blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2018-2021 Mikhail Komarov <nemo@nil.foundation>
3 // Copyright (c) 2020-2021 Nikita Kaskov <nbering@nil.foundation>
4 //
5 // MIT License
6 //
7 // Permission is hereby granted, free of charge, to any person obtaining a copy
8 // of this software and associated documentation files (the "Software"), to deal
9 // in the Software without restriction, including without limitation the rights
10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 // copies of the Software, and to permit persons to whom the Software is
12 // furnished to do so, subject to the following conditions:
13 //
14 // The above copyright notice and this permission notice shall be included in all
15 // copies or substantial portions of the Software.
16 //
17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 // SOFTWARE.
24 //---------------------------------------------------------------------------//
25 // @file Declaration of interfaces for G2 components.
26 //
27 // The components verify curve arithmetic in G2 = E'(F) where E'/F^e: y^2 = x^3 + A' * X + B'
28 // is an elliptic curve over F^e in short Weierstrass form.
29 //---------------------------------------------------------------------------//
30 
31 #ifndef CRYPTO3_ZK_BLUEPRINT_WEIERSTRASS_G2_COMPONENT_HPP
32 #define CRYPTO3_ZK_BLUEPRINT_WEIERSTRASS_G2_COMPONENT_HPP
33 
34 #include <memory>
35 
36 #include <nil/crypto3/algebra/algorithms/pair.hpp>
37 
38 #include <nil/crypto3/zk/components/component.hpp>
39 #include <nil/crypto3/zk/components/algebra/curves/detail/mnt4.hpp>
40 #include <nil/crypto3/zk/components/algebra/curves/detail/mnt6.hpp>
41 
42 #include <nil/crypto3/zk/components/blueprint_variable.hpp>
43 
44 namespace nil {
45  namespace crypto3 {
46  namespace zk {
47  namespace components {
48 
49  using namespace nil::crypto3::algebra::pairing;
50 
54  template<typename CurveType>
55  class element_g2 : public component<typename CurveType::scalar_field_type> {
56 
57  using underlying_field_type = typename CurveType::scalar_field_type;
58 
59  using field_type = typename CurveType::pairing::fp_type;
60 
61  using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type;
62  using fqk_type = typename CurveType::pairing::pair_curve_type::pairing::fqk_type;
63 
64  using component_policy = basic_curve_component_policy<CurveType>;
65 
66  public:
67  std::shared_ptr<typename component_policy::Fqe_variable_type> X;
68  std::shared_ptr<typename component_policy::Fqe_variable_type> Y;
69 
70  blueprint_linear_combination_vector<field_type> all_vars;
71 
72  element_g2(blueprint<field_type> &bp) : component<field_type>(bp) {
73  X.reset(new typename component_policy::Fqe_variable_type(bp));
74  Y.reset(new typename component_policy::Fqe_variable_type(bp));
75 
76  all_vars.insert(all_vars.end(), X->all_vars.begin(), X->all_vars.end());
77  all_vars.insert(all_vars.end(), Y->all_vars.begin(), Y->all_vars.end());
78  }
79  element_g2(blueprint<field_type> &bp,
80  const typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type &Q) :
81  component<field_type>(bp) {
82  typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type Q_copy = Q.to_affine();
83 
84  X.reset(new typename component_policy::Fqe_variable_type(bp, Q_copy.X));
85  Y.reset(new typename component_policy::Fqe_variable_type(bp, Q_copy.Y));
86 
87  all_vars.insert(all_vars.end(), X->all_vars.begin(), X->all_vars.end());
88  all_vars.insert(all_vars.end(), Y->all_vars.begin(), Y->all_vars.end());
89  }
90 
91  void generate_r1cs_witness(
92  const typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type &Q) {
93  typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type Qcopy = Q.to_affine();
94 
95  X->generate_r1cs_witness(Qcopy.X);
96  Y->generate_r1cs_witness(Qcopy.Y);
97  }
98 
99  // (See a comment in r1cs_ppzksnark_verifier_component.hpp about why
100  // we mark this function noinline.) TODO: remove later
101  static std::size_t __attribute__((noinline)) size_in_bits() {
102  return 2 * typename component_policy::Fqe_variable_type::size_in_bits();
103  }
104  static std::size_t num_variables() {
105  return 2 * typename component_policy::Fqe_variable_type::num_variables();
106  }
107  };
108 
112  template<typename CurveType>
113  class element_g2_is_well_formed : public component<typename CurveType::scalar_field_type> {
114  typedef typename CurveType::pairing::fp_type field_type;
115  using fqe_type = typename CurveType::pairing::pair_curve_type::pairing::fqe_type;
116  using fqk_type = typename CurveType::pairing::pair_curve_type::pairing::fqk_type;
117 
118  using component_policy = basic_curve_component_policy<CurveType>;
119 
120  public:
121  element_g2<CurveType> Q;
122 
123  std::shared_ptr<typename component_policy::Fqe_variable_type> Xsquared;
124  std::shared_ptr<typename component_policy::Fqe_variable_type> Ysquared;
125  std::shared_ptr<typename component_policy::Fqe_variable_type> Xsquared_plus_a;
126  std::shared_ptr<typename component_policy::Fqe_variable_type> Ysquared_minus_b;
127 
128  std::shared_ptr<typename component_policy::Fqe_sqr_component_type> compute_Xsquared;
129  std::shared_ptr<typename component_policy::Fqe_sqr_component_type> compute_Ysquared;
130  std::shared_ptr<typename component_policy::Fqe_mul_component_type> curve_equation;
131 
132  element_g2_is_well_formed(blueprint<field_type> &bp, const element_g2<CurveType> &Q) :
133  component<field_type>(bp), Q(Q) {
134  Xsquared.reset(new typename component_policy::Fqe_variable_type(bp));
135  Ysquared.reset(new typename component_policy::Fqe_variable_type(bp));
