Support bw6-761 (#188)

Resolves #191 and #113

---------

Co-authored-by: DmytroTym <dmytrotym1@gmail.com>
Co-authored-by: ImmanuelSegol <3ditds@gmail.com>

README.md

@@ -36,6 +36,7 @@ ICICLE is a CUDA implementation of general functions widely used in ZKP. ICICLE
     - [BLS12-381]
     - [BLS12-377]
     - [BN254]
+    - [BW6-671]
 
 ## Build and usage
 
@@ -117,20 +118,21 @@ Create a JSON file with the curve parameters. The curve is defined by the follow
 - ``curve_name`` - e.g. ``bls12_381``.
 - ``modulus_p`` - scalar field modulus (in decimal).
 - ``bit_count_p`` - number of bits needed to represent `` modulus_p`` .
-- ``limb_p`` - number of bytes needed to represent `` modulus_p``  (rounded).
-- ``ntt_size`` - log of the maximal size subgroup of the scalar field.    
+- ``limb_p`` - number of (32-bit) limbs needed to represent `` modulus_p`` (rounded up).
+- ``ntt_size`` - log of the maximal size subgroup of the scalar field.
 - ``modulus_q`` - base field modulus (in decimal).
 - ``bit_count_q`` - number of bits needed to represent `` modulus_q`` .
-- ``limb_q`` number of bytes needed to represent `` modulus_p``  (rounded).
-- ``weierstrass_b`` - Weierstrauss constant of the curve. 
-- ``weierstrass_b_g2_re`` - Weierstrauss real constant of the g2 curve. 
-- ``weierstrass_b_g2_im`` - Weierstrauss imaginary constant of the g2 curve. 
-- ``gen_x`` - x-value of a generator element for the curve. 
-- ``gen_y`` - y-value of a generator element for the curve.
-- ``gen_x_re`` - real x-value of a generator element for the g2 curve. 
-- ``gen_x_im`` - imaginary x-value of a generator element for the g2 curve. 
-- ``gen_y_re`` - real y-value of a generator element for the g2 curve. 
-- ``gen_y_im`` - imaginary y-value of a generator element for the g2 curve. 
+- ``limb_q`` - number of (32-bit) limbs needed to represent `` modulus_q`` (rounded up).
+- ``weierstrass_b`` - `b` of the curve in Weierstrauss form.
+- ``weierstrass_b_g2_re`` - real part of the `b` value in of the g2 curve in Weierstrass form.
+- ``weierstrass_b_g2_im`` - imaginary part of the `b` value in of the g2 curve in Weierstrass form.
+- ``gen_x`` - `x` coordinate of a generator element for the curve.
+- ``gen_y`` - `y` coordinate of a generator element for the curve.
+- ``gen_x_re`` - real part of the `x` coordinate of generator element for the g2 curve.
+- ``gen_x_im`` - imaginary part of the `x` coordinate of generator element for the g2 curve.
+- ``gen_y_re`` - real part of the `y` coordinate of generator element for the g2 curve.
+- ``gen_y_im`` - imaginary part of the `y` coordinate of generator element for the g2 curve.
+- ``nonresidue`` - nonresidue, or `i^2`, or `u^2` - square of the element that generates quadratic extension field of the base field.
 
 Here's an example for BLS12-381.
 ```
@@ -144,14 +146,15 @@ Here's an example for BLS12-381.
     "bit_count_q" : 381,
     "limb_q" : 12,
     "weierstrass_b" : 4,
-    "weierstrass_b_g2_re":4,
-    "weierstrass_b_g2_im":4,
+    "weierstrass_b_g2_re" : 4,
+    "weierstrass_b_g2_im" : 4,
     "gen_x" : 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507,
     "gen_y" : 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569,
     "gen_x_re" : 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160,
     "gen_x_im" : 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758,
     "gen_y_re" : 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905,
-    "gen_y_im" : 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582
+    "gen_y_im" : 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582,
+    "nonresidue" : -1
 }
 ```
 
