::zero(), P::BaseField::zero()) - } -} - -impl From for CubicExtField

-where - P::BaseField: From, -{ - fn from(other: u64) -> Self { - let fe: P::BaseField = other.into(); - Self::new(fe, P::BaseField::zero(), P::BaseField::zero()) - } -} - -impl From for CubicExtField

-where - P::BaseField: From, -{ - fn from(other: u32) -> Self { - let fe: P::BaseField = other.into(); - Self::new(fe, P::BaseField::zero(), P::BaseField::zero()) - } -} - -impl From for CubicExtField

-where - P::BaseField: From, -{ - fn from(other: u16) -> Self { - let fe: P::BaseField = other.into(); - Self::new(fe, P::BaseField::zero(), P::BaseField::zero()) - } -} - -impl From for CubicExtField

-where - P::BaseField: From, -{ - fn from(other: u8) -> Self { - let fe: P::BaseField = other.into(); - Self::new(fe, P::BaseField::zero(), P::BaseField::zero()) - } -} - -impl ToBytes for CubicExtField

{ - #[inline] - fn write(&self, mut writer: W) -> IoResult<()> { - self.c0.write(&mut writer)?; - self.c1.write(&mut writer)?; - self.c2.write(writer) - } -} - -impl FromBytes for CubicExtField

{ - #[inline] - fn read(mut reader: R) -> IoResult { - let c0 = P::BaseField::read(&mut reader)?; - let c1 = P::BaseField::read(&mut reader)?; - let c2 = P::BaseField::read(reader)?; - Ok(CubicExtField::new(c0, c1, c2)) - } -} - -impl ToBits for CubicExtField

{ - fn write_bits(&self) -> Vec { - let mut bits = self.c0.write_bits(); - bits.extend_from_slice(self.c1.write_bits().as_slice()); - bits.extend_from_slice(self.c2.write_bits().as_slice()); - bits - } -} - -impl FromBits for CubicExtField

{ - fn read_bits(bits: Vec) -> Result { - let size = (P::DEGREE_OVER_BASE_PRIME_FIELD / 3) - * ::Params::MODULUS_BITS as usize; - let c0 = P::BaseField::read_bits(bits[..size].to_vec())?; - let c1 = P::BaseField::read_bits(bits[size..(2 * size)].to_vec())?; - let c2 = P::BaseField::read_bits(bits[(2 * size)..].to_vec())?; - Ok(CubicExtField::new(c0, c1, c2)) - } -} - -impl CanonicalSerializeWithFlags for CubicExtField

{ - #[inline] - fn serialize_with_flags( - &self, - mut writer: W, - flags: F, - ) -> Result<(), SerializationError> { - CanonicalSerialize::serialize(&self.c0, &mut writer)?; - CanonicalSerialize::serialize(&self.c1, &mut writer)?; - self.c2.serialize_with_flags(&mut writer, flags)?; - Ok(()) - } - - #[inline] - fn serialized_size_with_flags(&self) -> usize { - self.c0.serialized_size() - + self.c1.serialized_size() - + self.c2.serialized_size_with_flags::() - } -} - -impl CanonicalSerialize for CubicExtField

{ - #[inline] - fn serialize(&self, writer: W) -> Result<(), SerializationError> { - self.serialize_with_flags(writer, EmptyFlags) - } - - #[inline] - fn serialized_size(&self) -> usize { - self.serialized_size_with_flags::() - } -} - -impl CanonicalDeserializeWithFlags for CubicExtField

{ - #[inline] - fn deserialize_with_flags( - mut reader: R, - ) -> Result<(Self, F), SerializationError> { - let c0 = CanonicalDeserialize::deserialize(&mut reader)?; - let c1 = CanonicalDeserialize::deserialize(&mut reader)?; - let (c2, flags) = CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; - Ok((CubicExtField::new(c0, c1, c2), flags)) - } -} - -impl CanonicalDeserialize for CubicExtField

{ - #[inline] - fn deserialize(mut reader: R) -> Result { - let c0: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let c1: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let c2: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - Ok(CubicExtField::new(c0, c1, c2)) - } -} - -impl SemanticallyValid for CubicExtField

{ - #[inline] - fn is_valid(&self) -> bool { - self.c0.is_valid() && self.c1.is_valid() && self.c2.is_valid() - } -} - -impl Neg for CubicExtField

{ - type Output = Self; - #[inline] - fn neg(self) -> Self { - let mut res = self.clone(); - res.c0 = res.c0.neg(); - res.c1 = res.c1.neg(); - res.c2 = res.c2.neg(); - res - } -} - -impl Distribution> for Standard { - #[inline] - fn sample(&self, rng: &mut R) -> CubicExtField

{ - CubicExtField::new( - UniformRand::rand(rng), - UniformRand::rand(rng), - UniformRand::rand(rng), - ) - } -} - -impl<'a, P: CubicExtParameters> Add<&'a CubicExtField

> for CubicExtField

{ - type Output = Self; - - #[inline] - fn add(self, other: &Self) -> Self { - let mut result = self; - result.add_assign(other); - result - } -} - -impl<'a, P: CubicExtParameters> Sub<&'a CubicExtField

> for CubicExtField

{ - type Output = Self; - - #[inline] - fn sub(self, other: &Self) -> Self { - let mut result = self; - result.sub_assign(other); - result - } -} - -impl<'a, P: CubicExtParameters> Mul<&'a CubicExtField

> for CubicExtField

{ - type Output = Self; - - #[inline] - fn mul(self, other: &Self) -> Self { - let mut result = self; - result.mul_assign(other); - result - } -} - -impl<'a, P: CubicExtParameters> Div<&'a CubicExtField

> for CubicExtField

{ - type Output = Self; - - #[inline] - fn div(self, other: &Self) -> Self { - let mut result = self; - result.mul_assign(&other.inverse().unwrap()); - result - } -} - -impl<'a, P: CubicExtParameters> AddAssign<&'a Self> for CubicExtField

{ - #[inline] - fn add_assign(&mut self, other: &Self) { - self.c0.add_assign(&other.c0); - self.c1.add_assign(&other.c1); - self.c2.add_assign(&other.c2); - } -} - -impl<'a, P: CubicExtParameters> SubAssign<&'a Self> for CubicExtField

{ - #[inline] - fn sub_assign(&mut self, other: &Self) { - self.c0.sub_assign(&other.c0); - self.c1.sub_assign(&other.c1); - self.c2.sub_assign(&other.c2); - } -} - -impl_additive_ops_from_ref!(CubicExtField, CubicExtParameters); -impl_multiplicative_ops_from_ref!(CubicExtField, CubicExtParameters); - -impl<'a, P: CubicExtParameters> MulAssign<&'a Self> for CubicExtField

{ - #[inline] - fn mul_assign(&mut self, other: &Self) { - // Devegili OhEig Scott Dahab --- Multiplication and Squaring on - // AbstractPairing-Friendly - // Fields.pdf; Section 4 (Karatsuba) - - let a = other.c0; - let b = other.c1; - let c = other.c2; - - let d = self.c0; - let e = self.c1; - let f = self.c2; - - let ad = d * &a; - let be = e * &b; - let cf = f * &c; - - let x = (e + &f) * &(b + &c) - &be - &cf; - let y = (d + &e) * &(a + &b) - &ad - &be; - let z = (d + &f) * &(a + &c) - &ad + &be - &cf; - - self.c0 = ad + &P::mul_base_field_by_nonresidue(&x); - self.c1 = y + &P::mul_base_field_by_nonresidue(&cf); - self.c2 = z; - } -} - -impl<'a, P: CubicExtParameters> DivAssign<&'a Self> for CubicExtField

{ - #[inline] - fn div_assign(&mut self, other: &Self) { - self.mul_assign(&other.inverse().unwrap()); - } -} - -impl fmt::Display for CubicExtField

{ - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - write!(f, "CubicExtField({}, {}, {})", self.c0, self.c1, self.c2) - } -} diff --git a/algebra/src/fields/models/fp12_2over3over2.rs b/algebra/src/fields/models/fp12_2over3over2.rs deleted file mode 100644 index 5725b9b31..000000000 --- a/algebra/src/fields/models/fp12_2over3over2.rs +++ /dev/null @@ -1,222 +0,0 @@ -use super::quadratic_extension::*; -use crate::fields::{fp6_3over2::*, Field, Fp2, Fp2Parameters}; -use std::marker::PhantomData; -use std::ops::{AddAssign, SubAssign}; - -type Fp2Params

= <

::Fp6Params as Fp6Parameters>::Fp2Params; - -pub trait Fp12Parameters: 'static + Send + Sync + Copy { - type Fp6Params: Fp6Parameters; - - /// This *must* equal (0, 1, 0); - /// see [[DESD06, Section 6.1]](https://eprint.iacr.org/2006/471.pdf). - const NONRESIDUE: Fp6; - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_FP12_C1: &'static [Fp2>]; - - /// Multiply by quadratic nonresidue v. - #[inline(always)] - fn mul_fp6_by_nonresidue(fe: &Fp6) -> Fp6 { - // see [[DESD06, Section 6.1]](https://eprint.iacr.org/2006/471.pdf). - let new_c0 = Self::Fp6Params::mul_fp2_by_nonresidue(&fe.c2); - let new_c1 = fe.c0; - let new_c2 = fe.c1; - Fp6::new(new_c0, new_c1, new_c2) - } -} - -pub struct Fp12ParamsWrapper(PhantomData

); - -impl QuadExtParameters for Fp12ParamsWrapper

{ - type BasePrimeField = as Fp2Parameters>::Fp; - type BaseField = Fp6; - type FrobCoeff = Fp2>; - - const DEGREE_OVER_BASE_PRIME_FIELD: usize = 12; - - const NONRESIDUE: Self::BaseField = P::NONRESIDUE; - - const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP12_C1; - - #[inline(always)] - fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { - P::mul_fp6_by_nonresidue(fe) - } - - fn mul_base_field_by_frob_coeff(fe: &mut Self::BaseField, power: usize) { - fe.mul_assign_by_fp2(Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]); - } - - fn cyclotomic_square(fe: &QuadExtField) -> QuadExtField { - // Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions - // - Robert Granger and Michael Scott - // - if characteristic_square_mod_6_is_one(QuadExtField::::characteristic()) { - let mut result = QuadExtField::::zero(); - let fp2_nr = ::mul_fp2_by_nonresidue; - - let mut z0 = fe.c0.c0; - let mut z4 = fe.c0.c1; - let mut z3 = fe.c0.c2; - let mut z2 = fe.c1.c0; - let mut z1 = fe.c1.c1; - let mut z5 = fe.c1.c2; - - // t0 + t1*y = (z0 + z1*y)^2 = a^2 - let mut tmp = z0 * &z1; - let t0 = (z0 + &z1) * &(z0 + &fp2_nr(&z1)) - &tmp - &fp2_nr(&tmp); - let t1 = tmp.double(); - - // t2 + t3*y = (z2 + z3*y)^2 = b^2 - tmp = z2 * &z3; - let t2 = (z2 + &z3) * &(z2 + &fp2_nr(&z3)) - &tmp - &fp2_nr(&tmp); - let t3 = tmp.double(); - - // t4 + t5*y = (z4 + z5*y)^2 = c^2 - tmp = z4 * &z5; - let t4 = (z4 + &z5) * &(z4 + &fp2_nr(&z5)) - &tmp - &fp2_nr(&tmp); - let t5 = tmp.double(); - - // for A - - // z0 = 3 * t0 - 2 * z0 - z0 = t0 - &z0; - z0 = z0 + &z0; - result.c0.c0 = z0 + &t0; - - // z1 = 3 * t1 + 2 * z1 - z1 = t1 + &z1; - z1 = z1 + &z1; - result.c1.c1 = z1 + &t1; - - // for B - - // z2 = 3 * (xi * t5) + 2 * z2 - tmp = fp2_nr(&t5); - z2 = tmp + &z2; - z2 = z2 + &z2; - result.c1.c0 = z2 + &tmp; - - // z3 = 3 * t4 - 2 * z3 - z3 = t4 - &z3; - z3 = z3 + &z3; - result.c0.c2 = z3 + &t4; - - // for C - - // z4 = 3 * t2 - 2 * z4 - z4 = t2 - &z4; - z4 = z4 + &z4; - result.c0.c1 = z4 + &t2; - - // z5 = 3 * t3 + 2 * z5 - z5 = t3 + &z5; - z5 = z5 + &z5; - result.c1.c2 = z5 + &t3; - - result - } else { - fe.square() - } - } -} - -pub type Fp12

= QuadExtField>; - -impl Fp12

{ - pub fn mul_by_fp( - &mut self, - element: &<::Fp2Params as Fp2Parameters>::Fp, - ) { - self.c0.mul_by_fp(element); - self.c1.mul_by_fp(element); - } - - pub fn mul_by_034( - &mut self, - c0: &Fp2>, - c3: &Fp2>, - c4: &Fp2>, - ) { - let a0 = self.c0.c0 * c0; - let a1 = self.c0.c1 * c0; - let a2 = self.c0.c2 * c0; - let a = Fp6::new(a0, a1, a2); - let mut b = self.c1; - b.mul_by_01(&c3, &c4); - - let c0 = *c0 + c3; - let c1 = c4; - let mut e = self.c0 + &self.c1; - e.mul_by_01(&c0, &c1); - self.c1 = e - &(a + &b); - self.c0 = a + &P::mul_fp6_by_nonresidue(&b); - } - - pub fn mul_by_014( - &mut self, - c0: &Fp2>, - c1: &Fp2>, - c4: &Fp2>, - ) { - let mut aa = self.c0; - aa.mul_by_01(c0, c1); - let mut bb = self.c1; - bb.mul_by_1(c4); - let mut o = *c1; - o.add_assign(c4); - self.c1.add_assign(&self.c0); - self.c1.mul_by_01(c0, &o); - self.c1.sub_assign(&aa); - self.c1.sub_assign(&bb); - self.c0 = bb; - self.c0 = P::mul_fp6_by_nonresidue(&self.c0); - self.c0.add_assign(&aa); - } -} - -// TODO: make `const fn` in 1.46. -pub fn characteristic_square_mod_6_is_one(characteristic: &[u64]) -> bool { - // characteristic mod 6 = (a_0 + 2**64 * a_1 + ...) mod 6 - // = a_0 mod 6 + (2**64 * a_1 mod 6) + (...) mod 6 - // = a_0 mod 6 + (4 * a_1 mod 6) + (4 * ...) mod 6 - let mut char_mod_6 = 0u64; - for (i, limb) in characteristic.iter().enumerate() { - char_mod_6 += if i == 0 { - limb % 6 - } else { - (4 * (limb % 6)) % 6 - }; - } - (char_mod_6 * char_mod_6) % 6 == 1 -} - -#[cfg(test)] -mod test { - #[test] - fn test_characteristic_square_mod_6_is_one() { - use super::*; - assert!(!characteristic_square_mod_6_is_one(&[36])); - assert!(characteristic_square_mod_6_is_one(&[37])); - assert!(!characteristic_square_mod_6_is_one(&[38])); - assert!(!characteristic_square_mod_6_is_one(&[39])); - assert!(!characteristic_square_mod_6_is_one(&[40])); - assert!(characteristic_square_mod_6_is_one(&[41])); - - assert!(!characteristic_square_mod_6_is_one(&[36, 36])); - assert!(!characteristic_square_mod_6_is_one(&[36, 37])); - assert!(!characteristic_square_mod_6_is_one(&[36, 38])); - assert!(!characteristic_square_mod_6_is_one(&[36, 39])); - assert!(!characteristic_square_mod_6_is_one(&[36, 40])); - assert!(!characteristic_square_mod_6_is_one(&[36, 41])); - - assert!(!characteristic_square_mod_6_is_one(&[36, 41])); - assert!(!characteristic_square_mod_6_is_one(&[37, 41])); - assert!(!characteristic_square_mod_6_is_one(&[38, 41])); - assert!(characteristic_square_mod_6_is_one(&[39, 41])); - assert!(!characteristic_square_mod_6_is_one(&[40, 41])); - assert!(characteristic_square_mod_6_is_one(&[41, 41])); - assert!(characteristic_square_mod_6_is_one(&[1, std::u64::MAX])); - } -} diff --git a/algebra/src/fields/models/fp2.rs b/algebra/src/fields/models/fp2.rs deleted file mode 100644 index 27b9cc221..000000000 --- a/algebra/src/fields/models/fp2.rs +++ /dev/null @@ -1,52 +0,0 @@ -use super::quadratic_extension::*; -use crate::fields::{PrimeField, SquareRootField}; -use std::marker::PhantomData; - -pub trait Fp2Parameters: 'static + Send + Sync { - type Fp: PrimeField + SquareRootField; - - //alpha - const NONRESIDUE: Self::Fp; - //quadratic nonresidue for square root algorithm - const QUADRATIC_NONRESIDUE: (Self::Fp, Self::Fp); - //coefficients of the powers of the Frobenius automorphism as linear map over F - // (pi^0(X), pi^1(X)) = (C1_0*X, C1_1*X), - const FROBENIUS_COEFF_FP2_C1: &'static [Self::Fp]; - - #[inline(always)] - fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp { - Self::NONRESIDUE * fe - } -} - -pub struct Fp2ParamsWrapper(PhantomData

); - -impl QuadExtParameters for Fp2ParamsWrapper

{ - type BasePrimeField = P::Fp; - type BaseField = P::Fp; - type FrobCoeff = P::Fp; - - const DEGREE_OVER_BASE_PRIME_FIELD: usize = 2; - - const NONRESIDUE: Self::BaseField = P::NONRESIDUE; - - const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP2_C1; - - #[inline(always)] - fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { - P::mul_fp_by_nonresidue(fe) - } - - fn mul_base_field_by_frob_coeff(fe: &mut Self::BaseField, power: usize) { - *fe *= &Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; - } -} - -pub type Fp2

= QuadExtField>; - -impl Fp2

{ - pub fn mul_assign_by_fp(&mut self, other: &P::Fp) { - self.c0 *= other; - self.c1 *= other; - } -} diff --git a/algebra/src/fields/models/fp3.rs b/algebra/src/fields/models/fp3.rs deleted file mode 100644 index 6047a5941..000000000 --- a/algebra/src/fields/models/fp3.rs +++ /dev/null @@ -1,95 +0,0 @@ -use super::cubic_extension::*; -use crate::fields::*; -use std::marker::PhantomData; - -pub trait Fp3Parameters: 'static + Send + Sync { - type Fp: PrimeField + SquareRootField; - - //alpha - const NONRESIDUE: Self::Fp; - // coefficients of the powers of the Frobenius automorphism as linear map over F - // (pi^0(X), pi^1(X), pi^2(X)) = (C1_0*X, C1_1*X +C1_2*X), - const FROBENIUS_COEFF_FP3_C1: &'static [Self::Fp]; - // (pi^0(X^2), pi^1(X^2), pi^2(X^2)) = (C2_0*X^2, C2_1*X^2 +C2_2*X^2), - const FROBENIUS_COEFF_FP3_C2: &'static [Self::Fp]; - /// p^3 - 1 = 2^s * t, where t is odd. - const TWO_ADICITY: u32; - const T_MINUS_ONE_DIV_TWO: &'static [u64]; - /// t-th power of a quadratic nonresidue in Fp3. - /// this is needed for the square root algorithm - const QUADRATIC_NONRESIDUE_TO_T: (Self::Fp, Self::Fp, Self::Fp); - - #[inline(always)] - fn mul_fp_by_nonresidue(fe: &Self::Fp) -> Self::Fp { - Self::NONRESIDUE * fe - } -} - -pub struct Fp3ParamsWrapper(PhantomData

); - -impl CubicExtParameters for Fp3ParamsWrapper

{ - type BasePrimeField = P::Fp; - type BaseField = P::Fp; - type FrobCoeff = P::Fp; - - const DEGREE_OVER_BASE_PRIME_FIELD: usize = 3; - - const NONRESIDUE: Self::BaseField = P::NONRESIDUE; - - const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP3_C1; - const FROBENIUS_COEFF_C2: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP3_C2; - - #[inline(always)] - fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { - P::mul_fp_by_nonresidue(fe) - } - - fn mul_base_field_by_frob_coeff( - c1: &mut Self::BaseField, - c2: &mut Self::BaseField, - power: usize, - ) { - *c1 *= &Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; - *c2 *= &Self::FROBENIUS_COEFF_C2[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; - } -} - -pub type Fp3

= CubicExtField>; - -impl Fp3

{ - pub fn mul_assign_by_fp(&mut self, value: &P::Fp) { - self.c0.mul_assign(value); - self.c1.mul_assign(value); - self.c2.mul_assign(value); - } - - /// Returns the value of QNR^T. - #[inline] - pub fn qnr_to_t() -> Self { - Self::new( - P::QUADRATIC_NONRESIDUE_TO_T.0, - P::QUADRATIC_NONRESIDUE_TO_T.1, - P::QUADRATIC_NONRESIDUE_TO_T.2, - ) - } -} - -impl SquareRootField for Fp3

{ - /// Returns the Legendre symbol. - fn legendre(&self) -> LegendreSymbol { - self.norm().legendre() - } - - /// Returns the square root of self, if it exists. - fn sqrt(&self) -> Option { - sqrt_impl!(Self, P, self) - } - - /// Sets `self` to be the square root of `self`, if it exists. - fn sqrt_in_place(&mut self) -> Option<&mut Self> { - (*self).sqrt().map(|sqrt| { - *self = sqrt; - self - }) - } -} diff --git a/algebra/src/fields/models/fp4.rs b/algebra/src/fields/models/fp4.rs deleted file mode 100644 index 2be0b86d8..000000000 --- a/algebra/src/fields/models/fp4.rs +++ /dev/null @@ -1,152 +0,0 @@ -use super::quadratic_extension::*; -use std::marker::PhantomData; - -use crate::{ - bits::{FromBits, FromCompressedBits, ToBits, ToCompressedBits}, - fields::{Field, Fp2, Fp2Parameters, SquareRootField}, - BitSerializationError, Error, -}; - -/// Model for quadratic extension field F4 as towered extension -/// -// F4 = F2[Y]/(Y^2-X), -// F2 = Fp[X]/(X^2-alpha), -/// -/// using a "non-residue" alpha mod p such that (X^4-alpha) is irreducible over Fp. -/// Its arithmetics includes pairing-relevant operations such as exponentiation and -/// squaring on the r-th unit roots of F4 (cyclotomic exp. and squ.). -pub trait Fp4Parameters: 'static + Send + Sync { - type Fp2Params: Fp2Parameters; - - /// This *must* equal (0, 1); - /// see [[DESD06, Section 5.1]](https://eprint.iacr.org/2006/471.pdf). - const NONRESIDUE: Fp2; - - /// Coefficients for the Frobenius automorphism. - /// non_residue^((modulus^i-1)/4) for i=0,1,2,3 - const FROBENIUS_COEFF_FP4_C1: &'static [::Fp]; - - #[inline(always)] - fn mul_fp2_by_nonresidue(fe: &Fp2) -> Fp2 { - // see [[DESD06, Section 5.1]](https://eprint.iacr.org/2006/471.pdf). - Fp2::new( - ::NONRESIDUE * &fe.c1, - fe.c0, - ) - } -} - -pub struct Fp4ParamsWrapper(PhantomData

); - -impl QuadExtParameters for Fp4ParamsWrapper

{ - type BasePrimeField = ::Fp; - type BaseField = Fp2; - type FrobCoeff = Self::BasePrimeField; - - const DEGREE_OVER_BASE_PRIME_FIELD: usize = 4; - - const NONRESIDUE: Self::BaseField = P::NONRESIDUE; - - const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP4_C1; - - #[inline(always)] - fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { - P::mul_fp2_by_nonresidue(fe) - } - - fn mul_base_field_by_frob_coeff(fe: &mut Self::BaseField, power: usize) { - fe.mul_assign_by_fp(&Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]); - } - - fn cyclotomic_square(fe: &QuadExtField) -> QuadExtField { - let a = fe.c1.square(); - let b = fe.c1 + &fe.c0; - let c = b.square() - &a; - let d = Self::mul_base_field_by_nonresidue(&a); - let e = c - &d; - QuadExtField::::new( - d.double() + &Self::BaseField::one(), - e - &Self::BaseField::one(), - ) - } -} - -pub type Fp4

= QuadExtField>; - -impl Fp4

{ - pub fn mul_by_fp(&mut self, element: &::Fp) { - self.c0.mul_assign_by_fp(element); - self.c1.mul_assign_by_fp(element); - } - - pub fn mul_by_fp2(&mut self, element: &Fp2) { - self.c0 *= element; - self.c1 *= element; - } - - //Mul by an element of the form (c0: [c0, 0] c1: [c2, c3]) - pub fn mul_by_023(self, other: &Self) -> Self { - let v0 = { - let v0_c0 = self.c0.c0 * &other.c0.c0; - let v0_c1 = self.c0.c1 * &other.c0.c0; - Fp2::new(v0_c0, v0_c1) - }; - let v1 = self.c1 * &other.c1; - - let c0 = v0 + &P::mul_fp2_by_nonresidue(&v1); - let c1 = (self.c0 + &self.c1) * &(other.c0 + &other.c1) - &v0 - &v1; - - Self::new(c0, c1) - } -} - -/// Note: compression and decompression of a Fqk element is possible thanks to a property of Ate pairing. -/// if c0 + i*c1 is the output of an Ate pairing, then holds that c0^2 - nr * c1^2 = 1. -/// Therefore, we can save c1 and compute c0 as sqrt(1 + nr*c1^2), dedicating a bit also for the sign -/// of the result. - -impl ToCompressedBits for Fp4

{ - #[inline] - fn compress(&self) -> Vec { - //Serialize c1 - let mut res = self.c1.write_bits(); - - //Set the MSB to indicate the parity of c0 - let parity = self.c0.is_odd(); - res.push(parity); - - res - } -} - -impl FromCompressedBits for Fp4

{ - #[inline] - fn decompress(compressed: Vec) -> Result { - let len = compressed.len() - 1; - let parity_flag_set = compressed[len]; - - //Mask away the flag bits and try to get the c1 component - let c1 = Fp2::read_bits(compressed[..len].to_vec())?; - - //Compute c0 - let c0 = { - let t = Fp2::one() + &P::mul_fp2_by_nonresidue(&(c1.square())); - t.sqrt() - }; - - match c0 { - //Estabilish c0 parity - Some(c0_u) => { - let c0_s = if c0_u.is_odd() ^ parity_flag_set { - -c0_u - } else { - c0_u - }; - Ok(Self::new(c0_s, c1)) - } - - //sqrt(1 + nr*c1^2) doesn't exists in the field - _ => Err(Box::new(BitSerializationError::UndefinedSqrt)), - } - } -} diff --git a/algebra/src/fields/models/fp6_2over3.rs b/algebra/src/fields/models/fp6_2over3.rs deleted file mode 100644 index a4c67ab5e..000000000 --- a/algebra/src/fields/models/fp6_2over3.rs +++ /dev/null @@ -1,190 +0,0 @@ -use super::quadratic_extension::*; -use std::marker::PhantomData; -use std::ops::{MulAssign, Neg}; - -use crate::{ - bits::{FromBits, FromCompressedBits, ToBits, ToCompressedBits}, - fields::{Field, Fp3, Fp3Parameters, SquareRootField}, - BitSerializationError, Error, -}; - -/// Model for quadratic extension field F6 as towered extension -/// -// F6 = F2[Y]/(Y^2-X), -// F3 = Fp[X]/(X^3-alpha), -/// -/// using a "non-residue" alpha mod p such that (X^6-alpha) is irreducible over Fp. -/// Its arithmetics includes pairing-relevant operations such as exponentiation and -/// squaring on the r-th unit roots of F6 (cyclotomic exp. and squ.). -pub trait Fp6Parameters: 'static + Send + Sync { - type Fp3Params: Fp3Parameters; - - const NONRESIDUE: Fp3; - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_FP6_C1: &'static [::Fp]; - - #[inline(always)] - fn mul_fp3_by_nonresidue(fe: &Fp3) -> Fp3 { - let mut res = *fe; - res.c0 = fe.c2; - res.c1 = fe.c0; - res.c2 = fe.c1; - res.c0 = ::mul_fp_by_nonresidue(&res.c0); - res - } -} - -pub struct Fp6ParamsWrapper(PhantomData

); - -impl QuadExtParameters for Fp6ParamsWrapper

{ - type BasePrimeField = ::Fp; - type BaseField = Fp3; - type FrobCoeff = Self::BasePrimeField; - - const DEGREE_OVER_BASE_PRIME_FIELD: usize = 6; - - const NONRESIDUE: Self::BaseField = P::NONRESIDUE; - - const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP6_C1; - - #[inline(always)] - fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { - P::mul_fp3_by_nonresidue(fe) - } - - fn mul_base_field_by_frob_coeff(fe: &mut Self::BaseField, power: usize) { - fe.mul_assign_by_fp(&Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]); - } -} - -pub type Fp6

= QuadExtField>; - -impl Fp6

{ - pub fn mul_by_034( - &mut self, - c0: &::Fp, - c3: &::Fp, - c4: &::Fp, - ) { - let z0 = self.c0.c0; - let z1 = self.c0.c1; - let z2 = self.c0.c2; - let z3 = self.c1.c0; - let z4 = self.c1.c1; - let z5 = self.c1.c2; - - let x0 = *c0; - let x3 = *c3; - let x4 = *c4; - - let mut tmp1 = x3; - tmp1.mul_assign(&::NONRESIDUE); - let mut tmp2 = x4; - tmp2.mul_assign(&::NONRESIDUE); - - self.c0.c0 = x0 * &z0 + &(tmp1 * &z5) + &(tmp2 * &z4); - self.c0.c1 = x0 * &z1 + &(x3 * &z3) + &(tmp2 * &z5); - self.c0.c2 = x0 * &z2 + &(x3 * &z4) + &(x4 * &z3); - self.c1.c0 = x0 * &z3 + &(x3 * &z0) + &(tmp2 * &z2); - self.c1.c1 = x0 * &z4 + &(x3 * &z1) + &(x4 * &z0); - self.c1.c2 = x0 * &z5 + &(x3 * &z2) + &(x4 * &z1); - } - - pub fn mul_by_014( - &mut self, - c0: &::Fp, - c1: &::Fp, - c4: &::Fp, - ) { - let z0 = self.c0.c0; - let z1 = self.c0.c1; - let z2 = self.c0.c2; - let z3 = self.c1.c0; - let z4 = self.c1.c1; - let z5 = self.c1.c2; - - let x0 = *c0; - let x1 = *c1; - let x4 = *c4; - - let mut tmp1 = x1; - tmp1.mul_assign(&::NONRESIDUE); - let mut tmp2 = x4; - tmp2.mul_assign(&::NONRESIDUE); - - self.c0.c0 = x0 * &z0 + &(tmp1 * &z2) + &(tmp2 * &z4); - self.c0.c1 = x0 * &z1 + &(x1 * &z0) + &(tmp2 * &z5); - self.c0.c2 = x0 * &z2 + &(x1 * &z1) + &(x4 * &z3); - self.c1.c0 = x0 * &z3 + &(tmp1 * &z5) + &(tmp2 * &z2); - self.c1.c1 = x0 * &z4 + &(x1 * &z3) + &(x4 * &z0); - self.c1.c2 = x0 * &z5 + &(x1 * &z4) + &(x4 * &z1); - } - - //Mul by an element of the form [c0: (0, 0, a), c1: (b, c, d)] - pub fn mul_by_2345(self, other: &Self) -> Self -/* Devegili OhEig Scott Dahab --- Multiplication and Squaring on Pairing-Friendly Fields.pdf; Section 3 (Karatsuba) */ - { - let v0 = { - let t = other.c0.c2 * &::NONRESIDUE; - Fp3::::new(self.c0.c1 * &t, self.c0.c2 * &t, self.c0.c0 * &other.c0.c2) - }; - let v1 = self.c1 * &other.c1; - let beta_v1 = P::mul_fp3_by_nonresidue(&v1); - let c0 = v0 + &beta_v1; - let c1 = (self.c0 + &self.c1) * &(other.c0 + &other.c1) - &v0 - &v1; - Self::new(c0, c1) - } -} - -/// Note: compression and decompression of a Fqk element is possible thanks to a property of Ate pairing. -/// if c0 + i*c1 is the output of an Ate pairing, then holds that c0^2 - nr * c1^2 = 1. -/// Therefore, we can save c1 and compute c0 as sqrt(1 + nr*c1^2), dedicating a bit also for the sign -/// of the result. - -impl ToCompressedBits for Fp6

{ - #[inline] - fn compress(&self) -> Vec { - //Serialize c1 - let mut res = self.c1.write_bits(); - - //Set the MSB to indicate the parity of c0 - let parity = self.c0.is_odd(); - res.push(parity); - - res - } -} - -impl FromCompressedBits for Fp6

{ - #[inline] - fn decompress(compressed: Vec) -> Result { - let len = compressed.len() - 1; - let parity_flag_set = compressed[len]; - - //Mask away the flag bits and try to get the c1 component - let c1 = Fp3::read_bits(compressed[..len].to_vec())?; - - //Compute c0 - let c0 = { - let t = Fp3::one() + &P::mul_fp3_by_nonresidue(&(c1.square())); - t.sqrt() - }; - - match c0 { - //Estabilish c0 parity - Some(c0_u) => { - let neg_c0u = c0_u.neg(); - let c0_s = if c0_u.is_odd() ^ parity_flag_set { - neg_c0u - } else { - c0_u - }; - Ok(Self::new(c0_s, c1)) - } - - //sqrt(1 + nr*c1^2) doesn't exists in the field - _ => Err(Box::new(BitSerializationError::UndefinedSqrt)), - } - } -} diff --git a/algebra/src/fields/models/fp6_3over2.rs b/algebra/src/fields/models/fp6_3over2.rs deleted file mode 100644 index 65216d4bf..000000000 --- a/algebra/src/fields/models/fp6_3over2.rs +++ /dev/null @@ -1,140 +0,0 @@ -use super::cubic_extension::*; -use crate::fields::*; -use std::marker::PhantomData; - -pub trait Fp6Parameters: 'static + Send + Sync + Copy { - type Fp2Params: Fp2Parameters; - - const NONRESIDUE: Fp2; - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_FP6_C1: &'static [Fp2]; - const FROBENIUS_COEFF_FP6_C2: &'static [Fp2]; - - #[inline(always)] - fn mul_fp2_by_nonresidue(fe: &Fp2) -> Fp2 { - Self::NONRESIDUE * fe - } -} - -pub struct Fp6ParamsWrapper(PhantomData

); - -impl CubicExtParameters for Fp6ParamsWrapper

{ - type BasePrimeField = ::Fp; - type BaseField = Fp2; - type FrobCoeff = Fp2; - - const DEGREE_OVER_BASE_PRIME_FIELD: usize = 6; - - const NONRESIDUE: Self::BaseField = P::NONRESIDUE; - - const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP6_C1; - const FROBENIUS_COEFF_C2: &'static [Self::FrobCoeff] = P::FROBENIUS_COEFF_FP6_C2; - - #[inline(always)] - fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { - P::mul_fp2_by_nonresidue(fe) - } - - fn mul_base_field_by_frob_coeff( - c1: &mut Self::BaseField, - c2: &mut Self::BaseField, - power: usize, - ) { - *c1 *= &Self::FROBENIUS_COEFF_C1[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; - *c2 *= &Self::FROBENIUS_COEFF_C2[power % Self::DEGREE_OVER_BASE_PRIME_FIELD]; - } -} - -pub type Fp6

= CubicExtField>; - -impl Fp6

{ - pub fn mul_assign_by_fp2(&mut self, other: Fp2) { - self.c0 *= &other; - self.c1 *= &other; - self.c2 *= &other; - } - - pub fn mul_by_fp(&mut self, element: &::Fp) { - self.c0.mul_assign_by_fp(&element); - self.c1.mul_assign_by_fp(&element); - self.c2.mul_assign_by_fp(&element); - } - - pub fn mul_by_fp2(&mut self, element: &Fp2) { - self.c0.mul_assign(element); - self.c1.mul_assign(element); - self.c2.mul_assign(element); - } - - pub fn mul_by_1(&mut self, c1: &Fp2) { - let mut b_b = self.c1; - b_b.mul_assign(c1); - - let mut t1 = *c1; - { - let mut tmp = self.c1; - tmp.add_assign(&self.c2); - - t1.mul_assign(&tmp); - t1.sub_assign(&b_b); - t1 = P::mul_fp2_by_nonresidue(&t1); - } - - let mut t2 = *c1; - { - let mut tmp = self.c0; - tmp.add_assign(&self.c1); - - t2.mul_assign(&tmp); - t2.sub_assign(&b_b); - } - - self.c0 = t1; - self.c1 = t2; - self.c2 = b_b; - } - - pub fn mul_by_01(&mut self, c0: &Fp2, c1: &Fp2) { - let mut a_a = self.c0; - let mut b_b = self.c1; - a_a.mul_assign(c0); - b_b.mul_assign(c1); - - let mut t1 = *c1; - { - let mut tmp = self.c1; - tmp.add_assign(&self.c2); - - t1.mul_assign(&tmp); - t1.sub_assign(&b_b); - t1 = P::mul_fp2_by_nonresidue(&t1); - t1.add_assign(&a_a); - } - - let mut t3 = *c0; - { - let mut tmp = self.c0; - tmp.add_assign(&self.c2); - - t3.mul_assign(&tmp); - t3.sub_assign(&a_a); - t3.add_assign(&b_b); - } - - let mut t2 = *c0; - t2.add_assign(c1); - { - let mut tmp = self.c0; - tmp.add_assign(&self.c1); - - t2.mul_assign(&tmp); - t2.sub_assign(&a_a); - t2.sub_assign(&b_b); - } - - self.c0 = t1; - self.c1 = t2; - self.c2 = t3; - } -} diff --git a/algebra/src/fields/models/mod.rs b/algebra/src/fields/models/mod.rs index ef506dbf0..74d0a7a39 100644 --- a/algebra/src/fields/models/mod.rs +++ b/algebra/src/fields/models/mod.rs @@ -13,6 +13,7 @@ use crate::{ BigInteger768, BigInteger832, }, bytes::{FromBytes, ToBytes}, + groups::Group, fields::{ Field, FpParameters, LegendreSymbol, MulShort, MulShortAssign, PrimeField, SquareRootField, }, @@ -37,25 +38,3 @@ impl_Fp!(Fp320, Fp320Parameters, BigInteger320, BigInteger320, 5); impl_Fp!(Fp384, Fp384Parameters, BigInteger384, BigInteger384, 6); impl_Fp!(Fp768, Fp768Parameters, BigInteger768, BigInteger768, 12); impl_Fp!(Fp832, Fp832Parameters, BigInteger832, BigInteger832, 13); - -pub mod fp2; -pub use self::fp2::*; - -pub mod fp3; -pub use self::fp3::*; - -pub mod fp4; -pub use self::fp4::*; - -pub mod fp6_2over3; -pub use self::fp6_2over3::*; - -pub mod fp6_3over2; - -pub mod fp12_2over3over2; - -pub mod quadratic_extension; -pub use quadratic_extension::*; - -pub mod cubic_extension; -pub use cubic_extension::*; diff --git a/algebra/src/fields/models/quadratic_extension.rs b/algebra/src/fields/models/quadratic_extension.rs deleted file mode 100644 index 17f63b7d7..000000000 --- a/algebra/src/fields/models/quadratic_extension.rs +++ /dev/null @@ -1,584 +0,0 @@ -use rand::{ - distributions::{Distribution, Standard}, - Rng, -}; -use std::{ - cmp::{Ord, Ordering, PartialOrd}, - fmt, - io::{Read, Result as IoResult, Write}, - marker::PhantomData, - ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}, -}; - -use crate::biginteger::arithmetic::find_wnaf; -use crate::{ - bits::{FromBits, ToBits}, - bytes::{FromBytes, ToBytes}, - fields::{Field, FpParameters, LegendreSymbol, PrimeField, SquareRootField}, - CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, - CanonicalSerializeWithFlags, EmptyFlags, Error, Flags, SemanticallyValid, SerializationError, - UniformRand, -}; -use serde::{Deserialize, Serialize}; - -/// Model for quadratic extension field of prime field F=Fp -/// F2 = F[X]/(X^2-alpha), -/// with alpha being a (quadratic) "non-residue". -/// We implement the inversion and Karatsuba multiplication according to -/// Mrabet, Joye, Guide to Pairing-based Cryptography -/// https://dl.acm.org/doi/book/10.5555/3092800 -/// and the square root algorithm from -/// Adj, et al., Square root computation over even extension fields, -/// https://eprint.iacr.org/2012/685.pdf -pub trait QuadExtParameters: 'static + Send + Sync + Sized { - /// The prime field that this quadratic extension is eventually an extension of. - type BasePrimeField: PrimeField; - /// The base field that this field is a quadratic extension of. - type BaseField: Field; - /// The type of the coefficients for an efficient implemntation of the - /// Frobenius endomorphism. - type FrobCoeff: Field; - - /// The degree of the extension over the base prime field. - const DEGREE_OVER_BASE_PRIME_FIELD: usize; - - /// The quadratic non-residue used to construct the extension. - const NONRESIDUE: Self::BaseField; - - /// Coefficients for the Frobenius automorphism. - const FROBENIUS_COEFF_C1: &'static [Self::FrobCoeff]; - - /// A specializable method for multiplying an element of the base field by - /// the quadratic non-residue. This is used in Karatsuba multiplication - /// and in complex squaring. - #[inline(always)] - fn mul_base_field_by_nonresidue(fe: &Self::BaseField) -> Self::BaseField { - Self::NONRESIDUE * fe - } - - /// A specializable method for multiplying an element of the base field by - /// the appropriate Frobenius coefficient. - fn mul_base_field_by_frob_coeff(fe: &mut Self::BaseField, power: usize); - - fn cyclotomic_square(fe: &QuadExtField) -> QuadExtField { - fe.square() - } -} - -#[derive(Derivative)] -#[derivative( - Default(bound = "P: QuadExtParameters"), - Hash(bound = "P: QuadExtParameters"), - Clone(bound = "P: QuadExtParameters"), - Copy(bound = "P: QuadExtParameters"), - Debug(bound = "P: QuadExtParameters"), - PartialEq(bound = "P: QuadExtParameters"), - Eq(bound = "P: QuadExtParameters") -)] -#[derive(Serialize, Deserialize)] -pub struct QuadExtField { - pub c0: P::BaseField, - pub c1: P::BaseField, - #[derivative(Debug = "ignore")] - #[serde(skip)] - #[doc(hidden)] - pub _parameters: PhantomData

, -} - -impl QuadExtField

{ - pub fn new(c0: P::BaseField, c1: P::BaseField) -> Self { - QuadExtField { - c0, - c1, - _parameters: PhantomData, - } - } - - /// This is only to be used when the element is *known* to be in the cyclotomic subgroup. - pub fn conjugate(&mut self) { - self.c1 = -self.c1; - } - - /// This is only to be used when the element is *known* to be in the cyclotomic subgroup. - pub fn unitary_inverse(&self) -> Self { - Self::new(self.c0, -self.c1) - } - - // (signed) binary square and multiply for r-th roots of unity - // used for the final exponentiation in the Ate pairing - pub fn cyclotomic_exp>(&self, exponent: S) -> Self { - let mut res = Self::one(); - let self_inverse = self.unitary_inverse(); - - let mut found_nonzero = false; - let naf = find_wnaf(exponent.as_ref()); - - for &value in naf.iter().rev() { - if found_nonzero { - res = P::cyclotomic_square(&res); - } - - if value != 0 { - found_nonzero = true; - - if value > 0 { - res = res * self; - } else { - res = res * &self_inverse; - } - } - } - res - } - - /// Norm of QuadExtField over P::BaseField: Norm(a) = a.x^2 - P::NON_RESIDUE * a.y^2 - pub fn norm(&self) -> P::BaseField { - let t0 = self.c0.square(); - let mut t1 = self.c1.square(); - t1 = -P::mul_base_field_by_nonresidue(&t1); - t1.add_assign(&t0); - t1 - } - - pub fn mul_assign_by_basefield(&mut self, element: &P::BaseField) { - self.c0.mul_assign(element); - self.c1.mul_assign(element); - } -} - -impl Field for QuadExtField

{ - type BasePrimeField = P::BasePrimeField; - - fn zero() -> Self { - QuadExtField::new(P::BaseField::zero(), P::BaseField::zero()) - } - - fn is_zero(&self) -> bool { - self.c0.is_zero() && self.c1.is_zero() - } - - fn one() -> Self { - QuadExtField::new(P::BaseField::one(), P::BaseField::zero()) - } - - fn is_one(&self) -> bool { - self.c0.is_one() && self.c1.is_zero() - } - - fn is_odd(&self) -> bool { - self.c1.is_odd() || (self.c1.is_zero() && self.c0.is_odd()) - } - - #[inline] - fn characteristic<'a>() -> &'a [u64] { - P::BaseField::characteristic() - } - - fn double(&self) -> Self { - let mut result = self.clone(); - result.double_in_place(); - result - } - - fn double_in_place(&mut self) -> &mut Self { - self.c0.double_in_place(); - self.c1.double_in_place(); - self - } - - fn square(&self) -> Self { - let mut result = *self; - result.square_in_place(); - result - } - - fn square_in_place(&mut self) -> &mut Self { - // v0 = c0 - c1 - let mut v0 = self.c0 - &self.c1; - // v3 = c0 - beta * c1 - let v3 = self.c0 - &P::mul_base_field_by_nonresidue(&self.c1); - // v2 = c0 * c1 - let v2 = self.c0 * &self.c1; - - // v0 = (v0 * v3) + v2 - v0 *= &v3; - v0 += &v2; - - self.c1 = v2.double(); - self.c0 = v0 + &P::mul_base_field_by_nonresidue(&v2); - - self - } - - fn inverse(&self) -> Option { - if self.is_zero() { - None - } else { - // Guide to Pairing-based Cryptography, Algorithm 5.19. - // v0 = c0.square() - let mut v0 = self.c0.square(); - // v1 = c1.square() - let v1 = self.c1.square(); - // v0 = v0 - beta * v1 - v0 -= &P::mul_base_field_by_nonresidue(&v1); - v0.inverse().map(|v1| { - let c0 = self.c0 * &v1; - let c1 = -(self.c1 * &v1); - Self::new(c0, c1) - }) - } - } - - fn inverse_in_place(&mut self) -> Option<&mut Self> { - if let Some(inverse) = self.inverse() { - *self = inverse; - Some(self) - } else { - None - } - } - - fn frobenius_map(&mut self, power: usize) { - self.c0.frobenius_map(power); - self.c1.frobenius_map(power); - P::mul_base_field_by_frob_coeff(&mut self.c1, power); - } - - #[inline] - fn from_random_bytes_with_flags(bytes: &[u8]) -> Option<(Self, F)> { - let split_at = bytes.len() / 2; - if let Some(c0) = P::BaseField::from_random_bytes(&bytes[..split_at]) { - if let Some((c1, flags)) = - P::BaseField::from_random_bytes_with_flags(&bytes[split_at..]) - { - return Some((QuadExtField::new(c0, c1), flags)); - } - } - None - } - - #[inline] - fn from_random_bytes(bytes: &[u8]) -> Option { - Self::from_random_bytes_with_flags::(bytes).map(|f| f.0) - } -} - -impl<'a, P: QuadExtParameters> SquareRootField for QuadExtField

-where - P::BaseField: SquareRootField, -{ - fn legendre(&self) -> LegendreSymbol { - self.norm().legendre() - } - - fn sqrt(&self) -> Option { - use crate::LegendreSymbol::*; - if self.c1.is_zero() { - return self.c0.sqrt().map(|c0| Self::new(c0, P::BaseField::zero())); - } - match self.legendre() { - // Square root based on the complex method. See - // https://eprint.iacr.org/2012/685.pdf (page 15, algorithm 8) - Zero => Some(*self), - QuadraticNonResidue => None, - QuadraticResidue => { - let two_inv = P::BaseField::one().double().inverse(); - let alpha = self.norm().sqrt(); - if two_inv.is_none() || alpha.is_none() { - return None; - } - let mut delta = (alpha.unwrap() + &self.c0) * &two_inv.unwrap(); - if delta.legendre().is_qnr() { - delta -= &alpha.unwrap(); - } - let c0 = delta.sqrt(); - if c0.is_none() { - return None; - } - let c0_inv = c0.unwrap().inverse(); - if c0_inv.is_none() { - return None; - } - Some(Self::new( - c0.unwrap(), - self.c1 * &two_inv.unwrap() * &c0_inv.unwrap(), - )) - } - } - } - - fn sqrt_in_place(&mut self) -> Option<&mut Self> { - (*self).sqrt().map(|sqrt| { - *self = sqrt; - self - }) - } -} - -/// `QuadExtField` elements are ordered lexicographically. -impl Ord for QuadExtField

{ - #[inline(always)] - fn cmp(&self, other: &Self) -> Ordering { - match self.c1.cmp(&other.c1) { - Ordering::Greater => Ordering::Greater, - Ordering::Less => Ordering::Less, - Ordering::Equal => self.c0.cmp(&other.c0), - } - } -} - -impl PartialOrd for QuadExtField

{ - #[inline(always)] - fn partial_cmp(&self, other: &Self) -> Option { - Some(self.cmp(other)) - } -} - -impl From for QuadExtField

-where - P::BaseField: From, -{ - fn from(other: u128) -> Self { - Self::new(other.into(), P::BaseField::zero()) - } -} - -impl From for QuadExtField

-where - P::BaseField: From, -{ - fn from(other: u64) -> Self { - Self::new(other.into(), P::BaseField::zero()) - } -} - -impl From for QuadExtField

-where - P::BaseField: From, -{ - fn from(other: u32) -> Self { - Self::new(other.into(), P::BaseField::zero()) - } -} - -impl From for QuadExtField

-where - P::BaseField: From, -{ - fn from(other: u16) -> Self { - Self::new(other.into(), P::BaseField::zero()) - } -} - -impl From for QuadExtField

-where - P::BaseField: From, -{ - fn from(other: u8) -> Self { - Self::new(other.into(), P::BaseField::zero()) - } -} - -impl ToBytes for QuadExtField

{ - #[inline] - fn write(&self, mut writer: W) -> IoResult<()> { - self.c0.write(&mut writer)?; - self.c1.write(writer) - } -} - -impl FromBytes for QuadExtField

{ - #[inline] - fn read(mut reader: R) -> IoResult { - let c0 = P::BaseField::read(&mut reader)?; - let c1 = P::BaseField::read(reader)?; - Ok(QuadExtField::new(c0, c1)) - } -} - -impl ToBits for QuadExtField

{ - fn write_bits(&self) -> Vec { - let mut bits = self.c0.write_bits(); - bits.extend_from_slice(self.c1.write_bits().as_slice()); - bits - } -} - -impl FromBits for QuadExtField

{ - fn read_bits(bits: Vec) -> Result { - let size = (P::DEGREE_OVER_BASE_PRIME_FIELD / 2) - * ::Params::MODULUS_BITS as usize; - let c0 = P::BaseField::read_bits(bits[..size].to_vec())?; - let c1 = P::BaseField::read_bits(bits[size..].to_vec())?; - Ok(QuadExtField::new(c0, c1)) - } -} - -impl CanonicalSerializeWithFlags for QuadExtField

{ - #[inline] - fn serialize_with_flags( - &self, - mut writer: W, - flags: F, - ) -> Result<(), SerializationError> { - CanonicalSerialize::serialize(&self.c0, &mut writer)?; - self.c1.serialize_with_flags(&mut writer, flags)?; - Ok(()) - } - - #[inline] - fn serialized_size_with_flags(&self) -> usize { - self.c0.serialized_size() + self.c1.serialized_size_with_flags::() - } -} - -impl CanonicalSerialize for QuadExtField

{ - #[inline] - fn serialize(&self, writer: W) -> Result<(), SerializationError> { - self.serialize_with_flags(writer, EmptyFlags) - } - - #[inline] - fn serialized_size(&self) -> usize { - self.serialized_size_with_flags::() - } -} - -impl CanonicalDeserializeWithFlags for QuadExtField

{ - #[inline] - fn deserialize_with_flags( - mut reader: R, - ) -> Result<(Self, F), SerializationError> { - let c0: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let (c1, flags): (P::BaseField, _) = - CanonicalDeserializeWithFlags::deserialize_with_flags(&mut reader)?; - Ok((QuadExtField::new(c0, c1), flags)) - } -} - -impl CanonicalDeserialize for QuadExtField

{ - #[inline] - fn deserialize(mut reader: R) -> Result { - let c0: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - let c1: P::BaseField = CanonicalDeserialize::deserialize(&mut reader)?; - Ok(QuadExtField::new(c0, c1)) - } -} - -impl SemanticallyValid for QuadExtField

{ - #[inline] - fn is_valid(&self) -> bool { - self.c0.is_valid() && self.c1.is_valid() - } -} - -impl Neg for QuadExtField

{ - type Output = Self; - #[inline] - #[must_use] - fn neg(self) -> Self { - let mut res = self.clone(); - res.c0 = res.c0.neg(); - res.c1 = res.c1.neg(); - res - } -} - -impl Distribution> for Standard { - #[inline] - fn sample(&self, rng: &mut R) -> QuadExtField

{ - QuadExtField::new(UniformRand::rand(rng), UniformRand::rand(rng)) - } -} - -impl<'a, P: QuadExtParameters> Add<&'a QuadExtField

> for QuadExtField

{ - type Output = Self; - - #[inline] - fn add(self, other: &Self) -> Self { - let mut result = self; - result.add_assign(other); - result - } -} - -impl<'a, P: QuadExtParameters> Sub<&'a QuadExtField

> for QuadExtField

{ - type Output = Self; - - #[inline] - fn sub(self, other: &Self) -> Self { - let mut result = self; - result.sub_assign(other); - result - } -} - -impl<'a, P: QuadExtParameters> Mul<&'a QuadExtField

> for QuadExtField

{ - type Output = Self; - - #[inline] - fn mul(self, other: &Self) -> Self { - let mut result = self; - result.mul_assign(other); - result - } -} - -impl<'a, P: QuadExtParameters> Div<&'a QuadExtField

> for QuadExtField

{ - type Output = Self; - - #[inline] - fn div(self, other: &Self) -> Self { - let mut result = self; - result.mul_assign(&other.inverse().unwrap()); - result - } -} - -impl<'a, P: QuadExtParameters> AddAssign<&'a Self> for QuadExtField

{ - #[inline] - fn add_assign(&mut self, other: &Self) { - self.c0.add_assign(&other.c0); - self.c1.add_assign(&other.c1); - } -} - -impl<'a, P: QuadExtParameters> SubAssign<&'a Self> for QuadExtField

{ - #[inline] - fn sub_assign(&mut self, other: &Self) { - self.c0.sub_assign(&other.c0); - self.c1.sub_assign(&other.c1); - } -} - -impl_additive_ops_from_ref!(QuadExtField, QuadExtParameters); -impl_multiplicative_ops_from_ref!(QuadExtField, QuadExtParameters); - -impl<'a, P: QuadExtParameters> MulAssign<&'a Self> for QuadExtField

{ - #[inline] - fn mul_assign(&mut self, other: &Self) { - // Karatsuba multiplication; - // Guide to Pairing-based cryprography, Algorithm 5.16. - let v0 = self.c0 * &other.c0; - let v1 = self.c1 * &other.c1; - - self.c1 += &self.c0; - self.c1 *= &(other.c0 + &other.c1); - self.c1 -= &v0; - self.c1 -= &v1; - self.c0 = v0 + &P::mul_base_field_by_nonresidue(&v1); - } -} - -impl<'a, P: QuadExtParameters> DivAssign<&'a Self> for QuadExtField

{ - #[inline] - fn div_assign(&mut self, other: &Self) { - self.mul_assign(&other.inverse().unwrap()); - } -} - -impl fmt::Display for QuadExtField

{ - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - write!(f, "QuadExtField({} + {} * u)", self.c0, self.c1) - } -} diff --git a/algebra/src/fields/tweedle/tests.rs b/algebra/src/fields/tweedle/tests.rs index c66e6a40a..ff72c4ab3 100644 --- a/algebra/src/fields/tweedle/tests.rs +++ b/algebra/src/fields/tweedle/tests.rs @@ -1,6 +1,7 @@ use crate::{ biginteger::BigInteger256 as BigInteger, bytes::{FromBytes, ToBytes}, + groups::Group, fields::{ tests::{field_test, primefield_test}, tweedle::{fq::Fq, fr::Fr}, diff --git a/algebra/src/groups/mod.rs b/algebra/src/groups/mod.rs index f2a1ebab4..61d228823 100644 --- a/algebra/src/groups/mod.rs +++ b/algebra/src/groups/mod.rs @@ -69,7 +69,7 @@ pub trait Group: /// Generic struct of a formal linear combination pub struct LinearCombination { - items: Vec<(G::ScalarField, G)> + pub items: Vec<(G::ScalarField, G)> } impl LinearCombination @@ -90,7 +90,7 @@ impl LinearCombination pub fn combine(&self) -> G { let mut combined = G::zero(); for (coeff, item) in self.items.iter() { - combined += &(item.clone() * coeff); + combined += &(item.clone() * coeff) } combined } diff --git a/algebra/src/groups/tests.rs b/algebra/src/groups/tests.rs index cbd513c02..bd05e06d8 100644 --- a/algebra/src/groups/tests.rs +++ b/algebra/src/groups/tests.rs @@ -2,7 +2,7 @@ use crate::{Field, FromCompressedBits, Group, ToCompressedBits, UniformRand}; use rand::SeedableRng; use rand_xorshift::XorShiftRng; -pub fn group_test(a: G, mut b: G) { +pub fn group_test(a: G, mut b: G) { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); let zero = G::zero(); let fr_zero = G::ScalarField::zero(); @@ -69,7 +69,7 @@ pub fn group_test(a: G, mut b: G) { ); } -pub fn compression_test(even: T, odd: T) { +pub fn compression_test(even: T, odd: T) { //Test correct compression/de-compression of a non-zero point with even y let even_compressed = even.compress(); let even_len = even_compressed.len(); From 0aa913149371e139a4a37696423bca634b5ee503 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sat, 27 Nov 2021 21:00:27 +0200 Subject: [PATCH 26/79] Fixed field binding --- algebra/src/fields/macros.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/algebra/src/fields/macros.rs b/algebra/src/fields/macros.rs index 8d064b33b..e7dd3b430 100644 --- a/algebra/src/fields/macros.rs +++ b/algebra/src/fields/macros.rs @@ -613,7 +613,7 @@ macro_rules! impl_Fp { } impl Group for $Fp

{ - type ScalarField = Self; + type ScalarField = $Fp

; #[inline] fn zero() -> Self { From 8f1858cf37d9dff5060ff28951fbf3cd0f8fdf00 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 28 Nov 2021 13:33:45 +0200 Subject: [PATCH 27/79] Vector of group items --- algebra/src/curves/mod.rs | 2 + .../models/short_weierstrass_jacobian/mod.rs | 68 ++++-- .../short_weierstrass_projective/mod.rs | 67 ++++-- .../models/twisted_edwards_extended/mod.rs | 60 ++++-- algebra/src/fft/polynomial/dense.rs | 43 ++-- algebra/src/fields/mod.rs | 44 +--- algebra/src/groups/group_vec.rs | 202 ++++++++++++++++++ algebra/src/groups/linear_combination.rs | 31 +++ algebra/src/groups/mod.rs | 48 +---- 9 files changed, 421 insertions(+), 144 deletions(-) create mode 100644 algebra/src/groups/group_vec.rs create mode 100644 algebra/src/groups/linear_combination.rs diff --git a/algebra/src/curves/mod.rs b/algebra/src/curves/mod.rs index b7677c311..19b748b6c 100644 --- a/algebra/src/curves/mod.rs +++ b/algebra/src/curves/mod.rs @@ -2,6 +2,7 @@ use crate::{ Error, groups::Group, fields::{Field, SquareRootField, PrimeField, BitIterator}, + UniformRand, }; use std::{ fmt::Debug, @@ -25,6 +26,7 @@ pub use self::models::*; pub trait Curve: Group + Copy + + UniformRand + From<::AffineRep> + TryInto<::AffineRep, Error = Error> { diff --git a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs index 7e2c9c687..e44ff5fd4 100644 --- a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs +++ b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs @@ -1,5 +1,4 @@ use crate::{ - /*FromBits, ToBits,*/ bytes::{FromBytes, ToBytes}, groups::Group, curves::{ @@ -7,9 +6,9 @@ use crate::{ models::{EndoMulParameters as EndoParameters, SWModelParameters as Parameters}, }, fields::{BitIterator, Field, PrimeField, SquareRootField}, - /* BitSerializationError,*/ CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, - CanonicalSerializeWithFlags, Error, FromBytesChecked,/* FromCompressedBits,*/ SWFlags, - SemanticallyValid, SerializationError,/* ToCompressedBits,*/ UniformRand, + CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, Error, FromBytesChecked, SWFlags, + SemanticallyValid, SerializationError, UniformRand, }; use rand::{ distributions::{Distribution, Standard}, @@ -281,17 +280,6 @@ impl Neg for Jacobian

{ } } -impl<'a, P: Parameters> Add<&'a Self> for Jacobian

{ - type Output = Self; - - #[inline] - fn add(self, other: &'a Self) -> Self { - let mut copy = self; - copy += other; - copy - } -} - impl<'a, P: Parameters> AddAssign<&'a Self> for Jacobian

{ fn add_assign(&mut self, other: &'a Self) { if self.is_zero() { @@ -357,23 +345,67 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for Jacobian

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for Jacobian

{ +impl<'a, P: Parameters> Add<&'a Self> for Jacobian

{ type Output = Self; #[inline] - fn sub(self, other: &'a Self) -> Self { + fn add(self, other: &'a Self) -> Self { let mut copy = self; - copy -= other; + copy += other; copy } } +impl AddAssign for Jacobian

{ + #[inline] + fn add_assign(&mut self, other: Self) { + *self += &other; + } +} + +impl Add for Jacobian

{ + type Output = Self; + + #[inline] + fn add(self, other: Self) -> Self { + self + &other + } +} + impl<'a, P: Parameters> SubAssign<&'a Self> for Jacobian

{ + #[inline] fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } +impl<'a, P: Parameters> Sub<&'a Self> for Jacobian

{ + type Output = Self; + + #[inline] + fn sub(self, other: &'a Self) -> Self { + let mut copy = self; + copy -= other; + copy + } +} + +impl SubAssign for Jacobian

{ + #[inline] + fn sub_assign(&mut self, other: Self) { + *self -= &other; + } +} + +impl Sub for Jacobian

{ + type Output = Self; + + #[inline] + fn sub(self, other: Self) -> Self { + self - &other + } +} + impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for Jacobian

{ /// WARNING: This implementation doesn't take costant time with respect diff --git a/algebra/src/curves/models/short_weierstrass_projective/mod.rs b/algebra/src/curves/models/short_weierstrass_projective/mod.rs index 6546ec8c6..595cc4316 100644 --- a/algebra/src/curves/models/short_weierstrass_projective/mod.rs +++ b/algebra/src/curves/models/short_weierstrass_projective/mod.rs @@ -1,5 +1,4 @@ use crate::{ - /*FromBits, ToBits,*/ bytes::{FromBytes, ToBytes}, groups::Group, curves::{ @@ -7,9 +6,9 @@ use crate::{ models::{EndoMulParameters as EndoParameters, SWModelParameters as Parameters}, }, fields::{BitIterator, Field, PrimeField, SquareRootField}, - /* BitSerializationError,*/ CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, - CanonicalSerializeWithFlags, Error, FromBytesChecked,/* FromCompressedBits,*/ SWFlags, - SemanticallyValid, SerializationError,/* ToCompressedBits,*/ UniformRand, + CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalSerializeWithFlags, Error, FromBytesChecked, SWFlags, + SemanticallyValid, SerializationError, UniformRand, }; use rand::{ distributions::{Distribution, Standard}, @@ -274,17 +273,6 @@ impl Neg for Projective

{ } } -impl<'a, P: Parameters> Add<&'a Self> for Projective

{ - type Output = Self; - - #[inline] - fn add(self, other: &'a Self) -> Self { - let mut copy = self; - copy += other; - copy - } -} - impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ fn add_assign(&mut self, other: &'a Self) { if self.is_zero() { @@ -330,23 +318,66 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for Projective

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ +impl<'a, P: Parameters> Add<&'a Self> for Projective

{ type Output = Self; #[inline] - fn sub(self, other: &'a Self) -> Self { + fn add(self, other: &'a Self) -> Self { let mut copy = self; - copy -= other; + copy += other; copy } } +impl AddAssign for Projective

{ + #[inline] + fn add_assign(&mut self, other: Self) { + *self += &other; + } +} + +impl Add for Projective

{ + type Output = Self; + + #[inline] + fn add(self, other: Self) -> Self { + self + &other + } +} + impl<'a, P: Parameters> SubAssign<&'a Self> for Projective

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } +impl<'a, P: Parameters> Sub<&'a Self> for Projective

{ + type Output = Self; + + #[inline] + fn sub(self, other: &'a Self) -> Self { + let mut copy = self; + copy -= other; + copy + } +} + +impl SubAssign for Projective

{ + #[inline] + fn sub_assign(&mut self, other: Self) { + *self -= &other; + } +} + +impl Sub for Projective

{ + type Output = Self; + + #[inline] + fn sub(self, other: Self) -> Self { + self - &other + } +} + impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for Projective

{ /// WARNING: This implementation doesn't take costant time with respect diff --git a/algebra/src/curves/models/twisted_edwards_extended/mod.rs b/algebra/src/curves/models/twisted_edwards_extended/mod.rs index 3dd671eab..b807c8e97 100644 --- a/algebra/src/curves/models/twisted_edwards_extended/mod.rs +++ b/algebra/src/curves/models/twisted_edwards_extended/mod.rs @@ -279,17 +279,6 @@ impl Neg for TEExtended

{ } } -impl<'a, P: Parameters> Add<&'a Self> for TEExtended

{ - type Output = Self; - - #[inline] - fn add(self, other: &'a Self) -> Self { - let mut copy = self; - copy += other; - copy - } -} - impl<'a, P: Parameters> AddAssign<&'a Self> for TEExtended

{ fn add_assign(&mut self, other: &'a Self) { // See "Twisted Edwards Curves Revisited" @@ -334,23 +323,66 @@ impl<'a, P: Parameters> AddAssign<&'a Self> for TEExtended

{ } } -impl<'a, P: Parameters> Sub<&'a Self> for TEExtended

{ +impl<'a, P: Parameters> Add<&'a Self> for TEExtended

{ type Output = Self; #[inline] - fn sub(self, other: &'a Self) -> Self { + fn add(self, other: &'a Self) -> Self { let mut copy = self; - copy -= other; + copy += other; copy } } +impl AddAssign for TEExtended

{ + #[inline] + fn add_assign(&mut self, other: Self) { + *self += &other; + } +} + +impl Add for TEExtended

{ + type Output = Self; + + #[inline] + fn add(self, other: Self) -> Self { + self + &other + } +} + impl<'a, P: Parameters> SubAssign<&'a Self> for TEExtended

{ fn sub_assign(&mut self, other: &'a Self) { *self += &(-(*other)); } } +impl<'a, P: Parameters> Sub<&'a Self> for TEExtended

{ + type Output = Self; + + #[inline] + fn sub(self, other: &'a Self) -> Self { + let mut copy = self; + copy -= other; + copy + } +} + +impl SubAssign for TEExtended

{ + #[inline] + fn sub_assign(&mut self, other: Self) { + *self -= &other; + } +} + +impl Sub for TEExtended

{ + type Output = Self; + + #[inline] + fn sub(self, other: Self) -> Self { + self - &other + } +} + impl<'a, P: Parameters> MulAssign<&'a P::ScalarField> for TEExtended

{ /// WARNING: This implementation doesn't take costant time with respect diff --git a/algebra/src/fft/polynomial/dense.rs b/algebra/src/fft/polynomial/dense.rs index eff2e33e7..9aefc11b1 100644 --- a/algebra/src/fft/polynomial/dense.rs +++ b/algebra/src/fft/polynomial/dense.rs @@ -2,10 +2,7 @@ use crate::{get_best_evaluation_domain, DenseOrSparsePolynomial, EvaluationDomain, Evaluations}; use crate::{serialize::*, Field, Group, FromBytes, FromBytesChecked, SemanticallyValid, PrimeField, ToBytes}; -use rand::{ - distributions::{Distribution, Standard}, - Rng -}; +use rand::Rng; use rayon::prelude::*; use std::fmt; use std::ops::{Add, AddAssign, Deref, DerefMut, Div, Mul, MulAssign, Neg, Sub, SubAssign}; @@ -343,9 +340,7 @@ impl<'a, 'b, F: Field> Sub<&'a DensePolynomial> for &'b DensePolynomial { result } } - impl<'a, 'b, F: Field> SubAssign<&'a DensePolynomial> for DensePolynomial { - #[inline] fn sub_assign(&mut self, other: &'a DensePolynomial) { if self.is_zero() { self.coeffs.resize(other.coeffs.len(), F::zero()); @@ -371,6 +366,12 @@ impl<'a, 'b, F: Field> SubAssign<&'a DensePolynomial> for DensePolynomial } } +impl SubAssign> for DensePolynomial { + fn sub_assign(&mut self, other: DensePolynomial) { + self.sub_assign(&other); + } +} + impl<'a, 'b, F: Field> Div<&'a DensePolynomial> for &'b DensePolynomial { type Output = DensePolynomial; @@ -427,6 +428,14 @@ impl<'a, F: PrimeField> Add<&'a DensePolynomial> for DensePolynomial { } } +impl Add> for DensePolynomial { + type Output = DensePolynomial; + + fn add(self, other: DensePolynomial) -> DensePolynomial { + &self + &other + } +} + impl<'a, F: PrimeField> Sub<&'a DensePolynomial> for DensePolynomial { type Output = DensePolynomial; @@ -435,21 +444,11 @@ impl<'a, F: PrimeField> Sub<&'a DensePolynomial> for DensePolynomial { } } -// impl<'a, F: PrimeField> Mul for &'a DensePolynomial { -// type Output = DensePolynomial; -// -// fn mul(self, other: F) -> DensePolynomial { -// <&DensePolynomial as Mul<&DensePolynomial>>::mul( -// &self, -// &DensePolynomial::from_coefficients_slice(&[other]), -// ) -// } -// } - -impl Distribution> for Standard { - #[inline] - fn sample(&self, _rng: &mut R) -> DensePolynomial { - unimplemented!() +impl Sub> for DensePolynomial { + type Output = DensePolynomial; + + fn sub(self, other: DensePolynomial) -> DensePolynomial { + &self - &other } } @@ -478,7 +477,7 @@ impl Group for DensePolynomial { } fn double_in_place(&mut self) -> &mut Self { - *self = self.clone() + self; + self.add_assign(&self.clone()); self } } diff --git a/algebra/src/fields/mod.rs b/algebra/src/fields/mod.rs index d3f7885ea..c17b84c19 100644 --- a/algebra/src/fields/mod.rs +++ b/algebra/src/fields/mod.rs @@ -1,19 +1,17 @@ use crate::{ biginteger::BigInteger, bits::{FromBits, ToBits}, - bytes::{FromBytes, ToBytes}, Group, serialize::{ - CanonicalDeserialize, CanonicalDeserializeWithFlags, CanonicalSerialize, + CanonicalDeserializeWithFlags, CanonicalSerializeWithFlags, EmptyFlags, Flags, }, - BitSerializationError, Error, FromBytesChecked, SemanticallyValid, UniformRand, + BitSerializationError, Error, FromBytesChecked, + UniformRand, }; use serde::{Deserialize, Serialize}; use std::{ - fmt::{Debug, Display}, - hash::Hash, - ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}, + ops::{Div, DivAssign, Mul, MulAssign}, str::FromStr, }; @@ -74,52 +72,27 @@ pub trait MulShortAssign { /// The interface for a generic field. pub trait Field: 'static - + Group - + ToBytes - + FromBytes - + FromBytesChecked + + Group + ToBits + FromBits + Serialize + for<'a> Deserialize<'a> - + CanonicalSerialize + CanonicalSerializeWithFlags - + CanonicalDeserialize + CanonicalDeserializeWithFlags - + SemanticallyValid + Copy - + Clone - + Debug - + Display - + Default - + Send - + Sync - + Eq + Ord - + Neg - + UniformRand + Sized - + Hash + + UniformRand + From + From + From + From + From - + Add - + Sub + Mul + Div - + AddAssign - + SubAssign + MulAssign + DivAssign - + for<'a> Add<&'a Self, Output = Self> - + for<'a> Sub<&'a Self, Output = Self> - + for<'a> Mul<&'a Self, Output = Self> + for<'a> Div<&'a Self, Output = Self> - + for<'a> AddAssign<&'a Self> - + for<'a> SubAssign<&'a Self> - + for<'a> MulAssign<&'a Self> + for<'a> DivAssign<&'a Self> + std::iter::Sum + for<'a> std::iter::Sum<&'a Self> @@ -271,7 +244,10 @@ pub trait FpParameters: 'static + Send + Sync + Sized { } /// The interface for a prime field. -pub trait PrimeField: Field + FromStr { +pub trait PrimeField: + Field + + FromStr +{ type Params: FpParameters; type BigInt: BigInteger; diff --git a/algebra/src/groups/group_vec.rs b/algebra/src/groups/group_vec.rs new file mode 100644 index 000000000..66cee99f9 --- /dev/null +++ b/algebra/src/groups/group_vec.rs @@ -0,0 +1,202 @@ +use super::Group; +use crate::{ + bytes::{FromBytes, ToBytes, FromBytesChecked}, + serialize::{CanonicalSerialize, CanonicalDeserialize, SerializationError}, + SemanticallyValid, +}; +use std::{ + ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}, + io::{Read, Write, Result as IoResult}, + fmt::{Display, Formatter, Result as FmtResult}, +}; + +#[derive(Clone, PartialEq, Eq, Debug, Hash, CanonicalSerialize, CanonicalDeserialize)] +pub struct GroupVec (Vec); + +impl Default for GroupVec { + #[inline] + fn default() -> Self { + Self::zero() + } +} + +impl FromBytes for GroupVec { + #[inline] + fn read(mut reader: R) -> IoResult { + let len = u64::read(&mut reader)?; + let mut items = vec![]; + for _ in 0..(len as usize) { + let item = G::read(&mut reader)?; + items.push(item) + } + Ok(GroupVec(items)) + } +} + +impl ToBytes for GroupVec { + #[inline] + fn write(&self, mut writer: W) -> IoResult<()> { + (self.0.len() as u64).write(&mut writer)?; + for item in self.0.iter() { + item.write(&mut writer)?; + } + Ok(()) + } +} + +impl FromBytesChecked for GroupVec { + fn read_checked(mut reader: R) -> IoResult { + let len = u64::read(&mut reader)?; + let mut items = vec![]; + for _ in 0..(len as usize) { + let item = G::read_checked(&mut reader)?; + items.push(item) + } + Ok(GroupVec(items)) + } +} + +impl SemanticallyValid for GroupVec { + fn is_valid(&self) -> bool { + for item in self.0.iter() { + if !item.is_valid() { + return false; + } + } + true + } +} + +impl Display for GroupVec { + fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { + for (i, item) in self.0.iter().enumerate() { + writeln!(f, "[{}]: {}", i, item)?; + } + Ok(()) + } +} + + +impl Neg for GroupVec { + type Output = Self; + + #[inline] + fn neg(self) -> Self { + GroupVec(self.0.iter().map(|item| -item.clone()).collect::>()) + } +} + +impl<'a, G: Group> AddAssign<&'a Self> for GroupVec { + fn add_assign(&mut self, other: &'a Self) { + if self.0.len() < other.0.len() { + self.0.resize(other.0.len(), G::zero()); + } + for (i, item) in other.0.iter().enumerate() { + self.0[i] += item; + } + } +} + +impl<'a, G: Group> Add<&'a Self> for GroupVec { + type Output = Self; + + #[inline] + fn add(self, other: &'a Self) -> Self { + let mut copy = self; + copy += other; + copy + } +} + +impl AddAssign for GroupVec { + #[inline] + fn add_assign(&mut self, other: Self) { + *self += &other; + } +} + +impl Add for GroupVec { + type Output = Self; + + #[inline] + fn add(self, other: Self) -> Self { + self + &other + } +} + +impl<'a, G: Group> SubAssign<&'a Self> for GroupVec { + fn sub_assign(&mut self, other: &'a Self) { + if self.0.len() < other.0.len() { + self.0.resize(other.0.len(), G::zero()); + } + for (i, item) in other.0.iter().enumerate() { + self.0[i] -= item; + } + } +} + +impl<'a, G: Group> Sub<&'a Self> for GroupVec { + type Output = Self; + + #[inline] + fn sub(self, other: &'a Self) -> Self { + let mut copy = self; + copy -= other; + copy + } +} + +impl SubAssign for GroupVec { + #[inline] + fn sub_assign(&mut self, other: Self) { + *self -= &other; + } +} + +impl Sub for GroupVec { + type Output = Self; + + #[inline] + fn sub(self, other: Self) -> Self { + self - &other + } +} + +impl<'a, G: Group> MulAssign<&'a G::ScalarField> for GroupVec { + + fn mul_assign(&mut self, other: &'a G::ScalarField) { + for i in 0..self.0.len() { + self.0[i] *= other; + } + } +} + +impl<'a, G: Group> Mul<&'a G::ScalarField> for GroupVec { + type Output = Self; + + #[inline] + fn mul(self, other: &'a G::ScalarField) -> Self { + let mut copy = self; + copy *= other; + copy + } +} + +impl Group for GroupVec { + type ScalarField = G::ScalarField; + + fn zero() -> Self { + GroupVec(vec![]) + } + + fn is_zero(&self) -> bool { + self.0.len() == 0 + } + + fn double_in_place(&mut self) -> &mut Self { + for (i, item) in self.0.clone().iter().enumerate() { + self.0[i] += item; + } + self + } +} diff --git a/algebra/src/groups/linear_combination.rs b/algebra/src/groups/linear_combination.rs new file mode 100644 index 000000000..9963c0919 --- /dev/null +++ b/algebra/src/groups/linear_combination.rs @@ -0,0 +1,31 @@ +use super::Group; + +/// Generic struct of a formal linear combination +pub struct LinearCombination +{ + pub items: Vec<(G::ScalarField, G)> +} + +impl LinearCombination +{ + /// Consturcts general LC + pub fn new(items: Vec<(G::ScalarField, G)>) -> Self { + LinearCombination { + items + } + } + + /// Add term to LC + pub fn push(&mut self, coeff: G::ScalarField, item: G) { + self.items.push((coeff, item)) + } + + /// Combine LC + pub fn combine(&self) -> G { + let mut combined = G::zero(); + for (coeff, item) in self.items.iter() { + combined += &(item.clone() * coeff) + } + combined + } +} \ No newline at end of file diff --git a/algebra/src/groups/mod.rs b/algebra/src/groups/mod.rs index 61d228823..00fc7f25a 100644 --- a/algebra/src/groups/mod.rs +++ b/algebra/src/groups/mod.rs @@ -1,4 +1,3 @@ -use crate::UniformRand; use crate::{ CanonicalDeserialize, CanonicalSerialize, FromBytesChecked, SemanticallyValid, }; @@ -7,12 +6,16 @@ use std::{ hash::Hash, ops::{Neg, Add, AddAssign, Sub, SubAssign, Mul, MulAssign}, }; - use crate::{ bytes::{FromBytes, ToBytes}, fields::PrimeField, }; -// use serde::{Deserialize, Serialize}; + +mod linear_combination; +pub use linear_combination::*; + +mod group_vec; +pub use group_vec::*; #[cfg(test)] pub mod tests; @@ -23,11 +26,8 @@ pub trait Group: + FromBytes + FromBytesChecked + SemanticallyValid - // + Serialize - // + for<'a> Deserialize<'a> + CanonicalSerialize + CanonicalDeserialize - // + Copy + Clone + Debug + Display @@ -36,8 +36,11 @@ pub trait Group: + Sync + Eq + Hash - + UniformRand + Neg + + Add + + Sub + + AddAssign + + SubAssign + for<'a> Add<&'a Self, Output = Self> + for<'a> Sub<&'a Self, Output = Self> + for<'a> Mul<&'a ::ScalarField, Output = Self> @@ -64,34 +67,3 @@ pub trait Group: /// Sets `self := self + self`. fn double_in_place(&mut self) -> &mut Self; } - - -/// Generic struct of a formal linear combination -pub struct LinearCombination -{ - pub items: Vec<(G::ScalarField, G)> -} - -impl LinearCombination -{ - /// Consturcts general LC - pub fn new(items: Vec<(G::ScalarField, G)>) -> Self { - LinearCombination { - items - } - } - - /// Add term to LC - pub fn push(&mut self, coeff: G::ScalarField, item: G) { - self.items.push((coeff, item)) - } - - /// Combine LC - pub fn combine(&self) -> G { - let mut combined = G::zero(); - for (coeff, item) in self.items.iter() { - combined += &(item.clone() * coeff) - } - combined - } -} \ No newline at end of file From 773c11464ef16ef5d75680a4fe9d1a51edb96844 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Sun, 28 Nov 2021 14:27:33 +0200 Subject: [PATCH 28/79] Native vec operations for GroupVec --- algebra/src/groups/group_vec.rs | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/algebra/src/groups/group_vec.rs b/algebra/src/groups/group_vec.rs index 66cee99f9..5015fb862 100644 --- a/algebra/src/groups/group_vec.rs +++ b/algebra/src/groups/group_vec.rs @@ -5,14 +5,42 @@ use crate::{ SemanticallyValid, }; use std::{ - ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign}, + ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign, Index}, io::{Read, Write, Result as IoResult}, fmt::{Display, Formatter, Result as FmtResult}, }; +use core::slice::Iter; #[derive(Clone, PartialEq, Eq, Debug, Hash, CanonicalSerialize, CanonicalDeserialize)] pub struct GroupVec (Vec); +impl GroupVec { + + pub fn with_capacity(capacity: usize) -> Self { + GroupVec(Vec::with_capacity(capacity)) + } + + pub fn len(&self) -> usize { + self.0.len() + } + + pub fn push(&mut self, item: G) { + self.0.push(item) + } + + pub fn iter(&self) -> Iter<'_, G> { + self.0.iter() + } +} + +impl Index for GroupVec { + type Output = G; + + fn index(&self, index: usize) -> &Self::Output { + &self.0[index] + } +} + impl Default for GroupVec { #[inline] fn default() -> Self { From 7b99cbd442f1ae6c84536e0f955a9acdfd5b3c10 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Tue, 30 Nov 2021 01:27:47 +0200 Subject: [PATCH 29/79] to_field_vec returned --- algebra/Cargo.toml | 1 + .../models/short_weierstrass_jacobian/mod.rs | 2 +- algebra/src/lib.rs | 4 +- algebra/src/to_field_vec.rs | 110 +- .../gadgets/std/src/fields/cubic_extension.rs | 937 ------------------ r1cs/gadgets/std/src/fields/fp12.rs | 247 ----- r1cs/gadgets/std/src/fields/fp2.rs | 68 -- r1cs/gadgets/std/src/fields/fp3.rs | 51 - r1cs/gadgets/std/src/fields/fp4.rs | 118 --- r1cs/gadgets/std/src/fields/fp6_2over3.rs | 218 ---- r1cs/gadgets/std/src/fields/fp6_3over2.rs | 129 --- .../std/src/fields/quadratic_extension.rs | 763 -------------- .../curves/short_weierstrass/bls12/mod.rs | 182 ---- .../groups/curves/short_weierstrass/bn/mod.rs | 211 ---- .../curves/short_weierstrass/mnt/mnt4/mod.rs | 298 ------ .../curves/short_weierstrass/mnt/mnt6/mod.rs | 305 ------ .../curves/short_weierstrass/mnt/mod.rs | 2 - .../std/src/instantiated/bls12_377/curves.rs | 19 - .../std/src/instantiated/bls12_377/fields.rs | 31 - .../std/src/instantiated/bls12_377/mod.rs | 7 - .../std/src/instantiated/bls12_377/pairing.rs | 9 - .../std/src/instantiated/bn_382/curves.rs | 16 - .../std/src/instantiated/bn_382/fields.rs | 31 - .../std/src/instantiated/bn_382/g/curves.rs | 10 - .../std/src/instantiated/bn_382/g/fields.rs | 18 - .../std/src/instantiated/bn_382/g/mod.rs | 5 - .../std/src/instantiated/bn_382/mod.rs | 8 - .../std/src/instantiated/bn_382/pairing.rs | 8 - .../src/instantiated/edwards_bls12/curves.rs | 11 - .../src/instantiated/edwards_bls12/fields.rs | 16 - .../std/src/instantiated/edwards_bls12/mod.rs | 5 - .../src/instantiated/edwards_sw6/curves.rs | 11 - .../src/instantiated/edwards_sw6/fields.rs | 16 - .../std/src/instantiated/edwards_sw6/mod.rs | 5 - .../std/src/instantiated/jubjub/curves.rs | 11 - .../std/src/instantiated/jubjub/fields.rs | 16 - .../std/src/instantiated/jubjub/mod.rs | 5 - .../std/src/instantiated/mnt4_753/curves.rs | 16 - .../std/src/instantiated/mnt4_753/fields.rs | 27 - .../std/src/instantiated/mnt4_753/mod.rs | 7 - .../std/src/instantiated/mnt4_753/pairing.rs | 8 - .../std/src/instantiated/mnt6_753/curves.rs | 16 - .../std/src/instantiated/mnt6_753/fields.rs | 27 - .../std/src/instantiated/mnt6_753/mod.rs | 7 - .../std/src/instantiated/mnt6_753/pairing.rs | 8 - r1cs/gadgets/std/src/pairing/bls12/mod.rs | 185 ---- r1cs/gadgets/std/src/pairing/bn/mod.rs | 226 ----- r1cs/gadgets/std/src/pairing/mnt4/mod.rs | 159 --- r1cs/gadgets/std/src/pairing/mnt6/mod.rs | 168 ---- r1cs/gadgets/std/src/pairing/mod.rs | 157 --- 50 files changed, 21 insertions(+), 4894 deletions(-) delete mode 100644 r1cs/gadgets/std/src/fields/cubic_extension.rs delete mode 100644 r1cs/gadgets/std/src/fields/fp12.rs delete mode 100644 r1cs/gadgets/std/src/fields/fp2.rs delete mode 100644 r1cs/gadgets/std/src/fields/fp3.rs delete mode 100644 r1cs/gadgets/std/src/fields/fp4.rs delete mode 100644 r1cs/gadgets/std/src/fields/fp6_2over3.rs delete mode 100644 r1cs/gadgets/std/src/fields/fp6_3over2.rs delete mode 100644 r1cs/gadgets/std/src/fields/quadratic_extension.rs delete mode 100644 r1cs/gadgets/std/src/groups/curves/short_weierstrass/bls12/mod.rs delete mode 100644 r1cs/gadgets/std/src/groups/curves/short_weierstrass/bn/mod.rs delete mode 100644 r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt4/mod.rs delete mode 100644 r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt6/mod.rs delete mode 100644 r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bls12_377/curves.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bls12_377/fields.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bls12_377/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bls12_377/pairing.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bn_382/curves.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bn_382/fields.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bn_382/g/curves.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bn_382/g/fields.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bn_382/g/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bn_382/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/bn_382/pairing.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/edwards_bls12/curves.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/edwards_bls12/fields.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/edwards_bls12/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/edwards_sw6/curves.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/edwards_sw6/fields.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/edwards_sw6/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/jubjub/curves.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/jubjub/fields.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/jubjub/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/mnt4_753/curves.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/mnt4_753/fields.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/mnt4_753/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/mnt4_753/pairing.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/mnt6_753/curves.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/mnt6_753/fields.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/mnt6_753/mod.rs delete mode 100644 r1cs/gadgets/std/src/instantiated/mnt6_753/pairing.rs delete mode 100644 r1cs/gadgets/std/src/pairing/bls12/mod.rs delete mode 100644 r1cs/gadgets/std/src/pairing/bn/mod.rs delete mode 100644 r1cs/gadgets/std/src/pairing/mnt4/mod.rs delete mode 100644 r1cs/gadgets/std/src/pairing/mnt6/mod.rs delete mode 100644 r1cs/gadgets/std/src/pairing/mod.rs diff --git a/algebra/Cargo.toml b/algebra/Cargo.toml index 124caf3d1..0f202be7c 100644 --- a/algebra/Cargo.toml +++ b/algebra/Cargo.toml @@ -48,6 +48,7 @@ criterion = "0.3" hex-literal = "0.3.3" [features] +default = [ "derive" ] parallel = [ "rayon" ] fft = ["rayon", "derive"] n_fold = [] diff --git a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs index e44ff5fd4..55ec30101 100644 --- a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs +++ b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs @@ -444,7 +444,7 @@ impl From> for Jacobian

{ // coordinates as X/Z^2, Y/Z^3. impl TryFrom> for AffineRep

{ type Error = Error; - + #[inline] fn try_from(p: Jacobian

) -> Result, Error> { if p.is_zero() { diff --git a/algebra/src/lib.rs b/algebra/src/lib.rs index 049b4e132..563246a9b 100644 --- a/algebra/src/lib.rs +++ b/algebra/src/lib.rs @@ -57,8 +57,8 @@ pub use self::validity::*; mod rand; pub use self::rand::*; -// mod to_field_vec; -// pub use to_field_vec::ToConstraintField; +mod to_field_vec; +pub use to_field_vec::ToConstraintField; #[cfg(feature = "parallel")] pub mod msm; diff --git a/algebra/src/to_field_vec.rs b/algebra/src/to_field_vec.rs index a1217398d..222cb02c6 100644 --- a/algebra/src/to_field_vec.rs +++ b/algebra/src/to_field_vec.rs @@ -1,15 +1,14 @@ use crate::{ + fields::{ + Field, FpParameters, PrimeField, + }, curves::{ + Curve, models::{SWModelParameters, TEModelParameters}, - short_weierstrass_jacobian::{GroupAffine as SWJAffine, GroupProjective as SWJProjective}, - short_weierstrass_projective::{ - GroupAffine as SWPAffine, GroupProjective as SWPProjective, - }, - twisted_edwards_extended::{GroupAffine as TEAffine, GroupProjective as TEProjective}, - ProjectiveCurve, + short_weierstrass_jacobian::Jacobian, + short_weierstrass_projective::Projective, + twisted_edwards_extended::TEExtended, }, - CubicExtField, CubicExtParameters, Field, FpParameters, PrimeField, QuadExtField, - QuadExtParameters, }; type Error = Box; @@ -42,60 +41,13 @@ impl ToConstraintField for () { } } -impl ToConstraintField for QuadExtField

-where - P::BaseField: ToConstraintField, -{ - fn to_field_elements(&self) -> Result, Error> { - let mut res = Vec::new(); - let mut c0_elems = self.c0.to_field_elements()?; - let mut c1_elems = self.c1.to_field_elements()?; - - res.append(&mut c0_elems); - res.append(&mut c1_elems); - - Ok(res) - } -} - -impl ToConstraintField for CubicExtField

-where - P::BaseField: ToConstraintField, -{ - fn to_field_elements(&self) -> Result, Error> { - let mut res = Vec::new(); - let mut c0_elems = self.c0.to_field_elements()?; - let mut c1_elems = self.c1.to_field_elements()?; - let mut c2_elems = self.c2.to_field_elements()?; - - res.append(&mut c0_elems); - res.append(&mut c1_elems); - res.append(&mut c2_elems); - - Ok(res) - } -} - -impl ToConstraintField for TEAffine -where - M::BaseField: ToConstraintField, +impl ToConstraintField for Jacobian + where + M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Result, Error> { - let mut x_fe = self.x.to_field_elements()?; - let y_fe = self.y.to_field_elements()?; - x_fe.extend_from_slice(&y_fe); - Ok(x_fe) - } -} - -impl ToConstraintField for TEProjective -where - M::BaseField: ToConstraintField, -{ - #[inline] - fn to_field_elements(&self) -> Result, Error> { - let affine = self.into_affine(); + let affine = self.into_affine()?; let mut x_fe = affine.x.to_field_elements()?; let y_fe = affine.y.to_field_elements()?; x_fe.extend_from_slice(&y_fe); @@ -103,26 +55,13 @@ where } } -impl ToConstraintField for SWJAffine -where - M::BaseField: ToConstraintField, -{ - #[inline] - fn to_field_elements(&self) -> Result, Error> { - let mut x_fe = self.x.to_field_elements()?; - let y_fe = self.y.to_field_elements()?; - x_fe.extend_from_slice(&y_fe); - Ok(x_fe) - } -} - -impl ToConstraintField for SWJProjective -where - M::BaseField: ToConstraintField, +impl ToConstraintField for Projective + where + M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Result, Error> { - let affine = self.into_affine(); + let affine = self.into_affine()?; // Affine coordinates are defined even if `self` is the neutral elements let mut x_fe = affine.x.to_field_elements()?; let y_fe = affine.y.to_field_elements()?; x_fe.extend_from_slice(&y_fe); @@ -130,28 +69,13 @@ where } } -impl ToConstraintField for SWPAffine -where - M::BaseField: ToConstraintField, -{ - #[inline] - fn to_field_elements(&self) -> Result, Error> { - // Affine coordinates are defined even if `self` is the neutral elements. For more - // information, see the definition of zero() in SWPAffine. - let mut x_fe = self.x.to_field_elements()?; - let y_fe = self.y.to_field_elements()?; - x_fe.extend_from_slice(&y_fe); - Ok(x_fe) - } -} - -impl ToConstraintField for SWPProjective +impl ToConstraintField for TEExtended where M::BaseField: ToConstraintField, { #[inline] fn to_field_elements(&self) -> Result, Error> { - let affine = self.into_affine(); // Affine coordinates are defined even if `self` is the neutral elements + let affine = self.into_affine()?; let mut x_fe = affine.x.to_field_elements()?; let y_fe = affine.y.to_field_elements()?; x_fe.extend_from_slice(&y_fe); diff --git a/r1cs/gadgets/std/src/fields/cubic_extension.rs b/r1cs/gadgets/std/src/fields/cubic_extension.rs deleted file mode 100644 index 24b369d5e..000000000 --- a/r1cs/gadgets/std/src/fields/cubic_extension.rs +++ /dev/null @@ -1,937 +0,0 @@ -use algebra::{CubicExtField, CubicExtParameters, Field, PrimeField, SquareRootField}; -use r1cs_core::{ConstraintSystem, SynthesisError}; -use std::{borrow::Borrow, marker::PhantomData}; - -use crate::{fields::FieldGadget, prelude::*, Assignment}; - -pub trait CubicExtParametersGadget: - CubicExtParameters -{ - type BaseFieldGadget: FieldGadget; - - /// Multiply a BaseFieldGadget by quadratic nonresidue. - fn mul_base_field_gadget_by_nonresidue>( - cs: CS, - fe: &Self::BaseFieldGadget, - ) -> Result; - - /// Multiply a BaseFieldGadget by the Frobenius Coefficient at given power - fn mul_base_field_gadget_by_frobenius_coeff>( - cs: CS, - c1: &mut Self::BaseFieldGadget, - c2: &mut Self::BaseFieldGadget, - power: usize, - ) -> Result<(), SynthesisError>; -} - -#[derive(Derivative)] -#[derivative(Debug( - bound = "P: CubicExtParametersGadget, ConstraintF: PrimeField + SquareRootField" -))] -#[must_use] -pub struct CubicExtFieldGadget< - P: CubicExtParametersGadget, - ConstraintF: PrimeField + SquareRootField, -> { - pub c0: P::BaseFieldGadget, - pub c1: P::BaseFieldGadget, - pub c2: P::BaseFieldGadget, - #[derivative(Debug = "ignore")] - _params: PhantomData

, -} - -impl, ConstraintF: PrimeField + SquareRootField> - CubicExtFieldGadget -{ - #[inline] - pub fn new(c0: P::BaseFieldGadget, c1: P::BaseFieldGadget, c2: P::BaseFieldGadget) -> Self { - Self { - c0, - c1, - c2, - _params: PhantomData, - } - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - FieldGadget, ConstraintF> for CubicExtFieldGadget -{ - type Variable = ( - >::Variable, - >::Variable, - >::Variable, - ); - - #[inline] - fn get_value(&self) -> Option> { - match ( - self.c0.get_value(), - self.c1.get_value(), - self.c2.get_value(), - ) { - (Some(c0), Some(c1), Some(c2)) => Some(CubicExtField::

::new(c0, c1, c2)), - (..) => None, - } - } - - #[inline] - fn get_variable(&self) -> Self::Variable { - ( - self.c0.get_variable(), - self.c1.get_variable(), - self.c2.get_variable(), - ) - } - - #[inline] - fn zero>(mut cs: CS) -> Result { - let c0 = P::BaseFieldGadget::zero(cs.ns(|| "c0"))?; - let c1 = P::BaseFieldGadget::zero(cs.ns(|| "c1"))?; - let c2 = P::BaseFieldGadget::zero(cs.ns(|| "c2"))?; - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn one>(mut cs: CS) -> Result { - let c0 = P::BaseFieldGadget::one(cs.ns(|| "c0"))?; - let c1 = P::BaseFieldGadget::zero(cs.ns(|| "c1"))?; - let c2 = P::BaseFieldGadget::zero(cs.ns(|| "c2"))?; - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn conditionally_add_constant>( - &self, - mut cs: CS, - bit: &Boolean, - coeff: CubicExtField

, - ) -> Result { - let c0 = self - .c0 - .conditionally_add_constant(cs.ns(|| "c0"), bit, coeff.c0)?; - let c1 = self - .c1 - .conditionally_add_constant(cs.ns(|| "c1"), bit, coeff.c1)?; - let c2 = self - .c2 - .conditionally_add_constant(cs.ns(|| "c2"), bit, coeff.c2)?; - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn add>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - let c0 = self.c0.add(&mut cs.ns(|| "add c0"), &other.c0)?; - let c1 = self.c1.add(&mut cs.ns(|| "add c1"), &other.c1)?; - let c2 = self.c2.add(&mut cs.ns(|| "add c2"), &other.c2)?; - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn sub>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - let c0 = self.c0.sub(&mut cs.ns(|| "sub c0"), &other.c0)?; - let c1 = self.c1.sub(&mut cs.ns(|| "sub c1"), &other.c1)?; - let c2 = self.c2.sub(&mut cs.ns(|| "sub c2"), &other.c2)?; - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn negate>( - &self, - mut cs: CS, - ) -> Result { - let c0 = self.c0.negate(&mut cs.ns(|| "negate c0"))?; - let c1 = self.c1.negate(&mut cs.ns(|| "negate c1"))?; - let c2 = self.c2.negate(&mut cs.ns(|| "negate c2"))?; - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn negate_in_place>( - &mut self, - mut cs: CS, - ) -> Result<&mut Self, SynthesisError> { - self.c0.negate_in_place(&mut cs.ns(|| "negate c0"))?; - self.c1.negate_in_place(&mut cs.ns(|| "negate c1"))?; - self.c2.negate_in_place(&mut cs.ns(|| "negate c2"))?; - Ok(self) - } - - /// Use the Toom-Cook-3x method to compute multiplication. - #[inline] - fn mul>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - // Uses Toom-Cool-3x multiplication - // - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - // v0 = a(0)b(0) = a0 * b0 - let v0 = self.c0.mul(&mut cs.ns(|| "Calc v0"), &other.c0)?; - - // v1 = a(1)b(1) = (a0 + a1 + a2)(b0 + b1 + b2) - let v1 = { - let mut v1_cs = cs.ns(|| "compute v1"); - let a0_plus_a1_plus_a2 = self - .c0 - .add(v1_cs.ns(|| "a0 + a1"), &self.c1)? - .add(v1_cs.ns(|| "a0 + a1 + a2"), &self.c2)?; - let b0_plus_b1_plus_b2 = other - .c0 - .add(v1_cs.ns(|| "b0 + b1"), &other.c1)? - .add(v1_cs.ns(|| "b0 + b1 + b2"), &other.c2)?; - - a0_plus_a1_plus_a2.mul( - v1_cs.ns(|| "(a0 + a1 + a2)(b0 + b1 + b2)"), - &b0_plus_b1_plus_b2, - )? - }; - - // v2 = a(−1)b(−1) = (a0 − a1 + a2)(b0 − b1 + b2) - let v2 = { - let mut v2_cs = cs.ns(|| "compute v2"); - - let a0_minus_a1_plus_a2 = self - .c0 - .sub(v2_cs.ns(|| "a0 - a1"), &self.c1)? - .add(v2_cs.ns(|| "a0 - a1 + a2"), &self.c2)?; - - let b0_minus_b1_plus_b2 = other - .c0 - .sub(v2_cs.ns(|| "b0 - b1"), &other.c1)? - .add(v2_cs.ns(|| "b0 - b1 + b2"), &other.c2)?; - - a0_minus_a1_plus_a2.mul( - v2_cs.ns(|| "(a0 - a1 + a2)(b0 - b1 + b2)"), - &b0_minus_b1_plus_b2, - )? - }; - - // v3 = a(2)b(2) = (a0 + 2a1 + 4a2)(b0 + 2b1 + 4b2) - let v3 = { - let v3_cs = &mut cs.ns(|| "compute v3"); - - let a1_double = self.c1.double(v3_cs.ns(|| "2 * a1"))?; - let a2_quad = self - .c2 - .double(v3_cs.ns(|| "2 * a2"))? - .double(v3_cs.ns(|| "4 * a2"))?; - - let a0_plus_2_a1_plus_4_a2 = self - .c0 - .add(v3_cs.ns(|| "a0 + 2a1"), &a1_double)? - .add(v3_cs.ns(|| "a0 + 2a1 + 4a2"), &a2_quad)?; - - let b1_double = other.c1.double(v3_cs.ns(|| "2 * b1"))?; - let b2_quad = other - .c2 - .double(v3_cs.ns(|| "2 * b2"))? - .double(v3_cs.ns(|| "4 * b2"))?; - let b0_plus_2_b1_plus_4_b2 = other - .c0 - .add(v3_cs.ns(|| "b0 + 2b1"), &b1_double)? - .add(v3_cs.ns(|| "b0 + 2b1 + 4b2"), &b2_quad)?; - - a0_plus_2_a1_plus_4_a2.mul( - v3_cs.ns(|| "(a0 + 2a1 + 4a2)(b0 + 2b1 + 4b2)"), - &b0_plus_2_b1_plus_4_b2, - )? - }; - - // v4 = a(∞)b(∞) = a2 * b2 - let v4 = self.c2.mul(cs.ns(|| "v2: a2 * b2"), &other.c2)?; - - let two = P::BaseField::one().double(); - let six = two.double() + &two; - let mut two_and_six = [two, six]; - algebra::fields::batch_inversion(&mut two_and_six); - let (two_inverse, six_inverse) = (two_and_six[0], two_and_six[1]); - - let half_v0 = v0.mul_by_constant(cs.ns(|| "half_v0"), &two_inverse)?; - let half_v1 = v1.mul_by_constant(cs.ns(|| "half_v1"), &two_inverse)?; - let one_sixth_v2 = v2.mul_by_constant(cs.ns(|| "v2_by_six"), &six_inverse)?; - let one_sixth_v3 = v3.mul_by_constant(cs.ns(|| "v3_by_six"), &six_inverse)?; - let two_v4 = v4.double(cs.ns(|| "2 * v4"))?; - - // c0 = v0 + β((1/2)v0 − (1/2)v1 − (1/6)v2 + (1/6)v3 − 2v4) - let c0 = { - let c0_cs = &mut cs.ns(|| "c0"); - - // No constraints, only get a linear combination back. - let temp = half_v0 - .sub(c0_cs.ns(|| "sub1"), &half_v1)? - .sub(c0_cs.ns(|| "sub2"), &one_sixth_v2)? - .add(c0_cs.ns(|| "add3"), &one_sixth_v3)? - .sub(c0_cs.ns(|| "sub4"), &two_v4)?; - let non_residue_times_inner = - temp.mul_by_constant(&mut c0_cs.ns(|| "mul5"), &P::NONRESIDUE)?; - v0.add(c0_cs.ns(|| "add6"), &non_residue_times_inner)? - }; - - // −(1/2)v0 + v1 − (1/3)v2 − (1/6)v3 + 2v4 + βv4 - let c1 = { - let c1_cs = &mut cs.ns(|| "c1"); - let one_third_v2 = one_sixth_v2.double(&mut c1_cs.ns(|| "v2_by_3"))?; - let non_residue_v4 = - v4.mul_by_constant(&mut c1_cs.ns(|| "mul_by_beta"), &P::NONRESIDUE)?; - - let result = half_v0 - .negate(c1_cs.ns(|| "neg1"))? - .add(c1_cs.ns(|| "add2"), &v1)? - .sub(c1_cs.ns(|| "sub3"), &one_third_v2)? - .sub(c1_cs.ns(|| "sub4"), &one_sixth_v3)? - .add(c1_cs.ns(|| "sub5"), &two_v4)? - .add(c1_cs.ns(|| "sub6"), &non_residue_v4)?; - result - }; - - // -v0 + (1/2)v1 + (1/2)v2 −v4 - let c2 = { - let c2_cs = &mut cs.ns(|| "c2"); - let half_v2 = v2.mul_by_constant(&mut c2_cs.ns(|| "mul1"), &two_inverse)?; - let result = half_v1 - .add(c2_cs.ns(|| "add1"), &half_v2)? - .sub(c2_cs.ns(|| "sub1"), &v4)? - .sub(c2_cs.ns(|| "sub2"), &v0)?; - result - }; - Ok(Self::new(c0, c1, c2)) - } - - /// Use the Chung-Hasan asymmetric squaring formula. - /// - /// (Devegili OhEig Scott Dahab --- Multiplication and Squaring on - /// Abstract Pairing-Friendly - /// Fields.pdf; Section 4 (CH-SQR2)) - #[inline] - fn square>( - &self, - mut cs: CS, - ) -> Result { - let a = self.c0.clone(); - let b = self.c1.clone(); - let c = self.c2.clone(); - - let s0 = a.square(cs.ns(|| "s0"))?; - let ab = a.mul(cs.ns(|| "ab"), &b)?; - let s1 = ab.double(cs.ns(|| "s1"))?; - let s2 = a - .sub(cs.ns(|| "a-b"), &b)? - .add(cs.ns(|| "plus c"), &c)? - .square(cs.ns(|| "s2"))?; - let s3 = b.mul(cs.ns(|| "bc"), &c)?.double(cs.ns(|| "s3"))?; - let s4 = c.square(cs.ns(|| "s4"))?; - - let c0 = P::mul_base_field_gadget_by_nonresidue(cs.ns(|| "c0 part 1"), &s3)? - .add(cs.ns(|| "c0"), &s0)?; - - let c1 = P::mul_base_field_gadget_by_nonresidue(cs.ns(|| "c1 part 1"), &s4)? - .add(cs.ns(|| "c1"), &s1)?; - - let c2 = s1 - .add(cs.ns(|| "c2 part1"), &s2)? - .add(cs.ns(|| "c2 part2"), &s3)? - .sub(cs.ns(|| "c2 part3"), &s0)? - .sub(cs.ns(|| "c2 part4"), &s4)?; - - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn mul_equals>( - &self, - mut cs: CS, - other: &Self, - result: &Self, - ) -> Result<(), SynthesisError> { - // Uses Toom-Cook-3x multiplication - // - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - // The prover chooses lambda_1 and lambda_2. - // We can explicitly enforce lambda_1 without wasting constraints as it turns out - // that a(∞)b(∞) = lambda_1 at X = ∞. - let lambda_1 = self.c2.mul(cs.ns(|| "lambda_1 <=> check 5"), &other.c2)?; - - let lambda_2 = P::BaseFieldGadget::alloc(cs.ns(|| "lambda_2"), || { - let a1b2 = self.c1.get_value().get()? * &other.c2.get_value().get()?; - let a2b1 = self.c2.get_value().get()? * &other.c1.get_value().get()?; - Ok(a1b2 + &a2b1) - })?; - - let one = P::BaseField::one(); - - // a0b0 = c0 - β*lambda_2 at X = 0 - { - let c0_plus_nr_lambda_2 = lambda_2 - .mul_by_constant(cs.ns(|| "nr * lambda_2"), &P::NONRESIDUE)? - .negate(cs.ns(|| "-(nr * lambda_2)"))? - .add(cs.ns(|| "c0 - nr * lambda_2"), &result.c0)?; - - self.c0 - .mul_equals(cs.ns(|| "check 1"), &other.c0, &c0_plus_nr_lambda_2)?; - } - - //(a0 + a1 + a2)(b0 + b1 + b2) = (c0 + c1 + c2) + (lambda_1 + lambda_2)*(1 - β) at X = 1 - { - let a0_plus_a1_plus_a2 = self - .c0 - .add(cs.ns(|| "a0 + a1"), &self.c1)? - .add(cs.ns(|| "a0 + a1 + a2"), &self.c2)?; - let b0_plus_b1_plus_b2 = other - .c0 - .add(cs.ns(|| "b0 + b1"), &other.c1)? - .add(cs.ns(|| "b0 + b1 + b2"), &other.c2)?; - let c0_plus_c1_plus_c2 = result - .c0 - .add(cs.ns(|| "c0 + c1"), &result.c1)? - .add(cs.ns(|| "c0 + c1 + c2"), &result.c2)?; - let lambda_1_plus_lambda_2_times_one_minus_nr = lambda_1 - .add(cs.ns(|| "lambda_1 + lambda_2"), &lambda_2)? - .mul_by_constant( - cs.ns(|| "(lambda_1 + lambda_2)*(1 - nr)"), - &(one - &P::NONRESIDUE), - )?; - - let to_check = c0_plus_c1_plus_c2.add( - cs.ns(|| "c0 + c1 + c2 + (lambda_1 + lambda_2)*(1 - nr)"), - &lambda_1_plus_lambda_2_times_one_minus_nr, - )?; - a0_plus_a1_plus_a2.mul_equals(cs.ns(|| "check 2"), &b0_plus_b1_plus_b2, &to_check)?; - } - - //(a0 - a1 + a2)(b0 - b1 + b2) = (c0 - c1 + c2) + (lambda_1 - lambda_2)*(1 + β) at X = -1 - { - let a0_minus_a1_plus_a2 = self - .c0 - .sub(cs.ns(|| "a0 - a1"), &self.c1)? - .add(cs.ns(|| "a0 - a1 + a2"), &self.c2)?; - let b0_minus_b1_plus_b2 = other - .c0 - .sub(cs.ns(|| "b0 - b1"), &other.c1)? - .add(cs.ns(|| "b0 - b1 + b2"), &other.c2)?; - let c0_minus_c1_plus_c2 = result - .c0 - .sub(cs.ns(|| "c0 - c1"), &result.c1)? - .add(cs.ns(|| "c0 - c1 + c2"), &result.c2)?; - let lambda_1_minus_lambda_2_times_one_plus_nr = lambda_1 - .sub(cs.ns(|| "lambda_1 - lambda_2"), &lambda_2)? - .mul_by_constant( - cs.ns(|| "(lambda_1 - lambda_2)*(1 + nr)"), - &(one + &P::NONRESIDUE), - )?; - - let to_check = c0_minus_c1_plus_c2.add( - cs.ns(|| "c0 - c1 + c2 + (lambda_1 - lambda_2)*(1 + nr)"), - &lambda_1_minus_lambda_2_times_one_plus_nr, - )?; - a0_minus_a1_plus_a2.mul_equals(cs.ns(|| "check 3"), &b0_minus_b1_plus_b2, &to_check)?; - } - - // (a0 + 2a1 + 4a2)(b0 + 2b1 + 4b2) = (c0 + 2c1 + 4c2) + (2lambda_1 + lambda_2)(8 - β) at X = 2 - { - let a0_plus_2_a1_plus_4_a2 = { - let a1_double = self.c1.double(cs.ns(|| "2 * a1"))?; - let a2_quad = self - .c2 - .double(cs.ns(|| "2 * a2"))? - .double(cs.ns(|| "4 * a2"))?; - - self.c0 - .add(cs.ns(|| "a0 + 2a1"), &a1_double)? - .add(cs.ns(|| "a0 + 2a1 + 4a2"), &a2_quad)? - }; - - let b0_plus_2_b1_plus_4_b2 = { - let b1_double = other.c1.double(cs.ns(|| "2 * b1"))?; - let b2_quad = other - .c2 - .double(cs.ns(|| "2 * b2"))? - .double(cs.ns(|| "4 * b2"))?; - - other - .c0 - .add(cs.ns(|| "b0 + 2b1"), &b1_double)? - .add(cs.ns(|| "b0 + 2b1 + 4b2"), &b2_quad)? - }; - - let c0_plus_2_c1_plus_4_c2 = { - let c1_double = result.c1.double(cs.ns(|| "2 * c1"))?; - let c2_quad = result - .c2 - .double(cs.ns(|| "2 * c2"))? - .double(cs.ns(|| "4 * c2"))?; - - result - .c0 - .add(cs.ns(|| "c0 + 2c1"), &c1_double)? - .add(cs.ns(|| "c0 + 2c1 + 4c2"), &c2_quad)? - }; - - let eight = one.double().double().double(); - let two_lambda_1_plus_lambda_2_times_eight_minus_nr = lambda_1 - .double(cs.ns(|| "2*lambda_1"))? - .add(cs.ns(|| "2*lambda_1 + lambda_2"), &lambda_2)? - .mul_by_constant( - cs.ns(|| "(2*lambda_1 + lambda_2)*(8 - nr)"), - &(eight - &P::NONRESIDUE), - )?; - - let to_check = c0_plus_2_c1_plus_4_c2.add( - cs.ns(|| "(c0 + 2c1 + 4c2) + (2*lambda_1 + lambda_2)*(8 - nr)"), - &two_lambda_1_plus_lambda_2_times_eight_minus_nr, - )?; - a0_plus_2_a1_plus_4_a2.mul_equals( - cs.ns(|| "check 4"), - &b0_plus_2_b1_plus_4_b2, - &to_check, - )?; - } - - Ok(()) - } - - #[inline] - fn add_constant>( - &self, - mut cs: CS, - other: &CubicExtField

, - ) -> Result { - let c0 = self.c0.add_constant(cs.ns(|| "c0"), &other.c0)?; - let c1 = self.c1.add_constant(cs.ns(|| "c1"), &other.c1)?; - let c2 = self.c2.add_constant(cs.ns(|| "c2"), &other.c2)?; - - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn add_constant_in_place>( - &mut self, - mut cs: CS, - other: &CubicExtField

, - ) -> Result<&mut Self, SynthesisError> { - self.c0.add_constant_in_place(cs.ns(|| "c0"), &other.c0)?; - self.c1.add_constant_in_place(cs.ns(|| "c1"), &other.c1)?; - self.c2.add_constant_in_place(cs.ns(|| "c2"), &other.c2)?; - Ok(self) - } - - #[inline] - fn mul_by_constant>( - &self, - mut cs: CS, - other: &CubicExtField

, - ) -> Result { - // Naive Fp3 multiplication - - // c0 = b0*a0 + β*b2*a1 + β*b1*a2, - let c0 = { - let a0_b0 = self.c0.mul_by_constant(cs.ns(|| "a0 * b0"), &other.c0)?; - let a1_b2_nr = self - .c1 - .mul_by_constant(cs.ns(|| "a1 * b2 * nr"), &(other.c2 * &P::NONRESIDUE))?; - let a2_b1_nr = self - .c2 - .mul_by_constant(cs.ns(|| "a2 * b1 * nr"), &(other.c1 * &P::NONRESIDUE))?; - - a0_b0 - .add(cs.ns(|| "a0 * b0 + a1 * b2 * nr"), &a1_b2_nr)? - .add(cs.ns(|| "a0 * b0 + a1 * b2 * nr + a2 * b1 * nr"), &a2_b1_nr) - }?; - - // c1 = b1*a0 + b0*a1 + β*b2*a2, - let c1 = { - let a0_b1 = self.c0.mul_by_constant(cs.ns(|| "a0 * b1"), &other.c1)?; - let a1_b0 = self.c1.mul_by_constant(cs.ns(|| "a1 * b0"), &other.c0)?; - let a2_b2_nr = self - .c2 - .mul_by_constant(cs.ns(|| "a2 * b2 * nr"), &(other.c2 * &P::NONRESIDUE))?; - - a0_b1 - .add(cs.ns(|| "a0 * b1 + a1 * b0"), &a1_b0)? - .add(cs.ns(|| "a0 * b1 + a1 * b0 + a2 * b2 * nr"), &a2_b2_nr) - }?; - - // c2 = b2*a0 + b1*a1 + b0*a2. - let c2 = { - let a0_b2 = self.c0.mul_by_constant(cs.ns(|| "a0 * b2"), &other.c2)?; - let a1_b1 = self.c1.mul_by_constant(cs.ns(|| "a1 * b1"), &other.c1)?; - let a2_b0 = self.c2.mul_by_constant(cs.ns(|| "a2 * b0"), &other.c0)?; - - a0_b2 - .add(cs.ns(|| "a0 * b2 + a1 * b1"), &a1_b1)? - .add(cs.ns(|| "a0 * b2 + a1 * b1 + a2 * b0"), &a2_b0) - }?; - - Ok(Self::new(c0, c1, c2)) - } - - fn frobenius_map>( - &self, - cs: CS, - power: usize, - ) -> Result { - let mut result = self.clone(); - result.frobenius_map_in_place(cs, power)?; - Ok(result) - } - - fn frobenius_map_in_place>( - &mut self, - mut cs: CS, - power: usize, - ) -> Result<&mut Self, SynthesisError> { - self.c0.frobenius_map_in_place(&mut cs.ns(|| "c0"), power)?; - self.c1.frobenius_map_in_place(&mut cs.ns(|| "c1"), power)?; - self.c2.frobenius_map_in_place(&mut cs.ns(|| "c2"), power)?; - - P::mul_base_field_gadget_by_frobenius_coeff( - &mut cs.ns(|| "c1 and c2 powers"), - &mut self.c1, - &mut self.c2, - power, - )?; - - Ok(self) - } - - fn cost_of_mul() -> usize { - 5 - } - - fn cost_of_mul_equals() -> usize { - 5 - } - - fn cost_of_inv() -> usize { - Self::cost_of_mul_equals() - } -} - -impl, ConstraintF: PrimeField + SquareRootField> PartialEq - for CubicExtFieldGadget -{ - fn eq(&self, other: &Self) -> bool { - self.c0 == other.c0 && self.c1 == other.c1 && self.c2 == other.c2 - } -} - -impl, ConstraintF: PrimeField + SquareRootField> Eq - for CubicExtFieldGadget -{ -} - -impl, ConstraintF: PrimeField + SquareRootField> - EqGadget for CubicExtFieldGadget -{ - fn is_eq>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - let b0 = self.c0.is_eq(cs.ns(|| "c0"), &other.c0)?; - let b1 = self.c1.is_eq(cs.ns(|| "c1"), &other.c1)?; - let b2 = self.c2.is_eq(cs.ns(|| "c2"), &other.c2)?; - let temp = Boolean::and(cs.ns(|| "b0 AND b1"), &b0, &b1)?; - Boolean::and(cs.ns(|| "b0 AND b1 AND b2"), &temp, &b2) - } - - #[inline] - fn conditional_enforce_equal>( - &self, - mut cs: CS, - other: &Self, - should_enforce: &Boolean, - ) -> Result<(), SynthesisError> { - self.c0 - .conditional_enforce_equal(cs.ns(|| "c0"), &other.c0, should_enforce)?; - self.c1 - .conditional_enforce_equal(cs.ns(|| "c1"), &other.c1, should_enforce)?; - self.c2 - .conditional_enforce_equal(cs.ns(|| "c2"), &other.c2, should_enforce)?; - Ok(()) - } - - #[inline] - fn conditional_enforce_not_equal>( - &self, - mut cs: CS, - other: &Self, - should_enforce: &Boolean, - ) -> Result<(), SynthesisError> { - let is_equal = self.is_eq(cs.ns(|| "is_eq(self, other)"), other)?; - Boolean::and( - cs.ns(|| "is_equal AND should_enforce"), - &is_equal, - should_enforce, - )? - .enforce_equal( - cs.ns(|| "is_equal AND should_enforce == false"), - &Boolean::Constant(false), - ) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - ToBitsGadget for CubicExtFieldGadget -{ - fn to_bits>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut c0 = self.c0.to_bits(&mut cs)?; - let mut c1 = self.c1.to_bits(&mut cs)?; - let mut c2 = self.c2.to_bits(cs)?; - - c0.append(&mut c1); - c0.append(&mut c2); - - Ok(c0) - } - - fn to_bits_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut c0 = self.c0.to_bits_strict(&mut cs)?; - let mut c1 = self.c1.to_bits_strict(&mut cs)?; - let mut c2 = self.c2.to_bits_strict(cs)?; - - c0.append(&mut c1); - c0.append(&mut c2); - - Ok(c0) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - ToBytesGadget for CubicExtFieldGadget -{ - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut c0 = self.c0.to_bytes(cs.ns(|| "c0"))?; - let mut c1 = self.c1.to_bytes(cs.ns(|| "c1"))?; - let mut c2 = self.c2.to_bytes(cs.ns(|| "c2"))?; - - c0.append(&mut c1); - c0.append(&mut c2); - - Ok(c0) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut c0 = self.c0.to_bytes_strict(cs.ns(|| "c0"))?; - let mut c1 = self.c1.to_bytes_strict(cs.ns(|| "c1"))?; - let mut c2 = self.c2.to_bytes_strict(cs.ns(|| "c2"))?; - - c0.append(&mut c1); - c0.append(&mut c2); - - Ok(c0) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> Clone - for CubicExtFieldGadget -{ - fn clone(&self) -> Self { - Self::new(self.c0.clone(), self.c1.clone(), self.c2.clone()) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - CondSelectGadget for CubicExtFieldGadget -{ - #[inline] - fn conditionally_select>( - mut cs: CS, - cond: &Boolean, - first: &Self, - second: &Self, - ) -> Result { - let c0 = P::BaseFieldGadget::conditionally_select( - &mut cs.ns(|| "c0"), - cond, - &first.c0, - &second.c0, - )?; - let c1 = P::BaseFieldGadget::conditionally_select( - &mut cs.ns(|| "c1"), - cond, - &first.c1, - &second.c1, - )?; - let c2 = P::BaseFieldGadget::conditionally_select( - &mut cs.ns(|| "c2"), - cond, - &first.c2, - &second.c2, - )?; - - Ok(Self::new(c0, c1, c2)) - } - - fn cost() -> usize { - 3 * >::cost() - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - TwoBitLookupGadget for CubicExtFieldGadget -{ - type TableConstant = CubicExtField

; - fn two_bit_lookup>( - mut cs: CS, - b: &[Boolean], - c: &[Self::TableConstant], - ) -> Result { - let c0s = c.iter().map(|f| f.c0).collect::>(); - let c1s = c.iter().map(|f| f.c1).collect::>(); - let c2s = c.iter().map(|f| f.c2).collect::>(); - let c0 = P::BaseFieldGadget::two_bit_lookup(cs.ns(|| "Lookup c0"), b, &c0s)?; - let c1 = P::BaseFieldGadget::two_bit_lookup(cs.ns(|| "Lookup c1"), b, &c1s)?; - let c2 = P::BaseFieldGadget::two_bit_lookup(cs.ns(|| "Lookup c2"), b, &c2s)?; - Ok(Self::new(c0, c1, c2)) - } - - fn two_bit_lookup_lc>( - mut cs: CS, - precomp: &Boolean, - b: &[Boolean], - c: &[Self::TableConstant], - ) -> Result { - let c0s = c.iter().map(|f| f.c0).collect::>(); - let c1s = c.iter().map(|f| f.c1).collect::>(); - let c2s = c.iter().map(|f| f.c2).collect::>(); - let c0 = P::BaseFieldGadget::two_bit_lookup_lc(cs.ns(|| "Lookup c0"), precomp, b, &c0s)?; - let c1 = P::BaseFieldGadget::two_bit_lookup_lc(cs.ns(|| "Lookup c1"), precomp, b, &c1s)?; - let c2 = P::BaseFieldGadget::two_bit_lookup_lc(cs.ns(|| "Lookup c2"), precomp, b, &c2s)?; - Ok(Self::new(c0, c1, c2)) - } - - fn cost() -> usize { - 3 * >::cost() - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - ThreeBitCondNegLookupGadget for CubicExtFieldGadget -{ - type TableConstant = CubicExtField

; - - fn three_bit_cond_neg_lookup>( - mut cs: CS, - b: &[Boolean], - b0b1: &Boolean, - c: &[Self::TableConstant], - ) -> Result { - let c0s = c.iter().map(|f| f.c0).collect::>(); - let c1s = c.iter().map(|f| f.c1).collect::>(); - let c2s = c.iter().map(|f| f.c2).collect::>(); - let c0 = - P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c0"), b, b0b1, &c0s)?; - let c1 = - P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c1"), b, b0b1, &c1s)?; - let c2 = - P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c2"), b, b0b1, &c2s)?; - Ok(Self::new(c0, c1, c2)) - } - - fn cost() -> usize { - 3 * >::cost() - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - AllocGadget, ConstraintF> for CubicExtFieldGadget -{ - #[inline] - fn alloc>( - mut cs: CS, - value_gen: F, - ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, - { - let (c0, c1, c2) = match value_gen() { - Ok(fe) => { - let fe = *fe.borrow(); - (Ok(fe.c0), Ok(fe.c1), Ok(fe.c2)) - } - _ => ( - Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), - ), - }; - - let c0 = P::BaseFieldGadget::alloc(&mut cs.ns(|| "c0"), || c0)?; - let c1 = P::BaseFieldGadget::alloc(&mut cs.ns(|| "c1"), || c1)?; - let c2 = P::BaseFieldGadget::alloc(&mut cs.ns(|| "c2"), || c2)?; - Ok(Self::new(c0, c1, c2)) - } - - #[inline] - fn alloc_input>( - mut cs: CS, - value_gen: F, - ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, - { - let (c0, c1, c2) = match value_gen() { - Ok(fe) => { - let fe = *fe.borrow(); - (Ok(fe.c0), Ok(fe.c1), Ok(fe.c2)) - } - _ => ( - Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), - ), - }; - - let c0 = P::BaseFieldGadget::alloc_input(&mut cs.ns(|| "c0"), || c0)?; - let c1 = P::BaseFieldGadget::alloc_input(&mut cs.ns(|| "c1"), || c1)?; - let c2 = P::BaseFieldGadget::alloc_input(&mut cs.ns(|| "c2"), || c2)?; - Ok(Self::new(c0, c1, c2)) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - ConstantGadget, ConstraintF> for CubicExtFieldGadget -{ - #[inline] - fn from_value>(mut cs: CS, value: &CubicExtField

) -> Self { - let c0 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c0"), &value.c0); - let c1 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c1"), &value.c1); - let c2 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c2"), &value.c2); - Self::new(c0, c1, c2) - } - - #[inline] - fn get_constant(&self) -> CubicExtField

{ - self.get_value().unwrap() - } -} diff --git a/r1cs/gadgets/std/src/fields/fp12.rs b/r1cs/gadgets/std/src/fields/fp12.rs deleted file mode 100644 index e592ef1f6..000000000 --- a/r1cs/gadgets/std/src/fields/fp12.rs +++ /dev/null @@ -1,247 +0,0 @@ -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use algebra::{ - fields::{ - fp12_2over3over2::{ - characteristic_square_mod_6_is_one, Fp12, Fp12Parameters, Fp12ParamsWrapper, - }, - fp6_3over2::{Fp6Parameters, Fp6ParamsWrapper}, - Fp2Parameters, - }, - Field, PrimeField, SquareRootField, -}; - -use crate::{ - fields::{fp2::Fp2Gadget, fp6_3over2::Fp6Gadget}, - prelude::*, -}; - -impl QuadExtParametersGadget - for Fp12ParamsWrapper

-where - P: Fp12Parameters, - ::Fp2Params: Fp2Parameters, -{ - type BaseFieldGadget = Fp6Gadget; - - fn mul_base_field_gadget_by_nonresidue>( - cs: CS, - fe: &Self::BaseFieldGadget, - ) -> Result { - let new_c0 = - Fp6ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c2)?; - let new_c1 = fe.c0.clone(); - let new_c2 = fe.c1.clone(); - Ok(Fp6Gadget::::new( - new_c0, new_c1, new_c2, - )) - } - - fn mul_base_field_gadget_by_frobenius_coeff>( - mut cs: CS, - c1: &mut Self::BaseFieldGadget, - power: usize, - ) -> Result<(), SynthesisError> { - c1.c0 - .mul_by_constant_in_place(cs.ns(|| "mul1"), &P::FROBENIUS_COEFF_FP12_C1[power % 12])?; - c1.c1 - .mul_by_constant_in_place(cs.ns(|| "mul2"), &P::FROBENIUS_COEFF_FP12_C1[power % 12])?; - c1.c2 - .mul_by_constant_in_place(cs.ns(|| "mul3"), &P::FROBENIUS_COEFF_FP12_C1[power % 12])?; - Ok(()) - } - - fn cyclotomic_square_gadget>( - mut cs: CS, - fe: &QuadExtFieldGadget, - ) -> Result, SynthesisError> { - if characteristic_square_mod_6_is_one(Fp12::

