refactor: eddsa factorizing and code cleaning #285
Conversation
…ing for bandersnatch
…object of same type
std/algebra/twistededwards/point.go
Outdated
| @@ -150,7 +145,7 @@ func (p *Point) ScalarMul(api frontend.API, p1 *Point, scalar frontend.Variable, | |||
| // DoubleBaseScalarMul computes s1*P1+s2*P2 | |||
| // where P1 and P2 are points on a twisted Edwards curve | |||
| // and s1, s2 scalars. | |||
| func (p *Point) DoubleBaseScalarMul(api frontend.API, p1, p2 *Point, s1, s2 frontend.Variable, curve EdCurve) *Point { | |||
| func (p *Point) DoubleBaseScalarMul(api frontend.API, p1, p2 *Point, s1, s2 frontend.Variable, curve *CurveParams) *Point { | |||
There was a problem hiding this comment.
Couldn't this also use GLV?
There was a problem hiding this comment.
that's a @yelhousni question --> but this branch should be merged in his current WIP branch, not in develop.
There was a problem hiding this comment.
It could but constraint-wise it's worse. It would need a Lookup4. The analysis is similar to a 2-bit window vs. a 4-bit window.
|
I'm not sure if it makes sense in the current PR context, but maybe should initialise the hint in And it seems that if But otherwise, looks good. |
|
re hint declaration, will revisit in separate PR before v0.7.0 release (see also #287 ) . Good observation for |
* perf(std/tEd): first bit in ScalarMul handled separately * perf(std/tEd): rearrange Double --> less constraints * perf(std/EdDSA): rearrange eddsa verify (-1 addtion, -1 MustBeOnCurve) * perf(std/tEd): Lookup2 for first 2 bits in ScalarMulFixedBase * perf(std/tEd): FixedPoint should be hidden by the API * test(tEd): test scalarMul for all curves and schemes * fix(tEd): case when scalar size is odd * fix(tEd): case when scalar size is odd * refactor(eddsa): rearrange eddsa verif as cofactor clearing counts * feat(tEd): implements double-base scalar mul * perf(EdDSA): eddsa gadget using double-base scalar mul * perf(bandersnatch): apply tEd perf changes to Bandersnatch * fix: fixed wrong bigInt op in plonk api * style(eddsa, tEd): no benchmarks * style(eddsa, tEd): no benchmarks * perf(bandersnatch): GLV scalar mul in-circuit * test(twistededwards): randomise test * refactor(bandersnatch): review PR 263 * fix(bandersnatch): curveID in hint not checked * fix(bandersnatch): check curveID for endomorphism availability * style(bandersnatch): correct comment * style(bandersnatch): correct comment about negative scalars * fix(bandersnatch): increase scalars size bound to 129 + comments * fix: hint signature in bandersnatch matches new format * refactor: eddsa factorizing and code cleaning (#285) * build: updated to latest gnark-crypto * build: updated to latest gnark-crypto * refactor: introduce Curve interface in std/ and updated eddsa tests * feat: added std/eddsa publicKey and signature assign helpers * refactor(std): merged twistededwards and bandersnatch. IsOnCurve failing for bandersnatch * fix: closes #283. ensure test.Assert compile cache handles different object of same type * fix: use UnsafeAddr instead of UnsafePointer to be retro compatible * fix: fix previous commit * test: test all twisted ed curve operations * Fixes #283 : ensure test.Assert compile cache handles different objects of same type (#284) * fix: closes #283. ensure test.Assert compile cache handles different object of same type * fix: use UnsafeAddr instead of UnsafePointer to be retro compatible * fix: fix previous commit * fix: apply pr patch * style: make twistededwards/Point methods package private * style: fix gosec errors in std/eddsa * feat: disable GLV mul in bandersnatch until #268 is fixed Co-authored-by: Thomas Piellard <[email protected]> Co-authored-by: Gautam Botrel <[email protected]>
|
I'm new to Gnark and zk-proofs in general and I am trying to implement some of your examples, but for some reason they are full of little complexities that seem related to the fast-moving pace of this project. Just wanted to comment that we noobs would greatly appreciate the examples to remain up to date and easily runnable. As fun as it is to rummage through the Issues tab, it is frustrating at times, considering how the topic itself is difficult to comprehend, let alone having to debug examples while you try to bring your ideas to life. Thanks for all your hard work! It is because of people like you that noobs can even begin to dream up ideas for the new world. |
std/code for bandersnatch and twistededwards in one single package.Twisted edwards curve usage is now, in a circuit (including bandersnatch);
The
curveobject has point arithmetic defined on it, and if an endomorphism is available, will use scalarMulGLV.eddsa usage is now:
Both
std/.../eddsaandstd/.../twistededwardspackages test all twisted edwards curves.Fixes #262