Adds Bowe-Hopwood hash

arkworks-rs · Nov 17, 2019 · e50390d · e50390d
1 parent 2e8b03a
commit e50390d
Show file tree

Hide file tree

Showing 41 changed files with 1,553 additions and 205 deletions.
diff --git a/algebra/src/curves/edwards_bls12/mod.rs b/algebra/src/curves/edwards_bls12/mod.rs
@@ -2,7 +2,7 @@ use crate::field_new;
 use crate::{
     biginteger::BigInteger256,
     curves::{
-        models::{ModelParameters, TEModelParameters},
+        models::{ModelParameters, TEModelParameters, MontgomeryModelParameters},
         twisted_edwards_extended::{GroupAffine, GroupProjective},
     },
     fields::edwards_bls12::{fq::Fq, fr::Fr},
@@ -55,6 +55,8 @@ impl TEModelParameters for EdwardsParameters {
     /// Generated randomly
     const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
 
+    type MontgomeryModelParameters = EdwardsParameters;
+
     /// Multiplication by `a` is just negation.
     /// Is `a` 1 or -1?
     #[inline(always)]
@@ -63,6 +65,25 @@ impl TEModelParameters for EdwardsParameters {
     }
 }
 
+impl MontgomeryModelParameters for EdwardsParameters {
+    /// COEFF_A = 0x8D26E3FADA9010A26949031ECE3971B93952AD84D4753DDEDB748DA37E8F552
+    const COEFF_A: Fq = field_new!(Fq, BigInteger256([
+        13800168384327121454u64,
+        6841573379969807446u64,
+        12529593083398462246u64,
+        853978956621483129u64,
+    ]));
+    /// COEFF_B = 0x9D8F71EEC83A44C3A1FBCEC6F5418E5C6154C2682B8AC231C5A3725C8170AAD
+    const COEFF_B: Fq = field_new!(Fq, BigInteger256([
+        7239382437352637935u64,
+        14509846070439283655u64,
+        5083066350480839936u64,
+        1265663645916442191u64,
+    ]));
+
+    type TEModelParameters = EdwardsParameters;
+}
+
 impl FromStr for EdwardsAffine {
     type Err = ();
 

diff --git a/algebra/src/curves/edwards_bls12/tests.rs b/algebra/src/curves/edwards_bls12/tests.rs
@@ -1,5 +1,5 @@
 use crate::{
-    curves::{edwards_bls12::*, tests::curve_tests, AffineCurve, ProjectiveCurve},
+    curves::{edwards_bls12::*, tests::curve_tests, AffineCurve, ProjectiveCurve, models::twisted_edwards_extended::tests::montgomery_conversion_test},
     groups::tests::group_test,
 };
 use rand;
@@ -48,3 +48,8 @@ fn test_conversion() {
     assert_eq!(a_b, a_b2.into_affine());
     assert_eq!(a_b.into_projective(), a_b2);
 }
+
+#[test]
+fn test_montgomery_conversion() {
+    montgomery_conversion_test::<EdwardsParameters>();
+}
diff --git a/algebra/src/curves/edwards_sw6/mod.rs b/algebra/src/curves/edwards_sw6/mod.rs
@@ -2,7 +2,7 @@ use crate::field_new;
 use crate::{
     biginteger::BigInteger384 as BigInteger,
     curves::{
-        models::{ModelParameters, TEModelParameters},
+        models::{ModelParameters, TEModelParameters, MontgomeryModelParameters},
         twisted_edwards_extended::{GroupAffine, GroupProjective},
     },
     fields::edwards_sw6::{fq::Fq, fr::Fr},
@@ -62,13 +62,38 @@ impl TEModelParameters for EdwardsParameters {
     /// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
     const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
 
+    type MontgomeryModelParameters = EdwardsParameters;
+
     /// Multiplication by `a` is just negation.
     #[inline(always)]
     fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
         -*elem
     }
 }
 