::characteristic()) { - let mut result = - QuadExtFieldGadget::::zero(cs.ns(|| "alloc result"))?; - let fp2_nr = ::NONRESIDUE; - - let z0 = &fe.c0.c0; - let z4 = &fe.c0.c1; - let z3 = &fe.c0.c2; - let z2 = &fe.c1.c0; - let z1 = &fe.c1.c1; - let z5 = &fe.c1.c2; - - // t0 + t1*y = (z0 + z1*y)^2 = a^2 - let tmp = z0.mul(cs.ns(|| "first mul"), &z1)?; - let t0 = { - // (z0 + &z1) * &(z0 + &(fp2_nr * &z1)) - &tmp - &(tmp * &fp2_nr); - let mut cs = cs.ns(|| "t0"); - let tmp1 = z0.add(cs.ns(|| "tmp1"), &z1)?; - let tmp2 = z1 - .mul_by_constant(cs.ns(|| "tmp2.1"), &fp2_nr)? - .add(cs.ns(|| "tmp2.2"), &z0)?; - let tmp4 = tmp - .mul_by_constant(cs.ns(|| "tmp4.1"), &fp2_nr)? - .add(cs.ns(|| "tmp4.2"), &tmp)?; - tmp1.mul(cs.ns(|| "tmp3.1"), &tmp2)? - .sub(cs.ns(|| "tmp3.2"), &tmp4)? - }; - let t1 = tmp.double(cs.ns(|| "t1"))?; - - // t2 + t3*y = (z2 + z3*y)^2 = b^2 - let tmp = z2.mul(cs.ns(|| "second mul"), &z3)?; - let t2 = { - // (z2 + &z3) * &(z2 + &(fp2_nr * &z3)) - &tmp - &(tmp * &fp2_nr); - let mut cs = cs.ns(|| "t2"); - let tmp1 = z2.add(cs.ns(|| "tmp1"), &z3)?; - let tmp2 = z3 - .mul_by_constant(cs.ns(|| "tmp2.1"), &fp2_nr)? - .add(cs.ns(|| "tmp2.2"), &z2)?; - let tmp4 = tmp - .mul_by_constant(cs.ns(|| "tmp4.1"), &fp2_nr)? - .add(cs.ns(|| "tmp4.2"), &tmp)?; - tmp1.mul(cs.ns(|| "tmp3.1"), &tmp2)? - .sub(cs.ns(|| "tmp3.2"), &tmp4)? - }; - let t3 = tmp.double(cs.ns(|| "t3"))?; - - // t4 + t5*y = (z4 + z5*y)^2 = c^2 - let tmp = z4.mul(cs.ns(|| "third mul"), &z5)?; - let t4 = { - // (z4 + &z5) * &(z4 + &(fp2_nr * &z5)) - &tmp - &(tmp * &fp2_nr); - let mut cs = cs.ns(|| "t4"); - let tmp1 = z4.add(cs.ns(|| "tmp1"), &z5)?; - let tmp2 = z5 - .mul_by_constant(cs.ns(|| "tmp2.1"), &fp2_nr)? - .add(cs.ns(|| "tmp2.2"), &z4)?; - let tmp4 = tmp - .mul_by_constant(cs.ns(|| "tmp4.1"), &fp2_nr)? - .add(cs.ns(|| "tmp4.2"), &tmp)?; - tmp1.mul(cs.ns(|| "tmp3.1"), &tmp2)? - .sub(cs.ns(|| "tmp3.2"), &tmp4)? - }; - let t5 = tmp.double(cs.ns(|| "t5"))?; - - // for A - - // z0 = 3 * t0 - 2 * z0 - result.c0.c0 = { - let mut cs = cs.ns(|| "result.c0.c0"); - t0.sub(cs.ns(|| "1"), &z0)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t0)? - }; - - // z1 = 3 * t1 + 2 * z1 - result.c1.c1 = { - let mut cs = cs.ns(|| "result.c1.c1"); - t1.add(cs.ns(|| "1"), &z1)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t1)? - }; - - // for B - - // z2 = 3 * (xi * t5) + 2 * z2 - result.c1.c0 = { - let mut cs = cs.ns(|| "result.c1.c0"); - let tmp = t5.mul_by_constant(cs.ns(|| "1"), &fp2_nr)?; - z2.add(cs.ns(|| "2"), &tmp)? - .double(cs.ns(|| "3"))? - .add(cs.ns(|| "4"), &tmp)? - }; - - // z3 = 3 * t4 - 2 * z3 - result.c0.c2 = { - let mut cs = cs.ns(|| "result.c0.c2"); - t4.sub(cs.ns(|| "1"), &z3)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t4)? - }; - - // for C - - // z4 = 3 * t2 - 2 * z4 - result.c0.c1 = { - let mut cs = cs.ns(|| "result.c0.c1"); - t2.sub(cs.ns(|| "1"), &z4)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t2)? - }; - - // z5 = 3 * t3 + 2 * z5 - result.c1.c2 = { - let mut cs = cs.ns(|| "result.c1.c2"); - t3.add(cs.ns(|| "1"), &z5)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t3)? - }; - - Ok(result) - } else { - fe.square(cs.ns(|| "square")) - } - } -} - -pub type Fp12Gadget = QuadExtFieldGadget, ConstraintF>; - -impl Fp12Gadget -where - P: Fp12Parameters, - ::Fp2Params: Fp2Parameters, -{ - /// Multiplies by an element of the form (c0 = (c0, c1, 0), c1 = (0, d1, 0)) - #[inline] - pub fn mul_by_014>( - &self, - mut cs: CS, - c0: &Fp2Gadget<::Fp2Params, ConstraintF>, - c1: &Fp2Gadget<::Fp2Params, ConstraintF>, - d1: &Fp2Gadget<::Fp2Params, ConstraintF>, - ) -> Result { - let v0 = self.c0.mul_by_c0_c1_0(cs.ns(|| "v0"), &c0, &c1)?; - let v1 = self.c1.mul_by_0_c1_0(cs.ns(|| "v1"), &d1)?; - let new_c0 = Fp12ParamsWrapper::

::mul_base_field_gadget_by_nonresidue( - cs.ns(|| "first mul_by_nr"), - &v1, - )? - .add(cs.ns(|| "v0 + nonresidue * v1"), &v0)?; - - let c1 = { - let tmp = c1.add(cs.ns(|| "c1 + d1"), &d1)?; - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - a0_plus_a1 - .mul_by_c0_c1_0(cs.ns(|| "(a0 + a1) * (b0 + b1)"), &c0, &tmp)? - .sub(cs.ns(|| "sub v0"), &v0)? - .sub(cs.ns(|| "sub v1"), &v1)? - }; - Ok(Self::new(new_c0, c1)) - } - - /// Multiplies by an element of the form (c0 = (c0, 0, 0), c1 = (d0, d1, 0)) - #[inline] - pub fn mul_by_034>( - &self, - mut cs: CS, - c0: &Fp2Gadget<::Fp2Params, ConstraintF>, - d0: &Fp2Gadget<::Fp2Params, ConstraintF>, - d1: &Fp2Gadget<::Fp2Params, ConstraintF>, - ) -> Result { - let a0 = self.c0.c0.mul(cs.ns(|| "a0"), &c0)?; - let a1 = self.c0.c1.mul(cs.ns(|| "a1"), &c0)?; - let a2 = self.c0.c2.mul(cs.ns(|| "a2"), &c0)?; - let a = Fp6Gadget::::new(a0, a1, a2); - let b = self.c1.mul_by_c0_c1_0(cs.ns(|| "b"), &d0, &d1)?; - - let c0 = c0.add(cs.ns(|| "c0 + d0"), &d0)?; - let c1 = d1; - let e = self - .c0 - .add(cs.ns(|| "self.c0 + self.c1"), &self.c1)? - .mul_by_c0_c1_0(cs.ns(|| "compute e"), &c0, &c1)?; - let a_plus_b = a.add(cs.ns(|| "a + b"), &b)?; - let c1 = e.sub(cs.ns(|| "e - (a + b)"), &a_plus_b)?; - let c0 = - Fp12ParamsWrapper::

::mul_base_field_gadget_by_nonresidue(cs.ns(|| "b *nr"), &b)? - .add(cs.ns(|| "plus a"), &a)?; - - Ok(Self::new(c0, c1)) - } -} diff --git a/r1cs/gadgets/std/src/fields/fp2.rs b/r1cs/gadgets/std/src/fields/fp2.rs deleted file mode 100644 index 5bea4cc31..000000000 --- a/r1cs/gadgets/std/src/fields/fp2.rs +++ /dev/null @@ -1,68 +0,0 @@ -use algebra::{ - fields::{Fp2Parameters, Fp2ParamsWrapper, QuadExtParameters}, - PrimeField, SquareRootField, -}; -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{fields::fp::FpGadget, prelude::*}; - -impl, ConstraintF: PrimeField + SquareRootField> - QuadExtParametersGadget for Fp2ParamsWrapper

-{ - type BaseFieldGadget = FpGadget; - - fn mul_base_field_gadget_by_nonresidue>( - cs: CS, - fe: &Self::BaseFieldGadget, - ) -> Result { - fe.mul_by_constant(cs, &Self::NONRESIDUE) - } - - fn mul_base_field_gadget_by_frobenius_coeff>( - cs: CS, - c1: &mut Self::BaseFieldGadget, - power: usize, - ) -> Result<(), SynthesisError> { - c1.mul_by_constant_in_place(cs, &Self::FROBENIUS_COEFF_C1[power % 2])?; - Ok(()) - } -} - -pub type Fp2Gadget = QuadExtFieldGadget, ConstraintF>; - -impl, ConstraintF: PrimeField + SquareRootField> - Fp2Gadget -{ - #[inline] - pub fn mul_assign_by_base_field_gadget>( - &mut self, - mut cs: CS, - fe: &FpGadget, - ) -> Result<&mut Self, SynthesisError> { - self.c0.mul_in_place(cs.ns(|| "compute new_c0"), &fe)?; - self.c1.mul_in_place(cs.ns(|| "compute new_c1"), &fe)?; - Ok(self) - } - - #[inline] - pub fn mul_by_base_field_constant_in_place>( - &mut self, - mut cs: CS, - fe: &P::Fp, - ) -> Result<&mut Self, SynthesisError> { - self.c0.mul_by_constant_in_place(cs.ns(|| "c0"), fe)?; - self.c1.mul_by_constant_in_place(cs.ns(|| "c1"), fe)?; - Ok(self) - } - - #[inline] - pub fn mul_by_base_field_constant>( - &self, - cs: CS, - fe: &P::Fp, - ) -> Result { - let mut result = self.clone(); - result.mul_by_base_field_constant_in_place(cs, fe)?; - Ok(result) - } -} diff --git a/r1cs/gadgets/std/src/fields/fp3.rs b/r1cs/gadgets/std/src/fields/fp3.rs deleted file mode 100644 index 51f95529e..000000000 --- a/r1cs/gadgets/std/src/fields/fp3.rs +++ /dev/null @@ -1,51 +0,0 @@ -use algebra::{ - fields::{Fp3Parameters, Fp3ParamsWrapper}, - PrimeField, SquareRootField, -}; -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{fields::fp::FpGadget, prelude::*}; - -impl, ConstraintF: PrimeField + SquareRootField> - CubicExtParametersGadget for Fp3ParamsWrapper

-{ - type BaseFieldGadget = FpGadget; - - fn mul_base_field_gadget_by_nonresidue>( - cs: CS, - fe: &Self::BaseFieldGadget, - ) -> Result { - fe.mul_by_constant(cs, &P::NONRESIDUE) - } - - fn mul_base_field_gadget_by_frobenius_coeff>( - mut cs: CS, - c1: &mut Self::BaseFieldGadget, - c2: &mut Self::BaseFieldGadget, - power: usize, - ) -> Result<(), SynthesisError> { - c1.mul_by_constant_in_place(cs.ns(|| "c1_power"), &P::FROBENIUS_COEFF_FP3_C1[power % 3])?; - c2.mul_by_constant_in_place(cs.ns(|| "c2_power"), &P::FROBENIUS_COEFF_FP3_C2[power % 3])?; - - Ok(()) - } -} - -pub type Fp3Gadget = CubicExtFieldGadget, ConstraintF>; - -impl, ConstraintF: PrimeField + SquareRootField> - Fp3Gadget -{ - /// Multiply a Fp3Gadget by a Fp gadget. - #[inline] - pub fn mul_assign_by_base_field_gadget>( - &mut self, - mut cs: CS, - fe: &FpGadget, - ) -> Result<&mut Self, SynthesisError> { - self.c0.mul_in_place(cs.ns(|| "c0"), fe)?; - self.c1.mul_in_place(cs.ns(|| "c1"), fe)?; - self.c2.mul_in_place(cs.ns(|| "c2"), fe)?; - Ok(self) - } -} diff --git a/r1cs/gadgets/std/src/fields/fp4.rs b/r1cs/gadgets/std/src/fields/fp4.rs deleted file mode 100644 index 056dc09e2..000000000 --- a/r1cs/gadgets/std/src/fields/fp4.rs +++ /dev/null @@ -1,118 +0,0 @@ -use algebra::{ - fields::{ - fp4::{Fp4Parameters, Fp4ParamsWrapper}, - Field, Fp2Parameters, - }, - Fp2, Fp2ParamsWrapper, PrimeField, SquareRootField, -}; -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{fields::fp2::Fp2Gadget, prelude::*}; - -impl QuadExtParametersGadget - for Fp4ParamsWrapper

-where - P: Fp4Parameters, - P::Fp2Params: Fp2Parameters, -{ - type BaseFieldGadget = Fp2Gadget; - - fn mul_base_field_gadget_by_nonresidue>( - cs: CS, - fe: &Self::BaseFieldGadget, - ) -> Result { - let new_c0 = - Fp2ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c1)?; - let new_c1 = fe.c0.clone(); - Ok(Self::BaseFieldGadget::new(new_c0, new_c1)) - } - - fn mul_base_field_gadget_by_frobenius_coeff>( - mut cs: CS, - c1: &mut Self::BaseFieldGadget, - power: usize, - ) -> Result<(), SynthesisError> { - c1.c0.mul_by_constant_in_place( - cs.ns(|| "c1_c0_power"), - &P::FROBENIUS_COEFF_FP4_C1[power % 4], - )?; - c1.c1.mul_by_constant_in_place( - cs.ns(|| "c1_c1_power"), - &P::FROBENIUS_COEFF_FP4_C1[power % 4], - )?; - - Ok(()) - } - - fn cyclotomic_square_gadget>( - mut cs: CS, - fe: &QuadExtFieldGadget, - ) -> Result, SynthesisError> { - let c1_squared = fe.c1.square(cs.ns(|| "c1^2"))?; - let c1_squared_nr = - Self::mul_base_field_gadget_by_nonresidue(cs.ns(|| "nr * c1^2"), &c1_squared)?; - let one = Fp2::::one(); - - let c0 = { - let c1_squared_nr_doubled = c1_squared_nr.double(cs.ns(|| "2(nr*c1^2)"))?; - c1_squared_nr_doubled.add_constant(cs.ns(|| "2(nr*c1^2) + 1"), &one)? - }; - - let c1 = { - let c1_plus_c0 = fe.c0.add(cs.ns(|| "c1 + c0"), &fe.c1)?; - let c1_plus_c0_squared = c1_plus_c0.square(cs.ns(|| "(c1 + c0)^2"))?; - c1_plus_c0_squared - .sub(cs.ns(|| "(c1 + c0)^2 - nr*c1^2"), &c1_squared_nr)? - .sub(cs.ns(|| "(c1 + c0)^2 - nr*c1^2 - c1^2"), &c1_squared)? - .sub_constant(cs.ns(|| "(c1 + c0)^2 - nr*c1^2 - c1^2 - 1"), &one)? - }; - Ok(QuadExtFieldGadget::::new(c0, c1)) - } -} - -pub type Fp4Gadget = QuadExtFieldGadget, ConstraintF>; - -impl Fp4Gadget -where - P: Fp4Parameters, - P::Fp2Params: Fp2Parameters, -{ - #[inline] - //Mul by an element of the form c0: (a, 0) c1:(c, d) - pub fn mul_by_023>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - let v0 = { - let v0_c0 = self - .c0 - .c0 - .mul(cs.ns(|| "self.c0.c0 * other.c0.c0"), &other.c0.c0)?; - let v0_c1 = self - .c0 - .c1 - .mul(cs.ns(|| "self.c0.c1 * other.c0.c0"), &other.c0.c0)?; - Fp2Gadget::::new(v0_c0, v0_c1) - }; - let v1 = self.c1.mul(cs.ns(|| "self.c1 * other.c1"), &other.c1)?; - let c0 = { - let non_residue_times_v1 = Fp4ParamsWrapper::

::mul_base_field_gadget_by_nonresidue( - cs.ns(|| "v1 mul_by_nr"), - &v1, - )?; - v0.add(cs.ns(|| "v0 + beta * v1"), &non_residue_times_v1)? - }; - let c1 = { - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - let b0_plus_b1 = other.c0.add(cs.ns(|| "b0 + b1"), &other.c1)?; - let a0_plus_a1_times_b0_plus_b1 = - a0_plus_a1.mul(&mut cs.ns(|| "(a0 + a1) * (b0 + b1)"), &b0_plus_b1)?; - a0_plus_a1_times_b0_plus_b1 - .sub(cs.ns(|| "res - v0"), &v0)? - .sub(cs.ns(|| "res - v0 - v1"), &v1)? - }; - - Ok(Self::new(c0, c1)) - } -} diff --git a/r1cs/gadgets/std/src/fields/fp6_2over3.rs b/r1cs/gadgets/std/src/fields/fp6_2over3.rs deleted file mode 100644 index 2b4bcf2e9..000000000 --- a/r1cs/gadgets/std/src/fields/fp6_2over3.rs +++ /dev/null @@ -1,218 +0,0 @@ -use algebra::{ - fields::{ - fp3::{Fp3Parameters, Fp3ParamsWrapper}, - fp6_2over3::{Fp6Parameters, Fp6ParamsWrapper}, - }, - PrimeField, SquareRootField, -}; -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{fields::fp3::Fp3Gadget, prelude::*}; - -impl QuadExtParametersGadget - for Fp6ParamsWrapper

-where - P: Fp6Parameters, - P::Fp3Params: Fp3Parameters, -{ - type BaseFieldGadget = Fp3Gadget; - - fn mul_base_field_gadget_by_nonresidue>( - cs: CS, - fe: &Self::BaseFieldGadget, - ) -> Result { - let new_c0 = - Fp3ParamsWrapper::::mul_base_field_gadget_by_nonresidue(cs, &fe.c2)?; - let new_c1 = fe.c0.clone(); - let new_c2 = fe.c1.clone(); - Ok(Fp3Gadget::::new( - new_c0, new_c1, new_c2, - )) - } - - fn mul_base_field_gadget_by_frobenius_coeff>( - mut cs: CS, - c1: &mut Self::BaseFieldGadget, - power: usize, - ) -> Result<(), SynthesisError> { - c1.c0 - .mul_by_constant_in_place(cs.ns(|| "mul1"), &P::FROBENIUS_COEFF_FP6_C1[power % 6])?; - c1.c1 - .mul_by_constant_in_place(cs.ns(|| "mul2"), &P::FROBENIUS_COEFF_FP6_C1[power % 6])?; - c1.c2 - .mul_by_constant_in_place(cs.ns(|| "mul3"), &P::FROBENIUS_COEFF_FP6_C1[power % 6])?; - Ok(()) - } - - fn cyclotomic_square_gadget>( - mut cs: CS, - fe: &QuadExtFieldGadget, - ) -> Result, SynthesisError> { - let mut result = QuadExtFieldGadget::::zero(cs.ns(|| "alloc result"))?; - let fp2_nr = ::NONRESIDUE; - - let z0 = &fe.c0.c0; - let z4 = &fe.c0.c1; - let z3 = &fe.c0.c2; - let z2 = &fe.c1.c0; - let z1 = &fe.c1.c1; - let z5 = &fe.c1.c2; - - // t0 + t1*y = (z0 + z1*y)^2 = a^2 - let tmp = z0.mul(cs.ns(|| "first mul"), &z1)?; - let t0 = { - // (z0 + &z1) * &(z0 + &(fp2_nr * &z1)) - &tmp - &(tmp * &fp2_nr); - let mut cs = cs.ns(|| "t0"); - let tmp1 = z0.add(cs.ns(|| "tmp1"), &z1)?; - let tmp2 = z1 - .mul_by_constant(cs.ns(|| "tmp2.1"), &fp2_nr)? - .add(cs.ns(|| "tmp2.2"), &z0)?; - let tmp4 = tmp - .mul_by_constant(cs.ns(|| "tmp4.1"), &fp2_nr)? - .add(cs.ns(|| "tmp4.2"), &tmp)?; - tmp1.mul(cs.ns(|| "tmp3.1"), &tmp2)? - .sub(cs.ns(|| "tmp3.2"), &tmp4)? - }; - let t1 = tmp.double(cs.ns(|| "t1"))?; - - // t2 + t3*y = (z2 + z3*y)^2 = b^2 - let tmp = z2.mul(cs.ns(|| "second mul"), &z3)?; - let t2 = { - // (z2 + &z3) * &(z2 + &(fp2_nr * &z3)) - &tmp - &(tmp * &fp2_nr); - let mut cs = cs.ns(|| "t2"); - let tmp1 = z2.add(cs.ns(|| "tmp1"), &z3)?; - let tmp2 = z3 - .mul_by_constant(cs.ns(|| "tmp2.1"), &fp2_nr)? - .add(cs.ns(|| "tmp2.2"), &z2)?; - let tmp4 = tmp - .mul_by_constant(cs.ns(|| "tmp4.1"), &fp2_nr)? - .add(cs.ns(|| "tmp4.2"), &tmp)?; - tmp1.mul(cs.ns(|| "tmp3.1"), &tmp2)? - .sub(cs.ns(|| "tmp3.2"), &tmp4)? - }; - let t3 = tmp.double(cs.ns(|| "t3"))?; - - // t4 + t5*y = (z4 + z5*y)^2 = c^2 - let tmp = z4.mul(cs.ns(|| "third mul"), &z5)?; - let t4 = { - // (z4 + &z5) * &(z4 + &(fp2_nr * &z5)) - &tmp - &(tmp * &fp2_nr); - let mut cs = cs.ns(|| "t4"); - let tmp1 = z4.add(cs.ns(|| "tmp1"), &z5)?; - let tmp2 = z5 - .mul_by_constant(cs.ns(|| "tmp2.1"), &fp2_nr)? - .add(cs.ns(|| "tmp2.2"), &z4)?; - let tmp4 = tmp - .mul_by_constant(cs.ns(|| "tmp4.1"), &fp2_nr)? - .add(cs.ns(|| "tmp4.2"), &tmp)?; - tmp1.mul(cs.ns(|| "tmp3.1"), &tmp2)? - .sub(cs.ns(|| "tmp3.2"), &tmp4)? - }; - let t5 = tmp.double(cs.ns(|| "t5"))?; - - // for A - - // z0 = 3 * t0 - 2 * z0 - result.c0.c0 = { - let mut cs = cs.ns(|| "result.c0.c0"); - t0.sub(cs.ns(|| "1"), &z0)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t0)? - }; - - // z1 = 3 * t1 + 2 * z1 - result.c1.c1 = { - let mut cs = cs.ns(|| "result.c1.c1"); - t1.add(cs.ns(|| "1"), &z1)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t1)? - }; - - // for B - - // z2 = 3 * (xi * t5) + 2 * z2 - result.c1.c0 = { - let mut cs = cs.ns(|| "result.c1.c0"); - let tmp = t5.mul_by_constant(cs.ns(|| "1"), &fp2_nr)?; - z2.add(cs.ns(|| "2"), &tmp)? - .double(cs.ns(|| "3"))? - .add(cs.ns(|| "4"), &tmp)? - }; - - // z3 = 3 * t4 - 2 * z3 - result.c0.c2 = { - let mut cs = cs.ns(|| "result.c0.c2"); - t4.sub(cs.ns(|| "1"), &z3)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t4)? - }; - - // for C - - // z4 = 3 * t2 - 2 * z4 - result.c0.c1 = { - let mut cs = cs.ns(|| "result.c0.c1"); - t2.sub(cs.ns(|| "1"), &z4)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t2)? - }; - - // z5 = 3 * t3 + 2 * z5 - result.c1.c2 = { - let mut cs = cs.ns(|| "result.c1.c2"); - t3.add(cs.ns(|| "1"), &z5)? - .double(cs.ns(|| "2"))? - .add(cs.ns(|| "3"), &t3)? - }; - - Ok(result) - } -} - -pub type Fp6Gadget = QuadExtFieldGadget, ConstraintF>; - -impl Fp6Gadget -where - P: Fp6Parameters, - P::Fp3Params: Fp3Parameters, -{ - #[inline] - pub fn mul_by_2345>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - let v0 = { - let t = Fp3ParamsWrapper::::mul_base_field_gadget_by_nonresidue( - cs.ns(|| "other.c0.c2 * nr"), - &other.c0.c2, - )?; - let c0 = self.c0.c1.mul(cs.ns(|| "compute v0_c0"), &t)?; - let c1 = self.c0.c2.mul(cs.ns(|| "compute v0_c1"), &t)?; - let c2 = self.c0.c0.mul(cs.ns(|| "compute v0_c2"), &other.c0.c2)?; - Fp3Gadget::::new(c0, c1, c2) - }; - let v1 = self.c1.mul(cs.ns(|| "compute v1"), &other.c1)?; - let beta_v1 = - Fp6ParamsWrapper::

::mul_base_field_gadget_by_nonresidue(cs.ns(|| "v1*nr"), &v1)?; - - let c0 = v0.add(cs.ns(|| "compute result c0"), &beta_v1)?; - let c1 = { - let self_c0_plus_c1 = self.c0.add(cs.ns(|| "self.c0 + self.c1"), &self.c1)?; - let other_c0_plus_c1 = other.c0.add(cs.ns(|| "other.c0 + other.c1"), &other.c1)?; - self_c0_plus_c1 - .mul( - cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1)"), - &other_c0_plus_c1, - )? - .sub( - cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1) - v0"), - &v0, - )? - .sub( - cs.ns(|| "(self.c0 + self.c1)*(other.c0 + other.c1) - v0 - v1"), - &v1, - )? - }; - Ok(Self::new(c0, c1)) - } -} diff --git a/r1cs/gadgets/std/src/fields/fp6_3over2.rs b/r1cs/gadgets/std/src/fields/fp6_3over2.rs deleted file mode 100644 index dc131d931..000000000 --- a/r1cs/gadgets/std/src/fields/fp6_3over2.rs +++ /dev/null @@ -1,129 +0,0 @@ -use algebra::{ - fields::{ - fp2::Fp2Parameters, - fp6_3over2::{Fp6Parameters, Fp6ParamsWrapper}, - SquareRootField, - }, - PrimeField, -}; -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{fields::fp2::Fp2Gadget, prelude::*}; - -impl CubicExtParametersGadget - for Fp6ParamsWrapper

-where - P: Fp6Parameters, - P::Fp2Params: Fp2Parameters, -{ - type BaseFieldGadget = Fp2Gadget; - - fn mul_base_field_gadget_by_nonresidue>( - cs: CS, - fe: &Self::BaseFieldGadget, - ) -> Result { - fe.mul_by_constant(cs, &P::NONRESIDUE) - } - - fn mul_base_field_gadget_by_frobenius_coeff>( - mut cs: CS, - c1: &mut Self::BaseFieldGadget, - c2: &mut Self::BaseFieldGadget, - power: usize, - ) -> Result<(), SynthesisError> { - c1.mul_by_constant_in_place(cs.ns(|| "c1_power"), &P::FROBENIUS_COEFF_FP6_C1[power % 6])?; - c2.mul_by_constant_in_place(cs.ns(|| "c2_power"), &P::FROBENIUS_COEFF_FP6_C2[power % 6])?; - - Ok(()) - } -} - -pub type Fp6Gadget = CubicExtFieldGadget, ConstraintF>; - -impl Fp6Gadget -where - P: Fp6Parameters, - P::Fp2Params: Fp2Parameters, -{ - #[inline] - pub fn mul_by_0_c1_0>( - &self, - mut cs: CS, - c1: &Fp2Gadget, - ) -> Result { - // Karatsuba multiplication - // v0 = a0 * b0 = 0 - - // v1 = a1 * b1 - let v1 = self.c1.mul(cs.ns(|| "first mul"), c1)?; - - // v2 = a2 * b2 = 0 - - let a1_plus_a2 = self.c1.add(cs.ns(|| "a1 + a2"), &self.c2)?; - let b1_plus_b2 = c1.clone(); - - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - - // c0 = (NONRESIDUE * ((a1 + a2)*(b1 + b2) - v1 - v2)) + v0 - // = NONRESIDUE * ((a1 + a2) * b1 - v1) - let c0 = a1_plus_a2 - .mul(cs.ns(|| "second mul"), &b1_plus_b2)? - .sub(cs.ns(|| "first sub"), &v1)? - .mul_by_constant(cs.ns(|| "mul_by_nonresidue"), &P::NONRESIDUE)?; - - // c1 = (a0 + a1) * (b0 + b1) - v0 - v1 + NONRESIDUE * v2 - // = (a0 + a1) * b1 - v1 - let c1 = a0_plus_a1 - .mul(cs.ns(|| "third mul"), &c1)? - .sub(cs.ns(|| "second sub"), &v1)?; - // c2 = (a0 + a2) * (b0 + b2) - v0 - v2 + v1 - // = v1 - let c2 = v1; - Ok(Self::new(c0, c1, c2)) - } - - pub fn mul_by_c0_c1_0>( - &self, - mut cs: CS, - c0: &Fp2Gadget, - c1: &Fp2Gadget, - ) -> Result { - let v0 = self.c0.mul(cs.ns(|| "v0"), c0)?; - let v1 = self.c1.mul(cs.ns(|| "v1"), c1)?; - // v2 = 0. - - let a1_plus_a2 = self.c1.add(cs.ns(|| "a1 + a2"), &self.c2)?; - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - let a0_plus_a2 = self.c0.add(cs.ns(|| "a0 + a2"), &self.c2)?; - - let b1_plus_b2 = c1.clone(); - let b0_plus_b1 = c0.add(cs.ns(|| "b0 + b1"), &c1)?; - let b0_plus_b2 = c0.clone(); - - let c0 = { - let cs = &mut cs.ns(|| "c0"); - a1_plus_a2 - .mul(cs.ns(|| "(a1 + a2) * (b1 + b2)"), &b1_plus_b2)? - .sub(cs.ns(|| "sub v1"), &v1)? - .mul_by_constant(cs.ns(|| "First mul_by_nonresidue"), &P::NONRESIDUE)? - .add(cs.ns(|| "add v0"), &v0)? - }; - - let c1 = { - let cs = &mut cs.ns(|| "c1"); - a0_plus_a1 - .mul(cs.ns(|| "(a0 + a1) * (b0 + b1)"), &b0_plus_b1)? - .sub(cs.ns(|| "sub v0"), &v0)? - .sub(cs.ns(|| "sub v1"), &v1)? - }; - - let c2 = { - a0_plus_a2 - .mul(cs.ns(|| "(a0 + a2) * (b0 + b2)"), &b0_plus_b2)? - .sub(cs.ns(|| "sub v0"), &v0)? - .add(cs.ns(|| "add v1"), &v1)? - }; - - Ok(Self::new(c0, c1, c2)) - } -} diff --git a/r1cs/gadgets/std/src/fields/quadratic_extension.rs b/r1cs/gadgets/std/src/fields/quadratic_extension.rs deleted file mode 100644 index 70638f137..000000000 --- a/r1cs/gadgets/std/src/fields/quadratic_extension.rs +++ /dev/null @@ -1,763 +0,0 @@ -use algebra::{ - biginteger::arithmetic::find_wnaf, Field, PrimeField, QuadExtField, QuadExtParameters, - SquareRootField, -}; -use r1cs_core::{ConstraintSystem, SynthesisError}; -use std::{borrow::Borrow, marker::PhantomData}; - -use crate::{fields::FieldGadget, prelude::*}; - -pub trait QuadExtParametersGadget: - QuadExtParameters -{ - type BaseFieldGadget: FieldGadget; - - /// Multiply a BaseFieldGadget by quadratic nonresidue. - fn mul_base_field_gadget_by_nonresidue>( - cs: CS, - fe: &Self::BaseFieldGadget, - ) -> Result; - - /// Multiply a BaseFieldGadget by the Frobenius Coefficient at given power - fn mul_base_field_gadget_by_frobenius_coeff>( - cs: CS, - c1: &mut Self::BaseFieldGadget, - power: usize, - ) -> Result<(), SynthesisError>; - - /// Compute the cyclotomic square of fe, which must be in the cyclotomic subgroup. - fn cyclotomic_square_gadget>( - cs: CS, - fe: &QuadExtFieldGadget, - ) -> Result, SynthesisError> - where - ConstraintF: PrimeField + SquareRootField, - { - fe.square(cs) - } -} - -#[derive(Derivative)] -#[derivative(Debug( - bound = "P: QuadExtParametersGadget, ConstraintF: PrimeField + SquareRootField" -))] -#[must_use] -pub struct QuadExtFieldGadget< - P: QuadExtParametersGadget, - ConstraintF: PrimeField + SquareRootField, -> { - pub c0: P::BaseFieldGadget, - pub c1: P::BaseFieldGadget, - #[derivative(Debug = "ignore")] - _params: PhantomData

, -} - -impl, ConstraintF: PrimeField + SquareRootField> - QuadExtFieldGadget -{ - pub fn new(c0: P::BaseFieldGadget, c1: P::BaseFieldGadget) -> Self { - Self { - c0, - c1, - _params: PhantomData, - } - } - - #[inline] - pub fn unitary_inverse>( - &self, - mut cs: CS, - ) -> Result { - let new_c0 = self.c0.clone(); - let new_c1 = self.c1.clone().negate(cs.ns(|| "c1 negation"))?; - Ok(Self::new(new_c0, new_c1)) - } - - #[inline] - pub fn conjugate_in_place>( - &mut self, - cs: CS, - ) -> Result<&mut Self, SynthesisError> { - self.c1.negate_in_place(cs)?; - Ok(self) - } - - #[inline] - pub fn cyclotomic_exp, S: AsRef<[u64]>>( - &self, - mut cs: CS, - exp: S, - ) -> Result { - let mut res = Self::one(cs.ns(|| "one"))?; - let self_inverse = self.unitary_inverse(cs.ns(|| "unitary inverse"))?; - let mut found_nonzero = false; - let naf = find_wnaf(exp.as_ref()); - - for (j, &value) in naf.iter().rev().enumerate() { - if found_nonzero { - res = P::cyclotomic_square_gadget(cs.ns(|| format!("res_square_{:?}", j)), &res)?; - } - if value != 0 { - found_nonzero = true; - - if value > 0 { - res.mul_in_place(cs.ns(|| format!("res_mul_{:?}", j)), self)?; - } else { - res.mul_in_place(cs.ns(|| format!("res_mul_inverse_{:?}", j)), &self_inverse)?; - } - } - } - Ok(res) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - FieldGadget, ConstraintF> for QuadExtFieldGadget -{ - type Variable = ( - >::Variable, - >::Variable, - ); - - #[inline] - fn get_value(&self) -> Option> { - match (self.c0.get_value(), self.c1.get_value()) { - (Some(c0), Some(c1)) => Some(QuadExtField::

::new(c0, c1)), - (..) => None, - } - } - - #[inline] - fn get_variable(&self) -> Self::Variable { - (self.c0.get_variable(), self.c1.get_variable()) - } - - #[inline] - fn zero>(mut cs: CS) -> Result { - let c0 = P::BaseFieldGadget::zero(cs.ns(|| "c0"))?; - let c1 = P::BaseFieldGadget::zero(cs.ns(|| "c1"))?; - Ok(Self::new(c0, c1)) - } - - #[inline] - fn one>(mut cs: CS) -> Result { - let c0 = P::BaseFieldGadget::one(cs.ns(|| "c0"))?; - let c1 = P::BaseFieldGadget::zero(cs.ns(|| "c1"))?; - Ok(Self::new(c0, c1)) - } - - #[inline] - fn conditionally_add_constant>( - &self, - mut cs: CS, - bit: &Boolean, - coeff: QuadExtField

, - ) -> Result { - let c0 = self - .c0 - .conditionally_add_constant(cs.ns(|| "c0"), bit, coeff.c0)?; - let c1 = self - .c1 - .conditionally_add_constant(cs.ns(|| "c1"), bit, coeff.c1)?; - Ok(Self::new(c0, c1)) - } - - #[inline] - fn add>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - let c0 = self.c0.add(&mut cs.ns(|| "add c0"), &other.c0)?; - let c1 = self.c1.add(&mut cs.ns(|| "add c1"), &other.c1)?; - Ok(Self::new(c0, c1)) - } - - #[inline] - fn double>(&self, cs: CS) -> Result { - let mut result = self.clone(); - result.double_in_place(cs)?; - Ok(result) - } - - #[inline] - fn double_in_place>( - &mut self, - mut cs: CS, - ) -> Result<&mut Self, SynthesisError> { - self.c0.double_in_place(&mut cs.ns(|| "double c0"))?; - self.c1.double_in_place(&mut cs.ns(|| "double c1"))?; - Ok(self) - } - - #[inline] - fn sub>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - let c0 = self.c0.sub(&mut cs.ns(|| "sub c0"), &other.c0)?; - let c1 = self.c1.sub(&mut cs.ns(|| "sub c1"), &other.c1)?; - Ok(Self::new(c0, c1)) - } - - #[inline] - fn negate>(&self, cs: CS) -> Result { - let mut result = self.clone(); - result.negate_in_place(cs)?; - Ok(result) - } - - #[inline] - fn negate_in_place>( - &mut self, - mut cs: CS, - ) -> Result<&mut Self, SynthesisError> { - self.c0.negate_in_place(&mut cs.ns(|| "negate c0"))?; - self.c1.negate_in_place(&mut cs.ns(|| "negate c1"))?; - Ok(self) - } - - #[inline] - fn mul>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - // Karatsuba multiplication for Fp2: - // v0 = A.c0 * B.c0 - // v1 = A.c1 * B.c1 - // result.c0 = v0 + non_residue * v1 - // result.c1 = (A.c0 + A.c1) * (B.c0 + B.c1) - v0 - v1 - // Enforced with 3 constraints: - // A.c1 * B.c1 = v1 - // A.c0 * B.c0 = result.c0 - non_residue * v1 - // (A.c0+A.c1)*(B.c0+B.c1) = result.c1 + result.c0 + (1 - non_residue) * v1 - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - let mul_cs = &mut cs.ns(|| "mul"); - - let v0 = self.c0.mul(mul_cs.ns(|| "v0"), &other.c0)?; - let v1 = self.c1.mul(mul_cs.ns(|| "v1"), &other.c1)?; - let c0 = { - let non_residue_times_v1 = - v1.mul_by_constant(mul_cs.ns(|| "non_residue * v0"), &P::NONRESIDUE)?; - v0.add(mul_cs.ns(|| "v0 + beta * v1"), &non_residue_times_v1)? - }; - let c1 = { - let a0_plus_a1 = self.c0.add(mul_cs.ns(|| "a0 + a1"), &self.c1)?; - let b0_plus_b1 = other.c0.add(mul_cs.ns(|| "b0 + b1"), &other.c1)?; - let a0_plus_a1_times_b0_plus_b1 = - a0_plus_a1.mul(&mut mul_cs.ns(|| "(a0 + a1) * (b0 + b1)"), &b0_plus_b1)?; - a0_plus_a1_times_b0_plus_b1 - .sub(mul_cs.ns(|| "res - v0"), &v0)? - .sub(mul_cs.ns(|| "res - v0 - v1"), &v1)? - }; - Ok(Self::new(c0, c1)) - } - - #[inline] - fn square>( - &self, - mut cs: CS, - ) -> Result { - // From Libsnark/fp2_gadget.tcc - // Complex multiplication for Fp2: - // v0 = A.c0 * A.c1 - // result.c0 = (A.c0 + A.c1) * (A.c0 + non_residue * A.c1) - (1 + - // non_residue) * v0 result.c1 = 2 * v0 - // Enforced with 2 constraints: - // (2*A.c0) * A.c1 = result.c1 - // (A.c0 + A.c1) * (A.c0 + non_residue * A.c1) = result.c0 + result.c1 * (1 - // + non_residue)/2 Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - let mut v0 = self.c0.mul(cs.ns(|| "v0"), &self.c1)?; - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - - let non_residue_c1 = self - .c1 - .mul_by_constant(cs.ns(|| "non_residue * a1"), &P::NONRESIDUE)?; - let a0_plus_non_residue_c1 = self - .c0 - .add(cs.ns(|| "a0 + non_residue * a1"), &non_residue_c1)?; - let one_plus_non_residue_v0 = v0.mul_by_constant( - cs.ns(|| "1 + non_residue * v0"), - &(P::BaseField::one() + &P::NONRESIDUE), - )?; - - let c0 = a0_plus_a1 - .mul( - cs.ns(|| "(a0 + a1) * (a0 + non_residue * a1)"), - &a0_plus_non_residue_c1, - )? - .sub(cs.ns(|| "- (1 + non_residue) v0"), &one_plus_non_residue_v0)?; - - v0.double_in_place(cs.ns(|| "2v0"))?; - let c1 = v0; - - Ok(Self::new(c0, c1)) - } - - #[inline] - fn square_in_place>( - &mut self, - mut cs: CS, - ) -> Result<&mut Self, SynthesisError> { - // From Libsnark/fp2_gadget.tcc - // Complex multiplication for Fp2: - // v0 = A.c0 * A.c1 - // result.c0 = (A.c0 + A.c1) * (A.c0 + non_residue * A.c1) - (1 + - // non_residue) * v0 result.c1 = 2 * v0 - // Enforced with 2 constraints: - // (2*A.c0) * A.c1 = result.c1 - // (A.c0 + A.c1) * (A.c0 + non_residue * A.c1) = result.c0 + result.c1 * (1 - // + non_residue)/2 Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - - let mut v0 = self.c0.mul(cs.ns(|| "v0"), &self.c1)?; - let a0_plus_a1 = self.c0.add(cs.ns(|| "a0 + a1"), &self.c1)?; - - let _ = self - .c1 - .mul_by_constant_in_place(cs.ns(|| "non_residue * a1"), &P::NONRESIDUE)?; - let a0_plus_non_residue_c1 = self.c0.add(cs.ns(|| "a0 + non_residue * a1"), &self.c1)?; - let one_plus_non_residue_v0 = v0.mul_by_constant( - cs.ns(|| "1 + non_residue * v0"), - &(P::BaseField::one() + &P::NONRESIDUE), - )?; - - self.c0 = a0_plus_a1 - .mul( - cs.ns(|| "(a0 + a1) * (a0 + non_residue * a1)"), - &a0_plus_non_residue_c1, - )? - .sub(cs.ns(|| "- (1 + non_residue) v0"), &one_plus_non_residue_v0)?; - - v0.double_in_place(cs.ns(|| "2v0"))?; - self.c1 = v0; - - Ok(self) - } - - #[inline] - fn mul_equals>( - &self, - mut cs: CS, - other: &Self, - result: &Self, - ) -> Result<(), SynthesisError> { - // Karatsuba multiplication for Fp2: - // v0 = A.c0 * B.c0 - // v1 = A.c1 * B.c1 - // result.c0 = v0 + non_residue * v1 - // result.c1 = (A.c0 + A.c1) * (B.c0 + B.c1) - v0 - v1 - // Enforced with 3 constraints: - // A.c1 * B.c1 = v1 - // A.c0 * B.c0 = result.c0 - non_residue * v1 - // (A.c0+A.c1)*(B.c0+B.c1) = result.c1 + result.c0 + (1 - non_residue) * v1 - // Reference: - // "Multiplication and Squaring on Pairing-Friendly Fields" - // Devegili, OhEigeartaigh, Scott, Dahab - let mul_cs = &mut cs.ns(|| "mul"); - - // Compute v1 - let mut v1 = self.c1.mul(mul_cs.ns(|| "v1"), &other.c1)?; - - // Perform second check - let non_residue_times_v1 = - v1.mul_by_constant(mul_cs.ns(|| "non_residue * v0"), &P::NONRESIDUE)?; - let rhs = result - .c0 - .sub(mul_cs.ns(|| "sub from result.c0"), &non_residue_times_v1)?; - self.c0 - .mul_equals(mul_cs.ns(|| "second check"), &other.c0, &rhs)?; - - // Last check - let a0_plus_a1 = self.c0.add(mul_cs.ns(|| "a0 + a1"), &self.c1)?; - let b0_plus_b1 = other.c0.add(mul_cs.ns(|| "b0 + b1"), &other.c1)?; - let one_minus_non_residue_v1 = - v1.sub_in_place(mul_cs.ns(|| "sub from v1"), &non_residue_times_v1)?; - - let result_c1_plus_result_c0_plus_one_minus_non_residue_v1 = result - .c1 - .add(mul_cs.ns(|| "c1 + c0"), &result.c0)? - .add(mul_cs.ns(|| "rest of stuff"), one_minus_non_residue_v1)?; - - a0_plus_a1.mul_equals( - mul_cs.ns(|| "third check"), - &b0_plus_b1, - &result_c1_plus_result_c0_plus_one_minus_non_residue_v1, - )?; - - Ok(()) - } - - #[inline] - fn add_constant>( - &self, - cs: CS, - other: &QuadExtField

, - ) -> Result { - let mut result = self.clone(); - let _ = result.add_constant_in_place(cs, other)?; - Ok(result) - } - - #[inline] - fn add_constant_in_place>( - &mut self, - mut cs: CS, - other: &QuadExtField

, - ) -> Result<&mut Self, SynthesisError> { - self.c0.add_constant_in_place(cs.ns(|| "c0"), &other.c0)?; - self.c1.add_constant_in_place(cs.ns(|| "c1"), &other.c1)?; - Ok(self) - } - - fn mul_by_constant>( - &self, - mut cs: CS, - fe: &QuadExtField

, - ) -> Result { - // Karatsuba multiplication (see mul above). - // Doesn't need any constraints; returns linear combinations of - // `self`'s variables. - // - // (The operations below are guaranteed to return linear combinations) - let (a0, a1) = (&self.c0, &self.c1); - let (b0, b1) = (fe.c0, fe.c1); - let mut v0 = a0.mul_by_constant(&mut cs.ns(|| "v0"), &b0)?; - let beta_v1 = a1.mul_by_constant(&mut cs.ns(|| "v1"), &(b1 * &P::NONRESIDUE))?; - - v0.add_in_place(&mut cs.ns(|| "c0"), &beta_v1)?; - let c0 = v0; - - let mut a0b1 = a0.mul_by_constant(&mut cs.ns(|| "a0b1"), &b1)?; - let a1b0 = a1.mul_by_constant(&mut cs.ns(|| "a1b0"), &b0)?; - a0b1.add_in_place(&mut cs.ns(|| "c1"), &a1b0)?; - let c1 = a0b1; - Ok(Self::new(c0, c1)) - } - - fn frobenius_map>( - &self, - cs: CS, - power: usize, - ) -> Result { - let mut result = self.clone(); - let _ = result.frobenius_map_in_place(cs, power)?; - Ok(result) - } - - fn frobenius_map_in_place>( - &mut self, - mut cs: CS, - power: usize, - ) -> Result<&mut Self, SynthesisError> { - self.c0.frobenius_map_in_place(&mut cs.ns(|| "c0"), power)?; - self.c1.frobenius_map_in_place(&mut cs.ns(|| "c1"), power)?; - - P::mul_base_field_gadget_by_frobenius_coeff( - &mut cs.ns(|| "c1_power"), - &mut self.c1, - power, - )?; - Ok(self) - } - - fn cost_of_mul() -> usize { - 3 - } - - fn cost_of_mul_equals() -> usize { - 3 - } - - fn cost_of_inv() -> usize { - Self::cost_of_mul_equals() - } -} - -impl, ConstraintF: PrimeField + SquareRootField> PartialEq - for QuadExtFieldGadget -{ - fn eq(&self, other: &Self) -> bool { - self.c0 == other.c0 && self.c1 == other.c1 - } -} - -impl, ConstraintF: PrimeField + SquareRootField> Eq - for QuadExtFieldGadget -{ -} - -impl, ConstraintF: PrimeField + SquareRootField> - EqGadget for QuadExtFieldGadget -{ - fn is_eq>( - &self, - mut cs: CS, - other: &Self, - ) -> Result { - let b0 = self.c0.is_eq(cs.ns(|| "c0"), &other.c0)?; - let b1 = self.c1.is_eq(cs.ns(|| "c1"), &other.c1)?; - Boolean::and(cs.ns(|| "b0 AND b1"), &b0, &b1) - } - - #[inline] - fn conditional_enforce_equal>( - &self, - mut cs: CS, - other: &Self, - should_enforce: &Boolean, - ) -> Result<(), SynthesisError> { - self.c0 - .conditional_enforce_equal(cs.ns(|| "c0"), &other.c0, should_enforce)?; - self.c1 - .conditional_enforce_equal(cs.ns(|| "c1"), &other.c1, should_enforce)?; - Ok(()) - } - - #[inline] - fn conditional_enforce_not_equal>( - &self, - mut cs: CS, - other: &Self, - should_enforce: &Boolean, - ) -> Result<(), SynthesisError> { - let is_equal = self.is_eq(cs.ns(|| "is_eq(self, other)"), other)?; - Boolean::and( - cs.ns(|| "is_equal AND should_enforce"), - &is_equal, - should_enforce, - )? - .enforce_equal( - cs.ns(|| "is_equal AND should_enforce == false"), - &Boolean::Constant(false), - ) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - ToBitsGadget for QuadExtFieldGadget -{ - fn to_bits>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut c0 = self.c0.to_bits(&mut cs)?; - let mut c1 = self.c1.to_bits(cs)?; - c0.append(&mut c1); - Ok(c0) - } - - fn to_bits_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut c0 = self.c0.to_bits_strict(&mut cs)?; - let mut c1 = self.c1.to_bits_strict(cs)?; - c0.append(&mut c1); - Ok(c0) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - ToBytesGadget for QuadExtFieldGadget -{ - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut c0 = self.c0.to_bytes(cs.ns(|| "c0"))?; - let mut c1 = self.c1.to_bytes(cs.ns(|| "c1"))?; - c0.append(&mut c1); - Ok(c0) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut c0 = self.c0.to_bytes_strict(cs.ns(|| "c0"))?; - let mut c1 = self.c1.to_bytes_strict(cs.ns(|| "c1"))?; - c0.append(&mut c1); - Ok(c0) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> Clone - for QuadExtFieldGadget -{ - fn clone(&self) -> Self { - Self { - c0: self.c0.clone(), - c1: self.c1.clone(), - _params: PhantomData, - } - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - CondSelectGadget for QuadExtFieldGadget -{ - #[inline] - fn conditionally_select>( - mut cs: CS, - cond: &Boolean, - first: &Self, - second: &Self, - ) -> Result { - let c0 = P::BaseFieldGadget::conditionally_select( - &mut cs.ns(|| "c0"), - cond, - &first.c0, - &second.c0, - )?; - let c1 = P::BaseFieldGadget::conditionally_select( - &mut cs.ns(|| "c1"), - cond, - &first.c1, - &second.c1, - )?; - - Ok(Self::new(c0, c1)) - } - - fn cost() -> usize { - 2 - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - TwoBitLookupGadget for QuadExtFieldGadget -{ - type TableConstant = QuadExtField

; - fn two_bit_lookup>( - mut cs: CS, - b: &[Boolean], - c: &[Self::TableConstant], - ) -> Result { - let c0s = c.iter().map(|f| f.c0).collect::>(); - let c1s = c.iter().map(|f| f.c1).collect::>(); - let c0 = P::BaseFieldGadget::two_bit_lookup(cs.ns(|| "Lookup c0"), b, &c0s)?; - let c1 = P::BaseFieldGadget::two_bit_lookup(cs.ns(|| "Lookup c1"), b, &c1s)?; - Ok(Self::new(c0, c1)) - } - - fn two_bit_lookup_lc>( - mut cs: CS, - precomp: &Boolean, - b: &[Boolean], - c: &[Self::TableConstant], - ) -> Result { - let c0s = c.iter().map(|f| f.c0).collect::>(); - let c1s = c.iter().map(|f| f.c1).collect::>(); - let c0 = P::BaseFieldGadget::two_bit_lookup_lc(cs.ns(|| "Lookup c0"), precomp, b, &c0s)?; - let c1 = P::BaseFieldGadget::two_bit_lookup_lc(cs.ns(|| "Lookup c1"), precomp, b, &c1s)?; - Ok(Self::new(c0, c1)) - } - - fn cost() -> usize { - 2 * >::cost() - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - ThreeBitCondNegLookupGadget for QuadExtFieldGadget -{ - type TableConstant = QuadExtField

; - - fn three_bit_cond_neg_lookup>( - mut cs: CS, - b: &[Boolean], - b0b1: &Boolean, - c: &[Self::TableConstant], - ) -> Result { - let c0s = c.iter().map(|f| f.c0).collect::>(); - let c1s = c.iter().map(|f| f.c1).collect::>(); - let c0 = - P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c0"), b, b0b1, &c0s)?; - let c1 = - P::BaseFieldGadget::three_bit_cond_neg_lookup(cs.ns(|| "Lookup c1"), b, b0b1, &c1s)?; - Ok(Self::new(c0, c1)) - } - - fn cost() -> usize { - 2 * >::cost() - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - AllocGadget, ConstraintF> for QuadExtFieldGadget -{ - #[inline] - fn alloc>( - mut cs: CS, - value_gen: F, - ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, - { - let (c0, c1) = match value_gen() { - Ok(fe) => { - let fe = *fe.borrow(); - (Ok(fe.c0), Ok(fe.c1)) - } - Err(_) => ( - Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), - ), - }; - - let c0 = P::BaseFieldGadget::alloc(&mut cs.ns(|| "c0"), || c0)?; - let c1 = P::BaseFieldGadget::alloc(&mut cs.ns(|| "c1"), || c1)?; - Ok(Self::new(c0, c1)) - } - - #[inline] - fn alloc_input>( - mut cs: CS, - value_gen: F, - ) -> Result - where - F: FnOnce() -> Result, - T: Borrow>, - { - let (c0, c1) = match value_gen() { - Ok(fe) => { - let fe = *fe.borrow(); - (Ok(fe.c0), Ok(fe.c1)) - } - Err(_) => ( - Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), - ), - }; - - let c0 = P::BaseFieldGadget::alloc_input(&mut cs.ns(|| "c0"), || c0)?; - let c1 = P::BaseFieldGadget::alloc_input(&mut cs.ns(|| "c1"), || c1)?; - Ok(Self::new(c0, c1)) - } -} - -impl, ConstraintF: PrimeField + SquareRootField> - ConstantGadget, ConstraintF> for QuadExtFieldGadget -{ - #[inline] - fn from_value>(mut cs: CS, value: &QuadExtField

) -> Self { - let c0 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c0"), &value.c0); - let c1 = P::BaseFieldGadget::from_value(&mut cs.ns(|| "c1"), &value.c1); - Self::new(c0, c1) - } - - #[inline] - fn get_constant(&self) -> QuadExtField

{ - self.get_value().unwrap() - } -} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bls12/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bls12/mod.rs deleted file mode 100644 index 896d10ee6..000000000 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bls12/mod.rs +++ /dev/null @@ -1,182 +0,0 @@ -use algebra::{ - curves::bls12::{Bls12Parameters, G1Prepared, TwistType}, - fields::Field, - BitIterator, ProjectiveCurve, -}; -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{ - fields::{fp::FpGadget, fp2::Fp2Gadget, FieldGadget}, - groups::curves::short_weierstrass::AffineGadget, - prelude::*, -}; - -use std::fmt::Debug; - -pub type G1Gadget

= AffineGadget< -

::G1Parameters, -

::Fp, - FpGadget<

::Fp>, ->; -pub type G2Gadget

= - AffineGadget<

::G2Parameters,

::Fp, Fp2G

>; - -#[derive(Derivative)] -#[derivative( - Clone(bound = "G1Gadget

: Clone"), - Debug(bound = "G1Gadget

: Debug") -)] -pub struct G1PreparedGadget(pub G1Gadget

); - -impl G1PreparedGadget

{ - pub fn get_value(&self) -> Option> { - Some(G1Prepared::from(self.0.get_value().unwrap().into_affine())) - } - - pub fn from_affine>( - _cs: CS, - q: &G1Gadget

, - ) -> Result { - Ok(G1PreparedGadget(q.clone())) - } -} - -impl ToBytesGadget for G1PreparedGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - self.0.to_bytes(&mut cs.ns(|| "g_alpha to bytes")) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - self.0.to_bytes_strict(&mut cs.ns(|| "g_alpha to bytes")) - } -} - -type Fp2G

= Fp2Gadget<

::Fp2Params,

::Fp>; -type LCoeff

= (Fp2G

, Fp2G

); -#[derive(Derivative)] -#[derivative( - Clone(bound = "Fp2Gadget: Clone"), - Debug(bound = "Fp2Gadget: Debug") -)] -pub struct G2PreparedGadget { - pub ell_coeffs: Vec>, -} - -impl ToBytesGadget for G2PreparedGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut bytes = Vec::new(); - for (i, coeffs) in self.ell_coeffs.iter().enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - bytes.extend_from_slice(&coeffs.0.to_bytes(&mut cs.ns(|| "c0"))?); - bytes.extend_from_slice(&coeffs.1.to_bytes(&mut cs.ns(|| "c1"))?); - } - Ok(bytes) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut bytes = Vec::new(); - for (i, coeffs) in self.ell_coeffs.iter().enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - bytes.extend_from_slice(&coeffs.0.to_bytes_strict(&mut cs.ns(|| "c0"))?); - bytes.extend_from_slice(&coeffs.1.to_bytes_strict(&mut cs.ns(|| "c1"))?); - } - Ok(bytes) - } -} - -impl G2PreparedGadget

{ - pub fn from_affine>( - mut cs: CS, - q: &G2Gadget

, - ) -> Result { - let two_inv = P::Fp::one().double().inverse().unwrap(); - let zero = G2Gadget::

::zero(cs.ns(|| "zero"))?; - q.enforce_not_equal(cs.ns(|| "enforce not zero"), &zero)?; - let mut ell_coeffs = vec![]; - let mut r = q.clone(); - - for (j, i) in BitIterator::new(P::X).skip(1).enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", j)); - ell_coeffs.push(Self::double(cs.ns(|| "double"), &mut r, &two_inv)?); - - if i { - ell_coeffs.push(Self::add(cs.ns(|| "add"), &mut r, &q)?); - } - } - - Ok(Self { ell_coeffs }) - } - - fn double>( - mut cs: CS, - r: &mut G2Gadget

, - two_inv: &P::Fp, - ) -> Result, SynthesisError> { - let a = r.y.inverse(cs.ns(|| "Inverse"))?; - let mut b = r.x.square(cs.ns(|| "square x"))?; - let b_tmp = b.clone(); - b.mul_by_base_field_constant_in_place(cs.ns(|| "mul by two_inv"), two_inv)?; - b.add_in_place(cs.ns(|| "compute b"), &b_tmp)?; - - let c = a.mul(cs.ns(|| "compute c"), &b)?; - let d = r.x.double(cs.ns(|| "compute d"))?; - let x3 = c.square(cs.ns(|| "c^2"))?.sub(cs.ns(|| "sub d"), &d)?; - let e = c - .mul(cs.ns(|| "c*r.x"), &r.x)? - .sub(cs.ns(|| "sub r.y"), &r.y)?; - let c_x3 = c.mul(cs.ns(|| "c*x_3"), &x3)?; - let y3 = e.sub(cs.ns(|| "e = c * x3"), &c_x3)?; - let mut f = c; - f.negate_in_place(cs.ns(|| "c = -c"))?; - r.x = x3; - r.y = y3; - match P::TWIST_TYPE { - TwistType::M => Ok((e, f)), - TwistType::D => Ok((f, e)), - } - } - - fn add>( - mut cs: CS, - r: &mut G2Gadget

, - q: &G2Gadget

, - ) -> Result, SynthesisError> { - let a = - q.x.sub(cs.ns(|| "q.x - r.x"), &r.x)? - .inverse(cs.ns(|| "calc a"))?; - let b = q.y.sub(cs.ns(|| "q.y - r.y"), &r.y)?; - let c = a.mul(cs.ns(|| "compute c"), &b)?; - let d = r.x.add(cs.ns(|| "r.x + q.x"), &q.x)?; - let x3 = c.square(cs.ns(|| "c^2"))?.sub(cs.ns(|| "sub d"), &d)?; - - let e = - r.x.sub(cs.ns(|| "r.x - x3"), &x3)? - .mul(cs.ns(|| "c * (r.x - x3)"), &c)?; - let y3 = e.sub(cs.ns(|| "calc y3"), &r.y)?; - let g = c - .mul(cs.ns(|| "c*r.x"), &r.x)? - .sub(cs.ns(|| "calc g"), &r.y)?; - let mut f = c; - f.negate_in_place(cs.ns(|| "c = -c"))?; - r.x = x3; - r.y = y3; - match P::TWIST_TYPE { - TwistType::M => Ok((g, f)), - TwistType::D => Ok((f, g)), - } - } -} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bn/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bn/mod.rs deleted file mode 100644 index 27f55e948..000000000 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/bn/mod.rs +++ /dev/null @@ -1,211 +0,0 @@ -use algebra::{ - curves::bn::{BnParameters, G1Prepared, TwistType}, - fields::Field, - ProjectiveCurve, -}; -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{ - fields::{fp::FpGadget, fp2::Fp2Gadget, FieldGadget}, - groups::curves::short_weierstrass::AffineGadget, - prelude::*, -}; -use std::fmt::Debug; - -pub type G1Gadget

= AffineGadget< -

::G1Parameters, -

::Fp, - FpGadget<

::Fp>, ->; - -pub type G2Gadget

= - AffineGadget<

::G2Parameters,

::Fp, Fp2G

>; - -#[derive(Derivative)] -#[derivative( - Clone(bound = "G1Gadget

: Clone"), - Debug(bound = "G1Gadget

: Debug") -)] -pub struct G1PreparedGadget(pub G1Gadget

); - -impl G1PreparedGadget

{ - pub fn get_value(&self) -> Option> { - Some(G1Prepared::from(self.0.get_value().unwrap().into_affine())) - } - - pub fn from_affine>( - _cs: CS, - q: &G1Gadget

, - ) -> Result { - Ok(G1PreparedGadget(q.clone())) - } -} - -impl ToBytesGadget for G1PreparedGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - self.0.to_bytes(&mut cs.ns(|| "g_alpha to bytes")) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - self.0.to_bytes_strict(&mut cs.ns(|| "g_alpha to bytes")) - } -} - -type Fp2G

= Fp2Gadget<

::Fp2Params,

::Fp>; -type LCoeff

= (Fp2G

, Fp2G

); -#[derive(Derivative)] -#[derivative( - Clone(bound = "Fp2Gadget: Clone"), - Debug(bound = "Fp2Gadget: Debug") -)] -pub struct G2PreparedGadget { - pub ell_coeffs: Vec>, -} - -impl ToBytesGadget for G2PreparedGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut bytes = Vec::new(); - for (i, coeffs) in self.ell_coeffs.iter().enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - bytes.extend_from_slice(&coeffs.0.to_bytes(&mut cs.ns(|| "c0"))?); - bytes.extend_from_slice(&coeffs.1.to_bytes(&mut cs.ns(|| "c1"))?); - } - Ok(bytes) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut bytes = Vec::new(); - for (i, coeffs) in self.ell_coeffs.iter().enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - bytes.extend_from_slice(&coeffs.0.to_bytes_strict(&mut cs.ns(|| "c0"))?); - bytes.extend_from_slice(&coeffs.1.to_bytes_strict(&mut cs.ns(|| "c1"))?); - } - Ok(bytes) - } -} - -fn mul_by_char>( - mut cs: CS, - q: &G2Gadget

, -) -> Result, SynthesisError> { - let mut s = q.clone(); - s.x.frobenius_map_in_place(cs.ns(|| "s.x.frobenius_map_1"), 1)?; - s.x.mul_by_constant_in_place(cs.ns(|| "s.x *= TWIST_MUL_BY_Q_X"), &P::TWIST_MUL_BY_Q_X)?; - s.y.frobenius_map_in_place(cs.ns(|| "s.y.frobenius_map_1"), 1)?; - s.y.mul_by_constant_in_place(cs.ns(|| "s.y *= TWIST_MUL_BY_Q_Y"), &P::TWIST_MUL_BY_Q_Y)?; - Ok(s) -} - -impl G2PreparedGadget

{ - pub fn from_affine>( - mut cs: CS, - q: &G2Gadget

, - ) -> Result { - let two_inv = P::Fp::one().double().inverse().unwrap(); - let zero = G2Gadget::

::zero(cs.ns(|| "zero"))?; - q.enforce_not_equal(cs.ns(|| "enforce not zero"), &zero)?; - let mut ell_coeffs = vec![]; - let mut r = q.clone(); - let negq = q.negate(cs.ns(|| "-q"))?; - - for i in (1..P::ATE_LOOP_COUNT.len()).rev() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - ell_coeffs.push(Self::double(cs.ns(|| "double"), &mut r, &two_inv)?); - - let bit = P::ATE_LOOP_COUNT[i - 1]; - - match bit { - 1 => ell_coeffs.push(Self::add(cs.ns(|| "add_q"), &mut r, &q)?), - -1 => ell_coeffs.push(Self::add(cs.ns(|| "add_neg_q"), &mut r, &negq)?), - _ => continue, - } - } - - let q1 = mul_by_char::(cs.ns(|| "q1 = q * char"), &q)?; - let mut q2 = mul_by_char::(cs.ns(|| " q2 = q1 * char"), &q1)?; - - if P::ATE_LOOP_COUNT_IS_NEGATIVE { - r.y = r.y.negate(cs.ns(|| "-r.y"))?; - } - - q2.y = q2.y.negate(cs.ns(|| "-q2.y"))?; - - ell_coeffs.push(Self::add(cs.ns(|| "add_last_1"), &mut r, &q1)?); - ell_coeffs.push(Self::add(cs.ns(|| "add_last_2"), &mut r, &q2)?); - - Ok(Self { ell_coeffs }) - } - - fn double>( - mut cs: CS, - r: &mut G2Gadget

, - two_inv: &P::Fp, - ) -> Result, SynthesisError> { - let a = r.y.inverse(cs.ns(|| "Inverse"))?; - let mut b = r.x.square(cs.ns(|| "square x"))?; - let b_tmp = b.clone(); - b.mul_by_base_field_constant_in_place(cs.ns(|| "mul by two_inv"), two_inv)?; - b.add_in_place(cs.ns(|| "compute b"), &b_tmp)?; - - let c = a.mul(cs.ns(|| "compute c"), &b)?; - let d = r.x.double(cs.ns(|| "compute d"))?; - let x3 = c.square(cs.ns(|| "c^2"))?.sub(cs.ns(|| "sub d"), &d)?; - let e = c - .mul(cs.ns(|| "c*r.x"), &r.x)? - .sub(cs.ns(|| "sub r.y"), &r.y)?; - let c_x3 = c.mul(cs.ns(|| "c*x_3"), &x3)?; - let y3 = e.sub(cs.ns(|| "e = c * x3"), &c_x3)?; - let mut f = c; - f.negate_in_place(cs.ns(|| "c = -c"))?; - r.x = x3; - r.y = y3; - match P::TWIST_TYPE { - TwistType::M => Ok((e, f)), - TwistType::D => Ok((f, e)), - } - } - - fn add>( - mut cs: CS, - r: &mut G2Gadget

, - q: &G2Gadget

, - ) -> Result, SynthesisError> { - let a = - q.x.sub(cs.ns(|| "q.x - r.x"), &r.x)? - .inverse(cs.ns(|| "calc a"))?; - let b = q.y.sub(cs.ns(|| "q.y - r.y"), &r.y)?; - let c = a.mul(cs.ns(|| "compute c"), &b)?; - let d = r.x.add(cs.ns(|| "r.x + q.x"), &q.x)?; - let x3 = c.square(cs.ns(|| "c^2"))?.sub(cs.ns(|| "sub d"), &d)?; - - let e = - r.x.sub(cs.ns(|| "r.x - x3"), &x3)? - .mul(cs.ns(|| "c * (r.x - x3)"), &c)?; - let y3 = e.sub(cs.ns(|| "calc y3"), &r.y)?; - let g = c - .mul(cs.ns(|| "c*r.x"), &r.x)? - .sub(cs.ns(|| "calc g"), &r.y)?; - let mut f = c; - f.negate_in_place(cs.ns(|| "c = -c"))?; - r.x = x3; - r.y = y3; - match P::TWIST_TYPE { - TwistType::M => Ok((g, f)), - TwistType::D => Ok((f, g)), - } - } -} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt4/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt4/mod.rs deleted file mode 100644 index 97f9bda60..000000000 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt4/mod.rs +++ /dev/null @@ -1,298 +0,0 @@ -use algebra::Field; - -use crate::{ - alloc::AllocGadget, - bits::uint8::UInt8, - fields::{fp::FpGadget, fp2::Fp2Gadget, FieldGadget}, - groups::curves::short_weierstrass::short_weierstrass_projective::AffineGadget, - Assignment, ToBytesGadget, -}; - -use crate::bits::boolean::Boolean; -use algebra::curves::models::mnt4::MNT4Parameters; -use r1cs_core::{ConstraintSystem, SynthesisError}; -use std::fmt::Debug; -use std::ops::Mul; - -pub type G1Gadget

= - AffineGadget<

::G1Parameters,

::Fp, FpG

>; -pub type G2Gadget

= - AffineGadget<

::G2Parameters,

::Fp, Fp2G

>; - -type FpG

= FpGadget<

::Fp>; -type Fp2G

= Fp2Gadget<

::Fp2Params,

::Fp>; - -#[derive(Derivative)] -#[derivative( - Clone(bound = "FpGadget: Clone"), - Clone(bound = "Fp2Gadget: Clone"), - Debug(bound = "FpGadget: Debug"), - Debug(bound = "Fp2Gadget: Debug") -)] -pub struct G1PreparedGadget { - pub p: G1Gadget

, - pub p_y_twist_squared: Fp2G

, -} - -impl G1PreparedGadget

{ - pub fn from_affine>( - mut cs: CS, - value: &G1Gadget

, - ) -> Result { - let p = value.clone(); - let twist_squared = P::TWIST.square(); - let c0 = - p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c0"), &twist_squared.c0)?; - let c1 = - p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c1"), &twist_squared.c1)?; - let p_y_twist_squared = Fp2G::

::new(c0, c1); - Ok(G1PreparedGadget { - p, - p_y_twist_squared, - }) - } -} - -impl ToBytesGadget for G1PreparedGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut p = self.p.to_bytes(&mut cs.ns(|| "p to bytes"))?; - p.extend_from_slice( - &self - .p_y_twist_squared - .to_bytes(&mut cs.ns(|| "p_y_twist_squared to bytes"))?, - ); - Ok(p) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut p = self.p.to_bytes_strict(&mut cs.ns(|| "p to bytes"))?; - p.extend_from_slice( - &self - .p_y_twist_squared - .to_bytes_strict(&mut cs.ns(|| "p_y_twist_squared to bytes"))?, - ); - Ok(p) - } -} - -#[derive(Derivative)] -#[derivative( - Clone(bound = "Fp2Gadget: Clone"), - Debug(bound = "Fp2Gadget: Debug") -)] -pub struct G2CoefficientsGadget { - pub(crate) r_y: Fp2G

, - pub(crate) gamma: Fp2G

, - pub(crate) gamma_x: Fp2G

, -} - -impl ToBytesGadget for G2CoefficientsGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut x = self.r_y.to_bytes(&mut cs.ns(|| "r_y to bytes"))?; - x.extend_from_slice(&self.gamma.to_bytes(&mut cs.ns(|| "gamma to bytes"))?); - x.extend_from_slice(&self.gamma_x.to_bytes(&mut cs.ns(|| "gamma_x to bytes"))?); - Ok(x) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut x = self.r_y.to_bytes_strict(&mut cs.ns(|| "r_y to bytes"))?; - x.extend_from_slice( - &self - .gamma - .to_bytes_strict(&mut cs.ns(|| "gamma to bytes"))?, - ); - x.extend_from_slice( - &self - .gamma_x - .to_bytes_strict(&mut cs.ns(|| "gamma_x to bytes"))?, - ); - Ok(x) - } -} - -#[derive(Derivative)] -#[derivative( - Clone(bound = "Fp2Gadget: Clone"), - Debug(bound = "Fp2Gadget: Debug") -)] -pub struct G2PreparedGadget { - pub q: G2Gadget

, - pub coeffs: Vec>, -} - -impl G2PreparedGadget

{ - pub fn from_affine>( - mut cs: CS, - value: &G2Gadget

, - ) -> Result { - let mut s = value.clone(); - - let mut g2p = G2PreparedGadget { - q: s.clone(), - coeffs: vec![], - }; - - for (i, &n) in P::WNAF.iter().rev().enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - - let (s2, c) = - Self::doubling_step_for_flipped_miller_loop(cs.ns(|| "double"), &s.clone())?; - g2p.coeffs.push(c); - s = s2; - if n != 0 { - let (s2, c) = Self::mixed_addition_step_for_flipped_miller_loop( - cs.ns(|| "add"), - &value.x, - &value.y, - &s.clone(), - n, - )?; - g2p.coeffs.push(c); - s = s2; - } - } - Ok(g2p) - } - - fn doubling_step_for_flipped_miller_loop>( - mut cs: CS, - s: &G2Gadget

, - ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> { - //Compute gamma - let s_x_squared = s.x.square(cs.ns(|| "s_x^2"))?; - let three_sx_squared_plus_a = s_x_squared - .double(cs.ns(|| "2s_x^2"))? - .add(cs.ns(|| "3s_x^2"), &s_x_squared)? - .add_constant(cs.ns(|| "3s_x^2 + a"), &P::TWIST_COEFF_A)?; - - let two_sy = s.y.double(cs.ns(|| "2s_y"))?; - - let gamma = Fp2G::

::alloc(cs.ns(|| "gamma"), || { - Ok(three_sx_squared_plus_a - .get_value() - .get()? - .mul(&two_sy.get_value().get()?.inverse().get()?)) - })?; - - //Check gamma (gamma*2s_y = sx^2 + 3a) - gamma.mul_equals(cs.ns(|| "Check gamma"), &two_sy, &three_sx_squared_plus_a)?; - - //Compute and check gamma_x - let gamma_x = gamma.mul(cs.ns(|| "Compute gamma_x"), &s.x)?; - - //Compute and check new_sx - let two_sx = s.x.double(cs.ns(|| "2s_x"))?; - let new_sx = gamma - .square(cs.ns(|| "gamma^2"))? - .sub(cs.ns(|| "gamma^2 - 2s_x"), &two_sx)?; - - //Compute and check new_sy - let new_sy = - s.x.sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? - .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? - .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; - - let c = G2CoefficientsGadget { - r_y: s.y.clone(), - gamma, - gamma_x, - }; - let s2 = G2Gadget::

::new(new_sx, new_sy, Boolean::constant(false)); - - Ok((s2, c)) - } - - fn mixed_addition_step_for_flipped_miller_loop>( - mut cs: CS, - x: &Fp2G

, - y: &Fp2G

, - s: &G2Gadget

, - naf_i: i32, - ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> { - //Compute gamma - let sx_minus_x = s.x.sub(cs.ns(|| "s_x - x"), &x)?; - - let sy_plus_y = s.y.add(cs.ns(|| "(s_y + y)"), &y)?; - let sy_minus_y = s.y.sub(cs.ns(|| "(s_y - y)"), &y)?; - let numerator = if naf_i > 0 { sy_minus_y } else { sy_plus_y }; - - let gamma = Fp2G::

::alloc(cs.ns(|| "Compute gamma"), || { - let sx_minus_x_inv = sx_minus_x.get_value().get()?.inverse().get()?; - Ok(numerator.get_value().get()?.mul(&sx_minus_x_inv)) - })?; - - //Check gamma - gamma.mul_equals(cs.ns(|| "Check gamma"), &sx_minus_x, &numerator)?; - - //Compute and check gamma_x - let gamma_x = gamma.mul(cs.ns(|| "Compute gamma_x"), &x)?; - - //Compute and check new_sx - let new_sx = gamma - .square(cs.ns(|| "gamma^2"))? - .sub(cs.ns(|| "gamma^2 - s_x"), &s.x)? - .sub(cs.ns(|| "gamma^2 - s_x - x"), &x)?; - - //Compute and check new_sy - let new_sy = - s.x.sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? - .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? - .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; - - let c = G2CoefficientsGadget { - r_y: s.y.clone(), - gamma, - gamma_x, - }; - let s2 = G2Gadget::

::new(new_sx, new_sy, Boolean::constant(false)); - - Ok((s2, c)) - } -} - -impl ToBytesGadget for G2PreparedGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut x = self.q.to_bytes(&mut cs.ns(|| "q to bytes"))?; - - for (i, c) in self.coeffs.iter().enumerate() { - x.extend_from_slice( - &c.to_bytes(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?, - ); - } - - Ok(x) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut x = self.q.to_bytes_strict(&mut cs.ns(|| "q to bytes"))?; - - for (i, c) in self.coeffs.iter().enumerate() { - x.extend_from_slice( - &c.to_bytes_strict(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?, - ); - } - - Ok(x) - } -} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt6/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt6/mod.rs deleted file mode 100644 index 281420ed4..000000000 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mnt6/mod.rs +++ /dev/null @@ -1,305 +0,0 @@ -use algebra::Field; - -use crate::{ - alloc::AllocGadget, - bits::uint8::UInt8, - bits::ToBytesGadget, - fields::{fp::FpGadget, fp3::Fp3Gadget, FieldGadget}, - groups::curves::short_weierstrass::short_weierstrass_projective::AffineGadget, - Assignment, -}; - -use algebra::curves::models::mnt6::MNT6Parameters; -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::bits::boolean::Boolean; -use std::fmt::Debug; -use std::ops::Mul; - -pub type G1Gadget

= - AffineGadget<

::G1Parameters,

::Fp, FpG

>; -pub type G2Gadget

= - AffineGadget<

::G2Parameters,

::Fp, Fp3G

>; - -type FpG

= FpGadget<

::Fp>; -type Fp3G

= Fp3Gadget<

::Fp3Params,

::Fp>; - -#[derive(Derivative)] -#[derivative( - Clone(bound = "FpGadget: Clone"), - Clone(bound = "Fp3Gadget: Clone"), - Debug(bound = "FpGadget: Debug"), - Debug(bound = "Fp3Gadget: Debug") -)] -pub struct G1PreparedGadget { - pub p: G1Gadget

, - pub p_y_twist_squared: Fp3G

, -} - -impl G1PreparedGadget

{ - pub fn from_affine>( - mut cs: CS, - value: &G1Gadget

, - ) -> Result { - let p = value.clone(); - - //Compute and check p_y_twist_squared - let twist_squared = P::TWIST.square(); - let c0 = - p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c0"), &twist_squared.c0)?; - let c1 = - p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c1"), &twist_squared.c1)?; - let c2 = - p.y.mul_by_constant(cs.ns(|| "p.y * twist_squared.c2"), &twist_squared.c2)?; - let p_y_twist_squared = Fp3G::

::new(c0, c1, c2); - - Ok(G1PreparedGadget { - p, - p_y_twist_squared, - }) - } -} - -impl ToBytesGadget for G1PreparedGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut p = self.p.to_bytes(&mut cs.ns(|| "p to bytes"))?; - p.extend_from_slice( - &self - .p_y_twist_squared - .to_bytes(&mut cs.ns(|| "p_y_twist_squared to bytes"))?, - ); - Ok(p) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut p = self.p.to_bytes_strict(&mut cs.ns(|| "p to bytes"))?; - p.extend_from_slice( - &self - .p_y_twist_squared - .to_bytes_strict(&mut cs.ns(|| "p_y_twist_squared to bytes"))?, - ); - Ok(p) - } -} - -#[derive(Derivative)] -#[derivative( - Clone(bound = "Fp3Gadget: Clone"), - Debug(bound = "Fp3Gadget: Debug") -)] -pub struct G2CoefficientsGadget { - pub(crate) r_y: Fp3G

, - pub(crate) gamma: Fp3G

, - pub(crate) gamma_x: Fp3G

, -} - -impl ToBytesGadget for G2CoefficientsGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut x = self.r_y.to_bytes(&mut cs.ns(|| "r_y to bytes"))?; - x.extend_from_slice(&self.gamma.to_bytes(&mut cs.ns(|| "gamma to bytes"))?); - x.extend_from_slice(&self.gamma_x.to_bytes(&mut cs.ns(|| "gamma_x to bytes"))?); - Ok(x) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut x = self.r_y.to_bytes_strict(&mut cs.ns(|| "r_y to bytes"))?; - x.extend_from_slice( - &self - .gamma - .to_bytes_strict(&mut cs.ns(|| "gamma to bytes"))?, - ); - x.extend_from_slice( - &self - .gamma_x - .to_bytes_strict(&mut cs.ns(|| "gamma_x to bytes"))?, - ); - Ok(x) - } -} - -#[derive(Derivative)] -#[derivative( - Clone(bound = "Fp3Gadget: Clone"), - Debug(bound = "Fp3Gadget: Debug") -)] -pub struct G2PreparedGadget { - pub q: G2Gadget

, - pub coeffs: Vec>, -} - -impl G2PreparedGadget

{ - pub fn from_affine>( - mut cs: CS, - value: &G2Gadget

, - ) -> Result { - let mut s = value.clone(); - - let mut g2p = G2PreparedGadget { - q: s.clone(), - coeffs: vec![], - }; - - for (i, &n) in P::WNAF.iter().rev().enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - - let (s2, c) = - Self::doubling_step_for_flipped_miller_loop(cs.ns(|| "double"), &s.clone())?; - g2p.coeffs.push(c); - s = s2; - if n != 0 { - let (s2, c) = Self::mixed_addition_step_for_flipped_miller_loop( - cs.ns(|| "add"), - &value.x, - &value.y, - &s.clone(), - n, - )?; - g2p.coeffs.push(c); - s = s2; - } - } - Ok(g2p) - } - - fn doubling_step_for_flipped_miller_loop>( - mut cs: CS, - s: &G2Gadget

, - ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> { - //Compute gamma - let s_x_squared = s.x.square(cs.ns(|| "s_x^2"))?; - let three_sx_squared_plus_a = s_x_squared - .double(cs.ns(|| "2s_x^2"))? - .add(cs.ns(|| "3s_x^2"), &s_x_squared)? - .add_constant(cs.ns(|| "3s_x^2 + a"), &P::TWIST_COEFF_A)?; - - let two_sy = s.y.double(cs.ns(|| "2s_y"))?; - - let gamma = Fp3G::

::alloc(cs.ns(|| "gamma"), || { - Ok(three_sx_squared_plus_a - .get_value() - .get()? - .mul(&two_sy.get_value().get()?.inverse().get()?)) - })?; - - //Check gamma (gamma*2s_y = 3sx^2 + a) - gamma.mul_equals(cs.ns(|| "Check gamma"), &two_sy, &three_sx_squared_plus_a)?; - - //Compute and check gamma_x - let gamma_x = gamma.mul(cs.ns(|| "Compute gamma_x"), &s.x)?; - - //Compute new_sx - let two_sx = s.x.double(cs.ns(|| "2s_x"))?; - let new_sx = gamma - .square(cs.ns(|| "gamma^2"))? - .sub(cs.ns(|| "gamma^2 - 2s_x"), &two_sx)?; - - //Compute and check new_sy - let new_sy = - s.x.sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? - .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? - .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; - - let c = G2CoefficientsGadget { - r_y: s.y.clone(), - gamma, - gamma_x, - }; - let s2 = G2Gadget::

::new(new_sx, new_sy, Boolean::constant(false)); - - Ok((s2, c)) - } - - fn mixed_addition_step_for_flipped_miller_loop>( - mut cs: CS, - x: &Fp3G

, - y: &Fp3G

, - s: &G2Gadget

, - naf_i: i32, - ) -> Result<(G2Gadget

, G2CoefficientsGadget

), SynthesisError> { - //Compute gamma - let sx_minus_x = s.x.sub(cs.ns(|| "s_x - x"), &x)?; - - let sy_plus_y = s.y.add(cs.ns(|| "(s_y + y)"), &y)?; - let sy_minus_y = s.y.sub(cs.ns(|| "(s_y - y)"), &y)?; - let numerator = if naf_i > 0 { sy_minus_y } else { sy_plus_y }; - - let gamma = Fp3G::

::alloc(cs.ns(|| "Compute gamma"), || { - let sx_minus_x_inv = sx_minus_x.get_value().get()?.inverse().get()?; - Ok(numerator.get_value().get()?.mul(&sx_minus_x_inv)) - })?; - - //Check gamma - gamma.mul_equals(cs.ns(|| "Check gamma"), &sx_minus_x, &numerator)?; - - //Compute and check gamma_x - let gamma_x = gamma.mul(cs.ns(|| "Compute gamma_x"), &x)?; - - //Compute and check new_sx - let new_sx = gamma - .square(cs.ns(|| "gamma^2"))? - .sub(cs.ns(|| "gamma^2 - s_x"), &s.x)? - .sub(cs.ns(|| "gamma^2 - s_x - x"), &x)?; - - //Compute and check new_sy - let new_sy = - s.x.sub(cs.ns(|| "s_x - new_s_x"), &new_sx)? - .mul(cs.ns(|| "gamma * (s_x - new_s_x)"), &gamma)? - .sub(cs.ns(|| "gamma * (s_x - new_s_x) - s_y"), &s.y)?; - - let c = G2CoefficientsGadget { - r_y: s.y.clone(), - gamma, - gamma_x, - }; - let s2 = G2Gadget::

::new(new_sx, new_sy, Boolean::constant(false)); - - Ok((s2, c)) - } -} - -impl ToBytesGadget for G2PreparedGadget

{ - #[inline] - fn to_bytes>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut x = self.q.to_bytes(&mut cs.ns(|| "q to bytes"))?; - - for (i, c) in self.coeffs.iter().enumerate() { - x.extend_from_slice( - &c.to_bytes(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?, - ); - } - - Ok(x) - } - - fn to_bytes_strict>( - &self, - mut cs: CS, - ) -> Result, SynthesisError> { - let mut x = self.q.to_bytes_strict(&mut cs.ns(|| "q to bytes"))?; - - for (i, c) in self.coeffs.iter().enumerate() { - x.extend_from_slice( - &c.to_bytes_strict(&mut cs.ns(|| format!("coefficients {} to bytes", i)))?, - ); - } - - Ok(x) - } -} diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mod.rs deleted file mode 100644 index 86aff7884..000000000 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mnt/mod.rs +++ /dev/null @@ -1,2 +0,0 @@ -pub mod mnt4; -pub mod mnt6; diff --git a/r1cs/gadgets/std/src/instantiated/bls12_377/curves.rs b/r1cs/gadgets/std/src/instantiated/bls12_377/curves.rs deleted file mode 100644 index e13a88153..000000000 --- a/r1cs/gadgets/std/src/instantiated/bls12_377/curves.rs +++ /dev/null @@ -1,19 +0,0 @@ -use crate::groups::bls12::{ - G1Gadget as Bls12G1Gadget, G1PreparedGadget as Bls12G1PreparedGadget, - G2Gadget as Bls12G2Gadget, G2PreparedGadget as Bls12G2PreparedGadget, -}; -use algebra::curves::bls12_377::Bls12_377Parameters; - -pub type G1Gadget = Bls12G1Gadget; -pub type G2Gadget = Bls12G2Gadget; - -pub type G1PreparedGadget = Bls12G1PreparedGadget; -pub type G2PreparedGadget = Bls12G2PreparedGadget; - -#[test] -fn test() { - crate::groups::test::group_test_with_incomplete_add::<_, _, G1Gadget>(); - crate::groups::test::mul_bits_test::<_, _, G1Gadget>(); - crate::groups::test::group_test_with_incomplete_add::<_, _, G2Gadget>(); - crate::groups::test::mul_bits_test::<_, _, G2Gadget>(); -} diff --git a/r1cs/gadgets/std/src/instantiated/bls12_377/fields.rs b/r1cs/gadgets/std/src/instantiated/bls12_377/fields.rs deleted file mode 100644 index 0d015e2cb..000000000 --- a/r1cs/gadgets/std/src/instantiated/bls12_377/fields.rs +++ /dev/null @@ -1,31 +0,0 @@ -use algebra::fields::bls12_377::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters}; - -use crate::fields::{fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, fp6_3over2::Fp6Gadget}; - -pub type FqGadget = FpGadget; -pub type Fq2Gadget = Fp2Gadget; -pub type Fq6Gadget = Fp6Gadget; -pub type Fq12Gadget = Fp12Gadget; - -#[test] -fn bls12_377_field_gadgets_test() { - use super::*; - use crate::fields::tests::*; - use algebra::fields::bls12_377::{Fq, Fq12, Fq2, Fq6}; - - field_test::<_, Fq, FqGadget>(); - frobenius_tests::(13); - equ_verdict_fp_gadget_test::(); - even_odd_fp_gadget_test::(); - from_bits_fp_gadget_test::(); - bit_fp_gadgets_test::(); - - field_test::<_, Fq, Fq2Gadget>(); - frobenius_tests::(13); - - field_test::<_, Fq, Fq6Gadget>(); - frobenius_tests::(13); - - field_test::<_, Fq, Fq12Gadget>(); - frobenius_tests::(13); -} diff --git a/r1cs/gadgets/std/src/instantiated/bls12_377/mod.rs b/r1cs/gadgets/std/src/instantiated/bls12_377/mod.rs deleted file mode 100644 index 5e10f69ff..000000000 --- a/r1cs/gadgets/std/src/instantiated/bls12_377/mod.rs +++ /dev/null @@ -1,7 +0,0 @@ -mod curves; -mod fields; -mod pairing; - -pub use curves::*; -pub use fields::*; -pub use pairing::*; diff --git a/r1cs/gadgets/std/src/instantiated/bls12_377/pairing.rs b/r1cs/gadgets/std/src/instantiated/bls12_377/pairing.rs deleted file mode 100644 index 7fb9a11b9..000000000 --- a/r1cs/gadgets/std/src/instantiated/bls12_377/pairing.rs +++ /dev/null @@ -1,9 +0,0 @@ -use algebra::curves::bls12_377::Bls12_377Parameters as Parameters; - -pub type PairingGadget = crate::pairing::bls12::PairingGadget; - -#[test] -fn test() { - crate::pairing::tests::bilinearity_test::( - ) -} diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/curves.rs b/r1cs/gadgets/std/src/instantiated/bn_382/curves.rs deleted file mode 100644 index 02ea18cc1..000000000 --- a/r1cs/gadgets/std/src/instantiated/bn_382/curves.rs +++ /dev/null @@ -1,16 +0,0 @@ -use crate::groups::bn; -use algebra::curves::bn_382::Bn382Parameters; - -pub type G1Gadget = bn::G1Gadget; -pub type G2Gadget = bn::G2Gadget; - -pub type G1PreparedGadget = bn::G1PreparedGadget; -pub type G2PreparedGadget = bn::G2PreparedGadget; - -#[test] -fn test() { - crate::groups::test::group_test_with_incomplete_add::<_, _, G1Gadget>(); - crate::groups::test::group_test_with_incomplete_add::<_, _, G2Gadget>(); - crate::groups::test::mul_bits_test::<_, _, G1Gadget>(); - crate::groups::test::mul_bits_test::<_, _, G2Gadget>(); -} diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/fields.rs b/r1cs/gadgets/std/src/instantiated/bn_382/fields.rs deleted file mode 100644 index ca5eeaced..000000000 --- a/r1cs/gadgets/std/src/instantiated/bn_382/fields.rs +++ /dev/null @@ -1,31 +0,0 @@ -use algebra::fields::bn_382::{Fq, Fq12Parameters, Fq2Parameters, Fq6Parameters}; - -use crate::fields::{fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, fp6_3over2::Fp6Gadget}; - -pub type FqGadget = FpGadget; -pub type Fq2Gadget = Fp2Gadget; -pub type Fq6Gadget = Fp6Gadget; -pub type Fq12Gadget = Fp12Gadget; - -#[test] -fn bn382_field_gadgets_test() { - use super::*; - use crate::fields::tests::*; - use algebra::fields::bn_382::{Fq, Fq12, Fq2, Fq6}; - - field_test::<_, Fq, FqGadget>(); - frobenius_tests::(13); - equ_verdict_fp_gadget_test::(); - even_odd_fp_gadget_test::(); - from_bits_fp_gadget_test::(); - bit_fp_gadgets_test::(); - - field_test::<_, Fq, Fq2Gadget>(); - frobenius_tests::(13); - - field_test::<_, Fq, Fq6Gadget>(); - frobenius_tests::(13); - - field_test::<_, Fq, Fq12Gadget>(); - frobenius_tests::(13); -} diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/g/curves.rs b/r1cs/gadgets/std/src/instantiated/bn_382/g/curves.rs deleted file mode 100644 index 690ea05bd..000000000 --- a/r1cs/gadgets/std/src/instantiated/bn_382/g/curves.rs +++ /dev/null @@ -1,10 +0,0 @@ -use crate::{bn_382::g::FqGadget, groups::curves::short_weierstrass::AffineGadget}; -use algebra::{curves::bn_382::g::Bn382GParameters, fields::bn_382::Fr}; - -pub type Bn382GGadget = AffineGadget; - -#[test] -fn test() { - crate::groups::test::group_test_with_incomplete_add::<_, _, Bn382GGadget>(); - crate::groups::test::mul_bits_test::<_, _, Bn382GGadget>(); -} diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/g/fields.rs b/r1cs/gadgets/std/src/instantiated/bn_382/g/fields.rs deleted file mode 100644 index fb23a0f00..000000000 --- a/r1cs/gadgets/std/src/instantiated/bn_382/g/fields.rs +++ /dev/null @@ -1,18 +0,0 @@ -use algebra::fields::bn_382::Fr; - -use crate::fields::fp::FpGadget; - -pub type FqGadget = FpGadget; - -#[test] -fn bn382_g_field_gadgets_test() { - use super::*; - use crate::fields::tests::*; - - field_test::<_, Fr, FqGadget>(); - frobenius_tests::(13); - equ_verdict_fp_gadget_test::(); - even_odd_fp_gadget_test::(); - from_bits_fp_gadget_test::(); - bit_fp_gadgets_test::(); -} diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/g/mod.rs b/r1cs/gadgets/std/src/instantiated/bn_382/g/mod.rs deleted file mode 100644 index cd5e75810..000000000 --- a/r1cs/gadgets/std/src/instantiated/bn_382/g/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -mod curves; -mod fields; - -pub use curves::*; -pub use fields::*; diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/mod.rs b/r1cs/gadgets/std/src/instantiated/bn_382/mod.rs deleted file mode 100644 index e67f27116..000000000 --- a/r1cs/gadgets/std/src/instantiated/bn_382/mod.rs +++ /dev/null @@ -1,8 +0,0 @@ -mod curves; -mod fields; -pub mod g; -mod pairing; - -pub use curves::*; -pub use fields::*; -pub use pairing::*; diff --git a/r1cs/gadgets/std/src/instantiated/bn_382/pairing.rs b/r1cs/gadgets/std/src/instantiated/bn_382/pairing.rs deleted file mode 100644 index 541f1c5a6..000000000 --- a/r1cs/gadgets/std/src/instantiated/bn_382/pairing.rs +++ /dev/null @@ -1,8 +0,0 @@ -use algebra::curves::bn_382::Bn382Parameters; - -pub type PairingGadget = crate::pairing::bn::PairingGadget; - -#[test] -fn test() { - crate::pairing::tests::bilinearity_test::() -} diff --git a/r1cs/gadgets/std/src/instantiated/edwards_bls12/curves.rs b/r1cs/gadgets/std/src/instantiated/edwards_bls12/curves.rs deleted file mode 100644 index c92042750..000000000 --- a/r1cs/gadgets/std/src/instantiated/edwards_bls12/curves.rs +++ /dev/null @@ -1,11 +0,0 @@ -use crate::groups::curves::twisted_edwards::AffineGadget; -use algebra::{curves::edwards_bls12::EdwardsParameters, fields::edwards_bls12::fq::Fq}; - -use crate::edwards_bls12::FqGadget; - -pub type EdwardsBlsGadget = AffineGadget; - -#[test] -fn test() { - crate::groups::curves::twisted_edwards::test::<_, EdwardsParameters, EdwardsBlsGadget>(); -} diff --git a/r1cs/gadgets/std/src/instantiated/edwards_bls12/fields.rs b/r1cs/gadgets/std/src/instantiated/edwards_bls12/fields.rs deleted file mode 100644 index 142045789..000000000 --- a/r1cs/gadgets/std/src/instantiated/edwards_bls12/fields.rs +++ /dev/null @@ -1,16 +0,0 @@ -use crate::fields::fp::FpGadget; -use algebra::fields::edwards_bls12::fq::Fq; - -pub type FqGadget = FpGadget; - -#[test] -fn test() { - use crate::fields::tests::*; - - field_test::<_, Fq, FqGadget>(); - frobenius_tests::(13); - equ_verdict_fp_gadget_test::(); - even_odd_fp_gadget_test::(); - from_bits_fp_gadget_test::(); - bit_fp_gadgets_test::(); -} diff --git a/r1cs/gadgets/std/src/instantiated/edwards_bls12/mod.rs b/r1cs/gadgets/std/src/instantiated/edwards_bls12/mod.rs deleted file mode 100644 index cd5e75810..000000000 --- a/r1cs/gadgets/std/src/instantiated/edwards_bls12/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -mod curves; -mod fields; - -pub use curves::*; -pub use fields::*; diff --git a/r1cs/gadgets/std/src/instantiated/edwards_sw6/curves.rs b/r1cs/gadgets/std/src/instantiated/edwards_sw6/curves.rs deleted file mode 100644 index ce42c4720..000000000 --- a/r1cs/gadgets/std/src/instantiated/edwards_sw6/curves.rs +++ /dev/null @@ -1,11 +0,0 @@ -use crate::groups::curves::twisted_edwards::AffineGadget; -use algebra::{curves::edwards_sw6::EdwardsParameters, fields::edwards_sw6::fq::Fq}; - -use crate::edwards_sw6::FqGadget; - -pub type EdwardsSWGadget = AffineGadget; - -#[test] -fn test() { - crate::groups::curves::twisted_edwards::test::<_, EdwardsParameters, EdwardsSWGadget>(); -} diff --git a/r1cs/gadgets/std/src/instantiated/edwards_sw6/fields.rs b/r1cs/gadgets/std/src/instantiated/edwards_sw6/fields.rs deleted file mode 100644 index 6c6d364dc..000000000 --- a/r1cs/gadgets/std/src/instantiated/edwards_sw6/fields.rs +++ /dev/null @@ -1,16 +0,0 @@ -use crate::fields::fp::FpGadget; -use algebra::fields::edwards_sw6::fq::Fq; - -pub type FqGadget = FpGadget; - -#[test] -fn test() { - use crate::fields::tests::*; - - field_test::<_, Fq, FqGadget>(); - frobenius_tests::(13); - equ_verdict_fp_gadget_test::(); - even_odd_fp_gadget_test::(); - from_bits_fp_gadget_test::(); - bit_fp_gadgets_test::(); -} diff --git a/r1cs/gadgets/std/src/instantiated/edwards_sw6/mod.rs b/r1cs/gadgets/std/src/instantiated/edwards_sw6/mod.rs deleted file mode 100644 index cd5e75810..000000000 --- a/r1cs/gadgets/std/src/instantiated/edwards_sw6/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -mod curves; -mod fields; - -pub use curves::*; -pub use fields::*; diff --git a/r1cs/gadgets/std/src/instantiated/jubjub/curves.rs b/r1cs/gadgets/std/src/instantiated/jubjub/curves.rs deleted file mode 100644 index 16a8f06b6..000000000 --- a/r1cs/gadgets/std/src/instantiated/jubjub/curves.rs +++ /dev/null @@ -1,11 +0,0 @@ -use crate::groups::curves::twisted_edwards::AffineGadget; -use algebra::{curves::jubjub::JubJubParameters, fields::jubjub::fq::Fq}; - -use crate::jubjub::FqGadget; - -pub type JubJubGadget = AffineGadget; - -#[test] -fn test() { - crate::groups::curves::twisted_edwards::test::(); -} diff --git a/r1cs/gadgets/std/src/instantiated/jubjub/fields.rs b/r1cs/gadgets/std/src/instantiated/jubjub/fields.rs deleted file mode 100644 index cf5802cf9..000000000 --- a/r1cs/gadgets/std/src/instantiated/jubjub/fields.rs +++ /dev/null @@ -1,16 +0,0 @@ -use crate::fields::fp::FpGadget; -use algebra::fields::jubjub::fq::Fq; - -pub type FqGadget = FpGadget; - -#[test] -fn test() { - use crate::fields::tests::*; - - field_test::<_, Fq, FqGadget>(); - frobenius_tests::(13); - equ_verdict_fp_gadget_test::(); - even_odd_fp_gadget_test::(); - from_bits_fp_gadget_test::(); - bit_fp_gadgets_test::(); -} diff --git a/r1cs/gadgets/std/src/instantiated/jubjub/mod.rs b/r1cs/gadgets/std/src/instantiated/jubjub/mod.rs deleted file mode 100644 index cd5e75810..000000000 --- a/r1cs/gadgets/std/src/instantiated/jubjub/mod.rs +++ /dev/null @@ -1,5 +0,0 @@ -mod curves; -mod fields; - -pub use curves::*; -pub use fields::*; diff --git a/r1cs/gadgets/std/src/instantiated/mnt4_753/curves.rs b/r1cs/gadgets/std/src/instantiated/mnt4_753/curves.rs deleted file mode 100644 index 6f40e7c09..000000000 --- a/r1cs/gadgets/std/src/instantiated/mnt4_753/curves.rs +++ /dev/null @@ -1,16 +0,0 @@ -use crate::groups::mnt::mnt4; -use algebra::curves::mnt4753::MNT4_753Parameters as Parameters; - -pub type G1Gadget = mnt4::G1Gadget; -pub type G2Gadget = mnt4::G2Gadget; - -pub type G1PreparedGadget = mnt4::G1PreparedGadget; -pub type G2PreparedGadget = mnt4::G2PreparedGadget; - -#[test] -fn test() { - crate::groups::test::group_test_with_incomplete_add::<_, _, G1Gadget>(); - crate::groups::test::group_test_with_incomplete_add::<_, _, G2Gadget>(); - crate::groups::test::mul_bits_test::<_, _, G1Gadget>(); - crate::groups::test::mul_bits_test::<_, _, G2Gadget>(); -} diff --git a/r1cs/gadgets/std/src/instantiated/mnt4_753/fields.rs b/r1cs/gadgets/std/src/instantiated/mnt4_753/fields.rs deleted file mode 100644 index fa01b1c1c..000000000 --- a/r1cs/gadgets/std/src/instantiated/mnt4_753/fields.rs +++ /dev/null @@ -1,27 +0,0 @@ -use algebra::fields::mnt4753::{Fq, Fq2Parameters, Fq4Parameters}; - -use crate::fields::{fp::FpGadget, fp2::Fp2Gadget, fp4::Fp4Gadget}; - -pub type FqGadget = FpGadget; -pub type Fq2Gadget = Fp2Gadget; -pub type Fq4Gadget = Fp4Gadget; - -#[test] -fn mnt4_753_field_gadgets_test() { - use super::*; - use crate::fields::tests::*; - use algebra::fields::mnt4753::{Fq, Fq2, Fq4}; - - field_test::<_, Fq, FqGadget>(); - frobenius_tests::(13); - equ_verdict_fp_gadget_test::(); - even_odd_fp_gadget_test::(); - from_bits_fp_gadget_test::(); - bit_fp_gadgets_test::(); - - field_test::<_, Fq, Fq2Gadget>(); - frobenius_tests::(13); - - field_test::<_, Fq, Fq4Gadget>(); - frobenius_tests::(13); -} diff --git a/r1cs/gadgets/std/src/instantiated/mnt4_753/mod.rs b/r1cs/gadgets/std/src/instantiated/mnt4_753/mod.rs deleted file mode 100644 index 5e10f69ff..000000000 --- a/r1cs/gadgets/std/src/instantiated/mnt4_753/mod.rs +++ /dev/null @@ -1,7 +0,0 @@ -mod curves; -mod fields; -mod pairing; - -pub use curves::*; -pub use fields::*; -pub use pairing::*; diff --git a/r1cs/gadgets/std/src/instantiated/mnt4_753/pairing.rs b/r1cs/gadgets/std/src/instantiated/mnt4_753/pairing.rs deleted file mode 100644 index f07dda5c7..000000000 --- a/r1cs/gadgets/std/src/instantiated/mnt4_753/pairing.rs +++ /dev/null @@ -1,8 +0,0 @@ -use algebra::curves::mnt4753::MNT4_753Parameters as Parameters; - -pub type PairingGadget = crate::pairing::mnt4::MNT4PairingGadget; - -#[test] -fn test() { - crate::pairing::tests::bilinearity_test::() -} diff --git a/r1cs/gadgets/std/src/instantiated/mnt6_753/curves.rs b/r1cs/gadgets/std/src/instantiated/mnt6_753/curves.rs deleted file mode 100644 index 12342278d..000000000 --- a/r1cs/gadgets/std/src/instantiated/mnt6_753/curves.rs +++ /dev/null @@ -1,16 +0,0 @@ -use crate::groups::mnt::mnt6; -use algebra::curves::mnt6753::MNT6_753Parameters as Parameters; - -pub type G1Gadget = mnt6::G1Gadget; -pub type G2Gadget = mnt6::G2Gadget; - -pub type G1PreparedGadget = mnt6::G1PreparedGadget; -pub type G2PreparedGadget = mnt6::G2PreparedGadget; - -#[test] -fn test() { - crate::groups::test::group_test_with_incomplete_add::<_, _, G1Gadget>(); - crate::groups::test::group_test_with_incomplete_add::<_, _, G2Gadget>(); - crate::groups::test::mul_bits_test::<_, _, G1Gadget>(); - crate::groups::test::mul_bits_test::<_, _, G2Gadget>(); -} diff --git a/r1cs/gadgets/std/src/instantiated/mnt6_753/fields.rs b/r1cs/gadgets/std/src/instantiated/mnt6_753/fields.rs deleted file mode 100644 index eaab52cc8..000000000 --- a/r1cs/gadgets/std/src/instantiated/mnt6_753/fields.rs +++ /dev/null @@ -1,27 +0,0 @@ -use algebra::fields::mnt6753::{Fq, Fq3Parameters, Fq6Parameters}; - -use crate::fields::{fp::FpGadget, fp3::Fp3Gadget, fp6_2over3::Fp6Gadget}; - -pub type FqGadget = FpGadget; -pub type Fq3Gadget = Fp3Gadget; -pub type Fq6Gadget = Fp6Gadget; - -#[test] -fn mnt6_753_field_gadgets_test() { - use super::*; - use crate::fields::tests::*; - use algebra::fields::mnt6753::{Fq, Fq3, Fq6}; - - field_test::<_, Fq, FqGadget>(); - frobenius_tests::(13); - equ_verdict_fp_gadget_test::(); - even_odd_fp_gadget_test::(); - from_bits_fp_gadget_test::(); - bit_fp_gadgets_test::(); - - field_test::<_, Fq, Fq3Gadget>(); - frobenius_tests::(13); - - field_test::<_, Fq, Fq6Gadget>(); - frobenius_tests::(13); -} diff --git a/r1cs/gadgets/std/src/instantiated/mnt6_753/mod.rs b/r1cs/gadgets/std/src/instantiated/mnt6_753/mod.rs deleted file mode 100644 index 5e10f69ff..000000000 --- a/r1cs/gadgets/std/src/instantiated/mnt6_753/mod.rs +++ /dev/null @@ -1,7 +0,0 @@ -mod curves; -mod fields; -mod pairing; - -pub use curves::*; -pub use fields::*; -pub use pairing::*; diff --git a/r1cs/gadgets/std/src/instantiated/mnt6_753/pairing.rs b/r1cs/gadgets/std/src/instantiated/mnt6_753/pairing.rs deleted file mode 100644 index 7118b928f..000000000 --- a/r1cs/gadgets/std/src/instantiated/mnt6_753/pairing.rs +++ /dev/null @@ -1,8 +0,0 @@ -use algebra::curves::mnt6753::MNT6_753Parameters as Parameters; - -pub type PairingGadget = crate::pairing::mnt6::MNT6PairingGadget; - -#[test] -fn test() { - crate::pairing::tests::bilinearity_test::() -} diff --git a/r1cs/gadgets/std/src/pairing/bls12/mod.rs b/r1cs/gadgets/std/src/pairing/bls12/mod.rs deleted file mode 100644 index 7432481a6..000000000 --- a/r1cs/gadgets/std/src/pairing/bls12/mod.rs +++ /dev/null @@ -1,185 +0,0 @@ -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use super::PairingGadget as PG; - -use crate::{ - fields::{fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, quadratic_extension::*, FieldGadget}, - groups::bls12::{G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget}, -}; -use algebra::{ - curves::bls12::{Bls12, Bls12Parameters, TwistType}, - fields::{fp12_2over3over2::Fp12ParamsWrapper, BitIterator}, -}; -use std::marker::PhantomData; - -pub struct PairingGadget(PhantomData

); - -type Fp2G

= Fp2Gadget<

::Fp2Params,

::Fp>; - -impl PairingGadget

{ - // Evaluate the line function at point p. - fn ell>( - mut cs: CS, - f: &mut Fp12Gadget, - coeffs: &(Fp2G

, Fp2G

), - p: &G1Gadget

, - ) -> Result<(), SynthesisError> { - let zero = FpGadget::::zero(cs.ns(|| "fpg zero"))?; - - match P::TWIST_TYPE { - TwistType::M => { - let c0 = coeffs.0.clone(); - let mut c1 = coeffs.1.clone(); - let c2 = Fp2G::

::new(p.y.clone(), zero); - - c1.c0 = c1.c0.mul(cs.ns(|| "mul c1.c0"), &p.x)?; - c1.c1 = c1.c1.mul(cs.ns(|| "mul c1.c1"), &p.x)?; - *f = f.mul_by_014(cs.ns(|| "sparse mul f"), &c0, &c1, &c2)?; - Ok(()) - } - TwistType::D => { - let c0 = Fp2G::

::new(p.y.clone(), zero); - let mut c1 = coeffs.0.clone(); - let c2 = coeffs.1.clone(); - - c1.c0 = c1.c0.mul(cs.ns(|| "mul c1.c0"), &p.x)?; - c1.c1 = c1.c1.mul(cs.ns(|| "mul c1.c1"), &p.x)?; - *f = f.mul_by_034(cs.ns(|| "sparse mul f"), &c0, &c1, &c2)?; - Ok(()) - } - } - } - - fn exp_by_x>( - mut cs: CS, - f: &Fp12Gadget, - ) -> Result, SynthesisError> { - let mut result = f.cyclotomic_exp(cs.ns(|| "exp_by_x"), P::X)?; - if P::X_IS_NEGATIVE { - result.conjugate_in_place(cs.ns(|| "conjugate"))?; - } - Ok(result) - } -} - -impl PG, P::Fp> for PairingGadget

{ - type G1Gadget = G1Gadget

; - type G2Gadget = G2Gadget

; - type G1PreparedGadget = G1PreparedGadget

; - type G2PreparedGadget = G2PreparedGadget

; - type GTGadget = Fp12Gadget; - - fn miller_loop>( - mut cs: CS, - ps: &[Self::G1PreparedGadget], - qs: &[Self::G2PreparedGadget], - ) -> Result { - let mut pairs = vec![]; - for (p, q) in ps.iter().zip(qs.iter()) { - pairs.push((p, q.ell_coeffs.iter())); - } - let mut f = Self::GTGadget::one(cs.ns(|| "one"))?; - - for (j, i) in BitIterator::new(P::X).skip(1).enumerate() { - let mut cs = cs.ns(|| format!("Iteration {}", j)); - f.square_in_place(cs.ns(|| "square"))?; - - for (k, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - let cs = cs.ns(|| format!("Double input {}", k)); - Self::ell(cs, &mut f, coeffs.next().unwrap(), &p.0)?; - } - - if i { - for (k, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - let cs = cs.ns(|| format!("Addition input {}", k)); - Self::ell(cs, &mut f, &coeffs.next().unwrap(), &p.0)?; - } - } - } - - if P::X_IS_NEGATIVE { - f.conjugate_in_place(cs.ns(|| "f conjugate"))?; - } - - Ok(f) - } - - fn final_exponentiation>( - mut cs: CS, - f: &Self::GTGadget, - ) -> Result { - // Computing the final exponentation following - // https://eprint.iacr.org/2016/130.pdf. - // We don't use their "faster" formula because it is difficult to make - // it work for curves with odd `P::X`. - // Hence we implement the slower algorithm from Table 1 below. - - let f1 = f.frobenius_map(cs.ns(|| "frobmap 1"), 6)?; - - f.inverse(cs.ns(|| "inverse 1")).and_then(|mut f2| { - // f2 = f^(-1); - // r = f^(p^6 - 1) - let mut r = f1; - r.mul_in_place(cs.ns(|| "r = f1 * f2"), &f2)?; - - // f2 = f^(p^6 - 1) - f2 = r.clone(); - // r = f^((p^6 - 1)(p^2)) - r.frobenius_map_in_place(cs.ns(|| "frobenius map 2"), 2)?; - - // r = f^((p^6 - 1)(p^2) + (p^6 - 1)) - // r = f^((p^6 - 1)(p^2 + 1)) - r.mul_in_place(cs.ns(|| "mul 0"), &f2)?; - - // Hard part of the final exponentation is below: - // From https://eprint.iacr.org/2016/130.pdf, Table 1 - let mut y0 = Fp12ParamsWrapper::::cyclotomic_square_gadget( - cs.ns(|| "cyclotomic_sq 1"), - &r, - )?; - y0.conjugate_in_place(&mut cs.ns(|| "conjugate 2"))?; - - let mut y5 = Self::exp_by_x(&mut cs.ns(|| "exp_by_x 1"), &r)?; - - let mut y1 = Fp12ParamsWrapper::::cyclotomic_square_gadget( - cs.ns(|| "square 1"), - &y5, - )?; - let mut y3 = y0.mul(&mut cs.ns(|| "mul 1"), &y5)?; - y0 = Self::exp_by_x(cs.ns(|| "exp_by_x 2"), &y3)?; - let y2 = Self::exp_by_x(cs.ns(|| "exp_by_x 3"), &y0)?; - let mut y4 = Self::exp_by_x(cs.ns(|| "exp_by_x 4"), &y2)?; - y4.mul_in_place(cs.ns(|| "mul 2"), &y1)?; - y1 = Self::exp_by_x(cs.ns(|| "exp_by_x 5"), &y4)?; - y3.conjugate_in_place(cs.ns(|| "conjugate 3"))?; - y1.mul_in_place(cs.ns(|| "mul 3"), &y3)?; - y1.mul_in_place(cs.ns(|| "mul 4"), &r)?; - y3 = r.clone(); - y3.conjugate_in_place(cs.ns(|| "conjugate 4"))?; - y0.mul_in_place(cs.ns(|| "mul 5"), &r)?; - y0.frobenius_map_in_place(cs.ns(|| "frobmap 3"), 3)?; - y4.mul_in_place(cs.ns(|| "mul 6"), &y3)?; - y4.frobenius_map_in_place(cs.ns(|| "frobmap 4"), 1)?; - y5.mul_in_place(cs.ns(|| "mul 7"), &y2)?; - y5.frobenius_map_in_place(cs.ns(|| "frobmap 5"), 2)?; - y5.mul_in_place(cs.ns(|| "mul 8"), &y0)?; - y5.mul_in_place(cs.ns(|| "mul 9"), &y4)?; - y5.mul_in_place(cs.ns(|| "mul 10"), &y1)?; - Ok(y5) - }) - } - - fn prepare_g1>( - cs: CS, - p: &Self::G1Gadget, - ) -> Result { - Self::G1PreparedGadget::from_affine(cs, p) - } - - fn prepare_g2>( - cs: CS, - q: &Self::G2Gadget, - ) -> Result { - Self::G2PreparedGadget::from_affine(cs, q) - } -} diff --git a/r1cs/gadgets/std/src/pairing/bn/mod.rs b/r1cs/gadgets/std/src/pairing/bn/mod.rs deleted file mode 100644 index d4a5bc33e..000000000 --- a/r1cs/gadgets/std/src/pairing/bn/mod.rs +++ /dev/null @@ -1,226 +0,0 @@ -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use super::PairingGadget as PG; - -use crate::{ - fields::{ - fp::FpGadget, fp12::Fp12Gadget, fp2::Fp2Gadget, - quadratic_extension::QuadExtParametersGadget, FieldGadget, - }, - groups::bn::{G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget}, -}; -use algebra::{curves::bn::*, fields::fp12_2over3over2::Fp12ParamsWrapper}; -use std::marker::PhantomData; - -pub struct PairingGadget(PhantomData

); - -type Fp2G

= Fp2Gadget<

::Fp2Params,

::Fp>; - -impl PairingGadget

{ - // Evaluate the line function at point p. - fn ell>( - mut cs: CS, - f: &mut Fp12Gadget, - coeffs: &(Fp2G

, Fp2G

), - p: &G1Gadget

, - ) -> Result<(), SynthesisError> { - let zero = FpGadget::::zero(cs.ns(|| "fpg zero"))?; - - match P::TWIST_TYPE { - TwistType::M => { - let c0 = coeffs.0.clone(); - let mut c1 = coeffs.1.clone(); - let c2 = Fp2G::

::new(p.y.clone(), zero); - - c1.c0 = c1.c0.mul(cs.ns(|| "mul c1.c0"), &p.x)?; - c1.c1 = c1.c1.mul(cs.ns(|| "mul c1.c1"), &p.x)?; - *f = f.mul_by_014(cs.ns(|| "sparse mul f"), &c0, &c1, &c2)?; - Ok(()) - } - TwistType::D => { - let c0 = Fp2G::

::new(p.y.clone(), zero); - let mut c1 = coeffs.0.clone(); - let c2 = coeffs.1.clone(); - - c1.c0 = c1.c0.mul(cs.ns(|| "mul c1.c0"), &p.x)?; - c1.c1 = c1.c1.mul(cs.ns(|| "mul c1.c1"), &p.x)?; - *f = f.mul_by_034(cs.ns(|| "sparse mul f"), &c0, &c1, &c2)?; - Ok(()) - } - } - } - - fn exp_by_neg_x>( - mut cs: CS, - f: &Fp12Gadget, - ) -> Result, SynthesisError> { - let mut result = f.cyclotomic_exp(cs.ns(|| "exp_by_neg_x"), P::X)?; - if !P::X_IS_NEGATIVE { - result.conjugate_in_place(cs.ns(|| "conjugate"))?; - } - Ok(result) - } -} - -impl PG, P::Fp> for PairingGadget

{ - type G1Gadget = G1Gadget

; - type G2Gadget = G2Gadget

; - type G1PreparedGadget = G1PreparedGadget

; - type G2PreparedGadget = G2PreparedGadget

; - type GTGadget = Fp12Gadget; - - fn miller_loop>( - mut cs: CS, - ps: &[Self::G1PreparedGadget], - qs: &[Self::G2PreparedGadget], - ) -> Result { - let mut pairs = vec![]; - for (p, q) in ps.iter().zip(qs.iter()) { - pairs.push((p, q.ell_coeffs.iter())); - } - let mut f = Self::GTGadget::one(cs.ns(|| "one"))?; - - for i in (1..P::ATE_LOOP_COUNT.len()).rev() { - let mut cs = cs.ns(|| format!("Iteration {}", i)); - if i != P::ATE_LOOP_COUNT.len() - 1 { - f.square_in_place(cs.ns(|| "square"))?; - } - - for (k, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - let cs = cs.ns(|| format!("Double input {}", k)); - Self::ell(cs, &mut f, coeffs.next().unwrap(), &p.0)?; - } - - let bit = P::ATE_LOOP_COUNT[i - 1]; - - match bit { - 1 => { - for (k, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - let cs = cs.ns(|| format!("Addition input {}", k)); - Self::ell(cs, &mut f, &coeffs.next().unwrap(), &p.0)?; - } - } - -1 => { - for (k, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - let cs = cs.ns(|| format!("Addition input {}", k)); - Self::ell(cs, &mut f, &coeffs.next().unwrap(), &p.0)?; - } - } - _ => continue, - } - } - - if P::ATE_LOOP_COUNT_IS_NEGATIVE { - f.conjugate_in_place(cs.ns(|| "f conjugate"))?; - } - - for (i, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - Self::ell( - cs.ns(|| format!("Last addition step 1_{}", i)), - &mut f, - coeffs.next().unwrap(), - &p.0, - )?; - } - - for (i, &mut (p, ref mut coeffs)) in pairs.iter_mut().enumerate() { - Self::ell( - cs.ns(|| format!("Last addition step 2_{}", i)), - &mut f, - coeffs.next().unwrap(), - &p.0, - )?; - } - - Ok(f) - } - - fn final_exponentiation>( - mut cs: CS, - f: &Self::GTGadget, - ) -> Result { - // Computing the final exponentation following - // https://eprint.iacr.org/2016/130.pdf. - // We don't use their "faster" formula because it is difficult to make - // it work for curves with odd `P::X`. - // Hence we implement the slower algorithm from Table 1 below. - - let f1 = f.frobenius_map(cs.ns(|| "frobmap 1"), 6)?; - - f.inverse(cs.ns(|| "inverse 1")).and_then(|mut f2| { - // f2 = f^(-1); - // r = f^(p^6 - 1) - let mut r = f1; - r.mul_in_place(cs.ns(|| "r = f1 * f2"), &f2)?; - - // f2 = f^(p^6 - 1) - f2 = r.clone(); - // r = f^((p^6 - 1)(p^2)) - r.frobenius_map_in_place(cs.ns(|| "frobmap 2"), 2)?; - - // r = f^((p^6 - 1)(p^2) + (p^6 - 1)) - // r = f^((p^6 - 1)(p^2 + 1)) - r.mul_in_place(cs.ns(|| "mul 0"), &f2)?; - - // Hard part follows Laura Fuentes-Castaneda et al. "Faster hashing to G2" - // by computing: - // - // result = elt^(q^3 * (12*z^3 + 6z^2 + 4z - 1) + - // q^2 * (12*z^3 + 6z^2 + 6z) + - // q * (12*z^3 + 6z^2 + 4z) + - // 1 * (12*z^3 + 12z^2 + 6z + 1)) - // which equals - // - // result = elt^( 2z * ( 6z^2 + 3z + 1 ) * (q^4 - q^2 + 1)/r ). - - let y0 = Self::exp_by_neg_x(cs.ns(|| "exp_by_neg_x_1"), &r)?; - let y1 = Fp12ParamsWrapper::::cyclotomic_square_gadget( - cs.ns(|| "square_1"), - &y0, - )?; - let y2 = Fp12ParamsWrapper::::cyclotomic_square_gadget( - cs.ns(|| "square_2"), - &y1, - )?; - let mut y3 = y2.mul(cs.ns(|| "y3 = y2 * y1"), &y1)?; - let y4 = Self::exp_by_neg_x(cs.ns(|| "exp_by_neg_x_2"), &y3)?; - let y5 = Fp12ParamsWrapper::::cyclotomic_square_gadget( - cs.ns(|| "square_3"), - &y4, - )?; - let mut y6 = Self::exp_by_neg_x(cs.ns(|| "exp_by_neg_x_3"), &y5)?; - y3.conjugate_in_place(cs.ns(|| "conjugate 1"))?; - y6.conjugate_in_place(cs.ns(|| "conjugate_2"))?; - let y7 = y6.mul(cs.ns(|| "y7 = y6 * y4"), &y4)?; - let mut y8 = y7.mul(cs.ns(|| "y8 = y7 * y3"), &y3)?; - let y9 = y8.mul(cs.ns(|| "y9 = y8 * y1"), &y1)?; - let y10 = y8.mul(cs.ns(|| "y10 = y8 * y4"), &y4)?; - let y11 = y10.mul(cs.ns(|| "y11 = y10 * r"), &r)?; - let mut y12 = y9.clone(); - y12.frobenius_map_in_place(cs.ns(|| "frobmap 3"), 1)?; - let y13 = y12.mul(cs.ns(|| "y13 = y12 * y11"), &y11)?; - y8.frobenius_map_in_place(cs.ns(|| "frobmap 4"), 2)?; - let y14 = y8.mul(cs.ns(|| "y14 = y8 * y13"), &y13)?; - r.conjugate_in_place(cs.ns(|| "conjugate_3"))?; - let mut y15 = r.mul(cs.ns(|| "y15 = r * y9"), &y9)?; - y15.frobenius_map_in_place(cs.ns(|| "frobmap 5"), 3)?; - let y16 = y15.mul(cs.ns(|| "y16 = y15 * y14"), &y14)?; - - Ok(y16) - }) - } - - fn prepare_g1>( - cs: CS, - p: &Self::G1Gadget, - ) -> Result { - Self::G1PreparedGadget::from_affine(cs, p) - } - - fn prepare_g2>( - cs: CS, - q: &Self::G2Gadget, - ) -> Result { - Self::G2PreparedGadget::from_affine(cs, q) - } -} diff --git a/r1cs/gadgets/std/src/pairing/mnt4/mod.rs b/r1cs/gadgets/std/src/pairing/mnt4/mod.rs deleted file mode 100644 index e2f55cb8d..000000000 --- a/r1cs/gadgets/std/src/pairing/mnt4/mod.rs +++ /dev/null @@ -1,159 +0,0 @@ -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{ - fields::{fp4::Fp4Gadget, FieldGadget}, - groups::curves::short_weierstrass::mnt::mnt4::{ - G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget, - }, -}; - -use crate::pairing::PairingGadget; -use algebra::curves::models::mnt4::{MNT4Parameters, MNT4p}; -use std::marker::PhantomData; - -pub struct MNT4PairingGadget(PhantomData