136 
137  compute_Xsquared.reset(
138  new typename component_policy::Fqe_sqr_component_type(bp, *(Q.X), *Xsquared));
139  compute_Ysquared.reset(
140  new typename component_policy::Fqe_sqr_component_type(bp, *(Q.Y), *Ysquared));
141 
142  Xsquared_plus_a.reset(new typename component_policy::Fqe_variable_type(
143  (*Xsquared) + CurveType::pairing::pair_curve_type::a));
144  Ysquared_minus_b.reset(new typename component_policy::Fqe_variable_type(
145  (*Ysquared) + (-CurveType::pairing::pair_curve_type::b)));
146 
147  curve_equation.reset(new typename component_policy::Fqe_mul_component_type(
148  bp, *(Q.X), *Xsquared_plus_a, *Ysquared_minus_b));
149  }
150 
151  void generate_r1cs_constraints() {
152  compute_Xsquared->generate_r1cs_constraints();
153  compute_Ysquared->generate_r1cs_constraints();
154  curve_equation->generate_r1cs_constraints();
155  }
156  void generate_r1cs_witness() {
157  compute_Xsquared->generate_r1cs_witness();
158  compute_Ysquared->generate_r1cs_witness();
159  Xsquared_plus_a->evaluate();
160  curve_equation->generate_r1cs_witness();
161  }
162  };
163  } // namespace components
164  } // namespace zk
165  } // namespace crypto3
166 } // namespace nil
167 
168 #endif // CRYPTO3_ZK_BLUEPRINT_WEIERSTRASS_G2_COMPONENT_HPP
blueprint_variable.hpp
nil::crypto3::zk::components::basic_curve_component_policy
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/detail/mnt4.hpp:47
nil::crypto3::zk::components::blueprint_linear_combination_vector< field_type >
nil::crypto3::zk::components::blueprint
Definition: blueprint.hpp:46
nil::crypto3::zk::components::component
Definition: component.hpp:37
nil::crypto3::zk::components::element_g2_is_well_formed
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:113
nil::crypto3::zk::components::element_g2_is_well_formed::generate_r1cs_witness
void generate_r1cs_witness()
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:156
nil::crypto3::zk::components::element_g2_is_well_formed::Q
element_g2< CurveType > Q
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:121
nil::crypto3::zk::components::element_g2_is_well_formed::Ysquared_minus_b
std::shared_ptr< typename component_policy::Fqe_variable_type > Ysquared_minus_b
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:126
nil::crypto3::zk::components::element_g2_is_well_formed::curve_equation
std::shared_ptr< typename component_policy::Fqe_mul_component_type > curve_equation
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:130
nil::crypto3::zk::components::element_g2_is_well_formed::Xsquared_plus_a
std::shared_ptr< typename component_policy::Fqe_variable_type > Xsquared_plus_a
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:125
nil::crypto3::zk::components::element_g2_is_well_formed::compute_Ysquared
std::shared_ptr< typename component_policy::Fqe_sqr_component_type > compute_Ysquared
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:129
nil::crypto3::zk::components::element_g2_is_well_formed::compute_Xsquared
std::shared_ptr< typename component_policy::Fqe_sqr_component_type > compute_Xsquared
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:128
nil::crypto3::zk::components::element_g2_is_well_formed::element_g2_is_well_formed
element_g2_is_well_formed(blueprint< field_type > &bp, const element_g2< CurveType > &Q)
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:132
nil::crypto3::zk::components::element_g2_is_well_formed::Ysquared
std::shared_ptr< typename component_policy::Fqe_variable_type > Ysquared
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:124
nil::crypto3::zk::components::element_g2_is_well_formed::Xsquared
std::shared_ptr< typename component_policy::Fqe_variable_type > Xsquared
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:123
nil::crypto3::zk::components::element_g2_is_well_formed::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:151
nil::crypto3::zk::components::element_g2
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:55
nil::crypto3::zk::components::element_g2::Y
std::shared_ptr< typename component_policy::Fqe_variable_type > Y
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:68
nil::crypto3::zk::components::element_g2::all_vars
blueprint_linear_combination_vector< field_type > all_vars
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:70
nil::crypto3::zk::components::element_g2::element_g2
element_g2(blueprint< field_type > &bp, const typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type &Q)
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:79
nil::crypto3::zk::components::element_g2::__attribute__
static std::size_t __attribute__((noinline)) size_in_bits()
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:101
nil::crypto3::zk::components::element_g2::num_variables
static std::size_t num_variables()
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:104
nil::crypto3::zk::components::element_g2::element_g2
element_g2(blueprint< field_type > &bp)
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:72
nil::crypto3::zk::components::element_g2::X
std::shared_ptr< typename component_policy::Fqe_variable_type > X
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:67
nil::crypto3::zk::components::element_g2::generate_r1cs_witness
void generate_r1cs_witness(const typename CurveType::pairing::pair_curve_type::template g2_type<>::value_type &Q)
Definition: blueprint/include/nil/crypto3/zk/components/algebra/curves/weierstrass/element_g2.hpp:91
nil::crypto3::algebra::pairing
Definition: pairing/alt_bn128.hpp:42
nil
Definition: pair.hpp:31