Skip to content

Commit

Permalink
complete ecdsa bbf
Browse files Browse the repository at this point in the history
  • Loading branch information
@AntoineCyr
AntoineCyr committed Feb 17, 2025
1 parent 0ec44ed commit cd95b5e
Show file tree
Hide file tree
Showing 25 changed files with 2,661 additions and 479 deletions.
121 changes: 53 additions & 68 deletions ...s/blueprint/include/nil/blueprint/bbf/components/algebra/curves/weierstrass/ec_double.hpp
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
//---------------------------------------------------------------------------//
// Copyright (c) 2024 Alexey Yashunsky <[email protected]>
// Copyright (c) 2024 Antoine Cyr <[email protected]>
// Copyright (c) 2025 Antoine Cyr <[email protected]>
//
// MIT License
//
Expand Down Expand Up @@ -28,23 +28,13 @@
#ifndef CRYPTO3_BBF_COMPONENTS_EC_DOUBLE_ECDSA_HPP
#define CRYPTO3_BBF_COMPONENTS_EC_DOUBLE_ECDSA_HPP

#include <functional>
#include <nil/blueprint/bbf/generic.hpp>
#include <nil/blueprint/blueprint/plonk/assignment.hpp>
#include <nil/blueprint/blueprint/plonk/circuit.hpp>
#include <nil/blueprint/component.hpp>
#include <nil/crypto3/algebra/curves/pallas.hpp>
#include <nil/crypto3/algebra/curves/vesta.hpp>
#include <nil/crypto3/zk/snark/arithmetization/plonk/constraint_system.hpp>

#include <nil/blueprint/bbf/components/algebra/fields/non_native/addition_mod_p.hpp>
#include <nil/blueprint/bbf/components/algebra/fields/non_native/add_sub_mod_p.hpp>
#include <nil/blueprint/bbf/components/algebra/fields/non_native/check_mod_p.hpp>
#include <nil/blueprint/bbf/components/algebra/fields/non_native/flexible_multiplication.hpp>
#include <nil/blueprint/bbf/components/algebra/fields/non_native/negation_mod_p.hpp>
#include <nil/blueprint/bbf/components/detail/choice_function.hpp>
#include <nil/blueprint/bbf/components/detail/range_check_multi.hpp>
#include <stdexcept>
#include <variant>
#include <nil/blueprint/bbf/generic.hpp>
#include <nil/crypto3/algebra/curves/pallas.hpp>
#include <nil/crypto3/algebra/curves/vesta.hpp>

namespace nil {
namespace blueprint {
Expand All @@ -56,8 +46,7 @@ namespace nil {
// Expects input as k-chunked values with b bits per chunk
// p' = 2^(kb) - p
// Input: xQ[0],...,xQ[k-1], yQ[0],...,yQ[k-1], p[0],...,p[k-1],
// pp[0],...,pp[k-1], 0[0], ..., 0[k-1]
// (expects zero vector constant as input)
// pp[0],...,pp[k-1], 0 (expects zero constant as input)
// Output: xR[0],...,xR[k-1], yR[0],...,yR[k-1]

template<typename FieldType>
Expand All @@ -67,7 +56,7 @@ namespace nil {
std::vector<TYPE> yQ;
std::vector<TYPE> p;
std::vector<TYPE> pp;
std::vector<TYPE> zero;
TYPE zero;
};

template<typename FieldType, GenerationStage stage,
Expand All @@ -76,8 +65,6 @@ namespace nil {
using generic_component<FieldType, stage>::allocate;
using generic_component<FieldType, stage>::copy_constrain;
using generic_component<FieldType, stage>::constrain;
using generic_component<FieldType, stage>::lookup;
using component_type = generic_component<FieldType, stage>;

public:
using typename generic_component<FieldType, stage>::TYPE;
Expand All @@ -104,23 +91,23 @@ namespace nil {
}

static std::tuple<std::vector<TYPE>, std::vector<TYPE>,
std::vector<TYPE>, std::vector<TYPE>, std::vector<TYPE>>
std::vector<TYPE>, std::vector<TYPE>, TYPE>
form_input(context_type& context_object, raw_input_type raw_input,
std::size_t num_chunks, std::size_t bit_size_chunk) {
std::vector<TYPE> input_xQ(num_chunks);
std::vector<TYPE> input_yQ(num_chunks);
std::vector<TYPE> input_p(num_chunks);
std::vector<TYPE> input_pp(num_chunks);
std::vector<TYPE> input_zero(num_chunks);
TYPE input_zero;

