Skip to content

Commit 5835b8c

Browse files
madarsmadars
committed
Merge branch 'clearmatics-fix-curves-interfaces-inconsistencies'
This closes #35.
2 parents d061b95 + 6bb7a50 commit 5835b8c

16 files changed

+518
-507
lines changed

libff/algebra/curves/bn128/bn128_g1.cpp

Lines changed: 82 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -75,9 +75,9 @@ bn128_G1::bn128_G1()
7575
{
7676
if (bn128_G1::initialized)
7777
{
78-
this->coord[0] = G1_zero.coord[0];
79-
this->coord[1] = G1_zero.coord[1];
80-
this->coord[2] = G1_zero.coord[2];
78+
this->X = G1_zero.X;
79+
this->Y = G1_zero.Y;
80+
this->Z = G1_zero.Z;
8181
}
8282
}
8383

@@ -91,7 +91,7 @@ void bn128_G1::print() const
9191
{
9292
bn128_G1 copy(*this);
9393
copy.to_affine_coordinates();
94-
std::cout << "(" << copy.coord[0].toString(10) << " : " << copy.coord[1].toString(10) << " : " << copy.coord[2].toString(10) << ")\n";
94+
std::cout << "(" << copy.X.toString(10) << " : " << copy.Y.toString(10) << " : " << copy.Z.toString(10) << ")\n";
9595
}
9696
}
9797

@@ -103,28 +103,28 @@ void bn128_G1::print_coordinates() const
103103
}
104104
else
105105
{
106-
std::cout << "(" << coord[0].toString(10) << " : " << coord[1].toString(10) << " : " << coord[2].toString(10) << ")\n";
106+
std::cout << "(" << X.toString(10) << " : " << Y.toString(10) << " : " << Z.toString(10) << ")\n";
107107
}
108108
}
109109

110110
void bn128_G1::to_affine_coordinates()
111111
{
112112
if (this->is_zero())
113113
{
114-
coord[0] = 0;
115-
coord[1] = 1;
116-
coord[2] = 0;
114+
X = 0;
115+
Y = 1;
116+
Z = 0;
117117
}
118118
else
119119
{
120120
bn::Fp r;
121-
r = coord[2];
121+
r = Z;
122122
r.inverse();
123-
bn::Fp::square(coord[2], r);
124-
coord[0] *= coord[2];
125-
r *= coord[2];
126-
coord[1] *= r;
127-
coord[2] = 1;
123+
bn::Fp::square(Z, r);
124+
X *= Z;
125+
r *= Z;
126+
Y *= r;
127+
Z = 1;
128128
}
129129
}
130130

@@ -135,12 +135,12 @@ void bn128_G1::to_special()
135135

136136
bool bn128_G1::is_special() const
137137
{
138-
return (this->is_zero() || this->coord[2] == 1);
138+
return (this->is_zero() || this->Z == 1);
139139
}
140140

141141
bool bn128_G1::is_zero() const
142142
{
143-
return coord[2].isZero();
143+
return Z.isZero();
144144
}
145145

146146
bool bn128_G1::operator==(const bn128_G1 &other) const
@@ -158,21 +158,21 @@ bool bn128_G1::operator==(const bn128_G1 &other) const
158158
/* now neither is O */
159159

160160
bn::Fp Z1sq, Z2sq, lhs, rhs;
161-
bn::Fp::square(Z1sq, this->coord[2]);
162-
bn::Fp::square(Z2sq, other.coord[2]);
163-
bn::Fp::mul(lhs, Z2sq, this->coord[0]);
164-
bn::Fp::mul(rhs, Z1sq, other.coord[0]);
161+
bn::Fp::square(Z1sq, this->Z);
162+
bn::Fp::square(Z2sq, other.Z);
163+
bn::Fp::mul(lhs, Z2sq, this->X);
164+
bn::Fp::mul(rhs, Z1sq, other.X);
165165

166166
if (lhs != rhs)
167167
{
168168
return false;
169169
}
170170

171171
bn::Fp Z1cubed, Z2cubed;
172-
bn::Fp::mul(Z1cubed, Z1sq, this->coord[2]);
173-
bn::Fp::mul(Z2cubed, Z2sq, other.coord[2]);
174-
bn::Fp::mul(lhs, Z2cubed, this->coord[1]);
175-
bn::Fp::mul(rhs, Z1cubed, other.coord[1]);
172+
bn::Fp::mul(Z1cubed, Z1sq, this->Z);
173+
bn::Fp::mul(Z2cubed, Z2sq, other.Z);
174+
bn::Fp::mul(lhs, Z2cubed, this->Y);
175+
bn::Fp::mul(rhs, Z1cubed, other.Y);
176176

