From aa43b72aa3f7e3fe3543cc5149fd15229c1a926a Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Wed, 3 Jan 2024 10:46:02 +0100 Subject: [PATCH 1/8] feat: add twisted edwards trait --- src/ed25519/curve.rs | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/src/ed25519/curve.rs b/src/ed25519/curve.rs index b6eb0e35..f382036c 100644 --- a/src/ed25519/curve.rs +++ b/src/ed25519/curve.rs @@ -6,7 +6,7 @@ use core::fmt::Debug; use core::iter::Sum; use core::ops::{Add, Mul, Neg, Sub}; use ff::{BatchInverter, Field, PrimeField}; -use group::{self, Curve, Group}; +use group::{self, Curve}; use group::{prime::PrimeCurveAffine, GroupEncoding}; use rand::RngCore; use serde::{Deserialize, Serialize}; @@ -382,7 +382,7 @@ impl CurveExt for Ed25519 { } fn b() -> Self::Base { - ED25519_D + unimplemented!() } fn new_jacobian(_x: Self::Base, _y: Self::Base, _z: Self::Base) -> CtOption { @@ -697,7 +697,7 @@ impl CurveAffine for Ed25519Affine { } fn b() -> Self::Base { - ED25519_D + unimplemented!() } } @@ -916,6 +916,36 @@ impl CurveAffineExt for Ed25519Affine { } } +pub trait TwistedEdwardsCurveExt: CurveExt { + fn a() -> ::Base; + fn d() -> ::Base; +} + +impl TwistedEdwardsCurveExt for Ed25519 { + fn a() -> Fq { + -Fq::ONE + } + + fn d() -> Fq { + ED25519_D + } +} + +pub trait TwistedEdwardsCurveAffine: CurveAffine { + fn a() -> ::Base; + fn d() -> ::Base; +} + +impl TwistedEdwardsCurveAffine for Ed25519Affine { + fn a() -> Fq { + -Fq::ONE + } + + fn d() -> Fq { + ED25519_D + } +} + #[test] fn test_is_on_curve() { assert!(bool::from(Ed25519Affine::identity().is_on_curve())); From 837c67a22993d06df159be883fb1a6e8e442acf9 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Wed, 3 Jan 2024 10:46:10 +0100 Subject: [PATCH 2/8] chore: clippy fixes --- src/ed25519/curve.rs | 18 ++++++------------ src/ed25519/fq.rs | 4 ++-- src/ed25519/fr.rs | 4 ++-- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/src/ed25519/curve.rs b/src/ed25519/curve.rs index f382036c..5866a469 100644 --- a/src/ed25519/curve.rs +++ b/src/ed25519/curve.rs @@ -57,7 +57,7 @@ pub struct Ed25519Affine { pub y: Fq, } -#[derive(Copy, Clone, Hash)] +#[derive(Copy, Clone, Hash, Default)] pub struct Ed25519Compressed([u8; 32]); impl Ed25519 { @@ -103,7 +103,7 @@ impl Ed25519 { .skip(3) { acc = acc.double(); - acc += Ed25519::conditional_select(&zero, &self, bit); + acc += Ed25519::conditional_select(&zero, self, bit); } acc @@ -287,12 +287,6 @@ impl std::fmt::Debug for Ed25519Compressed { } } -impl Default for Ed25519Compressed { - fn default() -> Self { - Ed25519Compressed([0; 32]) - } -} - impl AsRef<[u8]> for Ed25519Compressed { fn as_ref(&self) -> &[u8] { &self.0 @@ -408,8 +402,8 @@ impl group::Curve for Ed25519 { let tmp = q.x; // Set the coordinates to the correct value - q.x = p.x * &tmp; // Multiply by 1/z - q.y = p.y * &tmp; // Multiply by 1/z + q.x = p.x * tmp; // Multiply by 1/z + q.y = p.y * tmp; // Multiply by 1/z } } @@ -482,7 +476,7 @@ impl crate::serde::SerdeObject for Ed25519 { x.zip(y).zip(z).zip(t).and_then(|(((x, y), z), t)| { let res = Self { x, y, z, t }; // Check that the point is on the curve. - bool::from(res.is_on_curve()).then(|| res) + bool::from(res.is_on_curve()).then_some(res) }) } fn to_raw_bytes(&self) -> Vec { @@ -601,7 +595,7 @@ impl crate::serde::SerdeObject for Ed25519Affine { x.zip(y).and_then(|(x, y)| { let res = Self { x, y }; // Check that the point is on the curve. - bool::from(res.is_on_curve()).then(|| res) + bool::from(res.is_on_curve()).then_some(res) }) } fn to_raw_bytes(&self) -> Vec { diff --git a/src/ed25519/fq.rs b/src/ed25519/fq.rs index ca132397..644a92f2 100644 --- a/src/ed25519/fq.rs +++ b/src/ed25519/fq.rs @@ -151,14 +151,14 @@ impl ff::Field for Fq { // = a^((q + 3) / 8) * (2^((q - 1) / 4)) // OR // Doesn't exist - let x1 = self.pow(&[ + let x1 = self.pow([ 0xfffffffffffffffe, 0xffffffffffffffff, 0xffffffffffffffff, 0x0fffffffffffffff, ]); - let choice1 = x1.square().ct_eq(&self); + let choice1 = x1.square().ct_eq(self); let choice2 = x1.square().ct_eq(&-self); let sqrt = Self::conditional_select(&x1, &(x1 * SQRT_MINUS_ONE), choice2); diff --git a/src/ed25519/fr.rs b/src/ed25519/fr.rs index e500d461..0aa22e95 100644 --- a/src/ed25519/fr.rs +++ b/src/ed25519/fr.rs @@ -159,14 +159,14 @@ impl ff::Field for Fr { // = a^((p + 3) / 8) * (2^((p - 1) / 4)) // OR // Doesn't exist - let x1 = self.pow(&[ + let x1 = self.pow([ 0xcb024c634b9eba7e, 0x029bdf3bd45ef39a, 0x0000000000000000, 0x0200000000000000, ]); - let choice1 = x1.square().ct_eq(&self); + let choice1 = x1.square().ct_eq(self); let choice2 = x1.square().ct_eq(&-self); let sqrt = Self::conditional_select(&x1, &(x1 * SQRT_MINUS_ONE), choice2); From 693d7c06d1f0a4f364a9fceaf78679d54b9fbe85 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Wed, 3 Jan 2024 11:01:25 +0100 Subject: [PATCH 3/8] feat: add new trait for te curves --- src/ed25519/curve.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ed25519/curve.rs b/src/ed25519/curve.rs index 5866a469..431a7410 100644 --- a/src/ed25519/curve.rs +++ b/src/ed25519/curve.rs @@ -925,12 +925,12 @@ impl TwistedEdwardsCurveExt for Ed25519 { } } -pub trait TwistedEdwardsCurveAffine: CurveAffine { +pub trait TwistedEdwardsCurveAffineExt: CurveAffineExt { fn a() -> ::Base; fn d() -> ::Base; } -impl TwistedEdwardsCurveAffine for Ed25519Affine { +impl TwistedEdwardsCurveAffineExt for Ed25519Affine { fn a() -> Fq { -Fq::ONE } From 78554807da3b10adc31dcb7d7cec0561b9636bf2 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Wed, 3 Jan 2024 11:47:39 +0100 Subject: [PATCH 4/8] fix: calculate proper constants --- src/ed25519/curve.rs | 21 ++++++--------------- src/ed25519/fq.rs | 43 +++++++++++++++++++++++++++---------------- src/ed25519/fr.rs | 41 +++++++++++++++++++++++++++++------------ 3 files changed, 62 insertions(+), 43 deletions(-) diff --git a/src/ed25519/curve.rs b/src/ed25519/curve.rs index 431a7410..93563c6d 100644 --- a/src/ed25519/curve.rs +++ b/src/ed25519/curve.rs @@ -155,12 +155,6 @@ impl Ed25519 { } } -impl Ed25519 { - fn endomorphism_base(&self) -> Self { - unimplemented!