-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Loading status checks…
Merge pull request #117 from plume-sig/arkworks04
Bump to the recent `arkworks` (`v0.5`)
Showing
17 changed files
with
1,424 additions
and
332 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1 @@ | ||
https://github.com/plume-sig/zk-nullifier-sig/blob/main/README.md | ||
# HAZMAT | ||
Please note that until `v0.1.0` this is very much a preview crate which lets you have some preliminary feel of the structure and the reference implementation approach. | ||
https://github.com/plume-sig/zk-nullifier-sig/blob/main/README.md |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,135 @@ | ||
// The below implementation is a rework of https://github.com/armfazh/h2c-rust-ref | ||
// With some optimisations | ||
|
||
use core::marker::PhantomData; | ||
|
||
use ark_std::vec::*; | ||
|
||
use arrayvec::ArrayVec; | ||
use sha2::digest::{ExtendableOutput, FixedOutputReset, Update}; | ||
|
||
pub trait Expander { | ||
fn expand(&self, msg: &[u8], length: usize) -> Vec<u8>; | ||
} | ||
const MAX_DST_LENGTH: usize = 255; | ||
|
||
const LONG_DST_PREFIX: &[u8; 17] = b"H2C-OVERSIZE-DST-"; | ||
|
||
/// Implements section [5.3.3](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#section-5.3.3) | ||
/// "Using DSTs longer than 255 bytes" of the | ||
/// [IRTF CFRG hash-to-curve draft #16](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16#section-5.3.3). | ||
pub struct DST(arrayvec::ArrayVec<u8, MAX_DST_LENGTH>); | ||
|
||
impl DST { | ||
pub fn new_xmd<H: FixedOutputReset + Default>(dst: &[u8]) -> DST { | ||
let array = if dst.len() > MAX_DST_LENGTH { | ||
let mut long = H::default(); | ||
long.update(&LONG_DST_PREFIX[..]); | ||
long.update(&dst); | ||
ArrayVec::try_from(long.finalize_fixed().as_ref()).unwrap() | ||
} else { | ||
ArrayVec::try_from(dst).unwrap() | ||
}; | ||
DST(array) | ||
} | ||
|
||
#[allow(dead_code)] | ||
pub fn new_xof<H: ExtendableOutput + Default>(dst: &[u8], k: usize) -> DST { | ||
let array = if dst.len() > MAX_DST_LENGTH { | ||
let mut long = H::default(); | ||
long.update(&LONG_DST_PREFIX[..]); | ||
long.update(&dst); | ||
|
||
let mut new_dst = [0u8; MAX_DST_LENGTH]; | ||
let new_dst = &mut new_dst[0..((2 * k + 7) >> 3)]; | ||
long.finalize_xof_into(new_dst); | ||
ArrayVec::try_from(&*new_dst).unwrap() | ||
} else { | ||
ArrayVec::try_from(dst).unwrap() | ||
}; | ||
DST(array) | ||
} | ||
|
||
pub fn update<H: Update>(&self, h: &mut H) { | ||
h.update(self.0.as_ref()); | ||
// I2OSP(len,1) https://www.rfc-editor.org/rfc/rfc8017.txt | ||
h.update(&[self.0.len() as u8]); | ||
} | ||
} | ||
|
||
#[allow(dead_code)] | ||
pub(super) struct ExpanderXof<H: ExtendableOutput + Clone + Default> { | ||
pub(super) xofer: PhantomData<H>, | ||
pub(super) dst: Vec<u8>, | ||
pub(super) k: usize, | ||
} | ||
|
||
impl<H: ExtendableOutput + Clone + Default> Expander for ExpanderXof<H> { | ||
fn expand(&self, msg: &[u8], n: usize) -> Vec<u8> { | ||
let mut xofer = H::default(); | ||
xofer.update(msg); | ||
|
||
// I2OSP(len,2) https://www.rfc-editor.org/rfc/rfc8017.txt | ||
let lib_str = (n as u16).to_be_bytes(); | ||
xofer.update(&lib_str); | ||
|
||
DST::new_xof::<H>(self.dst.as_ref(), self.k).update(&mut xofer); | ||
xofer.finalize_boxed(n).into_vec() | ||
} | ||
} | ||
|
||
pub(super) struct ExpanderXmd<H: FixedOutputReset + Default + Clone> { | ||
pub(super) hasher: PhantomData<H>, | ||
