diff --git a/src/bls12_381/endo.rs b/src/bls12_381/endo.rs index a3aa8d85..6ff6abdd 100644 --- a/src/bls12_381/endo.rs +++ b/src/bls12_381/endo.rs @@ -1,4 +1,4 @@ -//! Source: https://github.com/privacy-scaling-explorations/halo2curves/blob/support_bls12-381/src/bls12_381/mod.rs +//! Source: use crate::arithmetic::mul_512; use crate::arithmetic::sbb; diff --git a/src/bls12_381/fp.rs b/src/bls12_381/fp.rs index de9ff766..b4780d30 100644 --- a/src/bls12_381/fp.rs +++ b/src/bls12_381/fp.rs @@ -1,6 +1,6 @@ //! This module provides an implementation of the BLS12-381 base field `GF(p)` //! where `p = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab` -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: #![allow(clippy::needless_borrow)] use core::cmp::Ordering; diff --git a/src/bls12_381/fp12.rs b/src/bls12_381/fp12.rs index 83fd6874..1f4fc383 100644 --- a/src/bls12_381/fp12.rs +++ b/src/bls12_381/fp12.rs @@ -1,4 +1,4 @@ -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use crate::{ impl_add_binop_specify_output, impl_binops_additive, impl_binops_additive_specify_output, @@ -15,7 +15,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; use rand_core::RngCore; -/// This represents an element $c_0 + c_1 w$ of $\mathbb{F}_{p^12} = \mathbb{F}_{p^6}[w] / (w^2 - v)$. +/// This represents an element $c_0 + c_1 w$ of $\mathbb{F}_{p^12} = \mathbb{F}_{p^6}\[w\] / (w^2 - v)$. pub struct Fp12 { pub c0: Fp6, pub c1: Fp6, diff --git a/src/bls12_381/fp2.rs b/src/bls12_381/fp2.rs index 6d2c1108..3fad8f42 100644 --- a/src/bls12_381/fp2.rs +++ b/src/bls12_381/fp2.rs @@ -1,5 +1,5 @@ //! This module implements arithmetic over the quadratic extension field Fp2. -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: #![allow(clippy::needless_borrow)] use core::fmt; @@ -628,6 +628,7 @@ impl ff::PrimeField for Fp2 { const CAPACITY: u32 = 381 - 1; const MODULUS: &'static str = "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab"; + #[doc(hidden)] const MULTIPLICATIVE_GENERATOR: Self = unimplemented!(); const ROOT_OF_UNITY: Self = Self { c0: Fp::from_raw_unchecked([ diff --git a/src/bls12_381/fp6.rs b/src/bls12_381/fp6.rs index e78606a5..e6ae8b46 100644 --- a/src/bls12_381/fp6.rs +++ b/src/bls12_381/fp6.rs @@ -1,4 +1,4 @@ -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use super::fp::*; use super::fp2::*; @@ -14,7 +14,7 @@ use crate::{ impl_binops_multiplicative, impl_binops_multiplicative_mixed, impl_sub_binop_specify_output, }; -/// This represents an element $c_0 + c_1 v + c_2 v^2$ of $\mathbb{F}_{p^6} = \mathbb{F}_{p^2}[v] / (v^3 - u - 1)$. +/// This represents an element $c_0 + c_1 v + c_2 v^2$ of $\mathbb{F}_{p^6} = \mathbb{F}_{p^2}\[v\] / (v^3 - u - 1)$. pub struct Fp6 { pub c0: Fp2, pub c1: Fp2, diff --git a/src/bls12_381/g1.rs b/src/bls12_381/g1.rs index 5c23c439..8d92ded4 100644 --- a/src/bls12_381/g1.rs +++ b/src/bls12_381/g1.rs @@ -1,5 +1,5 @@ //! This module provides an implementation of the $\mathbb{G}_1$ group of BLS12-381. -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use core::borrow::Borrow; use core::fmt; @@ -393,7 +393,7 @@ impl G1Affine { /// Attempts to deserialize a compressed element from big-endian bytes. See [`notes::serialization`](https://docs.rs/bls12_381/0.8.0/bls12_381/notes/serialization/index.html) /// for details about how group elements are serialized. /// - /// NOTE: this function used in [`CompressedEncoding::from_compressed`]. + /// NOTE: this function used in `CompressedEncoding::from_compressed`. pub fn from_compressed_be(bytes: &[u8; 48]) -> CtOption { // We already know the point is on the curve because this is established // by the y-coordinate recovery procedure in from_compressed_unchecked(). diff --git a/src/bls12_381/g2.rs b/src/bls12_381/g2.rs index dd6b3551..3dfe1373 100644 --- a/src/bls12_381/g2.rs +++ b/src/bls12_381/g2.rs @@ -1,5 +1,5 @@ //! This