(); - } -} - impl Ed25519Affine { /// Constructs the neutral element `(0, 1)`. pub const fn identity() -> Self { @@ -351,8 +345,13 @@ impl CurveExt for Ed25519 { const CURVE_ID: &'static str = "ed25519"; + fn is_on_curve(&self) -> Choice { + let affine = Ed25519Affine::from(*self); + !self.z.is_zero() & affine.is_on_curve() & (affine.x * affine.y * self.z).ct_eq(&self.t) + } + fn endo(&self) -> Self { - self.endomorphism_base() + unimplemented!(); } fn jacobian_coordinates(&self) -> (Fq, Fq, Fq) { @@ -363,14 +362,6 @@ impl CurveExt for Ed25519 { unimplemented!(); } - fn is_on_curve(&self) -> Choice { - let affine = Ed25519Affine::from(*self); - - println!("affine: {:?}", affine); - - !self.z.is_zero() & affine.is_on_curve() & (affine.x * affine.y * self.z).ct_eq(&self.t) - } - fn a() -> Self::Base { unimplemented!() } diff --git a/src/ed25519/fq.rs b/src/ed25519/fq.rs index 644a92f2..46eb3098 100644 --- a/src/ed25519/fq.rs +++ b/src/ed25519/fq.rs @@ -45,8 +45,8 @@ const MODULUS_LIMBS_32: [u32; 8] = [ /// Constant representing the modulus as static str const MODULUS_STR: &str = "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"; -/// Obtained with: -/// `sage: GF(57896044618658097711785492504343953926634992332820282019728792003956564819949).primitive_element()` +/// Obtained with sage: +/// `GF(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed).primitive_element()` const MULTIPLICATIVE_GENERATOR: Fq = Fq::from_raw([0x02, 0x0, 0x0, 0x0]); /// INV = -(p^{-1} mod 2^64) mod 2^64 @@ -80,12 +80,26 @@ const SQRT_MINUS_ONE: Fq = Fq::from_raw([ 0x2b8324804fc1df0b, ]); -/// TODO -const ZETA: Fq = Fq::zero(); -/// TODO -const DELTA: Fq = Fq::zero(); -/// TODO -const ROOT_OF_UNITY_INV: Fq = Fq::zero(); +// Element in small order subgroup (3-order) +const ZETA: Fq = Fq::from_raw([ + 0xaa86d89d8618e538, + 0x1a1aada8413a4550, + 0xd9872fccc55bd529, + 0x381cba36aa6565b5, +]); +const ROOT_OF_UNITY: Fq = Fq::from_raw([ + 0xc4ee1b274a0ea0b0, + 0x2f431806ad2fe478, + 0x2b4d00993dfbd7a7, + 0x2b8324804fc1df0b, +]); +const ROOT_OF_UNITY_INV: Fq = Fq::from_raw([ + 0x3b11e4d8b5f15f3d, + 0xd0bce7f952d01b87, + 0xd4b2ff66c2042858, + 0x547cdb7fb03e20f4, +]); +const DELTA: Fq = Fq::from_raw([0x10, 0, 0, 0]); use crate::{ field_arithmetic, field_common, field_specific, impl_add_binop_specify_output, @@ -206,17 +220,15 @@ impl ff::Field for Fq { impl ff::PrimeField for Fq { type Repr = [u8; 32]; + const MODULUS: &'static str = MODULUS_STR; const NUM_BITS: u32 = 256; const CAPACITY: u32 = 255; - const MODULUS: &'static str = MODULUS_STR; - const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR; - /// TODO - const ROOT_OF_UNITY: Self = Self::one(); - /// TODO - const ROOT_OF_UNITY_INV: Self = Self::zero(); const TWO_INV: Self = TWO_INV; + const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR; + const S: u32 = 2; + const ROOT_OF_UNITY: Self = ROOT_OF_UNITY; + const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV; const DELTA: Self = DELTA; - const S: u32 = 1; fn from_repr(repr: Self::Repr) -> CtOption { let mut tmp = Fq([0, 0, 0, 0]); @@ -281,7 +293,6 @@ impl FromUniformBytes<64> for Fq { } impl WithSmallOrderMulGroup<3> for Fq { - /// TODO const ZETA: Self = ZETA; } diff --git a/src/ed25519/fr.rs b/src/ed25519/fr.rs index 0aa22e95..3d53e508 100644 --- a/src/ed25519/fr.rs +++ b/src/ed25519/fr.rs @@ -45,6 +45,10 @@ const MODULUS_LIMBS_32: [u32; 8] = [ ///Constant representing the modulus as static str const MODULUS_STR: &str = "0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"; +/// Obtained with sage: +/// `GF(0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed).primitive_element()` +const MULTIPLICATIVE_GENERATOR: Fr = Fr::from_raw([0x02, 0x0, 0x0, 0x0]); + /// INV = -(q^{-1} mod 2^64) mod 2^64 const INV: u64 = 0xd2b51da312547e1b; @@ -91,9 +95,26 @@ const SQRT_MINUS_ONE: Fr = Fr::from_raw([ 0x094a7310e07981e7, ]); -const ZETA: Fr = Fr::zero(); -const DELTA: Fr = Fr::zero(); -const ROOT_OF_UNITY_INV: Fr = Fr::zero(); +// Element in small order subgroup (3-order) +const ZETA: Fr = Fr::from_raw([ + 0x158687e51e07e223, + 0x471dd911c6cce91e, + 0xeb08f579fb8841ae, + 0x0378d9ddc674005f, +]); +const ROOT_OF_UNITY: Fr = Fr::from_raw([ + 0xbe8775dfebbe07d4, + 0x0ef0565342ce83fe, + 0x7d3d6d60abc1c27a, + 0x094a7310e07981e7, +]); +const ROOT_OF_UNITY_INV: Fr = Fr::from_raw([ + 0x998aed3a7137cc19, + 0x05eea38b602918d7, + 0x82c2929f543e3d86, + 0x06b58cef1f867e18, +]); +const DELTA: Fr = Fr::from_raw([0x10, 0, 0, 0]); use crate::{ field_arithmetic, field_common, field_specific, impl_add_binop_specify_output, @@ -213,18 +234,15 @@ impl ff::Field for Fr { impl ff::PrimeField for Fr { type Repr = [u8; 32]; + const MODULUS: &'static str = MODULUS_STR; const NUM_BITS: u32 = 256; const CAPACITY: u32 = 255; - const MODULUS: &'static str = MODULUS_STR; - /// TODO - const MULTIPLICATIVE_GENERATOR: Self = Self::one(); - /// TODO - const ROOT_OF_UNITY: Self = Self::one(); - /// TODO - const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV; const TWO_INV: Self = TWO_INV; + const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR; + const S: u32 = 2; + const ROOT_OF_UNITY: Self = ROOT_OF_UNITY; + const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV; const DELTA: Self = DELTA; - const S: u32 = 6; fn from_repr(repr: Self::Repr) -> CtOption { let mut tmp = Fr([0, 0, 0, 0]); @@ -289,7 +307,6 @@ impl FromUniformBytes<64> for Fr { } impl WithSmallOrderMulGroup<3> for Fr { - /// TODO const ZETA: Self = ZETA; } From d95d283669738c32f77b2bad4416ca2db2f4fe71 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Wed, 3 Jan 2024 12:09:15 +0100 Subject: [PATCH 5/8] chore: fix typos --- src/ed25519/fq.rs | 4 ++-- src/ed25519/fr.rs | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ed25519/fq.rs b/src/ed25519/fq.rs index 46eb3098..9dfa2a7e 100644 --- a/src/ed25519/fq.rs +++ b/src/ed25519/fq.rs @@ -49,7 +49,7 @@ const MODULUS_STR: &str = "0x7ffffffffffffffffffffffffffffffffffffffffffffffffff /// `GF(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed).primitive_element()` const MULTIPLICATIVE_GENERATOR: Fq = Fq::from_raw([0x02, 0x0, 0x0, 0x0]); -/// INV = -(p^{-1} mod 2^64) mod 2^64 +/// INV = -(q^{-1} mod 2^64) mod 2^64 const INV: u64 = 0x86bca1af286bca1b; /// R = 2^256 mod q @@ -72,7 +72,7 @@ const TWO_INV: Fq = Fq::from_raw([ 0x3fffffffffffffff, ]); -/// sqrt(-1) mod q = 2^((p - 1) / 4) mod q +/// sqrt(-1) mod q = 2^((q - 1) / 4) mod q const SQRT_MINUS_ONE: Fq = Fq::from_raw([ 0xc4ee1b274a0ea0b0, 0x2f431806ad2fe478, diff --git a/src/ed25519/fr.rs b/src/ed25519/fr.rs index 3d53e508..aac2fe51 100644 --- a/src/ed25519/fr.rs +++ b/src/ed25519/fr.rs @@ -49,7 +49,7 @@ const MODULUS_STR: &str = "0x1000000000000000000000000000000014def9dea2f79cd6581 /// `GF(0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed).primitive_element()` const MULTIPLICATIVE_GENERATOR: Fr = Fr::from_raw([0x02, 0x0, 0x0, 0x0]); -/// INV = -(q^{-1} mod 2^64) mod 2^64 +/// INV = -(r^{-1} mod 2^64) mod 2^64 const INV: u64 = 0xd2b51da312547e1b; /// R = 2^256 mod r @@ -87,7 +87,7 @@ const TWO_INV: Fr = Fr::from_raw([ 0x0800000000000000, ]); -/// sqrt(-1) mod p = 2^((p - 1) / 4) mod p +/// sqrt(-1) mod r = 2^((r - 1) / 4) mod r const SQRT_MINUS_ONE: Fr = Fr::from_raw([ 0xbe8775dfebbe07d4, 0x0ef0565342ce83fe, From 41b1da65a0bf6f4d31731a4f2b336b0e230170f8 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Mon, 22 Jan 2024 23:28:03 +0530 Subject: [PATCH 6/8] chore: add sage commands for constants --- src/ed25519/fq.rs | 12 +++++++++++- src/ed25519/fr.rs | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/ed25519/fq.rs b/src/ed25519/fq.rs index 9dfa2a7e..6ebccf09 100644 --- a/src/ed25519/fq.rs +++ b/src/ed25519/fq.rs @@ -46,7 +46,7 @@ const MODULUS_LIMBS_32: [u32; 8] = [ const MODULUS_STR: &str = "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed"; /// Obtained with sage: -/// `GF(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed).primitive_element()` +/// `GF(q).primitive_element()` const MULTIPLICATIVE_GENERATOR: Fq = Fq::from_raw([0x02, 0x0, 0x0, 0x0]); /// INV = -(q^{-1} mod 2^64) mod 2^64 @@ -81,24 +81,33 @@ const SQRT_MINUS_ONE: Fq = Fq::from_raw([ ]); // Element in small order subgroup (3-order) +// GF(q).primitive_element() ** ((q - 1) // N) where N = 3 const ZETA: Fq = Fq::from_raw([ 0xaa86d89d8618e538, 0x1a1aada8413a4550, 0xd9872fccc55bd529, 0x381cba36aa6565b5, ]); +// The `2^s` root of unity. +// It can be calculated by exponentiating `MULTIPLICATIVE_GENERATOR` by `t`, +// where `2^s * t = q - 1` with `t` odd. +// +// GF(q).primitive_element() ** t const