Skip to content

Commit

Permalink
Merge pull request #7 from algorand/release-0.17.0
Browse files Browse the repository at this point in the history 
merge Release 0.17.0 back to master
  • Loading branch information
@zhenfeizhang
zhenfeizhang authored Oct 23, 2019
2 parents c0a0c8f + bd12ca9 commit d3a9e24
Show file tree
Hide file tree
Showing 8 changed files with 460 additions and 976 deletions.
1 change: 1 addition & 0 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
name = "pairing-plus"

# Remember to change version string in README.md.

version = "0.17.1"
authors = [
# authors of the original pairing library
Expand Down
1,106 changes: 407 additions & 699 deletions src/bls12_381/cofactor.rs
View file

Large diffs are not rendered by default.

221 changes: 6 additions & 215 deletions src/bls12_381/ec/g1.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -308,228 +308,21 @@ impl G1Prepared {
}

mod subgroup_check {
use super::super::super::{Fq, FqRepr};
use super::{G1Affine, G1};
use ff::Field;
use super::G1Affine;
#[cfg(test)]
use super::G1;
#[cfg(test)]
use rand::{thread_rng, Rand};
use {CurveAffine, CurveProjective, SubgroupCheck};

// Endomorphism (x, y) -> (\beta x, y) where \beta is an elm of Fp of order 3.
fn sigma(p: &G1Affine) -> G1 {
let (x, y) = p.as_tuple();
let mut ret = G1 {
x: *x,
y: *y,
z: Fq::one(),
};
sigma_proj(&mut ret);
ret
}

fn sigma_proj(p: &mut G1) {
const BETA: Fq = Fq(FqRepr([
0xcd03c9e48671f071u64,
0x5dab22461fcda5d2u64,
0x587042afd3851b95u64,
0x8eb60ebe01bacb9eu64,
0x3f97d6e83d050d2u64,
0x18f0206554638741u64,
]));

let G1 { x, .. } = p;
x.mul_assign(&BETA);
}

/* *** addchain for 76329603384216526021617858986798044501 *** */
/* Bos-Coster (win=7) : 145 links, 8 variables */
fn sigma_chain(tmpvar1: &mut G1) {
let tmpvar0 = *tmpvar1;
tmpvar1.double();
/* 0 : 2 */

let mut tmpvar6 = *tmpvar1;
tmpvar6.add_assign(&tmpvar0);
/* 1 : 3 */

tmpvar1.double();
/* 2 : 4 */

let mut tmpvar4 = *tmpvar1;
tmpvar4.double();
/* 3 : 8 */

let mut tmpvar2 = tmpvar4;
tmpvar2.add_assign(&tmpvar6);
/* 4 : 11 */

let mut tmpvar7 = tmpvar2;
tmpvar7.add_assign(tmpvar1);
/* 5 : 15 */

let mut tmpvar5 = tmpvar4;
tmpvar5.double();
/* 6 : 16 */

*tmpvar1 = tmpvar5;
tmpvar1.double();
/* 7 : 32 */

let mut tmpvar3 = *tmpvar1;
tmpvar3.add_assign(&tmpvar2);
/* 8 : 43 */

*tmpvar1 = tmpvar3;
tmpvar1.add_assign(&tmpvar7);
/* 9 : 58 */

tmpvar5.add_assign(tmpvar1);
/* 10 : 74 */

tmpvar2.add_assign(&tmpvar5);
/* 11 : 85 */

tmpvar7.add_assign(&tmpvar5);
/* 12 : 89 */

tmpvar4.add_assign(&tmpvar7);
/* 13 : 97 */

tmpvar5.add_assign(&tmpvar4);
/* 14 : 171 */

tmpvar1.add_assign(&tmpvar5);
/* 15 : 229 */

for _ in 0..7 {
tmpvar1.double();
}
/* 16 : 29312 */

tmpvar1.add_assign(&tmpvar7);
/* 23 : 29401 */

for _ in 0..5 {
tmpvar1.double();
}
/* 24 : 940832 */

tmpvar1.add_assign(&tmpvar6);
/* 29 : 940835 */

for _ in 0..18 {
tmpvar1.double();
}
/* 30 : 246634250240 */

tmpvar1.add_assign(&tmpvar2);
/* 48 : 246634250325 */

for _ in 0..9 {
tmpvar1.double();
}
/* 49 : 126276736166400 */

tmpvar1.add_assign(&tmpvar5);
/* 58 : 126276736166571 */

for _ in 0..7 {
tmpvar1.double();
}
/* 59 : 16163422229321088 */

tmpvar1.add_assign(&tmpvar4);
/* 66 : 16163422229321185 */

for _ in 0..7 {
tmpvar1.double();
}
/* 67 : 2068918045353111680 */

tmpvar1.add_assign(&tmpvar3);
/* 74 : 2068918045353111723 */

for _ in 0..41 {
tmpvar1.double();
}
/* 75 : 4549598895562680126525036036096 */

tmpvar1.add_assign(&tmpvar2);
/* 116 : 4549598895562680126525036036181 */

for _ in 0..8 {
tmpvar1.double();
}
/* 117 : 1164697317264046112390409225262336 */

tmpvar1.add_assign(&tmpvar2);
/* 125 : 1164697317264046112390409225262421 */

for _ in 0..8 {
tmpvar1.double();
}
/* 126 : 298162513219595804771944761667179776 */

tmpvar1.add_assign(&tmpvar2);
/* 134 : 298162513219595804771944761667179861 */

for _ in 0..8 {
tmpvar1.double();
}
/* 135 : 76329603384216526021617858986798044416 */

