tornado-packages/phase2-bn254
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Auto merge of #90 - str4d:ff, r=ebfull

Browse Source 
Use ff crate for traits and impls

Depends on https://github.com/ebfull/ff/pull/1 and https://github.com/ebfull/ff/pull/5
This commit is contained in:
bmerge 2018-07-05 17:20:21 +00:00
commit 183a64b08e
18 changed files with 103 additions and 1902 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Cargo.toml
View File

@ -3,7 +3,10 @@ name = "pairing"
# Remember to change version string in README.md.
version = "0.14.2"
authors = ["Sean Bowe <ewillbefull@gmail.com>"]
authors = [
"Sean Bowe <ewillbefull@gmail.com>",
"Jack Grigg <jack@z.cash>",
]
license = "MIT/Apache-2.0"
description = "Pairing-friendly elliptic curve library"
@ -14,10 +17,9 @@ repository = "https://github.com/ebfull/pairing"
[dependencies]
rand = "0.4"
byteorder = "1"
clippy = { version = "0.0.200", optional = true }
ff = { version = "0.4", features = ["derive"] }
[features]
unstable-features = ["expose-arith"]
expose-arith = []
u128-support = []
default = []

8
README.md
View File

@ -6,14 +6,6 @@ This is a Rust crate for using pairing-friendly elliptic curves. Currently, only
Bring the `pairing` crate into your project just as you normally would.
If you're using a supported platform and the nightly Rust compiler, you can enable the `u128-support` feature for faster arithmetic.
```toml
[dependencies.pairing]
version = "0.14"
features = ["u128-support"]
```
## Security Warnings
This library does not make any guarantees about constant-time operations, memory access patterns, or resistance to side-channel attacks.

2
benches/bls12_381/fq.rs
View File

@ -1,7 +1,7 @@
use rand::{Rand, SeedableRng, XorShiftRng};
use ff::{Field, PrimeField, PrimeFieldRepr, SqrtField};
use pairing::bls12_381::*;
use pairing::{Field, PrimeField, PrimeFieldRepr, SqrtField};
#[bench]
fn bench_fq_repr_add_nocarry(b: &mut ::test::Bencher) {

2
benches/bls12_381/fq12.rs
View File

@ -1,7 +1,7 @@
use rand::{Rand, SeedableRng, XorShiftRng};
use ff::Field;
use pairing::bls12_381::*;
use pairing::Field;
#[bench]
fn bench_fq12_add_assign(b: &mut ::test::Bencher) {

2
benches/bls12_381/fq2.rs
View File

@ -1,7 +1,7 @@
use rand::{Rand, SeedableRng, XorShiftRng};
use ff::{Field, SqrtField};
use pairing::bls12_381::*;
use pairing::{Field, SqrtField};
#[bench]
fn bench_fq2_add_assign(b: &mut ::test::Bencher) {

2
benches/bls12_381/fr.rs
View File

@ -1,7 +1,7 @@
use rand::{Rand, SeedableRng, XorShiftRng};
use ff::{Field, PrimeField, PrimeFieldRepr, SqrtField};
use pairing::bls12_381::*;
use pairing::{Field, PrimeField, PrimeFieldRepr, SqrtField};
#[bench]
fn bench_fr_repr_add_nocarry(b: &mut ::test::Bencher) {

1
benches/pairing_benches.rs
View File

@ -1,5 +1,6 @@
#![feature(test)]
extern crate ff;
extern crate pairing;
extern crate rand;
extern crate test;

12
src/bls12_381/ec.rs
View File

@ -623,12 +623,10 @@ macro_rules! curve_impl {
pub mod g1 {
use super::super::{Bls12, Fq, Fq12, FqRepr, Fr, FrRepr};
use super::g2::G2Affine;
use ff::{BitIterator, Field, PrimeField, PrimeFieldRepr, SqrtField};
use rand::{Rand, Rng};
use std::fmt;
use {
BitIterator, CurveAffine, CurveProjective, EncodedPoint, Engine, Field, GroupDecodingError,
PrimeField, PrimeFieldRepr, SqrtField,
};
use {CurveAffine, CurveProjective, EncodedPoint, Engine, GroupDecodingError};
curve_impl!(
"G1",
@ -1270,12 +1268,10 @@ pub mod g1 {
pub mod g2 {
use super::super::{Bls12, Fq, Fq12, Fq2, FqRepr, Fr, FrRepr};
use super::g1::G1Affine;
use ff::{BitIterator, Field, PrimeField, PrimeFieldRepr, SqrtField};
use rand::{Rand, Rng};
use std::fmt;
use {
BitIterator, CurveAffine, CurveProjective, EncodedPoint, Engine, Field, GroupDecodingError,
PrimeField, PrimeFieldRepr, SqrtField,
};
use {CurveAffine, CurveProjective, EncodedPoint, Engine, GroupDecodingError};
curve_impl!(
"G2",