); - -impl PairingGadget, P::Fp> for MNT4PairingGadget

{ - type G1Gadget = G1Gadget

; - type G2Gadget = G2Gadget

; - type G1PreparedGadget = G1PreparedGadget

; - type G2PreparedGadget = G2PreparedGadget

; - type GTGadget = Fp4Gadget; - - fn miller_loop>( - mut cs: CS, - p: &[Self::G1PreparedGadget], - q: &[Self::G2PreparedGadget], - ) -> Result { - let mut result = Self::GTGadget::one(cs.ns(|| "one"))?; - let it = p.iter().zip(q.iter()); - - for (i, (ps, qs)) in it.into_iter().enumerate() { - let mut cs = cs.ns(|| format!("Pair_{}", i)); - - let mut f = Self::GTGadget::one(cs.ns(|| "f"))?; - - let mut idx: usize = 0; - - for (j, &n) in P::WNAF.iter().rev().enumerate() { - let mut cs = cs.ns(|| format!("Iteration_{}", j)); - - let c = &qs.coeffs[idx]; - idx += 1; - - //Double step - //Compute g_rr_at_p_c0 - let g_rr_at_p_c0 = ps.clone().p_y_twist_squared; - - let mut t = c - .gamma - .mul_by_constant(cs.ns(|| "double compute gamma_twist"), &P::TWIST)?; - t.mul_assign_by_base_field_gadget( - cs.ns(|| "double gamma_twist * ps.p.x"), - &ps.p.x, - )?; - let g_rr_at_p_c1 = c - .gamma_x - .sub(cs.ns(|| "gamma_x - r_y"), &c.r_y)? - .sub(cs.ns(|| "gamma_x - r_y - t"), &t)?; - - //Compute g_rr_at_p - let g_rr_at_p = Self::GTGadget::new(g_rr_at_p_c0.clone(), g_rr_at_p_c1); - - //Compute new_f - f = f - .square(cs.ns(|| "f^2"))? - .mul_by_023(cs.ns(|| "double compute f"), &g_rr_at_p)?; - - if n != 0 { - //Addition Step - let c = &qs.coeffs[idx]; - idx += 1; - - let g_rq_at_p_c0 = ps.clone().p_y_twist_squared; - - //Compute g_rq_at_p_c1 - let neg_q_y = qs.q.y.negate(cs.ns(|| "- q.y"))?; - let q_y = if n > 0 { qs.clone().q.y } else { neg_q_y }; - - let mut t = c - .gamma - .mul_by_constant(cs.ns(|| "add compute gamma_twist"), &P::TWIST)?; - t.mul_assign_by_base_field_gadget( - cs.ns(|| "add gamma_twist * ps.p.x"), - &ps.p.x, - )?; - let g_rq_at_p_c1 = c - .gamma_x - .sub(cs.ns(|| "gamma_x - q_y"), &q_y)? - .sub(cs.ns(|| "gamma_x - q_y - t"), &t)?; - - //Compute g_rq_at_p - let g_rq_at_p = Self::GTGadget::new(g_rq_at_p_c0, g_rq_at_p_c1); - - //Compute and check f - f = f.mul_by_023(cs.ns(|| "add compute f"), &g_rq_at_p)?; - } - } - if P::ATE_IS_LOOP_COUNT_NEG { - f = f.unitary_inverse(cs.ns(|| "f unitary inverse"))?; - } - result.mul_in_place(cs.ns(|| format!("mul_assign_{}", i)), &f)?; - } - Ok(result) - } - - fn final_exponentiation>( - mut cs: CS, - value: &Self::GTGadget, - ) -> Result { - let value_inv = value.inverse(cs.ns(|| "value_inverse"))?; - - //Final exp first chunk - //use the Frobenius map a to compute value^(q^2-1) - let elt = value - .clone() - .frobenius_map(cs.ns(|| "value_frobenius_2"), 2)? - .mul(cs.ns(|| "value_frobenius_2_div_value"), &value_inv)?; - - //Final exp last chunk (p^2 +1)/r = m_1*q + m_0, m_0 can be signed. - //compute elt^q - let elt_q = elt.frobenius_map(cs.ns(|| "elt_q_frobenius_1"), 1)?; - - //compute elt^{m1*q} - let w1_part = - elt_q.cyclotomic_exp(cs.ns(|| "compute w1"), P::FINAL_EXPONENT_LAST_CHUNK_1)?; - - let w0_part = if P::FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG { - // we need the inverse of elt in this case, by recomputing first chunk exp - let elt_inv = value_inv - .frobenius_map(cs.ns(|| "value_inv_frobenius_2"), 2)? - .mul(cs.ns(|| "value_inv_frobenius_2_div_value"), &value)?; - elt_inv.cyclotomic_exp( - cs.ns(|| "compute w0"), - P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0, - ) - } else { - elt.cyclotomic_exp( - cs.ns(|| "compute w0"), - P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0, - ) - }?; - - w1_part.mul(cs.ns(|| "w0 * w1"), &w0_part) - } - - fn prepare_g1>( - cs: CS, - q: &Self::G1Gadget, - ) -> Result { - Self::G1PreparedGadget::from_affine(cs, q) - } - - fn prepare_g2>( - cs: CS, - q: &Self::G2Gadget, - ) -> Result { - Self::G2PreparedGadget::from_affine(cs, q) - } -} diff --git a/r1cs/gadgets/std/src/pairing/mnt6/mod.rs b/r1cs/gadgets/std/src/pairing/mnt6/mod.rs deleted file mode 100644 index 5908e2aea..000000000 --- a/r1cs/gadgets/std/src/pairing/mnt6/mod.rs +++ /dev/null @@ -1,168 +0,0 @@ -use r1cs_core::{ConstraintSystem, SynthesisError}; - -use crate::{ - fields::{fp6_2over3::Fp6Gadget, FieldGadget}, - groups::curves::short_weierstrass::mnt::mnt6::{ - G1Gadget, G1PreparedGadget, G2Gadget, G2PreparedGadget, - }, -}; - -use crate::pairing::PairingGadget; -use algebra::curves::models::mnt6::{MNT6Parameters, MNT6p}; -use std::marker::PhantomData; - -pub struct MNT6PairingGadget(PhantomData

); - -impl PairingGadget, P::Fp> for MNT6PairingGadget

{ - type G1Gadget = G1Gadget

; - type G2Gadget = G2Gadget

; - type G1PreparedGadget = G1PreparedGadget

; - type G2PreparedGadget = G2PreparedGadget

; - type GTGadget = Fp6Gadget; - - fn miller_loop>( - mut cs: CS, - p: &[Self::G1PreparedGadget], - q: &[Self::G2PreparedGadget], - ) -> Result { - let mut result = Self::GTGadget::one(cs.ns(|| "one"))?; - let it = p.iter().zip(q.iter()); - - for (i, (ps, qs)) in it.into_iter().enumerate() { - let mut cs = cs.ns(|| format!("Pair_{}", i)); - - let mut f = Self::GTGadget::one(cs.ns(|| "f"))?; - - let mut idx: usize = 0; - - for (j, &n) in P::WNAF.iter().rev().enumerate() { - let mut cs = cs.ns(|| format!("Iteration_{}", j)); - - let c = &qs.coeffs[idx]; - idx += 1; - - //Double step - //Compute g_rr_at_p_c0 - let g_rr_at_p_c0 = ps.clone().p_y_twist_squared; - - let mut t = c - .gamma - .mul_by_constant(cs.ns(|| "double compute gamma_twist"), &P::TWIST)?; - t.mul_assign_by_base_field_gadget( - cs.ns(|| "double gamma_twist * ps.p.x"), - &ps.p.x, - )?; - let g_rr_at_p_c1 = c - .gamma_x - .sub(cs.ns(|| "gamma_x - r_y"), &c.r_y)? - .sub(cs.ns(|| "gamma_x - r_y - t"), &t)?; - - //Compute g_rr_at_p - let g_rr_at_p = Self::GTGadget::new(g_rr_at_p_c0.clone(), g_rr_at_p_c1); - - //Compute new_f - f = f - .square(cs.ns(|| "f^2"))? - .mul_by_2345(cs.ns(|| "double compute f"), &g_rr_at_p)?; - - if n != 0 { - //Addition Step - let c = &qs.coeffs[idx]; - idx += 1; - - let g_rq_at_p_c0 = ps.clone().p_y_twist_squared; - - //Compute g_rq_at_p_c1 - let neg_q_y = qs.q.y.negate(cs.ns(|| "- q.y"))?; - let q_y = if n > 0 { qs.clone().q.y } else { neg_q_y }; - - let mut t = c - .gamma - .mul_by_constant(cs.ns(|| "add compute gamma_twist"), &P::TWIST)?; - t.mul_assign_by_base_field_gadget( - cs.ns(|| "add gamma_twist * ps.p.x"), - &ps.p.x, - )?; - let g_rq_at_p_c1 = c - .gamma_x - .sub(cs.ns(|| "gamma_x - q_y"), &q_y)? - .sub(cs.ns(|| "gamma_x - q_y - t"), &t)?; - - //Compute g_rq_at_p - let g_rq_at_p = Self::GTGadget::new(g_rq_at_p_c0, g_rq_at_p_c1); - - //Compute new f - f = f.mul_by_2345(cs.ns(|| "add compute f"), &g_rq_at_p)?; - } - } - if P::ATE_IS_LOOP_COUNT_NEG { - f = f.unitary_inverse(cs.ns(|| "f unitary inverse"))?; - } - result.mul_in_place(cs.ns(|| format!("mul_assign_{}", i)), &f)?; - } - Ok(result) - } - - fn final_exponentiation>( - mut cs: CS, - value: &Self::GTGadget, - ) -> Result { - let value_inv = value.inverse(cs.ns(|| "value_inverse"))?; - - //Final exp first chunk - //use the Frobenius map a to compute value^{(q^3-1)(q-1)} - let elt = { - let elt_q3_over_elt = value - .clone() - .frobenius_map(cs.ns(|| "elt^(q^3)"), 3)? - .mul(cs.ns(|| "elt^(q^3-1)"), &value_inv)?; - elt_q3_over_elt - .frobenius_map(cs.ns(|| "elt^((q^3-1) * q)"), 1)? - .mul(cs.ns(|| "elt^((q^3-1)*(q+1)"), &elt_q3_over_elt)? - }; - - //Final exp last chunk (q^2 -q +1)/r = m_1*q + m_0, m_0 can be signed. - //compute elt^q - let elt_q = elt.frobenius_map(cs.ns(|| "elt_q_frobenius_1"), 1)?; - - let w1_part = - elt_q.cyclotomic_exp(cs.ns(|| "compute w1"), P::FINAL_EXPONENT_LAST_CHUNK_1)?; - - let w0_part = if P::FINAL_EXPONENT_LAST_CHUNK_W0_IS_NEG { - // we need the inverse of elt in this case, by recomputing first chunk exp - let elt_inv = { - let elt_inv_q3_over_elt_inv = value_inv - .frobenius_map(cs.ns(|| "elt_inv^(q^3)"), 3)? - .mul(cs.ns(|| "elt_inv^(q^3-1)"), &value_inv)?; - elt_inv_q3_over_elt_inv - .frobenius_map(cs.ns(|| "elt_inv^((q^3-1) * q)"), 1)? - .mul(cs.ns(|| "elt_inv^((q^3-1)*(q+1)"), &elt_inv_q3_over_elt_inv)? - }; - elt_inv.cyclotomic_exp( - cs.ns(|| "compute w0"), - P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0, - ) - } else { - elt.cyclotomic_exp( - cs.ns(|| "compute w0"), - P::FINAL_EXPONENT_LAST_CHUNK_ABS_OF_W0, - ) - }?; - - w1_part.mul(cs.ns(|| "w0 * w1"), &w0_part) - } - - fn prepare_g1>( - cs: CS, - q: &Self::G1Gadget, - ) -> Result { - Self::G1PreparedGadget::from_affine(cs, q) - } - - fn prepare_g2>( - cs: CS, - q: &Self::G2Gadget, - ) -> Result { - Self::G2PreparedGadget::from_affine(cs, q) - } -} diff --git a/r1cs/gadgets/std/src/pairing/mod.rs b/r1cs/gadgets/std/src/pairing/mod.rs deleted file mode 100644 index 83ff9b02e..000000000 --- a/r1cs/gadgets/std/src/pairing/mod.rs +++ /dev/null @@ -1,157 +0,0 @@ -use crate::prelude::*; -use algebra::{Field, PairingEngine}; -use r1cs_core::{ConstraintSystem, SynthesisError}; -use std::fmt::Debug; - -pub mod bls12; -pub mod bn; -pub mod mnt4; -pub mod mnt6; - -pub trait PairingGadget { - type G1Gadget: GroupGadget; - type G2Gadget: GroupGadget; - - type G1PreparedGadget: ToBytesGadget + Clone + Debug; - - type G2PreparedGadget: ToBytesGadget + Clone + Debug; - - type GTGadget: FieldGadget + Clone; - - fn miller_loop>( - cs: CS, - p: &[Self::G1PreparedGadget], - q: &[Self::G2PreparedGadget], - ) -> Result; - - fn final_exponentiation>( - cs: CS, - p: &Self::GTGadget, - ) -> Result; - - fn pairing>( - mut cs: CS, - p: Self::G1PreparedGadget, - q: Self::G2PreparedGadget, - ) -> Result { - let tmp = Self::miller_loop(cs.ns(|| "miller loop"), &[p], &[q])?; - Self::final_exponentiation(cs.ns(|| "final_exp"), &tmp) - } - - /// Computes a product of pairings. - #[must_use] - fn product_of_pairings>( - mut cs: CS, - p: &[Self::G1PreparedGadget], - q: &[Self::G2PreparedGadget], - ) -> Result { - let miller_result = Self::miller_loop(&mut cs.ns(|| "Miller loop"), p, q)?; - Self::final_exponentiation(&mut cs.ns(|| "Final Exp"), &miller_result) - } - - fn prepare_g1>( - cs: CS, - q: &Self::G1Gadget, - ) -> Result; - - fn prepare_g2>( - cs: CS, - q: &Self::G2Gadget, - ) -> Result; -} - -#[cfg(test)] -pub(crate) mod tests { - use crate::{bits::boolean::Boolean, prelude::*, test_constraint_system::TestConstraintSystem}; - use algebra::{BitIterator, Field, Group, PairingEngine, PrimeField, UniformRand}; - use r1cs_core::ConstraintSystem; - use rand; - use rand::thread_rng; - - #[allow(dead_code)] - pub(crate) fn bilinearity_test< - E: PairingEngine, - ConstraintF: Field, - P: PairingGadget, - >() { - let mut cs = TestConstraintSystem::::new(); - - let mut rng = &mut thread_rng(); - let a = E::G1Projective::rand(&mut rng); - let b = E::G2Projective::rand(&mut rng); - let s = E::Fr::rand(&mut rng); - - let sa = a.mul(&s); - let sb = b.mul(&s); - - let a_g = P::G1Gadget::alloc(&mut cs.ns(|| "a"), || Ok(a)).unwrap(); - let b_g = P::G2Gadget::alloc(&mut cs.ns(|| "b"), || Ok(b)).unwrap(); - let sa_g = P::G1Gadget::alloc(&mut cs.ns(|| "sa"), || Ok(sa)).unwrap(); - let sb_g = P::G2Gadget::alloc(&mut cs.ns(|| "sb"), || Ok(sb)).unwrap(); - - let a_prep_g = P::prepare_g1(&mut cs.ns(|| "a_prep"), &a_g).unwrap(); - let b_prep_g = P::prepare_g2(&mut cs.ns(|| "b_prep"), &b_g).unwrap(); - - let sa_prep_g = P::prepare_g1(&mut cs.ns(|| "sa_prep"), &sa_g).unwrap(); - let sb_prep_g = P::prepare_g2(&mut cs.ns(|| "sb_prep"), &sb_g).unwrap(); - - let (ans1_g, ans1_n) = { - let ans_g = P::pairing(cs.ns(|| "pair(sa, b)"), sa_prep_g, b_prep_g.clone()).unwrap(); - let ans_n = E::pairing(sa, b).unwrap(); - (ans_g, ans_n) - }; - - let (ans2_g, ans2_n) = { - let ans_g = P::pairing(cs.ns(|| "pair(a, sb)"), a_prep_g.clone(), sb_prep_g).unwrap(); - let ans_n = E::pairing(a, sb).unwrap(); - (ans_g, ans_n) - }; - - let (ans3_g, ans3_n) = { - let s_iter = BitIterator::new(s.into_repr()) - .map(Boolean::constant) - .collect::>(); - - let mut ans_g = P::pairing(cs.ns(|| "pair(a, b)"), a_prep_g, b_prep_g).unwrap(); - let mut ans_n = E::pairing(a, b).unwrap(); - ans_n = ans_n.pow(s.into_repr()); - ans_g = ans_g.pow(cs.ns(|| "pow"), &s_iter).unwrap(); - - (ans_g, ans_n) - }; - - assert_eq!(ans1_n, ans2_n, "Failed ans1_native == ans2_native"); - assert_eq!(ans2_n, ans3_n, "Failed ans2_native == ans3_native"); - assert_eq!( - ans1_g.get_value(), - ans3_g.get_value(), - "Failed ans1 == ans3" - ); - assert_eq!( - ans1_g.get_value(), - ans2_g.get_value(), - "Failed ans1 == ans2" - ); - assert_eq!( - ans2_g.get_value(), - ans3_g.get_value(), - "Failed ans2 == ans3" - ); - - ans1_g - .enforce_equal(&mut cs.ns(|| "ans1 == ans2?"), &ans2_g) - .unwrap(); - ans2_g - .enforce_equal(&mut cs.ns(|| "ans2 == ans3?"), &ans3_g) - .unwrap(); - - assert_eq!(ans1_g.get_value().unwrap(), ans1_n, "Failed native test 1"); - assert_eq!(ans2_g.get_value().unwrap(), ans2_n, "Failed native test 2"); - assert_eq!(ans3_g.get_value().unwrap(), ans3_n, "Failed native test 3"); - - if !cs.is_satisfied() { - println!("Unsatisfied: {:?}", cs.which_is_unsatisfied()); - } - assert!(cs.is_satisfied(), "cs is not satisfied"); - } -} From b7f4342f07d0cf9f3c239dacba2ceeecd70b4bee Mon Sep 17 00:00:00 2001 From: Phoinic Date: Tue, 30 Nov 2021 10:43:03 +0200 Subject: [PATCH 30/79] Updates for marlin --- algebra/src/curves/mod.rs | 10 +- .../models/short_weierstrass_jacobian/mod.rs | 5 + .../short_weierstrass_projective/mod.rs | 5 + .../models/twisted_edwards_extended/mod.rs | 5 + r1cs/gadgets/std/src/fields/mod.rs | 8 -- r1cs/gadgets/std/src/groups/curves/mod.rs | 2 +- .../groups/curves/short_weierstrass/mod.rs | 6 +- .../short_weierstrass_jacobian.rs | 136 +++++++----------- .../short_weierstrass_projective.rs | 15 +- r1cs/gadgets/std/src/groups/mod.rs | 4 +- .../short_weierstrass_jacobian.rs | 129 ++++++----------- r1cs/gadgets/std/src/instantiated/mod.rs | 21 --- r1cs/gadgets/std/src/lib.rs | 5 +- r1cs/gadgets/std/src/to_field_gadget_vec.rs | 95 ++++++------ 14 files changed, 176 insertions(+), 270 deletions(-) diff --git a/algebra/src/curves/mod.rs b/algebra/src/curves/mod.rs index 19b748b6c..dc042fa14 100644 --- a/algebra/src/curves/mod.rs +++ b/algebra/src/curves/mod.rs @@ -57,14 +57,6 @@ pub trait Curve: fn add_affine_assign<'a>(&mut self, other: &'a Self::AffineRep); - /// Returns `self + self`. - #[must_use] - fn double(&self) -> Self { - let mut copy = *self; - copy.double_in_place(); - copy - } - // TODO: move to group trait? fn mul_bits>(&self, bits: BitIterator) -> Self; @@ -73,6 +65,8 @@ pub trait Curve: fn scale_by_cofactor(&self) -> Self; + fn scale_by_cofactor_inv(&self) -> Self; + fn is_normalized(&self) -> bool; fn normalize(&self) -> Self; diff --git a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs index 55ec30101..670b39571 100644 --- a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs +++ b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs @@ -661,6 +661,11 @@ impl Curve for Jacobian

{ self.mul_bits(cofactor) } + fn scale_by_cofactor_inv(&self) -> Self { + let cofactor_inv = BitIterator::new(Into::<::BigInt>::into(P::COFACTOR_INV)); + self.mul_bits(cofactor_inv) + } + #[inline] fn prime_subgroup_generator() -> Self { Self::new( diff --git a/algebra/src/curves/models/short_weierstrass_projective/mod.rs b/algebra/src/curves/models/short_weierstrass_projective/mod.rs index 595cc4316..5f251aba3 100644 --- a/algebra/src/curves/models/short_weierstrass_projective/mod.rs +++ b/algebra/src/curves/models/short_weierstrass_projective/mod.rs @@ -568,6 +568,11 @@ impl Curve for Projective

{ self.mul_bits(cofactor) } + fn scale_by_cofactor_inv(&self) -> Self { + let cofactor_inv = BitIterator::new(Into::<::BigInt>::into(P::COFACTOR_INV)); + self.mul_bits(cofactor_inv) + } + #[inline] fn prime_subgroup_generator() -> Self { Self::new( diff --git a/algebra/src/curves/models/twisted_edwards_extended/mod.rs b/algebra/src/curves/models/twisted_edwards_extended/mod.rs index b807c8e97..865028e8c 100644 --- a/algebra/src/curves/models/twisted_edwards_extended/mod.rs +++ b/algebra/src/curves/models/twisted_edwards_extended/mod.rs @@ -529,6 +529,11 @@ impl Curve for TEExtended

{ self.mul_bits(cofactor) } + fn scale_by_cofactor_inv(&self) -> Self { + let cofactor_inv = BitIterator::new(Into::<::BigInt>::into(P::COFACTOR_INV)); + self.mul_bits(cofactor_inv) + } + #[inline] fn prime_subgroup_generator() -> Self { Self::new( diff --git a/r1cs/gadgets/std/src/fields/mod.rs b/r1cs/gadgets/std/src/fields/mod.rs index 9c6af73e6..c7714a71d 100644 --- a/r1cs/gadgets/std/src/fields/mod.rs +++ b/r1cs/gadgets/std/src/fields/mod.rs @@ -5,15 +5,7 @@ use std::fmt::Debug; use crate::{prelude::*, Assignment}; -pub mod cubic_extension; pub mod fp; -pub mod fp12; -pub mod fp2; -pub mod fp3; -pub mod fp4; -pub mod fp6_2over3; -pub mod fp6_3over2; -pub mod quadratic_extension; #[cfg(feature = "nonnative")] pub mod nonnative; diff --git a/r1cs/gadgets/std/src/groups/curves/mod.rs b/r1cs/gadgets/std/src/groups/curves/mod.rs index 11cea997b..7af4adfae 100644 --- a/r1cs/gadgets/std/src/groups/curves/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/mod.rs @@ -1,2 +1,2 @@ pub mod short_weierstrass; -pub mod twisted_edwards; +// pub mod twisted_edwards; diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs index 9ff645966..16faa3df3 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs @@ -1,8 +1,4 @@ -pub mod bls12; -pub mod bn; -pub mod mnt; - pub mod short_weierstrass_jacobian; pub use self::short_weierstrass_jacobian::*; -pub mod short_weierstrass_projective; +// pub mod short_weierstrass_projective; diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs index 0150ad6d6..858891ada 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs @@ -1,9 +1,15 @@ use algebra::{ - curves::short_weierstrass_jacobian::{ - GroupAffine as SWAffine, GroupProjective as SWProjective, + groups::Group, + fields::{Field, PrimeField, BitIterator}, + curves::{ + Curve, + models::{ + SWModelParameters, EndoMulParameters, + short_weierstrass_jacobian::{ + AffineRep as SWAffine, Jacobian as SWProjective, + } + } }, - AffineCurve, BitIterator, EndoMulParameters, Field, PrimeField, ProjectiveCurve, - SWModelParameters, }; use r1cs_core::{ConstraintSystem, SynthesisError}; use std::ops::{Add, Mul}; @@ -25,7 +31,6 @@ pub struct AffineGadget< > { pub x: F, pub y: F, - pub infinity: Boolean, _params: PhantomData

, _engine: PhantomData, } @@ -36,11 +41,10 @@ where ConstraintF: PrimeField, F: FieldGadget, { - pub fn new(x: F, y: F, infinity: Boolean) -> Self { + pub fn new(x: F, y: F) -> Self { Self { x, y, - infinity, _params: PhantomData, _engine: PhantomData, } @@ -115,7 +119,7 @@ where let x1_minus_x3 = self.x.sub(cs.ns(|| "x1 - x3"), &x_3)?; lambda.mul_equals(cs.ns(|| ""), &x1_minus_x3, &y3_plus_y1)?; - Ok(Self::new(x_3, y_3, Boolean::Constant(false))) + Ok(Self::new(x_3, y_3)) } #[inline] @@ -251,7 +255,7 @@ where let x1_minus_x4 = self.x.sub(cs.ns(|| "x1 - x4"), &x_4)?; lambda_2.mul_equals(cs.ns(|| ""), &x1_minus_x4, &y4_plus_y1)?; - Ok(Self::new(x_4, y_4, Boolean::Constant(false))) + Ok(Self::new(x_4, y_4)) } #[inline] @@ -313,12 +317,11 @@ where match ( self.x.get_value(), self.y.get_value(), - self.infinity.get_value(), ) { - (Some(x), Some(y), Some(infinity)) => { - Some(SWAffine::new(x, y, infinity).into_projective()) + (Some(x), Some(y)) => { + Some(SWProjective::from_affine(&SWAffine::new(x, y))) } - (None, None, None) => None, + (None, None) => None, _ => unreachable!(), } } @@ -329,17 +332,13 @@ where } #[inline] - fn zero>(mut cs: CS) -> Result { - Ok(Self::new( - F::zero(cs.ns(|| "zero"))?, - F::one(cs.ns(|| "one"))?, - Boolean::constant(true), - )) + fn zero>(mut _cs: CS) -> Result { + Err(SynthesisError::Other("Affine cannot be zero".to_owned()))? } #[inline] fn is_zero>(&self, _: CS) -> Result { - Ok(self.infinity) + Ok(Boolean::Constant(false)) } #[inline] @@ -378,7 +377,7 @@ where if other.is_zero() { return Err(SynthesisError::AssignmentMissing); } - let other = other.into_affine(); + let other = other.into_affine()?; let other_x = other.x; let other_y = other.y; @@ -427,7 +426,7 @@ where lambda.mul_equals(cs.ns(|| ""), &x1_minus_x3, &y3_plus_y1)?; - Ok(Self::new(x_3, y_3, Boolean::Constant(false))) + Ok(Self::new(x_3, y_3)) } #[inline] @@ -486,7 +485,7 @@ where &old_y_plus_new_y, )?; - *self = Self::new(x, y, Boolean::constant(false)); + *self = Self::new(x, y); Ok(()) } @@ -497,7 +496,6 @@ where Ok(Self::new( self.x.clone(), self.y.negate(cs.ns(|| "negate y"))?, - self.infinity, )) } @@ -534,7 +532,7 @@ where let neg_y = t.y.negate(cs.ns(|| "neg y"))?; let selected_y = F::conditionally_select(cs.ns(|| "select y or -y"), bit, &t.y, &neg_y)?; - let q = Self::new(t.x.clone(), selected_y, t.infinity); + let q = Self::new(t.x.clone(), selected_y); // Acc := (Acc + Q) + Acc using double_and_add_internal *acc = acc.double_and_add_internal(cs.ns(|| "double and add"), &q, safe_arithmetics)?; @@ -787,18 +785,18 @@ where match i { // First chunk -> initialize acc chunk if chunk == 0 => { - acc = Self::new(x, y, Boolean::constant(false)); + acc = Self::new(x, y); } // We can use unsafe add, no exception occur chunk if chunk < num_chunks => { - let adder: Self = Self::new(x, y, Boolean::constant(false)); + let adder: Self = Self::new(x, y); acc = acc.add_unsafe(cs.ns(|| format!("Add_{}", i)), &adder)?; } // Last chunk we must use safe add _ => { - let adder: Self = Self::new(x, y, Boolean::constant(false)); + let adder: Self = Self::new(x, y); acc = acc.add(cs.ns(|| format!("Add_{}", i)), &adder)?; } } @@ -868,7 +866,7 @@ where if bits.len() != CHUNK_SIZE { return Err(SynthesisError::Unsatisfiable); } - let coords = coords.iter().map(|p| p.into_affine()).collect::>(); + let coords = coords.iter().map(|p| p.into_affine()).collect::, _>>()?; let x_coeffs = coords.iter().map(|p| p.x).collect::>(); let y_coeffs = coords.iter().map(|p| p.y).collect::>(); let precomp = Boolean::and( @@ -888,7 +886,7 @@ where &precomp, &y_coeffs, )?; - let tmp = Self::new(x, y, Boolean::constant(false)); + let tmp = Self::new(x, y); match result { None => { result = Some(tmp); @@ -935,7 +933,6 @@ where Ok(Self::new( self.x.mul_by_constant(cs.ns(|| "endo x"), &P::ENDO_COEFF)?, self.y.clone(), - self.infinity, )) } @@ -988,7 +985,6 @@ where &self.y, &self_y_neg, )?, - self.infinity, ); // The unsafe double and add, takes 5 constraints. @@ -1014,14 +1010,8 @@ where ) -> Result { let x = F::conditionally_select(&mut cs.ns(|| "x"), cond, &first.x, &second.x)?; let y = F::conditionally_select(&mut cs.ns(|| "y"), cond, &first.y, &second.y)?; - let infinity = Boolean::conditionally_select( - &mut cs.ns(|| "infinity"), - cond, - &first.infinity, - &second.infinity, - )?; - Ok(Self::new(x, y, infinity)) + Ok(Self::new(x, y)) } fn cost() -> usize { @@ -1043,17 +1033,7 @@ where ) -> Result { let b0 = self.x.is_eq(cs.ns(|| "x"), &other.x)?; let b1 = self.y.is_eq(cs.ns(|| "y"), &other.y)?; - let coordinates_equal = Boolean::and(cs.ns(|| "x AND y"), &b0, &b1)?; - let both_are_zero = Boolean::and( - cs.ns(|| "self.infinity AND other.infinity"), - &self.infinity, - &other.infinity, - )?; - Boolean::or( - cs.ns(|| "coordinates_equal OR both_are_zero"), - &coordinates_equal, - &both_are_zero, - ) + Boolean::and(cs.ns(|| "x AND y"), &b0, &b1) } #[inline] @@ -1108,15 +1088,14 @@ where FN: FnOnce() -> Result, T: Borrow>, { - let (x, y, infinity) = match value_gen() { + let (x, y) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow().into_affine()?; + (Ok(ge.x), Ok(ge.y)) } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), ), }; @@ -1126,7 +1105,6 @@ where let x = F::alloc(&mut cs.ns(|| "x"), || x)?; let y = F::alloc(&mut cs.ns(|| "y"), || y)?; - let infinity = Boolean::alloc(&mut cs.ns(|| "infinity"), || infinity)?; // Check that y^2 = x^3 + ax +b // We do this by checking that y^2 - b = x * (x^2 +a) @@ -1141,10 +1119,10 @@ where x2_plus_a_times_x.conditional_enforce_equal( cs.ns(|| "on curve check"), &y2_minus_b, - &infinity.not(), + &Boolean::Constant(true), )?; - Ok(Self::new(x, y, infinity)) + Ok(Self::new(x, y)) } #[inline] @@ -1156,23 +1134,21 @@ where FN: FnOnce() -> Result, T: Borrow>, { - let (x, y, infinity) = match value_gen() { + let (x, y) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow().into_affine()?; + (Ok(ge.x), Ok(ge.y)) } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), ), }; let x = F::alloc(&mut cs.ns(|| "x"), || x)?; let y = F::alloc(&mut cs.ns(|| "y"), || y)?; - let infinity = Boolean::alloc(&mut cs.ns(|| "infinity"), || infinity)?; - Ok(Self::new(x, y, infinity)) + Ok(Self::new(x, y)) } #[inline] @@ -1201,9 +1177,7 @@ where let ge = Self::alloc(cs.ns(|| "Alloc checked"), || { value_gen().map(|ge| { ge.borrow() - .into_affine() - .mul_by_cofactor_inv() - .into_projective() + .scale_by_cofactor_inv() }) })?; let mut seen_one = false; @@ -1265,15 +1239,14 @@ where FN: FnOnce() -> Result, T: Borrow>, { - let (x, y, infinity) = match value_gen() { + let (x, y) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow().into_affine()?; + (Ok(ge.x), Ok(ge.y)) } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), ), }; @@ -1282,7 +1255,6 @@ where let x = F::alloc_input(&mut cs.ns(|| "x"), || x)?; let y = F::alloc_input(&mut cs.ns(|| "y"), || y)?; - let infinity = Boolean::alloc_input(&mut cs.ns(|| "infinity"), || infinity)?; // Check that y^2 = x^3 + ax +b // We do this by checking that y^2 - b = x * (x^2 +a) @@ -1297,10 +1269,10 @@ where x2_plus_a_times_x.conditional_enforce_equal( cs.ns(|| "on curve check"), &y2_minus_b, - &infinity.not(), + &Boolean::constant(true), )?; - Ok(Self::new(x, y, infinity)) + Ok(Self::new(x, y)) } } @@ -1312,21 +1284,19 @@ where F: FieldGadget, { fn from_value>(mut cs: CS, value: &SWProjective

) -> Self { - let value = value.into_affine(); + // TODO: should be wrapped by error handler + let value = value.into_affine().unwrap(); let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); - let infinity = Boolean::constant(value.infinity); - Self::new(x, y, infinity) + Self::new(x, y) } fn get_constant(&self) -> SWProjective

{ - let value_proj = SWAffine::

::new( + let value_proj = SWProjective::from_affine(&SWAffine::

::new( self.x.get_value().unwrap(), self.y.get_value().unwrap(), - self.infinity.get_value().unwrap(), - ) - .into_projective(); + )); let x = value_proj.x; let y = value_proj.y; let z = value_proj.z; @@ -1347,7 +1317,6 @@ where let mut x_bits = self.x.to_bits(&mut cs.ns(|| "X Coordinate To Bits"))?; let y_bits = self.y.to_bits(&mut cs.ns(|| "Y Coordinate To Bits"))?; x_bits.extend_from_slice(&y_bits); - x_bits.push(self.infinity); Ok(x_bits) } @@ -1362,7 +1331,6 @@ where .y .to_bits_strict(&mut cs.ns(|| "Y Coordinate To Bits"))?; x_bits.extend_from_slice(&y_bits); - x_bits.push(self.infinity); Ok(x_bits) } @@ -1380,9 +1348,7 @@ where ) -> Result, SynthesisError> { let mut x_bytes = self.x.to_bytes(&mut cs.ns(|| "X Coordinate To Bytes"))?; let y_bytes = self.y.to_bytes(&mut cs.ns(|| "Y Coordinate To Bytes"))?; - let inf_bytes = self.infinity.to_bytes(&mut cs.ns(|| "Infinity to Bytes"))?; x_bytes.extend_from_slice(&y_bytes); - x_bytes.extend_from_slice(&inf_bytes); Ok(x_bytes) } @@ -1396,9 +1362,7 @@ where let y_bytes = self .y .to_bytes_strict(&mut cs.ns(|| "Y Coordinate To Bytes"))?; - let inf_bytes = self.infinity.to_bytes(&mut cs.ns(|| "Infinity to Bytes"))?; x_bytes.extend_from_slice(&y_bytes); - x_bytes.extend_from_slice(&inf_bytes); Ok(x_bytes) } diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs index 21a455a60..f35525e6c 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs @@ -1,10 +1,17 @@ use algebra::{ - curves::short_weierstrass_projective::{ - GroupAffine as SWAffine, GroupProjective as SWProjective, + groups::Group, + fields::{Field, PrimeField, BitIterator}, + curves::{ + Curve, + models::{ + SWModelParameters, EndoMulParameters, + short_weierstrass_projective::{ + AffineRep as SWAffine, Projective as SWProjective, + } + } }, - AffineCurve, BitIterator, EndoMulParameters, Field, PrimeField, ProjectiveCurve, - SWModelParameters, }; + use r1cs_core::{ConstraintSystem, SynthesisError}; use std::ops::{Add, Mul}; use std::{borrow::Borrow, marker::PhantomData, ops::Neg}; diff --git a/r1cs/gadgets/std/src/groups/mod.rs b/r1cs/gadgets/std/src/groups/mod.rs index 774e0e8a9..b4fe3796e 100644 --- a/r1cs/gadgets/std/src/groups/mod.rs +++ b/r1cs/gadgets/std/src/groups/mod.rs @@ -6,8 +6,6 @@ use std::{borrow::Borrow, fmt::Debug}; pub mod curves; -pub use self::curves::short_weierstrass::{bls12, bn, mnt}; - #[cfg(feature = "nonnative")] pub mod nonnative; @@ -60,7 +58,7 @@ pub trait GroupGadget: mut cs: CS, other: &G, ) -> Result { - let neg_other = -(*other); + let neg_other = -other.clone(); self.add_constant(cs.ns(|| "Self - other"), &neg_other) } diff --git a/r1cs/gadgets/std/src/groups/nonnative/short_weierstrass/short_weierstrass_jacobian.rs b/r1cs/gadgets/std/src/groups/nonnative/short_weierstrass/short_weierstrass_jacobian.rs index 06b6cd8d0..af23b703b 100644 --- a/r1cs/gadgets/std/src/groups/nonnative/short_weierstrass/short_weierstrass_jacobian.rs +++ b/r1cs/gadgets/std/src/groups/nonnative/short_weierstrass/short_weierstrass_jacobian.rs @@ -4,11 +4,17 @@ //! - PartialEq, Eq, ToBitsGadget, ToBytesGagdet, EqGadget //! - CondSelectGadget, ConstantGadget, AllocGadget. use algebra::{ - curves::short_weierstrass_jacobian::{ - GroupAffine as SWAffine, GroupProjective as SWProjective, + groups::Group, + fields::{Field, PrimeField, SquareRootField, BitIterator}, + curves::{ + Curve, + models::{ + SWModelParameters, EndoMulParameters, + short_weierstrass_jacobian::{ + AffineRep as SWAffine, Jacobian as SWProjective, + } + } }, - AffineCurve, BitIterator, EndoMulParameters, Field, PrimeField, ProjectiveCurve, - SWModelParameters, SquareRootField, }; use r1cs_core::{ConstraintSystem, SynthesisError}; @@ -40,7 +46,6 @@ pub struct GroupAffineNonNativeGadget< > { pub x: NonNativeFieldGadget, pub y: NonNativeFieldGadget, - pub infinity: Boolean, _params: PhantomData

, } @@ -63,17 +68,13 @@ where } #[inline] - fn zero>(mut cs: CS) -> Result { - Ok(Self::new( - NonNativeFieldGadget::zero(cs.ns(|| "zero"))?, - NonNativeFieldGadget::one(cs.ns(|| "one"))?, - Boolean::constant(true), - )) + fn zero>(mut _cs: CS) -> Result { + Err(SynthesisError::Other("Affine cannot be zero".to_owned()))? } #[inline] fn is_zero>(&self, _: CS) -> Result { - Ok(self.infinity) + Ok(Boolean::Constant(false)) } #[inline] @@ -133,7 +134,7 @@ where &old_y_plus_new_y, )?; - *self = Self::new(x, y, Boolean::constant(false)); + *self = Self::new(x, y); Ok(()) } @@ -144,7 +145,6 @@ where Ok(Self::new( self.x.clone(), self.y.negate(cs.ns(|| "negate y"))?, - self.infinity, )) } @@ -173,7 +173,7 @@ where if other.is_zero() { return Err(SynthesisError::AssignmentMissing); } - let other = other.into_affine(); + let other = other.into_affine()?; let other_x = other.x; let other_y = other.y; @@ -222,7 +222,7 @@ where lambda.mul_equals(cs.ns(|| ""), &x1_minus_x3, &y3_plus_y1)?; - Ok(Self::new(x_3, y_3, Boolean::Constant(false))) + Ok(Self::new(x_3, y_3)) } /// [Hopwood]'s optimized scalar multiplication, adapted to the general case of no @@ -254,7 +254,7 @@ where &t.y, &neg_y, )?; - let q = Self::new(t.x.clone(), selected_y, t.infinity); + let q = Self::new(t.x.clone(), selected_y); // Acc := (Acc + Q) + Acc using double_and_add_internal at 5 constraints *acc = acc.double_and_add_internal(cs.ns(|| "double and add"), &q, safe_arithmetics)?; @@ -438,18 +438,18 @@ where match i { // First chunk -> initialize acc chunk if chunk == 0 => { - acc = Self::new(x, y, Boolean::constant(false)); + acc = Self::new(x, y); } // We can use unsafe add, no exception occur chunk if chunk < num_chunks => { - let adder: Self = Self::new(x, y, Boolean::constant(false)); + let adder: Self = Self::new(x, y); acc = acc.add_unsafe(cs.ns(|| format!("Add_{}", i)), &adder)?; } // Last chunk we must use safe add _ => { - let adder: Self = Self::new(x, y, Boolean::constant(false)); + let adder: Self = Self::new(x, y); acc = acc.add(cs.ns(|| format!("Add_{}", i)), &adder)?; } } @@ -466,12 +466,11 @@ where match ( self.x.get_value(), self.y.get_value(), - self.infinity.get_value(), ) { - (Some(x), Some(y), Some(infinity)) => { - Some(SWAffine::

::new(x, y, infinity).into_projective()) + (Some(x), Some(y)) => { + Some(SWProjective::from_affine(&SWAffine::

::new(x, y))) } - (None, None, None) => None, + (None, None) => None, _ => unreachable!(), } } @@ -505,7 +504,6 @@ where Ok(Self::new( self.x.mul_by_constant(cs.ns(|| "endo x"), &P::ENDO_COEFF)?, self.y.clone(), - self.infinity, )) } @@ -558,7 +556,6 @@ where &self.y, &self_y_neg, )?, - self.infinity, ); // The unsafe double and add, takes 5 constraints. @@ -603,7 +600,6 @@ where let mut x_bits = self.x.to_bits(&mut cs.ns(|| "X Coordinate To Bits"))?; let y_bits = self.y.to_bits(&mut cs.ns(|| "Y Coordinate To Bits"))?; x_bits.extend_from_slice(&y_bits); - x_bits.push(self.infinity); Ok(x_bits) } @@ -618,7 +614,6 @@ where .y .to_bits_strict(&mut cs.ns(|| "Y Coordinate To Bits"))?; x_bits.extend_from_slice(&y_bits); - x_bits.push(self.infinity); Ok(x_bits) } @@ -637,9 +632,7 @@ where ) -> Result, SynthesisError> { let mut x_bytes = self.x.to_bytes(&mut cs.ns(|| "X Coordinate To Bytes"))?; let y_bytes = self.y.to_bytes(&mut cs.ns(|| "Y Coordinate To Bytes"))?; - let inf_bytes = self.infinity.to_bytes(&mut cs.ns(|| "Infinity to Bytes"))?; x_bytes.extend_from_slice(&y_bytes); - x_bytes.extend_from_slice(&inf_bytes); Ok(x_bytes) } @@ -653,9 +646,7 @@ where let y_bytes = self .y .to_bytes_strict(&mut cs.ns(|| "Y Coordinate To Bytes"))?; - let inf_bytes = self.infinity.to_bytes(&mut cs.ns(|| "Infinity to Bytes"))?; x_bytes.extend_from_slice(&y_bytes); - x_bytes.extend_from_slice(&inf_bytes); Ok(x_bytes) } @@ -675,17 +666,7 @@ where ) -> Result { let b0 = self.x.is_eq(cs.ns(|| "x"), &other.x)?; let b1 = self.y.is_eq(cs.ns(|| "y"), &other.y)?; - let coordinates_equal = Boolean::and(cs.ns(|| "x AND y"), &b0, &b1)?; - let both_are_zero = Boolean::and( - cs.ns(|| "self.infinity AND other.infinity"), - &self.infinity, - &other.infinity, - )?; - Boolean::or( - cs.ns(|| "coordinates_equal OR both_are_zero"), - &coordinates_equal, - &both_are_zero, - ) + Boolean::and(cs.ns(|| "x AND y"), &b0, &b1) } #[inline] @@ -733,12 +714,10 @@ where pub fn new( x: NonNativeFieldGadget, y: NonNativeFieldGadget, - infinity: Boolean, ) -> Self { Self { x, y, - infinity, _params: PhantomData, } } @@ -812,7 +791,7 @@ where let x1_minus_x3 = self.x.sub(cs.ns(|| "x1 - x3"), &x_3)?; lambda.mul_equals(cs.ns(|| ""), &x1_minus_x3, &y3_plus_y1)?; - Ok(Self::new(x_3, y_3, Boolean::Constant(false))) + Ok(Self::new(x_3, y_3)) } #[inline] @@ -948,7 +927,7 @@ where let x1_minus_x4 = self.x.sub(cs.ns(|| "x1 - x4"), &x_4)?; lambda_2.mul_equals(cs.ns(|| ""), &x1_minus_x4, &y4_plus_y1)?; - Ok(Self::new(x_4, y_4, Boolean::Constant(false))) + Ok(Self::new(x_4, y_4)) } #[inline] @@ -1002,14 +981,8 @@ where &first.y, &second.y, )?; - let infinity = Boolean::conditionally_select( - &mut cs.ns(|| "infinity"), - cond, - &first.infinity, - &second.infinity, - )?; - Ok(Self::new(x, y, infinity)) + Ok(Self::new(x, y)) } fn cost() -> usize { @@ -1026,21 +999,19 @@ where SimulationF: PrimeField + SquareRootField, { fn from_value>(mut cs: CS, value: &SWProjective

) -> Self { - let value = value.into_affine(); + // TODO: should be wrapper by error handling + let value = value.into_affine().unwrap(); let x = NonNativeFieldGadget::from_value(cs.ns(|| "hardcode x"), &value.x); let y = NonNativeFieldGadget::from_value(cs.ns(|| "hardcode y"), &value.y); - let infinity = Boolean::constant(value.infinity); - Self::new(x, y, infinity) + Self::new(x, y) } fn get_constant(&self) -> SWProjective

{ - let value_proj = SWAffine::

::new( + let value_proj = SWProjective::from_affine(&SWAffine::

::new( self.x.get_value().unwrap(), self.y.get_value().unwrap(), - self.infinity.get_value().unwrap(), - ) - .into_projective(); + )); let x = value_proj.x; let y = value_proj.y; let z = value_proj.z; @@ -1064,15 +1035,14 @@ where FN: FnOnce() -> Result, T: Borrow>, { - let (x, y, infinity) = match value_gen() { + let (x, y) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow().into_affine()?; + (Ok(ge.x), Ok(ge.y)) } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), ), }; @@ -1082,7 +1052,6 @@ where let x = NonNativeFieldGadget::alloc(&mut cs.ns(|| "x"), || x)?; let y = NonNativeFieldGadget::alloc(&mut cs.ns(|| "y"), || y)?; - let infinity = Boolean::alloc(&mut cs.ns(|| "infinity"), || infinity)?; // Check that y^2 = x^3 + ax +b // We do this by checking that y^2 - b = x * (x^2 +a) @@ -1101,10 +1070,10 @@ where x2_plus_a_times_x.conditional_enforce_equal( cs.ns(|| "on curve check"), &y2_minus_b, - &infinity.not(), + &Boolean::constant(true), )?; - Ok(Self::new(x, y, infinity)) + Ok(Self::new(x, y)) } #[inline] @@ -1116,23 +1085,21 @@ where FN: FnOnce() -> Result, T: Borrow>, { - let (x, y, infinity) = match value_gen() { + let (x, y) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow().into_affine()?; + (Ok(ge.x), Ok(ge.y)) } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), ), }; let x = NonNativeFieldGadget::alloc(&mut cs.ns(|| "x"), || x)?; let y = NonNativeFieldGadget::alloc(&mut cs.ns(|| "y"), || y)?; - let infinity = Boolean::alloc(&mut cs.ns(|| "infinity"), || infinity)?; - Ok(Self::new(x, y, infinity)) + Ok(Self::new(x, y)) } #[inline] @@ -1159,9 +1126,7 @@ where let ge = Self::alloc(cs.ns(|| "Alloc checked"), || { value_gen().map(|ge| { ge.borrow() - .into_affine() - .mul_by_cofactor_inv() - .into_projective() + .scale_by_cofactor_inv() }) })?; let mut seen_one = false; @@ -1223,22 +1188,20 @@ where FN: FnOnce() -> Result, T: Borrow>, { - let (x, y, infinity) = match value_gen() { + let (x, y) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow().into_affine()?; + (Ok(ge.x), Ok(ge.y)) } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), - Err(SynthesisError::AssignmentMissing), ), }; let x = NonNativeFieldGadget::alloc_input(&mut cs.ns(|| "x"), || x)?; let y = NonNativeFieldGadget::alloc_input(&mut cs.ns(|| "y"), || y)?; - let infinity = Boolean::alloc_input(&mut cs.ns(|| "infinity"), || infinity)?; - Ok(Self::new(x, y, infinity)) + Ok(Self::new(x, y)) } } diff --git a/r1cs/gadgets/std/src/instantiated/mod.rs b/r1cs/gadgets/std/src/instantiated/mod.rs index 210c79f75..2d8b37040 100644 --- a/r1cs/gadgets/std/src/instantiated/mod.rs +++ b/r1cs/gadgets/std/src/instantiated/mod.rs @@ -1,23 +1,2 @@ -#[cfg(feature = "bls12_377")] -pub mod bls12_377; - -#[cfg(feature = "bn_382")] -pub mod bn_382; - -#[cfg(feature = "edwards_bls12")] -pub mod edwards_bls12; - -#[cfg(feature = "edwards_sw6")] -pub mod edwards_sw6; - -#[cfg(feature = "jubjub")] -pub mod jubjub; - -#[cfg(feature = "mnt4_753")] -pub mod mnt4_753; - -#[cfg(feature = "mnt6_753")] -pub mod mnt6_753; - #[cfg(feature = "tweedle")] pub mod tweedle; diff --git a/r1cs/gadgets/std/src/lib.rs b/r1cs/gadgets/std/src/lib.rs index 9875a9246..495da2b79 100644 --- a/r1cs/gadgets/std/src/lib.rs +++ b/r1cs/gadgets/std/src/lib.rs @@ -58,8 +58,6 @@ pub mod fields; pub mod groups; -pub mod pairing; - pub mod instantiated; pub use instantiated::*; @@ -76,9 +74,8 @@ pub mod prelude { ToBytesGadget, }, eq::*, - fields::{cubic_extension::*, quadratic_extension::*, FieldGadget}, + fields::FieldGadget, groups::GroupGadget, - pairing::PairingGadget, select::*, }; } diff --git a/r1cs/gadgets/std/src/to_field_gadget_vec.rs b/r1cs/gadgets/std/src/to_field_gadget_vec.rs index 49f921668..3570a9148 100644 --- a/r1cs/gadgets/std/src/to_field_gadget_vec.rs +++ b/r1cs/gadgets/std/src/to_field_gadget_vec.rs @@ -1,13 +1,14 @@ -use algebra::{curves::models::SWModelParameters, curves::models::TEModelParameters, PrimeField}; +use algebra::{curves::models::SWModelParameters,/* curves::models::TEModelParameters,*/ PrimeField}; use crate::fields::fp::FpGadget; use crate::{ fields::FieldGadget, - groups::curves::short_weierstrass::{ - short_weierstrass_jacobian::AffineGadget as SWJAffineGadget, - short_weierstrass_projective::AffineGadget as SWPAffineGadget, - }, - groups::curves::twisted_edwards::AffineGadget as TEAffineGadget, + groups::curves::short_weierstrass::short_weierstrass_jacobian::AffineGadget as SWJAffineGadget, + // groups::curves::short_weierstrass::{ + // short_weierstrass_jacobian::AffineGadget as SWJAffineGadget, + // short_weierstrass_projective::AffineGadget as SWPAffineGadget, + // }, + // groups::curves::twisted_edwards::AffineGadget as TEAffineGadget, }; use r1cs_core::{ConstraintSystem, SynthesisError as Error}; @@ -56,27 +57,27 @@ impl ToConstraintFieldGadget for () { } } -impl ToConstraintFieldGadget - for SWPAffineGadget -where - M: SWModelParameters, - ConstraintF: PrimeField, - FG: FieldGadget - + ToConstraintFieldGadget>, -{ - type FieldGadget = FpGadget; - - #[inline] - fn to_field_gadget_elements>( - &self, - mut cs: CS, - ) -> Result, Error> { - let mut x_fe = self.x.to_field_gadget_elements(cs.ns(|| "x"))?; - let y_fe = self.y.to_field_gadget_elements(cs.ns(|| "y"))?; - x_fe.extend_from_slice(&y_fe); - Ok(x_fe) - } -} +// impl ToConstraintFieldGadget +// for SWPAffineGadget +// where +// M: SWModelParameters, +// ConstraintF: PrimeField, +// FG: FieldGadget +// + ToConstraintFieldGadget>, +// { +// type FieldGadget = FpGadget; +// +// #[inline] +// fn to_field_gadget_elements>( +// &self, +// mut cs: CS, +// ) -> Result, Error> { +// let mut x_fe = self.x.to_field_gadget_elements(cs.ns(|| "x"))?; +// let y_fe = self.y.to_field_gadget_elements(cs.ns(|| "y"))?; +// x_fe.extend_from_slice(&y_fe); +// Ok(x_fe) +// } +// } impl ToConstraintFieldGadget for SWJAffineGadget @@ -100,23 +101,23 @@ where } } -impl ToConstraintFieldGadget for TEAffineGadget -where - M: TEModelParameters, - ConstraintF: PrimeField, - FG: FieldGadget - + ToConstraintFieldGadget>, -{ - type FieldGadget = FpGadget; - - #[inline] - fn to_field_gadget_elements>( - &self, - mut cs: CS, - ) -> Result, Error> { - let mut x_fe = self.x.to_field_gadget_elements(cs.ns(|| "x"))?; - let y_fe = self.y.to_field_gadget_elements(cs.ns(|| "y"))?; - x_fe.extend_from_slice(&y_fe); - Ok(x_fe) - } -} +// impl ToConstraintFieldGadget for TEAffineGadget +// where +// M: TEModelParameters, +// ConstraintF: PrimeField, +// FG: FieldGadget +// + ToConstraintFieldGadget>, +// { +// type FieldGadget = FpGadget; +// +// #[inline] +// fn to_field_gadget_elements>( +// &self, +// mut cs: CS, +// ) -> Result, Error> { +// let mut x_fe = self.x.to_field_gadget_elements(cs.ns(|| "x"))?; +// let y_fe = self.y.to_field_gadget_elements(cs.ns(|| "y"))?; +// x_fe.extend_from_slice(&y_fe); +// Ok(x_fe) +// } +// } From 0f993e58ff273d917b9d76f12122ede51162756d Mon Sep 17 00:00:00 2001 From: Phoinic Date: Wed, 1 Dec 2021 12:40:53 +0200 Subject: [PATCH 31/79] r1cs and marlin related bugfixes --- algebra/src/curves/secp256k1/tests.rs | 634 +++++++++--------- algebra/src/fft/domain/mod.rs | 2 +- algebra/src/groups/group_vec.rs | 19 +- r1cs/gadgets/std/src/bits/boolean.rs | 106 +-- r1cs/gadgets/std/src/bits/uint32.rs | 9 +- r1cs/gadgets/std/src/bits/uint64.rs | 5 +- r1cs/gadgets/std/src/bits/uint8.rs | 5 +- .../gadgets/std/src/fields/nonnative/tests.rs | 13 +- .../groups/curves/short_weierstrass/mod.rs | 2 +- .../short_weierstrass_jacobian.rs | 337 ++++++---- .../short_weierstrass_projective.rs | 115 ++-- .../src/groups/curves/twisted_edwards/mod.rs | 204 +++--- r1cs/gadgets/std/src/groups/mod.rs | 25 +- .../short_weierstrass_jacobian.rs | 321 +++++---- .../gadgets/std/src/groups/nonnative/tests.rs | 6 +- 15 files changed, 974 insertions(+), 829 deletions(-) diff --git a/algebra/src/curves/secp256k1/tests.rs b/algebra/src/curves/secp256k1/tests.rs index e6823ff32..198d17af8 100644 --- a/algebra/src/curves/secp256k1/tests.rs +++ b/algebra/src/curves/secp256k1/tests.rs @@ -2,8 +2,8 @@ use crate::{curves::{ Curve, secp256k1::{Secp256k1Jacobian, Secp256k1Parameters}, tests::{curve_tests, sw_jacobian_curve_serialization_test}, -}, fields::secp256k1::Fr, groups::tests::group_test, FromBytes, SemanticallyValid}; -use hex_literal::hex; +}, /*fields::secp256k1::Fr, */groups::tests::group_test, FromBytes/*, SemanticallyValid*/}; +// use hex_literal::hex; use rand::{Rng, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -46,318 +46,318 @@ fn to_internal_repr(mut x: Vec, mut y: Vec, mut z: Vec) -> Secp256k1 Secp256k1Jacobian::read(&x[..]).unwrap() } -#[test] -/// Repeated addition with the generator. Test vectors are taken from -/// https://github.com/RustCrypto/elliptic-curves/blob/master/k256/src/test_vectors/group.rs -fn test_secp256k1_addition_correctness() { - const ADD_TEST_VECTORS: &[([u8; 32], [u8; 32], [u8; 32])] = &[ - ( - hex!("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"), - hex!("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5"), - hex!("1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9"), - hex!("388F7B0F632DE8140FE337E62A37F3566500A99934C2231B6CB9FD7584B8E672"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("E493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13"), - hex!("51ED993EA0D455B75642E2098EA51448D967AE33BFBDFE40CFE97BDC47739922"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4"), - hex!("D8AC222636E5E3D6D4DBA9DDA6C9C426F788271BAB0D6840DCA87D3AA6AC62D6"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A1460297556"), - hex!("AE12777AACFBB620F3BE96017F45C560DE80F0F6518FE4A03C870C36B075F297"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC"), - hex!("6AEBCA40BA255960A3178D6D861A54DBA813D0B813FDE7B5A5082628087264DA"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("2F01E5E15CCA351DAFF3843FB70F3C2F0A1BDD05E5AF888A67784EF3E10A2A01"), - hex!("5C4DA8A741539949293D082A132D13B4C2E213D6BA5B7617B5DA2CB76CBDE904"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("ACD484E2F0C7F65309AD178A9F559ABDE09796974C57E714C35F110DFC27CCBE"), - hex!("CC338921B0A7D9FD64380971763B61E9ADD888A4375F8E0F05CC262AC64F9C37"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("A0434D9E47F3C86235477C7B1AE6AE5D3442D49B1943C2B752A68E2A47E247C7"), - hex!("893ABA425419BC27A3B6C7E693A24C696F794C2ED877A1593CBEE53B037368D7"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("774AE7F858A9411E5EF4246B70C65AAC5649980BE5C17891BBEC17895DA008CB"), - hex!("D984A032EB6B5E190243DD56D7B7B365372DB1E2DFF9D6A8301D74C9C953C61B"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("D01115D548E7561B15C38F004D734633687CF4419620095BC5B0F47070AFE85A"), - hex!("A9F34FFDC815E0D7A8B64537E17BD81579238C5DD9A86D526B051B13F4062327"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8"), - hex!("0AB0902E8D880A89758212EB65CDAF473A1A06DA521FA91F29B5CB52DB03ED81"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("499FDF9E895E719CFD64E67F07D38E3226AA7B63678949E6E49B241A60E823E4"), - hex!("CAC2F6C4B54E855190F044E4A7B3D464464279C27A3F95BCC65F40D403A13F5B"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("D7924D4F7D43EA965A465AE3095FF41131E5946F3C85F79E44ADBCF8E27E080E"), - hex!("581E2872A86C72A683842EC228CC6DEFEA40AF2BD896D3A5C504DC9FF6A26B58"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("E60FCE93B59E9EC53011AABC21C23E97B2A31369B87A5AE9C44EE89E2A6DEC0A"), - hex!("F7E3507399E595929DB99F34F57937101296891E44D23F0BE1F32CCE69616821"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("DEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34"), - hex!("4211AB0694635168E997B0EAD2A93DAECED1F4A04A95C0F6CFB199F69E56EB77"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("5601570CB47F238D2B0286DB4A990FA0F3BA28D1A319F5E7CF55C2A2444DA7CC"), - hex!("C136C1DC0CBEB930E9E298043589351D81D8E0BC736AE2A1F5192E5E8B061D58"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("2B4EA0A797A443D293EF5CFF444F4979F06ACFEBD7E86D277475656138385B6C"), - hex!("85E89BC037945D93B343083B5A1C86131A01F60C50269763B570C854E5C09B7A"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97"), - hex!("12BA26DCB10EC1625DA61FA10A844C676162948271D96967450288EE9233DC3A"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ]; - - let gen = Secp256k1Jacobian::prime_subgroup_generator(); - let mut curr_point = gen; - - for (i, (x, y, z)) in ADD_TEST_VECTORS.iter().enumerate() { - let test_point = to_internal_repr(x.to_vec(), y.to_vec(), z.to_vec()); - assert!( - test_point.is_valid(), - "Validity test failed for point {}", - i - ); - assert_eq!( - test_point, curr_point, - "Computed value doesn't match test one for point {}", - i - ); - curr_point += &gen; - } -} - -#[test] -/// Scalar multiplication with the generator. Test vectors are taken from -/// https://github.com/RustCrypto/elliptic-curves/blob/master/k256/src/test_vectors/group.rs -fn test_secp256k1_mul_bits_correctness() { - use std::ops::Mul; - - pub const MUL_TEST_VECTORS: &[([u8; 32], [u8; 32], [u8; 32], [u8; 32])] = &[ - ( - hex!("000000000000000000000000000000000000000000000000018EBBB95EED0E13"), - hex!("A90CC3D3F3E146DAADFC74CA1372207CB4B725AE708CEF713A98EDD73D99EF29"), - hex!("5A79D6B289610C68BC3B47F3D72F9788A26A06868B4D8E433E1E2AD76FB7DC76"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("0000000000000000000000000000000000159D893D4CDD747246CDCA43590E13"), - hex!("E5A2636BCFD412EBF36EC45B19BFB68A1BC5F8632E678132B885F7DF99C5E9B3"), - hex!("736C1CE161AE27B405CAFD2A7520370153C2C861AC51D6C1D5985D9606B45F39"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAEABB739ABD2280EEFF497A3340D9050"), - hex!("A6B594B38FB3E77C6EDF78161FADE2041F4E09FD8497DB776E546C41567FEB3C"), - hex!("71444009192228730CD8237A490FEBA2AFE3D27D7CC1136BC97E439D13330D55"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0"), - hex!("00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C63"), - hex!("3F3979BF72AE8202983DC989AEC7F2FF2ED91BDD69CE02FC0700CA100E59DDF3"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0C0325AD0376782CCFDDC6E99C28B0F0"), - hex!("E24CE4BEEE294AA6350FAA67512B99D388693AE4E7F53D19882A6EA169FC1CE1"), - hex!("8B71E83545FC2B5872589F99D948C03108D36797C4DE363EBD3FF6A9E1A95B10"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412D"), - hex!("4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97"), - hex!("ED45D9234EF13E9DA259E05EF57BB3989E9D6B7D8E269698BAFD77106DCC1FF5"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412E"), - hex!("2B4EA0A797A443D293EF5CFF444F4979F06ACFEBD7E86D277475656138385B6C"), - hex!("7A17643FC86BA26C4CBCF7C4A5E379ECE5FE09F3AFD9689C4A8F37AA1A3F60B5"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412F"), - hex!("5601570CB47F238D2B0286DB4A990FA0F3BA28D1A319F5E7CF55C2A2444DA7CC"), - hex!("3EC93E23F34146CF161D67FBCA76CAE27E271F438C951D5E0AE6D1A074F9DED7"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364130"), - hex!("DEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34"), - hex!("BDEE54F96B9CAE9716684F152D56C251312E0B5FB56A3F09304E660861A910B8"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364131"), - hex!("E60FCE93B59E9EC53011AABC21C23E97B2A31369B87A5AE9C44EE89E2A6DEC0A"), - hex!("081CAF8C661A6A6D624660CB0A86C8EFED6976E1BB2DC0F41E0CD330969E940E"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364132"), - hex!("D7924D4F7D43EA965A465AE3095FF41131E5946F3C85F79E44ADBCF8E27E080E"), - hex!("A7E1D78D57938D597C7BD13DD733921015BF50D427692C5A3AFB235F095D90D7"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364133"), - hex!("499FDF9E895E719CFD64E67F07D38E3226AA7B63678949E6E49B241A60E823E4"), - hex!("353D093B4AB17AAE6F0FBB1B584C2B9BB9BD863D85C06A4339A0BF2AFC5EBCD4"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364134"), - hex!("F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8"), - hex!("F54F6FD17277F5768A7DED149A3250B8C5E5F925ADE056E0D64A34AC24FC0EAE"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364135"), - hex!("D01115D548E7561B15C38F004D734633687CF4419620095BC5B0F47070AFE85A"), - hex!("560CB00237EA1F285749BAC81E8427EA86DC73A2265792AD94FAE4EB0BF9D908"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364136"), - hex!("774AE7F858A9411E5EF4246B70C65AAC5649980BE5C17891BBEC17895DA008CB"), - hex!("267B5FCD1494A1E6FDBC22A928484C9AC8D24E1D20062957CFE28B3536AC3614"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364137"), - hex!("A0434D9E47F3C86235477C7B1AE6AE5D3442D49B1943C2B752A68E2A47E247C7"), - hex!("76C545BDABE643D85C4938196C5DB3969086B3D127885EA6C3411AC3FC8C9358"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364138"), - hex!("ACD484E2F0C7F65309AD178A9F559ABDE09796974C57E714C35F110DFC27CCBE"), - hex!("33CC76DE4F5826029BC7F68E89C49E165227775BC8A071F0FA33D9D439B05FF8"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364139"), - hex!("2F01E5E15CCA351DAFF3843FB70F3C2F0A1BDD05E5AF888A67784EF3E10A2A01"), - hex!("A3B25758BEAC66B6D6C2F7D5ECD2EC4B3D1DEC2945A489E84A25D3479342132B"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413A"), - hex!("5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC"), - hex!("951435BF45DAA69F5CE8729279E5AB2457EC2F47EC02184A5AF7D9D6F78D9755"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413B"), - hex!("FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A1460297556"), - hex!("51ED8885530449DF0C4169FE80BA3A9F217F0F09AE701B5FC378F3C84F8A0998"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413C"), - hex!("2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4"), - hex!("2753DDD9C91A1C292B24562259363BD90877D8E454F297BF235782C459539959"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413D"), - hex!("E493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13"), - hex!("AE1266C15F2BAA48A9BD1DF6715AEBB7269851CC404201BF30168422B88C630D"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413E"), - hex!("F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9"), - hex!("C77084F09CD217EBF01CC819D5C80CA99AFF5666CB3DDCE4934602897B4715BD"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413F"), - hex!("C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5"), - hex!("E51E970159C23CC65C3A7BE6B99315110809CD9ACD992F1EDC9BCE55AF301705"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ( - hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140"), - hex!("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"), - hex!("B7C52588D95C3B9AA25B0403F1EEF75702E84BB7597AABE663B82F6F04EF2777"), - hex!("0000000000000000D10300000100000000000000000000000000000000000000"), - ), - ]; - - let gen = Secp256k1Jacobian::prime_subgroup_generator(); - - for (i, (scalar, x, y, z)) in MUL_TEST_VECTORS.iter().enumerate() { - let test_point = to_internal_repr(x.to_vec(), y.to_vec(), z.to_vec()); - assert!( - test_point.is_valid(), - "Validity test failed for point {}", - i - ); - - let test_scalar = { - let mut scalar = scalar.to_vec(); - scalar.reverse(); - scalar.append(&mut vec![0u8; 8]); - Fr::read(&scalar[..]).unwrap() - }; - assert!( - test_scalar.is_valid(), - "Validity test failed for scalar {}", - i - ); - - assert_eq!( - test_point, - gen.mul(&test_scalar), - "Computed value doesn't match test one for point {}", - i - ); - } -} +// #[test] +// /// Repeated addition with the generator. Test vectors are taken from +// /// https://github.com/RustCrypto/elliptic-curves/blob/master/k256/src/test_vectors/group.rs +// fn test_secp256k1_addition_correctness() { +// const ADD_TEST_VECTORS: &[([u8; 32], [u8; 32], [u8; 32])] = &[ +// ( +// hex!("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"), +// hex!("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5"), +// hex!("1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9"), +// hex!("388F7B0F632DE8140FE337E62A37F3566500A99934C2231B6CB9FD7584B8E672"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("E493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13"), +// hex!("51ED993EA0D455B75642E2098EA51448D967AE33BFBDFE40CFE97BDC47739922"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4"), +// hex!("D8AC222636E5E3D6D4DBA9DDA6C9C426F788271BAB0D6840DCA87D3AA6AC62D6"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A1460297556"), +// hex!("AE12777AACFBB620F3BE96017F45C560DE80F0F6518FE4A03C870C36B075F297"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC"), +// hex!("6AEBCA40BA255960A3178D6D861A54DBA813D0B813FDE7B5A5082628087264DA"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("2F01E5E15CCA351DAFF3843FB70F3C2F0A1BDD05E5AF888A67784EF3E10A2A01"), +// hex!("5C4DA8A741539949293D082A132D13B4C2E213D6BA5B7617B5DA2CB76CBDE904"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("ACD484E2F0C7F65309AD178A9F559ABDE09796974C57E714C35F110DFC27CCBE"), +// hex!("CC338921B0A7D9FD64380971763B61E9ADD888A4375F8E0F05CC262AC64F9C37"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("A0434D9E47F3C86235477C7B1AE6AE5D3442D49B1943C2B752A68E2A47E247C7"), +// hex!("893ABA425419BC27A3B6C7E693A24C696F794C2ED877A1593CBEE53B037368D7"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("774AE7F858A9411E5EF4246B70C65AAC5649980BE5C17891BBEC17895DA008CB"), +// hex!("D984A032EB6B5E190243DD56D7B7B365372DB1E2DFF9D6A8301D74C9C953C61B"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("D01115D548E7561B15C38F004D734633687CF4419620095BC5B0F47070AFE85A"), +// hex!("A9F34FFDC815E0D7A8B64537E17BD81579238C5DD9A86D526B051B13F4062327"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8"), +// hex!("0AB0902E8D880A89758212EB65CDAF473A1A06DA521FA91F29B5CB52DB03ED81"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("499FDF9E895E719CFD64E67F07D38E3226AA7B63678949E6E49B241A60E823E4"), +// hex!("CAC2F6C4B54E855190F044E4A7B3D464464279C27A3F95BCC65F40D403A13F5B"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("D7924D4F7D43EA965A465AE3095FF41131E5946F3C85F79E44ADBCF8E27E080E"), +// hex!("581E2872A86C72A683842EC228CC6DEFEA40AF2BD896D3A5C504DC9FF6A26B58"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("E60FCE93B59E9EC53011AABC21C23E97B2A31369B87A5AE9C44EE89E2A6DEC0A"), +// hex!("F7E3507399E595929DB99F34F57937101296891E44D23F0BE1F32CCE69616821"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("DEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34"), +// hex!("4211AB0694635168E997B0EAD2A93DAECED1F4A04A95C0F6CFB199F69E56EB77"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("5601570CB47F238D2B0286DB4A990FA0F3BA28D1A319F5E7CF55C2A2444DA7CC"), +// hex!("C136C1DC0CBEB930E9E298043589351D81D8E0BC736AE2A1F5192E5E8B061D58"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("2B4EA0A797A443D293EF5CFF444F4979F06ACFEBD7E86D277475656138385B6C"), +// hex!("85E89BC037945D93B343083B5A1C86131A01F60C50269763B570C854E5C09B7A"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97"), +// hex!("12BA26DCB10EC1625DA61FA10A844C676162948271D96967450288EE9233DC3A"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ]; +// +// let gen = Secp256k1Jacobian::prime_subgroup_generator(); +// let mut curr_point = gen; +// +// for (i, (x, y, z)) in ADD_TEST_VECTORS.iter().enumerate() { +// let test_point = to_internal_repr(x.to_vec(), y.to_vec(), z.to_vec()); +// assert!( +// test_point.is_valid(), +// "Validity test failed for point {}", +// i +// ); +// assert_eq!( +// test_point, curr_point, +// "Computed value doesn't match test one for point {}", +// i +// ); +// curr_point += &gen; +// } +// } +// +// #[test] +// /// Scalar multiplication with the generator. Test vectors are taken from +// /// https://github.com/RustCrypto/elliptic-curves/blob/master/k256/src/test_vectors/group.rs +// fn test_secp256k1_mul_bits_correctness() { +// use std::ops::Mul; +// +// pub const MUL_TEST_VECTORS: &[([u8; 32], [u8; 32], [u8; 32], [u8; 32])] = &[ +// ( +// hex!("000000000000000000000000000000000000000000000000018EBBB95EED0E13"), +// hex!("A90CC3D3F3E146DAADFC74CA1372207CB4B725AE708CEF713A98EDD73D99EF29"), +// hex!("5A79D6B289610C68BC3B47F3D72F9788A26A06868B4D8E433E1E2AD76FB7DC76"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("0000000000000000000000000000000000159D893D4CDD747246CDCA43590E13"), +// hex!("E5A2636BCFD412EBF36EC45B19BFB68A1BC5F8632E678132B885F7DF99C5E9B3"), +// hex!("736C1CE161AE27B405CAFD2A7520370153C2C861AC51D6C1D5985D9606B45F39"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFAEABB739ABD2280EEFF497A3340D9050"), +// hex!("A6B594B38FB3E77C6EDF78161FADE2041F4E09FD8497DB776E546C41567FEB3C"), +// hex!("71444009192228730CD8237A490FEBA2AFE3D27D7CC1136BC97E439D13330D55"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0"), +// hex!("00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C63"), +// hex!("3F3979BF72AE8202983DC989AEC7F2FF2ED91BDD69CE02FC0700CA100E59DDF3"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0C0325AD0376782CCFDDC6E99C28B0F0"), +// hex!("E24CE4BEEE294AA6350FAA67512B99D388693AE4E7F53D19882A6EA169FC1CE1"), +// hex!("8B71E83545FC2B5872589F99D948C03108D36797C4DE363EBD3FF6A9E1A95B10"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412D"), +// hex!("4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97"), +// hex!("ED45D9234EF13E9DA259E05EF57BB3989E9D6B7D8E269698BAFD77106DCC1FF5"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412E"), +// hex!("2B4EA0A797A443D293EF5CFF444F4979F06ACFEBD7E86D277475656138385B6C"), +// hex!("7A17643FC86BA26C4CBCF7C4A5E379ECE5FE09F3AFD9689C4A8F37AA1A3F60B5"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036412F"), +// hex!("5601570CB47F238D2B0286DB4A990FA0F3BA28D1A319F5E7CF55C2A2444DA7CC"), +// hex!("3EC93E23F34146CF161D67FBCA76CAE27E271F438C951D5E0AE6D1A074F9DED7"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364130"), +// hex!("DEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34"), +// hex!("BDEE54F96B9CAE9716684F152D56C251312E0B5FB56A3F09304E660861A910B8"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364131"), +// hex!("E60FCE93B59E9EC53011AABC21C23E97B2A31369B87A5AE9C44EE89E2A6DEC0A"), +// hex!("081CAF8C661A6A6D624660CB0A86C8EFED6976E1BB2DC0F41E0CD330969E940E"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364132"), +// hex!("D7924D4F7D43EA965A465AE3095FF41131E5946F3C85F79E44ADBCF8E27E080E"), +// hex!("A7E1D78D57938D597C7BD13DD733921015BF50D427692C5A3AFB235F095D90D7"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364133"), +// hex!("499FDF9E895E719CFD64E67F07D38E3226AA7B63678949E6E49B241A60E823E4"), +// hex!("353D093B4AB17AAE6F0FBB1B584C2B9BB9BD863D85C06A4339A0BF2AFC5EBCD4"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364134"), +// hex!("F28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8"), +// hex!("F54F6FD17277F5768A7DED149A3250B8C5E5F925ADE056E0D64A34AC24FC0EAE"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364135"), +// hex!("D01115D548E7561B15C38F004D734633687CF4419620095BC5B0F47070AFE85A"), +// hex!("560CB00237EA1F285749BAC81E8427EA86DC73A2265792AD94FAE4EB0BF9D908"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364136"), +// hex!("774AE7F858A9411E5EF4246B70C65AAC5649980BE5C17891BBEC17895DA008CB"), +// hex!("267B5FCD1494A1E6FDBC22A928484C9AC8D24E1D20062957CFE28B3536AC3614"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364137"), +// hex!("A0434D9E47F3C86235477C7B1AE6AE5D3442D49B1943C2B752A68E2A47E247C7"), +// hex!("76C545BDABE643D85C4938196C5DB3969086B3D127885EA6C3411AC3FC8C9358"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364138"), +// hex!("ACD484E2F0C7F65309AD178A9F559ABDE09796974C57E714C35F110DFC27CCBE"), +// hex!("33CC76DE4F5826029BC7F68E89C49E165227775BC8A071F0FA33D9D439B05FF8"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364139"), +// hex!("2F01E5E15CCA351DAFF3843FB70F3C2F0A1BDD05E5AF888A67784EF3E10A2A01"), +// hex!("A3B25758BEAC66B6D6C2F7D5ECD2EC4B3D1DEC2945A489E84A25D3479342132B"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413A"), +// hex!("5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC"), +// hex!("951435BF45DAA69F5CE8729279E5AB2457EC2F47EC02184A5AF7D9D6F78D9755"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413B"), +// hex!("FFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A1460297556"), +// hex!("51ED8885530449DF0C4169FE80BA3A9F217F0F09AE701B5FC378F3C84F8A0998"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413C"), +// hex!("2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4"), +// hex!("2753DDD9C91A1C292B24562259363BD90877D8E454F297BF235782C459539959"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413D"), +// hex!("E493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13"), +// hex!("AE1266C15F2BAA48A9BD1DF6715AEBB7269851CC404201BF30168422B88C630D"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413E"), +// hex!("F9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9"), +// hex!("C77084F09CD217EBF01CC819D5C80CA99AFF5666CB3DDCE4934602897B4715BD"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD036413F"), +// hex!("C6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5"), +// hex!("E51E970159C23CC65C3A7BE6B99315110809CD9ACD992F1EDC9BCE55AF301705"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ( +// hex!("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364140"), +// hex!("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"), +// hex!("B7C52588D95C3B9AA25B0403F1EEF75702E84BB7597AABE663B82F6F04EF2777"), +// hex!("0000000000000000D10300000100000000000000000000000000000000000000"), +// ), +// ]; +// +// let gen = Secp256k1Jacobian::prime_subgroup_generator(); +// +// for (i, (scalar, x, y, z)) in MUL_TEST_VECTORS.iter().enumerate() { +// let test_point = to_internal_repr(x.to_vec(), y.to_vec(), z.to_vec()); +// assert!( +// test_point.is_valid(), +// "Validity test failed for point {}", +// i +// ); +// +// let test_scalar = { +// let mut scalar = scalar.to_vec(); +// scalar.reverse(); +// scalar.append(&mut vec![0u8; 8]); +// Fr::read(&scalar[..]).unwrap() +// }; +// assert!( +// test_scalar.is_valid(), +// "Validity test failed for scalar {}", +// i +// ); +// +// assert_eq!( +// test_point, +// gen.mul(&test_scalar), +// "Computed value doesn't match test one for point {}", +// i +// ); +// } +// } diff --git a/algebra/src/fft/domain/mod.rs b/algebra/src/fft/domain/mod.rs index b9906e665..a01252a01 100644 --- a/algebra/src/fft/domain/mod.rs +++ b/algebra/src/fft/domain/mod.rs @@ -19,7 +19,7 @@ pub use self::basic_radix_2_domain::*; pub mod mixed_radix_2_domain; pub use self::mixed_radix_2_domain::*; -#[cfg(all(test, feature = "bls12_381"))] +#[cfg(all(test, feature = "tweedle"))] mod test; use crate::PrimeField; diff --git a/algebra/src/groups/group_vec.rs b/algebra/src/groups/group_vec.rs index 5015fb862..3d027a0a0 100644 --- a/algebra/src/groups/group_vec.rs +++ b/algebra/src/groups/group_vec.rs @@ -6,7 +6,7 @@ use crate::{ }; use std::{ ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign, Index}, - io::{Read, Write, Result as IoResult}, + io::{Read, Write, Error as IoError, ErrorKind, Result as IoResult}, fmt::{Display, Formatter, Result as FmtResult}, }; use core::slice::Iter; @@ -51,24 +51,17 @@ impl Default for GroupVec { impl FromBytes for GroupVec { #[inline] fn read(mut reader: R) -> IoResult { - let len = u64::read(&mut reader)?; - let mut items = vec![]; - for _ in 0..(len as usize) { - let item = G::read(&mut reader)?; - items.push(item) - } - Ok(GroupVec(items)) + Ok(GroupVec(CanonicalDeserialize::deserialize(&mut reader) + .map_err(|e| IoError::new(ErrorKind::Other, format!{"{:?}", e}))? + )) } } impl ToBytes for GroupVec { #[inline] fn write(&self, mut writer: W) -> IoResult<()> { - (self.0.len() as u64).write(&mut writer)?; - for item in self.0.iter() { - item.write(&mut writer)?; - } - Ok(()) + CanonicalSerialize::serialize(&self.0, &mut writer) + .map_err(|e| IoError::new(ErrorKind::Other, format!{"{:?}", e})) } } diff --git a/r1cs/gadgets/std/src/bits/boolean.rs b/r1cs/gadgets/std/src/bits/boolean.rs index d71bca164..f1c1d393c 100644 --- a/r1cs/gadgets/std/src/bits/boolean.rs +++ b/r1cs/gadgets/std/src/bits/boolean.rs @@ -946,7 +946,7 @@ impl CondSelectGadget for Boolean { mod test { use super::{AllocatedBit, Boolean}; use crate::{prelude::*, test_constraint_system::TestConstraintSystem}; - use algebra::{fields::bls12_381::Fr, BitIterator, Field, PrimeField, ToBits, UniformRand}; + use algebra::{fields::tweedle::Fr, BitIterator, Group, Field, PrimeField, ToBits, UniformRand}; use r1cs_core::ConstraintSystem; use rand::{Rng, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -1066,8 +1066,8 @@ mod test { assert_eq!(c.value.unwrap(), *a_val | *b_val); assert!(cs.is_satisfied()); - assert!(cs.get("a/boolean") == if *a_val { Field::one() } else { Field::zero() }); - assert!(cs.get("b/boolean") == if *b_val { Field::one() } else { Field::zero() }); + assert!(cs.get("a/boolean") == if *a_val { Fr::one() } else { Fr::zero() }); + assert!(cs.get("b/boolean") == if *b_val { Fr::one() } else { Fr::zero() }); } } } @@ -1083,14 +1083,14 @@ mod test { assert_eq!(c.value.unwrap(), *a_val & *b_val); assert!(cs.is_satisfied()); - assert!(cs.get("a/boolean") == if *a_val { Field::one() } else { Field::zero() }); - assert!(cs.get("b/boolean") == if *b_val { Field::one() } else { Field::zero() }); + assert!(cs.get("a/boolean") == if *a_val { Fr::one() } else { Fr::zero() }); + assert!(cs.get("b/boolean") == if *b_val { Fr::one() } else { Fr::zero() }); assert!( cs.get("and result") == if *a_val & *b_val { - Field::one() + Fr::one() } else { - Field::zero() + Fr::zero() } ); @@ -1098,9 +1098,9 @@ mod test { cs.set( "and result", if *a_val & *b_val { - Field::zero() + Fr::zero() } else { - Field::one() + Fr::one() }, ); assert!(!cs.is_satisfied()); @@ -1119,14 +1119,14 @@ mod test { assert_eq!(c.value.unwrap(), *a_val & !*b_val); assert!(cs.is_satisfied()); - assert!(cs.get("a/boolean") == if *a_val { Field::one() } else { Field::zero() }); - assert!(cs.get("b/boolean") == if *b_val { Field::one() } else { Field::zero() }); + assert!(cs.get("a/boolean") == if *a_val { Fr::one() } else { Fr::zero() }); + assert!(cs.get("b/boolean") == if *b_val { Fr::one() } else { Fr::zero() }); assert!( cs.get("and not result") == if *a_val & !*b_val { - Field::one() + Fr::one() } else { - Field::zero() + Fr::zero() } ); @@ -1134,9 +1134,9 @@ mod test { cs.set( "and not result", if *a_val & !*b_val { - Field::zero() + Fr::zero() } else { - Field::one() + Fr::one() }, ); assert!(!cs.is_satisfied()); @@ -1155,14 +1155,14 @@ mod test { assert_eq!(c.value.unwrap(), !*a_val & !*b_val); assert!(cs.is_satisfied()); - assert!(cs.get("a/boolean") == if *a_val { Field::one() } else { Field::zero() }); - assert!(cs.get("b/boolean") == if *b_val { Field::one() } else { Field::zero() }); + assert!(cs.get("a/boolean") == if *a_val { Fr::one() } else { Fr::zero() }); + assert!(cs.get("b/boolean") == if *b_val { Fr::one() } else { Fr::zero() }); assert!( cs.get("nor result") == if !*a_val & !*b_val { - Field::one() + Fr::one() } else { - Field::zero() + Fr::zero() } ); @@ -1170,9 +1170,9 @@ mod test { cs.set( "nor result", if !*a_val & !*b_val { - Field::zero() + Fr::zero() } else { - Field::one() + Fr::one() }, ); assert!(!cs.is_satisfied()); @@ -1398,7 +1398,7 @@ mod test { OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("xor result") == Field::zero()); + assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1406,7 +1406,7 @@ mod test { OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("xor result") == Field::one()); + assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); } ( @@ -1414,7 +1414,7 @@ mod test { OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { - assert!(cs.get("xor result") == Field::zero()); + assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1422,7 +1422,7 @@ mod test { OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { - assert!(cs.get("xor result") == Field::one()); + assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); } @@ -1433,7 +1433,7 @@ mod test { OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("xor result") == Field::one()); + assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); } ( @@ -1441,7 +1441,7 @@ mod test { OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("xor result") == Field::zero()); + assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1449,7 +1449,7 @@ mod test { OperandType::NegatedAllocatedTrue, Boolean::Not(ref v), ) => { - assert!(cs.get("xor result") == Field::one()); + assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); } ( @@ -1457,7 +1457,7 @@ mod test { OperandType::NegatedAllocatedFalse, Boolean::Not(ref v), ) => { - assert!(cs.get("xor result") == Field::zero()); + assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } @@ -1468,7 +1468,7 @@ mod test { OperandType::AllocatedTrue, Boolean::Not(ref v), ) => { - assert!(cs.get("xor result") == Field::zero()); + assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1476,7 +1476,7 @@ mod test { OperandType::AllocatedFalse, Boolean::Not(ref v), ) => { - assert!(cs.get("xor result") == Field::one()); + assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); } ( @@ -1484,7 +1484,7 @@ mod test { OperandType::NegatedAllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("xor result") == Field::zero()); + assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1492,7 +1492,7 @@ mod test { OperandType::NegatedAllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("xor result") == Field::one()); + assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); } @@ -1503,7 +1503,7 @@ mod test { OperandType::AllocatedTrue, Boolean::Not(ref v), ) => { - assert!(cs.get("xor result") == Field::one()); + assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); } ( @@ -1511,7 +1511,7 @@ mod test { OperandType::AllocatedFalse, Boolean::Not(ref v), ) => { - assert!(cs.get("xor result") == Field::zero()); + assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1519,7 +1519,7 @@ mod test { OperandType::NegatedAllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("xor result") == Field::one()); + assert!(cs.get("xor result") == Fr::one()); assert_eq!(v.value, Some(true)); } ( @@ -1527,7 +1527,7 @@ mod test { OperandType::NegatedAllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("xor result") == Field::zero()); + assert!(cs.get("xor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } @@ -1902,7 +1902,7 @@ mod test { OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("and result") == Field::one()); + assert!(cs.get("and result") == Fr::one()); assert_eq!(v.value, Some(true)); } ( @@ -1910,7 +1910,7 @@ mod test { OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("and result") == Field::zero()); + assert!(cs.get("and result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1918,7 +1918,7 @@ mod test { OperandType::NegatedAllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("and not result") == Field::zero()); + assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1926,7 +1926,7 @@ mod test { OperandType::NegatedAllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("and not result") == Field::one()); + assert!(cs.get("and not result") == Fr::one()); assert_eq!(v.value, Some(true)); } @@ -1938,7 +1938,7 @@ mod test { OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("and result") == Field::zero()); + assert!(cs.get("and result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1946,7 +1946,7 @@ mod test { OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("and result") == Field::zero()); + assert!(cs.get("and result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1954,7 +1954,7 @@ mod test { OperandType::NegatedAllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("and not result") == Field::zero()); + assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1962,7 +1962,7 @@ mod test { OperandType::NegatedAllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("and not result") == Field::zero()); + assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); } @@ -1977,7 +1977,7 @@ mod test { OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("and not result") == Field::zero()); + assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1985,7 +1985,7 @@ mod test { OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("and not result") == Field::zero()); + assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -1993,7 +1993,7 @@ mod test { OperandType::NegatedAllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("nor result") == Field::zero()); + assert!(cs.get("nor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -2001,7 +2001,7 @@ mod test { OperandType::NegatedAllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("nor result") == Field::zero()); + assert!(cs.get("nor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } @@ -2016,7 +2016,7 @@ mod test { OperandType::AllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("and not result") == Field::one()); + assert!(cs.get("and not result") == Fr::one()); assert_eq!(v.value, Some(true)); } ( @@ -2024,7 +2024,7 @@ mod test { OperandType::AllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("and not result") == Field::zero()); + assert!(cs.get("and not result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -2032,7 +2032,7 @@ mod test { OperandType::NegatedAllocatedTrue, Boolean::Is(ref v), ) => { - assert!(cs.get("nor result") == Field::zero()); + assert!(cs.get("nor result") == Fr::zero()); assert_eq!(v.value, Some(false)); } ( @@ -2040,7 +2040,7 @@ mod test { OperandType::NegatedAllocatedFalse, Boolean::Is(ref v), ) => { - assert!(cs.get("nor result") == Field::one()); + assert!(cs.get("nor result") == Fr::one()); assert_eq!(v.value, Some(true)); } diff --git a/r1cs/gadgets/std/src/bits/uint32.rs b/r1cs/gadgets/std/src/bits/uint32.rs index 59a14bbbd..21e3aae80 100644 --- a/r1cs/gadgets/std/src/bits/uint32.rs +++ b/r1cs/gadgets/std/src/bits/uint32.rs @@ -426,7 +426,10 @@ mod test { use crate::{ bits::boolean::Boolean, eq::MultiEq, test_constraint_system::TestConstraintSystem, }; - use algebra::fields::{bls12_381::Fr, Field}; + use algebra::{ + Group, + fields::{tweedle::Fr, Field} + }; use r1cs_core::ConstraintSystem; use rand::{Rng, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -591,9 +594,9 @@ mod test { // Flip a bit_gadget and see if the addition constraint still works if cs.get("addition/result bit 0/boolean").is_zero() { - cs.set("addition/result bit 0/boolean", Field::one()); + cs.set("addition/result bit 0/boolean", Fr::one()); } else { - cs.set("addition/result bit 0/boolean", Field::zero()); + cs.set("addition/result bit 0/boolean", Fr::zero()); } assert!(!cs.is_satisfied()); diff --git a/r1cs/gadgets/std/src/bits/uint64.rs b/r1cs/gadgets/std/src/bits/uint64.rs index 6d461ee33..e1df45c09 100644 --- a/r1cs/gadgets/std/src/bits/uint64.rs +++ b/r1cs/gadgets/std/src/bits/uint64.rs @@ -365,7 +365,10 @@ impl EqGadget for UInt64 { mod test { use super::UInt64; use crate::{bits::boolean::Boolean, test_constraint_system::TestConstraintSystem}; - use algebra::fields::{bls12_381::Fr, Field}; + use algebra::{ + Group, + fields::{tweedle::Fr, Field} + }; use r1cs_core::ConstraintSystem; use rand::{Rng, SeedableRng}; use rand_xorshift::XorShiftRng; diff --git a/r1cs/gadgets/std/src/bits/uint8.rs b/r1cs/gadgets/std/src/bits/uint8.rs index 4f3dc10fa..a38da05d8 100644 --- a/r1cs/gadgets/std/src/bits/uint8.rs +++ b/r1cs/gadgets/std/src/bits/uint8.rs @@ -385,7 +385,10 @@ impl CondSelectGadget for UInt8 { mod test { use super::UInt8; use crate::{boolean::AllocatedBit, prelude::*, test_constraint_system::TestConstraintSystem}; - use algebra::fields::bls12_381::Fr; + use algebra::{ + Group, + fields::tweedle::Fr + }; use r1cs_core::ConstraintSystem; use rand::{Rng, RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; diff --git a/r1cs/gadgets/std/src/fields/nonnative/tests.rs b/r1cs/gadgets/std/src/fields/nonnative/tests.rs index 6d9afc55f..854313d9d 100644 --- a/r1cs/gadgets/std/src/fields/nonnative/tests.rs +++ b/r1cs/gadgets/std/src/fields/nonnative/tests.rs @@ -14,8 +14,7 @@ use crate::{ }; use algebra::{ fields::{ - bn_382::{Fq as Bn382Fq, Fr as Bn382Fr}, - secp256k1::Fq as secp256k1Fq, + // secp256k1::Fq as secp256k1Fq, tweedle::{Fq as TweedleFq, Fr as TweedleFr}, FpParameters, PrimeField, }, @@ -1014,11 +1013,11 @@ macro_rules! nonnative_test { // Implementation of the above non-native arithmetic tests for different curves nonnative_test!(TweedleFqFr, TweedleFq, TweedleFr); nonnative_test!(TweedleFrFq, TweedleFr, TweedleFq); -nonnative_test!(Bn382FqFr, Bn382Fq, Bn382Fr); -nonnative_test!(Bn382FrFq, Bn382Fr, Bn382Fq); -nonnative_test!(Bn382Frsecp256k1Fq, Bn382Fr, secp256k1Fq); -nonnative_test!(Bn382Fqsecp256k1Fq, Bn382Fq, secp256k1Fq); -nonnative_test!(Bn382FrTweedleFq, Bn382Fr, TweedleFq); +// nonnative_test!(Bn382FqFr, Bn382Fq, Bn382Fr); +// nonnative_test!(Bn382FrFq, Bn382Fr, Bn382Fq); +// nonnative_test!(Bn382Frsecp256k1Fq, Bn382Fr, secp256k1Fq); +// nonnative_test!(Bn382Fqsecp256k1Fq, Bn382Fq, secp256k1Fq); +// nonnative_test!(Bn382FrTweedleFq, Bn382Fr, TweedleFq); // TODO: This test, along with some others, seems to cause troubles // with the enforce_in_field gadget. Fix it. /*nonnative_test!( diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs index 16faa3df3..95231763e 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/mod.rs @@ -1,4 +1,4 @@ pub mod short_weierstrass_jacobian; pub use self::short_weierstrass_jacobian::*; -// pub mod short_weierstrass_projective; +pub mod short_weierstrass_projective; diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs index 858891ada..ff5eaa1dc 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_jacobian.rs @@ -3,12 +3,8 @@ use algebra::{ fields::{Field, PrimeField, BitIterator}, curves::{ Curve, - models::{ - SWModelParameters, EndoMulParameters, - short_weierstrass_jacobian::{ - AffineRep as SWAffine, Jacobian as SWProjective, - } - } + SWModelParameters, EndoMulParameters, + short_weierstrass_jacobian::{AffineRep, Jacobian} }, }; use r1cs_core::{ConstraintSystem, SynthesisError}; @@ -31,20 +27,22 @@ pub struct AffineGadget< > { pub x: F, pub y: F, + pub infinity: Boolean, _params: PhantomData

, _engine: PhantomData, } impl AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { - pub fn new(x: F, y: F) -> Self { + pub fn new(x: F, y: F, infinity: Boolean) -> Self { Self { x, y, + infinity, _params: PhantomData, _engine: PhantomData, } @@ -119,7 +117,7 @@ where let x1_minus_x3 = self.x.sub(cs.ns(|| "x1 - x3"), &x_3)?; lambda.mul_equals(cs.ns(|| ""), &x1_minus_x3, &y3_plus_y1)?; - Ok(Self::new(x_3, y_3)) + Ok(Self::new(x_3, y_3, Boolean::Constant(false))) } #[inline] @@ -255,7 +253,7 @@ where let x1_minus_x4 = self.x.sub(cs.ns(|| "x1 - x4"), &x_4)?; lambda_2.mul_equals(cs.ns(|| ""), &x1_minus_x4, &y4_plus_y1)?; - Ok(Self::new(x_4, y_4)) + Ok(Self::new(x_4, y_4, Boolean::Constant(false))) } #[inline] @@ -284,10 +282,10 @@ where } impl PartialEq for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { fn eq(&self, other: &Self) -> bool { self.x == other.x && self.y == other.y @@ -295,21 +293,21 @@ where } impl Eq for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { } -impl GroupGadget, ConstraintF> - for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, +impl GroupGadget, ConstraintF> +for AffineGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { - type Value = SWProjective

; + type Value = Jacobian

; type Variable = (F::Variable, F::Variable); #[inline] @@ -317,11 +315,18 @@ where match ( self.x.get_value(), self.y.get_value(), + self.infinity.get_value(), ) { - (Some(x), Some(y)) => { - Some(SWProjective::from_affine(&SWAffine::new(x, y))) + (Some(x), Some(y), Some(infinity)) => { + Some( + if infinity { + Jacobian::

::zero() + } else { + Jacobian::

::from_affine(&AffineRep::

::new(x, y)) + } + ) } - (None, None) => None, + (None, None, None) => None, _ => unreachable!(), } } @@ -332,13 +337,17 @@ where } #[inline] - fn zero>(mut _cs: CS) -> Result { - Err(SynthesisError::Other("Affine cannot be zero".to_owned()))? + fn zero>(mut cs: CS) -> Result { + Ok(Self::new( + F::zero(cs.ns(|| "zero"))?, + F::one(cs.ns(|| "one"))?, + Boolean::constant(true), + )) } #[inline] fn is_zero>(&self, _: CS) -> Result { - Ok(Boolean::Constant(false)) + Ok(self.infinity) } #[inline] @@ -357,7 +366,7 @@ where fn add_constant>( &self, mut cs: CS, - other: &SWProjective

, + other: &Jacobian

, ) -> Result { // lambda = (B.y - A.y)/(B.x - A.x) // C.x = lambda^2 - A.x - B.x @@ -377,7 +386,7 @@ where if other.is_zero() { return Err(SynthesisError::AssignmentMissing); } - let other = other.into_affine()?; + let other = other.into_affine().unwrap(); let other_x = other.x; let other_y = other.y; @@ -426,7 +435,7 @@ where lambda.mul_equals(cs.ns(|| ""), &x1_minus_x3, &y3_plus_y1)?; - Ok(Self::new(x_3, y_3)) + Ok(Self::new(x_3, y_3, Boolean::Constant(false))) } #[inline] @@ -485,7 +494,7 @@ where &old_y_plus_new_y, )?; - *self = Self::new(x, y); + *self = Self::new(x, y, Boolean::constant(false)); Ok(()) } @@ -496,6 +505,7 @@ where Ok(Self::new( self.x.clone(), self.y.negate(cs.ns(|| "negate y"))?, + self.infinity, )) } @@ -527,12 +537,12 @@ where acc: &mut Self, t: &Self, safe_arithmetics: bool| - -> Result<(), SynthesisError> { + -> Result<(), SynthesisError> { // Q := k[i+1] ? T : −T let neg_y = t.y.negate(cs.ns(|| "neg y"))?; let selected_y = F::conditionally_select(cs.ns(|| "select y or -y"), bit, &t.y, &neg_y)?; - let q = Self::new(t.x.clone(), selected_y); + let q = Self::new(t.x.clone(), selected_y, t.infinity); // Acc := (Acc + Q) + Acc using double_and_add_internal *acc = acc.double_and_add_internal(cs.ns(|| "double and add"), &q, safe_arithmetics)?; @@ -701,7 +711,7 @@ where /// [Hopwood]: https://github.com/zcash/zcash/issues/3924 #[inline] fn mul_bits_fixed_base<'a, CS: ConstraintSystem>( - base: &'a SWProjective

, + base: &'a Jacobian

, mut cs: CS, bits: &[Boolean], ) -> Result { @@ -726,7 +736,7 @@ where // way. // Init - let mut to_sub = SWProjective::

::zero(); + let mut to_sub = Jacobian::

::zero(); // T = 2^{-1} * base let mut t = { @@ -762,7 +772,7 @@ where let mut table = [three_ti.neg(), ti.neg(), ti, three_ti]; //Compute constants - SWProjective::batch_normalization(&mut table); + Jacobian::batch_normalization(&mut table); let x_coords = [table[0].x, table[1].x, table[2].x, table[3].x]; let y_coords = [table[0].y, table[1].y, table[2].y, table[3].y]; let precomp = Boolean::and(cs.ns(|| format!("b0 AND b1_{}", i)), &bits[0], &bits[1])?; @@ -785,18 +795,18 @@ where match i { // First chunk -> initialize acc chunk if chunk == 0 => { - acc = Self::new(x, y); + acc = Self::new(x, y, Boolean::constant(false)); } // We can use unsafe add, no exception occur chunk if chunk < num_chunks => { - let adder: Self = Self::new(x, y); + let adder: Self = Self::new(x, y, Boolean::constant(false)); acc = acc.add_unsafe(cs.ns(|| format!("Add_{}", i)), &adder)?; } // Last chunk we must use safe add _ => { - let adder: Self = Self::new(x, y); + let adder: Self = Self::new(x, y, Boolean::constant(false)); acc = acc.add(cs.ns(|| format!("Add_{}", i)), &adder)?; } } @@ -819,18 +829,18 @@ where bases: &[B], scalars: &[J], ) -> Result - where - CS: ConstraintSystem, - I: Borrow<[Boolean]>, - J: Borrow<[I]>, - B: Borrow<[SWProjective

]>, + where + CS: ConstraintSystem, + I: Borrow<[Boolean]>, + J: Borrow<[I]>, + B: Borrow<[Jacobian

]>, { const CHUNK_SIZE: usize = 3; let mut sw_result: Option> = None; let mut result: Option> = None; let mut process_segment_result = |mut cs: r1cs_core::Namespace<_, _>, result: &AffineGadget| - -> Result<(), SynthesisError> { + -> Result<(), SynthesisError> { let segment_result = result.clone(); match sw_result { None => { @@ -845,7 +855,7 @@ where }; // Compute ∏(h_i^{m_i}) for all i. for (segment_i, (segment_bits_chunks, segment_powers)) in - scalars.iter().zip(bases.iter()).enumerate() + scalars.iter().zip(bases.iter()).enumerate() { for (i, (bits, base_power)) in segment_bits_chunks .borrow() @@ -866,6 +876,7 @@ where if bits.len() != CHUNK_SIZE { return Err(SynthesisError::Unsatisfiable); } + // TODO: check if zero possible let coords = coords.iter().map(|p| p.into_affine()).collect::, _>>()?; let x_coeffs = coords.iter().map(|p| p.x).collect::>(); let y_coeffs = coords.iter().map(|p| p.y).collect::>(); @@ -886,7 +897,7 @@ where &precomp, &y_coeffs, )?; - let tmp = Self::new(x, y); + let tmp = Self::new(x, y, Boolean::constant(false)); match result { None => { result = Some(tmp); @@ -917,12 +928,12 @@ where } } -impl EndoMulCurveGadget, ConstraintF> - for AffineGadget -where - P: EndoMulParameters, - ConstraintF: PrimeField, - F: FieldGadget, +impl EndoMulCurveGadget, ConstraintF> +for AffineGadget + where + P: EndoMulParameters, + ConstraintF: PrimeField, + F: FieldGadget, { /// Given an arbitrary curve element `&self`, applies the endomorphism /// defined by `ENDO_COEFF`. @@ -933,6 +944,7 @@ where Ok(Self::new( self.x.mul_by_constant(cs.ns(|| "endo x"), &P::ENDO_COEFF)?, self.y.clone(), + self.infinity, )) } @@ -985,6 +997,7 @@ where &self.y, &self_y_neg, )?, + self.infinity, ); // The unsafe double and add, takes 5 constraints. @@ -996,10 +1009,10 @@ where } impl CondSelectGadget for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { #[inline] fn conditionally_select>( @@ -1010,8 +1023,14 @@ where ) -> Result { let x = F::conditionally_select(&mut cs.ns(|| "x"), cond, &first.x, &second.x)?; let y = F::conditionally_select(&mut cs.ns(|| "y"), cond, &first.y, &second.y)?; + let infinity = Boolean::conditionally_select( + &mut cs.ns(|| "infinity"), + cond, + &first.infinity, + &second.infinity, + )?; - Ok(Self::new(x, y)) + Ok(Self::new(x, y, infinity)) } fn cost() -> usize { @@ -1021,10 +1040,10 @@ where } impl EqGadget for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { fn is_eq>( &self, @@ -1033,7 +1052,17 @@ where ) -> Result { let b0 = self.x.is_eq(cs.ns(|| "x"), &other.x)?; let b1 = self.y.is_eq(cs.ns(|| "y"), &other.y)?; - Boolean::and(cs.ns(|| "x AND y"), &b0, &b1) + let coordinates_equal = Boolean::and(cs.ns(|| "x AND y"), &b0, &b1)?; + let both_are_zero = Boolean::and( + cs.ns(|| "self.infinity AND other.infinity"), + &self.infinity, + &other.infinity, + )?; + Boolean::or( + cs.ns(|| "coordinates_equal OR both_are_zero"), + &coordinates_equal, + &both_are_zero, + ) } #[inline] @@ -1065,37 +1094,43 @@ where &is_equal, should_enforce, )? - .enforce_equal( - cs.ns(|| "is_equal AND should_enforce == false"), - &Boolean::Constant(false), - ) + .enforce_equal( + cs.ns(|| "is_equal AND should_enforce == false"), + &Boolean::Constant(false), + ) } } -impl AllocGadget, ConstraintF> - for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, +impl AllocGadget, ConstraintF> +for AffineGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { #[inline] fn alloc>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { - let (x, y) = match value_gen() { + let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine()?; - (Ok(ge.x), Ok(ge.y)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), + Err(SynthesisError::AssignmentMissing), ), }; @@ -1105,6 +1140,7 @@ where let x = F::alloc(&mut cs.ns(|| "x"), || x)?; let y = F::alloc(&mut cs.ns(|| "y"), || y)?; + let infinity = Boolean::alloc(&mut cs.ns(|| "infinity"), || infinity)?; // Check that y^2 = x^3 + ax +b // We do this by checking that y^2 - b = x * (x^2 +a) @@ -1119,10 +1155,10 @@ where x2_plus_a_times_x.conditional_enforce_equal( cs.ns(|| "on curve check"), &y2_minus_b, - &Boolean::Constant(true), + &infinity.not(), )?; - Ok(Self::new(x, y)) + Ok(Self::new(x, y, infinity)) } #[inline] @@ -1130,25 +1166,32 @@ where mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { - let (x, y) = match value_gen() { + let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine()?; - (Ok(ge.x), Ok(ge.y)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), + Err(SynthesisError::AssignmentMissing), ), }; let x = F::alloc(&mut cs.ns(|| "x"), || x)?; let y = F::alloc(&mut cs.ns(|| "y"), || y)?; + let infinity = Boolean::alloc(&mut cs.ns(|| "infinity"), || infinity)?; - Ok(Self::new(x, y)) + Ok(Self::new(x, y, infinity)) } #[inline] @@ -1156,9 +1199,9 @@ where mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| -> Result { @@ -1235,18 +1278,24 @@ where mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { - let (x, y) = match value_gen() { + let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine()?; - (Ok(ge.x), Ok(ge.y)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), + Err(SynthesisError::AssignmentMissing), ), }; @@ -1255,6 +1304,7 @@ where let x = F::alloc_input(&mut cs.ns(|| "x"), || x)?; let y = F::alloc_input(&mut cs.ns(|| "y"), || y)?; + let infinity = Boolean::alloc_input(&mut cs.ns(|| "infinity"), || infinity)?; // Check that y^2 = x^3 + ax +b // We do this by checking that y^2 - b = x * (x^2 +a) @@ -1269,46 +1319,53 @@ where x2_plus_a_times_x.conditional_enforce_equal( cs.ns(|| "on curve check"), &y2_minus_b, - &Boolean::constant(true), + &infinity.not(), )?; - Ok(Self::new(x, y)) + Ok(Self::new(x, y, infinity)) } } -impl ConstantGadget, ConstraintF> - for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, +impl ConstantGadget, ConstraintF> +for AffineGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { - fn from_value>(mut cs: CS, value: &SWProjective

) -> Self { - // TODO: should be wrapped by error handler - let value = value.into_affine().unwrap(); - let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); - let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); - - Self::new(x, y) + fn from_value>(mut cs: CS, value: &Jacobian

) -> Self { + if value.is_zero() { + Self::zero(cs).unwrap() + } else { + let value = value.into_affine().unwrap(); + let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); + let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); + let infinity = Boolean::constant(false); + Self::new(x, y, infinity) + } } - fn get_constant(&self) -> SWProjective

{ - let value_proj = SWProjective::from_affine(&SWAffine::

::new( - self.x.get_value().unwrap(), - self.y.get_value().unwrap(), - )); + fn get_constant(&self) -> Jacobian

{ + let value_proj = if self.infinity.get_value().unwrap() { + Jacobian::

::zero() + } else { + Jacobian::

::from_affine(&AffineRep::

::new( + self.x.get_value().unwrap(), + self.y.get_value().unwrap(), + )) + }; let x = value_proj.x; let y = value_proj.y; let z = value_proj.z; - SWProjective::

::new(x, y, z) + Jacobian::

::new(x, y, z) } } impl ToBitsGadget for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { fn to_bits>( &self, @@ -1317,6 +1374,7 @@ where let mut x_bits = self.x.to_bits(&mut cs.ns(|| "X Coordinate To Bits"))?; let y_bits = self.y.to_bits(&mut cs.ns(|| "Y Coordinate To Bits"))?; x_bits.extend_from_slice(&y_bits); + x_bits.push(self.infinity); Ok(x_bits) } @@ -1331,16 +1389,17 @@ where .y .to_bits_strict(&mut cs.ns(|| "Y Coordinate To Bits"))?; x_bits.extend_from_slice(&y_bits); + x_bits.push(self.infinity); Ok(x_bits) } } impl ToBytesGadget for AffineGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - F: FieldGadget, + where + P: SWModelParameters, + ConstraintF: PrimeField, + F: FieldGadget, { fn to_bytes>( &self, @@ -1348,7 +1407,9 @@ where ) -> Result, SynthesisError> { let mut x_bytes = self.x.to_bytes(&mut cs.ns(|| "X Coordinate To Bytes"))?; let y_bytes = self.y.to_bytes(&mut cs.ns(|| "Y Coordinate To Bytes"))?; + let inf_bytes = self.infinity.to_bytes(&mut cs.ns(|| "Infinity to Bytes"))?; x_bytes.extend_from_slice(&y_bytes); + x_bytes.extend_from_slice(&inf_bytes); Ok(x_bytes) } @@ -1362,7 +1423,9 @@ where let y_bytes = self .y .to_bytes_strict(&mut cs.ns(|| "Y Coordinate To Bytes"))?; + let inf_bytes = self.infinity.to_bytes(&mut cs.ns(|| "Infinity to Bytes"))?; x_bytes.extend_from_slice(&y_bytes); + x_bytes.extend_from_slice(&inf_bytes); Ok(x_bytes) } @@ -1379,8 +1442,8 @@ pub struct CompressAffinePointGadget { } impl CompressAffinePointGadget -where - ConstraintF: PrimeField, + where + ConstraintF: PrimeField, { pub fn new(x: FpGadget, y: FpGadget, infinity: Boolean) -> Self { Self { @@ -1397,8 +1460,8 @@ use crate::groups::EndoMulCurveGadget; use crate::ToCompressedBitsGadget; impl ToCompressedBitsGadget for CompressAffinePointGadget -where - ConstraintF: PrimeField, + where + ConstraintF: PrimeField, { /// Enforce compression of a point through serialization of the x coordinate and storing /// a sign bit for the y coordinate. diff --git a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs index f35525e6c..bd78c4d83 100644 --- a/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs +++ b/r1cs/gadgets/std/src/groups/curves/short_weierstrass/short_weierstrass_projective.rs @@ -3,12 +3,8 @@ use algebra::{ fields::{Field, PrimeField, BitIterator}, curves::{ Curve, - models::{ - SWModelParameters, EndoMulParameters, - short_weierstrass_projective::{ - AffineRep as SWAffine, Projective as SWProjective, - } - } + SWModelParameters, EndoMulParameters, + short_weierstrass_projective::{AffineRep, Projective} }, }; @@ -305,14 +301,14 @@ where { } -impl GroupGadget, ConstraintF> +impl GroupGadget, ConstraintF> for AffineGadget where P: SWModelParameters, ConstraintF: PrimeField, F: FieldGadget, { - type Value = SWProjective

; + type Value = Projective

; type Variable = (F::Variable, F::Variable); #[inline] @@ -323,7 +319,13 @@ where self.infinity.get_value(), ) { (Some(x), Some(y), Some(infinity)) => { - Some(SWAffine::new(x, y, infinity).into_projective()) + Some( + if infinity { + Projective::

::zero() + } else { + Projective::

::from_affine(&AffineRep::

::new(x, y)) + } + ) } (None, None, None) => None, _ => unreachable!(), @@ -365,7 +367,7 @@ where fn add_constant>( &self, mut cs: CS, - other: &SWProjective

, + other: &Projective

, ) -> Result { // lambda = (B.y - A.y)/(B.x - A.x) // C.x = lambda^2 - A.x - B.x @@ -385,7 +387,7 @@ where if other.is_zero() { return Err(SynthesisError::AssignmentMissing); } - let other = other.into_affine(); + let other = other.into_affine().unwrap(); let other_x = other.x; let other_y = other.y; @@ -710,7 +712,7 @@ where /// [Hopwood]: https://github.com/zcash/zcash/issues/3924 #[inline] fn mul_bits_fixed_base<'a, CS: ConstraintSystem>( - base: &'a SWProjective

, + base: &'a Projective

, mut cs: CS, bits: &[Boolean], ) -> Result { @@ -735,7 +737,7 @@ where // way. // Init - let mut to_sub = SWProjective::

::zero(); + let mut to_sub = Projective::

::zero(); // T = 2^{-1} * base let mut t = { @@ -771,7 +773,7 @@ where let mut table = [three_ti.neg(), ti.neg(), ti, three_ti]; //Compute constants - SWProjective::batch_normalization(&mut table); + Projective::batch_normalization(&mut table); let x_coords = [table[0].x, table[1].x, table[2].x, table[3].x]; let y_coords = [table[0].y, table[1].y, table[2].y, table[3].y]; let precomp = Boolean::and(cs.ns(|| format!("b0 AND b1_{}", i)), &bits[0], &bits[1])?; @@ -832,7 +834,7 @@ where CS: ConstraintSystem, I: Borrow<[Boolean]>, J: Borrow<[I]>, - B: Borrow<[SWProjective

]>, + B: Borrow<[Projective

]>, { const CHUNK_SIZE: usize = 3; let mut sw_result: Option> = None; @@ -875,7 +877,8 @@ where if bits.len() != CHUNK_SIZE { return Err(SynthesisError::Unsatisfiable); } - let coords = coords.iter().map(|p| p.into_affine()).collect::>(); + // TODO: check if zero possible + let coords = coords.iter().map(|p| p.into_affine()).collect::, _>>()?; let x_coeffs = coords.iter().map(|p| p.x).collect::>(); let y_coeffs = coords.iter().map(|p| p.y).collect::>(); let precomp = Boolean::and( @@ -926,7 +929,7 @@ where } } -impl EndoMulCurveGadget, ConstraintF> +impl EndoMulCurveGadget, ConstraintF> for AffineGadget where P: EndoMulParameters, @@ -1099,7 +1102,7 @@ where } } -impl AllocGadget, ConstraintF> +impl AllocGadget, ConstraintF> for AffineGadget where P: SWModelParameters, @@ -1113,12 +1116,17 @@ where ) -> Result where FN: FnOnce() -> Result, - T: Borrow>, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), @@ -1161,12 +1169,17 @@ where ) -> Result where FN: FnOnce() -> Result, - T: Borrow>, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), @@ -1189,7 +1202,7 @@ where ) -> Result where FN: FnOnce() -> Result, - T: Borrow>, + T: Borrow>, { let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| -> Result { @@ -1208,9 +1221,7 @@ where let ge = Self::alloc(cs.ns(|| "Alloc checked"), || { value_gen().map(|ge| { ge.borrow() - .into_affine() - .mul_by_cofactor_inv() - .into_projective() + .scale_by_cofactor_inv() }) })?; let mut seen_one = false; @@ -1270,12 +1281,17 @@ where ) -> Result where FN: FnOnce() -> Result, - T: Borrow>, + T: Borrow>, { let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine(); - (Ok(ge.x), Ok(ge.y), Ok(ge.infinity)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), @@ -1311,33 +1327,38 @@ where } } -impl ConstantGadget, ConstraintF> +impl ConstantGadget, ConstraintF> for AffineGadget where P: SWModelParameters, ConstraintF: PrimeField, F: FieldGadget, { - fn from_value>(mut cs: CS, value: &SWProjective

) -> Self { - let value = value.into_affine(); - let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); - let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); - let infinity = Boolean::constant(value.infinity); - - Self::new(x, y, infinity) + fn from_value>(mut cs: CS, value: &Projective

) -> Self { + if value.is_zero() { + Self::zero(cs).unwrap() + } else { + let value = value.into_affine().unwrap(); + let x = F::from_value(cs.ns(|| "hardcode x"), &value.x); + let y = F::from_value(cs.ns(|| "hardcode y"), &value.y); + let infinity = Boolean::constant(false); + Self::new(x, y, infinity) + } } - fn get_constant(&self) -> SWProjective

{ - let value_proj = SWAffine::

::new( - self.x.get_value().unwrap(), - self.y.get_value().unwrap(), - self.infinity.get_value().unwrap(), - ) - .into_projective(); + fn get_constant(&self) -> Projective

{ + let value_proj = if self.infinity.get_value().unwrap() { + Projective::

::zero() + } else { + Projective::

::from_affine(&AffineRep::

::new( + self.x.get_value().unwrap(), + self.y.get_value().unwrap(), + )) + }; let x = value_proj.x; let y = value_proj.y; let z = value_proj.z; - SWProjective::

::new(x, y, z) + Projective::

::new(x, y, z) } } diff --git a/r1cs/gadgets/std/src/groups/curves/twisted_edwards/mod.rs b/r1cs/gadgets/std/src/groups/curves/twisted_edwards/mod.rs index 1791b3bc5..1b2968ceb 100644 --- a/r1cs/gadgets/std/src/groups/curves/twisted_edwards/mod.rs +++ b/r1cs/gadgets/std/src/groups/curves/twisted_edwards/mod.rs @@ -36,7 +36,7 @@ mod montgomery_affine_impl { use std::ops::{AddAssign, MulAssign, SubAssign}; impl> - MontgomeryAffineGadget + MontgomeryAffineGadget { pub fn new(x: F, y: F) -> Self { Self { @@ -173,7 +173,7 @@ mod montgomery_affine_impl { let yprime = F::alloc(cs.ns(|| "yprime"), || { Ok(-(self.y.get_value().get()? + &(lambda.get_value().get()? - * &(xprime.get_value().get()? - &self.x.get_value().get()?)))) + * &(xprime.get_value().get()? - &self.x.get_value().get()?)))) })?; let xres = self.x.sub(cs.ns(|| "xres"), &xprime)?; @@ -202,7 +202,7 @@ pub struct AffineGadget< } impl> - AffineGadget +AffineGadget { pub fn new(x: F, y: F) -> Self { Self { @@ -215,10 +215,10 @@ impl PartialEq for AffineGadget -where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn eq(&self, other: &Self) -> bool { self.x == other.x && self.y == other.y @@ -226,10 +226,10 @@ where } impl Eq for AffineGadget -where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, { } @@ -240,10 +240,10 @@ mod affine_impl { use std::ops::Neg; impl GroupGadget, ConstraintF> for AffineGadget - where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, { type Value = TEAffine

; type Variable = (F::Variable, F::Variable); @@ -474,19 +474,19 @@ mod affine_impl { } impl AllocGadget, ConstraintF> for AffineGadget - where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, - Self: GroupGadget, ConstraintF>, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, + Self: GroupGadget, ConstraintF>, { fn alloc>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y) = match value_gen() { Ok(ge) => { @@ -528,9 +528,9 @@ mod affine_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y) = match value_gen() { Ok(ge) => { @@ -554,13 +554,13 @@ mod affine_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| - -> Result { + -> Result { let cofactor_weight = BitIterator::new(P::COFACTOR).filter(|b| *b).count(); // If we multiply by r, we actually multiply by r - 2. let r_minus_1 = (-P::ScalarField::one()).into_repr(); @@ -637,9 +637,9 @@ mod affine_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y) = match value_gen() { Ok(ge) => { @@ -678,11 +678,11 @@ mod affine_impl { } impl ConstantGadget, ConstraintF> for AffineGadget - where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, - Self: GroupGadget, ConstraintF>, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, + Self: GroupGadget, ConstraintF>, { #[inline] fn from_value>(mut cs: CS, value: &TEAffine

) -> Self { @@ -712,11 +712,11 @@ mod projective_impl { use std::ops::Neg; impl GroupGadget, ConstraintF> - for AffineGadget - where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, + for AffineGadget + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, { type Value = TEProjective

; type Variable = (F::Variable, F::Variable); @@ -943,10 +943,10 @@ mod projective_impl { mut cs: CS, scalar_bits_with_base_powers: I, ) -> Result<(), SynthesisError> - where - CS: ConstraintSystem, - I: Iterator)>, - B: Borrow, + where + CS: ConstraintSystem, + I: Iterator)>, + B: Borrow, { let scalar_bits_with_base_powers: Vec<_> = scalar_bits_with_base_powers .map(|(bit, base)| (*bit.borrow(), *base)) @@ -999,11 +999,11 @@ mod projective_impl { bases: &[B], scalars: &[J], ) -> Result - where - CS: ConstraintSystem, - I: Borrow<[Boolean]>, - J: Borrow<[I]>, - B: Borrow<[TEProjective

]>, + where + CS: ConstraintSystem, + I: Borrow<[Boolean]>, + J: Borrow<[I]>, + B: Borrow<[TEProjective

]>, { const CHUNK_SIZE: usize = 3; let mut edwards_result: Option> = None; @@ -1032,7 +1032,7 @@ mod projective_impl { // Compute ∏(h_i^{m_i}) for all i. for (segment_i, (segment_bits_chunks, segment_powers)) in - scalars.iter().zip(bases.iter()).enumerate() + scalars.iter().zip(bases.iter()).enumerate() { for (i, (bits, base_power)) in segment_bits_chunks .borrow() @@ -1124,20 +1124,20 @@ mod projective_impl { } impl AllocGadget, ConstraintF> - for AffineGadget - where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, - Self: GroupGadget, ConstraintF>, + for AffineGadget + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, + Self: GroupGadget, ConstraintF>, { fn alloc>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y) = match value_gen() { Ok(ge) => { @@ -1179,9 +1179,9 @@ mod projective_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y) = match value_gen() { Ok(ge) => { @@ -1205,13 +1205,13 @@ mod projective_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| - -> Result { + -> Result { let cofactor_weight = BitIterator::new(P::COFACTOR).filter(|b| *b).count(); // If we multiply by r, we actually multiply by r - 2. let r_minus_1 = (-P::ScalarField::one()).into_repr(); @@ -1293,9 +1293,9 @@ mod projective_impl { mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let (x, y) = match value_gen() { Ok(ge) => { @@ -1334,12 +1334,12 @@ mod projective_impl { } impl ConstantGadget, ConstraintF> - for AffineGadget - where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, - Self: GroupGadget, ConstraintF>, + for AffineGadget + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, + Self: GroupGadget, ConstraintF>, { #[inline] fn from_value>( @@ -1368,10 +1368,10 @@ mod projective_impl { } impl CondSelectGadget for AffineGadget -where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, { #[inline] fn conditionally_select>( @@ -1392,10 +1392,10 @@ where } impl EqGadget for AffineGadget -where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn is_eq>( &self, @@ -1434,18 +1434,18 @@ where &is_equal, should_enforce, )? - .enforce_equal( - cs.ns(|| "is_equal AND should_enforce == false"), - &Boolean::Constant(false), - ) + .enforce_equal( + cs.ns(|| "is_equal AND should_enforce == false"), + &Boolean::Constant(false), + ) } } impl ToBitsGadget for AffineGadget -where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn to_bits>( &self, @@ -1470,10 +1470,10 @@ where } impl ToBytesGadget for AffineGadget -where - P: TEModelParameters, - ConstraintF: Field, - F: FieldGadget, + where + P: TEModelParameters, + ConstraintF: Field, + F: FieldGadget, { fn to_bytes>( &self, @@ -1500,10 +1500,10 @@ where #[cfg(test)] #[allow(dead_code)] pub(crate) fn test() -where - ConstraintF: Field, - P: TEModelParameters, - GG: GroupGadget, ConstraintF, Value = TEAffine

>, + where + ConstraintF: Field, + P: TEModelParameters, + GG: GroupGadget, ConstraintF, Value = TEAffine

>, { use crate::{ boolean::AllocatedBit, groups::test::group_test, prelude::*, diff --git a/r1cs/gadgets/std/src/groups/mod.rs b/r1cs/gadgets/std/src/groups/mod.rs index b4fe3796e..6541e1a1d 100644 --- a/r1cs/gadgets/std/src/groups/mod.rs +++ b/r1cs/gadgets/std/src/groups/mod.rs @@ -466,7 +466,7 @@ pub(crate) fn scalar_bits_to_constant_length< #[cfg(test)] pub(crate) mod test { use algebra::{ - BigInteger, EndoMulCurve, Field, FpParameters, Group, PrimeField, ProjectiveCurve, ToBits, + BigInteger, Group, Field, Curve, EndoMulCurve, FpParameters, PrimeField, ToBits, UniformRand, }; use r1cs_core::ConstraintSystem; @@ -478,7 +478,7 @@ pub(crate) mod test { #[allow(dead_code)] pub(crate) fn group_test< ConstraintF: Field, - G: Group, + G: Curve, GG: GroupGadget, >() { let mut cs = TestConstraintSystem::::new(); @@ -536,7 +536,7 @@ pub(crate) mod test { #[allow(dead_code)] pub(crate) fn group_test_with_incomplete_add< ConstraintF: Field, - G: Group, + G: Curve, GG: GroupGadget, >() { let mut cs = TestConstraintSystem::::new(); @@ -547,7 +547,7 @@ pub(crate) mod test { let a = GG::alloc(&mut cs.ns(|| "generate_a"), || Ok(a_native)).unwrap(); let b = GG::alloc(&mut cs.ns(|| "generate_b"), || Ok(b_native)).unwrap(); - let _zero = GG::zero(cs.ns(|| "Zero")).unwrap(); + // let _zero = GG::zero(cs.ns(|| "Zero")).unwrap(); // a + b = b + a let a_b = a.add(cs.ns(|| "a_plus_b"), &b).unwrap(); @@ -670,7 +670,7 @@ pub(crate) mod test { #[allow(dead_code)] pub(crate) fn mul_bits_native_test< ConstraintF: Field, - G: Group, + G: Curve, GG: GroupGadget, >() { let mut cs: TestConstraintSystem = TestConstraintSystem::::new(); @@ -716,7 +716,7 @@ pub(crate) mod test { #[allow(dead_code)] pub(crate) fn mul_bits_additivity_test< ConstraintF: Field, - G: Group, + G: Curve, GG: GroupGadget, >() { let mut cs = TestConstraintSystem::::new(); @@ -780,11 +780,11 @@ pub(crate) mod test { #[allow(dead_code)] pub(crate) fn mul_bits_test< ConstraintF: Field, - G: Group, + G: Curve, GG: GroupGadget, >() { for _ in 0..10 { - mul_bits_native_test::(); + // mul_bits_native_test::(); mul_bits_additivity_test::(); } } @@ -792,17 +792,14 @@ pub(crate) mod test { #[allow(dead_code)] pub(crate) fn endo_mul_test< ConstraintF: Field, - G: ProjectiveCurve, + G: EndoMulCurve, GG: EndoMulCurveGadget, >() - where - ::Affine: EndoMulCurve, { let mut cs = TestConstraintSystem::::new(); - let a_native_proj = G::rand(&mut thread_rng()); - let a_native = a_native_proj.into_affine(); - let a = GG::alloc(&mut cs.ns(|| "generate_a"), || Ok(a_native_proj)).unwrap(); + let a_native = G::rand(&mut thread_rng()); + let a = GG::alloc(&mut cs.ns(|| "generate_a"), || Ok(a_native)).unwrap(); let scalar: G::ScalarField = u128::rand(&mut thread_rng()).into(); diff --git a/r1cs/gadgets/std/src/groups/nonnative/short_weierstrass/short_weierstrass_jacobian.rs b/r1cs/gadgets/std/src/groups/nonnative/short_weierstrass/short_weierstrass_jacobian.rs index af23b703b..8fff1f680 100644 --- a/r1cs/gadgets/std/src/groups/nonnative/short_weierstrass/short_weierstrass_jacobian.rs +++ b/r1cs/gadgets/std/src/groups/nonnative/short_weierstrass/short_weierstrass_jacobian.rs @@ -8,12 +8,8 @@ use algebra::{ fields::{Field, PrimeField, SquareRootField, BitIterator}, curves::{ Curve, - models::{ - SWModelParameters, EndoMulParameters, - short_weierstrass_jacobian::{ - AffineRep as SWAffine, Jacobian as SWProjective, - } - } + SWModelParameters, EndoMulParameters, + short_weierstrass_jacobian::{AffineRep, Jacobian} }, }; @@ -46,17 +42,18 @@ pub struct GroupAffineNonNativeGadget< > { pub x: NonNativeFieldGadget, pub y: NonNativeFieldGadget, + pub infinity: Boolean, _params: PhantomData

, } -impl GroupGadget, ConstraintF> - for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +impl GroupGadget, ConstraintF> +for GroupAffineNonNativeGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { - type Value = SWProjective

; + type Value = Jacobian

; type Variable = (); fn add>( @@ -68,13 +65,17 @@ where } #[inline] - fn zero>(mut _cs: CS) -> Result { - Err(SynthesisError::Other("Affine cannot be zero".to_owned()))? + fn zero>(mut cs: CS) -> Result { + Ok(Self::new( + NonNativeFieldGadget::zero(cs.ns(|| "zero"))?, + NonNativeFieldGadget::one(cs.ns(|| "one"))?, + Boolean::constant(true), + )) } #[inline] fn is_zero>(&self, _: CS) -> Result { - Ok(Boolean::Constant(false)) + Ok(self.infinity) } #[inline] @@ -134,7 +135,7 @@ where &old_y_plus_new_y, )?; - *self = Self::new(x, y); + *self = Self::new(x, y, Boolean::constant(false)); Ok(()) } @@ -145,6 +146,7 @@ where Ok(Self::new( self.x.clone(), self.y.negate(cs.ns(|| "negate y"))?, + self.infinity, )) } @@ -153,7 +155,7 @@ where fn add_constant>( &self, mut cs: CS, - other: &SWProjective