if constexpr (stage == GenerationStage::ASSIGNMENT) {
for (std::size_t i = 0; i < num_chunks; i++) {
input_xQ[i] = raw_input.xQ[i];
input_yQ[i] = raw_input.yQ[i];
input_p[i] = raw_input.p[i];
input_pp[i] = raw_input.pp[i];
input_zero[i] = raw_input.zero[i];
}
input_zero = raw_input.zero;
}
for (std::size_t i = 0; i < num_chunks; i++) {
context_object.allocate(input_xQ[i], 0, i,
Expand All @@ -131,16 +118,16 @@ namespace nil {
column_type::public_input);
context_object.allocate(input_pp[i], 0, i + 3 * num_chunks,
column_type::public_input);
context_object.allocate(input_zero[i], 0, i + 4 * num_chunks,
column_type::public_input);
}
context_object.allocate(input_zero, 0, 4 * num_chunks,
column_type::public_input);
return std::make_tuple(input_xQ, input_yQ, input_p, input_pp,
input_zero);
}

ec_double(context_type& context_object, std::vector<TYPE> input_xQ,
std::vector<TYPE> input_yQ, std::vector<TYPE> input_p,
std::vector<TYPE> input_pp, std::vector<TYPE> input_zero,
std::vector<TYPE> input_pp, TYPE input_zero,
std::size_t num_chunks, std::size_t bit_size_chunk,
bool make_links = true)
: generic_component<FieldType, stage>(context_object) {
Expand All @@ -149,18 +136,15 @@ namespace nil {
using non_native_integral_type =
typename NonNativeFieldType::integral_type;

using Choice_Function =
typename bbf::components::choice_function<FieldType, stage>;
using Range_Check =
typename bbf::components::range_check_multi<FieldType, stage>;
using Check_Mod_P =
typename bbf::components::check_mod_p<FieldType, stage>;
using Addition_Mod_P =
typename bbf::components::addition_mod_p<FieldType, stage,
NonNativeFieldType>;
using Negation_Mod_P =
typename bbf::components::negation_mod_p<FieldType, stage,
NonNativeFieldType>;
using Addition_Mod_P = typename bbf::components::add_sub_mod_p<
FieldType, stage, NonNativeFieldType, true>;
using Substraction_Mod_P =
typename bbf::components::add_sub_mod_p<
FieldType, stage, NonNativeFieldType, false>;
using Multiplication_Mod_P =
typename bbf::components::flexible_multiplication<
FieldType, stage, NonNativeFieldType>;
Expand Down Expand Up @@ -224,8 +208,9 @@ namespace nil {
input_pp, input_zero](std::vector<TYPE> x) {
Range_Check rc = Range_Check(context_object, x, num_chunks,
bit_size_chunk);
Check_Mod_P cm = Check_Mod_P(context_object, x, input_pp, input_zero[0],
num_chunks, bit_size_chunk);
Check_Mod_P cm =
Check_Mod_P(context_object, x, input_pp, input_zero,
num_chunks, bit_size_chunk);
};

// Copy constraint generation lambda expression
Expand All @@ -242,46 +227,46 @@ namespace nil {
check_chunked(XR);
check_chunked(YR);