ROOT_OF_UNITY: Fq = Fq::from_raw([ 0xc4ee1b274a0ea0b0, 0x2f431806ad2fe478, 0x2b4d00993dfbd7a7, 0x2b8324804fc1df0b, ]); +// Inverse of `ROOT_OF_UNITY` const ROOT_OF_UNITY_INV: Fq = Fq::from_raw([ 0x3b11e4d8b5f15f3d, 0xd0bce7f952d01b87, 0xd4b2ff66c2042858, 0x547cdb7fb03e20f4, ]); +// Generator of the `t-order` multiplicative subgroup +// GF(q).primitive_element() ** (2**s) const DELTA: Fq = Fq::from_raw([0x10, 0, 0, 0]); use crate::{ @@ -225,6 +234,7 @@ impl ff::PrimeField for Fq { const CAPACITY: u32 = 255; const TWO_INV: Self = TWO_INV; const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR; + // An integer `s` satisfying the equation `2^s * t = modulus - 1` with `t` odd. const S: u32 = 2; const ROOT_OF_UNITY: Self = ROOT_OF_UNITY; const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV; diff --git a/src/ed25519/fr.rs b/src/ed25519/fr.rs index aac2fe51..07c32287 100644 --- a/src/ed25519/fr.rs +++ b/src/ed25519/fr.rs @@ -46,7 +46,7 @@ const MODULUS_LIMBS_32: [u32; 8] = [ const MODULUS_STR: &str = "0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"; /// Obtained with sage: -/// `GF(0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed).primitive_element()` +/// `GF(r).primitive_element()` const MULTIPLICATIVE_GENERATOR: Fr = Fr::from_raw([0x02, 0x0, 0x0, 0x0]); /// INV = -(r^{-1} mod 2^64) mod 2^64 @@ -96,24 +96,33 @@ const SQRT_MINUS_ONE: Fr = Fr::from_raw([ ]); // Element in small order subgroup (3-order) +// GF(r).primitive_element() ** ((r - 1) // N) where N = 3 const ZETA: Fr = Fr::from_raw([ 0x158687e51e07e223, 0x471dd911c6cce91e, 0xeb08f579fb8841ae, 0x0378d9ddc674005f, ]); +// The `2^s` root of unity. +// It can be calculated by exponentiating `MULTIPLICATIVE_GENERATOR` by `t`, +// where `2^s * t = r - 1` with `t` odd. +// +// GF(r).primitive_element() ** t const ROOT_OF_UNITY: Fr = Fr::from_raw([ 0xbe8775dfebbe07d4, 0x0ef0565342ce83fe, 0x7d3d6d60abc1c27a, 0x094a7310e07981e7, ]); +// Inverse of `ROOT_OF_UNITY` const ROOT_OF_UNITY_INV: Fr = Fr::from_raw([ 0x998aed3a7137cc19, 0x05eea38b602918d7, 0x82c2929f543e3d86, 0x06b58cef1f867e18, ]); +// Generator of the `t-order` multiplicative subgroup +// GF(r).primitive_element() ** (2**s) const DELTA: Fr = Fr::from_raw([0x10, 0, 0, 0]); use crate::{ @@ -239,6 +248,7 @@ impl ff::PrimeField for Fr { const CAPACITY: u32 = 255; const TWO_INV: Self = TWO_INV; const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR; + // An integer `s` satisfying the equation `2^s * t = modulus - 1` with `t` odd. const S: u32 = 2; const ROOT_OF_UNITY: Self = ROOT_OF_UNITY; const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV; From 99a301ccee77527ed6188a111d9a3b2c08a45fc8 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Mon, 22 Jan 2024 23:31:27 +0530 Subject: [PATCH 7/8] fix: add backticks for code --- src/ed25519/fq.rs | 10 ++++++---- src/ed25519/fr.rs | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/ed25519/fq.rs