From d1c37a47865f8ac3705524a269ac9a0d1e84406d Mon Sep 17 00:00:00 2001 From: Jacob Trombetta Date: Fri, 19 Jan 2024 13:26:24 -0500 Subject: [PATCH 1/3] copy curve_g1/operation to curve_bng1 --- sxt/curve_bng1/operation/BUILD | 68 +++++++++++++++++++++++ sxt/curve_bng1/operation/cmov.cc | 32 +++++++++++ sxt/curve_bng1/operation/cmov.h | 37 +++++++++++++ sxt/curve_bng1/operation/cmov.t.cc | 36 +++++++++++++ sxt/curve_bng1/operation/double.cc | 72 +++++++++++++++++++++++++ sxt/curve_bng1/operation/double.h | 35 ++++++++++++ sxt/curve_bng1/operation/double.t.cc | 72 +++++++++++++++++++++++++ sxt/curve_bng1/operation/mul_by_3b.cc | 37 +++++++++++++ sxt/curve_bng1/operation/mul_by_3b.h | 35 ++++++++++++ sxt/curve_bng1/operation/mul_by_3b.t.cc | 36 +++++++++++++ 10 files changed, 460 insertions(+) create mode 100644 sxt/curve_bng1/operation/BUILD create mode 100644 sxt/curve_bng1/operation/cmov.cc create mode 100644 sxt/curve_bng1/operation/cmov.h create mode 100644 sxt/curve_bng1/operation/cmov.t.cc create mode 100644 sxt/curve_bng1/operation/double.cc create mode 100644 sxt/curve_bng1/operation/double.h create mode 100644 sxt/curve_bng1/operation/double.t.cc create mode 100644 sxt/curve_bng1/operation/mul_by_3b.cc create mode 100644 sxt/curve_bng1/operation/mul_by_3b.h create mode 100644 sxt/curve_bng1/operation/mul_by_3b.t.cc diff --git a/sxt/curve_bng1/operation/BUILD b/sxt/curve_bng1/operation/BUILD new file mode 100644 index 000000000..7ce644d63 --- /dev/null +++ b/sxt/curve_bng1/operation/BUILD @@ -0,0 +1,68 @@ +load( + "//bazel:sxt_build_system.bzl", + "sxt_cc_component", +) + +sxt_cc_component( + name = "cmov", + impl_deps = [ + "//sxt/curve_g1/type:element_affine", + "//sxt/curve_g1/type:element_p2", + "//sxt/field12/operation:cmov", + ], + is_cuda = True, + test_deps = [ + "//sxt/base/test:unit_test", + "//sxt/curve_g1/constant:generator", + "//sxt/curve_g1/type:element_affine", + "//sxt/curve_g1/type:element_p2", + ], + deps = [ + "//sxt/base/macro:cuda_callable", + ], +) + +sxt_cc_component( + name = "double", + impl_deps = [ + ":cmov", + ":mul_by_3b", + "//sxt/curve_g1/property:identity", + "//sxt/curve_g1/type:element_p2", + "//sxt/field12/operation:add", + "//sxt/field12/operation:mul", + "//sxt/field12/operation:square", + "//sxt/field12/operation:sub", + "//sxt/field12/type:element", + ], + is_cuda = True, + test_deps = [ + "//sxt/base/test:unit_test", + "//sxt/curve_g1/constant:generator", + "//sxt/curve_g1/property:curve", + "//sxt/curve_g1/property:identity", + "//sxt/curve_g1/type:element_p2", + "//sxt/field12/constant:zero", + ], + deps = [ + "//sxt/base/macro:cuda_callable", + ], +) + +sxt_cc_component( + name = "mul_by_3b", + impl_deps = [ + "//sxt/field12/operation:add", + "//sxt/field12/type:element", + ], + is_cuda = True, + test_deps = [ + "//sxt/base/test:unit_test", + "//sxt/field12/constant:one", + "//sxt/field12/type:element", + "//sxt/field12/type:literal", + ], + deps = [ + "//sxt/base/macro:cuda_callable", + ], +) diff --git a/sxt/curve_bng1/operation/cmov.cc b/sxt/curve_bng1/operation/cmov.cc new file mode 100644 index 000000000..7ee246650 --- /dev/null +++ b/sxt/curve_bng1/operation/cmov.cc @@ -0,0 +1,32 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "sxt/curve_g1/operation/cmov.h" + +#include "sxt/curve_g1/type/element_p2.h" +#include "sxt/field12/operation/cmov.h" + +namespace sxt::cg1o { +//-------------------------------------------------------------------------------------------------- +// cmov +//-------------------------------------------------------------------------------------------------- +CUDA_CALLABLE +void cmov(cg1t::element_p2& f, const cg1t::element_p2& g, unsigned int b) noexcept { + f12o::cmov(f.X, g.X, b); + f12o::cmov(f.Y, g.Y, b); + f12o::cmov(f.Z, g.Z, b); +} +} // namespace sxt::cg1o diff --git a/sxt/curve_bng1/operation/cmov.h b/sxt/curve_bng1/operation/cmov.h new file mode 100644 index 000000000..08719134d --- /dev/null +++ b/sxt/curve_bng1/operation/cmov.h @@ -0,0 +1,37 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#pragma once + +#include "sxt/base/macro/cuda_callable.h" + +namespace sxt::cg1t { +struct element_p2; +} + +namespace sxt::cg1o { +//-------------------------------------------------------------------------------------------------- +// cmov +//-------------------------------------------------------------------------------------------------- +/* + Replace (f,g) with (g,g) if b == 1; + replace (f,g) with (f,g) if b == 0. + * + Preconditions: b in {0,1}. + */ +CUDA_CALLABLE +void cmov(cg1t::element_p2& f, const cg1t::element_p2& g, unsigned int b) noexcept; +} // namespace sxt::cg1o diff --git a/sxt/curve_bng1/operation/cmov.t.cc b/sxt/curve_bng1/operation/cmov.t.cc new file mode 100644 index 000000000..63f2a42ae --- /dev/null +++ b/sxt/curve_bng1/operation/cmov.t.cc @@ -0,0 +1,36 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "sxt/curve_g1/operation/cmov.h" + +#include "sxt/base/test/unit_test.h" +#include "sxt/curve_g1/constant/generator.h" +#include "sxt/curve_g1/type/element_affine.h" +#include "sxt/curve_g1/type/element_p2.h" + +using namespace sxt; +using namespace sxt::cg1o; + +TEST_CASE("cmov returns the expected projective coordinates") { + cg1t::element_p2 expect_generator{cg1cn::generator_p2_v}; + cg1t::element_p2 expect_identity{cg1t::element_p2::identity()}; + + cg1o::cmov(expect_generator, cg1t::element_p2::identity(), 0); + cg1o::cmov(expect_identity, cg1t::element_p2::identity(), 1); + + REQUIRE(expect_generator == cg1cn::generator_p2_v); + REQUIRE(expect_identity == cg1t::element_p2::identity()); +} diff --git a/sxt/curve_bng1/operation/double.cc b/sxt/curve_bng1/operation/double.cc new file mode 100644 index 000000000..810acd21c --- /dev/null +++ b/sxt/curve_bng1/operation/double.cc @@ -0,0 +1,72 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * Adopted from zkcrypto/bls12_381 + * + * Copyright (c) 2021 + * Sean Bowe + * Jack Grigg + * + * See third_party/license/zkcrypto.LICENSE + */ +#include "sxt/curve_g1/operation/double.h" + +#include "sxt/curve_g1/operation/cmov.h" +#include "sxt/curve_g1/operation/mul_by_3b.h" +#include "sxt/curve_g1/property/identity.h" +#include "sxt/curve_g1/type/element_p2.h" +#include "sxt/field12/operation/add.h" +#include "sxt/field12/operation/mul.h" +#include "sxt/field12/operation/square.h" +#include "sxt/field12/operation/sub.h" +#include "sxt/field12/type/element.h" + +namespace sxt::cg1o { +//-------------------------------------------------------------------------------------------------- +// double_element +//-------------------------------------------------------------------------------------------------- +CUDA_CALLABLE +void double_element(cg1t::element_p2& h, const cg1t::element_p2& p) noexcept { + f12t::element t0, t1, t2; + f12t::element x3, y3, z3; + + f12o::square(t0, p.Y); + f12o::add(z3, t0, t0); + f12o::add(z3, z3, z3); + f12o::add(z3, z3, z3); + f12o::mul(t1, p.Y, p.Z); + f12o::square(t2, p.Z); + mul_by_3b(t2, t2); + f12o::mul(x3, t2, z3); + f12o::add(y3, t0, t2); + f12o::mul(z3, t1, z3); + f12o::add(t1, t2, t2); + f12o::add(t2, t1, t2); + f12o::sub(t0, t0, t2); + f12o::mul(y3, t0, y3); + f12o::add(y3, x3, y3); + f12o::mul(t1, p.X, p.Y); + f12o::mul(x3, t0, t1); + f12o::add(x3, x3, x3); + + h.X = x3; + h.Y = y3; + h.Z = z3; + + cmov(h, cg1t::element_p2::identity(), cg1p::is_identity(p)); +} +} // namespace sxt::cg1o diff --git a/sxt/curve_bng1/operation/double.h b/sxt/curve_bng1/operation/double.h new file mode 100644 index 000000000..8d9c6cc6f --- /dev/null +++ b/sxt/curve_bng1/operation/double.h @@ -0,0 +1,35 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#pragma once + +#include "sxt/base/macro/cuda_callable.h" + +namespace sxt::cg1t { +struct element_p2; +} + +namespace sxt::cg1o { +//-------------------------------------------------------------------------------------------------- +// double_element +//-------------------------------------------------------------------------------------------------- +/* + Computes the doubling of element. + Algorithm 9, https://eprint.iacr.org/2015/1060.pdf + */ +CUDA_CALLABLE +void double_element(cg1t::element_p2& h, const cg1t::element_p2& p) noexcept; +} // namespace sxt::cg1o diff --git a/sxt/curve_bng1/operation/double.t.cc b/sxt/curve_bng1/operation/double.t.cc new file mode 100644 index 000000000..bda9efaca --- /dev/null +++ b/sxt/curve_bng1/operation/double.t.cc @@ -0,0 +1,72 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "sxt/curve_g1/operation/double.h" + +#include "sxt/base/test/unit_test.h" +#include "sxt/curve_g1/constant/generator.h" +#include "sxt/curve_g1/property/curve.h" +#include "sxt/curve_g1/property/identity.h" +#include "sxt/curve_g1/type/element_p2.h" +#include "sxt/field12/constant/zero.h" + +using namespace sxt; +using namespace