module provides an implementation of the $\mathbb{G}_2$ group of BLS12-381. -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use core::borrow::Borrow; use core::fmt; diff --git a/src/bls12_381/hash_to_curve/chain.rs b/src/bls12_381/hash_to_curve/chain.rs index b75c85c5..cd46cd4c 100644 --- a/src/bls12_381/hash_to_curve/chain.rs +++ b/src/bls12_381/hash_to_curve/chain.rs @@ -2,7 +2,7 @@ //! chain_pm3div4: input x, output x^((p-3)//4). //! chain_p2m9div16: input x, output x^((p**2 - 9) // 16). //! -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use core::ops::MulAssign; diff --git a/src/bls12_381/hash_to_curve/expand_msg.rs b/src/bls12_381/hash_to_curve/expand_msg.rs index 2f0fbf24..96bf18d8 100644 --- a/src/bls12_381/hash_to_curve/expand_msg.rs +++ b/src/bls12_381/hash_to_curve/expand_msg.rs @@ -1,7 +1,7 @@ //! This module implements message expansion consistent with the //! hash-to-curve RFC drafts 7 through 10 //! -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use core::{ fmt::{self, Debug, Formatter}, diff --git a/src/bls12_381/hash_to_curve/map_g1.rs b/src/bls12_381/hash_to_curve/map_g1.rs index 270f398e..c916a78b 100644 --- a/src/bls12_381/hash_to_curve/map_g1.rs +++ b/src/bls12_381/hash_to_curve/map_g1.rs @@ -1,6 +1,6 @@ //! Implementation of hash-to-curve for the G1 group. //! -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq}; diff --git a/src/bls12_381/hash_to_curve/map_g2.rs b/src/bls12_381/hash_to_curve/map_g2.rs index 110c1155..aefc62e7 100644 --- a/src/bls12_381/hash_to_curve/map_g2.rs +++ b/src/bls12_381/hash_to_curve/map_g2.rs @@ -1,6 +1,6 @@ //! Implementation of hash-to-curve for the G2 group //! -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq}; diff --git a/src/bls12_381/hash_to_curve/map_scalar.rs b/src/bls12_381/hash_to_curve/map_scalar.rs index 8c839aaa..e0b8b6b8 100644 --- a/src/bls12_381/hash_to_curve/map_scalar.rs +++ b/src/bls12_381/hash_to_curve/map_scalar.rs @@ -1,6 +1,6 @@ //! Implementation of hash-to-field for Scalar values //! -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use super::HashToField; use crate::bls12_381::generic_array::{typenum::U48, GenericArray}; diff --git a/src/bls12_381/hash_to_curve/mod.rs b/src/bls12_381/hash_to_curve/mod.rs index 91db16ca..d664f78b 100644 --- a/src/bls12_381/hash_to_curve/mod.rs +++ b/src/bls12_381/hash_to_curve/mod.rs @@ -1,7 +1,7 @@ //! This module implements hash_to_curve, hash_to_field and related //! hashing primitives for use with BLS signatures. //! -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use core::ops::Add; diff --git a/src/bls12_381/mod.rs b/src/bls12_381/mod.rs index ce9d5a7f..a3bd967b 100644 --- a/src/bls12_381/mod.rs +++ b/src/bls12_381/mod.rs @@ -7,7 +7,7 @@ //! * This implementation targets Rust `1.36` or later. //! * This implementation does not require the Rust standard library. //! * All operations are constant time unless explicitly noted. -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: // Catch documentation errors caused by code changes. #![allow(clippy::too_many_arguments)] diff --git a/src/bls12_381/pairings.rs b/src/bls12_381/pairings.rs index a40c0eb6..249b4c65 100644 --- a/src/bls12_381/pairings.rs +++ b/src/bls12_381/pairings.rs @@ -1,4 +1,4 @@ -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: use super::fp::Fp; use super::fp12::Fp12; @@ -491,7 +491,7 @@ impl Group for Gt { /// element as part of the pairing function (specifically, the Miller loop) and /// so should be computed whenever a $\mathbb{G}_2$ element is being used in /// multiple pairings or is otherwise known in advance. This should be used in -/// conjunction with the [`multi_miller_loop`](crate::multi_miller_loop) +/// conjunction with the [`multi_miller_loop`] /// function provided by this crate. pub struct G2Prepared { infinity: Choice, diff --git a/src/bls12_381/scalar.rs