@@ -214,6 +217,7 @@ See [LICENSE-MIT][LMIT] for details.
 [BLS12-381]: ./icicle/curves/bls12_381/supported_operations.cu
 [BLS12-377]: ./icicle/curves/bls12_377/supported_operations.cu
 [BN254]: ./icicle/curves/bn254/supported_operations.cu
+[BW6-671]: ./icicle/curves/bw6_671/supported_operations.cu
 [NVCC]: https://docs.nvidia.com/cuda/#installation-guides
 [CRV_TEMPLATE]: ./icicle/curves/curve_template/
 [CRV_CONFIG]: ./icicle/curves/index.cu

curve_parameters/bls12_377.json

@@ -3,7 +3,7 @@
     "modulus_p" : 8444461749428370424248824938781546531375899335154063827935233455917409239041,
     "bit_count_p" : 253,
     "limb_p" :  8,
-    "ntt_size" : 32,
+    "ntt_size" : 47,
     "modulus_q" : 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177,
     "bit_count_q" : 377,
     "limb_q" : 12,
@@ -16,5 +16,6 @@
     "g2_gen_x_re" : 233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294,
     "g2_gen_x_im" : 140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118,
     "g2_gen_y_re" : 63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423,
-    "g2_gen_y_im" : 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491
+    "g2_gen_y_im" : 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491,
+    "nonresidue" : -5
 }

curve_parameters/bls12_381.json

@@ -16,5 +16,6 @@
     "g2_gen_x_re" : 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160,
     "g2_gen_x_im" : 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758,
     "g2_gen_y_re" : 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905,
-    "g2_gen_y_im" : 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582
+    "g2_gen_y_im" : 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582,
+    "nonresidue" : -1
 }

curve_parameters/bn254.json

@@ -16,5 +16,6 @@
     "g2_gen_x_re" : 10857046999023057135944570762232829481370756359578518086990519993285655852781,
     "g2_gen_x_im" : 11559732032986387107991004021392285783925812861821192530917403151452391805634,
     "g2_gen_y_re" : 8495653923123431417604973247489272438418190587263600148770280649306958101930,
-    "g2_gen_y_im" : 4082367875863433681332203403145435568316851327593401208105741076214120093531
+    "g2_gen_y_im" : 4082367875863433681332203403145435568316851327593401208105741076214120093531,
+    "nonresidue" : -1
 }

curve_parameters/bw6-761.json

@@ -0,0 +1,21 @@
+{
+    "curve_name" : "bw6_761",
+    "modulus_p" : 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177,
+    "bit_count_p" : 377,
+    "limb_p" :  12,
+    "ntt_size" : 46,
+    "modulus_q" : 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299,
+    "bit_count_q" : 761,
+    "limb_q" : 24,
+    "root_of_unity" : 32863578547254505029601261939868325669770508939375122462904745766352256812585773382134936404344547323199885654433,
+    "weierstrass_b" : 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068298,
+    "weierstrass_b_g2_re" : 4,
+    "weierstrass_b_g2_im" : 0,
+    "g1_gen_x" : 6238772257594679368032145693622812838779005809760824733138787810501188623461307351759238099287535516224314149266511977132140828635950940021790489507611754366317801811090811367945064510304504157188661901055903167026722666149426237,
+    "g1_gen_y" : 2101735126520897423911504562215834951148127555913367997162789335052900271653517958562461315794228241561913734371411178226936527683203879553093934185950470971848972085321797958124416462268292467002957525517188485984766314758624099,
+    "g2_gen_x_re" : 6445332910596979336035888152774071626898886139774101364933948236926875073754470830732273879639675437155036544153105017729592600560631678554299562762294743927912429096636156401171909259073181112518725201388196280039960074422214428,
+    "g2_gen_x_im" : 1,
+    "g2_gen_y_re" : 562923658089539719386922163444547387757586534741080263946953401595155211934630598999300396317104182598044793758153214972605680357108252243146746187917218885078195819486220416605630144001533548163105316661692978285266378674355041,
+    "g2_gen_y_im" : 1,
+    "nonresidue" : -1
+}

