From 5280fa04258aaec3e50e511c4b9575bd1d9d079a Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Tue, 17 Dec 2024 10:01:21 -0800 Subject: [PATCH 01/13] renaming PointCompressed ~> CompressedPoint point ~> pointXY inf ~> pointInf --- .../Base/Algebra/EllipticCurve/BLS12_381.hs | 24 +++---- .../Base/Algebra/EllipticCurve/BN254.hs | 16 ++--- .../Base/Algebra/EllipticCurve/Class.hs | 66 +++++++++---------- .../Base/Algebra/EllipticCurve/Ed25519.hs | 6 +- .../Base/Algebra/EllipticCurve/Pairing.hs | 10 +-- .../Base/Algebra/EllipticCurve/Pasta.hs | 16 ++--- symbolic-base/src/ZkFold/Base/Protocol/KZG.hs | 2 +- .../src/ZkFold/Base/Protocol/Plonk.hs | 2 +- .../src/ZkFold/Base/Protocol/Plonk/Prover.hs | 4 +- .../ZkFold/Base/Protocol/Plonk/Verifier.hs | 2 +- .../src/ZkFold/Base/Protocol/Plonkup.hs | 4 +- .../ZkFold/Base/Protocol/Plonkup/Prover.hs | 4 +- .../ZkFold/Base/Protocol/Plonkup/Verifier.hs | 2 +- .../src/ZkFold/Symbolic/Data/Ed25519.hs | 6 +- symbolic-base/test/Tests/Binary.hs | 6 +- 15 files changed, 85 insertions(+), 85 deletions(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs index 16303a74c..e1ed628f7 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs @@ -67,7 +67,7 @@ instance EllipticCurve BLS12_381_G1 where type BaseField BLS12_381_G1 = Fq - gen = point + gen = pointXY 0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb 0x8b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1 @@ -91,7 +91,7 @@ instance EllipticCurve BLS12_381_G2 where type BaseField BLS12_381_G2 = Fq2 - gen = point + gen = pointXY (Ext2 0x24aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8 0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e) @@ -143,7 +143,7 @@ instance Binary (Point BLS12_381_G1) where infinite = testBit byte 1 if infinite then do skip (if compressed then 47 else 95) - return inf + return pointInf else do let byteXhead = bitReverse8 $ clearBit (clearBit (clearBit byte 0) 1) 2 bytesXtail <- replicateM 47 getWord8 @@ -153,10 +153,10 @@ instance Binary (Point BLS12_381_G1) where else do bytesY <- replicateM 48 getWord8 let y = ofBytes bytesY - return (point x y) + return (pointXY x y) -instance Binary (PointCompressed BLS12_381_G1) where - put (PointCompressed x bigY isInf) = +instance Binary (CompressedPoint BLS12_381_G1) where + put (CompressedPoint x bigY isInf) = if isInf then foldMap putWord8 (bitReverse8 (bit 0 .|. bit 1) : replicate 47 0) else let flags = bitReverse8 $ if bigY then bit 0 .|. bit 2 else bit 0 @@ -168,7 +168,7 @@ instance Binary (PointCompressed BLS12_381_G1) where infinite = testBit byte 1 if infinite then do skip (if compressed then 47 else 95) - return inf + return pointInf else do let byteXhead = bitReverse8 $ clearBit (clearBit (clearBit byte 0) 1) 2 bytesXtail <- replicateM 47 getWord8 @@ -197,7 +197,7 @@ instance Binary (Point BLS12_381_G2) where infinite = testBit byte 1 if infinite then do skip (if compressed then 95 else 191) - return inf + return pointInf else do let byteX1head = bitReverse8 $ clearBit (clearBit (clearBit byte 0) 1) 2 bytesX1tail <- replicateM 47 getWord8 @@ -211,10 +211,10 @@ instance Binary (Point BLS12_381_G2) where bytesY0 <- replicateM 48 getWord8 let y0 = ofBytes bytesY0 y1 = ofBytes bytesY1 - return (point (Ext2 x0 x1) (Ext2 y0 y1)) + return (pointXY (Ext2 x0 x1) (Ext2 y0 y1)) -instance Binary (PointCompressed BLS12_381_G2) where - put (PointCompressed (Ext2 x0 x1) bigY isInf) = +instance Binary (CompressedPoint BLS12_381_G2) where + put (CompressedPoint (Ext2 x0 x1) bigY isInf) = if isInf then foldMap putWord8 (bitReverse8 (bit 0 .|. bit 1) : replicate 95 0) else let flags = bitReverse8 $ if bigY then bit 0 .|. bit 2 else bit 0 @@ -227,7 +227,7 @@ instance Binary (PointCompressed BLS12_381_G2) where infinite = testBit byte 1 if infinite then do skip (if compressed then 95 else 191) - return inf + return pointInf else do let byteX1head = bitReverse8 $ clearBit (clearBit (clearBit byte 0) 1) 2 bytesX1tail <- replicateM 47 getWord8 diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs index 4af9b167d..1384c0b4f 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs @@ -70,7 +70,7 @@ data BN254_G1 instance EllipticCurve BN254_G1 where type ScalarField BN254_G1 = Fr type BaseField BN254_G1 = Fp - gen = point 1 2 + gen = pointXY 1 2 add = addPoints mul = pointMul @@ -85,7 +85,7 @@ data BN254_G2 instance EllipticCurve BN254_G2 where type ScalarField BN254_G2 = Fr type BaseField BN254_G2 = Fp2 - gen = point + gen = pointXY (Ext2 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed 0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2) (Ext2 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa @@ -133,22 +133,22 @@ instance Pairing BN254_G1 BN254_G2 where instance Binary (Point BN254_G1) where put (Point xp yp isInf) = - if isInf then put @(Point BN254_G1) (point zero zero) else put xp >> put yp + if isInf then put @(Point BN254_G1) (pointXY zero zero) else put xp >> put yp get = do xp <- get yp <- get return $ if xp == zero && yp == zero - then inf - else point xp yp + then pointInf + else pointXY xp yp instance Binary (Point BN254_G2) where put (Point xp yp isInf) = - if isInf then put @(Point BN254_G2) (point zero zero) else put xp >> put yp + if isInf then put @(Point BN254_G2) (pointXY zero zero) else put xp >> put yp get = do xp <- get yp <- get return $ if xp == zero && yp == zero - then inf - else point xp yp + then pointInf + else pointXY xp yp diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs index 6c1eef765..ff788b0e1 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs @@ -58,31 +58,31 @@ instance ) => SymbolicData (Point curve) class Planar field plane where - point :: field -> field -> plane + pointXY :: field -> field -> plane instance ( field ~ BaseField curve , bool ~ BooleanOf curve , BoolType bool ) => Planar field (Point curve) where - point x y = Point x y false + pointXY x y = Point x y false class ProjectivePlanar plane where - inf :: plane + pointInf :: plane instance ( field ~ BaseField curve , BoolType (BooleanOf curve) , AdditiveMonoid field ) => ProjectivePlanar (Point curve) where - inf = Point zero zero true + pointInf = Point zero zero true instance ( field ~ BaseField curve , BoolType (BooleanOf curve) , AdditiveMonoid field - ) => ProjectivePlanar (PointCompressed curve) where - inf = PointCompressed zero false true + ) => ProjectivePlanar (CompressedPoint curve) where + pointInf = CompressedPoint zero false true class ( BoolType (BooleanOf curve) @@ -127,13 +127,13 @@ instance EllipticCurve curve => Scale Natural (Point curve) where scale = natScale instance EllipticCurve curve => AdditiveMonoid (Point curve) where - zero = inf + zero = pointInf instance (EllipticCurve curve, AdditiveGroup (BaseField curve)) => Scale Integer (Point curve) where scale = intScale instance (EllipticCurve curve, AdditiveGroup (BaseField curve)) => AdditiveGroup (Point curve) where - negate = pointNegate + negate = pointXYNegate instance (EllipticCurve curve, Arbitrary (ScalarField curve)) => Arbitrary (Point curve) where arbitrary = arbitrary <&> (`mul` gen) @@ -144,27 +144,27 @@ class (EllipticCurve curve1, EllipticCurve curve2, ScalarField curve1 ~ ScalarFi type TargetGroup curve1 curve2 :: Type pairing :: Point curve1 -> Point curve2 -> TargetGroup curve1 curve2 -pointAdd +pointXYAdd :: EllipticCurve curve => Field (BaseField curve) => Point curve -> Point curve -> Point curve -pointAdd p@(Point x1 y1 isInf1) q@(Point x2 y2 isInf2) = +pointXYAdd p@(Point x1 y1 isInf1) q@(Point x2 y2 isInf2) = if isInf2 then p else if isInf1 then q - else if x1 == x2 then inf - else point x3 y3 + else if x1 == x2 then pointInf + else pointXY x3 y3 where slope = (y1 - y2) // (x1 - x2) x3 = slope * slope - x1 - x2 y3 = slope * (x1 - x3) - y1 -pointDouble +pointXYDouble :: EllipticCurve curve => Field (BaseField curve) => Point curve -> Point curve -pointDouble (Point x y isInf) = if isInf then inf else point x' y' +pointXYDouble (Point x y isInf) = if isInf then pointInf else pointXY x' y' where slope = (x * x + x * x + x * x) // (y + y) x' = slope * slope - x - x @@ -176,13 +176,13 @@ addPoints => Point curve -> Point curve -> Point curve -addPoints p1 p2 = if p1 == p2 then pointDouble p1 else