chore: fix comment format in the bls12-381 packages (PROOF-784)

sxt/cbindings/backend/cpu_backend.h

@@ -22,35 +22,6 @@
 #include "sxt/base/container/span.h"
 #include "sxt/cbindings/backend/computational_backend.h"
 
-namespace sxt::mtxb {
-struct exponent_sequence;
-}
-
-namespace sxt::rstt {
-class compressed_element;
-}
-
-namespace sxt::c21t {
-struct element_p3;
-}
-
-namespace sxt::cg1t {
-class compressed_element;
-struct element_p3;
-} // namespace sxt::cg1t
-
-namespace sxt::s25t {
-class element;
-}
-
-namespace sxt::prft {
-class transcript;
-}
-
-namespace sxt::prfip {
-struct proof_descriptor;
-}
-
 namespace sxt::cbnbck {
 
 //--------------------------------------------------------------------------------------------------

sxt/cbindings/backend/gpu_backend.h

@@ -22,35 +22,6 @@
 #include "sxt/base/container/span.h"
 #include "sxt/cbindings/backend/computational_backend.h"
 
-namespace sxt::mtxb {
-struct exponent_sequence;
-}
-
-namespace sxt::rstt {
-class compressed_element;
-}
-
-namespace sxt::c21t {
-struct element_p3;
-}
-
-namespace sxt::cg1t {
-class compressed_element;
-struct element_p3;
-} // namespace sxt::cg1t
-
-namespace sxt::s25t {
-class element;
-}
-
-namespace sxt::prft {
-class transcript;
-}
-
-namespace sxt::prfip {
-struct proof_descriptor;
-}
-
 namespace sxt::cbnbck {
 
 //--------------------------------------------------------------------------------------------------

sxt/curve_g1/constant/b.h

@@ -22,9 +22,9 @@ namespace sxt::cg1cn {
 //--------------------------------------------------------------------------------------------------
 // b_v
 //--------------------------------------------------------------------------------------------------
-/*
- b_v is 4 in Montgomery form.
- Used in the bls12-381 curve equation: y^2 = x^3 + 4
+/**
+ * b_v is 4 in Montgomery form.
+ * Used in the bls12-381 curve equation: y^2 = x^3 + 4
  */
 static constexpr f12t::element b_v{0xaa270000000cfff3, 0x53cc0032fc34000a, 0x478fe97a6b0a807f,
                                    0xb1d37ebee6ba24d7, 0x8ec9733bbf78ab2f, 0x09d645513d83de7e};

sxt/curve_g1/constant/beta.h

@@ -22,8 +22,8 @@ namespace sxt::cg1cn {
 //--------------------------------------------------------------------------------------------------
 // beta_v
 //--------------------------------------------------------------------------------------------------
-/*
- A nontrivial third root of unity in Fp
+/**
+ * A nontrivial third root of unity in Fp
  */
 static constexpr f12t::element beta_v{0x30f1361b798a64e8, 0xf3b8ddab7ece5a2a, 0x16a8ca3ac61577f7,
                                       0xc26a2ff874fd029b, 0x3636b76660701c6e, 0x051ba4ab241b6160};

sxt/curve_g1/constant/beta.t.cc

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*
+/**
  * Adopted from zkcrypto/bls12_381
  *
  * Copyright (c) 2021

sxt/curve_g1/constant/generator.h

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*
+/**
  * Adopted from zcash/librustzcash
  *
  * Copyright (c) 2017
@@ -33,16 +33,16 @@ namespace sxt::cg1cn {
 //--------------------------------------------------------------------------------------------------
 // generator_x_v
 //--------------------------------------------------------------------------------------------------
-/*
- The generators of G1/G2 are computed by finding the lexicographically smallest valid x coordinate,
- and its lexicographically smallest y coordinate and multiplying it by the cofactor such that the
- result is nonzero.
-
- Generator of G1
- x =
- 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507
- y =
- 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569
+/**
+ * The generators of G1 are computed by finding the lexicographically smallest valid x coordinate,
+ * and its lexicographically smallest y coordinate and multiplying it by the cofactor such that the
+ * result is nonzero.
+ *
+ * Generator of G1
+ * x =
+ * 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507
+ * y =
+ * 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569
  */
 static constexpr f12t::element generator_x_v{0x5cb38790fd530c16, 0x7817fc679976fff5,
                                              0x154f95c7143ba1c1, 0xf0ae6acdf3d0e747,

sxt/curve_g1/operation/add.cc

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*
+/**
  * Adopted from zkcrypto/bls12_381
  *
  * Copyright (c) 2021

sxt/curve_g1/operation/add.h

@@ -14,6 +14,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+/**
+ * Adopted from zkcrypto/bls12_381
+ *
+ * Copyright (c) 2021
+ * Sean Bowe <[email protected]>
+ * Jack Grigg <[email protected]>
+ *
+ * See third_party/license/zkcrypto.LICENSE
+ */
 #pragma once
 