, + other: &Jacobian

, ) -> Result { // lambda = (B.y - A.y)/(B.x - A.x) // C.x = lambda^2 - A.x - B.x @@ -173,7 +175,7 @@ where if other.is_zero() { return Err(SynthesisError::AssignmentMissing); } - let other = other.into_affine()?; + let other = other.into_affine().unwrap(); let other_x = other.x; let other_y = other.y; @@ -222,7 +224,7 @@ where lambda.mul_equals(cs.ns(|| ""), &x1_minus_x3, &y3_plus_y1)?; - Ok(Self::new(x_3, y_3)) + Ok(Self::new(x_3, y_3, Boolean::Constant(false))) } /// [Hopwood]'s optimized scalar multiplication, adapted to the general case of no @@ -245,7 +247,7 @@ where acc: &mut Self, t: &Self, safe_arithmetics: bool| - -> Result<(), SynthesisError> { + -> Result<(), SynthesisError> { // Q := k[i+1] ? T : −T let neg_y = t.y.negate(cs.ns(|| "neg y"))?; let selected_y = NonNativeFieldGadget::conditionally_select( @@ -254,7 +256,7 @@ where &t.y, &neg_y, )?; - let q = Self::new(t.x.clone(), selected_y); + let q = Self::new(t.x.clone(), selected_y, t.infinity); // Acc := (Acc + Q) + Acc using double_and_add_internal at 5 constraints *acc = acc.double_and_add_internal(cs.ns(|| "double and add"), &q, safe_arithmetics)?; @@ -354,7 +356,7 @@ where /// described in `fn check_mul_bits_fixed_base_inputs()`. #[inline] fn mul_bits_fixed_base<'a, CS: ConstraintSystem>( - base: &'a SWProjective

, + base: &'a Jacobian

, mut cs: CS, bits: &[Boolean], ) -> Result { @@ -379,7 +381,7 @@ where // way. // Init - let mut to_sub = SWProjective::

::zero(); + let mut to_sub = Jacobian::

::zero(); // T = 2^{-1} * base let mut t = { @@ -415,7 +417,7 @@ where let mut table = [three_ti.neg(), ti.neg(), ti, three_ti]; //Compute constants - SWProjective::batch_normalization(&mut table); + Jacobian::batch_normalization(&mut table); let x_coords = [table[0].x, table[1].x, table[2].x, table[3].x]; let y_coords = [table[0].y, table[1].y, table[2].y, table[3].y]; let precomp = Boolean::and(cs.ns(|| format!("b0 AND b1_{}", i)), &bits[0], &bits[1])?; @@ -438,18 +440,18 @@ where match i { // First chunk -> initialize acc chunk if chunk == 0 => { - acc = Self::new(x, y); + acc = Self::new(x, y, Boolean::constant(false)); } // We can use unsafe add, no exception occur chunk if chunk < num_chunks => { - let adder: Self = Self::new(x, y); + let adder: Self = Self::new(x, y, Boolean::constant(false)); acc = acc.add_unsafe(cs.ns(|| format!("Add_{}", i)), &adder)?; } // Last chunk we must use safe add _ => { - let adder: Self = Self::new(x, y); + let adder: Self = Self::new(x, y, Boolean::constant(false)); acc = acc.add(cs.ns(|| format!("Add_{}", i)), &adder)?; } } @@ -462,15 +464,22 @@ where Ok(acc) } - fn get_value(&self) -> Option<, ConstraintF>>::Value> { + fn get_value(&self) -> Option<, ConstraintF>>::Value> { match ( self.x.get_value(), self.y.get_value(), + self.infinity.get_value(), ) { - (Some(x), Some(y)) => { - Some(SWProjective::from_affine(&SWAffine::

::new(x, y))) + (Some(x), Some(y), Some(infinity)) => { + Some( + if infinity { + Jacobian::

::zero() + } else { + Jacobian::

::from_affine(&AffineRep::

::new(x, y)) + } + ) } - (None, None) => None, + (None, None, None) => None, _ => unreachable!(), } } @@ -488,12 +497,12 @@ where } } -impl EndoMulCurveGadget, ConstraintF> - for GroupAffineNonNativeGadget -where - P: EndoMulParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +impl EndoMulCurveGadget, ConstraintF> +for GroupAffineNonNativeGadget + where + P: EndoMulParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { /// Given an arbitrary curve element `&self`, applies the endomorphism /// defined by `ENDO_COEFF`. @@ -504,6 +513,7 @@ where Ok(Self::new( self.x.mul_by_constant(cs.ns(|| "endo x"), &P::ENDO_COEFF)?, self.y.clone(), + self.infinity, )) } @@ -556,6 +566,7 @@ where &self.y, &self_y_neg, )?, + self.infinity, ); // The unsafe double and add, takes 5 constraints. @@ -567,11 +578,11 @@ where } impl PartialEq - for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +for GroupAffineNonNativeGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { fn eq(&self, other: &Self) -> bool { self.x == other.x && self.y == other.y @@ -579,19 +590,19 @@ where } impl Eq for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { } impl ToBitsGadget - for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +for GroupAffineNonNativeGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { fn to_bits>( &self, @@ -600,6 +611,7 @@ where let mut x_bits = self.x.to_bits(&mut cs.ns(|| "X Coordinate To Bits"))?; let y_bits = self.y.to_bits(&mut cs.ns(|| "Y Coordinate To Bits"))?; x_bits.extend_from_slice(&y_bits); + x_bits.push(self.infinity); Ok(x_bits) } @@ -614,17 +626,18 @@ where .y .to_bits_strict(&mut cs.ns(|| "Y Coordinate To Bits"))?; x_bits.extend_from_slice(&y_bits); + x_bits.push(self.infinity); Ok(x_bits) } } impl ToBytesGadget - for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +for GroupAffineNonNativeGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { fn to_bytes>( &self, @@ -632,7 +645,9 @@ where ) -> Result, SynthesisError> { let mut x_bytes = self.x.to_bytes(&mut cs.ns(|| "X Coordinate To Bytes"))?; let y_bytes = self.y.to_bytes(&mut cs.ns(|| "Y Coordinate To Bytes"))?; + let inf_bytes = self.infinity.to_bytes(&mut cs.ns(|| "Infinity to Bytes"))?; x_bytes.extend_from_slice(&y_bytes); + x_bytes.extend_from_slice(&inf_bytes); Ok(x_bytes) } @@ -646,18 +661,20 @@ where let y_bytes = self .y .to_bytes_strict(&mut cs.ns(|| "Y Coordinate To Bytes"))?; + let inf_bytes = self.infinity.to_bytes(&mut cs.ns(|| "Infinity to Bytes"))?; x_bytes.extend_from_slice(&y_bytes); + x_bytes.extend_from_slice(&inf_bytes); Ok(x_bytes) } } impl EqGadget - for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +for GroupAffineNonNativeGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { fn is_eq>( &self, @@ -666,7 +683,17 @@ where ) -> Result { let b0 = self.x.is_eq(cs.ns(|| "x"), &other.x)?; let b1 = self.y.is_eq(cs.ns(|| "y"), &other.y)?; - Boolean::and(cs.ns(|| "x AND y"), &b0, &b1) + let coordinates_equal = Boolean::and(cs.ns(|| "x AND y"), &b0, &b1)?; + let both_are_zero = Boolean::and( + cs.ns(|| "self.infinity AND other.infinity"), + &self.infinity, + &other.infinity, + )?; + Boolean::or( + cs.ns(|| "coordinates_equal OR both_are_zero"), + &coordinates_equal, + &both_are_zero, + ) } #[inline] @@ -698,26 +725,28 @@ where &is_equal, should_enforce, )? - .enforce_equal( - cs.ns(|| "is_equal AND should_enforce == false"), - &Boolean::Constant(false), - ) + .enforce_equal( + cs.ns(|| "is_equal AND should_enforce == false"), + &Boolean::Constant(false), + ) } } impl GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { pub fn new( x: NonNativeFieldGadget, y: NonNativeFieldGadget, + infinity: Boolean, ) -> Self { Self { x, y, + infinity, _params: PhantomData, } } @@ -791,7 +820,7 @@ where let x1_minus_x3 = self.x.sub(cs.ns(|| "x1 - x3"), &x_3)?; lambda.mul_equals(cs.ns(|| ""), &x1_minus_x3, &y3_plus_y1)?; - Ok(Self::new(x_3, y_3)) + Ok(Self::new(x_3, y_3, Boolean::Constant(false))) } #[inline] @@ -927,7 +956,7 @@ where let x1_minus_x4 = self.x.sub(cs.ns(|| "x1 - x4"), &x_4)?; lambda_2.mul_equals(cs.ns(|| ""), &x1_minus_x4, &y4_plus_y1)?; - Ok(Self::new(x_4, y_4)) + Ok(Self::new(x_4, y_4, Boolean::Constant(false))) } #[inline] @@ -956,11 +985,11 @@ where } impl CondSelectGadget - for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +for GroupAffineNonNativeGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { #[inline] fn conditionally_select>( @@ -981,8 +1010,14 @@ where &first.y, &second.y, )?; + let infinity = Boolean::conditionally_select( + &mut cs.ns(|| "infinity"), + cond, + &first.infinity, + &second.infinity, + )?; - Ok(Self::new(x, y)) + Ok(Self::new(x, y, infinity)) } fn cost() -> usize { @@ -991,58 +1026,71 @@ where } } -impl ConstantGadget, ConstraintF> - for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +impl ConstantGadget, ConstraintF> +for GroupAffineNonNativeGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { - fn from_value>(mut cs: CS, value: &SWProjective

) -> Self { - // TODO: should be wrapper by error handling - let value = value.into_affine().unwrap(); - let x = NonNativeFieldGadget::from_value(cs.ns(|| "hardcode x"), &value.x); - let y = NonNativeFieldGadget::from_value(cs.ns(|| "hardcode y"), &value.y); - - Self::new(x, y) + fn from_value>(mut cs: CS, value: &Jacobian

) -> Self { + if value.is_zero() { + Self::zero(cs).unwrap() + } else { + let value = value.into_affine().unwrap(); + let x = NonNativeFieldGadget::from_value(cs.ns(|| "hardcode x"), &value.x); + let y = NonNativeFieldGadget::from_value(cs.ns(|| "hardcode y"), &value.y); + let infinity = Boolean::constant(false); + Self::new(x, y, infinity) + } } - fn get_constant(&self) -> SWProjective

{ - let value_proj = SWProjective::from_affine(&SWAffine::

::new( - self.x.get_value().unwrap(), - self.y.get_value().unwrap(), - )); + fn get_constant(&self) -> Jacobian

{ + let value_proj = if self.infinity.get_value().unwrap() { + Jacobian::

::zero() + } else { + Jacobian::

::from_affine(&AffineRep::

::new( + self.x.get_value().unwrap(), + self.y.get_value().unwrap(), + )) + }; let x = value_proj.x; let y = value_proj.y; let z = value_proj.z; - SWProjective::

::new(x, y, z) + Jacobian::

::new(x, y, z) } } -impl AllocGadget, ConstraintF> - for GroupAffineNonNativeGadget -where - P: SWModelParameters, - ConstraintF: PrimeField, - SimulationF: PrimeField + SquareRootField, +impl AllocGadget, ConstraintF> +for GroupAffineNonNativeGadget + where + P: SWModelParameters, + ConstraintF: PrimeField, + SimulationF: PrimeField + SquareRootField, { #[inline] fn alloc>( mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { - let (x, y) = match value_gen() { + let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine()?; - (Ok(ge.x), Ok(ge.y)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), + Err(SynthesisError::AssignmentMissing), ), }; @@ -1052,6 +1100,7 @@ where let x = NonNativeFieldGadget::alloc(&mut cs.ns(|| "x"), || x)?; let y = NonNativeFieldGadget::alloc(&mut cs.ns(|| "y"), || y)?; + let infinity = Boolean::alloc(&mut cs.ns(|| "infinity"), || infinity)?; // Check that y^2 = x^3 + ax +b // We do this by checking that y^2 - b = x * (x^2 +a) @@ -1070,10 +1119,10 @@ where x2_plus_a_times_x.conditional_enforce_equal( cs.ns(|| "on curve check"), &y2_minus_b, - &Boolean::constant(true), + &infinity.not(), )?; - Ok(Self::new(x, y)) + Ok(Self::new(x, y, infinity)) } #[inline] @@ -1081,25 +1130,32 @@ where mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { - let (x, y) = match value_gen() { + let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine()?; - (Ok(ge.x), Ok(ge.y)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), + Err(SynthesisError::AssignmentMissing), ), }; let x = NonNativeFieldGadget::alloc(&mut cs.ns(|| "x"), || x)?; let y = NonNativeFieldGadget::alloc(&mut cs.ns(|| "y"), || y)?; + let infinity = Boolean::alloc(&mut cs.ns(|| "infinity"), || infinity)?; - Ok(Self::new(x, y)) + Ok(Self::new(x, y, infinity)) } #[inline] @@ -1107,9 +1163,9 @@ where mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { let alloc_and_prime_order_check = |mut cs: r1cs_core::Namespace<_, _>, value_gen: FN| -> Result { @@ -1184,24 +1240,31 @@ where mut cs: CS, value_gen: FN, ) -> Result - where - FN: FnOnce() -> Result, - T: Borrow>, + where + FN: FnOnce() -> Result, + T: Borrow>, { - let (x, y) = match value_gen() { + let (x, y, infinity) = match value_gen() { Ok(ge) => { - let ge = ge.borrow().into_affine()?; - (Ok(ge.x), Ok(ge.y)) + let ge = ge.borrow(); + if ge.is_zero() { + (Ok(P::BaseField::zero()), Ok(P::BaseField::one()), Ok(true)) + } else { + let ge = ge.into_affine().unwrap(); + (Ok(ge.x), Ok(ge.y), Ok(false)) + } } _ => ( Err(SynthesisError::AssignmentMissing), Err(SynthesisError::AssignmentMissing), + Err(SynthesisError::AssignmentMissing), ), }; let x = NonNativeFieldGadget::alloc_input(&mut cs.ns(|| "x"), || x)?; let y = NonNativeFieldGadget::alloc_input(&mut cs.ns(|| "y"), || y)?; + let infinity = Boolean::alloc_input(&mut cs.ns(|| "infinity"), || infinity)?; - Ok(Self::new(x, y)) + Ok(Self::new(x, y, infinity)) } } diff --git a/r1cs/gadgets/std/src/groups/nonnative/tests.rs b/r1cs/gadgets/std/src/groups/nonnative/tests.rs index 7636d1657..ebc9679c5 100644 --- a/r1cs/gadgets/std/src/groups/nonnative/tests.rs +++ b/r1cs/gadgets/std/src/groups/nonnative/tests.rs @@ -4,7 +4,7 @@ use crate::groups::{ }; use algebra::{ curves::secp256k1::Secp256k1Parameters, - fields::{bn_382::Fr as BN382Fr, secp256k1::Fq as secp256k1Fq}, + fields::{tweedle::Fr as TweedleFr, secp256k1::Fq as secp256k1Fq}, }; macro_rules! nonnative_test_individual { @@ -64,9 +64,9 @@ macro_rules! nonnative_group_test_unsafe_add { } nonnative_group_test_unsafe_add!( - Bn382Frsecp256k1Fq, + TweedleFrsecp256k1Fq, 1, Secp256k1Parameters, - BN382Fr, + TweedleFr, secp256k1Fq ); From a842e30c50d5172dd383ec1224fa4c99cede5b28 Mon Sep 17 00:00:00 2001 From: Phoinic Date: Thu, 2 Dec 2021 01:31:13 +0200 Subject: [PATCH 32/79] Submodules adjusted to refactored state --- Cargo.toml | 21 +- algebra/src/curves/mod.rs | 6 +- .../models/short_weierstrass_jacobian/mod.rs | 7 +- .../short_weierstrass_projective/mod.rs | 7 +- .../models/twisted_edwards_extended/mod.rs | 10 +- algebra/src/groups/group_vec.rs | 9 + .../src/commitment/injective_map/mod.rs | 8 +- primitives/src/commitment/pedersen/mod.rs | 28 +- primitives/src/crh/bowe_hopwood/mod.rs | 29 +- primitives/src/crh/injective_map/mod.rs | 27 +- primitives/src/crh/mod.rs | 26 +- primitives/src/crh/pedersen/mod.rs | 18 +- primitives/src/crh/poseidon/batched_crh.rs | 491 +- primitives/src/crh/poseidon/mod.rs | 1360 +----- .../src/crh/poseidon/parameters/bn382.rs | 2283 ---------- .../src/crh/poseidon/parameters/bn382_dual.rs | 2283 ---------- .../src/crh/poseidon/parameters/mnt4753.rs | 4043 ---------------- .../src/crh/poseidon/parameters/mnt6753.rs | 4044 ----------------- primitives/src/crh/poseidon/parameters/mod.rs | 20 - .../parameters/scripts/ParametersBN382.log | 11 - .../scripts/ParametersBN382dual.log | 11 - .../parameters/scripts/ParametersMNT4Fr.log | 11 - .../parameters/scripts/ParametersMNT6Fr.log | 11 - .../parameters/scripts/permutation_bn382.sage | 109 - .../scripts/permutation_bn382dual.sage | 109 - .../scripts/permutation_mnt4fr.sage | 111 - .../scripts/permutation_mnt6fr.sage | 110 - .../merkle_tree/field_based_mht/naive/mod.rs | 104 +- .../field_based_mht/optimized/mod.rs | 205 +- .../field_based_mht/parameters/bn382.rs | 410 -- .../field_based_mht/parameters/bn382_dual.rs | 410 -- .../field_based_mht/parameters/mnt4753.rs | 605 --- .../field_based_mht/parameters/mnt6753.rs | 606 --- .../field_based_mht/parameters/mod.rs | 20 - .../field_based_mht/parameters/tweedle_dee.rs | 2 +- .../field_based_mht/parameters/tweedle_dum.rs | 2 +- primitives/src/merkle_tree/mod.rs | 52 +- .../signature/schnorr/field_based_schnorr.rs | 96 +- primitives/src/signature/schnorr/mod.rs | 43 +- primitives/src/vrf/ecvrf/mod.rs | 120 +- proof-systems/Cargo.toml | 36 +- proof-systems/run_bench.sh | 2 +- proof-systems/src/darlin/accumulators/dlog.rs | 120 +- proof-systems/src/darlin/accumulators/mod.rs | 7 +- .../src/darlin/benches/accumulate_verify.rs | 22 +- .../src/darlin/benches/batch_verification.rs | 14 +- .../benches/batch_verification_detailed.rs | 38 +- proof-systems/src/darlin/data_structures.rs | 49 +- proof-systems/src/darlin/mod.rs | 20 +- proof-systems/src/darlin/pcd/final_darlin.rs | 32 +- proof-systems/src/darlin/pcd/mod.rs | 24 +- proof-systems/src/darlin/pcd/simple_marlin.rs | 27 +- proof-systems/src/darlin/proof_aggregator.rs | 38 +- .../src/darlin/tests/final_darlin.rs | 54 +- proof-systems/src/darlin/tests/mod.rs | 73 +- .../src/darlin/tests/simple_marlin.rs | 6 +- .../examples/recursive-snark/constraints.rs | 299 -- .../src/gm17/examples/recursive-snark/gm17.rs | 318 -- .../examples/snark-scalability/constraints.rs | 92 - .../gm17/examples/snark-scalability/gm17.rs | 167 - proof-systems/src/gm17/generator.rs | 343 -- proof-systems/src/gm17/mod.rs | 322 -- proof-systems/src/gm17/prover.rs | 355 -- proof-systems/src/gm17/r1cs_to_sap.rs | 251 - proof-systems/src/gm17/test.rs | 82 - proof-systems/src/gm17/tests/mimc.rs | 257 -- proof-systems/src/gm17/verifier.rs | 77 - .../benches/bn382_gro16_test_circuits.rs | 269 -- .../src/groth16/benches/gro16_bench.rs | 236 - .../examples/recursive-snark/constraints.rs | 325 -- .../examples/recursive-snark/groth16.rs | 318 -- .../examples/snark-scalability/constraints.rs | 92 - .../examples/snark-scalability/groth16.rs | 169 - proof-systems/src/groth16/generator.rs | 322 -- proof-systems/src/groth16/mod.rs | 805 ---- proof-systems/src/groth16/prover.rs | 255 -- proof-systems/src/groth16/r1cs_to_qap.rs | 219 - proof-systems/src/groth16/test.rs | 169 - proof-systems/src/groth16/tests/mimc.rs | 256 -- proof-systems/src/groth16/verifier.rs | 52 - proof-systems/src/lib.rs | 6 - r1cs/gadgets/crypto/Cargo.toml | 2 - .../crypto/src/commitment/blake2s/mod.rs | 2 +- .../src/commitment/injective_map/mod.rs | 7 +- .../crypto/src/commitment/pedersen/mod.rs | 34 +- .../crypto/src/crh/bowe_hopwood/mod.rs | 33 +- .../crypto/src/crh/injective_map/mod.rs | 35 +- r1cs/gadgets/crypto/src/crh/pedersen/mod.rs | 32 +- r1cs/gadgets/crypto/src/crh/poseidon/bn382.rs | 21 - .../crypto/src/crh/poseidon/mnt4753.rs | 11 - .../crypto/src/crh/poseidon/mnt6753.rs | 11 - r1cs/gadgets/crypto/src/crh/poseidon/mod.rs | 15 - .../src/merkle_tree/field_based_mht/mod.rs | 30 +- r1cs/gadgets/crypto/src/merkle_tree/mod.rs | 370 +- r1cs/gadgets/crypto/src/nizk/gm17/mod.rs | 603 --- r1cs/gadgets/crypto/src/nizk/groth16/mod.rs | 747 --- r1cs/gadgets/crypto/src/nizk/mod.rs | 34 - r1cs/gadgets/crypto/src/prf/blake2s/mod.rs | 2 +- r1cs/gadgets/crypto/src/prf/ripemd160.rs | 2 +- r1cs/gadgets/crypto/src/prf/sha256.rs | 2 +- .../signature/schnorr/field_based_schnorr.rs | 188 +- .../crypto/src/signature/schnorr/mod.rs | 28 +- r1cs/gadgets/crypto/src/vrf/ecvrf/mod.rs | 210 +- r1cs/gadgets/std/src/groups/curves/mod.rs | 2 +- .../src/groups/curves/twisted_edwards/mod.rs | 1050 ++--- 105 files changed, 1674 insertions(+), 26293 deletions(-) delete mode 100644 primitives/src/crh/poseidon/parameters/bn382.rs delete mode 100644 primitives/src/crh/poseidon/parameters/bn382_dual.rs delete mode 100644 primitives/src/crh/poseidon/parameters/mnt4753.rs delete mode 100644 primitives/src/crh/poseidon/parameters/mnt6753.rs delete mode 100644 primitives/src/crh/poseidon/parameters/scripts/ParametersBN382.log delete mode 100644 primitives/src/crh/poseidon/parameters/scripts/ParametersBN382dual.log delete mode 100644 primitives/src/crh/poseidon/parameters/scripts/ParametersMNT4Fr.log delete mode 100644 primitives/src/crh/poseidon/parameters/scripts/ParametersMNT6Fr.log delete mode 100644 primitives/src/crh/poseidon/parameters/scripts/permutation_bn382.sage delete mode 100644 primitives/src/crh/poseidon/parameters/scripts/permutation_bn382dual.sage delete mode 100644 primitives/src/crh/poseidon/parameters/scripts/permutation_mnt4fr.sage delete mode 100644 primitives/src/crh/poseidon/parameters/scripts/permutation_mnt6fr.sage delete mode 100644 primitives/src/merkle_tree/field_based_mht/parameters/bn382.rs delete mode 100644 primitives/src/merkle_tree/field_based_mht/parameters/bn382_dual.rs delete mode 100644 primitives/src/merkle_tree/field_based_mht/parameters/mnt4753.rs delete mode 100644 primitives/src/merkle_tree/field_based_mht/parameters/mnt6753.rs delete mode 100644 proof-systems/src/gm17/examples/recursive-snark/constraints.rs delete mode 100644 proof-systems/src/gm17/examples/recursive-snark/gm17.rs delete mode 100644 proof-systems/src/gm17/examples/snark-scalability/constraints.rs delete mode 100644 proof-systems/src/gm17/examples/snark-scalability/gm17.rs delete mode 100644 proof-systems/src/gm17/generator.rs delete mode 100644 proof-systems/src/gm17/mod.rs delete mode 100644 proof-systems/src/gm17/prover.rs delete mode 100644 proof-systems/src/gm17/r1cs_to_sap.rs delete mode 100644 proof-systems/src/gm17/test.rs delete mode 100644 proof-systems/src/gm17/tests/mimc.rs delete mode 100644 proof-systems/src/gm17/verifier.rs delete mode 100644 proof-systems/src/groth16/benches/bn382_gro16_test_circuits.rs delete mode 100644 proof-systems/src/groth16/benches/gro16_bench.rs delete mode 100644 proof-systems/src/groth16/examples/recursive-snark/constraints.rs delete mode 100644 proof-systems/src/groth16/examples/recursive-snark/groth16.rs delete mode 100644 proof-systems/src/groth16/examples/snark-scalability/constraints.rs delete mode 100644 proof-systems/src/groth16/examples/snark-scalability/groth16.rs delete mode 100644 proof-systems/src/groth16/generator.rs delete mode 100644 proof-systems/src/groth16/mod.rs delete mode 100644 proof-systems/src/groth16/prover.rs delete mode 100644 proof-systems/src/groth16/r1cs_to_qap.rs delete mode 100644 proof-systems/src/groth16/test.rs delete mode 100644 proof-systems/src/groth16/tests/mimc.rs delete mode 100644 proof-systems/src/groth16/verifier.rs delete mode 100644 r1cs/gadgets/crypto/src/crh/poseidon/bn382.rs delete mode 100644 r1cs/gadgets/crypto/src/crh/poseidon/mnt4753.rs delete mode 100644 r1cs/gadgets/crypto/src/crh/poseidon/mnt6753.rs delete mode 100644 r1cs/gadgets/crypto/src/nizk/gm17/mod.rs delete mode 100644 r1cs/gadgets/crypto/src/nizk/groth16/mod.rs delete mode 100644 r1cs/gadgets/crypto/src/nizk/mod.rs diff --git a/Cargo.toml b/Cargo.toml index c8a9f33b0..ed37121ab 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -34,13 +34,14 @@ debug-assertions = true debug = true # Uncomment these lines for local development paths -# -# [patch.'https://github.com/HorizenOfficial/ginger-lib'] -# algebra = { path = './algebra' } -# r1cs-core = { path = "./r1cs/core" } - -#[patch.'https://github.com/HorizenLabs/marlin'] -#marlin = { path = '../marlin' } -# -#[patch.'https://github.com/HorizenLabs/poly-commit'] -#poly-commit = { path = '../poly-commit' } + +[patch.'https://github.com/HorizenOfficial/ginger-lib'] +algebra = { path = './algebra' } +r1cs-core = { path = "./r1cs/core" } +r1cs-std = { path = "./r1cs/gadgets/std" } + +[patch.'https://github.com/HorizenLabs/marlin'] +marlin = { path = '../marlin' } + +[patch.'https://github.com/HorizenLabs/poly-commit'] +poly-commit = { path = '../poly-commit' } diff --git a/algebra/src/curves/mod.rs b/algebra/src/curves/mod.rs index dc042fa14..68be90a00 100644 --- a/algebra/src/curves/mod.rs +++ b/algebra/src/curves/mod.rs @@ -4,6 +4,7 @@ use crate::{ fields::{Field, SquareRootField, PrimeField, BitIterator}, UniformRand, }; +use serde::{Deserialize, Serialize}; use std::{ fmt::Debug, convert::{TryFrom, TryInto}, @@ -26,6 +27,8 @@ pub use self::models::*; pub trait Curve: Group + Copy + + Serialize + + for<'a> Deserialize<'a> + UniformRand + From<::AffineRep> + TryInto<::AffineRep, Error = Error> @@ -60,8 +63,7 @@ pub trait Curve: // TODO: move to group trait? fn mul_bits>(&self, bits: BitIterator) -> Self; - // TODO: implement - // fn mul_bits_affine<'a, S: AsRef<[u64]>>(affine: &'a Self::AffineRep, bits: BitIterator) -> Self; + fn mul_bits_affine<'a, S: AsRef<[u64]>>(affine: &'a Self::AffineRep, bits: BitIterator) -> Self; fn scale_by_cofactor(&self) -> Self; diff --git a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs index 670b39571..29a15515f 100644 --- a/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs +++ b/algebra/src/curves/models/short_weierstrass_jacobian/mod.rs @@ -645,12 +645,15 @@ impl Curve for Jacobian

{ if self.is_zero() { return *self; } + Self::mul_bits_affine(&self.into_affine().unwrap(), bits) + } + + fn mul_bits_affine<'a, S: AsRef<[u64]>>(affine: &'a Self::AffineRep, bits: BitIterator) -> Self { let mut res = Self::zero(); - let self_affine = self.into_affine().unwrap(); for i in bits { res.double_in_place(); if i { - res.add_affine_assign(&self_affine); + res.add_affine_assign(&affine); } } res diff --git a/algebra/src/curves/models/short_weierstrass_projective/mod.rs b/algebra/src/curves/models/short_weierstrass_projective/mod.rs index 5f251aba3..255c815ff 100644 --- a/algebra/src/curves/models/short_weierstrass_projective/mod.rs +++ b/algebra/src/curves/models/short_weierstrass_projective/mod.rs @@ -552,12 +552,15 @@ impl Curve for Projective

{ if self.is_zero() { return *self; } + Self::mul_bits_affine(&self.into_affine().unwrap(), bits) + } + + fn mul_bits_affine<'a, S: AsRef<[u64]>>(affine: &'a Self::AffineRep, bits: BitIterator) -> Self { let mut res = Self::zero(); - let self_affine = self.into_affine().unwrap(); for i in bits { res.double_in_place(); if i { - res.add_affine_assign(&self_affine); + res.add_affine_assign(&affine); } } res diff --git a/algebra/src/curves/models/twisted_edwards_extended/mod.rs b/algebra/src/curves/models/twisted_edwards_extended/mod.rs index 865028e8c..77abb5473 100644 --- a/algebra/src/curves/models/twisted_edwards_extended/mod.rs +++ b/algebra/src/curves/models/twisted_edwards_extended/mod.rs @@ -513,12 +513,18 @@ impl Curve for TEExtended

{ /// are not possible. /// TODO: Add a side-channel secure variant. fn mul_bits>(&self, bits: BitIterator) -> Self { + if self.is_zero() { + return *self; + } + Self::mul_bits_affine(&self.into_affine().unwrap(), bits) + } + + fn mul_bits_affine<'a, S: AsRef<[u64]>>(affine: &'a Self::AffineRep, bits: BitIterator) -> Self { let mut res = Self::zero(); - let self_affine = self.into_affine().unwrap(); for i in bits { res.double_in_place(); if i { - res.add_affine_assign(&self_affine); + res.add_affine_assign(&affine); } } res diff --git a/algebra/src/groups/group_vec.rs b/algebra/src/groups/group_vec.rs index 3d027a0a0..cebc705fc 100644 --- a/algebra/src/groups/group_vec.rs +++ b/algebra/src/groups/group_vec.rs @@ -8,6 +8,7 @@ use std::{ ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign, Index}, io::{Read, Write, Error as IoError, ErrorKind, Result as IoResult}, fmt::{Display, Formatter, Result as FmtResult}, + vec::IntoIter, }; use core::slice::Iter; @@ -16,10 +17,14 @@ pub struct GroupVec (Vec); impl GroupVec { + pub fn new(items: Vec) -> Self { GroupVec(items) } + pub fn with_capacity(capacity: usize) -> Self { GroupVec(Vec::with_capacity(capacity)) } + pub fn get_vec(&self) -> Vec { self.0.clone() } + pub fn len(&self) -> usize { self.0.len() } @@ -31,6 +36,10 @@ impl GroupVec { pub fn iter(&self) -> Iter<'_, G> { self.0.iter() } + + pub fn into_iter(&self) -> IntoIter { + self.0.clone().into_iter() + } } impl Index for GroupVec { diff --git a/primitives/src/commitment/injective_map/mod.rs b/primitives/src/commitment/injective_map/mod.rs index 7edcadd06..a6b82b9b8 100644 --- a/primitives/src/commitment/injective_map/mod.rs +++ b/primitives/src/commitment/injective_map/mod.rs @@ -8,15 +8,17 @@ use super::{ }; pub use crate::crh::injective_map::InjectiveMap; -use algebra::groups::Group; +use algebra::{ + curves::Curve, +}; -pub struct PedersenCommCompressor, W: PedersenWindow> { +pub struct PedersenCommCompressor, W: PedersenWindow> { _group: PhantomData, _compressor: PhantomData, _comm: PedersenCommitment, } -impl, W: PedersenWindow> CommitmentScheme +impl, W: PedersenWindow> CommitmentScheme for PedersenCommCompressor { type Output = I::Output; diff --git a/primitives/src/commitment/pedersen/mod.rs b/primitives/src/commitment/pedersen/mod.rs index 66735f8bf..bed706885 100644 --- a/primitives/src/commitment/pedersen/mod.rs +++ b/primitives/src/commitment/pedersen/mod.rs @@ -1,6 +1,6 @@ use crate::{CryptoError, Error}; use algebra::{ - bytes::ToBytes, groups::Group, BitIterator, Field, FpParameters, PrimeField, ToConstraintField, + bytes::ToBytes, curves::Curve, BitIterator, Field, FpParameters, PrimeField, ToConstraintField, UniformRand, }; @@ -19,43 +19,43 @@ use crate::crh::{ use serde::{Deserialize, Serialize}; #[derive(Clone, Serialize, Deserialize)] -#[serde(bound(deserialize = "G: Group"))] -pub struct PedersenParameters { +#[serde(bound(deserialize = "G: Curve"))] +pub struct PedersenParameters { pub randomness_generator: Vec, pub generators: Vec>, } -pub struct PedersenCommitment { +pub struct PedersenCommitment { group: PhantomData, window: PhantomData, } #[derive(Derivative)] #[derivative( - Clone(bound = "G: Group"), - PartialEq(bound = "G: Group"), - Debug(bound = "G: Group"), - Eq(bound = "G: Group"), - Default(bound = "G: Group") + Clone(bound = "G: Curve"), + PartialEq(bound = "G: Curve"), + Debug(bound = "G: Curve"), + Eq(bound = "G: Curve"), + Default(bound = "G: Curve") )] #[derive(Serialize, Deserialize)] #[serde(transparent)] -pub struct PedersenRandomness(pub G::ScalarField); +pub struct PedersenRandomness(pub G::ScalarField); -impl UniformRand for PedersenRandomness { +impl UniformRand for PedersenRandomness { #[inline] fn rand(rng: &mut R) -> Self { PedersenRandomness(UniformRand::rand(rng)) } } -impl ToBytes for PedersenRandomness { +impl ToBytes for PedersenRandomness { fn write(&self, writer: W) -> IoResult<()> { self.0.write(writer) } } -impl CommitmentScheme for PedersenCommitment { +impl CommitmentScheme for PedersenCommitment { type Parameters = PedersenParameters; type Randomness = PedersenRandomness; type Output = G; @@ -138,7 +138,7 @@ impl CommitmentScheme for PedersenCommitment } } -impl> ToConstraintField +impl> ToConstraintField for PedersenParameters { #[inline] diff --git a/primitives/src/crh/bowe_hopwood/mod.rs b/primitives/src/crh/bowe_hopwood/mod.rs index 292ddef19..7b0aa1530 100644 --- a/primitives/src/crh/bowe_hopwood/mod.rs +++ b/primitives/src/crh/bowe_hopwood/mod.rs @@ -8,28 +8,29 @@ use std::{ use super::pedersen::{PedersenCRH, PedersenWindow}; use crate::crh::FixedLengthCRH; -use algebra::{biginteger::BigInteger, fields::PrimeField, groups::Group}; +use algebra::{biginteger::BigInteger, fields::PrimeField, curves::Curve}; use serde::{Deserialize, Serialize}; pub const CHUNK_SIZE: usize = 3; #[derive(Clone, Default, Serialize, Deserialize)] -#[serde(bound(deserialize = "G: Group"))] -pub struct BoweHopwoodPedersenParameters { +#[serde(bound(deserialize = "G: Curve"))] +pub struct BoweHopwoodPedersenParameters { pub generators: Vec>, } -pub struct BoweHopwoodPedersenCRH { +pub struct BoweHopwoodPedersenCRH { group: PhantomData, window: PhantomData, } -impl BoweHopwoodPedersenCRH { +impl BoweHopwoodPedersenCRH { pub fn create_generators(rng: &mut R) -> Vec> { let mut generators = Vec::new(); for _ in 0..W::NUM_WINDOWS { let mut generators_for_segment = Vec::new(); let mut base = G::rand(rng); + println!("{:?}", base); for _ in 0..W::WINDOW_SIZE { generators_for_segment.push(base); for _ in 0..4 { @@ -42,7 +43,7 @@ impl BoweHopwoodPedersenCRH { } } -impl FixedLengthCRH for BoweHopwoodPedersenCRH { +impl FixedLengthCRH for BoweHopwoodPedersenCRH { const INPUT_SIZE_BITS: usize = PedersenCRH::::INPUT_SIZE_BITS; type Output = G; type Parameters = BoweHopwoodPedersenParameters; @@ -51,9 +52,9 @@ impl FixedLengthCRH for BoweHopwoodPedersenCRH() -> usize { let upper_limit = F::modulus_minus_one_div_two(); let mut c = 0; - let mut range = F::BigInt::from(2_u64); + let mut range = F::BigInt::from(2u64); while range < upper_limit { - range.muln(4); + range.muln(2); c += 1; } @@ -155,7 +156,7 @@ impl FixedLengthCRH for BoweHopwoodPedersenCRH FixedLengthCRH for BoweHopwoodPedersenCRH Debug for BoweHopwoodPedersenParameters { +impl Debug for BoweHopwoodPedersenParameters { fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { write!(f, "Bowe-Hopwood Pedersen Hash Parameters {{\n")?; for (i, g) in self.generators.iter().enumerate() { @@ -184,7 +185,7 @@ impl Debug for BoweHopwoodPedersenParameters { } } -impl BoweHopwoodPedersenParameters { +impl BoweHopwoodPedersenParameters { pub fn check_consistency(&self) -> bool { for (i, p1) in self.generators.iter().enumerate() { if p1[0] == G::zero() { @@ -209,7 +210,7 @@ mod test { crh::{bowe_hopwood::BoweHopwoodPedersenCRH, pedersen::PedersenWindow}, FixedLengthCRH, }; - use algebra::curves::edwards_sw6::EdwardsProjective; + use algebra::curves::tweedle::dee::DeeJacobian; use rand::thread_rng; #[test] @@ -223,9 +224,9 @@ mod test { let rng = &mut thread_rng(); let params = - as FixedLengthCRH>::setup(rng) + as FixedLengthCRH>::setup(rng) .unwrap(); - as FixedLengthCRH>::evaluate( + as FixedLengthCRH>::evaluate( ¶ms, &[1, 2, 3], ) diff --git a/primitives/src/crh/injective_map/mod.rs b/primitives/src/crh/injective_map/mod.rs index aa350d277..7295837c9 100644 --- a/primitives/src/crh/injective_map/mod.rs +++ b/primitives/src/crh/injective_map/mod.rs @@ -9,26 +9,25 @@ use super::{ }; use algebra::{ curves::{ + Curve, models::{ModelParameters, TEModelParameters}, - twisted_edwards_extended::{GroupAffine as TEAffine, GroupProjective as TEProjective}, - ProjectiveCurve, + twisted_edwards_extended::TEExtended, }, - groups::Group, }; use serde::{Deserialize, Serialize}; -pub trait InjectiveMap { +pub trait InjectiveMap { type Output: ToBytes + Serialize + for<'a> Deserialize<'a> + Clone + Eq + Hash + Default + Debug; fn injective_map(ge: &G) -> Result; } pub struct TECompressor; -impl InjectiveMap> for TECompressor { +impl InjectiveMap> for TECompressor { type Output =

::BaseField; - fn injective_map(ge: &TEAffine

) -> Result { + fn injective_map(ge: &TEExtended

) -> Result { if !ge.is_in_correct_subgroup_assuming_on_curve() { return Err(CryptoError::InvalidElement(format!("{}", ge))); } @@ -36,25 +35,13 @@ impl InjectiveMap> for TECompressor { } } -impl InjectiveMap> for TECompressor { - type Output =

