Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
alt_bn128.cpp
Go to the documentation of this file.
1#include <gmp.h>
2#include <fc/crypto/alt_bn128.hpp>
3
4#include <libff/algebra/curves/alt_bn128/alt_bn128_g1.hpp>
5#include <libff/algebra/curves/alt_bn128/alt_bn128_g2.hpp>
6#include <libff/algebra/curves/alt_bn128/alt_bn128_pairing.hpp>
7#include <libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
8
9#include <libff/common/profiling.hpp>
10#include <boost/throw_exception.hpp>
11#include <algorithm>
12
13namespace fc {
14
15 using Scalar = libff::bigint<libff::alt_bn128_q_limbs>;
16
17 void initLibSnark() noexcept {
18 static bool s_initialized = []() noexcept {
19 libff::inhibit_profiling_info = true;
20 libff::inhibit_profiling_counters = true;
21 libff::alt_bn128_pp::init_public_params();
22 return true;
23 }();
24 (void)s_initialized;
25 }
26
27 Scalar to_scalar(const bytes& be) noexcept {
28 mpz_t m;
29 mpz_init(m);
30 mpz_import(m, be.size(), /*order=*/1, /*size=*/1, /*endian=*/0, /*nails=*/0, &be[0]);
31 Scalar out{m};
32 mpz_clear(m);
33 return out;
34 }
35
36 // Notation warning: Yellow Paper's p is the same libff's q.
37 // Returns x < p (YP notation).
38 static bool valid_element_of_fp(const Scalar& x) noexcept {
39 return mpn_cmp(x.data, libff::alt_bn128_modulus_q.data, libff::alt_bn128_q_limbs) < 0;
40 }
41
42 std::variant<alt_bn128_error, libff::alt_bn128_G1> decode_g1_element(const bytes& bytes64_be) noexcept {
43 if(bytes64_be.size() != 64) {
44 return alt_bn128_error::input_len_error;
45 }
46
47 bytes sub1(bytes64_be.begin(), bytes64_be.begin()+32);
48 bytes sub2(bytes64_be.begin()+32, bytes64_be.begin()+64);
49
50 Scalar x{to_scalar(sub1)};
51 Scalar y{to_scalar(sub2)};
52
53 if (!valid_element_of_fp(x) || !valid_element_of_fp(y)) {
54 return alt_bn128_error::operand_component_invalid;
55 }
56
57 if (x.is_zero() && y.is_zero()) {
58 return libff::alt_bn128_G1::zero();
59 }
60
61 libff::alt_bn128_G1 point{x, y, libff::alt_bn128_Fq::one()};
62 if (!point.is_well_formed()) {
63 return alt_bn128_error::operand_not_in_curve;
64 }
65 return point;
66 }
67
68 std::variant<alt_bn128_error, libff::alt_bn128_Fq2> decode_fp2_element(const bytes& bytes64_be) noexcept {
69 if(bytes64_be.size() != 64) {
70 return alt_bn128_error::input_len_error;
71 }
72
73 // big-endian encoding
74 bytes sub1(bytes64_be.begin()+32, bytes64_be.begin()+64);
75 bytes sub2(bytes64_be.begin(), bytes64_be.begin()+32);
76
77 Scalar c0{to_scalar(sub1)};
78 Scalar c1{to_scalar(sub2)};
79
80 if (!valid_element_of_fp(c0) || !valid_element_of_fp(c1)) {
81 return alt_bn128_error::operand_component_invalid;
82 }
83
84 return libff::alt_bn128_Fq2{c0, c1};
85 }
86
87 std::variant<alt_bn128_error, libff::alt_bn128_G2> decode_g2_element(const bytes& bytes128_be) noexcept {
88 if(bytes128_be.size() != 128) {
89 return alt_bn128_error::input_len_error;
90 }
91
92 bytes sub1(bytes128_be.begin(), bytes128_be.begin()+64);
93 auto maybe_x = decode_fp2_element(sub1);
94 if (std::holds_alternative<alt_bn128_error>(maybe_x)) {
95 return std::get<alt_bn128_error>(maybe_x);
96 }
97
98 bytes sub2(bytes128_be.begin()+64, bytes128_be.begin()+128);
99 auto maybe_y = decode_fp2_element(sub2);
100 if (std::holds_alternative<alt_bn128_error>(maybe_y)) {