curve_parameters/new_curve_script.py

@@ -17,7 +17,7 @@ def to_hex(val: int, length):
     n = 8
     chunks = [x[i:i+n] for i in range(0, len(x), n)][::-1]
     s = ""
-    for c in chunks:
+    for c in chunks[:length // n]:
         s += f'0x{c}, '
 
     return s[:-2]
@@ -30,15 +30,15 @@ def compute_values(modulus, modulus_bit_count, limbs):
     modulus_2 = to_hex(modulus*2,limb_size)
     modulus_4 = to_hex(modulus*4,limb_size)
     modulus_wide = to_hex(modulus,limb_size*2)
-    modulus_squared = to_hex(modulus*modulus,limb_size)
-    modulus_squared_2 = to_hex(modulus*modulus*2,limb_size)
-    modulus_squared_4 = to_hex(modulus*modulus*4,limb_size)
+    modulus_squared = to_hex(modulus*modulus,limb_size*2)
+    modulus_squared_2 = to_hex(modulus*modulus*2,limb_size*2)
+    modulus_squared_4 = to_hex(modulus*modulus*4,limb_size*2)
     m_raw = int(math.floor(int(pow(2,2*modulus_bit_count) // modulus)))
     m = to_hex(m_raw,limb_size)
     one = to_hex(1,limb_size)
     zero = to_hex(0,limb_size)
-    montgomery_r = to_hex((2 ** bit_size) % modulus, limb_size)
-    montgomery_r_inv = to_hex(((modulus+1)//2)**bit_size % modulus, limb_size)
+    montgomery_r = to_hex(pow(2,bit_size,modulus),limb_size)
+    montgomery_r_inv = to_hex(pow(2,-bit_size,modulus),limb_size)
 
     return (
         modulus_,
@@ -56,7 +56,7 @@ def compute_values(modulus, modulus_bit_count, limbs):
     )
 
 
-def get_fq_params(modulus, modulus_bit_count, limbs, g1_gen_x, g1_gen_y, g2_gen_x_re, g2_gen_x_im, g2_gen_y_re, g2_gen_y_im):
+def get_fq_params(modulus, modulus_bit_count, limbs, nonresidue):
     (
         modulus,
         modulus_2,
@@ -73,6 +73,8 @@ def get_fq_params(modulus, modulus_bit_count, limbs, g1_gen_x, g1_gen_y, g2_gen_
     ) = compute_values(modulus, modulus_bit_count, limbs)
 
     limb_size = 8*limbs
+    nonresidue_is_negative = str(nonresidue < 0).lower()
+    nonresidue = abs(nonresidue)
     return {
         'fq_modulus': modulus,
         'fq_modulus_2': modulus_2,
@@ -86,12 +88,8 @@ def get_fq_params(modulus, modulus_bit_count, limbs, g1_gen_x, g1_gen_y, g2_gen_
         'fq_zero': zero,
         'fq_montgomery_r': montgomery_r,
         'fq_montgomery_r_inv': montgomery_r_inv,
-        'fq_gen_x': to_hex(g1_gen_x, limb_size),
-        'fq_gen_y': to_hex(g1_gen_y, limb_size),
-        'fq_gen_x_re': to_hex(g2_gen_x_re, limb_size),
-        'fq_gen_x_im': to_hex(g2_gen_x_im, limb_size),
-        'fq_gen_y_re': to_hex(g2_gen_y_re, limb_size),
-        'fq_gen_y_im': to_hex(g2_gen_y_im, limb_size)
+        'nonresidue': nonresidue,
+        'nonresidue_is_negative': nonresidue_is_negative
     }
 