pointAdd p1 p2 +addPoints p1 p2 = if p1 == p2 then pointXYDouble p1 else pointXYAdd p1 p2 -pointNegate +pointXYNegate :: EllipticCurve curve => AdditiveGroup (BaseField curve) => Point curve -> Point curve -pointNegate (Point x y isInf) = if isInf then inf else point x (negate y) +pointXYNegate (Point x y isInf) = if isInf then pointInf else pointXY x (negate y) pointMul :: forall curve s @@ -200,29 +200,29 @@ class EllipticCurve curve => StandardEllipticCurve curve where aParameter :: BaseField curve bParameter :: BaseField curve -data PointCompressed curve = PointCompressed +data CompressedPoint curve = CompressedPoint { _x :: BaseField curve , _bigY :: BooleanOf curve - , _inf :: BooleanOf curve + , _isInf :: BooleanOf curve } deriving Generic -pointCompressed :: BoolType (BooleanOf curve) => BaseField curve -> BooleanOf curve -> PointCompressed curve -pointCompressed x bigY = PointCompressed x bigY false +pointCompressed :: BoolType (BooleanOf curve) => BaseField curve -> BooleanOf curve -> CompressedPoint curve +pointCompressed x bigY = CompressedPoint x bigY false instance ( EllipticCurve curve , bool ~ BooleanOf curve - ) => Conditional bool (PointCompressed curve) + ) => Conditional bool (CompressedPoint curve) instance ( EllipticCurve curve , bool ~ BooleanOf curve - ) => Eq bool (PointCompressed curve) + ) => Eq bool (CompressedPoint curve) instance ( EllipticCurve curve , BooleanOf curve ~ P.Bool - ) => P.Eq (PointCompressed curve) where + ) => P.Eq (CompressedPoint curve) where (==) = (==) (/=) = (/=) @@ -230,8 +230,8 @@ instance ( Show (BaseField curve) , Conditional (BooleanOf curve) P.String , Show (BooleanOf curve) - ) => Show (PointCompressed curve) where - show (PointCompressed x bigY isInf) = + ) => Show (CompressedPoint curve) where + show (CompressedPoint x bigY isInf) = if isInf then "InfCompressed" else "(" ++ show x ++ ", " ++ show bigY ++ ")" instance @@ -239,7 +239,7 @@ instance , AdditiveGroup (BaseField curve) , Ord (BooleanOf curve) (BaseField curve) , Arbitrary (ScalarField curve) - ) => Arbitrary (PointCompressed curve) where + ) => Arbitrary (CompressedPoint curve) where arbitrary = compress <$> arbitrary compress @@ -247,9 +247,9 @@ compress , EllipticCurve curve , Ord (BooleanOf curve) (BaseField curve) ) - => Point curve -> PointCompressed curve + => Point curve -> CompressedPoint curve compress = \case - Point x y isInf -> if isInf then inf else PointCompressed x (y > negate y) false + Point x y isInf -> if isInf then pointInf else CompressedPoint x (y > negate y) false decompress :: forall curve . @@ -257,9 +257,9 @@ decompress , FiniteField (BaseField curve) , Ord (BooleanOf curve) (BaseField curve) ) - => PointCompressed curve -> Point curve -decompress (PointCompressed x bigY isInf) = - if isInf then inf else + => CompressedPoint curve -> Point curve +decompress (CompressedPoint x bigY isInf) = + if isInf then pointInf else let a = aParameter @curve b = bParameter @curve p = order @(BaseField curve) @@ -268,4 +268,4 @@ decompress (PointCompressed x bigY isInf) = y'' = negate y' y = if bigY then max @(BooleanOf curve) y' y'' else min @(BooleanOf curve) y' y'' in - point x y + pointXY x y diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs index f9edf00ea..f5bd107be 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs @@ -33,7 +33,7 @@ instance EllipticCurve Ed25519 where type BaseField Ed25519 = Zp Ed25519_Base type ScalarField Ed25519 = Zp Ed25519_Scalar - gen = point + gen = pointXY (toZp @Ed25519_Base $ 15112221349535400772501151409588531511454012693041857206046113283949847762202) (toZp @Ed25519_Base $ 46316835694926478169428394003475163141307993866256225615783033603165251855960) @@ -44,7 +44,7 @@ instance EllipticCurve Ed25519 where ed25519Add :: Point Ed25519 -> Point Ed25519 -> Point Ed25519 ed25519Add p@(Point x1 y1 isInf1) q@(Point x2 y2 isInf2) = - if isInf2 then p else if isInf1 then q else point x3 y3 + if isInf2 then p else if isInf1 then q else pointXY x3 y3 where d :: BaseField Ed25519 d = negate $ toZp 121665 // toZp 121666 @@ -56,7 +56,7 @@ ed25519Add p@(Point x1 y1 isInf1) q@(Point x2 y2 isInf2) = y3 = (y1 * y2 - a * x1 * x2) // (toZp 1 - d * x1 * x2 * y1 * y2) ed25519Double :: Point Ed25519 -> Point Ed25519 -ed25519Double (Point x y isInf) = if isInf then inf else point x3 y3 +ed25519Double (Point x y isInf) = if isInf then pointInf else pointXY x3 y3 where a :: BaseField Ed25519 a = negate $ toZp 1 diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pairing.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pairing.hs index b888c0c37..f0aa8d588 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pairing.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pairing.hs @@ -108,7 +108,7 @@ millerLoop p q = impl frobTwisted :: forall c. (EllipticCurve c, Field (BaseField c)) => Natural -> BaseField c -> Point c -> Point c frobTwisted q xi (Point x y isInf) = - if isInf then inf else point ((x ^ q) * (xi ^ tx)) ((y ^ q) * (xi ^ ty)) + if isInf then pointInf else pointXY ((x ^ q) * (xi ^ tx)) ((y ^ q) * (xi ^ ty)) where tx = (q -! 1) `div` 3 ty = q `div` 2 @@ -144,10 +144,10 @@ lineFunction :: Untwisted d i j ~ g => Point c -> Point d -> Point d -> (Point d, g) lineFunction (Point x y isInf) (Point x1 y1 isInf1) (Point x2 y2 isInf2) = - if isInf || isInf1 || isInf2 then (inf, Ext2 (Ext3 one zero zero) zero) - else if x1 /= x2 then (point x3 y3, untwist (negate y) (x `scale` l) (y1 - l * x1)) - else if y1 + y2 == zero then (inf, untwist x (negate x1) zero) - else (point x3' y3', untwist (negate y) (x `scale` l') (y1 - l' * x1)) + if isInf || isInf1 || isInf2 then (pointInf, Ext2 (Ext3 one zero zero) zero) + else if x1 /= x2 then (pointXY x3 y3, untwist (negate y) (x `scale` l) (y1 - l * x1)) + else if y1 + y2 == zero then (pointInf, untwist x (negate x1) zero) + else (pointXY x3' y3', untwist (negate y) (x `scale` l') (y1 - l' * x1)) where l = (y2 - y1) // (x2 - x1) x3 = l * l - x1 - x2 diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs index ab2f08eea..1580e7688 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs @@ -31,7 +31,7 @@ instance EllipticCurve Pallas where type BaseField Pallas = Fp - gen = point + gen = pointXY 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000000 0x02 @@ -54,7 +54,7 @@ instance EllipticCurve Vesta where type BaseField Vesta = Fq - gen = point + gen = pointXY 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000000 0x02 @@ -71,22 +71,22 @@ instance StandardEllipticCurve Vesta where instance Binary (Point Pallas) where put (Point xp yp isInf) = - if isInf then put @(Point Pallas) (point zero zero) else put xp >> put yp + if isInf then put @(Point Pallas) (pointXY zero zero) else put xp >> put yp get = do xp <- get yp <- get return $ if xp == zero && yp == zero - then inf - else point xp yp + then pointInf + else pointXY xp yp instance Binary (Point Vesta) where put (Point xp yp isInf) = - if isInf then put @(Point Vesta) (point zero zero) else put xp >> put yp + if isInf then put @(Point Vesta) (pointXY zero zero) else put xp >> put yp get = do xp <- get yp <- get return $ if xp == zero && yp == zero - then inf - else point xp yp + then pointInf + else pointXY xp yp diff --git a/symbolic-base/src/ZkFold/Base/Protocol/KZG.hs b/symbolic-base/src/ZkFold/Base/Protocol/KZG.hs index 0bae1ade6..a20332b01 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/KZG.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/KZG.hs @@ -98,7 +98,7 @@ instance forall (c1 :: Type) (c2 :: Type) d kzg f g1 core. verify :: SetupVerify kzg -> Input kzg -> Proof kzg -> Bool verify (gs, h0, h1) input proof = - let (e0, e1) = snd $ foldl (prepareVerifyOne (input, proof)) (empty, (inf, inf)) $ keys input + let (e0, e1) = snd $ foldl (prepareVerifyOne (input, proof)) (empty, (pointInf, pointInf)) $ keys input p1 = pairing e0 h0 p2 = pairing e1 h1 in p1 == p2 diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonk.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonk.hs index 8a0297023..507aee7cb 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonk.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonk.hs @@ -78,7 +78,7 @@ instance forall p i n l c1 c2 (ts :: Type) core . , Arithmetic (ScalarField c1) , ToTranscript ts Word8 , ToTranscript ts (ScalarField c1) - , ToTranscript ts (PointCompressed c1) + , ToTranscript ts (CompressedPoint c1) , FromTranscript ts (ScalarField c1) , CoreFunction c1 core ) => NonInteractiveProof (Plonk p i n l c1 c2 ts) core where diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs index f1e395bf0..6d2effa42 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs @@ -13,7 +13,7 @@ import Prelude hiding (Num import ZkFold.Base.Algebra.Basic.Class import ZkFold.Base.Algebra.Basic.Number (KnownNat, Natural, value) -import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), PointCompressed, compress) +import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), CompressedPoint, compress) import ZkFold.Base.Algebra.Polynomials.Univariate hiding (qr) import ZkFold.Base.Data.Vector ((!!)) import ZkFold.Base.Protocol.NonInteractiveProof @@ -39,7 +39,7 @@ plonkProve :: forall p i n l c1 c2 ts core . , Arithmetic (ScalarField c1) , ToTranscript ts Word8 , ToTranscript ts (ScalarField c1) - , ToTranscript ts (PointCompressed c1) + , ToTranscript ts (CompressedPoint c1) , FromTranscript ts (ScalarField c1) , CoreFunction c1 core ) => PlonkupProverSetup p i n l c1 c2 -> (PlonkupWitnessInput p i c1, PlonkupProverSecret c1) -> (PlonkupInput l c1, PlonkupProof c1, PlonkupProverTestInfo n c1) diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs index 4cf302ce7..69113d6a9 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs @@ -32,7 +32,7 @@ plonkVerify :: forall p i n l c1 c2 ts . , Arithmetic (ScalarField c1) , ToTranscript ts Word8 , ToTranscript ts (ScalarField c1) - , ToTranscript ts (PointCompressed c1) + , ToTranscript ts (CompressedPoint c1) , FromTranscript ts (ScalarField c1) ) => PlonkupVerifierSetup p i n l c1 c2 -> PlonkupInput l c1 -> PlonkupProof c1 -> Bool plonkVerify diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs index 32afddbf0..69537d27a 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs @@ -15,7 +15,7 @@ import qualified Prelude as P hiding import ZkFold.Base.Algebra.Basic.Class import ZkFold.Base.Algebra.Basic.Number -import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), Pairing (..), PointCompressed) +import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), Pairing (..), CompressedPoint) import ZkFold.Base.Protocol.NonInteractiveProof import ZkFold.Base.Protocol.Plonkup.Input import ZkFold.Base.Protocol.Plonkup.Internal @@ -42,7 +42,7 @@ instance forall p i n l c1 c2 ts core. , Arithmetic (ScalarField c1) , ToTranscript ts Word8 , ToTranscript ts (ScalarField c1) - , ToTranscript ts (PointCompressed c1) + , ToTranscript ts (CompressedPoint c1) , FromTranscript ts (ScalarField c1) , CoreFunction c1 core ) => NonInteractiveProof (Plonkup p i n l c1 c2 ts) core where diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs index 3596713c8..cefbb0b0e 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs @@ -16,7 +16,7 @@ import Prelude hiding (Num import ZkFold.Base.Algebra.Basic.Class import ZkFold.Base.Algebra.Basic.Number (KnownNat, Natural, value) -import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), PointCompressed, compress) +import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), CompressedPoint, compress) import ZkFold.Base.Algebra.Polynomials.Univariate hiding (qr) import ZkFold.Base.Data.Vector ((!!)) import ZkFold.Base.Protocol.NonInteractiveProof @@ -42,7 +42,7 @@ plonkupProve :: forall p i n l c1 c2 ts core . , Arithmetic (ScalarField c1) , ToTranscript ts Word8 , ToTranscript ts (ScalarField c1) - , ToTranscript ts (PointCompressed c1) + , ToTranscript ts (CompressedPoint c1) , FromTranscript ts (ScalarField c1) , CoreFunction c1 core ) => PlonkupProverSetup p i n l c1 c2 -> (PlonkupWitnessInput p i c1, PlonkupProverSecret c1) -> (PlonkupInput l c1, PlonkupProof c1, PlonkupProverTestInfo n c1) diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs index 080703782..fb897c3e3 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs @@ -35,7 +35,7 @@ plonkupVerify :: forall p i n l c1 c2 ts . , Arithmetic (ScalarField c1) , ToTranscript ts Word8 , ToTranscript ts (ScalarField c1) - , ToTranscript ts (PointCompressed c1) + , ToTranscript ts (CompressedPoint c1) , FromTranscript ts (ScalarField c1) ) => PlonkupVerifierSetup p i n l c1 c2 -> PlonkupInput l c1 -> PlonkupProof c1 -> Bool plonkupVerify diff --git a/symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs b/symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs index 0b1142f0c..009a2715c 100644 --- a/symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs +++ b/symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs @@ -38,7 +38,7 @@ instance type ScalarField (AcEd25519 c) = FieldElement c type BooleanOf (AcEd25519 c) = Bool c - gen = point + gen = pointXY (fromConstant (15112221349535400772501151409588531511454012693041857206046113283949847762202 :: Natural)) (fromConstant (46316835694926478169428394003475163141307993866256225615783033603165251855960 :: Natural)) @@ -84,7 +84,7 @@ acAdd25519 acAdd25519 p@(Point x1 y1 isInf1) q@(Point x2 y2 isInf2) = if isInf1 then q else if isInf2 then p - else point x3 y3 + else pointXY x3 y3 where prodx = x1 * x2 prody = y1 * y2 @@ -99,7 +99,7 @@ acDouble25519 => Point (AcEd25519 c) -> Point (AcEd25519 c) acDouble25519 (Point x1 y1 isInf) = - if isInf then inf else point x3 y3 + if isInf then pointInf else pointXY x3 y3 where xsq = x1 * x1 ysq = y1 * y1 diff --git a/symbolic-base/test/Tests/Binary.hs b/symbolic-base/test/Tests/Binary.hs index b84e290aa..a4275ec62 100644 --- a/symbolic-base/test/Tests/Binary.hs +++ b/symbolic-base/test/Tests/Binary.hs @@ -9,7 +9,7 @@ import Test.QuickCheck import ZkFold.Base.Algebra.Basic.Field (Zp) import ZkFold.Base.Algebra.EllipticCurve.BLS12_381 (BLS12_381_G1, BLS12_381_G2, BLS12_381_Scalar) import ZkFold.Base.Algebra.EllipticCurve.BN254 (BN254_G1, BN254_G2) -import ZkFold.Base.Algebra.EllipticCurve.Class (Point, PointCompressed) +import ZkFold.Base.Algebra.EllipticCurve.Class (Point, CompressedPoint) import ZkFold.Base.Algebra.EllipticCurve.Pasta (Pallas, Vesta) import ZkFold.Base.Data.ByteString (LittleEndian, fromByteString, toByteString) @@ -26,8 +26,8 @@ specBinary = hspec $ describe "Binary instance" $ do prop "roundtrips Point BN254_G1" $ doesRoundtrip @(Point BN254_G1) prop "roundtrips Point BN254_G2" $ doesRoundtrip @(Point BN254_G2) prop "roundtrips Point BLS12_381_G1" $ doesRoundtrip @(Point BLS12_381_G1) - prop "roundtrips PointCompressed BLS12_381_G1" $ doesRoundtrip @(PointCompressed BLS12_381_G1) + prop "roundtrips CompressedPoint BLS12_381_G1" $ doesRoundtrip @(CompressedPoint BLS12_381_G1) prop "roundtrips Point BLS12_381_G2" $ doesRoundtrip @(Point BLS12_381_G2) - prop "roundtrips PointCompressed BLS12_381_G2" $ doesRoundtrip @(PointCompressed BLS12_381_G2) + prop "roundtrips CompressedPoint BLS12_381_G2" $ doesRoundtrip @(CompressedPoint BLS12_381_G2) prop "roundtrips Point Pallas" $ doesRoundtrip @(Point Pallas) prop "roundtrips Point Vesta" $ doesRoundtrip @(Point Vesta) From 591f7b290814a439920861adc99b8c53ef132bda Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Tue, 17 Dec 2024 10:03:15 -0800 Subject: [PATCH 02/13] Update Class.hs --- .../ZkFold/Base/Algebra/EllipticCurve/Class.hs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs index ff788b0e1..49735a5fe 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs @@ -133,7 +133,7 @@ instance (EllipticCurve curve, AdditiveGroup (BaseField curve)) => Scale Integer scale = intScale instance (EllipticCurve curve, AdditiveGroup (BaseField curve)) => AdditiveGroup (Point curve) where - negate = pointXYNegate + negate = pointNegate instance (EllipticCurve curve, Arbitrary (ScalarField curve)) => Arbitrary (Point curve) where arbitrary = arbitrary <&> (`mul` gen) @@ -144,13 +144,13 @@ class (EllipticCurve curve1, EllipticCurve curve2, ScalarField curve1 ~ ScalarFi type TargetGroup curve1 curve2 :: Type pairing :: Point curve1 -> Point curve2 -> TargetGroup curve1 curve2 -pointXYAdd +pointAdd :: EllipticCurve curve => Field (BaseField curve) => Point curve -> Point curve -> Point curve -pointXYAdd p@(Point x1 y1 isInf1) q@(Point x2 y2 