Merge branch 'master' into sqrt-algs

CHANGELOG.md

@@ -2,14 +2,39 @@
 
 ## Pending
 
-- (`ark-poly`) Reduce the number of field multiplications performed by `SparseMultilinearExtension::evaluate` and `DenseMultilinearExtension::evaluate`
+### Breaking changes
+
+- [\#577](https://github.com/arkworks-rs/algebra/pull/577) (`ark-ff`, `ark-ec`) Add `AdditiveGroup`, a trait for additive groups (equipped with scalar field).
+- [\#593](https://github.com/arkworks-rs/algebra/pull/593) (`ark-ec`) Change `AffineRepr::xy()` to return owned values.
+
+### Features
+
+### Improvements
+
+### Bugfixes
+
+## v0.4.2
+
+### Breaking changes
+
+### Features
+
+### Improvements
+
+### Bugfixes
+
+- [\#610](https://github.com/arkworks-rs/algebra/pull/610) (`ark-ec`) Fix panic in `final_exponentiation` step for MNT4/6 curves if inverse does not exist.
+
+## v0.4.1
 
 ### Breaking changes
 
 ### Features
 
 ### Improvements
 
+- [\#603](https://github.com/arkworks-rs/algebra/pull/603) (`ark-poly`) Reduce the number of field multiplications performed by `SparseMultilinearExtension::evaluate` and `DenseMultilinearExtension::evaluate`
+
 ### Bugfixes
 
 ## v0.4.0

README.md

@@ -23,7 +23,7 @@ This repository contains several Rust crates:
 * [`ark-poly`](poly): Interfaces for univariate, multivariate, and multilinear polynomials, and FFTs over finite fields
 * [`ark-serialize`](serialize): Efficient interfaces for serialization and point compression for finite fields and elliptic curves
 
-In addition, the [`curves`](https://github.com/arkworks-rs/curves) repository contains concrete implementations of popular elliptic curves; see [here](https://github.com/arkworks-rs/curves/README.md) for details.
+In addition, the [`curves`](https://github.com/arkworks-rs/curves) repository contains concrete implementations of popular elliptic curves; see [here](https://github.com/arkworks-rs/curves/blob/master/README.md) for details.
 
 ## Build guide
 

bench-templates/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ark-algebra-bench-templates"
-version = "0.4.0"
+version = "0.4.2"
 authors = [ "arkworks contributors" ]
 description = "A benchmark library for finite fields and elliptic curves"
 homepage = "https://arkworks.rs"
@@ -18,9 +18,9 @@ rust-version = "1.63"
 [dependencies]
 criterion = { version = "0.4.0", features = [ "html_reports" ] }
 ark-std = { version = "0.4.0", default-features = false }
-ark-ec = { version = "0.4.0", path = "../ec", default-features = false }
-ark-ff = { version = "0.4.0", path = "../ff", default-features = false }
-ark-serialize = { version = "0.4.0", path = "../serialize", default-features = false }
+ark-ec = { version = "0.4.2", path = "../ec", default-features = false }
+ark-ff = { version = "0.4.2", path = "../ff", default-features = false }
+ark-serialize = { version = "0.4.2", path = "../serialize", default-features = false }
 paste = { version = "1.0" }
 
 [features]

bench-templates/src/macros/ec.rs

@@ -3,10 +3,10 @@ macro_rules! ec_bench {
     ($curve_name:expr, $Group:ident) => {
         $crate::paste! {
             mod [<$Group:lower>] {
-                use ark_ec::Group;
+                use ark_ec::PrimeGroup;
                 use super::*;
 
-                type Scalar = <$Group as Group>::ScalarField;
+                type Scalar = <$Group as PrimeGroup>::ScalarField;
                 fn rand(c: &mut $crate::criterion::Criterion) {
                     let name = format!("{}::{}", $curve_name, stringify!($Group));
                     use ark_std::UniformRand;
@@ -18,11 +18,12 @@ macro_rules! ec_bench {
                 }
 
                 fn arithmetic(c: &mut $crate::criterion::Criterion) {
-                    use ark_ec::{CurveGroup, Group};
+                    use ark_ff::AdditiveGroup;
+                    use ark_ec::{CurveGroup, PrimeGroup};
                     use ark_std::UniformRand;
                     let name = format!("{}::{}", $curve_name, stringify!($Group));
 
-                    type Scalar = <$Group as Group>::ScalarField;
+                    type Scalar = <$Group as PrimeGroup>::ScalarField;
                     const SAMPLES: usize = 1000;
                     let mut rng = ark_std::test_rng();
                     let mut arithmetic =
@@ -214,8 +215,10 @@ macro_rules! ec_bench {
                     let name = format!("{}::{}", $curve_name, stringify!($Group));
                     let mut rng = ark_std::test_rng();
 
