From 01d332ca7809de4878aeb1c6d82ab07899756979 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Mon, 26 Jun 2023 14:29:40 +0200 Subject: [PATCH 1/2] fix(stdlib): correct tecurve contains formula and simplify code --- noir_stdlib/src/ec/montcurve.nr | 18 ++++++------- noir_stdlib/src/ec/swcurve.nr | 17 ++++++------ noir_stdlib/src/ec/tecurve.nr | 47 ++++++++++----------------------- 3 files changed, 31 insertions(+), 51 deletions(-) diff --git a/noir_stdlib/src/ec/montcurve.nr b/noir_stdlib/src/ec/montcurve.nr index e917661f0f1..e698a7841e5 100644 --- a/noir_stdlib/src/ec/montcurve.nr +++ b/noir_stdlib/src/ec/montcurve.nr @@ -41,12 +41,12 @@ mod affine { // Check if zero fn is_zero(self) -> bool { - self.infty == true + self.infty } // Conversion to CurveGroup coordinates fn into_group(self) -> curvegroup::Point { - if self.is_zero() == true { + if self.is_zero() { curvegroup::Point::zero() } else { let (x,y) = (self.x, self.y); @@ -70,7 +70,7 @@ mod affine { fn into_tecurve(self) -> TEPoint { let Self {x, y, infty} = self; - if (infty == true) | (y*(x+1) == 0) { + if infty | (y*(x+1) == 0) { TEPoint::zero() } else { TEPoint::new(x/y, (x-1)/(x+1)) @@ -126,7 +126,7 @@ mod affine { fn msm(self, n: [Field; N], p: [Point; N]) -> Point { let mut out = Point::zero(); - for i in 0..n.len() { + for i in 0..N { out = self.add(out, self.mul(n[i], p[i])); } @@ -156,7 +156,7 @@ mod affine { // Point mapping into equivalent Short Weierstraß curve fn map_into_swcurve(self, p: Point) -> SWPoint { - if p.is_zero() == true { + if p.is_zero() { SWPoint::zero() } else { SWPoint::new((3*p.x + self.j)/(3*self.k), @@ -191,9 +191,9 @@ mod affine { let x2 = 0 - x1 - (j/k); let gx2 = x2*x2*x2 + (j/k)*x2*x2 + x2/(k*k); - let x = if is_square(gx1) == true { x1 } else { x2 }; + let x = if is_square(gx1) { x1 } else { x2 }; - let y = if is_square(gx1) == true { + let y = if is_square(gx1) { let y0 = sqrt(gx1); if y0.sgn0() == 1 { y0 } else { 0 - y0 } } else { @@ -254,7 +254,7 @@ mod curvegroup { // Conversion to affine coordinates fn into_affine(self) -> affine::Point { - if self.is_zero() == true{ + if self.is_zero() { affine::Point::zero() } else { let (x,y,z) = (self.x, self.y, self.z); @@ -328,7 +328,7 @@ mod curvegroup { fn msm(self, n: [Field; N], p: [Point; N]) -> Point { let mut out = Point::zero(); - for i in 0..n.len() { + for i in 0..N { out = self.add(out, self.mul(n[i], p[i])); } diff --git a/noir_stdlib/src/ec/swcurve.nr b/noir_stdlib/src/ec/swcurve.nr index 1f22de5598f..3e4f57c1fa3 100644 --- a/noir_stdlib/src/ec/swcurve.nr +++ b/noir_stdlib/src/ec/swcurve.nr @@ -48,7 +48,7 @@ mod affine { fn into_group(self) -> curvegroup::Point { let Self {x, y, infty} = self; - if infty == true { + if infty { curvegroup::Point::zero() } else { curvegroup::Point::new(x, y, 1) @@ -73,7 +73,7 @@ mod affine { // Check curve coefficients assert(4*a*a*a + 27*b*b != 0); - let curve = Curve { a, b, gen }; + let curve = Curve { a, b, gen }; // gen should be on the curve assert(curve.contains(curve.gen)); @@ -147,7 +147,7 @@ mod affine { fn msm(self, n: [Field; N], p: [Point; N]) -> Point { let mut out = Point::zero(); - for i in 0..n.len() { + for i in 0..N { out = self.add(out, self.mul(n[i], p[i])); } @@ -173,7 +173,7 @@ mod affine { let gx1 = x1*x1*x1 + a*x1 + b; let x2 = z*u*u*x1; let gx2 = x2*x2*x2 + a*x2 + b; - let (x,y) = if is_square(gx1) == true {(x1, sqrt(gx1))} else {(x2, sqrt(gx2))}; + let (x,y) = if is_square(gx1) {(x1, sqrt(gx1))} else {(x2, sqrt(gx2))}; Point::new(x, if u.sgn0() != y.sgn0() {0-y} else {y}) } } @@ -250,7 +250,7 @@ mod curvegroup { // Check curve coefficients assert(4*a*a*a + 27*b*b != 0); - let curve = Curve { a, b, gen }; + let curve = Curve { a, b, gen }; // gen should be on the curve assert(curve.contains(curve.gen)); @@ -331,12 +331,11 @@ mod curvegroup { // If k is the natural number represented by `bits`, then this computes p + ... + p