isInf2) = +pointAdd p@(Point x1 y1 isInf1) q@(Point x2 y2 isInf2) = if isInf2 then p else if isInf1 then q else if x1 == x2 then pointInf @@ -160,11 +160,11 @@ pointXYAdd p@(Point x1 y1 isInf1) q@(Point x2 y2 isInf2) = x3 = slope * slope - x1 - x2 y3 = slope * (x1 - x3) - y1 -pointXYDouble +pointDouble :: EllipticCurve curve => Field (BaseField curve) => Point curve -> Point curve -pointXYDouble (Point x y isInf) = if isInf then pointInf else pointXY x' y' +pointDouble (Point x y isInf) = if isInf then pointInf else pointXY x' y' where slope = (x * x + x * x + x * x) // (y + y) x' = slope * slope - x - x @@ -176,13 +176,13 @@ addPoints => Point curve -> Point curve -> Point curve -addPoints p1 p2 = if p1 == p2 then pointXYDouble p1 else pointXYAdd p1 p2 +addPoints p1 p2 = if p1 == p2 then pointDouble p1 else pointAdd p1 p2 -pointXYNegate +pointNegate :: EllipticCurve curve => AdditiveGroup (BaseField curve) => Point curve -> Point curve -pointXYNegate (Point x y isInf) = if isInf then pointInf else pointXY x (negate y) +pointNegate (Point x y isInf) = if isInf then pointInf else pointXY x (negate y) pointMul :: forall curve s From 1e4d47bb94ff8520d7edd280604bd41fcaf22c70 Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Tue, 17 Dec 2024 10:24:35 -0800 Subject: [PATCH 03/13] weierstrass curves --- .../ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs | 12 ++++++------ .../src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs | 12 ++++++------ .../src/ZkFold/Base/Algebra/EllipticCurve/Class.hs | 12 ++++++------ .../src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs | 12 ++++++------ 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs index e1ed628f7..d004d2b98 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs @@ -75,10 +75,10 @@ instance EllipticCurve BLS12_381_G1 where mul = pointMul -instance StandardEllipticCurve BLS12_381_G1 where - aParameter = zero +instance WeierstrassCurve BLS12_381_G1 where + weierstrassA = zero - bParameter = fromConstant (4 :: Natural) + weierstrassB = fromConstant (4 :: Natural) ------------------------------------ BLS12-381 G2 ------------------------------------ @@ -103,10 +103,10 @@ instance EllipticCurve BLS12_381_G2 where mul = pointMul -instance StandardEllipticCurve BLS12_381_G2 where - aParameter = zero +instance WeierstrassCurve BLS12_381_G2 where + weierstrassA = zero - bParameter = fromConstant (4 :: Natural) + weierstrassB = fromConstant (4 :: Natural) ------------------------------------ Encoding ------------------------------------ diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs index 1384c0b4f..a368fce09 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs @@ -74,9 +74,9 @@ instance EllipticCurve BN254_G1 where add = addPoints mul = pointMul -instance StandardEllipticCurve BN254_G1 where - aParameter = 0 - bParameter = 3 +instance WeierstrassCurve BN254_G1 where + weierstrassA = 0 + weierstrassB = 3 ------------------------------- bn254 G2 --------------------------------------- @@ -93,9 +93,9 @@ instance EllipticCurve BN254_G2 where add = addPoints mul = pointMul -instance StandardEllipticCurve BN254_G2 where - aParameter = zero - bParameter = +instance WeierstrassCurve BN254_G2 where + weierstrassA = zero + weierstrassB = Ext2 0x2b149d40ceb8aaae81be18991be06ac3b5b4c5e559dbefa33267e6dc24a138e5 0x9713b03af0fed4cd2cafadeed8fdf4a74fa084e52d1852e4a2bd0685c315d2 diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs index 49735a5fe..fe32e7912 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs @@ -196,9 +196,9 @@ pointMul pointMul = natScale . fromBinary . castBits . binaryExpansion -- An elliptic curve in standard form, y^2 = x^3 + a * x + b -class EllipticCurve curve => StandardEllipticCurve curve where - aParameter :: BaseField curve - bParameter :: BaseField curve +class EllipticCurve curve => WeierstrassCurve curve where + weierstrassA :: BaseField curve + weierstrassB :: BaseField curve data CompressedPoint curve = CompressedPoint { _x :: BaseField curve @@ -253,15 +253,15 @@ compress = \case decompress :: forall curve . - ( StandardEllipticCurve curve + ( WeierstrassCurve curve , FiniteField (BaseField curve) , Ord (BooleanOf curve) (BaseField curve) ) => CompressedPoint curve -> Point curve decompress (CompressedPoint x bigY isInf) = if isInf then pointInf else - let a = aParameter @curve - b = bParameter @curve + let a = weierstrassA @curve + b = weierstrassB @curve p = order @(BaseField curve) sqrt_ z = z ^ ((p + 1) `P.div` 2) y' = sqrt_ (x * x * x + a * x + b) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs index 1580e7688..72f6c9a79 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs @@ -39,10 +39,10 @@ instance EllipticCurve Pallas where mul = pointMul -instance StandardEllipticCurve Pallas where - aParameter = zero +instance WeierstrassCurve Pallas where + weierstrassA = zero - bParameter = fromConstant (5 :: Natural) + weierstrassB = fromConstant (5 :: Natural) ------------------------------------ Vesta ------------------------------------ @@ -62,10 +62,10 @@ instance EllipticCurve Vesta where mul = pointMul -instance StandardEllipticCurve Vesta where - aParameter = zero +instance WeierstrassCurve Vesta where + weierstrassA = zero - bParameter = fromConstant (5 :: Natural) + weierstrassB = fromConstant (5 :: Natural) ------------------------------------ Encoding ------------------------------------ From 87fc32819ad02ebcee3f16771ddf304d5d08438f Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Tue, 17 Dec 2024 10:24:43 -0800 Subject: [PATCH 04/13] secp256k1 --- .../Base/Algebra/EllipticCurve/Secp256k1.hs | 42 +++++++++++++++++++ symbolic-base/symbolic-base.cabal | 1 + 2 files changed, 43 insertions(+) create mode 100644 symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs new file mode 100644 index 000000000..dc7524cd0 --- /dev/null +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs @@ -0,0 +1,42 @@ +{-# OPTIONS_GHC -Wno-orphans #-} + +module ZkFold.Base.Algebra.EllipticCurve.Secp256k1 + ( Secp256k1 + , Secp256k1_Base + , Secp256k1_Scalar + ) where + +import ZkFold.Base.Algebra.Basic.Field +import ZkFold.Base.Algebra.Basic.Number +import ZkFold.Base.Algebra.EllipticCurve.Class + +-------------------------- Scalar field & field towers ------------------------- + +-- Designations of curve parameters are as in: +-- https://www.secg.org/sec2-v2.pdf + +type Secp256k1_Scalar = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 +instance Prime Secp256k1_Scalar + +type Secp256k1_Base = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F +instance Prime Secp256k1_Base + +type Fn = Zp Secp256k1_Scalar +type Fp = Zp Secp256k1_Base + +------------------------------- secp25k6k1 --------------------------------------- + +data Secp256k1 + +instance EllipticCurve Secp256k1 where + type ScalarField Secp256k1 = Fn + type BaseField Secp256k1 = Fp + gen = pointXY + 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 + 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8 + add = addPoints + mul = pointMul + +instance WeierstrassCurve Secp256k1 where + weierstrassA = 0 + weierstrassB = 7 diff --git a/symbolic-base/symbolic-base.cabal b/symbolic-base/symbolic-base.cabal index 8da4bce58..3d6a07619 100644 --- a/symbolic-base/symbolic-base.cabal +++ b/symbolic-base/symbolic-base.cabal @@ -102,6 +102,7 @@ library ZkFold.Base.Algebra.EllipticCurve.Class ZkFold.Base.Algebra.EllipticCurve.Ed25519 ZkFold.Base.Algebra.EllipticCurve.Pairing + ZkFold.Base.Algebra.EllipticCurve.Secp256k1 ZkFold.Base.Algebra.Polynomials.Multivariate ZkFold.Base.Algebra.Polynomials.Multivariate.Groebner ZkFold.Base.Algebra.Polynomials.Multivariate.Monomial From 28e87f8f0619ecb5d2578baf0fa6124d4cf1b5b8 Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Wed, 18 Dec 2024 10:42:53 -0800 Subject: [PATCH 05/13] tests --- .../Base/Algebra/EllipticCurve/Secp256k1.hs | 2 + symbolic-base/symbolic-base.cabal | 1 + symbolic-base/test/Main.hs | 2 + symbolic-base/test/Tests/EllipticCurve.hs | 299 ++++++++++++++++++ .../Symbolic/Cardano/Contracts/ZkPass.hs | 6 +- 5 files changed, 307 insertions(+), 3 deletions(-) create mode 100644 symbolic-base/test/Tests/EllipticCurve.hs diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs index dc7524cd0..79d4339d5 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs @@ -4,6 +4,8 @@ module ZkFold.Base.Algebra.EllipticCurve.Secp256k1 ( Secp256k1 , Secp256k1_Base , Secp256k1_Scalar + , Fp + , Fn ) where import ZkFold.Base.Algebra.Basic.Field diff --git a/symbolic-base/symbolic-base.cabal b/symbolic-base/symbolic-base.cabal index 3d6a07619..4bb78d50b 100644 --- a/symbolic-base/symbolic-base.cabal +++ b/symbolic-base/symbolic-base.cabal @@ -253,6 +253,7 @@ test-suite symbolic-base-test Tests.Blake2b Tests.ByteString Tests.Compiler + Tests.EllipticCurve Tests.FFA Tests.Field Tests.GroebnerBasis diff --git a/symbolic-base/test/Main.hs b/symbolic-base/test/Main.hs index ea49d64fc..5565ba933 100644 --- a/symbolic-base/test/Main.hs +++ b/symbolic-base/test/Main.hs @@ -8,6 +8,7 @@ import Tests.Blake2b (specBlake2b) import Tests.ByteString (specByteString) import Tests.Compiler (specCompiler) import Tests.FFA (specFFA) +import Tests.EllipticCurve (specEllipticCurve) import Tests.Field (specField) import Tests.GroebnerBasis (specGroebner) import Tests.Group (specAdditiveGroup) @@ -35,6 +36,7 @@ main = do specPairing specUnivariate specGroebner + specEllipticCurve -- Compiler spec specCompiler diff --git a/symbolic-base/test/Tests/EllipticCurve.hs b/symbolic-base/test/Tests/EllipticCurve.hs new file mode 100644 index 000000000..843538fd5 --- /dev/null +++ b/symbolic-base/test/Tests/EllipticCurve.hs @@ -0,0 +1,299 @@ +module Tests.EllipticCurve (specEllipticCurve) where + +import Data.Foldable +import Prelude +import Test.Hspec + +import ZkFold.Base.Algebra.Basic.Class +import ZkFold.Base.Algebra.Basic.Number +import ZkFold.Base.Algebra.EllipticCurve.Class +import ZkFold.Base.Algebra.EllipticCurve.Secp256k1 + +specEllipticCurve :: IO () +specEllipticCurve = hspec $ do + describe "secp256k1" $ + for_ secp256k1testVectors $ \(TestVector k x y) -> + it "should match test vector" $ do + let p, q :: Point Secp256k1 + p = pointXY (fromConstant x) (fromConstant y) + q = scale k gen + p `shouldBe` q + +data TestVector = TestVector + { _k :: Natural -- scalar + , _x :: Natural -- x coordinate of scaled generator point + , _y :: Natural -- y coordinate of scaled generator point + } + +secp256k1testVectors :: [TestVector] +secp256k1testVectors = + [ TestVector + { _k = 1 + , _x = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 + , _y = 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8 + } + + , TestVector + { _k = 2 + , _x = 0xC6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5 + , _y = 0x1AE168FEA63DC339A3C58419466CEAEEF7F632653266D0E1236431A950CFE52A + } + + , TestVector + { _k = 3 + , _x = 0xF9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9 + , _y = 0x388F7B0F632DE8140FE337E62A37F3566500A99934C2231B6CB9FD7584B8E672 + } + + , TestVector + { _k = 4 + , _x = 0xE493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13 + , _y = 0x51ED993EA0D455B75642E2098EA51448D967AE33BFBDFE40CFE97BDC47739922 + } + + , TestVector + { _k = 5 + , _x = 0x2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4 + , _y = 0xD8AC222636E5E3D6D4DBA9DDA6C9C426F788271BAB0D6840DCA87D3AA6AC62D6 + } + + , TestVector + { _k = 6 + , _x = 0xFFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A1460297556 + , _y = 0xAE12777AACFBB620F3BE96017F45C560DE80F0F6518FE4A03C870C36B075F297 + } + + , TestVector + { _k = 7 + , _x = 0x5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC + , _y = 0x6AEBCA40BA255960A3178D6D861A54DBA813D0B813FDE7B5A5082628087264DA + } + + , TestVector + { _k = 8 + , _x = 0x2F01E5E15CCA351DAFF3843FB70F3C2F0A1BDD05E5AF888A67784EF3E10A2A01 + , _y = 0x5C4DA8A741539949293D082A132D13B4C2E213D6BA5B7617B5DA2CB76CBDE904 + } + + , TestVector + { _k = 9 + , _x = 0xACD484E2F0C7F65309AD178A9F559ABDE09796974C57E714C35F110DFC27CCBE + , _y = 0xCC338921B0A7D9FD64380971763B61E9ADD888A4375F8E0F05CC262AC64F9C37 + } + + , TestVector + { _k = 10 + , _x = 0xA0434D9E47F3C86235477C7B1AE6AE5D3442D49B1943C2B752A68E2A47E247C7 + , _y = 0x893ABA425419BC27A3B6C7E693A24C696F794C2ED877A1593CBEE53B037368D7 + } + + , TestVector + { _k = 11 + , _x = 0x774AE7F858A9411E5EF4246B70C65AAC5649980BE5C17891BBEC17895DA008CB + , _y = 0xD984A032EB6B5E190243DD56D7B7B365372DB1E2DFF9D6A8301D74C9C953C61B + } + + , TestVector + { _k = 12 + , _x = 0xD01115D548E7561B15C38F004D734633687CF4419620095BC5B0F47070AFE85A + , _y = 0xA9F34FFDC815E0D7A8B64537E17BD81579238C5DD9A86D526B051B13F4062327 + } + + , TestVector + { _k = 13 + , _x = 0xF28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8 + , _y = 0x0AB0902E8D880A89758212EB65CDAF473A1A06DA521FA91F29B5CB52DB03ED81 + } + + , TestVector + { _k = 14 + , _x = 0x499FDF9E895E719CFD64E67F07D38E3226AA7B63678949E6E49B241A60E823E4 + , _y = 0xCAC2F6C4B54E855190F044E4A7B3D464464279C27A3F95BCC65F40D403A13F5B + } + + , TestVector + { _k = 15 + , _x = 0xD7924D4F7D43EA965A465AE3095FF41131E5946F3C85F79E44ADBCF8E27E080E + , _y = 0x581E2872A86C72A683842EC228CC6DEFEA40AF2BD896D3A5C504DC9FF6A26B58 + } + + , TestVector + { _k = 16 + , _x = 0xE60FCE93B59E9EC53011AABC21C23E97B2A31369B87A5AE9C44EE89E2A6DEC0A + , _y = 0xF7E3507399E595929DB99F34F57937101296891E44D23F0BE1F32CCE69616821 + } + + , TestVector + { _k = 17 + , _x = 0xDEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34 + , _y = 0x4211AB0694635168E997B0EAD2A93DAECED1F4A04A95C0F6CFB199F69E56EB77 + } + + , TestVector + { _k = 18 + , _x = 0x5601570CB47F238D2B0286DB4A990FA0F3BA28D1A319F5E7CF55C2A2444DA7CC + , _y = 0xC136C1DC0CBEB930E9E298043589351D81D8E0BC736AE2A1F5192E5E8B061D58 + } + + , TestVector + { _k = 19 + , _x = 0x2B4EA0A797A443D293EF5CFF444F4979F06ACFEBD7E86D277475656138385B6C + , _y = 0x85E89BC037945D93B343083B5A1C86131A01F60C50269763B570C854E5C09B7A + } + + , TestVector + { _k = 20 + , _x = 0x4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97 + , _y = 0x12BA26DCB10EC1625DA61FA10A844C676162948271D96967450288EE9233DC3A + } + + , TestVector + { _k = 112233445566778899 + , _x = 0xA90CC3D3F3E146DAADFC74CA1372207CB4B725AE708CEF713A98EDD73D99EF29 + , _y = 0x5A79D6B289610C68BC3B47F3D72F9788A26A06868B4D8E433E1E2AD76FB7DC76 + } + + , TestVector + { _k = 112233445566778899112233445566778899 + , _x = 0xE5A2636BCFD412EBF36EC45B19BFB68A1BC5F8632E678132B885F7DF99C5E9B3 + , _y = 0x736C1CE161AE27B405CAFD2A7520370153C2C861AC51D6C1D5985D9606B45F39 + } + + , TestVector + { _k = 28948022309329048855892746252171976963209391069768726095651290785379540373584 + , _x = 0xA6B594B38FB3E77C6EDF78161FADE2041F4E09FD8497DB776E546C41567FEB3C + , _y = 0x71444009192228730CD8237A490FEBA2AFE3D27D7CC1136BC97E439D13330D55 + } + + , TestVector + { _k = 57896044618658097711785492504343953926418782139537452191302581570759080747168 + , _x = 0x00000000000000000000003B78CE563F89A0ED9414F5AA28AD0D96D6795F9C63 + , _y = 0x3F3979BF72AE8202983DC989AEC7F2FF2ED91BDD69CE02FC0700CA100E59DDF3 + } + + , TestVector + { _k = 86844066927987146567678238756515930889628173209306178286953872356138621120752 + , _x = 0xE24CE4BEEE294AA6350FAA67512B99D388693AE4E7F53D19882A6EA169FC1CE1 + , _y = 0x8B71E83545FC2B5872589F99D948C03108D36797C4DE363EBD3FF6A9E1A95B10 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494317 + , _x = 0x4CE119C96E2FA357200B559B2F7DD5A5F02D5290AFF74B03F3E471B273211C97 + , _y = 0xED45D9234EF13E9DA259E05EF57BB3989E9D6B7D8E269698BAFD77106DCC1FF5 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494318 + , _x = 0x2B4EA0A797A443D293EF5CFF444F4979F06ACFEBD7E86D277475656138385B6C + , _y = 0x7A17643FC86BA26C4CBCF7C4A5E379ECE5FE09F3AFD9689C4A8F37AA1A3F60B5 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494319 + , _x = 0x5601570CB47F238D2B0286DB4A990FA0F3BA28D1A319F5E7CF55C2A2444DA7CC + , _y = 0x3EC93E23F34146CF161D67FBCA76CAE27E271F438C951D5E0AE6D1A074F9DED7 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494320 + , _x = 0xDEFDEA4CDB677750A420FEE807EACF21EB9898AE79B9768766E4FAA04A2D4A34 + , _y = 0xBDEE54F96B9CAE9716684F152D56C251312E0B5FB56A3F09304E660861A910B8 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494321 + , _x = 0xE60FCE93B59E9EC53011AABC21C23E97B2A31369B87A5AE9C44EE89E2A6DEC0A + , _y = 0x081CAF8C661A6A6D624660CB0A86C8EFED6976E1BB2DC0F41E0CD330969E940E + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494322 + , _x = 