Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implements support MNT4 and MNT6 (753 bits) #3

Open
wants to merge 53 commits into
base: master
Choose a base branch
from
Open

Implements support MNT4 and MNT6 (753 bits) #3

wants to merge 53 commits into from

Conversation

AlexandreBelling
Copy link

@AlexandreBelling AlexandreBelling commented Aug 30, 2019
edited
Loading

Implements support for MNT4 and MNT6

Changes

  • Two engines for MNT4 and MNT6
  • The testing include the full algebraic test suite (engine, groups and fields)
  • The random generator is functional for G2 elements
  • A checked specification for both curves
  • Some fixes for benchmarks

Benchmarks

(Obtained on a Dell XPS 15 with an Intel Core i7 processor)

test mnt4_753::bench_pairing_final_exponentiation  ... bench:     998,891 ns/iter (+/- 61,095)
test mnt4_753::bench_pairing_full                  ... bench:   1,745,460 ns/iter (+/- 30,674)
test mnt4_753::bench_pairing_g1_preparation        ... bench:          14 ns/iter (+/- 0)
test mnt4_753::bench_pairing_g2_preparation        ... bench:     189,141 ns/iter (+/- 10,490)
test mnt4_753::bench_pairing_miller_loop           ... bench:     535,895 ns/iter (+/- 18,953)
test mnt4_753::ec::g1::bench_g1_add_assign         ... bench:         550 ns/iter (+/- 28)
test mnt4_753::ec::g1::bench_g1_add_assign_mixed   ... bench:         439 ns/iter (+/- 33)
test mnt4_753::ec::g1::bench_g1_mul_assign         ... bench:     159,584 ns/iter (+/- 9,957)
test mnt4_753::ec::g2::bench_g2_add_assign         ... bench:       4,081 ns/iter (+/- 122)
test mnt4_753::ec::g2::bench_g2_add_assign_mixed   ... bench:       2,851 ns/iter (+/- 5)
test mnt4_753::ec::g2::bench_g2_mul_assign         ... bench:     860,419 ns/iter (+/- 91,518)
test mnt4_753::fq2::bench_fq2_add_assign           ... bench:          44 ns/iter (+/- 1)
test mnt4_753::fq2::bench_fq2_inverse              ... bench:      40,781 ns/iter (+/- 3,122)
test mnt4_753::fq2::bench_fq2_mul_assign           ... bench:       1,130 ns/iter (+/- 80)
test mnt4_753::fq2::bench_fq2_sqrt                 ... bench:   1,103,130 ns/iter (+/- 353,512)
test mnt4_753::fq2::bench_fq2_squaring             ... bench:         927 ns/iter (+/- 28)
test mnt4_753::fq2::bench_fq2_sub_assign           ... bench:          46 ns/iter (+/- 1)
test mnt4_753::fq4::bench_fq4_add_assign           ... bench:          85 ns/iter (+/- 1)
test mnt4_753::fq4::bench_fq4_inverse              ... bench:      42,007 ns/iter (+/- 8,622)
test mnt4_753::fq4::bench_fq4_mul_assign           ... bench:       3,482 ns/iter (+/- 130)
test mnt4_753::fq4::bench_fq4_squaring             ... bench:       3,280 ns/iter (+/- 213)
test mnt4_753::fq4::bench_fq4_sub_assign           ... bench:          85 ns/iter (+/- 8)
test mnt4_753::fq::bench_fq_add_assign             ... bench:          21 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_from_repr              ... bench:         252 ns/iter (+/- 14)
test mnt4_753::fq::bench_fq_into_repr              ... bench:         137 ns/iter (+/- 4)
test mnt4_753::fq::bench_fq_inverse                ... bench:      34,657 ns/iter (+/- 3,041)
test mnt4_753::fq::bench_fq_mul_assign             ... bench:         230 ns/iter (+/- 4)
test mnt4_753::fq::bench_fq_negate                 ... bench:          20 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_repr_add_nocarry       ... bench:          13 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_repr_div2              ... bench:          10 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_repr_mul2              ... bench:          15 ns/iter (+/- 3)
test mnt4_753::fq::bench_fq_repr_num_bits          ... bench:           4 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_repr_sub_noborrow      ... bench:          18 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_sqrt                   ... bench:     788,760 ns/iter (+/- 39,088)
test mnt4_753::fq::bench_fq_square                 ... bench:         217 ns/iter (+/- 3)
test mnt4_753::fq::bench_fq_sub_assign             ... bench:          23 ns/iter (+/- 11)
test mnt4_753::fr::bench_fr_add_assign             ... bench:          20 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_from_repr              ... bench:         261 ns/iter (+/- 6)
test mnt4_753::fr::bench_fr_into_repr              ... bench:         140 ns/iter (+/- 11)
test mnt4_753::fr::bench_fr_inverse                ... bench:      39,230 ns/iter (+/- 1,348)
test mnt4_753::fr::bench_fr_mul_assign             ... bench:         327 ns/iter (+/- 13)
test mnt4_753::fr::bench_fr_negate                 ... bench:          29 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_repr_add_nocarry       ... bench:          22 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_repr_div2              ... bench:          15 ns/iter (+/- 8)
test mnt4_753::fr::bench_fr_repr_mul2              ... bench:          27 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_repr_num_bits          ... bench:           8 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_repr_sub_noborrow      ... bench:          31 ns/iter (+/- 7)