k times. fn bit_mul(self, bits: [u1; N], p: Point) -> Point { let mut out = Point::zero(); - let n = bits.len(); - for i in 0..n { + for i in 0..N { out = self.add( self.add(out, out), - if(bits[n - i - 1] == 0) {Point::zero()} else {p}); + if(bits[N - i - 1] == 0) {Point::zero()} else {p}); } out @@ -360,7 +359,7 @@ mod curvegroup { fn msm(self, n: [Field; N], p: [Point; N]) -> Point { let mut out = Point::zero(); - for i in 0..n.len() { + for i in 0..N { out = self.add(out, self.mul(n[i], p[i])); } diff --git a/noir_stdlib/src/ec/tecurve.nr b/noir_stdlib/src/ec/tecurve.nr index ff2c398a8a9..35e038f45ff 100644 --- a/noir_stdlib/src/ec/tecurve.nr +++ b/noir_stdlib/src/ec/tecurve.nr @@ -64,7 +64,7 @@ mod affine { // Map into prime-order subgroup of equivalent Montgomery curve fn into_montcurve(self) -> MPoint { - if self.is_zero() == true { + if self.is_zero() { MPoint::zero() } else { let Self {x, y} = self; @@ -83,7 +83,7 @@ mod affine { // Check curve coefficients assert(a*d*(a-d) != 0); - let curve = Curve {a, d, gen}; + let curve = Curve {a, d, gen}; // gen should be on the curve assert(curve.contains(curve.gen)); @@ -145,7 +145,7 @@ mod affine { fn msm(self, n: [Field; N], p: [Point; N]) -> Point { let mut out = Point::zero(); - for i in 0..n.len() { + for i in 0..N { out = self.add(out, self.mul(n[i], p[i])); } @@ -227,34 +227,16 @@ mod curvegroup { // Check for equality fn eq(self, p: Point) -> bool { - if self.is_zero() == true { - p.is_zero() - } else if p.is_zero() == true { - false - } else { - let Self {x: x1, y: y1, t: _t1, z: z1} = self; - let Self {x: x2, y: y2, t: _t2, z:z2} = p; - - if x1*z2 == x2*z1 { - y1*z2 == y2*z1 - } else { - false - } - } + let Self {x: x1, y: y1, t: _t1, z: z1} = self; + let Self {x: x2, y: y2, t: _t2, z:z2} = p; + + (x1*z2 == x2*z1) & (y1*z2 == y2*z1) } // Check if zero fn is_zero(self) -> bool { - let Self {x, y, t, z} = self; - if y == z { - if x == t { - x == 0 - } else { - false - } - } else { - false - } + let Self {x, y, t: _t, z} = self; + (x == 0) & (y == z) } // Conversion to affine coordinates @@ -288,7 +270,7 @@ mod curvegroup { // Check curve coefficients assert(a*d*(a-d) != 0); - let curve = Curve { a, d, gen }; + let curve = Curve { a, d, gen }; // gen should be on the curve assert(curve.contains(curve.gen)); @@ -307,7 +289,7 @@ mod curvegroup { fn contains(self, p: Point) -> bool { let Point {x, y, t, z} = p; - (z != 0) & (z*t == x*y) & (z*z*(self.a*x*x + y*y) == z*z + self.d*x*x*y*y) + (z != 0) & (z*t == x*y) & (z*z*(self.a*x*x + y*y) == z*z*z*z + self.d*x*x*y*y) } // Point addition @@ -357,12 +339,11 @@ mod curvegroup { // If k is the natural number represented by `bits`, then this computes p + ... + p k times. fn bit_mul(self, bits: [u1; N], p: Point) -> Point { let mut out = Point::zero(); - let n = bits.len(); - for i in 0..n { + for i in 0..N { out = self.add( self.add(out, out), - if(bits[n - i - 1] == 0) {Point::zero()} else {p}); + if(bits[N - i - 1] == 0) {Point::zero()} else {p}); } out @@ -386,7 +367,7 @@ mod curvegroup { fn msm(self, n: [Field; N], p: [Point; N]) -> Point { let mut out = Point::zero(); - for i in 0..n.len() { + for i in 0..N { out = self.add(out, self.mul(n[i], p[i])); } From aa9917647e1c5d873678ebd8948447e615ddf491 Mon Sep 17 00:00:00 2001 From: Ayush Shukla Date: Tue, 27 Jun 2023 07:53:35 +0200 Subject: [PATCH 2/2] fix: add checks to tecurve::is_zero --- noir_stdlib/src/ec/tecurve.nr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/noir_stdlib/src/ec/tecurve.nr b/noir_stdlib/src/ec/tecurve.nr index 35e038f45ff..90be8833206 100644 --- a/noir_stdlib/src/ec/tecurve.nr +++ b/noir_stdlib/src/ec/tecurve.nr @@ -235,8 +235,8 @@ mod curvegroup { // Check if zero fn is_zero(self) -> bool { - let Self {x, y, t: _t, z} = self; - (x == 0) & (y == z) + let Self {x, y, t, z} = self; + (x == 0) & (y == z) & (y != 0) & (t == 0) } // Conversion to affine coordinates