Support bw6-761

README.md

@@ -114,20 +114,21 @@ Create a JSON file with the curve parameters. The curve is defined by the follow
 - ``curve_name`` - e.g. ``bls12_381``.
 - ``modulus_p`` - scalar field modulus (in decimal).
 - ``bit_count_p`` - number of bits needed to represent `` modulus_p`` .
-- ``limb_p`` - number of bytes needed to represent `` modulus_p``  (rounded).
-- ``ntt_size`` - log of the maximal size subgroup of the scalar field.    
+- ``limb_p`` - number of (32-bit) limbs needed to represent `` modulus_p`` (rounded up).
+- ``ntt_size`` - log of the maximal size subgroup of the scalar field.
 - ``modulus_q`` - base field modulus (in decimal).
 - ``bit_count_q`` - number of bits needed to represent `` modulus_q`` .
-- ``limb_q`` number of bytes needed to represent `` modulus_p``  (rounded).
-- ``weierstrass_b`` - Weierstrauss constant of the curve. 
-- ``weierstrass_b_g2_re`` - Weierstrauss real constant of the g2 curve. 
-- ``weierstrass_b_g2_im`` - Weierstrauss imaginary constant of the g2 curve. 
-- ``gen_x`` - x-value of a generator element for the curve. 
-- ``gen_y`` - y-value of a generator element for the curve.
-- ``gen_x_re`` - real x-value of a generator element for the g2 curve. 
-- ``gen_x_im`` - imaginary x-value of a generator element for the g2 curve. 
-- ``gen_y_re`` - real y-value of a generator element for the g2 curve. 
-- ``gen_y_im`` - imaginary y-value of a generator element for the g2 curve. 
+- ``limb_q`` - number of (32-bit) limbs needed to represent `` modulus_q`` (rounded up).
+- ``weierstrass_b`` - `b` of the curve in Weierstrauss form.
+- ``weierstrass_b_g2_re`` - real part of the `b` value in of the g2 curve in Weierstrass form.
+- ``weierstrass_b_g2_im`` - imaginary part of the `b` value in of the g2 curve in Weierstrass form.
+- ``gen_x`` - `x` coordinate of a generator element for the curve.
+- ``gen_y`` - `y` coordinate of a generator element for the curve.
+- ``gen_x_re`` - real part of the `x` coordinate of generator element for the g2 curve.
+- ``gen_x_im`` - imaginary part of the `x` coordinate of generator element for the g2 curve.
+- ``gen_y_re`` - real part of the `y` coordinate of generator element for the g2 curve.
+- ``gen_y_im`` - imaginary part of the `y` coordinate of generator element for the g2 curve.
+- ``nonresidue`` - nonresidue, or `i^2`, or `u^2` - square of the element that generates quadratic extension field of the base field.
 
 Here's an example for BLS12-381.
 ```
@@ -141,14 +142,15 @@ Here's an example for BLS12-381.
     "bit_count_q" : 381,
     "limb_q" : 12,
     "weierstrass_b" : 4,
-    "weierstrass_b_g2_re":4,
-    "weierstrass_b_g2_im":4,
+    "weierstrass_b_g2_re" : 4,
+    "weierstrass_b_g2_im" : 4,
     "gen_x" : 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507,
     "gen_y" : 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569,
     "gen_x_re" : 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160,
     "gen_x_im" : 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758,
     "gen_y_re" : 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905,
-    "gen_y_im" : 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582
+    "gen_y_im" : 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582,
+    "nonresidue" : -1
 }
 ```
 

benches/msm.rs

@@ -2,10 +2,10 @@ extern crate criterion;
 
 use criterion::{criterion_group, criterion_main, Criterion};
 
-use icicle_utils::test_bls12_381::{
+use icicle::test_bls12_381::{
     commit_batch_bls12_381, generate_random_points_bls12_381, set_up_scalars_bls12_381,
 };
-use icicle_utils::utils::*;
+use icicle::utils::*;
 #[cfg(feature = "g2")]
 use icicle_utils::{commit_batch_g2, field::ExtensionField};
 

benches/ntt.rs

@@ -2,7 +2,7 @@ extern crate criterion;
 
 use criterion::{criterion_group, criterion_main, Criterion};
 