tmpvar1.add_assign(&tmpvar2);
/* 143 : 76329603384216526021617858986798044501 */
}
use SubgroupCheck;
#[cfg(test)]
use {CurveAffine, CurveProjective};

impl SubgroupCheck for G1Affine {
fn in_subgroup_bowe19(&self) -> bool {
if !self.is_on_curve() {
return false;
}

let mut sp = sigma(self); // sP = sigma(P)
let mut q = sp; // Q =
q.double(); // 2 * sP
sigma_proj(&mut sp); // sP = sigma(sP)
q.sub_assign_mixed(self); // Q = Q - P
q.sub_assign(&sp); // Q = Q - sP
sigma_chain(&mut q); // ((z^2 - 1) // 3) * Q
q.sub_assign(&sp); // Q = Q - sP

q.is_zero()
}

fn in_subgroup(&self) -> bool {
self.is_on_curve() && self.is_in_correct_subgroup_assuming_on_curve()
}
}

#[test]
fn test_g1_sigma() {
use CurveProjective;
let mut rng = thread_rng();

for _ in 0..32 {
let pp = G1::rand(&mut rng);
let p = pp.into_affine();
let sp = sigma(&p);

let G1Affine { x: xi, .. } = &p;
let G1 { x: xo, .. } = &sp;

let mut t1 = *xi;
t1.square();
t1.mul_assign(xi);

let mut t2 = *xo;
t2.square();
t2.mul_assign(xo);

assert_eq!(t1, t2);
}
}

#[test]
fn test_g1_subgroup_check() {
use bls12_381::ClearH;
Expand Down Expand Up @@ -619,8 +412,6 @@ fn g1_test_is_valid() {
infinity: false,
};
assert!(!p.is_on_curve());
assert!(!p.in_subgroup_bowe19());
assert!(p.in_subgroup_bowe19() == p.in_subgroup());
}

// Reject point on a twist (b = 3)
Expand Down
23 changes: 3 additions & 20 deletions src/bls12_381/ec/g2.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,28 +346,14 @@ pub struct G2Prepared {
}

mod subgroup_check {
use super::super::super::cofactor::{chain_z, psi};
use super::G2Affine;
#[cfg(test)]
use rand::{thread_rng, Rand};
use {CurveAffine, CurveProjective, SubgroupCheck};
#[cfg(test)]
use CurveAffine;
use SubgroupCheck;

impl SubgroupCheck for G2Affine {
fn in_subgroup_bowe19(&self) -> bool {
if !self.is_on_curve() {
return false;
}
let mut pp = self.into_projective();
let mut q = pp;
psi(&mut pp); // pp = psi(P)
psi(&mut pp); // pp = psi(pp)
q.sub_assign(&pp); // Q = P - pp
psi(&mut pp); // pp = psi(pp)
let tmp = pp;
chain_z(&mut pp, &tmp); // pp = -z * pp
q.sub_assign(&pp); // Q = Q - pp
q.is_zero()
}
fn in_subgroup(&self) -> bool {
self.is_on_curve() && self.is_in_correct_subgroup_assuming_on_curve()
}
Expand Down Expand Up @@ -483,8 +469,6 @@ fn g2_test_is_valid() {
infinity: false,
};
assert!(!p.is_on_curve());
assert!(!p.in_subgroup_bowe19());
assert!(p.in_subgroup_bowe19() == p.in_subgroup());
}

// Reject point on a twist (b = 2 * (u + 1))
Expand Down Expand Up @@ -534,7 +518,6 @@ fn g2_test_is_valid() {
};
assert!(!p.is_on_curve());
assert!(!p.in_subgroup());
assert!(p.in_subgroup_bowe19() == p.in_subgroup());
}

// Reject point in an invalid subgroup
Expand Down
24 changes: 12 additions & 12 deletions src/bls12_381/fq.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2325,12 +2325,12 @@ fn test_fq_hash_to_field() {
let mut hash_iter = HashToField::<Fq>::new("hello world", None);
let fq_val = hash_iter.next().unwrap();
let expect = FqRepr([
0x605979d293c88efeu64,
0x8cce6e2990ca245eu64,
0xb216c1419710b3a9u64,
0xeb60d0d2d54275a0u64,
0x354a68d7ef36672u64,
0x5f74a1547366cecu64,
0x47137dbe0aab2c73u64,
0x203a41a517b34d1cu64,
0x55d019e5914e11c1u64,
0xc106ddc4af8ffa5du64,
0x1ff762c5f1bfd8b4u64,
0x19f78b0bb3eba06au64,
]);
assert_eq!(fq_val, Fq::from_repr(expect).unwrap());

Expand All @@ -2339,12 +2339,12 @@ fn test_fq_hash_to_field() {

let fq_val = hash_iter.next().unwrap();
let expect = FqRepr([
0x21f37a28981adf2au64,
0xfcb319a0d42af630u64,
0xbfd027f2c55177fbu64,
0x66f286dd263e7609u64,
0xa09979be2a6ef430u64,
0x39b53f6f58a62fdu64,
0x1a29a8209c6f3d2fu64,
0x4a6be9dbcd5dd3ebu64,
0xbe4a8d4259350048u64,
0xdf453be6214f7ddcu64,
0x699c40affb0d1314u64,
0xcfecc5419b505ffu64,
]);
assert_eq!(fq_val, Fq::from_repr(expect).unwrap());
}
Expand Down
Loading

0 comments on commit d3a9e24

Please sign in to comment.