test mnt4_753::fr::bench_fr_sqrt                   ... bench:     937,621 ns/iter (+/- 42,484)
test mnt4_753::fr::bench_fr_square                 ... bench:         248 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_sub_assign             ... bench:          25 ns/iter (+/- 6)
test mnt6_753::bench_pairing_final_exponentiation  ... bench:   1,099,490 ns/iter (+/- 5,732)
test mnt6_753::bench_pairing_full                  ... bench:   2,058,537 ns/iter (+/- 272,484)
test mnt6_753::bench_pairing_g1_preparation        ... bench:          16 ns/iter (+/- 0)
test mnt6_753::bench_pairing_g2_preparation        ... bench:     200,764 ns/iter (+/- 869)
test mnt6_753::bench_pairing_miller_loop           ... bench:     571,110 ns/iter (+/- 22,497)
test mnt6_753::ec::g1::bench_g1_add_assign         ... bench:         596 ns/iter (+/- 23)
test mnt6_753::ec::g1::bench_g1_add_assign_mixed   ... bench:         471 ns/iter (+/- 7)
test mnt6_753::ec::g1::bench_g1_mul_assign         ... bench:     154,415 ns/iter (+/- 5,627)
test mnt6_753::ec::g2::bench_g2_add_assign         ... bench:       4,068 ns/iter (+/- 70)
test mnt6_753::ec::g2::bench_g2_add_assign_mixed   ... bench:       2,863 ns/iter (+/- 50)
test mnt6_753::ec::g2::bench_g2_mul_assign         ... bench:     947,165 ns/iter (+/- 32,786)
test mnt6_753::fq3::bench_fq3_add_assign           ... bench:          71 ns/iter (+/- 4)
test mnt6_753::fq3::bench_fq3_inverse              ... bench:      43,361 ns/iter (+/- 1,424)
test mnt6_753::fq3::bench_fq3_mul_assign           ... bench:       2,502 ns/iter (+/- 303)
test mnt6_753::fq3::bench_fq3_sqrt                 ... bench:   3,778,068 ns/iter (+/- 2,954,122)
test mnt6_753::fq3::bench_fq3_squaring             ... bench:       2,241 ns/iter (+/- 528)
test mnt6_753::fq3::bench_fq3_sub_assign           ... bench:          89 ns/iter (+/- 60)
test mnt6_753::fq6::bench_fq6_add_assign           ... bench:         166 ns/iter (+/- 22)
test mnt6_753::fq6::bench_fq6_inverse              ... bench:      60,423 ns/iter (+/- 7,811)
test mnt6_753::fq6::bench_fq6_mul_assign           ... bench:       8,605 ns/iter (+/- 890)
test mnt6_753::fq6::bench_fq6_squaring             ... bench:       6,418 ns/iter (+/- 1,696)
test mnt6_753::fq6::bench_fq6_sub_assign           ... bench:         152 ns/iter (+/- 22)
test mnt6_753::fq::bench_fq_add_assign             ... bench:          22 ns/iter (+/- 5)
test mnt6_753::fq::bench_fq_from_repr              ... bench:         352 ns/iter (+/- 228)
test mnt6_753::fq::bench_fq_into_repr              ... bench:         168 ns/iter (+/- 13)
test mnt6_753::fq::bench_fq_inverse                ... bench:      45,217 ns/iter (+/- 10,955)
test mnt6_753::fq::bench_fq_mul_assign             ... bench:         315 ns/iter (+/- 86)
test mnt6_753::fq::bench_fq_negate                 ... bench:          25 ns/iter (+/- 1)
test mnt6_753::fq::bench_fq_repr_add_nocarry       ... bench:          19 ns/iter (+/- 5)
test mnt6_753::fq::bench_fq_repr_div2              ... bench:          13 ns/iter (+/- 1)
test mnt6_753::fq::bench_fq_repr_mul2              ... bench:          20 ns/iter (+/- 3)
test mnt6_753::fq::bench_fq_repr_num_bits          ... bench:           5 ns/iter (+/- 1)
test mnt6_753::fq::bench_fq_repr_sub_noborrow      ... bench:          19 ns/iter (+/- 0)
test mnt6_753::fq::bench_fq_sqrt                   ... bench:     817,132 ns/iter (+/- 226,900)
test mnt6_753::fq::bench_fq_square                 ... bench:         232 ns/iter (+/- 35)
test mnt6_753::fq::bench_fq_sub_assign             ... bench:          24 ns/iter (+/- 2)
test mnt6_753::fr::bench_fr_add_assign             ... bench:          21 ns/iter (+/- 0)
test mnt6_753::fr::bench_fr_from_repr              ... bench:         268 ns/iter (+/- 8)
test mnt6_753::fr::bench_fr_into_repr              ... bench:         145 ns/iter (+/- 1)
test mnt6_753::fr::bench_fr_inverse                ... bench:      42,182 ns/iter (+/- 2,082)
test mnt6_753::fr::bench_fr_mul_assign             ... bench:         320 ns/iter (+/- 60)
test mnt6_753::fr::bench_fr_negate                 ... bench:          26 ns/iter (+/- 11)
test mnt6_753::fr::bench_fr_repr_add_nocarry       ... bench:          18 ns/iter (+/- 6)
test mnt6_753::fr::bench_fr_repr_div2              ... bench:          10 ns/iter (+/- 0)
test mnt6_753::fr::bench_fr_repr_mul2              ... bench:          15 ns/iter (+/- 1)
test mnt6_753::fr::bench_fr_repr_num_bits          ... bench:           4 ns/iter (+/- 0)
test mnt6_753::fr::bench_fr_repr_sub_noborrow      ... bench:          17 ns/iter (+/- 0)
test mnt6_753::fr::bench_fr_sqrt                   ... bench:     778,973 ns/iter (+/- 46,712)
test mnt6_753::fr::bench_fr_square                 ... bench:         215 ns/iter (+/- 123)
test mnt6_753::fr::bench_fr_sub_assign             ... bench:          19 ns/iter (+/- 6)