177177
return (lhs == rhs);
178178
}
@@ -212,7 +212,7 @@ bn128_G1 bn128_G1::operator+(const bn128_G1 &other) const
212212
bn128_G1 bn128_G1::operator-() const
213213
{
214214
bn128_G1 result(*this);
215-
bn::Fp::neg(result.coord[1], result.coord[1]);
215+
bn::Fp::neg(result.Y, result.Y);
216216
return result;
217217
}
218218

@@ -227,8 +227,12 @@ bn128_G1 bn128_G1::add(const bn128_G1 &other) const
227227
this->add_cnt++;
228228
#endif
229229

230-
bn128_G1 result;
231-
bn::ecop::ECAdd(result.coord, this->coord, other.coord);
230+
bn::Fp this_coord[3], other_coord[3], result_coord[3];
231+
this->fill_coord(this_coord);
232+
other.fill_coord(other_coord);
233+
bn::ecop::ECAdd(result_coord, this_coord, other_coord);
234+
235+
bn128_G1 result(result_coord);
232236
return result;
233237
}
234238

@@ -263,16 +267,16 @@ bn128_G1 bn128_G1::mixed_add(const bn128_G1 &other) const
263267
// we know that Z2 = 1
264268

265269
bn::Fp Z1Z1;
266-
bn::Fp::square(Z1Z1, this->coord[2]);
267-
const bn::Fp &U1 = this->coord[0];
270+
bn::Fp::square(Z1Z1, this->Z);
271+
const bn::Fp &U1 = this->X;
268272
bn::Fp U2;
269-
bn::Fp::mul(U2, other.coord[0], Z1Z1);
273+
bn::Fp::mul(U2, other.X, Z1Z1);
270274
bn::Fp Z1_cubed;
271-
bn::Fp::mul(Z1_cubed, this->coord[2], Z1Z1);
275+
bn::Fp::mul(Z1_cubed, this->Z, Z1Z1);
272276

273-
const bn::Fp &S1 = this->coord[1];
277+
const bn::Fp &S1 = this->Y;
274278
bn::Fp S2;
275-
bn::Fp::mul(S2, other.coord[1], Z1_cubed); // S2 = Y2*Z1*Z1Z1
279+
bn::Fp::mul(S2, other.Y, Z1_cubed); // S2 = Y2*Z1*Z1Z1
276280

277281
if (U1 == U2 && S1 == S2)
278282
{
@@ -287,7 +291,7 @@ bn128_G1 bn128_G1::mixed_add(const bn128_G1 &other) const
287291
bn128_G1 result;
288292
bn::Fp H, HH, I, J, r, V, tmp;
289293
// H = U2-X1
290-
bn::Fp::sub(H, U2, this->coord[0]);
294+
bn::Fp::sub(H, U2, this->X);
291295
// HH = H^2
292296
bn::Fp::square(HH, H);
293297
// I = 4*HH
@@ -296,26 +300,26 @@ bn128_G1 bn128_G1::mixed_add(const bn128_G1 &other) const
296300
// J = H*I
297301
bn::Fp::mul(J, H, I);
298302
// r = 2*(S2-Y1)
299-
bn::Fp::sub(tmp, S2, this->coord[1]);
303+
bn::Fp::sub(tmp, S2, this->Y);
300304
bn::Fp::add(r, tmp, tmp);
301305
// V = X1*I
302-
bn::Fp::mul(V, this->coord[0], I);
306+
bn::Fp::mul(V, this->X, I);
303307
// X3 = r^2-J-2*V
304-
bn::Fp::square(result.coord[0], r);
305-
bn::Fp::sub(result.coord[0], result.coord[0], J);
306-
bn::Fp::sub(result.coord[0], result.coord[0], V);
307-
bn::Fp::sub(result.coord[0], result.coord[0], V);
308+
bn::Fp::square(result.X, r);
309+
bn::Fp::sub(result.X, result.X, J);
310+
bn::Fp::sub(result.X, result.X, V);
311+
bn::Fp::sub(result.X, result.X, V);
308312
// Y3 = r*(V-X3)-2*Y1*J
309-
bn::Fp::sub(tmp, V, result.coord[0]);
310-
bn::Fp::mul(result.coord[1], r, tmp);
311-
bn::Fp::mul(tmp, this->coord[1], J);
312-
bn::Fp::sub(result.coord[1], result.coord[1], tmp);
313-
bn::Fp::sub(result.coord[1], result.coord[1], tmp);
313+
bn::Fp::sub(tmp, V, result.X);
314+
bn::Fp::mul(result.Y, r, tmp);
315+
bn::Fp::mul(tmp, this->Y, J);
316+
bn::Fp::sub(result.Y, result.Y, tmp);
317+
bn::Fp::sub(result.Y, result.Y, tmp);
314318
// Z3 = (Z1+H)^2-Z1Z1-HH
315-
bn::Fp::add(tmp, this->coord[2], H);
316-
bn::Fp::square(result.coord[2], tmp);
317-
bn::Fp::sub(result.coord[2], result.coord[2], Z1Z1);
318-
bn::Fp::sub(result.coord[2], result.coord[2], HH);
319+
bn::Fp::add(tmp, this->Z, H);
320+
bn::Fp::square(result.Z, tmp);
321+
bn::Fp::sub(result.Z, result.Z, Z1Z1);
322+
bn::Fp::sub(result.Z, result.Z, HH);
319323
return result;
320324
}
321325