sxt::cg1o; + +TEST_CASE("doubling a projective element") { + SECTION("preserves the identity") { + cg1t::element_p2 identity_double; + + double_element(identity_double, cg1t::element_p2::identity()); + + REQUIRE(cg1p::is_identity(identity_double)); + REQUIRE(cg1p::is_on_curve(identity_double)); + } + + SECTION("preserves the generator") { + cg1t::element_p2 generator_double; + + double_element(generator_double, cg1cn::generator_p2_v); + + REQUIRE(!cg1p::is_identity(generator_double)); + REQUIRE(cg1p::is_on_curve(generator_double)); + } + + SECTION("produces double the generator") { + constexpr cg1t::element_p2 expected{ + {0xea99aa7b7fd2610f, 0x2d8f4ecb16a2c805, 0x6f5685b7bc2cce0c, 0xa00450614064a604, + 0x212102802cecd57b, 0x28576e1a7289e84}, + {0x111405902b1882bf, 0xa8cd3dd3a683ef06, 0x13639d9f8c73cebe, 0x3ac292fd4559e0f7, + 0x628c04a2e7fb8e20, 0x15c2f5f94df1f750}, + {0xfc9ac7edde06dbee, 0xfdc16d121f0f95e2, 0xa06d9a77977a906d, 0xef28f3348e385c64, + 0x8e0d17d2ffa3c835, 0x1700fc91a24772ec}}; + cg1t::element_p2 generator_double; + + double_element(generator_double, cg1cn::generator_p2_v); + + REQUIRE(expected == generator_double); + } + + SECTION("produces the identity when Z is the zero element") { + constexpr cg1t::element_p2 p{cg1cn::generator_p2_v.X, cg1cn::generator_p2_v.Y, f12cn::zero_v}; + cg1t::element_p2 expect_identity; + + double_element(expect_identity, p); + + REQUIRE(cg1p::is_on_curve(p)); + REQUIRE(expect_identity == cg1t::element_p2::identity()); + } +} diff --git a/sxt/curve_bng1/operation/mul_by_3b.cc b/sxt/curve_bng1/operation/mul_by_3b.cc new file mode 100644 index 000000000..05e6502dc --- /dev/null +++ b/sxt/curve_bng1/operation/mul_by_3b.cc @@ -0,0 +1,37 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "sxt/curve_g1/operation/mul_by_3b.h" + +#include "sxt/field12/operation/add.h" +#include "sxt/field12/type/element.h" + +namespace sxt::cg1o { +//-------------------------------------------------------------------------------------------------- +// mul_by_3b +//-------------------------------------------------------------------------------------------------- +CUDA_CALLABLE +void mul_by_3b(f12t::element& h, const f12t::element& p) noexcept { + f12t::element p2; + f12t::element p4; + f12t::element p8; + + f12o::add(p2, p, p); + f12o::add(p4, p2, p2); + f12o::add(p8, p4, p4); + f12o::add(h, p8, p4); +} +} // namespace sxt::cg1o diff --git a/sxt/curve_bng1/operation/mul_by_3b.h b/sxt/curve_bng1/operation/mul_by_3b.h new file mode 100644 index 000000000..d3a63ce2e --- /dev/null +++ b/sxt/curve_bng1/operation/mul_by_3b.h @@ -0,0 +1,35 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#pragma once + +#include "sxt/base/macro/cuda_callable.h" + +namespace sxt::f12t { +class element; +} + +namespace sxt::cg1o { +//-------------------------------------------------------------------------------------------------- +// mul_by_3b +//-------------------------------------------------------------------------------------------------- +/* + For the bls12-381 curve, since b = 4, 3b = 12. + See Algorithm 9 for details, https://eprint.iacr.org/2015/1060.pdf + */ +CUDA_CALLABLE +void mul_by_3b(f12t::element& h, const f12t::element& p) noexcept; +} // namespace sxt::cg1o diff --git a/sxt/curve_bng1/operation/mul_by_3b.t.cc b/sxt/curve_bng1/operation/mul_by_3b.t.cc new file mode 100644 index 000000000..6781632d6 --- /dev/null +++ b/sxt/curve_bng1/operation/mul_by_3b.t.cc @@ -0,0 +1,36 @@ +/** Proofs GPU - Space and Time's cryptographic proof algorithms on the CPU and GPU. + * + * Copyright 2023-present Space and Time Labs, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "sxt/curve_g1/operation/mul_by_3b.h" + +#include "sxt/base/test/unit_test.h" +#include "sxt/field12/constant/one.h" +#include "sxt/field12/type/element.h" +#include "sxt/field12/type/literal.h" + +using namespace sxt; +using namespace sxt::cg1o; +using namespace sxt::f12t; + +TEST_CASE("multiply by 3b") { + SECTION("returns twelve if one in Montogomery form is the input") { + f12t::element ret; + + mul_by_3b(ret, f12cn::one_v); + + REQUIRE(0xc_f12 == ret); + } +} From 2ba137afb12f54564cccd579de79c8efe53ccd4e Mon Sep 17 00:00:00 2001 From: Jacob Trombetta Date: Fri, 19 Jan 2024 13:33:41 -0500 Subject: [PATCH 2/3] update namespace, includes, and comments --- sxt/curve_bng1/operation/BUILD | 46 ++++++++++++------------- sxt/curve_bng1/operation/cmov.cc | 10 +++--- sxt/curve_bng1/operation/cmov.h | 14 ++++---- sxt/curve_bng1/operation/cmov.t.cc | 10 +++--- sxt/curve_bng1/operation/double.cc | 26 +++++++------- sxt/curve_bng1/operation/double.h | 12 +++---- sxt/curve_bng1/operation/double.t.cc | 14 ++++---- sxt/curve_bng1/operation/mul_by_3b.cc | 10 +++--- sxt/curve_bng1/operation/mul_by_3b.h | 12 +++---- sxt/curve_bng1/operation/mul_by_3b.t.cc | 12 +++---- 10 files changed, 83 insertions(+), 83 deletions(-) diff --git a/sxt/curve_bng1/operation/BUILD b/sxt/curve_bng1/operation/BUILD index 7ce644d63..170f71cce 100644 --- a/sxt/curve_bng1/operation/BUILD +++ b/sxt/curve_bng1/operation/BUILD @@ -6,16 +6,16 @@ load( sxt_cc_component( name = "cmov", impl_deps = [ - "//sxt/curve_g1/type:element_affine", - "//sxt/curve_g1/type:element_p2", - "//sxt/field12/operation:cmov", + "//sxt/curve_bng1/type:element_affine", + "//sxt/curve_bng1/type:element_p2", + "//sxt/field25/operation:cmov", ], is_cuda = True, test_deps = [ "//sxt/base/test:unit_test", - "//sxt/curve_g1/constant:generator", - "//sxt/curve_g1/type:element_affine", - "//sxt/curve_g1/type:element_p2", + "//sxt/curve_bng1/constant:generator", + "//sxt/curve_bng1/type:element_affine", + "//sxt/curve_bng1/type:element_p2", ], deps = [ "//sxt/base/macro:cuda_callable", @@ -27,22 +27,22 @@ sxt_cc_component( impl_deps = [ ":cmov", ":mul_by_3b", - "//sxt/curve_g1/property:identity", - "//sxt/curve_g1/type:element_p2", - "//sxt/field12/operation:add", - "//sxt/field12/operation:mul", - "//sxt/field12/operation:square", - "//sxt/field12/operation:sub", - "//sxt/field12/type:element", + "//sxt/curve_bng1/property:identity", + "//sxt/curve_bng1/type:element_p2", + "//sxt/field25/operation:add", + "//sxt/field25/operation:mul", + "//sxt/field25/operation:square", + "//sxt/field25/operation:sub", + "//sxt/field25/type:element", ], is_cuda = True, test_deps = [ "//sxt/base/test:unit_test", - "//sxt/curve_g1/constant:generator", - "//sxt/curve_g1/property:curve", - "//sxt/curve_g1/property:identity", - "//sxt/curve_g1/type:element_p2", - "//sxt/field12/constant:zero", + "//sxt/curve_bng1/constant:generator", + "//sxt/curve_bng1/property:curve", + "//sxt/curve_bng1/property:identity", + "//sxt/curve_bng1/type:element_p2", + "//sxt/field25/constant:zero", ], deps = [ "//sxt/base/macro:cuda_callable", @@ -52,15 +52,15 @@ sxt_cc_component( sxt_cc_component( name = "mul_by_3b", impl_deps = [ - "//sxt/field12/operation:add", - "//sxt/field12/type:element", + "//sxt/field25/operation:add", + "//sxt/field25/type:element", ], is_cuda = True, test_deps = [ "//sxt/base/test:unit_test", - "//sxt/field12/constant:one", - "//sxt/field12/type:element", - "//sxt/field12/type:literal", + "//sxt/field25/constant:one", + "//sxt/field25/type:element", + "//sxt/field25/type:literal", ], deps = [ "//sxt/base/macro:cuda_callable", diff --git a/sxt/curve_bng1/operation/cmov.cc b/sxt/curve_bng1/operation/cmov.cc index 7ee246650..88ab5dabe 100644 --- a/sxt/curve_bng1/operation/cmov.cc +++ b/sxt/curve_bng1/operation/cmov.cc @@ -14,12 +14,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "sxt/curve_g1/operation/cmov.h" +#include "sxt/curve_bng1/operation/cmov.h" -#include "sxt/curve_g1/type/element_p2.h" -#include "sxt/field12/operation/cmov.h" +#include "sxt/curve_bng1/type/element_p2.h" +#include "sxt/field25/operation/cmov.h" -namespace sxt::cg1o { +namespace sxt::cn1o { //-------------------------------------------------------------------------------------------------- // cmov //-------------------------------------------------------------------------------------------------- @@ -29,4 +29,4 @@ void cmov(cg1t::element_p2& f, const cg1t::element_p2& g, unsigned int b) noexce f12o::cmov(f.Y, g.Y, b); f12o::cmov(f.Z, g.Z, b); } -} // namespace sxt::cg1o +} // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/cmov.h b/sxt/curve_bng1/operation/cmov.h index 08719134d..70e87766c 100644 --- a/sxt/curve_bng1/operation/cmov.h +++ b/sxt/curve_bng1/operation/cmov.h @@ -18,20 +18,20 @@ #include "sxt/base/macro/cuda_callable.h" -namespace sxt::cg1t { +namespace sxt::cn1t { struct element_p2; } -namespace sxt::cg1o { +namespace sxt::cn1o { //-------------------------------------------------------------------------------------------------- // cmov //-------------------------------------------------------------------------------------------------- -/* - Replace (f,g) with (g,g) if b == 1; - replace (f,g) with (f,g) if b == 0. +/** + * Replace (f,g) with (g,g) if b == 1; + * replace (f,g) with (f,g) if b == 0. * - Preconditions: b in {0,1}. + * Preconditions: b in {0,1}. */ CUDA_CALLABLE void cmov(cg1t::element_p2& f, const cg1t::element_p2& g, unsigned int b) noexcept; -} // namespace sxt::cg1o +} // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/cmov.t.cc b/sxt/curve_bng1/operation/cmov.t.cc index 63f2a42ae..b79d44916 100644 --- a/sxt/curve_bng1/operation/cmov.t.cc +++ b/sxt/curve_bng1/operation/cmov.t.cc @@ -14,15 +14,15 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "sxt/curve_g1/operation/cmov.h" +#include "sxt/curve_bng1/operation/cmov.h" #include "sxt/base/test/unit_test.h" -#include "sxt/curve_g1/constant/generator.h" -#include "sxt/curve_g1/type/element_affine.h" -#include "sxt/curve_g1/type/element_p2.h" +#include "sxt/curve_bng1/constant/generator.h" +#include "sxt/curve_bng1/type/element_affine.h" +#include "sxt/curve_bng1/type/element_p2.h" using namespace sxt; -using namespace sxt::cg1o; +using namespace sxt::cn1o; TEST_CASE("cmov returns the expected projective coordinates") { cg1t::element_p2 expect_generator{cg1cn::generator_p2_v}; diff --git a/sxt/curve_bng1/operation/double.cc b/sxt/curve_bng1/operation/double.cc index 810acd21c..6442e5944 100644 --- a/sxt/curve_bng1/operation/double.cc +++ b/sxt/curve_bng1/operation/double.cc @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -/* +/** * Adopted from zkcrypto/bls12_381 * * Copyright (c) 2021 @@ -23,19 +23,19 @@ * * See third_party/license/zkcrypto.LICENSE */ -#include "sxt/curve_g1/operation/double.h" +#include "sxt/curve_bng1/operation/double.h" -#include "sxt/curve_g1/operation/cmov.h" -#include "sxt/curve_g1/operation/mul_by_3b.h" -#include "sxt/curve_g1/property/identity.h" -#include "sxt/curve_g1/type/element_p2.h" -#include "sxt/field12/operation/add.h" -#include "sxt/field12/operation/mul.h" -#include "sxt/field12/operation/square.h" -#include "sxt/field12/operation/sub.h" -#include "sxt/field12/type/element.h" +#include "sxt/curve_bng1/operation/cmov.h" +#include "sxt/curve_bng1/operation/mul_by_3b.h" +#include "sxt/curve_bng1/property/identity.h" +#include "sxt/curve_bng1/type/element_p2.h" +#include "sxt/field25/operation/add.h" +#include "sxt/field25/operation/mul.h" +#include "sxt/field25/operation/square.h" +#include "sxt/field25/operation/sub.h" +#include "sxt/field25/type/element.h" -namespace sxt::cg1o { +namespace sxt::cn1o { //-------------------------------------------------------------------------------------------------- // double_element //-------------------------------------------------------------------------------------------------- @@ -69,4 +69,4 @@ void double_element(cg1t::element_p2& h, const cg1t::element_p2& p) noexcept { cmov(h, cg1t::element_p2::identity(), cg1p::is_identity(p)); } -} // namespace sxt::cg1o +} // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/double.h b/sxt/curve_bng1/operation/double.h index 8d9c6cc6f..f675a7d8e 100644 --- a/sxt/curve_bng1/operation/double.h +++ b/sxt/curve_bng1/operation/double.h @@ -18,18 +18,18 @@ #include "sxt/base/macro/cuda_callable.h" -namespace sxt::cg1t { +namespace sxt::cn1t { struct element_p2; } -namespace sxt::cg1o { +namespace sxt::cn1o { //-------------------------------------------------------------------------------------------------- // double_element //-------------------------------------------------------------------------------------------------- -/* - Computes the doubling of element. - Algorithm 9, https://eprint.iacr.org/2015/1060.pdf +/** + * Computes the doubling of element. + * Algorithm 9, https://eprint.iacr.org/2015/1060.pdf */ CUDA_CALLABLE void double_element(cg1t::element_p2& h, const cg1t::element_p2& p) noexcept; -} // namespace sxt::cg1o +} // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/double.t.cc b/sxt/curve_bng1/operation/double.t.cc index bda9efaca..f723bf832 100644 --- a/sxt/curve_bng1/operation/double.t.cc +++ b/sxt/curve_bng1/operation/double.t.cc @@ -14,17 +14,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "sxt/curve_g1/operation/double.h" +#include "sxt/curve_bng1/operation/double.h" #include "sxt/base/test/unit_test.h" -#include "sxt/curve_g1/constant/generator.h" -#include "sxt/curve_g1/property/curve.h" -#include "sxt/curve_g1/property/identity.h" -#include "sxt/curve_g1/type/element_p2.h" -#include "sxt/field12/constant/zero.h" +#include "sxt/curve_bng1/constant/generator.h" +#include "sxt/curve_bng1/property/curve.h" +#include "sxt/curve_bng1/property/identity.h" +#include "sxt/curve_bng1/type/element_p2.h" +#include "sxt/field25/constant/zero.h" using namespace sxt; -using namespace sxt::cg1o; +using namespace sxt::cn1o; TEST_CASE("doubling a projective element") { SECTION("preserves the identity") { diff --git a/sxt/curve_bng1/operation/mul_by_3b.cc b/sxt/curve_bng1/operation/mul_by_3b.cc index 05e6502dc..6f49cd2f8 100644 --- a/sxt/curve_bng1/operation/mul_by_3b.cc +++ b/sxt/curve_bng1/operation/mul_by_3b.cc @@ -14,12 +14,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "sxt/curve_g1/operation/mul_by_3b.h" +#include "sxt/curve_bng1/operation/mul_by_3b.h" -#include "sxt/field12/operation/add.h" -#include "sxt/field12/type/element.h" +#include "sxt/field25/operation/add.h" +#include "sxt/field25/type/element.h" -namespace sxt::cg1o { +namespace sxt::cn1o { //-------------------------------------------------------------------------------------------------- // mul_by_3b //-------------------------------------------------------------------------------------------------- @@ -34,4 +34,4 @@ void mul_by_3b(f12t::element& h, const f12t::element& p) noexcept { f12o::add(p8, p4, p4); f12o::add(h, p8, p4); } -} // namespace sxt::cg1o +} // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/mul_by_3b.h b/sxt/curve_bng1/operation/mul_by_3b.h index d3a63ce2e..4ed3de805 100644 --- a/sxt/curve_bng1/operation/mul_by_3b.h +++ b/sxt/curve_bng1/operation/mul_by_3b.h @@ -18,18 +18,18 @@ #include "sxt/base/macro/cuda_callable.h" -namespace sxt::f12t { +namespace sxt::f25t { class element; } -namespace sxt::cg1o { +namespace sxt::cn1o { //-------------------------------------------------------------------------------------------------- // mul_by_3b //-------------------------------------------------------------------------------------------------- -/* - For the bls12-381 curve, since b = 4, 3b = 12. - See Algorithm 9 for details, https://eprint.iacr.org/2015/1060.pdf +/** + * For the bls12-381 curve, since b = 4, 3b = 12. + * See Algorithm 9 for details, https://eprint.iacr.org/2015/1060.pdf */ CUDA_CALLABLE void mul_by_3b(f12t::element& h, const f12t::element& p) noexcept; -} // namespace sxt::cg1o +} // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/mul_by_3b.t.cc b/sxt/curve_bng1/operation/mul_by_3b.t.cc index 6781632d6..f47e8bb90 100644 --- a/sxt/curve_bng1/operation/mul_by_3b.t.cc +++ b/sxt/curve_bng1/operation/mul_by_3b.t.cc @@ -14,16 +14,16 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "sxt/curve_g1/operation/mul_by_3b.h" +#include "sxt/curve_bng1/operation/mul_by_3b.h" #include "sxt/base/test/unit_test.h" -#include "sxt/field12/constant/one.h" -#include "sxt/field12/type/element.h" -#include "sxt/field12/type/literal.h" +#include "sxt/field25/constant/one.h" +#include "sxt/field25/type/element.h" +#include "sxt/field25/type/literal.h" using namespace sxt; -using namespace sxt::cg1o; -using namespace sxt::f12t; +using namespace sxt::cn1o; +using namespace sxt::f25t; TEST_CASE("multiply by 3b") { SECTION("returns twelve if one in Montogomery form is the input") { From 3d17fead4ffb9ca02e56cafb5442df853aff3210 Mon Sep 17 00:00:00 2001 From: Jacob Trombetta Date: Fri, 19 Jan 2024 13:40:45 -0500 Subject: [PATCH 3/3] update operations to support bn254 g1 elements --- sxt/curve_bng1/operation/cmov.cc | 8 ++--- sxt/curve_bng1/operation/cmov.h | 2 +- sxt/curve_bng1/operation/cmov.t.cc | 12 +++---- sxt/curve_bng1/operation/double.cc | 42 ++++++++++++------------- sxt/curve_bng1/operation/double.h | 2 +- sxt/curve_bng1/operation/double.t.cc | 39 +++++++++++------------ sxt/curve_bng1/operation/mul_by_3b.cc | 16 +++++----- sxt/curve_bng1/operation/mul_by_3b.h | 4 +-- sxt/curve_bng1/operation/mul_by_3b.t.cc | 8 ++--- 9 files changed, 65 insertions(+), 68 deletions(-) diff --git a/sxt/curve_bng1/operation/cmov.cc b/sxt/curve_bng1/operation/cmov.cc index 88ab5dabe..1bf7cfe67 100644 --- a/sxt/curve_bng1/operation/cmov.cc +++ b/sxt/curve_bng1/operation/cmov.cc @@ -24,9 +24,9 @@ namespace sxt::cn1o { // cmov //-------------------------------------------------------------------------------------------------- CUDA_CALLABLE -void cmov(cg1t::element_p2& f, const cg1t::element_p2& g, unsigned int b) noexcept { - f12o::cmov(f.X, g.X, b); - f12o::cmov(f.Y, g.Y, b); - f12o::cmov(f.Z, g.Z, b); +void