diff --git a/std/algebra/native/fields_bls12377/e12.go b/std/algebra/native/fields_bls12377/e12.go index 5daab4c281..73c2050ee9 100644 --- a/std/algebra/native/fields_bls12377/e12.go +++ b/std/algebra/native/fields_bls12377/e12.go @@ -21,7 +21,6 @@ import ( bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" ) @@ -469,48 +468,10 @@ func (e *E12) FrobeniusSquare(api frontend.API, e1 E12) *E12 { return e } -var InverseE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, c bls12377.E12 - - a.C0.B0.A0.SetBigInt(inputs[0]) - a.C0.B0.A1.SetBigInt(inputs[1]) - a.C0.B1.A0.SetBigInt(inputs[2]) - a.C0.B1.A1.SetBigInt(inputs[3]) - a.C0.B2.A0.SetBigInt(inputs[4]) - a.C0.B2.A1.SetBigInt(inputs[5]) - a.C1.B0.A0.SetBigInt(inputs[6]) - a.C1.B0.A1.SetBigInt(inputs[7]) - a.C1.B1.A0.SetBigInt(inputs[8]) - a.C1.B1.A1.SetBigInt(inputs[9]) - a.C1.B2.A0.SetBigInt(inputs[10]) - a.C1.B2.A1.SetBigInt(inputs[11]) - - c.Inverse(&a) - - c.C0.B0.A0.BigInt(res[0]) - c.C0.B0.A1.BigInt(res[1]) - c.C0.B1.A0.BigInt(res[2]) - c.C0.B1.A1.BigInt(res[3]) - c.C0.B2.A0.BigInt(res[4]) - c.C0.B2.A1.BigInt(res[5]) - c.C1.B0.A0.BigInt(res[6]) - c.C1.B0.A1.BigInt(res[7]) - c.C1.B1.A0.BigInt(res[8]) - c.C1.B1.A1.BigInt(res[9]) - c.C1.B2.A0.BigInt(res[10]) - c.C1.B2.A1.BigInt(res[11]) - - return nil -} - -func init() { - solver.RegisterHint(InverseE12Hint) -} - // Inverse e12 elmts func (e *E12) Inverse(api frontend.API, e1 E12) *E12 { - res, err := api.NewHint(InverseE12Hint, 12, e1.C0.B0.A0, e1.C0.B0.A1, e1.C0.B1.A0, e1.C0.B1.A1, e1.C0.B2.A0, e1.C0.B2.A1, e1.C1.B0.A0, e1.C1.B0.A1, e1.C1.B1.A0, e1.C1.B1.A1, e1.C1.B2.A0, e1.C1.B2.A1) + res, err := api.NewHint(inverseE12Hint, 12, e1.C0.B0.A0, e1.C0.B0.A1, e1.C0.B1.A0, e1.C0.B1.A1, e1.C0.B2.A0, e1.C0.B2.A1, e1.C1.B0.A0, e1.C1.B0.A1, e1.C1.B1.A0, e1.C1.B1.A1, e1.C1.B2.A0, e1.C1.B2.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -529,61 +490,10 @@ func (e *E12) Inverse(api frontend.API, e1 E12) *E12 { return e } -var DivE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, b, c bls12377.E12 - - a.C0.B0.A0.SetBigInt(inputs[0]) - a.C0.B0.A1.SetBigInt(inputs[1]) - a.C0.B1.A0.SetBigInt(inputs[2]) - a.C0.B1.A1.SetBigInt(inputs[3]) - a.C0.B2.A0.SetBigInt(inputs[4]) - a.C0.B2.A1.SetBigInt(inputs[5]) - a.C1.B0.A0.SetBigInt(inputs[6]) - a.C1.B0.A1.SetBigInt(inputs[7]) - a.C1.B1.A0.SetBigInt(inputs[8]) - a.C1.B1.A1.SetBigInt(inputs[9]) - a.C1.B2.A0.SetBigInt(inputs[10]) - a.C1.B2.A1.SetBigInt(inputs[11]) - - b.C0.B0.A0.SetBigInt(inputs[12]) - b.C0.B0.A1.SetBigInt(inputs[13]) - b.C0.B1.A0.SetBigInt(inputs[14]) - b.C0.B1.A1.SetBigInt(inputs[15]) - b.C0.B2.A0.SetBigInt(inputs[16]) - b.C0.B2.A1.SetBigInt(inputs[17]) - b.C1.B0.A0.SetBigInt(inputs[18]) - b.C1.B0.A1.SetBigInt(inputs[19]) - b.C1.B1.A0.SetBigInt(inputs[20]) - b.C1.B1.A1.SetBigInt(inputs[21]) - b.C1.B2.A0.SetBigInt(inputs[22]) - b.C1.B2.A1.SetBigInt(inputs[23]) - - c.Inverse(&b).Mul(&c, &a) - - c.C0.B0.A0.BigInt(res[0]) - c.C0.B0.A1.BigInt(res[1]) - c.C0.B1.A0.BigInt(res[2]) - c.C0.B1.A1.BigInt(res[3]) - c.C0.B2.A0.BigInt(res[4]) - c.C0.B2.A1.BigInt(res[5]) - c.C1.B0.A0.BigInt(res[6]) - c.C1.B0.A1.BigInt(res[7]) - c.C1.B1.A0.BigInt(res[8]) - c.C1.B1.A1.BigInt(res[9]) - c.C1.B2.A0.BigInt(res[10]) - c.C1.B2.A1.BigInt(res[11]) - - return nil -} - -func init() { - solver.RegisterHint(DivE12Hint) -} - // DivUnchecked e12 elmts func (e *E12) DivUnchecked(api frontend.API, e1, e2 E12) *E12 { - res, err := api.NewHint(DivE12Hint, 12, e1.C0.B0.A0, e1.C0.B0.A1, e1.C0.B1.A0, e1.C0.B1.A1, e1.C0.B2.A0, e1.C0.B2.A1, e1.C1.B0.A0, e1.C1.B0.A1, e1.C1.B1.A0, e1.C1.B1.A1, e1.C1.B2.A0, e1.C1.B2.A1, e2.C0.B0.A0, e2.C0.B0.A1, e2.C0.B1.A0, e2.C0.B1.A1, e2.C0.B2.A0, e2.C0.B2.A1, e2.C1.B0.A0, e2.C1.B0.A1, e2.C1.B1.A0, e2.C1.B1.A1, e2.C1.B2.A0, e2.C1.B2.A1) + res, err := api.NewHint(divE12Hint, 12, e1.C0.B0.A0, e1.C0.B0.A1, e1.C0.B1.A0, e1.C0.B1.A1, e1.C0.B2.A0, e1.C0.B2.A1, e1.C1.B0.A0, e1.C1.B0.A1, e1.C1.B1.A0, e1.C1.B1.A1, e1.C1.B2.A0, e1.C1.B2.A1, e2.C0.B0.A0, e2.C0.B0.A1, e2.C0.B1.A0, e2.C0.B1.A1, e2.C0.B2.A0, e2.C0.B2.A1, e2.C1.B0.A0, e2.C1.B0.A1, e2.C1.B1.A0, e2.C1.B1.A1, e2.C1.B2.A0, e2.C1.B2.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/fields_bls12377/e2.go b/std/algebra/native/fields_bls12377/e2.go index a536291e9a..a203843157 100644 --- a/std/algebra/native/fields_bls12377/e2.go +++ b/std/algebra/native/fields_bls12377/e2.go @@ -17,12 +17,9 @@ limitations under the License. package fields_bls12377 import ( - "math/big" - bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" ) @@ -145,28 +142,10 @@ func (e *E2) Conjugate(api frontend.API, e1 E2) *E2 { return e } -var InverseE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, c bls12377.E2 - - a.A0.SetBigInt(inputs[0]) - a.A1.SetBigInt(inputs[1]) - - c.Inverse(&a) - - c.A0.BigInt(res[0]) - c.A1.BigInt(res[1]) - - return nil -} - -func init() { - solver.RegisterHint(InverseE2Hint) -} - // Inverse e2 elmts func (e *E2) Inverse(api frontend.API, e1 E2) *E2 { - res, err := api.NewHint(InverseE2Hint, 2, e1.A0, e1.A1) + res, err := api.NewHint(inverseE2Hint, 2, e1.A0, e1.