@@ -325,8 +329,11 @@ bn128_G1 bn128_G1::dbl() const
325329
this->dbl_cnt++;
326330
#endif
327331

328-
bn128_G1 result;
329-
bn::ecop::ECDouble(result.coord, this->coord);
332+
bn::Fp this_coord[3], result_coord[3];
333+
this->fill_coord(this_coord);
334+
bn::ecop::ECDouble(result_coord, this_coord);
335+
336+
bn128_G1 result(result_coord);
330337
return result;
331338
}
332339

@@ -355,20 +362,20 @@ std::ostream& operator<<(std::ostream &out, const bn128_G1 &g)
355362
#ifdef NO_PT_COMPRESSION
356363
/* no point compression case */
357364
#ifndef BINARY_OUTPUT
358-
out << gcopy.coord[0] << OUTPUT_SEPARATOR << gcopy.coord[1];
365+
out << gcopy.X << OUTPUT_SEPARATOR << gcopy.Y;
359366
#else
360-
out.write((char*) &gcopy.coord[0], sizeof(gcopy.coord[0]));
361-
out.write((char*) &gcopy.coord[1], sizeof(gcopy.coord[1]));
367+
out.write((char*) &gcopy.X, sizeof(gcopy.X));
368+
out.write((char*) &gcopy.Y, sizeof(gcopy.Y));
362369
#endif
363370

364371
#else
365372
/* point compression case */
366373
#ifndef BINARY_OUTPUT
367-
out << gcopy.coord[0];
374+
out << gcopy.X;
368375
#else
369-
out.write((char*) &gcopy.coord[0], sizeof(gcopy.coord[0]));
376+
out.write((char*) &gcopy.X, sizeof(gcopy.X));
370377
#endif
371-
out << OUTPUT_SEPARATOR << (((unsigned char*)&gcopy.coord[1])[0] & 1 ? '1' : '0');
378+
out << OUTPUT_SEPARATOR << (((unsigned char*)&gcopy.Y)[0] & 1 ? '1' : '0');
372379
#endif
373380

374381
return out;
@@ -392,13 +399,13 @@ bool bn128_G1::is_well_formed() const
392399
y^2 = x^3 + b z^6
393400
*/
394401
bn::Fp X2, Y2, Z2;
395-
bn::Fp::square(X2, this->coord[0]);
396-
bn::Fp::square(Y2, this->coord[1]);
397-
bn::Fp::square(Z2, this->coord[2]);
402+
bn::Fp::square(X2, this->X);
403+
bn::Fp::square(Y2, this->Y);
404+
bn::Fp::square(Z2, this->Z);
398405