 
@@ -151,6 +149,18 @@ def get_fp_params(modulus, modulus_bit_count, limbs, root_of_unity, size=0):
     }
 
 
+def get_generators(g1_gen_x, g1_gen_y, g2_gen_x_re, g2_gen_x_im, g2_gen_y_re, g2_gen_y_im, size):
+
+    return {
+        'fq_gen_x': to_hex(g1_gen_x, size),
+        'fq_gen_y': to_hex(g1_gen_y, size),
+        'fq_gen_x_re': to_hex(g2_gen_x_re, size),
+        'fq_gen_x_im': to_hex(g2_gen_x_im, size),
+        'fq_gen_y_re': to_hex(g2_gen_y_re, size),
+        'fq_gen_y_im': to_hex(g2_gen_y_im, size)
+    }
+
+
 def get_weier_params(weierstrass_b, weierstrass_b_g2_re, weierstrass_b_g2_im, size):
 
     return {
@@ -171,6 +181,7 @@ def get_params(config):
     bit_count_q = config["bit_count_q"] 
     limb_q = config["limb_q"]
     root_of_unity = config["root_of_unity"]
+    nonresidue = config["nonresidue"]
     if root_of_unity == modulus_p:
         sys.exit("Invalid root_of_unity value; please update in curve parameters")
 
@@ -194,13 +205,15 @@ def get_params(config):
     }
 
     fp_params = get_fp_params(modulus_p, bit_count_p, limb_p, root_of_unity, ntt_size)
-    fq_params = get_fq_params(modulus_q, bit_count_q, limb_q, g1_gen_x, g1_gen_y, g2_generator_x_re, g2_generator_x_im, g2_generator_y_re, g2_generator_y_im)
+    fq_params = get_fq_params(modulus_q, bit_count_q, limb_q, nonresidue)
+    generators = get_generators(g1_gen_x, g1_gen_y, g2_generator_x_re, g2_generator_x_im, g2_generator_y_re, g2_generator_y_im, 8*limb_q)
     weier_params = get_weier_params(weierstrass_b, weierstrass_b_g2_re, weierstrass_b_g2_im, 8*limb_q)
 
     return {
         **params,
         **fp_params,
         **fq_params,
+        **generators,
         **weier_params
     }
 

goicicle/Makefile

@@ -5,25 +5,30 @@ LDFLAGS = -shared
 FEATURES = -DG2_DEFINED
 
 TARGET_BN254 = libbn254.so
+TARGET_BW6761 = libbw6761.so
 TARGET_BLS12_381 = libbls12_381.so
 TARGET_BLS12_377 = libbls12_377.so
 
-VPATH = ../icicle/curves/bn254:../icicle/curves/bls12_377:../icicle/curves/bls12_381
+VPATH = ../icicle/curves/bn254:../icicle/curves/bls12_377:../icicle/curves/bls12_381:../icicle/curves/bw6_761
 
 SRCS_BN254 = lde.cu msm.cu projective.cu ve_mod_mult.cu
+SRCS_BW6761 = lde.cu msm.cu projective.cu ve_mod_mult.cu
 SRCS_BLS12_381 = lde.cu msm.cu projective.cu ve_mod_mult.cu poseidon.cu
 SRCS_BLS12_377 = lde.cu msm.cu projective.cu ve_mod_mult.cu
 
-all: $(TARGET_BN254) $(TARGET_BLS12_381) $(TARGET_BLS12_377)
+all: $(TARGET_BN254) $(TARGET_BLS12_381) $(TARGET_BLS12_377) $(TARGET_BW6761)
 
 $(TARGET_BN254): 
 	$(NVCC) $(FEATURES) $(CFLAGS) $(LDFLAGS) $(addprefix ../icicle/curves/bn254/, $(SRCS_BN254)) -o $@
 