 #include "sxt/base/macro/cuda_callable.h"
@@ -31,8 +40,8 @@ namespace sxt::cg1o {
 //--------------------------------------------------------------------------------------------------
 // add_inplace
 //--------------------------------------------------------------------------------------------------
-/*
- p = p + q
+/**
+ * p = p + q
  */
 CUDA_CALLABLE inline void add_inplace(cg1t::element_p2& p, const cg1t::element_p2& q) noexcept {
   f12t::element t0, t1, t2, t3, t4;
@@ -76,8 +85,8 @@ CUDA_CALLABLE inline void add_inplace(cg1t::element_p2& p, const cg1t::element_p
 //--------------------------------------------------------------------------------------------------
 // add
 //--------------------------------------------------------------------------------------------------
-/*
- Algorithm 7, https://eprint.iacr.org/2015/1060.pdf
+/**
+ * Algorithm 7, https://eprint.iacr.org/2015/1060.pdf
  */
 CUDA_CALLABLE
 void inline add(cg1t::element_p2& h, const cg1t::element_p2& p,
@@ -89,8 +98,8 @@ void inline add(cg1t::element_p2& h, const cg1t::element_p2& p,
 //--------------------------------------------------------------------------------------------------
 // add
 //--------------------------------------------------------------------------------------------------
-/*
- Algorithm 8, https://eprint.iacr.org/2015/1060.pdf
+/**
+ * Algorithm 8, https://eprint.iacr.org/2015/1060.pdf
  */
 CUDA_CALLABLE
 void add(cg1t::element_p2& h, const cg1t::element_p2& p, const cg1t::element_affine& q) noexcept;

sxt/curve_g1/operation/cmov.h

@@ -26,11 +26,11 @@ namespace sxt::cg1o {
 //--------------------------------------------------------------------------------------------------
 // cmov
 //--------------------------------------------------------------------------------------------------
-/*
- Replace (f,g) with (g,g) if b == 1;
- replace (f,g) with (f,g) if b == 0.
+/**
+ * Replace (f,g) with (g,g) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
  *
- Preconditions: b in {0,1}.
+ * Preconditions: b in {0,1}.
  */
 CUDA_CALLABLE
 void cmov(cg1t::element_p2& f, const cg1t::element_p2& g, unsigned int b) noexcept;

sxt/curve_g1/operation/compression.cc

@@ -14,15 +14,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*
- * Adopted from zkcrypto/bls12_381
- *
- * Copyright (c) 2021
- * Sean Bowe <[email protected]>
- * Jack Grigg <[email protected]>
- *
- * See third_party/license/zkcrypto.LICENSE
- */
 #include "sxt/curve_g1/operation/compression.h"
 
 #include "sxt/base/error/assert.h"

sxt/curve_g1/operation/compression.h

@@ -14,6 +14,15 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+/**
+ * Adopted from zkcrypto/bls12_381
+ *
+ * Copyright (c) 2021
+ * Sean Bowe <[email protected]>
+ * Jack Grigg <[email protected]>
+ *
+ * See third_party/license/zkcrypto.LICENSE
+ */
 #pragma once
 
 #include "sxt/base/container/span.h"
@@ -27,6 +36,12 @@ namespace sxt::cg1o {
 //--------------------------------------------------------------------------------------------------
 // compress
 //--------------------------------------------------------------------------------------------------
+/*
+ * Serializes a point on the BLS12-381 curve to compressed form using the zkcrypto/bls12_381
+ * projects serialization guidance.
+ * https://github.com/zkcrypto/bls12_381/blob/4df45188913e9d66ef36ae12825865347eed4e1b/src/notes/serialization.rs
+ */
+
 void compress(cg1t::compressed_element& e_c, const cg1t::element_p2& e_p) noexcept;
 