b/src/bls12_381/scalar.rs index 4269d0c0..4853b10a 100644 --- a/src/bls12_381/scalar.rs +++ b/src/bls12_381/scalar.rs @@ -1,6 +1,6 @@ //! This module provides an implementation of the BLS12-381 scalar field $\mathbb{F}_q$ //! where `q = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001` -//! Source: https://github.com/privacy-scaling-explorations/bls12_381 +//! Source: #![allow(clippy::needless_borrow)] use core::cmp::Ordering; diff --git a/src/bn256/fq12.rs b/src/bn256/fq12.rs index 77bece1f..fa7eacce 100644 --- a/src/bn256/fq12.rs +++ b/src/bn256/fq12.rs @@ -6,7 +6,7 @@ use core::ops::{Add, Mul, Neg, Sub}; use rand::RngCore; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; -/// -GAMMA is a quadratic non-residue in Fp6. Fp12 = Fp6[X]/(X^2 + GAMMA) +/// -GAMMA is a quadratic non-residue in Fp6. Fp12 = Fp6\[X\]/(X^2 + GAMMA) /// We introduce the variable w such that w^2 = -GAMMA // GAMMA = - v diff --git a/src/bn256/fq6.rs b/src/bn256/fq6.rs index 8fc46578..1eae9d30 100644 --- a/src/bn256/fq6.rs +++ b/src/bn256/fq6.rs @@ -5,7 +5,7 @@ use core::ops::{Add, Mul, Neg, Sub}; use rand::RngCore; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; -/// -BETA is a cubic non-residue in Fp2. Fp6 = Fp2[X]/(X^3 + BETA) +/// -BETA is a cubic non-residue in Fp2. Fp6 = Fp2\[X\]/(X^3 + BETA) /// We introduce the variable v such that v^3 = -BETA // BETA = - (u + 9) diff --git a/src/ff_ext/inverse.rs b/src/ff_ext/inverse.rs index d149b3ec..85092198 100644 --- a/src/ff_ext/inverse.rs +++ b/src/ff_ext/inverse.rs @@ -239,9 +239,9 @@ impl Mul> for i64 { /// /// For better understanding the implementation, the following resources are recommended: /// - D. Bernstein, B.-Y. Yang, "Fast constant-time gcd computation and modular inversion", -/// https://gcd.cr.yp.to/safegcd-20190413.pdf +/// /// - P. Wuille, "The safegcd implementation in libsecp256k1 explained", -/// https://github.com/bitcoin-core/secp256k1/blob/master/doc/safegcd_implementation.md +/// pub struct BYInverter { /// Modulus modulus: CInt<62, L>, diff --git a/src/ff_ext/jacobi.rs b/src/ff_ext/jacobi.rs index db5f8c4f..4dc2f3a0 100644 --- a/src/ff_ext/jacobi.rs +++ b/src/ff_ext/jacobi.rs @@ -325,9 +325,9 @@ fn jacobinary(mut n: u64, mut d: u64, mut t: u64) -> i64 { /// and some original optimizations. Only these differences have been commented; /// the aforesaid Pornin's method and the used ideas of M. Hamburg were given here: /// - T. Pornin, "Optimized Binary GCD for Modular Inversion", -/// https://eprint.iacr.org/2020/972.pdf +/// /// - M. Hamburg, "Computing the Jacobi symbol using Bernstein-Yang", -/// https://eprint.iacr.org/2021/1271.pdf +/// pub fn jacobi(n: &[u64], d: &[u64]) -> i64 { // Instead of the variable "j" taking the values from {-1, 1} and satysfying // at the end of the outer loop iteration the equation J = "j" * ("n" / |"d"|) diff --git a/src/pluto_eris/engine.rs b/src/pluto_eris/engine.rs index d35fc749..a3c5dd53 100644 --- a/src/pluto_eris/engine.rs +++ b/src/pluto_eris/engine.rs @@ -663,7 +663,7 @@ impl MultiMillerLoop for Pluto { } } -/// Pluto pairing-friendly curve. See: https://github.com/daira/pluto-eris +/// Pluto pairing-friendly curve. See: #[derive(Clone, Debug)] pub struct Pluto; diff --git a/src/pluto_eris/mod.rs b/src/pluto_eris/mod.rs index fd5c0aac..8f83ae70 100644 --- a/src/pluto_eris/mod.rs +++ b/src/pluto_eris/mod.rs @@ -2,9 +2,9 @@ //! //! Implementation of the Pluto / Eris half-pairing cycle of prime order elliptic curves. //! -//! Supporting evidence: https://github.com/daira/pluto-eris -//! Field constant derivation: https://github.com/davidnevadoc/ec-constants/tree/main/pluto_eris -//! Pairing constants derivation: https://github.com/John-Gong-Math/pluto_eris/blob/main/pluto_pairing.ipynb +//! Supporting evidence: +//! Field constant derivation: +//! Pairing constants derivation: mod curve; mod engine; mod fields;