pub(super) dst: Vec<u8>, | ||
pub(super) block_size: usize, | ||
} | ||
|
||
static Z_PAD: [u8; 256] = [0u8; 256]; | ||
|
||
impl<H: FixedOutputReset + Default + Clone> Expander for ExpanderXmd<H> { | ||
fn expand(&self, msg: &[u8], n: usize) -> Vec<u8> { | ||
use sha2::digest::typenum::Unsigned; | ||
// output size of the hash function, e.g. 32 bytes = 256 bits for sha2::Sha256 | ||
let b_len = H::OutputSize::to_usize(); | ||
let ell = (n + (b_len - 1)) / b_len; | ||
assert!( | ||
ell <= 255, | ||
"The ratio of desired output to the output size of hash function is too large!" | ||
); | ||
|
||
let dst_prime = DST::new_xmd::<H>(self.dst.as_ref()); | ||
// Represent `len_in_bytes` as a 2-byte array. | ||
// As per I2OSP method outlined in https://tools.ietf.org/pdf/rfc8017.pdf, | ||
// The program should abort if integer that we're trying to convert is too large. | ||
assert!(n < (1 << 16), "Length should be smaller than 2^16"); | ||
let lib_str: [u8; 2] = (n as u16).to_be_bytes(); | ||
|
||
let mut hasher = H::default(); | ||
hasher.update(&Z_PAD[0..self.block_size]); | ||
hasher.update(msg); | ||
hasher.update(&lib_str); | ||
hasher.update(&[0u8]); | ||
dst_prime.update(&mut hasher); | ||
let b0 = hasher.finalize_fixed_reset(); | ||
|
||
hasher.update(&b0); | ||
hasher.update(&[1u8]); | ||
dst_prime.update(&mut hasher); | ||
let mut bi = hasher.finalize_fixed_reset(); | ||
|
||
let mut uniform_bytes: Vec<u8> = Vec::with_capacity(n); | ||
uniform_bytes.extend_from_slice(&bi); | ||
for i in 2..=ell { | ||
// update the hasher with xor of b_0 and b_i elements | ||
for (l, r) in b0.iter().zip(bi.iter()) { | ||
hasher.update(&[*l ^ *r]); | ||
} | ||
hasher.update(&[i as u8]); | ||
dst_prime.update(&mut hasher); | ||
bi = hasher.finalize_fixed_reset(); | ||
uniform_bytes.extend_from_slice(&bi); | ||
} | ||
uniform_bytes.truncate(n); | ||
uniform_bytes | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
mod expander; | ||
use ark_ff::{field_hashers::HashToField, Field, PrimeField}; | ||
use core::marker::PhantomData; | ||
use expander::{Expander, ExpanderXmd}; | ||
use sha2::digest::{core_api::BlockSizeUser, FixedOutputReset}; | ||
|
||
pub struct FixedFieldHasher<H: FixedOutputReset + Default + Clone, const SEC_PARAM: usize = 128> { | ||
expander: ExpanderXmd<H>, | ||
len_per_base_elem: usize, | ||
} | ||
|
||
impl<F: Field, H: FixedOutputReset + BlockSizeUser + Default + Clone, const SEC_PARAM: usize> | ||
HashToField<F> for FixedFieldHasher<H, SEC_PARAM> | ||
{ | ||
fn new(dst: &[u8]) -> Self { | ||
// The final output of `hash_to_field` will be an array of field | ||
// elements from F::BaseField, each of size `len_per_elem`. | ||
let len_per_base_elem = get_len_per_elem::<F, SEC_PARAM>(); | ||
|
||
let expander = ExpanderXmd { | ||
hasher: PhantomData, | ||
dst: dst.to_vec(), | ||
block_size: H::block_size(), | ||
}; | ||
|
||
FixedFieldHasher { | ||
expander, | ||
len_per_base_elem, | ||
} | ||
} | ||
|
||
fn hash_to_field<const N: usize>(&self, message: &[u8]) -> [F; N] { | ||
let m = F::extension_degree() as usize; | ||
|
||
// The user requests `N` of elements of F_p^m to output per input msg, | ||
// each field element comprising `m` BasePrimeField elements. | ||
let len_in_bytes = N * m * self.len_per_base_elem; | ||
let uniform_bytes = self.expander.expand(message, len_in_bytes); | ||
|
||
let cb = |i| { | ||
let base_prime_field_elem = |j| { | ||
let elm_offset = self.len_per_base_elem * (j + i * m); | ||
