Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Endo #128

Merged
merged 39 commits into from
Nov 3, 2021
Merged

Endo #128

Changes from 1 commit
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
ad8851b
Initial functions
DanieleDiBenedetto Feb 16, 2021
99ad511
Endomorphism implementation
phoinic Feb 22, 2021
8b10e09
Tweedle added to r1cs
phoinic Feb 22, 2021
cb4cc6e
Endomorphism implementation for all curves
phoinic Feb 22, 2021
9079f75
mnt6 feature removed from full
phoinic Feb 22, 2021
2ea76ad
Endo gadget experiments
phoinic Feb 28, 2021
5d629da
merge: endo branch merged with audit_fixes
phoinic Jul 13, 2021
5e408d8
endo mul gadget: first steps
phoinic Jul 15, 2021
20b0888
sc_testnet_2 initial commit
DanieleDiBenedetto Sep 2, 2021
2117d44
Merge branch 'proof_size_optimization' into endo
phoinic Sep 26, 2021
b29963e
Endo mul gadget implementation
phoinic Sep 30, 2021
e8b21bd
Fix endo_rep_to_scalar algorithm
phoinic Oct 3, 2021
7b5b53d
Merge branch 'sc_testnet_2' into endo_proof_size_opt
phoinic Oct 5, 2021
8030388
Updating UTs for endo gadget
phoinic Oct 5, 2021
bc56da4
Endo gadget optimization
phoinic Oct 5, 2021
468295a
Cleanup comments
phoinic Oct 5, 2021
8804cf2
Comment for endo_mul updated
phoinic Oct 5, 2021
42aee87
endo merge and optimization
phoinic Oct 9, 2021
d65e6f6
Added the Sage scripts for checking field parameters. With respect to…
Oct 11, 2021
e5b32f7
added endo mul inline docu
UlrichHaboeck75 Oct 18, 2021
7c7545a
Applied the changes suggested by Ulrich about endo_mul parameters.
Oct 19, 2021
1791773
Refactored endo mul native implementation
phoinic Oct 25, 2021
30e0c89
Refactored endo implementation
phoinic Oct 27, 2021
89904fc
Endo mul for 'short_weierstrass_projective' model
phoinic Oct 27, 2021
780ae5f
Additional implementations and bits paddings
phoinic Oct 27, 2021
5007fca
nonnative endo implementation
phoinic Oct 27, 2021
f9a9e44
Modified to check_curve_parameters.sage according to Ulrich's request…
Oct 27, 2021
690abe5
Modified to check_curve_parameters.sage according to Ulrich's request…
Oct 27, 2021
8cf7170
Modified to check_curve_parameters.sage according to Ulrich's request…
Oct 27, 2021
4c9232c
Merge branch 'endo' of https://github.com/HorizenOfficial/ginger-lib …
Oct 27, 2021
7fafe74
Endo generic test
phoinic Oct 28, 2021
40cb120
Merge branch 'rc/audit_chain' into endo_merge
phoinic Oct 28, 2021
116d558
Merge branch 'development' into endo_merge
phoinic Oct 28, 2021
5687c47
Generic endo mul UT optimized
phoinic Oct 28, 2021
6787407
Branch switched to endo
phoinic Oct 28, 2021
177e813
Sync with pc/marlin endo branches
phoinic Oct 28, 2021
bcd8fd6
additional inline doc
UlrichHaboeck75 Nov 2, 2021
3b51d3f
Resolved conflicts in check_curve_parameters.sage
Nov 3, 2021
42470dc
Parameter LAMBDA read from from the curve file, as requested by Ulrich.
Nov 3, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
additional inline doc
UlrichHaboeck75 committed Nov 2, 2021
commit bcd8fd68e81654f939fa281661f37c0262cf1c04
9 changes: 7 additions & 2 deletions algebra/src/curves/mod.rs
Original file line number Diff line number Diff line change
@@ -321,13 +321,18 @@ pub trait AffineCurve:
fn mul_by_cofactor_inv(&self) -> Self;
}

/// The `EndoMulCurve` trait for curves that have a non-trivial endomorphism
/// `Phi` of the form `Phi(x,y) = (zeta*x,y)`.
pub trait EndoMulCurve: AffineCurve {
/// An efficiently computable endomorphism of the curve (if any).
/// Apply `Phi`
fn apply_endomorphism(&self) -> Self;

/// Conversion of a bit sequence used in `endo_mul()` into its equivalent
/// scalar
fn endo_rep_to_scalar(bits: Vec<bool>) -> Result<Self::ScalarField, Error>;

/// Performs scalar multiplication of this element with mixed addition.
/// Endomorphism-based multiplication of `&self` with `bits`, a little-endian
/// endomorphism representation.
fn endo_mul(&self, bits: Vec<bool>) -> Result<Self::Projective, Error>;
}

3 changes: 2 additions & 1 deletion algebra/src/curves/models/short_weierstrass_jacobian.rs
Original file line number Diff line number Diff line change
@@ -344,7 +344,8 @@ impl<P: EndoParameters> EndoMulCurve for GroupAffine<P> {
Ok(a.mul(P::ENDO_SCALAR) + &b)
}

/// Performs scalar multiplication of this element with mixed addition.
/// Endomorphism-based multiplication of a curve point
/// with a scalar in little-endian endomorphism representation.
fn endo_mul(&self, bits: Vec<bool>) -> Result<Self::Projective, Error> {

let self_neg = self.neg();
Original file line number Diff line number Diff line change
@@ -506,12 +506,12 @@ impl<P, ConstraintF, SimulationF> EndoMulCurveGadget<SWProjective<P>, Constraint
))
}

/// The endomorphism-based scalar multiplication circuit from [Halo],taking only
/// 3.5 constraints per "scalar" bit. Assumes that `ENDO_SCALAR` satisfies the minimal
/// distance property as mentioned in `SWModelParameters`.
/// The endomorphism-based scalar multiplication circuit from [Halo] in non-native
/// arithmetics. Assumes that `ENDO_SCALAR` satisfies the minimal distance property as
/// mentioned in `SWModelParameters`.
/// Given any non-trivial point `P= &self` of the prime order r subgroup, and a slice
/// of an even number of at most `lambda` Booleans `bits`, enforces that the result equals
/// phi(bits) * P,
/// `phi(bits) * P`,
/// where `phi(bits)` is the equivalent scalar representation of `bits`.
///
/// [Halo]: https://eprint.iacr.org/2019/1021