b/src/ed25519/fq.rs index 6ebccf09..cfba8129 100644 --- a/src/ed25519/fq.rs +++ b/src/ed25519/fq.rs @@ -81,7 +81,8 @@ const SQRT_MINUS_ONE: Fq = Fq::from_raw([ ]); // Element in small order subgroup (3-order) -// GF(q).primitive_element() ** ((q - 1) // N) where N = 3 +// Sage: +// `GF(q).primitive_element() ** ((q - 1) // N)` where N = 3 const ZETA: Fq = Fq::from_raw([ 0xaa86d89d8618e538, 0x1a1aada8413a4550, @@ -91,8 +92,8 @@ const ZETA: Fq = Fq::from_raw([ // The `2^s` root of unity. // It can be calculated by exponentiating `MULTIPLICATIVE_GENERATOR` by `t`, // where `2^s * t = q - 1` with `t` odd. -// -// GF(q).primitive_element() ** t +// Sage: +// `GF(q).primitive_element() ** t` const ROOT_OF_UNITY: Fq = Fq::from_raw([ 0xc4ee1b274a0ea0b0, 0x2f431806ad2fe478, @@ -107,7 +108,8 @@ const ROOT_OF_UNITY_INV: Fq = Fq::from_raw([ 0x547cdb7fb03e20f4, ]); // Generator of the `t-order` multiplicative subgroup -// GF(q).primitive_element() ** (2**s) +// Sage: +// `GF(q).primitive_element() ** (2**s)` const DELTA: Fq = Fq::from_raw([0x10, 0, 0, 0]); use crate::{ diff --git a/src/ed25519/fr.rs b/src/ed25519/fr.rs index 07c32287..dc2c0789 100644 --- a/src/ed25519/fr.rs +++ b/src/ed25519/fr.rs @@ -96,7 +96,8 @@ const SQRT_MINUS_ONE: Fr = Fr::from_raw([ ]); // Element in small order subgroup (3-order) -// GF(r).primitive_element() ** ((r - 1) // N) where N = 3 +// Sage: +// `GF(r).primitive_element() ** ((r - 1) // N)` where N = 3 const ZETA: Fr = Fr::from_raw([ 0x158687e51e07e223, 0x471dd911c6cce91e, @@ -106,8 +107,8 @@ const ZETA: Fr = Fr::from_raw([ // The `2^s` root of unity. // It can be calculated by exponentiating `MULTIPLICATIVE_GENERATOR` by `t`, // where `2^s * t = r - 1` with `t` odd. -// -// GF(r).primitive_element() ** t +// Sage: +// `GF(r).primitive_element() ** t` const ROOT_OF_UNITY: Fr = Fr::from_raw([ 0xbe8775dfebbe07d4, 0x0ef0565342ce83fe, @@ -122,7 +123,8 @@ const ROOT_OF_UNITY_INV: Fr = Fr::from_raw([ 0x06b58cef1f867e18, ]); // Generator of the `t-order` multiplicative subgroup -// GF(r).primitive_element() ** (2**s) +// Sage: +// `GF(r).primitive_element() ** (2**s)` const DELTA: Fr = Fr::from_raw([0x10, 0, 0, 0]); use crate::{ From 5cc2b9ac14d17f9500fec0c722a2508eba011ebc Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Tue, 23 Jan 2024 03:11:30 +0530 Subject: [PATCH 8/8] fix: put serde behind feature --- src/ed25519/curve.rs | 10 +++++++--- src/ed25519/fq.rs | 8 +++++--- src/ed25519/fr.rs | 8 +++++--- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/src/ed25519/curve.rs b/src/ed25519/curve.rs index 93563c6d..1c0a17fa 100644 --- a/src/ed25519/curve.rs +++ b/src/ed25519/curve.rs @@ -9,9 +9,11 @@ use ff::{BatchInverter, Field, PrimeField}; use group::{self, Curve}; use group::{prime::PrimeCurveAffine, GroupEncoding}; use rand::RngCore; -use serde::{Deserialize, Serialize}; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; +#[cfg(feature = "derive_serde")] +use