757
src/bls12_381/fq.rs
View File

@ -1,69 +1,5 @@
use super::fq2::Fq2;
use std::cmp::Ordering;
use {Field, PrimeField, PrimeFieldDecodingError, PrimeFieldRepr, SqrtField};
// q = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
const MODULUS: FqRepr = FqRepr([
0xb9feffffffffaaab,
0x1eabfffeb153ffff,
0x6730d2a0f6b0f624,
0x64774b84f38512bf,
0x4b1ba7b6434bacd7,
0x1a0111ea397fe69a,
]);
// The number of bits needed to represent the modulus.
const MODULUS_BITS: u32 = 381;
// The number of bits that must be shaved from the beginning of
// the representation when randomly sampling.
const REPR_SHAVE_BITS: u32 = 3;
// R = 2**384 % q
const R: FqRepr = FqRepr([
0x760900000002fffd,
0xebf4000bc40c0002,
0x5f48985753c758ba,
0x77ce585370525745,
0x5c071a97a256ec6d,
0x15f65ec3fa80e493,
]);
// R2 = R^2 % q
const R2: FqRepr = FqRepr([
0xf4df1f341c341746,
0xa76e6a609d104f1,
0x8de5476c4c95b6d5,
0x67eb88a9939d83c0,
0x9a793e85b519952d,
0x11988fe592cae3aa,
]);
// INV = -(q^{-1} mod 2^64) mod 2^64
const INV: u64 = 0x89f3fffcfffcfffd;
// GENERATOR = 2 (multiplicative generator of q-1 order, that is also quadratic nonresidue)
const GENERATOR: FqRepr = FqRepr([
0x321300000006554f,
0xb93c0018d6c40005,
0x57605e0db0ddbb51,
0x8b256521ed1f9bcb,
0x6cf28d7901622c03,
0x11ebab9dbb81e28c,
]);
// 2^s * t = MODULUS - 1 with t odd
const S: u32 = 1;
// 2^s root of unity computed by GENERATOR^t
const ROOT_OF_UNITY: FqRepr = FqRepr([
0x43f5fffffffcaaae,
0x32b7fff2ed47fffd,
0x7e83a49a2e99d69,
0xeca8f3318332bb7a,
0xef148d1ea0f4c069,
0x40ab3263eff0206,
]);
use ff::{Field, PrimeField, PrimeFieldDecodingError, PrimeFieldRepr};
// B coefficient of BLS12-381 curve, 4.
pub const B_COEFF: Fq = Fq(FqRepr([
@ -507,669 +443,11 @@ pub const NEGATIVE_ONE: Fq = Fq(FqRepr([
0x40ab3263eff0206,
]));
#[derive(Copy, Clone, PartialEq, Eq, Default, Debug)]
pub struct FqRepr(pub [u64; 6]);
impl ::rand::Rand for FqRepr {
#[inline(always)]
fn rand<R: ::rand::Rng>(rng: &mut R) -> Self {
FqRepr(rng.gen())
}
}
impl ::std::fmt::Display for FqRepr {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
try!(write!(f, "0x"));
for i in self.0.iter().rev() {
try!(write!(f, "{:016x}", *i));
}
Ok(())
}
}
impl AsRef<[u64]> for FqRepr {
#[inline(always)]
fn as_ref(&self) -> &[u64] {
&self.0
}
}
impl AsMut<[u64]> for FqRepr {
#[inline(always)]
fn as_mut(&mut self) -> &mut [u64] {
&mut self.0
}
}
impl From<u64> for FqRepr {
#[inline(always)]
fn from(val: u64) -> FqRepr {
let mut repr = Self::default();
repr.0[0] = val;
repr
}
}
impl Ord for FqRepr {
#[inline(always)]
fn cmp(&self, other: &FqRepr) -> Ordering {
for (a, b) in self.0.iter().rev().zip(other.0.iter().rev()) {
if a < b {
return Ordering::Less;
} else if a > b {
return Ordering::Greater;
}
}
Ordering::Equal
}
}
impl PartialOrd for FqRepr {
#[inline(always)]
fn partial_cmp(&self, other: &FqRepr) -> Option<Ordering> {
Some(self.cmp(other))
}
}
impl PrimeFieldRepr for FqRepr {
#[inline(always)]
fn is_odd(&self) -> bool {
self.0[0] & 1 == 1
}
#[inline(always)]
fn is_even(&self) -> bool {
!self.is_odd()
}
#[inline(always)]
fn is_zero(&self) -> bool {
self.0.iter().all(|&e| e == 0)
}
#[inline(always)]
fn shr(&mut self, mut n: u32) {
if n >= 64 * 6 {
*self = Self::from(0);
return;
}
while n >= 64 {
let mut t = 0;
for i in self.0.iter_mut().rev() {
::std::mem::swap(&mut t, i);
}
n -= 64;
}
if n > 0 {
let mut t = 0;
for i in self.0.iter_mut().rev() {
let t2 = *i << (64 - n);
*i >>= n;
*i |= t;
t = t2;
}
}
}
#[inline(always)]
fn div2(&mut self) {
let mut t = 0;
for i in self.0.iter_mut().rev() {
let t2 = *i << 63;
*i >>= 1;
*i |= t;
t = t2;
}
}
#[inline(always)]
fn mul2(&mut self) {
let mut last = 0;
for i in &mut self.0 {
let tmp = *i >> 63;
*i <<= 1;
*i |= last;
last = tmp;
}
}
#[inline(always)]
fn shl(&mut self, mut n: u32) {
if n >= 64 * 6 {
*self = Self::from(0);
return;
}
while n >= 64 {
let mut t = 0;
for i in &mut self.0 {
::std::mem::swap(&mut t, i);
}
n -= 64;
}
if n > 0 {
let mut t = 0;
for i in &mut self.0 {
let t2 = *i >> (64 - n);
*i <<= n;
*i |= t;
t = t2;
}
}
}
#[inline(always)]
fn num_bits(&self) -> u32 {
let mut ret = (6 as u32) * 64;
for i in self.0.iter().rev() {
let leading = i.leading_zeros();
ret -= leading;
if leading != 64 {
break;
}
}
ret
}
#[inline(always)]
fn add_nocarry(&mut self, other: &FqRepr) {
let mut carry = 0;
for (a, b) in self.0.iter_mut().zip(other.0.iter()) {
*a = ::adc(*a, *b, &mut carry);
}
}
#[inline(always)]
fn sub_noborrow(&mut self, other: &FqRepr) {
let mut borrow = 0;
for (a, b) in self.0.iter_mut().zip(other.0.iter()) {
*a = ::sbb(*a, *b, &mut borrow);
}
}
}
#[derive(Copy, Clone, PartialEq, Eq, Debug)]
#[derive(PrimeField)]
#[PrimeFieldModulus = "4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787"]
#[PrimeFieldGenerator = "2"]
pub struct Fq(FqRepr);
/// `Fq` elements are ordered lexicographically.
impl Ord for Fq {
#[inline(always)]
fn cmp(&self, other: &Fq) -> Ordering {
self.into_repr().cmp(&other.into_repr())
}
}
impl PartialOrd for Fq {
#[inline(always)]
fn partial_cmp(&self, other: &Fq) -> Option<Ordering> {
Some(self.cmp(other))
}
}
impl ::std::fmt::Display for Fq {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "Fq({})", self.into_repr())
}
}
impl ::rand::Rand for Fq {
fn rand<R: ::rand::Rng>(rng: &mut R) -> Self {
loop {
let mut tmp = Fq(FqRepr::rand(rng));
// Mask away the unused bits at the beginning.
tmp.0.as_mut()[5] &= 0xffffffffffffffff >> REPR_SHAVE_BITS;
if tmp.is_valid() {
return tmp;
}
}
}
}
impl From<Fq> for FqRepr {
fn from(e: Fq) -> FqRepr {
e.into_repr()
}
}
impl PrimeField for Fq {
type Repr = FqRepr;
fn from_repr(r: FqRepr) -> Result<Fq, PrimeFieldDecodingError> {
let mut r = Fq(r);
if r.is_valid() {
r.mul_assign(&Fq(R2));
Ok(r)
} else {
Err(PrimeFieldDecodingError::NotInField(format!("{}", r.0)))
}
}
fn into_repr(&self) -> FqRepr {
let mut r = *self;
r.mont_reduce(
(self.0).0[0],
(self.0).0[1],
(self.0).0[2],
(self.0).0[3],
(self.0).0[4],
(self.0).0[5],
0,
0,
0,
0,
0,
0,
);
r.0
}
fn char() -> FqRepr {
MODULUS
}
const NUM_BITS: u32 = MODULUS_BITS;
const CAPACITY: u32 = Self::NUM_BITS - 1;
fn multiplicative_generator() -> Self {
Fq(GENERATOR)
}
const S: u32 = S;
fn root_of_unity() -> Self {
Fq(ROOT_OF_UNITY)
}
}
impl Field for Fq {
#[inline]
fn zero() -> Self {
Fq(FqRepr::from(0))
}
#[inline]
fn one() -> Self {
Fq(R)
}
#[inline]
fn is_zero(&self) -> bool {
self.0.is_zero()
}
#[inline]
fn add_assign(&mut self, other: &Fq) {
// This cannot exceed the backing capacity.
self.0.add_nocarry(&other.0);
// However, it may need to be reduced.
self.reduce();
}
#[inline]
fn double(&mut self) {
// This cannot exceed the backing capacity.
self.0.mul2();
// However, it may need to be reduced.
self.reduce();
}
#[inline]
fn sub_assign(&mut self, other: &Fq) {
// If `other` is larger than `self`, we'll need to add the modulus to self first.
if other.0 > self.0 {
self.0.add_nocarry(&MODULUS);
}
self.0.sub_noborrow(&other.0);
}
#[inline]
fn negate(&mut self) {
if !self.is_zero() {
let mut tmp = MODULUS;
tmp.sub_noborrow(&self.0);
self.0 = tmp;
}
}
fn inverse(&self) -> Option<Self> {
if self.is_zero() {
None
} else {
// Guajardo Kumar Paar Pelzl
// Efficient Software-Implementation of Finite Fields with Applications to Cryptography
// Algorithm 16 (BEA for Inversion in Fp)
let one = FqRepr::from(1);
let mut u = self.0;
let mut v = MODULUS;
let mut b = Fq(R2); // Avoids unnecessary reduction step.
let mut c = Self::zero();
while u != one && v != one {
while u.is_even() {
u.div2();
if b.0.is_even() {
b.0.div2();
} else {
b.0.add_nocarry(&MODULUS);
b.0.div2();
}
}
while v.is_even() {
v.div2();
if c.0.is_even() {
c.0.div2();
} else {
c.0.add_nocarry(&MODULUS);
c.0.div2();
}
}
if v < u {
u.sub_noborrow(&v);
b.sub_assign(&c);
} else {
v.sub_noborrow(&u);
c.sub_assign(&b);
}
}
if u == one {
Some(b)
} else {
Some(c)
}
}
}
#[inline(always)]
fn frobenius_map(&mut self, _: usize) {
// This has no effect in a prime field.
}
#[inline]
fn mul_assign(&mut self, other: &Fq) {
let mut carry = 0;
let r0 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[0], &mut carry);
let r1 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[1], &mut carry);
let r2 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[2], &mut carry);
let r3 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[3], &mut carry);
let r4 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[4], &mut carry);
let r5 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[5], &mut carry);
let r6 = carry;
let mut carry = 0;
let r1 = ::mac_with_carry(r1, (self.0).0[1], (other.0).0[0], &mut carry);
let r2 = ::mac_with_carry(r2, (self.0).0[1], (other.0).0[1], &mut carry);
let r3 = ::mac_with_carry(r3, (self.0).0[1], (other.0).0[2], &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[1], (other.0).0[3], &mut carry);
let r5 = ::mac_with_carry(r5, (self.0).0[1], (other.0).0[4], &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[1], (other.0).0[5], &mut carry);
let r7 = carry;
let mut carry = 0;
let r2 = ::mac_with_carry(r2, (self.0).0[2], (other.0).0[0], &mut carry);
let r3 = ::mac_with_carry(r3, (self.0).0[2], (other.0).0[1], &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[2], (other.0).0[2], &mut carry);
let r5 = ::mac_with_carry(r5, (self.0).0[2], (other.0).0[3], &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[2], (other.0).0[4], &mut carry);
let r7 = ::mac_with_carry(r7, (self.0).0[2], (other.0).0[5], &mut carry);
let r8 = carry;
let mut carry = 0;