-use icicle_utils::test_bls12_381::*;
+use icicle::test_bls12_381::*;
 
 const LOG_NTT_SIZES: [usize; 3] = [20, 9, 10];
 const BATCH_SIZES: [usize; 3] = [1, 512, 1024];

curve_parameters/bls12_377.json

@@ -16,5 +16,6 @@
     "g2_gen_x_re" : 233578398248691099356572568220835526895379068987715365179118596935057653620464273615301663571204657964920925606294,
     "g2_gen_x_im" : 140913150380207355837477652521042157274541796891053068589147167627541651775299824604154852141315666357241556069118,
     "g2_gen_y_re" : 63160294768292073209381361943935198908131692476676907196754037919244929611450776219210369229519898517858833747423,
-    "g2_gen_y_im" : 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491
+    "g2_gen_y_im" : 149157405641012693445398062341192467754805999074082136895788947234480009303640899064710353187729182149407503257491,
+    "nonresidue" : -5
 }

curve_parameters/bls12_381.json

@@ -16,5 +16,6 @@
     "g2_gen_x_re" : 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160,
     "g2_gen_x_im" : 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758,
     "g2_gen_y_re" : 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905,
-    "g2_gen_y_im" : 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582
+    "g2_gen_y_im" : 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582,
+    "nonresidue" : -1
 }

curve_parameters/bn254.json

@@ -16,5 +16,6 @@
     "g2_gen_x_re" : 10857046999023057135944570762232829481370756359578518086990519993285655852781,
     "g2_gen_x_im" : 11559732032986387107991004021392285783925812861821192530917403151452391805634,
     "g2_gen_y_re" : 8495653923123431417604973247489272438418190587263600148770280649306958101930,
-    "g2_gen_y_im" : 4082367875863433681332203403145435568316851327593401208105741076214120093531
+    "g2_gen_y_im" : 4082367875863433681332203403145435568316851327593401208105741076214120093531,
+    "nonresidue" : -1
 }

curve_parameters/bw6-761.json

@@ -0,0 +1,21 @@
+{
+    "curve_name" : "bw6_761",
+    "modulus_p" : 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177,
+    "bit_count_p" : 377,
+    "limb_p" :  12,
+    "ntt_size" : 46,
+    "modulus_q" : 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299,
+    "bit_count_q" : 761,
+    "limb_q" : 24,
+    "root_of_unity" : 32863578547254505029601261939868325669770508939375122462904745766352256812585773382134936404344547323199885654433,
+    "weierstrass_b" : 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068298,
+    "weierstrass_b_g2_re" : 4,
+    "weierstrass_b_g2_im" : 0,
+    "g1_gen_x" : 6238772257594679368032145693622812838779005809760824733138787810501188623461307351759238099287535516224314149266511977132140828635950940021790489507611754366317801811090811367945064510304504157188661901055903167026722666149426237,
+    "g1_gen_y" : 2101735126520897423911504562215834951148127555913367997162789335052900271653517958562461315794228241561913734371411178226936527683203879553093934185950470971848972085321797958124416462268292467002957525517188485984766314758624099,
+    "g2_gen_x_re" : 6445332910596979336035888152774071626898886139774101364933948236926875073754470830732273879639675437155036544153105017729592600560631678554299562762294743927912429096636156401171909259073181112518725201388196280039960074422214428,
+    "g2_gen_x_im" : 1,
+    "g2_gen_y_re" : 562923658089539719386922163444547387757586534741080263946953401595155211934630598999300396317104182598044793758153214972605680357108252243146746187917218885078195819486220416605630144001533548163105316661692978285266378674355041,
+    "g2_gen_y_im" : 1,
+    "nonresidue" : -1
+}