F::BasePrimeField::from_be_bytes_mod_order( | ||
&uniform_bytes[elm_offset..][..self.len_per_base_elem], | ||
) | ||
}; | ||
F::from_base_prime_field_elems((0..m).map(base_prime_field_elem)).unwrap() | ||
}; | ||
ark_std::array::from_fn::<F, N, _>(cb) | ||
} | ||
} | ||
|
||
const fn get_len_per_elem<F: Field, const SEC_PARAM: usize>() -> usize { | ||
// ceil(log(p)) | ||
let base_field_size_in_bits = F::BasePrimeField::MODULUS_BIT_SIZE as usize; | ||
// ceil(log(p)) + security_parameter | ||
let base_field_size_with_security_padding_in_bits = base_field_size_in_bits + SEC_PARAM; | ||
// ceil( (ceil(log(p)) + security_parameter) / 8) | ||
let bytes_per_base_field_elem = | ||
((base_field_size_with_security_padding_in_bits + 7) / 8) as u64; | ||
bytes_per_base_field_elem as usize | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
use super::{fq::Fq, fr::Fr}; | ||
use ark_ec::{ | ||
hashing::curve_maps::{ | ||
swu::SWUConfig, | ||
wb::{IsogenyMap, WBConfig}, | ||
}, | ||
models::CurveConfig, | ||
short_weierstrass::{self as sw, SWCurveConfig}, | ||
}; | ||
use ark_ff::{AdditiveGroup, Field, MontFp, Zero}; | ||
|
||
#[derive(Copy, Clone, Default, PartialEq, Eq)] | ||
pub struct Secp256k1Parameters; | ||
|
||
pub type Affine = sw::Affine<Config>; | ||
// pub type Projective = sw::Projective<Config>; | ||
|
||
// pub type BaseField = Fq; | ||
// pub type ScalarField = Fr; | ||
|
||
#[derive(Copy, Clone, Default, PartialEq, Eq)] | ||
pub struct Config; | ||
impl CurveConfig for Config { | ||
type BaseField = Fq; | ||
type ScalarField = Fr; | ||
|
||
/// COFACTOR = 1 | ||
const COFACTOR: &'static [u64] = &[0x1]; | ||
|
||
/// COFACTOR_INV = COFACTOR^{-1} mod r = 1 | ||
#[rustfmt::skip] | ||
const COFACTOR_INV: Fr = Fr::ONE; | ||
} | ||
impl SWCurveConfig for Config { | ||
/// COEFF_A = 0 | ||
const COEFF_A: Fq = Fq::ZERO; | ||
|
||
/// COEFF_B = 7 | ||
const COEFF_B: Fq = MontFp!("7"); | ||
|
||
/// GENERATOR = (G_GENERATOR_X, G_GENERATOR_Y) | ||
const GENERATOR: Affine = Affine::new_unchecked(G_GENERATOR_X, G_GENERATOR_Y); | ||
|
||
#[inline(always)] | ||
fn mul_by_a(_: Self::BaseField) -> Self::BaseField { | ||
Self::BaseField::zero() | ||
} | ||
} | ||
|
||
/// G_GENERATOR_X = | ||
/// 55066263022277343669578718895168534326250603453777594175500187360389116729240 | ||
pub const G_GENERATOR_X: Fq = | ||
MontFp!("55066263022277343669578718895168534326250603453777594175500187360389116729240"); | ||
|
||
/// G_GENERATOR_Y = | ||
/// 32670510020758816978083085130507043184471273380659243275938904335757337482424 | ||
pub const G_GENERATOR_Y: Fq = | ||
MontFp!("32670510020758816978083085130507043184471273380659243275938904335757337482424"); | ||
|
||
/// `secp256k1_XMD:SHA-256_SSWU_RO_` isogenous curve | ||
pub struct ConfigIsogenous {} | ||
impl CurveConfig for ConfigIsogenous { | ||
type BaseField = <Config as CurveConfig>::BaseField; | ||
type ScalarField = <Config as CurveConfig>::ScalarField; | ||
|
||
const COFACTOR: &'static [u64] = Config::COFACTOR; | ||
const COFACTOR_INV: Self::ScalarField = Config::COFACTOR_INV; | ||
} | ||
type TheIsoCurveAffine = sw::Affine<ConfigIsogenous>; | ||
impl SWCurveConfig for ConfigIsogenous { | ||
const COEFF_A: Self::BaseField = | ||
MontFp!("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"); | ||
const COEFF_B: Self::BaseField = MontFp!("1771"); | ||
const GENERATOR: TheIsoCurveAffine = TheIsoCurveAffine::new_unchecked( | ||