0xD7924D4F7D43EA965A465AE3095FF41131E5946F3C85F79E44ADBCF8E27E080E + , _y = 0xA7E1D78D57938D597C7BD13DD733921015BF50D427692C5A3AFB235F095D90D7 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494323 + , _x = 0x499FDF9E895E719CFD64E67F07D38E3226AA7B63678949E6E49B241A60E823E4 + , _y = 0x353D093B4AB17AAE6F0FBB1B584C2B9BB9BD863D85C06A4339A0BF2AFC5EBCD4 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494324 + , _x = 0xF28773C2D975288BC7D1D205C3748651B075FBC6610E58CDDEEDDF8F19405AA8 + , _y = 0xF54F6FD17277F5768A7DED149A3250B8C5E5F925ADE056E0D64A34AC24FC0EAE + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494325 + , _x = 0xD01115D548E7561B15C38F004D734633687CF4419620095BC5B0F47070AFE85A + , _y = 0x560CB00237EA1F285749BAC81E8427EA86DC73A2265792AD94FAE4EB0BF9D908 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494326 + , _x = 0x774AE7F858A9411E5EF4246B70C65AAC5649980BE5C17891BBEC17895DA008CB + , _y = 0x267B5FCD1494A1E6FDBC22A928484C9AC8D24E1D20062957CFE28B3536AC3614 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494327 + , _x = 0xA0434D9E47F3C86235477C7B1AE6AE5D3442D49B1943C2B752A68E2A47E247C7 + , _y = 0x76C545BDABE643D85C4938196C5DB3969086B3D127885EA6C3411AC3FC8C9358 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494328 + , _x = 0xACD484E2F0C7F65309AD178A9F559ABDE09796974C57E714C35F110DFC27CCBE + , _y = 0x33CC76DE4F5826029BC7F68E89C49E165227775BC8A071F0FA33D9D439B05FF8 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494329 + , _x = 0x2F01E5E15CCA351DAFF3843FB70F3C2F0A1BDD05E5AF888A67784EF3E10A2A01 + , _y = 0xA3B25758BEAC66B6D6C2F7D5ECD2EC4B3D1DEC2945A489E84A25D3479342132B + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494330 + , _x = 0x5CBDF0646E5DB4EAA398F365F2EA7A0E3D419B7E0330E39CE92BDDEDCAC4F9BC + , _y = 0x951435BF45DAA69F5CE8729279E5AB2457EC2F47EC02184A5AF7D9D6F78D9755 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494331 + , _x = 0xFFF97BD5755EEEA420453A14355235D382F6472F8568A18B2F057A1460297556 + , _y = 0x51ED8885530449DF0C4169FE80BA3A9F217F0F09AE701B5FC378F3C84F8A0998 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494332 + , _x = 0x2F8BDE4D1A07209355B4A7250A5C5128E88B84BDDC619AB7CBA8D569B240EFE4 + , _y = 0x2753DDD9C91A1C292B24562259363BD90877D8E454F297BF235782C459539959 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494333 + , _x = 0xE493DBF1C10D80F3581E4904930B1404CC6C13900EE0758474FA94ABE8C4CD13 + , _y = 0xAE1266C15F2BAA48A9BD1DF6715AEBB7269851CC404201BF30168422B88C630D + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494334 + , _x = 0xF9308A019258C31049344F85F89D5229B531C845836F99B08601F113BCE036F9 + , _y = 0xC77084F09CD217EBF01CC819D5C80CA99AFF5666CB3DDCE4934602897B4715BD + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494335 + , _x = 0xC6047F9441ED7D6D3045406E95C07CD85C778E4B8CEF3CA7ABAC09B95C709EE5 + , _y = 0xE51E970159C23CC65C3A7BE6B99315110809CD9ACD992F1EDC9BCE55AF301705 + } + + , TestVector + { _k = 115792089237316195423570985008687907852837564279074904382605163141518161494336 + , _x = 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 + , _y = 0xB7C52588D95C3B9AA25B0403F1EEF75702E84BB7597AABE663B82F6F04EF2777 + } + ] diff --git a/symbolic-cardano/src/ZkFold/Symbolic/Cardano/Contracts/ZkPass.hs b/symbolic-cardano/src/ZkFold/Symbolic/Cardano/Contracts/ZkPass.hs index fbf7390f2..7cfd52fde 100644 --- a/symbolic-cardano/src/ZkFold/Symbolic/Cardano/Contracts/ZkPass.hs +++ b/symbolic-cardano/src/ZkFold/Symbolic/Cardano/Contracts/ZkPass.hs @@ -10,7 +10,7 @@ import Prelude hiding (Bool, Eq (..) (&&), (*), (+)) import ZkFold.Base.Algebra.Basic.Class -import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (BaseField, BooleanOf), Point, point) +import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (BaseField, BooleanOf), Point, pointXY) import ZkFold.Base.Algebra.EllipticCurve.Ed25519 import qualified ZkFold.Base.Data.Vector as V import ZkFold.Base.Data.Vector hiding (concat) @@ -77,7 +77,7 @@ verifyAllocatorSignature taskId validatorAddress allocatorAddress allocatorSigna (x, y) = splitAt (toWords publicKey) :: (Vector 1 (ByteString 256 context), Vector 1 (ByteString 256 context)) verifyVerdict :: Bool context - verifyVerdict = ecdsaVerify @curve @n @context (point (from $ item x) (from $ item y)) encodedParams (r, s) + verifyVerdict = ecdsaVerify @curve @n @context (pointXY (from $ item x) (from $ item y)) encodedParams (r, s) verifyValidatorSignature :: forall curve context n . ( EllipticCurve curve @@ -110,7 +110,7 @@ verifyValidatorSignature taskId uHash publicFieldsHash validatorAddress validato (x, y) = splitAt (toWords publicKey) :: (Vector 1 (ByteString 256 context), Vector 1 (ByteString 256 context)) verifyVerdict :: Bool context - verifyVerdict = ecdsaVerify @curve @n @context (point (from $ item x) (from $ item y)) encodedParams (r, s) + verifyVerdict = ecdsaVerify @curve @n @context (pointXY (from $ item x) (from $ item y)) encodedParams (r, s) extractSignature :: forall context . (Symbolic context) => ByteString 520 context From 6121d681f6a4624b372ab9268a0510b85dfaa582 Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Wed, 18 Dec 2024 10:45:06 -0800 Subject: [PATCH 06/13] Update BN254.hs --- symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs index a368fce09..9711147b5 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs @@ -30,7 +30,8 @@ import ZkFold.Base.Algebra.EllipticCurve.Class import ZkFold.Base.Algebra.EllipticCurve.Pairing import ZkFold.Base.Algebra.Polynomials.Univariate (toPoly) --------------------------- Scalar field & field towers ------------------------- +-------------------------- Scalar field ---------------------------------------- + -- Designations of curve parameters are as in: -- https://pkg.go.dev/github.com/consensys/gnark-crypto/ecc/bn254 From e0247233d24dc855099f965e1043a06496f316c0 Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Wed, 18 Dec 2024 10:45:43 -0800 Subject: [PATCH 07/13] Update BN254.hs --- symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs index 9711147b5..a26eb3d83 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs @@ -30,7 +30,7 @@ import ZkFold.Base.Algebra.EllipticCurve.Class import ZkFold.Base.Algebra.EllipticCurve.Pairing import ZkFold.Base.Algebra.Polynomials.Univariate (toPoly) --------------------------- Scalar field ---------------------------------------- +-------------------------- Scalar field & field towers ------------------------- -- Designations of curve parameters are as in: From 4ba3ebab6a2721f18f176d327eb5c51c92aa7c2e Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Wed, 18 Dec 2024 10:45:54 -0800 Subject: [PATCH 08/13] Update Secp256k1.hs --- .../src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs index 79d4339d5..0e7faed15 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs @@ -12,7 +12,7 @@ import ZkFold.Base.Algebra.Basic.Field import ZkFold.Base.Algebra.Basic.Number import ZkFold.Base.Algebra.EllipticCurve.Class --------------------------- Scalar field & field towers ------------------------- +-------------------------- Scalar field ---------------------------------------- -- Designations of curve parameters are as in: -- https://www.secg.org/sec2-v2.pdf From 0c6630c2f430abf3ce01b99725a61100153ca907 Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Wed, 18 Dec 2024 10:46:15 -0800 Subject: [PATCH 09/13] Update BN254.hs --- symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs | 1 - 1 file changed, 1 deletion(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs index a26eb3d83..a368fce09 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs @@ -32,7 +32,6 @@ import ZkFold.Base.Algebra.Polynomials.Univariate (toPoly) -------------------------- Scalar field & field towers ------------------------- - -- Designations of curve parameters are as in: -- https://pkg.go.dev/github.com/consensys/gnark-crypto/ecc/bn254 From c9d3899103246bbc2b52c8776f6fc2b9d15c802a Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Wed, 18 Dec 2024 10:50:09 -0800 Subject: [PATCH 10/13] Update EllipticCurve.hs --- symbolic-base/test/Tests/EllipticCurve.hs | 1 + 1 file changed, 1 insertion(+) diff --git a/symbolic-base/test/Tests/EllipticCurve.hs b/symbolic-base/test/Tests/EllipticCurve.hs index 