101 return std::get<alt_bn128_error>(maybe_y);
102 }
103
104 const auto& x = std::get<libff::alt_bn128_Fq2>(maybe_x);
105 const auto& y = std::get<libff::alt_bn128_Fq2>(maybe_y);
106
107 if (x.is_zero() && y.is_zero()) {
108 return libff::alt_bn128_G2::zero();
109 }
110
111 libff::alt_bn128_G2 point{x, y, libff::alt_bn128_Fq2::one()};
112 if (!point.is_well_formed()) {
113 return alt_bn128_error::operand_not_in_curve;
114 }
115
116 if (!(libff::alt_bn128_G2::order() * point).is_zero()) {
117 // wrong order, doesn't belong to the subgroup G2
118 return alt_bn128_error::operand_outside_g2;
119 }
120
121 return point;
122 }
123
124 bytes encode_g1_element(libff::alt_bn128_G1 p) noexcept {
125 bytes out(64, '\0');
126 if (p.is_zero()) {
127 return out;
128 }
129
130 p.to_affine_coordinates();
131
132 auto x{p.X.as_bigint()};
133 auto y{p.Y.as_bigint()};
134
135 std::memcpy(&out[0], y.data, 32);
136 std::memcpy(&out[32], x.data, 32);
137
138 std::reverse(out.begin(), out.end());
139 return out;
140 }
141
142 std::variant<alt_bn128_error, bytes> alt_bn128_add(const bytes& op1, const bytes& op2) {
143 fc::initLibSnark();
144
145 auto maybe_x = decode_g1_element(op1);
146 if (std::holds_alternative<alt_bn128_error>(maybe_x)) {
147 return std::get<alt_bn128_error>(maybe_x);
148 }
149
150 auto maybe_y = decode_g1_element(op2);
151 if (std::holds_alternative<alt_bn128_error>(maybe_y)) {
152 return std::get<alt_bn128_error>(maybe_y);
153 }
154
155 const auto& x = std::get<libff::alt_bn128_G1>(maybe_x);
156 const auto& y = std::get<libff::alt_bn128_G1>(maybe_y);
157
158 libff::alt_bn128_G1 g1Sum = x + y;
159 return encode_g1_element(g1Sum);
160 }
161
162 std::variant<alt_bn128_error, bytes> alt_bn128_mul(const bytes& g1_point, const bytes& scalar) {
163 initLibSnark();
164
165 auto maybe_x = decode_g1_element(g1_point);
166 if (std::holds_alternative<alt_bn128_error>(maybe_x)) {
167 return std::get<alt_bn128_error>(maybe_x);
168 }
169
170 auto& x = std::get<libff::alt_bn128_G1>(maybe_x);
171
172 if(scalar.size() != 32) {
173 return alt_bn128_error::invalid_scalar_size;
174 }
175
176 Scalar n{to_scalar(scalar)};
177
178 libff::alt_bn128_G1 g1Product = n * x;
179 return encode_g1_element(g1Product);
180 }
181
182 static constexpr size_t kSnarkvStride{192};
183
184 std::variant<alt_bn128_error, bool> alt_bn128_pair(const bytes& g1_g2_pairs, const yield_function_t& yield) {
185 if (g1_g2_pairs.size() % kSnarkvStride != 0) {
186 return alt_bn128_error::pairing_list_size_error;
187 }
188
189 size_t k{g1_g2_pairs.size() / kSnarkvStride};
190
191 initLibSnark();
192 using namespace libff;
193
194 static const auto one{alt_bn128_Fq12::one()};
195 auto accumulator{one};
196
197 for (size_t i{0}; i < k; ++i) {
198 auto offset = i * kSnarkvStride;
199
200 bytes sub1(g1_g2_pairs.begin()+offset, g1_g2_pairs.begin()+offset+64);
201 auto maybe_a = decode_g1_element(sub1);
202 if (std::holds_alternative<alt_bn128_error>(maybe_a)) {
203 return std::get<alt_bn128_error>(maybe_a);
204 }
205
206 bytes sub2(g1_g2_pairs.begin()+offset+64, g1_g2_pairs.begin()+offset+64+128);
207 auto maybe_b = decode_g2_element(sub2);
208 if (std::holds_alternative<alt_bn128_error>(maybe_b)) {
209 return std::get<alt_bn128_error>(maybe_b);
210 }
211
212 const auto& a = std::get<libff::alt_bn128_G1>(maybe_a);