auto MultModP = [&context_object, input_p, input_pp, input_zero, num_chunks,
bit_size_chunk](std::vector<TYPE> x,
std::vector<TYPE> y) {
Multiplication_Mod_P t =
Multiplication_Mod_P(context_object, x, y, input_p, input_pp, input_zero[0],
num_chunks, bit_size_chunk);
auto MultModP = [&context_object, input_p, input_pp, input_zero,
num_chunks, bit_size_chunk](
std::vector<TYPE> x, std::vector<TYPE> y) {
Multiplication_Mod_P t = Multiplication_Mod_P(
context_object, x, y, input_p, input_pp, input_zero,
num_chunks, bit_size_chunk);
return t.r;
};
auto AddModP = [&context_object, input_p, input_pp, input_zero, num_chunks,
bit_size_chunk](std::vector<TYPE> x,
std::vector<TYPE> y) {
auto AddModP = [&context_object, input_p, input_pp, input_zero,
num_chunks, bit_size_chunk](std::vector<TYPE> x,
std::vector<TYPE> y) {
Addition_Mod_P t =
Addition_Mod_P(context_object, x, y, input_p, input_pp, input_zero,
num_chunks, bit_size_chunk);
Addition_Mod_P(context_object, x, y, input_p, input_pp,
input_zero, num_chunks, bit_size_chunk);
return t.r;
};
auto NegModP = [&context_object, input_p, input_pp, input_zero, num_chunks,
bit_size_chunk](std::vector<TYPE> x) {
Negation_Mod_P t =
Negation_Mod_P(context_object, x, input_p, input_pp, input_zero, num_chunks,
bit_size_chunk);
auto SubModP = [&context_object, input_p, input_pp, input_zero,
num_chunks, bit_size_chunk](std::vector<TYPE> x,
std::vector<TYPE> y) {
Substraction_Mod_P t = Substraction_Mod_P(
context_object, x, y, input_p, input_pp, input_zero,
num_chunks, bit_size_chunk);
return t.r;
};

auto t1 = MultModP(input_yQ,LAMBDA); // t1 = yQ * lambda
auto t2 = AddModP(t1,t1); // t2 = t1 + t1 = 2yQ * lambda
auto t3 = AddModP(input_xQ,input_xQ); // t3 = xQ + xQ = 2xQ
auto t4 = AddModP(input_xQ,t3); // t4 = xQ + t3 = 3xQ
auto t5 = MultModP(t4,input_xQ); // t5 = t4 * xQ = 3xQ^2
CopyConstrain(t2, t5); // 2yQ lambda = 3xQ^2
auto t6 = AddModP(XR,t3); // t6 = xR + t3 = xR + 2xQ
auto t7 = MultModP(LAMBDA,LAMBDA); // t7 = lambda * lambda
CopyConstrain(t6, t7); // xR + 2xQ = lambda^2
auto t8 = AddModP(YR,input_yQ); // t8 = yR + yQ
auto t9 = NegModP(XR); // t9 = -xR
auto t10 = AddModP(input_xQ,t9); // t10 = xQ + t9 = xQ - xR
auto t11 = MultModP(LAMBDA,t10); // t11 = lambda * t10 =lambda(xQ-xR)
CopyConstrain(t8, t11); // yR + yQ = lambda(xQ - xR)
auto t12 = MultModP(Z,t1); // t12 = z * t1 = z * yQ * lambda
CopyConstrain(LAMBDA, t12); // lambda = z yQ lambda
auto t1 = MultModP(input_yQ, LAMBDA); // t1 = yQ * lambda
auto t2 = AddModP(t1, t1); // t2 = t1 + t1 = 2yQ * lambda
auto t3 = AddModP(input_xQ, input_xQ); // t3 = xQ + xQ = 2xQ
auto t4 = AddModP(input_xQ, t3); // t4 = xQ + t3 = 3xQ
auto t5 = MultModP(t4, input_xQ); // t5 = t4 * xQ = 3xQ^2
CopyConstrain(t2, t5); // 2yQ lambda = 3xQ^2
auto t6 = AddModP(XR, t3); // t6 = xR + t3 = xR + 2xQ
auto t7 = MultModP(LAMBDA, LAMBDA); // t7 = lambda * lambda
CopyConstrain(t6, t7); // xR + 2xQ = lambda^2
auto t8 = AddModP(YR, input_yQ); // t8 = yR + yQ
auto t9 = SubModP(input_xQ, XR); // t9 = xQ - xR
auto t10 = MultModP(LAMBDA, t9); // t10 = lambda * t9 =lambda(xQ-xR)
CopyConstrain(t8, t10); // yR + yQ = lambda(xQ - xR)
auto t11 = MultModP(Z, t1); // t11 = z * t1 = z * yQ * lambda
CopyConstrain(LAMBDA, t11); // lambda = z yQ lambda

for (int i = 0; i < num_chunks; ++i) {
xR.push_back(XR[i]);
Expand Down
Loading

0 comments on commit cd95b5e

Please sign in to comment.