::BaseField; - - fn injective_map(ge: &TEProjective

) -> Result { - let ge = ge.into_affine(); - if !ge.is_in_correct_subgroup_assuming_on_curve() { - return Err(CryptoError::InvalidElement(format!("{}", ge))); - } - Ok(ge.x) - } -} - -pub struct PedersenCRHCompressor, W: PedersenWindow> { +pub struct PedersenCRHCompressor, W: PedersenWindow> { _group: PhantomData, _compressor: PhantomData, _crh: PedersenCRH, } -impl, W: PedersenWindow> FixedLengthCRH +impl, W: PedersenWindow> FixedLengthCRH for PedersenCRHCompressor { const INPUT_SIZE_BITS: usize = PedersenCRH::::INPUT_SIZE_BITS; diff --git a/primitives/src/crh/mod.rs b/primitives/src/crh/mod.rs index 7e2347225..db9b8dd8c 100644 --- a/primitives/src/crh/mod.rs +++ b/primitives/src/crh/mod.rs @@ -158,20 +158,20 @@ pub trait BatchFieldBasedHash { #[cfg(test)] mod test { - use algebra::{fields::mnt4753::Fr as MNT4753Fr, Field, UniformRand}; + use algebra::{Group, fields::tweedle::Fr as Fr, Field, UniformRand}; use super::BatchFieldBasedHash; - use crate::crh::poseidon::{MNT4BatchPoseidonHash, MNT4PoseidonHash}; + use crate::crh::poseidon::{TweedleFrBatchPoseidonHash, TweedleFrPoseidonHash}; use crate::{FieldBasedHash, FieldBasedHashParameters}; use rand::SeedableRng; use rand_xorshift::XorShiftRng; - struct DummyMNT4BatchPoseidonHash; + struct DummyTweedleFrBatchPoseidonHash; - impl BatchFieldBasedHash for DummyMNT4BatchPoseidonHash { - type Data = MNT4753Fr; - type BaseHash = MNT4PoseidonHash; + impl BatchFieldBasedHash for DummyTweedleFrBatchPoseidonHash { + type Data = Fr; + type BaseHash = TweedleFrPoseidonHash; } pub(crate) fn constant_length_field_based_hash_test( @@ -267,23 +267,23 @@ mod test { let mut rng = XorShiftRng::seed_from_u64(1231275789u64); for _ in 0..num_inputs { - inputs.push(MNT4753Fr::rand(&mut rng)) + inputs.push(Fr::rand(&mut rng)) } - let batch_hash_output = MNT4BatchPoseidonHash::batch_evaluate(inputs.as_slice()).unwrap(); + let batch_hash_output = TweedleFrBatchPoseidonHash::batch_evaluate(inputs.as_slice()).unwrap(); let dummy_batch_hash_output = - DummyMNT4BatchPoseidonHash::batch_evaluate(inputs.as_slice()).unwrap(); + DummyTweedleFrBatchPoseidonHash::batch_evaluate(inputs.as_slice()).unwrap(); assert_eq!(batch_hash_output, dummy_batch_hash_output); - let mut batch_hash_output_new = vec![MNT4753Fr::zero(); num_inputs / rate]; - let mut dummy_batch_hash_output_new = vec![MNT4753Fr::zero(); num_inputs / rate]; + let mut batch_hash_output_new = vec![Fr::zero(); num_inputs / rate]; + let mut dummy_batch_hash_output_new = vec![Fr::zero(); num_inputs / rate]; - MNT4BatchPoseidonHash::batch_evaluate_in_place( + TweedleFrBatchPoseidonHash::batch_evaluate_in_place( inputs.as_mut_slice(), batch_hash_output_new.as_mut_slice(), ) .unwrap(); - DummyMNT4BatchPoseidonHash::batch_evaluate_in_place( + DummyTweedleFrBatchPoseidonHash::batch_evaluate_in_place( inputs.as_mut_slice(), dummy_batch_hash_output_new.as_mut_slice(), ) diff --git a/primitives/src/crh/pedersen/mod.rs b/primitives/src/crh/pedersen/mod.rs index 5696a64e0..8758cfd6c 100644 --- a/primitives/src/crh/pedersen/mod.rs +++ b/primitives/src/crh/pedersen/mod.rs @@ -7,7 +7,7 @@ use std::{ }; use crate::crh::FixedLengthCRH; -use algebra::{groups::Group, Field, ToConstraintField}; +use algebra::{Field, Curve, ToConstraintField}; use serde::{Deserialize, Serialize}; pub trait PedersenWindow: Clone { @@ -16,17 +16,17 @@ pub trait PedersenWindow: Clone { } #[derive(Clone, Default, Serialize, Deserialize)] -#[serde(bound(deserialize = "G: Group"))] -pub struct PedersenParameters { +#[serde(bound(deserialize = "G: Curve"))] +pub struct PedersenParameters { pub generators: Vec>, } -pub struct PedersenCRH { +pub struct PedersenCRH { group: PhantomData, window: PhantomData, } -impl PedersenCRH { +impl PedersenCRH { pub fn create_generators(rng: &mut R) -> Vec> { let mut generators_powers = Vec::new(); for _ in 0..W::NUM_WINDOWS { @@ -46,7 +46,7 @@ impl PedersenCRH { } } -impl FixedLengthCRH for PedersenCRH { +impl FixedLengthCRH for PedersenCRH { const INPUT_SIZE_BITS: usize = W::WINDOW_SIZE * W::NUM_WINDOWS; type Output = G; type Parameters = PedersenParameters; @@ -123,7 +123,7 @@ impl FixedLengthCRH for PedersenCRH { } } -impl Debug for PedersenParameters { +impl Debug for PedersenParameters { fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult { write!(f, "Pedersen Hash Parameters {{\n")?; for (i, g) in self.generators.iter().enumerate() { @@ -133,7 +133,7 @@ impl Debug for PedersenParameters { } } -impl PedersenParameters { +impl PedersenParameters { pub fn check_consistency(&self) -> bool { for (i, p1) in self.generators.iter().enumerate() { if p1[0] == G::zero() { @@ -152,7 +152,7 @@ impl PedersenParameters { } } -impl> ToConstraintField +impl> ToConstraintField for PedersenParameters { #[inline] diff --git a/primitives/src/crh/poseidon/batched_crh.rs b/primitives/src/crh/poseidon/batched_crh.rs index a66845b58..35b00b5b3 100644 --- a/primitives/src/crh/poseidon/batched_crh.rs +++ b/primitives/src/crh/poseidon/batched_crh.rs @@ -213,494 +213,9 @@ where #[cfg(test)] mod test { use crate::{BatchFieldBasedHash, FieldBasedHash}; - use algebra::{Field, UniformRand}; + use algebra::{Group, UniformRand}; use rand::SeedableRng; use rand_xorshift::XorShiftRng; - use std::str::FromStr; - - #[cfg(feature = "mnt4_753")] - mod mnt4_753 { - use super::*; - use crate::{MNT4BatchPoseidonHash, MNT4PoseidonHash}; - use algebra::fields::mnt4753::Fr as MNT4753Fr; - - #[test] - fn test_batch_hash_mnt4() { - // the number of hashes to test - let num_hashes = 1000; - - // the vectors that store random input data - let mut input_serial = Vec::new(); - let mut input_batch = Vec::new(); - - // the random number generator to generate random input data - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - // we need the double of number of rounds because we have two inputs - for _ in 0..num_hashes { - let mut pair_elem = Vec::new(); - let elem1 = MNT4753Fr::rand(&mut rng); - let elem2 = MNT4753Fr::rand(&mut rng); - pair_elem.push(elem1.clone()); - pair_elem.push(elem2.clone()); - input_serial.push(pair_elem); - input_batch.push(elem1.clone()); - input_batch.push(elem2.clone()); - } - - // ============================================================================= - // Calculate Poseidon Hash for mnt4753 - let mut output_4753 = Vec::new(); - - input_serial.iter().for_each(|p| { - let mut digest = MNT4PoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { - digest.update(f); - }); - output_4753.push(digest.finalize().unwrap()); - }); - - // Calculate Poseidon Hash for mnt4753 batch evaluation - let output_vec = (MNT4BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - - // ============================================================================= - // Compare results - for i in 0..num_hashes { - assert_eq!( - output_4753[i], output_vec[i], - "Hash outputs, position {}, for MNT4 are not equal.", - i - ); - } - - // Check with one single hash - let single_output = MNT4PoseidonHash::init_constant_length(2, None) - .update(input_serial[0][0]) - .update(input_serial[0][1]) - .finalize() - .unwrap(); - let single_batch_output = MNT4BatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - - assert_eq!( - single_output, - single_batch_output.unwrap()[0], - "Single instance hash outputs are not equal for MNT4." - ); - } - - #[test] - fn test_batch_hash_mnt4_in_place() { - // the number of hashes to test - let num_hashes = 1000; - - // the vectors that store random input data - let mut input_batch = Vec::new(); - - // the random number generator to generate random input data - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - // we need the double of number of rounds because we have two inputs - for _ in 0..num_hashes { - input_batch.push(MNT4753Fr::rand(&mut rng)); - input_batch.push(MNT4753Fr::rand(&mut rng)); - } - - // Calculate Poseidon Hash for mnt4753 batch evaluation - let output_vec = (MNT4BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - - let mut output_vec_in_place = vec![MNT4753Fr::zero(); num_hashes]; - MNT4BatchPoseidonHash::batch_evaluate_in_place( - &mut input_batch[..], - &mut output_vec_in_place[..], - ) - .unwrap(); - - // ============================================================================= - // Compare results - for i in 0..num_hashes { - assert_eq!( - output_vec_in_place[i], output_vec[i], - "Hash outputs, position {}, for MNT6 are not equal.", - i - ); - } - } - - #[test] - #[should_panic] - fn test_batch_hash_mnt4_null_elem() { - let input_batch = Vec::new(); - let output_vec = (MNT4BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - println!("{:?}", output_vec); - } - - #[test] - #[should_panic] - fn test_batch_hash_mnt4_one_elem() { - let mut input_batch = Vec::new(); - input_batch.push(MNT4753Fr::from_str("1").unwrap()); - let output_vec = (MNT4BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - println!("{:?}", output_vec); - } - - #[test] - #[should_panic] - fn test_batch_hash_mnt4_three_elem() { - let mut input_batch = Vec::new(); - input_batch.push(MNT4753Fr::from_str("1").unwrap()); - input_batch.push(MNT4753Fr::from_str("2").unwrap()); - input_batch.push(MNT4753Fr::from_str("3").unwrap()); - let output_vec = (MNT4BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - println!("{:?}", output_vec); - } - } - - #[cfg(feature = "mnt6_753")] - mod mnt6_753 { - use super::*; - use crate::{MNT6BatchPoseidonHash, MNT6PoseidonHash}; - use algebra::fields::mnt6753::Fr as MNT6753Fr; - - #[test] - fn test_batch_hash_mnt6() { - // the number of hashes to test - let num_hashes = 1000; - - // the vectors that store random input data - let mut input_serial = Vec::new(); - let mut input_batch = Vec::new(); - - // the random number generator to generate random input data - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - // we need the double of number of rounds because we have two inputs - for _ in 0..num_hashes { - let mut pair_elem = Vec::new(); - let elem1 = MNT6753Fr::rand(&mut rng); - let elem2 = MNT6753Fr::rand(&mut rng); - pair_elem.push(elem1.clone()); - pair_elem.push(elem2.clone()); - input_serial.push(pair_elem); - input_batch.push(elem1.clone()); - input_batch.push(elem2.clone()); - } - - // ============================================================================= - // Calculate Poseidon Hash for mnt6753 - let mut output_6753 = Vec::new(); - - input_serial.iter().for_each(|p| { - let mut digest = MNT6PoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { - digest.update(f); - }); - output_6753.push(digest.finalize().unwrap()); - }); - - // Calculate Poseidon Hash for mnt4753 batch evaluation - let output_vec = (MNT6BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - - // ============================================================================= - // Compare results - for i in 0..num_hashes { - assert_eq!( - output_6753[i], output_vec[i], - "Hash outputs, position {}, for MNT6 are not equal.", - i - ); - } - - // Check with one single hash - let single_output = MNT6PoseidonHash::init_constant_length(2, None) - .update(input_serial[0][0]) - .update(input_serial[0][1]) - .finalize() - .unwrap(); - let single_batch_output = MNT6BatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - - assert_eq!( - single_output, - single_batch_output.unwrap()[0], - "Single instance hash outputs are not equal for MNT6." - ); - } - - #[test] - fn test_batch_hash_mnt6_in_place() { - // the number of hashes to test - let num_hashes = 1000; - - // the vectors that store random input data - let mut input_batch = Vec::new(); - - // the random number generator to generate random input data - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - // we need the double of number of rounds because we have two inputs - for _ in 0..num_hashes { - input_batch.push(MNT6753Fr::rand(&mut rng)); - input_batch.push(MNT6753Fr::rand(&mut rng)); - } - - // Calculate Poseidon Hash for mnt4753 batch evaluation - let output_vec = (MNT6BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - - let mut output_vec_in_place = vec![MNT6753Fr::zero(); num_hashes]; - MNT6BatchPoseidonHash::batch_evaluate_in_place( - &mut input_batch[..], - &mut output_vec_in_place[..], - ) - .unwrap(); - - // ============================================================================= - // Compare results - for i in 0..num_hashes { - assert_eq!( - output_vec_in_place[i], output_vec[i], - "Hash outputs, position {}, for MNT6 are not equal.", - i - ); - } - } - - #[test] - #[should_panic] - fn test_batch_hash_mnt6_null_elem() { - let input_batch = Vec::new(); - let output_vec = (MNT6BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - println!("{:?}", output_vec); - } - - #[test] - #[should_panic] - fn test_batch_hash_mnt6_one_elem() { - let mut input_batch = Vec::new(); - input_batch.push(MNT6753Fr::from_str("1").unwrap()); - let output_vec = (MNT6BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - println!("{:?}", output_vec); - } - - #[test] - #[should_panic] - fn test_batch_hash_mnt6_three_elem() { - let mut input_batch = Vec::new(); - input_batch.push(MNT6753Fr::from_str("1").unwrap()); - input_batch.push(MNT6753Fr::from_str("2").unwrap()); - input_batch.push(MNT6753Fr::from_str("3").unwrap()); - let output_vec = (MNT6BatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - println!("{:?}", output_vec); - } - } - - #[cfg(feature = "bn_382")] - mod bn_382 { - use super::*; - use crate::{ - BN382FqBatchPoseidonHash, BN382FqPoseidonHash, BN382FrBatchPoseidonHash, - BN382FrPoseidonHash, - }; - use algebra::fields::bn_382::{Fq as BN382Fq, Fr as BN382Fr}; - - #[test] - fn test_batch_hash_bn382fq() { - // the number of hashes to test - let num_hashes = 1000; - - // the vectors that store random input data - let mut input_serial = Vec::new(); - let mut input_batch = Vec::new(); - - // the random number generator to generate random input data - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - // we need the double of number of rounds because we have two inputs - for _ in 0..num_hashes { - let mut pair_elem = Vec::new(); - let elem1 = BN382Fq::rand(&mut rng); - let elem2 = BN382Fq::rand(&mut rng); - pair_elem.push(elem1.clone()); - pair_elem.push(elem2.clone()); - input_serial.push(pair_elem); - input_batch.push(elem1.clone()); - input_batch.push(elem2.clone()); - } - - // ============================================================================= - let mut output = Vec::new(); - - input_serial.iter().for_each(|p| { - let mut digest = BN382FqPoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { - digest.update(f); - }); - output.push(digest.finalize().unwrap()); - }); - - let output_vec = (BN382FqBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - - // ============================================================================= - // Compare results - for i in 0..num_hashes { - assert_eq!( - output[i], output_vec[i], - "Hash outputs, position {}, for BN382Fq are not equal.", - i - ); - } - - // Check with one single hash - let single_output = BN382FqPoseidonHash::init_constant_length(2, None) - .update(input_serial[0][0]) - .update(input_serial[0][1]) - .finalize() - .unwrap(); - let single_batch_output = BN382FqBatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - - assert_eq!( - single_output, - single_batch_output.unwrap()[0], - "Single instance hash outputs are not equal for BN382Fq." - ); - } - - #[test] - fn test_batch_hash_bn382fr() { - // the number of hashes to test - let num_hashes = 1000; - - // the vectors that store random input data - let mut input_serial = Vec::new(); - let mut input_batch = Vec::new(); - - // the random number generator to generate random input data - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - // we need the double of number of rounds because we have two inputs - for _ in 0..num_hashes { - let mut pair_elem = Vec::new(); - let elem1 = BN382Fr::rand(&mut rng); - let elem2 = BN382Fr::rand(&mut rng); - pair_elem.push(elem1.clone()); - pair_elem.push(elem2.clone()); - input_serial.push(pair_elem); - input_batch.push(elem1.clone()); - input_batch.push(elem2.clone()); - } - - // ============================================================================= - let mut output = Vec::new(); - - input_serial.iter().for_each(|p| { - let mut digest = BN382FrPoseidonHash::init_constant_length(2, None); - p.into_iter().for_each(|&f| { - digest.update(f); - }); - output.push(digest.finalize().unwrap()); - }); - - let output_vec = (BN382FrBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - - // ============================================================================= - // Compare results - for i in 0..num_hashes { - assert_eq!( - output[i], output_vec[i], - "Hash outputs, position {}, for BN382Fr are not equal.", - i - ); - } - - // Check with one single hash - let single_output = BN382FrPoseidonHash::init_constant_length(2, None) - .update(input_serial[0][0]) - .update(input_serial[0][1]) - .finalize() - .unwrap(); - let single_batch_output = BN382FrBatchPoseidonHash::batch_evaluate(&input_batch[0..2]); - - assert_eq!( - single_output, - single_batch_output.unwrap()[0], - "Single instance hash outputs are not equal for BN382Fr." - ); - } - - #[test] - fn test_batch_hash_bn382fq_in_place() { - // the number of hashes to test - let num_hashes = 1000; - - // the vectors that store random input data - let mut input_batch = Vec::new(); - - // the random number generator to generate random input data - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - // we need the double of number of rounds because we have two inputs - for _ in 0..num_hashes { - input_batch.push(BN382Fq::rand(&mut rng)); - input_batch.push(BN382Fq::rand(&mut rng)); - } - - // Calculate Poseidon Hash for mnt4753 batch evaluation - let output_vec = (BN382FqBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - - let mut output_vec_in_place = vec![BN382Fq::zero(); num_hashes]; - BN382FqBatchPoseidonHash::batch_evaluate_in_place( - &mut input_batch[..], - &mut output_vec_in_place[..], - ) - .unwrap(); - - // ============================================================================= - // Compare results - for i in 0..num_hashes { - assert_eq!( - output_vec_in_place[i], output_vec[i], - "Hash outputs, position {}, for BN382Fq are not equal.", - i - ); - } - } - - #[test] - fn test_batch_hash_bn382fr_in_place() { - // the number of hashes to test - let num_hashes = 1000; - - // the vectors that store random input data - let mut input_batch = Vec::new(); - - // the random number generator to generate random input data - let mut rng = XorShiftRng::seed_from_u64(1231275789u64); - - // we need the double of number of rounds because we have two inputs - for _ in 0..num_hashes { - input_batch.push(BN382Fr::rand(&mut rng)); - input_batch.push(BN382Fr::rand(&mut rng)); - } - - // Calculate Poseidon Hash for mnt4753 batch evaluation - let output_vec = (BN382FrBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); - - let mut output_vec_in_place = vec![BN382Fr::zero(); num_hashes]; - BN382FrBatchPoseidonHash::batch_evaluate_in_place( - &mut input_batch[..], - &mut output_vec_in_place[..], - ) - .unwrap(); - - // ============================================================================= - // Compare results - for i in 0..num_hashes { - assert_eq!( - output_vec_in_place[i], output_vec[i], - "Hash outputs, position {}, for BN382Fr are not equal.", - i - ); - } - } - } #[cfg(feature = "tweedle")] mod tweedle { @@ -854,7 +369,7 @@ mod test { input_batch.push(TweedleFq::rand(&mut rng)); } - // Calculate Poseidon Hash for mnt4753 batch evaluation + // Calculate Poseidon Hash for tweedle Fq batch evaluation let output_vec = (TweedleFqBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); let mut output_vec_in_place = vec![TweedleFq::zero(); num_hashes]; @@ -892,7 +407,7 @@ mod test { input_batch.push(TweedleFr::rand(&mut rng)); } - // Calculate Poseidon Hash for mnt4753 batch evaluation + // Calculate Poseidon Hash for tweedle Fr batch evaluation let output_vec = (TweedleFrBatchPoseidonHash::batch_evaluate(&input_batch)).unwrap(); let mut output_vec_in_place = vec![TweedleFr::zero(); num_hashes]; diff --git a/primitives/src/crh/poseidon/mod.rs b/primitives/src/crh/poseidon/mod.rs index de92bc4bb..1aad09da3 100644 --- a/primitives/src/crh/poseidon/mod.rs +++ b/primitives/src/crh/poseidon/mod.rs @@ -1,7 +1,7 @@ extern crate rand; extern crate rayon; -use algebra::{Field, PrimeField}; +use algebra::{Group, PrimeField}; use std::{marker::PhantomData, ops::Mul}; @@ -300,7 +300,7 @@ mod test { FieldBasedHash, SBox, }; use crate::{FieldBasedHashParameters, PoseidonHash, PoseidonParameters}; - use algebra::{Field, PrimeField}; + use algebra::{Group, PrimeField}; fn generate_inputs(num: usize) -> Vec { let mut inputs = Vec::with_capacity(num); @@ -362,1362 +362,6 @@ mod test { } } - #[cfg(feature = "mnt4_753")] - #[test] - fn test_poseidon_hash_mnt4() { - use crate::crh::poseidon::parameters::mnt4753::{ - MNT4753PoseidonParameters, MNT4InversePoseidonSBox, MNT4PoseidonHash, - }; - use algebra::{biginteger::BigInteger768, fields::mnt4753::Fr as MNT4753Fr}; - - // Test vectors are computed via the script in ./parameters/scripts/permutation_mnt4fr.sage - let start_states = vec![ - vec![MNT4753Fr::zero(); 3], - vec![ - MNT4753Fr::new(BigInteger768([ - 0xf770348fbe4e29b6, - 0xfefd6b30dfb52494, - 0xec61827e5cf9425, - 0xc6288db72079112c, - 0xd70e11f75c351bac, - 0x2e4657caf8648c8e, - 0x7f9f3a94358aa2f7, - 0xee7f886bb42e8eab, - 0xe5ae5d4ec1b0796f, - 0xd056464cb38777c6, - 0xf3d7cd676c74ae38, - 0x120d49a741c34, - ])), - MNT4753Fr::new(BigInteger768([ - 0x96de60f9741f78b7, - 0xa98cc9495bb4615e, - 0xc4b3aeadfd321c2c, - 0x40e4b75eb8fe1116, - 0x1396ee290297e819, - 0x9762744e4cfded19, - 0xbedcef99b43ee15a, - 0x8b84865c31d378a0, - 0xf5468754aa4a4c4e, - 0xfd715c8245c2e124, - 0x31cb5bb04a339986, - 0xdaf306180aed, - ])), - MNT4753Fr::new(BigInteger768([ - 0x7e874134d509e406, - 0x729d013268020212, - 0x8b362dd530097799, - 0xae5054da3ad04250, - 0xe2e7413bd0fcbe5f, - 0xad08673f2f925bee, - 0xfb93f0ee8900d97e, - 0x2c1d037343b00151, - 0xd3dac3f2b1139f55, - 0x154e788ae1aca4cc, - 0x663269814fb52d57, - 0x676d9c4d8329, - ])), - ], - vec![ - MNT4753Fr::new(BigInteger768([ - 0xa26b0bc72724d615, - 0x729202dca25403d4, - 0x1b2ff6dc78c46b5e, - 0xed529329c88557ec, - 0xa7264c3cd1f1ca2d, - 0xa9f0e2b1e57c800f, - 0x2322b96082d360ec, - 0x138d00037c082f1c, - 0x6c25792c21edce0a, - 0x75723fc00d8d1bc3, - 0xf60868fea31de240, - 0x14e224d41e354, - ])), - MNT4753Fr::new(BigInteger768([ - 0x21c229d68cde6f3f, - 0xf96b852ba3677e55, - 0x815b51e9b5e329c2, - 0xedec4ec2b77a9d36, - 0x44e0217411a0dea9, - 0x724a35de8cbd3141, - 0x8008cb5f0106c484, - 0x921855777c1c9cd3, - 0xd87d5b5babb7c9ab, - 0x603fc082a06ed8c4, - 0xe589b5a1adea946e, - 0x129d1f84a0c66, - ])), - MNT4753Fr::new(BigInteger768([ - 0x80794339ccdf973f, - 0x8f537759fc1b1aca, - 0x7997a170b362d649, - 0x7b1cddf6db6ca199, - 0x6b25316a81753330, - 0xa143d6d50bd07ebf, - 0x4d65e4fd6f8587d6, - 0x572c858cf606bd90, - 0x245465ba33e044b1, - 0x86f9aaa423b9390, - 0x8ee2bbed6bda13a6, - 0x7fa83fcd7a59, - ])), - ], - vec![ - MNT4753Fr::new(BigInteger768([ - 0x275345cd3949fba9, - 0xaa492ccf37b80d9, - 0xdd9c6b17371c879a, - 0x846303d5b851d739, - 0x8d2b1b900c8c2227, - 0x780824b721514171, - 0xe08b4ffffb8a4f71, - 0xc69a0eb1b3f3ad, - 0x409578a5de88b1df, - 0xef2b552006465afb, - 0x2539560ecdf8147, - 0x134fe3e183dcd, - ])), - MNT4753Fr::new(BigInteger768([ - 0xf7f3c59f70e5b72a, - 0xec1ae7ed077f2d99, - 0xbbf075b432e1a2d8, - 0xf32012c620b8cd09, - 0x81e964a2687b8654, - 0x43082373cc23c4f6, - 0x494428fd5d2b9d5, - 0xed89d49a5f32ca1a, - 0x8d2c7f6937d4bc08, - 0x8aa8316d21567c0c, - 0x5e2c9cde56f4c802, - 0x6422f65bc889, - ])), - MNT4753Fr::new(BigInteger768([ - 0x44238a7e541cdf0, - 0xc09a1bda2e310a6d, - 0xef2001005bbaf873, - 0x1fd97ee19fea97eb, - 0xce43458dee7839cd, - 0x735d8cff80565348, - 0xca740dd90f883e06, - 0x8825f23c63c39a44, - 0xe80c50eb3548e408, - 0xddc815aae7e6a432, - 0x519048208b84f07f, - 0x50d352305dca, - ])), - ], - vec![ - MNT4753Fr::new(BigInteger768([ - 0x911b5559a3eeb52d, - 0x482afb0b1b566e49, - 0x3983c4efc4fb37da, - 0x3288b81e77372d01, - 0xc69bd18751793c34, - 0x103f732ca150f840, - 0xbe72b866f7fd8512, - 0x19f4e9f908c9d1bf, - 0xb7976427cfc0fe4e, - 0xc9f43b7c2ad54601, - 0x3f2eb373787a291, - 0x9d3dd62a7475, - ])), - MNT4753Fr::new(BigInteger768([ - 0x799693496d2180d4, - 0x9c8364f338a500b7, - 0x37a57ca5674e1252, - 0x2c19b0502325bead, - 0x32b30a126f41f5ac, - 0x8bcd51ff52cedf29, - 0x9e04cb66d8d16160, - 0x59e8aaadbc99fab6, - 0xbd046f342e99d386, - 0x4488dd3ce29590aa, - 0xdcc2bb0149b02eaa, - 0x1543d162aa244, - ])), - MNT4753Fr::new(BigInteger768([ - 0xbb41e5acd82643f9, - 0x4042aec0d83f7624, - 0x2c14ed2f563bb21e, - 0x9cee7ec494eb57e9, - 0x41eec6c2b0056ac2, - 0xd1ea7cfa30f223ef, - 0xf148c377c2fba415, - 0xb3b56ee96972c9cb, - 0x82c3e44086911217, - 0x9ef750feb5842cc6, - 0x9f33c28feb810dc0, - 0x727b9f80e6df, - ])), - ], - ]; - - let end_states = vec![ - vec![ - MNT4753Fr::new(BigInteger768([ - 0x4f54c026da6ed8f0, - 0x12700bf5ad94f6c9, - 0x23a3fa62e9c042c1, - 0x2394c785581c75e7, - 0x839626f16bd60d08, - 0xb29828eef68c9bd4, - 0xd1479004b0f71d2, - 0x9d1a0dffdd1e7b00, - 0x9f1df2af9215e68c, - 0xc562186972253d2e, - 0xf6b8c66a6f3999b0, - 0xa040e4e0ff92, - ])), - MNT4753Fr::new(BigInteger768([ - 0xb0258a782c08064, - 0x6a04841f8be4990a, - 0xda027778a67d713b, - 0xb88be63be3cac9b4, - 0xde929c2510a321e5, - 0xc0d9dd704886213e, - 0xfbe0efc728d44f11, - 0x77c8d6422b5eb368, - 0x2827d5af4fe0fbad, - 0xb90c8793bc2a9d21, - 0xf9ce1fdde5140214, - 0x15a64a6345311, - ])), - MNT4753Fr::new(BigInteger768([ - 0xde9731dd4ad29db3, - 0x86caaccf88b402a1, - 0xe5e77eee08fca8a2, - 0x1dd9e752e50aad07, - 0x2d0f73cfb9508a83, - 0xb2b6ab08f14d96eb, - 0x224833c17d87490d, - 0x4e7d2e13141aaa55, - 0x1796b61e1cc3563, - 0xdbeb6f5ed60179f, - 0xb0633f07c680eda2, - 0x601b999b7143, - ])), - ], - vec![ - MNT4753Fr::new(BigInteger768([ - 0xe749d7517ebe099b, - 0xc6abeacc602cf0bf, - 0x958f4b91f3c3b22d, - 0x9a295b36c4a6ea9e, - 0xd3925085d5ae2179, - 0xf23a8b4284968652, - 0x8018232a8a8fd30b, - 0x34533842150d4c6a, - 0xf0531c8f2f4a3dd4, - 0xeaab2b7956c6e7cb, - 0x9fc2b52eb516b457, - 0x7e2c759defce, - ])), - MNT4753Fr::new(BigInteger768([ - 0xfc5dab1dedb49656, - 0x78deb85913893c98, - 0x6088942fdbff357e, - 0xb3c15f514de46072, - 0x5dc205c3ccd4df39, - 0x591d9320bec689a6, - 0x99a7765caae47a86, - 0x2fcfe60a560fa3ed, - 0x43e2f302b5852456, - 0x5b4087eaa01f39c6, - 0xcc7db3f671985b7d, - 0x1272366ae322b, - ])), - MNT4753Fr::new(BigInteger768([ - 0xc23a10d72a73058e, - 0x7125f89599d62e8e, - 0x944ffd3948d3b453, - 0xc1513ee7ef29c1d2, - 0xdf1ddf8a25a2233, - 0x193c0cac56b49055, - 0xcb23ffde25ea2bd6, - 0x6d4a4ad2f3e415af, - 0x7da1b50b3731057, - 0x30f2f41a6746bd09, - 0x2a3cfda1f9885424, - 0xe6f1af34a223, - ])), - ], - vec![ - MNT4753Fr::new(BigInteger768([ - 0xbfcb18d74e65c563, - 0x722359395bfeb077, - 0xb8e0b7abddb9a694, - 0xc830a386c2854b6b, - 0x53d7c0704e145ce, - 0xbe91d2a17d6f8874, - 0x2b49e38e1b99292a, - 0xc7e2cb48c2be1151, - 0xa5e54b3a714aad54, - 0xf634e385fe3d9b90, - 0x66f9a11a59535867, - 0x1425351d064a2, - ])), - MNT4753Fr::new(BigInteger768([ - 0x4a28ff3c4fecbb8d, - 0x60a639f0a2a002d9, - 0x5149d27ed99128c1, - 0x6dacfe4ce235b503, - 0xf21ef2fe6f344e69, - 0xbac70a5d64a033de, - 0x54f1cb89e291c8e6, - 0x2548230a2b8eeb67, - 0x763440a89ffdc8de, - 0x3ac6435a7c2b7922, - 0xacb97881f998663d, - 0x8ae31b1e760f, - ])), - MNT4753Fr::new(BigInteger768([ - 0x9dfe82b5a7baefa5, - 0x14bff3144e3c4f00, - 0xcbb47c1db66e74c4, - 0x8c3d330245b24464, - 0x3be7110fcc0f2674, - 0xb4a9281c6d349356, - 0xa4894a010cef488c, - 0x2abe0a21b8a83ca7, - 0xf9e9d807e418b54, - 0x439e4046be879838, - 0x3204e13287f737d5, - 0x3098a5738444, - ])), - ], - vec![ - MNT4753Fr::new(BigInteger768([ - 0x470bac44ae262597, - 0x37c75eb3f00758fb, - 0xae77bbd563b5fac6, - 0xa22469cb36563eb5, - 0x4db9a5ea229af500, - 0xf6848cf2a64ad4a5, - 0x3a4611a0ed9e6243, - 0xf63fb5b6489325dd, - 0x1a9c90dd1544863f, - 0xdab1cb220fdf73d4, - 0xb9ec40309591932b, - 0x141777a73c602, - ])), - MNT4753Fr::new(BigInteger768([ - 0xedab7a7bd3a0061b, - 0x32d0ba278e569bec, - 0x83a9e0f317060812, - 0x29acd35e4d33cdb6, - 0x3f13496b623a9cde, - 0xa565606e05e4a5d, - 0xba87579c189af741, - 0x45bcb5fbad648a4e, - 0x32e8658135401638, - 0xbc853abb54e732b5, - 0xc37855ec443e12d3, - 0x1ad1ff8f54ad6, - ])), - MNT4753Fr::new(BigInteger768([ - 0xaba94817dccf0311, - 0x601cdff2f1e54d9e, - 0x6a0d8ab8a097a5b6, - 0x51d8c83d12239512, - 0x92f9ef537fc921e8, - 0x688b9fe86605c3ae, - 0x250ebdd755ad043c, - 0x29d412ee38a1e765, - 0xb31f5447678264b4, - 0x7d053f0ea44d854b, - 0x5d83d881795db690, - 0x397b9db5b588, - ])), - ], - vec![ - MNT4753Fr::new(BigInteger768([ - 0xf0afca787979dcae, - 0x42fbae09a94724f3, - 0xce13b6f47a98712e, - 0x68faa457e317c516, - 0x7f77afa6123189da, - 0xf24b93d153626436, - 0xa40c88d389b68cfd, - 0x9b032ff8170c5c10, - 0xb90fa1c19b5affe3, - 0xc6cb43fb1342f46b, - 0x73a8195215425b8a, - 0x16cfda5a32fef, - ])), - MNT4753Fr::new(BigInteger768([ - 0xd864f5bc7dbdbe12, - 0xd316f0a8460332b6, - 0xada86ced0ff99e99, - 0x80860702b69fbf79, - 0xe4a85e8c6fe21f02, - 0xdc253a82c99e4359, - 0x538ca29cb25f1740, - 0xb4b3b0c1728477d2, - 0x2ae092fa5a67319a, - 0xf11e69b6ea6e795b, - 0xbd153a2d52cd7fe1, - 0x172ce347450d4, - ])), - MNT4753Fr::new(BigInteger768([ - 0x16d7536835c3972f, - 0x6e1897915f2ecc3e, - 0xa12771652da6c8b8, - 0xaf97a5aaa35b7313, - 0xae2a361cddc23c31, - 0xefc41bde8666d6dc, - 0x6cdd6c01057a661, - 0x7235dca1f39f8bc6, - 0x6332b45ab259d, - 0x851fb01167d8a74a, - 0x1c840faa9ad5c9b7, - 0xfe4f5c82b740, - ])), - ], - ]; - - poseidon_permutation_regression_test::< - MNT4753Fr, - MNT4753PoseidonParameters, - MNT4InversePoseidonSBox, - >(start_states, end_states); - test_routine::(3) - } - - #[cfg(feature = "mnt6_753")] - #[test] - fn test_poseidon_hash_mnt6() { - use crate::crh::poseidon::parameters::mnt6753::{ - MNT6753PoseidonParameters, MNT6InversePoseidonSBox, MNT6PoseidonHash, - }; - use algebra::{biginteger::BigInteger768, fields::mnt6753::Fr as MNT6753Fr}; - - // Test vectors are computed via the script in ./parameters/scripts/permutation_mnt6fr.sage - let start_states = vec![ - vec![MNT6753Fr::zero(); 3], - vec![ - MNT6753Fr::new(BigInteger768([ - 0x2045f548c283a386, - 0x9f90d7b623ef9965, - 0x634e1e0bcd6ce5f1, - 0xed09fb1cd92e2f48, - 0xa4b92193ab3a4c, - 0xc38d823f5e556d81, - 0x93e8a09384f1d5f0, - 0xa463757a137a2127, - 0xc948555766dabe44, - 0x3246e78f29a70bfe, - 0x21ebc006f85e213, - 0x18c2c2170055e, - ])), - MNT6753Fr::new(BigInteger768([ - 0x5abb4a33f5026781, - 0xa3510b40fb1bd1e7, - 0xce8ae77f3e0e9a1d, - 0xd1375569096b196a, - 0x107156721a5241bd, - 0x82b75d6eb65ccdc, - 0x9f6a6933bbe7d8ad, - 0x9335a61a85fe8998, - 0x5179ec766656404c, - 0x8052414d46077e77, - 0xb77841abce4c69c, - 0x10e71d39ef7ee, - ])), - MNT6753Fr::new(BigInteger768([ - 0xf76a1c08fa236882, - 0x25e1b757eb33ed43, - 0x1f63d4997a13c8b1, - 0xe23eae7ea2605b4b, - 0xe8c20feb190f9dd, - 0xa63856368a5c24f9, - 0x114eaf0c94cc670b, - 0xe858d17f6da22272, - 0x9b5443cadda8156a, - 0xfe92bd2a3eefc8b3, - 0x2c8a4defc4a4ff9, - 0x19cc15d056674, - ])), - ], - vec![ - MNT6753Fr::new(BigInteger768([ - 0x1b940903c57e8e7f, - 0xbd38cde2e8e16008, - 0xe18d1abcfe05990a, - 0x8e86b1ca3a0ee1f5, - 0x33a31929417f05f9, - 0x170be227265f62bd, - 0x29e22c2b9864352a, - 0x901db3c41b27245e, - 0xc3bc6e6cfce69e3c, - 0x498f01eea65c0215, - 0xbf86a87e3005b3db, - 0x90f488bd8e09, - ])), - MNT6753Fr::new(BigInteger768([ - 0xb2d9ad48cbb812ba, - 0xc53cb754a7a02d89, - 0x89f52c6630ad8f86, - 0xe623c68f3610652f, - 0x198f83682c814e5d, - 0xfb78854e850e95fb, - 0x46e398cb56c27f78, - 0x81e60dab3991f035, - 0x3babbc1fe35f4f30, - 0x8056c683be44ffab, - 0x167af8aceb070f00, - 0x1a2572baaf46d, - ])), - MNT6753Fr::new(BigInteger768([ - 0x6242acf3bfbe2c6e, - 0x7afcb4878b2fcab1, - 0xccdee01e7839e6ff, - 0x8ebef555a3fcaeb9, - 0xa627b970cb4d56d2, - 0xb672bd365dab0d61, - 0x71f74eef13dab0fd, - 0x5a138a0bd718f4c3, - 0x7d08a2cf2ef0747c, - 0x8a0cdeefcdfded66, - 0xfe18f6573bbabadb, - 0x12c02029e0030, - ])), - ], - vec![ - MNT6753Fr::new(BigInteger768([ - 0xf2ca60b5bb454d9f, - 0xb4ae3ba59e4a711, - 0x62154368b888061c, - 0x6214f711b35b4f9, - 0x5dd4d44dc9d4f0ad, - 0x4304e1c271f64602, - 0x80d4e3b0e1025ae3, - 0x5316732d6accc44d, - 0x24fc5d7d7bba464e, - 0x12d10c9485d208a1, - 0xca6df371c62a8872, - 0x86ce9f608bae, - ])), - MNT6753Fr::new(BigInteger768([ - 0xcdf0f7492613b504, - 0x455faa0e541fa1e6, - 0xb77242df6b8a68be, - 0x3b5435160d723cb6, - 0x77b8914a813586bf, - 0xc17dabd68e491d26, - 0xa85720ce2231af9d, - 0xd19e81cea5d64c41, - 0x56c90bfdb43ce182, - 0x9ff4ff3aba6a9a01, - 0x8875906afee26342, - 0x16a993a8df862, - ])), - MNT6753Fr::new(BigInteger768([ - 0xad98e2452d8be558, - 0xed19ce15ee0069d3, - 0xf889b49a8ad1016e, - 0x42760a3cbfb291b7, - 0x3d94e422b333dc5d, - 0xc27cbbac2884c097, - 0x851fd495c84543e9, - 0xf9b100c34675f211, - 0x11eae122f8ff1706, - 0xf3eecc4f60743020, - 0x38fc6ca1e5d1b4a7, - 0xffa8124e7034, - ])), - ], - vec![ - MNT6753Fr::new(BigInteger768([ - 0x376743561f755f41, - 0xf0a8830457e9879b, - 0xa134b300b8f2d67b, - 0x1806324852aa9feb, - 0xdb98705dbf283859, - 0x565bca638d85ee57, - 0x1c6b6fe1fe752b0, - 0xd9eb23176d5d6110, - 0x5c5e86b5774422e2, - 0xd6fdf4c92ea236a1, - 0xeb2a915f44b72fa3, - 0x195c5f80dbf29, - ])), - MNT6753Fr::new(BigInteger768([ - 0x4c674244dfb68ecc, - 0x24a104856852ac3f, - 0x83e10d6c10dd3f4f, - 0xe99fe1f0d8553d3c, - 0x2d371b923253d5c0, - 0x14594932de89a19e, - 0xfd4589d2f8e53f17, - 0xe2ba2c7b929a53b3, - 0x3891f35b974a36ec, - 0xf17f8749ca140c09, - 0x6be74c21301f7c9e, - 0x13de4e1311a04, - ])), - MNT6753Fr::new(BigInteger768([ - 0xc366ce203caca4b0, - 0xe1d195b5bf3af54e, - 0x24b93c34bd0043ee, - 0x91559c070b29c53a, - 0xe866e46830168ff8, - 0xaeeda2129518cab7, - 0x37f8bb28ae15d7f3, - 0x5811fb22acd02c55, - 0xce7d805057f58acc, - 0x3a80df0b2af5f4fd, - 0x4dc7c29c8f6bed72, - 0xe511723afdb9, - ])), - ], - ]; - - let end_states = vec![ - vec![ - MNT6753Fr::new(BigInteger768([ - 0xef99f18ca1164fb0, - 0x1bf161755d689806, - 0x83ee017c500c6964, - 0x8abab822f92200c0, - 0x4b64884b9cc7eef9, - 0x53d4a2f13e17017c, - 0x551b8da2668dad8a, - 0x9939a48a0191c96c, - 0x2e1d80ef403671a0, - 0xb037bb60fbeb0212, - 0x6a22eba60581eb12, - 0x6ec196c9026d, - ])), - MNT6753Fr::new(BigInteger768([ - 0x18c4207483ba0f2f, - 0x6c50abc8aca74de3, - 0x7c1acfd6686351c, - 0xf367937c1356e91f, - 0xcdbf0447592ec1, - 0xe13763baac982387, - 0x2e1f904290e7045f, - 0xb6ffbcccd73c1092, - 0xfae22550de44cf2c, - 0x14c26231e52c7eae, - 0x471836049049f3b7, - 0xdc46826797ae, - ])), - MNT6753Fr::new(BigInteger768([ - 0x2ee4a96e4cda5f6f, - 0x7442a7b7f51fdbfc, - 0x23d03839ab7d811, - 0x1f873a8c0ddfd7a4, - 0x872f14e24612551a, - 0xd43181c852d5f78b, - 0xb2ff35a74130d2cd, - 0xd64aaa80f389157, - 0xb954953b8d35d74, - 0x37aba7a7212e96c, - 0xcce2fff62e11a3d4, - 0xfb3f9157120d, - ])), - ], - vec![ - MNT6753Fr::new(BigInteger768([ - 0x626e4d0e6e3e1936, - 0x7c99da459f8385d0, - 0xbd84a2fb934889a6, - 0xff40b1979118e180, - 0x76cb8b37a32cce54, - 0x6c389f3f88157389, - 0xb9f0135ec3d92cc2, - 0xfd6a928e603a79be, - 0x5472af35b978d0a6, - 0x109995c9831f98c2, - 0x976c556bfe34da5a, - 0xf838693b701, - ])), - MNT6753Fr::new(BigInteger768([ - 0x58fb485fd781fcc6, - 0xd92a60427ce67147, - 0x2cca412943d39ade, - 0xc55d3362bac1743, - 0xcb8dcfa4ae0fcda1, - 0x25bde06b8f99facd, - 0x2d30b30add5faa3e, - 0xbe0ebdda1ba7458d, - 0x296f6010c1db1c7b, - 0x506364ec0031a00e, - 0x24c13847d3fe6ab7, - 0xea0c23423f1a, - ])), - MNT6753Fr::new(BigInteger768([ - 0xc36816e6dafa2f57, - 0x554255a6e34a34d4, - 0x29f17ff72b3c5695, - 0xae97815a3cc05077, - 0x64a0824e4b9b1aae, - 0x267cf597a9a556ef, - 0x8d8c67fc33757cbc, - 0xad2db4d1a3c73012, - 0xf3fcee4d169de439, - 0xfc4632cd5cb31baf, - 0xe1420a2c4e68de6, - 0x1bd34ad51cd02, - ])), - ], - vec![ - MNT6753Fr::new(BigInteger768([ - 0x160dacef01b59531, - 0x313dd55066586bd8, - 0xdcc16189ec00c953, - 0xcc44967095828982, - 0x1066ee6f582ba5ea, - 0x3d879be40c078337, - 0xb9cb0ef83e1b4a51, - 0xc9b91de1e758c41, - 0xe578ceb8440e2bb8, - 0x3d6f2d210d4278df, - 0x2bab83b243a3335a, - 0x1afd20a9dbdc7, - ])), - MNT6753Fr::new(BigInteger768([ - 0x3a7ee60628dc201d, - 0xae1dcd081da757a, - 0xde1625ce6e93bc19, - 0xfb1a64dd14c0ae77, - 0x1bb5eba30eb2f202, - 0xdf064e762ce2f903, - 0x9abc764fb4c55d03, - 0x6db04d43d811c05d, - 0x87d85ec650763745, - 0x1bdcd095b0e1ada2, - 0x8681985565baa005, - 0x154d78a914323, - ])), - MNT6753Fr::new(BigInteger768([ - 0x101437542e4c39d4, - 0xcbdcf8d57d75fdd2, - 0x40996ed826c3b401, - 0xe492943442e0833b, - 0xf088ed10c7619f8c, - 0xb8e27256e0a69172, - 0x7112494180a5924, - 0x58d0e045a50972e9, - 0x4285049c582ed300, - 0xba0daceb8ab6d3c0, - 0x5ebb479b97c4c24d, - 0x820fdfe15d33, - ])), - ], - vec![ - MNT6753Fr::new(BigInteger768([ - 0x645f79445d3423f1, - 0x699de15f996c470c, - 0x3740c3b7e7818751, - 0xac5c029dba988fd2, - 0x7342c873ecef9aee, - 0x4ff8cedd8fa15877, - 0xa9f8d05cc0c37cdb, - 0x6342d403e9995fcc, - 0xcd1206bec9b26855, - 0x9c7d8a00045eb24d, - 0x9c63e4f9f6757a65, - 0x1b358d82afeb4, - ])), - MNT6753Fr::new(BigInteger768([ - 0x5c47dc04494f4bd2, - 0x9c673cd9289d41af, - 0x162259acba9d8d18, - 0x62cad4f296328097, - 0x8aaf9e1700b7c75d, - 0x55e78bf0544350b2, - 0x4f68ebcc4892c902, - 0xdab2889f96fa7b5b, - 0x2a03de10d75b9f18, - 0x1ea1e16fc08e4df6, - 0x6acecbff7d2f538, - 0x9435d0a83b56, - ])), - MNT6753Fr::new(BigInteger768([ - 0x57c48852f8169d69, - 0x770318c8f24e3ac0, - 0xa0305f4306f0fbf4, - 0xf24a6cdad69062c1, - 0x193310c1c542ab5e, - 0x34b6461663f4fe2a, - 0xe7a085a783023999, - 0xb5ce7b9c96faf8e0, - 0x7552f4cfa41a306a, - 0x2f174937af08a752, - 0x1a0cef0caa379120, - 0xaf994027adab, - ])), - ], - vec![ - MNT6753Fr::new(BigInteger768([ - 0x9720001bc9352497, - 0x26db06d9f4127454, - 0x9cce839d50eab099, - 0xba25501620cf63a9, - 0x795125f6eb018f87, - 0x694e8cec73b544f8, - 0xdb77a066d8a2cdd5, - 0x7aabd5789a9eafe3, - 0x178cc6b3542ceaa6, - 0xa6ac0cd365b9c275, - 0x122759efe8da9356, - 0x8e1dde78adb9, - ])), - MNT6753Fr::new(BigInteger768([ - 0xa9c2b63431ec99e7, - 0xb05d41809af7e5dc, - 0x2cbd97c762aecb7, - 0x4d41c4687b6d4477, - 0x8381b288c0dbf80, - 0x50d30f6e9cd8073e, - 0xbd5d9a24ab8be9f5, - 0x53f6ff54d29bfaf6, - 0xdfcf47396745930f, - 0xf9624d429b121957, - 0x2eff2dd22352fa1c, - 0x8062baa0e970, - ])), - MNT6753Fr::new(BigInteger768([ - 0x686af5fafbfbf6ea, - 0x1e1c039393b53fbf, - 0x395bda15104e42d7, - 0x86bd133dc0ecd7de, - 0xe6edda60379dd98, - 0xa4b50608cd0cbda3, - 0x71914eaa21572, - 0x716fc727079df56d, - 0x92d198f1997ebcb0, - 0x2bc460bbd690afcc, - 0xed78f65c0b4e499e, - 0x2bfad26243bd, - ])), - ], - ]; - - poseidon_permutation_regression_test::< - MNT6753Fr, - MNT6753PoseidonParameters, - MNT6InversePoseidonSBox, - >(start_states, end_states); - test_routine::(3) - } - - #[cfg(feature = "bn_382")] - #[test] - fn test_poseidon_hash_bn382_fr() { - use crate::crh::poseidon::parameters::bn382::{ - BN382FrPoseidonHash, BN382FrPoseidonParameters, BN382FrQuinticSbox, - }; - use algebra::{biginteger::BigInteger384, fields::bn_382::Fr as BN382Fr}; - - // Test vectors are computed via the script in ./parameters/scripts/permutation_bn382.sage - let start_states = vec![ - vec![BN382Fr::zero(); 3], - vec![ - BN382Fr::new(BigInteger384([ - 0x3c2fc28fee546f2f, - 0x46673e3f762a05a9, - 0xf3a4196fb7f077b0, - 0xea452bd940906dd0, - 0x61a33d4ae39ee3a1, - 0xb0fe1409f6b6ad, - ])), - BN382Fr::new(BigInteger384([ - 0x4ca6094864916d57, - 0x2ca4974e3b8e4d6, - 0x4a05915e47dd8a18, - 0x5e6888ec4e9811ed, - 0xb1ddb601c4144f40, - 0x45c5e2dccf92992, - ])), - BN382Fr::new(BigInteger384([ - 0x20e98c5412e8a53c, - 0xb2df907a45237f4, - 0x89db0df005eb52fb, - 0xc77948ae1a2a2cda, - 0xf5ddb01fdc5f2ca4, - 0x17cd7c819448cb46, - ])), - ], - vec![ - BN382Fr::new(BigInteger384([ - 0x541a0ca7bfcc881f, - 0xf88b8f238697be3c, - 0x36e61e96d2fb8d14, - 0x1a3edaa7cbaee4cb, - 0x55a2ae58ee66a979, - 0x100171f764d62113, - ])), - BN382Fr::new(BigInteger384([ - 0x4abbd93002288653, - 0x37e17a329d1fa261, - 0xcd880c8eaf7a18b9, - 0xb0c2cd616408d2cf, - 0x5e938101f5333493, - 0x22a361e49171b56c, - ])), - BN382Fr::new(BigInteger384([ - 0x75efbb3b47ed610d, - 0x872b59023b1582f, - 0x154f1c9f55385a05, - 0x130ecac1483ed87c, - 0xc9c4f03d0a0e838, - 0x11985516d2a7f963, - ])), - ], - vec![ - BN382Fr::new(BigInteger384([ - 0x5676a2aa9827db5c, - 0x42dffaf55931d898, - 0x4df6a1acb8359ba6, - 0xb6c57235a1057d95, - 0x8c80b33063239cec, - 0xc7219289e5b6fbe, - ])), - BN382Fr::new(BigInteger384([ - 0xe17739d0259851fc, - 0x8cf3a336d885e861, - 0x5147bc1f93978a33, - 0x371ff88b2aaa0b59, - 0xc4fac8e7e213807e, - 0x49b925c3136f71b, - ])), - BN382Fr::new(BigInteger384([ - 0xe2fdff72d46fcb0a, - 0x4067d514d9cb9ecf, - 0xf51b3c5b3bc11d00, - 0xeed7a12d7d42ee4c, - 0xc8bb6a1b0a079aa7, - 0xd047e537eb9ac58, - ])), - ], - vec![ - BN382Fr::new(BigInteger384([ - 0xcd0f5560277aad4d, - 0xffe03011802d3fd1, - 0xf74446bb0aa3e8e2, - 0x5e1f3daa54d09f36, - 0x459daf13600a2960, - 0x1cd498d82eb74a2d, - ])), - BN382Fr::new(BigInteger384([ - 0xc1ca68ef9f0d7346, - 0x78bfeb6a95ea63e5, - 0xce164dee9dba93a, - 0x60f8dbaa8634a63a, - 0xfcfb923ab4911528, - 0x93128aeb82dbf04, - ])), - BN382Fr::new(BigInteger384([ - 0x16c5a3b0f84a1808, - 0x1bb720c4473aa741, - 0xe3dd83f67121d1fb, - 0x31dc7f9ff20507b8, - 0xc86761e6ec443333, - 0x6f67c54083f05db, - ])), - ], - ]; - - let end_states = vec![ - vec![ - BN382Fr::new(BigInteger384([ - 0x3600ae9dea9ba41a, - 0x17a35e3bedfc2e1, - 0x7ee93e40052b3867, - 0xc555ef28f09e84e9, - 0x1ef349664ad402cf, - 0x1c49706c59f09b25, - ])), - BN382Fr::new(BigInteger384([ - 0xbb6f865c755b9100, - 0x6f6ccbea5f0c5847, - 0x4cfd3606c21c2573, - 0x3512ec3dc6889f67, - 0xc7981de6b0710b5f, - 0x109fe23f817aa0cf, - ])), - BN382Fr::new(BigInteger384([ - 0x39de13d041934215, - 0x5370089a3da7c4fe, - 0x512952ce97e48c03, - 0xe1c26f50f4c9c4c1, - 0x1f008942e907b93e, - 0x1910b7b5453ff08f, - ])), - ], - vec![ - BN382Fr::new(BigInteger384([ - 0xf3b93ceda4f3a5c, - 0x5dcd6b6bc043fd10, - 0x8d383811267393b4, - 0x66f48dee2d1b12df, - 0xbdb9d022d8ef1832, - 0x3d7e58786b39ef4, - ])), - BN382Fr::new(BigInteger384([ - 0x44aa122585436d31, - 0x28935d91839eef2b, - 0xda2ba836d955d3fe, - 0x200274d572c207a8, - 0x68ea32c32bf9e76c, - 0x1b6e87d7d7bd71b6, - ])), - BN382Fr::new(BigInteger384([ - 0x65ba9efee2204115, - 0x81b822106a189c40, - 0x72b7d6e504e281b4, - 0xa51d8ac7dd820df0, - 0x1ea1f1cb92430cbc, - 0x23a85bdeb2d2dd16, - ])), - ], - vec![ - BN382Fr::new(BigInteger384([ - 0x47c7598c44ff8d16, - 0x9a2a4de7e4caa199, - 0xa64228ccfb671b, - 0xe507c52bab4c227c, - 0xa03bae146874c577, - 0x142abb97131a15ce, - ])), - BN382Fr::new(BigInteger384([ - 0x6e5c0a1b6c74884d, - 0xf5bb78ce31dc03be, - 0xe12a8aea2fdbfb1c, - 0x27806b8e798e5047, - 0xdb908a200b3040d9, - 0xe722e2590de5b3d, - ])), - BN382Fr::new(BigInteger384([ - 0xa3c9528966e64486, - 0x475589fea46633f1, - 0xd74899c26b7cc411, - 0x1771d0995b78fb5d, - 0xf4e48a25c61e9202, - 0x13751c53efdbf754, - ])), - ], - vec![ - BN382Fr::new(BigInteger384([ - 0xbaa9e75cb23bcf05, - 0x35d727f254ae75d7, - 0xacb20d326450e2b8, - 0x177c73eda4c84fdb, - 0x51f291a5f9dd6033, - 0x8788cee947e9501, - ])), - BN382Fr::new(BigInteger384([ - 0xf1b326ebc984ec0, - 0x866f44f24cf07054, - 0x5f070db622ccd3da, - 0xceb0f26208090d9e, - 0xdd7bd626dbb1d31e, - 0xa8a45f03c973521, - ])), - BN382Fr::new(BigInteger384([ - 0x32e4799fc1db07b1, - 0xbbdcbf7c6b9e2f24, - 0xf7cbd541b37e4650, - 0xd8143503afc7320a, - 0x75a91583524c9a16, - 0x1c9f9295f8bce898, - ])), - ], - vec![ - BN382Fr::new(BigInteger384([ - 0xd5db324446615bf8, - 0x96f94dd6887732e0, - 0x56020c6319093a3a, - 0x5ef153e7bc15f69b, - 0x1b87643733a4b798, - 0x16787d5e34111ed, - ])), - BN382Fr::new(BigInteger384([ - 0x4558ed95b354fe81, - 0x31ba491852c4023, - 0x98af2996db40ba92, - 0xb4c3ac53e548ec3d, - 0x96c9e81d713719ea, - 0x1eefdfa3b6b479ae, - ])), - BN382Fr::new(BigInteger384([ - 0x3340788274f54c1f, - 0xb2d040485d2fd9d6, - 0xd7df55b13440dbf3, - 0x856bf5fc77c7f48b, - 0x48cf9764e0e67a05, - 0x1816ef21b6373a7, - ])), - ], - ]; - - poseidon_permutation_regression_test::< - BN382Fr, - BN382FrPoseidonParameters, - BN382FrQuinticSbox, - >(start_states, end_states); - test_routine::(3) - } - - #[cfg(feature = "bn_382")] - #[test] - fn test_poseidon_hash_bn382_fq() { - use crate::crh::poseidon::parameters::bn382_dual::{ - BN382FqPoseidonHash, BN382FqPoseidonParameters, BN382FqQuinticSbox, - }; - use algebra::{biginteger::BigInteger384, fields::bn_382::Fq as BN382Fq}; - - // Test vectors are computed via the script in ./parameters/scripts/permutation_bn382dual.sage - let start_states = vec![ - vec![BN382Fq::zero(); 3], - vec![ - BN382Fq::new(BigInteger384([ - 0x239d004c236ddb, - 0x88d83e760e8bd5bb, - 0x2ca0f68190713e45, - 0x8f6a964f924c8fff, - 0x62a854d505daa3f3, - 0x295e6179129332c, - ])), - BN382Fq::new(BigInteger384([ - 0xa4a0f24f69849fbf, - 0x751e1bb2f93df901, - 0x6955afa141342da, - 0x3a242cea266d1ac2, - 0x4f838810d428645, - 0x397b9821248dd08, - ])), - BN382Fq::new(BigInteger384([ - 0x5985d03eb267a372, - 0x6491f79810a21027, - 0xe65805fff01b641a, - 0x3aa8f9b916f74025, - 0x7ed27d962144ab7f, - 0x17f25f1815f2512c, - ])), - ], - vec![ - BN382Fq::new(BigInteger384([ - 0x86ead0985648077a, - 0x7a50ef9f2086cc9d, - 0x69c612dbec57975e, - 0x8647aacd9ab88959, - 0x3a5fabf8692b8d12, - 0xbdb03daf76eb57, - ])), - BN382Fq::new(BigInteger384([ - 0x4409ea78e288db0a, - 0xc14e0a759b5fd26b, - 0x1ae0285264db243b, - 0xf2be0cf31a448a05, - 0xd103243aef14ada3, - 0x1189adbc498d1570, - ])), - BN382Fq::new(BigInteger384([ - 0xfa5e0c518b29c440, - 0x28cbb1257edeb8a6, - 0x7a120a8c0658b3b5, - 0x13040f12fb2249f8, - 0xb71143b9ada3922c, - 0x1ee9611738dbe1b3, - ])), - ], - vec![ - BN382Fq::new(BigInteger384([ - 0x3bbae40afacfabc1, - 0x518f05b12a86d30, - 0xa7c6c267a8c546f3, - 0xdff2338e035d8c38, - 0x45cad929932db574, - 0x179803640786a069, - ])), - BN382Fq::new(BigInteger384([ - 0xe4c488029c73ab3d, - 0x9cbea6f936421688, - 0xa733a951138f8904, - 0x9566d6bc3392168, - 0xe102fe13109c07ae, - 0x1e4c4733f9c926f1, - ])), - BN382Fq::new(BigInteger384([ - 0xbeeabdfd33d7d4d4, - 0x258d58e0edf24637, - 0x644767bec95dd149, - 0x780c156441e1c292, - 0xb0b849ce82fd90a2, - 0xb189d134bfa9ced, - ])), - ], - vec![ - BN382Fq::new(BigInteger384([ - 0x1d9b42d2a2f73ea8, - 0xb9b3cf9c1e9aea41, - 0xa3c8780de2c255f2, - 0xff9617a521bc6a15, - 0x3dfe0e09411bbce1, - 0x1872aac1dea2aba8, - ])), - BN382Fq::new(BigInteger384([ - 0x166383182fda3435, - 0x3125ac12879ae7e6, - 0x425286423e9432b, - 0x796686a5176807f8, - 0x826f8b280eb7669c, - 0x37172d9cb2e8efd, - ])), - BN382Fq::new(BigInteger384([ - 0x2fc9a35fae8c69f3, - 0x8dca72688a8fa1c4, - 0xe7a690c67ed759d6, - 0xcde98c6072dd8eb4, - 0xa4bd01fd0dbe1bcd, - 0xf556423e114180e, - ])), - ], - ]; - - let end_states = vec![ - vec![ - BN382Fq::new(BigInteger384([ - 0x27dcc9c1f001c02d, - 0x7fc9de4b5ab915ed, - 0x7c6832557c4a410d, - 0x320b95a8fa27bf32, - 0xe5c89c9c09bd67e5, - 0x65748e22de4f8c5, - ])), - BN382Fq::new(BigInteger384([ - 0x7cdb27778c5d6796, - 0xad588ee542be3389, - 0x68e926bfdd6398ec, - 0xe432240624573240, - 0x2766c91ade70f83f, - 0x170646120652b37c, - ])), - BN382Fq::new(BigInteger384([ - 0xcada65af3ba4e9c4, - 0x7e4561e9933627cd, - 0x8cb8757ddb2e0730, - 0x610ecc5beda633e0, - 0x984de49537e8c3ec, - 0x1349deb07a8f6f52, - ])), - ], - vec![ - BN382Fq::new(BigInteger384([ - 0xcfd422c316b20422, - 0xf15801f500d95821, - 0x360f5beb123f7d4e, - 0xfc13f1eabfe897f0, - 0xc70e46eea3b47d2c, - 0x14eb20b8f8cc25e5, - ])), - BN382Fq::new(BigInteger384([ - 0x18fb3a5f70545729, - 0xadc0d9cd0b986c7b, - 0xc0f502215de819a9, - 0x21bff5966fdde339, - 0xc39b173777b1f86b, - 0x1e01840238fce37a, - ])), - BN382Fq::new(BigInteger384([ - 0x70fd0a437704dfb5, - 0xc0afdaef11a41929, - 0x8a3d1c5e46648541, - 0x97c16c79daeb557d, - 0xd18b01c167ec00e6, - 0x10d02b9f59132a1d, - ])), - ], - vec![ - BN382Fq::new(BigInteger384([ - 0x1035143aba9695b9, - 0xf532c66887edbfcd, - 0xa6bd2998470d554f, - 0x831687ccd8a703ff, - 0xb75bed9a7ae1bab5, - 0x8b4c6d206c82fb8, - ])), - BN382Fq::new(BigInteger384([ - 0x7e3d0019dd9387ab, - 0x746b6db1b8c19f4b, - 0x2964ec70d389adf6, - 0x8333f2f4045ebb5f, - 0x31832aff0cd42bc1, - 0x16572d68fc8031d5, - ])), - BN382Fq::new(BigInteger384([ - 0x208b12c54d10bf3b, - 0xce12a04a890b4859, - 0x24fc1c25be961547, - 0xf8e6e4ee5cf48107, - 0x43a590c19365296e, - 0x58b7ff26592e23f, - ])), - ], - vec![ - BN382Fq::new(BigInteger384([ - 0x4f52c2933ef585f2, - 0x93b9868fb78ca000, - 0x390b415d3dda671c, - 0x7376e52933a4470, - 0x6f4cb578d987419, - 0xc539440279dc102, - ])), - BN382Fq::new(BigInteger384([ - 0x3b8ed76f186a092f, - 0xfc7e9b70f3a206d0, - 0xa3bbb0c1436c65a2, - 0xfe0aeae213ba4473, - 0x9d8ff7b60fe2b888, - 0x35cb00af8ae79df, - ])), - BN382Fq::new(BigInteger384([ - 0x1e27e68b262adee9, - 0xd4b7220a4be055ae, - 0x4ac1d5ab2530b8b, - 0x34e9beab4c8c6260, - 0xa37fff7e0bb5c229, - 0xa75e8ec286abe8e, - ])), - ], - vec![ - BN382Fq::new(BigInteger384([ - 0x9b735d2a3353402c, - 0xd4547e70eb8130fa, - 0x2438c5a8bed96075, - 0x32fdf7691a26f030, - 0xa1f649648c34ed64, - 0x22a1ead2ba837f97, - ])), - BN382Fq::new(BigInteger384([ - 0x39b0c7a9271496c, - 0xcfec5f805bdb5e00, - 0xa9aead920a13442d, - 0xf8c824e2dedc3993, - 0x81b407a948baa360, - 0x205d8c200fb40967, - ])), - BN382Fq::new(BigInteger384([ - 0xf9cc3c9cf970f38c, - 0xaf92136db468bbb9, - 0xb1c839b8e1eb9561, - 0xf92e59ecbe79cc84, - 0x34c857f5954e45f8, - 0x8344e8ada34f5d1, - ])), - ], - ]; - - poseidon_permutation_regression_test::< - BN382Fq, - BN382FqPoseidonParameters, - BN382FqQuinticSbox, - >(start_states, end_states); - test_routine::(3) - } - #[cfg(feature = "tweedle")] #[test] fn test_poseidon_hash_tweedle_fr() { diff --git a/primitives/src/crh/poseidon/parameters/bn382.rs b/primitives/src/crh/poseidon/parameters/bn382.rs deleted file mode 100644 index ec79c04c3..000000000 --- a/primitives/src/crh/poseidon/parameters/bn382.rs +++ /dev/null @@ -1,2283 +0,0 @@ -use crate::crh::{ - batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonParameters, - PoseidonQuinticSBox, -}; -use algebra::fields::bn_382::Fr as BN382Fr; - -use algebra::biginteger::BigInteger384 as BigInteger; -use algebra::field_new; - -#[derive(Clone)] -// x^5-POSEIDON-128 parameters for scalar field of the BN382(= Fr). -// -// The number of rounds are computed by ./scripts/calc_round_numbers.py, round constants and matrix -// are generated using the script ./scripts/generate_parameters_grain. -pub struct BN382FrPoseidonParameters; - -impl FieldBasedHashParameters for BN382FrPoseidonParameters { - type Fr = BN382Fr; - const R: usize = 2; // The rate of the hash function -} - -impl PoseidonParameters for BN382FrPoseidonParameters { - const T: usize = 3; // Size of the internal state (in field elements) - const R_F: i32 = 4; // Half number of full rounds (the R_f in the paper) - const R_P: i32 = 56; // Number of partial rounds - - // The zero element of the field - const ZERO: BN382Fr = field_new!(BN382Fr, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])); - - // State vector after permutation of zero state vector - const AFTER_ZERO_PERM: &'static [BN382Fr] = &[ - BN382Fr::new(BigInteger([ - 0x3600ae9dea9ba41a, - 0x17a35e3bedfc2e1, - 0x7ee93e40052b3867, - 0xc555ef28f09e84e9, - 0x1ef349664ad402cf, - 0x1c49706c59f09b25, - ])), - BN382Fr::new(BigInteger([ - 0xbb6f865c755b9100, - 0x6f6ccbea5f0c5847, - 0x4cfd3606c21c2573, - 0x3512ec3dc6889f67, - 0xc7981de6b0710b5f, - 0x109fe23f817aa0cf, - ])), - BN382Fr::new(BigInteger([ - 0x39de13d041934215, - 0x5370089a3da7c4fe, - 0x512952ce97e48c03, - 0xe1c26f50f4c9c4c1, - 0x1f008942e907b93e, - 0x1910b7b5453ff08f, - ])), - ]; - - // Array of round constants - const ROUND_CST: &'static [BN382Fr] = &[ - // Constants in Montgomery representation. - field_new!( - BN382Fr, - BigInteger([ - 0x612594bbb1b6e471, - 0x378e47c761bde158, - 0x3bc6646891051db3, - 0x5a4b437eff423c1e, - 0x9872641294446a72, - 0x10dc628330a637a0, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x648b925a912409e4, - 0x3137eb5e72da8291, - 0x58d3c520be2d4e86, - 0xb68fbeb1ab564e98, - 0xc47730e1b98e2804, - 0x20e7bb9a467b3926, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x1d51c18e15d84b89, - 0xb679e453773a1166, - 0x2e7a43308fdef5b5, - 0xfc1727f11c11bebe, - 0x34438c67b8107cdb, - 0x217f841af91c5293, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x187fec8936804a9e, - 0x4fad22235608d500, - 0x53eb48d5a7e0f37b, - 0xb540d80d00de0206, - 0xc718c0ea9b4d8ffa, - 0x14f78a64836e832e, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x21b11c3f5923a641, - 0x82421ecfad69dcec, - 0x6054cc7043a10170, - 0x414c0d35d1af8a48, - 0x3d3b2e5b0344ae4b, - 0x2539bfc1d203ef3, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x6242abe27a3fde78, - 0x6ac220eb054337dc, - 0x68ec76e4f7ab3367, - 0xeaf43afa8ed9f4b9, - 0x69b4c57bd8ffec75, - 0x244402235244c6c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xd03b987b146a036a, - 0x5e1a6737273007dc, - 0x6b3c110658ea8329, - 0x28b86415ce76e590, - 0xb4c299a0f4b35288, - 0xb277b8b1dc45b54, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x1851ccbf8ac0c4a0, - 0x7bfbabc08b8e1820, - 0x5f9e8f70cc0d89e6, - 0x6a60d3e9b2efab9d, - 0x5f00532bf5c3e7b7, - 0x163c93f958fe6165, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x2e025a1b9fc1cf7e, - 0x9d2a3926c8e4873d, - 0x815247d8b3ed282b, - 0xbcea0d05bb60e6e0, - 0x641d40f393b70f0b, - 0x49937dc4336efc4, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xc4fe4660dc170c54, - 0x6466c8bf6bae65e6, - 0xe0b937fbe714c317, - 0x1b5c3c9e3bd86eb1, - 0xed6d009f6c0f689c, - 0x1a2e64b8e1160157, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xc2677abcce729473, - 0xcc2ad5dcd10e8138, - 0xbc00ff9a08251b0e, - 0xab06e89754bdafda, - 0xaf9ee29407761667, - 0x1a91142192f16d77, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x5d3924656b2e96b5, - 0xf07dce7e5b93e084, - 0x11cb47794099c628, - 0x1a51be34bcd1f11, - 0xfb6c4a29847ed8bd, - 0xf8cd5fb058a687, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x4b6abf73349047c5, - 0xfb00fb1d0ce00e97, - 0x2c80aa15dc10fd27, - 0x6c1c172bf58bf5db, - 0xc5afa80758f61cc1, - 0x101ab8639da5903b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xee84aab656871f2b, - 0x7b59847da780fa09, - 0x9ed2e4ef8c67a6ac, - 0xd1d5e4983fb63d56, - 0x918ef129484f6416, - 0x4ed575d596b0602, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x58f3f554d7c5b733, - 0x7691b6862724e884, - 0xdeef90c871cb4e65, - 0x1e13cfc8f6e08cd5, - 0x46885ac1ae81376b, - 0x3b58110b0de832e, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x446e0dd315118672, - 0x34362a3a5782fcc, - 0x869e30e64061f70f, - 0xa2d416d4ac47e503, - 0x26e45bd23d2d5e72, - 0x1e942e7f440e111e, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xbbbef86dad29c116, - 0xafccad57e6e0e283, - 0x55db744a8ae16107, - 0xc334fcc6fe3e1d33, - 0xba84412daa85c437, - 0xf83004f4d48bfd1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb1f4a46da7d16e93, - 0x6aa9efa28eceea77, - 0x3f5a7def907b0fec, - 0xc04ad03d8e686b12, - 0xe2867b73d9b9a42c, - 0x1842fe7d5ee870f4, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xa4cab7e77ad91d2b, - 0xcc939045d9622fc0, - 0x4dfd4554bccbec82, - 0xa082bef06a3aa21f, - 0x2495c409d9b20891, - 0x1eb8aac188034c7a, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xc220e4cd7cea36bd, - 0xd7ddf157d467b5e0, - 0x9cda30e4db26a535, - 0x501d52e6919d3d85, - 0x8e3341dcf7cdcfcd, - 0x19c18a87cb0f478a, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xc4434445afe11416, - 0x93d860a5f1808a15, - 0x76a6f908b263c167, - 0x3c535ecedfcc7474, - 0xdff4b09337bb69fd, - 0x1d8146147a732b6b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x53869b602d088ead, - 0x34562e6fdf6c489a, - 0x2746687a5902c65, - 0x52fcb012dc77ea19, - 0x3932aa1140bd8740, - 0x42b278db02964d0, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x663001807d2d112a, - 0xc582d9dc8bf0fa09, - 0x2084c427cdffe861, - 0x78c456b8c3b2525d, - 0xc7758eb65b16edee, - 0x13cdf833fb9b7b02, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xc102214b726d6540, - 0xe1756cf3989385b6, - 0xaba456a472886b86, - 0xe69fc37dc73c9d97, - 0x7a8fa6d7359914e2, - 0xe5689850df5d1a7, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x1c9e227aa38dc007, - 0xbb2289a1aaf0a6b8, - 0x7c2c107cc99c14cb, - 0x46feeb0231bdb907, - 0xecf91543b2399e6d, - 0x260e275c81141e3, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xd4209b6bf5e09b4a, - 0xc4d65edcaef6f4b2, - 0x7d6c16c833bb04d2, - 0x76f8559c97e8bc5, - 0x993a8698b0af0ff2, - 0x91b038ba5c6fbb5, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x6a66939c2a3e8234, - 0x6e36f00a8c275e35, - 0x84e0cbe222635c19, - 0x64567200b6471bd5, - 0xfcae76b4aa74cbd0, - 0xc5bc9f742bf7dda, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xbe090d890c1fbb82, - 0x5f466d9dbeb0f41f, - 0x95a1b4467bc8f316, - 0xb4394875c87737b9, - 0x9eed654652634c31, - 0x21ddf7aeb3256046, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xecbd0679d0cc2e2f, - 0xb100a1ed21b586da, - 0x38954a366b39c0d5, - 0xf1199b459e8ca278, - 0xcef14e9c83fbafa0, - 0x1b06bce55c89647a, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb5fb0ccc085896d2, - 0x17d57df63f346658, - 0x59cb1ea93e0b8ea7, - 0x480042e193b0a945, - 0x352257c21f74ac58, - 0x18ec5afb2a583fd, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xf29704cee883c5f9, - 0x4cdea6c79755e0c6, - 0xabb0de810e531941, - 0x870fb7b6310a798a, - 0x91b1f1aa665000ac, - 0x22df418d022c49c3, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb0e5b193025cf63e, - 0x70e6498ca19ec864, - 0xdc620e0e6c661bb9, - 0x2ae93e3bc005351e, - 0x16ea0c602ffa4c56, - 0x1c1c3ffea1ccbaa8, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x12209b68ba85fbc7, - 0x59cf50d6cb4e97de, - 0x60a0db7096520aec, - 0xc18b7bb5fd86bf94, - 0x17cd558db842f379, - 0x10a08f25a0cc9f9, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb2283575aae39034, - 0xb00e40d02a1aebad, - 0x47fb96740c989d41, - 0x8feecc9254494342, - 0xc3a3641a41d83c15, - 0x17c5acd67472548c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x908b884bf8495e02, - 0x4fedd1613523eb2a, - 0xdf9e7857d5b4901b, - 0x1da985a29f773b6f, - 0xce5bd199e3640c8, - 0xa87bd4fc26b35db, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x939945437ccadce, - 0x25e9ed3e56dd88e4, - 0x540eed7468cde940, - 0xec37670dd2e43309, - 0xf1fc0a5beda99cd1, - 0x105dbc5c778ea0db, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x3c1023ff94b35ed9, - 0x245407c49b2d2acb, - 0x9ebd77aaed0fc04c, - 0x496e72558c5ec89a, - 0xd41ed7f1dd9d5436, - 0x1a5f1ed7d8aff27b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x61d199a03b8ea301, - 0xdebf75191444d05c, - 0xde221b14381951c0, - 0xbe532ad1c7c2fbb2, - 0xbc03d6b8a664b3ca, - 0xf2f0523c2f3b8b6, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x85ae87462afa2675, - 0xa4a639046e7177b6, - 0xb58292f4b192d5ec, - 0x4bcd2ff0c329e04f, - 0x87e1cfdc670e8333, - 0x56ad8723efc665c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x14eee3f1fa623589, - 0xfae4dbad19ac9796, - 0xf793271c6996f743, - 0xc5c55d0ea1b714d2, - 0x597475995b5ad044, - 0x2139a591e4311498, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x87ce55ad4f9f95af, - 0xde157639400314a2, - 0x20474aa26d1d83ea, - 0xf5cbb4a5e03c9636, - 0xfeb4568697e45e31, - 0x8af3f7bea74fd70, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x434a2cc78d712030, - 0x6e0d22f536b573f7, - 0xe0b1dc67d929947f, - 0x6884a2f7c44f353c, - 0xd46fdd9ce1d5b6a5, - 0x13ef30c2ed69dbff, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x7a040f4d6d94f86f, - 0x27c1ce564ddf4262, - 0xa81b7f221c69617, - 0x57c9ce680180abb0, - 0xdf3325058728863f, - 0x23dccc19d0bc5ea9, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x539fbfa2a87db0f5, - 0xa57f6e213f3bb620, - 0xc34c6cb5ddc5c2cc, - 0xf40ccbca5bbda6b2, - 0x3e306ad129c8ff11, - 0x408c61bfc775733, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x46e61f5887d07b9b, - 0xc96b76d4c5f08401, - 0xc74f6d63103d19d8, - 0xb8459c6564c47b85, - 0xfc5f6901c0b4379b, - 0x1da94c36fc845606, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x2d795708468a266b, - 0x961a55c7e1219e39, - 0xae6f2d01860872d3, - 0xab7800372cf73559, - 0x48f717b74e679149, - 0xeda31ac67ae5315, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x7137f30d73d73f81, - 0xeecb48eb237cd378, - 0x1637a75145b62358, - 0xbd580295215776de, - 0xf95009ba8b9089e7, - 0xbf303de2dabc0c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x4dd5f94cf3e3b24e, - 0xf02fcb016625225d, - 0x8a2f20c64b044caa, - 0x82ab8c456706ab8e, - 0x9f95f6bcbd936b1a, - 0x94add9e4777f3ec, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x72cec38fc44ae9fd, - 0x524c561c05b3ee03, - 0x335c6503d6ff69e0, - 0x68b763fb63724d9c, - 0x3e1d47f963a16b93, - 0x17005cec6551b146, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8d45f8b369ddbb5d, - 0xcd6da2f230c4791e, - 0x2e75ad84501b4cb3, - 0xfb6f16ad8af05c68, - 0xf43ae1565f6b4198, - 0x9c663df67c79ae0, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x744bda0fa1185896, - 0xa54e5d9454a4a5f, - 0x486c322adab592c7, - 0x49f15ba85bda0074, - 0xbb548ebcde301c96, - 0x1d42d55c1d34128d, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xdcdf4a8bfcc014a9, - 0x5731a326cd0f6091, - 0x59e4fe149f9fd6cd, - 0x37ee92e10f1f3bef, - 0x2ea7d49a2b35dcb3, - 0x1e3807bbb0193b6c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x947e60321e5db74d, - 0xeb8d9dbd8663c6e2, - 0x181a6b7b22756fa0, - 0xba33ae95d315c6c3, - 0x6f8adabe4603a166, - 0x200f79799699f8d2, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x48f46aa4c5b7edcf, - 0x81f6079017544d02, - 0xf44dc26c65bcc111, - 0x5ccb22f8e2342245, - 0x6cdfd3b3e088fa73, - 0x5dfa8d483b29d9e, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x46f9c1d6dc3a3635, - 0xdb744fdfe3a39cae, - 0x90135be4a873578b, - 0x5a9a6d05af9d75fc, - 0xd56b6c884a05cf30, - 0x128ba26e0aaff223, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x1b9ef2e1fdcad621, - 0x22fc1ed56a7c3271, - 0xb5a12609a2d85cc0, - 0xeb940b6d340c1ba8, - 0xf0c5210206945b36, - 0x56423779cbc31b9, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x29b6515a963138b4, - 0x82a4f40a10483963, - 0xaf3f3ac9f947d89c, - 0x9306458f32ecd397, - 0x993b226bd8984495, - 0x23910c546f06701b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x9a8064a6e0e0cdf0, - 0xca2db5ff06cb19b5, - 0x4ad1b252db8bcefc, - 0xa125bd8c6ee80cd, - 0xdb2b447da09ea5df, - 0x1973b1f2fc25dca0, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xefa6fc1bc0692d14, - 0xfbeacbcde0f07b9d, - 0x4da046680b1daa6b, - 0xfa142ee742f4f49c, - 0x9dec9e73eda83945, - 0x1b3ec0ffa7d9aeaf, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x9814b0e799d15a4, - 0x3848483e9e34c1d2, - 0x6f82cd22ea499b17, - 0xbff924dbb25ee1a0, - 0x29b340d84e573aeb, - 0x1a4a3b9b9a612267, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x25e1603d2672c8d4, - 0xd2a6a53a75cb5b51, - 0xf5c4c73dbb0a9e35, - 0x5c9c03c61fa094dc, - 0xbb02f422986b4d34, - 0x15f0105f67207436, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8e3b556b0e951eae, - 0xfbcd9bd056290492, - 0x9f3730541b1f9da5, - 0x8ae8e49dded74ba9, - 0x171b39226325e1b8, - 0x3b71540db8272f8, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xe801f84196a415b5, - 0xc853b94a1fcd3a7c, - 0x9562f03fd0432bf5, - 0xd9b5ce252ef78b77, - 0xe57608a901117f27, - 0x1c2b311ff94b347a, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xe2799af45bf5f7d2, - 0x479541284a76235e, - 0xf0a9940508e04519, - 0xd2d212f8be526b70, - 0xcd2f5f564c2eba9f, - 0x5080a96532ff18b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x332175a4423c8923, - 0x6cbe63b275c0d82d, - 0xbec33a42798f65fe, - 0x132e172ca2b60e2a, - 0x51cbbd900cc2c75, - 0x2dfa65296c60e99, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xe0a11f06a9ee6d32, - 0x44e2f4545749bac7, - 0xf8a8e15a15ccb7a, - 0x15d7111b564d06da, - 0xd7acbc538912e7f, - 0xd9b432f044de0bd, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x165a83a1ec85d1fa, - 0x106ba5c124610036, - 0xf4b65d8666c1127b, - 0x539454aa40c802e5, - 0x52b7cb09a98ef05a, - 0x40606e30fdd2590, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xe2180fd4b11735e, - 0x1d4e8d9294054096, - 0x522d0d21c472caf9, - 0xd974eca535c80945, - 0xc235e94823a37ab1, - 0x1afe8df0b43f34b1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xa76cacf57c6d42b6, - 0x69a31cab5ffec23e, - 0x847382df32999bef, - 0xf8a5b4629ebe83a0, - 0x9a56273965d1a8af, - 0xe3fcf60b082db41, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8c7654b932e5a0e7, - 0x83f6d3395b0fbbca, - 0x319b957a385b7f9c, - 0xaf3e99f27aff72e0, - 0x2321cad504dcd5c7, - 0x2e00ce72a6be2af, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xa2cf2778231357d2, - 0xd0392de753e2fdc6, - 0x48e5271c1306beec, - 0x703038931cd972e6, - 0x5b40bbc31ed1424a, - 0x11a32d36858681b6, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xefa9b4f0ddfd2702, - 0xc9d3e274ac5b5e32, - 0xd4ef26276dc1a95b, - 0x9d85956870fa6309, - 0x538402d6a4f95f87, - 0x20ef3e759e2b5774, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x2f60c3d89d527633, - 0xa3e0be9226ecca86, - 0xf1689ad9efa4c39a, - 0x5169a21bce1fe136, - 0x6e3540a32f9e4aca, - 0x1c975d864f6a9908, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xa08b2ea220ec0f01, - 0x86632b185d09b55e, - 0x3d0ab9907cf80762, - 0xb2f25baca5f2a8b3, - 0x604fde4a028521a7, - 0x17e1b72b82b07098, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x9035d4d6b225e113, - 0x199b7c8dad453c0e, - 0xb0124646645d7d8e, - 0xfeffddbef7fbb9ed, - 0xf7c8e24de35d28b, - 0x17946871be482e29, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x68cb8cf32f1fa3ca, - 0x8410a35992e64198, - 0x1656e4c3c8809d1c, - 0x5a7a593ea5160028, - 0x6f9884fec64ad87, - 0x68f342a7d9c1578, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x6aa1649a239a3994, - 0xf3873ada62153606, - 0xd4f0605c7c2e6f90, - 0x942229d8c0244a22, - 0x4be923475c5f8097, - 0x4c543a99bf453e1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xc6aacfbf3df91e60, - 0xcdc8779b251de05d, - 0x490ce8abcbd485bf, - 0xe07f2f206b0a0000, - 0xce85478b8702534, - 0x1fe00bbda79ba428, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xa365d86d6c8c4ab0, - 0x1df5e4d2f04cc1e3, - 0xdbb4ce154979385e, - 0x2b5184972a069c50, - 0x8aac4c3dce9136fd, - 0x2a3b121f3358ffc, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xbf66da9421be42ed, - 0x226d53670264f514, - 0x5a781ad5bd473d6b, - 0xf4d62ad2a6af1bb6, - 0x3380da9a0c1a6c10, - 0x16f0e7d19f26d09c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xe644fa4d4fb7342a, - 0x15e768944458bb5c, - 0xd528cc6f453699c, - 0xc4b9157132f26c6a, - 0xc31528ac8f8d8b3f, - 0x945a72e10891225, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb321b56b8f98610c, - 0x3ec88e37031b97fd, - 0x85c0e7cfba951245, - 0xa6d89f69de3e394b, - 0xfa3ae8fc7b87e7fe, - 0x212cc2675acfa9cc, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x357863050cee0503, - 0x1e9fc0db7868b869, - 0x586e7953b8e42ac, - 0x87386dcbd2b79642, - 0xafd688ea111ad0e7, - 0x23f60a02b4a4fe59, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xaf6a37deeb831a81, - 0x881b385fb805b87a, - 0x4701bfe082a43e05, - 0x41650f00a2d6e8db, - 0xbb2ca998e39e13b0, - 0x232f4f9687b47327, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x4f8605c1f2ca166, - 0xbbef46f7849737df, - 0x4b0fdee02ed2ac0a, - 0x532c2e3af6785dc1, - 0x7510d9520a1c3ddf, - 0x15f653783e92ba13, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x4067cab4773020b3, - 0xe5c29073725ec874, - 0xa7abb978a061096f, - 0x1c587a24de3a3b6f, - 0xfd33c6fc2986a8e3, - 0xa5fa65cce47aa42, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x533dedcc81369bd0, - 0xbdf53837b9d23058, - 0xe27b721a005b5faf, - 0xd21b8da39f0debe8, - 0x8f7f95eb502a4d53, - 0x877f53f518ac833, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xdb570121e5620ca5, - 0x4cc42224d164e33e, - 0x1e0fababde2a1608, - 0x9f0b888d97f43a5d, - 0x7d7d77d695f1a40b, - 0x1187a307034c3250, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x3bf4d0689f992368, - 0x3028683c9bf5f61c, - 0x753ab3b520ad87c4, - 0xb0ea236abf05170b, - 0x78cd2cf60bcb65ba, - 0xaba26bcf92961be, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xaa04a6057e9a5895, - 0x6020909871225d55, - 0x7c934fefedfcb2f7, - 0x35be567d72ee7f68, - 0x3a3ae567bf722173, - 0x23f5342de659b66e, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xbb1b0a89f8f674ef, - 0xb218e7f698309305, - 0x212f47513733f4e4, - 0xd7b2c046fc3c8198, - 0xdd0f369360ba052e, - 0x148adaa1a5d07646, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x3d2b35dbb9f9f32c, - 0x1df6064e3b7883f0, - 0xaeeef2fc5b7cda5f, - 0x5f569f59490867ad, - 0xab41c3c99ff1a7b, - 0x1f6af01b4069f01c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x7b08f7196f95f250, - 0xebd998a94641b216, - 0xecd17f2f0e6b7be2, - 0xd45567f5aa54063a, - 0xe7dfacc677a37ea6, - 0x131d85807f2536d2, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x85385038acab36f2, - 0xa9d46b0a174ab171, - 0x2aec8efde8e83eaa, - 0x535702cf318b0449, - 0x791e65318aadaa29, - 0x11cc5aaabe45a470, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8f47e1abf7eeae37, - 0xf81d797cfd12fd6d, - 0x1f403efbcea531ef, - 0x12242501b075fecf, - 0xcba721d0e59ec56e, - 0x1d95cca7805931a1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xd20a477c6171f257, - 0xf3733e0aec025177, - 0x58a7c392f84a3100, - 0x9e44fb173a2de05f, - 0xa5b0e85f7e550abd, - 0x775c9caf7ae3540, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x7ad7c44ee12ddbf8, - 0xc685d908e1c0257d, - 0xd21db1d7d01e1c7d, - 0x4f49944f6bd9773f, - 0x7178542947e4489b, - 0x7628c430703efc7, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x299be442511a549, - 0x7eecf2053e4f9fdb, - 0xfcda10b863099df7, - 0x893ecda9e309edb6, - 0xdfd6d782c3fc588, - 0xe064ef8fed04cae, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x208ab9b77971c005, - 0x11a5e62003b6177e, - 0xa03468532c04561e, - 0xf241db89cbbee228, - 0xe14a9a8790b67ba8, - 0x3b9ebf739eadde2, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xcfdd3f19dcfe7200, - 0xcbd8ed1a0fe60cc3, - 0xd89719d2ae246454, - 0x82bf01f10ae3d89, - 0x3cd3795a60c92a93, - 0x6146368a87304fb, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x69ec3312c6016ef4, - 0xfa5bc3577cded484, - 0xa7c91d6c06a093a0, - 0x6af99c6916f16e96, - 0xb18c021e88a175c7, - 0x1c76d7686ed24a21, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x97b3eba6b93daef6, - 0x9bb66787f505a5d7, - 0x1dcd50ca8f8b7a04, - 0xc2d2f0cb3282e2d2, - 0xe38f6b1b5b28bce7, - 0x113d44625996b66d, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xdf57996b93afc1ad, - 0xaf30f4ff3b168631, - 0xa931c3e1e775bcc1, - 0x7adce239e718404a, - 0x7c7a6a32c80a0397, - 0x1f96cd3f39c5c93c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xc5c2f205e08455b2, - 0x6fd98f231c9bbf5a, - 0xe9160824fc9537af, - 0x530b6a7df23676a9, - 0x36b9a6ee3f8377fe, - 0x1d1e1dead541740f, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xce22230822007509, - 0xac72ea574a7ce9cb, - 0xe818ca23600e10c5, - 0x5f101b62bc4256ee, - 0x2edf5dc78c2423ce, - 0x858f27f979a1ff5, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xfb99e91588851f92, - 0x334de6ac473e5ba2, - 0xb5987498886b2763, - 0x4b3dc539e53d3763, - 0x1b2f2b45c1788b82, - 0x1bf8e8124a6f04be, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8b26faf7d19cf85f, - 0xd0153d21f912ed09, - 0x7e29be298642eaf9, - 0x9e16e137643a57f9, - 0xeb50ba0623229882, - 0xf2cd70c90e5c137, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xed5975879d4c9335, - 0xbe147ec26265105, - 0xb9558ccabc1c9d57, - 0x7fa00c926e0f6ebd, - 0xb4b628e17306abf0, - 0x17156fd3629203c2, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x289c6f8d69ddaf35, - 0x1e389db66f6417cd, - 0x15840b36d2b04b1a, - 0xebdc1ac5c474f652, - 0x8cbeb6a72a503fa, - 0x16a41a19459c7f31, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x3d9801d7761cc606, - 0x8051e52278a87b74, - 0xab13d148e96d8058, - 0x3453fd74e5dedd7e, - 0x48bb90eb7286187, - 0x22460c3a490b161b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xdf286f0c78c02975, - 0x13050e707ca121ef, - 0xcd7950cc3f022cab, - 0x75f58ef17509e38a, - 0x11de934ccf45dae0, - 0x299ac12badbb5cd, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x91684a0c014dc61d, - 0x75df2538a72a421, - 0x12c39c7bbc30e033, - 0x12000da5d041967b, - 0xdeec8ba0d47a3c46, - 0x11c74d47691149f9, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xe613c4e3dd026369, - 0xd9cbe6fb91d0c4f6, - 0xa6d7cbb5ec4e707b, - 0xf08f73238bb560e3, - 0xf5c9bab7aac2dd3d, - 0x2909fa265a93ebf, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x5cf20fbd0d0d48b2, - 0xbc5fa7e7c70898a7, - 0x8e264b6c284ab7f, - 0x3483a690e97713ce, - 0xcd7ba5a6fbdab1f1, - 0x4161814bdcaff4c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xf5933f81aaf94238, - 0x1ef53b2aff05625a, - 0x51400e271d42eda6, - 0x56d38c87cc4fde24, - 0x52f37e6fd7c369be, - 0x4ff1d5e02f92ce1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8d0bbce67d7fa5af, - 0xbd8171f1d66fbae7, - 0x6510c52bc3406195, - 0x7a34305832edf74, - 0x22c815ae2893d67c, - 0xe0a06c13b0590de, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x63a5acef15bd163f, - 0x5e1292e82b660d02, - 0x7008fb440cdb92f, - 0xa722012e2b46f69d, - 0x9b3562fa323495cc, - 0xaa3b17b1693a9f, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xe5276a57d8326b2d, - 0x24216cbd2b2b3386, - 0xc6a03b315c24b23, - 0xbd6ef4ff9bb0b420, - 0xf30d7cf1ddeef03f, - 0x1836f0533b24db24, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x81a3799217ebe001, - 0x5b130e3e2b989267, - 0x39d1e9e36cb21487, - 0x4e5f75781535f1ec, - 0x588a839951b2d619, - 0x229910365618a427, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xa5c15385b840fb15, - 0xd13718215429bedf, - 0x253e95be77bbc624, - 0xf4baceb37c1f046a, - 0x5a3bfd255ab0782e, - 0xd8a4c4c43a4ba72, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xf003d683557c00a7, - 0x2e65eeff293d4c0a, - 0x782240b45e7bdc89, - 0x924b1f6b64f3e901, - 0x164db2bcb6533af4, - 0x43991de11efce49, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xfd2782d5e0d4e8d5, - 0x6da02e0ceef5deed, - 0xbfeef7aaa6316117, - 0xbf072772f2ef3700, - 0x15d320ca38578a78, - 0x29afde87db3e525, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x390972e93a070537, - 0x820cf65537fd40f2, - 0x9834888c10c3ed1c, - 0x612d06a291a63e8e, - 0x43223bfd0df37c7b, - 0x11a49225d8578fc4, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x32eeb2908138d2ac, - 0x3dc1c46f1bd91d96, - 0x3c9b7fdff2c894ca, - 0x69ab314018fb277a, - 0x9aa35d2992dd6f67, - 0x55a2460cc63c607, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xdb31badf8b3fcae9, - 0xb1d0eaedebb52841, - 0x720147e41b5c7ac7, - 0xb091b6e5ec8d6254, - 0xad26104dc2ab12a4, - 0x1a6ce6bfafc654d, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x27d211809720fc52, - 0x4abb28d977c17853, - 0x94e1bb63cc3c0bb0, - 0xeaf11f4190d56fde, - 0x55c0782e7ea21b50, - 0x3bccc01d96f4313, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb68bc0459ca55cd5, - 0x2b05f7835969ed72, - 0xe62bd13014fd3617, - 0xad8d2b9749f8142e, - 0xc7c169b169139f39, - 0x206668d88617eb11, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb2a3de5de36bf48, - 0xdd88d6ca0ab87eef, - 0x89404fc445070ef3, - 0xb148f5cd3ffa3aaa, - 0xebcef82c8cd243f7, - 0x1e33db199c53a413, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x2e4c1b10fc98ac9d, - 0x886165d8f5ff092a, - 0xaad87a9b145fee16, - 0x530c6e6999ada6f3, - 0xc648ce9ce59623f7, - 0xabe7b5c9f447b18, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x3b870ddd75a8f5a6, - 0x88a013fa5eb99e9e, - 0x338fa0e41c0681f7, - 0x7b0b00ec65ae4bdd, - 0xd4f372a65a575b18, - 0xaa3380437b75889, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x521e150067cb5c34, - 0xddd0d7000436a545, - 0x14a8ce8bb8c383f0, - 0x69569fc5352914be, - 0xdeaf9132524d6b7c, - 0x264396fbecf9b1b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x827853bab7316f02, - 0xe03670d1c54321cc, - 0x8308a184607983e8, - 0x42c94475385ba780, - 0xae14e507056295c2, - 0x16a26fa4e7e62fd1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x11477aa5d9556bf4, - 0x8cd38c9f17782c, - 0x67224e10043089e, - 0x7b9e186e002a5d0a, - 0xbd0d06a4e30ab454, - 0x19070c7b55fcca60, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb8a3fe342ae97f71, - 0xd3377f9d85582d66, - 0xc5bbee9e346f3273, - 0xac772f92c6665426, - 0x88f6df3d8a8d5188, - 0x1ac57b7c03d42216, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x7e132e39e670ca8a, - 0x39dfc3adc7832470, - 0x5328abf85799c431, - 0x7b9466f04a9da855, - 0x4508d8fac01f97a5, - 0xb782926d71e68f1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x97ccdb5a76fc0aa5, - 0xd6e16c8dc5f7e206, - 0x298ee6ab3c71d944, - 0xe55c955eb38f6c97, - 0x757bd1d9f746ef50, - 0x15fbcee358092dc1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x6c970df067c60f23, - 0x6bb6e0cc4b910162, - 0xbdc1759443633876, - 0xd076bdae238232fe, - 0xdcf4f9300f23985e, - 0x135b5481f8337e9b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x785f30aa2ebfde43, - 0xa9fdfd04c9b75e45, - 0x3e5e3a0b1e9b0788, - 0x434d0a8cdd1a5641, - 0x66425fe572a203f0, - 0xbf96a3b42165c73, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x9594db702429dcaa, - 0x91b8246d933ebd6b, - 0x8e876a1368e1cf97, - 0xa58925ee1da6aaec, - 0x9b7f96d89b2a839f, - 0x18efadb64440d441, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x46b7f122949ba9ec, - 0xc97adc943a3c2ba5, - 0x617d66835c68741d, - 0x4c346f4c88c08fa9, - 0xc9a5dcbe8c604ea8, - 0x19556bfebba49232, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x502b786484da94d6, - 0x70af0f996050c4cf, - 0x7bc4eb282e92efde, - 0x3cc13c9fbac2461b, - 0x76aae8b46515cf81, - 0x5c08f41e3b03f7a, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x378d56657a97e2f3, - 0xddaab891ec53abdc, - 0xd9b855b3245334b7, - 0x31264f18f3427d0, - 0x591a8e1df6c6a4b2, - 0x13d120a29e3925ef, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xbecd44432b5f67d1, - 0xbe0580b15a9da777, - 0xa779556318e82596, - 0x2f5f23655b3b75f8, - 0x3bb479a02e847e10, - 0xe7ddc705473f20c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x6b6e5c0337750e36, - 0x4b40e5666b9aef6c, - 0xbf8068c108601ec9, - 0xb5d92512d2705122, - 0x7559c4862202b7e4, - 0x2032a50c2573e6ab, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xef07946de19d89ec, - 0xf95925650e8fcb60, - 0x79f749f54ae1cfbe, - 0xc8eef18b542e9fd9, - 0xabeb0b79937ff307, - 0xc5f28a31dc9d608, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x1f75ce22dcc06e6e, - 0x437f87988235efb0, - 0x9086a7d80524a8d0, - 0x1dcde226b5818e83, - 0x9cf4235b8e09ec3a, - 0xe05c1eb1b19ab1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x3c7900051e7388ff, - 0xed97ec6862b48066, - 0x94f25f4b0cf7b3eb, - 0x7287aca0d13a6e82, - 0xd36f5004effbb985, - 0x4ec65397a065dea, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x9e1c766108af505d, - 0x30c84353674de042, - 0xc3f1928fdd934cb4, - 0xc1f38b33f07a84f5, - 0x8cc237edf14011de, - 0x8eaba8e51dd779c, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x48359e687edb8f84, - 0x8655630a4a68aaab, - 0x261a90d533b44928, - 0xc190d058e6c9439a, - 0x61ac3aafb82ba635, - 0x1494c0a698e52de5, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x168d484cb1778d66, - 0xdcd8c74199b11136, - 0x17d92329166b4948, - 0x312770e62ae54976, - 0x266e16d60a810e5f, - 0x4496f776caecc65, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x50a676ea4416eb2e, - 0xb9627b6dade2e3aa, - 0xf9e57d095e42f39d, - 0xb2bcd062c55c2d67, - 0xe2779837ffcb6e7d, - 0x1f4839cf7d86f8eb, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb12e1716f71ed91b, - 0x27d8de1c2a8c828e, - 0xed04b02d5c65a11a, - 0x36e916c152f6a379, - 0x44969f87c20a1ece, - 0x4408d84ceedb145, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x3154f9da4c52b4a9, - 0xaa63ca916ce64811, - 0x2d1ecb52db89a7f0, - 0x58e997f7dedb0575, - 0x79e4f19654b47296, - 0x1d231393a9bdf2f0, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x4d3fdc53d4999b51, - 0xd5b9da0c018cc5c0, - 0x5aac0fee19cb3fd4, - 0xd57a1fd78266889, - 0x11bb9ab06b1eb60e, - 0x4c61d8160747c10, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x6cf6339972418e98, - 0x5a8ffb1ed8677882, - 0x70fa9f55ea7f59eb, - 0xff82065ddffa952d, - 0xb64e7b51c8d1c03c, - 0x12f36ea40e9e5559, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x53b9ccda6e84a65d, - 0xe5b7620858f8433c, - 0x5500b6758ca14ecc, - 0x2ddea05ee984a57f, - 0x51edadd520007288, - 0x12a161d5438c36fa, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x32516c0c9d2daa27, - 0xc683c85ae5831a9d, - 0x7a44cac4c6e04bbb, - 0x86cc68ca96cb89fa, - 0xc381e214cc0f1b42, - 0x23b115b019e27c5e, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x850e0e6cc19070cc, - 0x859db81fd43d7e26, - 0xc1e21f0df3ad5d17, - 0x3ae161051f2e90dc, - 0xe056d00f6b00e52a, - 0x28943f255dcd267, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x884c8a013c5a2a1a, - 0xb069415fabf2d0ff, - 0xa8b420e2c171f47c, - 0x856ca33a62572e52, - 0xc0ebde2406ed0987, - 0xb0ecf3aa6ad07af, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8c91e15eb81fbbcf, - 0x51b38fccd0b6b068, - 0xf79c6a034f95fe53, - 0x9626cc95f96659c7, - 0xcbcccfe8fc30c289, - 0x19fb71c7406e9a35, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x7607534731acda95, - 0x4c511fddb22342ce, - 0x447ee08d9bb19c72, - 0xc4822aebfcbc2285, - 0x24c7063fbc50ef5f, - 0x111d562483ae1b71, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xce20bffa022cee7e, - 0x421f5dfca8b1a5f9, - 0x1da40c9a61ab178b, - 0xcc134d7f9db89d45, - 0xae3253acd9b18c10, - 0x15ef6c06f33fb6c0, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x2bc2f7581707e7d8, - 0xe9a0613d9bc1bd33, - 0xe24c78647b7f3bbe, - 0x2839b022c82b9cf8, - 0xed2921264b022413, - 0xb381f2aaab65f4d, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x5e6fee613014710c, - 0xf34e50300d58d054, - 0xb00bfa2f5a8bc9f2, - 0x89ea7a4f518a3edc, - 0x6b5cc8869511a61, - 0xfaf777914cb272e, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x66af9169e9f2de88, - 0xfdea808705a2514, - 0x825e10e467fb80dd, - 0x39c7cb2eb3eac255, - 0x2e9e945b2024d288, - 0x19fda157944fbf36, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x6eefb698748896c4, - 0xa06c916f6f1c91bf, - 0x24ff20753d5cf7f4, - 0x52de1724feaf5af4, - 0xf25e208ae5af63ca, - 0x102689f02caa0826, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x34b7964e39e834cc, - 0x3e775735d0955f9, - 0x88e77f88d8ebeb57, - 0x825b94779cad295, - 0x46c9b7191d5e4d74, - 0x19bfe4306a81e64a, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xa35df64b24f289d2, - 0x66f092b3aedfc3f7, - 0x13f874ca29beced6, - 0x22ea2e7a43d9f226, - 0x7414416c37789e87, - 0x3350acacfd72967, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xd2bf00b533ce6c06, - 0xb3de8680f43a28c7, - 0x730e5a196c5fc194, - 0x8c154245fb46c624, - 0x82e3241d164de917, - 0x1902e37228d9d38f, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb819eec020508b5c, - 0xcce6660568f80104, - 0x692e54d5856c0684, - 0x5a1080560a8ebbf2, - 0x56f5ecfbf91dcbb7, - 0x173a900322be09e4, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x95969670c277ddb9, - 0xc826790873bba829, - 0xfdf70609fa8230b7, - 0xa169524c68697c76, - 0x2786e0c33daa49cf, - 0x29c1b08c55baa58, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x187ae236b49eaf35, - 0xa9fe12f04dc3cd94, - 0x6f8ff94bdf4e131b, - 0x99228622c82b5e58, - 0x397a158c03b324a3, - 0x4e7712aed7462f1, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x597c7274df3d7d88, - 0xbb2a2190c7bb2f43, - 0xc664baf43bb79e84, - 0x687ee06e701c86fc, - 0x1e24d31f3dea47fc, - 0x2075c27b6a16bd0, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x99d63b17bbdf6ab2, - 0xb59d593e36a172, - 0x5ee25a9d8a1b80b4, - 0xfe38bd87369e3a98, - 0x47eb9c4c39e18c2f, - 0x150581e6c9362089, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x4f63aade947fae5f, - 0x2c2b5531556b5edf, - 0x60d8239b8fdf387a, - 0x2909f8c49bee14da, - 0xaffac27e2d83dd81, - 0x193bd69debe9c522, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xbf5239674121e83e, - 0xaebe0c92d79df372, - 0x7578c05576f91f84, - 0x49ffc0ab4e48fbeb, - 0x54c23ed221fd9853, - 0x11d63ec956e107e9, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xf459c6ac32b8652e, - 0x528db5f18f6afc99, - 0x1a502939c4f2fd5d, - 0x49600c3308ea6a63, - 0xbf0415f6ba180853, - 0x1fcdfde2b660527e, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xe2e903d9d4c808a0, - 0x7a4defedc70780b4, - 0xc8d6b3a356d34fbf, - 0x4544fe079617c918, - 0x4d0589b6193869e9, - 0x120c6530412201aa, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x5f826fc253b59528, - 0x28449323d7c050ec, - 0x62aa7b6294a2f139, - 0xe42cde6fcefbf3dd, - 0xe6339d9ba1965313, - 0x1a72b1b95874ddf9, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xd17eeae9951f047, - 0xf0dc29eb01d1118a, - 0x669f981021b78ace, - 0x8a89559daeea7f91, - 0x30a09810b5a22c76, - 0xdf7f160cf9436a4, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8be1bdbb1d48b64e, - 0xc37cfc891cdf1410, - 0x5d1ddc24edf7692b, - 0xc15a2ce1f334e6c8, - 0x3575b82b8470f86e, - 0x69117702034296a, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xd625d3dd403286e3, - 0xd52e788ef0f57130, - 0x330158b788aec4d8, - 0x9d2626ec8ea6f809, - 0xcb27c9558047ac2f, - 0x2227509862ecc1a0, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x57cc408927eb6722, - 0xf8e6c6e2fdc1d5f6, - 0x6655c3d44b5c16fa, - 0x518e71c7c9866f1a, - 0x2fc4aa2db79d1e76, - 0xef174135a6ea6da, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x865f134c6a813514, - 0x7a635641c2514936, - 0x32eef0d70a72c1db, - 0x191b7985fbbf4797, - 0x3f7d8b950abaa75f, - 0xd66089a58be5673, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xbb0bff3a43659235, - 0x81e01781d17d77e2, - 0x9042478a34860ade, - 0x9a0a4f52db822381, - 0x411fc69234f0831, - 0x18670b6257d14e5f, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xed1825b47c0970a8, - 0x6c30c692af42c2dc, - 0x7170a21067e6ebae, - 0xa88fce0e1de88878, - 0xeded4124fd263e5d, - 0x10cc27dba715fbce, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xc507cd5ca20ac47e, - 0x8760b2d002c24bf4, - 0x7a1a3ee341d2bd31, - 0xbde7a4dc298733f0, - 0x59384f9ba681de1a, - 0x1e61c79fdcbbc92, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x50ff27fef4648a49, - 0xf4ffbcb41a25f01a, - 0x11475e1c50ca75a3, - 0xc748083328fde991, - 0xa51978c881dd1657, - 0x1a8c4560c688e4f7, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x5669d2e3a299c74b, - 0x4dc3bcf4ca360bc1, - 0x79ac21ed9756f463, - 0xd03312e6a6b66cde, - 0x7dca20b390eb1db8, - 0x1011ccb163b1de7d, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xf1f28a273dc0a4c4, - 0xdd43c35dcef01c34, - 0xb2bea8ffd6b04709, - 0xc5558d2ba68fd50d, - 0xe904e61565cb64cd, - 0x113ef43883a21768, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb708e32f29816d24, - 0x23775eff7e90a018, - 0xe24a63c0e2757005, - 0x408fe0842baac598, - 0x4a99ec3cd437fde1, - 0x17eb1dd58b2b71cd, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x24190c79caae1c26, - 0xcd672499c42e8960, - 0xc1c8b951fc99dece, - 0xd636eaec9b0139bf, - 0xfcb633cc250fa9b7, - 0x1d3001e683da15c8, - ]) - ), - ]; - - // The MDS matrix constants - const MDS_CST: &'static [BN382Fr] = &[ - // Constants in Montgomery representation - field_new!( - BN382Fr, - BigInteger([ - 0x6ac1a9ca2bfaf672, - 0x8741e5775336eecd, - 0xc3542eb56e2ecdbd, - 0xc060b453f5769f1d, - 0xa0bfbaaf8550d2f0, - 0x82244d24068fb84, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x72f8f2e204bf70bb, - 0xdfaca0814998d678, - 0x5bc5bc7dc7efbf60, - 0x60c7447005c6238c, - 0x228675fb4e689682, - 0x1b23a18d15b6e344, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xef774390a82f9829, - 0x9794a1188d8dae52, - 0x8784315795923532, - 0xc572c69f9cb6de5a, - 0x59a5a62e6c8ff7fe, - 0x1fcde0449a9d773b, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x60259bca5f29a567, - 0x642332164b5a1c6, - 0x8c5fc348a776f303, - 0x4d3fdbbc5c457c5b, - 0x8d7b0b765f9aab96, - 0x15754b8d77c2bac, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb073f85139114a15, - 0xc73710f0b2754d34, - 0x5fec554b012529cd, - 0xd127ce2c88fe8e59, - 0x348d6fac251c205d, - 0x3d62705403fb5c7, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0x8fe5ed1437107ae5, - 0x3573f33f9cdd0fa1, - 0xc4f893a2a0ce03a7, - 0xe96399d2176c06de, - 0x48e6d3f03abbbcdf, - 0x22fc5a0e6c275361, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xf8e3d65ad93901ba, - 0xbf80d68b79087348, - 0x986a203c13df0dfd, - 0x28e6fee273ab8089, - 0xa0d247b5118c7053, - 0x13c1fc781c3bc96a, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb384b1e3e7890676, - 0xbf03c31fbdf881ca, - 0x202d2c8fdd23af75, - 0xeec6a4e71db93069, - 0xcd7b6a126c7c5241, - 0xc0670d904227bbb, - ]) - ), - field_new!( - BN382Fr, - BigInteger([ - 0xb5c9511701fe7e60, - 0x1d994508bb246d45, - 0xd516dd8ebf30a39, - 0xd96940aa566a16bc, - 0xc613094840067ecb, - 0xfe933fbef246789, - ]) - ), - ]; -} - -pub type BN382FrQuinticSbox = PoseidonQuinticSBox; -pub type BN382FrPoseidonHash = PoseidonHash; -pub type BN382FrBatchPoseidonHash = - PoseidonBatchHash; diff --git a/primitives/src/crh/poseidon/parameters/bn382_dual.rs b/primitives/src/crh/poseidon/parameters/bn382_dual.rs deleted file mode 100644 index a149197c3..000000000 --- a/primitives/src/crh/poseidon/parameters/bn382_dual.rs +++ /dev/null @@ -1,2283 +0,0 @@ -use crate::crh::{ - batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonParameters, - PoseidonQuinticSBox, -}; -use algebra::fields::bn_382::Fq as BN382Fq; - -use algebra::biginteger::BigInteger384 as BigInteger; -use algebra::field_new; - -#[derive(Clone)] -// x^5-POSEIDON-128 parameters for scalar field (=Fr) of the BN382 dual curve. -// -// The number of rounds are computed by ./scripts/calc_round_numbers.py, round constants and matrix -// are generated using the script ./scripts/generate_parameters_grain. -pub struct BN382FqPoseidonParameters; - -impl FieldBasedHashParameters for BN382FqPoseidonParameters { - type Fr = BN382Fq; - const R: usize = 2; // The rate of the hash function -} - -impl PoseidonParameters for BN382FqPoseidonParameters { - const T: usize = 3; // Size of the internal state (in field elements) - const R_F: i32 = 4; // Half number of full rounds (the R_f in the paper) - const R_P: i32 = 56; // Number of partial rounds - - // The zero element of the field - const ZERO: BN382Fq = field_new!(BN382Fq, BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0])); - - // State vector after permutation of zero state vector - const AFTER_ZERO_PERM: &'static [BN382Fq] = &[ - BN382Fq::new(BigInteger([ - 0x27dcc9c1f001c02d, - 0x7fc9de4b5ab915ed, - 0x7c6832557c4a410d, - 0x320b95a8fa27bf32, - 0xe5c89c9c09bd67e5, - 0x65748e22de4f8c5, - ])), - BN382Fq::new(BigInteger([ - 0x7cdb27778c5d6796, - 0xad588ee542be3389, - 0x68e926bfdd6398ec, - 0xe432240624573240, - 0x2766c91ade70f83f, - 0x170646120652b37c, - ])), - BN382Fq::new(BigInteger([ - 0xcada65af3ba4e9c4, - 0x7e4561e9933627cd, - 0x8cb8757ddb2e0730, - 0x610ecc5beda633e0, - 0x984de49537e8c3ec, - 0x1349deb07a8f6f52, - ])), - ]; - - // Array of round constants - const ROUND_CST: &'static [BN382Fq] = &[ - // Constants in Montgomery representation. - field_new!( - BN382Fq, - BigInteger([ - 0x7d3e06817fe2fa1e, - 0xe4c855556b4aacda, - 0xd3c7466dfe3ef0ad, - 0xdc8dfad17c55598d, - 0xfedeaecb451cc31c, - 0x1bae49fccd9255b6, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x754b46e688e41941, - 0x5218c793c3fcd5f, - 0xba2d939611dd08a0, - 0xf2c8cd45b84d1652, - 0xfec52f665bbf0be7, - 0x1d8fb23e0ed07701, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x179cb43091dd32ca, - 0x7018ca5f70f11350, - 0x7aa891c65140ab9d, - 0x7b58774f3f1be5a7, - 0x58d49c97590ce49c, - 0x22d837d6cf90598d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x6e7264f540297200, - 0x7e22d05a2ac6eead, - 0x750bb0bb0d9beca2, - 0xce0d22d4f9b03517, - 0x2d3abd81cc62a5d5, - 0x1e364e55e0f8e6f8, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x286abfb064d58d5a, - 0x694641c59e8226c0, - 0x32e216e3da299c02, - 0xde59f2f1fb4e0e13, - 0x46582fcca06d8bc5, - 0xd701682260dc1ec, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x3124c62cde9d20e2, - 0x9fac0ad8132a843, - 0x16a273f6243d658b, - 0x10bbd72c62bd55c7, - 0x28009a3b766ce48e, - 0xb2e1ad3015607f3, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xcd85dea0420e7da4, - 0x7655466abe3e791e, - 0x89ba0ed5c5df0b7a, - 0x696eb193eedd7a53, - 0x21ef87ad83bc2098, - 0x1436fa2898d85c31, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x2eb1bef93fa95c1b, - 0x6744676e7c75d573, - 0xfe40bfb6449c47ed, - 0xfb6f06274deb6d2f, - 0xa121c9375338d467, - 0x18c0c15fee7893a3, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9e87fc5f2c70948a, - 0xf15a84b5d6674772, - 0xeeb5b16e7841c954, - 0x195365c9174167ce, - 0x44cc3beded5210e8, - 0x9b30e2f37cf4d6d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xed5ac23cb2d7b2e7, - 0xb59479b2299532fd, - 0xd7346e61af7d6075, - 0x5379a9f9af0c76be, - 0xbc5e3f64e23b4510, - 0x1aa9539db9e2ca68, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7cca5d75471e18a5, - 0xcf738bac19bfd23c, - 0x8c7dae93f38d07d8, - 0x9928bea7b544d67, - 0x7bcbddc8941fbafa, - 0x107a0460dc3257d7, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x509d7d069c8144b4, - 0x40d6f4f4838412b4, - 0x5f808597a65e824f, - 0xf85fc0b1ae528ba6, - 0x35417bc445096105, - 0x44c8ecab50e4106, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xda7bcdb9334589ce, - 0x279866595323b253, - 0xc031ba9e9316bb4c, - 0x4d45d0a51e50ee99, - 0xd053f804a1ee09fa, - 0x1bd56aee6613e74e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc19bd1f4d113085d, - 0xa029a66df291c4, - 0xdb6338960b5b1cc5, - 0xe91b2ccb73bb8a6f, - 0xe0c9fe626bd1f126, - 0x2395daf5ba537f1d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xe4de707dc5215efc, - 0xa7fea7ecec777a24, - 0x4fccf05790993d31, - 0xc61a8ea4220b5f3f, - 0x27d4a4665ac75ba9, - 0x6e3246f4a3b382e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9d67087a4ea62ebf, - 0x59699096f1144725, - 0x2af84cf3d0380a9e, - 0xd87ee2a6d17347d8, - 0x4a81eb07be1b056c, - 0x75a5a6801316477, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9a6fd8809f12d30b, - 0x3ca61d2f47a53089, - 0x6c4d38eea4287956, - 0x154fa56675395c0c, - 0x8f865519001514f6, - 0x313964af599095e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x4ff63f6fc5645fd1, - 0x7b82f0c9b003a384, - 0x405ce50b7a794585, - 0x29e412a76ea8e5bd, - 0x692bacb4a43e915, - 0x78c400e81eaea2a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x2389a14f0e3f6b65, - 0x8598cc77c8681c81, - 0x3440e4d2dbe05338, - 0xaae1f848c7032be5, - 0x6e4f9f5529c13580, - 0x1de775da7d81ff42, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x84fe9561a4fe2594, - 0x45c754538473d54e, - 0x2081e726351ab13e, - 0x8cb323441756a713, - 0xcb4b80882f845807, - 0x1ee0fcb705dc2430, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9c0aaa37d9119bc1, - 0x575c078a99cbd829, - 0x560f505a0478cedb, - 0x603f002e733c554f, - 0xaf0e6f0f83da8ce5, - 0xf5194f8e715f5d4, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xf3561b7c1cf04, - 0xe56f7e055b0ec90b, - 0x9fb224e52785822, - 0x4c1790f1a8f9110b, - 0x35c79e9c35302307, - 0x18664851ea84735a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x50bdc2348c15b026, - 0xc77491daac514fc4, - 0x8955bc6b09ac737d, - 0xad2ea27060414f4d, - 0x7c997db5fac52dd0, - 0x1f2a5df9da5f6e32, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc681eed0e78148a7, - 0x57621f4c24529a1d, - 0x5876dd8e8ea07bd3, - 0xd28bb407c841cbf6, - 0x8b359037c71d366d, - 0xc328179635cd9f8, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xb1df1f49c37ca695, - 0x1b56a5b8a3ba95f1, - 0x9a1808171c05e8e1, - 0x596925481ab62566, - 0xa9894f79cde80b77, - 0x1818e624cc575377, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x43548437e0c1fc50, - 0x59a017d1d250161f, - 0xa2321e1ad533ce71, - 0x3430291f3dfd7b49, - 0x40e675e0cdd03d1d, - 0x1fb60b75dee10176, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9650122a9d5e917a, - 0xa8c5eb643e9680dc, - 0xebd8e0cf4b27e181, - 0x81878f28988986f5, - 0x84ecb59806b665fe, - 0x117feaed33fcaf64, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x762852a42e0e383b, - 0x2b9d56b451dfd3a1, - 0xed90a6dd9cfa1ca0, - 0xc5e6550af40ad5f6, - 0x6670b6c3cc0f13ba, - 0x5e52fd37e326076, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xe1e4e2b36aee2c68, - 0x72612c101843cef7, - 0x76566b953d138574, - 0x6286ec06a22d97c4, - 0xfb0718535ee4c307, - 0x9e580b297e1295b, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x65f93a2ead7fa104, - 0x1139a51aa674b95c, - 0xab9fa9ccab64de12, - 0x4969cab7168e67e1, - 0x2c66ed95aa8833e9, - 0x22277dba6061a1d8, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x12cb752b436c79c3, - 0xb5575ed259af50, - 0x7dccf11c775c50d2, - 0x256f41f44c42588, - 0xdddd7ae2731d6bd, - 0x1a7da4605f2bcf7f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xf17d407d066ce17e, - 0xdfea3d5a11d38819, - 0x717c2c4500c8a8c0, - 0xc4688c81e31a6bfb, - 0x2efddb7e9a1a49ec, - 0x11e0e744d9b9bf65, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x2f760135fa494ee, - 0xe4c672bdaa35fa34, - 0x1a97d2b5972454fb, - 0xb81957273e6ab4ff, - 0xaae7da73e2b6266f, - 0x1e686ac49d2a0af0, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x1eba31296647c903, - 0xbd60962fb86746ae, - 0x1b4d0d9f30fb2a43, - 0x5b25913bd3ddc434, - 0xbc01fc18fb238c25, - 0x116e17520ecc512a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x59d0c63a50610ec1, - 0x3fe0bd51fa0924ce, - 0xc6d8ebda99506139, - 0xe99dc0342673ea71, - 0x9c64cdfb11223be2, - 0x230326e1cac30a51, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x19dd66a19f2d898f, - 0xba24837495c205bd, - 0xddd6a3e566c9364, - 0xf17d2d050307ed13, - 0x8569697716a78d55, - 0x407aa69c480f0b3, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x2243ad2201738dfb, - 0x47fa258210c3c4d3, - 0xe16a2f543c5e1563, - 0x388ab7de843b5472, - 0x1e0cfdaa9aee9db9, - 0x110ccf2550e558c5, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xaeac429db7c9fc3e, - 0x7987de7d8d4db1ae, - 0x2014fa7be205236b, - 0x25907e49da254eb, - 0x3f5ffb11ff83ff7a, - 0x1f3ac24ab99ac449, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x6cc00c3862aec83d, - 0x53d9edc4ca869837, - 0x6a6faf39cc7cca99, - 0x79d17dc8f0fd7a8f, - 0x9ed37f5afbd892fe, - 0x1f954915257adceb, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x225313eda783d91c, - 0x76933610b1c2a124, - 0x521b514063a98ce4, - 0x13097fb4ee798ed4, - 0x313901195a1ea8b8, - 0xff5d28d7fe4999f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xa1c3174820850d5, - 0x168f64a76996a0d4, - 0x303146faa39efcbf, - 0xa8fc079df528ce32, - 0x34a6e6f873f78b5d, - 0x1e309d65bec39e58, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x5aba4a3eba88b40a, - 0xf127a7a57f966e88, - 0xa865a53933a2c98, - 0x7701a2b048d8493d, - 0x493e5cceb2dd3b4b, - 0x145d682927bfe049, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x6ba71c33b869a2b, - 0xe3c311ecbc20b673, - 0xc8ffec8a168b0beb, - 0xd45919cf48d19ca1, - 0xff2aeb83156f1e0c, - 0x65a7c17c04d9b8, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x4483c5ac6052733c, - 0x65bafd9ec9cfeabb, - 0x2d9af7ffe46491f4, - 0x5107fa9836303c50, - 0xb1626909c20a8843, - 0xb77644d31505c4a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xfa37aca0ad180976, - 0xadd5ca29c549ea0, - 0x4ca36d8a5becbf99, - 0xb35cc97506fba437, - 0x801b618d8f7a65cc, - 0x88bb0ff7c887260, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x74334a2589275f8a, - 0x495e1acbf42feda3, - 0x6f598447f9edd1e2, - 0x6e8bcbee242e2acd, - 0x737217d76399b6c, - 0x7605effd6db690e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x79558d730cdb0cf4, - 0x4d76ad94a57ea3dc, - 0x5a50daa4eae5be50, - 0x74dc4e343537adc0, - 0xaf57e89b8c8f3e4f, - 0xf0262b7cd58877b, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x8d5a4bfd9e8e4c01, - 0xc48f87f84b1837d0, - 0x9746d06f3c208d0f, - 0xa55b05cc96e1f278, - 0x9feb469338fd0639, - 0x164d9b54c6bbaa53, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd711a95e74aa16e5, - 0xb21b42826191468a, - 0xef2215a6e2465cf5, - 0x3be11d38cd2abc2e, - 0x6922aa004be7acbe, - 0x9a438ce38f57452, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x6f0c791d5a19f8ad, - 0x275fc4f4cf3f0749, - 0x14e6278ceb5603f, - 0x590ca23d0742e311, - 0xd523652098158b3a, - 0x144386ed9e2bd037, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xf1b912e706f95fc1, - 0x9376a60c0fc8251d, - 0xd16509aa8d5702aa, - 0xf2ad8b42c152b137, - 0x2afc63ed502bf64e, - 0x1b6b0e5558cf617, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xbe0ad82d9087197c, - 0x52bb9b60c3921550, - 0xd6087209d2c93fe5, - 0xf237aa4f495c4e6b, - 0xd7ed19ea6caae622, - 0x1ff295b91a998386, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xe7b97858a6116d4b, - 0xd252a504b677fc67, - 0xec18f05d02c43c78, - 0xa34d9af2785c6751, - 0x7441dd9d2c7386c8, - 0xb755708ab1d63e1, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x6a1966d3e49fafc5, - 0x8c1d2f21edfda2aa, - 0x1e82cd1e3a21a87d, - 0xfd8c44699c59c071, - 0xcb6db201aeb8e231, - 0xa57ca087cf89d1a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9b878aa4f5c861a4, - 0xc7a50a6ef2667e80, - 0x3b33bc9fdda7f2b4, - 0x2b2b093522416676, - 0x33c874bb886eab7e, - 0x2f7225321705c9f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x38dfe7c8970c5a78, - 0x190711550d76e4fd, - 0x8af31c1ea6981255, - 0xe44676fac09c007b, - 0x104542df1c5818ad, - 0x22a3b7d8efcf0800, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xad5aad220f28bf51, - 0xb787f8a1009b43bb, - 0x9f5c78b850cf435b, - 0x2a17d2b78b00b5b2, - 0x2a4689cf92603212, - 0x885788fc73b9dec, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x596522cf3842f886, - 0x6ba78ebad4ad6c5f, - 0x5e915622de2ac7a8, - 0xd2e59e5e9b7803e9, - 0x12c15ef046080ddb, - 0x6196d0e51609c2f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7e431c78ef003b9e, - 0x9bec5430fd198efd, - 0x7adfe197a648c9c, - 0xadc6814bdb8bf143, - 0x3ef245fbeea19ee0, - 0x1b502b659f6836ba, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7dd783443d5ade4a, - 0x8d91ab427b47d701, - 0x559737434af8cb42, - 0x5de98c39e51c61c2, - 0x6795b74aabd89d60, - 0x160214431f119d36, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x251c10d7fa7c47f7, - 0x3c5fed691f68b593, - 0x3ea6ba7614ec69a8, - 0xa83d2c9a7604b3c7, - 0x503e43021f5084dd, - 0x30d842ee24af4af, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x24a001965c5a1ba1, - 0x21a3948e442d7a1b, - 0xf262851a2eaeb09a, - 0x9a271685559ac491, - 0x5eabb60c7b9cdf7c, - 0x1368a35e372e7d9d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xcadffb361e7dd4e3, - 0xadc86c733c0b39a0, - 0x6c02ba0221296118, - 0xd1c3748fee443c9b, - 0xc04c5a63e15d102f, - 0x1a9f44a94d17649f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xadb5ac70082c132f, - 0x667ea02a0bf6f1dc, - 0x33a436e53c7eda95, - 0xea430c4a49f27027, - 0x9f7c45e34cbf6009, - 0x1ee595a24a59d641, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x28ac144f3a0b7e60, - 0x81fc47eb0a5deef1, - 0x1a14e4dd531e46cc, - 0x7dd2f07f98c3421e, - 0x531bc81951825408, - 0xa2c68961991d3ff, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x63dddc915e48446f, - 0x3a0f3d957ed21daf, - 0xabc04d220488efca, - 0x5f6b1f817b891852, - 0xc59271c2ace370cb, - 0xa4e9ffabdd62291, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x8db624d513968f95, - 0xc170025059125c0c, - 0x5abbac40d20de48, - 0xe3e20a404b528996, - 0xcd3929d5524f33dc, - 0x9c3cf17f05ad0e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9b277edb6efb3130, - 0x988064c61e7619fd, - 0x2fbfd271f9b310e, - 0xef68cd1a6799c767, - 0xba33b0055fb32250, - 0x196e91c97e27ce2a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xad6bccb6962563a2, - 0x3541e76cf2b27ec6, - 0x4da50d8dc11d476a, - 0xbd918c9990d0819c, - 0x1be2192580c32d03, - 0x13d8d818e68a3503, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc3ea077e59173225, - 0x9b2cda8e512b43d9, - 0x8d8cc70481f2de1e, - 0xf81ea731024e9e40, - 0xd7815d8494506e6f, - 0x111cc2c3474c379d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc3990a99670c6376, - 0x733fede82f6a9f32, - 0x25ccf1bdc3a7b6fe, - 0xfb1688881f90f542, - 0x1d1c1fe21fc1053f, - 0x1185a4198ce71f31, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x56e6d5ac098ed4f7, - 0xf6a50ebd6524904c, - 0x78f752af811e0af7, - 0x5c6785c73ca6a1c2, - 0x3573984c71537f33, - 0x9a4f531f29dce14, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x2acbb144412bd40e, - 0x12793dc870c184e0, - 0x99293f4107113fd0, - 0xf1f7d677ef74423d, - 0xca28475098096a20, - 0xcdb39d0b13228e8, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7326571976ac830f, - 0x2dbb7b7357c055e, - 0xfb3f0c006d85055f, - 0xb9bf39bb94ae555d, - 0x9586cd1894236411, - 0x14275986001e5b8e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x4ea34215e89e9594, - 0xb04b3fcabac985d0, - 0xc385ba3b30bb9004, - 0xd895542bb41b31f7, - 0xd4ee182cc63f49f, - 0x14429ec401d439d9, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7d9256120eea4336, - 0xc3b7c11a24f3ad9d, - 0x379d9ffa093019d7, - 0xcb24c948ffc31f42, - 0xfaa6a3f44513d31c, - 0xa73bb43e27c4d9, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x5715f91b450a2b22, - 0xbe6056637c16d403, - 0x18e0ee010694b3eb, - 0xeea2d89ffd0325c, - 0xf4d046cd2663d58c, - 0x9390ecf851c6bb5, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xcf582579e37b65e4, - 0x7cb61273ef51698d, - 0xe21caf10ff0db9e3, - 0xd23478bd96a9fd46, - 0x50a060a3b4d52f99, - 0x1de0c3208db25112, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd6799804a7c64aae, - 0x61cb60d3fa12a952, - 0x6361bc0acea399e1, - 0x64048d38061bea1a, - 0x459654a8836b40c4, - 0x110b87f12f17d2cb, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd4576d455000661, - 0xafbd7dab30d92892, - 0x42124cd19ef60497, - 0x677fc6071d62784a, - 0x2cd20ec12410380b, - 0xcdc0ec2f73389a1, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xdcd901cc066ad6f1, - 0x2c65a94ceb06c216, - 0xd2020b3627e37199, - 0xdc36db63303c1f95, - 0x77f4b5945b03b180, - 0x1a4d8e85086a7018, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x924d686e1f4de468, - 0xfb951524e511a931, - 0xdf0c374b77a287e4, - 0x571839b1986e69e2, - 0xeb1386c4838d6f40, - 0x1ba077f86ab31ce9, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x46a80563869043b, - 0xe2a9cff6e164dafe, - 0xb06e9dc8460c4df5, - 0x42b109c6b7aa652b, - 0xc3f2a1ba965ef49b, - 0x188fb3cf5d26ef98, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xb4ad19e94842f68a, - 0x30bd2dbe0a36b781, - 0x81dcc8d903d96637, - 0x17d5654d4230b8e8, - 0xf916fc51d11081bf, - 0x18d9ebe7791394b5, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x8e1a2fe58ea5b4e5, - 0xa293946be1872304, - 0x60c7c8d04a55d07d, - 0x3b4f31f25b4b992e, - 0xb0c1889e90604cd9, - 0x21de7a9924782247, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x73708f4080f1bac5, - 0x9bcd5349856d3b85, - 0xbaf65543926b79c0, - 0x1e5a0e846c2be200, - 0x75a71228b1c408d7, - 0xb00a7c04513b482, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x270e3bc92fe43b76, - 0x4508e2c719a621cb, - 0x28150cbdd98573a4, - 0xc51f19fba8a857db, - 0x1d616ccb11df5cf3, - 0x5fa245a0bce6684, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xaa5758d6b77fa096, - 0xfb86385a61da33a1, - 0xb8760cb02d62871a, - 0xb777e60379664c6e, - 0x4e35b0262a8dd1b0, - 0x4b7a81c8fbd5223, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xcb46ae413dd897b3, - 0x3c2f05238b865685, - 0xe2c71aed8f17cf48, - 0x24489fb04292964f, - 0x7297b7b70f73d062, - 0x912823646e0441d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x223a2f3352f8e722, - 0xcdd30eecbf3a95e4, - 0x17661fd46a883cdc, - 0xc4558484a5ee007f, - 0xd7b36a7acb002d96, - 0x149056a9ce282692, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xdac8476fc388dbd3, - 0x41ce264f30113429, - 0x4b75791e88afcc5e, - 0xaf0feb0d78958a1a, - 0x456677e7084f6510, - 0x971d78775774c05, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xea6db25c7f53a2de, - 0xeee885144aef66aa, - 0x2a8c170053fbed18, - 0x8bac8127939f0bc3, - 0xdebc8e0d27c0bed6, - 0xce25ea5ca6a23fa, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x2c4f6fb62d7c30a0, - 