Merge branch 'support-bandersnatch-group' of github.com:dragan2234/ha…

…lo2curves into support-bandersnatch-group
privacy-scaling-explorations · May 20, 2024 · 1f65f1b · 1f65f1b
2 parents 233cb1c + 08811be
commit 1f65f1b
Show file tree

Hide file tree

Showing 35 changed files with 2,598 additions and 2,988 deletions.
diff --git a/.config/typos.toml b/.config/typos.toml
@@ -0,0 +1,3 @@
+[default.extend-words]
+groth = "groth"
+ba = "ba"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -52,7 +52,7 @@ jobs:
       # We run WASM build (for tests) which compiles the lib allowig us to have
       # `getrandom` as a dev-dependency.
       - name: Build
-        run: cargo build --tests --release --features "bn256-table derive_serde prefetch" --target "${{ matrix.target }}"
+        run: cargo build --tests --release --features "bn256-table derive_serde" --target "${{ matrix.target }}"
   test:
     if: github.event.pull_request.draft == false
     name: Test
@@ -112,6 +112,16 @@ jobs:
           command: clippy
           args: --verbose --release --tests --all-features
 
+  typos:
+    name: Spell Check with Typos
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use typos with config file
+        uses: crate-ci/typos@master
+        with: 
+          config: .config/typos.toml
+
   bench:
     if: github.event.pull_request.draft == false
     name: Bench

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "halo2curves"
-version = "0.6.0"
+version = "0.6.1"
 authors = ["Privacy Scaling Explorations team"]
 license = "MIT/Apache-2.0"
 edition = "2021"
@@ -17,14 +17,15 @@ bincode = "1.3.3"
 serde_json = "1.0.105"
 hex = "0.4"
 rand_chacha = "0.3.1"
+impls = "1"
 
 # Added to make sure we are able to build the lib in the CI.
 # Notice this will never be loaded for someone using this lib as dep.
 [target.'cfg(all(target_arch = "wasm32", target_os = "unknown"))'.dev-dependencies]
 getrandom = { version = "0.2", features = ["js"] }
 
 [dependencies]
-subtle = "2.4"
+subtle = "2.5"
 ff = { version = "0.13.0", default-features = false, features = ["std"] }
 group = "0.13.0"
 pairing = "0.23.0"
@@ -42,6 +43,7 @@ hex = { version = "0.4", optional = true, default-features = false, features = [
 blake2b_simd = "1"
 bls12_381 = { git = "https://github.com/dragan2234/bls12_381", features = ["groups", "basefield"], branch = "add-FromUniformBytes-trait" }
 rayon = "1.8"
+unroll = "0.1.5"
 
 [dependencies.bitvec]
 version = "1"
@@ -52,8 +54,7 @@ default = ["bits"]
 asm = []
 bits = ["ff/bits"]
 bn256-table = []
-derive_serde = ["serde/derive", "serde_arrays", "hex"]
-prefetch = []
+derive_serde = ["serde/derive", "serde_arrays", "hex", "pasta_curves/serde"]
 print-trace = ["ark-std/print-trace"]
 
 [profile.bench]
@@ -88,4 +89,3 @@ harness = false
 [[bench]]
 name = "msm"
 harness = false
-required-features = ["multicore"]
diff --git a/benches/msm.rs b/benches/msm.rs
@@ -17,10 +17,10 @@ use ff::Field;
 use group::prime::PrimeCurveAffine;
 use halo2curves::bn256::{Fr as Scalar, G1Affine as Point};
 use halo2curves::msm::{best_multiexp, multiexp_serial};
-use maybe_rayon::current_thread_index;
-use maybe_rayon::prelude::{IntoParallelIterator, ParallelIterator};
 use rand_core::SeedableRng;
 use rand_xorshift::XorShiftRng;
+use rayon::current_thread_index;
+use rayon::prelude::{IntoParallelIterator, ParallelIterator};
 use std::time::SystemTime;
 
 const SAMPLE_SIZE: usize = 10;

diff --git a/script/bn256.py b/script/bn256.py
@@ -1,4 +1,4 @@
-# This file generates the montogomary form integers for x in [0, 2^16) \intersect
+# This file generates the montgomery form integers for x in [0, 2^16) \intersect
 # BN::ScalarField
 
 verbose = False

diff --git a/src/arithmetic.rs b/src/arithmetic.rs
@@ -45,6 +45,30 @@ pub(crate) const fn macx(a: u64, b: u64, c: u64) -> (u64, u64) {
     (res as u64, (res >> 64) as u64)
 }
 
+/// Returns a >= b
+#[inline(always)]
+pub(crate) const fn bigint_geq(a: &[u64; 4], b: &[u64; 4]) -> bool {
+    if a[3] > b[3] {
+        return true;
+    } else if a[3] < b[3] {
+        return false;
+    }
+    if a[2] > b[2] {
+        return true;
+    } else if a[2] < b[2] {
+        return false;
+    }
+    if a[1] > b[1] {
+        return true;
+    } else if a[1] < b[1] {
+        return false;
+    }
+    if a[0] >= b[0] {
+        return true;
+    }
+    false
+}
+
 /// Compute a * b, returning the result.
 #[inline(always)]
 pub(crate) fn mul_512(a: [u64; 4], b: [u64; 4]) -> [u64; 8] {