 //--------------------------------------------------------------------------------------------------

sxt/curve_g1/operation/double.cc

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*
+/**
  * Adopted from zkcrypto/bls12_381
  *
  * Copyright (c) 2021

sxt/curve_g1/operation/double.h

@@ -26,9 +26,9 @@ namespace sxt::cg1o {
 //--------------------------------------------------------------------------------------------------
 // double_element
 //--------------------------------------------------------------------------------------------------
-/*
- Computes the doubling of element.
- Algorithm 9, https://eprint.iacr.org/2015/1060.pdf
+/**
+ * Computes the doubling of element.
+ * Algorithm 9, https://eprint.iacr.org/2015/1060.pdf
  */
 CUDA_CALLABLE
 void double_element(cg1t::element_p2& h, const cg1t::element_p2& p) noexcept;

sxt/curve_g1/operation/mul_by_3b.h

@@ -26,9 +26,9 @@ namespace sxt::cg1o {
 //--------------------------------------------------------------------------------------------------
 // mul_by_3b
 //--------------------------------------------------------------------------------------------------
-/*
- For the bls12-381 curve, since b = 4, 3b = 12.
- See Algorithm 9 for details, https://eprint.iacr.org/2015/1060.pdf
+/**
+ * For the bls12-381 curve, since b = 4, 3b = 12.
+ * See Algorithm 9 for details, https://eprint.iacr.org/2015/1060.pdf
  */
 CUDA_CALLABLE
 void mul_by_3b(f12t::element& h, const f12t::element& p) noexcept;

sxt/curve_g1/operation/mul_by_3b.t.cc

@@ -26,7 +26,7 @@ using namespace sxt::cg1o;
 using namespace sxt::f12t;
 
 TEST_CASE("multiply by 3b") {
-  SECTION("returns twelve if one in Montogomery form is the input") {
+  SECTION("returns twelve if one in Montgomery form is the input") {
     f12t::element ret;
 
     mul_by_3b(ret, f12cn::one_v);

sxt/curve_g1/operation/neg.cc

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*
+/**
  * Adopted from zkcrypto/bls12_381
  *
  * Copyright (c) 2021

sxt/curve_g1/operation/neg.h

@@ -32,8 +32,8 @@ void neg(cg1t::element_p2& r, const cg1t::element_p2& p) noexcept;
 //--------------------------------------------------------------------------------------------------
 // cneg
 //--------------------------------------------------------------------------------------------------
-/*
- r = -r if b = 1 else r
+/**
+ * r = -r if b = 1 else r
  */
 CUDA_CALLABLE
 void cneg(cg1t::element_p2& r, unsigned int b) noexcept;

sxt/curve_g1/operation/scalar_multiply.cc

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*
+/**
  * Adopted from zkcrypto/bls12_381
  *
  * Copyright (c) 2021
@@ -73,9 +73,9 @@ static void scalar_multiply_impl(cg1t::element_p2& h, const cg1t::element_p2& p,
   for (int byte_index = first_one_byte; byte_index >= 0; --byte_index) {
     auto byte = q[byte_index];
     for (int bit_index = starting_bit; bit_index >= 0; --bit_index) {
-      cg1o::double_element(acc, acc);
+      double_element(acc, acc);
       if ((byte >> bit_index) & 1) {
-        cg1o::add(acc, acc, p);
+        add(acc, acc, p);
       }
     }
     starting_bit = 7; // reset starting bit for the remainder of bytes

sxt/curve_g1/operation/scalar_multiply.h

@@ -28,12 +28,12 @@ namespace sxt::cg1o {
 //--------------------------------------------------------------------------------------------------
 // scalar_multiply255
 //--------------------------------------------------------------------------------------------------
-/*
- This is a simple double-and-add implementation of point multiplication, moving from most
- significant to least significant bit of the scalar. We skip the leading bit because it's
- always unset for Fq elements. Assumes the scalar q is little endian and the exponent has already
- been reduced.
-*/
+/**
+ * This is a simple double-and-add implementation of point multiplication, moving from most
+ * significant to least significant bit of the scalar. We skip the leading bit because it's
+ * always unset for Fq elements. Assumes the scalar q is little endian and the exponent has already
+ * been reduced.
+ */
 CUDA_CALLABLE
 void scalar_multiply255(cg1t::element_p2& h, const cg1t::element_p2& p,
                         const uint8_t q[32]) noexcept;

sxt/curve_g1/operation/sub.cc

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-/*
+/**
  * Adopted from zkcrypto/bls12_381
  *
  * Copyright (c) 2021