843538fd5..2a1ea765b 100644 --- a/symbolic-base/test/Tests/EllipticCurve.hs +++ b/symbolic-base/test/Tests/EllipticCurve.hs @@ -25,6 +25,7 @@ data TestVector = TestVector , _y :: Natural -- y coordinate of scaled generator point } +-- https://chuckbatson.wordpress.com/2014/11/26/secp256k1-test-vectors/ secp256k1testVectors :: [TestVector] secp256k1testVectors = [ TestVector From 21692e3d213e4d3f761bbabe898e9d0ff4e75a67 Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Wed, 18 Dec 2024 10:57:00 -0800 Subject: [PATCH 11/13] pointGen --- .../src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs | 4 ++-- .../src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs | 4 ++-- .../src/ZkFold/Base/Algebra/EllipticCurve/Class.hs | 4 ++-- .../src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs | 2 +- .../src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs | 4 ++-- .../src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs | 2 +- symbolic-base/src/ZkFold/Base/Protocol/KZG.hs | 6 +++--- symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs | 4 ++-- symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Setup.hs | 6 +++--- symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs | 4 ++-- symbolic-base/src/ZkFold/Base/Protocol/Protostar/Commit.hs | 4 ++-- symbolic-base/src/ZkFold/Symbolic/Algorithms/ECDSA/ECDSA.hs | 2 +- symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs | 2 +- symbolic-base/test/Tests/EllipticCurve.hs | 2 +- symbolic-base/test/Tests/Pairing.hs | 4 ++-- 15 files changed, 27 insertions(+), 27 deletions(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs index d004d2b98..59976ed5c 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BLS12_381.hs @@ -67,7 +67,7 @@ instance EllipticCurve BLS12_381_G1 where type BaseField BLS12_381_G1 = Fq - gen = pointXY + pointGen = pointXY 0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb 0x8b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1 @@ -91,7 +91,7 @@ instance EllipticCurve BLS12_381_G2 where type BaseField BLS12_381_G2 = Fq2 - gen = pointXY + pointGen = pointXY (Ext2 0x24aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8 0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs index a368fce09..c6e0ea7ef 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/BN254.hs @@ -70,7 +70,7 @@ data BN254_G1 instance EllipticCurve BN254_G1 where type ScalarField BN254_G1 = Fr type BaseField BN254_G1 = Fp - gen = pointXY 1 2 + pointGen = pointXY 1 2 add = addPoints mul = pointMul @@ -85,7 +85,7 @@ data BN254_G2 instance EllipticCurve BN254_G2 where type ScalarField BN254_G2 = Fr type BaseField BN254_G2 = Fp2 - gen = pointXY + pointGen = pointXY (Ext2 0x1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed 0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2) (Ext2 0x12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs index fe32e7912..638305de6 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs @@ -98,7 +98,7 @@ class type BooleanOf curve :: Type type BooleanOf curve = P.Bool - gen :: Point curve + pointGen :: Point curve add :: Point curve -> Point curve -> Point curve @@ -136,7 +136,7 @@ instance (EllipticCurve curve, AdditiveGroup (BaseField curve)) => AdditiveGroup negate = pointNegate instance (EllipticCurve curve, Arbitrary (ScalarField curve)) => Arbitrary (Point curve) where - arbitrary = arbitrary <&> (`mul` gen) + arbitrary = arbitrary <&> (`mul` pointGen) class (EllipticCurve curve1, EllipticCurve curve2, ScalarField curve1 ~ ScalarField curve2, P.Eq (TargetGroup curve1 curve2), MultiplicativeGroup (TargetGroup curve1 curve2), diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs index f5bd107be..970771bbd 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Ed25519.hs @@ -33,7 +33,7 @@ instance EllipticCurve Ed25519 where type BaseField Ed25519 = Zp Ed25519_Base type ScalarField Ed25519 = Zp Ed25519_Scalar - gen = pointXY + pointGen = pointXY (toZp @Ed25519_Base $ 15112221349535400772501151409588531511454012693041857206046113283949847762202) (toZp @Ed25519_Base $ 46316835694926478169428394003475163141307993866256225615783033603165251855960) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs index 72f6c9a79..8b4a9af04 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Pasta.hs @@ -31,7 +31,7 @@ instance EllipticCurve Pallas where type BaseField Pallas = Fp - gen = pointXY + pointGen = pointXY 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000000 0x02 @@ -54,7 +54,7 @@ instance EllipticCurve Vesta where type BaseField Vesta = Fq - gen = pointXY + pointGen = pointXY 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000000 0x02 diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs index 0e7faed15..5b6dd06e7 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Secp256k1.hs @@ -33,7 +33,7 @@ data Secp256k1 instance EllipticCurve Secp256k1 where type ScalarField Secp256k1 = Fn type BaseField Secp256k1 = Fp - gen = pointXY + pointGen = pointXY 0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798 0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8 add = addPoints diff --git a/symbolic-base/src/ZkFold/Base/Protocol/KZG.hs b/symbolic-base/src/ZkFold/Base/Protocol/KZG.hs index a20332b01..5b600b7a3 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/KZG.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/KZG.hs @@ -66,15 +66,15 @@ instance forall (c1 :: Type) (c2 :: Type) d kzg f g1 core. setupProve (KZG x) = let d = value @d xs = V.fromList $ map (x^) [0..d-!1] - gs = fmap (`mul` gen) xs + gs = fmap (`mul` pointGen) xs in gs setupVerify :: kzg -> SetupVerify kzg setupVerify (KZG x) = let d = value @d xs = V.fromList $ map (x^) [0..d-!1] - gs = fmap (`mul` gen) xs - in (gs, gen, x `mul` gen) + gs = fmap (`mul` pointGen) xs + in (gs, pointGen, x `mul` pointGen) prove :: SetupProve kzg -> Witness kzg diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs index 69113d6a9..777690346 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Verifier.hs @@ -145,8 +145,8 @@ plonkVerify -- Step 12: Compute E e = ( negate r0 + v * a_xi + vn 2 * b_xi + vn 3 * c_xi + vn 4 * s1_xi + vn 5 * s2_xi + eta * z1_xi' - ) `mul` gen + ) `mul` pointGen -- Step 13: Compute the pairing p1 = pairing (proof1 + eta `mul` proof2) h1 - p2 = pairing (xi `mul` proof1 + (eta * xi * omega) `mul` proof2 + f - e) (gen @c2) + p2 = pairing (xi `mul` proof1 + (eta * xi * omega) `mul` proof2 + f - e) (pointGen @c2) diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Setup.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Setup.hs index 701e87af3..7110c8b14 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Setup.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Setup.hs @@ -75,9 +75,9 @@ plonkupSetup :: forall i p n l c1 c2 ts core. , CoreFunction c1 core) => Plonkup p i n l c1 c2 ts -> PlonkupSetup p i n l c1 c2 plonkupSetup Plonkup {..} = let xs = fromList $ map (x^) [0 .. (value @n + 5)] - gs = fmap (`mul` gen) xs - h0 = gen - h1 = x `mul` gen + gs = fmap (`mul` pointGen) xs + h0 = pointGen + h1 = x `mul` pointGen relation@PlonkupRelation{..} = fromJust $ toPlonkupRelation ac :: PlonkupRelation p i n l (ScalarField c1) diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs index fb897c3e3..aa1d7df99 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Verifier.hs @@ -149,8 +149,8 @@ plonkupVerify e = ( negate r0 + v * a_xi + vn 2 * b_xi + vn 3 * c_xi + vn 4 * s1_xi + vn 5 * s2_xi + vn 6 * f_xi + vn 7 * t_xi + vn 8 * h2_xi + eta * z1_xi' + eta * v * t_xi' + eta * vn 2 * z2_xi' + eta * vn 3 * h1_xi' - ) `mul` gen + ) `mul` pointGen -- Step 13: Compute the pairing p1 = pairing (proof1 + eta `mul` proof2) h1 - p2 = pairing (xi `mul` proof1 + (eta * xi * omega) `mul` proof2 + f - e) (gen @c2) + p2 = pairing (xi `mul` proof1 + (eta * xi * omega) `mul` proof2 + f - e) (pointGen @c2) diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Protostar/Commit.hs b/symbolic-base/src/ZkFold/Base/Protocol/Protostar/Commit.hs index 33ea962ec..901255792 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Protostar/Commit.