Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

group crate refactoring #230

Merged
merged 11 commits into from
May 18, 2020
Merged

group crate refactoring #230

merged 11 commits into from
May 18, 2020

Conversation

str4d
Copy link
Contributor

@str4d str4d commented May 14, 2020

The new Group trait represents a cryptographic group with a large prime-order subgroup and a small cofactor. The PrimeGroup trait further constrains the group to have a cofactor of one. CurveProjective now primarily contains EC-specific functionality.

Part of #161.

str4d added 9 commits May 15, 2020 00:20
@str4d
Remove explicit std::marker from Sized bound
d7d4928 
Sized is always part of the prelude, and binding on std causes
compilation issues for no-std crates.
@str4d
group: Rename zero and one to identity and generator
4f2220f
@str4d
Make CurveProjective::double take &self and return Self
8add78a
@str4d
Remove Engine associated type from CurveAffine and CurveProjective
7203a7a 
The type Curve*::Engine::Fr is equivalent to Curve*::Scalar, making
Engine a redundant associated type.
@str4d
group: Introduce Group and PrimeGroup traits
69f53fe 
Group represents a cryptographic group with a large prime-order subgroup
and a small cofactor. PrimeGroup further constrains the group to have a
cofactor of one.
@str4d
group: Define group operations on Group trait
5397d73 
The GroupOps trait represents the group operation (addition), and the
combination of the group operation with group inversion (subtraction).
Group inversion (negation) is constrained directly on the Group trait.
@str4d
group: Sum + for<'a> Sum<&'a Self> bounds for Group
e3d8428
@str4d
group: Move CurveProjective::double to Group
d2aa87f
@str4d
group: Add Group::Subgroup associated type
0df950d 
For prime-order groups, this may be Self.
@str4d str4d requested a review from ebfull May 14, 2020 12:24
@codecov
Copy link

codecov bot commented May 14, 2020
edited
Loading

Codecov Report

Merging #230 into master will increase coverage by 0.11%.
The diff coverage is 78.06%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #230      +/-   ##
==========================================
+ Coverage   65.25%   65.37%   +0.11%     
==========================================
  Files         106      106              
  Lines       14973    14968       -5     
==========================================
+ Hits         9771     9785      +14     
+ Misses       5202     5183      -19
Impacted Files Coverage Δ
bellman/src/domain.rs 63.58% <0.00%> (ø)
ff/ff_derive/src/lib.rs 15.38% <ø> (ø)
ff/src/lib.rs 47.29% <ø> (ø)
group/src/lib.rs 11.76% <ø> (ø)
pairing/src/bls12_381/fq2.rs 63.17% <0.00%> (+1.16%) ⬆️
pairing/src/bls12_381/fq6.rs 48.90% <0.00%> (ø)
pairing/src/lib.rs 75.00% <ø> (ø)
bellman/src/groth16/tests/dummy_engine.rs 7.64% <5.55%> (+0.54%) ⬆️
group/src/wnaf.rs 66.07% <60.00%> (-0.60%) ⬇️
pairing/src/bls12_381/ec.rs 74.27% <84.93%> (+1.17%) ⬆️
... and 31 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 41d9f29...669f2b4. Read the comment docs.

@str4d
Copy link
Contributor Author

str4d commented May 14, 2020

The first commit in this PR is also in #227; I'll rebase whichever PR is not merged first.

@str4d str4d mentioned this pull request May 14, 2020
Merged
@daira
Copy link
Contributor

daira commented May 17, 2020

Group is implemented for Fr, as the additive group (Fr, +). This is a little strange because that's not a cryptographic group, and it's only one of two natural choices of implementation, the other being the multiplicative group (Fr*, *). Do we actually use the Group implementation for Fr?

@ebfull
Copy link
Collaborator

ebfull commented May 18, 2020

We want to be able to apply FFTs either to elements of the group or to the scalars themselves, which requires us to reason about a shared "scalar" field and group-like arithmetic in either case.

@str4d str4d merged commit 4969ad4 into zcash:master May 18, 2020
daira
daira reviewed May 21, 2020
View reviewed changes
group/src/lib.rs
/// Returns the additive identity.
fn zero() -> Self;
/// Returns the additive identity, also known as the "neutral element".
fn identity() -> Self;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I actually prefer zero for the additive identity. So I would prefer to revert all of the s/zero/identity/ changes. I find zero more natural especially if we're implementing Add and Neg. additive_identity is too long, and identity is ambiguous.

group/src/lib.rs
/// Returns a fixed generator of unknown exponent.
fn one() -> Self;
/// Returns a fixed generator of the prime-order subgroup.
fn generator() -> Self::Subgroup;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This on the other hand, is much better.

group/src/lib.rs
Comment on lines 151 to 152
/// Determines if this point represents the point at infinity; the
/// additive identity.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// Determines if this point represents the point at infinity; the
/// additive identity.
/// Determines if this point represents the additive identity, or zero point.

It's not the point at infinity for Edwards curves. (Edwards curves over the rationals, or incomplete Edwards curves, do have points at infinity that are not the additive identity. This is a hobby horse but I am right :-p )

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's an old doc-comment; it should match the Group::identity doc-comment, which is currently:

    /// Determines if this point is the identity.

pairing/src/bls12_381/ec.rs Show resolved Hide resolved
@str4d str4d deleted the group-trait branch May 21, 2020 07:02
@str4d str4d added this to the Core Sprint 2020-19 milestone May 23, 2020
@ebfull ebfull mentioned this pull request Jun 26, 2020
Closed
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daira daira daira left review comments

@ebfull ebfull ebfull approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Core Sprint 2020-19
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@str4d @daira @ebfull