0x593571582f4c201b, - 0x7a68b9459c6eeff2, - 0x582e48599c7e5b87, - 0x2de3f60125b3c492, - 0x57b622e2b54bc08, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9767d665a4befb9b, - 0x36869114281a8fe0, - 0xa96fe9de70b3d14c, - 0xeca0a53acbe1e9b1, - 0x92a46fc52c530cbc, - 0x1f7223adb838d6ca, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd14afbb062ec7466, - 0x7f573318281e44d, - 0xc0f3907c7d65602f, - 0xcc358ab3ede53284, - 0x3f108fc02249b5d6, - 0x2037000b310a41af, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xe3a7f5a60c842ace, - 0x291591469e9e388a, - 0x1970ce92c091bc14, - 0x281e0bfb36af26d, - 0x4cb460106ebc8464, - 0x1a4972a7abd72a9c, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xeb37f3044a018cfa, - 0x740b4f1a24b705ba, - 0xab5191ec02196fb8, - 0x5c602ba23ab4b6be, - 0x14cc18a48880bc74, - 0x45901d587c632b5, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x4d03f8feb4e29412, - 0x1312da11e9d6c3c7, - 0xa3f3f447ae8c2b18, - 0xa3d46cb6d3aff0e7, - 0x6b3e6e402cd32755, - 0x2115dbd506bd9ff3, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x5b3cc958ff25a816, - 0x40e1fafa7d8d0df, - 0xa303af264ac204cb, - 0x89d91f2e5a0012a8, - 0x8786e0c8fe120512, - 0x1ca3fdd74b72c550, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9d8b280bb3ffe753, - 0x85997448639561c9, - 0xa271b44e64ea857e, - 0x548f79af1b6a409e, - 0xc9327aae6474fda2, - 0x2365e24750970de4, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x46ecdd73a74b7d1e, - 0x3a7e9631fcd5239, - 0x455987279a668aa, - 0x558388ecb2c5db85, - 0x5512f9cffcadb1ec, - 0xcbf236439e73c6f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc05b829150faa3a7, - 0x91a4c4c6640887f0, - 0x9b78c67388127cc5, - 0x96f6c4c796961820, - 0x3c32c42953807d1, - 0x1f80990d61726ba7, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x146f4d6db64519e5, - 0x4f1c67e5e1696854, - 0xa74bb64530ffebb8, - 0xb2147dfb425d992c, - 0xa1c937be431909cb, - 0x1ff0475c68d6f42f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd3ac2f1875a1e4f8, - 0x541ac2ac1a33a705, - 0x5856458d6dbf42d, - 0x9c5c28e8c894b748, - 0x981fa30f407cbd38, - 0x1124b071e2840bdf, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xbf7a8f2ba373e34e, - 0xb0e6d67cfa9b525d, - 0x5e82bbcefe9a8f65, - 0x94bfdb0881563f6, - 0x4f95c9e067a860e2, - 0xb59e5fd70c41736, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x99bd7e328fd74e6e, - 0x6f40a78a33d0477c, - 0xd7a3ce8774f5c5d4, - 0xbefa4c401655b3e0, - 0xceed628ce16401a9, - 0x1771f0c9ab9e01a0, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xaa33d3105c11d030, - 0xb4206b4274144118, - 0x71af41702c20aa1d, - 0x4b81d549f01a3bf, - 0x9e695344a20872cd, - 0xd9da4aef601b64d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x19a6aab308d8fc38, - 0x657996de7cdc0288, - 0xbabc456e42bebfc1, - 0xa78a28e83141031d, - 0x4786071361f1cdb, - 0x19eb1a863087b891, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xf4fbb1fa6558c0b7, - 0x6b24b123ee40321b, - 0x92074c3648a99b35, - 0xf3be03c28c26611d, - 0x1df77967a66b292f, - 0x1a1daaedee4baa4c, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x3a82f327f9606694, - 0x7291e98c9363473d, - 0x7b0b80ef86a287a7, - 0xdf1dcf2ccdc7506e, - 0xaff515139c07264d, - 0x23d7670fd063e7c0, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xed50a3abeb5389fd, - 0x165e2b2728cd4440, - 0x7aa64cc11dc70781, - 0x4ff0c136113d2d3b, - 0x823c918132409328, - 0x139d6ff9a0fbe6f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xba6c752de6036dba, - 0x287bb7c856fc951, - 0x5e811f9882ea22db, - 0x7b92e32100367c87, - 0x8aac4c9e772db556, - 0x12be4d6b3d608d6e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x61e0975aa3cbc721, - 0xe837cffcf71f4387, - 0x2a5eb9ee35e8eb2, - 0x6157fe03aa9edc19, - 0xf9454bf7e9d8d856, - 0x1e0d0c1935346420, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc9479abf4cb7c45, - 0x6a3f08b15901988c, - 0x4cd230c93832ff25, - 0x7a94cd892bfbae6d, - 0xb7c7ea2bf8fa825c, - 0x1477cc8413069412, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x8db7f9df9aca2466, - 0xa003378e6f470e35, - 0xe1595479552688c8, - 0x140789fcf6f470d2, - 0xf43fe45a3ff8c0dd, - 0x13eb14c4ba26f086, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xba11304404e55714, - 0xd7a5ebffa7108c41, - 0x7fb72486c2e5fb72, - 0xec3d576731687f6e, - 0x77944f261dc6ac2d, - 0x1c539ae5469b07db, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xa56715ce64d6d51d, - 0x2b0fdc813d82ce81, - 0x67dbaa19d64ebb14, - 0xf28425a404173a4a, - 0xb44df750f88769f, - 0x165d737d22d40d8d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x38d54f187254b673, - 0xdb8329159cfc7d0a, - 0x341b5e6877f9e5dc, - 0x308eeaa500c5fa7c, - 0x147c7b04a5686654, - 0x1e0c1343a2f46ae9, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7d0a7817339648c7, - 0x6d2bbe2568bd122c, - 0xb1d022c56deacb8d, - 0xf3a2157e7c0fb9d2, - 0x32a928690f5785eb, - 0x23d36f0efa20bec6, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x1ba73d3f2039a551, - 0xb20ce85ee313b7a6, - 0xfda26ce92468b557, - 0xa536e7778b08ab31, - 0x55b343ab2a03877e, - 0xde0d7750338de90, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd14e2e58bd3a3600, - 0x52cc43605ccb7878, - 0xd45ef99362259a19, - 0xdbd620a074e674f4, - 0xf1308b7999e86648, - 0xd99b203be30299d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x2d258c64a39258ae, - 0x95770a7d649b2751, - 0x5ceff0d392b75775, - 0xb0d5088aea922240, - 0x2eda9ef8e22238b1, - 0x1eb3a2847562c989, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x64c5a9976c34367b, - 0xb36428fcf75e189c, - 0x515c48a6a206d639, - 0xec7b8d3827ea6418, - 0x242306fe1c4c55e8, - 0x1e63d46e2cfa5ac8, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x45a449fb632a6ea1, - 0xc758b2694916c9ae, - 0xc4cb7c8fa5904b63, - 0xca43dd46ba5aa36e, - 0xc34770489b356a87, - 0xc2fbf2fca9a77d2, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xeec6c112251e481, - 0x1c6857cf9941a068, - 0x688ea495b579093e, - 0x51d0da22ae2e8e88, - 0xb39e86163126d812, - 0x227aae148627caf8, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xe74a3f48e86fea2e, - 0xd0aacde6489a7b13, - 0xfae7d18731b7ca32, - 0x9f383d76e9c81ec4, - 0x9b5c879911035711, - 0x991664507056f46, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x323b0d71397ebaa5, - 0xd7f3d3ea938134ef, - 0xa064e9462c589493, - 0xbd21225d39e11944, - 0xaee1c83237ab6fdb, - 0x744d5aab0f1154a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xb9f070ac75463fab, - 0x52c1d55cc512c1ef, - 0x17a0e056654f5771, - 0xdf40372a1d2cda87, - 0xe3f2dc081747fa47, - 0x1eacdfbdf93b83f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x3fb40908a6af991b, - 0xdb8e3ad754fb1b05, - 0xf0ca408ff4260bb6, - 0x724a1491dad7e2da, - 0x799badb10eec717b, - 0x16d7513dd78dbe80, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x622d9fad56102378, - 0xc006938896526de9, - 0x35f38c1290e7706f, - 0xfac8725935829b6d, - 0x5d04e3dfa16fc2d4, - 0x3b154e70a17f9e6, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x281ee6cd03d6a761, - 0xa1042b8794f7ef58, - 0xcb66d5b539a7adb6, - 0xc36ff447f5378b46, - 0x7fae60474ae15653, - 0x1f9bf90f2a259054, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x2ff1497169822a09, - 0xfbe99c36690a05cd, - 0x3652ed9ef2dca99e, - 0x927baf0f74563ae2, - 0x73a8b390017e502e, - 0x1440521166668284, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd1916119637fa5e9, - 0xd454c90c89389c66, - 0xf479a0c8deb8865a, - 0x32982975bfbb0739, - 0xe0a2dade98190398, - 0xb9b1fcda1ed0d88, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7a5c42fe5004bbee, - 0x870b992532c7ec69, - 0x6e5e0bb83dacc6c5, - 0xcd304188c3674c3a, - 0x65020c69284cc361, - 0x217f5f53e3379ddd, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x186fb6dcf55b541a, - 0x33808954d7e6e696, - 0xf72b728bc765d0e0, - 0xeb287542941dc3b5, - 0xa460f5242f3d2a99, - 0x12dea74e20511847, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x56a8b5c7ab465750, - 0xa85596f010b9f395, - 0x8c0d1516ac13fc3d, - 0xebc4ab3e7779f074, - 0x46908169bee2a8ae, - 0x211c205a812f6e62, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x4f1a7a692b818a56, - 0xcbd0e353e8f7f4cc, - 0x886917652a9c3fee, - 0xa9037c8e67477fe, - 0xac035ddf8e176ce5, - 0x23d8568d4f9f1b8f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x59d5db51e5b3aca4, - 0x39ed6b782cbd472, - 0x8b59b0612ce3ff84, - 0xab70aa79f61680de, - 0x5ed9fa83db412c51, - 0xb6bcf9d8f4fdedd, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc46d1e4e9b063124, - 0x22fb889539d315a, - 0x605ae51ce39fb701, - 0xce27f6dc690c5d31, - 0x5b21edbe47138fd0, - 0xbf9244e5d8c724a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xa4b893db7265d28f, - 0x27840a56c73e0e90, - 0x665109d3d3c5bcbf, - 0x36e48aabe2c53f02, - 0xe91dd6d198a41348, - 0x15e5c81319388e50, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd3b35835ce2f5568, - 0xc9d87caafdd70880, - 0x63c0aa7690deb97c, - 0xddbe32dba15ec989, - 0x6c0ecd498f7abd9e, - 0xa97e9163209e830, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x6d724e6e54fce9f7, - 0xf3cab2cf84bcb7a7, - 0x6512228511d8b645, - 0xcc09e60d2fcc95b8, - 0x8b69c789dfc5d84e, - 0x1e318fa8f5e2435, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x67bf7dcbbe25b1b6, - 0xc9210e60b8edf434, - 0x2cb9649613583586, - 0x999917c7c1769441, - 0xb039646cb40b3cc2, - 0x60d7ab47bd4fa32, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x185c925eb60646e3, - 0xec905576c7c038f8, - 0x623462f3ee26f348, - 0x3d3f2a4cffdf186, - 0x714a88b6868b0c93, - 0x5cefe3f902ec4ce, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xbdd8c952c824ee91, - 0xc50e750144e8daa3, - 0x6f72775ecd9cfc99, - 0x4b8202acab657528, - 0xe91b332b3a32cb01, - 0xdcd5bb998a59f25, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x35ff043eb0a259ca, - 0x8a19d1a07add11d9, - 0xd5a7f65a7e98e76f, - 0x1d1f5e3d7b67acff, - 0x1f3160260ad5d071, - 0x1f49f4f4c4bb0a73, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xcd2d09df5d799ab3, - 0x301c5e78c75ec61f, - 0x3dd659aed620cb5a, - 0xf49ec1aafcddde8b, - 0x9a5900a61f200d79, - 0x12471025c1903c3a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x1b70d555e2ca135, - 0x8b25fe3158b211dc, - 0x423cb7743e56cdd2, - 0xd83ec2b68f32a3cb, - 0xafa31e76172fe97b, - 0x1284a8d884504da0, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xb4e20ef9c167092a, - 0x25e23e7643b2353c, - 0x2e9a487d6fcf0e27, - 0x22017a054baa0dc1, - 0xdbe5fb651269e627, - 0x175f982ef538845e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xa230125cae01ca06, - 0xb60ddd805060bb65, - 0x781f6358fdf35cc5, - 0x27ec26272ca9279f, - 0x223b9b925145c7d0, - 0x15321c7999c2c790, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x299cf1feb0967100, - 0xe1c814fbe77f0aad, - 0x74f1a6571a1bf4c0, - 0xc5b00355e3f71462, - 0x42959e6fca317d1a, - 0xf6f766752fcd031, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc90630575fe8926f, - 0x4beecf53beecc9e7, - 0x3ec5c23ff79d26e7, - 0x82b9ae9b2074a975, - 0x3275d3335a5b61a4, - 0x17e60476ddc00394, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x61ca02d84e446d4, - 0x8bf76e3afbf222cf, - 0xe3f845d9b5c526d9, - 0x31a417dccde139c4, - 0xaf451639027fa0a8, - 0xa5d949c5ba734a4, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x684b5d5dd06452, - 0x81873d5c3a927f4b, - 0xf3ae7d878b53045e, - 0x5b12585266e9ffc2, - 0xb6a33967c4fcd23c, - 0x1fee25b968a19460, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x28ac05b45525aee6, - 0xe6ec0ec78f89e6be, - 0x763da0a94ffb1777, - 0x9fd9806cf8e0377, - 0x39853681df51f01d, - 0x10e884b847588f2e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9ba33a2b8e6d3e77, - 0x2375fd431e4f63ed, - 0x287db763b1775b1f, - 0xb444aa043a658005, - 0x108dc7af1268421e, - 0x203df7ff4b1018b9, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x77cd2254a1ba4727, - 0xe06d00860400b3e, - 0x3a834592427d51b0, - 0x812b436e8d62d10e, - 0x84f6075d99f256fe, - 0x1c5a16937066e01e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9a9f5e24b2de8f9, - 0x5686257bbbd39f6f, - 0x838a747f765013ea, - 0xfe45b64bc9bd029, - 0xdb964863079a7c10, - 0xc919816e59ac26c, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xbe21b3621c08586a, - 0x2724d1f62e184324, - 0xa02bb0baa99fa2be, - 0xde816314ae73aed3, - 0x3667d7ef0501a531, - 0x20737843e7abb3e2, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x935770455d764bed, - 0x978193d2ea32671c, - 0xc080a64d91aa30a3, - 0xf373a04cd5ee7205, - 0xf6107d1a4eb5e7d7, - 0x12360610e1533edd, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xe0708f8fafeb7e9b, - 0xf940ab183d24b34c, - 0x2c6306a03e773c24, - 0x4e8e976d3e59aea, - 0x5020c2ebb299d0d0, - 0x1aa2a3dda80c1b3f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xf853f29bcdb2b758, - 0xdfffd08ae4750820, - 0x685519bec7ef0e89, - 0x2eac74c3e917edf0, - 0xaaea4e1001653ce1, - 0x98d7d48d1a81695, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7425e6b4fb03ff8e, - 0x2105558124998e6e, - 0xb798777e99bb4557, - 0xe28f58384b8d7d16, - 0x5143f5e56d13cfe8, - 0xcae8a8711f32f8f, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xb6c46eb0b3d4b33b, - 0x7c2cb08899d9edcf, - 0xbd7c3b37d41cf642, - 0xac04c8564fe08058, - 0x6b1caede28480bac, - 0x21fbc48be334a5a9, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x9f938a64de6abc09, - 0x4627eef381040b02, - 0xd9d5fa5d8d96c84, - 0x33ad95824019e9d9, - 0xd917accdd2b13a7b, - 0xb2d9874e2a62cb1, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xa5ffbdeb2ea110be, - 0x766bde9ef5bd7107, - 0xd9f698f2bf09048, - 0xe276b168a207b6e1, - 0xb690c8fc42b71e91, - 0x54df5846a5e813e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x24db87d6e4d6709, - 0xbf1197219274c2f3, - 0x471d23fef55f04aa, - 0xecfcd4a4fa627c4d, - 0x95421db58854eeb4, - 0x1d20e6d69f5e945a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x3348360c91c59160, - 0x2a1db34c49353e2c, - 0x44ee4803e36b9e87, - 0xedb38be161db8745, - 0x28e53ccbd28bceb6, - 0x93366d44b72a28c, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xaf2ca5db68a78c48, - 0x509dd080dbc8d3cc, - 0xa81246a0f655ecb0, - 0xb426bee485d33879, - 0xce02523041e91e2c, - 0x1d89a23c703a2b30, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x19d38b7daaea3530, - 0x49657e8d58725c81, - 0xaa4d32ba5d860a1e, - 0xb229e9c836f1b38c, - 0x6cbc121177f093a6, - 0x21ad1de692351f86, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xa948ecbfca226399, - 0xe953e15ae5a5369d, - 0xc33a0a0ef1d1f5b, - 0x8af264c523f5b377, - 0x84ac6d77cb262d37, - 0x13821cdca29e6d4e, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x62312591f619fdc0, - 0x5d33a1df255325a7, - 0xc7e5649004526bdb, - 0x60ec4c76f23c340f, - 0x46a13ab95d03d2ad, - 0x1069188d2c9a5a53, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x3010e9acec9096d7, - 0x2b203ae92f8ed6eb, - 0xbd7a5a549decffaa, - 0xb22773183e3ea1d7, - 0x476b4cf2ed6f4126, - 0x189c2d6451dbe104, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x75513c8a0fa7fafa, - 0x5e35eb4662658a04, - 0x573426a661704df4, - 0x494f8eb7d41ef30d, - 0x46bb978e4987b42c, - 0x1162126adcc68ff7, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xa06cc2f15a8dcbfe, - 0x7f57f8d71e46e63d, - 0x612d8f679804b0ec, - 0x49a7e74b1ca8b3f9, - 0x91fbf9a3ff6c31ed, - 0xe0c50bcc47c86c2, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd8df2f0db3aef3ce, - 0x5d04e468adcf12, - 0x308980a74c1e4ce3, - 0xb5637748d790029b, - 0x3e7e1a564eb69c80, - 0x918465ddb6b1f44, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xf2fb32edb2515c6, - 0xf0cd212a371e1e7e, - 0x42a08dbf3d6f4cbe, - 0x649d9ea1b64ffe30, - 0x8c9fb237c238eba, - 0x1a4303f272d8bfa5, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xa1eef4849620442, - 0xac71ab32dc6f2775, - 0x84e1d19794f4dcc0, - 0xd7fec7abdf034aec, - 0x7b56d5f965eaea8a, - 0xd1f5994cd986d19, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x5c43385f49919aa0, - 0x7f250b2827c9a0c5, - 0x6cef909a571df578, - 0x83061f78d24752d4, - 0x607cf5724015ea5f, - 0xa6b4c97124db01d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x84cc4779f63ea86d, - 0xb9236de88b1b527d, - 0xadcd29b3e5aa0584, - 0xff0f794959835122, - 0x759445ae35be11df, - 0x1ebfd9ae8a59b8de, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x774979a98aa1a428, - 0xd28d6db4966dbf5d, - 0x9a81829346be995a, - 0x8ec9014e3a48293f, - 0xbba6121dcc7f287b, - 0x6b9821b672e5458, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xe8832dd2179b057d, - 0x1e20be80b160ae61, - 0x851cf07e9dd9b05, - 0x811cb0153f9d5b2f, - 0x1226419b4aa0b45b, - 0xec23a9e2774b9f6, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x35fed0092c2121bd, - 0x86591ea9267c848b, - 0x116024014ba4cf84, - 0xb6199a51a489c6f9, - 0x822564eff591e51b, - 0xd55fb2c5e4ece87, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xc6dcc91fccd7aac7, - 0xcf9ab43fad117528, - 0xdeb1ccf32d4c5880, - 0xa9c96ac7913281be, - 0x158f32784daa2e36, - 0x111426d7ea57ce16, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7b1ce60e4e42885, - 0x57263ac69ce54243, - 0x1f6978230085216b, - 0x93706bb6f8fc3f89, - 0x367aca6758325d23, - 0x12b511e38d0d16d8, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x3bc7aa5c339dc68, - 0x73365851862aa04a, - 0x9e0057832f283402, - 0xec4624b3010b16de, - 0x4c899e803dfa6683, - 0xd3fc3bc3b2d083d, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7be36f2d192d31d0, - 0x245a34a523dccf46, - 0x57b8423ff597eb2c, - 0xb1aa67289cf52bcb, - 0x5eee2e2d650639e8, - 0x2bfa6fbdda246cb, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x32079c180dfce428, - 0x10617c87f09b343d, - 0x95034dde23517d1a, - 0xafb1d3a4c2920d91, - 0xe2eb69935360d32f, - 0x3682b6074e77476, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd8d5136b2b6feac2, - 0xcae96ba0e8c7e57f, - 0x10f720c7818d1583, - 0xff669a8147cc34ca, - 0x7c1c1c408f32b9e0, - 0x1050bdfeedcd74a6, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7f8efa59bb904972, - 0xfb2614eb7cb968c0, - 0x41673203aea2b0f0, - 0x292e62ce6587a915, - 0x26e1377d438055c3, - 0x1041c909c7a54986, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x78ca1fec56fecc31, - 0xaac71b8644aee19a, - 0x49cb7370ea9445c7, - 0x108ef1c4ae528cff, - 0xead47030db3e7e12, - 0x98c367b2789e318, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x690b3ca2b6c19d51, - 0x58f12a81d28bd9d9, - 0xea9c0b5e33186f40, - 0xc05b840a2ba60075, - 0x653af412e1c7ebb3, - 0x1606f2057e47242, - ]) - ), - ]; - - // The MDS matrix constants - const MDS_CST: &'static [BN382Fq] = &[ - // Constants in Montgomery representation - field_new!( - BN382Fq, - BigInteger([ - 0x397857d68200d574, - 0xd28c82874875bbbf, - 0xbf3116276a5e626e, - 0xb46843e785373cf3, - 0x554aa7d66761bfbb, - 0x5d19bdb71778541, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x42ed8e29c99e77d4, - 0x9b3dc99fa8df07a8, - 0xbea39276a88b451, - 0x68cdc36cda06aeb0, - 0x2df13cc054c8b0a5, - 0x4ba3b0a7edcfcd2, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7bda16389c0b7c78, - 0x588241e53a63bd27, - 0xcd74903a17166291, - 0x6b2a803c4b730a56, - 0xaa47fc73540f793d, - 0x1047d90f1d8ea82a, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xd95f6116b09b3c00, - 0x90922c88c1601a0a, - 0x333b6fb8ab58e678, - 0xd0610aab079c52d3, - 0xabdb85ae6f7328e6, - 0x1840e3671d26102c, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x8b12b7a7a81b57a4, - 0x50d95243b50466e7, - 0x7536012d01d2f5d3, - 0x342d728a0c0c024a, - 0x88e3f4607910e62d, - 0x51e550fd0093c84, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x7af610cb8bfc9412, - 0x558d20d6cdf0db03, - 0x12500c5fd3e2c8be, - 0x612de2568ed650cc, - 0x9eae6a30c7e85c0c, - 0xceb5127234d64e9, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x43a12d2da4f0badd, - 0x4fd4c419e435fa92, - 0xeea1e6fbe17e2c8, - 0x74b696b28d5da145, - 0x2585e1ab409b40b8, - 0x18cb0c351a6caf2, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0xbf302ec4ffb0388f, - 0x7d4f228f6851cedd, - 0x19dbefc2e70045b4, - 0xe2bc0b0a9e85b446, - 0x28292dabfa5a02a0, - 0x619cb1cbd979687, - ]) - ), - field_new!( - BN382Fq, - BigInteger([ - 0x72a8e842794dff45, - 0x48523ee8e5a68cd9, - 0xa863bebe796b98dd, - 0xc03bb379b5704529, - 0xe051c36ffb1a63ee, - 0x1a68d07f893e235e, - ]) - ), - ]; -} - -pub type BN382FqQuinticSbox = PoseidonQuinticSBox; -pub type BN382FqPoseidonHash = PoseidonHash; -pub type BN382FqBatchPoseidonHash = - PoseidonBatchHash; diff --git a/primitives/src/crh/poseidon/parameters/mnt4753.rs b/primitives/src/crh/poseidon/parameters/mnt4753.rs deleted file mode 100644 index 830b6da70..000000000 --- a/primitives/src/crh/poseidon/parameters/mnt4753.rs +++ /dev/null @@ -1,4043 +0,0 @@ -use crate::crh::{ - batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonInverseSBox, - PoseidonParameters, PoseidonShortParameters, -}; - -use algebra::{biginteger::BigInteger768 as BigInteger, field_new, fields::mnt4753::Fr, MulShort}; - -pub type MNT4InversePoseidonSBox = PoseidonInverseSBox; -pub type MNT4PoseidonHash = PoseidonHash; -pub type MNT4BatchPoseidonHash = - PoseidonBatchHash; - -#[derive(Debug, Clone)] -/// x^{-1}-POSEIDON-128 parameters for scalar field Fr of MNT4-753, with an MDS matrix supporting -/// short Montgomery multiplication. -/// -/// The number of rounds are computed by ./scripts/calc_round_numbers.py, round constants and matrix -/// are generated using the script ./scripts/generate_parameters_short_grain. -pub struct MNT4753PoseidonParameters; - -impl FieldBasedHashParameters for MNT4753PoseidonParameters { - type Fr = Fr; - const R: usize = 2; // The rate of the hash function -} - -impl PoseidonShortParameters for MNT4753PoseidonParameters { - const MDS_CST_SHORT: &'static [Fr] = &[ - // These constants are in Partial Montgomery representation with R = 2^64 - field_new!( - Fr, - BigInteger([ - 0x1b06b82936573768, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa8a66953a924365d, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb412c015510c2717, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x351fdbd63ac0afdb, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x302be8e2c8e27f02, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7dcdc338f53308c, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5220f8b41dab7db4, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x524543d141024c82, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x3657a2432f363f4, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - ]; -} - -impl PoseidonParameters for MNT4753PoseidonParameters { - const T: usize = 3; // Size of the internal state (in field elements) - // Number of rounds including security margin. Without such, R_f = 3, R_p = 58. - const R_F: i32 = 4; // Half number of full rounds (R_f in the Poseidon paper) - const R_P: i32 = 63; // Number of partial rounds - - // The zero element of the field - const ZERO: Fr = field_new!( - Fr, - BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]) - ); - - // State vector after permutation of zero state vector - const AFTER_ZERO_PERM: &'static [Fr] = &[ - field_new!( - Fr, - BigInteger([ - 15380592374319684711, - 6376564341100455372, - 2062102260953380452, - 7842349685152257866, - 10373589506956732364, - 8620359571792471768, - 17469280520975403298, - 7325805863422861914, - 10045888571221403107, - 1056204775948344815, - 10909741368077396356, - 257713037619667 - ]) - ), - field_new!( - Fr, - BigInteger([ - 16528462235314733357, - 15498062440155990321, - 684862438054371890, - 3177002760439964894, - 5766073008164964717, - 16124581840022168595, - 14158624266684372130, - 10661010654145755481, - 10871622636226693964, - 13768276705033767899, - 14316680955574988959, - 423626683371407 - ]) - ), - field_new!( - Fr, - BigInteger([ - 3754924348498419949, - 10945477307373304816, - 7739835231918526866, - 10282987044716712108, - 7179192226677623939, - 1357833339101798890, - 2956644407304607578, - 916450647693250699, - 16660610448819777655, - 835564104886574966, - 7796901780696291212, - 401958197854281 - ]) - ), - ]; - - // Array of round constants (in Montgomery representation) - const ROUND_CST: &'static [Fr] = &[ - field_new!( - Fr, - BigInteger([ - 0x8525f4afb1e81742, - 0xb5ba1c010e68ab3e, - 0x4d189999d6ca2a86, - 0xcd38926365277f25, - 0xdc6e535d6475bce1, - 0x43dfd3d24af97212, - 0x19abccbebec4859c, - 0x232b373c1ed1185a, - 0xf3ac591b3dfa244, - 0xe9d303ee0a2d758e, - 0xd6bb082d7935e3c3, - 0x2cfb48940c0f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xde55266dee5b79aa, - 0x4edb20010d386a0b, - 0x194764aa9c200011, - 0x5492e2451ca409c3, - 0x4cfb1c5fe5141e66, - 0xed8e74919754c30e, - 0x6cb986a7e97eaafc, - 0xdba1aee673c7dd84, - 0x5facc0c81b49148, - 0x28460d45d7cdc448, - 0x517b409910ee2b85, - 0x4343b2da0631, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9b952c901accf0a7, - 0x760bc791333834c4, - 0xf698ebd85374716, - 0x238d7c75ef417c35, - 0xb2c7344700a39e27, - 0x91bf3075a71221cc, - 0xf0ca1908a800571b, - 0xb6b05b86679136e5, - 0x1e275143bb513e76, - 0xd0be4c58d18eb9ac, - 0x35a8aab1b9ee1c07, - 0x2f9ab064c1cc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x81cbdc8014f47ad9, - 0x3e68b1e9fa6b2e89, - 0x6ae7f33b327bb86c, - 0x4f78cd5ecd2ba9, - 0xe935df718b220555, - 0x6d23508799627565, - 0xdbaf9866fe9937de, - 0xe77ebad142ae1a3c, - 0x6305e7a0f65dc77c, - 0x287bfefb75e96590, - 0x6e7b860f6d3e1f14, - 0x14aadaec0f363, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8f9d2d1055ead02e, - 0x538d38861d0fa852, - 0x26c692f9c3cf08a7, - 0x907c44d8da768d4d, - 0x4a133f3ef8272f51, - 0x15ef940f21938101, - 0xc09c33b9ea0d3ab7, - 0x7141830d0d9724f, - 0x7be659695a1267de, - 0x525db11f980fa951, - 0xb3573b90de0f3af5, - 0x14305dc986fae, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xcc17e1d011f2745c, - 0x7e142b4471637dd3, - 0x5473180e376ff24a, - 0xccc708d53858ee4c, - 0x106032bbf95eb8b3, - 0x8a23cf1502a25203, - 0x20861cea628d6ae8, - 0x62339fa3ea65013a, - 0xb586f6c818bc8022, - 0x916091f4d682de4, - 0x3ac6ab718f3eea87, - 0x158e3da6d28c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x923c6d93ab41a56a, - 0x6479fb1dabdc488d, - 0x6446575cdb3e411e, - 0xe9928e6158f83ef0, - 0xef93a719033530ed, - 0xb01384723296baf1, - 0x1427f67672e0586e, - 0x5343d461f7e4de3b, - 0x7c54dce21cf25417, - 0x774b532c83dd8dd3, - 0x2dd50a143b396304, - 0x18adc3a1a9175, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x396f9b6a993c6eb0, - 0xc84e01159ebe2043, - 0x727703ce6f4cb200, - 0xc380bb4dadcbee35, - 0xe887a3c024b7eb1, - 0x4b89861b25245333, - 0xdeaf67213e92eefb, - 0x2a27e99a64842b5, - 0x2bb244e61688d0ef, - 0x3018e93d9d272fc0, - 0xd15bb630f9765a97, - 0x47cd8a194b28, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x25ea932580f2606a, - 0x661d89d759979ecd, - 0xddd5a8fc7151f9ef, - 0x2f0d4c1e42fe2ce4, - 0xedc778ab6fed3072, - 0xbdd94e070e5ad64f, - 0xed7b47cb32ce0be6, - 0xae1849dc3e5e6868, - 0x5a3d18d55c0069a8, - 0x3a27d8da6b9e1e6b, - 0x3f8a5d7b89809523, - 0x184bee7574935, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd47bb1407faa0853, - 0x56612084454f90b3, - 0x13ea9b48071b7724, - 0x6244cecb1f8b597b, - 0xea648cbc16229ebd, - 0x1d2247130191d2e2, - 0x5dd99818a1d90475, - 0x4e20285520059b89, - 0x8581618185b46194, - 0xed2140c4f89afa02, - 0xeb6d7a94081459aa, - 0xba74a2a9568b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1867e2e21fd65dfd, - 0xbcc098330d760332, - 0x2e012e544a799281, - 0x62e050d4f236221, - 0xf5c97374d22465dd, - 0xb4dd5113572b1026, - 0x513ad77be992bfb0, - 0xe52dfeac93f57e72, - 0x4d1f0e7be2a7616a, - 0x3611bf37dbc7a21b, - 0xe254c1d98ea48b84, - 0x44fe9223019b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1f1efd9a0b338b6a, - 0x56eed59fb67962b0, - 0xef278fcd36cd123b, - 0x6250604b703b775, - 0x6b8c9bd33618ff36, - 0x6c7fa78ab59bfe26, - 0xb3f68744ae0760fd, - 0x2de6766461018fd6, - 0xc2d2621236f4ff5e, - 0xc65f4d486378e25, - 0x32ffe62f36eb2de0, - 0x135791803eb11, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x594e37a0f2e8aa45, - 0xf8357832ddb15d30, - 0xfcf9c21fc66b57aa, - 0x2dcb388b3998defe, - 0x911c7f56b6346803, - 0x50903d63b763c91b, - 0x428f7d12ed5797c3, - 0xc6cfd9d42b302653, - 0xca28789e3578f64f, - 0x8dd6185e1d32292d, - 0xce83c373de2a3a98, - 0x8a910c35240c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc65d8f9893b9d53, - 0xa1811bab172a0e42, - 0x8fc95887a9c42aa4, - 0x9e94a23ddbb743d9, - 0x612091ab361f7d61, - 0x9782762b3e43fbf6, - 0x4928592c7e14a3af, - 0x835d52bd6f31811, - 0x52a25e3ea8bae857, - 0x206069a0ea734027, - 0x4533e03db6f06afc, - 0x83674c465ed5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7223eb453a3a72f8, - 0xa7d56e81ff69b349, - 0x245dca9c0003458d, - 0x5b874f43997ae1d3, - 0xad924c38946a157f, - 0x452174a8df895da6, - 0x4ae1aa52d0998bf1, - 0x99513468cdccd563, - 0x7d4af0c6ddda0bdb, - 0xa061f62c286c9ecd, - 0x26806f18c940f4c0, - 0x61dedb949b0b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb2012368d65c1957, - 0x22477a764f735bb0, - 0xc35c02a611f741f1, - 0x3a1c7e0925558c08, - 0xc3be16a96a9be7bd, - 0xba105b13c31ab416, - 0xa99b13f6276db431, - 0xe905ae4f8b10aab1, - 0x486d08dc83243d3e, - 0x780fc672cf3e5d75, - 0x54e0f0ad888cd33e, - 0x74385bf3d002, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc3c1537f5c054be6, - 0x96dd3ab02634bf06, - 0x78697fbf9c66a1d9, - 0x487b600f683d4a1a, - 0xc452fe3142c84ab, - 0xa7c4bcf478b116dc, - 0xe610cd585c7e884, - 0x332f78951787218a, - 0xad4f01577d113758, - 0xa03d304aafefa4c4, - 0xd96a1272d43b2cd, - 0x5a61186c3a9d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe2820a1ad93554ab, - 0x1fe2abc75ba01a5b, - 0xb664d6305236c54b, - 0xa715617934ef66cc, - 0x54285327ee476780, - 0xc4ea227fa18cb4d, - 0xe971af57f4666464, - 0xe4649d954c34f241, - 0x226a46698ddc4b5d, - 0x282ce8ae43d6dece, - 0x87f748eff58c903c, - 0x19c4b55691609, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbe74b84d1a171412, - 0x66eefa0e9e38cff0, - 0xcd665789caa054cb, - 0x6563c80a0f2c4974, - 0x8a690d248ffbcc68, - 0x3c2ea2d44c23730d, - 0xe59a57ffdd8b6f8f, - 0xca6fd4d6f329a73f, - 0x2dbe36efa4c4c63a, - 0xc2e5bbb001885d23, - 0x3857b0210c3b3799, - 0xfe7b33e943c6, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd5dec1209f1f474a, - 0x7326db0dce67c344, - 0x47fa73087f98b252, - 0x33b4fd1a6415dc27, - 0xf1d43e834dc17924, - 0x6958f8eec3b73abc, - 0x16c6f9beb09fcac1, - 0x85ce42ab26b46b33, - 0x2cde3e6e89163571, - 0x460e7cf1a3dbc8fd, - 0x2207eaab54f30948, - 0x1ac10edb681de, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6a429864b692acb3, - 0xf154fbbc7ce0062b, - 0xa8f2207240c1b521, - 0x316900852e9a7fc0, - 0x9719f22c4f8cc349, - 0x3558de696f426759, - 0x98884b2ef068bcc3, - 0x21a0b3975533ce7e, - 0xb500066f1e32dfbb, - 0xf8c379d67cb2cd40, - 0x20365419605f75f6, - 0x1467efe40525d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc503655aeca0d364, - 0xdae7f32dbad094b5, - 0x75c7114ab572e663, - 0x5b61831cd761332e, - 0x1a6684aad1c52f9e, - 0x52e862be80d1f714, - 0x37320928c63c658d, - 0x37b71e5e618b9803, - 0x98fec2c83de30488, - 0x8ab3c46a03e6342e, - 0x6de69d41513a7938, - 0x1b5322e285d9d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd734c3728d059224, - 0x23c118e8adb791a8, - 0x204dbd8bd14c5c68, - 0x2b51be669021fb6f, - 0x72f3b1d1acfa3969, - 0x8518be98150cbfef, - 0x9d12ff7a988e0c9e, - 0x152a2b0f3778ebf3, - 0x295ddec92531002, - 0x72cc8e721db6aab4, - 0x731cf73b8ee483f3, - 0x908bdb466d1c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2bd4d9ba10092c65, - 0x4fed8b45f9ed1f6e, - 0xd2b6dbc238a13d66, - 0x3808ac84536d2f98, - 0xbacb8c86a8ceb7cf, - 0x8602d7ce145fabc7, - 0xe94ad8fd0764bfde, - 0xc2086d29899fdbc3, - 0x918bb89b9e74a521, - 0x20f909550cc6e7a9, - 0x7d66ad70eecc157b, - 0x1487e9149f646, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x35854e4ccb4488d6, - 0xba4f53b44644ff6, - 0xc64819069d47ad6c, - 0x897824646d664a2c, - 0xc94e0c09c0bd0f19, - 0x8fa3182357ce0e85, - 0x2271e9a458c3c82b, - 0x9185709911893a3d, - 0x7f17969baf5c5aa7, - 0x72c4c8662247bdf9, - 0x84749d7f55f43570, - 0x2b3a4cc744c5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa9a516b4e737e9be, - 0xe4af60aa76089f6b, - 0xf7edf663719c8b62, - 0xbf7c39d339ce28ba, - 0x40c31c1b6624c321, - 0x52b6e61f3bcb9bf5, - 0xb90907b8a78da95e, - 0xe72d4b02f70df41a, - 0xc14b6f1fb53274c9, - 0x192e529a2ad2bacd, - 0x8552396f2eb8e476, - 0x15c85ac242d25, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd6be617246282c9e, - 0x7d33baf977e9b427, - 0xf561e4252fa691e2, - 0xa731158b214a32aa, - 0xeed7da492067197e, - 0xa36d8b61ff32aa1b, - 0xb1cc31b626cd175c, - 0x5d2c95a6daf2ebb3, - 0x202166f1d6f8e5af, - 0x265e72c5fe65ed90, - 0x9c279aba4c427198, - 0xfbb0249cb92c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x983782ced4ca1a21, - 0x52a42bbde0602a46, - 0xb94dae7a4a8eb2fb, - 0x3288b60a1cf2b42b, - 0x4b6b109149e14aa2, - 0xc0d919abad0116c0, - 0xcc307a5bf030c7e5, - 0xe10d9fe729dc2234, - 0x6edae0c00958c5f6, - 0xbc1298a87408c3c7, - 0xfd40d3c28d74541e, - 0x9bf658ebd5b5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x143e6da9ee85f80e, - 0x84a4cf2ffb1fb945, - 0x8a1376aab1f27e9b, - 0x77b8f0c5d22c08f, - 0xcbfc314a9e49521e, - 0x9e3af8727d46617a, - 0xc0af33c08c4ccb5d, - 0xe3f1bc84d7aaa206, - 0x313bacd4acc135ac, - 0xac4136d68cdc0575, - 0xfe7367292a20a25e, - 0x13727c15a3fb2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd6eba3b0c8f2bd8d, - 0xf48d8b9582c07a08, - 0x2192fdf68085cb08, - 0x52cf9d7a8767158a, - 0xd944038f35099664, - 0xace775e0c40f290b, - 0x1c97be9f611df88c, - 0xcc4ddec6c4a0adf2, - 0xdb9dfd5678f24689, - 0xd67cc14d2fa553f4, - 0xa1d0ca71b732a90c, - 0x7946363aee20, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc6aa17b63f875cec, - 0x8215038761c93d8f, - 0xb69ce3677bb17c3d, - 0x95ae3e79d55271dc, - 0x177e94c34d68ba0e, - 0xcd38c85a232edcb5, - 0xfad5b26ecd58fd06, - 0x7ae0531d7ef088c4, - 0xbd7b001f547108d, - 0xe831c845847e389d, - 0x31b1bbd6552ce049, - 0x187f15bd78c02, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6338ff295bdac7b1, - 0x9fdba5e10e8cba1c, - 0xf9660c21d4ad20fa, - 0x93780176bf6d9a89, - 0xba9ec5e9dee773c, - 0x6c0bb9be37e8bd1b, - 0xbd72e20b4c97227b, - 0x4d9584d3043be2e5, - 0xf6efa94850581ddf, - 0xef30c97680782e0a, - 0x7312ff77980f7494, - 0x567c88719c8f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x64f65998bafd431e, - 0x9ce8a9e1c8299fbe, - 0x62ec0c9273598e62, - 0x53dd36075d49a456, - 0x6c8951193b27d4e4, - 0x15c38efa040e6bd, - 0x9df40c53071652ee, - 0x601ee8df5e1bfbfb, - 0xe7e31d4a55ff634, - 0x28b591cef4488edd, - 0xa5abbfb7be61ce85, - 0x272f4f53fe17, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xce24a655fbc9b521, - 0xe8d829f1faf9d1, - 0xc3a3e69b81248339, - 0x7916ce607d62dc8b, - 0x69833b159dd03f9d, - 0xdebdaf05191532cb, - 0x1988171e2a81bdae, - 0xb0cbd546bbae54cb, - 0x6b8287844afd28db, - 0xf372b1ffe8eaf6f0, - 0x6ad2260c73a01f47, - 0x83da50e21004, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x327803fb6ffe3aa8, - 0x1f7d7a4c6837c807, - 0xb0dc2d4b1b41b35, - 0xabd0e0213e3b3a58, - 0xe3798c75dcf51c9b, - 0x47dcd784d9497f1a, - 0x44c84ff5a1d26dee, - 0xcd45e014e497978e, - 0xbfbe53389cb979c2, - 0xeef6ef45aa4c88a9, - 0xb2e1a37eb5a70ff2, - 0xcc0cd8ca02d0, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2f8225ed5ab44d4d, - 0x72c024fb452d6ff1, - 0xb6665338eda951cc, - 0x2fd1fdf5c7979bbe, - 0x45171a6b37d8da33, - 0xae6c5f8d117ae8b3, - 0xfd4fc1b94aacb3d9, - 0x7ba539e6257f2d5c, - 0x19fd4817917a6bf7, - 0x76aed14b5ca2f500, - 0x1348ad4795d5e319, - 0x1512027f4cba0, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x97ef13610e026573, - 0x7fe051c94a37b02c, - 0x267e44da0301fd29, - 0xacd41cb49e41cc68, - 0x293b4090ccf9b555, - 0xffab5c3664c0bdb6, - 0x9d0c8a189349db3a, - 0xd886ad9bab12bea8, - 0x366976b0b56f3893, - 0x71f48edba06438de, - 0x6d3e42219ee5926f, - 0x3a4f7f22f627, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc0d8dbeb0227537f, - 0x43d69fb1637e4c0, - 0x45bf53409aaafa15, - 0xaa2e8c1e9138684e, - 0x6715334eef18ff13, - 0xc712c7e0bbffac9a, - 0xcff1627a6e1542b7, - 0xabbd790a59bd396c, - 0x8ee8b7f4aa006c6b, - 0xe748a9a43cdfba89, - 0xe14bb3a00af74d76, - 0xae52fb36f165, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x85dbdbbd9852808a, - 0x19d3f99322643b3e, - 0x68eb7043b9fb3b5e, - 0xf243302abbbaff2a, - 0xa0c2bea8df733d, - 0xe47e9f8d28e26482, - 0x6797ff85f9f665d9, - 0x2c7f9c3a1d2d3946, - 0x25b0fa02f4924c78, - 0x90f084a744698262, - 0xf33c820807be38ed, - 0x3b6ca5cac171, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xdc5a0720a758c341, - 0xc0808eb15834d6fb, - 0x840aa0b9a2c1d55, - 0x114c90774388b3a0, - 0x4b91be128d8b259e, - 0x7613983728d2d937, - 0x2abf115d1940d8b6, - 0x13b4ae09d0453266, - 0xc04ed10168b550d9, - 0xf59e4049af096c7c, - 0x8bbcfa83171e21c0, - 0xb6f1f03b49e2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x48964419e312fd05, - 0x58f1e8bdd763b00, - 0xc08a012b8a95e99c, - 0x8e60a26b26e112e1, - 0x23422f08eb0101de, - 0x2707bbca6735217, - 0xe5acdae3323d9ce3, - 0xc91088f6e99fd848, - 0xcd582092dbf5e3f0, - 0x47bf8b9e01e7aba6, - 0x169504a0071dc85, - 0x430e54f10f1e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5ffd43946b0f2192, - 0x8e1af510eab65232, - 0xa9feee3a1ae664bb, - 0x717be76cbfcc8195, - 0xdfd69a135017009f, - 0x2816babc50c12747, - 0xf59219445a49f10, - 0x37af47e9ef0c5591, - 0x3d184ffb41c86c42, - 0x49c2e7239edd72fb, - 0xff0117f3cc83b74c, - 0x2486a01b1226, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfdd104aa49b1209a, - 0x810e01c7e161bc0d, - 0x7ec94f97806fc398, - 0xa315065f14324437, - 0x7ff1003e6c65213b, - 0xb831b1dc1f4028c5, - 0xdf4f3429f266a283, - 0xee103a04fc066158, - 0x798c00ba68b685a5, - 0xa604508525f38dbe, - 0xeecc028862dedba8, - 0x168d37d0ba867, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x27678fc8caac94a, - 0x15fac62d5e43885b, - 0x381ff35f3bfd2279, - 0xa6c9980be48221d0, - 0x72dadf63e2ad653b, - 0xef91e4465d51f32c, - 0x2d2c69b728ab65e9, - 0xa4aada165dc3c1fe, - 0xf41cee6a007dafa1, - 0x773250fb1e3cc541, - 0xa7f403d5202074fe, - 0x11602703e4a40, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8b82b4464b128bba, - 0x23fba0c0e3f3357a, - 0xb49e4518300ff123, - 0x4edc52f742e76751, - 0x51dd26d85b417960, - 0x525e486de0f833ac, - 0xda47e3e0b3c68fc0, - 0xa0e73f09af9fc059, - 0xc2db4cafa965e999, - 0xa52d0eb000308f45, - 0xc57be9913d40e468, - 0xe3f10c6cd149, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb985c6e193f9c2dd, - 0xe4d2c026b1c3860d, - 0x17d47474ce2acd2a, - 0x1dbc5c1418ca767e, - 0x20f67166c3595315, - 0x1f4dc1599b585baf, - 0x7bd0025ffb20fac1, - 0x819ecf5050d6f13c, - 0x3a488388b72682d9, - 0x7914e1833e7d63a2, - 0x1e41a47e2c5b7a99, - 0x11b6dd321e160, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xedda8eb7f33a6cd1, - 0x72c8ac267acc9714, - 0x17ecf45e5759ecfb, - 0x349e4be1ff225cc7, - 0xf5ef3a47fe355603, - 0xe421ec5dc8817daf, - 0x2115308142f7ce07, - 0xba2a3d2e9b5017cd, - 0x1f3339531901f1a4, - 0x86fa5b173d4964d4, - 0x18fdb3933b60e1ad, - 0xce48a27c81a7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7823eff6a0b07597, - 0xcee82603d683edf9, - 0xa0b7ce30e6c19f2d, - 0x508e951167ef9d50, - 0x5ab729c9f7a2a1c9, - 0xed1ec1f8f57990ed, - 0xd169a25605fc0b32, - 0xfedef6b0e29be06c, - 0x896425f204590234, - 0x414b7c0b0ea60a75, - 0x3bb457875bb4807a, - 0xa1959dd48525, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x40e4c2caf97704c, - 0x70fca58d0b8ddb6a, - 0xd3a808f1e6da621d, - 0xfce3d9a659c11af8, - 0x625b96e77e45e450, - 0x5f718adb25358abe, - 0xa3d91dda7d6dea08, - 0xd13b60b8facc80f0, - 0x6cf3dc9dca09c7e8, - 0x51492174950df0b9, - 0x5e5518dfc14893a0, - 0x1372751cd3c71, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x43ea62b7110ae25e, - 0x1bc6a97acfe05ecf, - 0x827ea659539da3b8, - 0xbd1f41234d0cf27a, - 0x14455ff35775e22a, - 0x61aa77281e19c4e0, - 0x82d7b05e4a8dcd8e, - 0xfd19d979872f063e, - 0xe75ddcc0b50a4bc9, - 0xb1a7ce6ff214ff5d, - 0xbe7b14bbf62eeb2c, - 0x35fedd11cfa7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x691aa37d8446dced, - 0x7dcb3693dd7e417e, - 0x4a4ab0da413c0123, - 0x11bf523db5bc6e68, - 0x880a3e34b86b7cc1, - 0x429a1398440c6acf, - 0x9167d502630fddf3, - 0x387d5fb877af5d94, - 0x926caa347273d207, - 0x42c9f5b0ee0fbf91, - 0x58d2890dbc3fa259, - 0x13c6cacf06060, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa06ca8e4fc21772c, - 0x4e003e8d4c96949d, - 0x821c3736ffa659c3, - 0xb42fa0416a5c5f5e, - 0x8e745c1892a417e3, - 0xcb1d7b609d0e47c2, - 0x2d0f65fc07ef8049, - 0x4540d4b721381d87, - 0x69f7e8cccf0e2746, - 0xa8aa15a3a5dcae13, - 0xcc2f7f04e48f6f63, - 0x837fa1b34e27, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x666d0862d7bf65b, - 0x4167a78b108f0581, - 0x816c445e6e48d098, - 0xc5d6e29950f544e9, - 0x28162fad399a722d, - 0x8b028a5098af4c16, - 0xb42423382db652b9, - 0x2a7be30debb63ce7, - 0xe63b306d9d447c1a, - 0x965dc9ed77828589, - 0xfafed54b468fedcb, - 0xfd6fe16dc63a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb293bde7f748c036, - 0x320d79beee0b7d0, - 0x743702b31139540f, - 0x4da3bf472247d03b, - 0xe53ee938cfeeeba0, - 0xd38dc0fbf68ff4d5, - 0x8b4789ab306162ea, - 0xdb6cdf7a2bce7c8e, - 0xf81dc6beb360216a, - 0x2f55a3025fbb896a, - 0xb897d5476153d12b, - 0x11c8ce9601a87, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7565761c561dc15, - 0x93fafd23be51add2, - 0xae4fd506d2533386, - 0xb3502faaf38f9719, - 0x484c851946a4660e, - 0x206159e3c3f04e1, - 0x948e622e50250503, - 0x13c457459537a412, - 0x2d5832e4413cfe33, - 0x5c5710cb92372ded, - 0xdad6ca344c032131, - 0x4ca05a4968ac, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x3b4cb38521673522, - 0xfcf6b1f8f922e4c7, - 0x35d7cd4d8acbd2e5, - 0xce414bae3f1b34d6, - 0xdabebc5922c2074f, - 0xa941f60b90282eda, - 0xe8d07572abce0030, - 0xcd96ac13c862fcfd, - 0x5235abbe7aa93724, - 0x6e99e968e6aa9105, - 0x1509d3950fe7e397, - 0x14e692812d34b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x28ef9fb0e62e4d84, - 0xf4b21678b410ca76, - 0x8c216688f774c6d4, - 0x7d6e3d7643107d06, - 0x1dbe5511c7eb95f5, - 0x59a4dca82af218e2, - 0xce72d42e5561cc79, - 0x2cc5ab6c0ecf21e5, - 0xd5d003d5951ba26c, - 0xf92a5eaeda440103, - 0xcd436c53f861e37a, - 0x33c236e1cd03, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc44e9761dad186f4, - 0x528077a243312dda, - 0xdfc3707fa814a958, - 0xca238e3a56780c5c, - 0xb6bfb0505b22a6df, - 0xa656119b33aca738, - 0xe5a7f3f2bcfc81d, - 0xe437c41915e03db8, - 0xbbf23bbd0763e2c1, - 0xb5d239cb2869f246, - 0xe893a90ca21c1fd2, - 0x50f4ba67b1b9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x3f1dbde9b60a0f14, - 0x28e50bccb5c98691, - 0xdff8991294356578, - 0xb753bff137253c9a, - 0x92fe10065a5a1031, - 0x62a5202d7a553450, - 0x37a27d84226ef3ed, - 0x195f6e4a9d65c0c4, - 0xdd75a1695996cb7a, - 0x94c371c4880db536, - 0xf06b419b56df97fb, - 0x14b579d9dd68c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x924a8783c06c2bb8, - 0x631116e00fe3b405, - 0xd4048fc398c839b0, - 0x5aa721ca193657f9, - 0xc90cbb1deec662d1, - 0x3d5b262e189b1bf6, - 0x169a59e5f9294ebe, - 0xb5275de907f55dd0, - 0x30299ae103655f1d, - 0x8b7d0635f9258b44, - 0x52b719e259d950e7, - 0x15b20e9bd6561, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf26cef64f3d71f3f, - 0x46190e29e9a1a886, - 0xcebcc5b5d36b2377, - 0x68b4b9c3eab4f1b1, - 0x47a74944759d1552, - 0x1e3a064331ce7b0c, - 0x6009a2c12b9c70a8, - 0x84ed2f71e905f623, - 0xe35a9d60426d1253, - 0xc0f5d2b6dfb66d69, - 0x22ce9b8aefdb9125, - 0xed01e9818dd7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4a942f65b3366939, - 0x67cd561c9b8e52a5, - 0x738911cce7eebb15, - 0xb5222af01a76179c, - 0xaa11283897180566, - 0x1db044367519c335, - 0xa87091638eec9bbd, - 0x321d0b45bf7f0484, - 0x15936a9122140d36, - 0x68ae953e4e393ebe, - 0x71c1e318c766d59c, - 0x46bbdf420920, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2d90bd891718f1b4, - 0x82c48f32a2d8127f, - 0x21355aee6e6ebb88, - 0x10fc1ed66962b324, - 0xc756ae1d63d8a798, - 0x82d32df9312e08e, - 0xbbe292b40ee37b35, - 0xff151ad3a1af712a, - 0xac4ec5593c941b79, - 0x80806608dec66268, - 0xe92011814b5e2085, - 0xb02b591d2e2c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb008cb23cbc253e8, - 0x8d41fd14904145a9, - 0x51aa7a03c3e5a41f, - 0x3f60b6707e369065, - 0x2694faf66668c21f, - 0x27c1a10a25a14dd0, - 0xb96ec01bcc36831a, - 0x69f8f7a52d5ced31, - 0x45689231b9061830, - 0x20f6e74fb7882c17, - 0x52c0c62eaa6899bf, - 0x1762b7680250c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x29c8ddc6c8e01f9f, - 0x726dfd00c01932f0, - 0xbf1311a335fe2ea8, - 0x66a827646b65103f, - 0x2e9695398305c0ea, - 0x97529890e7ab0172, - 0x3007d8ce6b1b316a, - 0x814cb1427a4e8f5e, - 0x9e9a3512973d203e, - 0xf0bcbd5187ada720, - 0x9e3ec961d3c69a8f, - 0xbcb42d23275, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9cdb5c6768abaada, - 0x87972c735c72aba6, - 0xb8dbb5d240011577, - 0x37d951dc0c6742da, - 0xb37ea5e9bfbb32c5, - 0xd6a68acd21e6e771, - 0x960c5a4f9dbfec85, - 0x46c84fe6097bda30, - 0xfb9000e9dd68edd2, - 0x6e246992bacd7fe6, - 0x51681f1a03646200, - 0x93cdf3eac3b6, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9470a88035cc1c4e, - 0x205664e2b47bb0fc, - 0x5be50df226b57b77, - 0x54a428288a7d9ebb, - 0x9843b5903413d780, - 0xab9caab442b5134c, - 0x71f65f5cff0dccc4, - 0x954518492b3ac2, - 0xea26ffef77b598ad, - 0x8f6d093dc6041a1b, - 0x4dfc89cc55f87494, - 0x4019a1923573, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc1494b76f72de5cc, - 0x44d18ba4c9ba42ed, - 0xc026e7dd0ad20d72, - 0xb97b18a8d5c5970c, - 0x2e2b56edcde85323, - 0x49eabf9773eb78c7, - 0x82392943d3128e5c, - 0xdd6b9471be9ac365, - 0xbc3bed78a9a0b7b5, - 0xaf5732013481c9c6, - 0x98afbfdd729560bd, - 0x134b515b0b0f5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa4e1e15486860f3a, - 0xe61a1a7e616c9dd5, - 0xd0b4b1f0c51e2a7, - 0x88a47faa42be4d7c, - 0x8ca32f774e64b5d, - 0xdd438f4c00facab2, - 0x4ede109fdc60864e, - 0xcc84f6f93d318acf, - 0xe47514f71e87f920, - 0x90c643a66e57d19d, - 0xc11bce9a950769cd, - 0x1960840969343, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x10e1a229e49e98ec, - 0xd8222dfa449c1c56, - 0xc053f18e19668444, - 0x46d597bdba73f7c9, - 0xec02d636fd696126, - 0xa7c402757eeb3a9f, - 0xb50ee80acb964540, - 0x358565e6a667dfe9, - 0xf908edf756d75e90, - 0xe11c5fac1708ee24, - 0xfd1c1c81c1c4a9db, - 0x156da99b9a61, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xddd30b9aee55b1f1, - 0xd95b2590f2984987, - 0x1e542a5c17c94f76, - 0xe38b8ff09eb307cc, - 0x20de81d272c5ba8e, - 0x2adfa16e45b92b90, - 0x5414cf858bc45c5c, - 0xd7cee4849e50458d, - 0x4d86d41e473b9f56, - 0x825e9409463b49ce, - 0x389a0f975edd6a7b, - 0x1733da8c9bcc1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd6188144feaaabd8, - 0xf76c6dc9dbd511ec, - 0x54c0496ad4d158db, - 0x1d87d9d474d6921, - 0x357e6e1add4510d9, - 0x884ae9a3c8c849b0, - 0x452df4383ccbaf2d, - 0x5c4bdf304b0e712, - 0x769bdf2592f9b3f6, - 0xe142a1113c331cbf, - 0x48bf505814e5f05a, - 0x3ad7ae48dc59, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x39670ca40f86a36f, - 0xd7e7f7856862e765, - 0x20d9a6231a691f5c, - 0xeaa9069d45153335, - 0x780dc724c70e5403, - 0xf9662832d100f591, - 0x8b8a7838ef6604c9, - 0x1a2dc09235fa4e20, - 0x4bdd65919d47432d, - 0x370a243c0e93e2d8, - 0xe6dca36be6b6b031, - 0x1897951ec06b8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x423af7a0a34fe74, - 0xd72a82256ed3071f, - 0xbc5ff4070fc9ef3, - 0x26323f8d6d35890f, - 0x217cd4ab5d61540c, - 0x8a18353e43bbcfc3, - 0x175ec1df3ddb9fd7, - 0xca73c22378e053f2, - 0x874e55e2311e3f68, - 0xf17302627c9305a3, - 0xf75b4a8dc083e183, - 0x180104eb26af7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb651e04b1b5ee4a7, - 0xe311b2ee0c0d6e8, - 0x12e5123dbd4df372, - 0x25b306effa6323f4, - 0xde6a7e766c592819, - 0xdeddd6905fa058b5, - 0x5778606a9456bf2b, - 0xfceba17b728980d4, - 0x215f86c98872025b, - 0x6910aedf710d5940, - 0xebb7f21487197d69, - 0x1a95c5a26f24a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1aa981aa380ab38c, - 0x46c66c82d2152992, - 0x2b3111cf56ca7298, - 0xf816593009864a5e, - 0xd7d0b230508c72f7, - 0xa4414dea3d12f1d3, - 0xda6c46f5f91319c2, - 0x65da930eb333a4e2, - 0xb48eefa5062e3fd8, - 0xf00812fa84105d36, - 0x6d053f4907452a4b, - 0x12add73de7ff, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x837f3809c95eb1da, - 0x669ecab9a1519daa, - 0x5e9ebd297cabdab6, - 0xcaa5e3a8ecea669, - 0x4cfdf3819399cd1a, - 0x8e5f536daf2e1bf1, - 0xeb772bba14e43f3b, - 0xb054fa947815c1ed, - 0x6ef6dea8603cb7a5, - 0xfbb5b15dc7a16d4, - 0xb68ea2cb514c1748, - 0x1c1f0b1224d02, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfceb0cbe99598387, - 0xeb4e485cd6fc771c, - 0xccc9ca41dbbc0feb, - 0x6dfc3c66c7d3cf09, - 0xdc2e2892cf519d08, - 0x6a960957df4755cd, - 0xbb9a97f6a4d3123b, - 0xcc29630159988cf2, - 0x9488fcb7902cb49a, - 0x83490a8317943d74, - 0x97baccce0d288b8d, - 0x14aae9815de03, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x676a65c65f4aa546, - 0xfcb2d24d9a6d2a79, - 0xd5e539e7ac0ec426, - 0x2259890bc851a281, - 0x81bbdfc316d73739, - 0xec212d75b2cfffaa, - 0xafd9fe45aeffe081, - 0x8f3a95e362ed7ee5, - 0xe878ba0e5f50a8f, - 0xef6d2ba6950468c2, - 0x5268e25975ec8d4d, - 0x5aee09b623fa, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf8092d6e05994cbe, - 0x2a69189d8e793632, - 0x91ae23dc2eecfe0f, - 0xffec6dc8399d26c8, - 0x3632bcfb85e1c58c, - 0x86a64e8c7d181c1, - 0x1909bbe10237a520, - 0x9529b086c7ff13cc, - 0xb9be8f73cf3ecb5e, - 0x48e71e60b0ad70bc, - 0xf69d6412dd99d870, - 0x32c6478e6f9c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1e00c0afe048c6c6, - 0x79b1472981e658e3, - 0xd121a364bf0975aa, - 0xefa01886eba8b7a6, - 0xc8e098608f38043, - 0x84d9fb21622dceb, - 0x5f8c5736702ef9ae, - 0x7e702115082ba625, - 0x65c65aa7de1b1762, - 0x8b76c602efec8e93, - 0xad36e720c58dadad, - 0x79e4123b8970, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x14b9b8765a786ec4, - 0xfa9309ec791694ca, - 0x4599156cbc03959c, - 0x4a6b91bd08b393f5, - 0x87033b387a25b8d9, - 0xde84b87546457583, - 0xdd4674ae70b3e48f, - 0x7c236daf7a8bbdb6, - 0x2786365fbc5a46d0, - 0x21370c92253c5642, - 0x3735031bea018e97, - 0x51f87fd4ea58, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4d4aa586b61002c0, - 0x5f34ac4d538290cf, - 0x913f9724358a40ac, - 0x20a9c1c05cbbeac, - 0x8d282588957172c, - 0x8861548613f50b83, - 0x4d49fb96ed8d175, - 0xdd53a4323b5e21e4, - 0x1362c980b587b901, - 0xb2b58d2f98b2de68, - 0x9582cb2c0d45c6c4, - 0x763e34e8828, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x86ef07a8c9e4adbd, - 0x623c60c12765a841, - 0xbdb1071c934ee9c0, - 0x76d5ab3ddc2a9b34, - 0x601eb445e3451b82, - 0xd5b4e695b7fe3c1d, - 0xc15fc99f15a7617, - 0xeaa5b1515228d465, - 0x4ccf0fcfe5dfcc0c, - 0xa17387a175340092, - 0xafceeb352a5fe877, - 0x168f6ace6a975, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa3bd37ddb695e082, - 0x6378a852baa5b607, - 0x9594598030bba9d6, - 0x3fd4446b72ce6826, - 0x2df6eb3d917ed4ec, - 0xe857d8867ed5295a, - 0x3018dbedc72886a6, - 0x7d51c914a9526628, - 0x1f9c2c5c3a0638af, - 0xbb9da536f620b0a7, - 0x169a22b0b261c16e, - 0x141e4bc823f25, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd7703f3b1f222efa, - 0x4fd74ebbb5b10686, - 0x95e6c656e7f57f77, - 0xa2c057216a6b9c1c, - 0x65a891ec644d8b47, - 0xa8ab2484cc20996a, - 0xabe8402a17bdd678, - 0x5c4ebf2ade40a61f, - 0x6c0e0c05af2d6f06, - 0xe9444167d879b1a9, - 0xece64d2382fb6426, - 0x161374b5a30b2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x80c103752e6f7fdc, - 0x3b181a0fd25e4d51, - 0x80d5b339f5c8b74d, - 0x20d2c3050c1e1b74, - 0x199a97b153432a78, - 0x845de1bb65d6914f, - 0xa35f9fb2b1910060, - 0xa9a7b5c838cf864, - 0xa5de5d01ae5f537b, - 0xa17a30ad03b97097, - 0xb3510d05fbfbe1da, - 0x1640a8589f709, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x17d83a0be5ee90f6, - 0x33dfbf7ca17f72e3, - 0x7c1efb7051834361, - 0x3da8019eecf4fa35, - 0xadaad8e44dd9cf2f, - 0xde5c66fe3e12f3db, - 0xcd36a86683875e5e, - 0x32370584dc02800, - 0xf10a3804cd5bbc14, - 0x6bf239473d093943, - 0x1ba911d217615db, - 0x844ef983286f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4437e9732008edb6, - 0x41dac03b17eeb79e, - 0x2b8541e106cfda16, - 0x7f0fdd06ae32f782, - 0x997ac198dc11a2e0, - 0xa6740c0aee751a6c, - 0x4e03e0a05edd3ee1, - 0x19c44244ccb44254, - 0xc706ffb4ae4c4475, - 0xc1d12995818a268f, - 0xab04338fe785c0b6, - 0x60cc123c990e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa751169d1e11e22f, - 0x1bb43797fa51b9b4, - 0x4e2ef360d15414e4, - 0x6c5d6ebe080d4acf, - 0x2ab958ca8ada5728, - 0x86de0cbccf26e7d1, - 0x61228285f32ee9a6, - 0x9e8113c17da72cc9, - 0x9bd23613bc163667, - 0x27cf7ad1c628fad7, - 0x2f88e115e246e688, - 0x18aa76d71201e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9981f6e98c1cfa09, - 0xf4fa1d7767981252, - 0xfdca0d52eadd6e66, - 0x64a793d32e212896, - 0xff4f1ddde3fe376b, - 0x8f3938c0c83987a4, - 0xdf29c1d2198c7b4, - 0xa547a651b6962663, - 0xe3110aefd539f247, - 0x235d6a64437cb60a, - 0xe8994a240a55fba3, - 0x195c063d08ed6, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x74d6cf0f7299bd8f, - 0x4c36e3920cc20ded, - 0x5cda391002791048, - 0xf818f4afd5500cba, - 0x3263c9d9d744e3c1, - 0x2d7f5213d2eae8b4, - 0x5f898784825ddc37, - 0x3a688eb9e9d0ba87, - 0x142beec513b3a8d2, - 0x917c646971c4ef, - 0x6b6556e47ba85c6f, - 0x130be5bead2d3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4a162705f731381b, - 0xc4f9951d0cb7dc01, - 0x60afc3cae7f321d8, - 0xdec7867f34cc65f6, - 0x2bc5d0b89ad73dee, - 0x2209f2819c7ab122, - 0x7630bdc6726d6729, - 0x798d6e25b2baf271, - 0xeffd683772ff87ac, - 0xab7c06b74c0bf5bf, - 0x84dc93c6dd5586be, - 0xcf337452aba4, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe8ef740dfd524f88, - 0x7e91ab9feb2c24a1, - 0xf8c1f45d9b1b70fa, - 0x9cf14cd876ea9def, - 0x22d9a76f1b71a4c5, - 0xe29d0850b0997dcb, - 0x39ab111005c9bc10, - 0xea81e0275493ab32, - 0x4d1479b573ed7c87, - 0xae1a013644afdcab, - 0x395409c2f93caf3c, - 0x1abb805b13325, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xab391dff32c1dd18, - 0x8401c9cabfc7fe2, - 0x73cf8dd33d2b3e43, - 0x2aa9b23943893c27, - 0xc69da1099fe94cfb, - 0xa17e269008bcfb72, - 0x776aecb732999d13, - 0xdfe66e925a57685, - 0x20581f8c916109bc, - 0x607733b395ddf65f, - 0x4fcd07b57e7ef6a8, - 0x179deb9b81174, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x93c5d5d34e90566e, - 0x8d1cc25e7e99571f, - 0xf4647c54f5c7bde8, - 0x93c87bdebec3d426, - 0xe0def1c5589c4e2, - 0x515690019df55d84, - 0x5c6485ae2849609d, - 0x9c411ccbbae27f2c, - 0xab79af8f793e5a7e, - 0xa85aa1edb20708df, - 0x5e0c3e863fd3b694, - 0x669d6d3ed50e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc2a1b3ae3f73b692, - 0x397184e8fee23eea, - 0x369e6f4c2e7b7d8b, - 0x2a65b9c11432a934, - 0xca4610366281355f, - 0xd9e457c535ad1767, - 0x22d13b70b7bac911, - 0xf6f5b6c34d6b7ecb, - 0xfbe08722379ac2a6, - 0x4e2a2171f19eb5d7, - 0xd82df442c87bb606, - 0x1526a709a55b5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa0f14a1d23fac98d, - 0x1a29021f4398f22a, - 0x6c71615038544c67, - 0x7a1563867f18ba57, - 0x8d08daff93ca30d9, - 0x7e3e9c4a298d67fe, - 0xbce2fba79c324a47, - 0xfd12bc4d05abe7e, - 0x657d740f2b19835c, - 0x8ec4a42323d60abf, - 0x1b847cd79e44ae4c, - 0x508baae8ab5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x89090b871fe13999, - 0x20c0848d315e6648, - 0x98cb64684402e18c, - 0x2eed80d183960be2, - 0xe18c275ce59334da, - 0x32a5d16c80d346fb, - 0x6bcc56b671ab7104, - 0x700202e50c8b5bef, - 0xc4bbab192d091da4, - 0x9720f26c87e735ad, - 0xeb0214dbbe6ff5d4, - 0xe6fa84596983, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc43b076970d477ab, - 0x74e214874710102b, - 0x473e38884b9a2e74, - 0x82b65090c3421c9f, - 0x55ef8ac21d894529, - 0xb63d8868d656daa6, - 0x5c73398bcf24e160, - 0xaf99f4b01c453137, - 0x5c21e01706959f44, - 0x59564067a16f2fcb, - 0xa9f38fb851a35627, - 0x13b0f6b857827, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8660639836c9ebf0, - 0xf09bc2cb4117a6b5, - 0x4884716ae23ee1c4, - 0xdc1860c7aee7e77, - 0x87bd757b5679c7c7, - 0xcd87f0961e24fbd6, - 0x3818715d6f5c7c4a, - 0x45dffef2540cee66, - 0xd1040612f83e8c1b, - 0x66124db8b4242c15, - 0xfaf3b54fc2e3dfbb, - 0x5c8d900e7f01, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa5f8c5133ecc08e0, - 0x2d92b8a35a7f4c10, - 0x4689c903988890dd, - 0xb7f214363b1403f6, - 0xa67c7adeb36a6da8, - 0x406866514088578a, - 0x22a818d0366b44c7, - 0x45a8840ed5140c86, - 0x2eb25015ab336f1e, - 0x2aa71df79f2608f8, - 0xcdf41c3c1c0c4c60, - 0xd9b129d9a468, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x806ce11e5e2f14c8, - 0xcb00d10a25bd8d31, - 0xfa50ad337fe824c8, - 0xbeb429fb4b19f069, - 0x8d3e0ca7d23febfb, - 0x4125d5fc77ca969b, - 0x73997daf2135bcfa, - 0xcb9f896b092d2ebe, - 0x40bb449980c00533, - 0x21e35977c44e681, - 0xb9451469d1ac321d, - 0x114cf7a862e2a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x84f6ce6b4f28f385, - 0x47647f8f97424925, - 0x97b3d34ef0559781, - 0xcfddbd52aa618283, - 0xe62d7c3f4d6b323c, - 0x15829503c20ce19b, - 0xcaed4ad4496c5cca, - 0xe7b1d5a74cdfebac, - 0x378c6cd50edca7e3, - 0x300b1226e2afda49, - 0x4236bfa39e0942ac, - 0x5113d1b2a25a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb1e91c80002b2369, - 0xb3ec92e40a8e2095, - 0x7ec3c26acbeac0e6, - 0x8cb692632f18bb5a, - 0x71e905739d237575, - 0xd6d6e160e7c3a221, - 0xb6951b516da0b60b, - 0xa3f65834948bca47, - 0xaead9243538f4e4, - 0x704ea62c38399e0a, - 0xa8efd04d5c7deb34, - 0xfa148f8f9ef5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5929dc632cf4ca5b, - 0xcea52dedbbae44d6, - 0x13c8025f3a25baf8, - 0xd44c438057c7914a, - 0x683b537f8bfde3cd, - 0xa99964458609df18, - 0x4f3f878df4ed2cc5, - 0xa7ad05ce4b40d8cf, - 0x51113032e7229217, - 0x14682ed2d390b941, - 0xbeb1cf365b475576, - 0xa66c865c386b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x21d2f2cb9cae5609, - 0x152c5156572ca68a, - 0xb152f168213e058f, - 0xf5f9f1ad2c4a055b, - 0xce452c720d639567, - 0x2f66aa636dfff089, - 0x88a6f307c846c16, - 0x4f7ea7fed8e50b4d, - 0xbd766621e09aefe7, - 0x9512e4c7036bb466, - 0xb2e4dea89560b5d0, - 0x12c8d99aaa521, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbf5e608cc83183e2, - 0x51650099d52cfc58, - 0xcc3e11711e1f48fa, - 0x213e2de5e969a298, - 0x3c5fb16b37f77905, - 0xf2622d60bc7dccb6, - 0x3c56ed58efdc4c02, - 0xd40b573017e887cb, - 0xf4e08096dbcefe22, - 0x3154fcbadda5c5de, - 0xe4b5040eefc061ba, - 0xc3e7df915b1c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb9a4aabf98a5de21, - 0x91eb25f175ac7db3, - 0x5f4d85c51f9acf04, - 0x5c4b5d8ad2b9b0ed, - 0xc45be335f13e8358, - 0x9b9cd08b39601909, - 0x5cf1067753159490, - 0xbcbc0ca257a82e1d, - 0x38c7ab10f718e4ff, - 0x6e42c446ee085d68, - 0x42d96a42ee1b7874, - 0x128f8aa34b239, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x988e6ef36b542c31, - 0x7d8acd7d28bdd1b1, - 0x8214d8e1a49bf905, - 0x267a6b34fb7ccfd8, - 0x14da41aaf0583da5, - 0xa255597959be494e, - 0xdd3ac0b484ba7e31, - 0xd3907756beeb051e, - 0x4b184f7de7c4ae8f, - 0x92815883ec0aac17, - 0xedcbfb791a1124c1, - 0x10266b3f53f42, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x27af624481e6e9c7, - 0x251b72d03bb2d1c6, - 0x614c71dc670a7310, - 0x70b36160f25e265, - 0xbfbb5114fd8188e5, - 0xe9e090a66f29d6aa, - 0x7751a00400e69f40, - 0x595fa38c1af5f013, - 0x4644dd042c3c3253, - 0xcacc6b30f1abe9be, - 0x3871fea544731edb, - 0xfaedc390dbe, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x28ccf99444f78eab, - 0x2ed2dc03f7276d20, - 0xfec70ff3e543d179, - 0x3e8d30c3f6d93fa5, - 0x231c71cdc32fd147, - 0x5a4679e1c9ebc900, - 0xfc12f19742c67e75, - 0x1950c4b6e1b68dfb, - 0xf6228f810dd74e55, - 0x76dfe2f4163379b4, - 0x650bf4562d555b4a, - 0x1ad9f07cd77b0, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf2635fd5cbaf1c21, - 0x2916372cafa5675d, - 0xb9eb38237d61c9ea, - 0x27518c445be3942d, - 0x67042d5531f676c7, - 0x4f93d4ced08b6090, - 0x5297f425aa2d0675, - 0x56f333632d39dd6a, - 0x6e20ea48eaf439d1, - 0xe3c125ebe2772c9e, - 0x22628e5a94504483, - 0xf1f75dda485a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x33bea26590cbfe6e, - 0xc9358f01c8cc132d, - 0x5971a6082b175faf, - 0xda3bdff0ee792d9d, - 0xadd00964ee6369b0, - 0xa898c1ea485fdf4d, - 0x654b9d73476a1948, - 0x229dfd964afb82de, - 0x80f7a02b29975b4, - 0x3f843c3c9e436492, - 0xba88ceeef19011a, - 0x121478fc8482c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2626bff8301fee8c, - 0x3cdca15a5eb39673, - 0x716aaf53fd50e923, - 0xbf44a51c317101bc, - 0xc48c111babfc7218, - 0x2d2bb24bd65113d, - 0x9dadc43055662633, - 0x9fa9e657d193d52b, - 0x245ff03303b0e3d9, - 0xfb0208233a0ebcd3, - 0x6283f0752a2af0d3, - 0x172f8d631acc2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x466b381d2ae7fdd2, - 0xce746cfb2c929cf, - 0x21b8835e5b9467d7, - 0x8638bd02d92d4f87, - 0xda5130048b13580c, - 0x36e6e28f2e26c449, - 0x77ed800f8868d373, - 0x175348f52e6039a1, - 0xa4786354c139228f, - 0x660405a241b2abf, - 0x59287d0e3d700df1, - 0x1420a287176e3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9ae2dd54b9e35edc, - 0x9edd296372c3966, - 0x10d508e69ba8e24, - 0x18980488bd9402c2, - 0x4be5d312ee6a590, - 0xe54996d9a5c5758c, - 0x50d44c0c8259d367, - 0xa543fac3b98db521, - 0x4013559c2d068da9, - 0xbaf4b0974a3eaabf, - 0xa3d1d905bba12ac3, - 0x55fe915d2464, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa12b8888e4373ab2, - 0x613ac8e268dc23a0, - 0xe40029ab8ffa1308, - 0x8c0cad227da78d53, - 0xebb53ef6d86f7718, - 0x6586476dea417a55, - 0x3cebc5d06701a674, - 0xe43c612de433c54d, - 0x103f4572b1535cf1, - 0xe5ae970ead65c070, - 0xcd96b854fb54eeb2, - 0xdbd95e70ab2f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5c392663b591e695, - 0x596d76e19e02c1f9, - 0x34d6ce22a10d0e3c, - 0x5ac47535d47995e9, - 0xc4530fd6de5117bf, - 0x9730681306980b82, - 0x29313cdf38d84997, - 0xaf8d23c2bba5dcb6, - 0x500687faa715a4fa, - 0x87a6478486ecba38, - 0x70bec0f6e19b98cc, - 0xa4683cf44135, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5599d4fab58d13bb, - 0xd296da14e84b9ef0, - 0x42a5219e690adff1, - 0x195b59dc20bf967e, - 0x41b91aa3c7e3e13f, - 0xef577f44ebd03eba, - 0x6557cff1363d512e, - 0xcc301638cb6d6cbb, - 0xd701a219fc3a2eaa, - 0x337c0d0595d1997c, - 0xb0ba75eed9416615, - 0x13f00ceb8a532, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x73c1c29b940cc102, - 0x3b15744b6425e546, - 0x69e32383236e9e08, - 0xbc139e2936ee728a, - 0xf1873b2f7a1107b, - 0x36238590d69dc6d4, - 0xa64230e4915de68a, - 0x7f7465d2138468d9, - 0xb9c1800ac173e514, - 0x40fb093a6daebc7e, - 0x7ded5c4abbd2a47a, - 0xfbe53512aa45, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf4f9c2a0410684e5, - 0x11e39cf5572185e8, - 0xa2dbfb52ee62bcff, - 0x7c050a533d432625, - 0x42a70c06d72c112f, - 0x10fb404dc43562ba, - 0xeaa5b4af1baf5c40, - 0xc371b9805481fcf4, - 0x415f3ae0227634ea, - 0x4e7c58cb84554cc7, - 0x6fcc7fe1fc6568c7, - 0x1317f9626fe, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbe577ff2f3615fad, - 0x22a4721dc15c4f9b, - 0xc12dd44a3f19c713, - 0xeb0345347518b4d5, - 0x7db2fe9e9643f43a, - 0xe244833bba98fd5d, - 0xb44e24f2f4eae692, - 0xc9e0114e3386cb42, - 0x436b61412f5ec38e, - 0x808f1cb5ef9245df, - 0x4a88daa7f17edf23, - 0x91f7e19f3e05, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb9ffce082d1698f6, - 0x6faa0247002d1fd4, - 0x87cf0e4fb6732bd9, - 0x628171dfece85879, - 0xccc56c0a10f1cf1a, - 0x1aeedf6eddf6f3e0, - 0x7f7551f1c9730b69, - 0xe0b05779bd3829f4, - 0x287ac7afa2c98c25, - 0x5e8a59a30796f984, - 0x3e2f165eff442dc6, - 0x1a57148959b9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x25bcea739892218b, - 0xe6ee0f69ee83699d, - 0xec5940a311fa48c9, - 0x494144316defef6e, - 0x57bb80ea9a3596f7, - 0x85986e639e8b2f9e, - 0xe8a0a2357909252d, - 0x72d6ae983c09795b, - 0x14f851091bcab471, - 0xb7bffabeca7693cf, - 0x77fdaa485c22c33b, - 0x15f900f79c26c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf069eba787042ac5, - 0x70d9c8a4817e637a, - 0x7d2eabd53cf831d6, - 0xbb4c08ca3ac85162, - 0xf9ba72e8d9dc81b2, - 0x64fe82708d1db593, - 0x474cc46af8356fe1, - 0x39330bd38e28fedf, - 0x5ccc2c98a8bc6ec9, - 0x3b7d80b9d404fac4, - 0xc8a3f6fd7cb9cc3f, - 0x552238a5050a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7884473a783ce0e5, - 0xd357c0beacf1319c, - 0x3dc6675a8985f10a, - 0x9533f0efb0239588, - 0x1593910c89757197, - 0xbdcd0f0d0234f38b, - 0x393b088ec0698266, - 0xebeb07465b28933b, - 0x3aee8c5594fd7b6, - 0x71da16aa39be094e, - 0xb3a092a0f3c4d4db, - 0xb7a9828ec7e4, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x401530e0cfa1168e, - 0x717578f72344a5d5, - 0x1e04b98a4d7f0e3f, - 0x77fd513ececeb369, - 0x995654ff0b89ed3f, - 0x2d0d9786c2d6339a, - 0x97de87ced1c07983, - 0xfb0579f68e3d5add, - 0xa06d431b730382d8, - 0x5bad3379fd95c6e8, - 0x4924dd9517c6195c, - 0x138109d1111c8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xcfbe9fdef386c6a9, - 0x2c4632cedf579dd5, - 0x38613122e2b8fd4f, - 0x97f771a3a4bf3c73, - 0xebbc473cbcc623f4, - 0x813174c12bba11f, - 0xf8ab2f3a57a0039f, - 0xf6885ddf98c0c8a8, - 0x46a403c7cb35d5cb, - 0x6507a0ef4414268, - 0x2118022dad224cbf, - 0xb84292451a2d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc8a3882e0a92f387, - 0x40beddb74dd131bd, - 0x1cd168f54f7eb939, - 0xc25d3de2cd438587, - 0x6d37c0781d9566c6, - 0xc3dd653fe77a21c9, - 0x688f425c8025be20, - 0xfbdc046d941cc4c7, - 0x774029cd716f5e87, - 0x7b5f2240e4af99bb, - 0xd3a4f49378ba17e7, - 0x1c144c2727dd, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x156568f14c30fbb3, - 0x974c06f5626b6477, - 0xa705a4796f241842, - 0x557b58413d4e3015, - 0x73ae7a068cc143ff, - 0x1808b2adf9d193db, - 0x22024654d27280de, - 0x45fb930b23b5f05a, - 0x7739bc984c746e72, - 0x24e6f318cb65a7f8, - 0x514ba5a4c15c4b02, - 0x2f29651a65e8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xac094bfb37195890, - 0xde29f82d8c5446c4, - 0x28f6258bdeb130c6, - 0xcab211935c4c6094, - 0x820a700acbc8946, - 0x55594544da9097e, - 0x4552934976880ebc, - 0xe81258f3f7ee0416, - 0x6582862e21fe62a9, - 0x202223b3ecf85c33, - 0xf4f71bbe19d84e09, - 0x3b7db4680fe9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5d404a70e9bdc533, - 0x701af90dac9e309c, - 0x5f4e14acdeab3fce, - 0xd86bcce61f5785c5, - 0x745617eb4d7e9bd9, - 0xa28fb4a9e45fa3b6, - 0x2bc9c00c6fd57332, - 0xf2d47d72fb43d7cb, - 0x8ac1b54ff75075e, - 0xa8866e121619509a, - 0x1eb091ddca68a1be, - 0xa2b7227295e8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7588cd86e0538e55, - 0x2589256e04631cbd, - 0x4c686871a683aabb, - 0xe1dc06de6c68ba5, - 0x4ad549852bd64772, - 0xe267a84f62953cfa, - 0x94784b5f26aa8ec5, - 0xb2edabcc88f93f50, - 0x118d2cc3617472e2, - 0x767b3d5706e413f5, - 0x420b60223a5fa6a8, - 0x16ad171600642, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xae55d770efe976c9, - 0xbc3b66ae0f134d87, - 0xd1325ec1db21a33b, - 0xdafdf6423b401e5f, - 0x9fddc0a8a50a50d, - 0xd0bf42db2473bb34, - 0x185f2792bf863bcf, - 0x918bb786e36bbcbc, - 0x648082c21d025f68, - 0x8ff1d47abd90b9a6, - 0xadbd8ba96632c123, - 0x13c6cf85a38f0, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd4e02c8dbd92402c, - 0x4c3a68195c0c0460, - 0x498cc317d8927faf, - 0xe2215502a29339c4, - 0xff73f07ad9d32350, - 0x75a8696ce0f13713, - 0x391c1bfa392b0ed5, - 0xb98e32182a1dcae5, - 0xec42ebb1a301dbec, - 0x6e455844e1df2d4f, - 0xa98ab906e29cd5bd, - 0x16993e9734dfb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x845db3f83bef27a2, - 0xc6eaa23cae65ed9b, - 0xa82eb06c4305f063, - 0x2ac6e04c21b33212, - 0xefe89d13c359023e, - 0xb99b597b77d3901c, - 0x1c9097570e4ccbad, - 0xd5bae9d203c41e79, - 0xa5221bae4e3c12a4, - 0x6ca8cad89a79ef33, - 0xd674477bf3276e84, - 0xa94a00ed6b00, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2ff451d2075c651f, - 0x4e0e143b116e7968, - 0x64652d64b8c91b2c, - 0x8842fcfaa3f575a4, - 0xec214004743532d5, - 0xc1ca6faa3b059943, - 0x50a8a99430c11856, - 0x5569c10f4a353d72, - 0x22a8b8f9e4b9481c, - 0xb6e3f059c8385189, - 0xbb1381c89cbfedf9, - 0x14e5156e45a7b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9f82700fb2be5ad2, - 0xcc03e659a1d14f11, - 0x34073ff913ae7bd5, - 0x5c000dba9ef1a3f, - 0xe7451f9827c6762c, - 0x8c6b252d92b93a57, - 0x34795adbc4a70f6, - 0xc57a74f13fb6577c, - 0xc20bc03d0db0a074, - 0x57700b6230666abd, - 0x84c0af14df5760f, - 0xb251d77fc9b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xdc5713ee49e805f7, - 0x6f2ac87749523e2, - 0x9c8704cb41cf9923, - 0xb9ff42401e80d3c1, - 0x94128ae476077741, - 0x54c35fb4ecc9442f, - 0xe07247d754d3fba2, - 0x25a275a643446976, - 0x95724f4d00b8037b, - 0xdb69c1dbb5d0efd4, - 0xff8e5f4ba06d1046, - 0x14805b237518c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xef4a73cecb5e761f, - 0xd09da6dd756d0b61, - 0x5919307ff1063d21, - 0x555277b8c1d5f140, - 0x144a34b641770504, - 0x772bd8dfe11b2a71, - 0x15afc905b465199c, - 0xad768072654785ce, - 0xc3c0e325981e8749, - 0x7fefc95d14160139, - 0x3007486f7f3d64df, - 0x64f6e4c8a925, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6b593c6894614ed9, - 0x507f6233b20381e0, - 0x5bf103abd1939ad7, - 0x4bb95c906491c4e5, - 0x619f3f77f1d77ac4, - 0x78fe05a00fe49f6, - 0x1ef09ac9161821f7, - 0xa7d53a18dff19402, - 0xe44577991eda2132, - 0xc3f423757fbdb268, - 0xc31067999993214f, - 0xdba7ca7cadcd, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x98ca201452b1f16e, - 0x2c4e0d10b0aefb8e, - 0xde2d7589142b9ac2, - 0x411319bbebf9e85, - 0x23a165dfb92a835a, - 0x27804de9504d0ab0, - 0xf6a9cc8944571fae, - 0xfc53b94610192fc, - 0xcb269cdb996eb2fe, - 0x675c33f96862df99, - 0x2041f285ca6e1c9f, - 0x1ab20265560f2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x41df73c35c4c9f54, - 0xc3c84d1402e5e6ad, - 0x784f41612f7900f4, - 0xa51da05deea5066c, - 0xcf6718f2fc42cb4d, - 0xf7cbf8c805cbcf66, - 0x6d0032d0369e295c, - 0x6945144ee8376159, - 0xa1d342ed51f60b7d, - 0x2b36b1ecbc997eeb, - 0xf42f0517cfffc18, - 0xd5e9dca972f5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xac5dd4311df958b2, - 0x1c87db1bc2e56587, - 0x2f064d02518e3f0d, - 0xaba2de6cce73d737, - 0xcd845ce8431306f2, - 0x9309917d7d3caa64, - 0xcb969977bf00be0f, - 0x9068fd158dea4ea9, - 0x16ad65edc6c89782, - 0xfd177f051d03e3f4, - 0x91c61f4e9414e0e2, - 0x196cc282fa8e7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x44c4b98d7fae8ae6, - 0x1a1b9743c87eda36, - 0x420f1d29a3c75538, - 0x9156408a5852f069, - 0xf278e387c44668cb, - 0xd865c7ed98b12991, - 0x7947c97278e98888, - 0x2d4119d0a7f01634, - 0x15561c5d4524943d, - 0xb0408b542fcb23e8, - 0xd4feeb5470d85861, - 0x1a998a2c66943, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x962efd6383f3e237, - 0x3513304356bcc019, - 0x17aae854440e38fc, - 0xa3e1a2fcb60ef7f1, - 0x632c0e8c1fb873f7, - 0xb10e1471b7493d43, - 0x3a0db482548017e1, - 0xdb0f40e7c68a536f, - 0x3e4f633d407f06f9, - 0xcb4e29ee7e8bd38, - 0x124e0d4149ca6926, - 0x1c29cf8d20433, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xeeb2fffeb0484b5f, - 0x5f49d7874113e11a, - 0xb18f3913d66f5d5a, - 0xba7f0e73d129a1e7, - 0x237d75f3cadcf45c, - 0x27aba89b68c3c4c7, - 0x6599e5e1835b5010, - 0xbdb105b9d74053de, - 0x6f286cce4130c308, - 0xfbe50a3e414e9b9c, - 0xcca0f8278021430c, - 0x6087e46cfb53, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x19cd95f86b2f38, - 0x47706f78da5096ca, - 0xd78a232cdc60b697, - 0x900bc52aad89abb8, - 0xad8d443d51bb0954, - 0xbf57c4cddeddb8d3, - 0x8c0cf811ee00ede7, - 0xa3bf25f09181197a, - 0x5500448b119fda7a, - 0x9c81d852b74df5aa, - 0x8dd9463afa8e9e9b, - 0x10c935237f5bc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2dbad41099ebc407, - 0xc6a3cb4184dd6fae, - 0xd64952ccb6080c14, - 0x2b0e5c91fb6ff2cf, - 0x6fe7cc50efea6c2c, - 0xf2988a94dbc84336, - 0xa4ad178f84ae0e2f, - 0xdaf7c9bea9ad160c, - 0x8ebd5b0f695230cf, - 0x6166f5fa4ccb0d77, - 0x6edf9b9c47d6d42a, - 0x1a483396f2886, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf347dfe2cf56a947, - 0xa7b08dbbe2696f84, - 0xc828da43e54f9008, - 0x3b0b0b5ed372abd6, - 0xe5277dd55064d606, - 0x267b083af2587c6f, - 0x488583c4f4986fff, - 0x9a5865fd38c2a085, - 0xd6f374be8eb75848, - 0xa47a051fdd0ad376, - 0xa383b86ea8790fef, - 0x1b6d28d7fb1dd, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xde7ae2dd6071d588, - 0x7f45d064e1322f16, - 0xc7244b368cfbda2c, - 0x6048abd20ea6f703, - 0xf76f1b21f8eaa297, - 0x54b95d4009e86875, - 0xa8e75a6b1bbc0f09, - 0x8ad630c05ebc4460, - 0x8851274ff344b6a5, - 0x2b3cc0f1a034802d, - 0x8d21668f1ab8e72d, - 0x15248894f256b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe3dc60dcbb4a98fe, - 0x23160eb63c24d4b5, - 0xf24788f9ed15ae1b, - 0x4a9080bf2789f441, - 0x925274e2665c5f03, - 0x8248ae71c0d133a5, - 0x2b10ebf5e32aef34, - 0x2be5e8a9f9346245, - 0xce39e516a9cd6a81, - 0xd5239b6e04c15bb4, - 0xb61019ff29255234, - 0x1ac2a7464ef5d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7c951958c20825f3, - 0x8253b0164c3f502c, - 0xd386b1b609708f2c, - 0xcb43181c3bf3d11e, - 0x7bc8b61a513009b9, - 0x631b53329ae01e4f, - 0x3aa9d3ccc62d4e71, - 0x8e1880a14dbb66b8, - 0x93d26f10749ee66c, - 0xa9c4fb77300f9661, - 0x1eda8f69d8f63116, - 0x605ee1cdbab5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2ac6a1642040d160, - 0xf9b6ec186b9a3ddb, - 0x1b7b59c1a2e6f995, - 0xf422ea9be1f97d1d, - 0x5afa999df1db6311, - 0x3a2b0beeef028bf6, - 0x5430ec6625e45e12, - 0x73aab9b4edb32ce3, - 0x372af2daf6d28c55, - 0xf6d67063611bfc58, - 0x417107aec7750e35, - 0x11950e1c2544a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf09cfcbe4b9c901f, - 0xdca43784e65b4e84, - 0xe620f434f9fcea86, - 0xca98f92bedce4f89, - 0xe435c32c68a54adf, - 0x6c63b3f8101c3ffc, - 0x73654f6a92238aa7, - 0x38c75afe9ce4c410, - 0x98afa5e7326191c0, - 0xb0ee47357cc20686, - 0x836ed0805ce14e7c, - 0xd54b15a85e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc0992c20b8723510, - 0x5d759e42f812d8fb, - 0xa5945ed459cbccfb, - 0x29bbe28ee136746, - 0xb6f4139910b90e07, - 0x65d20354eb67b0c2, - 0x398b88f536a86c86, - 0xc1d6f10b74df49cb, - 0x9c837c431eda3f7b, - 0x14e993ed62729b44, - 0xc63e018358b9488d, - 0xacaee5dc0dd2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf3c5df96761c6718, - 0xf6fb2e70685dd1b4, - 0xd40161fdb28759a6, - 0x461165b69d9c62f8, - 0xe041b8dc36b54e21, - 0xe9725833866bb8f, - 0x43dbfb7d91a6863a, - 0x7bfdc8989282685b, - 0x5907d5752e81836c, - 0xa7f9718b52fb3f72, - 0xb999a5139b2c93ed, - 0x8ed8d650adc4, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xddad8ad9fbbec223, - 0x844ab5b35c1764af, - 0x1ba2c746560d740b, - 0x7338a37c81814ea8, - 0x48d0200fd59b0a99, - 0x439fbbae3c217ba7, - 0x58f8a6952a68596a, - 0x4f263f4fa2714f90, - 0x589b6852b668c727, - 0x979876675a6d6559, - 0x1744f6574e3ce698, - 0xfec58dca8935, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2eba985e8b061a24, - 0x29d333d6f4e982d7, - 0xc27ffc44fa6e9fcd, - 0xd2c87e3c4f13476a, - 0x5b95acd8297df971, - 0x847f654263361cbc, - 0x4d2cf0d88633d608, - 0x9df44da9e929c5c4, - 0x256811ba9aa4879d, - 0x2622a37b7d76062b, - 0x2b822c10faf2be90, - 0x12547330fac09, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x251b33c77f6609fc, - 0xa1eb119fcc8fee68, - 0xe2d51e2a2f76d4d2, - 0x2b21f4eca62d927, - 0x7b7052038ebb6a1b, - 0x52bc7bc4d2113166, - 0x42e919d25dd791d1, - 0x110b226ee9adfb4e, - 0x8c784a9319e3067c, - 0x9532de11b71f25eb, - 0xbbf62465d422848a, - 0x1720838f50b19, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf2de422d76c6307f, - 0xd5b0b65f6c662881, - 0x1a235cc434321c8f, - 0xd1ac878963a846e9, - 0x3ebd7765d053e23b, - 0x11af8b7e6ac50995, - 0x18595c761773f436, - 0x3a8ad7c684fe0c45, - 0xe26f52f4660cf47b, - 0x44c94f63ed492298, - 0x7a40f342ec430a31, - 0x19db5a07e6118, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1bcd74fcd16cf5ba, - 0x6ce6039a0f48fe2e, - 0xef20b66966fe1122, - 0x3b333ed5dec9c056, - 0x954be6008d5ac282, - 0x6a256e13e8642470, - 0xbf0bf8a9cb9fec4b, - 0x2d78520b740caf5e, - 0x2769f63453c0338b, - 0xa49ca8758eb46b5b, - 0x56dbbbddd2c52931, - 0x67c5d89e6ba7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4b026c57fe8c38a2, - 0x67d3f0b66d4feb2f, - 0xb847de703383e335, - 0x7db30212088736f1, - 0x8ba13d378af6327f, - 0xb89d34cb1c174e0e, - 0xaefe2464e3de007b, - 0xf47270962abda9a9, - 0xd1185fc2f29f04f3, - 0x33acae308d7bae1d, - 0xeaac0935f894b196, - 0x7d293b070740, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc629634cc549f5db, - 0xa25fa843b423bc2f, - 0x2e2705f381623632, - 0x8b46dc5d8e0f2ba0, - 0x8ec03fae9871057, - 0x2b5d8aab1f14879, - 0xf93a1f454b8e8ecb, - 0xe76787b90972693a, - 0xcdeeb5297f3541c3, - 0x9b2a54c5218b2dbc, - 0xf150fa4ebe586807, - 0x15cc462876c91, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfebbe5974efd47ed, - 0x564a64c65158a7a2, - 0x46dfa9ca462d78d3, - 0xaa966926b4e7350c, - 0xe689981da491b71f, - 0x34da5605d33e28a4, - 0xffcb9bda564fa9bf, - 0xdd06369a4a8ef22d, - 0xb0b9b03233baa7, - 0x399d17725c8f7f2d, - 0xea790826eb8dcc5c, - 0x12654b038a096, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xaa6053c0ae0555a6, - 0x885a84674ef32e4b, - 0x6e23f8a4fe0a0f9d, - 0x23803a09a243855, - 0xaa6b94c3a0c6e95a, - 0xfbfa87affbeee69a, - 0xa2f81b8ddfaa795f, - 0x386a4ebd7668efb, - 0x636067e3909fa68a, - 0x24f248c9d2e501a7, - 0xd1bf9f8693dfaf15, - 0x26b0ea89f3f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8175b9427c9a50e, - 0x7df2707dd7679357, - 0xa1505ebdbbe8e3f6, - 0xa9e5954fb881ad95, - 0x253afd1997e0131c, - 0xf0973bf86718a78a, - 0xa6e00f179cd40315, - 0x2f6a0f57abc385b6, - 0xfde1b2bdc1870349, - 0x23b6199c321ed8c6, - 0x3dc991c5bdd9925c, - 0x1b792a0482e4d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x949c6e64a32959c0, - 0x373687d9d0857d78, - 0x7c95581d9daff14c, - 0xffe793c95400463, - 0x925bd6f651c2803, - 0xda4e401f675114d9, - 0xfa824866ce5761fb, - 0xb0afb0b08ed20714, - 0x8714949f8f26b739, - 0x6760164912db91b1, - 0xcc474f17a82ef295, - 0x1a753b3ec93f3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7c15d383a5e61506, - 0xc63d0f0e87155d6b, - 0x17d39970bbba5a58, - 0xbd5b9dd4e26d0214, - 0xe174367a62442922, - 0xb21a2fe4a2015ff7, - 0x9e4eb9f78895691b, - 0xa1d0e88af43214e5, - 0xc343aa2021b0df61, - 0x313667ec2734f099, - 0x144bc4b7e73092e7, - 0x146957236d237, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf82d16b94a238f09, - 0x590b15d54016b65c, - 0xa0dc2db444d53239, - 0x71d01766e17b669d, - 0x2bc648b5cfc73b5e, - 0x25f1f34eff6a1891, - 0xbed03e087a7620ad, - 0xf37b7a8dec3e3d3f, - 0xd86e4a852586af64, - 0x71d7c78618cb9136, - 0xbbfb638712e7fa30, - 0x1866cd70d1a21, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x873563678a5d9bed, - 0x7a9cb4683aa01303, - 0x539c4d73a0432f3d, - 0xbdefb2fbfd2655df, - 0x7cd948bea6589b74, - 0x1010757b45355d44, - 0xa8f81129bcab853c, - 0xd2d277d3b33e265f, - 0x8af2b36ca3313579, - 0x7be4d13e01cce6ae, - 0xba0e7178fc52c83a, - 0x2292003bac16, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe0fe4fe8a370a000, - 0xe2e261b3ea1f6554, - 0x6988b2f361711a65, - 0x70d570fa008f71ca, - 0x17f6a0ac9bd35c82, - 0xc8c52130ec97743b, - 0x11983b99f0e1574a, - 0xcf898ef74afa3011, - 0xd87c10a0691e6c65, - 0xa72a4861abade46e, - 0xfa270d4bc017f37a, - 0x155657c7d570a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd4ed68afff88b57c, - 0x5a9df6e2e0ba4730, - 0x7cda707339b38cb5, - 0x1ca1c19f554449cc, - 0x397653b871a0e9a5, - 0xda8ee1e42d8bbd64, - 0xbb1693c125ed17d1, - 0x86df44f345d07e68, - 0x1b16acb1ae025085, - 0x6cb886d81113e379, - 0x8710154496a8045d, - 0xd98530c9551, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1131f9398e258559, - 0x3f20da687c1dc823, - 0xe3e70cf0b017ae89, - 0xa118f1cd940aa754, - 0xa472ce96d5a2721d, - 0xf9becda673a19fe9, - 0xed7e00b79e01a01c, - 0xc522d37391b6a28f, - 0x7d46835fdc353e6c, - 0xebca368b50d66ad2, - 0x8d0bc54b92d28f2e, - 0x3bb6af4e81b1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc79b78eda8e90d0d, - 0x2b7ff1d905dd2a27, - 0x5b476878eac3b934, - 0x2cb948a6e6f8cdd, - 0x5d382453413879e4, - 0x2d7c5154656c97b9, - 0x117cf8bdbec45ec3, - 0xa0888cfaa233d20a, - 0x3f7bef774bd67edf, - 0xaeb5e72c32132afe, - 0x3421c2b34f7591e4, - 0x1093be35a448f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8dc1a486ba7b4a21, - 0xaf04e841fcc7b6e1, - 0xe83242e6b54c4e54, - 0xb1f42c031af13bb2, - 0xfe69a04a5df9dbf4, - 0x7a12fba14d2ceef, - 0xdee0baa125e148c9, - 0xefde2ccd2dde02f6, - 0x85cfc9796f18dbd, - 0x953a9353c76e2e37, - 0x7b1ffadf837f1a90, - 0x158a0cca5a4b1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1cc1aa3ab2b6477e, - 0x84ea39565354de09, - 0x1821aed8628cd370, - 0xfbe488fdeb1752aa, - 0x111396c65bd83ddb, - 0x706b706aebdcea4d, - 0x809a7e5c500d061b, - 0x1ab7235207d2e1d2, - 0x1ece621e6b2f7f38, - 0xf708096abd3d441, - 0x4bfa18b4f55a770, - 0x1be0bba87328d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc2bb9a0c79c44f15, - 0x6f9950e96021171c, - 0x265b130cf2a8ed49, - 0x23941e6aee76b9fe, - 0x57ca2c4ee2001766, - 0xcea0cab99a35c2ae, - 0x425701e3d812805, - 0x40bf744d242da910, - 0xbf96177196a1da3a, - 0x42f1137508bce79d, - 0xaa923a1484683395, - 0x139dd018fbbe1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x18c30c7798b59ccd, - 0x4166b1d4bfe5f8c8, - 0x314e4566d488070, - 0xca597b4fba351d44, - 0xd66b1e11f9bb2aa0, - 0xf43b4ead999c94bc, - 0x65b29f783e80df09, - 0xbc574a0466e48dc5, - 0x4e973f234cf4c760, - 0xa8d40e3917944fd2, - 0xfc680a412e5e68c8, - 0xc31a463927d5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5f0d22d795a58cc3, - 0xf77a6b6fb6759a5, - 0x119e8a8e2f6b97b7, - 0x16e263282d2f0c56, - 0x7ae9353b22232605, - 0xfef3adbbf95edd19, - 0xae1e620b4c3203a8, - 0xa811f40415e23ca5, - 0x2db4e90eb99150d, - 0x5b82e4204ed4379, - 0x19135b139bcfd8b8, - 0x1b81909d3eeb4, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbcc1f73a9d490d95, - 0x1c0438309bc14cc0, - 0xe82c207343fda3d0, - 0xa975aec835bb08db, - 0x87e64528d76c342f, - 0x793f577ca5bc60a0, - 0x54511caff32776ae, - 0x551e66d0e450da22, - 0xa68c09680053fed9, - 0x68a014c3102196eb, - 0x2d2ffcc97fa5ce96, - 0x1493d7805f9ef, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4dad2242afe58dd5, - 0xf2d3c1d4fbcaddff, - 0xd81af17b99ff2269, - 0xfe8f3addd3d5cb95, - 0x9a725c3882d48ac8, - 0x69e8744a96aefb54, - 0x25a788ce6ad6fa02, - 0x242f8f4f22eb41dc, - 0x722fe855fa04a878, - 0xe9bd683fc76f98d, - 0x350cb067d9de14fe, - 0x1583cae3d358c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc236532124549fc7, - 0x8254d8057aa67ae1, - 0xbe505f0b44089183, - 0xb706d16381181371, - 0xd8772c8e7b66a91a, - 0xf8ebadbc9053a4b1, - 0xa0c2885e01502a2b, - 0xbb2d35dca5289056, - 0x6ca47e8ecb0cbfe, - 0x1353c498621cbed1, - 0xf76947f998f129bf, - 0x6ddfeb2490f8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd972f7966154e8e2, - 0xa6d66130b04a970b, - 0x6b9912a75dd4772e, - 0xe9f790e61ef5e8b5, - 0x1251162fe2531aa, - 0xc3be528ed1aa9df2, - 0xc350975409c573ab, - 0x115014369acf5853, - 0x715f7ed4107bf51a, - 0x2c53d60394d3f136, - 0x886b323c5538f27c, - 0xc0b43a527a0d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa45fe80a855b6bdc, - 0xa4c1755587ee792e, - 0x16679b8ab7af949f, - 0x39a24d93f606fb07, - 0x78fb76dc58afe0, - 0xfcf793b9cbea9796, - 0x3feefd61f744d0a3, - 0x3527c71011983c1f, - 0x82cd28e41430fb6d, - 0x48579d9d2575ae0f, - 0x30d90f3df07fca17, - 0xd1851cbd9fe7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4bd6e50bb587cc95, - 0xd0b56287f3a4b7c1, - 0xed863ee905e8a4d0, - 0x22a3315f199d82c3, - 0xaf0e1a737a5a80cf, - 0xd5958a81c65453c7, - 0x9195678685e1566b, - 0xac40e17de962003a, - 0x7ac959099f91e51d, - 0x13a4b91604f50136, - 0xf33fd02cd37ca8cf, - 0x1c116844be72c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x26b439223677830d, - 0xc59f75fb0d1ea92e, - 0x3cf14417087a06dd, - 0x1acae0bc50a98b2d, - 0xdfc5fe61821d8000, - 0x4e679baea71f6a26, - 0x159ea07bd98bb46, - 0x26a613ebe4e26f89, - 0x6ad1b64828f26bec, - 0xda72540f80d2e5ff, - 0x604a053fad9939aa, - 0x44337c18dfbe, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf95a5d637ccc4f10, - 0x920ee0995a4c4e7c, - 0x38904c1eda8d23bc, - 0x15e23c8d23933883, - 0xa85ae19d8f3dbc21, - 0xa8f0b8d00510849b, - 0xadf096fcabf54fda, - 0x5ab38da14c1c8ea8, - 0x8575b8af43ee02eb, - 0x7013991da6d3c42b, - 0xfb9ff9f269f44c10, - 0x1304d33407eb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9c0f5a14d37a99fa, - 0x42269aca050a7b6, - 0x9dc8b9a43b25e881, - 0xbac298598f0b5bfd, - 0xa8df5cccb1c96686, - 0x6e4bfb9c7d12106e, - 0x841b42e05a61a819, - 0xa6d4dd155af99f7c, - 0x19b7595c7476bde3, - 0x823970cc3f0f51d2, - 0x81b65e1a1b57c47, - 0x16c09ac42453b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x172be90932fe06cd, - 0x809e2d1d2dc76144, - 0x36b8e4ebb0b433b8, - 0xba5cb7757b1cfd5b, - 0xa7069bebdcbd5ebe, - 0xec490a217e17bda4, - 0x4a943d54d906f620, - 0x23d6cf9986332dbd, - 0xb75f8bb9304f4f90, - 0x770e6a6e11db0e3, - 0x6c3199c98f774158, - 0x294a8331c3bc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb5f00c4ea55ba53, - 0x4c656d4729ebba7b, - 0xbe748e5413a01525, - 0xca9ede6d1b178734, - 0x8b2584122712dae4, - 0x6e2ea29e118cc395, - 0x3b9e3498460560f3, - 0x7b333254f751ce74, - 0xcf91070e1e613b7b, - 0xdfccbe0d8089abee, - 0xa1882e566ecd05b2, - 0xaab5e200196a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2287748ffdd8a1fc, - 0x6bb2f1cb39299f7b, - 0x67ec9a854791f7cd, - 0x90a4cf4bcc99b3ca, - 0xce7c773dfc614776, - 0x8313034cd926ca0b, - 0x322fcbe018caa248, - 0x6076a74cab113c76, - 0x5feef9ea8e0f180, - 0xf2351c23e2c1a11d, - 0xa00e424628032f7c, - 0x701b24c0d43e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8cfd2af1696a7e78, - 0x92db4de98bfa13fb, - 0x948248fbc92f2110, - 0x2b91b676c6cad372, - 0xc89901b99ee730dd, - 0x3a412b36ef8dc79f, - 0x39acbb9c82973fb5, - 0x3c7de0855b0d83ea, - 0xaf29144b3a250d24, - 0x5e4c1c2aaaf1872e, - 0x5873a15f3309ebf5, - 0xa2b64c96e8bc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1c9a36aa32b01b0, - 0x8eee55d8233fa48f, - 0x6dda76a7e06a4df2, - 0x15ec29b646a46a44, - 0x378f1c74d15ae95f, - 0xae9aff8b510dbf5b, - 0xa0b65738f857f40c, - 0x470614518d38fb1c, - 0x2a2df0198d976653, - 0x64dd53b448a96b75, - 0xe8681671ae2d7c6a, - 0xc8857cd433b4, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xda492a413447ddc, - 0x685176c6584146b3, - 0xb0df0409fe4b39ed, - 0xffc971ca1eee1f61, - 0xf7aa008be99fcc10, - 0xd04e97062ff69b9f, - 0xea93bd5ab0c9058c, - 0xd581addc12b17b1a, - 0x750461e69d0eec0a, - 0x4fdbb6b691c57c4a, - 0x7088d8c45639775b, - 0x136def2d19f1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6d6d22a160d325d6, - 0x5000e1262f2e4b84, - 0x82f96a4bbccde164, - 0x7de7281ef87c194c, - 0x50915aaa411c218, - 0x5a6aeb5487a77a54, - 0x39777c0f77ecd996, - 0x614eb1c79f1e8eed, - 0x51161627dc71863a, - 0x5e22bc2d02544dcc, - 0xf4cadaed3e7f74e4, - 0xa352a640c924, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xec8fe6df2fc5e9b4, - 0x77789a547a62de74, - 0x85bdc0e78aff70e8, - 0x2b89b64100953007, - 0x3f56cb0ba837c440, - 0xa9cc5cea03bba5ce, - 0x9023bca6eb1ed426, - 0x7870919d3f31aff, - 0x2924f46d1ebee9d5, - 0x26b360e5c9ebf458, - 0x408ba02421ae10c, - 0xe099b4883ce1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x192e48a91279cbcf, - 0x95c3ac2bf829069f, - 0x78a032164255741, - 0xb204dc819814bf81, - 0x81ad2bb132c3632a, - 0xa04afa9867fb1ae0, - 0x3ed00e6c66827a41, - 0xab13c5622423f418, - 0x1a62ed5fd09d7614, - 0xbf019824577c4de9, - 0xbe6c4526d8ff7595, - 0xe66afb0c2130, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfe2d689d9540b7b0, - 0x69d5c197e45e3351, - 0x8bd8198d5169cec6, - 0x18e77e2d7af6f5b, - 0xd5275a060cb75e7e, - 0x527cbb36c680776e, - 0xffeffae3f5907a41, - 0x3c6e0183a2a1101d, - 0x33bb40e2cd5ccf0a, - 0xa7e7d439feb0d4d8, - 0xef37cebf4e150aaa, - 0xc21538c2907c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x907e21437c18aab7, - 0x645e1230a6362069, - 0xd2fb691d310bc220, - 0x2d16c2bfb0ebc07e, - 0x423cc9113a37c49f, - 0xb02705409beb5558, - 0xccb31ca73e1f87d5, - 0xb675cdcd278ac6e0, - 0x31d16cc025ebae, - 0x8d056a90af3fb4a9, - 0xf6ef8591614bd752, - 0x172094f015b0e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbaa509e0ce304935, - 0x1e3cdbfe6a5d4b1a, - 0xadc2738755d596f4, - 0xa6a009cd20d1833e, - 0x8f00191dd77407b7, - 0x106ad3c1444c3e05, - 0x13594a071c159fbe, - 0x8b40eece2b671055, - 0x9d1e076ee3308040, - 0xaba00c9eb2d61415, - 0xd513c27e2f22aee8, - 0x11ea9a6ffe364, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x69f2ad69b66bfb1d, - 0x856d1b716857c746, - 0xc0d69b469e170939, - 0xe90cfcc2c93b76d5, - 0xe841061fef83ff6a, - 0xb7a68ccf4b3cfb79, - 0x3ca6c8067423ec95, - 0xcd1ba4afaa66fd32, - 0xca89418624105230, - 0x187b367b36b2679e, - 0xc6e238a78dd9a85e, - 0x1097d0c34c84c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x21bed21c947e6c31, - 0x342274691e6e3bb4, - 0x548a938f33ef43b1, - 0xae6cd08b910c32e, - 0x18903aec8d7a727, - 0x6921b1176cb4c53, - 0x1fd07ce5ca11fc57, - 0x983fa6a0d2b70697, - 0x1cd741bd6e425804, - 0x74b94b009bf56e30, - 0xf1084c0005cd4859, - 0xbb0238b023b0, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7d7b06a6ed2734ee, - 0xb4530b43b72f412f, - 0x777ee5c45e524f42, - 0x8914a73fed386e32, - 0x57fc876ac0e02b9e, - 0xcd24313f740fd0c6, - 0xae4596615941437f, - 0x71ca9922f572314b, - 0x492a957798827ae1, - 0x5d4210063161c7dc, - 0xf4438d4107ef6de9, - 0x16c324cc80d1d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x31e163e2bba406ae, - 0xbf814eac695a79d6, - 0x3ef082857c6e0af3, - 0x6dde872f12fc588f, - 0xd05acd7b670190b6, - 0x2b5e3bbd0cde73b6, - 0x1fe132cbba4fdb64, - 0x13ffa739ef74c5d5, - 0xab07a7f09f5dd20f, - 0x91496292ee8c35d0, - 0xd8b7d22c3d42f447, - 0xf8067a3c2d95, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5ea269a627948214, - 0x38f3cafdfb25e834, - 0xa59e51f132aaaa09, - 0x1df1081ebb37e364, - 0xf3aed3df5444b646, - 0x5a2eaf1d1393e86, - 0x8ff335f3f966d009, - 0x1962ead7b30c9f3e, - 0x8df0bd21df94d615, - 0x7df353a320106bc8, - 0x999bcbc0d1012176, - 0x3c6cd86ffeea, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xabdc7b54602826df, - 0x8656fd0c2916ce20, - 0x93d23a7b2187369c, - 0x23b66e8339e72f2f, - 0x52f429022efa88a3, - 0x538f0ebddab736ef, - 0x76190c903637d23a, - 0xc2691af5342b4d3, - 0x9f83460790eec4f1, - 0x323b15fa7bd93949, - 0xcbfc82e45f7d4a7c, - 0xee964f6e6d63, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4c2844051eaa3679, - 0x55b080f7863df438, - 0x909e62f9badd7a46, - 0xc75c6ba1507340cd, - 0x4687ddeb80fb255, - 0x15731c4259a5d1dd, - 0x52755f75cb479400, - 0x196e185049cf4233, - 0x14f8f434731e4c16, - 0x5b50eb0940595a45, - 0x1de1c127c134f9f5, - 0x18e3735f432cb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xaa371123ea88c3bb, - 0xaa9ada46792f5716, - 0x3c49c2b627c1b3cd, - 0xc08af0fb67469f51, - 0xde9464f4ff58d93b, - 0xe413ff6745267590, - 0xdc54c3deba5a14e0, - 0xdc234552760a26d9, - 0x8f834b13a4bc9249, - 0x82c5532cd61cc251, - 0xf9087c6246fceaaf, - 0xfef655ac6c36, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1402238ac55402d8, - 0x4bc0526019fd9819, - 0xf930265844c80568, - 0x20086a72b95b6948, - 0x4727ecdaab33c73b, - 0xd3c667755580a7d7, - 0x1e8e7e96dcb818ee, - 0x6f7cd073aae59454, - 0x4d23bb2e4825b493, - 0x53ab5a7117fa333d, - 0xda75321f0d0b9d51, - 0x15dfc9e5637dc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8e5fb226bdb14b8c, - 0x606aac140a3f3e04, - 0xe831c01443775d03, - 0xdf1522bd76aa7372, - 0x8ae9668842578941, - 0xa2d2c818b96a8ee8, - 0xf1c5f6c4f15d8ea8, - 0x611741486a1dd031, - 0x4ca5638d1e5c7953, - 0xeaf2e1affac30317, - 0x89c7db2cb72df74a, - 0xcc69e8bce3d9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1a683ab7d9bdf8a5, - 0x64cabfd214134613, - 0x639988c6d0361286, - 0x4a940f5e65dabc7c, - 0x39858573b02fee22, - 0x8d4b7b99dc0c4c91, - 0x6da4a07245f4d80b, - 0x331742dcbb485a9a, - 0xa59e1e88ea3feeb7, - 0xc0b2e7400a855002, - 0xd1808d84a85fd995, - 0x157f2171fe05a, - ]) - ), - ]; - - // This MDS matrix supports fast matrix multiplication - const MDS_CST: &'static [Fr] = &[ - field_new!( - Fr, - BigInteger([ - 0x5ef6c5803ffff0b9, - 0xc87d30b037de2623, - 0xfb2cfd1981c5d76d, - 0x5343e3226f1113b2, - 0xbbbc227fa69131ee, - 0x2a8c0cf32e31dd41, - 0x15d6072feb4315cf, - 0xeac86ddb0d72d1b7, - 0xf457c575fc343aa0, - 0x59e953592fd74c9d, - 0x7ff7fa50750bc70a, - 0x18886f925d6ba, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xee423eb57fffa0a6, - 0xc2ba9f17acadde63, - 0xf21f8870b9600ea0, - 0x89af6eeca55e3659, - 0x60edcca63d2a41c8, - 0xfb477504a89c312, - 0x4fcc489c84216d59, - 0x917d7587f44f023, - 0x73e38903794b3798, - 0xb319fbc57d331066, - 0x805c5d11d9f039a7, - 0x1b0be2cc8f360, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb80824ebffff9a30, - 0xc11d8418b0ff1e7f, - 0x5ef75231ad2a230a, - 0x9c99ad34cf5d5156, - 0xd97ef36480fd5c33, - 0x479907d1d73bf209, - 0x828832840265987a, - 0x67cd9c6b7f861f43, - 0x7ba84d7fdc3ac062, - 0xc825a95ead868c4, - 0x410d1b5e6c935945, - 0xaf1562721ddc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7ece4e8bbfffe1f7, - 0x6a69ea5b8e7f97c2, - 0x89ec60ffbeb93077, - 0x37e460ae31bd9f09, - 0x27f883f8ab5b3e4b, - 0x763fb1672f8d82b, - 0x15543370aac8d08c, - 0xfc620c67f6810dff, - 0x1e3b9481634be904, - 0x487e4371f154ff8e, - 0x61e4d6c705ec6955, - 0xb7876d9dcb5d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x58b64638ffffe4c4, - 0xa236aff2550fe965, - 0xb7ebd3c32ae833e, - 0xd03210bf82e6deb7, - 0x625ee4efdd334591, - 0xc0e2194f9618dffa, - 0xe41868f996905538, - 0x5e019b94813a6396, - 0x6753171688952332, - 0x8e8b0f8262c4bb60, - 0x92b2889e172678e1, - 0xe3a19fcebe4e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x3cd1863f7ffffb8e, - 0x7a17777c854ac90d, - 0x4ee9492ff07aa164, - 0xba5d108a2ed94f3d, - 0x4bd579612aa420b9, - 0xda4e52b5616c0be2, - 0x3c4a3090b99f44fc, - 0x7a1ef57be4a0008a, - 0xf2765b3b44ffd0a6, - 0x2c7d5cc8fb43f2d0, - 0x465b44b613c9b1c4, - 0x233cf8e79cb2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8e66cc663fffd191, - 0xcdb7a31409d5e61, - 0xbfeaec0e9f1cd544, - 0x290f984ba905f3ef, - 0x595c8a5e35c298df, - 0x2a74b65104a59061, - 0xb9b1eaa4b1104c90, - 0xf1b7e8c337898df6, - 0xe2652a56a1447aaf, - 0x6196f3b47b16110e, - 0xcb1d39edaab39a9e, - 0x10a95fbcd6967, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc0ca0bd6ffffd17c, - 0x99aeeb4cf86395d4, - 0x21e1479d7415a5da, - 0xe9b021995874246a, - 0x3004ec36d60a7661, - 0x879126f8954aa6a5, - 0x1b89e4ca7499fca0, - 0x49e7b8a722561159, - 0x1d4f0de0b8cfb940, - 0x4a1d8a1cf84ca296, - 0x784767101218bb5e, - 0x3171621a22cf, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbeaefc0f3ffffe15, - 0x31fa60c505c528da, - 0x17062bf32a5800cc, - 0x7f6c8a491e1c85d8, - 0x51c275d51d6bb509, - 0xca2b3dc7bc07b33e, - 0xfbde52978687148a, - 0xac5de44ad3586169, - 0x5544299cb8c3db5f, - 0x244ac8e0636993bb, - 0xdb58cffd2ff83d0, - 0x1120aca75573a, - ]) - ), - ]; - - /// Short Montgomery multiplication with respect to the short Montgomery constant R_2=2^64 - #[inline] - fn dot_product(res: &mut Fr, state: &mut [Fr], mut start_idx_cst: usize) { - state.iter().for_each(|&x| { - let elem = Self::MDS_CST_SHORT[start_idx_cst].mul_short(x); - start_idx_cst += 1; - *res += &elem; - }); - } -} diff --git a/primitives/src/crh/poseidon/parameters/mnt6753.rs b/primitives/src/crh/poseidon/parameters/mnt6753.rs deleted file mode 100644 index ce0805477..000000000 --- a/primitives/src/crh/poseidon/parameters/mnt6753.rs +++ /dev/null @@ -1,4044 +0,0 @@ -use crate::crh::{ - batched_crh::PoseidonBatchHash, FieldBasedHashParameters, PoseidonHash, PoseidonInverseSBox, - PoseidonParameters, PoseidonShortParameters, -}; - -use algebra::{biginteger::BigInteger768 as BigInteger, field_new, fields::mnt6753::Fr, MulShort}; - -#[derive(Debug, Clone)] -/// x^{-1}-POSEIDON-128 parameters for scalar field Fr MNT6-753, with an MDS matrix supporting -/// short Montgomery multiplication. -/// -/// The number of rounds are computed by ./scripts/calc_round_numbers.py, round constants and matrix -/// are generated using the script ./scripts/generate_parameters_short_grain. -pub struct MNT6753PoseidonParameters; - -pub type MNT6InversePoseidonSBox = PoseidonInverseSBox; -pub type MNT6PoseidonHash = PoseidonHash; -pub type MNT6BatchPoseidonHash = - PoseidonBatchHash; - -impl FieldBasedHashParameters for MNT6753PoseidonParameters { - type Fr = Fr; - const R: usize = 2; // The rate of the hash function -} - -impl PoseidonShortParameters for MNT6753PoseidonParameters { - const MDS_CST_SHORT: &'static [Fr] = &[ - // These constants are in Partial Montgomery representation with R = 2^64 - field_new!( - Fr, - BigInteger([ - 0x1b06b82936573768, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa8a66953a924365d, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb412c015510c2717, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x351fdbd63ac0afdb, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x302be8e2c8e27f02, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7dcdc338f53308c, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5220f8b41dab7db4, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x524543d141024c82, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x3657a2432f363f4, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0 - ]) - ), - ]; -} - -impl PoseidonParameters for MNT6753PoseidonParameters { - const T: usize = 3; - // Number of S-Boxes - const R_F: i32 = 4; - // Number of full rounds (for each of the two full rounds) - const R_P: i32 = 63; - // Number of partial rounds - - // The zero element of the field - const ZERO: Fr = field_new!( - Fr, - BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]) - ); - - const AFTER_ZERO_PERM: &'static [Fr] = &[ - field_new!( - Fr, - BigInteger([ - 0xef99f18ca1164fb0, - 0x1bf161755d689806, - 0x83ee017c500c6964, - 0x8abab822f92200c0, - 0x4b64884b9cc7eef9, - 0x53d4a2f13e17017c, - 0x551b8da2668dad8a, - 0x9939a48a0191c96c, - 0x2e1d80ef403671a0, - 0xb037bb60fbeb0212, - 0x6a22eba60581eb12, - 0x6ec196c9026d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x18c4207483ba0f2f, - 0x6c50abc8aca74de3, - 0x7c1acfd6686351c, - 0xf367937c1356e91f, - 0xcdbf0447592ec1, - 0xe13763baac982387, - 0x2e1f904290e7045f, - 0xb6ffbcccd73c1092, - 0xfae22550de44cf2c, - 0x14c26231e52c7eae, - 0x471836049049f3b7, - 0xdc46826797ae, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2ee4a96e4cda5f6f, - 0x7442a7b7f51fdbfc, - 0x23d03839ab7d811, - 0x1f873a8c0ddfd7a4, - 0x872f14e24612551a, - 0xd43181c852d5f78b, - 0xb2ff35a74130d2cd, - 0xd64aaa80f389157, - 0xb954953b8d35d74, - 0x37aba7a7212e96c, - 0xcce2fff62e11a3d4, - 0xfb3f9157120d, - ]) - ), - ]; - - // Array of round constants (in Montgomery representation) - const ROUND_CST: &'static [Fr] = &[ - field_new!