curve_parameters/new_curve_script.py

@@ -5,6 +5,9 @@
 import sys
 
 
+argv_list = ['thisfile', 'curve_json', 'command']
+new_curve_args = dict(zip(argv_list, sys.argv[:len(argv_list)] + [""]*(len(argv_list) - len(sys.argv))))
+
 def to_hex(val: int, length):
     x = hex(val)[2:]
     if len(x) % 8 != 0:
@@ -14,25 +17,28 @@ def to_hex(val: int, length):
     n = 8
     chunks = [x[i:i+n] for i in range(0, len(x), n)][::-1]
     s = ""
-    for c in chunks:
+    for c in chunks[:length // n]:
         s += f'0x{c}, '
 
     return s[:-2]
 
 
 def compute_values(modulus, modulus_bit_count, limbs):
     limb_size = 8*limbs
+    bit_size = 4*limb_size
     modulus_ = to_hex(modulus,limb_size)
     modulus_2 = to_hex(modulus*2,limb_size)
     modulus_4 = to_hex(modulus*4,limb_size)
     modulus_wide = to_hex(modulus,limb_size*2)
-    modulus_squared = to_hex(modulus*modulus,limb_size)
-    modulus_squared_2 = to_hex(modulus*modulus*2,limb_size)
-    modulus_squared_4 = to_hex(modulus*modulus*4,limb_size)
+    modulus_squared = to_hex(modulus*modulus,limb_size*2)
+    modulus_squared_2 = to_hex(modulus*modulus*2,limb_size*2)
+    modulus_squared_4 = to_hex(modulus*modulus*4,limb_size*2)
     m_raw = int(math.floor(int(pow(2,2*modulus_bit_count) // modulus)))
     m = to_hex(m_raw,limb_size)
     one = to_hex(1,limb_size)
     zero = to_hex(0,limb_size)
+    montgomery_r = to_hex(pow(2,bit_size,modulus),limb_size)
+    montgomery_r_inv = to_hex(pow(2,-bit_size,modulus),limb_size)
 
     return (
         modulus_,
@@ -44,11 +50,13 @@ def compute_values(modulus, modulus_bit_count, limbs):
         modulus_squared_4,
         m,
         one,
-        zero
+        zero,
+        montgomery_r,
+        montgomery_r_inv
     )
 
 
-def get_fq_params(modulus, modulus_bit_count, limbs, g1_gen_x, g1_gen_y, g2_gen_x_re, g2_gen_x_im, g2_gen_y_re, g2_gen_y_im):
+def get_fq_params(modulus, modulus_bit_count, limbs, nonresidue):
     (
         modulus,
         modulus_2,
@@ -59,10 +67,14 @@ def get_fq_params(modulus, modulus_bit_count, limbs, g1_gen_x, g1_gen_y, g2_gen_
         modulus_squared_4,
         m,
         one,
-        zero
+        zero,
+        montgomery_r,
+        montgomery_r_inv
     ) = compute_values(modulus, modulus_bit_count, limbs)
 
     limb_size = 8*limbs
+    nonresidue_is_negative = str(nonresidue < 0).lower()
+    nonresidue = abs(nonresidue)
     return {
         'fq_modulus': modulus,
         'fq_modulus_2': modulus_2,
@@ -74,12 +86,10 @@ def get_fq_params(modulus, modulus_bit_count, limbs, g1_gen_x, g1_gen_y, g2_gen_
         'fq_m': m,
         'fq_one': one,
         'fq_zero': zero,
-        'fq_gen_x': to_hex(g1_gen_x, limb_size),
-        'fq_gen_y': to_hex(g1_gen_y, limb_size),
-        'fq_gen_x_re': to_hex(g2_gen_x_re, limb_size),
-        'fq_gen_x_im': to_hex(g2_gen_x_im, limb_size),
-        'fq_gen_y_re': to_hex(g2_gen_y_re, limb_size),
-        'fq_gen_y_im': to_hex(g2_gen_y_im, limb_size)
+        'fq_montgomery_r': montgomery_r,
+        'fq_montgomery_r_inv': montgomery_r_inv,
+        'nonresidue': nonresidue,
+        'nonresidue_is_negative': nonresidue_is_negative
     }
 