cmov(cn1t::element_p2& f, const cn1t::element_p2& g, unsigned int b) noexcept { + f25o::cmov(f.X, g.X, b); + f25o::cmov(f.Y, g.Y, b); + f25o::cmov(f.Z, g.Z, b); } } // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/cmov.h b/sxt/curve_bng1/operation/cmov.h index 70e87766c..e4cde067a 100644 --- a/sxt/curve_bng1/operation/cmov.h +++ b/sxt/curve_bng1/operation/cmov.h @@ -33,5 +33,5 @@ namespace sxt::cn1o { * Preconditions: b in {0,1}. */ CUDA_CALLABLE -void cmov(cg1t::element_p2& f, const cg1t::element_p2& g, unsigned int b) noexcept; +void cmov(cn1t::element_p2& f, const cn1t::element_p2& g, unsigned int b) noexcept; } // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/cmov.t.cc b/sxt/curve_bng1/operation/cmov.t.cc index b79d44916..7eb0494f7 100644 --- a/sxt/curve_bng1/operation/cmov.t.cc +++ b/sxt/curve_bng1/operation/cmov.t.cc @@ -25,12 +25,12 @@ using namespace sxt; using namespace sxt::cn1o; TEST_CASE("cmov returns the expected projective coordinates") { - cg1t::element_p2 expect_generator{cg1cn::generator_p2_v}; - cg1t::element_p2 expect_identity{cg1t::element_p2::identity()}; + cn1t::element_p2 expect_generator{cn1cn::generator_p2_v}; + cn1t::element_p2 expect_identity{cn1t::element_p2::identity()}; - cg1o::cmov(expect_generator, cg1t::element_p2::identity(), 0); - cg1o::cmov(expect_identity, cg1t::element_p2::identity(), 1); + cn1o::cmov(expect_generator, cn1t::element_p2::identity(), 0); + cn1o::cmov(expect_identity, cn1t::element_p2::identity(), 1); - REQUIRE(expect_generator == cg1cn::generator_p2_v); - REQUIRE(expect_identity == cg1t::element_p2::identity()); + REQUIRE(expect_generator == cn1cn::generator_p2_v); + REQUIRE(expect_identity == cn1t::element_p2::identity()); } diff --git a/sxt/curve_bng1/operation/double.cc b/sxt/curve_bng1/operation/double.cc index 6442e5944..31aa36a4f 100644 --- a/sxt/curve_bng1/operation/double.cc +++ b/sxt/curve_bng1/operation/double.cc @@ -40,33 +40,33 @@ namespace sxt::cn1o { // double_element //-------------------------------------------------------------------------------------------------- CUDA_CALLABLE -void double_element(cg1t::element_p2& h, const cg1t::element_p2& p) noexcept { - f12t::element t0, t1, t2; - f12t::element x3, y3, z3; +void double_element(cn1t::element_p2& h, const cn1t::element_p2& p) noexcept { + f25t::element t0, t1, t2; + f25t::element x3, y3, z3; - f12o::square(t0, p.Y); - f12o::add(z3, t0, t0); - f12o::add(z3, z3, z3); - f12o::add(z3, z3, z3); - f12o::mul(t1, p.Y, p.Z); - f12o::square(t2, p.Z); + f25o::square(t0, p.Y); + f25o::add(z3, t0, t0); + f25o::add(z3, z3, z3); + f25o::add(z3, z3, z3); + f25o::mul(t1, p.Y, p.Z); + f25o::square(t2, p.Z); mul_by_3b(t2, t2); - f12o::mul(x3, t2, z3); - f12o::add(y3, t0, t2); - f12o::mul(z3, t1, z3); - f12o::add(t1, t2, t2); - f12o::add(t2, t1, t2); - f12o::sub(t0, t0, t2); - f12o::mul(y3, t0, y3); - f12o::add(y3, x3, y3); - f12o::mul(t1, p.X, p.Y); - f12o::mul(x3, t0, t1); - f12o::add(x3, x3, x3); + f25o::mul(x3, t2, z3); + f25o::add(y3, t0, t2); + f25o::mul(z3, t1, z3); + f25o::add(t1, t2, t2); + f25o::add(t2, t1, t2); + f25o::sub(t0, t0, t2); + f25o::mul(y3, t0, y3); + f25o::add(y3, x3, y3); + f25o::mul(t1, p.X, p.Y); + f25o::mul(x3, t0, t1); + f25o::add(x3, x3, x3); h.X = x3; h.Y = y3; h.Z = z3; - cmov(h, cg1t::element_p2::identity(), cg1p::is_identity(p)); + cmov(h, cn1t::element_p2::identity(), cn1p::is_identity(p)); } } // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/double.h b/sxt/curve_bng1/operation/double.h index f675a7d8e..61ae41b7e 100644 --- a/sxt/curve_bng1/operation/double.h +++ b/sxt/curve_bng1/operation/double.h @@ -31,5 +31,5 @@ namespace sxt::cn1o { * Algorithm 9, https://eprint.iacr.org/2015/1060.pdf */ CUDA_CALLABLE -void double_element(cg1t::element_p2& h, const cg1t::element_p2& p) noexcept; +void double_element(cn1t::element_p2& h, const cn1t::element_p2& p) noexcept; } // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/double.t.cc b/sxt/curve_bng1/operation/double.t.cc index f723bf832..874d21b24 100644 --- a/sxt/curve_bng1/operation/double.t.cc +++ b/sxt/curve_bng1/operation/double.t.cc @@ -28,45 +28,42 @@ using namespace sxt::cn1o; TEST_CASE("doubling a projective element") { SECTION("preserves the identity") { - cg1t::element_p2 identity_double; + cn1t::element_p2 