-                    let g = <$Group>::rand(&mut rng).into_affine();
-                    let v: Vec<_> = (0..SAMPLES).map(|_| g).collect();
+                    let v: Vec<_> = (0..SAMPLES)
+                        .map(|_| <$Group>::rand(&mut rng))
+                        .collect();
+                    let v = <$Group>::normalize_batch(&v);
                     let scalars: Vec<_> = (0..SAMPLES)
                         .map(|_| Scalar::rand(&mut rng).into_bigint())
                         .collect();

bench-templates/src/macros/field.rs

@@ -63,6 +63,8 @@ macro_rules! f_bench {
 macro_rules! field_common {
     ($bench_group_name:expr, $F:ident) => {
         fn arithmetic(c: &mut $crate::criterion::Criterion) {
+            use ark_ff::AdditiveGroup;
+
             let name = format!("{}::{}", $bench_group_name, stringify!($F));
             const SAMPLES: usize = 1000;
             let mut rng = ark_std::test_rng();

ec/Cargo.toml

@@ -1,32 +1,33 @@
 [package]
 name = "ark-ec"
-version = "0.4.0"
+version = "0.4.2"
 authors = [ "arkworks contributors" ]
 description = "A library for elliptic curves and pairings"
 homepage = "https://arkworks.rs"
 repository = "https://github.com/arkworks-rs/algebra"
 documentation = "https://docs.rs/ark-ec/"
 keywords = ["cryptography", "elliptic-curves", "pairing"]
 categories = ["cryptography"]
-include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
+include = ["Cargo.toml", "src", "doc", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
 license = "MIT/Apache-2.0"
 edition = "2021"
 rust-version = "1.63"
 
 [dependencies]
 ark-std = { version = "0.4.0", default-features = false }
-ark-serialize = { version = "0.4.0", path = "../serialize", default-features = false }
-ark-ff = { version = "0.4.0", path = "../ff", default-features = false }
-ark-poly = { version = "0.4.0", path = "../poly", default-features = false }
+ark-serialize = { version = "0.4.2", path = "../serialize", default-features = false }
+ark-ff = { version = "0.4.2", path = "../ff", default-features = false }
+ark-poly = { version = "0.4.2", path = "../poly", default-features = false }
 derivative = { version = "2", features = ["use_core"] }
 num-traits = { version = "0.2", default-features = false }
 rayon = { version = "1", optional = true }
 zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] }
 hashbrown = "0.13.1"
 itertools = { version = "0.10", default-features = false }
+num-bigint = "0.4.3"
 
 [dev-dependencies]
-ark-test-curves = { version = "0.4.0", path = "../test-curves", default-features = false, features = ["bls12_381_curve"] }
+ark-test-curves = { version = "0.4.2", path = "../test-curves", default-features = false, features = ["bls12_381_curve"] }
 sha2 = { version = "0.10", default-features = false }
 libtest-mimic = "0.6.0"
 serde = "1.0.110"

ec/README.md

@@ -7,16 +7,16 @@
 </p>
 
 `ark-ec` defines traits and algorithms for working with different kinds of additive groups, with a focus on groups arising from elliptic curves. It further provides concrete instantiations of these traits for various elliptic curve models, including popular families of pairing-friendly curves such as the BLS12 family of curves.
-Implementations of particular curves using these curve models can be found in [`arkworks-rs/curves`](https://github.com/arkworks-rs/curves/README.md).
+Implementations of particular curves using these curve models can be found in [`arkworks-rs/curves`](https://github.com/arkworks-rs/curves/blob/master/README.md).
 
 ## Usage
 
 ### The `Group` trait
 
-Many cryptographic protocols use as core building-blocks prime-order groups. The [`Group`](https://github.com/arkworks-rs/algebra/blob/master/ec/src/lib.rs) trait is an abstraction that represents elements of such abelian prime-order groups. It provides methods for performing common operations on group elements:
+Many cryptographic protocols use as core building-blocks prime-order groups. The [`PrimeGroup`](https://github.com/arkworks-rs/algebra/blob/master/ec/src/lib.rs) trait is an abstraction that represents elements of such abelian prime-order groups. It provides methods for performing common operations on group elements:
 
 ```rust
-use ark_ec::Group;
+use ark_ec::{AdditiveGroup, PrimeGroup};
 use ark_ff::{PrimeField, Field};
 // We'll use the BLS12-381 G1 curve for this example.
 // This group has a prime order `r`, and is associated with a prime field `Fr`.
@@ -49,12 +49,12 @@ assert_eq!(f, c);
 
 ## Scalar multiplication
 
-While the `Group` trait already produces scalar multiplication routines, in many cases one can take advantage of
+While the `PrimeGroup` trait already produces scalar multiplication routines, in many cases one can take advantage of
 the group structure to perform scalar multiplication more efficiently. To allow such specialization, `ark-ec` provides
 the `ScalarMul` and `VariableBaseMSM` traits. The latter trait computes an "inner product" between a vector of scalars `s` and a vector of group elements `g`. That is, it computes `s.iter().zip(g).map(|(s, g)| g * s).sum()`.
 