 
@@ -94,7 +104,9 @@ def get_fp_params(modulus, modulus_bit_count, limbs, root_of_unity, size=0):
         modulus_squared_4,
         m,
         one,
-        zero
+        zero,
+        montgomery_r,
+        montgomery_r_inv
     ) = compute_values(modulus, modulus_bit_count, limbs)
     limb_size = 8*limbs
     if size > 0:
@@ -129,12 +141,26 @@ def get_fp_params(modulus, modulus_bit_count, limbs, root_of_unity, size=0):
         'fp_m': m,
         'fp_one': one,
         'fp_zero': zero,
+        'fp_montgomery_r': montgomery_r,
+        'fp_montgomery_r_inv': montgomery_r_inv,
         'omega': omega[:-1],
         'omega_inv': omega_inv[:-1],
         'inv': inv[:-1],
     }
 
 
+def get_generators(g1_gen_x, g1_gen_y, g2_gen_x_re, g2_gen_x_im, g2_gen_y_re, g2_gen_y_im, size):
+
+    return {
+        'fq_gen_x': to_hex(g1_gen_x, size),
+        'fq_gen_y': to_hex(g1_gen_y, size),
+        'fq_gen_x_re': to_hex(g2_gen_x_re, size),
+        'fq_gen_x_im': to_hex(g2_gen_x_im, size),
+        'fq_gen_y_re': to_hex(g2_gen_y_re, size),
+        'fq_gen_y_im': to_hex(g2_gen_y_im, size)
+    }
+
+
 def get_weier_params(weierstrass_b, weierstrass_b_g2_re, weierstrass_b_g2_im, size):
 
     return {
@@ -155,6 +181,7 @@ def get_params(config):
     bit_count_q = config["bit_count_q"] 
     limb_q = config["limb_q"]
     root_of_unity = config["root_of_unity"]
+    nonresidue = config["nonresidue"]
     if root_of_unity == modulus_p:
         sys.exit("Invalid root_of_unity value; please update in curve parameters")
 
@@ -178,19 +205,21 @@ def get_params(config):
     }
 
     fp_params = get_fp_params(modulus_p, bit_count_p, limb_p, root_of_unity, ntt_size)
-    fq_params = get_fq_params(modulus_q, bit_count_q, limb_q, g1_gen_x, g1_gen_y, g2_generator_x_re, g2_generator_x_im, g2_generator_y_re, g2_generator_y_im)
+    fq_params = get_fq_params(modulus_q, bit_count_q, limb_q, nonresidue)
+    generators = get_generators(g1_gen_x, g1_gen_y, g2_generator_x_re, g2_generator_x_im, g2_generator_y_re, g2_generator_y_im, 8*limb_q)
     weier_params = get_weier_params(weierstrass_b, weierstrass_b_g2_re, weierstrass_b_g2_im, 8*limb_q)
 
     return {
         **params,
         **fp_params,
         **fq_params,
+        **generators,
         **weier_params
     }
 
 
 config = None
-with open(sys.argv[1]) as json_file:
+with open(new_curve_args['curve_json']) as json_file:
     config = json.load(json_file)
 
 curve_name_lower = config["curve_name"].lower()
@@ -211,7 +240,7 @@ def get_params(config):
     with open(f'./icicle/curves/{curve_name_lower}/params.cuh', 'w') as f:
         f.write(params_content)
 
-if sys.argv[2] != "-update":
+if new_curve_args['command'] != '-update':
     with open("./icicle/curves/curve_template/lde.cu.tmpl", "r") as lde_file:
         template_content = Template(lde_file.read())
         lde_content = template_content.safe_substitute(

examples/ntt/main.rs

@@ -1,6 +1,6 @@
 use std::time::Instant;
 