+$(TARGET_BW6761): 
+	$(NVCC) $(FEATURES) $(CFLAGS) $(LDFLAGS) $(addprefix ../icicle/curves/bw6_761/, $(SRCS_BW6761)) -o $@
+
 $(TARGET_BLS12_381):
 	$(NVCC) $(FEATURES) $(CFLAGS) $(LDFLAGS) $(addprefix ../icicle/curves/bls12_381/, $(SRCS_BLS12_381)) -o $@
 
 $(TARGET_BLS12_377):
 	$(NVCC) $(FEATURES) $(CFLAGS) $(LDFLAGS) $(addprefix ../icicle/curves/bls12_377/, $(SRCS_BLS12_377)) -o $@
 
 clean:
-	rm -f $(TARGET_BN254) $(TARGET_BLS12_381) $(TARGET_BLS12_377)
+	rm -f $(TARGET_BN254) $(TARGET_BLS12_381) $(TARGET_BLS12_377) $(TARGET_BW6761)

goicicle/README.md

@@ -11,27 +11,27 @@ To compile the CUDA files, you will need:
 
 ## Structure of the Makefile
 
-The Makefile is designed to compile CUDA files for three curves: BN254, BLS12_381, and BLS12_377. The source files are located in the `icicle/curves/` directory.
+The Makefile is designed to compile CUDA files for four curves: BN254, BLS12_381, BLS12_377 and BW6_671. The source files are located in the `icicle/curves/` directory.
 
 ## Compiling CUDA Code
 
 1. Navigate to the directory containing the Makefile in your terminal.
-2. To compile all curve libraries, use the `make all` command. This will create three shared libraries: `libbn254.so`, `libbls12_381.so`, and `libbls12_377.so`.
-3. If you want to compile a specific curve, you can do so by specifying the target. For example, to compile only the BN254 curve, use `make libbn254.so`. Replace `libbn254.so` with `libbls12_381.so` or `libbls12_377.so` to compile those curves instead.
+2. To compile all curve libraries, use the `make all` command. This will create four shared libraries: `libbn254.so`, `libbls12_381.so`, `libbls12_377.so` and `libbw6_671.so`.
+3. If you want to compile a specific curve, you can do so by specifying the target. For example, to compile only the BN254 curve, use `make libbn254.so`. Replace `libbn254.so` with `libbls12_381.so`, `libbls12_377.so` or `libbw6_671.so` to compile those curves instead.
 
 The resulting `.so` files are the compiled shared libraries for each curve.
 
 ## Golang Binding
 
 The shared libraries produced from the CUDA code compilation are used to bind Golang to ICICLE's CUDA code.
 
-1. These shared libraries (`libbn254.so`, `libbls12_381.so`, `libbls12_377.so`) can be imported in your Go project to leverage the GPU accelerated functionalities provided by ICICLE. 
+1. These shared libraries (`libbn254.so`, `libbls12_381.so`, `libbls12_377.so`, `libbw6_671.so`) can be imported in your Go project to leverage the GPU accelerated functionalities provided by ICICLE.
 
 2. In your Go project, you can use `cgo` to link these shared libraries. Here's a basic example on how you can use `cgo` to link these libraries:
 
 ```go
 /*
-#cgo LDFLAGS: -L/path/to/shared/libs -lbn254 -lbls12_381 -lbls12_377
+#cgo LDFLAGS: -L/path/to/shared/libs -lbn254 -lbls12_381 -lbls12_377 -lbw6_671
 #include "icicle.h" // make sure you use the correct header file(s)
 */
 import "C"
@@ -46,7 +46,7 @@ Replace `/path/to/shared/libs` with the actual path where the shared libraries a
 
 ## Cleaning up
 
-If you want to remove the compiled files, you can use the `make clean` command. This will remove the `libbn254.so`, `libbls12_381.so`, and `libbls12_377.so` files.
+If you want to remove the compiled files, you can use the `make clean` command. This will remove the `libbn254.so`, `libbls12_381.so`, `libbls12_377.so` and `libbw6_671.so` files.
 
 ## Common issues