MontFp!("75295888890003590383366995344834012177557063699577440394299653383124903397514"), | ||
MontFp!("82553647407850972504999846303729620951309077682374043495922869307182479212755"), | ||
); | ||
} | ||
impl SWUConfig for ConfigIsogenous { | ||
const ZETA: Self::BaseField = MontFp!("-11"); | ||
} | ||
|
||
// Parameters from the [IETF draft v16, section E.3](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#name-suites-for-secp256k1). | ||
impl WBConfig for Config { | ||
type IsogenousCurve = ConfigIsogenous; | ||
|
||
const ISOGENY_MAP: IsogenyMap<'static, Self::IsogenousCurve, Self> = IsogenyMap { | ||
x_map_numerator: &[ | ||
MontFp!("0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7"), | ||
MontFp!("0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581"), | ||
MontFp!("0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262"), | ||
MontFp!("0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"), | ||
], | ||
x_map_denominator: &[ | ||
MontFp!("0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b"), | ||
MontFp!("0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14"), | ||
MontFp!("1"), | ||
MontFp!("0"), | ||
], | ||
y_map_numerator: &[ | ||
MontFp!("0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c"), | ||
MontFp!("0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3"), | ||
MontFp!("0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931"), | ||
MontFp!("0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"), | ||
], | ||
y_map_denominator: &[ | ||
MontFp!("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b"), | ||
MontFp!("0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573"), | ||
MontFp!("0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f"), | ||
MontFp!("1"), | ||
], | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
use ark_ff::{ | ||
// biginteger::BigInteger320 as BigInteger, | ||
fields::{* /* MontConfig */}, | ||
}; | ||
use ark_ff_macros::MontConfig; | ||
/* | ||
~~Supported BigInteger sizes:~~ | ||
~~256, 320, 384, 448, 768, 832~~ | ||
*/ | ||
|
||
#[derive(MontConfig)] | ||
#[modulus = "115792089237316195423570985008687907853269984665640564039457584007908834671663"] | ||
#[generator = "3"] | ||
#[small_subgroup_base = "3"] | ||
#[small_subgroup_power = "1"] | ||
pub struct FqConfig; | ||
pub type Fq = Fp256<MontBackend<FqConfig, 4>>; | ||
|
||
// pub struct FqParameters; | ||
|
||
/* impl Fp320Parameters for FqParameters {} | ||
impl FftParameters for FqParameters { | ||
type BigInt = BigInteger; | ||
const TWO_ADICITY: u32 = 1; | ||
const TWO_ADIC_ROOT_OF_UNITY: Self::BigInt = BigInteger::new([ | ||
0xfffffffefffffc2f, 0xfffffffefffffc2e, 0xffffffffffffffff, 0xffffffffffffffff, 0x0000000000000000, | ||
]); | ||
} | ||
impl FpParameters for FqParameters { | ||
#[rustfmt::skip] | ||
const MODULUS: BigInteger = BigInteger::new([ | ||
0xfffffffefffffc2f, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0000000000000000, | ||
]); | ||
const MODULUS_BITS: u32 = 256; | ||
const CAPACITY: u32 = Self::MODULUS_BITS - 1; | ||
/// The number of bits that must be shaved from the beginning of | ||
/// the representation when randomly sampling. | ||
const REPR_SHAVE_BITS: u32 = 64; | ||
/// Let `M` be the power of 2^64 nearest to `Self::MODULUS_BITS`. Then | ||
/// `R = M % Self::MODULUS`. | ||
/// R = M % MODULUS | ||
#[rustfmt::skip] | ||
const R: BigInteger = BigInteger::new([ | ||
