Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support BLS12-381 (based on bls12_381 crate) #8

Merged
merged 27 commits into from
Jan 25, 2024
Merged
Show file tree
Hide file tree
Changes from 24 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
61a22c5
chore: Include bls12-381 vendored dependency
CPerezz Sep 11, 2023
c36e908
add: Compute endomorphism parameters for Bls12-381
CPerezz Sep 11, 2023
0922c9b
refactor endo impl with failing tests
CPerezz Sep 14, 2023
ed01362
fixup
CPerezz Sep 16, 2023
a1a87ba
change: Update params for Endo after missnaming
CPerezz Sep 25, 2023
3c62871
Merge branch 'main' into support_bls12-381
CPerezz Sep 25, 2023
b7e001a
Merge remote-tracking branch 'upstream/support_bls12-381' into suppor…
nulltea Sep 30, 2023
c66fc7b
export types
nulltea Sep 30, 2023
b682183
export Fq2, Fq6, Fq12
nulltea Sep 30, 2023
cc4ddd0
copy from bls12_381 crate (with tweaks)
nulltea Sep 30, 2023
73aba45
fix endianness
nulltea Oct 1, 2023
60a4a93
remove bls12_381/util.rs
nulltea Oct 1, 2023
ec63484
cargo fmt
nulltea Oct 1, 2023
0718e65
add comments
nulltea Oct 2, 2023
c5cb4a0
fix endianness in Fp Debug impl
nulltea Oct 7, 2023
8d6df10
fix format
nulltea Oct 13, 2023
649c9de
impl TryFrom for G2 representations
nulltea Nov 8, 2023
f3bb3f5
Merge remote-tracking branch 'axiom-crypto/main' into support_bls12-381
nulltea Nov 24, 2023
1bd39b8
import hash_to_curve module
nulltea Nov 30, 2023
ad3a4a8
Merge remote-tracking branch 'axiom-crypto/feat/bls12_381' into suppo…
nulltea Jan 5, 2024
7afc48b
use LE encoding everywhere
nulltea Jan 17, 2024
c0907ea
Update documentation for `Fp6` and `Fp12`
nulltea Jan 24, 2024
b4eaad2
calculate missing Fp2 constants
nulltea Jan 24, 2024
921f1e0
fix format
nulltea Jan 24, 2024
c1d71ed
use latest `sha2` and `digest`
nulltea Jan 24, 2024
676fae9
fix format
nulltea Jan 24, 2024
ae2cec1
bring back `sha3` tests for `expand_msg`
nulltea Jan 24, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ serde_arrays = { version = "0.1.0", optional = true }
hex = { version = "0.4", optional = true, default-features = false, features = ["alloc", "serde"] }
blake2b_simd = "1"
maybe-rayon = { version = "0.1.0", default-features = false }
digest = "0.9"
sha2 = "0.9"

[features]
default = ["bits", "multicore", "bn256-table", "derive_serde"]
Expand Down
85 changes: 85 additions & 0 deletions src/bls12_381/endo.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
//! Source: https://github.com/privacy-scaling-explorations/halo2curves/blob/support_bls12-381/src/bls12_381/mod.rs

use crate::arithmetic::mul_512;
use crate::arithmetic::sbb;
use crate::{
arithmetic::{CurveEndo, EndoParameters},
endo,
};
use ff::PrimeField;
use ff::WithSmallOrderMulGroup;
use std::convert::TryInto;

use super::{G1Projective, Scalar};

// Obtained from https://github.com/ConsenSys/gnark-crypto/blob/master/ecc/utils.go
// See https://github.com/demining/Endomorphism-Secp256k1/blob/main/README.md
// to have more details about the endomorphism.
const ENDO_PARAMS_BLS: EndoParameters = EndoParameters {
// round(b2/n)
gamma2: [0x63f6e522f6cfee30u64, 0x7c6becf1e01faadd, 0x01, 0x0],
// round(-b1/n)
gamma1: [0x02u64, 0x0, 0x0, 0x0],
b1: [0x01u64, 0x0, 0x0, 0x0],
b2: [0x0000000100000000, 0xac45a4010001a402, 0x0, 0x0],
};

endo!(G1Projective, Scalar, ENDO_PARAMS_BLS);

#[test]
fn test_endo() {
use ff::Field;
use rand_core::OsRng;

for _ in 0..100000 {
let k = Scalar::random(OsRng);
let (k1, k1_neg, k2, k2_neg) = G1Projective::decompose_scalar(&k);
if k1_neg & k2_neg {
assert_eq!(
k,
-Scalar::from_u128(k1) + Scalar::ZETA * Scalar::from_u128(k2)
)
} else if k1_neg {
assert_eq!(
k,
-Scalar::from_u128(k1) - Scalar::ZETA * Scalar::from_u128(k2)
)
} else if k2_neg {
assert_eq!(
k,
Scalar::from_u128(k1) + Scalar::ZETA * Scalar::from_u128(k2)
)
} else {
assert_eq!(
k,
Scalar::from_u128(k1) - Scalar::ZETA * Scalar::from_u128(k2)
)
}
}

for _ in 0..100000 {
let k = Scalar::random(OsRng);
let (k1, k1_neg, k2, k2_neg) = G1Projective::decompose_scalar(&k);
if k1_neg & k2_neg {
assert_eq!(
k,
-Scalar::from_u128(k1) + Scalar::ZETA * Scalar::from_u128(k2)
)
} else if k1_neg {
assert_eq!(
k,
-Scalar::from_u128(k1) - Scalar::ZETA * Scalar::from_u128(k2)
)
} else if k2_neg {
assert_eq!(
k,
Scalar::from_u128(k1) + Scalar::ZETA * Scalar::from_u128(k2)
)
} else {
assert_eq!(
k,
Scalar::from_u128(k1) - Scalar::ZETA * Scalar::from_u128(k2)
)
}
}
}
Loading
Loading