399406
bn::Fp X3, Z3, Z6;
400-
bn::Fp::mul(X3, X2, this->coord[0]);
401-
bn::Fp::mul(Z3, Z2, this->coord[2]);
407+
bn::Fp::mul(X3, X2, this->X);
408+
bn::Fp::mul(Z3, Z2, this->Z);
402409
bn::Fp::square(Z6, Z3);
403410

404411
return (Y2 == X3 + bn128_coeff_b * Z6);
@@ -415,12 +422,12 @@ std::istream& operator>>(std::istream &in, bn128_G1 &g)
415422
#ifdef NO_PT_COMPRESSION
416423
/* no point compression case */
417424
#ifndef BINARY_OUTPUT
418-
in >> g.coord[0];
425+
in >> g.X;
419426
consume_OUTPUT_SEPARATOR(in);
420-
in >> g.coord[1];
427+
in >> g.Y;
421428
#else
422-
in.read((char*) &g.coord[0], sizeof(g.coord[0]));
423-
in.read((char*) &g.coord[1], sizeof(g.coord[1]));
429+
in.read((char*) &g.X, sizeof(g.X));
430+
in.read((char*) &g.Y, sizeof(g.Y));
424431
#endif
425432

426433
#else
@@ -439,24 +446,24 @@ std::istream& operator>>(std::istream &in, bn128_G1 &g)
439446
// y = +/- sqrt(x^3 + b)
440447
if (!is_zero)
441448
{
442-
g.coord[0] = tX;
449+
g.X = tX;
443450
bn::Fp tX2, tY2;
444451
bn::Fp::square(tX2, tX);
445452
bn::Fp::mul(tY2, tX2, tX);
446453
bn::Fp::add(tY2, tY2, bn128_coeff_b);
447454

448-
g.coord[1] = bn128_G1::sqrt(tY2);
449-
if ((((unsigned char*)&g.coord[1])[0] & 1) != Y_lsb)
455+
g.Y = bn128_G1::sqrt(tY2);
456+
if ((((unsigned char*)&g.Y)[0] & 1) != Y_lsb)
450457
{
451-
bn::Fp::neg(g.coord[1], g.coord[1]);
458+
bn::Fp::neg(g.Y, g.Y);
452459
}
453460
}
454461
#endif
455462

456463
/* finalize */
457464
if (!is_zero)
458465
{
459-
g.coord[2] = bn::Fp(1);
466+
g.Z = bn::Fp(1);
460467
}
461468
else
462469
{
@@ -502,7 +509,7 @@ void bn128_G1::batch_to_special_all_non_zeros(std::vector<bn128_G1> &vec)
502509

503510
for (auto &el: vec)
504511
{
505-
Z_vec.emplace_back(el.coord[2]);
512+
Z_vec.emplace_back(el.Z);
506513
}
507514
bn_batch_invert<bn::Fp>(Z_vec);
508515

@@ -514,9 +521,9 @@ void bn128_G1::batch_to_special_all_non_zeros(std::vector<bn128_G1> &vec)
514521
bn::Fp::square(Z2, Z_vec[i]);
515522
bn::Fp::mul(Z3, Z2, Z_vec[i]);
516523

517-
bn::Fp::mul(vec[i].coord[0], vec[i].coord[0], Z2);
518-
bn::Fp::mul(vec[i].coord[1], vec[i].coord[1], Z3);
519-
vec[i].coord[2] = one;
524+
bn::Fp::mul(vec[i].X, vec[i].X, Z2);
525+
bn::Fp::mul(vec[i].Y, vec[i].Y, Z3);
526+
vec[i].Z = one;
520527
}
521528
}
522529

libff/algebra/curves/bn128/bn128_g1.hpp

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,11 +34,15 @@ class bn128_G1 {
3434
static bn128_G1 G1_one;
3535
static bool initialized;
3636

37-
bn::Fp coord[3];
38-
bn128_G1();
3937
typedef bn128_Fq base_field;
4038
typedef bn128_Fr scalar_field;
4139

40+
bn::Fp X, Y, Z;
41+
void fill_coord(bn::Fp coord[3]) const { coord[0] = this->X; coord[1] = this->Y; coord[2] = this->Z; return; };
42+
43+
bn128_G1();
44+
bn128_G1(bn::Fp coord[3]) : X(coord[0]), Y(coord[1]), Z(coord[2]) {};
45+
4246
void print() const;
4347
void print_coordinates() const;
4448

0 commit comments

Comments
 (0)