213 const auto& b = std::get<libff::alt_bn128_G2>(maybe_b);
214
215 if (a.is_zero() || b.is_zero()) {
216 continue;
217 }
218
219 accumulator = accumulator * alt_bn128_miller_loop(alt_bn128_precompute_G1(a), alt_bn128_precompute_G2(b));
220 yield();
221 }
222
223 bool pair_result = false;
224 if (alt_bn128_final_exponentiation(accumulator) == one) {
225 pair_result = true;
226 }
227
228 return pair_result;
229 }
230}
one
std::string one()
Definition 030-Asn-Require-Check.cpp:15
alt_bn128.hpp
alt_bn128_g1.hpp
alt_bn128_g2.hpp
alt_bn128_pairing.hpp
alt_bn128_pp.hpp
p
const mie::Vuint & p
Definition bn.cpp:27
fc::optional_delegate
Definition utility.hpp:183
libff::Fp2_model< alt_bn128_q_limbs, alt_bn128_modulus_q >
libff::Fp2_model< alt_bn128_q_limbs, alt_bn128_modulus_q >::one
static Fp2_model< n, modulus > one()
libff::Fp_model< alt_bn128_q_limbs, alt_bn128_modulus_q >::one
static Fp_model< n, modulus > one()
libff::alt_bn128_G1
Definition alt_bn128_g1.hpp:21
libff::alt_bn128_G1::zero
static alt_bn128_G1 zero()
Definition alt_bn128_g1.cpp:393
libff::alt_bn128_G2
Definition alt_bn128_g2.hpp:21
libff::alt_bn128_G2::zero
static alt_bn128_G2 zero()
Definition alt_bn128_g2.cpp:407
libff::alt_bn128_G2::order
static bigint< scalar_field::num_limbs > order()
Definition alt_bn128_g2.hpp:74
libff::alt_bn128_pp::init_public_params
static void init_public_params()
Definition alt_bn128_pp.cpp:12
fc
namespace sysio::chain
Definition authority.cpp:3
fc::to_scalar
Scalar to_scalar(const bytes &be) noexcept
Definition alt_bn128.cpp:27
fc::decode_g2_element
std::variant< alt_bn128_error, libff::alt_bn128_G2 > decode_g2_element(const bytes &bytes128_be) noexcept
Definition alt_bn128.cpp:87
fc::encode_g1_element
bytes encode_g1_element(libff::alt_bn128_G1 p) noexcept
Definition alt_bn128.cpp:124
fc::bytes
std::vector< char > bytes
Definition alt_bn128.hpp:10
fc::initLibSnark
void initLibSnark() noexcept
Definition alt_bn128.cpp:17
fc::decode_fp2_element
std::variant< alt_bn128_error, libff::alt_bn128_Fq2 > decode_fp2_element(const bytes &bytes64_be) noexcept
Definition alt_bn128.cpp:68
fc::alt_bn128_add
std::variant< alt_bn128_error, bytes > alt_bn128_add(const bytes &op1, const bytes &op2)
Definition alt_bn128.cpp:142
fc::y
uint64_t y
Definition sha3.cpp:34
fc::alt_bn128_mul
std::variant< alt_bn128_error, bytes > alt_bn128_mul(const bytes &g1_point, const bytes &scalar)
Definition alt_bn128.cpp:162
fc::Scalar
libff::bigint< libff::alt_bn128_q_limbs > Scalar
Definition alt_bn128.cpp:15
fc::decode_g1_element
std::variant< alt_bn128_error, libff::alt_bn128_G1 > decode_g1_element(const bytes &bytes64_be) noexcept
Definition alt_bn128.cpp:42
fc::alt_bn128_pair
std::variant< alt_bn128_error, bool > alt_bn128_pair(const bytes &g1_g2_pairs, const yield_function_t &yield)
Definition alt_bn128.cpp:184
libff::alt_bn128_modulus_q
bigint< alt_bn128_q_limbs > alt_bn128_modulus_q
Definition alt_bn128_init.cpp:15
libff::alt_bn128_q_limbs
const mp_size_t alt_bn128_q_limbs
Definition alt_bn128_init.hpp:22
libff::inhibit_profiling_info
bool inhibit_profiling_info
Definition profiling.cpp:95
libff::inhibit_profiling_counters
bool inhibit_profiling_counters
Definition profiling.cpp:96
a
const GenericPointer< typename T::ValueType > T2 T::AllocatorType & a
Definition pointer.h:1181