Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix nits in bn256. #99

Merged
merged 3 commits into from
Nov 23, 2023
Merged

Fix nits in bn256. #99

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f58d91f
Comment residues used for field extensions
davidnevadoc Nov 3, 2023
b3e30d8
Remove unusued functions and constants
davidnevadoc Nov 3, 2023
5116461
Correct forb constant comment
davidnevadoc Nov 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/bn256/fq12.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ use core::ops::{Add, Mul, Neg, Sub};
use rand::RngCore;
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};

/// -GAMMA is a quadratic non-residue in Fp6. Fp12 = Fp6[X]/(X^2 + GAMMA)
/// We introduce the variable w such that w^2 = -GAMMA
// GAMMA = - v

/// An element of Fq12, represented by c0 + c1 * w.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Default)]
pub struct Fq12 {
pub c0: Fq6,
Expand Down
55 changes: 9 additions & 46 deletions src/bn256/fq2.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
#[cfg(feature = "derive_serde")]
use serde::{Deserialize, Serialize};

/// An element of Fq2, represented by c0 + c1 * u.
/// An element of Fq2, represented by c0 + c1 * u; where u^2 = -1.
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
#[cfg_attr(feature = "derive_serde", derive(Serialize, Deserialize))]
pub struct Fq2 {
Expand Down Expand Up @@ -199,11 +199,12 @@ impl Fq2 {
}

pub fn mul_assign(&mut self, other: &Self) {
let mut t1 = self.c0 * other.c0;
let mut t0 = self.c0 + self.c1;
let mut t1 = self.c0 * other.c0;
let t2 = self.c1 * other.c1;
self.c1 = other.c0 + other.c1;

self.c0 = t1 - t2;
self.c1 = other.c0 + other.c1;
t1 += t2;
t0 *= self.c1;
self.c1 = t0 - t1;
Expand Down Expand Up @@ -271,12 +272,14 @@ impl Fq2 {
}

pub fn frobenius_map(&mut self, power: usize) {
self.c1 *= &FROBENIUS_COEFF_FQ2_C1[power % 2];
if power % 2 != 0 {
self.conjugate()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conjugate can't be a const fn as it is done "in place". I wonder if we can gain any speedup by not making it get an &mut and declaring the fn const.

kk since it relies in Sub which isn't const this will not work. So this is fine as is.
Just leaving the comment with my reasoning so you can double-check

}
Comment on lines +275 to +277
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't you shift by one to the right and && by a mask? Might be harder to read but we're sure that will always be as optimized as possible.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure how to do this properly since power is usize.
We can use its methods for example:

if power.trailing_zeros() != 0 {
    self.conjugate()
        }

but I don't think it is worth it.

}

/// Multiply this element by quadratic nonresidue 9 + u.
pub fn mul_by_nonresidue(&mut self) {
// (xi+y)(i+9) = (9x+y)i+(9y-x)
// (xu+y)(u+9) = (9x+y)u+(9y-x)
let t0 = self.c0;
let t1 = self.c1;

Expand All @@ -290,29 +293,7 @@ impl Fq2 {
// (9*y - x)
self.c0 -= &t1;

// (9*x)i
self.c1 += &t1;
// (9*x + y)
self.c1 += &t0;
}

// Multiply this element by ξ where ξ=i+9
pub fn mul_by_xi(&mut self) {
// (xi+y)(i+9) = (9x+y)i+(9y-x)
let t0 = self.c0;
let t1 = self.c1;

// 8*x*i + 8*y
self.double_assign();
self.double_assign();
self.double_assign();

// 9*y
self.c0 += &t0;
// (9*y - x)
self.c0 -= &t1;

// (9*x)i
// (9*x)u
self.c1 += &t1;
// (9*x + y)
self.c1 += &t0;
Expand Down Expand Up @@ -567,24 +548,6 @@ impl WithSmallOrderMulGroup<3> for Fq2 {
};
}

pub const FROBENIUS_COEFF_FQ2_C1: [Fq; 2] = [
// Fq(-1)**(((q^0) - 1) / 2)
// it's 1 in Montgommery form
Fq([
0xd35d438dc58f0d9d,
0x0a78eb28f5c70b3d,
0x666ea36f7879462c,
0x0e0a77c19a07df2f,
]),
// Fq(-1)**(((q^1) - 1) / 2)
Fq([
0x68c3488912edefaa,
0x8d087f6872aabf4f,
0x51e1a24709081231,
0x2259d6b14729c0fa,
]),
];