0x0000000000000000, 0x00000001000003d1, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, | ||
]); | ||
/// R2 = R * R % MODULUS | ||
#[rustfmt::skip] | ||
const R2: BigInteger = BigInteger::new([ | ||
0x0000000000000000, 0x0000000000000000, 0x000007a2000e90a1, 0x0000000000000001, 0x0000000000000000, | ||
]); | ||
/// INV = -MODULUS^{-1} mod 2^64 | ||
const INV: u64 = 15580212934572586289; | ||
/// A multiplicative generator of the field, in Montgomery form (g * R % modulus). | ||
/// `Self::GENERATOR` is an element having multiplicative order | ||
/// `Self::MODULUS - 1`. In other words, the generator is the lowest value such that | ||
/// MultiplicativeOrder(generator, p) = p - 1 where p is the modulus. | ||
#[rustfmt::skip] | ||
const GENERATOR: BigInteger = BigInteger::new([ | ||
0x0000000000000000, 0x0000000300000b73, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, | ||
]); | ||
#[rustfmt::skip] | ||
const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger::new([ | ||
0xffffffff7ffffe17, 0xffffffffffffffff, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0000000000000000, | ||
]); | ||
#[rustfmt::skip] | ||
const T: BigInteger = BigInteger::new([ | ||
0xffffffff7ffffe17, 0xffffffffffffffff, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0000000000000000, | ||
]); | ||
#[rustfmt::skip] | ||
const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger::new([ | ||
0xffffffffbfffff0b, 0xffffffffffffffff, 0xffffffffffffffff, 0x3fffffffffffffff, 0x0000000000000000, | ||
]); | ||
} */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
use ark_ff::{ | ||
// biginteger::BigInteger320 as BigInteger, | ||
fields::{ | ||
// FftParameters, | ||
// Fp320, | ||
// Fp320Parameters, | ||
// FpParameters, | ||
Fp256, | ||
MontBackend, | ||
MontConfig, | ||
}, | ||
}; | ||
/* | ||
~~Supported BigInteger sizes:~~ | ||
~~256, 320, 384, 448, 768, 832~~ | ||
*/ | ||
|
||
#[derive(MontConfig)] | ||
#[modulus = "115792089237316195423570985008687907852837564279074904382605163141518161494337"] | ||
#[generator = "7"] | ||
#[small_subgroup_base = "3"] | ||
#[small_subgroup_power = "1"] | ||
pub struct FrConfig; | ||
pub type Fr = Fp256<MontBackend<FrConfig, 4>>; | ||
|
||
// pub struct FrParameters; | ||
|
||
// impl Fp320Parameters for FrParameters {} | ||
|
||
// impl FftParameters for FrParameters { | ||
// type BigInt = BigInteger; | ||
|
||
// const TWO_ADICITY: u32 = 6; | ||
|
||
// const TWO_ADIC_ROOT_OF_UNITY: Self::BigInt = BigInteger::new([ | ||
// 0x0112cb0f605a214a, 0x92225daffb794500, 0x7e42003a6ccb6212, 0x55980b07bc222114, 0x0000000000000000, | ||
// ]); | ||
// } | ||
|
||
// impl FpParameters for FrParameters { | ||
// #[rustfmt::skip] | ||
// const MODULUS: BigInteger = BigInteger::new([ | ||
// 0xbfd25e8cd0364141, 0xbaaedce6af48a03b, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0000000000000000, | ||
// ]); | ||
|
||
// const MODULUS_BITS: u32 = 256; | ||
|
||
// const CAPACITY: u32 = Self::MODULUS_BITS - 1; | ||
|
||
// /// The number of bits that must be shaved from the beginning of | ||
// /// the representation when randomly sampling. | ||
// const REPR_SHAVE_BITS: u32 = 64; | ||
|
||
// /// Let `M` be the power of 2^64 nearest to `Self::MODULUS_BITS`. Then | ||
// /// `R = M % Self::MODULUS`. | ||
// /// R = M % MODULUS | ||
// #[rustfmt::skip] | ||
// const R: BigInteger = BigInteger::new([ | ||
// 0x0000000000000000, 0x402da1732fc9bebf, 0x4551231950b75fc4, 0x0000000000000001, 0x0000000000000000, | ||