Notes

For some reason, bellman crashes when using any of these on a tiny circuit with a thread has overflowed its stack error. Those crashes happens during the proving time are most likely related to an incompatibility with the current implementation of bellman and 768 bits integers.

alexandre.belling added 30 commits July 6, 2019 16:52
Add raw files from Coda's code
4247343
fix(sub_noborrow): Fix test
3e4ff8e
feature(frobenius): Implements frobenius, norm and sqrt
38311ce
tests: Uncomments the tests for fq2
fe6e695
typo: Uses line comment, more practical with vscode
8337aa0
Move out the cfg test, will come back to that later
a624fce
feature(scalar mul): Adds a method to multiply by fp
3b6035a
Remove the assert false
7bb3f0c
feature(optim): Inline field operations
90d0816
fix(non_residue): Fix Fp3 non residue multiplication
055f425
feature(mnt4): Update constants
7fb2c53
feature(algo): Mul Inverse Squared
cdaf6cb
clean squaring implementation
97a4e5d
feature(repr): Remove debug assert
f3540f1
crappy implementation of the squaring
8894534
Karatsuba implementation of the squaring
8a17a86
Karatsuba implementation of the squaring on fq2
44203ea
Fix undetected sign error in the implementation
2230e6f
fix norm implementation
e83d1d8
typo: Fix indentation
267f90c
Optimize inverse implementation
4068f56
fix(frob): Fix wrong digits in the frobenius coefficients
19c8dbd
Karatsuba squaring for fq4
047dda8
Comment out test_b_coefficient
fbf9614
Add curve tests - they do not pass
02c68b8
feature(mnt4): Inline everything
ae17560
fix(g1): Fixes G1 encoding
81248f5
fix(encoding): Resize encoded points
8c06257
feature(mnt): Add tests for G2 generators and coefficients
54ea49a
feature(bench): Compiles benchmarks
1d65a82
alexandre.belling added 23 commits July 19, 2019 21:44
Merge with master - Solves conflicts
ac6cbe4
benchmark(mnt6_753): Add benchmarks and fix the merge
d791eb9
fix(g2): Fix generator on curve
21d652d
nitpick: Remove wrong value for G2_b coeff
01f466e
Compute cofactor for mnt4
6d2ea5b
Functional cofactor for mnt6
0f5958f
Use factorization for the cofactor
37f1d96
feature(mnt6): Functional cofactor
51b7d99
feature(ec): Add transformation tests
ebeda4f
feature(pairing): Implements cyclotomic mul and sparse mul
25e3577
feature(pairing): Fuctional mnt4 pairing
6a37d44
feature(pairing): Port pairing implementation to mnt6
d16ae41 
Unfortunately, this still does not work. Need to apply further changes
clean(mnt4): Apply some cleaning for MNT4
855f4c9
feature(mnt6): Functional pairing
fac12c2
clean(Readme): Correct the Readmes
62b1bab
revert(engine): Accidental commit on tests
cf5f71f
Update Readme
31618cf
clean(todos): Remove outdated todos
7e99023
clean(data): Remove tests data
c762509
revert(tests): Revert accidental loop count modif
5fb4c0a
clean(comments): Remove commented tests
0b57798
clean(imports): Remove unused imports
d160985
clean(fmt): Use clippy fix and fmt
5a2c9f6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@AlexandreBelling