+impl MontgomeryModelParameters for EdwardsParameters {
+    /// COEFF_A = 0x95D53EB3F6AC3F7A53C26020144439DC6073BCAE513E03FD06B6B3BAA390F25E51534B26719E33F4CD906D4DA9B535
+    const COEFF_A: Fq = field_new!(Fq, BigInteger([
+        7594254284108454966u64,
+        14287343397973578077u64,
+        6490358977072726023u64,
+        8023375322051995268u64,
+        8242802613686040715u64,
+        100541941146122331u64,
+    ]));
+    /// COEFF_B = 0x118650763CE64AB4BE743604C8D05013DC2663652A3D58B21ECAB7BFF65B70DB8BA09F9098E61CC903B2F92B2564ACA
+    const COEFF_B: Fq = field_new!(Fq, BigInteger([
+        11173793475516310780u64,
+        14217481814129454913u64,
+        11878518835804377107u64,
+        14866315431314324110u64,
+        9234787938768687129u64,
+        62053599622152261u64,
+    ]));
+
+    type TEModelParameters = EdwardsParameters;
+}
+
 impl FromStr for EdwardsAffine {
     type Err = ();
 

diff --git a/algebra/src/curves/edwards_sw6/tests.rs b/algebra/src/curves/edwards_sw6/tests.rs
@@ -1,5 +1,5 @@
 use crate::{
-    curves::{edwards_sw6::*, tests::curve_tests, AffineCurve, ProjectiveCurve},
+    curves::{edwards_sw6::*, tests::curve_tests, AffineCurve, ProjectiveCurve, models::twisted_edwards_extended::tests::montgomery_conversion_test},
     groups::tests::group_test,
 };
 use rand;
@@ -48,3 +48,8 @@ fn test_conversion() {
     assert_eq!(a_b, a_b2.into_affine());
     assert_eq!(a_b.into_projective(), a_b2);
 }
+
+#[test]
+fn test_montgomery_conversion() {
+    montgomery_conversion_test::<EdwardsParameters>();
+}
diff --git a/algebra/src/curves/jubjub/mod.rs b/algebra/src/curves/jubjub/mod.rs
@@ -2,7 +2,7 @@ use crate::field_new;
 use crate::{
     biginteger::BigInteger256,
     curves::{
-        models::{ModelParameters, TEModelParameters},
+        models::{ModelParameters, TEModelParameters, MontgomeryModelParameters},
         twisted_edwards_extended::{GroupAffine, GroupProjective},
     },
     fields::jubjub::{fq::Fq, fr::Fr},
@@ -89,13 +89,34 @@ impl TEModelParameters for JubJubParameters {
     /// AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)
     const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField) = (GENERATOR_X, GENERATOR_Y);
 
+    type MontgomeryModelParameters = JubJubParameters;
+
     /// Multiplication by `a` is simply negation here.
     #[inline(always)]
     fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
         -(*elem)
     }
 }
 
+impl MontgomeryModelParameters for JubJubParameters {
+    /// COEFF_A = 0xA002
+    const COEFF_A: Fq = field_new!(Fq, BigInteger256([
+        388496971701930u64,
+        6855257088226130262u64,
+        553476580979119549u64,
+        6516741293351590684u64,
+    ]));
+    /// COEFF_B = 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFEFFFF5FFD
+    const COEFF_B: Fq = field_new!(Fq, BigInteger256([
+        18446355550968045916u64,
+        10902955289292811939u64,
+        3147092737149958754u64,
+        6710871716016002197u64,
+    ]));
+
+    type TEModelParameters = JubJubParameters;
+}
+
 impl FromStr for JubJubAffine {
     type Err = ();
 

diff --git a/algebra/src/curves/jubjub/tests.rs b/algebra/src/curves/jubjub/tests.rs
@@ -1,6 +1,6 @@
 use crate::{
     bytes::{FromBytes, ToBytes},
-    curves::{jubjub::*, tests::curve_tests, AffineCurve, ProjectiveCurve},
+    curves::{jubjub::*, tests::curve_tests, AffineCurve, ProjectiveCurve, models::twisted_edwards_extended::tests::montgomery_conversion_test},
     fields::jubjub::fr::Fr,
     groups::tests::group_test,
 };
@@ -102,3 +102,8 @@ fn test_bytes() {
     let g = JubJubAffine::read(g_bytes.as_slice()).unwrap();
     assert_eq!(g_from_repr, g);
 }
+
+#[test]
+fn test_montgomery_conversion() {
+    montgomery_conversion_test::<JubJubParameters>();
+}
diff --git a/algebra/src/curves/models/mod.rs b/algebra/src/curves/models/mod.rs
@@ -71,6 +71,8 @@ pub trait TEModelParameters: ModelParameters {
     const COFACTOR_INV: Self::ScalarField;
     const AFFINE_GENERATOR_COEFFS: (Self::BaseField, Self::BaseField);
 