let r3 = ::mac_with_carry(r3, (self.0).0[3], (other.0).0[0], &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[3], (other.0).0[1], &mut carry);
let r5 = ::mac_with_carry(r5, (self.0).0[3], (other.0).0[2], &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[3], (other.0).0[3], &mut carry);
let r7 = ::mac_with_carry(r7, (self.0).0[3], (other.0).0[4], &mut carry);
let r8 = ::mac_with_carry(r8, (self.0).0[3], (other.0).0[5], &mut carry);
let r9 = carry;
let mut carry = 0;
let r4 = ::mac_with_carry(r4, (self.0).0[4], (other.0).0[0], &mut carry);
let r5 = ::mac_with_carry(r5, (self.0).0[4], (other.0).0[1], &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[4], (other.0).0[2], &mut carry);
let r7 = ::mac_with_carry(r7, (self.0).0[4], (other.0).0[3], &mut carry);
let r8 = ::mac_with_carry(r8, (self.0).0[4], (other.0).0[4], &mut carry);
let r9 = ::mac_with_carry(r9, (self.0).0[4], (other.0).0[5], &mut carry);
let r10 = carry;
let mut carry = 0;
let r5 = ::mac_with_carry(r5, (self.0).0[5], (other.0).0[0], &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[5], (other.0).0[1], &mut carry);
let r7 = ::mac_with_carry(r7, (self.0).0[5], (other.0).0[2], &mut carry);
let r8 = ::mac_with_carry(r8, (self.0).0[5], (other.0).0[3], &mut carry);
let r9 = ::mac_with_carry(r9, (self.0).0[5], (other.0).0[4], &mut carry);
let r10 = ::mac_with_carry(r10, (self.0).0[5], (other.0).0[5], &mut carry);
let r11 = carry;
self.mont_reduce(r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11);
}
#[inline]
fn square(&mut self) {
let mut carry = 0;
let r1 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[1], &mut carry);
let r2 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[2], &mut carry);
let r3 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[3], &mut carry);
let r4 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[4], &mut carry);
let r5 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[5], &mut carry);
let r6 = carry;
let mut carry = 0;
let r3 = ::mac_with_carry(r3, (self.0).0[1], (self.0).0[2], &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[1], (self.0).0[3], &mut carry);
let r5 = ::mac_with_carry(r5, (self.0).0[1], (self.0).0[4], &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[1], (self.0).0[5], &mut carry);
let r7 = carry;
let mut carry = 0;
let r5 = ::mac_with_carry(r5, (self.0).0[2], (self.0).0[3], &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[2], (self.0).0[4], &mut carry);
let r7 = ::mac_with_carry(r7, (self.0).0[2], (self.0).0[5], &mut carry);
let r8 = carry;
let mut carry = 0;
let r7 = ::mac_with_carry(r7, (self.0).0[3], (self.0).0[4], &mut carry);
let r8 = ::mac_with_carry(r8, (self.0).0[3], (self.0).0[5], &mut carry);
let r9 = carry;
let mut carry = 0;
let r9 = ::mac_with_carry(r9, (self.0).0[4], (self.0).0[5], &mut carry);
let r10 = carry;
let r11 = r10 >> 63;
let r10 = (r10 << 1) | (r9 >> 63);
let r9 = (r9 << 1) | (r8 >> 63);
let r8 = (r8 << 1) | (r7 >> 63);
let r7 = (r7 << 1) | (r6 >> 63);
let r6 = (r6 << 1) | (r5 >> 63);
let r5 = (r5 << 1) | (r4 >> 63);
let r4 = (r4 << 1) | (r3 >> 63);
let r3 = (r3 << 1) | (r2 >> 63);
let r2 = (r2 << 1) | (r1 >> 63);
let r1 = r1 << 1;
let mut carry = 0;
let r0 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[0], &mut carry);
let r1 = ::adc(r1, 0, &mut carry);
let r2 = ::mac_with_carry(r2, (self.0).0[1], (self.0).0[1], &mut carry);
let r3 = ::adc(r3, 0, &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[2], (self.0).0[2], &mut carry);
let r5 = ::adc(r5, 0, &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[3], (self.0).0[3], &mut carry);
let r7 = ::adc(r7, 0, &mut carry);
let r8 = ::mac_with_carry(r8, (self.0).0[4], (self.0).0[4], &mut carry);
let r9 = ::adc(r9, 0, &mut carry);
let r10 = ::mac_with_carry(r10, (self.0).0[5], (self.0).0[5], &mut carry);
let r11 = ::adc(r11, 0, &mut carry);
self.mont_reduce(r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11);
}
}
impl Fq {
/// Determines if the element is really in the field. This is only used
/// internally.
#[inline(always)]
fn is_valid(&self) -> bool {
self.0 < MODULUS
}
/// Subtracts the modulus from this element if this element is not in the
/// field. Only used internally.
#[inline(always)]
fn reduce(&mut self) {
if !self.is_valid() {
self.0.sub_noborrow(&MODULUS);
}
}
#[inline(always)]
fn mont_reduce(
&mut self,
r0: u64,
mut r1: u64,
mut r2: u64,
mut r3: u64,
mut r4: u64,
mut r5: u64,
mut r6: u64,
mut r7: u64,
mut r8: u64,
mut r9: u64,
mut r10: u64,
mut r11: u64,
) {
// The Montgomery reduction here is based on Algorithm 14.32 in
// Handbook of Applied Cryptography
// <http://cacr.uwaterloo.ca/hac/about/chap14.pdf>.
let k = r0.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r0, k, MODULUS.0[0], &mut carry);
r1 = ::mac_with_carry(r1, k, MODULUS.0[1], &mut carry);
r2 = ::mac_with_carry(r2, k, MODULUS.0[2], &mut carry);
r3 = ::mac_with_carry(r3, k, MODULUS.0[3], &mut carry);
r4 = ::mac_with_carry(r4, k, MODULUS.0[4], &mut carry);
r5 = ::mac_with_carry(r5, k, MODULUS.0[5], &mut carry);
r6 = ::adc(r6, 0, &mut carry);
let carry2 = carry;
let k = r1.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r1, k, MODULUS.0[0], &mut carry);
r2 = ::mac_with_carry(r2, k, MODULUS.0[1], &mut carry);
r3 = ::mac_with_carry(r3, k, MODULUS.0[2], &mut carry);
r4 = ::mac_with_carry(r4, k, MODULUS.0[3], &mut carry);
r5 = ::mac_with_carry(r5, k, MODULUS.0[4], &mut carry);
r6 = ::mac_with_carry(r6, k, MODULUS.0[5], &mut carry);
r7 = ::adc(r7, carry2, &mut carry);
let carry2 = carry;
let k = r2.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r2, k, MODULUS.0[0], &mut carry);
r3 = ::mac_with_carry(r3, k, MODULUS.0[1], &mut carry);
r4 = ::mac_with_carry(r4, k, MODULUS.0[2], &mut carry);
r5 = ::mac_with_carry(r5, k, MODULUS.0[3], &mut carry);
r6 = ::mac_with_carry(r6, k, MODULUS.0[4], &mut carry);
r7 = ::mac_with_carry(r7, k, MODULUS.0[5], &mut carry);
r8 = ::adc(r8, carry2, &mut carry);
let carry2 = carry;
let k = r3.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r3, k, MODULUS.0[0], &mut carry);
r4 = ::mac_with_carry(r4, k, MODULUS.0[1], &mut carry);
r5 = ::mac_with_carry(r5, k, MODULUS.0[2], &mut carry);
r6 = ::mac_with_carry(r6, k, MODULUS.0[3], &mut carry);
r7 = ::mac_with_carry(r7, k, MODULUS.0[4], &mut carry);
r8 = ::mac_with_carry(r8, k, MODULUS.0[5], &mut carry);
r9 = ::adc(r9, carry2, &mut carry);
let carry2 = carry;
let k = r4.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r4, k, MODULUS.0[0], &mut carry);
r5 = ::mac_with_carry(r5, k, MODULUS.0[1], &mut carry);
r6 = ::mac_with_carry(r6, k, MODULUS.0[2], &mut carry);
r7 = ::mac_with_carry(r7, k, MODULUS.0[3], &mut carry);
r8 = ::mac_with_carry(r8, k, MODULUS.0[4], &mut carry);
r9 = ::mac_with_carry(r9, k, MODULUS.0[5], &mut carry);
r10 = ::adc(r10, carry2, &mut carry);
let carry2 = carry;
let k = r5.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r5, k, MODULUS.0[0], &mut carry);
r6 = ::mac_with_carry(r6, k, MODULUS.0[1], &mut carry);
r7 = ::mac_with_carry(r7, k, MODULUS.0[2], &mut carry);
r8 = ::mac_with_carry(r8, k, MODULUS.0[3], &mut carry);
r9 = ::mac_with_carry(r9, k, MODULUS.0[4], &mut carry);
r10 = ::mac_with_carry(r10, k, MODULUS.0[5], &mut carry);
r11 = ::adc(r11, carry2, &mut carry);
(self.0).0[0] = r6;
(self.0).0[1] = r7;
(self.0).0[2] = r8;
(self.0).0[3] = r9;
(self.0).0[4] = r10;
(self.0).0[5] = r11;
self.reduce();
}
}
impl SqrtField for Fq {
fn legendre(&self) -> ::LegendreSymbol {
use LegendreSymbol::*;
// s = self^((q - 1) // 2)
let s = self.pow([
0xdcff7fffffffd555,
0xf55ffff58a9ffff,
0xb39869507b587b12,
0xb23ba5c279c2895f,
0x258dd3db21a5d66b,
0xd0088f51cbff34d,
]);
if s == Fq::zero() {
Zero
} else if s == Fq::one() {
QuadraticResidue
} else {
QuadraticNonResidue
}
}
fn sqrt(&self) -> Option<Self> {
// Shank's algorithm for q mod 4 = 3
// https://eprint.iacr.org/2012/685.pdf (page 9, algorithm 2)
// a1 = self^((q - 3) // 4)
let mut a1 = self.pow([
0xee7fbfffffffeaaa,
0x7aaffffac54ffff,
0xd9cc34a83dac3d89,
0xd91dd2e13ce144af,
0x92c6e9ed90d2eb35,
0x680447a8e5ff9a6,
]);
let mut a0 = a1;
a0.square();
a0.mul_assign(self);
if a0 == NEGATIVE_ONE {
None
} else {
a1.mul_assign(self);
Some(a1)
}
}
}
#[test]
fn test_b_coeff() {
assert_eq!(Fq::from_repr(FqRepr::from(4)).unwrap(), B_COEFF);
@ -1899,6 +1177,8 @@ use rand::{Rand, SeedableRng, XorShiftRng};
#[test]
fn test_fq_repr_ordering() {
use std::cmp::Ordering;
fn assert_equality(a: FqRepr, b: FqRepr) {
assert_eq!(a, b);
assert!(a.cmp(&b) == Ordering::Equal);
@ -2304,14 +1584,16 @@ fn test_fq_is_valid() {
0x17c8be1800b9f059
])).is_valid()
);
assert!(!Fq(FqRepr([
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff
])).is_valid());
assert!(
!Fq(FqRepr([
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff
])).is_valid()
);
let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
@ -2745,6 +2027,8 @@ fn test_fq_pow() {
#[test]
fn test_fq_sqrt() {
use ff::SqrtField;
let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
assert_eq!(Fq::zero().sqrt().unwrap(), Fq::zero());
@ -2878,6 +2162,8 @@ fn test_fq_num_bits() {
#[test]
fn test_fq_root_of_unity() {
use ff::SqrtField;
assert_eq!(Fq::S, 1);
assert_eq!(
Fq::multiplicative_generator(),
@ -2924,7 +2210,8 @@ fn fq_repr_tests() {
#[test]
fn test_fq_legendre() {
use LegendreSymbol::*;
use ff::LegendreSymbol::*;
use ff::SqrtField;
assert_eq!(QuadraticResidue, Fq::one().legendre());
assert_eq!(Zero, Fq::zero().legendre());

4
src/bls12_381/fq12.rs
View File

@ -1,8 +1,8 @@
use super::fq::FROBENIUS_COEFF_FQ12_C1;
use super::fq2::Fq2;
use super::fq6::Fq6;
use ff::Field;
use rand::{Rand, Rng};
use Field;
/// An element of Fq12, represented by c0 + c1 * w.
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
@ -182,7 +182,7 @@ fn test_fq12_mul_by_014() {
#[test]
fn fq12_field_tests() {
use PrimeField;
use ff::PrimeField;
::tests::field::random_field_tests::<Fq12>();
::tests::field::random_frobenius_tests::<Fq12, _>(super::fq::Fq::char(), 13);

36
src/bls12_381/fq2.rs
View File

@ -1,6 +1,6 @@
use super::fq::{FROBENIUS_COEFF_FQ2_C1, Fq, NEGATIVE_ONE};
use ff::{Field, SqrtField};
use rand::{Rand, Rng};
use {Field, SqrtField};
use std::cmp::Ordering;
@ -160,7 +160,7 @@ impl Field for Fq2 {
}
impl SqrtField for Fq2 {
fn legendre(&self) -> ::LegendreSymbol {
fn legendre(&self) -> ::ff::LegendreSymbol {
self.norm().legendre()
}
@ -263,16 +263,18 @@ fn test_fq2_basics() {
);
assert!(Fq2::zero().is_zero());
assert!(!Fq2::one().is_zero());
assert!(!Fq2 {
c0: Fq::zero(),
c1: Fq::one(),
}.is_zero());
assert!(
!Fq2 {
c0: Fq::zero(),
c1: Fq::one(),
}.is_zero()
);
}
#[test]
fn test_fq2_squaring() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
let mut a = Fq2 {
c0: Fq::one(),
@ -346,7 +348,7 @@ fn test_fq2_squaring() {
#[test]
fn test_fq2_mul() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
let mut a = Fq2 {
c0: Fq::from_repr(FqRepr([
@ -410,7 +412,7 @@ fn test_fq2_mul() {
#[test]
fn test_fq2_inverse() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
assert!(Fq2::zero().inverse().is_none());
@ -459,7 +461,7 @@ fn test_fq2_inverse() {
#[test]
fn test_fq2_addition() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
let mut a = Fq2 {
c0: Fq::from_repr(FqRepr([
@ -523,7 +525,7 @@ fn test_fq2_addition() {
#[test]
fn test_fq2_subtraction() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
let mut a = Fq2 {
c0: Fq::from_repr(FqRepr([
@ -587,7 +589,7 @@ fn test_fq2_subtraction() {
#[test]
fn test_fq2_negation() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
let mut a = Fq2 {
c0: Fq::from_repr(FqRepr([
@ -634,7 +636,7 @@ fn test_fq2_negation() {
#[test]
fn test_fq2_doubling() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
let mut a = Fq2 {
c0: Fq::from_repr(FqRepr([
@ -681,7 +683,7 @@ fn test_fq2_doubling() {
#[test]
fn test_fq2_frobenius_map() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
let mut a = Fq2 {
c0: Fq::from_repr(FqRepr([
@ -794,7 +796,7 @@ fn test_fq2_frobenius_map() {
#[test]
fn test_fq2_sqrt() {
use super::fq::FqRepr;
use PrimeField;
use ff::PrimeField;
assert_eq!(
Fq2 {
@ -865,7 +867,7 @@ fn test_fq2_sqrt() {
#[test]
fn test_fq2_legendre() {
use LegendreSymbol::*;
use ff::LegendreSymbol::*;
assert_eq!(Zero, Fq2::zero().legendre());
// i^2 = -1
@ -900,7 +902,7 @@ fn test_fq2_mul_nonresidue() {
#[test]
fn fq2_field_tests() {
use PrimeField;
use ff::PrimeField;
::tests::field::random_field_tests::<Fq2>();
::tests::field::random_sqrt_tests::<Fq2>();

4
src/bls12_381/fq6.rs
View File

@ -1,7 +1,7 @@
use super::fq::{FROBENIUS_COEFF_FQ6_C1, FROBENIUS_COEFF_FQ6_C2};
use super::fq2::Fq2;
use ff::Field;
use rand::{Rand, Rng};
use Field;
/// An element of Fq6, represented by c0 + c1 * v + c2 * v^(2).
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
@ -367,7 +367,7 @@ fn test_fq6_mul_by_01() {
#[test]
fn fq6_field_tests() {
use PrimeField;
use ff::PrimeField;
::tests::field::random_field_tests::<Fq6>();
::tests::field::random_frobenius_tests::<Fq6, _>(super::fq::Fq::char(), 13);

666
src/bls12_381/fr.rs
View File

@ -1,647 +1,10 @@
use LegendreSymbol::*;
use {Field, PrimeField, PrimeFieldDecodingError, PrimeFieldRepr, SqrtField};
use ff::{Field, PrimeField, PrimeFieldDecodingError, PrimeFieldRepr};
// r = 52435875175126190479447740508185965837690552500527637822603658699938581184513
const MODULUS: FrRepr = FrRepr([
0xffffffff00000001,
0x53bda402fffe5bfe,
0x3339d80809a1d805,
0x73eda753299d7d48,
]);
// The number of bits needed to represent the modulus.
const MODULUS_BITS: u32 = 255;
// The number of bits that must be shaved from the beginning of
// the representation when randomly sampling.
const REPR_SHAVE_BITS: u32 = 1;
// R = 2**256 % r
const R: FrRepr = FrRepr([
0x1fffffffe,
0x5884b7fa00034802,
0x998c4fefecbc4ff5,
0x1824b159acc5056f,
]);
// R2 = R^2 % r
const R2: FrRepr = FrRepr([
0xc999e990f3f29c6d,
0x2b6cedcb87925c23,
0x5d314967254398f,
0x748d9d99f59ff11,
]);
// INV = -(r^{-1} mod 2^64) mod 2^64
const INV: u64 = 0xfffffffeffffffff;
// GENERATOR = 7 (multiplicative generator of r-1 order, that is also quadratic nonresidue)
const GENERATOR: FrRepr = FrRepr([
0xefffffff1,
0x17e363d300189c0f,
0xff9c57876f8457b0,
0x351332208fc5a8c4,
]);
// 2^s * t = MODULUS - 1 with t odd
const S: u32 = 32;
// 2^s root of unity computed by GENERATOR^t
const ROOT_OF_UNITY: FrRepr = FrRepr([
0xb9b58d8c5f0e466a,
0x5b1b4c801819d7ec,
0xaf53ae352a31e64,
0x5bf3adda19e9b27b,
]);
#[derive(Copy, Clone, PartialEq, Eq, Default, Debug)]
pub struct FrRepr(pub [u64; 4]);
impl ::rand::Rand for FrRepr {
#[inline(always)]
fn rand<R: ::rand::Rng>(rng: &mut R) -> Self {
FrRepr(rng.gen())
}
}
impl ::std::fmt::Display for FrRepr {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
try!(write!(f, "0x"));
for i in self.0.iter().rev() {
try!(write!(f, "{:016x}", *i));
}
Ok(())
}
}
impl AsRef<[u64]> for FrRepr {
#[inline(always)]
fn as_ref(&self) -> &[u64] {
&self.0
}
}
impl AsMut<[u64]> for FrRepr {
#[inline(always)]
fn as_mut(&mut self) -> &mut [u64] {
&mut self.0
}
}
impl From<u64> for FrRepr {
#[inline(always)]
fn from(val: u64) -> FrRepr {
let mut repr = Self::default();
repr.0[0] = val;
repr
}
}
impl Ord for FrRepr {
#[inline(always)]
fn cmp(&self, other: &FrRepr) -> ::std::cmp::Ordering {
for (a, b) in self.0.iter().rev().zip(other.0.iter().rev()) {
if a < b {
return ::std::cmp::Ordering::Less;
} else if a > b {
return ::std::cmp::Ordering::Greater;
}
}
::std::cmp::Ordering::Equal
}
}
impl PartialOrd for FrRepr {
#[inline(always)]
fn partial_cmp(&self, other: &FrRepr) -> Option<::std::cmp::Ordering> {
Some(self.cmp(other))
}
}
impl PrimeFieldRepr for FrRepr {
#[inline(always)]
fn is_odd(&self) -> bool {
self.0[0] & 1 == 1
}
#[inline(always)]
fn is_even(&self) -> bool {
!self.is_odd()
}
#[inline(always)]
fn is_zero(&self) -> bool {
self.0.iter().all(|&e| e == 0)
}
#[inline(always)]
fn shr(&mut self, mut n: u32) {
if n >= 64 * 4 {
*self = Self::from(0);
return;
}
while n >= 64 {
let mut t = 0;
for i in self.0.iter_mut().rev() {
::std::mem::swap(&mut t, i);
}
n -= 64;
}
if n > 0 {
let mut t = 0;
for i in self.0.iter_mut().rev() {
let t2 = *i << (64 - n);
*i >>= n;
*i |= t;
t = t2;
}
}
}
#[inline(always)]
fn div2(&mut self) {
let mut t = 0;
for i in self.0.iter_mut().rev() {
let t2 = *i << 63;
*i >>= 1;
*i |= t;
t = t2;
}
}
#[inline(always)]
fn mul2(&mut self) {
let mut last = 0;
for i in &mut self.0 {
let tmp = *i >> 63;
*i <<= 1;
*i |= last;
last = tmp;
}
}
#[inline(always)]
fn shl(&mut self, mut n: u32) {
if n >= 64 * 4 {
*self = Self::from(0);
return;
}
while n >= 64 {
let mut t = 0;
for i in &mut self.0 {
::std::mem::swap(&mut t, i);
}
n -= 64;
}
if n > 0 {
let mut t = 0;
for i in &mut self.0 {
let t2 = *i >> (64 - n);
*i <<= n;
*i |= t;
t = t2;
}
}
}
#[inline(always)]
fn num_bits(&self) -> u32 {
let mut ret = (4 as u32) * 64;
for i in self.0.iter().rev() {
let leading = i.leading_zeros();
ret -= leading;
if leading != 64 {
break;
}
}
ret
}
#[inline(always)]
fn add_nocarry(&mut self, other: &FrRepr) {
let mut carry = 0;
for (a, b) in self.0.iter_mut().zip(other.0.iter()) {
*a = ::adc(*a, *b, &mut carry);
}
}
#[inline(always)]
fn sub_noborrow(&mut self, other: &FrRepr) {
let mut borrow = 0;
for (a, b) in self.0.iter_mut().zip(other.0.iter()) {
*a = ::sbb(*a, *b, &mut borrow);
}
}
}
#[derive(Copy, Clone, PartialEq, Eq, Debug)]
#[derive(PrimeField)]
#[PrimeFieldModulus = "52435875175126190479447740508185965837690552500527637822603658699938581184513"]
#[PrimeFieldGenerator = "7"]
pub struct Fr(FrRepr);
impl ::std::fmt::Display for Fr {
fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result {
write!(f, "Fr({})", self.into_repr())
}
}
impl ::rand::Rand for Fr {
fn rand<R: ::rand::Rng>(rng: &mut R) -> Self {
loop {
let mut tmp = Fr(FrRepr::rand(rng));
// Mask away the unused bits at the beginning.
tmp.0.as_mut()[3] &= 0xffffffffffffffff >> REPR_SHAVE_BITS;
if tmp.is_valid() {
return tmp;
}
}
}
}
impl From<Fr> for FrRepr {
fn from(e: Fr) -> FrRepr {
e.into_repr()
}
}
impl PrimeField for Fr {
type Repr = FrRepr;
fn from_repr(r: FrRepr) -> Result<Fr, PrimeFieldDecodingError> {
let mut r = Fr(r);
if r.is_valid() {
r.mul_assign(&Fr(R2));
Ok(r)
} else {
Err(PrimeFieldDecodingError::NotInField(format!("{}", r.0)))
}
}
fn into_repr(&self) -> FrRepr {
let mut r = *self;
r.mont_reduce(
(self.0).0[0],
(self.0).0[1],
(self.0).0[2],
(self.0).0[3],
0,
0,
0,
0,
);
r.0
}
fn char() -> FrRepr {
MODULUS
}
const NUM_BITS: u32 = MODULUS_BITS;
const CAPACITY: u32 = Self::NUM_BITS - 1;
fn multiplicative_generator() -> Self {
Fr(GENERATOR)
}
const S: u32 = S;
fn root_of_unity() -> Self {
Fr(ROOT_OF_UNITY)
}
}
impl Field for Fr {
#[inline]
fn zero() -> Self {
Fr(FrRepr::from(0))
}
#[inline]
fn one() -> Self {
Fr(R)
}
#[inline]
fn is_zero(&self) -> bool {
self.0.is_zero()
}
#[inline]
fn add_assign(&mut self, other: &Fr) {
// This cannot exceed the backing capacity.
self.0.add_nocarry(&other.0);
// However, it may need to be reduced.
self.reduce();
}
#[inline]
fn double(&mut self) {
// This cannot exceed the backing capacity.
self.0.mul2();
// However, it may need to be reduced.
self.reduce();
}
#[inline]
fn sub_assign(&mut self, other: &Fr) {
// If `other` is larger than `self`, we'll need to add the modulus to self first.
if other.0 > self.0 {
self.0.add_nocarry(&MODULUS);
}
self.0.sub_noborrow(&other.0);
}
#[inline]
fn negate(&mut self) {
if !self.is_zero() {
let mut tmp = MODULUS;
tmp.sub_noborrow(&self.0);
self.0 = tmp;
}
}
fn inverse(&self) -> Option<Self> {
if self.is_zero() {
None
} else {
// Guajardo Kumar Paar Pelzl
// Efficient Software-Implementation of Finite Fields with Applications to Cryptography
// Algorithm 16 (BEA for Inversion in Fp)
let one = FrRepr::from(1);
let mut u = self.0;
let mut v = MODULUS;
let mut b = Fr(R2); // Avoids unnecessary reduction step.
let mut c = Self::zero();
while u != one && v != one {
while u.is_even() {
u.div2();
if b.0.is_even() {
b.0.div2();
} else {
b.0.add_nocarry(&MODULUS);
b.0.div2();
}
}
while v.is_even() {
v.div2();
if c.0.is_even() {
c.0.div2();
} else {
c.0.add_nocarry(&MODULUS);
c.0.div2();
}
}
if v < u {
u.sub_noborrow(&v);
b.sub_assign(&c);
} else {
v.sub_noborrow(&u);
c.sub_assign(&b);
}
}
if u == one {
Some(b)
} else {
Some(c)
}
}
}
#[inline(always)]
fn frobenius_map(&mut self, _: usize) {
// This has no effect in a prime field.
}
#[inline]
fn mul_assign(&mut self, other: &Fr) {
let mut carry = 0;
let r0 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[0], &mut carry);
let r1 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[1], &mut carry);
let r2 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[2], &mut carry);
let r3 = ::mac_with_carry(0, (self.0).0[0], (other.0).0[3], &mut carry);
let r4 = carry;
let mut carry = 0;
let r1 = ::mac_with_carry(r1, (self.0).0[1], (other.0).0[0], &mut carry);
let r2 = ::mac_with_carry(r2, (self.0).0[1], (other.0).0[1], &mut carry);
let r3 = ::mac_with_carry(r3, (self.0).0[1], (other.0).0[2], &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[1], (other.0).0[3], &mut carry);
let r5 = carry;
let mut carry = 0;
let r2 = ::mac_with_carry(r2, (self.0).0[2], (other.0).0[0], &mut carry);
let r3 = ::mac_with_carry(r3, (self.0).0[2], (other.0).0[1], &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[2], (other.0).0[2], &mut carry);
let r5 = ::mac_with_carry(r5, (self.0).0[2], (other.0).0[3], &mut carry);
let r6 = carry;
let mut carry = 0;
let r3 = ::mac_with_carry(r3, (self.0).0[3], (other.0).0[0], &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[3], (other.0).0[1], &mut carry);
let r5 = ::mac_with_carry(r5, (self.0).0[3], (other.0).0[2], &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[3], (other.0).0[3], &mut carry);
let r7 = carry;
self.mont_reduce(r0, r1, r2, r3, r4, r5, r6, r7);
}
#[inline]
fn square(&mut self) {
let mut carry = 0;
let r1 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[1], &mut carry);
let r2 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[2], &mut carry);
let r3 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[3], &mut carry);
let r4 = carry;
let mut carry = 0;
let r3 = ::mac_with_carry(r3, (self.0).0[1], (self.0).0[2], &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[1], (self.0).0[3], &mut carry);
let r5 = carry;
let mut carry = 0;
let r5 = ::mac_with_carry(r5, (self.0).0[2], (self.0).0[3], &mut carry);
let r6 = carry;
let r7 = r6 >> 63;
let r6 = (r6 << 1) | (r5 >> 63);
let r5 = (r5 << 1) | (r4 >> 63);
let r4 = (r4 << 1) | (r3 >> 63);
let r3 = (r3 << 1) | (r2 >> 63);
let r2 = (r2 << 1) | (r1 >> 63);
let r1 = r1 << 1;
let mut carry = 0;
let r0 = ::mac_with_carry(0, (self.0).0[0], (self.0).0[0], &mut carry);
let r1 = ::adc(r1, 0, &mut carry);
let r2 = ::mac_with_carry(r2, (self.0).0[1], (self.0).0[1], &mut carry);
let r3 = ::adc(r3, 0, &mut carry);
let r4 = ::mac_with_carry(r4, (self.0).0[2], (self.0).0[2], &mut carry);
let r5 = ::adc(r5, 0, &mut carry);
let r6 = ::mac_with_carry(r6, (self.0).0[3], (self.0).0[3], &mut carry);
let r7 = ::adc(r7, 0, &mut carry);
self.mont_reduce(r0, r1, r2, r3, r4, r5, r6, r7);
}
}
impl Fr {
/// Determines if the element is really in the field. This is only used
/// internally.
#[inline(always)]
fn is_valid(&self) -> bool {
self.0 < MODULUS
}
/// Subtracts the modulus from this element if this element is not in the
/// field. Only used internally.
#[inline(always)]
fn reduce(&mut self) {
if !self.is_valid() {
self.0.sub_noborrow(&MODULUS);
}
}
#[inline(always)]
fn mont_reduce(
&mut self,
r0: u64,
mut r1: u64,
mut r2: u64,
mut r3: u64,
mut r4: u64,
mut r5: u64,
mut r6: u64,
mut r7: u64,
) {
// The Montgomery reduction here is based on Algorithm 14.32 in
// Handbook of Applied Cryptography
// <http://cacr.uwaterloo.ca/hac/about/chap14.pdf>.
let k = r0.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r0, k, MODULUS.0[0], &mut carry);
r1 = ::mac_with_carry(r1, k, MODULUS.0[1], &mut carry);
r2 = ::mac_with_carry(r2, k, MODULUS.0[2], &mut carry);
r3 = ::mac_with_carry(r3, k, MODULUS.0[3], &mut carry);
r4 = ::adc(r4, 0, &mut carry);
let carry2 = carry;
let k = r1.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r1, k, MODULUS.0[0], &mut carry);
r2 = ::mac_with_carry(r2, k, MODULUS.0[1], &mut carry);
r3 = ::mac_with_carry(r3, k, MODULUS.0[2], &mut carry);
r4 = ::mac_with_carry(r4, k, MODULUS.0[3], &mut carry);
r5 = ::adc(r5, carry2, &mut carry);
let carry2 = carry;
let k = r2.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r2, k, MODULUS.0[0], &mut carry);
r3 = ::mac_with_carry(r3, k, MODULUS.0[1], &mut carry);
r4 = ::mac_with_carry(r4, k, MODULUS.0[2], &mut carry);
r5 = ::mac_with_carry(r5, k, MODULUS.0[3], &mut carry);
r6 = ::adc(r6, carry2, &mut carry);
let carry2 = carry;
let k = r3.wrapping_mul(INV);
let mut carry = 0;
::mac_with_carry(r3, k, MODULUS.0[0], &mut carry);
r4 = ::mac_with_carry(r4, k, MODULUS.0[1], &mut carry);
r5 = ::mac_with_carry(r5, k, MODULUS.0[2], &mut carry);
r6 = ::mac_with_carry(r6, k, MODULUS.0[3], &mut carry);
r7 = ::adc(r7, carry2, &mut carry);
(self.0).0[0] = r4;
(self.0).0[1] = r5;
(self.0).0[2] = r6;
(self.0).0[3] = r7;
self.reduce();
}
}
impl SqrtField for Fr {
fn legendre(&self) -> ::LegendreSymbol {
// s = self^((r - 1) // 2)
let s = self.pow([
0x7fffffff80000000,
0xa9ded2017fff2dff,
0x199cec0404d0ec02,
0x39f6d3a994cebea4,
]);
if s == Self::zero() {
Zero
} else if s == Self::one() {
QuadraticResidue
} else {
QuadraticNonResidue
}
}
fn sqrt(&self) -> Option<Self> {
// Tonelli-Shank's algorithm for q mod 16 = 1
// https://eprint.iacr.org/2012/685.pdf (page 12, algorithm 5)
match self.legendre() {
Zero => Some(*self),
QuadraticNonResidue => None,
QuadraticResidue => {
let mut c = Fr(ROOT_OF_UNITY);
// r = self^((t + 1) // 2)
let mut r = self.pow([
0x7fff2dff80000000,
0x4d0ec02a9ded201,
0x94cebea4199cec04,
0x39f6d3a9,
]);
// t = self^t
let mut t = self.pow([
0xfffe5bfeffffffff,
0x9a1d80553bda402,
0x299d7d483339d808,
0x73eda753,
]);
let mut m = S;
while t != Self::one() {
let mut i = 1;
{
let mut t2i = t;
t2i.square();
loop {
if t2i == Self::one() {
break;
}
t2i.square();
i += 1;
}
}
for _ in 0..(m - i - 1) {
c.square();
}
r.mul_assign(&c);
c.square();
t.mul_assign(&c);
m = i;
}
Some(r)
}
}
}
}
#[cfg(test)]
use rand::{Rand, SeedableRng, XorShiftRng};
@ -909,6 +272,9 @@ fn test_fr_repr_sub_noborrow() {
#[test]
fn test_fr_legendre() {
use ff::LegendreSymbol::*;
use ff::SqrtField;
assert_eq!(QuadraticResidue, Fr::one().legendre());
assert_eq!(Zero, Fr::zero().legendre());
@ -1022,12 +388,14 @@ fn test_fr_is_valid() {
0x73eda753299d7d48
])).is_valid()
);
assert!(!Fr(FrRepr([
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff
])).is_valid());
assert!(
!Fr(FrRepr([
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff,
0xffffffffffffffff
])).is_valid()
);
let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
@ -1417,6 +785,8 @@ fn test_fr_pow() {
#[test]
fn test_fr_sqrt() {
use ff::SqrtField;
let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
assert_eq!(Fr::zero().sqrt().unwrap(), Fr::zero());
@ -1582,6 +952,8 @@ fn test_fr_num_bits() {
#[test]
fn test_fr_root_of_unity() {
use ff::SqrtField;
assert_eq!(Fr::S, 32);
assert_eq!(
Fr::multiplicative_generator(),

9
src/bls12_381/mod.rs
View File

@ -18,7 +18,9 @@ pub use self::fq2::Fq2;
pub use self::fq6::Fq6;
pub use self::fr::{Fr, FrRepr};
use super::{BitIterator, CurveAffine, Engine, Field};
use super::{CurveAffine, Engine};
use ff::{BitIterator, Field, ScalarEngine};
// The BLS parameter x for BLS12-381 is -0xd201000000010000
const BLS_X: u64 = 0xd201000000010000;
@ -27,8 +29,11 @@ const BLS_X_IS_NEGATIVE: bool = true;
#[derive(Clone, Debug)]
pub struct Bls12;
impl Engine for Bls12 {
impl ScalarEngine for Bls12 {
type Fr = Fr;
}
impl Engine for Bls12 {
type G1 = G1;
type G1Affine = G1Affine;
type G2 = G2;

483
src/lib.rs
View File

@ -1,19 +1,19 @@
// `clippy` is a code linting tool for improving code quality by catching
// common mistakes or strange code patterns. If the `clippy` feature is
// provided, it is enabled and all compiler warnings are prohibited.
#![cfg_attr(feature = "clippy", deny(warnings))]
#![cfg_attr(feature = "clippy", feature(plugin))]
#![cfg_attr(feature = "clippy", plugin(clippy))]
#![cfg_attr(feature = "clippy", allow(inline_always))]
#![cfg_attr(feature = "clippy", allow(too_many_arguments))]
#![cfg_attr(feature = "clippy", allow(unreadable_literal))]
#![cfg_attr(feature = "clippy", allow(many_single_char_names))]
#![cfg_attr(feature = "clippy", allow(new_without_default_derive))]
#![cfg_attr(feature = "clippy", allow(write_literal))]
// common mistakes or strange code patterns. If the `cargo-clippy` feature
// is provided, all compiler warnings are prohibited.
#![cfg_attr(feature = "cargo-clippy", deny(warnings))]
#![cfg_attr(feature = "cargo-clippy", allow(inline_always))]
#![cfg_attr(feature = "cargo-clippy", allow(too_many_arguments))]
#![cfg_attr(feature = "cargo-clippy", allow(unreadable_literal))]
#![cfg_attr(feature = "cargo-clippy", allow(many_single_char_names))]
#![cfg_attr(feature = "cargo-clippy", allow(new_without_default_derive))]
#![cfg_attr(feature = "cargo-clippy", allow(write_literal))]
// Force public structures to implement Debug
#![deny(missing_debug_implementations)]
extern crate byteorder;
#[macro_use]
extern crate ff;
extern crate rand;
#[cfg(test)]
@ -24,17 +24,14 @@ pub mod bls12_381;
mod wnaf;
pub use self::wnaf::Wnaf;
use ff::{Field, PrimeField, PrimeFieldDecodingError, PrimeFieldRepr, ScalarEngine, SqrtField};
use std::error::Error;
use std::fmt;
use std::io::{self, Read, Write};
/// An "engine" is a collection of types (fields, elliptic curve groups, etc.)
/// with well-defined relationships. In particular, the G1/G2 curve groups are
/// of prime order `r`, and are equipped with a bilinear pairing function.
pub trait Engine: Sized + 'static + Clone {
/// This is the scalar field of the G1/G2 groups.
type Fr: PrimeField + SqrtField;
pub trait Engine: ScalarEngine {
/// The projective representation of an element in G1.
type G1: CurveProjective<
Engine = Self,
@ -263,208 +260,6 @@ pub trait EncodedPoint:
fn from_affine(affine: Self::Affine) -> Self;
}
/// This trait represents an element of a field.
pub trait Field:
Sized + Eq + Copy + Clone + Send + Sync + fmt::Debug + fmt::Display + 'static + rand::Rand
{
/// Returns the zero element of the field, the additive identity.
fn zero() -> Self;
/// Returns the one element of the field, the multiplicative identity.
fn one() -> Self;
/// Returns true iff this element is zero.
fn is_zero(&self) -> bool;
/// Squares this element.
fn square(&mut self);
/// Doubles this element.
fn double(&mut self);
/// Negates this element.
fn negate(&mut self);
/// Adds another element to this element.
fn add_assign(&mut self, other: &Self);
/// Subtracts another element from this element.
fn sub_assign(&mut self, other: &Self);
/// Multiplies another element by this element.
fn mul_assign(&mut self, other: &Self);
/// Computes the multiplicative inverse of this element, if nonzero.
fn inverse(&self) -> Option<Self>;
/// Exponentiates this element by a power of the base prime modulus via
/// the Frobenius automorphism.
fn frobenius_map(&mut self, power: usize);
/// Exponentiates this element by a number represented with `u64` limbs,
/// least significant digit first.
fn pow<S: AsRef<[u64]>>(&self, exp: S) -> Self {
let mut res = Self::one();
let mut found_one = false;
for i in BitIterator::new(exp) {
if found_one {
res.square();
} else {
found_one = i;
}
if i {
res.mul_assign(self);
}
}
res
}
}
/// This trait represents an element of a field that has a square root operation described for it.
pub trait SqrtField: Field {
/// Returns the Legendre symbol of the field element.
fn legendre(&self) -> LegendreSymbol;
/// Returns the square root of the field element, if it is
/// quadratic residue.
fn sqrt(&self) -> Option<Self>;
}
/// This trait represents a wrapper around a biginteger which can encode any element of a particular
/// prime field. It is a smart wrapper around a sequence of `u64` limbs, least-significant digit
/// first.
pub trait PrimeFieldRepr:
Sized
+ Copy
+ Clone
+ Eq
+ Ord
+ Send
+ Sync
+ Default
+ fmt::Debug
+ fmt::Display
+ 'static
+ rand::Rand
+ AsRef<[u64]>
+ AsMut<[u64]>
+ From<u64>
{
/// Subtract another represetation from this one.
fn sub_noborrow(&mut self, other: &Self);
/// Add another representation to this one.
fn add_nocarry(&mut self, other: &Self);
/// Compute the number of bits needed to encode this number. Always a
/// multiple of 64.
fn num_bits(&self) -> u32;
/// Returns true iff this number is zero.
fn is_zero(&self) -> bool;
/// Returns true iff this number is odd.
fn is_odd(&self) -> bool;
/// Returns true iff this number is even.
fn is_even(&self) -> bool;
/// Performs a rightwise bitshift of this number, effectively dividing
/// it by 2.
fn div2(&mut self);
/// Performs a rightwise bitshift of this number by some amount.
fn shr(&mut self, amt: u32);
/// Performs a leftwise bitshift of this number, effectively multiplying
/// it by 2. Overflow is ignored.
fn mul2(&mut self);
/// Performs a leftwise bitshift of this number by some amount.
fn shl(&mut self, amt: u32);
/// Writes this `PrimeFieldRepr` as a big endian integer.
fn write_be<W: Write>(&self, mut writer: W) -> io::Result<()> {
use byteorder::{BigEndian, WriteBytesExt};
for digit in self.as_ref().iter().rev() {
writer.write_u64::<BigEndian>(*digit)?;
}
Ok(())
}
/// Reads a big endian integer into this representation.
fn read_be<R: Read>(&mut self, mut reader: R) -> io::Result<()> {
use byteorder::{BigEndian, ReadBytesExt};
for digit in self.as_mut().iter_mut().rev() {
*digit = reader.read_u64::<BigEndian>()?;
}
Ok(())
}
/// Writes this `PrimeFieldRepr` as a little endian integer.
fn write_le<W: Write>(&self, mut writer: W) -> io::Result<()> {
use byteorder::{LittleEndian, WriteBytesExt};
for digit in self.as_ref().iter() {
writer.write_u64::<LittleEndian>(*digit)?;
}
Ok(())
}
/// Reads a little endian integer into this representation.
fn read_le<R: Read>(&mut self, mut reader: R) -> io::Result<()> {
use byteorder::{LittleEndian, ReadBytesExt};
for digit in self.as_mut().iter_mut() {
*digit = reader.read_u64::<LittleEndian>()?;
}
Ok(())
}
}
#[derive(Debug, PartialEq)]
pub enum LegendreSymbol {
Zero = 0,
QuadraticResidue = 1,
QuadraticNonResidue = -1,
}
/// An error that may occur when trying to interpret a `PrimeFieldRepr` as a
/// `PrimeField` element.
#[derive(Debug)]
pub enum PrimeFieldDecodingError {
/// The encoded value is not in the field
NotInField(String),
}
impl Error for PrimeFieldDecodingError {
fn description(&self) -> &str {
match *self {
PrimeFieldDecodingError::NotInField(..) => "not an element of the field",
}
}
}
impl fmt::Display for PrimeFieldDecodingError {
fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
match *self {
PrimeFieldDecodingError::NotInField(ref repr) => {
write!(f, "{} is not an element of the field", repr)
}
}
}
}
/// An error that may occur when trying to decode an `EncodedPoint`.
#[derive(Debug)]
pub enum GroupDecodingError {
@ -504,255 +299,3 @@ impl fmt::Display for GroupDecodingError {
}
}
}
/// This represents an element of a prime field.
pub trait PrimeField: Field {
/// The prime field can be converted back and forth into this biginteger
/// representation.
type Repr: PrimeFieldRepr + From<Self>;
/// Interpret a string of numbers as a (congruent) prime field element.
/// Does not accept unnecessary leading zeroes or a blank string.
fn from_str(s: &str) -> Option<Self> {
if s.is_empty() {
return None;
}
if s == "0" {
return Some(Self::zero());
}
let mut res = Self::zero();
let ten = Self::from_repr(Self::Repr::from(10)).unwrap();
let mut first_digit = true;
for c in s.chars() {
match c.to_digit(10) {
Some(c) => {
if first_digit {
if c == 0 {
return None;
}
first_digit = false;
}
res.mul_assign(&ten);
res.add_assign(&Self::from_repr(Self::Repr::from(u64::from(c))).unwrap());
}
None => {
return None;
}
}
}
Some(res)
}
/// Convert this prime field element into a biginteger representation.
fn from_repr(Self::Repr) -> Result<Self, PrimeFieldDecodingError>;
/// Convert a biginteger representation into a prime field element, if
/// the number is an element of the field.
fn into_repr(&self) -> Self::Repr;
/// Returns the field characteristic; the modulus.
fn char() -> Self::Repr;
/// How many bits are needed to represent an element of this field.
const NUM_BITS: u32;
/// How many bits of information can be reliably stored in the field element.
const CAPACITY: u32;
/// Returns the multiplicative generator of `char()` - 1 order. This element
/// must also be quadratic nonresidue.
fn multiplicative_generator() -> Self;
/// 2^s * t = `char()` - 1 with t odd.
const S: u32;
/// Returns the 2^s root of unity computed by exponentiating the `multiplicative_generator()`
/// by t.
fn root_of_unity() -> Self;
}
#[derive(Debug)]
pub struct BitIterator<E> {
t: E,
n: usize,
}
impl<E: AsRef<[u64]>> BitIterator<E> {
pub fn new(t: E) -> Self {
let n = t.as_ref().len() * 64;
BitIterator { t, n }
}
}
impl<E: AsRef<[u64]>> Iterator for BitIterator<E> {
type Item = bool;
fn next(&mut self) -> Option<bool> {
if self.n == 0 {
None
} else {
self.n -= 1;
let part = self.n / 64;
let bit = self.n - (64 * part);
Some(self.t.as_ref()[part] & (1 << bit) > 0)
}
}
}
#[test]
fn test_bit_iterator() {
let mut a = BitIterator::new([0xa953d79b83f6ab59, 0x6dea2059e200bd39]);
let expected = "01101101111010100010000001011001111000100000000010111101001110011010100101010011110101111001101110000011111101101010101101011001";
for e in expected.chars() {
assert!(a.next().unwrap() == (e == '1'));
}
assert!(a.next().is_none());
let expected = "1010010101111110101010000101101011101000011101110101001000011001100100100011011010001011011011010001011011101100110100111011010010110001000011110100110001100110011101101000101100011100100100100100001010011101010111110011101011000011101000111011011101011001";
let mut a = BitIterator::new([
0x429d5f3ac3a3b759,
0xb10f4c66768b1c92,
0x92368b6d16ecd3b4,
0xa57ea85ae8775219,
]);
for e in expected.chars() {
assert!(a.next().unwrap() == (e == '1'));
}
assert!(a.next().is_none());
}
#[cfg(not(feature = "expose-arith"))]
use self::arith_impl::*;
#[cfg(feature = "expose-arith")]
pub use self::arith_impl::*;
#[cfg(feature = "u128-support")]
mod arith_impl {
/// Calculate a - b - borrow, returning the result and modifying
/// the borrow value.
#[inline(always)]
pub fn sbb(a: u64, b: u64, borrow: &mut u64) -> u64 {
let tmp = (1u128 << 64) + u128::from(a) - u128::from(b) - u128::from(*borrow);
*borrow = if tmp >> 64 == 0 { 1 } else { 0 };
tmp as u64
}
/// Calculate a + b + carry, returning the sum and modifying the
/// carry value.
#[inline(always)]
pub fn adc(a: u64, b: u64, carry: &mut u64) -> u64 {
let tmp = u128::from(a) + u128::from(b) + u128::from(*carry);
*carry = (tmp >> 64) as u64;
tmp as u64
}
/// Calculate a + (b * c) + carry, returning the least significant digit
/// and setting carry to the most significant digit.
#[inline(always)]
pub fn mac_with_carry(a: u64, b: u64, c: u64, carry: &mut u64) -> u64 {
let tmp = (u128::from(a)) + u128::from(b) * u128::from(c) + u128::from(*carry);
*carry = (tmp >> 64) as u64;
tmp as u64
}
}
#[cfg(not(feature = "u128-support"))]
mod arith_impl {
#[inline(always)]
fn split_u64(i: u64) -> (u64, u64) {
(i >> 32, i & 0xFFFFFFFF)
}
#[inline(always)]
fn combine_u64(hi: u64, lo: u64) -> u64 {
(hi << 32) | lo
}
/// Calculate a - b - borrow, returning the result and modifying
/// the borrow value.
#[inline(always)]
pub fn sbb(a: u64, b: u64, borrow: &mut u64) -> u64 {
let (a_hi, a_lo) = split_u64(a);
let (b_hi, b_lo) = split_u64(b);
let (b, r0) = split_u64((1 << 32) + a_lo - b_lo - *borrow);
let (b, r1) = split_u64((1 << 32) + a_hi - b_hi - ((b == 0) as u64));
*borrow = (b == 0) as u64;
combine_u64(r1, r0)
}
/// Calculate a + b + carry, returning the sum and modifying the
/// carry value.
#[inline(always)]
pub fn adc(a: u64, b: u64, carry: &mut u64) -> u64 {
let (a_hi, a_lo) = split_u64(a);
let (b_hi, b_lo) = split_u64(b);
let (carry_hi, carry_lo) = split_u64(*carry);
let (t, r0) = split_u64(a_lo + b_lo + carry_lo);
let (t, r1) = split_u64(t + a_hi + b_hi + carry_hi);
*carry = t;
combine_u64(r1, r0)
}
/// Calculate a + (b * c) + carry, returning the least significant digit
/// and setting carry to the most significant digit.
#[inline(always)]
pub fn mac_with_carry(a: u64, b: u64, c: u64, carry: &mut u64) -> u64 {
/*
[ b_hi | b_lo ]
[ c_hi | c_lo ] *
-------------------------------------------
[ b_lo * c_lo ] <-- w
[ b_hi * c_lo ] <-- x
[ b_lo * c_hi ] <-- y
[ b_hi * c_lo ] <-- z
[ a_hi | a_lo ]
[ C_hi | C_lo ]
*/
let (a_hi, a_lo) = split_u64(a);
let (b_hi, b_lo) = split_u64(b);
let (c_hi, c_lo) = split_u64(c);
let (carry_hi, carry_lo) = split_u64(*carry);
let (w_hi, w_lo) = split_u64(b_lo * c_lo);
let (x_hi, x_lo) = split_u64(b_hi * c_lo);
let (y_hi, y_lo) = split_u64(b_lo * c_hi);
let (z_hi, z_lo) = split_u64(b_hi * c_hi);
let (t, r0) = split_u64(w_lo + a_lo + carry_lo);
let (t, r1) = split_u64(t + w_hi + x_lo + y_lo + a_hi + carry_hi);
let (t, r2) = split_u64(t + x_hi + y_hi + z_lo);
let (_, r3) = split_u64(t + z_hi);
*carry = combine_u64(r3, r2);
combine_u64(r1, r0)
}
}

5
src/tests/curve.rs
View File

@ -1,6 +1,7 @@
use ff::Field;
use rand::{Rand, Rng, SeedableRng, XorShiftRng};
use {CurveAffine, CurveProjective, EncodedPoint, Field};
use {CurveAffine, CurveProjective, EncodedPoint};
pub fn curve_tests<G: CurveProjective>() {
let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
@ -66,8 +67,8 @@ pub fn curve_tests<G: CurveProjective>() {
}
fn random_wnaf_tests<G: CurveProjective>() {
use ff::PrimeField;
use wnaf::*;
use PrimeField;
let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);

2
src/tests/field.rs
View File

@ -1,5 +1,5 @@
use ff::{Field, LegendreSymbol, PrimeField, SqrtField};
use rand::{Rng, SeedableRng, XorShiftRng};
use {Field, LegendreSymbol, PrimeField, SqrtField};
pub fn random_frobenius_tests<F: Field, C: AsRef<[u64]>>(characteristic: C, maxpower: usize) {
let mut rng = XorShiftRng::from_seed([0x5dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);

2
src/tests/repr.rs
View File

@ -1,5 +1,5 @@
use ff::PrimeFieldRepr;
use rand::{SeedableRng, XorShiftRng};
use PrimeFieldRepr;
pub fn random_repr_tests<R: PrimeFieldRepr>() {
random_encoding_tests::<R>();