( - Fr, - BigInteger([ - 0xbc3bce4306347da3, - 0xe8bf3275de6f8a80, - 0x56a983ba25567267, - 0x718c0cb5c1707067, - 0x847b43861d406618, - 0x94e384fd0addc509, - 0x8c05c8e798c7a2e3, - 0x85204ec1d689f829, - 0xe5845d1b732e9f45, - 0x948470650fdf2c14, - 0x3020e7156b6d05fe, - 0x169a87b2cb0d2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb1243358d3057ddc, - 0x4f7d9135a93f7748, - 0xadcd00c037af95ef, - 0x5d93d11990a375f, - 0x7e8dce24aeed7f78, - 0x637b8ff9811147e, - 0xa74da71309e416ab, - 0x7b8211e20256568, - 0x7c75dc81daf36cb4, - 0x68475b1d5e0de06f, - 0xed144721f8c12f0c, - 0x8f3ad7774bde, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2558a47e2d238f9, - 0xa3806a012e162b01, - 0x5b969c8e940ab574, - 0x40bdbe69f4fa8c2a, - 0xb55e37231cb10e77, - 0xf3226b8a7b9f88ab, - 0x69d45fd2c66a1b61, - 0x6335cff83520233b, - 0xba7ca0f17bf5557a, - 0xa36e501f0ecb1b4, - 0xb624e1f62688951b, - 0x120725fe2f38d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x64971ee618597cc5, - 0x47011c83b604700f, - 0x540fe5a11a9ba46b, - 0xaec24298dabd5ae3, - 0x35ea26cd9f3c9c17, - 0xf6f87ee89f706831, - 0x26a93689410bc844, - 0x6447ef4de97c9fc4, - 0x4f9d7deb6fec1ae1, - 0xcdfeb3d8cbe2eeb2, - 0xfc5d2edfe5614e6, - 0x8a46f6357324, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7a926bcfbbe9164c, - 0xe905bffe2f6cd343, - 0x2313e9b25229b004, - 0x48fe1decc4065073, - 0xab0c7949277306c0, - 0xaaecde3c27ae8329, - 0x944a237d0a673ff3, - 0xe437df12016a7388, - 0x524f710ee2849356, - 0xc8981a53bf724322, - 0xa5376dc20e96c22b, - 0x78c2e7b89a98, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe5c93c20dabde2, - 0x4a84e87ad6c60636, - 0xd7be20dc78ffe12b, - 0xc931d4f5f6226649, - 0x9b86aaa876579687, - 0xe1a946bb97534005, - 0xbfab8ce368acb767, - 0x707c0b01d76c58b3, - 0xf0edadc780764c01, - 0xc0ce398bf996ede5, - 0x6d50e23f5b4606e0, - 0x18939e2917075, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xad6038d73b65ac49, - 0xec6431333f1136aa, - 0x4c5c41d0197994be, - 0xf25b85488546a994, - 0x453e0f1aae654da6, - 0x6574156a2824bc3d, - 0x983de26c0534889b, - 0x7804458d59c7c0f0, - 0xf60e97dcd32d2b75, - 0xf81be2cf0cc90ef9, - 0x73ae4c919e6294d6, - 0x170db80cd372c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa60fcc0717fadf03, - 0xc0563f26c986e1eb, - 0x8b37ef8705cde090, - 0xddc13bd45f04e124, - 0xd55c58adaeb15353, - 0x6497682ef4cda76d, - 0x900638be243c185d, - 0xbe1a3babc087721a, - 0xf981dc114e996356, - 0xbd76dc9fcd1815a2, - 0xf840c8dee0fb79cd, - 0x1281b7d95f1e5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfcd413a0cf53cc02, - 0x2c7b141857b9ee70, - 0x9c09534ff13a0060, - 0x739089532860063a, - 0x99da8f1b13b7b5bf, - 0x11635bafdf16619f, - 0xab3dc0f7683b5eb5, - 0x62f827b9bbe81bbb, - 0xddecd51ea233970c, - 0xa87281caacfc03f9, - 0xed7c84c4dde32595, - 0x4b7429204208, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8c156b346bda1970, - 0xe68bd83561e3a9ed, - 0x3c629ca298087cc0, - 0x8ed9cd63d9a0af29, - 0x681280168db49685, - 0x913b234a0082a534, - 0xbff3b74ab4c6b92d, - 0x32c56daef2e6a3c2, - 0xf4d2a3122db2f6cb, - 0xc3d40845fa728427, - 0xb12294978641e515, - 0xc797e035c3f3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x98cd921cf106e6f1, - 0x99b88250713cb636, - 0xf22b0d765081a737, - 0x577429a343f260f7, - 0x960522f36bda2cf0, - 0xd41dc41d29e11da0, - 0x82ab5d062a3f6b90, - 0xe81b4ff572de9ea6, - 0xd5c270ea2bf2fb68, - 0x9bf6b653245ef6f2, - 0x3e9611a14c68eaf, - 0x2b6817b7d88e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x52c38478857bc38, - 0x87dfd561387ee0d3, - 0xe20a8a17053ecd14, - 0xf63394618bedca70, - 0x4eed31f9f1f3e437, - 0x96e398a226b3a32c, - 0x62578c2a7c4bfc85, - 0xb922fe2cf020a8bb, - 0x8f2a2e28d430de02, - 0x405b2d7fc2bc947, - 0x6bff7fda4cf8f35, - 0xcf161eb3f503, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbfedab71cd8a8f39, - 0xf4eb8c3b37469932, - 0xd9fd0554fb31a36c, - 0xca89a178095d77c0, - 0xb4872a4bc30475a4, - 0xfd07f3f85d942bdd, - 0xbc3c672d57bbfa46, - 0xf9622b9e3805ffb5, - 0x352205a9215a1a35, - 0xbb78ec06d3563cd3, - 0xeda50a02ebf8a493, - 0x9a17284f85d8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x86933e15d3f51b40, - 0x94408ba463f74303, - 0x859090f3694ef6bd, - 0x913d6669a673047c, - 0xdf278d0a345df09b, - 0xab77951041ed9f3d, - 0xb1d85bb0de5ae94c, - 0xb5b897b241263ca1, - 0x2c6c096991f89054, - 0xd9edf8127760414e, - 0xa3e47ed303140f4f, - 0xcef7043b6440, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x515e517734aef7e, - 0x3f7081cd9252a5a0, - 0x99242dac0d5fb0c9, - 0xfffd074618216629, - 0xc2dc7e5d0881dc76, - 0xe48daefdfb8ce2f6, - 0x66f0a2964cec71c2, - 0x92302ddd6e1d8035, - 0x27381d6c3df61626, - 0x20d4cb97f497cca7, - 0x4690d32e14378905, - 0xa35ca32185af, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9df1d74d14e4315e, - 0x2c45d5c5767d5922, - 0x7adf6d56f307671, - 0x2568768c5a3be61, - 0x75b23b6b918402d5, - 0x7cfda8fd09520efe, - 0xbd85632006f8c921, - 0xd8ace4296a133eca, - 0x489c6546935090e0, - 0xd06ee97b10e50a81, - 0xe01b3231635c7ebe, - 0x3829459449eb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb7dde79b7bf4a100, - 0x579ab9f6ab605754, - 0x9f93fb2efad60e8b, - 0x334c63c11d992259, - 0x9422891fdad923ed, - 0x6d9e596b61dc5366, - 0x8d9dcd04489c9b82, - 0x3896394679ded931, - 0xaba406c12b3c8def, - 0xb50962ce9eb6dc28, - 0x15687f72b3cdd7f9, - 0x2d8c1c1af596, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa716410b829db004, - 0x135009ba5962231f, - 0xd6a5e4be709faf82, - 0x1e49d58e7477a15f, - 0xe17f80cdbf74063c, - 0xbde04bff7a310d00, - 0xbe5b0ed32dd6ba73, - 0x9b7094c531a4fa02, - 0x51a1e104551d3255, - 0x8f7d7687d882ae3b, - 0x7486650dcfec6e20, - 0x770e2364d878, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa2a1cbe1b5efa4d4, - 0xceb2e913c0b5de20, - 0x9365b5598899dabf, - 0xf22db0dbfaf7fb42, - 0xb23d260ba39875a5, - 0x4a1ea29372e1afb3, - 0xf590b3846306852d, - 0xe477f53a41489505, - 0xcf37b92157040037, - 0x3139495d73fb9d49, - 0xcfe46493bb30ebb5, - 0x15698ba0ee379, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xcf1e0e4295bb765c, - 0x5eebbf95e3526584, - 0x53f08b01c48210c9, - 0xe430d917e0c5de38, - 0xc23415e8c5817216, - 0xc773d51e7480c309, - 0xd5e5594fb5f63b1d, - 0x4c307d9a1da2e42e, - 0xb19fe25509bb7f77, - 0x7b534d4929b93385, - 0x54436e71bbe03902, - 0x186d99821f387, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4bd658be24774112, - 0xcac13551f6a42b2c, - 0xac76edc838584292, - 0x3dbdc8737cae5f22, - 0x9b2b727c542fac21, - 0x8f4848cba0e83b05, - 0x9e5d49f46d8d4130, - 0xf65fef81e53aa69a, - 0x3219752323db5f46, - 0x33c51406d800b9cb, - 0x6293365a71e335ed, - 0xc0805a013c1f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x66f69b942cbbcd7c, - 0x35a646050dbacea6, - 0x37219d8d3dc6b60b, - 0xd99e34672eac00fa, - 0x5681cc7197e62dfb, - 0xe1a7e8afbc9efcbd, - 0xce576cb4e2e26728, - 0xb77e05a61a4c3dc, - 0x7879767c062653dd, - 0x3fb0004573ae7030, - 0x70194d8d72f1ee81, - 0x4629eb4ed9b3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x47ba6dc973c59fae, - 0x7589293669d6b1d2, - 0x9945199f5af5b0d1, - 0x900e813e1509696f, - 0xbce135462d7d5f3c, - 0x495479b22d91a50d, - 0x9353f0421cf870af, - 0xcb9e763242274a8, - 0x4ce8bfa5300ca0d6, - 0x9692522e7d3c27fa, - 0xa769977fb8361b09, - 0x10401bdd1192d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x35cad5267f72d5a0, - 0x59978eef99179287, - 0x21d0b9087ae03d63, - 0x42b36b9e15d88ca3, - 0x2f1f411bcfc1682d, - 0x2ea54ef46ead60, - 0xbc7ae10814bb57e1, - 0x51ee614e701c2873, - 0xd8258954b9d6db5d, - 0x4a70f7e2ac23ce0f, - 0x86572f188764a9cc, - 0x43d3c1cbcaef, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x95a964522e1872a, - 0xe3805ebffca5caf5, - 0x7866665fdd28821c, - 0x107ca6813960b562, - 0x2b3489de685aa806, - 0x4518e91d4cee77c9, - 0x37fa0978b6c226c9, - 0xb9e41cd595a6e65e, - 0x3c85eb117274da97, - 0x359d679e3711f13d, - 0x21cf42c7ca6c2da6, - 0x170c112e93fbd, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2fb99dff9f768266, - 0xc1ee08b388c0c15, - 0x6ec43934e6228f53, - 0xa3c1d0b4058e157a, - 0x82506d90ca5e876f, - 0x74f58ca62a946038, - 0xd1d0d8fdcc33a3e9, - 0x6f4ed4c48672bccc, - 0xf214288461b6ac20, - 0xcae45b984aacf13e, - 0xe11934dea9b9f2e9, - 0x187491ad8c7e9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x45b73fe1fa203ac9, - 0xe70ffc3798c23627, - 0xf6df255943b61f8a, - 0xe5405035a4f1a9e1, - 0x7ab51c17fb4af6a3, - 0xf0307b784eb7c208, - 0xa4a1c93996bb276, - 0xb4a71d927f54803c, - 0x28fc3d4d67b8557c, - 0x232d8075c288d2e8, - 0xef9f18dd7d0209b8, - 0x1481fdf212387, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1c1ab04e329a5f99, - 0xfc6239a086be8d4f, - 0x392ed1a0d99c1ac8, - 0x57eb372b46a08621, - 0xc284b2cad95afc3c, - 0x1f67a48aba082dfd, - 0xe65ece83f217cf9d, - 0xdd90f37d4cf441f8, - 0x62f381ef1b42e03c, - 0x1bfe753fd7a697d5, - 0x9e5ba3e3bf6c739e, - 0xf2f72e1a834d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7649fb8154288dc1, - 0xc5805e2b6e719af7, - 0x551d1de223a11c8e, - 0x83d21614412d1c6d, - 0xaabf71ff9de8a1ab, - 0x48ccc969b6a36b6d, - 0x664217e0c61017a9, - 0x91da9a6df4ebf50d, - 0x7c6ce1629d8d5ae4, - 0xf957ac73853c8fee, - 0x104a1d62a2006dbf, - 0x1b175b2debba3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa0d19706a32ea453, - 0x515567cde835b39a, - 0x3fc8fb512c0d1104, - 0x67d716987896a533, - 0x2a112a0c57897516, - 0xb95e6012f1bc333a, - 0xc4b59bf8d7edc847, - 0x40c6e78201b7ef2f, - 0xae430be9970fd98a, - 0xdc438a17861e9bb9, - 0xa938ea82054bfa2d, - 0xdb9a3b39dea8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x68170b2018246a16, - 0x278918eb802e619c, - 0x8060f586c60304c, - 0x6fe568c861543398, - 0x9fbf941ef7574b6, - 0x5a8461e2ed26c54f, - 0x3c585f7567687c36, - 0x3823f7483a2c4e2a, - 0x9ecdff84855415d, - 0xf0c3560d666d86bd, - 0x54e56be15effeff0, - 0x1060b7a65f110, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf9126f9013645e55, - 0xbc0c855bb5382c9, - 0xf9d2a95d85e976ed, - 0x499ad33c6be844ef, - 0x12af4f8e494e20c7, - 0xcbd536028f86a723, - 0xd76a3cf1ba7f1403, - 0xc0491b6123afaef, - 0x7983456c41384e7, - 0xe21a06eab46fe55b, - 0xc9e775223e9005c3, - 0x1ba678a02b552, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xefba9b6dd8b44bb6, - 0x2118c45cd4ad5e64, - 0x5c39ba3baf080ca1, - 0x605f6689fc38825f, - 0xeac9c724d19472b9, - 0x6c024327bc8ec260, - 0x94c6ddeb60f56a77, - 0x4d2a2a12b551b0a7, - 0xd3268e57a571bddb, - 0xde42da0f1c19452f, - 0xa4d02c77eecdaf3b, - 0x1c1df46675b2b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x329f0107c25d031f, - 0x118880346fd43cdf, - 0xbda10f36776788c2, - 0xd0a5e6599be940c3, - 0x56929adb7f0616ff, - 0x3e86b0a7635462b8, - 0xb066b4e7872ff039, - 0x6b72a0577eabe9f2, - 0x61f32a17b03e4b18, - 0x2f480847f7d4d3c1, - 0xb693ee9372487660, - 0x18ed43b4d6bba, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x45fa9a4c919da6e, - 0x29d625ec1610a860, - 0x6daa69edac102211, - 0x70f19a2cb9bba20a, - 0x75cf557057e27a9d, - 0x305546b218234ecb, - 0x49b868a6670e542c, - 0x7cd122a295c484fc, - 0x643721f73c6f0d44, - 0x1a77cd1bdd016445, - 0xb1cc6a88711a11e4, - 0x186003af07a97, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfac1c10706f04394, - 0x9dbc02290de64b60, - 0xd0a7bd1a26bd4c1d, - 0x8622c5cb7aeddbf1, - 0x24d9bc40c98ca76e, - 0x9ca01d95ac15c0f, - 0xf504a36a5e52fe7c, - 0x94ea6d60f5dd320, - 0x31df964e0a290f3f, - 0xd1e278f4299509e7, - 0x60b73494cc8a3ac0, - 0xb0722609be51, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa9844e70c2e4c1bd, - 0x9121475c57c5280a, - 0xce18f0856fca77c1, - 0x500e1153cabb83d6, - 0xda69a261bc409c95, - 0xb23bd4ce8998ae1b, - 0xb660d7f131493836, - 0xc530d373817f95b1, - 0x381fa4bbd5f06b3c, - 0x87b45f17f9a8b3b8, - 0x35da29b115a75492, - 0x86e4d3d33bc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xde760d5291636b5d, - 0xdc74d14058a33a32, - 0x4b3abbd981676ab3, - 0xf6f7b077488a2ab2, - 0x2ee93cd428091871, - 0x2672fff03b6d70cd, - 0xfd80c33f34b5179a, - 0x5cfb15ea1395db53, - 0x7caa3712160b23b5, - 0xb2094d9a94f9a085, - 0x79eaf2e4fba700e9, - 0xf5e5ebdfc24a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4a931e7b5d8fe8d4, - 0x92475f72f889600c, - 0x18ec232a3237f9b2, - 0xe9e87a69d603b22d, - 0x3bc4072a7b2bc7ee, - 0x307b6dccb363443f, - 0x95c8af13e5aa4d34, - 0x5797f43c0eb68bd8, - 0x2907279a910559ae, - 0x8cb7f2187e335722, - 0x4f24a2f63495a781, - 0x9e74b772a6d8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1892a7066a66f33e, - 0xb6da322dce88f7e4, - 0x3404a46554c196ba, - 0xce6af9e88bfdd9b2, - 0x455dc4dfcb9ec644, - 0x4c59d13757126f7b, - 0x365359c9b70d0820, - 0x19f401f92da6a168, - 0x60e9f301e52b8a1b, - 0x88c1ad84016338ca, - 0x34600b26cdea0db0, - 0x988574140260, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x30f1c717088f8651, - 0x70a2e64ec8ad80c1, - 0x34a6db5cabd2ab1b, - 0x5901fe9f22757394, - 0x622beb63e634dd84, - 0x7ba6aa30011da1b2, - 0x714a219c89930469, - 0xddf1fa8d85742328, - 0x1256203cb7e0f0dd, - 0x39f01beeb544eefa, - 0xde2017f229da80dc, - 0x69a58b8c2d9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf8d598c1c3b39d6, - 0x15193612a7201f97, - 0x1b606952cf3f167f, - 0x28b3735e7988e0a4, - 0x8605717389c09c5a, - 0x97deb3d89d2de45c, - 0x58c40656589734cd, - 0x535c2e02d3c0636d, - 0x4cd355c1d1844981, - 0x6a0c3902bd48be06, - 0x1f2b4595097b6d2d, - 0x6c5ee0f14ab2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x187ba1c7f3bf9fdd, - 0x7e3548ebaea72977, - 0xe580766e65388f5d, - 0xa46fd9cc241fc8fa, - 0x1cf88f4b2bc272f1, - 0x3ca6fa5f7e9080e4, - 0xacf91e4fd3cd95cf, - 0x4bc616acbd20b748, - 0xd4dcc629df0e4747, - 0x4d63fbcaa0b05db4, - 0x7be18636bc4741b8, - 0x160727ca510ed, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x88e60fd97bec2bb5, - 0x715cc852cbadb4ff, - 0xd922db3955851560, - 0x4e612e64544d155b, - 0x8db7b6fbc346d1ea, - 0xf715067a02bbd55, - 0x1879e2c56fd4a9c7, - 0x6b669a0c0e0725bd, - 0x279c6b1ac6dad58a, - 0x310f56a50fc58ef1, - 0xf4f66b3888e95881, - 0xb217a63477a5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe250f2b0e35e235e, - 0xbac016441644e815, - 0xe60ef6f74a50ee2a, - 0xc5da294c022def51, - 0x69d2a99bc7ec3a40, - 0xd716991c07d5e2de, - 0x5b1cb7c696cf912c, - 0x59ad87c220f7d591, - 0xf2c665694a83889f, - 0xb688877c1d402f44, - 0xa5dd1a13958dfc9b, - 0xdc992d0a3e50, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x3789105efd8aad5c, - 0xd18634a2e16cb54, - 0xd2be957506e4e868, - 0x8939555d9741905d, - 0x8bb5e9f5a2ed25a9, - 0xc8f221f83200d7c3, - 0xf8ab24e72da1ca99, - 0x5b39686e84721cc2, - 0xcd1f4ac92ea49f80, - 0xeb00028e2056463, - 0xfa983107ca976f26, - 0xfcb4b0efd1fb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc2077fa877097b6b, - 0x878a886b6bbab4f7, - 0xfa4a84376eafee36, - 0x1b53988f57b9d4b0, - 0x5c757d6afa905166, - 0x5981aa06fcc59789, - 0x97b85311c3eb8ab9, - 0xba391b555112a40a, - 0x78293783e8a2f0a4, - 0x239e342363a756ed, - 0x5eedfdb55b05ba09, - 0x1806f19515e36, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2d577d219af8e17, - 0xe72161fb367e24d5, - 0x292da9391f7404a, - 0x78f38578f92e5214, - 0xf5e143297410d48f, - 0xf86ac7ac10517e23, - 0x2640f99a9b40c84c, - 0x736e7e1b915d839e, - 0xb7bd1303e345d73c, - 0x4f5d5b7c275b5d78, - 0x735a5149fb4d201f, - 0x14f2470420644, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x45794ec7d4d68c31, - 0x1a51e1fe92e49ec0, - 0x6ac3d0f0095aa114, - 0xff8a448b4f11ee86, - 0xbac030441dfddeec, - 0x6185ad7ca5790dd5, - 0x5e7d1453762f41d5, - 0xcf10bceecfef8533, - 0x806910863c9e4196, - 0x929519da728b5359, - 0xc4b9e155c2f011b3, - 0x18b244a5432f1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9a9db67d9d6765dd, - 0xee77c94781cec68c, - 0xf68e20fa4c41ceac, - 0xad26262fbb647147, - 0xb82d2835eb495924, - 0x41debed8a338a691, - 0x5a2907d495a19fc2, - 0x46dd06b9b25d9632, - 0x8d93f3106338941e, - 0x333a9b5351bee962, - 0xd3b687f6381ec72a, - 0x1c3c5e0334f0a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbe5b69734ddeb68e, - 0x5cfb4be0af686b62, - 0x7e626848743f743f, - 0x4cd29b4c86ac427c, - 0xed72a87bf9130fab, - 0x5c89af564a2d657d, - 0x2d20f113672d9bf7, - 0x8c1c802efd919e42, - 0x7e017303d6652721, - 0x94e9e530eb2a62c8, - 0x54c50eb8369dfde0, - 0x499d8e51d131, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1077b30e926766bf, - 0xdbcc352ef304df8f, - 0x37a95541f5868938, - 0x333ced9ff0664c32, - 0x3912463b3033a846, - 0xb8094e87d999b19a, - 0xbfeeb4536d07fad7, - 0xe0e72bb1fd74022f, - 0x5810dd5e4c5558cc, - 0xe7ca2baffccbb9d1, - 0x3ae550a36c781f5d, - 0x188acd38d8c5f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbe46f1c252f8df87, - 0xd50e12aec919922f, - 0x41eac583dc8b2553, - 0x780140cbfbf2bc59, - 0xe8d467b23854428, - 0xdf3a48f5ad04cb93, - 0x8553e9f85fe767f3, - 0xb6c10a59e367c088, - 0x39f5ffb28bb7e6df, - 0xc1110d4a3e9d640f, - 0xad9a8a75e58177e0, - 0x102fe6490c4e0, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xdc995f5b01c22cb6, - 0xd6872186ab3bca52, - 0x3b2bb38e8a103eda, - 0x5f023352144ae9ed, - 0x9bf8fd8926d4ce8e, - 0xb12a878c4f9b06d1, - 0xd83978b5b9c35a87, - 0x6dd976e8ec582d13, - 0x59a598b82c8821de, - 0x28e2f95c93ce41ec, - 0xc3250f5e2446ea5a, - 0xb3c004c8deca, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x85ebc6a3ce00710d, - 0xaf6d26ba626dff8a, - 0x5da345a2912dcf77, - 0x41df8badaf36cc86, - 0xe2d3c03084073bb8, - 0xb49f6fdabe2145fe, - 0xb19a81a3cf5826cf, - 0xe90fcf06d0c74cd6, - 0xd1dcace51dc4bd46, - 0x8614d99750c5f607, - 0x30be63767698ecf, - 0x67ea8846edfe, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe43d1c0b19971593, - 0x5f702ccc62edc52b, - 0x3427ac8faa48a8fe, - 0x9635e2cf613753fc, - 0xd98f9b8965a57ebf, - 0x6632ff7e3bf0717c, - 0x853ea927ab13ecb7, - 0x87f94339b976aa7d, - 0x42f14e2807ca3f0c, - 0x5506c7f363ba1263, - 0xc01e3b8850849594, - 0x803cfdb46200, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6c5b0c2eacce16cc, - 0xef0b3335904cda62, - 0xdff9657314946045, - 0x73b4bac8ca237d0, - 0xbcba23224f13c8e8, - 0x8dbc686cf2072dfe, - 0x9a4164ab6b8a3298, - 0xbc14ef6573ca7ba8, - 0xef56d101052ab7bf, - 0xe459ec092b281bad, - 0xd29e206800a2e51e, - 0x18620f1a3148d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfd714c46638a3677, - 0x468550a7ec014af4, - 0xe070ef41e903ce92, - 0x6d43b53990b7a3b3, - 0x72d3f96f2537f03b, - 0xf8ceec51b5c8b9ff, - 0x6381cb30c6473847, - 0x956e86ed881ba3de, - 0x8e0f70c082c7a630, - 0xf761a9d21f2a68df, - 0x805ce0d530b8010c, - 0x3dead102ce55, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6e8848cf9deeb8e7, - 0x23bec860a8bb60bb, - 0xd9b8158022ed712, - 0x8be82ff15a5cfacb, - 0xcd5be21caaabfb81, - 0xcc8c4a99844f65ca, - 0x152f0407fa09a3d9, - 0x1dc5d55c96c281ac, - 0xf5fb882022968972, - 0x5b004103b737eb6, - 0x8a454498ce135876, - 0x11d098b8b4853, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x147e10a756382cce, - 0xb74ef119a434c322, - 0x2769dd86c9567ab6, - 0xe25a2023bf3b2aa5, - 0xc8056c086b1ca182, - 0x6ae5346c2a8a62c6, - 0xc8f06fafdbdb0742, - 0x49be897884c33520, - 0x2cd3df36b6916b69, - 0x848ad901f8de30a1, - 0x680ed22f76d86483, - 0x1831e3aab39bb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9a93e5e95528c7f7, - 0x5e26847a9bd2cd12, - 0x315535bd65cf88af, - 0x5e8d333595c74e90, - 0xe70d1f57003cf128, - 0xbbf63138c0430395, - 0x897a55102ac563fa, - 0x6d17ee83aa1eaa38, - 0xcc4efc3e09645d2c, - 0xbfdf0b26f7bb30fc, - 0xb0a55fd6124d3b4d, - 0x7fd2368ba71, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd006a2a7c23c8cce, - 0x3639b33663a339dc, - 0x124c429aa18e652b, - 0x5f64b30ea62a2616, - 0x3bd3accb30b0e724, - 0x4fd2010860d2dfc1, - 0xa5eb11300bd23ee3, - 0x77941850a502997c, - 0xe0188b457efac6f, - 0x93bcaa422c9213d6, - 0x4be996906648bef1, - 0xfc70f54c3109, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x96590205a01fa3b1, - 0x20edd1ae1bda98ad, - 0xe5cddf506c79bf70, - 0x9438dc1065d99828, - 0xe2b24e55435c0bf6, - 0xee5e6f0dcd865f28, - 0xd47a5f6dab5aae2b, - 0x315fb0c639a008e4, - 0xb2430077bcfc670d, - 0xce6233201b3756f6, - 0x228dbdca2161d6ce, - 0x15148b9ed789, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc2392f0d547e508a, - 0xf04111c89dab2095, - 0x2c31ac90611cbc0d, - 0x486eecde6eeead82, - 0x3b243f8673319971, - 0x6eb54e3ab5849b44, - 0x241836ed0f83e6b5, - 0x4e0828adb54c3394, - 0x6d7e99b5ec0a4ce, - 0x4a57960c1995e35, - 0xd5d3952034f9bc65, - 0x16a2ee00a298a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x59a883f0281fd6e2, - 0x950bee8636ca70e4, - 0xb4a12b061932cc9e, - 0x3ff33dd6599cdcba, - 0xbdfbca42680382c3, - 0x5fc3f1e2ffa79ea5, - 0xcf845dbbe7a9f870, - 0x6926d707913a8b75, - 0x218673a7daf62711, - 0x68366b138b824887, - 0x67283403824b3544, - 0xda9bfc6ce7f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x30f64a7e964c3420, - 0x96927d44a37700f5, - 0x3ec4f773acac880a, - 0xc005622f3eb6bd7a, - 0xe895c0790e0d77cd, - 0x64dfd09b98a137c7, - 0x9b9c44b13e86372d, - 0x641112f028d24699, - 0xcf8d9516aa23ba54, - 0xd0b98027ee358bfd, - 0x78c2ee083b9c3c0e, - 0xd9537c4c5855, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbffa88ed81a4be7d, - 0xf5b9b1337167971c, - 0x47666e71f84264c8, - 0xf10e874338c78c21, - 0xa6e9dde42e30b5d3, - 0xca74ac753c17f0f6, - 0xcfaad2cda1cb0570, - 0x72f3e192d5fbecf0, - 0x7787a16a8e2efe0f, - 0x6ec5193b9b86a147, - 0x31bbb511fa0f2000, - 0x1c3a5f33058e3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf69eb3289f5e88ba, - 0x5e7bac8e6b89c879, - 0x47e1a9b62981ae0d, - 0xa0697c452040eb75, - 0xd58cbce4f8e0eaa9, - 0xecb66ed104f69ed6, - 0xe4e2396996bac740, - 0x5f818bc60d770cad, - 0x793057e474d0eb03, - 0xf4fcad72d290f8de, - 0x6c5fed2742e0eafc, - 0x11b68b984bb54, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe26c97b5d6d5e8b9, - 0x1a885e1cc30c2889, - 0xb9f133394fb07c29, - 0xc4cbfa769a76fa4a, - 0xa029f7fc21cf91d1, - 0xf20aa58ac1bb6411, - 0xe0caa75c552c0420, - 0x5399588083fc7f51, - 0x5236a0be2d533386, - 0xb301964841c4fb69, - 0xba1b34aa25dba3d5, - 0x1b14723bba2a4, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7189dc77bbe41769, - 0xd2aebae7814de1e5, - 0xf0d94430c0738e4, - 0x50fb92efa196aa89, - 0x48a080d0df22afee, - 0x464b2e405607f9b4, - 0xbe514d65293c91f2, - 0x2eaed9201ec5dbbc, - 0xacd18b6ab79eeece, - 0x6e2a05146f91b7a8, - 0x125e48c63ad550fd, - 0x14a6aff6a6a64, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbad256299b93bacd, - 0xf95b0c75ac320c29, - 0xdff52f6346933f91, - 0x20af28641ce10b04, - 0xcd896e02837efc54, - 0x31be62617376b6e5, - 0x66502e7bfe4a5b3b, - 0xe1e30fa71d679566, - 0x1b7532cacaf01b6d, - 0x9ad254b531b20a85, - 0x8473360b46ee5aa3, - 0x1a49b01fc4f92, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4c50e825c3beb0e4, - 0x2b3ddfaac3f94490, - 0x1d89b03950d9fdb3, - 0x2e6866f4562801d0, - 0x2dbae0fae8429516, - 0xd53de03fc2956715, - 0x47024fc073a68819, - 0x31dfbb9f6e064e3, - 0xeb9119d0a7a2371b, - 0x621b42f743a2f2fc, - 0x7e8544a2690aa143, - 0x1afd436dee7df, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x94b956129e730c73, - 0xd458f1cb4947e98b, - 0x75b74456a261e807, - 0xfbdfa8274241d25a, - 0xeefe13f9b1243387, - 0xcfeacbe5bfbbc680, - 0xf75dcc57755d71f7, - 0xb0fc650f9ddb4864, - 0xdd969acab9fa59a1, - 0xf6c3af99ea4cb1dd, - 0xa57d591e652270fe, - 0xb66e705fd80d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf71f14c8a8fd6601, - 0x198d40322988b2ee, - 0x90456ca78250bd8b, - 0xb9aa12909427a875, - 0xf06db431b25ca4a6, - 0xa7aff3a59725c29a, - 0xee2851aa44df4497, - 0x7d0ce990adfe577e, - 0x7196d087bdd03b1f, - 0xfd5e773f4b7dcd2e, - 0x5f7cc44255e0709a, - 0xe5d217d3a2d6, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9f976f30d0c6c718, - 0x6e47c1b5f40e36e, - 0x8c718ab7c80b5675, - 0xee45f564a5578480, - 0x6cb65467d4265b32, - 0xca9279b5863889cf, - 0xd1d010b4730f3588, - 0xf9e798db40280952, - 0x6c3c3d3a6fdccb5e, - 0x4d20f8b4e6d41889, - 0x25fda0303374d4cf, - 0x1a99138175979, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbdf0e530098aa8cf, - 0x36e83e07c6f9c012, - 0xbf30ad60e9e9caf7, - 0x3d76677a5b96ae38, - 0x12611f57dd96ffc6, - 0xf4b2718398e03f12, - 0x5355bbce05e53887, - 0xbd92a79420fba3e7, - 0xdc215633c83e748e, - 0x8345ace62e83298a, - 0xa7e8aa69e8ac0cae, - 0x17a257767e098, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa9fbc9850a7408be, - 0xb5d1dabb86dde8c7, - 0x26d30b8f4e8bd483, - 0x9be63abf87f45ee4, - 0x3abfe6d65927ef7b, - 0xd8ea7d21f70895d, - 0xafa60adea2c5ee1a, - 0x74cab4484b6c4fab, - 0x555cf530c400b013, - 0xf3b78608e8d29bc5, - 0xd33aaa578261f3f, - 0xdf57b7821b7c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x951880d66e5cb5d2, - 0xb2085f29f3372e52, - 0xba108ebe816d9f21, - 0x4a7e0cf0a9c6d1e5, - 0xea73db0bc23f56d9, - 0xd2831e751cb1473, - 0x8ace4bda00bf91bb, - 0x25973c26107aa6f0, - 0x713fbaa3779a7d69, - 0x1a68d4214460f078, - 0x37e286b6e491daca, - 0x16e23f441d64e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2ea678aeb9cdccbb, - 0xcd74a83bcfde156d, - 0xcc7f2c74af9cc7e4, - 0xfc67045d356d8b50, - 0xcb0243798cb7c344, - 0xa520b1f986070f96, - 0xf2b26b2a10b2e41, - 0xa45a3674f04893b4, - 0xa021bcddb39dc5cf, - 0xcb52d0247c67d3a4, - 0xbafbbca80144a025, - 0x1b65abf946b23, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7b0f040f3c187be6, - 0x517e7dc44f97eb0a, - 0x584e150c580f43c0, - 0x20db2ac95fe3b709, - 0x8e7258775ae4fbe0, - 0xe27e83e64c1cf0e3, - 0x97a455843a16a22f, - 0xb2b22ad295043b66, - 0x16ecfa5c3388b78f, - 0x542f4b46dc616143, - 0x3df7c43ec6ad3bf, - 0x79cd14b45d1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa693b34a336c3cb9, - 0xf065795e1a97d087, - 0x654675a6c54fcca0, - 0xe1847042a7ba2290, - 0xcabecf1dd303db3, - 0x2a369c6575609757, - 0xfed4cd1b270379f0, - 0xb55a77cfea3cf77f, - 0xb5b6ff0a25851b39, - 0x1fc8eb0aae53504a, - 0xb77de5b475057e1e, - 0x29af39f9f755, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x530e6f9a3f647776, - 0xbbbf0336671acb88, - 0x75c0d43d69ef6b8a, - 0x4da830f97c93ecd7, - 0x64c8d55786f4bbbf, - 0x25cce7ec5e911143, - 0x75ef47a01d6e11d9, - 0x2bc167a8160099c1, - 0x6b2dd25ae87c178f, - 0xa318de39487ad6c3, - 0x39463cb8d138de8a, - 0xdb4fb355be92, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc0e56be3d41eba7c, - 0xd27fd9da6a7a9235, - 0x41520b4dc034aecd, - 0xced115771b8eb89c, - 0xc7a97ac983353c4c, - 0xfb4f5e37c52f14d2, - 0xdc2d07aa74b26240, - 0x782b22bafe89f618, - 0x71d86e34b596cd01, - 0xbfdc79123be9650c, - 0x2e2cb4186fc8e683, - 0x7f522cebee08, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1ad3eb72756eb667, - 0x899840b5bc095bd5, - 0xc5499fe92faaef6b, - 0x4d9facf38e501d79, - 0xf92311d74044624e, - 0x777446cbca22e4ca, - 0x75cf6b2147926cba, - 0x56dc8d4ff296ef0, - 0x9520bffb75fb9381, - 0xea5ba50a45f5002, - 0x8e3e6b5570da943d, - 0x1a8f2a4361bb0, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc9b23ce1994a2be2, - 0xafc4d9d7a846cdc8, - 0xf38c0a5e92bf7d72, - 0x6b3e8afefc564d51, - 0xe2670d16771b05eb, - 0xdfec79850638f514, - 0xe2ad455164c34d6a, - 0xc0d6c03d2233521e, - 0xb8c9d738b5cf7837, - 0x4d73eb67fe8ba695, - 0x5c5bbf6bd7df8ff3, - 0xa73f6fd8fdcb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4929cd3853614b, - 0x4e6e1794dc9582a8, - 0x86104259ac649073, - 0xdeb403133450dac9, - 0x72c296236870cb5e, - 0xd3d9c3d6ac1bdc3f, - 0x48a1ad3f5da8eecc, - 0xf5f461f6db707631, - 0x5f5f289ac31445be, - 0x1072f420f67feafe, - 0xb06a8001a9fe0876, - 0xa30e8afa6161, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xde9ff34cf9789c71, - 0xefdf7e0b3caa2dc5, - 0x3b56b5420da688d4, - 0x97bd0f2b17f4dec8, - 0x6943f29350de2842, - 0x511207779d87749f, - 0x8b5f15e6c9a97c33, - 0x77c3db5301420e78, - 0x240a045b85d42865, - 0xebea6b0d102f45a9, - 0x5a4da8af19875943, - 0x60279c4cf464, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x597f95db6b4318cf, - 0x7d3bffe969ea3244, - 0x96d4f1900f8fed27, - 0x9647ea3f7c7d5468, - 0xe61bfe0136c4ca92, - 0xdd9505dce4a25997, - 0x8d986e22aaf9d01e, - 0x1ba89481015d1e41, - 0x9609bb2f708eec97, - 0x50696ed24888ea98, - 0x785cbc2c939989a7, - 0x21e5ed67805b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x59afcc5b01984775, - 0x6235f2b90970c91f, - 0xdea996f7ac46622e, - 0xc6bce5fb767dd9b2, - 0xd837a5c74eaca2bb, - 0x1893b85e3544cbaa, - 0xeb845ac44d606204, - 0x4702c947851c2562, - 0xd7b68e320085a5d1, - 0x7d549ac03b31e0f2, - 0x9caeaf2f17495fe6, - 0x13be2ce80f4fa, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x33f5761fc9c93191, - 0x2c8079d5491bbaba, - 0x70c2be3902d51f14, - 0x4fc1c87ba9a1a03a, - 0xc4a1ece214e755cb, - 0xad5a60711763d23f, - 0xfe7d0e7e42499c4c, - 0xc967ae0c678c357e, - 0xd41ab40b8d2b42b8, - 0x8d8fce9e3c5176be, - 0xeb8fcb07fdba53d1, - 0x14cef103ba338, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xeb0cb66ecbbced53, - 0x97edba9f1d5a4918, - 0xfa1fd1ffd60a4474, - 0x346767d4e83d1e62, - 0x55818cf6e0792320, - 0x4420fcc66e56c786, - 0x3f5bdd402d92e222, - 0x6d184b2eb06f7ebd, - 0xcc31a6f440d37de4, - 0xb1c63db201c394bb, - 0xb177947f1d1a48a, - 0x1baacd47fc9e1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xccddf55c88e45749, - 0xe3aa43cc834674dc, - 0xcb4510060a4fbf1b, - 0x760b702c74930258, - 0xe335b5f0b4d53623, - 0xf49f29bb1858f815, - 0x78cdf1ea3fce1f56, - 0x294c1370fe1c2811, - 0xd7281676bc881782, - 0x28f03f9a31f409d7, - 0x68b938dd5e73d456, - 0x3b251f644408, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb3377b00a413040c, - 0x2fd3fa9966d1151b, - 0xa5d47ac2b29e5a17, - 0xb9b89642d55e5720, - 0xa108225259d691f3, - 0x6272f9c84e611b80, - 0xc62d874a80cd3ab3, - 0x93259b2a08697852, - 0xca4dbae482b8c18, - 0x4dab321680faae7a, - 0xf02cc1000c9a106f, - 0x1a863dc4bd196, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xee0c809927eee565, - 0xf9ab9ae0542a6661, - 0x33420685f9fccbf0, - 0x13058379346b909a, - 0x8ff49eab78c80639, - 0x31cce24e14451eb0, - 0x13dd4d0208285144, - 0xda5be96791a38b49, - 0x921a56d4ca213d2a, - 0x14f0692158dcbd27, - 0x5ae89d9c2e72b466, - 0x410116f3a03e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa96fd5996b370905, - 0x7c54f80a5602ef90, - 0x40e67712f3a9a438, - 0x2c041260b06a8fd8, - 0x93cef8fc9083b7c, - 0x2a2c2f6cfc5e1c5d, - 0x35ffaf3dd922cb86, - 0xc60c7cc9a0989231, - 0x625035cc7a69fcd3, - 0x9bee745ffabe7acd, - 0xabbc80256e959a58, - 0x2c3160819842, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x78d41ebf39e49b85, - 0xe8ac254e271ca56c, - 0x3b87fdecc5219e8e, - 0xf1d8c7ee484cb6a9, - 0x95919e97baaa0ea8, - 0x655b2aaeb04faef8, - 0xb3c653b7d11491ad, - 0x30ce6413cf79356, - 0xcfb36cdc1b4323fd, - 0x3538879a93f2aa4, - 0xdfe99c4bcb68ac6a, - 0x5b949497df36, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc55276d47debbf3f, - 0xe0fac612a40595a5, - 0x969ab9740679a56a, - 0x536eb8951b0574a1, - 0x658d53baee4ce646, - 0xee43d8c62247248e, - 0x17b93809db3893fd, - 0xbb8df2646d6cef12, - 0x4f86afb944a21c85, - 0xfc925ab022025656, - 0x453b341c11604a5a, - 0x70882ce026d2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x827190d431e0fae6, - 0x3bf8a72bdb849068, - 0x97faab37710bbe1, - 0x7835df18db31feaf, - 0xd2ef53be2f64339, - 0x2a320f0c24556536, - 0x14ad19006733137, - 0x25b2188261c13cef, - 0xc965901504f59fb8, - 0x723d00380a351424, - 0xe431dc83965484b2, - 0x139d2ca557167, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xdf67773e49e21d86, - 0xb80d33ac7c2603e9, - 0xd8226ae26d3ff610, - 0xf701aa97095042bd, - 0xb25debccf1342dec, - 0xa5f7e2e4c6919e7c, - 0x32c54e0e5f4187a0, - 0x938b86521bd4e01f, - 0x666e8af2c8c22cd8, - 0xb4c16a77d3a3f047, - 0x2342a463ebc2baa3, - 0x2598774f0f8d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd4132bc37015c3d8, - 0x95bfa9aed000b7af, - 0xa11bb665180bdb80, - 0x69852d96ee117e3, - 0x3eb4065a0fd51b2a, - 0xd8a182e35646789d, - 0x43605aaa2a0e8eeb, - 0xce1960453209b198, - 0xd674446ae07aa405, - 0xf27adb668fbd2a7a, - 0xe197d21b2b0c4ae1, - 0xbbd071583b1b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc5ac86806c567f94, - 0xa0a81bd13f4e823b, - 0x4934358efebb536f, - 0xa2ed2009fb10c55c, - 0x2fa1e095b98f8e17, - 0xb04ee1fd9d44d8ee, - 0xd05decd620a3f23b, - 0x67deb92471d7be28, - 0xdb7bb52f25ede642, - 0x1ef2e861094f24d4, - 0xc9135ae37784a6ce, - 0x9be1e12bdea4, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x576c3d54f69f0fa4, - 0xbe4584ad80a47e0f, - 0x2cbdb4ce1abd80, - 0x27632ad589d97d61, - 0x3e97114cfe1153ee, - 0x6cbc173a1bc2f8c, - 0xe775e30f0305447c, - 0xc1d9048605883381, - 0x5d7813b3cf59cdbf, - 0x4a2904da50bd9c4a, - 0x797b4fb2965ef5ca, - 0x3e898ffd2190, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x669d8e9290037a18, - 0x34c2d915365640d9, - 0xd016d405d6552160, - 0x46abee647f501099, - 0x8ad8d79837bd53e1, - 0x5eab9dd936da6134, - 0x643a4eb3ca3d0d69, - 0xa19cf04d3cfe3c26, - 0x598e51c20fc425ae, - 0xac876cffdb33e618, - 0x53f16ecb5753b84b, - 0x1496131a8be78, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x35b121cc9270b03d, - 0x3d96b296a109614d, - 0x7752d0497de003b2, - 0x529249bc54897f0a, - 0x5b15700839e29239, - 0xa28351154f5a51d2, - 0xa4c8bf4d86134016, - 0xb7727433e9e60c9b, - 0xb9581a592f15cf6, - 0x487ed830d4ea52c, - 0xabf9f501b8f0121e, - 0xc9f0696d3336, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa0c4cc792a65f820, - 0xc52dd22b627dbc17, - 0x5210f4b293fa4f, - 0xb45498868a369671, - 0xc499ac40c56a4d46, - 0x14d3db1cf2f104d1, - 0xc174ff94a2840e79, - 0x60a5e43cc7293556, - 0xc77136451776726e, - 0x67d4e69072324dd7, - 0xddae8b4e88c2d018, - 0x1b4e4137e5f02, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4b563e35ea1873d5, - 0x4ba205f8090b5c49, - 0x53cffa9e96c87fb6, - 0xc14dcad139695b2, - 0x52076b02250b986a, - 0xee1d2003e5f7296f, - 0x4e3de22938d69b94, - 0x4ff974d3a4781df5, - 0x5a0846ac446d956c, - 0x71beb57b60dc2331, - 0xd115b3b7deb7125a, - 0xa64e44a979d3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9a1c5c05370ad634, - 0xf9ab0822d039a1e5, - 0x69b3d334a5c345bb, - 0x4bb2dc7a20f2a358, - 0xb4ace569a20200d9, - 0x44d5fac61432e66b, - 0x604af5a54230697e, - 0x740a852cf371fae0, - 0xa573a20270cb88de, - 0xb28ca54686eab55d, - 0xca5c27d31f2e39bf, - 0x115e80846be0a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8476c8d598d84103, - 0x1f00daf27a32496a, - 0x52c5320717226160, - 0x29c034e8d5fef5e3, - 0x114c200a950c33c3, - 0xdf2e2075b0b84219, - 0xd4fc9057b851f762, - 0x19689784b28b90f5, - 0xd36a5c582c7de212, - 0x4ae098f7ebe03a9e, - 0xe587c55e345460f7, - 0x1129e8f63ab4a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x97aacf4bb71ec4f8, - 0xd642db333477142a, - 0xf39a8bda38036b61, - 0x9eb913e731360fbe, - 0x5a3bd038a5a1507a, - 0x75145c4c8517fc4, - 0xf510ec916a73c57a, - 0xf875dff59c6999b8, - 0xb590b9a46440e9d3, - 0x9d443702e13b9cc7, - 0xfc125a12bc3daed0, - 0x6d06d3ebf587, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd443985f3b451d00, - 0xe382815d93557ac0, - 0xc3cc992c160675f8, - 0xea0a454ee5b8f34e, - 0x5e506bce8ce3f5a3, - 0x9f7836f1afd44faf, - 0x816582aff387cda5, - 0x3549d3c726a73031, - 0x304197a8ce23a955, - 0x975079f63969f432, - 0xb7181a2c0c6947c6, - 0xdf521a24ecd8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb61ba87230d7c588, - 0xda9348616f0791a4, - 0x95467ce44de5a101, - 0xd17337f5eadb9380, - 0x78a849bff4f5d78f, - 0xc63f07b7db94cb08, - 0x4526d07e80c747d8, - 0x9cd8c269ee8a4ffb, - 0x852933f647e0db50, - 0x6342eaca8d4d39b4, - 0xb5d1f5e460181ca8, - 0x19a36763a3a05, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x71f719d1f2888a73, - 0x16e3e6cd1563ebd6, - 0x79e51ad365b5b74e, - 0x7cdbdc690b012c54, - 0x8116a3c592b17e45, - 0xb5a2a9237733dfb8, - 0x97e36487ac8cd418, - 0x3ca8f2141c869ca7, - 0x2948765815ed878b, - 0xa5e6ed33d0cdcb73, - 0xd623f173657b9773, - 0x4a45c5cc7376, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9b9344568ea5a08b, - 0x1729f52e5457b1a6, - 0x12f223f0e8c5df2f, - 0xd0f40b19d5857e32, - 0xd938b20cb82db5c6, - 0x4b45c705119ff014, - 0x2f8a0bbca8669378, - 0xa8c0d84583d752de, - 0xbd4be36fa569e814, - 0xbc4080009fb760ad, - 0x434b1986619ac051, - 0x1a1e492d80a90, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x83746d4d884ee0e2, - 0x9e31df316fef33f2, - 0x526533901fb9998e, - 0xbd3a4ebd8e91d970, - 0x122433e94dcbf9b7, - 0xc55a1a41e165bcf2, - 0x28c4478d1150641c, - 0xd1aa07cf245b1208, - 0x343c0ef74642659e, - 0x8a717e3fa998d758, - 0xd451bc8cba642b6d, - 0xd3564023028e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x76591c12876cd2e3, - 0xff369049daf19794, - 0xb036272267642fca, - 0x20d533d6efd3452d, - 0x259b47825b393d95, - 0xba5b78891e6f63c9, - 0xe8b6634780d2b30f, - 0xc11900222a978d86, - 0x18fbb3df5f36e466, - 0xf8c941dfe7caa4d5, - 0x279a952b634ecd14, - 0x1833f2efb627e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9803e0690d5d84a4, - 0x247da5abdbb58b02, - 0x9d36584407237a24, - 0xa9cd44c8afe9037f, - 0xc5619462e3a10021, - 0x4184e06a4cfcab11, - 0xa2fbf50800013cf1, - 0x91471125a787f8fa, - 0xaadf879c40b7a512, - 0xf4a046127fe2f616, - 0x35c773baaed21441, - 0xb87d54dc8342, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x5f8ace14a9393151, - 0x62387456c8285313, - 0x829b67c8c441ea39, - 0xc90994e6d1e844e0, - 0xf37b855feabc6655, - 0xb4def7607fb190a6, - 0xe5eb876a65d07a4f, - 0x637f53c73345bf90, - 0x332a722837be4e63, - 0x4c9d20f6c74678f5, - 0xbb7ea8a64c31fa74, - 0xd773486ecdc5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xad24dc32abf4e778, - 0x99bf2ca5858a1af5, - 0xedf04fcb70f5cbb, - 0x9c8e0891eacf6f8, - 0xbeeb380afd8c651c, - 0x5eeeffa790ce40bf, - 0xd4d36753d3fc3eeb, - 0xd1838f38f5044152, - 0xb93f093655130390, - 0xf0c3781ba8153530, - 0x2c6bdc7f7a32f79, - 0xf2bec3a80fab, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe310565506bd1528, - 0x9b29cf3a8508e1d6, - 0xfb0bf6a821c10495, - 0x1a611e203c2006bb, - 0xb48d446722b83add, - 0xc1a47ce237e79bf6, - 0xa4a0f8ea3bc1dd9d, - 0xfe495ab6ec7bc73e, - 0x73d14a4af0174980, - 0xf80e92d9acc27558, - 0x4e590b81d33fec36, - 0xa327b0eca9eb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x55f0eb82c037c2c6, - 0xaebec0c14b2122aa, - 0x452c0b8b02238ff2, - 0xdfb2beca803648f0, - 0xbccf299fcfa1ab24, - 0xe681cb3a57eb602, - 0x1d18b3e29b2ad780, - 0x69bc100019ba6da8, - 0x9ed4ebf57e19672d, - 0x95b1950795c9fe23, - 0x918378b171c3f496, - 0x178a87f609d8d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc2e4e774a12df11, - 0x80a8b9776e4150d8, - 0xf5c826169ae579e, - 0xca4d7b0c5c1f13e5, - 0x5f75387e25c5d11b, - 0x21b99d7a359e3f56, - 0xc3caa073d5a5b47c, - 0xc9d786467388b212, - 0x76fa4139bd1cc860, - 0x26b274c883458b4d, - 0x451a710add46225f, - 0x13561ab3751a8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1c30b67214c03997, - 0x53a29c719b6ec320, - 0x9fd18ec63fcf1461, - 0xa50b96df18d48987, - 0xeff47b54acad65b5, - 0xfaef27b1c9f3e03b, - 0x436495fb40b5e505, - 0xc08cee0ca939eebe, - 0x345ab9db9c5a9822, - 0xe5ac0a08297ca5fe, - 0xcf65e1b34aba2151, - 0x1245335ad4620, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb54ae6bf17bfaf9e, - 0xe93e38e3c61865fd, - 0xb5eafeaea790acb6, - 0x874f56cf63e4ac65, - 0x54fcae1bb776eae9, - 0xca709ccd4757a4c7, - 0x17ea24ca4f082d3a, - 0xf548f77845898d11, - 0xaed721464f88f760, - 0x966c02f735b73efa, - 0x1cf16bfc395150, - 0x5eab1eebb2fa, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd2111b38515f1f6b, - 0x9935fe93c2d63928, - 0xfc05bc489296d86c, - 0xabcc8112fe5b407e, - 0xf8a6d9d114a9679e, - 0x950fd0a906855be9, - 0xc7b84dc7f5430fb2, - 0x58326488554c3e39, - 0x2e08ba7a0dfd997a, - 0x10165700e1b91492, - 0xd44eb8c68797b3ac, - 0x18d5a755cfe02, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1e89b58e70e2d4a7, - 0xb59d9d2a2ee12b0b, - 0xb24f583c2def69a4, - 0xcc3f86f35640a15c, - 0x1039fdad55ca141b, - 0x47a555d3665526fd, - 0xd34c8a9a5ae0dd8b, - 0x46e930504a5f0673, - 0x5ffaaeb660aa6283, - 0x7967022ddb35e137, - 0x915cac38e69152f4, - 0x1c36c136fd7f9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2c1994f7901ed9b3, - 0x85cf2bf223c71848, - 0x8fe998c7a4691c5d, - 0xc11f2a0f608db20a, - 0x4f82c4fd8817e396, - 0x62b8f3380b57637f, - 0x13a32b559ec4a3ba, - 0x47b35d8820f9d5fb, - 0x4aec293710a81e0f, - 0xa2582c0151ee2ae0, - 0x2d9371a4ede0d4e, - 0xbf6e2b546626, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x64bfada11ee5897d, - 0x5c9157a4280c6c5b, - 0x217c7f11598c2ba3, - 0x281232671d4a9a22, - 0xc74198074fcdd833, - 0xb8804e435747ff79, - 0x6289992f89b0234b, - 0xb26db5bbb899c931, - 0xaef46cdbd8c53063, - 0x153dbd4a22e3a17e, - 0xa5c2f8a34b469b9e, - 0x1095eb4661a6c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xcbf268b000504381, - 0x9937521435163e4b, - 0x967221953f59e685, - 0x3ac19b5754b2b5f9, - 0x1baefaebd154b1f9, - 0xcaf504746174765d, - 0xa592f875c42a3a23, - 0x84b4ee41b68240a0, - 0x6e6d2ba58c12cffd, - 0x48545b4a61f7e3a9, - 0xfbd6ec6687ca9a3, - 0x234432901dfb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x583e40f0f10561da, - 0xb9bffbdbce970961, - 0x92a4475639dbb734, - 0x46d20c8f9239d89d, - 0x1800a40f131ec7ce, - 0x1845567c5d76073c, - 0xc1bd2042b38fc84d, - 0xc9b3abb5d1d1890, - 0x2df59728a03c0daf, - 0xb4cc55622b377c56, - 0xd785c8552fb61a31, - 0x13963f8b7df69, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x7b0f0f3ab6130333, - 0x97fa26371e6a9b5, - 0xe658861d3e2607b3, - 0xe38fd33ab374e7b3, - 0x166312cb0cdf2e1c, - 0xd4b25593a858f237, - 0x89c1fbe08750aba5, - 0xa0394eb40b10e6c0, - 0x8b60417d355ece7d, - 0x2a64ab036d427f22, - 0x86be78ff49e695b2, - 0x187363f322e98, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xcf06629f75c4ed54, - 0xd42ab99fcb41eb59, - 0x92983ee95905ee12, - 0x3b878fa52823e378, - 0x66ecf952f3f8bf3, - 0x12db50ed37921d93, - 0x2d6525af239290c5, - 0x721b96f252975e50, - 0x981231dac3bb2b94, - 0x9c64af5b97dc3485, - 0x9f0e0bd7be030106, - 0x49198a339dea, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x37955acb36a29952, - 0xa289bf5861f908f, - 0x7735de9d487b3ef, - 0x2b53c80162ba3d56, - 0xf49507a06dd7931f, - 0x628bf33941199742, - 0xc703c57730fca22a, - 0x3a748f963705d3af, - 0x6164660ae17a846d, - 0xf4ad66c520595a98, - 0x890d64cdd6abc7de, - 0x15189ea993be1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x30ef311cc4d181ef, - 0xd5f7eda5965af3a3, - 0x458b85307fb8637, - 0xc4a8e479e65667ab, - 0x50744bf7edece047, - 0xb4fcbe6d959568ee, - 0xaa0b01e992baf48e, - 0x316e7f1dbc109fbe, - 0x4509124d53ef7b0f, - 0x2a0e0040516edeee, - 0x6232f97c20c10386, - 0x194ad67a22b7b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa6792591282a968a, - 0x2833ccee2073ee9d, - 0xae898f323e3bdae3, - 0x21e610918c506847, - 0x9fe812b10f8c0201, - 0x16eb7a964a007a56, - 0xaa5c70399607cd5a, - 0xa4f257ff70055148, - 0x271b99e3ad745d4a, - 0x88c54490289c2b54, - 0xfabd088bdb2b96b7, - 0xeb40406368fc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x487c087ceef3a657, - 0x3c9a7594839ffe39, - 0xc0c51e87eaa04364, - 0x5ce0137700bbc09d, - 0x5cb35b52b5cb9529, - 0x87db82b66e3330c5, - 0x1165d3348d233ebc, - 0x5e47765e6ae1fb28, - 0x7978c75a62e67e6, - 0x789729eda7c33e04, - 0xd3ac7c20c913baa0, - 0x11b500a09ab2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb23c0a9bae5284d8, - 0x809f3f3411949aca, - 0xc8b957b1de3ce4bd, - 0x6b97d3662ad45b61, - 0x2f8a6f5520d09f18, - 0x9d55ae71436b30c6, - 0xb975c47eddc882c4, - 0xb152a261ad95438c, - 0xa74316d53fe3e1fa, - 0x23681b489d21977a, - 0x7cb51b4a515f9b9e, - 0x1bdc4f28b264f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x96aab625b7451adc, - 0x532ddc05afe0d41e, - 0xb7d3c7f77c0bbfb9, - 0x955dc1805e6eda94, - 0xebffcdbe02a833ec, - 0x39ae52dcdf82aea4, - 0xffc94949a674dcf, - 0x9a13b9d4d0cbeea5, - 0x8d5be925df7cebb5, - 0x82e8c6c156607ab8, - 0x9413a0a0dcfc3454, - 0x17132101ecd9d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfbc273eb419f92f4, - 0x42d533b09da85589, - 0x26a0cb40f77b2993, - 0x1ed8f840a39c79f9, - 0x9de82bcb96f62cbd, - 0x3dde760822ca1f43, - 0xc7ad4a12c05ec565, - 0x5e368894b5de5e3a, - 0x104d30f6e50f1a2d, - 0x22894069b82a1591, - 0x5aa43ca1c753fda7, - 0x120e368737802, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x60e11152c2e86c46, - 0x5da150b53d4044a2, - 0xc372a038b1d4e147, - 0xa2728ab1270adfe8, - 0x166602d7ab1bbde1, - 0x99d1fe7d94fe2cc6, - 0x6b00566050c4e695, - 0x941664ab4910352a, - 0x333ad3cd62cdaf0e, - 0x10164320e7f75332, - 0x100c3bbde87d3d4c, - 0x13ea965b806ee, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9695c2a99933b335, - 0xdde9b8c5325b470d, - 0x73b61edffd46895a, - 0x18327b9afb695232, - 0xf31f742b4859518c, - 0xb0bd38f1007dcf2, - 0x8cfadfdca908a47a, - 0x84fa39e28226961b, - 0x2ba77e3b9abf7314, - 0x565f8966fc08b064, - 0xd226eff57195dae2, - 0x1550d39b45daa, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf245bf6903dc35b2, - 0x6ab1e2452c14f48b, - 0x67b67a8ff8c058a7, - 0x421aca837e8ee2d7, - 0xc9c196b54b3640ca, - 0xa11295fbadfaa12, - 0xad1e24f4263b4bb1, - 0xe044f7b7a2e7f466, - 0xee95dd23c5e8f360, - 0xbd61526cd62fb118, - 0x3aab7cb53b3b9fa6, - 0x8de2d8eb1a0f, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd5d5d2fa88a1b722, - 0x60b11a30510cf057, - 0x145938075690dd19, - 0x37f97e81a3733b3, - 0x7704643508759e86, - 0xe5392758b3ab4786, - 0xf0200d9944d0d27d, - 0x64834e10b38185ac, - 0x7540daeaa51cc9c4, - 0x6f1eb4bb47beb9f8, - 0x99e9bac54f575194, - 0xc7de5d6d29af, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x37786f4ae56c589, - 0x978364901e249bd1, - 0xf3aa78fc57505b13, - 0xf2844f7263b2ac65, - 0x189113cbf8569829, - 0x70f1119ca61c966b, - 0xdaf0e38f360fa8c3, - 0x506d6befa28528f1, - 0x375cc093ec19c334, - 0x137771b8b522715f, - 0xa98eb78a5a6a29a9, - 0x519b971d964, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc052f09aab8a7855, - 0x4d08df12ada14524, - 0x949f2f883eaeff04, - 0xcf3a206271b2f576, - 0x87a015a5fd2ee1ae, - 0xe565f817161de1cd, - 0x3223558dd0008f88, - 0xc3f55ca27e4a83f4, - 0xda30da441d0d1e28, - 0xa91655ab6c2dfd3f, - 0x45b03ecfd55cddb9, - 0x18ecfb387d161, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc5a710e8024ed549, - 0x9566c7247378ba6b, - 0x37a1d3451400c86b, - 0xda57ec33cad1dd40, - 0x4ee08f324c76e977, - 0xd04545cb9b6f5d9b, - 0x58a719821c86bc77, - 0x8329e30559a19ecf, - 0x573cfd063440d7cf, - 0xf57e9cb7e4d58204, - 0x4edfadfac4d4ec13, - 0x42066f107647, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x14d41f7a358ec58a, - 0xcd6c538a8dc88514, - 0x8cc8239b4063357c, - 0xa2e9fc8861163d35, - 0x947434b4096e4360, - 0xc03b403d01d54da8, - 0x832a47c2ac6c2561, - 0x98da600d80a3aa34, - 0xb30e9e0867d0622, - 0xcfdc874c2b106f8b, - 0x92ced5f2ed3c0295, - 0x19dc2892d7bc9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x23740a12477c2986, - 0xdabb9817bfd28415, - 0xabb08828d9e7cf6b, - 0x5b9ab293335ef673, - 0x80bff5b61ddf577f, - 0x9bf74d9b7514bcdd, - 0x383439e35211e2eb, - 0xa976db2e00e7f7b, - 0x6baf251296c5be4, - 0xf69ae8d860829bbd, - 0x7a0987dd27277526, - 0xb7259fbddb88, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd1f1017fb2fd0dd3, - 0x8e43c2b59436f5ec, - 0x8ad01ee3a391753f, - 0x2514d21ab3e8e107, - 0x13f4e32d6eb2df3f, - 0x6d33c09287e9a972, - 0xfe865c84d08bc200, - 0x69e6e02d81346929, - 0x899e2ccb7517322e, - 0x87b250352dd0d7fe, - 0x2fc4b444c6e476c8, - 0x2ad86e0550e8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2fb868daf585656e, - 0xac32fdc47e221fdf, - 0x98e7cc8e29f6e838, - 0x6859fc6ed66067c4, - 0x141dc45a8d7dc2f, - 0x2840b5e3207c188f, - 0xd6c13a667f2cf4, - 0xa7262455e5db8bec, - 0x9a059d6b5a41de91, - 0xeadb945b3c518d2c, - 0x12398b55de60afe7, - 0x17878dde33d31, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6ad5001e1e089560, - 0xfbb9d6a2eccb71a2, - 0xf7e15ff06d466913, - 0x1dfb88c9cc8e600c, - 0xf00cd8dc15b0bee0, - 0x23e67fec9875c6a9, - 0x19cdacf8e99c86dc, - 0x847182c3a0ab2ab6, - 0x24e83c633dea3dde, - 0xe28c9de519e8ff7a, - 0x2357bc90b457c81b, - 0x12c04bbc70349, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x58da0c1ffa32279e, - 0x99f613fae19abb5e, - 0x2678725829681e5b, - 0x6e13c8d1081c3ab9, - 0x87a351cc0a823f5a, - 0x116f543ca70959f9, - 0xe5625a552b588337, - 0x2df331ff3df7972a, - 0xcc5ddafce4c23a02, - 0xe1d37d2117c46957, - 0x60b756e2563a074c, - 0x14efa0a826c65, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x316ee76cae340a09, - 0x313cdb295475c9c9, - 0x34ea095e98195b44, - 0xd312f56e708132b1, - 0xfd7e1d0510bf15b, - 0xb0d7e8ff3673b13a, - 0x54bfd70eddd0dded, - 0xd9769a8ef5b9bf8e, - 0x8e5f9bdeee65c087, - 0x9a0ddf9f9196f392, - 0x71271dd5f0a680ec, - 0x37c9d9a8e82e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x78c10460a7b0a3a9, - 0xff3f5730930b4b5a, - 0xac0a047c0f70da42, - 0xb8f121f578c61145, - 0x34e4a4a92ad8a04e, - 0xa13b005212524d46, - 0x4609186002ac2ef9, - 0x2577cbb09cd2c70d, - 0x17ccd45b525cdd3a, - 0x7874374eefad539b, - 0x810dd1bdd7f1288f, - 0x1638566ba1c8b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x66c9b80c6acc2f26, - 0xcc52d55a453bb01d, - 0xfa4a4a22634f1b4e, - 0x976047bbb34378ee, - 0x3700b5a89ffabab8, - 0xab0d4768b9ffebf1, - 0xc79235087edf78ac, - 0x69a1d7a55593c04d, - 0xf7163cb1bc35bf84, - 0xc9ff85e8121261f1, - 0x9a133d0c6cfa2edd, - 0xf476b44b17c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd871340bf110953c, - 0x38b50149ca754756, - 0xe54c9d5763138345, - 0x12c5af1c857b34dc, - 0x53f981e1c700d200, - 0x8bc388ce2f5fd1f6, - 0x8c6d10c826202c44, - 0xe344410f140e9c47, - 0xa961131f5e558ad9, - 0xda338ccf1871d589, - 0x93b6efe65cb72e67, - 0x12b6585bcec13, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8e1b550b685ec7c2, - 0x5a7658c68be7b715, - 0x4aec7bac7a595268, - 0x6956bc2d445be870, - 0xec52f67c82a2205f, - 0x9e3e4bb9d5a93f3f, - 0xbd279e9aabf30ce1, - 0x79187e2ea8c37b7, - 0xbb5fde656b9d7d0, - 0x51ee2668eccc884f, - 0x40b5a987597ce0e3, - 0x1842a91318038, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x52b7a267f1935eb0, - 0x4b88fa755b382a2d, - 0x7ad7599f288c24fb, - 0x752b8fc45a566c5, - 0x1032c3a04e09e6de, - 0xdd43ac4fd138f4e5, - 0x30e12bfeabd87c2f, - 0x28bce394a9d3c72c, - 0xb09fcd2744ffd1f1, - 0xd55613edf0538a3d, - 0xb609ecf806b25fe5, - 0x5dcb1ee5c1f9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf10c4446eb4b9821, - 0x62929c7bbb85ae4c, - 0x1b76cbf4498bc756, - 0x51cc3806ec4b799d, - 0xbb82ea5ada86503d, - 0xb7cae27fb239c72f, - 0xd04892075ab7c401, - 0x9ba9f5db1d55139f, - 0x5f5844c04aec04f6, - 0x29de464cf66996b8, - 0x862d797e8efbdc28, - 0x18c29c1bff099, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x355a16db683ebb61, - 0x2b0df6cdcd761690, - 0x1f09933b86b99115, - 0xd09f49bdcc764de8, - 0x27b94fd3b7900e89, - 0xf2f586d21eaf3716, - 0xcd661c00c9167969, - 0x782c2355546402cc, - 0xe2d28a0bedd5dab7, - 0x53b059cdd82ffc8c, - 0xb916e9c77e672279, - 0x17f883adbbeab, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xb141f3f914ee6c5b, - 0x560983f5e9e88c3b, - 0x48bcea16262776e8, - 0x44874c4ed2a9d8cd, - 0xb22ed78191ef14b7, - 0x1b91134de87548c7, - 0x23529f7c7e408d9c, - 0x5caeef9b3d833173, - 0xd4eb94e3d7d47722, - 0x9a3f57048247113, - 0x57e6fc54f4260895, - 0x1a1cea8a25e65, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe7b1d34ef3a02080, - 0x6836b3e89b623f17, - 0xcc12965532482e0a, - 0x88b41720f9027e50, - 0xf694e7704d041afd, - 0x81a2d9ee2a17fd25, - 0xbf57a8d6bebd7421, - 0x9dda21e3efe53dd0, - 0x8e45be6b86e7ff09, - 0xc755fb7c9965a18c, - 0x4c8dffc0ce509ea8, - 0xc4f40fcf24b6, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x341b7dbb05573cba, - 0x6f72ce6d18203ced, - 0xa0c55d50b50d68a0, - 0x6f83274681818c0b, - 0x154dc26d73e4270f, - 0x68f1cf4b83476fea, - 0xed1167f2780c9c57, - 0x7b12566b4afaf6c7, - 0x488fecdad952d044, - 0xed0c80b30828b3c8, - 0xa8adc9804f3b4a4a, - 0x3078bc469f61, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xdee7f199a478e59e, - 0x83155109ebf477cb, - 0x9f2407c6dedadb39, - 0x62de4fce422a1d9c, - 0xaa96f9962ed140c6, - 0xfac73a445feeaf87, - 0x701285ea325e0e44, - 0x48d3cc0dd8ff8173, - 0x94834f3ac5d9f817, - 0xd2d9e9bd62967585, - 0xab3b5f585059f1b2, - 0xa9f4e9f043ae, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc99de16fefefea43, - 0x541964dd1879239b, - 0x768ceca81d7b2df6, - 0x6df7900f2b4cc973, - 0xd76bd2455c26c474, - 0xb1efa07cc8f19d57, - 0x577a6f07c924ef79, - 0x14b8767d1ad349f7, - 0x9864a1028aa74900, - 0xf4bf84d3d90b138e, - 0xe9d03513b7689b20, - 0x1bde870448814, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x566037e1fa22e24e, - 0x11a4ce0916a6e53b, - 0x83a2b1071930e1c4, - 0xd301c525b5d9b356, - 0xede522f825da941f, - 0xc27da426e2c8a56b, - 0x2b4e51f7f9fb3a0e, - 0x4ee552689eff4238, - 0x8aff471999051c2, - 0x1c40d28db03e8ff1, - 0x7886ec24d2a10699, - 0xa13ef2ac5e14, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x72a7d46babee4b1e, - 0x488bcc18bed02ced, - 0xfa690651d9be84e6, - 0xda971c5b02fa0ed7, - 0x848dcd7200af2fca, - 0x18ee265795b4f713, - 0xad9ee325949e3a3f, - 0x839cb6a23d04e5ef, - 0x96005b6758a5ce09, - 0x3064666d6dbf8783, - 0x974c51e992f917e0, - 0x1a64d4d68c29e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe9866756de23027a, - 0x88433b60da721300, - 0x97b198c636dd88c9, - 0xa8c10a4c584db360, - 0x3c8ba3bd657937c5, - 0x13fe0cfa8625948a, - 0x688b3fde53612c70, - 0x28488261fa66a0c0, - 0x62d517df29e26155, - 0xbb6397d53be67664, - 0x68aa5ed9239e2c03, - 0x45879d91b076, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x54bcb3ef4fe63354, - 0x4dc12092e9a36d37, - 0xb565e93bd2edb236, - 0xa1ade2937459229f, - 0x84fcb46fcc343f03, - 0xfc7b1ac45c82bf35, - 0xf671b7a5943de344, - 0xbbbf5aa6660cb803, - 0x51f8ce88a73719db, - 0x666ffe572209de22, - 0x748bc3028db0ea20, - 0x6cb624720c80, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8955fe9a4e917e45, - 0x9d0adb37e6027650, - 0x5753472e3ec23837, - 0x3ba3e4c2cb93ec9e, - 0xc020d34aeb311cca, - 0x7dc7ed36c2faf237, - 0x2a70ee84f366fd57, - 0x8e5c1c3c0f729ca2, - 0x3a739171f6d7732, - 0x40e6b8ad996396b1, - 0x82ef53b300c4c7d6, - 0x14cb347fdb3d3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd04a05c278ce07f9, - 0x76e05f3f14613e4, - 0xe632da2c1d5dae59, - 0x5d473925131a540d, - 0xcf522f0b85bba962, - 0x73e80f68a1da929b, - 0xfa92a96629138d7e, - 0xcd5aa41b5baa761a, - 0x89e92e38dd0299c6, - 0xe443fd23ec434e45, - 0xddfcde8256384d60, - 0x13129a3c401cb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4932e3ab3c91befa, - 0xd2c649011868eacc, - 0xe1960656124de836, - 0xa5c93c0984af313d, - 0xb984dfa60146fd7d, - 0x1288771c21f59e63, - 0x3e691b026ef77512, - 0xda81951be12f34ac, - 0x99f464ffc26f9a53, - 0xe8ec81716e6c19c1, - 0xd1a3348b4b57c606, - 0x13677f68713e0, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8698626d09389229, - 0x7c90408aea447603, - 0xf4ae9901edfc0f63, - 0x23d569452ce6fbea, - 0x8d297cba3eaf574a, - 0x4fe88d4d42b76825, - 0x7db79e8a9554d8e4, - 0x61175e4909ac5b0f, - 0xab53c8d770576798, - 0x3350db1e28fcdc2c, - 0x462d8b14b6f45034, - 0x128e831250cb3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9e46ec0e49f39ed6, - 0xd0adc9f8e73af2b0, - 0x6ba9ad5ee7a178b5, - 0x3002da816cc321e3, - 0x968a8f3efff8684f, - 0xebb7f3e642a6ad70, - 0xf338457ef2715f0d, - 0x6b5058ea31d7ba84, - 0xa4c55df058382c23, - 0x789c9e0a52bda937, - 0xd9f70d3c2db0a049, - 0x87dec93043c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x33a90318a204f90a, - 0x9606358d43bf436c, - 0xb2f7e306c2a2da49, - 0x526f3473550776a, - 0x76cbe9bc85a309cf, - 0x5521431d5be3e129, - 0x38ffe6712b3b7326, - 0x47366089e37b0804, - 0x6abb6537d8e25522, - 0xe8e898ded6128230, - 0xeaa51948a4269348, - 0x5e35938a9ae5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x24f82db726d87a2f, - 0xa80fc135c75322ff, - 0x1e2d618737f8727e, - 0x9780b995a593d4f0, - 0x3eb53f685219da2b, - 0x6b226d4d55b2d18c, - 0x1f5454e443ddefae, - 0xc7248ac8efc87c2c, - 0x2a499bb98755025b, - 0x4370f28f6a944218, - 0x6413ac46bd85661e, - 0x1bf214e9afdaa, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf08ecc055731ae9c, - 0xa9956f4498436267, - 0x99bd74093a0a347b, - 0x2920535a13b74261, - 0x62d96b8a6e5b081d, - 0xcfa774b5ea2edeb3, - 0x5347b8ee8e5cac34, - 0x52f33c6e1c4ca885, - 0x4e31094fa74f1113, - 0x8233e4b8f00509bb, - 0x51aa588bd130a894, - 0xd21528b51bf8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6b0577647ceae7f8, - 0x60c292f4459950a8, - 0xbb17825698b65237, - 0x6f2a1f39eaa6eb81, - 0xffceab53d1bfbf2a, - 0x376ccb31e91f1b2e, - 0x7e770efaa0e9f83b, - 0x7568c276efc0fd6f, - 0x8308d6eff2ab4d37, - 0xe9ac526dad61f85a, - 0x74b5a3b1ad795adc, - 0x192bcac7361fe, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x14f78edb99f4ed0c, - 0x7d2856b6bb3f8286, - 0x1376a23940cd049c, - 0x50f380d2cec1574e, - 0xe2a8cc818a47e22f, - 0xd3794327e3422fea, - 0x13a2c81c6c1dcbb2, - 0x2569d3ba88d18793, - 0xe21f4a0985645b07, - 0x5ad42ec81d59f526, - 0x6a987f8a264fa3e0, - 0x595d9af27c14, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x210c84830138d313, - 0x3d8b1abda1be33fe, - 0x2c865fa300993e6b, - 0x959365a8cd01ff47, - 0xb6e2bdd86750c265, - 0x9ebf30a83d5848b1, - 0x844d93587f05ad19, - 0x10845f6e7f52784d, - 0x11b962c0c2fa5f84, - 0xb7f985de9f9ce841, - 0x15d01bf95eda75fa, - 0x109be4d1080d9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x432981336f3c7c91, - 0x9e6188695a84f5e4, - 0x9e85a5527d4c05e7, - 0xdef5ae8c0dfdff4d, - 0xe06b2185ee71656a, - 0x48c676acf3443f4, - 0x32fee6eb676243ec, - 0x85afae2104bea869, - 0xaa21d95474bc9c47, - 0x606152d01c39c697, - 0x45a6c921ef433b77, - 0x7caeb1369fe7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xebdf2ff0f799ad2e, - 0xb0094b3f5dbf1532, - 0xcbe532cc64fd29ad, - 0xaf178d132ad028ed, - 0xefb3ccb62af5252c, - 0x1569408e5ec22e4a, - 0xa9f10fdf6d510138, - 0xe4de4704672b830f, - 0xa9216fb82a180d6f, - 0xbd1494cbf2bdc2b6, - 0x468b472a9aa6007f, - 0x62c2c3ff1d3a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x62d2054593b4bb6d, - 0x282e46412f87b2c5, - 0x45a786991ea4fbbc, - 0xfaeb81bd14642c9f, - 0xf180e1c1a581bb38, - 0x18e9e357ed95f7cb, - 0xd6c57a93438e5196, - 0x2deba9043efb235b, - 0x905dd9bffd275caa, - 0x7de0357ab8d7db60, - 0x1af68c794bfa268b, - 0x167f22adc88bc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8b37efd45369e9c1, - 0x6847c6cac974b33f, - 0x89daf3dd706ffa96, - 0xa97fe685885f3203, - 0x62b3b5a340e01c08, - 0x1686df65e5c06ec7, - 0x9e75460b02944fd, - 0x790f3c692f9b218b, - 0xcd3601dde8735fb5, - 0xae6a81db7e0b0c4d, - 0x321a5d2df6b18827, - 0x751b3abfdb7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x56b8c49396d4b81c, - 0x2d0b7ce811360351, - 0x5ac4f279757e37db, - 0xd53cc217eade6b33, - 0x3bf692ec0b98775f, - 0x24c23a974bdb34f5, - 0x37a149d0254386c8, - 0x9657a3d2dc215496, - 0xd1bea20fc44ec42f, - 0x192b1202b22334ee, - 0xc11a845e0056d559, - 0x12ddad3154bab, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x1fac1f20acfe8ea1, - 0xe0f880dd4178823c, - 0x106b1c1ce03aa4a6, - 0xf3d5af5697582151, - 0x621671d933cf6483, - 0x428b97a5f41bab21, - 0xb85f324b876a1999, - 0x135bdd73b786368c, - 0xe1813bba425de8ac, - 0x37b100e12066ece8, - 0xb74bef2d6cca1d7c, - 0x19957534526f3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xee8f1b3a5c664a32, - 0x2280d9ec143197ae, - 0xd94a3013e7136302, - 0xc5a183f342fb63e3, - 0xea5d62aef4546ba5, - 0x164a2921f077ffd1, - 0x83b72b3614695e2b, - 0xdbd62efa51033687, - 0x73f635c296414705, - 0xdd86c34ff56fc5, - 0x14b3447e23c31c90, - 0xc2cfa4a7434a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbc7e0ec89b506868, - 0xcb984733fe451b5e, - 0x367d5d877b3f90b8, - 0xa3cfe89c59c526f, - 0x878d25dcfd82ff3a, - 0x29817476a5a53225, - 0x93680cdde3b2e6b0, - 0x48565e6100f9bc77, - 0x16ef9ff053ce1383, - 0x1177fd7812a5fa36, - 0xf4bf3e3a631fb6a6, - 0x6de98d4dd6c9, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xca3a54fd8a88657b, - 0x997649d27aac335c, - 0x9579f385357116d9, - 0x11775daff1d8532b, - 0x4b79f5fa9d91544e, - 0xb8be69ebcf5d68fc, - 0x67f6b8ab5cf8180b, - 0xdeba87ef6f33185b, - 0xfb6d62d54ca88e0d, - 0x640fdc19c68d0ba7, - 0xf815d5d6e3dbea90, - 0xc0f24fa9da78, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x99d5f3a090d2e8b1, - 0x188207d66ede4813, - 0x7608f493e81500a4, - 0xbabcdc935ee4c732, - 0xe2b5c53a66424ec2, - 0xc0308182ceff0b8a, - 0x16ef59156e0ca09, - 0x2296ea45bbf763bd, - 0xa0bb68ba36985605, - 0x802041ac0ac5a3fd, - 0xc8e400c5a0439ef2, - 0xb952a2a65d96, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8e2da395435c8c4d, - 0xd711b19baefe1c35, - 0x2619d0013707bc26, - 0xb4115a0ded2b7b5d, - 0x6dac961cf0f8326c, - 0x945e3685e6c70362, - 0x8d78a7c77eeb60a5, - 0x7a0c5498cecae58c, - 0x6fe26e971c2ba780, - 0xb41bbae120cce4cb, - 0x718f9152aa516cb7, - 0x8cfed4609ef7, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xe01a6e9d53864749, - 0xafb52da1d4a263d, - 0xf69e62a3c3c30880, - 0xb9f4e9923a19453c, - 0x54b6d1b50a0d7218, - 0xc1f5b0d0008ea832, - 0xe166d8e734314d07, - 0xfe221592c1984e6b, - 0xd6e06b573468e0c1, - 0x6c19bbd34ae92bb3, - 0xb9008e73cb6b365c, - 0x84a5bb5779bf, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf08786c197427e63, - 0xceb1d1cb9566cee3, - 0xde45fecedb5aab6, - 0x40752ca2dbf8468d, - 0x43ee711398ab7223, - 0xbbebbcda4759f379, - 0xee697e0854a2020a, - 0xdc815fd598bec3c7, - 0x3ea3fd3fe4c4268b, - 0xe1aa3089b96a493, - 0x9fab263a88397500, - 0x9e90b550a627, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x140a5743981ab5b6, - 0xa1967ed8934d84c, - 0x74fe12835fbc979f, - 0x6a5e1d1ec39db577, - 0x7b11ea5e5e670763, - 0xfec518f5594ce331, - 0x8a74b31654c44b7c, - 0x192f910f3069f382, - 0x2b0d37ede7ab8495, - 0x11ac51ecf444634e, - 0x62ec5a3c93953e87, - 0x3dfeb9dad54a, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x37e193f5deee7219, - 0x39f9b913b5002793, - 0xf4086ee1a8beacaf, - 0xa22cff9ac4e4a7b6, - 0x9481daedbcdd0c39, - 0xf438dd92b088e4ea, - 0xa4555551cd9fc45d, - 0x7b7cea66db897f0d, - 0xead76f4f958fcf1b, - 0xf09575256d34119a, - 0x6e3babb5a49ee0e4, - 0x576cc08917b5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x36a09a9964f68f80, - 0x949287cb1e0bd8e8, - 0xfb3ebd86fb1b2d90, - 0x1d086fa86f1ae573, - 0x44535df4d551fd78, - 0x285ec52ff0b56971, - 0xd3ddea90183e5e72, - 0x3c3815a361177bb0, - 0x35be4079c7ad07fc, - 0x1b5d5650ff90e549, - 0xcbbe2641b96060b5, - 0x1319c3835c9d5, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6b3b099ffc8e0ae0, - 0xede2ae33f9d5d095, - 0x34e8979049379d2f, - 0x4935a4e4d4cab7d7, - 0x85135bb0d5cfdc94, - 0x58fdfffc4cb2c1f3, - 0x5171d3d9a22d02af, - 0x8b493b3dcc3aaba, - 0xf2428b683a1973ab, - 0x8cffe9d2cc9d04d5, - 0xaac195ebcd8c6df0, - 0x1381e7ecf26cb, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xdbf27ff79cdcf877, - 0x8afc4c77355be4a9, - 0x7b9b1061282cbddd, - 0x26e1f109099b6b72, - 0x6c4291527b5f90e7, - 0x31dad98bd97c673f, - 0x7a13011ab1400cfc, - 0xf0a3a04468a8100d, - 0xe917a9b171d5403c, - 0x931065154546d909, - 0x9131209cf0fc9cc4, - 0x1600b0ad8e3c3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xce1f39a1cfa7b697, - 0x99429b9ba2bd9c4, - 0x876fe5f65d7d43a5, - 0xd693341dc5c95f3f, - 0x83b4a24f2a57e4c4, - 0x2b2d5bcb0e6ca803, - 0x328a0abb4177d72b, - 0xf003f6bc38f51771, - 0x84892dfd72c9ba67, - 0xc0b2083bf3ec0cbc, - 0x54be6f401cde11f, - 0x767e21ffd1e8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6722e334c5a4a5ef, - 0x8d2221782e82729f, - 0x65b0344484095e46, - 0x7ebd543862cb010c, - 0x67335de58ab04060, - 0xbb52d9ab9b6c0665, - 0xe8e9cb584dbfab89, - 0xd3a13048e81de27a, - 0x1843fc223a73be5b, - 0x49dcb776622fce0, - 0xe6a94ef64b74eb9d, - 0x7d7a95ea1d26, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf2e6646fdb23005a, - 0xc5542145e54e925f, - 0x54037ee25b592f92, - 0x17679f9d30ab1980, - 0x4bc5cde07da51897, - 0x507d164e67470bed, - 0x5487ac9638e5a109, - 0xb99f3a8d1447a43c, - 0xdbc87a57686b6630, - 0x626642377a2c7706, - 0x9354a58a099ebf33, - 0x1ad70ba39a23b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x6303de3f8a9a0572, - 0x25c9a4e962d77ea4, - 0x5b805aefe4ee7af6, - 0x315adbbde71aaba, - 0x4a9a71280bf4752c, - 0x651dafd84c3216b9, - 0xd3ed0b1c30522b67, - 0x1bed1278709ebe30, - 0x38ab7536e06de187, - 0xfc8f1a967774b60c, - 0xfd69d113a82aa590, - 0x16d89bb3bc6a3, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd7c2a3fd3e4bd49d, - 0x90573a435320f113, - 0x5ce31a37c852c0c7, - 0xb6564882fc23d543, - 0x2345e511bf8151, - 0xaca2e847c167fd35, - 0xe31cc547a186aaa5, - 0x4421db0e798b9d1c, - 0xbb095282c4889bad, - 0x302554f5b9d265ea, - 0x507512af281e192c, - 0xf3c51c2f7dd8, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xdaa1fb14dc9bfb52, - 0x2350ab64573c038d, - 0xec529037f1a8f91a, - 0x1a23fb4fc129021a, - 0xe194241d323fddde, - 0x64fe030a6ca10310, - 0x648c03395e7650a9, - 0xc816093653ca9522, - 0x7f534ab426312d, - 0xd96dab83205f9297, - 0x69996c6bd9daa6e8, - 0x3e82c2fdfd16, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xca5a4f48f3e7540, - 0x27d0d0b759277ea5, - 0x96ab5ecd2ac0d1c9, - 0x961e8cc136c2cd14, - 0x96e8f471eab1b7c5, - 0x9fb8ea548c5a3fd1, - 0x5e601cedc88f5c87, - 0x2b041d56213e4f7d, - 0x7cc27dab772f6a8b, - 0x41d92e398b366e40, - 0xcf20ec780ed3da4f, - 0x16df1d7468044, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x8b058c3cc42514c6, - 0xa32c7296da4fb7a3, - 0x7fce83fc1171da1d, - 0x587a55fd204e6551, - 0xbbe4e2120fa5ea75, - 0x1312b7484502ca7d, - 0xac122c1bc035f710, - 0xd362ca77d278b75f, - 0x1f16993aef613f6e, - 0xa65500f1a1fcf708, - 0xe86a6ab9b997b73a, - 0x678f15be099c, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2be90f8937439a0d, - 0xfb1a2b9db2c43367, - 0x6d3fd07f13bb67d7, - 0xba6a0b848a7c9869, - 0x16b504402b2d2f58, - 0xad118bae03e3956, - 0xccda4527510c4dc, - 0x88eeb18864607a79, - 0x38ee387177524c3a, - 0x4da7b54273317a0, - 0x996737151eaef218, - 0x14f0008da5431, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xbf1c23e6811bd686, - 0x370813d7fe75a61a, - 0x597f4f94d617a6dc, - 0xec54a9ed7c33fea6, - 0x37cd08befc608443, - 0x2e5fd34c600306b5, - 0x9abd8a99d39cd098, - 0xc148482b6670f52c, - 0xc7b3f1e1975fd9a1, - 0x5ec16c426f6436f7, - 0xb6458ea2b864f179, - 0x12bd536b42041, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2f7a773ea20e10f6, - 0xd797a4b2c37b17b6, - 0x335309f7fc1a984d, - 0xa84b1ee2a94426e9, - 0xa64f0b629b7420fc, - 0x392113eb9ff17c09, - 0x99cd2cb63caa420a, - 0x925b33ea59d083d0, - 0x8e3aa86713851f25, - 0xf87b6c02fb982c8b, - 0x2658ee292723133b, - 0x6c4bd88b8321, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x87ba0c79ddef54f6, - 0xd5505c0ee341b9ef, - 0xa67dde817c198742, - 0xc52a51e5b2eb0ff0, - 0x3f2d31f21d9f2c4d, - 0x5dcc3a645d80f634, - 0xc36ca8597e6f78bc, - 0xceb3d246d028b83d, - 0x434247d5a0e1270f, - 0x9ec5ab74db1a099e, - 0xb2b8c64a171751c4, - 0x15c8c058922f1, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xfc49d1a4da54219f, - 0x1fbacfb0b145b6b4, - 0xfbe03be712132c8d, - 0x57263c6c0d240382, - 0xd0ba0cea204c43c2, - 0x30655ce3d849704c, - 0x5511aa665c1c1d69, - 0x2d5bb1dc00a2fe61, - 0xb72706049ff235db, - 0xde5bce739c8aab00, - 0x97995074975fd584, - 0x742b29630025, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf62143ca8dffa500, - 0xf5a2092d75c0f68, - 0xf0e7cce47fed1ab7, - 0x84018fbe00ccec54, - 0xf2dc3aa21f4d02b4, - 0x396e15aa2d30ea73, - 0xe0dcc3705c939a68, - 0xe9585266e25cf4ba, - 0x9198156c2d050570, - 0x2c6b180903eebbc3, - 0xf1c9f286c7802a03, - 0x2670c863a290, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x43a46748550969f8, - 0x747d31fef46bb4ae, - 0x5745b72f5429b6ac, - 0xd2fbb3506f6f0a18, - 0xf8c8ff1bd5ec3159, - 0x826427458369cee, - 0x600fdde8e7bcd37e, - 0xa335fe4b9ee6ac00, - 0x9c4dc437d5192651, - 0xad91c0844563b8cf, - 0x651c6488529a75ba, - 0x1a929b1d4e41b, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xf5c0fa703ceef967, - 0x7e8a76ea209882a9, - 0x5bc0effae852025, - 0x78e01fbdadf36b3a, - 0x9c4474e50c7fdcad, - 0x8988335c5ccdd9d1, - 0xb019423ddb77c37b, - 0xff99a012e26b272, - 0xbbeefe2ebd4a84c4, - 0x2919528dd8a266fc, - 0x2ff9472bc05d2a52, - 0xfbdd82904763, - ]) - ), - ]; - - // This MDS matrix supports fast matrix multiplication - const MDS_CST: &'static [Fr] = &[ - field_new!( - Fr, - BigInteger([ - 0x501a4942604a70b9, - 0xa76ccc949aa7c642, - 0x6c4cc86c95605cda, - 0xbccf7d4f7354e493, - 0x1206801ab772b03d, - 0x7bced5d373023379, - 0x15d6072feb4315e3, - 0xeac86ddb0d72d1b7, - 0xf457c575fc343aa0, - 0x59e953592fd74c9d, - 0x7ff7fa50750bc70a, - 0x18886f925d6ba, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x2c2d74682546a0a6, - 0x9865dc7630bda9e1, - 0x84100fa0ccf644d8, - 0x9e0952f7ee653d45, - 0xb4a4ad4288ceb171, - 0xdeb37c57f9787f3f, - 0x4fcc489c84216dd7, - 0x917d7587f44f023, - 0x73e38903794b3798, - 0xb319fbc57d331066, - 0x805c5d11d9f039a7, - 0x1b0be2cc8f360, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x334837292ab79a30, - 0xfde71188546dce34, - 0x72f5d1a2dda92279, - 0x63616694a7b65f2a, - 0x83628012db5d30ff, - 0xae4201d7d244363c, - 0x8288328402659901, - 0x67cd9c6b7f861f43, - 0x7ba84d7fdc3ac062, - 0xc825a95ead868c4, - 0x410d1b5e6c935945, - 0xaf1562721ddc, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xc13874eda5ad61f7, - 0x8f9667da8429b450, - 0x8e4a1bde92a86fdb, - 0xb0cb6fe9700fc28e, - 0xc3df17581145f3c9, - 0xf908ec72ac7f51e2, - 0x15543370aac8d0b3, - 0xfc620c67f6810dff, - 0x1e3b9481634be904, - 0x487e4371f154ff8e, - 0x61e4d6c705ec6955, - 0xb7876d9dcb5d, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x9ba02a198259e4c4, - 0xf3b92022b540fac, - 0x52602a0d0a06b389, - 0xf71b59ca2e46d2f9, - 0x460850b28a1e77c5, - 0xf8fc3496b9c70c9f, - 0xe41868f99690555c, - 0x5e019b94813a6396, - 0x6753171688952332, - 0x8e8b0f8262c4bb60, - 0x92b2889e172678e1, - 0xe3a19fcebe4e, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa2240e8253eafb8e, - 0x2e9f2ab49147a98d, - 0x8d26e6fe040f572c, - 0x1c5d1a2f77c3bd3d, - 0xcd1554fe26d8e940, - 0xc3bd113fd13708e3, - 0x3c4a3090b99f4502, - 0x7a1ef57be4a0008a, - 0xf2765b3b44ffd0a6, - 0x2c7d5cc8fb43f2d0, - 0x465b44b613c9b1c4, - 0x233cf8e79cb2, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xd72c82540065191, - 0x9a1ac4ed2fab8e8, - 0x650c74eea62243a7, - 0x6fcf337d1937c2d6, - 0x7d054a93d61e22ca, - 0xeb0b43ecb693398a, - 0xb9b1eaa4b1104ccd, - 0xf1b7e8c337898df6, - 0xe2652a56a1447aaf, - 0x6196f3b47b16110e, - 0xcb1d39edaab39a9e, - 0x10a95fbcd6967, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0x4b9a96ec4445d17c, - 0x5db9c19124d846d5, - 0x3ae31b9cf40b26e4, - 0xe05c645661d6d15a, - 0x63c92bfa2844c829, - 0x6415472ada9ac39a, - 0x1b89e4ca7499fcde, - 0x49e7b8a722561159, - 0x1d4f0de0b8cfb940, - 0x4a1d8a1cf84ca296, - 0x784767101218bb5e, - 0x3171621a22cf, - ]) - ), - field_new!( - Fr, - BigInteger([ - 0xa11074f03ec07e15, - 0x713f4663f3ff3355, - 0x1a08761c29cb3afb, - 0xd9d8fc39d2b7a8b5, - 0xfb20d30306dce9cf, - 0x57270eddabed3a7f, - 0xfbde52978687148d, - 0xac5de44ad3586169, - 0x5544299cb8c3db5f, - 0x244ac8e0636993bb, - 0xdb58cffd2ff83d0, - 0x1120aca75573a, - ]) - ), - ]; - - /// Short Montgomery multiplication with respect to the short Montgomery constant R_2=2^64 - #[inline] - fn dot_product(res: &mut Fr, state: &mut [Fr], mut start_idx_cst: usize) { - state.iter().for_each(|&x| { - let elem = Self::MDS_CST_SHORT[start_idx_cst].mul_short(x); - start_idx_cst += 1; - *res += &elem; - }); - } -} diff --git a/primitives/src/crh/poseidon/parameters/mod.rs b/primitives/src/crh/poseidon/parameters/mod.rs index fdaf05ff6..44bbca4c7 100644 --- a/primitives/src/crh/poseidon/parameters/mod.rs +++ b/primitives/src/crh/poseidon/parameters/mod.rs @@ -1,23 +1,3 @@ -#[cfg(feature = "mnt4_753")] -pub mod mnt4753; -#[cfg(feature = "mnt4_753")] -pub use self::mnt4753::*; - -#[cfg(feature = "mnt6_753")] -pub mod mnt6753; -#[cfg(feature = "mnt6_753")] -pub use self::mnt6753::*; - -#[cfg(feature = "bn_382")] -pub mod bn382; -#[cfg(feature = "bn_382")] -pub use self::bn382::*; - -#[cfg(feature = "bn_382")] -pub mod bn382_dual; -#[cfg(feature = "bn_382")] -pub use self::bn382_dual::*; - #[cfg(feature = "tweedle")] pub mod tweedle_dee; #[cfg(feature = "tweedle")] diff --git a/primitives/src/crh/poseidon/parameters/scripts/ParametersBN382.log b/primitives/src/crh/poseidon/parameters/scripts/ParametersBN382.log deleted file mode 100644 index d89541d2f..000000000 --- a/primitives/src/crh/poseidon/parameters/scripts/ParametersBN382.log +++ /dev/null @@ -1,11 +0,0 @@ -('Number of round constants:', 192) -Round constants for GF(p): -['0x1b2e3d7de9e4d64f71bd143f5afdd9bf086eb232209416c94cbd24753cfcd19da57fa7d54e7c9b8e127323a211ccd286', '0x0d9b70f7ac2559f464e521ca3788586f6b669eecf7c5035a78ce2aa2bc942a5ff4e488fb71dc9319b4f19cd5cf7a7a42', '0x004ef6668822e796f7e35c61451b6cc1a2772d3700f97c0a0151a69e009a084cb244d0b97edfb12a35373bdaae2a1a6c', '0x2099f5206b789bbfc9eae143a83bd7b75518683632ab6dfd823f64708cde08a6382f83fb91e88cda0376c0ae08a4332d', '0x1f9506b4670e2a30e6692ae4c47c7382ddffca674d25ce3c385356066ef29d1dcecc5be5405f0263fd9a1275a0e264a9', '0x1e99f41f8f33b39fda45b56f20d96a227b580cb7dfe0d21373ae778b8d9bbc6bbb2293e23ae659c9b00136417fcad4f3', '0x06729def6dd37df6f8cb2bbccbb48a19165f6e378881e3b13062157f43c6790140796f0a1592f87bb7e98755389ef7c5', '0x2011146a62d93b7d46903839c62dbaa237e051bd0aeff12991c64b47358566c8835411528e166e5700565e752590ab9b', '0x1fcacac3f261c3e57ed78e815913a3f5a10dc1548183ad3978be4cfeaf662c47bd08b6741d4f2b5ccbc1de27df257cc2', '0x12191670127cfb34412000baa1aa9dff8fb4c6adeaa7a72784cf805fea85011a88a77c007291029560bffbcee08c301a', '0x01d42c10a1d9972a484db7b8625d71184c33d5d8e1e7491c6500b6e3a274e08a39dfedb40f87f5aa4a9fe38feae31b22', '0x21c5dd68abdd5dd87439fd5409bbe7a3d4f253dcbd866d033fee17376417765836fde4ea2f19b6f8bd6544094865a3dd', '0x0ffdfa68a811cb4f86f4c91496488fc7107dc199c78e4685dc04af5a35fe99985f9de24e209bd5bff53fa5df9bd93938', '0x11681d1ff151ac1c307fc3d910279b12811eecb7d7020c5ec20de2281ab0461ff572ef07d10fdc919af6f0686e7efa25', '0x1b27731f679afb646da16da1acfc642b5717cc0dccb85b5de08b08a0988f481fa1006bc4200fb82efcc39f36dbc3355e', '0x18eca22295aa0e1360c73a597e340a33c61600da84d0879f266c4c4f61d8107f1e063acd855ae4d01385f2ac658944d8', '0x1d15518c3e1aceaa9b8a40e7de64b28268e27f9b1a0246f2e9323103bf8f19e48443113d9675dbde8f290e14d425dad1', '0x13a8b8cc856ec666dd13311a9f6ad07aadba8dc9508a60a19c175a85b3ac6d892fece2527cf99bc3b5bae4c78097773b', '0x0cb48f1941f9bcd4368149b74ff62d3ad116d517fb5fa1413cb1801c2f701b7664bcbe843a230aadf93ca10c4f143724', '0x07e112eb6647de85b0788d26c43c732b2bfb3e140913b3a8ca5b2ed29ecbc06e009807d2ad85a24ebf2f44a43e20b88d', '0x02ed9d9b7be32a3af8f8981861144c6acfafa464e4e221d86f5050fdeb7f823780cd6875cb59ab42c7f69615e9fb6a96', '0x204274ca2919c9ca403aaa321151f6aba8c6d729483d797a6b80942b6bbca934ec6efcdebcb48b942a35fada5125d91a', '0x12302a9f23b0b6c3aee6964c96a69b7e1936387aa08cded6df13557847fe646ea11acce096c030b2f23a65383297a14c', '0x1f67ff059f98ad68010b105771b6111113ae2143df21c4bce1beabba1d02e5e0963394b03fffd5519ddf8cd7a5ff5ca7', '0x1d0eee346871c208b09289335c23ad05ea3e450c6a7c52eaaab8129a95914fffab0b65fb535f517f075bd3f5663bb170', '0x0d6c896fce0bd5468c7fdf16c8ed62b241d5e77f11a9e4bae5ef0c93138723e13ebde577c545b52a3bab84e7551641ae', '0x1c6c6e41b6ccea702ae864040498a1840ea58df9abf5e9de9ebad63bbe9596400a14f77c67305cc3a0ea4baaaebd13a0', '0x0b0ffbb1574e4ae9df70480ea231a2f26901eb900715d47875325fa874c55d1e8db6e3acc1ffd2375a473c0d08b20c53', '0x188cd8bfbc17d7eae3877d37966e3b924ebd3c156653f6701e418c8b4301f8e5a99190fa1dad6976bf1c9f055806b84f', '0x039faaee00478fdcecda846c64163d58b3b81db44af4af79e2fa33794ab95e1e3809b7670c4cb72b9cbc021fdcfe814e', '0x11d5321c089e622446aafd526144bf71c70aa30412b9e656271d7c96c308beaccbed947fed5e6635d85c49184866818d', '0x0c6787765eb5042258761ac61213893315e1de5a9bfd35f7d2a31adde28079040b25adc4086c93f24602d767cb454c59', '0x003d342bbc9e5f941aee8a554e96b1a53ff46d668f3d22b1f87444442adda78fe815953ed834fc2cc7d8fc628babd2d5', '0x149cbd731d9403579f5d07e760d476e37efb1a423ac618184723691856f6d3fd32ce6ecc6025b9f56457b62be6093def', '0x076f96bd03afaa105f51f1d015fcf7d6014aa09d13415b8540f56e721b66c412da8f0cdf4048a59c1336188e06f81026', '0x23551d0d8bee17983d8a87e34ca24283f2c618f3eb30bed551a97edbf5b199fd99af9c972dbb7199514f51a61ec37eb6', '0x0fb206bbb333afcb1f7421611b4b73d372b5ed9a1582e43135ffca992997242c12b07b57ee52b1ec4e7977d0a68b41aa', '0x222f4f4a1fd67d99729f972e6b83a1f1a60141862c346158847f697ddf0268ddf00105576580dc5e9592ed5c5f445895', '0x0c8a6b8dc1f469523dd5d5a88056dce6c1af81d7fffa97306edeb106483073e6f6f742a1859cc7fb9b5536d21adb61c2', '0x1381aac6ef29a2568128733dc6db9377905a7f43cacfc7cb34a5bb1fcb4171cc7103dfb708a9747cd7e0b6cb2175bd1f', '0x0de148fdf2bdabbb548fbd173913563485bc365950b43b0f565a5cd4986804418e225fe6f6d14f2b710cfadf73b4cef7', '0x023adad069970f8543a9f343b07a4a2a4c16ddc2ea4eff66c604682c229985bce790e9fe11734a4218640cd8791bd66e', '0x04a2761fc31eb758b35bc3891f07ef720ccc4042e38c8a24d0297aa763abf8122a4687ff3b907d38cbc541662167c607', '0x045ffb698017e3f6d4a438904024196931b9376e9105d236b2d013526c45525a13cfb60608b47c3cce72912e141e1543', '0x1f9bbf8d5da4f9b258399bf2e22ecb10c9d94065a4d26460768d16348740372fa98927d1309e25612eb21907999ce3a0', '0x12a323d3c6879abd150083116ecbaa855d83b4f6d95cf21664174ae77f1e9954c74584659c85932e91f162901df9f74c', '0x19b6a583258a1792c0060b3fa7363661be0c2bc8911943e93701f37646297d0dc55f0766d577651b4badeac0fc903986', '0x0250a7bf52af335eec59810632637bb2b131c6d569dbcc7f9e4fcfdefd56195bfb2b54df325a81c172642fb9bed6a7c0', '0x139c2bce0bb056c3467f253099a5b803f37a3e5483e2fb1363665f86bfc722fc23628ae8d234e30b0a8083e95406cba6', '0x15b032821ab04183ad3743742bad1a43dc7af169ddbc20f30fd3bcdb217e6dd4855af64cc0cab15f4c7f58d2dcf2c87f', '0x121b838b5f396fc2aa9c884f01d90c28b36857abc672542703d7366189e6531a165a1d861f1c6daa8740cebc12d7064d', '0x0b03ce5f5af1c1a8d8d1ec587519eecc9618c4c6aaf07b1f60d68445f8c587eaf1aed4846273d44de9d99cfd425bebee', '0x07f6fee76ef4a22fa283c9f9f590e618ae89a4581d6e1ef480a8af65a463edd899b50d041c88e1445ec0ef6ca22286f2', '0x18ac80afa2703ce89a401fa2a37a56990ff33a9ebf01d02d0c3de8e72d460381ae165332cb58e43601fb9d2c22c25d8a', '0x22c1bb39de15cfeb3e1c6807adcbe567648d27ebe5b892be6e2d685d8e3a24e7a6deabac0d9464f1c8e380b4f834ba1d', '0x1086c76132ef6b404d5fb6a49a8d0a1e40dc30101cd9afa77fbc63b0b5c6fae220a40176c1cb18f85a47eeda68553ff0', '0x1ecff3ec1bad819776b8d8ca78217b2067deb0142433ecade2e74528662315ea3a9d61e337f53a7570159a7111a33e84', '0x209af6b95ad8058d6c7ac6c1877576ea19969b7bc93427b558df56c70b1fc26b340fe7ff88d01ce78b9feb6f022a8a52', '0x208de2f6293b454a2708c419ed7247aad8817074f8072e3a19e139cd10897dc8d20c0c546c293438f861efa223e5b6f0', '0x18b73d59c4ac16908cf65448652b3687cd9f0e9eeb29b5463f38b26f51565152b34307f1b20a213289679abfe712a1c6', '0x14522afc3dd3de38184207f4e6ad7c5604972cb6fe327b78adc35e78d74d3448c52bf9f1d0d0f426dc0e23ef568ec4dd', '0x1c39c7d823c34792a2f12f6eab1175bd0479de10488ff95da034a78588343a612b09e33764edc04684b721ed2535dc2a', '0x195cd75e13318c6554ce356a87c08366875b702b1a275f30df59c7b59389ea8345cdf56392b835eb1162406b4b432c8b', '0x137c726db8aa724e683e268925db49d11e1a3f7a726fa1bb679594f3533b072b603c2d6e53674d912ad63a49552dcab6', '0x1be16c60a0ed03c56c78f792a7677186dae8cc141846cf12aec40a72f5829957768b5c9ee5f280a5aca519643bcc87d4', '0x1a494fa4450504ab6228021843a5f8c8fed58a0db8f449f17b69f30d4ca78050460858e88f7443d4c19ca68d7ad5b36e', '0x0b08d66ee3086d31835d78ecb6c731b86b1c200c9888be72c9866cbd1b5fb45fa9035e30945f0315256efb64db8e1e17', '0x0faf5252d4dc9f7a886a662bc45ebde2a8dccc75be6c1ad6c6683faa154bc590ac86b0a7d274937b7f56f8117acde428', '0x01b08b17d0bdff761eaf30aba118e6c5ffebef85c85752a32fc99d64b50004f5beb10a55f688764378e7dd7f9d753cfc', '0x061a86384d9484d155ca3f69aa96ba82a5095ffb7e0c160eb96928a0ff8fe382ae1ac37869749c12d7be561f34825e60', '0x0dbea8877bdba885b11395b647985e535978a324d031aade9c21d7a384f10b624fc2390f869a0aa3b25d5974a895b7cb', '0x0202ce78b371e665d663a4f577ce0ec70ee5d490b3ce6053e4ce2eff0b97b3ddb0eb2df916b30127e2dda23fbac2a7f4', '0x0ff20abe74b5feb595a8871ea7672acc4724602f14f2d12e4176617a64c3b6e7050054d71e3f8b114b15afd2c6058efa', '0x0f203681014c6af7100ecf330f4df80d56a84211d46fbe54c4385da9d2551eea55060805820c10756b63389f85ef94b5', '0x0d9ee45db75a75f211dfcadaec49ce7f2e1676310b56249119adbcebbeb337e491ea1f09507cd4b041923bb0dd14f803', '0x09454e921b23d43ab08d781c2d8cb4625600dbbc55a7692a0970a349eaf967bdf87c213dab750a3940b4e4f25912071b', '0x0f1f14d99b2251610150a6c413ce349ce488005625b7b18186618db6dfcbc98961ec1093125103ed9802bc341acf10da', '0x21066fbbe2261a8ad595ee02a0d1e47a0ac688d7ce0a60f2b877f135ae48f82f1aabf107165595f5aba09b1a7617ce1d', '0x2201693465ea1dd850c2c67c17acb20ea236f28d0f04885b6334ad2d33229995ce0e08cff107198f1ac23e6ba4f87712', '0x1a975ec6a2f7b42941550efa4874525a2a7e9d300504a6866f102482d81bcefd7d1ed9cf206277559bfe2ad329c85d93', '0x232481866f13f90d878aaf259e02d3ba5b75f339fabfc2baec5f87ddc2434bfe28108620a690f03afd112926a6bae4ab', '0x043f5b356035027a59eeb8a337b5af322a96a662fa29d839318d4824a9d2e56266c53994b510223bfc9195a4124bddf1', '0x0a4adf5b7b45675249b124e1e5194e3eb931dffb49f25f856eb5980ceeef534e22948ecd9a503e7e7a92dc4562873a04', '0x03ec899221c468cf9877886032f2b6f51bb0e3b63abdd7e480ed3775ab8bccd8436c00ebb7f065a3ceb62156a8144cd3', '0x109270ff5731da37bf25c3b5faec13d4bb00aa502c25a7dafbefc464c9e3fca3da8f90a4dcaea18bdc7df853f6a7cc52', '0x0e0f421079e8278b829962fbb591a91073307c9a1d078702a2d5e332138de34285b090a5bcecd8bc9a61bc948bc271b3', '0x0b20b92b5a5be56328a894563e41a012eb19f3899085c4031cc4db8b400138b0b0459b9caea8ecb82ab53e88e6674e51', '0x1b8a906f0d033aad075d982fcf520e9c765074a1285e89f6e34cdf71c43546a5ab88df35cea9c0d543495e79f5ebd45a', '0x147a53266d26c17bf9b2a446e8285bfd432cb7fee2ad39e4a98b95f22e18c43f4e97fa91456a3b04e7e8cd3175364917', '0x1b5c544778c159328a3bbc184cefdf777e036fc8f706979946fea6cd2d8a17530505b6dc1692db7e0bf2bd2de4e05387', '0x09680d1614cdb7f9354b2d47234db8d43a8e8fed61d402ea126e0a09b3e0321562d30aa56141b016c8bdb5e697a1d5d0', '0x22cf92188779d86309de9c7a1e4562552e3155421e65ec16340edb29096de50e5cfb3dbe49f531de799d5aab4934548c', '0x014cd1db518df186a0321b0a73aa69b399e1389e78df9740331c4c9ac64c3507935e0c3ea2df0a1fd894cf5341c40605', '0x11349f6b122d8b40d8bc0a90a6e134925b6c3e753b3b2f20b82e71a47b6121407835b7e2f54f94f0ea33e50243699acb', '0x0290fe42378e103799766a36e6a0179e99ae7ba657e0ace5c6d0de4ae32f3fe83730916f509360f96ea2054176a354d1', '0x19ff8c48cf610ff2ac6bc9a53dc0a8832783c3a072016d23422ce90948288fd5493ac925ac3df07f78e7a25b6d10d0cb', '0x17ead60f1dfb2fe7d97100df9dd1556aa2c6286d80f83eaafed6f13eec01dd10240d1eb6ac4808833c541c9994e2bd7d', '0x23d076e59c4cb63d87f658f4e4a1eda41f84e3e9c83794f89b9cd84422f34412effca4aaba99cf30a8dc848bd35ab049', '0x0069e746298b6e0690fca5bf66f6f1d367544b94f51375b34f5f50f51185b56fb2ec00214fac414391831cfb246c031c', '0x1017499e4cc3fc58d5792af8d4b9f0e243829cbb51b36ff454b9c741b97a46a1d7559cbc616f4e17e8323b053eb855dd', '0x1f8210a9695bda0958dc27a57fd88de11bf4fcf3ce5cebcbcaf32e4a1ffb738482aa4b17d55a754f1bb500a91a983caf', '0x1427ba6b7de5551037df972a33690ab6afdbb104b05e01dece3300f938b303e49326d19dbba62a3da1357548b3acd77d', '0x0f5ad6b801168c0f4874f9433814d96a82a90ba494dd4a85fe81e6df7783737ac11168c5634fa4f87c85d648aa5ce629', '0x18ccc64a2bad9e05e7ec236de148fc2190aeb2f53bfde5a5dfaacd087f1ab9cdcceb41d5db2ba39154ab8d1fdcb7420f', '0x00c662c96805ff39a3dcbf0823af95e26dc083ba4b69d4350d27ae69fae7bf0a35dc5eb1ae917fd5d3c49140e5b9a5b9', '0x15b985f285897210c7eef472eb8d2843530f815943a63d0609adb01b294f5d691e16a88ee38164c8aa82cb7c91784930', '0x1647b5e3fcf1c39288a79eb5cb99bd27d9bec41143c6b6417c2871f06765b5213bdbc8a691fede3b8be3758131316daf', '0x19f5d67d71e8d515ed4515b98bbfe6c625e2493b86b4b8832cdd905504ca3c31e5b2da18a1cfeb92908b7537b9699d04', '0x233fc908356053276a1b2d969a942ada3f4abe8a7fca7b97dfe3ad588f60b8d3c0ec3aaaf70ab19a522c79d5c28a4ba8', '0x12332419b2ed3cbce7af3987902fa93001908a08bba5e562cdaa2489c6f794e7c8ba881dd8a3402a121b319abe496260', '0x191917b44686cbb2c375030df6d843d41eebe6c094aea70fe53062c21d92122fbd9ee7218cb9e29309caacf8df949f23', '0x19a43cd5f5ee72790d3432c64694c0ac0c0b90e618353216fa8c7f54147038992b86fc3054f8fbb1e1281dd14162db03', '0x01177b81270bb6b4c1728a5484b9ca1057c48816a40a80dd8330d45961e784e6b22d1e07eccf20c521d4292a73cb2e1c', '0x0300bd3c89fbdd5f98f72072aca11c37d6ea9ddc85e8676c7c93cab860ffe4655f24f26675edc9fcc3f40f48ca518f62', '0x05ee1eaea0af1e0c9ed1ec0322fb10d0f2981d95a24ef33842efd7aa48bf74c4eabb1f93d0854c27dc4805e16da33913', '0x1672027f4e29e39165aec55ca0ba32c8e37749889d98409b12143f799c16abef019ca26cc80137f9efef0efa9501b609', '0x23a81ebfaa2ad71d05dedb91f8d10d598f2417cdfdf7024e34d6f12fc1124dfb0fec1bcb4336b38d8c63ff5cf2473376', '0x1765f17e8893c9b8beb85e0a5c7d12594304a73ea5b0e10f96be16e3f690db780f487d038fea173ee09bed1d0296542d', '0x1a4d335d1217cdca51620efd02f0990daef9a69cee49a8b022434bd6c0dfd4e7383780545789f1243e084da06b60eebe', '0x20e6ed2a5806207bdd4cb8e84b2b2f5ee40aadfbe854451fdb001ffc5c9dff8df93370a56c3b04c5b7b20e19c01fc009', '0x164e4a97aa261278778cf3e6b39b7b8d49f1ff78c41c216e357366bcd9dc041f89dda7480bc7e4fa93b74cb74bb73c56', '0x1938f89c6a8cd855cea2f6e901ee1529b810e22867d20e7e6409b1e90e39d310128a08b13e2ff897690fc9a60f40c4c7', '0x0dc610073b238f858e42f96c0731f38226a781915dad797815046da5166e50fdcb988d7d6464409ee3c075f916ed2ea8', '0x148920f6648de4d7bb2b875b22a27ba5ca9664ab0138f5e6a89547e5fba7912f7d5e8a648b9e52ca334e1797ec60571b', '0x0fdef06d3819a3158dcb8cd39d35b4705dd9c4121796b2d51a2d3d50d4a372f53331d2a1218f9a21915b978bf0579a2d', '0x045235e93e6a8615ad7ca64084a97d7e8322df0a7f89d82739d5044536b7544f2866062aefafb52e82784ae0ea7420cb', '0x17111bfdfbfafb8eb4c0a6dfee99e31c732504f1facf27fb0f0c143f95bdf0058464c55dbad71ab508a279a018e99ac1', '0x0157baa1e4567d3ed748b0e946befab67a615e5c0f00a24b2c525e2285aba2cf69f303b46745df6e9ab8aef5faaaafe6', '0x0349e1dcaadd04f46af3f8e2cbcd8e1a8fc4bb90628ded7a97c6c4e1ab4891da055a9959308c48954b0df0ba4d750b13', '0x1eacbd1c12a2e9727dc58434c48f458b0d7c5e79ccfc13c7a82f17bec3b21a1c7532760cd5dea26ad9dd542f39a6023a', '0x123e9ab874e2a30b3850baa983a44a37a1e3fc8c439c7654320f27f50d28d5c7a947e2d5724b19cbd4769e9c0ec4cf36', '0x0a631b11f14e1ea923c52286482dfbc9054ebe756f155360740c4c0cbb9a57372b3b0d98ca167d0b71c384aa0bae6dac', '0x17e06bd103156e1b2c35cfc0e0457f2c25c4bacbb3f732dc5e9805535af8290634261fb1dedfc91343d5cfc1e98cc9bc', '0x13e05fe2d8acfb93dcdda7c5a8eb5af1010cb6453ccfc0304bffdad9c7b8d34f5e4d5b726d659890639d0f865fbad421', '0x070ac84af9e36c248c04ac5b8fd5990dc0dd41ac21288c3ea6780c48e7f0cb34833021d6a9345666e3ac0ce775ab8065', '0x177aea81e9a09d8d84cdf4d0f9e88b20f3bba37b9cc7eec2dd90b3d50910aa1a7fbb24e48556426c00db77e7255e1ade', '0x180c9eb85d1d229aea44cf1d5e3e28114b5fce5b030293d5a3f95e33f52a81a62fb843756c984d6f430b169441cb21e2', '0x0523d466cb9c7c45355c31164c20a8e57b3a2c9e646a16f802669dd3916b558f72c7748fd5882e72d390f77341ed4551', '0x202ae3745105898443033ec2ced8f043cad26feefd78de9ec1ccab375cbaebc07a7df0aa5713c02a4e05c43c0712bb6b', '0x00fc4d7afc5a9d272b9a64b616061373d950449db2e09e158eafa190036fa6ae4bb72ce5c2bf31a0d7105eba79660854', '0x0e3935c9b047226580e9e6416dd48b55be0fd093b91750bfde9f85919bc470f85620388790d4151712bfcfd94fa53af2', '0x23c6d1106ddc4ee2b53b69b517da1a40b99096780f73042073d1c6c64ca6fafb68e5d506adccdf861bc3847283dc6b5c', '0x18471bfb35ee6b5be17d83794576abee416616cf2ba6a1568315f564dc73fe80d2f8a315b08f2716818b86faf5cd9206', '0x0c79b80927911a9d001652f292fe6f957e242c52de99f0b31d81f5a2ec910ed2a74c42291c639211f4f43f16483790e1', '0x1bca2c24a083d38ab5787849d84739a82a0c25601544ef156cb279c71e87d10fbe526ad6c544dd88aac240e62d8c34d5', '0x1573afc35279c9e3f3e704686d9b3bb2d9fea1906246ed6ea24002f417a957200240e6cfe2b753d87ac6d0ca2fc6da9f', '0x1234858ed413c01a4d2e3d0801bb2733772734f403850e6a0a5b98922c686183548528a1e14c755fe2df5649cf87fccb', '0x20795483ff443bfa271c8be77bb6df8e9e3a251c12f1283e889d817b9e79f2a3da34435a28451db8d7ec3a12e06a8921', '0x1f0f8fe08c6b3b311f40ce6bab379f4bd95ca683882c3108f07d0abb13da76889751698ed835640b7d4baea0f0ea71b2', '0x02f172a156e0bb89c3be934fe02526b5583da8ae7cdc3dfdccf8320a1c151682fbc9d4b29c36374c4aff1d949eaf484f', '0x1733441609c8e19f1ffd07333ccd8943933743c094c66255d627d32c7968a11a5871c2ac9ee29b3e1f54fcaf065d54a3', '0x0f61cd8473b8db86b6809bbd7d22306897cf149634a548f9bb3c8ba8ceb1daa6aa410abe8aa06e5c2aeb1b4583eb8cb1', '0x08952339e07cfd87da458e2f27de36d3a7dae866e5f06f88213a4ab8595b00a2e75dd6155ae1891206b70b0244a5f418', '0x10693eb02269b696fc546c078dc03781969a4ae44df6c27856d7eeff4a6310b71564dfda7ac49fb8f9ad3602d467797a', '0x0e2d0f83d19ed39f64027a9476a1cf34fffd9a59e57be9d461ee54f83822e59a66efdd1869ee2e14a737215986cd72a1', '0x1dcc56ae1e8dbd79bf1da3078ef13ab72743abd909c90921b33aa28ac856892731ddf98aaf78f4d2889553429ac69dd9', '0x079468e3a3736db8a4098cc69a36409a0200a1d9ffde495fefebd499a8fb41af730e472bab999e184ac2280fcc9eaadf', '0x09d8fccb04dc1c6297906b366ddf5ef2098af90834b063ab906216416917090a7fea233eefdb7a597e247b70b77ee4b1', '0x006023e9ef2a12555e20d0197ec23efd19ab2e0af224791caa389683b986d64eae6b82f6e89e1807a4b6d585afa0ce73', '0x0f54c4230beb73ac6664fa2ad0e0e8bdc9d8220e601d40e17780efa22aa3e12ac6e56841d808696ab561adfcb5b9951b', '0x0c730f48d721bf13423d7e2fc52a9bd777ec1da105e43bc254d64b488319dc69874aa203c607adebb128fcaf68200ef8', '0x1f57ceada9b0a52917755ffa8f80f5c2684cf93a63d912ef8256e3b7626797e881ead48c7a3f6f3b4ce937c572dfc265', '0x1aab6a03ea45dd53b4707903b8b22ebd6da35f639a929d937acba8f244e7c3ec9ccfc8425ef52510a51b4d049342e8d8', '0x1c70d88b4659834c47394bd8808bde6dceb8ec9d12e7d9299e11729ef3e595dc0bb131ca850f60e4bf1e3576657b97cc', '0x1632c9ae51b80474d9552997252118fcd5b811250aecff65b484cdacda1f52979120cecfc0b586ae13af714d18993cfb', '0x0c26903e43f53eb31826a16b4e6a8f409bc0df923ce2e525b76e4d622ceb84abb16dd36c40b4ea85c45b3638a62a7508', '0x13c98a27474e9baaafb6a53c357fe40e62dcdac82db6335cade3483131171e025b92c9a62aa9e30bd7d513ff2d117600', '0x042d5ca286387243ffbb4e637b8b33df83091e09106e074fe848919d607a20a87cc29d12399804d54dd61a449c158244', '0x0f78e3c502ebd39c81925c6b4143e8a835965806d2f7f26e7525eb8dd2be72bd0e9ca115363278740db7f485b58b30ae', '0x10fdab17cf7a8d1ec6f329840056f2ecf36b8e89221e6ccbcfb8e214e53faca202b08129c441c99e1cdc1a5b5e5c3cd2', '0x194f75c9bdbceecf655634de1720c2950f722a65eaab50588fc669a297b44bc975e283575c6a529374416fb78dd4d827', '0x03df7e4afd8904381d90bd90d435aac8c35249412fe2e004b8f9c280418cf40ed052b9502b6d133fa8d8639e09d545b0', '0x11834bc006665102348df2aec0382e9be077520a66dacfbd8b08bcd7bbc410012511d069c41791100e4255e599e8ebc8', '0x10e54fd5d550fe4804ea6fe836fa0c8b22cb4c7916b0d98bbb433982d702744a646fdebfe9ea92f34b7abb491fae1482', '0x03031bc0759acd442b1ddf6e8b8fa935ce431f6dfd47add3afebca5c0c0e5a79b607f42910dcb770564f4cb7e47086e5', '0x061da5cbed03488a110971be8e4b339483056621b6f910382dc65e033f619718389b39d35af825c7f95bb33a6e2682b7', '0x007d6cf63df4526f59b0f327071dfd729ebacd93a7ad347d456be572455237198618a73139426b44bf6c5c8b1755837e', '0x1d17d965b8ac491552185564a98e1805d6593edd082797691eaa2d4d86a66faa18773bd71b243dbcb667278dc37655fa', '0x00b9b327eaff95739bf7c51a55ce13a90503f18aca63dc3800c51589b36683a3140893b0cdad617eeeae847c2791931a', '0x0ac73672c76452df2ff579c65068c625ed994705ddf50c2ffe70f88bee3e6db9ca842654215002ce8a19be67c6618598', '0x0eeda074360a400fae51d43f1580455a4612b2f2791ff2f5ca018091e29c5e73df310f62ef0304869b7ba4a73eec8a00', '0x04755b35e5bb5d7c987e5d9d78db2ea3d9d1667d87c6300c1c806007778199bcccd7776efbe8e29f10470526fee370b3', '0x22526a580b172231eb625e7f9862e311ab099c09bed19623bd9b31f719ef758597c6095f27c08d01a9f928d5c76d603a', '0x04afed4c5edab192fdf4dd7bc4d06060081042b3165d354ca9e08c22692a50e7b23fcab3a0623f124dccd4f75b6a676f', '0x20c93f2c7da584c67028c86162b150b4f58d22a983d47a03787956c7da7006be90a2fa2a71a85a4865013e787d29b860', '0x0b9c45fe3509159bd5ef302b72c4c48c89934815d7f8e3d826246db4fdeacb040d1caa8e666f53050d44833ce330e31f', '0x04cadf37e2c3dc9f5e252790e43587403ebf23119ab6d747d2aa55bae07431c3eb6b7a2cd2f74616f943c0df2d12ce81', '0x04ea84a20f76da391aeaa9696d561eef242e6de660089e7bb34936efa2424681bcdd341d3d185f352cb3a5dde144984d', '0x055af1e2a8fa2c6444d5fa8b1c459d825b327dce571883a9554d303aef960fadae73634dfb6a8c5bcec7edccde2db186', '0x10f9291f1f3ae914c59aa26a236862efa86e922c37f72cad85430e0abdee79ef3558ca2a4b7ef0410cd5beff4aaad638', '0x0b1f238ad367cef5771554a6129ab36d6b5810ff4a0a3071a6bf1700844e83b91f2dc7b33eb18f4f9ef046f15a178e6d', '0x11a0f538d2a62273e6dfd67597b7035f8a7d2f9d608480285cff3135c83bde4bdc906ea5a139e7d522e2cb4e0cf2bbe9'] -('n:', 382) -('t:', 3) -('N:', 1146) -('Result Algorithm 1:\n', [True, 0]) -('Result Algorithm 2:\n', [True, None]) -('Result Algorithm 3:\n', [True, None]) -('Prime number:', '0x0x2404893fdad8878e71503c69b09dbf88b48a3614289b09012012246d2242412000000001800c18180000000000000001L') -('MDS matrix:\n', "[['0x088c2d4280780057ffcafe8bbbb4ea91f69f283eea1805281ede1aa654488c36865e58f3c3d85000cac40e9fa84416b5', '0x17f00adcd1da85cd41303f65704eaf4ef4b10041a9e2d8c792cfa009df11ec797c555c3d238a93a803acb453b90cb057', '0x0a5a51065bb82723d1928a2c096649010e080d00a2c4428fbea3f444d2906922cf3a422f1be90df3cef395dde4c0103c'],['0x23741c8a5536ad9a7c6920679761739126661c5e0e141440fad359315f40844a23bb2021522c0ee76db77b4221cc4761', '0x1f5536a07afa61dba46ea07f62c1782f794fbde79b89cc5a41834e9d979844cc942000cb660f4061c8ec5d1ecb2fc22e', '0x15c804f3f99088de93fd942437c7e21af1d9c0d562c1a276ace670413440c5109a0aa8162bfefa1328eb4015bdb3a264'],['0x239050b60e019b83415f6adf59efc5c60dddeafa2344db99b05c67bb0795c2b2f210291edb6ec1ba227036c721124e0d', '0x11a8f32b291eafe9457a5340243296417cde0c4a521666dbc39738aba96770c570a16b369890ca903330b97ba2247b9b', '0x189a3b2402fdfdf12cc664e550f6dd3bdf398269ef63da3aafedb87f1d8b1817c6e621f892c39f72bb2d8c2a59a52e19']]") \ No newline at end of file diff --git a/primitives/src/crh/poseidon/parameters/scripts/ParametersBN382dual.log b/primitives/src/crh/poseidon/parameters/scripts/ParametersBN382dual.log deleted file mode 100644 index 325db0d23..000000000 --- a/primitives/src/crh/poseidon/parameters/scripts/ParametersBN382dual.log +++ /dev/null @@ -1,11 +0,0 @@ -('Number of round constants:', 192) -Round constants for GF(p): -['0x1b2e3d7de9e4d64f71bd143f5afdd9bf086eb232209416c94cbd24753cfcd19da57fa7d54e7c9b8e127323a211ccd286', '0x0d9b70f7ac2559f464e521ca3788586f6b669eecf7c5035a78ce2aa2bc942a5ff4e488fb71dc9319b4f19cd5cf7a7a42', '0x004ef6668822e796f7e35c61451b6cc1a2772d3700f97c0a0151a69e009a084cb244d0b97edfb12a35373bdaae2a1a6c', '0x2099f5206b789bbfc9eae143a83bd7b75518683632ab6dfd823f64708cde08a6382f83fb91e88cda0376c0ae08a4332d', '0x1f9506b4670e2a30e6692ae4c47c7382ddffca674d25ce3c385356066ef29d1dcecc5be5405f0263fd9a1275a0e264a9', '0x1e99f41f8f33b39fda45b56f20d96a227b580cb7dfe0d21373ae778b8d9bbc6bbb2293e23ae659c9b00136417fcad4f3', '0x06729def6dd37df6f8cb2bbccbb48a19165f6e378881e3b13062157f43c6790140796f0a1592f87bb7e98755389ef7c5', '0x2011146a62d93b7d46903839c62dbaa237e051bd0aeff12991c64b47358566c8835411528e166e5700565e752590ab9b', '0x1fcacac3f261c3e57ed78e815913a3f5a10dc1548183ad3978be4cfeaf662c47bd08b6741d4f2b5ccbc1de27df257cc2', '0x12191670127cfb34412000baa1aa9dff8fb4c6adeaa7a72784cf805fea85011a88a77c007291029560bffbcee08c301a', '0x01d42c10a1d9972a484db7b8625d71184c33d5d8e1e7491c6500b6e3a274e08a39dfedb40f87f5aa4a9fe38feae31b22', '0x21c5dd68abdd5dd87439fd5409bbe7a3d4f253dcbd866d033fee17376417765836fde4ea2f19b6f8bd6544094865a3dd', '0x0ffdfa68a811cb4f86f4c91496488fc7107dc199c78e4685dc04af5a35fe99985f9de24e209bd5bff53fa5df9bd93938', '0x11681d1ff151ac1c307fc3d910279b12811eecb7d7020c5ec20de2281ab0461ff572ef07d10fdc919af6f0686e7efa25', '0x1b27731f679afb646da16da1acfc642b5717cc0dccb85b5de08b08a0988f481fa1006bc4200fb82efcc39f36dbc3355e', '0x18eca22295aa0e1360c73a597e340a33c61600da84d0879f266c4c4f61d8107f1e063acd855ae4d01385f2ac658944d8', '0x1d15518c3e1aceaa9b8a40e7de64b28268e27f9b1a0246f2e9323103bf8f19e48443113d9675dbde8f290e14d425dad1', '0x13a8b8cc856ec666dd13311a9f6ad07aadba8dc9508a60a19c175a85b3ac6d892fece2527cf99bc3b5bae4c78097773b', '0x0cb48f1941f9bcd4368149b74ff62d3ad116d517fb5fa1413cb1801c2f701b7664bcbe843a230aadf93ca10c4f143724', '0x07e112eb6647de85b0788d26c43c732b2bfb3e140913b3a8ca5b2ed29ecbc06e009807d2ad85a24ebf2f44a43e20b88d', '0x02ed9d9b7be32a3af8f8981861144c6acfafa464e4e221d86f5050fdeb7f823780cd6875cb59ab42c7f69615e9fb6a96', '0x204274ca2919c9ca403aaa321151f6aba8c6d729483d797a6b80942b6bbca934ec6efcdebcb48b942a35fada5125d91a', '0x12302a9f23b0b6c3aee6964c96a69b7e1936387aa08cded6df13557847fe646ea11acce096c030b2f23a65383297a14c', '0x1f67ff059f98ad68010b105771b6111113ae2143df21c4bce1beabba1d02e5e0963394b03fffd5519ddf8cd7a5ff5ca7', '0x1d0eee346871c208b09289335c23ad05ea3e450c6a7c52eaaab8129a95914fffab0b65fb535f517f075bd3f5663bb170', '0x0d6c896fce0bd5468c7fdf16c8ed62b241d5e77f11a9e4bae5ef0c93138723e13ebde577c545b52a3bab84e7551641ae', '0x1c6c6e41b6ccea702ae864040498a1840ea58df9abf5e9de9ebad63bbe9596400a14f77c67305cc3a0ea4baaaebd13a0', '0x0b0ffbb1574e4ae9df70480ea231a2f26901eb900715d47875325fa874c55d1e8db6e3acc1ffd2375a473c0d08b20c53', '0x188cd8bfbc17d7eae3877d37966e3b924ebd3c156653f6701e418c8b4301f8e5a99190fa1dad6976bf1c9f055806b84f', '0x039faaee00478fdcecda846c64163d58b3b81db44af4af79e2fa33794ab95e1e3809b7670c4cb72b9cbc021fdcfe814e', '0x11d5321c089e622446aafd526144bf71c70aa30412b9e656271d7c96c308beaccbed947fed5e6635d85c49184866818d', '0x0c6787765eb5042258761ac61213893315e1de5a9bfd35f7d2a31adde28079040b25adc4086c93f24602d767cb454c59', '0x003d342bbc9e5f941aee8a554e96b1a53ff46d668f3d22b1f87444442adda78fe815953ed834fc2cc7d8fc628babd2d5', '0x149cbd731d9403579f5d07e760d476e37efb1a423ac618184723691856f6d3fd32ce6ecc6025b9f56457b62be6093def', '0x076f96bd03afaa105f51f1d015fcf7d6014aa09d13415b8540f56e721b66c412da8f0cdf4048a59c1336188e06f81026', '0x23551d0d8bee17983d8a87e34ca24283f2c618f3eb30bed551a97edbf5b199fd99af9c972dbb7199514f51a61ec37eb6', '0x0fb206bbb333afcb1f7421611b4b73d372b5ed9a1582e43135ffca992997242c12b07b57ee52b1ec4e7977d0a68b41aa', '0x222f4f4a1fd67d99729f972e6b83a1f1a60141862c346158847f697ddf0268ddf00105576580dc5e9592ed5c5f445895', '0x0c8a6b8dc1f469523dd5d5a88056dce6c1af81d7fffa97306edeb106483073e6f6f742a1859cc7fb9b5536d21adb61c2', '0x1381aac6ef29a2568128733dc6db9377905a7f43cacfc7cb34a5bb1fcb4171cc7103dfb708a9747cd7e0b6cb2175bd1f', '0x0de148fdf2bdabbb548fbd173913563485bc365950b43b0f565a5cd4986804418e225fe6f6d14f2b710cfadf73b4cef7', '0x023adad069970f8543a9f343b07a4a2a4c16ddc2ea4eff66c604682c229985bce790e9fe11734a4218640cd8791bd66e', '0x04a2761fc31eb758b35bc3891f07ef720ccc4042e38c8a24d0297aa763abf8122a4687ff3b907d38cbc541662167c607', '0x045ffb698017e3f6d4a438904024196931b9376e9105d236b2d013526c45525a13cfb60608b47c3cce72912e141e1543', '0x1f9bbf8d5da4f9b258399bf2e22ecb10c9d94065a4d26460768d16348740372fa98927d1309e25612eb21907999ce3a0', '0x12a323d3c6879abd150083116ecbaa855d83b4f6d95cf21664174ae77f1e9954c74584659c85932e91f162901df9f74c', '0x19b6a583258a1792c0060b3fa7363661be0c2bc8911943e93701f37646297d0dc55f0766d577651b4badeac0fc903986', '0x0250a7bf52af335eec59810632637bb2b131c6d569dbcc7f9e4fcfdefd56195bfb2b54df325a81c172642fb9bed6a7c0', '0x139c2bce0bb056c3467f253099a5b803f37a3e5483e2fb1363665f86bfc722fc23628ae8d234e30b0a8083e95406cba6', '0x15b032821ab04183ad3743742bad1a43dc7af169ddbc20f30fd3bcdb217e6dd4855af64cc0cab15f4c7f58d2dcf2c87f', '0x121b838b5f396fc2aa9c884f01d90c28b36857abc672542703d7366189e6531a165a1d861f1c6daa8740cebc12d7064d', '0x0b03ce5f5af1c1a8d8d1ec587519eecc9618c4c6aaf07b1f60d68445f8c587eaf1aed4846273d44de9d99cfd425bebee', '0x07f6fee76ef4a22fa283c9f9f590e618ae89a4581d6e1ef480a8af65a463edd899b50d041c88e1445ec0ef6ca22286f2', '0x18ac80afa2703ce89a401fa2a37a56990ff33a9ebf01d02d0c3de8e72d460381ae165332cb58e43601fb9d2c22c25d8a', '0x22c1bb39de15cfeb3e1c6807adcbe567648d27ebe5b892be6e2d685d8e3a24e7a6deabac0d9464f1c8e380b4f834ba1d', '0x1086c76132ef6b404d5fb6a49a8d0a1e40dc30101cd9afa77fbc63b0b5c6fae220a40176c1cb18f85a47eeda68553ff0', '0x1ecff3ec1bad819776b8d8ca78217b2067deb0142433ecade2e74528662315ea3a9d61e337f53a7570159a7111a33e84', '0x209af6b95ad8058d6c7ac6c1877576ea19969b7bc93427b558df56c70b1fc26b340fe7ff88d01ce78b9feb6f022a8a52', '0x208de2f6293b454a2708c419ed7247aad8817074f8072e3a19e139cd10897dc8d20c0c546c293438f861efa223e5b6f0', '0x18b73d59c4ac16908cf65448652b3687cd9f0e9eeb29b5463f38b26f51565152b34307f1b20a213289679abfe712a1c6', '0x14522afc3dd3de38184207f4e6ad7c5604972cb6fe327b78adc35e78d74d3448c52bf9f1d0d0f426dc0e23ef568ec4dd', '0x1c39c7d823c34792a2f12f6eab1175bd0479de10488ff95da034a78588343a612b09e33764edc04684b721ed2535dc2a', '0x195cd75e13318c6554ce356a87c08366875b702b1a275f30df59c7b59389ea8345cdf56392b835eb1162406b4b432c8b', '0x137c726db8aa724e683e268925db49d11e1a3f7a726fa1bb679594f3533b072b603c2d6e53674d912ad63a49552dcab6', '0x1be16c60a0ed03c56c78f792a7677186dae8cc141846cf12aec40a72f5829957768b5c9ee5f280a5aca519643bcc87d4', '0x1a494fa4450504ab6228021843a5f8c8fed58a0db8f449f17b69f30d4ca78050460858e88f7443d4c19ca68d7ad5b36e', '0x0b08d66ee3086d31835d78ecb6c731b86b1c200c9888be72c9866cbd1b5fb45fa9035e30945f0315256efb64db8e1e17', '0x0faf5252d4dc9f7a886a662bc45ebde2a8dccc75be6c1ad6c6683faa154bc590ac86b0a7d274937b7f56f8117acde428', '0x01b08b17d0bdff761eaf30aba118e6c5ffebef85c85752a32fc99d64b50004f5beb10a55f688764378e7dd7f9d753cfc', '0x061a86384d9484d155ca3f69aa96ba82a5095ffb7e0c160eb96928a0ff8fe382ae1ac37869749c12d7be561f34825e60', '0x0dbea8877bdba885b11395b647985e535978a324d031aade9c21d7a384f10b624fc2390f869a0aa3b25d5974a895b7cb', '0x0202ce78b371e665d663a4f577ce0ec70ee5d490b3ce6053e4ce2eff0b97b3ddb0eb2df916b30127e2dda23fbac2a7f4', '0x0ff20abe74b5feb595a8871ea7672acc4724602f14f2d12e4176617a64c3b6e7050054d71e3f8b114b15afd2c6058efa', '0x0f203681014c6af7100ecf330f4df80d56a84211d46fbe54c4385da9d2551eea55060805820c10756b63389f85ef94b5', '0x0d9ee45db75a75f211dfcadaec49ce7f2e1676310b56249119adbcebbeb337e491ea1f09507cd4b041923bb0dd14f803', '0x09454e921b23d43ab08d781c2d8cb4625600dbbc55a7692a0970a349eaf967bdf87c213dab750a3940b4e4f25912071b', '0x0f1f14d99b2251610150a6c413ce349ce488005625b7b18186618db6dfcbc98961ec1093125103ed9802bc341acf10da', '0x21066fbbe2261a8ad595ee02a0d1e47a0ac688d7ce0a60f2b877f135ae48f82f1aabf107165595f5aba09b1a7617ce1d', '0x2201693465ea1dd850c2c67c17acb20ea236f28d0f04885b6334ad2d33229995ce0e08cff107198f1ac23e6ba4f87712', '0x1a975ec6a2f7b42941550efa4874525a2a7e9d300504a6866f102482d81bcefd7d1ed9cf206277559bfe2ad329c85d93', '0x232481866f13f90d878aaf259e02d3ba5b75f339fabfc2baec5f87ddc2434bfe28108620a690f03afd112926a6bae4ab', '0x043f5b356035027a59eeb8a337b5af322a96a662fa29d839318d4824a9d2e56266c53994b510223bfc9195a4124bddf1', '0x0a4adf5b7b45675249b124e1e5194e3eb931dffb49f25f856eb5980ceeef534e22948ecd9a503e7e7a92dc4562873a04', '0x03ec899221c468cf9877886032f2b6f51bb0e3b63abdd7e480ed3775ab8bccd8436c00ebb7f065a3ceb62156a8144cd3', '0x109270ff5731da37bf25c3b5faec13d4bb00aa502c25a7dafbefc464c9e3fca3da8f90a4dcaea18bdc7df853f6a7cc52', '0x0e0f421079e8278b829962fbb591a91073307c9a1d078702a2d5e332138de34285b090a5bcecd8bc9a61bc948bc271b3', '0x0b20b92b5a5be56328a894563e41a012eb19f3899085c4031cc4db8b400138b0b0459b9caea8ecb82ab53e88e6674e51', '0x1b8a906f0d033aad075d982fcf520e9c765074a1285e89f6e34cdf71c43546a5ab88df35cea9c0d543495e79f5ebd45a', '0x147a53266d26c17bf9b2a446e8285bfd432cb7fee2ad39e4a98b95f22e18c43f4e97fa91456a3b04e7e8cd3175364917', '0x1b5c544778c159328a3bbc184cefdf777e036fc8f706979946fea6cd2d8a17530505b6dc1692db7e0bf2bd2de4e05387', '0x09680d1614cdb7f9354b2d47234db8d43a8e8fed61d402ea126e0a09b3e0321562d30aa56141b016c8bdb5e697a1d5d0', '0x22cf92188779d86309de9c7a1e4562552e3155421e65ec16340edb29096de50e5cfb3dbe49f531de799d5aab4934548c', '0x014cd1db518df186a0321b0a73aa69b399e1389e78df9740331c4c9ac64c3507935e0c3ea2df0a1fd894cf5341c40605', '0x11349f6b122d8b40d8bc0a90a6e134925b6c3e753b3b2f20b82e71a47b6121407835b7e2f54f94f0ea33e50243699acb', '0x0290fe42378e103799766a36e6a0179e99ae7ba657e0ace5c6d0de4ae32f3fe83730916f509360f96ea2054176a354d1', '0x19ff8c48cf610ff2ac6bc9a53dc0a8832783c3a072016d23422ce90948288fd5493ac925ac3df07f78e7a25b6d10d0cb', '0x17ead60f1dfb2fe7d97100df9dd1556aa2c6286d80f83eaafed6f13eec01dd10240d1eb6ac4808833c541c9994e2bd7d', '0x23d076e59c4cb63d87f658f4e4a1eda41f84e3e9c83794f89b9cd84422f34412effca4aaba99cf30a8dc848bd35ab049', '0x0069e746298b6e0690fca5bf66f6f1d367544b94f51375b34f5f50f51185b56fb2ec00214fac414391831cfb246c031c', '0x1017499e4cc3fc58d5792af8d4b9f0e243829cbb51b36ff454b9c741b97a46a1d7559cbc616f4e17e8323b053eb855dd', '0x1f8210a9695bda0958dc27a57fd88de11bf4fcf3ce5cebcbcaf32e4a1ffb738482aa4b17d55a754f1bb500a91a983caf', '0x1427ba6b7de5551037df972a33690ab6afdbb104b05e01dece3300f938b303e49326d19dbba62a3da1357548b3acd77d', '0x0f5ad6b801168c0f4874f9433814d96a82a90ba494dd4a85fe81e6df7783737ac11168c5634fa4f87c85d648aa5ce629', '0x18ccc64a2bad9e05e7ec236de148fc2190aeb2f53bfde5a5dfaacd087f1ab9cdcceb41d5db2ba39154ab8d1fdcb7420f', '0x00c662c96805ff39a3dcbf0823af95e26dc083ba4b69d4350d27ae69fae7bf0a35dc5eb1ae917fd5d3c49140e5b9a5b9', '0x15b985f285897210c7eef472eb8d2843530f815943a63d0609adb01b294f5d691e16a88ee38164c8aa82cb7c91784930', '0x1647b5e3fcf1c39288a79eb5cb99bd27d9bec41143c6b6417c2871f06765b5213bdbc8a691fede3b8be3758131316daf', '0x19f5d67d71e8d515ed4515b98bbfe6c625e2493b86b4b8832cdd905504ca3c31e5b2da18a1cfeb92908b7537b9699d04', '0x233fc908356053276a1b2d969a942ada3f4abe8a7fca7b97dfe3ad588f60b8d3c0ec3aaaf70ab19a522c79d5c28a4ba8', '0x12332419b2ed3cbce7af3987902fa93001908a08bba5e562cdaa2489c6f794e7c8ba881dd8a3402a121b319abe496260', '0x191917b44686cbb2c375030df6d843d41eebe6c094aea70fe53062c21d92122fbd9ee7218cb9e29309caacf8df949f23', '0x19a43cd5f5ee72790d3432c64694c0ac0c0b90e618353216fa8c7f54147038992b86fc3054f8fbb1e1281dd14162db03', '0x01177b81270bb6b4c1728a5484b9ca1057c48816a40a80dd8330d45961e784e6b22d1e07eccf20c521d4292a73cb2e1c', '0x0300bd3c89fbdd5f98f72072aca11c37d6ea9ddc85e8676c7c93cab860ffe4655f24f26675edc9fcc3f40f48ca518f62', '0x05ee1eaea0af1e0c9ed1ec0322fb10d0f2981d95a24ef33842efd7aa48bf74c4eabb1f93d0854c27dc4805e16da33913', '0x1672027f4e29e39165aec55ca0ba32c8e37749889d98409b12143f799c16abef019ca26cc80137f9efef0efa9501b609', '0x23a81ebfaa2ad71d05dedb91f8d10d598f2417cdfdf7024e34d6f12fc1124dfb0fec1bcb4336b38d8c63ff5cf2473376', '0x1765f17e8893c9b8beb85e0a5c7d12594304a73ea5b0e10f96be16e3f690db780f487d038fea173ee09bed1d0296542d', '0x1a4d335d1217cdca51620efd02f0990daef9a69cee49a8b022434bd6c0dfd4e7383780545789f1243e084da06b60eebe', '0x20e6ed2a5806207bdd4cb8e84b2b2f5ee40aadfbe854451fdb001ffc5c9dff8df93370a56c3b04c5b7b20e19c01fc009', '0x164e4a97aa261278778cf3e6b39b7b8d49f1ff78c41c216e357366bcd9dc041f89dda7480bc7e4fa93b74cb74bb73c56', '0x1938f89c6a8cd855cea2f6e901ee1529b810e22867d20e7e6409b1e90e39d310128a08b13e2ff897690fc9a60f40c4c7', '0x0dc610073b238f858e42f96c0731f38226a781915dad797815046da5166e50fdcb988d7d6464409ee3c075f916ed2ea8', '0x148920f6648de4d7bb2b875b22a27ba5ca9664ab0138f5e6a89547e5fba7912f7d5e8a648b9e52ca334e1797ec60571b', '0x0fdef06d3819a3158dcb8cd39d35b4705dd9c4121796b2d51a2d3d50d4a372f53331d2a1218f9a21915b978bf0579a2d', '0x045235e93e6a8615ad7ca64084a97d7e8322df0a7f89d82739d5044536b7544f2866062aefafb52e82784ae0ea7420cb', '0x17111bfdfbfafb8eb4c0a6dfee99e31c732504f1facf27fb0f0c143f95bdf0058464c55dbad71ab508a279a018e99ac1', '0x0157baa1e4567d3ed748b0e946befab67a615e5c0f00a24b2c525e2285aba2cf69f303b46745df6e9ab8aef5faaaafe6', '0x0349e1dcaadd04f46af3f8e2cbcd8e1a8fc4bb90628ded7a97c6c4e1ab4891da055a9959308c48954b0df0ba4d750b13', '0x1eacbd1c12a2e9727dc58434c48f458b0d7c5e79ccfc13c7a82f17bec3b21a1c7532760cd5dea26ad9dd542f39a6023a', '0x123e9ab874e2a30b3850baa983a44a37a1e3fc8c439c7654320f27f50d28d5c7a947e2d5724b19cbd4769e9c0ec4cf36', '0x0a631b11f14e1ea923c52286482dfbc9054ebe756f155360740c4c0cbb9a57372b3b0d98ca167d0b71c384aa0bae6dac', '0x17e06bd103156e1b2c35cfc0e0457f2c25c4bacbb3f732dc5e9805535af8290634261fb1dedfc91343d5cfc1e98cc9bc', '0x13e05fe2d8acfb93dcdda7c5a8eb5af1010cb6453ccfc0304bffdad9c7b8d34f5e4d5b726d659890639d0f865fbad421', '0x070ac84af9e36c248c04ac5b8fd5990dc0dd41ac21288c3ea6780c48e7f0cb34833021d6a9345666e3ac0ce775ab8065', '0x177aea81e9a09d8d84cdf4d0f9e88b20f3bba37b9cc7eec2dd90b3d50910aa1a7fbb24e48556426c00db77e7255e1ade', '0x180c9eb85d1d229aea44cf1d5e3e28114b5fce5b030293d5a3f95e33f52a81a62fb843756c984d6f430b169441cb21e2', '0x0523d466cb9c7c45355c31164c20a8e57b3a2c9e646a16f802669dd3916b558f72c7748fd5882e72d390f77341ed4551', '0x202ae3745105898443033ec2ced8f043cad26feefd78de9ec1ccab375cbaebc07a7df0aa5713c02a4e05c43c0712bb6b', '0x00fc4d7afc5a9d272b9a64b616061373d950449db2e09e158eafa190036fa6ae4bb72ce5c2bf31a0d7105eba79660854', '0x0e3935c9b047226580e9e6416dd48b55be0fd093b91750bfde9f85919bc470f85620388790d4151712bfcfd94fa53af2', '0x23c6d1106ddc4ee2b53b69b517da1a40b99096780f73042073d1c6c64ca6fafb68e5d506adccdf861bc3847283dc6b5c', '0x18471bfb35ee6b5be17d83794576abee416616cf2ba6a1568315f564dc73fe80d2f8a315b08f2716818b86faf5cd9206', '0x0c79b80927911a9d001652f292fe6f957e242c52de99f0b31d81f5a2ec910ed2a74c42291c639211f4f43f16483790e1', '0x1bca2c24a083d38ab5787849d84739a82a0c25601544ef156cb279c71e87d10fbe526ad6c544dd88aac240e62d8c34d5', '0x1573afc35279c9e3f3e704686d9b3bb2d9fea1906246ed6ea24002f417a957200240e6cfe2b753d87ac6d0ca2fc6da9f', '0x1234858ed413c01a4d2e3d0801bb2733772734f403850e6a0a5b98922c686183548528a1e14c755fe2df5649cf87fccb', '0x20795483ff443bfa271c8be77bb6df8e9e3a251c12f1283e889d817b9e79f2a3da34435a28451db8d7ec3a12e06a8921', '0x1f0f8fe08c6b3b311f40ce6bab379f4bd95ca683882c3108f07d0abb13da76889751698ed835640b7d4baea0f0ea71b2', '0x02f172a156e0bb89c3be934fe02526b5583da8ae7cdc3dfdccf8320a1c151682fbc9d4b29c36374c4aff1d949eaf484f', '0x1733441609c8e19f1ffd07333ccd8943933743c094c66255d627d32c7968a11a5871c2ac9ee29b3e1f54fcaf065d54a3', '0x0f61cd8473b8db86b6809bbd7d22306897cf149634a548f9bb3c8ba8ceb1daa6aa410abe8aa06e5c2aeb1b4583eb8cb1', '0x08952339e07cfd87da458e2f27de36d3a7dae866e5f06f88213a4ab8595b00a2e75dd6155ae1891206b70b0244a5f418', '0x10693eb02269b696fc546c078dc03781969a4ae44df6c27856d7eeff4a6310b71564dfda7ac49fb8f9ad3602d467797a', '0x0e2d0f83d19ed39f64027a9476a1cf34fffd9a59e57be9d461ee54f83822e59a66efdd1869ee2e14a737215986cd72a1', '0x1dcc56ae1e8dbd79bf1da3078ef13ab72743abd909c90921b33aa28ac856892731ddf98aaf78f4d2889553429ac69dd9', '0x079468e3a3736db8a4098cc69a36409a0200a1d9ffde495fefebd499a8fb41af730e472bab999e184ac2280fcc9eaadf', '0x09d8fccb04dc1c6297906b366ddf5ef2098af90834b063ab906216416917090a7fea233eefdb7a597e247b70b77ee4b1', '0x006023e9ef2a12555e20d0197ec23efd19ab2e0af224791caa389683b986d64eae6b82f6e89e1807a4b6d585afa0ce73', '0x0f54c4230beb73ac6664fa2ad0e0e8bdc9d8220e601d40e17780efa22aa3e12ac6e56841d808696ab561adfcb5b9951b', '0x0c730f48d721bf13423d7e2fc52a9bd777ec1da105e43bc254d64b488319dc69874aa203c607adebb128fcaf68200ef8', '0x1f57ceada9b0a52917755ffa8f80f5c2684cf93a63d912ef8256e3b7626797e881ead48c7a3f6f3b4ce937c572dfc265', '0x1aab6a03ea45dd53b4707903b8b22ebd6da35f639a929d937acba8f244e7c3ec9ccfc8425ef52510a51b4d049342e8d8', '0x1c70d88b4659834c47394bd8808bde6dceb8ec9d12e7d9299e11729ef3e595dc0bb131ca850f60e4bf1e3576657b97cc', '0x1632c9ae51b80474d9552997252118fcd5b811250aecff65b484cdacda1f52979120cecfc0b586ae13af714d18993cfb', '0x0c26903e43f53eb31826a16b4e6a8f409bc0df923ce2e525b76e4d622ceb84abb16dd36c40b4ea85c45b3638a62a7508', '0x13c98a27474e9baaafb6a53c357fe40e62dcdac82db6335cade3483131171e025b92c9a62aa9e30bd7d513ff2d117600', '0x042d5ca286387243ffbb4e637b8b33df83091e09106e074fe848919d607a20a87cc29d12399804d54dd61a449c158244', '0x0f78e3c502ebd39c81925c6b4143e8a835965806d2f7f26e7525eb8dd2be72bd0e9ca115363278740db7f485b58b30ae', '0x10fdab17cf7a8d1ec6f329840056f2ecf36b8e89221e6ccbcfb8e214e53faca202b08129c441c99e1cdc1a5b5e5c3cd2', '0x194f75c9bdbceecf655634de1720c2950f722a65eaab50588fc669a297b44bc975e283575c6a529374416fb78dd4d827', '0x03df7e4afd8904381d90bd90d435aac8c35249412fe2e004b8f9c280418cf40ed052b9502b6d133fa8d8639e09d545b0', '0x11834bc006665102348df2aec0382e9be077520a66dacfbd8b08bcd7bbc410012511d069c41791100e4255e599e8ebc8', '0x10e54fd5d550fe4804ea6fe836fa0c8b22cb4c7916b0d98bbb433982d702744a646fdebfe9ea92f34b7abb491fae1482', '0x03031bc0759acd442b1ddf6e8b8fa935ce431f6dfd47add3afebca5c0c0e5a79b607f42910dcb770564f4cb7e47086e5', '0x061da5cbed03488a110971be8e4b339483056621b6f910382dc65e033f619718389b39d35af825c7f95bb33a6e2682b7', '0x007d6cf63df4526f59b0f327071dfd729ebacd93a7ad347d456be572455237198618a73139426b44bf6c5c8b1755837e', '0x1d17d965b8ac491552185564a98e1805d6593edd082797691eaa2d4d86a66faa18773bd71b243dbcb667278dc37655fa', '0x00b9b327eaff95739bf7c51a55ce13a90503f18aca63dc3800c51589b36683a3140893b0cdad617eeeae847c2791931a', '0x0ac73672c76452df2ff579c65068c625ed994705ddf50c2ffe70f88bee3e6db9ca842654215002ce8a19be67c6618598', '0x0eeda074360a400fae51d43f1580455a4612b2f2791ff2f5ca018091e29c5e73df310f62ef0304869b7ba4a73eec8a00', '0x04755b35e5bb5d7c987e5d9d78db2ea3d9d1667d87c6300c1c806007778199bcccd7776efbe8e29f10470526fee370b3', '0x22526a580b172231eb625e7f9862e311ab099c09bed19623bd9b31f719ef758597c6095f27c08d01a9f928d5c76d603a', '0x04afed4c5edab192fdf4dd7bc4d06060081042b3165d354ca9e08c22692a50e7b23fcab3a0623f124dccd4f75b6a676f', '0x20c93f2c7da584c67028c86162b150b4f58d22a983d47a03787956c7da7006be90a2fa2a71a85a4865013e787d29b860', '0x0b9c45fe3509159bd5ef302b72c4c48c89934815d7f8e3d826246db4fdeacb040d1caa8e666f53050d44833ce330e31f', '0x04cadf37e2c3dc9f5e252790e43587403ebf23119ab6d747d2aa55bae07431c3eb6b7a2cd2f74616f943c0df2d12ce81', '0x04ea84a20f76da391aeaa9696d561eef242e6de660089e7bb34936efa2424681bcdd341d3d185f352cb3a5dde144984d', '0x055af1e2a8fa2c6444d5fa8b1c459d825b327dce571883a9554d303aef960fadae73634dfb6a8c5bcec7edccde2db186', '0x10f9291f1f3ae914c59aa26a236862efa86e922c37f72cad85430e0abdee79ef3558ca2a4b7ef0410cd5beff4aaad638', '0x0b1f238ad367cef5771554a6129ab36d6b5810ff4a0a3071a6bf1700844e83b91f2dc7b33eb18f4f9ef046f15a178e6d', '0x11a0f538d2a62273e6dfd67597b7035f8a7d2f9d608480285cff3135c83bde4bdc906ea5a139e7d522e2cb4e0cf2bbe9'] -('n:', 382) -('t:', 3) -('N:', 1146) -('Result Algorithm 1:\n', [True, 0]) -('Result Algorithm 2:\n', [True, None]) -('Result Algorithm 3:\n', [True, None]) -('Prime number:', '0x0x2404893fdad8878e71503c69b09dbf88b48a3614289b0901801830918303018000000001800c18180000000000000001L') -('MDS matrix:\n', "[['0x004b4c28eb8b438187667a51ad2a3ca0a28b02c6d98db79db8177005b7a95f4ff3c0933ccf7e72fa42bbb8d65253bcdc', '0x0e2541b7690be256609d3b913fd9eecee2d795cef7dbc2b37e907ccd36dd64ccd593b7eb2de4e4b3dfde47e571b49964', '0x0329ec509547f63d8e2bea2f9966ccdf88c5049c73dd5bf2f34cde4ef3ef1cff6a318789393ae9aab905262791cfffeb'],['0x22fab41b44a7dbf8ee4cf1f43d2f94b5d00127916845c007fc62a8c55fd1e5329b2fa4f2695e74db23b86f8c17b54592', '0x129cde49fa36c84ffc2fd43074d113c36e608dcf565ce6f9ea3fbe459c573ca4a3d9acf92751afdfa5c3a5c7a85c505c', '0x1abb8133ff62e8d826aa70ae42ff8298673889c7391aab7c051c8e37d52653478fd3c248a75cf41d3a5db85f44155f9e'],['0x081f48decd7618297347d60077cf4fe10022a11cd96c51baf7caa0368f0833df35472061e99d0c6a7a2312d6e1f8debc', '0x0c4dec249a5f32f9150a03fe2eef96f107c349cb04b9c85e9d17d97f7d0053a846ba1beab3de31a37a361238d339566e', '0x234bee4067f5999d5e3d315c3b10716d05f2f9b7b4d63e6d95b9d29c3530fa298ac1c9643144d7b833e81982a54c851a']]") \ No newline at end of file diff --git a/primitives/src/crh/poseidon/parameters/scripts/ParametersMNT4Fr.log b/primitives/src/crh/poseidon/parameters/scripts/ParametersMNT4Fr.log deleted file mode 100644 index e7165ccce..000000000 --- a/primitives/src/crh/poseidon/parameters/scripts/ParametersMNT4Fr.log +++ /dev/null @@ -1,11 +0,0 @@ -('Number of round constants:', 213) -Round constants for