// ]); | ||
|
||
// /// R2 = R * R % MODULUS | ||
// #[rustfmt::skip] | ||
// const R2: BigInteger = BigInteger::new([ | ||
// 0x1e004f504dfd7f79, 0x08fcf59774a052ea, 0x27c4120fc94e1653, 0x3c1a6191e5702644, 0x0000000000000000, | ||
// ]); | ||
|
||
// /// INV = -MODULUS^{-1} mod 2^64 | ||
// const INV: u64 = 5408259542528602431; | ||
|
||
// /// A multiplicative generator of the field, in Montgomery form (g * R % modulus). | ||
// /// `Self::GENERATOR` is an element having multiplicative order | ||
// /// `Self::MODULUS - 1`. In other words, the generator is the lowest value such that | ||
// /// MultiplicativeOrder(generator, p) = p - 1 where p is the modulus. | ||
// #[rustfmt::skip] | ||
// const GENERATOR: BigInteger = BigInteger::new([ | ||
// 0x0000000000000000, 0xc13f6a264e843739, 0xe537f5b135039e5d, 0x0000000000000008, 0x0000000000000000, | ||
// ]); | ||
|
||
// #[rustfmt::skip] | ||
// const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger::new([ | ||
// 0xdfe92f46681b20a0, 0x5d576e7357a4501d, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0000000000000000, | ||
// ]); | ||
|
||
// #[rustfmt::skip] | ||
// const T: BigInteger = BigInteger::new([ | ||
// 0xeeff497a3340d905, 0xfaeabb739abd2280, 0xffffffffffffffff, 0x03ffffffffffffff, 0x0000000000000000, | ||
// ]); | ||
|
||
// #[rustfmt::skip] | ||
// const T_MINUS_ONE_DIV_TWO: BigInteger = BigInteger::new([ | ||
// 0x777fa4bd19a06c82, 0xfd755db9cd5e9140, 0xffffffffffffffff, 0x01ffffffffffffff, 0x0000000000000000, | ||
// ]); | ||
// } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
pub mod fq; | ||
pub mod fr; | ||
pub use self::fr::*; | ||
// pub use self::fq::*; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#![deny( | ||
warnings, | ||
unused, | ||
// future_incompatible, | ||
nonstandard_style, | ||
rust_2018_idioms | ||
)] | ||
#![allow(rustdoc::bare_urls)] | ||
#![forbid(unsafe_code)] | ||
|
||
pub mod curves; | ||
pub use curves::*; | ||
|
||
pub mod fields; | ||
pub use fields::*; | ||
|
||
// pub mod sec1; | ||
// pub use sec1::*; | ||
|
||
// pub mod test_vectors; | ||
mod tests; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,157 @@ | ||
#![allow(unused_imports)] | ||
use ark_ec::hashing::HashToCurve; | ||
use ark_ec::AffineRepr; | ||
use ark_ff::field_hashers::HashToField; | ||
use ark_ff::BigInt; | ||
// use crate::test_vectors; | ||
// use crate::sec1::Sec1EncodePoint; | ||
// use crate::fields::{Fr, Fq}; | ||
// use crate::curves::*; | ||
use ark_std::{io::BufReader, rand::Rng, string::String, test_rng, vec::Vec}; | ||
// use ark_algebra_test_templates::{ | ||
// fields::*, | ||
// curves::*, | ||
// msm::test_var_base_msm, | ||
// groups::group_test, | ||
// }; | ||
// use ark_ec::{AffineCurve, ProjectiveCurve}; | ||
use ark_ff::{ | ||
biginteger::BigInteger320, | ||
vec, | ||
BigInteger, | ||
PrimeField, | ||
// ToBytes, | ||
// FromBytes, | ||
ToConstraintField, | ||
}; | ||
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize}; | ||
use ark_std::string::ToString; | ||
use hex::ToHex; | ||
use sha2::Sha256; | ||
|
||
use crate::fixed_hasher::FixedFieldHasher; | ||
use crate::secp256k1; | ||
|
||
// #[test] | ||
// fn test_fr() { | ||
// let mut rng = test_rng(); | ||
// for _ in 0..5 { | ||
// let a: Fr = rng.gen(); | ||
|
||
// sqrt_field_test(a); | ||
// fft_field_test::<Fr>(); | ||
// primefield_test::<Fr>(); | ||
|
||
// let b: Fr = rng.gen(); | ||