#[cfg(test)]
use rand::SeedableRng;
#[cfg(test)]
Expand Down
27 changes: 11 additions & 16 deletions src/bn256/fq6.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ use core::ops::{Add, Mul, Neg, Sub};
use rand::RngCore;
use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};

/// -BETA is a cubic non-residue in Fp2. Fp6 = Fp2[X]/(X^3 + BETA)
/// We introduce the variable v such that v^3 = -BETA
// BETA = - (u + 9)

/// An element of Fq6, represented by c0 + c1 * v + c2 * v^2.
#[derive(Copy, Clone, Debug, Eq, PartialEq, Default)]
pub struct Fq6 {
pub c0: Fq2,
Expand Down Expand Up @@ -185,7 +190,6 @@ impl Fq6 {
// new c1 = (c^2).mul_by_xi + 2ab
self.c1 = s4;
self.c1.mul_by_nonresidue();
// self.c1.mul_by_xi();
self.c1 += &s1;

// new c2 = 2ab + (a - b + c)^2 + 2bc - a^2 - c^2 = b^2 + 2ac
Expand Down Expand Up @@ -264,15 +268,6 @@ impl Fq6 {
self.c0.mul_by_nonresidue();
}

/// Multiply by cubic nonresidue v.
pub fn mul_by_v(&mut self) {
use std::mem::swap;
swap(&mut self.c0, &mut self.c1);
swap(&mut self.c0, &mut self.c2);

self.c0.mul_by_xi();
}

pub fn mul_by_1(&mut self, c1: &Fq2) {
let mut b_b = self.c1;
b_b *= c1;
Expand Down Expand Up @@ -513,7 +508,7 @@ pub const FROBENIUS_COEFF_FQ6_C1: [Fq2; 6] = [
];

pub const FROBENIUS_COEFF_FQ6_C2: [Fq2; 6] = [
// Fq2(u + 1)**(((2q^0) - 2) / 3)
// Fq2(u + 9)**(((2q^0) - 2) / 3)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you elaborate where's this 9 coming from?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous value is the cubic non_residue for Bls12-381. The values for the field extensions of Bn are :

   Fp2  = Fp[X]  / <X^2 + 1>             alpha^2 = -1
   Fp6  = Fp2[X] / <X^3 - (alpha + 9>    beta^3  = alpha + 9
   Fp12 = Fp6[X] / <X^2 - beta>          gamma^2 = beta

Fq2 {
c0: Fq([
0xd35d438dc58f0d9d,
Expand All @@ -523,7 +518,7 @@ pub const FROBENIUS_COEFF_FQ6_C2: [Fq2; 6] = [
]),
c1: Fq([0x0, 0x0, 0x0, 0x0]),
},
// Fq2(u + 1)**(((2q^1) - 2) / 3)
// Fq2(u + 9)**(((2q^1) - 2) / 3)
Fq2 {
c0: Fq([
0x7361d77f843abe92,
Expand All @@ -538,7 +533,7 @@ pub const FROBENIUS_COEFF_FQ6_C2: [Fq2; 6] = [
0x24830a9d3171f0fd,
]),
},
// Fq2(u + 1)**(((2q^2) - 2) / 3)
// Fq2(u + 9)**(((2q^2) - 2) / 3)
Fq2 {
c0: Fq([
0x71930c11d782e155,
Expand All @@ -548,7 +543,7 @@ pub const FROBENIUS_COEFF_FQ6_C2: [Fq2; 6] = [
]),
c1: Fq([0x0, 0x0, 0x0, 0x0]),
},
// Fq2(u + 1)**(((2q^3) - 2) / 3)
// Fq2(u + 9)**(((2q^3) - 2) / 3)
Fq2 {
c0: Fq([
0x448a93a57b6762df,
Expand All @@ -563,7 +558,7 @@ pub const FROBENIUS_COEFF_FQ6_C2: [Fq2; 6] = [
0x170c812b84dda0b2,
]),
},
// Fq2(u + 1)**(((2q^4) - 2) / 3)
// Fq2(u + 9)**(((2q^4) - 2) / 3)
Fq2 {
c0: Fq([
0x3350c88e13e80b9c,
Expand All @@ -573,7 +568,7 @@ pub const FROBENIUS_COEFF_FQ6_C2: [Fq2; 6] = [
]),
c1: Fq([0x0, 0x0, 0x0, 0x0]),
},
// Fq2(u + 1)**(((2q^5) - 2) / 3)
// Fq2(u + 9)**(((2q^5) - 2) / 3)
Fq2 {
c0: Fq([
0x843420f1d8dadbd6,
Expand Down
Loading