This repository has been archived by the owner on Nov 9, 2023. It is now read-only.
Implement ProjectivePoint and improved docs.
#56
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A `ProjectivePoint` represents a point on the Doppio Curve expressed over the Twisted Edwards Projective Coordinates eg. (X, Y, Z).
`Default` returns the `Identity` impl for `ProjectivePoint` which gives back: (0,1,1)
This performs the conversion from a ProjectivePoint into an `EdwardsPoint` one.
- Allows us to perform the conversion from an `EdwardsPoint` to a `ProjectivePoint`. Given (X:Y:T:Z) in εε, passing to ε is cost-free by simply ignoring `T`. Twisted Edwards Curves Revisited - Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson, Section 3.
Source: 2008 Hisil–Wong–Carter–Dawson, http://eprint.iacr.org/2008/522, Section 3.1. Cost: 3M+ 4S+ +7a + 1D
These conevrsions are implemented on the `From` trait implementations.
The neg operation perfoms the Negation over Twisted Edwards Projective Coordinates, giving back (-X, Y, Z) as a result.
This implementation executes the point addition operation over the Doppio Curve between two points expressed on Porjective Twisted Edwards Coordinates.
Tested: - Random point negation. - Identity negation.
On this way, we don't need to use Point conversions on every test (which are already being tested on other tests).
Tests are failing, so we will review the paper again to see what we are missing.
This implementation calls to the `Add<&'a FieldElement> for &'b FieldElement`. The implementation intends to make the point implementations easier, avoiding the &(&(&())) problem.
The implementation intends to make the point implementations easier, avoiding the &(&(&())) problem. Traits implemented: - Add - Sub - Mul - Neg This closes #47 on the field part.
Added a short description about how the mul function works. And which usage makes of the Montgomery Reduction.
The implementation intends to make the point implementations easier, avoiding the &(&(&())) problem mentioned on #47.
The implementation intends to make the point implementations easier, avoiding the &(&(&())) problem mentioned on #47 .
Following the guidelines specified on #47 , negate trait is implemented for Scalar and a reference of it. Performs the negation operation over the modular field formed by the prime of the sub-group.
The identity function implemented for `Scalar` returns the identity element of the field = `1 (mod l)`.
Square performs the operation `a^2` for whatever element of the field generated by the prime of the sub-group. NOTE: Here we don't implement it fo `Scalar` also (as said in #47) because it only has one operator, se we are not winning anything.
Refactored some of the tests of the `Scalar` tests mod. According to the new `ops` trait implementations.
- Squaring a random Scalar. - Square the identity element. - Square the null element. All passed.
Created `Square` trait since it's an operation that has to be performed a lot of times for different elements of the lib such as: - FieldElement - Scalar
This operation returns a double_precision result expressed on: `[u128; 9]` with the result of the squaring.
Implemented tests for - Random FieldElement squaring. - Identity element squaring. - Null element squaring.
Since there's not any need for the final user for using the internal functions (even it can be a problem if hasn't the knowledge of what they do), the visibility of them has been hidden/reduced to it's module only using `(self)`.
…ement Since there's not any need for the final user for using the internal functions (even it can be a problem if hasn't the knowledge of what they do), the visibility of them has been hidden/reduced to it's module only using `(self)`.
This function provides support to some `edwards.rs` functions as well as it is also a way of constructing an Scalar. The function is inlined and documented.
The function multiplies an `EdwardsPoint` for an Scalar in the form: `2^x`.
This function returns the given `EdwardsPoint` multiplied by the cofactor `h = 8`.
As did in d258b66, we have implemented functions that are generic for all of the Edwards Points for generic traits. In this case, we've done it for: - `mul_by_cofactor()` - `mul_by_pow_2()`
Refactored all of the test and ignored the ones non- working until we find the errors.
This closes the development part of #32. Scalar multiplication: compute `Scalar * self`. This implementation uses the algorithm: `add_and_doubling` which is the standard one for this operations and also adds less constraints on R1CS. Hankerson, Darrel; Vanstone, Scott; Menezes, Alfred (2004). Guide to Elliptic Curve Cryptography. Springer Professional Computing. New York: Springer-Verlag.
Accepted incoming changes to `field.rs` file.
In order to avoid end-user errors, we check that the divisor != 0.
This closes #49. Benchmarks are done for all of the ops traits implemented for each type. Operations have been performed with the same inputs.
CPerezz
added
enhancement
|
I want to point out that we need to finish the |
There was a problem hiding this comment.
I have put this under approval based on a working cargo test from the functions in terminal.
Review:
- 200 is first a solid benchmark showing the first implementation of completed savas and koc algorithm in Rust for modular inversion. The other benchmarks are for standard extended point operations on the edwards form, which conform well for both scalar and field element representation.
The next code in need of review is 55, as those previous to that are aligned with past reviews on the src. - For 55, there needs to be some refactoring to the comments within the code. This is only because the library is getting larger and larger, and it would be good to ensure we stick our goal to provide absolute clarity on each coding decision.
- Everything is clarified in 46
- There is a handy explanation in 58 for a obtaining identity elements.
Note: the request is still approved despite the need for something refactoring in 55. This is because I will be going through the all of the code and docs in the library and tidying it up over the next couple of days. As we're well on schedule, we can afford time; as we're very public with the twitch etc, I feel we should make the understanding and navigation as easy as possible for the public.
Feel free to add an issue mentioning this! Once you have the values for |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
On this PR the following things have been done:
ProjectivePointand implemented allopstraits for it.add_and_double(),mul_ by_cofactor()andmul_by_pow_2for generic types that implement point traits.traits.rsand addedopsmod withSquare,DoubleandHalftraits.EdwardsPointandProjectivePoint.field.rsmod andscalar.rsmod.