+    type MontgomeryModelParameters: MontgomeryModelParameters<BaseField = Self::BaseField>;
+
     #[inline(always)]
     fn mul_by_a(elem: &Self::BaseField) -> Self::BaseField {
         let mut copy = *elem;
@@ -110,3 +112,11 @@ pub trait TEModelParameters: ModelParameters {
         ret
     }
 }
+
+pub trait MontgomeryModelParameters: ModelParameters {
+    const COEFF_A: Self::BaseField;
+    const COEFF_B: Self::BaseField;
+
+    type TEModelParameters: TEModelParameters<BaseField = Self::BaseField>;
+}
+
diff --git a/...curves/models/twisted_edwards_extended.rs → ...es/models/twisted_edwards_extended/mod.rs b/...curves/models/twisted_edwards_extended.rs → ...es/models/twisted_edwards_extended/mod.rs
@@ -9,10 +9,13 @@ use std::{
 
 use crate::{
     bytes::{FromBytes, ToBytes},
-    curves::{models::TEModelParameters as Parameters, AffineCurve, ProjectiveCurve},
+    curves::{models::TEModelParameters as Parameters, models::MontgomeryModelParameters as MontgomeryParameters, AffineCurve, ProjectiveCurve},
     fields::{BitIterator, Field, PrimeField, SquareRootField},
 };
 
+#[cfg(test)]
+pub mod tests;
+
 #[derive(Derivative)]
 #[derivative(
     Copy(bound = "P: Parameters"),
@@ -617,3 +620,36 @@ impl<P: Parameters> From<GroupProjective<P>> for GroupAffine<P> {
         }
     }
 }
+
+#[derive(Derivative)]
+#[derivative(
+Copy(bound = "P: MontgomeryParameters"),
+Clone(bound = "P: MontgomeryParameters"),
+PartialEq(bound = "P: MontgomeryParameters"),
+Eq(bound = "P: MontgomeryParameters"),
+Debug(bound = "P: MontgomeryParameters"),
+Hash(bound = "P: MontgomeryParameters")
+)]
+pub struct MontgomeryGroupAffine<P: MontgomeryParameters> {
+    pub x: P::BaseField,
+    pub y: P::BaseField,
+    #[derivative(Debug = "ignore")]
+    _params: PhantomData<P>,
+}
+
+impl<P: MontgomeryParameters> Display for MontgomeryGroupAffine<P> {
+    fn fmt(&self, f: &mut Formatter<'_>) -> FmtResult {
+        write!(f, "MontgomeryGroupAffine(x={}, y={})", self.x, self.y)
+    }
+}
+
+impl<P: MontgomeryParameters> MontgomeryGroupAffine<P> {
+    pub fn new(x: P::BaseField, y: P::BaseField) -> Self {
+        Self {
+            x,
+            y,
+            _params: PhantomData,
+        }
+    }
+}
+
diff --git a/algebra/src/curves/models/twisted_edwards_extended/tests.rs b/algebra/src/curves/models/twisted_edwards_extended/tests.rs
@@ -0,0 +1,14 @@
+use crate::{fields::Field, TEModelParameters, MontgomeryModelParameters};
+
+pub(crate) fn montgomery_conversion_test<P>()
+    where
+        P: TEModelParameters,
+{
+    // A = 2 * (a + d) / (a - d)
+    let a = P::BaseField::one().double()*&(P::COEFF_A + &P::COEFF_D)*&(P::COEFF_A - &P::COEFF_D).inverse().unwrap();
+    // B = 4 / (a - d)
+    let b = P::BaseField::one().double().double()*&(P::COEFF_A - &P::COEFF_D).inverse().unwrap();
+
+    assert_eq!(a, P::MontgomeryModelParameters::COEFF_A);
+    assert_eq!(b, P::MontgomeryModelParameters::COEFF_B);
+}
diff --git a/algebra/src/fields/edwards_bls12/fr.rs b/algebra/src/fields/edwards_bls12/fr.rs
@@ -58,7 +58,12 @@ impl FpParameters for FrParameters {
         50861023252832611u64,
     ]);
 
-    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]);
+    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
+        6678124996694371583u64,
+        2975139753996731775u64,
+        14706092969812227584u64,
+        168160046336021674u64,
+    ]);
 
     const T: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0]);
 

diff --git a/algebra/src/fields/edwards_sw6/fr.rs b/algebra/src/fields/edwards_sw6/fr.rs
@@ -68,7 +68,14 @@ impl FpParameters for FrParameters {
         1893962574900431u64,
     ]);
 
-    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]);
+    const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
+        11565705853993265482u64,
+        1874401829722016192u64,
+        17360162650792090657u64,
+        12799843252669731128u64,
+        12421966106515346579u64,
+        7568644544155918u64,
+    ]);
 
     const T: BigInteger = BigInteger([0x0, 0x0, 0x0, 0x0, 0x0, 0x0]);