diff --git a/src/bn256/curve.rs b/src/bn256/curve.rs
@@ -5,6 +5,7 @@ use crate::arithmetic::EndoParameters;
 use crate::bn256::Fq;
 use crate::bn256::Fq2;
 use crate::bn256::Fr;
+use crate::derive::curve::{IDENTITY_MASK, IDENTITY_SHIFT, SIGN_MASK, SIGN_SHIFT};
 use crate::endo;
 use crate::ff::WithSmallOrderMulGroup;
 use crate::ff::{Field, PrimeField};
@@ -32,7 +33,6 @@ new_curve_impl!(
     (pub),
     G1,
     G1Affine,
-    false,
     Fq,
     Fr,
     (G1_GENERATOR_X,G1_GENERATOR_Y),
@@ -46,7 +46,6 @@ new_curve_impl!(
     (pub),
     G2,
     G2Affine,
-    false,
     Fq2,
     Fr,
     (G2_GENERATOR_X, G2_GENERATOR_Y),
@@ -199,23 +198,28 @@ impl G1 {
 }
 
 #[cfg(test)]
-mod tests {
-    use crate::arithmetic::CurveEndo;
-    use crate::bn256::{Fr, G1, G2};
-    use crate::CurveExt;
-    use ff::Field;
-    use ff::{PrimeField, WithSmallOrderMulGroup};
-    use rand_core::OsRng;
-
-    #[test]
-    fn test_hash_to_curve() {
-        crate::tests::curve::hash_to_curve_test::<G1>();
-    }
-
-    #[test]
-    fn test_map_to_curve() {
-        crate::tests::curve::svdw_map_to_curve_test::<G1>(
-            G1::SVDW_Z,
+mod test {
+    use super::*;
+    use group::UncompressedEncoding;
+    crate::curve_testing_suite!(G1, G2);
+    crate::curve_testing_suite!(G1, "hash_to_curve");
+    crate::curve_testing_suite!(G1, "endo_consistency");
+    crate::curve_testing_suite!(
+        G1,
+        "endo",
+        // Optional `z_other` param. `z_other` is 3-roots of unity, similar to `ZETA`.
+        // Reference: https://github.com/privacy-scaling-explorations/halo2curves/blob/main/src/bn256/fr.rs#L145-L151
+        [
+            0x8b17ea66b99c90dd,
+            0x5bfc41088d8daaa7,
+            0xb3c4d79d41a91758,
+            0x00,
+        ]
+    );
+    crate::curve_testing_suite!(
+        G1,
+        "svdw_map_to_curve",
+        (
             // Precomputed constants taken from https://github.com/ConsenSys/gnark-crypto/blob/441dc0ffe639294b8d09e394f24ba7575577229c/internal/generator/config/bn254.go#L26-L32.
             [
                 "4",
@@ -260,55 +264,27 @@ mod tests {
                         "0x1ac201a542feca15e77f30370da183514dc99d8a0b2c136d64ede35cd0b51dc0",
                     ),
                 ),
-            ],
-        );
-    }
-
-    #[test]
-    fn test_curve() {
-        crate::tests::curve::curve_tests::<G1>();
-        crate::tests::curve::curve_tests::<G2>();
-    }
-
-    #[test]
-    fn test_endo() {
-        let z_impl = Fr::ZETA;
-        let z_other = Fr::from_raw([
-            0x8b17ea66b99c90dd,
-            0x5bfc41088d8daaa7,
-            0xb3c4d79d41a91758,
-            0x00,
-        ]);
-        assert_eq!(z_impl * z_impl + z_impl, -Fr::ONE);
-        assert_eq!(z_other * z_other + z_other, -Fr::ONE);
-
-        let g = G1::generator();
-        assert_eq!(g * Fr::ZETA, g.endo());
-        let g = G2::generator();
-        assert_eq!(g * Fr::ZETA, g.endo());
-        for _ in 0..100000 {
-            let k = Fr::random(OsRng);
-            let (k1, k1_neg, k2, k2_neg) = G1::decompose_scalar(&k);
-            if k1_neg & k2_neg {
-                assert_eq!(k, -Fr::from_u128(k1) + Fr::ZETA * Fr::from_u128(k2))
-            } else if k1_neg {
-                assert_eq!(k, -Fr::from_u128(k1) - Fr::ZETA * Fr::from_u128(k2))
-            } else if k2_neg {
-                assert_eq!(k, Fr::from_u128(k1) + Fr::ZETA * Fr::from_u128(k2))
-            } else {
-                assert_eq!(k, Fr::from_u128(k1) - Fr::ZETA * Fr::from_u128(k2))
-            }
-        }
-    }
-
-    #[test]
-    fn test_serialization() {
-        crate::tests::curve::random_serialization_test::<G1>();
-        crate::tests::curve::random_serialization_test::<G2>();
-        #[cfg(feature = "derive_serde")]
-        {
-            crate::tests::curve::random_serde_test::<G1>();
-            crate::tests::curve::random_serde_test::<G2>();
-        }
-    }
+            ]
+        )
+    );
+    crate::curve_testing_suite!(
+        G1,
+        "constants",
+        Fq::MODULUS,
+        G1_A,
+        G1_B,
+        G1_GENERATOR_X,
+        G1_GENERATOR_Y,
+        Fr::MODULUS
+    );
+    crate::curve_testing_suite!(
+        G2,
+        "constants",
+        Fq2::MODULUS,
+        G2_A,
+        G2_B,
+        G2_GENERATOR_X,
+        G2_GENERATOR_Y,
+        Fr::MODULUS
+    );
 }