identity_double; - double_element(identity_double, cg1t::element_p2::identity()); + double_element(identity_double, cn1t::element_p2::identity()); - REQUIRE(cg1p::is_identity(identity_double)); - REQUIRE(cg1p::is_on_curve(identity_double)); + REQUIRE(cn1p::is_identity(identity_double)); + REQUIRE(cn1p::is_on_curve(identity_double)); } SECTION("preserves the generator") { - cg1t::element_p2 generator_double; + cn1t::element_p2 generator_double; - double_element(generator_double, cg1cn::generator_p2_v); + double_element(generator_double, cn1cn::generator_p2_v); - REQUIRE(!cg1p::is_identity(generator_double)); - REQUIRE(cg1p::is_on_curve(generator_double)); + REQUIRE(!cn1p::is_identity(generator_double)); + REQUIRE(cn1p::is_on_curve(generator_double)); } SECTION("produces double the generator") { - constexpr cg1t::element_p2 expected{ - {0xea99aa7b7fd2610f, 0x2d8f4ecb16a2c805, 0x6f5685b7bc2cce0c, 0xa00450614064a604, - 0x212102802cecd57b, 0x28576e1a7289e84}, - {0x111405902b1882bf, 0xa8cd3dd3a683ef06, 0x13639d9f8c73cebe, 0x3ac292fd4559e0f7, - 0x628c04a2e7fb8e20, 0x15c2f5f94df1f750}, - {0xfc9ac7edde06dbee, 0xfdc16d121f0f95e2, 0xa06d9a77977a906d, 0xef28f3348e385c64, - 0x8e0d17d2ffa3c835, 0x1700fc91a24772ec}}; - cg1t::element_p2 generator_double; + constexpr cn1t::element_p2 expected{ + {0xe10460b6c3e7ea38, 0xbc0b548b438e5469, 0xc2822db40c0ac2ec, 0x13227397098d014d}, + {0x3c208c16d87cfd47, 0x97816a916871ca8d, 0xb85045b68181585d, 0x04644e72e131a029}, + {0xd35d438dc58f0d9d, 0x0a78eb28f5c70b3d, 0x666ea36f7879462c, 0xe0a77c19a07df2f}}; + cn1t::element_p2 generator_double; - double_element(generator_double, cg1cn::generator_p2_v); + double_element(generator_double, cn1cn::generator_p2_v); REQUIRE(expected == generator_double); } SECTION("produces the identity when Z is the zero element") { - constexpr cg1t::element_p2 p{cg1cn::generator_p2_v.X, cg1cn::generator_p2_v.Y, f12cn::zero_v}; - cg1t::element_p2 expect_identity; + constexpr cn1t::element_p2 p{cn1cn::generator_p2_v.X, cn1cn::generator_p2_v.Y, f25cn::zero_v}; + cn1t::element_p2 expect_identity; double_element(expect_identity, p); - REQUIRE(cg1p::is_on_curve(p)); - REQUIRE(expect_identity == cg1t::element_p2::identity()); + REQUIRE(cn1p::is_on_curve(p)); + REQUIRE(expect_identity == cn1t::element_p2::identity()); } } diff --git a/sxt/curve_bng1/operation/mul_by_3b.cc b/sxt/curve_bng1/operation/mul_by_3b.cc index 6f49cd2f8..f0a277a64 100644 --- a/sxt/curve_bng1/operation/mul_by_3b.cc +++ b/sxt/curve_bng1/operation/mul_by_3b.cc @@ -24,14 +24,14 @@ namespace sxt::cn1o { // mul_by_3b //-------------------------------------------------------------------------------------------------- CUDA_CALLABLE -void mul_by_3b(f12t::element& h, const f12t::element& p) noexcept { - f12t::element p2; - f12t::element p4; - f12t::element p8; +void mul_by_3b(f25t::element& h, const f25t::element& p) noexcept { + f25t::element p2; + f25t::element p4; + f25t::element p8; - f12o::add(p2, p, p); - f12o::add(p4, p2, p2); - f12o::add(p8, p4, p4); - f12o::add(h, p8, p4); + f25o::add(p2, p, p); + f25o::add(p4, p2, p2); + f25o::add(p8, p4, p4); + f25o::add(h, p8, p); } } // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/mul_by_3b.h b/sxt/curve_bng1/operation/mul_by_3b.h index 4ed3de805..895fdbeaa 100644 --- a/sxt/curve_bng1/operation/mul_by_3b.h +++ b/sxt/curve_bng1/operation/mul_by_3b.h @@ -27,9 +27,9 @@ namespace sxt::cn1o { // mul_by_3b //-------------------------------------------------------------------------------------------------- /** - * For the bls12-381 curve, since b = 4, 3b = 12. + * For the bn254 curve, since b = 3, 3b = 9. * See Algorithm 9 for details, https://eprint.iacr.org/2015/1060.pdf */ CUDA_CALLABLE -void mul_by_3b(f12t::element& h, const f12t::element& p) noexcept; +void mul_by_3b(f25t::element& h, const f25t::element& p) noexcept; } // namespace sxt::cn1o diff --git a/sxt/curve_bng1/operation/mul_by_3b.t.cc b/sxt/curve_bng1/operation/mul_by_3b.t.cc index f47e8bb90..a04243819 100644 --- a/sxt/curve_bng1/operation/mul_by_3b.t.cc +++ b/sxt/curve_bng1/operation/mul_by_3b.t.cc @@ -26,11 +26,11 @@ using namespace sxt::cn1o; using namespace sxt::f25t; TEST_CASE("multiply by 3b") { - SECTION("returns twelve if one in Montogomery form is the input") { - f12t::element ret; + SECTION("returns nine if one in Montgomery form is the input") { + f25t::element ret; - mul_by_3b(ret, f12cn::one_v); + mul_by_3b(ret, f25cn::one_v); - REQUIRE(0xc_f12 == ret); + REQUIRE(0x9_f25 == ret); } }