GF(p): -['0x082d0273dc07b9d975d50b650f44a40e1d24c8e1e40a7ee33c63a1708c763bd64fe4e7114c33e9e10ac4b35a3c05faed132d18e26eac60871f68582eb08b3e89b1bf21acf5ecfd88dc59f0fdb61c07ad5ef95ce94a08209375804dc906845', '0x00ce71472ac8f8464206999dc579d8eeaf15abec3c5908000fd536b0a2bb834ffd807388f992af4f6addc015ec1aeff0356c29cc038b2f43c86f79565185702ea8dcce8b86ecb0f3d04ca7bd62be43bae01a8c6e8db267f88054b55da7db0', '0x1873f34ad97ee284da0f2feb9545d2c226cc97d5fc446c991e08f04de7832b4a608da2c32b928f0e3756d826ef5aefa1c8361fbb50663f8f6126ce0bc1b450b9c1a5a7aac1a1ebdd8b2a7ed6cf5f18e289e205ae4ec18ef8a48dcf982805d', '0x1567d2fb8d623272599aac3cb00bb2c2290bd26174483949cfe1f7c8a2951cf345d6cefad5cd6967f5b8cdbb80b6af4afcb0a3837181c6786256a7bc60c501cbe61ce5e345f165d093b75b933bb9a4cda70d9572de3d0b575e5a2f049500b', '0x11eb6f32e385da8b297317df32beb3654dfa491ada14515d6e4658f694efe81128914ff194a2f2ecabd33334ffe71b9b650f3b4dcbcd16f3d8d2c4f428d7285a16a1f21cf2ac24bfb00cef627b80bc3010f6559c11e4f30459252ee1cb439', '0x0c6bedddeb57b5d39188d51d27fa853487deb48bffe5ea76f5cb190cbcd4d4480a4a66a2c1f48350aa0ba2525feb0bc16d9a0b76a689a4550b2d3b796366071cf93fb6ff62fa43f8e5a0ad23c271b23e8d20de8aecdd123d36a160c9bfb9c', '0x1005692836f931bb50f360a56bb53d18c360cc7e1f339b7eca4f0a9117d987edc35c1c16bc194d65467e13fb6c176262fa1b83af9de5ada87189642d96caaaab28bad7f7f524aebb73783a0643fb717e71e03004b5660006fd16cb3a16b62', '0x05433687c89b8d7fce80605696bef51fd00c7a58f63b7f231610980281840b561ae65e25d563939aee6d6702d865ab87d982fc95a3e1b2744269404562a9979ed05d4b25b33ab4e57dd16f3e260d63fca276cf26b26b4d039ba3b3955421b', '0x09de961aab38d40d94dda571f6bfda77b8ea2b300d1930c70f0782be76a29f342eb1c0946fd693e4fcb1c77f012cdb1fc03354c514173eadc7a5fe2b0bc82f3080b2c2ad0c8935c7122714041c86ca9605a5138c6326ab5ec8703910b7ce9', '0x1b395375dc5b1345d967efdb5c31563ecb9bf0a1f499e17c93be27cd19599cb08eec41587c119e90dfce200310d833e908b39907a86fe448d0eef0dc8e5035b19056f048191e4b00b57b7e0a83438816653a6376218cd9799b02d9e1b0c57', '0x0f2ceb7f872b35061e63c575fe2fc377c0827c9222333a430ca58d9bccac2e773b47e5c9bc7744420a359115855eaccc537f6091b485304b574db5053ee50e3414d97cac046e3565022d6635de7f99894d5cd1a92fa2acf02fdfe14a802f4', '0x0969191c1283959f7b62614d19f08419fddc3429007bf3a563a7b81143d1190406bb75fc090250402e0743412bb1eaa6c12bee522d962c4fce686112f6adc88ac234e516d74489d287cb9a14557e4d35349870fbfe79704c01600e07cefda', '0x146e7d2e7283b9f9815a95b3dbeeb05d174494d4b4d316d910d6a06316f4221d682a0b5a4e7b807f475fdc9d42563dbb1327e5f4eaa6964d34c7c1bc91ebefbdfca27eb3bfa01e71745241cdc5fcdaec9ebbe7e95ba04a68fc448f5dc30cb', '0x1ab46ef704465819a56b2e8b053243c3b0f57e301d2971ae0aee47fd94684a5b8f7772aac7b4156a8d7587d2effe7c770b40001fd7e97aaf4e9888f992240282ecc78a113a6a29d231b71758c1ecdb86b410a870c20ae1070d3b4d00a718d', '0x15617848090baf9b9cc84f0c459916987e7a1502db21ff93cfb012789b536431ecb849c9b07d1a216f1cac5bcd8841665b58abb7a0e0122a2755254fd844d9ce9b10c525aff3973b39df49985ea5ead8ad35b424196c311f71f53e1e5f1b5', '0x043e7753eb29c00b009bb6f44acf70d7a64e2f2811d6f6f9014000762cb14812c239561761024a83ddac8f801a56669093d92a7c2adf161c54439128e7d1c03d7445dc20e8bbf2457524dc032179cea2e92407b79ede6fad8d33af570f063', '0x06c2003b6d6ec4b149ca23af23430d78963475015ad47f763915fee96f67e216bb54ef692a87a4547253a7c1e7f72c51c13ac270d72e25a6da7d2c8b17f2aa774cc7d7d898cd8f2e65f1d0eb2a6cef7c8e4831fd11a62c123e351163bf327', '0x056a8f944508e9746bfc715a79a750c3fd7fc8bddb750992154d0c8f69abe7c6e0f4477760ec177fe6279bd16af75347158d3e672125add3fad590363e3b671179fc65e95bd391b6b300451ef703ab5cd8ecad4a256348733e5bdebfb3dd6', '0x0c154accd85e2234fc6591a1aa85795ca1ea80a10a866063a6eab175cbf025b7788717a4203c3edf021c4170eb2829f805d14d8d41fabc1019d44b816626c1d9c69f5bc14f1803cf4d0872e9cb8a468493a03f85b5c6b57effe1d65aea97c', '0x1881be7094e96d049ce7a49bbf8a42c6346b200e7fb66153f9ca3627f87eb9eabdf35001c730af82fc6d3b348c017e3ccfdd8bececf003f62a00aed0cf6a7686523bdc63b21aa4e15c6b326ddfd52e6c887337b0090125d16bfea9636d12e', '0x041d7f203c42c947f224e26203cce8602e5525e5db56f7371b66d9b5d99fc0d9cf68dcb4b788b1ab10915bf5881fa2b9607b413bba71a410a1e6a2692a8f7becfabff3dbeba22903b00be266c88bf51f99436e8efc761730eb0f7b27f4692', '0x14ace67744e0b85212b459b1c66c5a717de57f24596491de281665f4ac4edbde60c7a492593a231255871df2b9d16486c42f268cc5aa4cfb73fac28825ea05e46c288d2b845853ec85cac5133504ad910d5597525cdd04636f44ff4f88621', '0x0779d34d5b6848d4c30782c7a32567ee444209c2b495aa0512ea63b1a49f7a55fc8afadce0c6dbc7af4820fbb80508958f8dc48f0936e94815acbf567a05550aaf39cb4522194d0c95f5f52db96233812c673f1f991fff5df5b90feb17c90', '0x08bee62abeed7c0c4349925c991c56b0fdf5e07c934a71a6f038e89879fd238e72da55201a9b93a7de9c8351e89b570045a32fe073c1cc6c6e40b1d04de2c5199e9a5c31b094df3c5fdf0a5e2ea71b3e50723f97efdab0a5b9b32fda20875', '0x1b514963cd27462c5f862b44996ea7c6663b8f9475491cda0bdd32dd43f75aec382aba059609b686437594ebf10139864fc8c31efba6e837759273ef267212e2bbcdababed5b034b0b296418a6fb69c2d6150b255f92bef98393f97429983', '0x034c43eb034b719449aced9fd3e9f91a6b4cd8671fb165dbe7557692e11766a92bb8a684cd55a0a83d1ce865c924c1d57ccce24988eddc9f2950fdf3e4bfe188a6e715298d673ab14deefb428a49a1da2bef0f2fdf00f2c64642d7bab94fc', '0x1af0e3ec0daa710da1680d203f3cc4d0a3bbebf67732486489deef48576333d8b05122c07eb26ea05834d469af47f4e8e4b4b5f14ff27bd3bc56fad854531b27bab6b898144d63ca6b886750590f7f1942fe41abc13a50e1ea5d3f11d136e', '0x0a0b2a05ad4f318d9b2e25b7d75171f03b480f2bb1bdfc7fca783042bd4eba1368e424766f1ce22ee32dd20cc1855242fd011b4335516fc6be0c8010138adde05e6a048640e7a9ec347fdb0f124cfb66eb24425214aaaef2419ae1a3f3130', '0x0a336ed79b3d9355932b76d65c48b57d54b5f1c4fb1ad3095cd5940d89e2e8adf608c1fdb7ba5bc94c077778031a94d626d807ce0a1af8184ea60161fb07baecfad495a4ccb48fe543b073fe57425f8711f2b028ae14447473455d01a3a75', '0x0c333f0a2e4e0f5911f7904ba00668e9cfc28437be81d02fb9b80dbf30592e43e15055c06f98dabe041c6cd64031421c5475db7dc2e0f372ebea6fbe218265010a0af3f49aa0cb9642440c81a32b34abf58ec27d79a88762be04d9bbff2ec', '0x164300a0243ec8ee38168250c1b6c581750066287d6658a17247727fba21ce6e32e7010e2a1bed5f484034e572a19271d07b8bb4e8dfbed53621a67d66ceed5624a74ad16c912a97179c2e5df389984b63d8f322f46f99a45bee53c99c89c', '0x112d42c69c436d37540d9adf79f7c5bc0fa3d1e2809163a3df6d62ed8df6a16a6eda93b1f55a47fd259495abc8fd98c707887e30c95b6117885d6aa5505aa873d0c407f2ca85460051c9ce26ba3fbd9a3febe31d9fffd9f25da517ecb1737', '0x0e19a542b2a24b063b5febf60ac215b679dec62931ab88309db8f087e24ba501dd072b09b4e75552519db4b693bfcc8172533e23c364aa886fbbe47684e355a1674010a6d416e54386e90e7acc3d34730df11d79629450c6eeaf3b3fdc3ff', '0x16add66e0045dd5661e81a7c4d97c909430ca01138dc7df2e9adab2d0c9dc7c66a204dea13218ea40915e37619afa647933872b81a6c3d2b5d87a3da85144f9aa31b7185ac06861717468dda7e4d70bb5049afc2441086e131c04a4e8a425', '0x0b896b9b4e40e964c96f631da826662822d1fbdb9f35ce5a63460399f59dca6abd68c2578a68522adb3cd3bc0c9b18fe995ed3236a1aa2f901f406d4ac950c708103cf252122e691dd8ab3ab939828b543aa33b5a83bc0d46a3f0c135ec0b', '0x1b0c9e1226f34c706b85f9c6288e604d2cdf57073e3e6454c7200fc64fbe90c550dd4df86c19b06a5ef14990743e3c9f20c73423d2837e37d7e331bb62e5555998ce1560387eaaed0939ece298d4aab20ac9e09ce0b97905c0bb09683d6b7', '0x04ececacf26345b622a025ae679d42022fc85cdc60381785f69dd2c4c121c3b14401ad902f0be21efa51aaac420e1d9eb228b150ec1f85d852e829c28a544e572164ab296ae8e0409199b561cf2b581a4e75e05457b7fe088d975e1902ac8', '0x17a8331ef9a3b2ce29db03451abfb7b82b9e883185b064bdfe17b22a746525db892fc48b8055c00f10d5e781463dabc363cb43128a09d115a3d86eac97ac0fbf7f281ffada979381911b4d1e48d01ea525d0b56e7f9925c8c4e67c1f1f354', '0x165b395f807b5de34fac2f462bf90c40b287d48068ba72c0d22d129324e54f9b180878a79d14ac5d8028aad5a258e9a3282d153e75b4d8e13d875861ead613e5e13ca3fbe59f1fd02c53a373740405341321e4d2e4cf12ddc357c96203fb5', '0x1b4093ab2af011617504e9565a116854fa27ce8aeaecb84d9938839fd1af8849083ab009e3d294e550a5eca1d65c01c9aaf15b7b23518831439826a301b6367ab426a88b27656ca4499780c343bc5e225d03ed7a2608787085dca1727572a', '0x189698309a4cb649f0d059f104330b74ff11d0f3bf8083fa9220006ba0531cc8ace7a12a35c793de387f99db1ec4f2c0ac82e6e9280a16ccc951202f6a0303241c193afad745d464379a2f0789e69b932c433fefff7c2ea971cd71bf9a9ab', '0x059197712b292f651d71475345a27a443b461824bdbe45df9f5ae126e6a0d9b0efa51bede852e0083e908b604be31a43533eea3640da46bde3cdcf7dc0e874ba4e15fef5650b04d3ed5c0e520e9e821c4e33a84343a731dd3c8b43a88b942', '0x1437985882d42e0490186ef0318e92dd74928aafa439f32096640bc6c14778e20da4da178e6de317a9242ba97fdf8d157a8828f0738b034966046df50f76a2e8e32507af372a258ba92162a8c921f0a07c4e6021fa911e4b6d657fb4d46cf', '0x1907c626d953aa3a916686e96a40551bfd4b21a4ffc2c2432116d0acb79ca1bd8b4a7c1e9d774bd2c5179401682ba2bc23a6e88c83adfed4a8653bd2c20c280cae02a8a1ab40e6194351b98a17f52653f24c3bc31ed4d1ee42b5d00c6e8d9', '0x049b8c99fd6b0568a6942005a050ad60d1a76ccd9ecda7bb203aeb0b2baba7b54bf107ac82f5245404ed672c0e08e7c7a933bc4b1769fa8c076a753f70a3c965d890b1808a6ffed1194a3afc1bcd35a574d5bb37ff53a8dfd85cbaa612a90', '0x08f11b2ad661ab1a8ec54ed6864196851d5a3410ba8130e55723d6c0e9604550d0e27caea2578010024024ffb3e3f81f22661575f07753c0b81227e3a020506d818911106e47fc57b41ff390e9a5d7bcfd6e154f61c7e93ab1d0da5496c94', '0x097987965814b406353c44fd51011b3f94e1a390ca72adac050430ea2f08a670a056c5f5cd2beefe3b0394f9af5d102db0f44edc6ea9b0aa22ef96e1daa8a3bb5e32447c355b202438f4c8ad6d9e7c1c3abd90a2cc63e6bf924333311b729', '0x132b8245b82dcc20bf006da1493268f8e92f1c1f90d28afff5b72478034651daddfa50b724e222755f5135c1a7eaf0d62290327a9381e76a2755c28d55493b903d02dd39d29e79dab91342c59e23ee5dff58b2d152c24b5f65dc0d687dfa4', '0x099376a7819eca4e626314b21b02dba190d66d7bf9566de4885b9300441e7b7b2bc66b99f1d2e7b3e6e66329547cbb09846a15c12d02cbfce3dd74887a03829636766ec8b37a7af4c5cb9447df3a1395fc94eafb5b4c155895a2bad9586a5', '0x0a49f558af8aa104ce61aee408a749ec9dc8928d5b96cdfdf2d35602b87395cda7c1ba2e11de2a212048fb19f8213f0d08fd93caaabe81dd49e914aa3ce311109119615f4db0bfddfadad6be7bf3bdb67ae1e9f943295d80babbefdb44305', '0x11d7c04615637f0079244a0b2654c340b11c15a8d1af46443043702fb61b4a7c32288bd70c9fb13c3beb7e81c46e2c7c245257de3596a537a5fa66941a5efbdcf7f67d38ec581fcaa0bd9d31598039d6bc35527ccbd182aa641dafb20a699', '0x0fb2faf9de33f2d62eafa66f02e2771b323938430289a86233e07a4f4d34a771c2a490e59abb33df0b3d6e3ddb871ecd1b4da77272abf93742e37aadad68d09746bc4baefbe851c277a55ba53e8e676513ee39fac2bba1dc0452ad6558636', '0x0ee73b9645784ca4f8327a5281add1cb2b0b7ce0a1bd6a9eaa64f9fcdd00de2ace173c951fd835cb0ca76b18fce988cbc54bab161c3baa90aa1b7176639fd6363ab6e7876bccb45aa3e47db74bc978229108fc81ced28878194169cf258bc', '0x0ca754879925b782139a3fd39f617c7cbfc0026fa178bad413ed51fa9eb52c722c3a7e90fa9fa166faa3392dc79ddc2e997b02d47d019d5e419261c261e452b2f38289b71d827167499928040bd9e142184c13287eb1ea95646969b8fe80e', '0x07c074c07124146edb0a9bace5a500203ade90d864b721187a12b604e9afea3988d41aaf76d79f9461d8ddc55ba1ca07c77310233867b3c0b105337e98527030f3fb0602cc7b4695d062976f5e6ff4f7ec6408492434f3e910cc73828633a', '0x0b8b454b49c00ee04d2b3eebbe8e1f28773e9c0557c457704f7370c948a307d7f4da07029dfe234cd9e5fa33bf7dcaf10b5e9234b3e3f5d3b90cde80a4ecdf165d60ecddb1038ebb40d2b0b0dbf93bc5d7926204b40744d7f3bf511d12c20', '0x0be495587f2b9d12f39b44c9c82bfa465789274ede897311014c956f05a9a45385500962eae6c8839379a266b0f7aa487d1f5e35cb5a8fc0dfe2ada10dfd679aceb2f097c0403f08d28d9c956f5fc6e41d598253255e994c938f5c4306d34', '0x0534fa97fcaecb7b6ed032d0a62aa911433c3bc998a5699af29723d188b78db536b321202c7dafe37e9dcd28f485894e8980478801824243e37b8d8fc535c8b84fd5880dda7a11f7c8a8deda5725f4ece4b8bd3a69c64fd15051823c14bda', '0x079b5464ec1bfd3ffbda4e31c66bf926c30552cffc34ca36383b66e1241a9c67a25f9b8ddf99bf6d676de1c24efdc25fd57da5425bd1b08ca9023da3fe3604886d39942e224355467aba698149cae48c47091975a1043e056ca8bb83a4da2', '0x1149c0319971983879f53ae851915dafb4f381388c194eccdc557e73bb182072994f46a72ac0b89f1cd6a70068462bc04eaee089adc8778a3e817133bc97b2f046ef02e47f73d76437826f4d6e5048be71d3afe11a29a2afde0a72a70561e', '0x10d4555546bd228d99462a35e78b4b8e9f7650c232d2520184bf398dc782ff9dd18870326f4a62409b6e4d35c372c3628d3fe74ad3742386abdb22092d17ed8ada3e4eb4f9cc2af41319ecc26d5ecc5f8c99b433ca933a62c5899f21446db', '0x144c3e70374e2bd0d9bd50226ad3ae2587174bf8b1eb78b7080e877d049ea8f32136e027740a80a4cd6cd5edc04b91f4247b5a17a2c183d21babdf9cc1053f0d26084df70de27f69580ab9539f7153e1811b41ed3737b4c29e46bf9902a8e', '0x14819b19cae914e65b4c44a907a49f9c187052f8926b9b85e5b6171c24d2a1e9c6170ca0d8e20a42de02ee4507262b7303ed38292eba005d51c2caaebb76ae0733b3d8d9ebd51fe680295efa69124ea0de11aa338e4e4570b9b93ef2ee321', '0x0550502da375eb98b1c74e5041b7c147050630da88ae6714660fb6dda9549716322b1014a9cdae2191f9f1c9cc6dbd59c80bdd0ab80be2de0fa3f37b5376d85321f7d8b8d4daa43ebaba7e71a4098357e37403fac818e25dae065b7998d64', '0x035fe59aef2fe5133a382cc54fe55a3288e150b8b00a066200ca62a74a3aa77c0f3458595aba5593e2153262ed2cf649b755a708196777f0843744a2d099e894a7a6910f6fa9d9b78c4a0498af7e7b2506a82040fa6d8a10d978d7e6e9c6d', '0x146da6548c77fbb7da4987868d163c223e6c22f2781afc68c41fb8dadd22c50605c4129d936208f2eb6410fbcd4af304b334890245d2e489b7d47b2a645bdae1cbe396ffecd231c2bdc52ba70044c364080d90ea727bafa029627f3f0b424', '0x1c18886eb30a7f5f3f523fbdcaa2ed8613a1f7b795dfd7ebe23127c59a171b75e40b418154b79ed3c1670bac68fe3b8dee113cbd19d59a9e9db0b8374c961bc03bbb3da6613f0a254dc09465b938d27b193a37c976e08a2fe4e9e8a3f997c', '0x0805b9aa0ddbf5df3137488817c11c6b5b5d207ef6dd368de2279dbb239b54416809fdd3ae4decde5022690afba4e68173ddeeefea16009d4624c6cf7f3cbb4dfc0299ac4afd8e749a9394ec6a83cda844c7e9e70fba248f85d7e042427ac', '0x1783f8d75125d055708a6b358f3a6c385b22784fda88b48c8b04ca807d89b2e03868281adbee65876f6a0625ea342ec3b9a5ba9fddb588b1df5e2c1a0e3e36a5a305bf6704361fc309e9ce1877fbe56a23639b7fe27d9ab4b129799937233', '0x1081927a315428bc9cf31b73abb0f4e5f95a9457988edfd7b370d56c64a7e00cddd2386c2bbcdc8d53ca153fd78a24b7dfc16e66789a58404faae1d9767fb7b4146be4b30588bc3045178e499e9ea5b40a296de9fec8a0261fa3a61b3c048', '0x1a76bb3e45ed7560a3afcf7f9149b8d67f92934c24abb08177e4e0461797d5a0855bf2dbff24afe5d07621559c660141991a29f3cba495b4cf2a49daba47f603f9f8b3262a74079257722c07ea3452eeca17ca7b952dc0ca2d39a6b995d67', '0x00e37608b45d62b22a316262c06ff365f56c62af9522c6199758dcd7cb8f1df486c62ed7974cb2ffad37c2502dc9c7379621eb278640ca73a3303ae7c61f9d1852f8e709d72dc472f9b3f839f91afaf793cbb3d2e43bdb03d95e0e923fb56', '0x093643994ab038f6b8abf1ce7638b86463cda79cabd2266ccda92978fc5fbad91fbc7145bf57ffde4575bfc653b7206874cd86a84aaf775a462ae005217ee82be79eccee516a1096a822da8f6ddd41e6e03f38c168902758385f8904e0435', '0x04174787ff12a1928879f6d7de040dfa94a67127042a2e02a5215428dafcf6b833115c50a782cade04d9948c2f0018354ce7c7123e205eeb5a666275dee6ca01cfe0bf2735850fa417e07d535d73d578380d750b8e1eae4eb46276ecdb2d7', '0x059a673289a0a970e9748de7266f048a3bba6ec0bde043b58a9ae684521a37c4e324236889125549f3f8a4896bdb9e5593b78773fb76d7b69a0f0e247c649c362fba031bb2bec4c6e8098e40284987154d143bb07d47fd385f202c1e79b9e', '0x0ee7b83e37499f8e96306e2d8dc34a1a19be68065c94ce7eef1ca968940e9ca19c38a6f6c5eb15e8a2daede73e4963fa0e8e4405c1247236e6323e834ba9b3090c423a5c4f6f4979f0fb90d978bdedb5e2c9c944b4248e19e483872d264ea', '0x17a489774dd05999850d7ce0b4508e7a22741e80c2cc6b4c582cda89576a61dcb6e003d25fdff7e2e10581bd86ab6b110bf34febf1fdb6eec3072006650194b6512f5e1ae871bb4ee2b3a5b798a9f38f103c887153ee1f92ae04968bdcb50', '0x10baf4d2b36d937963fa5fee8415c43f9cf2794da937f30c919504a7eab06ec5766993cd758ee45eb185716e536e62641068fc616d8bdb08811840b69bafb41d5b1dec5b94ca05204babc3b261a528449dcbe015ee27a2f34e5cf07917091', '0x11ff427e0f43faec01ff2b870895385cb3b46098d211e32edb49364903e26a9100538927e1f0854c21f1d2bcb626e793d7758b29558a2041a18a89d2c621c606c4ef8ee0a60cf68d33d3e518871e63fdc942394e4c235db5fdb3ed7a1c01c', '0x1c1686c43e613ec40c7e247c483f55d79102e5be05643cee87d077887e18fed1616631b53856dafee94d4c8a64ef24e960623a84e32e46452c0859efaf1f202ff324cff57af18a20dc421b470953e0b2b9b978e79e33f9315b6d66f475ccd', '0x0dcb94a5ec7bb241f3623b70af3cc73efcdcb23e7d34225819eb4534e35c3c243bace92d6e51b377d669ace0c14e397081659d13340562e537c5402811e2f22c03900983500c93f775994214a2aa6d3f20b533114464609f8255ec248141e', '0x1bcce5666c64117cd9725d1e83c99f552ed2b89b2cfd6ac2b66ad21ab884956f537cfbeba25e3ecf1d3ddd0a49c9c4c65ab16beefc34d561548689a40fcb587b918d27eb244eaa9f4ca31d41fdbcdd9443717e1bef779d2862e0540bcae77', '0x059516f04a63d9fcf0cae12ec3e602a5f1e722223380db5a9e4d34c3d4e5edf92125ded6a6d2ab54b37dec35bcaba79bf5afd06c9bf7e6e09a0d24bab6910373ea443af4f0fa47cad41b709c2e33eb5cf49a9a8c688c0e788c7c5bae35106', '0x0a7d8102aaccb158d37df829b56670a3f7dc74cf09b862a21fe3dbcfae8d9278ceac89019927a44991cf977744b608624f4e1d452d6091a5e24d948497fb6b92d2888cee50f81f588cf0b82826f31903cc1ca422adb1a3c06ac237dc6810f', '0x14cbcf31da1aee7c6abc8c326dca98516689bf10d9b4a63e25e0e5e9bcefed9b6061a2f9e096dfe6eea939a8972b9a25e7db19873bc2525d435778dfd448e81b8413d8915449909324aaf8f994f0b884040b7caa4bd162011d7f89949d89c', '0x188f1e3649d0ae4a36cb10383e85cbaaaff58058ece83b364180b8ab59f4194cd0a922cca23cc31e161a34ca28f1b8107c012866c80114cddbc3f80b928fc564b0be78f9c1273937357963827ee058ad29d1f8035471a28024cf3f29a02ab', '0x169c4632d2f5f9dd2cd4b880e31af6459e31597baa9441548b92b10ff0cab4cae7ec941f020b4864d2e4dc1079dcd2fc75144f47f8bffce7dea631879fca81d974b6f5042e6724985afb1f397c5eb8432646559123b92d17643639b85e25d', '0x1060f097e8c22f54a5cd5d824dd3cb2b65ec5e8129311bc3749ce4415621d7e517551275a8a7c77d4c5c35a67375bd191de2e5dcebc627f6f88d31ca140819cf8d17d7dbb8019fbc4dad6976d7f21aaba56a8864f6bbf009d9311e00c9c02', '0x00300b6ef4245cf360fe1e9af3248350d4126af1bd46be87442d2f77a01d91cd9aa8e49bfa1a0a9d2cbe1e55f9fddf1898e424f7ba82eee37a5a6cb8613bd7172eaa9c5dd46534704a33e862e116817980ff5238b0939ffec8f31d6d86dab', '0x00ba5414eb248740a619df80e1088bbd22f497d27b180a59814cccfb7a9557ec88a12dad34edde8047ca4a55eb087fbb9fc9d3bef601335e442e634152f8f471357ad772d3711635b012e7e03bbfa17263f6ab7b618bf2a4020e9772eb408', '0x12edaf8dc08879e4572221e398cba847874b9067592d631a2036c8dabf0b7c3354d993927e4fce569ed2966f7ef8193b634ee9d0258bbb8823dbbbb6cde1d0a0e03af14953b6ba55429993142ebff04442efe6003fd6460ccaf5ce128c1c6', '0x12c2aa47cac211207a6d24d135c5d5defd10a5f520967593efc0b95824bea6b8dd5bf9c38e05d81fbd79768f838757ed42940d42563ca15869827634ac5a7d000d944ece218d10a9bbc0d50d84559917980885b7f4ebda1716a9f8b6910fe', '0x0488b2e24397c5db614970c1ca695342e40dbcf4d0a12aad53874639fadf61e7cbf402dc623d8e202fb04edd8be916c2335d15e91d4e91d34947a5ab7778042df493128a1315770fd857914cea4089569d8ccd00ad07d9d400ad491fabbf6', '0x021dddd222f5f55e04a7c277112a305589bf8563e8239ccb68551a8046502e8109ff04f2f3ccc481a8293e52cee757b9fcfca304ca7715f1a0c6e92d10aa1414ac6d5bbb123f4e6c9324e423b1f7003e472f32c0ad8851199574f605c8865', '0x15df3b2b1f2945bf467feb4a0b6f559312f6cf8dfd4f5b5e6d59e24086a27323f9d94fc5af7c161782d646c3aa6bf689cae3a69ed2352eaefae393d854d16147712e8939ae9316537e2ac2228a78d1699959ac24aa49e15dae67b0a4a299f', '0x0abb8c0146328b836f7bfa4a67891ebea1f8f0c3460afd4899b05b715b2ea0f558d1ea5df8c6b0d248dc36560516445e1b14669c8e4742b3b8e0fea6bd3892026cddb1b19f689e340e16029402acefa2cdb2a0bea3cf68bf694af93b93e6c', '0x1b7f45f42684219c3da9e479820916fa207d2ef0dad218c81fab049b08e22f996f6f3f47e3716107090013f103daf2037d1059dd796531a06f46211de787a1960a61f09d3de19d0c1892b5922f25a66a7c5d4cf949288ae2d90fdfd559244', '0x00d5a28505e454ef28b2401ccb5a62270baa2d7d46e2a2d6e989a0d936ab497bc266c55225b32447f42860a33d80a01aac5e5f122987bb4ba6cb2b6e10179183aaf54d3cf4b244ab4bab320aa305389b4c945ea0e17aef2885861c293e880', '0x186a77f7154b4d1a317ad12c23f810466f352f5d6b77239f26ee952b7aadad54ea998cf9a0c6f26fea50ba7b50a4deee08bbecf4d20ee8916b6832bbbd33cbabd700b300a85d91474bdd5bc4bf226b8936625537dac227a390110bf336cf2', '0x104f6edf214079ae4134971ce4514b591c818bc11da325dc01c63607c40c7377fb447ec758d0ff7cf8eab3fb275f5458ffada6f38d8b52fe51cafe8574df03b969357c3d1b277857eb0aa7c0706d5af1922590ed2ed68585722d2fb0d24df', '0x136902840512f60c0e2e67ca8fcdf4d0030d599a9f0cebc202a3ed6cdfac6acd3f777d4e44d9438b73f02d549221de0231637ca57cbc9ec9b1aad2afab8c47121ff9aa7bf7b742555304a558e35b17a2bb4fdd47166722f1fe670708a7e53', '0x07b8811e1d6ea92ce7e8e6ebb31c3120bcf6fb17fd34a67ea75c40495af4cea23866a48478c84119a1e2d01d976939778484dfd40a8e6b8a1495b49d33a6f1378f6b23837dd48e9136d13fccae65799e52602737f4915fa925dcc8b0c2a1c', '0x11f1f9006a711217ec954066157d9ef73f90a9cf3b1eda25b9a16fc7401cd504cf3505551c6e3ddd8fc3937877853a40445cb41f8d49e7c0784cff86eade85e55a5502f69e83f3c4edaae722872ba37bee5bc9316ab4159d0d9a003fd43dd', '0x16b4fb87484464d20682ad1c86ba14e9f05965b328078315253c0fb58420759792635a784e0b8584c19813fdf9d9998203c690b8215a56be0acaaaead8c8c866c0277c729d34885776b3a534f3a16283859d83913875fc9aebe870576c7a5', '0x08eb42febb6efe2407ac31bbee997786c330113d9b40c503e848f5169eb417c32ed4bfdf1834c4abfe7f66c5968c127a1357e0ddd903fcdd265ec54b63d1321b1eb4e5ce1af923385559260d0fd01f16fd03a66f9a05f1fbaee428571e3c7', '0x02f99d84919cb94771a1a4d3bcc5a6506c5950b8f5ee1f9988b01a282ab7a0f00d01501ad9c8e18119c5f411361b1685947dcfddde9d717f34eff15d89f155fb7a0230b9a950b47ab82fe4fa89123d9210bb7f39d12f1775ced90242b6735', '0x121778ce049d7fbc0d0feb17d2ba97554383a007295e067af1dc0f87ca59d9e381cf55a01590b67a634c3a66b36b729c0fb374da83b4a8b9da5902346985fd7b209892c68605632bd8dbe21fa6dd19b538b1c76895dee4f3b74d264a67aa5', '0x0a74453858c3a3afdb85603045541b4f19c079a73a36a472d7a5c22542c796094f99419b1478fd4b1458332fa7c7b3f989ad6fe0012e52c55361d9158f0a746bbe8b36c5e6913160606c98b3b99cd90bbf84091b48d6605439505eaf116a1', '0x070a336b2f31f99caabfaba267281a81c90f1ea7ca33f2dedb2d05062447b22c8e791737400dcdfd8d84980a20c30b02cfba31ec87b9fea875b1191fd8cc3798adaf8e71efe7469a269d13cb80d89c7a000fa24ddd62d7bc72a1ec787fb8a', '0x0f7ffadd45957dfd14e77b74722e8862d8cdb7788f19adda0e50271160734db474530b7e2982fe37e9a5d35b352c09dc29cd768bcea1fbda16754fb5c982343bf95c80b51446c36ba22ecd9ec322d511448bcbee040d087d9b39a4f59f399', '0x13579235a006a3ad90e37c4cee53a85dc1bcdf7aa5b379a9fcab42dcf940e1972f8a94f1b7dbfe04616ba5c7c0822e37a0b99d147aeb7db23df9a5bd0de61e7c42a4f86add83cf16671772e89be6c2ef84d90cc4126a837d32870c025519a', '0x0385d0030ac496a11158f2285f4d6a47c3f7ccf2293f78e7e6f51b19f88439d200748a268bdc1b8b259e830b41b397ac3edf00b8001cd202a1320df0cc24d5c5a564454b3495263d0e4c1722a4c8d0dcb041bc4ac9d5ee3348c222c7d17dd', '0x09c2a939329b4549114c75c3baf672f41eb2153e0a06f397c342fd9ebee5b5010b0da5914fd6bddb1a060f3dc0f9c35412910b20dcba72c48f56ab2ab354d5fb8f581cc450701f1a0df7a771896896f9e0f02ad558f6db1f802ed06ee6667', '0x0693cee6ad71c3c0abc6015ef3cd3b653235954407c5417ab1ed5dcffe39758984303b1964623c5ea48dacd27ea6d75253aa26c684a457b896c1cbb5444f1bdc22140d89221b7f1993571d1f12dbb318bfd2b8347103252c10ca0ffdc5dcf', '0x017a6760d3b09a2ab1ef3741539fda842072ca6477c80fde80d9be01f0ea3d42349baefd3342254ea689cec66358e78ee4a551f3f6bdebfda8e2bbf33d0e15710a840ddf69729a2d37195444ea97f81bfe5d089b97be612a61c49b4b3998d', '0x047d340b10d18c8a73d2cf01fa1b4e690d136eb4fb4098f72761d67fa78cc18cc6b4849f016acbadd9782f2b91b34b0f6f9c9a174f72e8986a14cff8a11d139761b7ace7d79dfc2101349cc81ebff90f74990c8116f4cbe450da62e299a14', '0x07085994a6e620b946f0f4a7c912dba06a4e21b9972e9effd663da05a25fdb8aa895a3fd77e7caeca6293eccc6fe492326d03dbbe02c6c0d539c2b1f95339801b75308ebfdf531648d5f3a60432939ce7dcfe42f24a680e9bf033675d52c7', '0x016a0d9ef865e28a455272d8361fa8800b69d5a258a79164f5e1267e158f48f721a8fc00c868ead8d0c6a3ae9f447819e63f0bbfac38c381195eefb992cf57b6b057a5c5304e170c94b108ca29b0e73189e61ddfcb572ee4cbc27e441b3bb', '0x1472a2a7c4c2c972bae7d061310033a18776e8d136308da00b9008d0c3520ebb72051ad2c04efec35b59a023bda5f1b8d239c533764670a9e292754416bf321c45902f1cef55aae1bdd3ab858df16a9b12d3f3550cf7e2a2511d8468a8ee1', '0x0ee4210b441107e84ead4b0cd96da1c069351b6b83e9b33f22e8d3b3f625e4f4a3fbf1ed063fb44da49ee82c6de0977cbed3f767c3af86a22f25d8531ab75465691db89ec3dc7079482750fd390437cfac32c4347a37226b32fa0f678b1e1', '0x15209f469f950c3120213a709bb61888f0d9b5d814afe8125342c6d5bf1de7ebbf3c578b0b1d7244e9e9e813a7df6e17e9f26a7b40263b41e939432e8d0050a3db5e6fe9c1ea5713ce72f85af2257a7412d08425adf96882b3badd29b4170', '0x07ae818a1dd492c73460240f6b2a30fd70a5f202cf977c45af018c4c66449a8e8693e276099322069504e72f094311497c2a16c65f69886810ad7848045d0f8d7326a836f1ba535a3d103ada7976f254071a77ccd3859cca8ba7ea7bed5e0', '0x125a31e22652ed250d4dfced9e8637bef870cb9ca529aef765ddd3261f6dd70caa34586a626839f2352e4f3b7f989e2b3dd03f67e9e7ccce6496dad8978108e7d7b91e402f4d84fa3d595a19da4e7f2506eff19f4f2b6ff9934200f7eb10a', '0x18546347b6b9d29e087f54cb50b66bfe0af7d5485dce7439f257d626dfd48af1b34797f534f2771738c79edc3e67e96aa686f9fc832477d7bb818b855a273c41b7368befff321e6a6bc34b36f0a70f426c34cca2799fab1e454bceecff719', '0x0ff163cc5e9b4153217043c3e94839181d2a04c9598bb7691979dffe9944ad55691d0fd8dfad6722a2e1baef276c67116a7af127e4a35a504761f886ef25ea591cca353b5cdba138cea6a058e2aa2da9f818676622986bf28191dcfc1ee3f', '0x0674ce0f9053f9832a02a4499f0b007c8d40f458f88870de4b7b843b8c77702b6f3885b84f903a8d3d646ed176163cbf106e29b04b2f661eca71d331df2e0523eacf611824b07b66568db58330f8df89fcd4b751270db6ecbfd29cdbe1b88', '0x01fb127ed7e86c3559d2a4d0ea7de0e0db46192facb87179d10bc633505f5013e505bd84207a29a89b9096d4eebd2026f05104ff22f9d12ffa113e422b0adf09812ad08d22f734ad70156f7fb1925f13b38e1286b1012fae0265413d6127e', '0x0c7ba96fbefadca387bb6a56617d9ab6144cbadf4054b72ad0abd285d496f07745dd71a7e6aafa11b4a921b80b367542f758818b03c93b5d5d469324dea3c7d4d21eb5eb0102d2ec4f2452a5e25771fb05da5194ae1fc1c2f90bd118276b6', '0x021f558c98de1c81308e2cbd9506f0433484647103be2f3172b6ca4b71fba5a18c3c0bb1e6feba00cdad9d96d6204577cd6e13d26ecd0f0f672627013ba9a9eaac1ec5e93a3650a9805efb927b4974900713a72ef3580dd74f559928c8178', '0x00332a19e0690ef814040282633a305e0a8f7e4e70f8a8bd9df8e35c3fe1c27342773363d49aabb1fdda79014bf152d14dd931a1f26356c08e93459d9a1830cd3e31ca4ff67dbd4f213824af62424c0ff87c99a0b31406bf1096bdd5ab427', '0x19abaff6555fa4678f6568ef20a4a622c955ba7245b8ec2f8d3d494495dd2fb64953271e91977a9f5d11028036e2c30a97b10a73aa06e6c0165638899b4644b569250da6be3a4643d44d15173425ce384ef457b1c3134e3e18ee9680e1caa', '0x1424d009a82d5586f2c5e0c258f7b3f337706223d783813fa9a65a5a34d80532f6819183fe6f6347ed373e18c2ac18f48c525ec3dbf93497fa944a1b1b117bedaf20cbfaa9708b0658d5df9d8837f95b73cbd54f251eadd18c0badf2f1c9d', '0x170932fd42b9dd702634af4a98b00a3b004e10f0d059f540b24ee14b324a4b8e60b7b403f328614b7c0654f00511290208d837b4f68ace3f3854d8a527e0245d6b5beadab84006b5f28a22838fe019f3e817a8f8999be7f129bcddfa34826', '0x160b22a84eb18b91c47fcd1b3c9aa4a27b4bb4fcea1d0eeebba0a0228950e0b6986572fec0a7c98713acc7eabebb8aa4b7a79216ecc6be85faf396c36682c6b057306fae0bfa20c66bcec485f18a9901937b8359e55394ca86f73dc692952', '0x1a53cd197f894887a4c1ec0663bb5d282fc936b0b8ed5369ef9ce4336c6f2c2af536e5d6ff1a8a12a4920876e69b5a4eadd78359372f8029ff699dd180b68a5bb97dc60f547419de24c604a9ff38368520898ca02082c55250d5614825df5', '0x12baf379afe1e97a274bac89a2523a22780effef054c641c1ad90d1c1159cf6b120c35e83856c3034bf1ef3691fad1be5fe861cc0157c15064089ac6043601c789763ff89b353dca9cca60f9072a5191a8c3caa3463cf15be094e6cc03a4f', '0x0ee641d55093980fd0c239c04720fdaac5cab97495a36f3a2507659b66f81a5cda5d399b60aabca5cfa68d9ebed48a90ae41a808cce27b3c963ada1ef6d8153e059c72dab9133309562cb536f03cc8874494a96f7b13f1c0046ebd812e994', '0x06bdd01c8bafcb596353778bb9d548cef92a4a14956a5f35f8c4c2b9db0f6f261f727a97fb55953b1b495bb2e1fca302a7bd7bab5dd9d7f73cc067f2acdc34976caf178a0f9e01ab519f07317afa03010943d73bcbe8e30d3a28236320c10', '0x133ef1fbac155dd5597f7e2f6c3e1903ceddaf0613bd4875f22926caa4b0f1ac4599933b9b8626a6e4dcc63eed18707f6d735d8f8c8563bac5ccb52e6bcd5f26fa2a49097d5c7bd8a612460fe7d4f48e1a8865cadd0eabd5cc0c6793c92ef', '0x1902afaac298e513861b968cd17f59b2761c8136d1ffb2b1c92372c2a0bde5669ce6f35b2979250d3516c17cc85d67be1a7693a6712494538801b53256ec0896b66dc3af4e4f2ef6bef234f12d90c7ef416b357d66918e261a959ec5b358f', '0x038887638a217474ec25c3aa2884819cec6cf2e249b44be19e265527120ff911a18655933a7c8e4cfbd05c0afa8a08baac0ee57b495032ec33ce7775f8cd2e46c758dc1729e88ee3f206d2335f690b0f19a5f8cffe7459d7ee167dd0e26aa', '0x16b61374aa02092c4818d2da8123806d0deee5239c5d8972cfa5aa22914cd356057853b67364d20cd8972ff4c2dfa84000310dc81edd0d7813621077fa3e6ffbd6fb60cae3349530bb499896b26e9863693eb42a77eab261d18c61b4ef550', '0x19a905d7af0c8a191a1da01a1483f888e559a037651ef3895de642c24cab59e54a1b846cac4b50d55042f7e229b57298c65b7b5603ecfc72b53fe6e6fc42e2fc5925ca8dab92253c4c7f1f36caa163a8a5f9bf661a33591d2f09960171174', '0x0ebdabe74fb70963f9d449056f49f5ba6fd3bfd992889aa3b1779d1dfe78f83ec5c050e9f88b5692a4d0a2e46fa058e78a42160f8c246d24298fd336736f34ff7a361a110243f3cd5222135faaffa0cd012faf112d759c3c9cb19bc1f3e02', '0x0ca78b94c30758f64ccdfd0bcf2694e6015f5e7af1cd2c37a1261e26cd0efef8cd6f0297e6c7f97b364ea8d397c3728b4ff29703bf54ff97915a045059f583214c604449647ba56e83f35619b8066aa40dd3940f8087a4dfd80512bfa4bc7', '0x0abdc7423413370454d942dcfb3ba7cb1224e83e75e4fe1f9e28b75abd8ef280ed86671c97a500e6735eca2731aca5d34afc42684ab374db92651b010b9bae1c3322fad71b92b4f169bbcfbe4bed394856d19d195c4ff342bba0cd40076b0', '0x19e79f484714312e1f4182df85bde4dd030c496445844f30312002f23c66acaca4f99e175bb1e240d476d4ba74e5c70010f1b81180f2370e8ad6ea9f8812d81e8c1c6d1dababb5d766b903608df661c18169d7e2e9e7045f92286746e99b5', '0x0aa8d7fa30aee688f4a46eb7aa5a090a8dbaa9673e1d15800b0039f246f32c4f641e0a46356f259e25983c1896037fafe9dd143b62224459756652c007c1a430debb30e5146bc0f5909a081e181f2f70e93f1b38a3177d4ca74fda7e548e0', '0x18b733f6179ae294ec22b4b1e3f132bf49431d26f8b0dffae3665694c884d372ed4bddc9608f2829ed63fed60e3345a3b49296c7d64a00ed7e8b17c4f3592f4557d5c47267262ff76d4d8e655cdf6b21cd1cdcac15d7f51e306344504b813', '0x0c53ef135257fed4daf89d7e3ffdf82f205c8aa23c406f0df1652eea0c30b836d96095dc574989a098fd2f6d19adb66f26bf7bb3d60cbc002162d73922bcd7b6ac8eafc16b245c08aecfd11f666545e7239c22ed9e30936aca0e402b8f019', '0x0f727afe53f188f07c12097fefb5573719d0295e2b8c210ef25fd38bf918e0cf9fe2c0c522d0a7a336aa1c9c1c70375cf99f452b447ce2d16b0a8505327995a5abe0394139f6a5a127b7b1fa75620aad4404ca1e9104cf8faf05d15e0b124', '0x1721b8f2fc22ce60a1931db418fdb1ea272adf9d6d5771a58d5199094cf40f93be5ff60772f5677e1e8cb273f06aed1c087bafde863c0327074259118d9ff4740eb9ac33626845e05e1c3a9302f3b73c6e1385bd2e6416b66bd43c9289ec6', '0x040103811597448d151427869e08716c65aee6cf8eeb29ba90c100a567f0c5185cb52828b3fc4f6cc845b7d22dbabf6c27886d3e3d2d9d4ea60f3b89b2aea46c1037d82eb38b48771945d1883132fcabc81af25cee089db0f0ef428819b15', '0x08f5039274de39f3443b0e312e431548d22367301aba4e5d023f278cf60ada2429825ddcc5e6b0923f18b82a84ddec7828cbeb9d06da76eb986595384dafdfa65d77585add2b7870760e8fa0e0c98132b9c52fd564b3b5ac232934ec16182', '0x03571d957c2c982263184c19bf217ab9ea9227a57a2f3b224cf7c89e451ceeeb89d87de4da4d6e5e38683ea7a11ec8adf013cb2bab1ef79f472459deae29b506cdf14b015cb881d72486ceddbfe150e1eac25b8f123f830953d8fc0d1376a', '0x0c3ceadf5a47d7f1fde673d4fc660028940c2a648aae8dabd88c245ac85c65b0b224d8afad1578efa4e568066b2794d11f384299c588bd0c14a16f70f3139723c49234a2ec619642a9511f395801f76b031c43c4f14c2a395e6a3fd8a6c7e', '0x0675509ff4856d78be7399b55ad84edb866a94cf85c712cc94e751e82fbbad8cc705ede0e2819993a87148e5c8f65e70dbae1f9282260756c9e9f0fc550649e01e5d75cd533a10237f69181b117fff622752b5bb65137584ccbf3ec58627c', '0x0d3953cf5dc35b836638a1927c5ae3ba5fdf151c47a30ab1fd57084270c15f572e6711f96ad2cc067d9610a42b3f2b313f7cdfe03ac786c59b9108c4e75f6eb555b7a0d90bbbd03496381e4dfaff29962f2939c41515cec4bb89c5dd2e374', '0x13de46045011f34b7662f300e35d85633b12c55be6d354c8ec76104772e32ef4fd0d800676e6426e2ba56258d8fe971e3fed85c4a92e564d848be5eed61d2401236f05700e470a6c04c6c914dc1426d7896fd55ed047f4c9a0fb18b4e6f58', '0x00d024e0a60d7db4392e1443f0a3cda047f77f15549e47dc170e40914c0716a4ddb237ce35947cf76200a65468bb51c0a1eb1a0013fdc1aaee0d06dc9285c847235203132aed20c49ac8e1f2291ad23412e3c6bba799d3e81ee7fd48d936b', '0x0e089aad0b5bd7d40b4f4ea8b346935938efd2b6f2a3030141dc6d49b4e8cf9954d252b73ca56cce8e2216fe15624612476f369988d409d49fd27affa33d8787c99bf2ea0239589407d7e4d8b4fa78f116ad393ad5ae6531d03f47c5c3f87', '0x03826c637f63752176c58ec04838badba64167b4b755f822a909bb6ff2829d0ef041b8a1d96378db7050bb78619e64ea5d80ade2ad2ccf6395c3a94c5d3a476bb9964a081b11990b145c08340eb14ccaacc9ee42c760d6a2ffc9d88e1f88d', '0x0a838788020edba70f749b90dbe68a27061900d8c790f814855a1f9160411727c6cd526c9f5b46710561bfeed62c9b6096c2750fe9a1b2beea96819e23333d38ef5bcc985692b11c8766c13b19bdb9c5d1bd3208dcb1cb0d3e262f4c1a141', '0x06ce674957fc3bd6e53ac2e1a390e9f8b39e21e3d59895183800545790127ff61b164904841cd5a06e6e59039e78bf8c226f477494a96fc84f1563703514c113eb6a615aec244dbd399dc3bf547955a11acc9ed8de9800b4c687758e4c802', '0x16d9708e63efc5f1a21790998c0f311cb23eecf205919d5b89973ea278506fe1966b65ea26280f32453bc00dbcaed022017adfab98a6535bbf2ca886db50cf28b588e8c249cf93ce1113d615103e22bbb311ae29c69568f016d883d564e13', '0x0db39afc10780d383a7608d62c264ecf7af555ceb11de244f89eaabb6227ddd93aaffb4ea82599c1b529763914172eb586e9d639a51f224ca6e29ec749bba74ce1126902ed7faf6dc31d190bde322b66a88beb1b70bb96f9a7f958a288c58', '0x1402973111cd618a467d3fc80a5f781b2aaa0603a13f6dbec50e0522a12257128b73415a6abf7a21388d6e9623557b01ecb97a56ade608098c43f3e7963fd08f60b3eddc14ef4340db0593a8fff1d7828dceac68d7fe3f5525157cd7153f9', '0x196f29df3a5d7f84ebc92b026994413139af3ae3e297d1cb6f61e949bab7f3cf6795e5159981867a8c012c97cdd5f8dbd63a9be8793eae2926bfa19d5c71c87657bb908f425d01b5c010e94e9507bbb5f0592554dfc8cd11c470c908d4a92', '0x0551da782f59eed23d695ddd9de77f4c563c4166810b8a3f3ca91503af82a86255b39d27b7997954d7d8a3513af94f94bb717fc419b6bea8edde9741de98e13a03902d3f622685e404d122efd97a9349e9627a71876c63726de85b15b439c', '0x16a59489b96d0b580319807fcc239a711206a6ab2e4de803b0eb6665d215bbcf7d274a43d72e4dc81124854ac7806e62321d41e51d5a7037e20ba6ff1cf2e8d9d5c3e59373792dee96c9614f6167f53c640d7275e5d6691bca81f53992343', '0x0ffc48ea53180767dbf66ec1aa0fdd4531ec2bf72fa843ca05fb818cf215552beaa9965e3154b54fcb3ea2c7c5827b201628180e537ede86b406eaf4944067a8a723edde8729528347d7d8b0c4bd5bb839126aa08c6987440361f2e7e331a', '0x0eebf389d20f7ac3fc7c861b2d29239539bfee47181644169034f4cb150c4aefa3a5ba275259a4918fa02175387c7ff24d29552e25d197b8539e89e38202b204edbe45300395daa6d3fe815286ca9d39b32854fbcfd607a8e3acd0d04e15f', '0x175ea3a4305bf2e30aeeff8cbe630a09b34739b636cb371bef7781f92bb68240e19eabe67e7b08f57a641a37351301a5e43936e2b6558679c479fae1b93285c11aeee4034923fe8e0bf4208bf4803076eb74aeab3e18f5278d175922e7959', '0x1abda28831e4f0a8d74055b07e611f1d7eb50ed1d8d3ff88da903f9c14631e78b96a811ca9c94550036e45705d43f19754fb31a4e0636733c53b7317ee63a60376294d5ea30018de7968641bd058f6c26763f5288f9c6beab74424f98956e', '0x0cfffca3a1080715620b67d8bdb3231cba2d63bc4ed1edd9f129c4546054d8653e62be0cf3571f5bce6f08685c57f97b68a0bbb0f15102e59031a9c3aa6677b51f7d55738ed9e28ca049ae8d1434d9d130490489464a8e2d0bd6b59f21e10', '0x04013e3ce77fd7314d09f121316945ec1109ba4faf6e58449ff148068341e41a5481b344ad03ba8c5822224ba1dd1faaf87b1c56bef3f4425238647415f86b21c2bde19299f2997377ce7cad654e61afcfa9a20abee4aacd8068d48e3d4ab', '0x0639df36685134d5a6355ec094899f8d3ba3bce756f06786d7bbd16f4704d9b51996c178b520ae66941f015321c121c01579c9af425c6c41cfe60a55b0700d963047c73e7b0d09c32a7087064bd189bd5a82e03289bec910a93ea9642620b', '0x00d675ad5674f079cbcd2d9fd5704fdb3cf963dc9b2b7729764adf5ca1d01f31867ae278d84a13703959b791e07841de1ea76b468e355a9d685683477cc4d7fa59eb99c1f929945061274fe8235683d324d509f6a70b79cae32c9fea785ff', '0x01e5034e4ec2251c9818c10acf5223e0b1e1ee8816bdeb8bec1d77224c922dbcd9dff993dcc625d9a658df31abcaa880a34ea3fc0930268aafff78f79e9750d2d2271390e526d337327995ab417f7a527f008801d11602fd9b75ddfe48b65', '0x01a581b094327fb41c859cbf763a812ffc032abe01ff91fad9388236b599c7cb5ce5d8995eeae68553571274a7b0acd577745a9d2859250e6ab6dbe9cfabd947fd0511090c7dd807e0dd307ffa2de1cc9a44a6b3257ca759d25dc143eef3c', '0x129d927b5839c40510762c06c4b1de692aa4b2d7c56726f92701d268c6a39b9cd53144233a7f76f20c3aaa760de702242ef2e2b866668898a4a13d6ad1bc4a11dadb9152ab149411eabb7d0f759f296933a290df877898208d2cfa6686c09', '0x092d5f75a9fd604a1f551222dc369acb284c14ada1bc2c0ce37a2cfea11859a122f8c8d62e600e29335820a1103e7560cc60f7ea3fd21cd70a63d313de65d984221c169c6883c78ce4a19fa55cdc68e747235b064c85c2ea198d2c39c4560', '0x01e4a68997c2c9ac546ec67ad7f13281dc411a968a31374c06bca0ede26baa0fcfb8f2789ee806a21c8aa48f7818b726763e25217e1a77d82135b2958b48bf302645d6ae0f8e9efcef18dfbb24a9e85a0d8c01732ce1ee564e0cecbff18ed', '0x02c262211fa55e136008d1662e63630da4b42cbfd2c2f847ddada0f8fcdf1df409e3a3e24dc587bd1450f8b52c9f87bebc6401a72b0a918abc1e497d86ed0ed43ba46068274b2beec2df147a5db63a36acd6b73dbba0e99a16dd2a7769f39', '0x07f9192bf4813457c6fd6f8d0fa0a10ddda30b81b3bb6b24f71253ca4938bb9fd8df391d14c8488ffc11241ff041c70412f3367bc477a6eceef7a08a1651cb480f8d0719741ca102262fa243428b5d05b2a91b4a70951d1875ebdcefec279', '0x0429b67f839dc0d45722cc3acb63e577822303adc241a2fb1fe8c41b9a6ae3b780efc1212233d4150fe27ccd6d79a9128a4b0d58d7db35d730bd81b322aa36e493dacb64c2ebbc4a46588bb8fee6f9cabe19eedc0782718f148a258abaae7', '0x0768505d902e4e95972c3a0f01421dd386a1185aeb10724436899ea171d1f86b5bf3026796f1215003eb42274a47927c095e98fd8ec0391ca88b7b5f7bb0ca45b77af3135c33d8d5ceddc8ecf7693c6e8f25cba8b48329cb44d951e371527', '0x1148026957d6af1c3c7dcd301a34611c75d5ac4175e3c2d01cc6946f083d91297413a77177e038f61f2c96933cd34c23ede151a206ae233c89be245bc4bba9edd8482e602a38f6a93f265e4d4e09c787ac33bb14190d879eb85e9e2adfad1', '0x08456431d0ae714c7daf0c6fb72e7a8a27264b3ff7f904856086dcd3165f003b47f5db627bc0e1ebe4d1d977e69b13e2cbec58af460b7a835c1de601df8a235632de6e215f084922f25ba582128b37d8ed75d033bd27cf0b204dce6fa3c8a', '0x122b22444e2f23beeeac29c995b22390a81bfb12c0b610e2a79a55f73d88c7ae34666585e1afd51ee726a3be81ad8e05cdc3f519e9201c754a82d32c42c48a3d4cda56331d5ff3f0156b4393dc9fadaccdc2c9d96bc6385b88a137bbe8394', '0x10d58e6539073a571ac5706320858bab2bd914c990ff755e3da84b29c0ca79c2be87baf55a13f17b27235bdefac08697990b176b40f312ba9e40a4682c0b344b1cb6a0bc9af2325de8e8045cbf5be1b19484870bcfc52fd5032f7178b04f9', '0x09389e54101f3772338bb356b020b0cb8b5b4739c43b47009ea2027e4f388cbe1d65ee0fe14d6be1b71aa5be05798db248639516a6caee4e9afcfedac15b7ff3388463f2be5f56e87d7336d0d9f909a0c16dfe07cc33e2d5863dd61e98db3', '0x18db19c5c5a51657820aebcd0bed4902630ed996153e149aaaa77825815b5e94b882e2890fbc73e65d90a48407f9b5857f0f7d443fdaf44dd5fc6e0526b91cbc01dd0623e991e3b89661361835116764069dc4e86acc8d74f6fa90a68e9eb', '0x190635a20dd8f661914e3e6161abd9b51340cbb7b50766cb7bc39976f945a6cf89257add678f9c16a60dbe6e623f318dd70664d50f12aef9456b76d8bcc1a5bc1dbc48576347a13e37713244f37b2d6a0acbf767689730289e9aa6fcfc651', '0x084f5e75a1624329c0f2171061d09633218b6a684010328e83e8f70831200c8bedbdced00d07ac3a72f29b85dd0faa869c33737a1476b0bbeee95af3f93ab7874cb736e7376ac121930321192b19677934ae8ca0e55c3a4f19e5e08c5b757', '0x0250c68d9a5ec29195a5d69f6a02589e29976eb30b86a7fe08c00440991e012d76b97bc912e655b2a8153719f2528790d9cfd875a667f692112b95b70e48fc67ef6e8d28feb28cfd0ee2a8e8e2e4915c0de8af3429b42178d0c73fb0849a0', '0x0773cecc5292fdc5c71a0aba1706cc3e609efcc7f012891942c2a7b08a66f0080a827500d60d5e0acb9e9a46bf0d588572786b552f08ccfc9c484c0d8657b1f1b9b830219a857aa851eb98f5218cfa1115d3ad4c33208cc4198bcf4a02eeb', '0x0865f754b6887f11f618447f0711c4ce18413924bb4f465a95cfc84d5db82c505e577202b33d6a2a379bfd7a693892f79ec0e71243603d7812ac07ad5999ac5038232accb5c4b02ffff3f2127db4f1ab95c34454e4177d7993b115b57a2b2', '0x05a69517d0f79910c7a749d32561a4cef85334d1bc1af1f964458d49157feea37f501c682af746467ccb8be17ffc6f753c7ac79f4de8709a64b0594677c17da5b69f0e691d0956734c9f6dea1c24195299ef1fc45e2ea46b5b1095ea64ac0', '0x13b36d5434bfd17b9580b9542913af9738d177db4fbcb7413197ea4425bb4a6473a11d3d9c999620887ee30b67f4bf4acc9c72e288c2c4e7388acd8a3e630864533ae4f7aba358dc22df17eb8bdf98af28cb8f3dd51d3b7077ff00d344f97', '0x1a321df7fca3154450f7be89975e06b4dc0688a5c7465f4b1e2854e89efc3ad90de355aad27000e4f5447a58191f3d684cf73f04fb68d3a8b44ca860abd3929fbd1aa3286184b33ebb9a8b33d585da8e7710d67c38d3901aa8680a93c9aff', '0x1764169e29d92d66ec0a411a1abc6f048ef5ef06eb52f66be6fe29cc9bc005123c00b7651354ce7d4dc4836e363fc8b6fd50388b415176a1a899d9c3b4eeb0b78e7602b782c889648a3982b8e4345af44a4cf4dd335437898829d486be35d', '0x188c3d6e503b1dce7f37bef6965d826297a13ae216de2edf8b4c68e5d1e1265e16d627848a70a22aa462ca4afe84a4f01d5d0e78b6fcabcd16c449b8f5a587a0d0439001b517e08b43b7dc028ce70f0a9361e109e051c233f261e1c877e53', '0x17dfa9e77c59fa815c526986cddb94fe1187f175ebcbb8a762a36b82b23e55c450f1691f3914803f622607d73b0053e6fef27341c0b42c82660783650285f40621f639dae45cc5b1179129fde0dba6e789eac10910545e16bc084cc13aee6', '0x0e8390738757cba36560ca9e4d7dcddf06efb9e165869aa8e07907f91a59b4d2cde4c01d6564f7d21d49f2966d3bb720b4b0394396547a70067b4fefb47c0a24bc93ffa1444e3dce55247342d9ece255b7d662ae2955e210b91833af18a6d', '0x040c8a23666db4fe9970b48d4232230415c6321028382fe5fd6a93f100557cd36a57b4962f0978499ef78c4064e1e61899c7a58dee977e32760ee3ec304640e03b59ffe673d237e9b080390437b73a11e3ef133bb847a44148743b8c19999', '0x178656adf2936662c68708239246b56de31638a5615f8c3e32b28ac05a1dcd6073822a30f280d3a2f6002c7f3b834eee15cbb68da9e752af09510564cb58e7b12f09d6047ae2b8489cb532ae4f55fea07599e0c702251ed979ef9f80c189d', '0x183253d13799782cc921d5d6ccdaf6020bf698e2a6ef87f2d131f3e6b304cecb5254cb6e8973a99add41bbf7c828152000e75d2f80678c6969b1abed641183dc3133ae537cce88f3653b08a20db7db590d029325d1fc0881ff3c48ece5396', '0x08f4ef8ece9b8ea20303c1bd661ee6fe738d722c35c2248a707d688243295bd1445847d57519cde6deb68b28d22b8a7d7dcbab1f46237b360065af61b33b9127cac3509fcab7748a7b31c4f94d3ba051a1c94165bea8ec3763306ea5f4568', '0x12076a358a11bd938e8548d986285f1b934b52c7fb02f000e828d2c90fd594421393142baf90306fd308fabf82911937e55360e22a7e5fc338ad9536dd3e08666ba567c3b45fdf3fb84d32193a8b981f888e8c57a50f0ecc04ae255da61ea', '0x11a75c7d6cf9abeb92588e7082e7401a4994d82ea9769f2fff82707e7b8b6b39a34e63f1cae03ff6f27870a9a8c0e7b59f018970e4b30c2be84dc72ce35c580fbfb0b68de3313a440a6e32f1336f465c459c42c7fc9d05e01c000d8f62f33', '0x1534b7473484d55d29e044e791b7b0cb26b0236c9f4c9644e18571fb4e888a7053ee51446072eeba4515a2af840af39e8209d91ea7cdcc4e843ed6acf0832883b034c3f7fdf7bfd37e42d92b36c72a8604688146bd1696eeced0a6f320db0', '0x0dd0de578ca526ba5a696af23aaf78b53b1ef221345a59cf1f3dd110734c60b66eb0d7015353a77c57d674c3f61556dfbb2b168cca960c86eb9511a8243f61bafd095315aa390d90e2ee4c9a228d896eb6e5eb016e43be2abf385ac334549'] -('n:', 753) -('t:', 3) -('N:', 2259) -('Result Algorithm 1:\n', [True, 0]) -('Result Algorithm 2:\n', [True, None]) -('Result Algorithm 3:\n', [True, None]) -('Prime number:', '0x0x1c4c62d92c41110229022eee2cdadb7f997505b8fafed5eb7e8f96c97d87307fdb925e8a0ed8d99d124d9a15af79db26c5c28c859a99b3eebca9429212636b9dff97634993aa4d6c381bc3f0057974ea099170fa13a4fd90776e240000001L') -('MDS matrix:\n', "[['0x0f5bb312e76032bac7617846b6fb173650ae6fd3e281dbfc9aa1175c20b15c9da872fa087bcd9e62de1e5cdf81b4a908a3ca89655ed1202700c72ca8a4b278854845504fc126ed2c666425a2ca84c5b07be818ed77cef8af41a16a288b515', '0x15e8e2289630dcf28a42b6aed0fd681d8722b6fc6dd7711c109324d22068176f50e52a016928fa5a00dfaeba6e62b8eb486f4a67985948f3604ca84c98956ea1027a294a07847fffdfc5346515b8c68c4293fc428f43487256308ec862b7c', '0x1998e36fd42523d77292eff81d5f69fc82ee54d13a5b2e16b9aef35e8feaee75966da397a641a15ed44b01478d436850273efd5ac7b847929ae6fcd6fe59bef50d627f6d3a1931bd1fdeeb6980f6be81e9b1315714ba242ab14983a50e0b3'],['0x16688ee99de9a85929d4d05185dcc41472af76a5f07583e01b16d6f85fa3b24c7e151f9f3bbee91314b8e4b1dde2e6059f3af84a945c6ca016459e8fc9b3dc489b71d46b6c9841b386e0658626054145ace732d7e4e4457e0167fc8823981', '0x085b602076f31e8fa690ab9f2f0c1854fbdfeb98d1121132768c78d395b920d751efb7a4fe62093d2f4616b3d9c7e894f4c11b688139599919ea08abc8f5f0b64a4dc2f073be4b5308a2230c8b0d1a94404812adb99db6490869e4a112c5c', '0x1bd048ff4a5cfef3ff2c8e22ad0b05b669e0b5b055a0b7fc0100dbb3df4b94e70bfeeeec4d8142275d344fe591fd3d748415bc1ec9a992ed91f6c4ad16889a0dd38749510cf93a71cc35c06f11c4053ff68aae6d4ff4bff941c892bca5dc3'],['0x142dc39601283c0d6c7adaa6f0dad706aebdad4fee9b021ea1b33e7bd3501da711e197bd58f3da27a37584034a044e4f1d2c21db62d5a38bb25eb656cef8ee37823c1a85d894cb8994fa1e31ad0b39623c4f4bb38933b172c45e97320ba7a', '0x111d789db58da3bb9e80342c7baa6fe9e8216d8dd9c0e7b85ab8222fb30b1cff772645b10d3b4239cdabbb1d1001a530e17afd596f30c9ad9342a7301f2be2f3cce11293bb04b66a7d4e1bcfc529bb59c136327d0a3a30e694538d3f7a384', '0x0e9611a07a1fb774e112c6a84887debdfecaafe18e5576c5f546cea658a5b57d7264491e01e03a13ea1ebc746ab1bcf5d7ce1aa1be818906b86265941b44c12eddb7ef75059cfea132c74894c2fc8b7dfdcc05989129f22708fb9952cf01c']]") diff --git a/primitives/src/crh/poseidon/parameters/scripts/ParametersMNT6Fr.log b/primitives/src/crh/poseidon/parameters/scripts/ParametersMNT6Fr.log deleted file mode 100644 index 790162328..000000000 --- a/primitives/src/crh/poseidon/parameters/scripts/ParametersMNT6Fr.log +++ /dev/null @@ -1,11 +0,0 @@ -('Number of round constants:', 213) -Round constants for GF(p): -['0x082d0273dc07b9d975d50b650f44a40e1d24c8e1e40a7ee33c63a1708c763bd64fe4e7114c33e9e10ac4b35a3c05faed132d18e26eac60871f68582eb08b3e89b1bf21acf5ecfd88dc59f0fdb61c07ad5ef95ce94a08209375804dc906845', '0x00ce71472ac8f8464206999dc579d8eeaf15abec3c5908000fd536b0a2bb834ffd807388f992af4f6addc015ec1aeff0356c29cc038b2f43c86f79565185702ea8dcce8b86ecb0f3d04ca7bd62be43bae01a8c6e8db267f88054b55da7db0', '0x1873f34ad97ee284da0f2feb9545d2c226cc97d5fc446c991e08f04de7832b4a608da2c32b928f0e3756d826ef5aefa1c8361fbb50663f8f6126ce0bc1b450b9c1a5a7aac1a1ebdd8b2a7ed6cf5f18e289e205ae4ec18ef8a48dcf982805d', '0x1567d2fb8d623272599aac3cb00bb2c2290bd26174483949cfe1f7c8a2951cf345d6cefad5cd6967f5b8cdbb80b6af4afcb0a3837181c6786256a7bc60c501cbe61ce5e345f165d093b75b933bb9a4cda70d9572de3d0b575e5a2f049500b', '0x11eb6f32e385da8b297317df32beb3654dfa491ada14515d6e4658f694efe81128914ff194a2f2ecabd33334ffe71b9b650f3b4dcbcd16f3d8d2c4f428d7285a16a1f21cf2ac24bfb00cef627b80bc3010f6559c11e4f30459252ee1cb439', '0x0c6bedddeb57b5d39188d51d27fa853487deb48bffe5ea76f5cb190cbcd4d4480a4a66a2c1f48350aa0ba2525feb0bc16d9a0b76a689a4550b2d3b796366071cf93fb6ff62fa43f8e5a0ad23c271b23e8d20de8aecdd123d36a160c9bfb9c', '0x1005692836f931bb50f360a56bb53d18c360cc7e1f339b7eca4f0a9117d987edc35c1c16bc194d65467e13fb6c176262fa1b83af9de5ada87189642d96caaaab28bad7f7f524aebb73783a0643fb717e71e03004b5660006fd16cb3a16b62', '0x05433687c89b8d7fce80605696bef51fd00c7a58f63b7f231610980281840b561ae65e25d563939aee6d6702d865ab87d982fc95a3e1b2744269404562a9979ed05d4b25b33ab4e57dd16f3e260d63fca276cf26b26b4d039ba3b3955421b', '0x09de961aab38d40d94dda571f6bfda77b8ea2b300d1930c70f0782be76a29f342eb1c0946fd693e4fcb1c77f012cdb1fc03354c514173eadc7a5fe2b0bc82f3080b2c2ad0c8935c7122714041c86ca9605a5138c6326ab5ec8703910b7ce9', '0x1b395375dc5b1345d967efdb5c31563ecb9bf0a1f499e17c93be27cd19599cb08eec41587c119e90dfce200310d833e908b39907a86fe448d0eef0dc8e5035b19056f048191e4b00b57b7e0a83438816653a6376218cd9799b02d9e1b0c57', '0x0f2ceb7f872b35061e63c575fe2fc377c0827c9222333a430ca58d9bccac2e773b47e5c9bc7744420a359115855eaccc537f6091b485304b574db5053ee50e3414d97cac046e3565022d6635de7f99894d5cd1a92fa2acf02fdfe14a802f4', '0x0969191c1283959f7b62614d19f08419fddc3429007bf3a563a7b81143d1190406bb75fc090250402e0743412bb1eaa6c12bee522d962c4fce686112f6adc88ac234e516d74489d287cb9a14557e4d35349870fbfe79704c01600e07cefda', '0x146e7d2e7283b9f9815a95b3dbeeb05d174494d4b4d316d910d6a06316f4221d682a0b5a4e7b807f475fdc9d42563dbb1327e5f4eaa6964d34c7c1bc91ebefbdfca27eb3bfa01e71745241cdc5fcdaec9ebbe7e95ba04a68fc448f5dc30cb', '0x1ab46ef704465819a56b2e8b053243c3b0f57e301d2971ae0aee47fd94684a5b8f7772aac7b4156a8d7587d2effe7c770b40001fd7e97aaf4e9888f992240282ecc78a113a6a29d231b71758c1ecdb86b410a870c20ae1070d3b4d00a718d', '0x15617848090baf9b9cc84f0c459916987e7a1502db21ff93cfb012789b536431ecb849c9b07d1a216f1cac5bcd8841665b58abb7a0e0122a2755254fd844d9ce9b10c525aff3973b39df49985ea5ead8ad35b424196c311f71f53e1e5f1b5', '0x043e7753eb29c00b009bb6f44acf70d7a64e2f2811d6f6f9014000762cb14812c239561761024a83ddac8f801a56669093d92a7c2adf161c54439128e7d1c03d7445dc20e8bbf2457524dc032179cea2e92407b79ede6fad8d33af570f063', '0x06c2003b6d6ec4b149ca23af23430d78963475015ad47f763915fee96f67e216bb54ef692a87a4547253a7c1e7f72c51c13ac270d72e25a6da7d2c8b17f2aa774cc7d7d898cd8f2e65f1d0eb2a6cef7c8e4831fd11a62c123e351163bf327', '0x056a8f944508e9746bfc715a79a750c3fd7fc8bddb750992154d0c8f69abe7c6e0f4477760ec177fe6279bd16af75347158d3e672125add3fad590363e3b671179fc65e95bd391b6b300451ef703ab5cd8ecad4a256348733e5bdebfb3dd6', '0x0c154accd85e2234fc6591a1aa85795ca1ea80a10a866063a6eab175cbf025b7788717a4203c3edf021c4170eb2829f805d14d8d41fabc1019d44b816626c1d9c69f5bc14f1803cf4d0872e9cb8a468493a03f85b5c6b57effe1d65aea97c', '0x1881be7094e96d049ce7a49bbf8a42c6346b200e7fb66153f9ca3627f87eb9eabdf35001c730af82fc6d3b348c017e3ccfdd8bececf003f62a00aed0cf6a7686523bdc63b21aa4e15c6b326ddfd52e6c887337b0090125d16bfea9636d12e', '0x041d7f203c42c947f224e26203cce8602e5525e5db56f7371b66d9b5d99fc0d9cf68dcb4b788b1ab10915bf5881fa2b9607b413bba71a410a1e6a2692a8f7becfabff3dbeba22903b00be266c88bf51f99436e8efc761730eb0f7b27f4692', '0x14ace67744e0b85212b459b1c66c5a717de57f24596491de281665f4ac4edbde60c7a492593a231255871df2b9d16486c42f268cc5aa4cfb73fac28825ea05e46c288d2b845853ec85cac5133504ad910d5597525cdd04636f44ff4f88621', '0x0779d34d5b6848d4c30782c7a32567ee444209c2b495aa0512ea63b1a49f7a55fc8afadce0c6dbc7af4820fbb80508958f8dc48f0936e94815acbf567a05550aaf39cb4522194d0c95f5f52db96233812c673f1f991fff5df5b90feb17c90', '0x08bee62abeed7c0c4349925c991c56b0fdf5e07c934a71a6f038e89879fd238e72da55201a9b93a7de9c8351e89b570045a32fe073c1cc6c6e40b1d04de2c5199e9a5c31b094df3c5fdf0a5e2ea71b3e50723f97efdab0a5b9b32fda20875', '0x1b514963cd27462c5f862b44996ea7c6663b8f9475491cda0bdd32dd43f75aec382aba059609b686437594ebf10139864fc8c31efba6e837759273ef267212e2bbcdababed5b034b0b296418a6fb69c2d6150b255f92bef98393f97429983', '0x034c43eb034b719449aced9fd3e9f91a6b4cd8671fb165dbe7557692e11766a92bb8a684cd55a0a83d1ce865c924c1d57ccce24988eddc9f2950fdf3e4bfe188a6e715298d673ab14deefb428a49a1da2bef0f2fdf00f2c64642d7bab94fc', '0x1af0e3ec0daa710da1680d203f3cc4d0a3bbebf67732486489deef48576333d8b05122c07eb26ea05834d469af47f4e8e4b4b5f14ff27bd3bc56fad854531b27bab6b898144d63ca6b886750590f7f1942fe41abc13a50e1ea5d3f11d136e', '0x0a0b2a05ad4f318d9b2e25b7d75171f03b480f2bb1bdfc7fca783042bd4eba1368e424766f1ce22ee32dd20cc1855242fd011b4335516fc6be0c8010138adde05e6a048640e7a9ec347fdb0f124cfb66eb24425214aaaef2419ae1a3f3130', '0x0a336ed79b3d9355932b76d65c48b57d54b5f1c4fb1ad3095cd5940d89e2e8adf608c1fdb7ba5bc94c077778031a94d626d807ce0a1af8184ea60161fb07baecfad495a4ccb48fe543b073fe57425f8711f2b028ae14447473455d01a3a75', '0x0c333f0a2e4e0f5911f7904ba00668e9cfc28437be81d02fb9b80dbf30592e43e15055c06f98dabe041c6cd64031421c5475db7dc2e0f372ebea6fbe218265010a0af3f49aa0cb9642440c81a32b34abf58ec27d79a88762be04d9bbff2ec', '0x164300a0243ec8ee38168250c1b6c581750066287d6658a17247727fba21ce6e32e7010e2a1bed5f484034e572a19271d07b8bb4e8dfbed53621a67d66ceed5624a74ad16c912a97179c2e5df389984b63d8f322f46f99a45bee53c99c89c', '0x112d42c69c436d37540d9adf79f7c5bc0fa3d1e2809163a3df6d62ed8df6a16a6eda93b1f55a47fd259495abc8fd98c707887e30c95b6117885d6aa5505aa873d0c407f2ca85460051c9ce26ba3fbd9a3febe31d9fffd9f25da517ecb1737', '0x0e19a542b2a24b063b5febf60ac215b679dec62931ab88309db8f087e24ba501dd072b09b4e75552519db4b693bfcc8172533e23c364aa886fbbe47684e355a1674010a6d416e54386e90e7acc3d34730df11d79629450c6eeaf3b3fdc3ff', '0x16add66e0045dd5661e81a7c4d97c909430ca01138dc7df2e9adab2d0c9dc7c66a204dea13218ea40915e37619afa647933872b81a6c3d2b5d87a3da85144f9aa31b7185ac06861717468dda7e4d70bb5049afc2441086e131c04a4e8a425', '0x0b896b9b4e40e964c96f631da826662822d1fbdb9f35ce5a63460399f59dca6abd68c2578a68522adb3cd3bc0c9b18fe995ed3236a1aa2f901f406d4ac950c708103cf252122e691dd8ab3ab939828b543aa33b5a83bc0d46a3f0c135ec0b', '0x1b0c9e1226f34c706b85f9c6288e604d2cdf57073e3e6454c7200fc64fbe90c550dd4df86c19b06a5ef14990743e3c9f20c73423d2837e37d7e331bb62e5555998ce1560387eaaed0939ece298d4aab20ac9e09ce0b97905c0bb09683d6b7', '0x04ececacf26345b622a025ae679d42022fc85cdc60381785f69dd2c4c121c3b14401ad902f0be21efa51aaac420e1d9eb228b150ec1f85d852e829c28a544e572164ab296ae8e0409199b561cf2b581a4e75e05457b7fe088d975e1902ac8', '0x17a8331ef9a3b2ce29db03451abfb7b82b9e883185b064bdfe17b22a746525db892fc48b8055c00f10d5e781463dabc363cb43128a09d115a3d86eac97ac0fbf7f281ffada979381911b4d1e48d01ea525d0b56e7f9925c8c4e67c1f1f354', '0x165b395f807b5de34fac2f462bf90c40b287d48068ba72c0d22d129324e54f9b180878a79d14ac5d8028aad5a258e9a3282d153e75b4d8e13d875861ead613e5e13ca3fbe59f1fd02c53a373740405341321e4d2e4cf12ddc357c96203fb5', '0x1b4093ab2af011617504e9565a116854fa27ce8aeaecb84d9938839fd1af8849083ab009e3d294e550a5eca1d65c01c9aaf15b7b23518831439826a301b6367ab426a88b27656ca4499780c343bc5e225d03ed7a2608787085dca1727572a', '0x189698309a4cb649f0d059f104330b74ff11d0f3bf8083fa9220006ba0531cc8ace7a12a35c793de387f99db1ec4f2c0ac82e6e9280a16ccc951202f6a0303241c193afad745d464379a2f0789e69b932c433fefff7c2ea971cd71bf9a9ab', '0x059197712b292f651d71475345a27a443b461824bdbe45df9f5ae126e6a0d9b0efa51bede852e0083e908b604be31a43533eea3640da46bde3cdcf7dc0e874ba4e15fef5650b04d3ed5c0e520e9e821c4e33a84343a731dd3c8b43a88b942', '0x1437985882d42e0490186ef0318e92dd74928aafa439f32096640bc6c14778e20da4da178e6de317a9242ba97fdf8d157a8828f0738b034966046df50f76a2e8e32507af372a258ba92162a8c921f0a07c4e6021fa911e4b6d657fb4d46cf', '0x1907c626d953aa3a916686e96a40551bfd4b21a4ffc2c2432116d0acb79ca1bd8b4a7c1e9d774bd2c5179401682ba2bc23a6e88c83adfed4a8653bd2c20c280cae02a8a1ab40e6194351b98a17f52653f24c3bc31ed4d1ee42b5d00c6e8d9', '0x049b8c99fd6b0568a6942005a050ad60d1a76ccd9ecda7bb203aeb0b2baba7b54bf107ac82f5245404ed672c0e08e7c7a933bc4b1769fa8c076a753f70a3c965d890b1808a6ffed1194a3afc1bcd35a574d5bb37ff53a8dfd85cbaa612a90', '0x08f11b2ad661ab1a8ec54ed6864196851d5a3410ba8130e55723d6c0e9604550d0e27caea2578010024024ffb3e3f81f22661575f07753c0b81227e3a020506d818911106e47fc57b41ff390e9a5d7bcfd6e154f61c7e93ab1d0da5496c94', '0x097987965814b406353c44fd51011b3f94e1a390ca72adac050430ea2f08a670a056c5f5cd2beefe3b0394f9af5d102db0f44edc6ea9b0aa22ef96e1daa8a3bb5e32447c355b202438f4c8ad6d9e7c1c3abd90a2cc63e6bf924333311b729', '0x132b8245b82dcc20bf006da1493268f8e92f1c1f90d28afff5b72478034651daddfa50b724e222755f5135c1a7eaf0d62290327a9381e76a2755c28d55493b903d02dd39d29e79dab91342c59e23ee5dff58b2d152c24b5f65dc0d687dfa4', '0x099376a7819eca4e626314b21b02dba190d66d7bf9566de4885b9300441e7b7b2bc66b99f1d2e7b3e6e66329547cbb09846a15c12d02cbfce3dd74887a03829636766ec8b37a7af4c5cb9447df3a1395fc94eafb5b4c155895a2bad9586a5', '0x0a49f558af8aa104ce61aee408a749ec9dc8928d5b96cdfdf2d35602b87395cda7c1ba2e11de2a212048fb19f8213f0d08fd93caaabe81dd49e914aa3ce311109119615f4db0bfddfadad6be7bf3bdb67ae1e9f943295d80babbefdb44305', '0x11d7c04615637f0079244a0b2654c340b11c15a8d1af46443043702fb61b4a7c32288bd70c9fb13c3beb7e81c46e2c7c245257de3596a537a5fa66941a5efbdcf7f67d38ec581fcaa0bd9d31598039d6bc35527ccbd182aa641dafb20a699', '0x0fb2faf9de33f2d62eafa66f02e2771b323938430289a86233e07a4f4d34a771c2a490e59abb33df0b3d6e3ddb871ecd1b4da77272abf93742e37aadad68d09746bc4baefbe851c277a55ba53e8e676513ee39fac2bba1dc0452ad6558636', '0x0ee73b9645784ca4f8327a5281add1cb2b0b7ce0a1bd6a9eaa64f9fcdd00de2ace173c951fd835cb0ca76b18fce988cbc54bab161c3baa90aa1b7176639fd6363ab6e7876bccb45aa3e47db74bc978229108fc81ced28878194169cf258bc', '0x0ca754879925b782139a3fd39f617c7cbfc0026fa178bad413ed51fa9eb52c722c3a7e90fa9fa166faa3392dc79ddc2e997b02d47d019d5e419261c261e452b2f38289b71d827167499928040bd9e142184c13287eb1ea95646969b8fe80e', '0x07c074c07124146edb0a9bace5a500203ade90d864b721187a12b604e9afea3988d41aaf76d79f9461d8ddc55ba1ca07c77310233867b3c0b105337e98527030f3fb0602cc7b4695d062976f5e6ff4f7ec6408492434f3e910cc73828633a', '0x0b8b454b49c00ee04d2b3eebbe8e1f28773e9c0557c457704f7370c948a307d7f4da07029dfe234cd9e5fa33bf7dcaf10b5e9234b3e3f5d3b90cde80a4ecdf165d60ecddb1038ebb40d2b0b0dbf93bc5d7926204b40744d7f3bf511d12c20', '0x0be495587f2b9d12f39b44c9c82bfa465789274ede897311014c956f05a9a45385500962eae6c8839379a266b0f7aa487d1f5e35cb5a8fc0dfe2ada10dfd679aceb2f097c0403f08d28d9c956f5fc6e41d598253255e994c938f5c4306d34', '0x0534fa97fcaecb7b6ed032d0a62aa911433c3bc998a5699af29723d188b78db536b321202c7dafe37e9dcd28f485894e8980478801824243e37b8d8fc535c8b84fd5880dda7a11f7c8a8deda5725f4ece4b8bd3a69c64fd15051823c14bda', '0x079b5464ec1bfd3ffbda4e31c66bf926c30552cffc34ca36383b66e1241a9c67a25f9b8ddf99bf6d676de1c24efdc25fd57da5425bd1b08ca9023da3fe3604886d39942e224355467aba698149cae48c47091975a1043e056ca8bb83a4da2', '0x1149c0319971983879f53ae851915dafb4f381388c194eccdc557e73bb182072994f46a72ac0b89f1cd6a70068462bc04eaee089adc8778a3e817133bc97b2f046ef02e47f73d76437826f4d6e5048be71d3afe11a29a2afde0a72a70561e', '0x10d4555546bd228d99462a35e78b4b8e9f7650c232d2520184bf398dc782ff9dd18870326f4a62409b6e4d35c372c3628d3fe74ad3742386abdb22092d17ed8ada3e4eb4f9cc2af41319ecc26d5ecc5f8c99b433ca933a62c5899f21446db', '0x144c3e70374e2bd0d9bd50226ad3ae2587174bf8b1eb78b7080e877d049ea8f32136e027740a80a4cd6cd5edc04b91f4247b5a17a2c183d21babdf9cc1053f0d26084df70de27f69580ab9539f7153e1811b41ed3737b4c29e46bf9902a8e', '0x14819b19cae914e65b4c44a907a49f9c187052f8926b9b85e5b6171c24d2a1e9c6170ca0d8e20a42de02ee4507262b7303ed38292eba005d51c2caaebb76ae0733b3d8d9ebd51fe680295efa69124ea0de11aa338e4e4570b9b93ef2ee321', '0x0550502da375eb98b1c74e5041b7c147050630da88ae6714660fb6dda9549716322b1014a9cdae2191f9f1c9cc6dbd59c80bdd0ab80be2de0fa3f37b5376d85321f7d8b8d4daa43ebaba7e71a4098357e37403fac818e25dae065b7998d64', '0x035fe59aef2fe5133a382cc54fe55a3288e150b8b00a066200ca62a74a3aa77c0f3458595aba5593e2153262ed2cf649b755a708196777f0843744a2d099e894a7a6910f6fa9d9b78c4a0498af7e7b2506a82040fa6d8a10d978d7e6e9c6d', '0x146da6548c77fbb7da4987868d163c223e6c22f2781afc68c41fb8dadd22c50605c4129d936208f2eb6410fbcd4af304b334890245d2e489b7d47b2a645bdae1cbe396ffecd231c2bdc52ba70044c364080d90ea727bafa029627f3f0b424', '0x1c18886eb30a7f5f3f523fbdcaa2ed8613a1f7b795dfd7ebe23127c59a171b75e40b418154b79ed3c1670bac68fe3b8dee113cbd19d59a9e9db0b8374c961bc03bbb3da6613f0a254dc09465b938d27b193a37c976e08a2fe4e9e8a3f997c', '0x0805b9aa0ddbf5df3137488817c11c6b5b5d207ef6dd368de2279dbb239b54416809fdd3ae4decde5022690afba4e68173ddeeefea16009d4624c6cf7f3cbb4dfc0299ac4afd8e749a9394ec6a83cda844c7e9e70fba248f85d7e042427ac', '0x1783f8d75125d055708a6b358f3a6c385b22784fda88b48c8b04ca807d89b2e03868281adbee65876f6a0625ea342ec3b9a5ba9fddb588b1df5e2c1a0e3e36a5a305bf6704361fc309e9ce1877fbe56a23639b7fe27d9ab4b129799937233', '0x1081927a315428bc9cf31b73abb0f4e5f95a9457988edfd7b370d56c64a7e00cddd2386c2bbcdc8d53ca153fd78a24b7dfc16e66789a58404faae1d9767fb7b4146be4b30588bc3045178e499e9ea5b40a296de9fec8a0261fa3a61b3c048', '0x1a76bb3e45ed7560a3afcf7f9149b8d67f92934c24abb08177e4e0461797d5a0855bf2dbff24afe5d07621559c660141991a29f3cba495b4cf2a49daba47f603f9f8b3262a74079257722c07ea3452eeca17ca7b952dc0ca2d39a6b995d67', '0x00e37608b45d62b22a316262c06ff365f56c62af9522c6199758dcd7cb8f1df486c62ed7974cb2ffad37c2502dc9c7379621eb278640ca73a3303ae7c61f9d1852f8e709d72dc472f9b3f839f91afaf793cbb3d2e43bdb03d95e0e923fb56', '0x093643994ab038f6b8abf1ce7638b86463cda79cabd2266ccda92978fc5fbad91fbc7145bf57ffde4575bfc653b7206874cd86a84aaf775a462ae005217ee82be79eccee516a1096a822da8f6ddd41e6e03f38c168902758385f8904e0435', '0x04174787ff12a1928879f6d7de040dfa94a67127042a2e02a5215428dafcf6b833115c50a782cade04d9948c2f0018354ce7c7123e205eeb5a666275dee6ca01cfe0bf2735850fa417e07d535d73d578380d750b8e1eae4eb46276ecdb2d7', '0x059a673289a0a970e9748de7266f048a3bba6ec0bde043b58a9ae684521a37c4e324236889125549f3f8a4896bdb9e5593b78773fb76d7b69a0f0e247c649c362fba031bb2bec4c6e8098e40284987154d143bb07d47fd385f202c1e79b9e', '0x0ee7b83e37499f8e96306e2d8dc34a1a19be68065c94ce7eef1ca968940e9ca19c38a6f6c5eb15e8a2daede73e4963fa0e8e4405c1247236e6323e834ba9b3090c423a5c4f6f4979f0fb90d978bdedb5e2c9c944b4248e19e483872d264ea', '0x17a489774dd05999850d7ce0b4508e7a22741e80c2cc6b4c582cda89576a61dcb6e003d25fdff7e2e10581bd86ab6b110bf34febf1fdb6eec3072006650194b6512f5e1ae871bb4ee2b3a5b798a9f38f103c887153ee1f92ae04968bdcb50', '0x10baf4d2b36d937963fa5fee8415c43f9cf2794da937f30c919504a7eab06ec5766993cd758ee45eb185716e536e62641068fc616d8bdb08811840b69bafb41d5b1dec5b94ca05204babc3b261a528449dcbe015ee27a2f34e5cf07917091', '0x11ff427e0f43faec01ff2b870895385cb3b46098d211e32edb49364903e26a9100538927e1f0854c21f1d2bcb626e793d7758b29558a2041a18a89d2c621c606c4ef8ee0a60cf68d33d3e518871e63fdc942394e4c235db5fdb3ed7a1c01c', '0x1c1686c43e613ec40c7e247c483f55d79102e5be05643cee87d077887e18fed1616631b53856dafee94d4c8a64ef24e960623a84e32e46452c0859efaf1f202ff324cff57af18a20dc421b470953e0b2b9b978e79e33f9315b6d66f475ccd', '0x0dcb94a5ec7bb241f3623b70af3cc73efcdcb23e7d34225819eb4534e35c3c243bace92d6e51b377d669ace0c14e397081659d13340562e537c5402811e2f22c03900983500c93f775994214a2aa6d3f20b533114464609f8255ec248141e', '0x1bcce5666c64117cd9725d1e83c99f552ed2b89b2cfd6ac2b66ad21ab884956f537cfbeba25e3ecf1d3ddd0a49c9c4c65ab16beefc34d561548689a40fcb587b918d27eb244eaa9f4ca31d41fdbcdd9443717e1bef779d2862e0540bcae77', '0x059516f04a63d9fcf0cae12ec3e602a5f1e722223380db5a9e4d34c3d4e5edf92125ded6a6d2ab54b37dec35bcaba79bf5afd06c9bf7e6e09a0d24bab6910373ea443af4f0fa47cad41b709c2e33eb5cf49a9a8c688c0e788c7c5bae35106', '0x0a7d8102aaccb158d37df829b56670a3f7dc74cf09b862a21fe3dbcfae8d9278ceac89019927a44991cf977744b608624f4e1d452d6091a5e24d948497fb6b92d2888cee50f81f588cf0b82826f31903cc1ca422adb1a3c06ac237dc6810f', '0x14cbcf31da1aee7c6abc8c326dca98516689bf10d9b4a63e25e0e5e9bcefed9b6061a2f9e096dfe6eea939a8972b9a25e7db19873bc2525d435778dfd448e81b8413d8915449909324aaf8f994f0b884040b7caa4bd162011d7f89949d89c', '0x188f1e3649d0ae4a36cb10383e85cbaaaff58058ece83b364180b8ab59f4194cd0a922cca23cc31e161a34ca28f1b8107c012866c80114cddbc3f80b928fc564b0be78f9c1273937357963827ee058ad29d1f8035471a28024cf3f29a02ab', '0x169c4632d2f5f9dd2cd4b880e31af6459e31597baa9441548b92b10ff0cab4cae7ec941f020b4864d2e4dc1079dcd2fc75144f47f8bffce7dea631879fca81d974b6f5042e6724985afb1f397c5eb8432646559123b92d17643639b85e25d', '0x1060f097e8c22f54a5cd5d824dd3cb2b65ec5e8129311bc3749ce4415621d7e517551275a8a7c77d4c5c35a67375bd191de2e5dcebc627f6f88d31ca140819cf8d17d7dbb8019fbc4dad6976d7f21aaba56a8864f6bbf009d9311e00c9c02', '0x00300b6ef4245cf360fe1e9af3248350d4126af1bd46be87442d2f77a01d91cd9aa8e49bfa1a0a9d2cbe1e55f9fddf1898e424f7ba82eee37a5a6cb8613bd7172eaa9c5dd46534704a33e862e116817980ff5238b0939ffec8f31d6d86dab', '0x00ba5414eb248740a619df80e1088bbd22f497d27b180a59814cccfb7a9557ec88a12dad34edde8047ca4a55eb087fbb9fc9d3bef601335e442e634152f8f471357ad772d3711635b012e7e03bbfa17263f6ab7b618bf2a4020e9772eb408', '0x12edaf8dc08879e4572221e398cba847874b9067592d631a2036c8dabf0b7c3354d993927e4fce569ed2966f7ef8193b634ee9d0258bbb8823dbbbb6cde1d0a0e03af14953b6ba55429993142ebff04442efe6003fd6460ccaf5ce128c1c6', '0x12c2aa47cac211207a6d24d135c5d5defd10a5f520967593efc0b95824bea6b8dd5bf9c38e05d81fbd79768f838757ed42940d42563ca15869827634ac5a7d000d944ece218d10a9bbc0d50d84559917980885b7f4ebda1716a9f8b6910fe', '0x0488b2e24397c5db614970c1ca695342e40dbcf4d0a12aad53874639fadf61e7cbf402dc623d8e202fb04edd8be916c2335d15e91d4e91d34947a5ab7778042df493128a1315770fd857914cea4089569d8ccd00ad07d9d400ad491fabbf6', '0x021dddd222f5f55e04a7c277112a305589bf8563e8239ccb68551a8046502e8109ff04f2f3ccc481a8293e52cee757b9fcfca304ca7715f1a0c6e92d10aa1414ac6d5bbb123f4e6c9324e423b1f7003e472f32c0ad8851199574f605c8865', '0x15df3b2b1f2945bf467feb4a0b6f559312f6cf8dfd4f5b5e6d59e24086a27323f9d94fc5af7c161782d646c3aa6bf689cae3a69ed2352eaefae393d854d16147712e8939ae9316537e2ac2228a78d1699959ac24aa49e15dae67b0a4a299f', '0x0abb8c0146328b836f7bfa4a67891ebea1f8f0c3460afd4899b05b715b2ea0f558d1ea5df8c6b0d248dc36560516445e1b14669c8e4742b3b8e0fea6bd3892026cddb1b19f689e340e16029402acefa2cdb2a0bea3cf68bf694af93b93e6c', '0x1b7f45f42684219c3da9e479820916fa207d2ef0dad218c81fab049b08e22f996f6f3f47e3716107090013f103daf2037d1059dd796531a06f46211de787a1960a61f09d3de19d0c1892b5922f25a66a7c5d4cf949288ae2d90fdfd559244', '0x00d5a28505e454ef28b2401ccb5a62270baa2d7d46e2a2d6e989a0d936ab497bc266c55225b32447f42860a33d80a01aac5e5f122987bb4ba6cb2b6e10179183aaf54d3cf4b244ab4bab320aa305389b4c945ea0e17aef2885861c293e880', '0x186a77f7154b4d1a317ad12c23f810466f352f5d6b77239f26ee952b7aadad54ea998cf9a0c6f26fea50ba7b50a4deee08bbecf4d20ee8916b6832bbbd33cbabd700b300a85d91474bdd5bc4bf226b8936625537dac227a390110bf336cf2', '0x104f6edf214079ae4134971ce4514b591c818bc11da325dc01c63607c40c7377fb447ec758d0ff7cf8eab3fb275f5458ffada6f38d8b52fe51cafe8574df03b969357c3d1b277857eb0aa7c0706d5af1922590ed2ed68585722d2fb0d24df', '0x136902840512f60c0e2e67ca8fcdf4d0030d599a9f0cebc202a3ed6cdfac6acd3f777d4e44d9438b73f02d549221de0231637ca57cbc9ec9b1aad2afab8c47121ff9aa7bf7b742555304a558e35b17a2bb4fdd47166722f1fe670708a7e53', '0x07b8811e1d6ea92ce7e8e6ebb31c3120bcf6fb17fd34a67ea75c40495af4cea23866a48478c84119a1e2d01d976939778484dfd40a8e6b8a1495b49d33a6f1378f6b23837dd48e9136d13fccae65799e52602737f4915fa925dcc8b0c2a1c', '0x11f1f9006a711217ec954066157d9ef73f90a9cf3b1eda25b9a16fc7401cd504cf3505551c6e3ddd8fc3937877853a40445cb41f8d49e7c0784cff86eade85e55a5502f69e83f3c4edaae722872ba37bee5bc9316ab4159d0d9a003fd43dd', '0x16b4fb87484464d20682ad1c86ba14e9f05965b328078315253c0fb58420759792635a784e0b8584c19813fdf9d9998203c690b8215a56be0acaaaead8c8c866c0277c729d34885776b3a534f3a16283859d83913875fc9aebe870576c7a5', '0x08eb42febb6efe2407ac31bbee997786c330113d9b40c503e848f5169eb417c32ed4bfdf1834c4abfe7f66c5968c127a1357e0ddd903fcdd265ec54b63d1321b1eb4e5ce1af923385559260d0fd01f16fd03a66f9a05f1fbaee428571e3c7', '0x02f99d84919cb94771a1a4d3bcc5a6506c5950b8f5ee1f9988b01a282ab7a0f00d01501ad9c8e18119c5f411361b1685947dcfddde9d717f34eff15d89f155fb7a0230b9a950b47ab82fe4fa89123d9210bb7f39d12f1775ced90242b6735', '0x121778ce049d7fbc0d0feb17d2ba97554383a007295e067af1dc0f87ca59d9e381cf55a01590b67a634c3a66b36b729c0fb374da83b4a8b9da5902346985fd7b209892c68605632bd8dbe21fa6dd19b538b1c76895dee4f3b74d264a67aa5', '0x0a74453858c3a3afdb85603045541b4f19c079a73a36a472d7a5c22542c796094f99419b1478fd4b1458332fa7c7b3f989ad6fe0012e52c55361d9158f0a746bbe8b36c5e6913160606c98b3b99cd90bbf84091b48d6605439505eaf116a1', '0x070a336b2f31f99caabfaba267281a81c90f1ea7ca33f2dedb2d05062447b22c8e791737400dcdfd8d84980a20c30b02cfba31ec87b9fea875b1191fd8cc3798adaf8e71efe7469a269d13cb80d89c7a000fa24ddd62d7bc72a1ec787fb8a', '0x0f7ffadd45957dfd14e77b74722e8862d8cdb7788f19adda0e50271160734db474530b7e2982fe37e9a5d35b352c09dc29cd768bcea1fbda16754fb5c982343bf95c80b51446c36ba22ecd9ec322d511448bcbee040d087d9b39a4f59f399', '0x13579235a006a3ad90e37c4cee53a85dc1bcdf7aa5b379a9fcab42dcf940e1972f8a94f1b7dbfe04616ba5c7c0822e37a0b99d147aeb7db23df9a5bd0de61e7c42a4f86add83cf16671772e89be6c2ef84d90cc4126a837d32870c025519a', '0x0385d0030ac496a11158f2285f4d6a47c3f7ccf2293f78e7e6f51b19f88439d200748a268bdc1b8b259e830b41b397ac3edf00b8001cd202a1320df0cc24d5c5a564454b3495263d0e4c1722a4c8d0dcb041bc4ac9d5ee3348c222c7d17dd', '0x09c2a939329b4549114c75c3baf672f41eb2153e0a06f397c342fd9ebee5b5010b0da5914fd6bddb1a060f3dc0f9c35412910b20dcba72c48f56ab2ab354d5fb8f581cc450701f1a0df7a771896896f9e0f02ad558f6db1f802ed06ee6667', '0x0693cee6ad71c3c0abc6015ef3cd3b653235954407c5417ab1ed5dcffe39758984303b1964623c5ea48dacd27ea6d75253aa26c684a457b896c1cbb5444f1bdc22140d89221b7f1993571d1f12dbb318bfd2b8347103252c10ca0ffdc5dcf', '0x017a6760d3b09a2ab1ef3741539fda842072ca6477c80fde80d9be01f0ea3d42349baefd3342254ea689cec66358e78ee4a551f3f6bdebfda8e2bbf33d0e15710a840ddf69729a2d37195444ea97f81bfe5d089b97be612a61c49b4b3998d', '0x047d340b10d18c8a73d2cf01fa1b4e690d136eb4fb4098f72761d67fa78cc18cc6b4849f016acbadd9782f2b91b34b0f6f9c9a174f72e8986a14cff8a11d139761b7ace7d79dfc2101349cc81ebff90f74990c8116f4cbe450da62e299a14', '0x07085994a6e620b946f0f4a7c912dba06a4e21b9972e9effd663da05a25fdb8aa895a3fd77e7caeca6293eccc6fe492326d03dbbe02c6c0d539c2b1f95339801b75308ebfdf531648d5f3a60432939ce7dcfe42f24a680e9bf033675d52c7', '0x016a0d9ef865e28a455272d8361fa8800b69d5a258a79164f5e1267e158f48f721a8fc00c868ead8d0c6a3ae9f447819e63f0bbfac38c381195eefb992cf57b6b057a5c5304e170c94b108ca29b0e73189e61ddfcb572ee4cbc27e441b3bb', '0x1472a2a7c4c2c972bae7d061310033a18776e8d136308da00b9008d0c3520ebb72051ad2c04efec35b59a023bda5f1b8d239c533764670a9e292754416bf321c45902f1cef55aae1bdd3ab858df16a9b12d3f3550cf7e2a2511d8468a8ee1', '0x0ee4210b441107e84ead4b0cd96da1c069351b6b83e9b33f22e8d3b3f625e4f4a3fbf1ed063fb44da49ee82c6de0977cbed3f767c3af86a22f25d8531ab75465691db89ec3dc7079482750fd390437cfac32c4347a37226b32fa0f678b1e1', '0x15209f469f950c3120213a709bb61888f0d9b5d814afe8125342c6d5bf1de7ebbf3c578b0b1d7244e9e9e813a7df6e17e9f26a7b40263b41e939432e8d0050a3db5e6fe9c1ea5713ce72f85af2257a7412d08425adf96882b3badd29b4170', '0x07ae818a1dd492c73460240f6b2a30fd70a5f202cf977c45af018c4c66449a8e8693e276099322069504e72f094311497c2a16c65f69886810ad7848045d0f8d7326a836f1ba535a3d103ada7976f254071a77ccd3859cca8ba7ea7bed5e0', '0x125a31e22652ed250d4dfced9e8637bef870cb9ca529aef765ddd3261f6dd70caa34586a626839f2352e4f3b7f989e2b3dd03f67e9e7ccce6496dad8978108e7d7b91e402f4d84fa3d595a19da4e7f2506eff19f4f2b6ff9934200f7eb10a', '0x18546347b6b9d29e087f54cb50b66bfe0af7d5485dce7439f257d626dfd48af1b34797f534f2771738c79edc3e67e96aa686f9fc832477d7bb818b855a273c41b7368befff321e6a6bc34b36f0a70f426c34cca2799fab1e454bceecff719', '0x0ff163cc5e9b4153217043c3e94839181d2a04c9598bb7691979dffe9944ad55691d0fd8dfad6722a2e1baef276c67116a7af127e4a35a504761f886ef25ea591cca353b5cdba138cea6a058e2aa2da9f818676622986bf28191dcfc1ee3f', '0x0674ce0f9053f9832a02a4499f0b007c8d40f458f88870de4b7b843b8c77702b6f3885b84f903a8d3d646ed176163cbf106e29b04b2f661eca71d331df2e0523eacf611824b07b66568db58330f8df89fcd4b751270db6ecbfd29cdbe1b88', '0x01fb127ed7e86c3559d2a4d0ea7de0e0db46192facb87179d10bc633505f5013e505bd84207a29a89b9096d4eebd2026f05104ff22f9d12ffa113e422b0adf09812ad08d22f734ad70156f7fb1925f13b38e1286b1012fae0265413d6127e', '0x0c7ba96fbefadca387bb6a56617d9ab6144cbadf4054b72ad0abd285d496f07745dd71a7e6aafa11b4a921b80b367542f758818b03c93b5d5d469324dea3c7d4d21eb5eb0102d2ec4f2452a5e25771fb05da5194ae1fc1c2f90bd118276b6', '0x021f558c98de1c81308e2cbd9506f0433484647103be2f3172b6ca4b71fba5a18c3c0bb1e6feba00cdad9d96d6204577cd6e13d26ecd0f0f672627013ba9a9eaac1ec5e93a3650a9805efb927b4974900713a72ef3580dd74f559928c8178', '0x00332a19e0690ef814040282633a305e0a8f7e4e70f8a8bd9df8e35c3fe1c27342773363d49aabb1fdda79014bf152d14dd931a1f26356c08e93459d9a1830cd3e31ca4ff67dbd4f213824af62424c0ff87c99a0b31406bf1096bdd5ab427', '0x19abaff6555fa4678f6568ef20a4a622c955ba7245b8ec2f8d3d494495dd2fb64953271e91977a9f5d11028036e2c30a97b10a73aa06e6c0165638899b4644b569250da6be3a4643d44d15173425ce384ef457b1c3134e3e18ee9680e1caa', '0x1424d009a82d5586f2c5e0c258f7b3f337706223d783813fa9a65a5a34d80532f6819183fe6f6347ed373e18c2ac18f48c525ec3dbf93497fa944a1b1b117bedaf20cbfaa9708b0658d5df9d8837f95b73cbd54f251eadd18c0badf2f1c9d', '0x170932fd42b9dd702634af4a98b00a3b004e10f0d059f540b24ee14b324a4b8e60b7b403f328614b7c0654f00511290208d837b4f68ace3f3854d8a527e0245d6b5beadab84006b5f28a22838fe019f3e817a8f8999be7f129bcddfa34826', '0x160b22a84eb18b91c47fcd1b3c9aa4a27b4bb4fcea1d0eeebba0a0228950e0b6986572fec0a7c98713acc7eabebb8aa4b7a79216ecc6be85faf396c36682c6b057306fae0bfa20c66bcec485f18a9901937b8359e55394ca86f73dc692952', '0x1a53cd197f894887a4c1ec0663bb5d282fc936b0b8ed5369ef9ce4336c6f2c2af536e5d6ff1a8a12a4920876e69b5a4eadd78359372f8029ff699dd180b68a5bb97dc60f547419de24c604a9ff38368520898ca02082c55250d5614825df5', '0x12baf379afe1e97a274bac89a2523a22780effef054c641c1ad90d1c1159cf6b120c35e83856c3034bf1ef3691fad1be5fe861cc0157c15064089ac6043601c789763ff89b353dca9cca60f9072a5191a8c3caa3463cf15be094e6cc03a4f', '0x0ee641d55093980fd0c239c04720fdaac5cab97495a36f3a2507659b66f81a5cda5d399b60aabca5cfa68d9ebed48a90ae41a808cce27b3c963ada1ef6d8153e059c72dab9133309562cb536f03cc8874494a96f7b13f1c0046ebd812e994', '0x06bdd01c8bafcb596353778bb9d548cef92a4a14956a5f35f8c4c2b9db0f6f261f727a97fb55953b1b495bb2e1fca302a7bd7bab5dd9d7f73cc067f2acdc34976caf178a0f9e01ab519f07317afa03010943d73bcbe8e30d3a28236320c10', '0x133ef1fbac155dd5597f7e2f6c3e1903ceddaf0613bd4875f22926caa4b0f1ac4599933b9b8626a6e4dcc63eed18707f6d735d8f8c8563bac5ccb52e6bcd5f26fa2a49097d5c7bd8a612460fe7d4f48e1a8865cadd0eabd5cc0c6793c92ef', '0x1902afaac298e513861b968cd17f59b2761c8136d1ffb2b1c92372c2a0bde5669ce6f35b2979250d3516c17cc85d67be1a7693a6712494538801b53256ec0896b66dc3af4e4f2ef6bef234f12d90c7ef416b357d66918e261a959ec5b358f', '0x038887638a217474ec25c3aa2884819cec6cf2e249b44be19e265527120ff911a18655933a7c8e4cfbd05c0afa8a08baac0ee57b495032ec33ce7775f8cd2e46c758dc1729e88ee3f206d2335f690b0f19a5f8cffe7459d7ee167dd0e26aa', '0x16b61374aa02092c4818d2da8123806d0deee5239c5d8972cfa5aa22914cd356057853b67364d20cd8972ff4c2dfa84000310dc81edd0d7813621077fa3e6ffbd6fb60cae3349530bb499896b26e9863693eb42a77eab261d18c61b4ef550', '0x19a905d7af0c8a191a1da01a1483f888e559a037651ef3895de642c24cab59e54a1b846cac4b50d55042f7e229b57298c65b7b5603ecfc72b53fe6e6fc42e2fc5925ca8dab92253c4c7f1f36caa163a8a5f9bf661a33591d2f09960171174', '0x0ebdabe74fb70963f9d449056f49f5ba6fd3bfd992889aa3b1779d1dfe78f83ec5c050e9f88b5692a4d0a2e46fa058e78a42160f8c246d24298fd336736f34ff7a361a110243f3cd5222135faaffa0cd012faf112d759c3c9cb19bc1f3e02', '0x0ca78b94c30758f64ccdfd0bcf2694e6015f5e7af1cd2c37a1261e26cd0efef8cd6f0297e6c7f97b364ea8d397c3728b4ff29703bf54ff97915a045059f583214c604449647ba56e83f35619b8066aa40dd3940f8087a4dfd80512bfa4bc7', '0x0abdc7423413370454d942dcfb3ba7cb1224e83e75e4fe1f9e28b75abd8ef280ed86671c97a500e6735eca2731aca5d34afc42684ab374db92651b010b9bae1c3322fad71b92b4f169bbcfbe4bed394856d19d195c4ff342bba0cd40076b0', '0x19e79f484714312e1f4182df85bde4dd030c496445844f30312002f23c66acaca4f99e175bb1e240d476d4ba74e5c70010f1b81180f2370e8ad6ea9f8812d81e8c1c6d1dababb5d766b903608df661c18169d7e2e9e7045f92286746e99b5', '0x0aa8d7fa30aee688f4a46eb7aa5a090a8dbaa9673e1d15800b0039f246f32c4f641e0a46356f259e25983c1896037fafe9dd143b62224459756652c007c1a430debb30e5146bc0f5909a081e181f2f70e93f1b38a3177d4ca74fda7e548e0', '0x18b733f6179ae294ec22b4b1e3f132bf49431d26f8b0dffae3665694c884d372ed4bddc9608f2829ed63fed60e3345a3b49296c7d64a00ed7e8b17c4f3592f4557d5c47267262ff76d4d8e655cdf6b21cd1cdcac15d7f51e306344504b813', '0x0c53ef135257fed4daf89d7e3ffdf82f205c8aa23c406f0df1652eea0c30b836d96095dc574989a098fd2f6d19adb66f26bf7bb3d60cbc002162d73922bcd7b6ac8eafc16b245c08aecfd11f666545e7239c22ed9e30936aca0e402b8f019', '0x0f727afe53f188f07c12097fefb5573719d0295e2b8c210ef25fd38bf918e0cf9fe2c0c522d0a7a336aa1c9c1c70375cf99f452b447ce2d16b0a8505327995a5abe0394139f6a5a127b7b1fa75620aad4404ca1e9104cf8faf05d15e0b124', '0x1721b8f2fc22ce60a1931db418fdb1ea272adf9d6d5771a58d5199094cf40f93be5ff60772f5677e1e8cb273f06aed1c087bafde863c0327074259118d9ff4740eb9ac33626845e05e1c3a9302f3b73c6e1385bd2e6416b66bd43c9289ec6', '0x040103811597448d151427869e08716c65aee6cf8eeb29ba90c100a567f0c5185cb52828b3fc4f6cc845b7d22dbabf6c27886d3e3d2d9d4ea60f3b89b2aea46c1037d82eb38b48771945d1883132fcabc81af25cee089db0f0ef428819b15', '0x08f5039274de39f3443b0e312e431548d22367301aba4e5d023f278cf60ada2429825ddcc5e6b0923f18b82a84ddec7828cbeb9d06da76eb986595384dafdfa65d77585add2b7870760e8fa0e0c98132b9c52fd564b3b5ac232934ec16182', '0x03571d957c2c982263184c19bf217ab9ea9227a57a2f3b224cf7c89e451ceeeb89d87de4da4d6e5e38683ea7a11ec8adf013cb2bab1ef79f472459deae29b506cdf14b015cb881d72486ceddbfe150e1eac25b8f123f830953d8fc0d1376a', '0x0c3ceadf5a47d7f1fde673d4fc660028940c2a648aae8dabd88c245ac85c65b0b224d8afad1578efa4e568066b2794d11f384299c588bd0c14a16f70f3139723c49234a2ec619642a9511f395801f76b031c43c4f14c2a395e6a3fd8a6c7e', '0x0675509ff4856d78be7399b55ad84edb866a94cf85c712cc94e751e82fbbad8cc705ede0e2819993a87148e5c8f65e70dbae1f9282260756c9e9f0fc550649e01e5d75cd533a10237f69181b117fff622752b5bb65137584ccbf3ec58627c', '0x0d3953cf5dc35b836638a1927c5ae3ba5fdf151c47a30ab1fd57084270c15f572e6711f96ad2cc067d9610a42b3f2b313f7cdfe03ac786c59b9108c4e75f6eb555b7a0d90bbbd03496381e4dfaff29962f2939c41515cec4bb89c5dd2e374', '0x13de46045011f34b7662f300e35d85633b12c55be6d354c8ec76104772e32ef4fd0d800676e6426e2ba56258d8fe971e3fed85c4a92e564d848be5eed61d2401236f05700e470a6c04c6c914dc1426d7896fd55ed047f4c9a0fb18b4e6f58', '0x00d024e0a60d7db4392e1443f0a3cda047f77f15549e47dc170e40914c0716a4ddb237ce35947cf76200a65468bb51c0a1eb1a0013fdc1aaee0d06dc9285c847235203132aed20c49ac8e1f2291ad23412e3c6bba799d3e81ee7fd48d936b', '0x0e089aad0b5bd7d40b4f4ea8b346935938efd2b6f2a3030141dc6d49b4e8cf9954d252b73ca56cce8e2216fe15624612476f369988d409d49fd27affa33d8787c99bf2ea0239589407d7e4d8b4fa78f116ad393ad5ae6531d03f47c5c3f87', '0x03826c637f63752176c58ec04838badba64167b4b755f822a909bb6ff2829d0ef041b8a1d96378db7050bb78619e64ea5d80ade2ad2ccf6395c3a94c5d3a476bb9964a081b11990b145c08340eb14ccaacc9ee42c760d6a2ffc9d88e1f88d', '0x0a838788020edba70f749b90dbe68a27061900d8c790f814855a1f9160411727c6cd526c9f5b46710561bfeed62c9b6096c2750fe9a1b2beea96819e23333d38ef5bcc985692b11c8766c13b19bdb9c5d1bd3208dcb1cb0d3e262f4c1a141', '0x06ce674957fc3bd6e53ac2e1a390e9f8b39e21e3d59895183800545790127ff61b164904841cd5a06e6e59039e78bf8c226f477494a96fc84f1563703514c113eb6a615aec244dbd399dc3bf547955a11acc9ed8de9800b4c687758e4c802', '0x16d9708e63efc5f1a21790998c0f311cb23eecf205919d5b89973ea278506fe1966b65ea26280f32453bc00dbcaed022017adfab98a6535bbf2ca886db50cf28b588e8c249cf93ce1113d615103e22bbb311ae29c69568f016d883d564e13', '0x0db39afc10780d383a7608d62c264ecf7af555ceb11de244f89eaabb6227ddd93aaffb4ea82599c1b529763914172eb586e9d639a51f224ca6e29ec749bba74ce1126902ed7faf6dc31d190bde322b66a88beb1b70bb96f9a7f958a288c58', '0x1402973111cd618a467d3fc80a5f781b2aaa0603a13f6dbec50e0522a12257128b73415a6abf7a21388d6e9623557b01ecb97a56ade608098c43f3e7963fd08f60b3eddc14ef4340db0593a8fff1d7828dceac68d7fe3f5525157cd7153f9', '0x196f29df3a5d7f84ebc92b026994413139af3ae3e297d1cb6f61e949bab7f3cf6795e5159981867a8c012c97cdd5f8dbd63a9be8793eae2926bfa19d5c71c87657bb908f425d01b5c010e94e9507bbb5f0592554dfc8cd11c470c908d4a92', '0x0551da782f59eed23d695ddd9de77f4c563c4166810b8a3f3ca91503af82a86255b39d27b7997954d7d8a3513af94f94bb717fc419b6bea8edde9741de98e13a03902d3f622685e404d122efd97a9349e9627a71876c63726de85b15b439c', '0x16a59489b96d0b580319807fcc239a711206a6ab2e4de803b0eb6665d215bbcf7d274a43d72e4dc81124854ac7806e62321d41e51d5a7037e20ba6ff1cf2e8d9d5c3e59373792dee96c9614f6167f53c640d7275e5d6691bca81f53992343', '0x0ffc48ea53180767dbf66ec1aa0fdd4531ec2bf72fa843ca05fb818cf215552beaa9965e3154b54fcb3ea2c7c5827b201628180e537ede86b406eaf4944067a8a723edde8729528347d7d8b0c4bd5bb839126aa08c6987440361f2e7e331a', '0x0eebf389d20f7ac3fc7c861b2d29239539bfee47181644169034f4cb150c4aefa3a5ba275259a4918fa02175387c7ff24d29552e25d197b8539e89e38202b204edbe45300395daa6d3fe815286ca9d39b32854fbcfd607a8e3acd0d04e15f', '0x175ea3a4305bf2e30aeeff8cbe630a09b34739b636cb371bef7781f92bb68240e19eabe67e7b08f57a641a37351301a5e43936e2b6558679c479fae1b93285c11aeee4034923fe8e0bf4208bf4803076eb74aeab3e18f5278d175922e7959', '0x1abda28831e4f0a8d74055b07e611f1d7eb50ed1d8d3ff88da903f9c14631e78b96a811ca9c94550036e45705d43f19754fb31a4e0636733c53b7317ee63a60376294d5ea30018de7968641bd058f6c26763f5288f9c6beab74424f98956e', '0x0cfffca3a1080715620b67d8bdb3231cba2d63bc4ed1edd9f129c4546054d8653e62be0cf3571f5bce6f08685c57f97b68a0bbb0f15102e59031a9c3aa6677b51f7d55738ed9e28ca049ae8d1434d9d130490489464a8e2d0bd6b59f21e10', '0x04013e3ce77fd7314d09f121316945ec1109ba4faf6e58449ff148068341e41a5481b344ad03ba8c5822224ba1dd1faaf87b1c56bef3f4425238647415f86b21c2bde19299f2997377ce7cad654e61afcfa9a20abee4aacd8068d48e3d4ab', '0x0639df36685134d5a6355ec094899f8d3ba3bce756f06786d7bbd16f4704d9b51996c178b520ae66941f015321c121c01579c9af425c6c41cfe60a55b0700d963047c73e7b0d09c32a7087064bd189bd5a82e03289bec910a93ea9642620b', '0x00d675ad5674f079cbcd2d9fd5704fdb3cf963dc9b2b7729764adf5ca1d01f31867ae278d84a13703959b791e07841de1ea76b468e355a9d685683477cc4d7fa59eb99c1f929945061274fe8235683d324d509f6a70b79cae32c9fea785ff', '0x01e5034e4ec2251c9818c10acf5223e0b1e1ee8816bdeb8bec1d77224c922dbcd9dff993dcc625d9a658df31abcaa880a34ea3fc0930268aafff78f79e9750d2d2271390e526d337327995ab417f7a527f008801d11602fd9b75ddfe48b65', '0x01a581b094327fb41c859cbf763a812ffc032abe01ff91fad9388236b599c7cb5ce5d8995eeae68553571274a7b0acd577745a9d2859250e6ab6dbe9cfabd947fd0511090c7dd807e0dd307ffa2de1cc9a44a6b3257ca759d25dc143eef3c', '0x129d927b5839c40510762c06c4b1de692aa4b2d7c56726f92701d268c6a39b9cd53144233a7f76f20c3aaa760de702242ef2e2b866668898a4a13d6ad1bc4a11dadb9152ab149411eabb7d0f759f296933a290df877898208d2cfa6686c09', '0x092d5f75a9fd604a1f551222dc369acb284c14ada1bc2c0ce37a2cfea11859a122f8c8d62e600e29335820a1103e7560cc60f7ea3fd21cd70a63d313de65d984221c169c6883c78ce4a19fa55cdc68e747235b064c85c2ea198d2c39c4560', '0x01e4a68997c2c9ac546ec67ad7f13281dc411a968a31374c06bca0ede26baa0fcfb8f2789ee806a21c8aa48f7818b726763e25217e1a77d82135b2958b48bf302645d6ae0f8e9efcef18dfbb24a9e85a0d8c01732ce1ee564e0cecbff18ed', '0x02c262211fa55e136008d1662e63630da4b42cbfd2c2f847ddada0f8fcdf1df409e3a3e24dc587bd1450f8b52c9f87bebc6401a72b0a918abc1e497d86ed0ed43ba46068274b2beec2df147a5db63a36acd6b73dbba0e99a16dd2a7769f39', '0x07f9192bf4813457c6fd6f8d0fa0a10ddda30b81b3bb6b24f71253ca4938bb9fd8df391d14c8488ffc11241ff041c70412f3367bc477a6eceef7a08a1651cb480f8d0719741ca102262fa243428b5d05b2a91b4a70951d1875ebdcefec279', '0x0429b67f839dc0d45722cc3acb63e577822303adc241a2fb1fe8c41b9a6ae3b780efc1212233d4150fe27ccd6d79a9128a4b0d58d7db35d730bd81b322aa36e493dacb64c2ebbc4a46588bb8fee6f9cabe19eedc0782718f148a258abaae7', '0x0768505d902e4e95972c3a0f01421dd386a1185aeb10724436899ea171d1f86b5bf3026796f1215003eb42274a47927c095e98fd8ec0391ca88b7b5f7bb0ca45b77af3135c33d8d5ceddc8ecf7693c6e8f25cba8b48329cb44d951e371527', '0x1148026957d6af1c3c7dcd301a34611c75d5ac4175e3c2d01cc6946f083d91297413a77177e038f61f2c96933cd34c23ede151a206ae233c89be245bc4bba9edd8482e602a38f6a93f265e4d4e09c787ac33bb14190d879eb85e9e2adfad1', '0x08456431d0ae714c7daf0c6fb72e7a8a27264b3ff7f904856086dcd3165f003b47f5db627bc0e1ebe4d1d977e69b13e2cbec58af460b7a835c1de601df8a235632de6e215f084922f25ba582128b37d8ed75d033bd27cf0b204dce6fa3c8a', '0x122b22444e2f23beeeac29c995b22390a81bfb12c0b610e2a79a55f73d88c7ae34666585e1afd51ee726a3be81ad8e05cdc3f519e9201c754a82d32c42c48a3d4cda56331d5ff3f0156b4393dc9fadaccdc2c9d96bc6385b88a137bbe8394', '0x10d58e6539073a571ac5706320858bab2bd914c990ff755e3da84b29c0ca79c2be87baf55a13f17b27235bdefac08697990b176b40f312ba9e40a4682c0b344b1cb6a0bc9af2325de8e8045cbf5be1b19484870bcfc52fd5032f7178b04f9', '0x09389e54101f3772338bb356b020b0cb8b5b4739c43b47009ea2027e4f388cbe1d65ee0fe14d6be1b71aa5be05798db248639516a6caee4e9afcfedac15b7ff3388463f2be5f56e87d7336d0d9f909a0c16dfe07cc33e2d5863dd61e98db3', '0x18db19c5c5a51657820aebcd0bed4902630ed996153e149aaaa77825815b5e94b882e2890fbc73e65d90a48407f9b5857f0f7d443fdaf44dd5fc6e0526b91cbc01dd0623e991e3b89661361835116764069dc4e86acc8d74f6fa90a68e9eb', '0x190635a20dd8f661914e3e6161abd9b51340cbb7b50766cb7bc39976f945a6cf89257add678f9c16a60dbe6e623f318dd70664d50f12aef9456b76d8bcc1a5bc1dbc48576347a13e37713244f37b2d6a0acbf767689730289e9aa6fcfc651', '0x084f5e75a1624329c0f2171061d09633218b6a684010328e83e8f70831200c8bedbdced00d07ac3a72f29b85dd0faa869c33737a1476b0bbeee95af3f93ab7874cb736e7376ac121930321192b19677934ae8ca0e55c3a4f19e5e08c5b757', '0x0250c68d9a5ec29195a5d69f6a02589e29976eb30b86a7fe08c00440991e012d76b97bc912e655b2a8153719f2528790d9cfd875a667f692112b95b70e48fc67ef6e8d28feb28cfd0ee2a8e8e2e4915c0de8af3429b42178d0c73fb0849a0', '0x0773cecc5292fdc5c71a0aba1706cc3e609efcc7f012891942c2a7b08a66f0080a827500d60d5e0acb9e9a46bf0d588572786b552f08ccfc9c484c0d8657b1f1b9b830219a857aa851eb98f5218cfa1115d3ad4c33208cc4198bcf4a02eeb', '0x0865f754b6887f11f618447f0711c4ce18413924bb4f465a95cfc84d5db82c505e577202b33d6a2a379bfd7a693892f79ec0e71243603d7812ac07ad5999ac5038232accb5c4b02ffff3f2127db4f1ab95c34454e4177d7993b115b57a2b2', '0x05a69517d0f79910c7a749d32561a4cef85334d1bc1af1f964458d49157feea37f501c682af746467ccb8be17ffc6f753c7ac79f4de8709a64b0594677c17da5b69f0e691d0956734c9f6dea1c24195299ef1fc45e2ea46b5b1095ea64ac0', '0x13b36d5434bfd17b9580b9542913af9738d177db4fbcb7413197ea4425bb4a6473a11d3d9c999620887ee30b67f4bf4acc9c72e288c2c4e7388acd8a3e630864533ae4f7aba358dc22df17eb8bdf98af28cb8f3dd51d3b7077ff00d344f97', '0x1a321df7fca3154450f7be89975e06b4dc0688a5c7465f4b1e2854e89efc3ad90de355aad27000e4f5447a58191f3d684cf73f04fb68d3a8b44ca860abd3929fbd1aa3286184b33ebb9a8b33d585da8e7710d67c38d3901aa8680a93c9aff', '0x1764169e29d92d66ec0a411a1abc6f048ef5ef06eb52f66be6fe29cc9bc005123c00b7651354ce7d4dc4836e363fc8b6fd50388b415176a1a899d9c3b4eeb0b78e7602b782c889648a3982b8e4345af44a4cf4dd335437898829d486be35d', '0x188c3d6e503b1dce7f37bef6965d826297a13ae216de2edf8b4c68e5d1e1265e16d627848a70a22aa462ca4afe84a4f01d5d0e78b6fcabcd16c449b8f5a587a0d0439001b517e08b43b7dc028ce70f0a9361e109e051c233f261e1c877e53', '0x17dfa9e77c59fa815c526986cddb94fe1187f175ebcbb8a762a36b82b23e55c450f1691f3914803f622607d73b0053e6fef27341c0b42c82660783650285f40621f639dae45cc5b1179129fde0dba6e789eac10910545e16bc084cc13aee6', '0x0e8390738757cba36560ca9e4d7dcddf06efb9e165869aa8e07907f91a59b4d2cde4c01d6564f7d21d49f2966d3bb720b4b0394396547a70067b4fefb47c0a24bc93ffa1444e3dce55247342d9ece255b7d662ae2955e210b91833af18a6d', '0x040c8a23666db4fe9970b48d4232230415c6321028382fe5fd6a93f100557cd36a57b4962f0978499ef78c4064e1e61899c7a58dee977e32760ee3ec304640e03b59ffe673d237e9b080390437b73a11e3ef133bb847a44148743b8c19999', '0x178656adf2936662c68708239246b56de31638a5615f8c3e32b28ac05a1dcd6073822a30f280d3a2f6002c7f3b834eee15cbb68da9e752af09510564cb58e7b12f09d6047ae2b8489cb532ae4f55fea07599e0c702251ed979ef9f80c189d', '0x183253d13799782cc921d5d6ccdaf6020bf698e2a6ef87f2d131f3e6b304cecb5254cb6e8973a99add41bbf7c828152000e75d2f80678c6969b1abed641183dc3133ae537cce88f3653b08a20db7db590d029325d1fc0881ff3c48ece5396', '0x08f4ef8ece9b8ea20303c1bd661ee6fe738d722c35c2248a707d688243295bd1445847d57519cde6deb68b28d22b8a7d7dcbab1f46237b360065af61b33b9127cac3509fcab7748a7b31c4f94d3ba051a1c94165bea8ec3763306ea5f4568', '0x12076a358a11bd938e8548d986285f1b934b52c7fb02f000e828d2c90fd594421393142baf90306fd308fabf82911937e55360e22a7e5fc338ad9536dd3e08666ba567c3b45fdf3fb84d32193a8b981f888e8c57a50f0ecc04ae255da61ea', '0x11a75c7d6cf9abeb92588e7082e7401a4994d82ea9769f2fff82707e7b8b6b39a34e63f1cae03ff6f27870a9a8c0e7b59f018970e4b30c2be84dc72ce35c580fbfb0b68de3313a440a6e32f1336f465c459c42c7fc9d05e01c000d8f62f33', '0x1534b7473484d55d29e044e791b7b0cb26b0236c9f4c9644e18571fb4e888a7053ee51446072eeba4515a2af840af39e8209d91ea7cdcc4e843ed6acf0832883b034c3f7fdf7bfd37e42d92b36c72a8604688146bd1696eeced0a6f320db0', '0x0dd0de578ca526ba5a696af23aaf78b53b1ef221345a59cf1f3dd110734c60b66eb0d7015353a77c57d674c3f61556dfbb2b168cca960c86eb9511a8243f61bafd095315aa390d90e2ee4c9a228d896eb6e5eb016e43be2abf385ac334549'] -('n:', 753) -('t:', 3) -('N:', 2259) -('Result Algorithm 1:\n', [True, 0]) -('Result Algorithm 2:\n', [True, None]) -('Result Algorithm 3:\n', [True, None]) -('Prime number:', '0x0x1c4c62d92c41110229022eee2cdadb7f997505b8fafed5eb7e8f96c97d87307fdb925e8a0ed8d99d124d9a15af79db117e776f218059db80f0da5cb537e38685acce9767254a4638810719ac425f0e39d54522cdd119f5e9063de245e8001L') -('MDS matrix:\n', "[['0x1a53d8fefd2dd8bc31b0925853039541c89a11ebf226bf242a0737a4f37398954720ec24514e973155020b312d37f415cf899b0db3ecf86ff168f0ea2b6fcc0e14dc4205261d8ba1a85dee717d319015f4cb08d0378adc6aa483e453f9eda', '0x025f9b62abc8877d5722b1743b30f8677c06a0b0eb85e1dc9854451382ae6747d7ec571aaedac5beb0c0b47cd645cbac54dcaa8b63685fb890d7c3e80a685b0bc8dd475fc8585e545c95ffc785fda0b2767297c84eb047cce8ffedce7cdf6', '0x1156d3d9b7a8c5aa934f3cb2865cd7242d3fe4f442da57b88acbc4683281bd2e041643e8f66aa521b7e238e91650a3647bcbace545ff0a1208125d515d7862892e31fe18853197365a453d33e8c8913aa1b721b437c440337c574065cfb14'],['0x17402747cbfa1dae1158425da0c45ce29d92f3034535a8a5c1bf9461c6c09a29349458f0759de8922482d19d03a2300693a49ead6c772fd86841f30348238d78b2b886c569c9968924995617d9bed53aa10d20a0400a591f92b3169131533', '0x098930046cd42fd9ff1ec604a9f8982f557fba7a40d41f083520f1f891e6ec7ef3a56f3a9bbce130a7747b042e0f49068ff34d803d7b409655487185f8cf9572bf453414527301735e4aa77099fd59a342c0a97d7d337565c2f333b296631', '0x0e25ba89f4f5bca02d262f908fb43ebcca7cf7d4cc4e691a6e816261465aa5f21c0fb9297ce4c226360965ae70f58384c0af1e409a64bd3d3c6767179d6bf9064cb65f1db18f437bfdc6739d59bf4a1786f1f34a2fe99395e9e44a2ea5500'],['0x00ab61d43245039a3082681f2a805a05bffed139eeacd609ab3095b4d17b525493e422e4c0a28602d5481ee417251a98a03e6a37350e8b2edf2dddb780ca64e6b5861e4a227dbce18b315d9554cad89489cc85f8c060783802c2c2304aafa', '0x02790da66cd159b4f976e3df76a11f804db5d85ab2f28920ad4b95743fdd4b29103b05253c1674110a7f4eec50f837d2f5b61ce4ca54e1bed5bd18615eba4d1e589b32ca3bdaa8f5a38010a548421acd76ea0ada90cfa45c2bf30de06549d', '0x06e7b6b2901c797ac4a25a563b5ac31c26e0300faf870b3f0815abe78717c9f3ceaa54cef9bfcfb765a7775ed550c50479a459414aa857b67ee863f6123a3058c0af7366799cbf2993b7d2b3fa5997b3b41dda7550399583e0f039e2ee0ea']]") diff --git a/primitives/src/crh/poseidon/parameters/scripts/permutation_bn382.sage b/primitives/src/crh/poseidon/parameters/scripts/permutation_bn382.sage deleted file mode 100644 index 2a5099622..000000000 --- a/primitives/src/crh/poseidon/parameters/scripts/permutation_bn382.sage +++ /dev/null @@ -1,109 +0,0 @@ -# This script is used to produce test vectors and is based on the sage script from https://extgit.iaik.tugraz.at/krypto/hadeshash/-/commit/7ecf9a7d4f37e777ea27e4c4d379443151270563 -# Usage: sage permutation_deefr , where the are hex representation of the state field -# elements. - -# Parameters of the x^5-Poseidon permutation M = 128 using the setup for the BN382 scalar field. -N = 1146 -t = 3 -n = 382 -R_F = 8 -R_P = 56 -prime = 0x2404893fdad8878e71503c69b09dbf88b48a3614289b09012012246d2242412000000001800c18180000000000000001 -F = GF(prime) - -round_constants = ['0x1b2e3d7de9e4d64f71bd143f5afdd9bf086eb232209416c94cbd24753cfcd19da57fa7d54e7c9b8e127323a211ccd286', '0x0d9b70f7ac2559f464e521ca3788586f6b669eecf7c5035a78ce2aa2bc942a5ff4e488fb71dc9319b4f19cd5cf7a7a42', '0x004ef6668822e796f7e35c61451b6cc1a2772d3700f97c0a0151a69e009a084cb244d0b97edfb12a35373bdaae2a1a6c', '0x2099f5206b789bbfc9eae143a83bd7b75518683632ab6dfd823f64708cde08a6382f83fb91e88cda0376c0ae08a4332d', '0x1f9506b4670e2a30e6692ae4c47c7382ddffca674d25ce3c385356066ef29d1dcecc5be5405f0263fd9a1275a0e264a9', '0x1e99f41f8f33b39fda45b56f20d96a227b580cb7dfe0d21373ae778b8d9bbc6bbb2293e23ae659c9b00136417fcad4f3', '0x06729def6dd37df6f8cb2bbccbb48a19165f6e378881e3b13062157f43c6790140796f0a1592f87bb7e98755389ef7c5', '0x2011146a62d93b7d46903839c62dbaa237e051bd0aeff12991c64b47358566c8835411528e166e5700565e752590ab9b', '0x1fcacac3f261c3e57ed78e815913a3f5a10dc1548183ad3978be4cfeaf662c47bd08b6741d4f2b5ccbc1de27df257cc2', '0x12191670127cfb34412000baa1aa9dff8fb4c6adeaa7a72784cf805fea85011a88a77c007291029560bffbcee08c301a', '0x01d42c10a1d9972a484db7b8625d71184c33d5d8e1e7491c6500b6e3a274e08a39dfedb40f87f5aa4a9fe38feae31b22', '0x21c5dd68abdd5dd87439fd5409bbe7a3d4f253dcbd866d033fee17376417765836fde4ea2f19b6f8bd6544094865a3dd', '0x0ffdfa68a811cb4f86f4c91496488fc7107dc199c78e4685dc04af5a35fe99985f9de24e209bd5bff53fa5df9bd93938', '0x11681d1ff151ac1c307fc3d910279b12811eecb7d7020c5ec20de2281ab0461ff572ef07d10fdc919af6f0686e7efa25', '0x1b27731f679afb646da16da1acfc642b5717cc0dccb85b5de08b08a0988f481fa1006bc4200fb82efcc39f36dbc3355e', '0x18eca22295aa0e1360c73a597e340a33c61600da84d0879f266c4c4f61d8107f1e063acd855ae4d01385f2ac658944d8', '0x1d15518c3e1aceaa9b8a40e7de64b28268e27f9b1a0246f2e9323103bf8f19e48443113d9675dbde8f290e14d425dad1', '0x13a8b8cc856ec666dd13311a9f6ad07aadba8dc9508a60a19c175a85b3ac6d892fece2527cf99bc3b5bae4c78097773b', '0x0cb48f1941f9bcd4368149b74ff62d3ad116d517fb5fa1413cb1801c2f701b7664bcbe843a230aadf93ca10c4f143724', '0x07e112eb6647de85b0788d26c43c732b2bfb3e140913b3a8ca5b2ed29ecbc06e009807d2ad85a24ebf2f44a43e20b88d', '0x02ed9d9b7be32a3af8f8981861144c6acfafa464e4e221d86f5050fdeb7f823780cd6875cb59ab42c7f69615e9fb6a96', '0x204274ca2919c9ca403aaa321151f6aba8c6d729483d797a6b80942b6bbca934ec6efcdebcb48b942a35fada5125d91a', '0x12302a9f23b0b6c3aee6964c96a69b7e1936387aa08cded6df13557847fe646ea11acce096c030b2f23a65383297a14c', '0x1f67ff059f98ad68010b105771b6111113ae2143df21c4bce1beabba1d02e5e0963394b03fffd5519ddf8cd7a5ff5ca7', '0x1d0eee346871c208b09289335c23ad05ea3e450c6a7c52eaaab8129a95914fffab0b65fb535f517f075bd3f5663bb170', '0x0d6c896fce0bd5468c7fdf16c8ed62b241d5e77f11a9e4bae5ef0c93138723e13ebde577c545b52a3bab84e7551641ae', '0x1c6c6e41b6ccea702ae864040498a1840ea58df9abf5e9de9ebad63bbe9596400a14f77c67305cc3a0ea4baaaebd13a0', '0x0b0ffbb1574e4ae9df70480ea231a2f26901eb900715d47875325fa874c55d1e8db6e3acc1ffd2375a473c0d08b20c53', '0x188cd8bfbc17d7eae3877d37966e3b924ebd3c156653f6701e418c8b4301f8e5a99190fa1dad6976bf1c9f055806b84f', '0x039faaee00478fdcecda846c64163d58b3b81db44af4af79e2fa33794ab95e1e3809b7670c4cb72b9cbc021fdcfe814e', '0x11d5321c089e622446aafd526144bf71c70aa30412b9e656271d7c96c308beaccbed947fed5e6635d85c49184866818d', '0x0c6787765eb5042258761ac61213893315e1de5a9bfd35f7d2a31adde28079040b25adc4086c93f24602d767cb454c59', '0x003d342bbc9e5f941aee8a554e96b1a53ff46d668f3d22b1f87444442adda78fe815953ed834fc2cc7d8fc628babd2d5', '0x149cbd731d9403579f5d07e760d476e37efb1a423ac618184723691856f6d3fd32ce6ecc6025b9f56457b62be6093def', '0x076f96bd03afaa105f51f1d015fcf7d6014aa09d13415b8540f56e721b66c412da8f0cdf4048a59c1336188e06f81026', '0x23551d0d8bee17983d8a87e34ca24283f2c618f3eb30bed551a97edbf5b199fd99af9c972dbb7199514f51a61ec37eb6', '0x0fb206bbb333afcb1f7421611b4b73d372b5ed9a1582e43135ffca992997242c12b07b57ee52b1ec4e7977d0a68b41aa', '0x222f4f4a1fd67d99729f972e6b83a1f1a60141862c346158847f697ddf0268ddf00105576580dc5e9592ed5c5f445895', '0x0c8a6b8dc1f469523dd5d5a88056dce6c1af81d7fffa97306edeb106483073e6f6f742a1859cc7fb9b5536d21adb61c2', '0x1381aac6ef29a2568128733dc6db9377905a7f43cacfc7cb34a5bb1fcb4171cc7103dfb708a9747cd7e0b6cb2175bd1f', '0x0de148fdf2bdabbb548fbd173913563485bc365950b43b0f565a5cd4986804418e225fe6f6d14f2b710cfadf73b4cef7', '0x023adad069970f8543a9f343b07a4a2a4c16ddc2ea4eff66c604682c229985bce790e9fe11734a4218640cd8791bd66e', '0x04a2761fc31eb758b35bc3891f07ef720ccc4042e38c8a24d0297aa763abf8122a4687ff3b907d38cbc541662167c607', '0x045ffb698017e3f6d4a438904024196931b9376e9105d236b2d013526c45525a13cfb60608b47c3cce72912e141e1543', '0x1f9bbf8d5da4f9b258399bf2e22ecb10c9d94065a4d26460768d16348740372fa98927d1309e25612eb21907999ce3a0', '0x12a323d3c6879abd150083116ecbaa855d83b4f6d95cf21664174ae77f1e9954c74584659c85932e91f162901df9f74c', '0x19b6a583258a1792c0060b3fa7363661be0c2bc8911943e93701f37646297d0dc55f0766d577651b4badeac0fc903986', '0x0250a7bf52af335eec59810632637bb2b131c6d569dbcc7f9e4fcfdefd56195bfb2b54df325a81c172642fb9bed6a7c0', '0x139c2bce0bb056c3467f253099a5b803f37a3e5483e2fb1363665f86bfc722fc23628ae8d234e30b0a8083e95406cba6', '0x15b032821ab04183ad3743742bad1a43dc7af169ddbc20f30fd3bcdb217e6dd4855af64cc0cab15f4c7f58d2dcf2c87f', '0x121b838b5f396fc2aa9c884f01d90c28b36857abc672542703d7366189e6531a165a1d861f1c6daa8740cebc12d7064d', '0x0b03ce5f5af1c1a8d8d1ec587519eecc9618c4c6aaf07b1f60d68445f8c587eaf1aed4846273d44de9d99cfd425bebee', '0x07f6fee76ef4a22fa283c9f9f590e618ae89a4581d6e1ef480a8af65a463edd899b50d041c88e1445ec0ef6ca22286f2', '0x18ac80afa2703ce89a401fa2a37a56990ff33a9ebf01d02d0c3de8e72d460381ae165332cb58e43601fb9d2c22c25d8a', '0x22c1bb39de15cfeb3e1c6807adcbe567648d27ebe5b892be6e2d685d8e3a24e7a6deabac0d9464f1c8e380b4f834ba1d', '0x1086c76132ef6b404d5fb6a49a8d0a1e40dc30101cd9afa77fbc63b0b5c6fae220a40176c1cb18f85a47eeda68553ff0', '0x1ecff3ec1bad819776b8d8ca78217b2067deb0142433ecade2e74528662315ea3a9d61e337f53a7570159a7111a33e84', '0x209af6b95ad8058d6c7ac6c1877576ea19969b7bc93427b558df56c70b1fc26b340fe7ff88d01ce78b9feb6f022a8a52', '0x208de2f6293b454a2708c419ed7247aad8817074f8072e3a19e139cd10897dc8d20c0c546c293438f861efa223e5b6f0', '0x18b73d59c4ac16908cf65448652b3687cd9f0e9eeb29b5463f38b26f51565152b34307f1b20a213289679abfe712a1c6', '0x14522afc3dd3de38184207f4e6ad7c5604972cb6fe327b78adc35e78d74d3448c52bf9f1d0d0f426dc0e23ef568ec4dd', '0x1c39c7d823c34792a2f12f6eab1175bd0479de10488ff95da034a78588343a612b09e33764edc04684b721ed2535dc2a', '0x195cd75e13318c6554ce356a87c08366875b702b1a275f30df59c7b59389ea8345cdf56392b835eb1162406b4b432c8b', '0x137c726db8aa724e683e268925db49d11e1a3f7a726fa1bb679594f3533b072b603c2d6e53674d912ad63a49552dcab6', '0x1be16c60a0ed03c56c78f792a7677186dae8cc141846cf12aec40a72f5829957768b5c9ee5f280a5aca519643bcc87d4', '0x1a494fa4450504ab6228021843a5f8c8fed58a0db8f449f17b69f30d4ca78050460858e88f7443d4c19ca68d7ad5b36e', '0x0b08d66ee3086d31835d78ecb6c731b86b1c200c9888be72c9866cbd1b5fb45fa9035e30945f0315256efb64db8e1e17', '0x0faf5252d4dc9f7a886a662bc45ebde2a8dccc75be6c1ad6c6683faa154bc590ac86b0a7d274937b7f56f8117acde428', '0x01b08b17d0bdff761eaf30aba118e6c5ffebef85c85752a32fc99d64b50004f5beb10a55f688764378e7dd7f9d753cfc', '0x061a86384d9484d155ca3f69aa96ba82a5095ffb7e0c160eb96928a0ff8fe382ae1ac37869749c12d7be561f34825e60', '0x0dbea8877bdba885b11395b647985e535978a324d031aade9c21d7a384f10b624fc2390f869a0aa3b25d5974a895b7cb', '0x0202ce78b371e665d663a4f577ce0ec70ee5d490b3ce6053e4ce2eff0b97b3ddb0eb2df916b30127e2dda23fbac2a7f4', '0x0ff20abe74b5feb595a8871ea7672acc4724602f14f2d12e4176617a64c3b6e7050054d71e3f8b114b15afd2c6058efa', '0x0f203681014c6af7100ecf330f4df80d56a84211d46fbe54c4385da9d2551eea55060805820c10756b63389f85ef94b5', '0x0d9ee45db75a75f211dfcadaec49ce7f2e1676310b56249119adbcebbeb337e491ea1f09507cd4b041923bb0dd14f803', '0x09454e921b23d43ab08d781c2d8cb4625600dbbc55a7692a0970a349eaf967bdf87c213dab750a3940b4e4f25912071b', '0x0f1f14d99b2251610150a6c413ce349ce488005625b7b18186618db6dfcbc98961ec1093125103ed9802bc341acf10da', '0x21066fbbe2261a8ad595ee02a0d1e47a0ac688d7ce0a60f2b877f135ae48f82f1aabf107165595f5aba09b1a7617ce1d', '0x2201693465ea1dd850c2c67c17acb20ea236f28d0f04885b6334ad2d33229995ce0e08cff107198f1ac23e6ba4f87712', '0x1a975ec6a2f7b42941550efa4874525a2a7e9d300504a6866f102482d81bcefd7d1ed9cf206277559bfe2ad329c85d93', '0x232481866f13f90d878aaf259e02d3ba5b75f339fabfc2baec5f87ddc2434bfe28108620a690f03afd112926a6bae4ab', '0x043f5b356035027a59eeb8a337b5af322a96a662fa29d839318d4824a9d2e56266c53994b510223bfc9195a4124bddf1', '0x0a4adf5b7b45675249b124e1e5194e3eb931dffb49f25f856eb5980ceeef534e22948ecd9a503e7e7a92dc4562873a04', '0x03ec899221c468cf9877886032f2b6f51bb0e3b63abdd7e480ed3775ab8bccd8436c00ebb7f065a3ceb62156a8144cd3', '0x109270ff5731da37bf25c3b5faec13d4bb00aa502c25a7dafbefc464c9e3fca3da8f90a4dcaea18bdc7df853f6a7cc52', '0x0e0f421079e8278b829962fbb591a91073307c9a1d078702a2d5e332138de34285b090a5bcecd8bc9a61bc948bc271b3', '0x0b20b92b5a5be56328a894563e41a012eb19f3899085c4031cc4db8b400138b0b0459b9caea8ecb82ab53e88e6674e51', '0x1b8a906f0d033aad075d982fcf520e9c765074a1285e89f6e34cdf71c43546a5ab88df35cea9c0d543495e79f5ebd45a', '0x147a53266d26c17bf9b2a446e8285bfd432cb7fee2ad39e4a98b95f22e18c43f4e97fa91456a3b04e7e8cd3175364917', '0x1b5c544778c159328a3bbc184cefdf777e036fc8f706979946fea6cd2d8a17530505b6dc1692db7e0bf2bd2de4e05387', '0x09680d1614cdb7f9354b2d47234db8d43a8e8fed61d402ea126e0a09b3e0321562d30aa56141b016c8bdb5e697a1d5d0', '0x22cf92188779d86309de9c7a1e4562552e3155421e65ec16340edb29096de50e5cfb3dbe49f531de799d5aab4934548c', '0x014cd1db518df186a0321b0a73aa69b399e1389e78df9740331c4c9ac64c3507935e0c3ea2df0a1fd894cf5341c40605', '0x11349f6b122d8b40d8bc0a90a6e134925b6c3e753b3b2f20b82e71a47b6121407835b7e2f54f94f0ea33e50243699acb', '0x0290fe42378e103799766a36e6a0179e99ae7ba657e0ace5c6d0de4ae32f3fe83730916f509360f96ea2054176a354d1', '0x19ff8c48cf610ff2ac6bc9a53dc0a8832783c3a072016d23422ce90948288fd5493ac925ac3df07f78e7a25b6d10d0cb', '0x17ead60f1dfb2fe7d97100df9dd1556aa2c6286d80f83eaafed6f13eec01dd10240d1eb6ac4808833c541c9994e2bd7d', '0x23d076e59c4cb63d87f658f4e4a1eda41f84e3e9c83794f89b9cd84422f34412effca4aaba99cf30a8dc848bd35ab049', '0x0069e746298b6e0690fca5bf66f6f1d367544b94f51375b34f5f50f51185b56fb2ec00214fac414391831cfb246c031c', '0x1017499e4cc3fc58d5792af8d4b9f0e243829cbb51b36ff454b9c741b97a46a1d7559cbc616f4e17e8323b053eb855dd', '0x1f8210a9695bda0958dc27a57fd88de11bf4fcf3ce5cebcbcaf32e4a1ffb738482aa4b17d55a754f1bb500a91a983caf', '0x1427ba6b7de5551037df972a33690ab6afdbb104b05e01dece3300f938b303e49326d19dbba62a3da1357548b3acd77d', '0x0f5ad6b801168c0f4874f9433814d96a82a90ba494dd4a85fe81e6df7783737ac11168c5634fa4f87c85d648aa5ce629', '0x18ccc64a2bad9e05e7ec236de148fc2190aeb2f53bfde5a5dfaacd087f1ab9cdcceb41d5db2ba39154ab8d1fdcb7420f', '0x00c662c96805ff39a3dcbf0823af95e26dc083ba4b69d4350d27ae69fae7bf0a35dc5eb1ae917fd5d3c49140e5b9a5b9', '0x15b985f285897210c7eef472eb8d2843530f815943a63d0609adb01b294f5d691e16a88ee38164c8aa82cb7c91784930', '0x1647b5e3fcf1c39288a79eb5cb99bd27d9bec41143c6b6417c2871f06765b5213bdbc8a691fede3b8be3758131316daf', '0x19f5d67d71e8d515ed4515b98bbfe6c625e2493b86b4b8832cdd905504ca3c31e5b2da18a1cfeb92908b7537b9699d04', '0x233fc908356053276a1b2d969a942ada3f4abe8a7fca7b97dfe3ad588f60b8d3c0ec3aaaf70ab19a522c79d5c28a4ba8', '0x12332419b2ed3cbce7af3987902fa93001908a08bba5e562cdaa2489c6f794e7c8ba881dd8a3402a121b319abe496260', '0x191917b44686cbb2c375030df6d843d41eebe6c094aea70fe53062c21d92122fbd9ee7218cb9e29309caacf8df949f23', '0x19a43cd5f5ee72790d3432c64694c0ac0c0b90e618353216fa8c7f54147038992b86fc3054f8fbb1e1281dd14162db03', '0x01177b81270bb6b4c1728a5484b9ca1057c48816a40a80dd8330d45961e784e6b22d1e07eccf20c521d4292a73cb2e1c', '0x0300bd3c89fbdd5f98f72072aca11c37d6ea9ddc85e8676c7c93cab860ffe4655f24f26675edc9fcc3f40f48ca518f62', '0x05ee1eaea0af1e0c9ed1ec0322fb10d0f2981d95a24ef33842efd7aa48bf74c4eabb1f93d0854c27dc4805e16da33913', '0x1672027f4e29e39165aec55ca0ba32c8e37749889d98409b12143f799c16abef019ca26cc80137f9efef0efa9501b609', '0x23a81ebfaa2ad71d05dedb91f8d10d598f2417cdfdf7024e34d6f12fc1124dfb0fec1bcb4336b38d8c63ff5cf2473376', '0x1765f17e8893c9b8beb85e0a5c7d12594304a73ea5b0e10f96be16e3f690db780f487d038fea173ee09bed1d0296542d', '0x1a4d335d1217cdca51620efd02f0990daef9a69cee49a8b022434bd6c0dfd4e7383780545789f1243e084da06b60eebe', '0x20e6ed2a5806207bdd4cb8e84b2b2f5ee40aadfbe854451fdb001ffc5c9dff8df93370a56c3b04c5b7b20e19c01fc009', '0x164e4a97aa261278778cf3e6b39b7b8d49f1ff78c41c216e357366bcd9dc041f89dda7480bc7e4fa93b74cb74bb73c56', '0x1938f89c6a8cd855cea2f6e901ee1529b810e22867d20e7e6409b1e90e39d310128a08b13e2ff897690fc9a60f40c4c7', '0x0dc610073b238f858e42f96c0731f38226a781915dad797815046da5166e50fdcb988d7d6464409ee3c075f916ed2ea8', '0x148920f6648de4d7bb2b875b22a27ba5ca9664ab0138f5e6a89547e5fba7912f7d5e8a648b9e52ca334e1797ec60571b', '0x0fdef06d3819a3158dcb8cd39d35b4705dd9c4121796b2d51a2d3d50d4a372f53331d2a1218f9a21915b978bf0579a2d', '0x045235e93e6a8615ad7ca64084a97d7e8322df0a7f89d82739d5044536b7544f2866062aefafb52e82784ae0ea7420cb', '0x17111bfdfbfafb8eb4c0a6dfee99e31c732504f1facf27fb0f0c143f95bdf0058464c55dbad71ab508a279a018e99ac1', '0x0157baa1e4567d3ed748b0e946befab67a615e5c0f00a24b2c525e2285aba2cf69f303b46745df6e9ab8aef5faaaafe6', '0x0349e1dcaadd04f46af3f8e2cbcd8e1a8fc4bb90628ded7a97c6c4e1ab4891da055a9959308c48954b0df0ba4d750b13', '0x1eacbd1c12a2e9727dc58434c48f458b0d7c5e79ccfc13c7a82f17bec3b21a1c7532760cd5dea26ad9dd542f39a6023a', '0x123e9ab874e2a30b3850baa983a44a37a1e3fc8c439c7654320f27f50d28d5c7a947e2d5724b19cbd4769e9c0ec4cf36', '0x0a631b11f14e1ea923c52286482dfbc9054ebe756f155360740c4c0cbb9a57372b3b0d98ca167d0b71c384aa0bae6dac', '0x17e06bd103156e1b2c35cfc0e0457f2c25c4bacbb3f732dc5e9805535af8290634261fb1dedfc91343d5cfc1e98cc9bc', '0x13e05fe2d8acfb93dcdda7c5a8eb5af1010cb6453ccfc0304bffdad9c7b8d34f5e4d5b726d659890639d0f865fbad421', '0x070ac84af9e36c248c04ac5b8fd5990dc0dd41ac21288c3ea6780c48e7f0cb34833021d6a9345666e3ac0ce775ab8065', '0x177aea81e9a09d8d84cdf4d0f9e88b20f3bba37b9cc7eec2dd90b3d50910aa1a7fbb24e48556426c00db77e7255e1ade', '0x180c9eb85d1d229aea44cf1d5e3e28114b5fce5b030293d5a3f95e33f52a81a62fb843756c984d6f430b169441cb21e2', '0x0523d466cb9c7c45355c31164c20a8e57b3a2c9e646a16f802669dd3916b558f72c7748fd5882e72d390f77341ed4551', '0x202ae3745105898443033ec2ced8f043cad26feefd78de9ec1ccab375cbaebc07a7df0aa5713c02a4e05c43c0712bb6b', '0x00fc4d7afc5a9d272b9a64b616061373d950449db2e09e158eafa190036fa6ae4bb72ce5c2bf31a0d7105eba79660854', '0x0e3935c9b047226580e9e6416dd48b55be0fd093b91750bfde9f85919bc470f85620388790d4151712bfcfd94fa53af2', '0x23c6d1106ddc4ee2b53b69b517da1a40b99096780f73042073d1c6c64ca6fafb68e5d506adccdf861bc3847283dc6b5c', '0x18471bfb35ee6b5be17d83794576abee416616cf2ba6a1568315f564dc73fe80d2f8a315b08f2716818b86faf5cd9206', '0x0c79b80927911a9d001652f292fe6f957e242c52de99f0b31d81f5a2ec910ed2a74c42291c639211f4f43f16483790e1', '0x1bca2c24a083d38ab5787849d84739a82a0c25601544ef156cb279c71e87d10fbe526ad6c544dd88aac240e62d8c34d5', '0x1573afc35279c9e3f3e704686d9b3bb2d9fea1906246ed6ea24002f417a957200240e6cfe2b753d87ac6d0ca2fc6da9f', '0x1234858ed413c01a4d2e3d0801bb2733772734f403850e6a0a5b98922c686183548528a1e14c755fe2df5649cf87fccb', '0x20795483ff443bfa271c8be77bb6df8e9e3a251c12f1283e889d817b9e79f2a3da34435a28451db8d7ec3a12e06a8921', '0x1f0f8fe08c6b3b311f40ce6bab379f4bd95ca683882c3108f07d0abb13da76889751698ed835640b7d4baea0f0ea71b2', '0x02f172a156e0bb89c3be934fe02526b5583da8ae7cdc3dfdccf8320a1c151682fbc9d4b29c36374c4aff1d949eaf484f', '0x1733441609c8e19f1ffd07333ccd8943933743c094c66255d627d32c7968a11a5871c2ac9ee29b3e1f54fcaf065d54a3', '0x0f61cd8473b8db86b6809bbd7d22306897cf149634a548f9bb3c8ba8ceb1daa6aa410abe8aa06e5c2aeb1b4583eb8cb1', '0x08952339e07cfd87da458e2f27de36d3a7dae866e5f06f88213a4ab8595b00a2e75dd6155ae1891206b70b0244a5f418', '0x10693eb02269b696fc546c078dc03781969a4ae44df6c27856d7eeff4a6310b71564dfda7ac49fb8f9ad3602d467797a', '0x0e2d0f83d19ed39f64027a9476a1cf34fffd9a59e57be9d461ee54f83822e59a66efdd1869ee2e14a737215986cd72a1', '0x1dcc56ae1e8dbd79bf1da3078ef13ab72743abd909c90921b33aa28ac856892731ddf98aaf78f4d2889553429ac69dd9', '0x079468e3a3736db8a4098cc69a36409a0200a1d9ffde495fefebd499a8fb41af730e472bab999e184ac2280fcc9eaadf', '0x09d8fccb04dc1c6297906b366ddf5ef2098af90834b063ab906216416917090a7fea233eefdb7a597e247b70b77ee4b1', '0x006023e9ef2a12555e20d0197ec23efd19ab2e0af224791caa389683b986d64eae6b82f6e89e1807a4b6d585afa0ce73', '0x0f54c4230beb73ac6664fa2ad0e0e8bdc9d8220e601d40e17780efa22aa3e12ac6e56841d808696ab561adfcb5b9951b', '0x0c730f48d721bf13423d7e2fc52a9bd777ec1da105e43bc254d64b488319dc69874aa203c607adebb128fcaf68200ef8', '0x1f57ceada9b0a52917755ffa8f80f5c2684cf93a63d912ef8256e3b7626797e881ead48c7a3f6f3b4ce937c572dfc265', '0x1aab6a03ea45dd53b4707903b8b22ebd6da35f639a929d937acba8f244e7c3ec9ccfc8425ef52510a51b4d049342e8d8', '0x1c70d88b4659834c47394bd8808bde6dceb8ec9d12e7d9299e11729ef3e595dc0bb131ca850f60e4bf1e3576657b97cc', '0x1632c9ae51b80474d9552997252118fcd5b811250aecff65b484cdacda1f52979120cecfc0b586ae13af714d18993cfb', '0x0c26903e43f53eb31826a16b4e6a8f409bc0df923ce2e525b76e4d622ceb84abb16dd36c40b4ea85c45b3638a62a7508', '0x13c98a27474e9baaafb6a53c357fe40e62dcdac82db6335cade3483131171e025b92c9a62aa9e30bd7d513ff2d117600', '0x042d5ca286387243ffbb4e637b8b33df83091e09106e074fe848919d607a20a87cc29d12399804d54dd61a449c158244', '0x0f78e3c502ebd39c81925c6b4143e8a835965806d2f7f26e7525eb8dd2be72bd0e9ca115363278740db7f485b58b30ae', '0x10fdab17cf7a8d1ec6f329840056f2ecf36b8e89221e6ccbcfb8e214e53faca202b08129c441c99e1cdc1a5b5e5c3cd2', '0x194f75c9bdbceecf655634de1720c2950f722a65eaab50588fc669a297b44bc975e283575c6a529374416fb78dd4d827', '0x03df7e4afd8904381d90bd90d435aac8c35249412fe2e004b8f9c280418cf40ed052b9502b6d133fa8d8639e09d545b0', '0x11834bc006665102348df2aec0382e9be077520a66dacfbd8b08bcd7bbc410012511d069c41791100e4255e599e8ebc8', '0x10e54fd5d550fe4804ea6fe836fa0c8b22cb4c7916b0d98bbb433982d702744a646fdebfe9ea92f34b7abb491fae1482', '0x03031bc0759acd442b1ddf6e8b8fa935ce431f6dfd47add3afebca5c0c0e5a79b607f42910dcb770564f4cb7e47086e5', '0x061da5cbed03488a110971be8e4b339483056621b6f910382dc65e033f619718389b39d35af825c7f95bb33a6e2682b7', '0x007d6cf63df4526f59b0f327071dfd729ebacd93a7ad347d456be572455237198618a73139426b44bf6c5c8b1755837e', '0x1d17d965b8ac491552185564a98e1805d6593edd082797691eaa2d4d86a66faa18773bd71b243dbcb667278dc37655fa', '0x00b9b327eaff95739bf7c51a55ce13a90503f18aca63dc3800c51589b36683a3140893b0cdad617eeeae847c2791931a', '0x0ac73672c76452df2ff579c65068c625ed994705ddf50c2ffe70f88bee3e6db9ca842654215002ce8a19be67c6618598', '0x0eeda074360a400fae51d43f1580455a4612b2f2791ff2f5ca018091e29c5e73df310f62ef0304869b7ba4a73eec8a00', '0x04755b35e5bb5d7c987e5d9d78db2ea3d9d1667d87c6300c1c806007778199bcccd7776efbe8e29f10470526fee370b3', '0x22526a580b172231eb625e7f9862e311ab099c09bed19623bd9b31f719ef758597c6095f27c08d01a9f928d5c76d603a', '0x04afed4c5edab192fdf4dd7bc4d06060081042b3165d354ca9e08c22692a50e7b23fcab3a0623f124dccd4f75b6a676f', '0x20c93f2c7da584c67028c86162b150b4f58d22a983d47a03787956c7da7006be90a2fa2a71a85a4865013e787d29b860', '0x0b9c45fe3509159bd5ef302b72c4c48c89934815d7f8e3d826246db4fdeacb040d1caa8e666f53050d44833ce330e31f', '0x04cadf37e2c3dc9f5e252790e43587403ebf23119ab6d747d2aa55bae07431c3eb6b7a2cd2f74616f943c0df2d12ce81', '0x04ea84a20f76da391aeaa9696d561eef242e6de660089e7bb34936efa2424681bcdd341d3d185f352cb3a5dde144984d', '0x055af1e2a8fa2c6444d5fa8b1c459d825b327dce571883a9554d303aef960fadae73634dfb6a8c5bcec7edccde2db186', '0x10f9291f1f3ae914c59aa26a236862efa86e922c37f72cad85430e0abdee79ef3558ca2a4b7ef0410cd5beff4aaad638', '0x0b1f238ad367cef5771554a6129ab36d6b5810ff4a0a3071a6bf1700844e83b91f2dc7b33eb18f4f9ef046f15a178e6d', '0x11a0f538d2a62273e6dfd67597b7035f8a7d2f9d608480285cff3135c83bde4bdc906ea5a139e7d522e2cb4e0cf2bbe9'] - -MDS_matrix = [['0x088c2d4280780057ffcafe8bbbb4ea91f69f283eea1805281ede1aa654488c36865e58f3c3d85000cac40e9fa84416b5', '0x17f00adcd1da85cd41303f65704eaf4ef4b10041a9e2d8c792cfa009df11ec797c555c3d238a93a803acb453b90cb057', '0x0a5a51065bb82723d1928a2c096649010e080d00a2c4428fbea3f444d2906922cf3a422f1be90df3cef395dde4c0103c'],['0x23741c8a5536ad9a7c6920679761739126661c5e0e141440fad359315f40844a23bb2021522c0ee76db77b4221cc4761', '0x1f5536a07afa61dba46ea07f62c1782f794fbde79b89cc5a41834e9d979844cc942000cb660f4061c8ec5d1ecb2fc22e', '0x15c804f3f99088de93fd942437c7e21af1d9c0d562c1a276ace670413440c5109a0aa8162bfefa1328eb4015bdb3a264'],['0x239050b60e019b83415f6adf59efc5c60dddeafa2344db99b05c67bb0795c2b2f210291edb6ec1ba227036c721124e0d', '0x11a8f32b291eafe9457a5340243296417cde0c4a521666dbc39738aba96770c570a16b369890ca903330b97ba2247b9b', '0x189a3b2402fdfdf12cc664e550f6dd3bdf398269ef63da3aafedb87f1d8b1817c6e621f892c39f72bb2d8c2a59a52e19']] - -MDS_matrix_field = matrix(F, t, t) -for i in range(0, t): - for j in range(0, t): - MDS_matrix_field[i, j] = F(int(MDS_matrix[i][j], 16)) -round_constants_field = [] -for i in range(0, (R_F + R_P) * t): - round_constants_field.append(F(int(round_constants[i], 16))) - -#MDS_matrix_field = MDS_matrix_field.transpose() # QUICK FIX TO CHANGE MATRIX MUL ORDER (BOTH M AND M^T ARE SECURE HERE!) - -def print_words_to_hex(words): - hex_length = int(ceil(float(n) / 4)) + 2 # +2 for "0x" - print(["{0:#0{1}x}".format(int(entry), hex_length) for entry in words]) - -def print_concat_words_to_large(words): - hex_length = int(ceil(float(n) / 4)) - nums = ["{0:0{1}x}".format(int(entry), hex_length) for entry in words] - final_string = "0x" + ''.join(nums) - print(final_string) - -def perm(input_words): - - R_f = int(R_F / 2) - - round_constants_counter = 0 - - - state_words = list(input_words) - - # First full rounds - #print("Full rounds: ") - for r in range(0, R_f): - - #print("Step ", r) - #print_words_to_hex(state_words) - - # Round constants, nonlinear layer, matrix multiplication - for i in range(0, t): - state_words[i] = state_words[i] + round_constants_field[round_constants_counter] - round_constants_counter += 1 - for i in range(0, t): - state_words[i] = (state_words[i])^5 - state_words = list(MDS_matrix_field * vector(state_words)) - - #print("Partial Rounds:") - # Middle partial rounds - for r in range(0, R_P): - - #print("Step ", r) - #print_words_to_hex(state_words) - - # Round constants, nonlinear layer, matrix multiplication - for i in range(0, t): - state_words[i] = state_words[i] + round_constants_field[round_constants_counter] - round_constants_counter += 1 - state_words[0] = (state_words[0])^5 - state_words = list(MDS_matrix_field * vector(state_words)) - - # Last full rounds - #print("Full rounds:") - for r in range(0, R_f): - - #print("Step ", r) - #print_words_to_hex(state_words) - - # Round constants, nonlinear layer, matrix multiplication - for i in range(0, t): - state_words[i] = state_words[i] + round_constants_field[round_constants_counter] - round_constants_counter += 1 - for i in range(0, t): - state_words[i] = (state_words[i])^5 - state_words = list(MDS_matrix_field * vector(state_words)) - - return state_words - -# Parameters -if len(sys.argv) != t+1: - print("Usage: