axiom-crypto · jonathanpwang · Feb 14, 2024 · Feb 14, 2024
diff --git a/src/bls12_381/endo.rs b/src/bls12_381/endo.rs
@@ -1,4 +1,4 @@
-//! Source: https://github.com/privacy-scaling-explorations/halo2curves/blob/support_bls12-381/src/bls12_381/mod.rs
+//! Source: <https://github.com/privacy-scaling-explorations/halo2curves/blob/support_bls12-381/src/bls12_381/mod.rs>
 
 use crate::arithmetic::mul_512;
 use crate::arithmetic::sbb;

diff --git a/src/bls12_381/fp.rs b/src/bls12_381/fp.rs
@@ -1,6 +1,6 @@
 //! This module provides an implementation of the BLS12-381 base field `GF(p)`
 //! where `p = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab`
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 #![allow(clippy::needless_borrow)]
 use core::cmp::Ordering;

diff --git a/src/bls12_381/fp12.rs b/src/bls12_381/fp12.rs
@@ -1,4 +1,4 @@
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use crate::{
     impl_add_binop_specify_output, impl_binops_additive, impl_binops_additive_specify_output,
@@ -15,7 +15,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 use rand_core::RngCore;
 
-/// This represents an element $c_0 + c_1 w$ of $\mathbb{F}_{p^12} = \mathbb{F}_{p^6}[w] / (w^2 - v)$.
+/// This represents an element $c_0 + c_1 w$ of $\mathbb{F}_{p^12} = \mathbb{F}_{p^6}\[w\] / (w^2 - v)$.
 pub struct Fp12 {
     pub c0: Fp6,
     pub c1: Fp6,

diff --git a/src/bls12_381/fp2.rs b/src/bls12_381/fp2.rs
@@ -1,5 +1,5 @@
 //! This module implements arithmetic over the quadratic extension field Fp2.
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 #![allow(clippy::needless_borrow)]
 use core::fmt;
@@ -628,6 +628,7 @@ impl ff::PrimeField for Fp2 {
     const CAPACITY: u32 = 381 - 1;
     const MODULUS: &'static str =
         "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab";
+    #[doc(hidden)]
     const MULTIPLICATIVE_GENERATOR: Self = unimplemented!();
     const ROOT_OF_UNITY: Self = Self {
         c0: Fp::from_raw_unchecked([

diff --git a/src/bls12_381/fp6.rs b/src/bls12_381/fp6.rs
@@ -1,4 +1,4 @@
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use super::fp::*;
 use super::fp2::*;
@@ -14,7 +14,7 @@ use crate::{
     impl_binops_multiplicative, impl_binops_multiplicative_mixed, impl_sub_binop_specify_output,
 };
 
-/// This represents an element $c_0 + c_1 v + c_2 v^2$ of $\mathbb{F}_{p^6} = \mathbb{F}_{p^2}[v] / (v^3 - u - 1)$.
+/// This represents an element $c_0 + c_1 v + c_2 v^2$ of $\mathbb{F}_{p^6} = \mathbb{F}_{p^2}\[v\] / (v^3 - u - 1)$.
 pub struct Fp6 {
     pub c0: Fp2,
     pub c1: Fp2,

diff --git a/src/bls12_381/g1.rs b/src/bls12_381/g1.rs
@@ -1,5 +1,5 @@
 //! This module provides an implementation of the $\mathbb{G}_1$ group of BLS12-381.
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use core::borrow::Borrow;
 use core::fmt;
@@ -393,7 +393,7 @@ impl G1Affine {
     /// Attempts to deserialize a compressed element from big-endian bytes. See [`notes::serialization`](https://docs.rs/bls12_381/0.8.0/bls12_381/notes/serialization/index.html)
     /// for details about how group elements are serialized.
     ///
-    /// NOTE: this function used in [`CompressedEncoding::from_compressed`].
+    /// NOTE: this function used in `CompressedEncoding::from_compressed`.
     pub fn from_compressed_be(bytes: &[u8; 48]) -> CtOption<Self> {
         // We already know the point is on the curve because this is established
         // by the y-coordinate recovery procedure in from_compressed_unchecked().

diff --git a/src/bls12_381/g2.rs b/src/bls12_381/g2.rs
@@ -1,5 +1,5 @@
 //! This module provides an implementation of the $\mathbb{G}_2$ group of BLS12-381.
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use core::borrow::Borrow;
 use core::fmt;

diff --git a/src/bls12_381/hash_to_curve/chain.rs b/src/bls12_381/hash_to_curve/chain.rs
@@ -2,7 +2,7 @@
 //! chain_pm3div4: input x, output x^((p-3)//4).
 //! chain_p2m9div16: input x, output x^((p**2 - 9) // 16).
 //!
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use core::ops::MulAssign;
 

diff --git a/src/bls12_381/hash_to_curve/expand_msg.rs b/src/bls12_381/hash_to_curve/expand_msg.rs
@@ -1,7 +1,7 @@
 //! This module implements message expansion consistent with the
 //! hash-to-curve RFC drafts 7 through 10
 //!
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use core::{
     fmt::{self, Debug, Formatter},

diff --git a/src/bls12_381/hash_to_curve/map_g1.rs b/src/bls12_381/hash_to_curve/map_g1.rs
@@ -1,6 +1,6 @@
 //! Implementation of hash-to-curve for the G1 group.
 //!
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq};
 

diff --git a/src/bls12_381/hash_to_curve/map_g2.rs b/src/bls12_381/hash_to_curve/map_g2.rs
@@ -1,6 +1,6 @@
 //! Implementation of hash-to-curve for the G2 group
 //!
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq};
 

diff --git a/src/bls12_381/hash_to_curve/map_scalar.rs b/src/bls12_381/hash_to_curve/map_scalar.rs
@@ -1,6 +1,6 @@
 //! Implementation of hash-to-field for Scalar values
 //!
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use super::HashToField;
 use crate::bls12_381::generic_array::{typenum::U48, GenericArray};

diff --git a/src/bls12_381/hash_to_curve/mod.rs b/src/bls12_381/hash_to_curve/mod.rs
@@ -1,7 +1,7 @@
 //! This module implements hash_to_curve, hash_to_field and related
 //! hashing primitives for use with BLS signatures.
 //!
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use core::ops::Add;
 

diff --git a/src/bls12_381/mod.rs b/src/bls12_381/mod.rs
@@ -7,7 +7,7 @@
 //! * This implementation targets Rust `1.36` or later.
 //! * This implementation does not require the Rust standard library.
 //! * All operations are constant time unless explicitly noted.
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 // Catch documentation errors caused by code changes.
 #![allow(clippy::too_many_arguments)]

diff --git a/src/bls12_381/pairings.rs b/src/bls12_381/pairings.rs
@@ -1,4 +1,4 @@
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 use super::fp::Fp;
 use super::fp12::Fp12;
@@ -491,7 +491,7 @@ impl Group for Gt {
 /// element as part of the pairing function (specifically, the Miller loop) and
 /// so should be computed whenever a $\mathbb{G}_2$ element is being used in
 /// multiple pairings or is otherwise known in advance. This should be used in
-/// conjunction with the [`multi_miller_loop`](crate::multi_miller_loop)
+/// conjunction with the [`multi_miller_loop`]
 /// function provided by this crate.
 pub struct G2Prepared {
     infinity: Choice,

diff --git a/src/bls12_381/scalar.rs b/src/bls12_381/scalar.rs
@@ -1,6 +1,6 @@
 //! This module provides an implementation of the BLS12-381 scalar field $\mathbb{F}_q$
 //! where `q = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001`
-//! Source: https://github.com/privacy-scaling-explorations/bls12_381
+//! Source: <https://github.com/privacy-scaling-explorations/bls12_381>
 
 #![allow(clippy::needless_borrow)]
 use core::cmp::Ordering;

diff --git a/src/bn256/fq12.rs b/src/bn256/fq12.rs
@@ -6,7 +6,7 @@ use core::ops::{Add, Mul, Neg, Sub};
 use rand::RngCore;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
-/// -GAMMA is a quadratic non-residue in Fp6. Fp12 = Fp6[X]/(X^2 + GAMMA)
+/// -GAMMA is a quadratic non-residue in Fp6. Fp12 = Fp6\[X\]/(X^2 + GAMMA)
 /// We introduce the variable w such that w^2 = -GAMMA
 // GAMMA = - v
 

diff --git a/src/bn256/fq6.rs b/src/bn256/fq6.rs
@@ -5,7 +5,7 @@ use core::ops::{Add, Mul, Neg, Sub};
 use rand::RngCore;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
-/// -BETA is a cubic non-residue in Fp2. Fp6 = Fp2[X]/(X^3 + BETA)
+/// -BETA is a cubic non-residue in Fp2. Fp6 = Fp2\[X\]/(X^3 + BETA)
 /// We introduce the variable v such that v^3 = -BETA
 // BETA = - (u + 9)
 

diff --git a/src/ff_ext/inverse.rs b/src/ff_ext/inverse.rs
@@ -239,9 +239,9 @@ impl<const B: usize, const L: usize> Mul<CInt<B, L>> for i64 {
 ///
 /// For better understanding the implementation, the following resources are recommended:
 /// - D. Bernstein, B.-Y. Yang, "Fast constant-time gcd computation and modular inversion",
-/// https://gcd.cr.yp.to/safegcd-20190413.pdf
+/// <https://gcd.cr.yp.to/safegcd-20190413.pdf>
 /// - P. Wuille, "The safegcd implementation in libsecp256k1 explained",
-/// https://github.com/bitcoin-core/secp256k1/blob/master/doc/safegcd_implementation.md
+/// <https://github.com/bitcoin-core/secp256k1/blob/master/doc/safegcd_implementation.md>
 pub struct BYInverter<const L: usize> {
     /// Modulus
     modulus: CInt<62, L>,

diff --git a/src/ff_ext/jacobi.rs b/src/ff_ext/jacobi.rs
@@ -325,9 +325,9 @@ fn jacobinary(mut n: u64, mut d: u64, mut t: u64) -> i64 {
 /// and some original optimizations. Only these differences have been commented;
 /// the aforesaid Pornin's method and the used ideas of M. Hamburg were given here:
 /// - T. Pornin, "Optimized Binary GCD for Modular Inversion",
-/// https://eprint.iacr.org/2020/972.pdf
+/// <https://eprint.iacr.org/2020/972.pdf>
 /// - M. Hamburg, "Computing the Jacobi symbol using Bernstein-Yang",
-/// https://eprint.iacr.org/2021/1271.pdf
+/// <https://eprint.iacr.org/2021/1271.pdf>
 pub fn jacobi<const L: usize>(n: &[u64], d: &[u64]) -> i64 {
     // Instead of the variable "j" taking the values from {-1, 1} and satysfying
     // at the end of the outer loop iteration the equation J = "j" * ("n" / |"d"|)

diff --git a/src/pluto_eris/engine.rs b/src/pluto_eris/engine.rs
@@ -663,7 +663,7 @@ impl MultiMillerLoop for Pluto {
     }
 }
 
-/// Pluto pairing-friendly curve. See: https://github.com/daira/pluto-eris
+/// Pluto pairing-friendly curve. See: <https://github.com/daira/pluto-eris>
 #[derive(Clone, Debug)]
 pub struct Pluto;
 

diff --git a/src/pluto_eris/mod.rs b/src/pluto_eris/mod.rs
@@ -2,9 +2,9 @@
 //!
 //! Implementation of the Pluto / Eris half-pairing cycle of prime order elliptic curves.
 //!
-//! Supporting evidence: https://github.com/daira/pluto-eris
-//! Field constant derivation: https://github.com/davidnevadoc/ec-constants/tree/main/pluto_eris
-//! Pairing constants derivation: https://github.com/John-Gong-Math/pluto_eris/blob/main/pluto_pairing.ipynb
+//! Supporting evidence: <https://github.com/daira/pluto-eris>
+//! Field constant derivation: <https://github.com/davidnevadoc/ec-constants/tree/main/pluto_eris>
+//! Pairing constants derivation: <https://github.com/John-Gong-Math/pluto_eris/blob/main/pluto_pairing.ipynb>
 mod curve;
 mod engine;
 mod fields;