// field_test::<Fr>(a, b); | ||
// } | ||
// } | ||
|
||
// #[test] | ||
// fn test_fq() { | ||
// let mut rng = test_rng(); | ||
// for _ in 0..5 { | ||
// let a: Fq = rng.gen(); | ||
|
||
// sqrt_field_test(a); | ||
// fft_field_test::<Fq>(); | ||
// primefield_test::<Fq>(); | ||
// let b: Fq = rng.gen(); | ||
// field_test::<Fq>(a, b); | ||
// } | ||
// } | ||
|
||
// #[test] | ||
// fn test_secp256k1_curve() { | ||
// let mut rng = ark_std::test_rng(); | ||
// let a: Projective = rng.gen(); | ||
// let b: Projective = rng.gen(); | ||
// group_test(a, b); | ||
|
||
// curve_tests::<Projective>(); | ||
|
||
// test_var_base_msm::<Affine>(); | ||
|
||
// // Fails in arkworks 0.3.0 but the next version should have a fix | ||
// sw_tests::<Secp256k1Parameters>(); | ||
|
||
// test_var_base_msm::<Affine>(); | ||
// } | ||
|
||
#[test] | ||
fn test_secp256k1_generator() { | ||
let generator = super::Affine::generator(); | ||
assert!(generator.is_on_curve()); | ||
assert!(generator.is_in_correct_subgroup_assuming_on_curve()); | ||
} | ||
|
||
#[test] | ||
fn test_h2c() { | ||
/* suite = secp256k1_XMD:SHA-256_SSWU_RO_ | ||
dst = QUUX-V01-CS02-with-secp256k1_XMD:SHA-256_SSWU_RO_ | ||
msg = | ||
P.x = c1cae290e291aee617ebaef1be6d73861479c48b841eaba9b7b5852ddfeb1346 | ||
C1CAE290E291AEE617EBAEF1BE6D73861479C48B841EABA9B7B5852DDFEB1346 | ||
P.y = 64fa678e07ae116126f08b022a94af6de15985c996c3a91b64c406a960e51067 | ||
64FA678E07AE116126F08B022A94AF6DE15985C996C3A91B64C406A960E51067 | ||
u[0] = 6b0f9910dd2ba71c78f2ee9f04d73b5f4c5f7fc773a701abea1e57 | ||
3cab002fb3 | ||
u[1] = 1ae6c212e08fe1a5937f6202f929a2cc8ef4ee5b9782db68b0d579 | ||
9fd8f09e16 | ||
Q0.x = 74519ef88b32b425a095e4ebcc84d81b64e9e2c2675340a720bb1a | ||
1857b99f1e | ||
Q0.y = c174fa322ab7c192e11748beed45b508e9fdb1ce046dee9c2cd3a2 | ||
a86b410936 | ||
Q1.x = 44548adb1b399263ded3510554d28b4bead34b8cf9a37b4bd0bd2b | ||
a4db87ae63 | ||
Q1.y = 96eb8e2faf05e368efe5957c6167001760233e6dd2487516b46ae7 | ||
25c4cce0c6 */ | ||
use std::str::FromStr; | ||
|
||
// assert_eq!( | ||
// ExpanderXmd::expand([]), | ||
// hex::decode("68a985b87eb6b46952128911f2a4412bbc302a9d759667f87f7a21d803f07235") | ||
// ); | ||
|
||
let dst = b"QUUX-V01-CS02-with-secp256k1_XMD:SHA-256_SSWU_RO_"; | ||
|
||
let defhasher: FixedFieldHasher<Sha256> = | ||
<FixedFieldHasher<Sha256> as HashToField<secp256k1::fq::Fq>>::new(dst); | ||
let u: [secp256k1::fq::Fq; 2] = defhasher.hash_to_field::<2>(&[]); | ||
println!("{}", u[0]); | ||
assert_eq!( | ||
u[0], | ||
secp256k1::fq::Fq::new( | ||
BigInt::from_str( | ||
"48425033926223359121679389614872723077618800904285921194876400224709273202611" | ||
) | ||
.unwrap() | ||
), | ||
); | ||
|
||
assert_eq!( | ||
ark_ec::hashing::map_to_curve_hasher::MapToCurveBasedHasher::< | ||
ark_ec::short_weierstrass::Projective<secp256k1::Config>, | ||
FixedFieldHasher<Sha256>, | ||
ark_ec::hashing::curve_maps::wb::WBMap<secp256k1::Config>, | ||
>::new(dst) | ||
.unwrap() | ||
.hash(&[]) | ||
.unwrap(), | ||
secp256k1::Affine::new( | ||
secp256k1::fq::Fq::new( | ||
BigInt::from_str( | ||
"87654846584422849836571930156466438379984710599888121545025567473301233275718" | ||
) | ||
.unwrap() | ||
), | ||
secp256k1::fq::Fq::new( | ||
BigInt::from_str( | ||
"45673711333516174500892987253036094404176536844955599116957274814081860440167" | ||
) | ||
.unwrap() | ||
), | ||
) | ||
); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters