From 6d69ac359ccd5abc2ac6a6e61d48b6195e13ba69 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Tue, 7 Nov 2023 13:10:00 +0100 Subject: [PATCH] feat: use emulated decomposition for scalar marshal --- std/algebra/defaults.go | 10 ++++++++-- std/algebra/native/sw_bls12377/g1_test.go | 10 ++++++++-- std/algebra/native/sw_bls12377/pairing2.go | 15 +++++++++++---- std/algebra/native/sw_bls24315/g1_test.go | 10 ++++++++-- std/algebra/native/sw_bls24315/pairing2.go | 15 +++++++++++---- 5 files changed, 46 insertions(+), 14 deletions(-) diff --git a/std/algebra/defaults.go b/std/algebra/defaults.go index 6759ee2135..5f319c4b5d 100644 --- a/std/algebra/defaults.go +++ b/std/algebra/defaults.go @@ -40,10 +40,16 @@ func GetCurve[FR emulated.FieldParams, G1El G1ElementT](api frontend.API) (Curve } *s = c case *Curve[sw_bls12377.ScalarField, sw_bls12377.G1Affine]: - c := sw_bls12377.NewCurve(api) + c, err := sw_bls12377.NewCurve(api) + if err != nil { + return ret, fmt.Errorf("new curve: %w", err) + } *s = c case *Curve[sw_bls24315.ScalarField, sw_bls24315.G1Affine]: - c := sw_bls24315.NewCurve(api) + c, err := sw_bls24315.NewCurve(api) + if err != nil { + return ret, fmt.Errorf("new curve: %w", err) + } *s = c default: return ret, fmt.Errorf("unknown type parametrisation") diff --git a/std/algebra/native/sw_bls12377/g1_test.go b/std/algebra/native/sw_bls12377/g1_test.go index e6e6d448ff..077fa8cb42 100644 --- a/std/algebra/native/sw_bls12377/g1_test.go +++ b/std/algebra/native/sw_bls12377/g1_test.go @@ -41,7 +41,10 @@ type MarshalScalarTest struct { } func (c *MarshalScalarTest) Define(api frontend.API) error { - ec := NewCurve(api) + ec, err := NewCurve(api) + if err != nil { + return err + } r := ec.MarshalScalar(c.X) for i := range c.R { api.AssertIsEqual(r[i], c.R[i]) @@ -71,7 +74,10 @@ type MarshalG1Test struct { } func (c *MarshalG1Test) Define(api frontend.API) error { - ec := NewCurve(api) + ec, err := NewCurve(api) + if err != nil { + return err + } // the bits are layed out exactly as in gnark-crypto r := ec.MarshalG1(c.P) for i := range c.R { diff --git a/std/algebra/native/sw_bls12377/pairing2.go b/std/algebra/native/sw_bls12377/pairing2.go index a515b0ef01..7a42ac115a 100644 --- a/std/algebra/native/sw_bls12377/pairing2.go +++ b/std/algebra/native/sw_bls12377/pairing2.go @@ -17,19 +17,26 @@ import ( // Curve allows G1 operations in BLS12-377. type Curve struct { api frontend.API + fr *emulated.Field[ScalarField] } // NewCurve initializes a new [Curve] instance. -func NewCurve(api frontend.API) *Curve { +func NewCurve(api frontend.API) (*Curve, error) { + f, err := emulated.NewField[ScalarField](api) + if err != nil { + return nil, fmt.Errorf("scalar field") + } return &Curve{ api: api, - } + fr: f, + }, nil } // MarshalScalar returns func (c *Curve) MarshalScalar(s Scalar) []frontend.Variable { - nbBits := 8 * ((ecc.BLS12_377.ScalarField().BitLen() + 7) / 8) - x := bits.ToBinary(c.api, s.Limbs[0], bits.WithNbDigits(nbBits)) + nbBits := 8 * ((ScalarField{}.Modulus().BitLen() + 7) / 8) + ss := c.fr.Reduce(&s) + x := c.fr.ToBits(ss) for i, j := 0, nbBits-1; i < j; { x[i], x[j] = x[j], x[i] i++ diff --git a/std/algebra/native/sw_bls24315/g1_test.go b/std/algebra/native/sw_bls24315/g1_test.go index 2bd5c8ab22..c2710534c7 100644 --- a/std/algebra/native/sw_bls24315/g1_test.go +++ b/std/algebra/native/sw_bls24315/g1_test.go @@ -41,7 +41,10 @@ type MarshalScalarTest struct { } func (c *MarshalScalarTest) Define(api frontend.API) error { - ec := NewCurve(api) + ec, err := NewCurve(api) + if err != nil { + return err + } r := ec.MarshalScalar(c.X) for i := range c.R { api.AssertIsEqual(r[i], c.R[i]) @@ -71,7 +74,10 @@ type MarshalG1Test struct { } func (c *MarshalG1Test) Define(api frontend.API) error { - ec := NewCurve(api) + ec, err := NewCurve(api) + if err != nil { + return err + } // we want to get the same output as gnark-crypto's marshal. // It's a point on bls12-377 so the number of bytes is 96, as the // field of definition of bls12-377 is 48 bytes long. diff --git a/std/algebra/native/sw_bls24315/pairing2.go b/std/algebra/native/sw_bls24315/pairing2.go index 3bc1a028bc..09c4fbce89 100644 --- a/std/algebra/native/sw_bls24315/pairing2.go +++ b/std/algebra/native/sw_bls24315/pairing2.go @@ -17,19 +17,26 @@ import ( // Curve allows G1 operations in BLS24-315. type Curve struct { api frontend.API + fr *emulated.Field[ScalarField] } // NewCurve initializes a new [Curve] instance. -func NewCurve(api frontend.API) *Curve { +func NewCurve(api frontend.API) (*Curve, error) { + f, err := emulated.NewField[ScalarField](api) + if err != nil { + return nil, fmt.Errorf("scalar field") + } return &Curve{ api: api, - } + fr: f, + }, nil } // MarshalScalar returns func (c *Curve) MarshalScalar(s Scalar) []frontend.Variable { - nbBits := 8 * ((ecc.BLS24_315.ScalarField().BitLen() + 7) / 8) - x := bits.ToBinary(c.api, s.Limbs[0], bits.WithNbDigits(nbBits)) + nbBits := 8 * ((ScalarField{}.Modulus().BitLen() + 7) / 8) + ss := c.fr.Reduce(&s) + x := c.fr.ToBits(ss) for i, j := 0, nbBits-1; i < j; { x[i], x[j] = x[j], x[i] i++