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Protostar/Commit.hs @@ -37,13 +37,13 @@ instance KnownNat n => PedersonSetup n (Point BLS12_381_G1) where groupElements = -- TODO: This is just for testing purposes! Not to be used in production let x = fst $ random $ mkStdGen 0 :: Zp BLS12_381_Scalar - in fromList $ take (value @n) $ iterate (scale x) gen + in fromList $ take (value @n) $ iterate (scale x) pointGen instance KnownNat n => PedersonSetup n (Point Ed25519) where groupElements = -- TODO: This is just for testing purposes! Not to be used in production let x = fst $ random $ mkStdGen 0 :: ScalarField Ed25519 - in fromList $ take (value @n) $ iterate (scale x) gen + in fromList $ take (value @n) $ iterate (scale x) pointGen instance (PedersonSetup n c, Scale f c, AdditiveGroup c) => HomomorphicCommit (Vector n f) c where hcommit v = sum $ zipWith scale v groupElements diff --git a/symbolic-base/src/ZkFold/Symbolic/Algorithms/ECDSA/ECDSA.hs b/symbolic-base/src/ZkFold/Symbolic/Algorithms/ECDSA/ECDSA.hs index 243a1083b..c29ea7da0 100644 --- a/symbolic-base/src/ZkFold/Symbolic/Algorithms/ECDSA/ECDSA.hs +++ b/symbolic-base/src/ZkFold/Symbolic/Algorithms/ECDSA/ECDSA.hs @@ -39,7 +39,7 @@ ecdsaVerify publicKey message (r, s) = where n = fromConstant $ value @n - g = gen + g = pointGen (sInv, _, _) = eea s n diff --git a/symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs b/symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs index 009a2715c..399863142 100644 --- a/symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs +++ b/symbolic-base/src/ZkFold/Symbolic/Data/Ed25519.hs @@ -38,7 +38,7 @@ instance type ScalarField (AcEd25519 c) = FieldElement c type BooleanOf (AcEd25519 c) = Bool c - gen = pointXY + pointGen = pointXY (fromConstant (15112221349535400772501151409588531511454012693041857206046113283949847762202 :: Natural)) (fromConstant (46316835694926478169428394003475163141307993866256225615783033603165251855960 :: Natural)) diff --git a/symbolic-base/test/Tests/EllipticCurve.hs b/symbolic-base/test/Tests/EllipticCurve.hs index 2a1ea765b..fb5792cbc 100644 --- a/symbolic-base/test/Tests/EllipticCurve.hs +++ b/symbolic-base/test/Tests/EllipticCurve.hs @@ -16,7 +16,7 @@ specEllipticCurve = hspec $ do it "should match test vector" $ do let p, q :: Point Secp256k1 p = pointXY (fromConstant x) (fromConstant y) - q = scale k gen + q = scale k pointGen p `shouldBe` q data TestVector = TestVector diff --git a/symbolic-base/test/Tests/Pairing.hs b/symbolic-base/test/Tests/Pairing.hs index 1a0eedd94..d1c749d32 100644 --- a/symbolic-base/test/Tests/Pairing.hs +++ b/symbolic-base/test/Tests/Pairing.hs @@ -34,11 +34,11 @@ propVerificationKZG x p z = let n = deg $ vec2poly p -- G1 - gs = V.fromList $ map ((`mul` gen) . (x^)) [0 .. n] + gs = V.fromList $ map ((`mul` pointGen) . (x^)) [0 .. n] g0 = V.head gs :: Point c1 -- G2 - h0 = gen :: Point c2 + h0 = pointGen :: Point c2 h1 = x `mul` h0 com = msm @c1 @core From bfa6bcb6be46005030c866467738ead45f2ca2d9 Mon Sep 17 00:00:00 2001 From: echatav Date: Wed, 18 Dec 2024 19:12:21 +0000 Subject: [PATCH 12/13] stylish-haskell auto-commit --- .../src/ZkFold/Base/Algebra/EllipticCurve/Class.hs | 6 +++--- symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs | 2 +- symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs | 2 +- symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs | 2 +- symbolic-base/test/Main.hs | 2 +- symbolic-base/test/Tests/Binary.hs | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs index 638305de6..46f47e46a 100644 --- a/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs +++ b/symbolic-base/src/ZkFold/Base/Algebra/EllipticCurve/Class.hs @@ -201,9 +201,9 @@ class EllipticCurve curve => WeierstrassCurve curve where weierstrassB :: BaseField curve data CompressedPoint curve = CompressedPoint - { _x :: BaseField curve - , _bigY :: BooleanOf curve - , _isInf :: BooleanOf curve + { _x :: BaseField curve + , _bigY :: BooleanOf curve + , _isInf :: BooleanOf curve } deriving Generic pointCompressed :: BoolType (BooleanOf curve) => BaseField curve -> BooleanOf curve -> CompressedPoint curve diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs index 6d2effa42..f1fc4fa8b 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonk/Prover.hs @@ -13,7 +13,7 @@ import Prelude hiding (Num import ZkFold.Base.Algebra.Basic.Class import ZkFold.Base.Algebra.Basic.Number (KnownNat, Natural, value) -import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), CompressedPoint, compress) +import ZkFold.Base.Algebra.EllipticCurve.Class (CompressedPoint, EllipticCurve (..), compress) import ZkFold.Base.Algebra.Polynomials.Univariate hiding (qr) import ZkFold.Base.Data.Vector ((!!)) import ZkFold.Base.Protocol.NonInteractiveProof diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs index 69537d27a..ea1749954 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup.hs @@ -15,7 +15,7 @@ import qualified Prelude as P hiding import ZkFold.Base.Algebra.Basic.Class import ZkFold.Base.Algebra.Basic.Number -import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), Pairing (..), CompressedPoint) +import ZkFold.Base.Algebra.EllipticCurve.Class (CompressedPoint, EllipticCurve (..), Pairing (..)) import ZkFold.Base.Protocol.NonInteractiveProof import ZkFold.Base.Protocol.Plonkup.Input import ZkFold.Base.Protocol.Plonkup.Internal diff --git a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs index cefbb0b0e..3fdb24c9d 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/Plonkup/Prover.hs @@ -16,7 +16,7 @@ import Prelude hiding (Num import ZkFold.Base.Algebra.Basic.Class import ZkFold.Base.Algebra.Basic.Number (KnownNat, Natural, value) -import ZkFold.Base.Algebra.EllipticCurve.Class (EllipticCurve (..), CompressedPoint, compress) +import ZkFold.Base.Algebra.EllipticCurve.Class (CompressedPoint, EllipticCurve (..), compress) import ZkFold.Base.Algebra.Polynomials.Univariate hiding (qr) import ZkFold.Base.Data.Vector ((!!)) import ZkFold.Base.Protocol.NonInteractiveProof diff --git a/symbolic-base/test/Main.hs b/symbolic-base/test/Main.hs index 5565ba933..ecb60b636 100644 --- a/symbolic-base/test/Main.hs +++ b/symbolic-base/test/Main.hs @@ -7,8 +7,8 @@ import Tests.Binary (specBinary) import Tests.Blake2b (specBlake2b) import Tests.ByteString (specByteString) import Tests.Compiler (specCompiler) -import Tests.FFA (specFFA) import Tests.EllipticCurve (specEllipticCurve) +import Tests.FFA (specFFA) import Tests.Field (specField) import Tests.GroebnerBasis (specGroebner) import Tests.Group (specAdditiveGroup) diff --git a/symbolic-base/test/Tests/Binary.hs b/symbolic-base/test/Tests/Binary.hs index a4275ec62..a1775b04e 100644 --- a/symbolic-base/test/Tests/Binary.hs +++ b/symbolic-base/test/Tests/Binary.hs @@ -9,7 +9,7 @@ import Test.QuickCheck import ZkFold.Base.Algebra.Basic.Field (Zp) import ZkFold.Base.Algebra.EllipticCurve.BLS12_381 (BLS12_381_G1, BLS12_381_G2, BLS12_381_Scalar) import ZkFold.Base.Algebra.EllipticCurve.BN254 (BN254_G1, BN254_G2) -import ZkFold.Base.Algebra.EllipticCurve.Class (Point, CompressedPoint) +import ZkFold.Base.Algebra.EllipticCurve.Class (CompressedPoint, Point) import ZkFold.Base.Algebra.EllipticCurve.Pasta (Pallas, Vesta) import ZkFold.Base.Data.ByteString (LittleEndian, fromByteString, toByteString) From 6952a07175991cb150aa2cca7d42b7bf946730a3 Mon Sep 17 00:00:00 2001 From: Eitan Chatav Date: Mon, 23 Dec 2024 07:53:24 -0800 Subject: [PATCH 13/13] Update Commit.hs --- symbolic-base/src/ZkFold/Base/Protocol/IVC/Commit.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/symbolic-base/src/ZkFold/Base/Protocol/IVC/Commit.hs b/symbolic-base/src/ZkFold/Base/Protocol/IVC/Commit.hs index cfa084d40..9dd0ff578 100644 --- a/symbolic-base/src/ZkFold/Base/Protocol/IVC/Commit.hs +++ b/symbolic-base/src/ZkFold/Base/Protocol/IVC/Commit.hs @@ -38,7 +38,7 @@ instance (EllipticCurve curve, Random (ScalarField curve)) => PedersonSetup [] ( groupElements = -- TODO: This is just for testing purposes! Not to be used in production let x = fst $ random $ mkStdGen 0 :: ScalarField curve - in take (value @PedersonSetupMaxSize) $ iterate (mul x) gen + in take (value @PedersonSetupMaxSize) $ iterate (mul x) pointGen instance (KnownNat n, EllipticCurve curve, Random (ScalarField curve), n <= PedersonSetupMaxSize) => PedersonSetup (Vector n) (Point curve) where groupElements =