-use icicle_utils::{curves::bls12_381::ScalarField_BLS12_381, test_bls12_381::*};
+use icicle::{curves::bls12_381::ScalarField_BLS12_381, test_bls12_381::*};
 use rustacuda::prelude::DeviceBuffer;
 
 const LOG_NTT_SIZES: [usize; 3] = [20, 10, 9];

icicle/appUtils/msm/msm.cu

@@ -982,7 +982,7 @@ void batched_large_msm(
   S* scalars, A* points, unsigned batch_size, unsigned msm_size, P* result, bool on_device, cudaStream_t stream)
 {
   unsigned c = get_optimal_c(msm_size);
-  unsigned bitsize = 255;
+  unsigned bitsize = S::NBITS;
   batched_bucket_method_msm(bitsize, c, scalars, points, batch_size, msm_size, result, on_device, stream);
 }
 #endif

icicle/appUtils/poseidon/poseidon.cu

@@ -198,7 +198,7 @@ __host__ void Poseidon<S>::hash_blocks(const S* inp, size_t blocks, S* out, Hash
 #endif
 
   // execute half full rounds
-  full_rounds<<<number_of_blocks, number_of_threads, sizeof(S) * hashes_per_block* this->t, stream>>>(
+  full_rounds<<<number_of_blocks, number_of_threads, sizeof(S) * hashes_per_block * this->t, stream>>>(
     states, blocks, rc_offset, true, this->config);
   rc_offset += this->t * this->config.full_rounds_half;
 
@@ -230,7 +230,7 @@ __host__ void Poseidon<S>::hash_blocks(const S* inp, size_t blocks, S* out, Hash
 #endif
 
   // execute half full rounds
-  full_rounds<<<number_of_blocks, number_of_threads, sizeof(S) * hashes_per_block* this->t, stream>>>(
+  full_rounds<<<number_of_blocks, number_of_threads, sizeof(S) * hashes_per_block * this->t, stream>>>(
     states, blocks, rc_offset, false, this->config);
 
 #if !defined(__CUDA_ARCH__) && defined(DEBUG)

icicle/curves/bls12_377/curve_config.cuh

@@ -9,17 +9,22 @@
 #include "params.cuh"
 
 namespace BLS12_377 {
-  typedef Field<PARAMS_BLS12_377::fp_config> scalar_field_t;
-  typedef scalar_field_t scalar_t;
+  typedef Field<PARAMS_BLS12_377::fp_config> scalar_t;
   typedef Field<PARAMS_BLS12_377::fq_config> point_field_t;
+  static constexpr point_field_t gen_x = point_field_t{PARAMS_BLS12_377::g1_gen_x};
+  static constexpr point_field_t gen_y = point_field_t{PARAMS_BLS12_377::g1_gen_y};
   static constexpr point_field_t b = point_field_t{PARAMS_BLS12_377::weierstrass_b};
-  typedef Projective<point_field_t, scalar_field_t, b> projective_t;
+  typedef Projective<point_field_t, scalar_t, b, gen_x, gen_y> projective_t;
   typedef Affine<point_field_t> affine_t;
 #if defined(G2_DEFINED)
   typedef ExtensionField<PARAMS_BLS12_377::fq_config> g2_point_field_t;
-  static constexpr g2_point_field_t b_g2 = g2_point_field_t{
+  static constexpr g2_point_field_t g2_gen_x =
+    g2_point_field_t{point_field_t{PARAMS_BLS12_377::g2_gen_x_re}, point_field_t{PARAMS_BLS12_377::g2_gen_x_im}};
+  static constexpr g2_point_field_t g2_gen_y =
+    g2_point_field_t{point_field_t{PARAMS_BLS12_377::g2_gen_y_re}, point_field_t{PARAMS_BLS12_377::g2_gen_y_im}};
+  static constexpr g2_point_field_t g2_b = g2_point_field_t{
     point_field_t{PARAMS_BLS12_377::weierstrass_b_g2_re}, point_field_t{PARAMS_BLS12_377::weierstrass_b_g2_im}};
-  typedef Projective<g2_point_field_t, scalar_field_t, b_g2> g2_projective_t;
+  typedef Projective<g2_point_field_t, scalar_t, g2_b, g2_gen_x, g2_gen_y> g2_projective_t;
   typedef Affine<g2_point_field_t> g2_affine_t;
 #endif
-} // namespace BLS12_377
+} // namespace BLS12_377