serde::{Deserialize, Serialize}; + const ED25519_GENERATOR_X: Fq = Fq::from_raw([ 0xc956_2d60_8f25_d51a, 0x692c_c760_9525_a7b2, @@ -43,7 +45,8 @@ use crate::{ impl_binops_multiplicative, impl_binops_multiplicative_mixed, impl_sub_binop_specify_output, }; -#[derive(Copy, Clone, Debug, Serialize, Deserialize)] +#[derive(Copy, Clone, Debug)] +#[cfg_attr(feature = "derive_serde", derive(Serialize, Deserialize))] pub struct Ed25519 { pub x: Fq, pub y: Fq, @@ -51,7 +54,8 @@ pub struct Ed25519 { pub t: Fq, } -#[derive(Copy, Clone, Debug, PartialEq, Hash, Serialize, Deserialize)] +#[derive(Copy, Clone, Debug, PartialEq, Hash)] +#[cfg_attr(feature = "derive_serde", derive(Serialize, Deserialize))] pub struct Ed25519Affine { pub x: Fq, pub y: Fq, diff --git a/src/ed25519/fq.rs b/src/ed25519/fq.rs index cfba8129..fed7e413 100644 --- a/src/ed25519/fq.rs +++ b/src/ed25519/fq.rs @@ -1,12 +1,13 @@ use core::convert::TryInto; use core::fmt; use core::ops::{Add, Mul, Neg, Sub}; - use ff::{FromUniformBytes, PrimeField, WithSmallOrderMulGroup}; use rand::RngCore; -use serde::{Deserialize, Serialize}; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; +#[cfg(feature = "derive_serde")] +use serde::{Deserialize, Serialize}; + use crate::arithmetic::{adc, mac, macx, sbb}; /// This represents an element of $\mathbb{F}_q$ where @@ -17,7 +18,8 @@ use crate::arithmetic::{adc, mac, macx, sbb}; // The internal representation of this type is four 64-bit unsigned // integers in little-endian order. `Fq` values are always in // Montgomery form; i.e., Fq(a) = aR mod q, with R = 2^256. -#[derive(Clone, Copy, Eq, PartialEq, Hash, Serialize, Deserialize)] +#[derive(Clone, Copy, Eq, PartialEq, Hash)] +#[cfg_attr(feature = "derive_serde", derive(Serialize, Deserialize))] pub struct Fq(pub(crate) [u64; 4]); /// Constant representing the modulus diff --git a/src/ed25519/fr.rs b/src/ed25519/fr.rs index dc2c0789..4ef3ab4b 100644 --- a/src/ed25519/fr.rs +++ b/src/ed25519/fr.rs @@ -1,12 +1,13 @@ use core::convert::TryInto; use core::fmt; use core::ops::{Add, Mul, Neg, Sub}; - use ff::{FromUniformBytes, PrimeField, WithSmallOrderMulGroup}; use rand::RngCore; -use serde::{Deserialize, Serialize}; use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption}; +#[cfg(feature = "derive_serde")] +use serde::{Deserialize, Serialize}; + use crate::arithmetic::{adc, mac, macx, sbb}; /// This represents an element of $\mathbb{F}_q$ where @@ -17,7 +18,8 @@ use crate::arithmetic::{adc, mac, macx, sbb}; // The internal representation of this type is four 64-bit unsigned // integers in little-endian order. `Fr` values are always in // Montgomery form; i.e., Fr(a) = aR mod r, with R = 2^256. -#[derive(Clone, Copy, Eq, PartialEq, Hash, Serialize, Deserialize)] +#[derive(Clone, Copy, Eq, PartialEq, Hash)] +#[cfg_attr(feature = "derive_serde", derive(Serialize, Deserialize))] pub struct Fr(pub(crate) [u64; 4]); /// Constant representing the modulus