 ```rust
-use ark_ec::{Group, VariableBaseMSM};
+use ark_ec::{PrimeGroup, VariableBaseMSM};
 use ark_ff::{PrimeField, Field};
 // We'll use the BLS12-381 G1 curve for this example.
 // This group has a prime order `r`, and is associated with a prime field `Fr`.
@@ -72,7 +72,7 @@ let s2 = ScalarField::rand(&mut rng);
 // Note that we're using the `GAffine` type here, as opposed to `G`.
 // This is because MSMs are more efficient when the group elements are in affine form. (See below for why.)
 //
-// The `VariableBaseMSM` trait allows specializing the input group element representation to allow 
+// The `VariableBaseMSM` trait allows specializing the input group element representation to allow
 // for more efficient implementations.
 let r = G::msm(&[a, b], &[s1, s2]).unwrap();
 assert_eq!(r, a * s1 + b * s2);
@@ -90,7 +90,7 @@ but is slower for most arithmetic operations. Let's explore how and when to use
 these:
 
 ```rust
-use ark_ec::{AffineRepr, Group, CurveGroup, VariableBaseMSM};
+use ark_ec::{AdditiveGroup, AffineRepr, PrimeGroup, CurveGroup, VariableBaseMSM};
 use ark_ff::{PrimeField, Field};
 use ark_test_curves::bls12_381::{G1Projective as G, G1Affine as GAffine, Fr as ScalarField};
 use ark_std::{Zero, UniformRand};
@@ -105,9 +105,9 @@ assert_eq!(a_aff, a);
 // We can also convert back to the `CurveGroup` representation:
 assert_eq!(a, a_aff.into_group());
 
-// As a general rule, most group operations are slower when elements 
-// are represented as `AffineRepr`. However, adding an `AffineRepr` 
-// point to a `CurveGroup` one is usually slightly more efficient than 
+// As a general rule, most group operations are slower when elements
+// are represented as `AffineRepr`. However, adding an `AffineRepr`
+// point to a `CurveGroup` one is usually slightly more efficient than
 // adding two `CurveGroup` points.
 let d = a + a_aff;
 assert_eq!(d, a.double());

ec/src/hashing/curve_maps/wb/mod.rs

@@ -53,10 +53,10 @@ where
                 let y_num = DensePolynomial::from_coefficients_slice(self.y_map_numerator);
                 let y_den = DensePolynomial::from_coefficients_slice(self.y_map_denominator);
 
-                let mut v: [BaseField<Domain>; 2] = [x_den.evaluate(x), y_den.evaluate(x)];
+                let mut v: [BaseField<Domain>; 2] = [x_den.evaluate(&x), y_den.evaluate(&x)];
                 batch_inversion(&mut v);
-                let img_x = x_num.evaluate(x) * v[0];
-                let img_y = (y_num.evaluate(x) * y) * v[1];
+                let img_x = x_num.evaluate(&x) * v[0];
+                let img_y = (y_num.evaluate(&x) * y) * v[1];
                 Ok(Affine::<Codomain>::new_unchecked(img_x, img_y))
             },
             None => Ok(Affine::identity()),

ec/src/hashing/map_to_curve_hasher.rs

@@ -42,10 +42,10 @@ where
         })
     }
 
-    // Produce a hash of the message, using the hash to field and map to curve
-    // traits. This uses the IETF hash to curve's specification for Random
-    // oracle encoding (hash_to_curve) defined by combining these components.
-    // See https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-3
+    /// Produce a hash of the message, using the hash to field and map to curve
+    /// traits. This uses the IETF hash to curve's specification for Random
+    /// oracle encoding (hash_to_curve) defined by combining these components.
+    /// See <https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-09#section-3>
     fn hash(&self, msg: &[u8]) -> Result<T::Affine, HashToCurveError> {
         // IETF spec of hash_to_curve, from hash_to_field and map_to_curve
         // sub-components

ec/src/lib.rs

@@ -28,13 +28,14 @@ use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 use ark_std::{
     fmt::{Debug, Display},
     hash::Hash,
-    ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign},
+    ops::{Add, AddAssign, Mul, MulAssign},
     vec::Vec,
 };
-use num_traits::Zero;
 pub use scalar_mul::{variable_base::VariableBaseMSM, ScalarMul};
 use zeroize::Zeroize;
 
+pub use ark_ff::AdditiveGroup;
+
 pub mod models;
 pub use self::models::*;
 
@@ -47,57 +48,14 @@ pub mod hashing;
 pub mod pairing;
 
 /// Represents (elements of) a group of prime order `r`.
-pub trait Group:
-    Eq
-    + 'static
-    + Sized
-    + CanonicalSerialize
-    + CanonicalDeserialize
-    + Copy
-    + Clone
-    + Default
-    + Send
-    + Sync
-    + Hash
-    + Debug
-    + Display
-    + UniformRand
-    + Zeroize
-    + Zero
-    + Neg<Output = Self>
-    + Add<Self, Output = Self>
-    + Sub<Self, Output = Self>
-    + Mul<<Self as Group>::ScalarField, Output = Self>
-    + AddAssign<Self>
-    + SubAssign<Self>
-    + MulAssign<<Self as Group>::ScalarField>
-    + for<'a> Add<&'a Self, Output = Self>
-    + for<'a> Sub<&'a Self, Output = Self>
-    + for<'a> Mul<&'a <Self as Group>::ScalarField, Output = Self>
-    + for<'a> AddAssign<&'a Self>
-    + for<'a> SubAssign<&'a Self>
-    + for<'a> MulAssign<&'a <Self as Group>::ScalarField>
-    + core::iter::Sum<Self>
-    + for<'a> core::iter::Sum<&'a Self>
-{
+pub trait PrimeGroup: AdditiveGroup<Scalar = Self::ScalarField> {
     /// The scalar field `F_r`, where `r` is the order of this group.
     type ScalarField: PrimeField;
 
     /// Returns a fixed generator of this group.
     #[must_use]
     fn generator() -> Self;
 
-    /// Doubles `self`.
-    #[must_use]
-    fn double(&self) -> Self {
-        let mut copy = *self;
-        copy.double_in_place();
-        copy
-    }
-
-    /// Double `self` in place.
-    fn double_in_place(&mut self) -> &mut Self;
-
     /// Performs scalar multiplication of this element.
     fn mul_bigint(&self, other: impl AsRef<[u64]>) -> Self;
 
@@ -121,7 +79,7 @@ pub trait Group:
 ///
 /// The point is guaranteed to be in the correct prime order subgroup.
 pub trait CurveGroup:
-    Group
+    PrimeGroup
     + Add<Self::Affine, Output = Self>
     + AddAssign<Self::Affine>
     // + for<'a> Add<&'a Self::Affine, Output = Self>
@@ -205,15 +163,15 @@ pub trait AffineRepr:
         + MulAssign<Self::ScalarField>; // needed due to https://github.com/rust-lang/rust/issues/69640
 
     /// Returns the x and y coordinates of this affine point.
-    fn xy(&self) -> Option<(&Self::BaseField, &Self::BaseField)>;
+    fn xy(&self) -> Option<(Self::BaseField, Self::BaseField)>;
 
     /// Returns the x coordinate of this affine point.
-    fn x(&self) -> Option<&Self::BaseField> {
+    fn x(&self) -> Option<Self::BaseField> {
         self.xy().map(|(x, _)| x)
     }
 
     /// Returns the y coordinate of this affine point.
-    fn y(&self) -> Option<&Self::BaseField> {
+    fn y(&self) -> Option<Self::BaseField> {
         self.xy().map(|(_, y)| y)
     }
 
@@ -278,7 +236,7 @@ where
     Self::E2: MulAssign<<Self::E1 as CurveGroup>::BaseField>,
 {
     type E1: CurveGroup<
-        BaseField = <Self::E2 as Group>::ScalarField,
+        BaseField = <Self::E2 as PrimeGroup>::ScalarField,
         ScalarField = <Self::E2 as CurveGroup>::BaseField,
     >;
     type E2: CurveGroup;
@@ -289,12 +247,12 @@ pub trait PairingFriendlyCycle: CurveCycle {
     type Engine1: pairing::Pairing<
         G1 = Self::E1,
         G1Affine = <Self::E1 as CurveGroup>::Affine,
-        ScalarField = <Self::E1 as Group>::ScalarField,
+        ScalarField = <Self::E1 as PrimeGroup>::ScalarField,
     >;
 
     type Engine2: pairing::Pairing<
         G1 = Self::E2,
         G1Affine = <Self::E2 as CurveGroup>::Affine,
-        ScalarField = <Self::E2 as Group>::ScalarField,
+        ScalarField = <Self::E2 as PrimeGroup>::ScalarField,
     >;
 }