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -185,30 +164,10 @@ func (e *E2) Inverse(api frontend.API, e1 E2) *E2 { return e } -var DivE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, b, c bls12377.E2 - - a.A0.SetBigInt(inputs[0]) - a.A1.SetBigInt(inputs[1]) - b.A0.SetBigInt(inputs[2]) - b.A1.SetBigInt(inputs[3]) - - c.Inverse(&b).Mul(&c, &a) - - c.A0.BigInt(res[0]) - c.A1.BigInt(res[1]) - - return nil -} - -func init() { - solver.RegisterHint(DivE2Hint) -} - // DivUnchecked e2 elmts func (e *E2) DivUnchecked(api frontend.API, e1, e2 E2) *E2 { - res, err := api.NewHint(DivE2Hint, 2, e1.A0, e1.A1, e2.A0, e2.A1) + res, err := api.NewHint(divE2Hint, 2, e1.A0, e1.A1, e2.A0, e2.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/fields_bls12377/e6.go b/std/algebra/native/fields_bls12377/e6.go index d27038002a..5fba0cae66 100644 --- a/std/algebra/native/fields_bls12377/e6.go +++ b/std/algebra/native/fields_bls12377/e6.go @@ -17,11 +17,8 @@ limitations under the License. package fields_bls12377 import ( - "math/big" - bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" ) @@ -184,43 +181,10 @@ func (e *E6) Square(api frontend.API, x E6) *E6 { return e } -var DivE6Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, b, c bls12377.E6 - - a.B0.A0.SetBigInt(inputs[0]) - a.B0.A1.SetBigInt(inputs[1]) - a.B1.A0.SetBigInt(inputs[2]) - a.B1.A1.SetBigInt(inputs[3]) - a.B2.A0.SetBigInt(inputs[4]) - a.B2.A1.SetBigInt(inputs[5]) - - b.B0.A0.SetBigInt(inputs[6]) - b.B0.A1.SetBigInt(inputs[7]) - b.B1.A0.SetBigInt(inputs[8]) - b.B1.A1.SetBigInt(inputs[9]) - b.B2.A0.SetBigInt(inputs[10]) - b.B2.A1.SetBigInt(inputs[11]) - - c.Inverse(&b).Mul(&c, &a) - - c.B0.A0.BigInt(res[0]) - c.B0.A1.BigInt(res[1]) - c.B1.A0.BigInt(res[2]) - c.B1.A1.BigInt(res[3]) - c.B2.A0.BigInt(res[4]) - c.B2.A1.BigInt(res[5]) - - return nil -} - -func init() { - solver.RegisterHint(DivE6Hint) -} - // DivUnchecked e6 elmts func (e *E6) DivUnchecked(api frontend.API, e1, e2 E6) *E6 { - res, err := api.NewHint(DivE6Hint, 6, e1.B0.A0, e1.B0.A1, e1.B1.A0, e1.B1.A1, e1.B2.A0, e1.B2.A1, e2.B0.A0, e2.B0.A1, e2.B1.A0, e2.B1.A1, e2.B2.A0, e2.B2.A1) + res, err := api.NewHint(divE6Hint, 6, e1.B0.A0, e1.B0.A1, e1.B1.A0, e1.B1.A1, e1.B2.A0, e1.B2.A1, e2.B0.A0, e2.B0.A1, e2.B1.A0, e2.B1.A1, e2.B2.A0, e2.B2.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -239,36 +203,10 @@ func (e *E6) DivUnchecked(api frontend.API, e1, e2 E6) *E6 { return e } -var InverseE6Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, c bls12377.E6 - - a.B0.A0.SetBigInt(inputs[0]) - a.B0.A1.SetBigInt(inputs[1]) - a.B1.A0.SetBigInt(inputs[2]) - a.B1.A1.SetBigInt(inputs[3]) - a.B2.A0.SetBigInt(inputs[4]) - a.B2.A1.SetBigInt(inputs[5]) - - c.Inverse(&a) - - c.B0.A0.BigInt(res[0]) - c.B0.A1.BigInt(res[1]) - c.B1.A0.BigInt(res[2]) - c.B1.A1.BigInt(res[3]) - c.B2.A0.BigInt(res[4]) - c.B2.A1.BigInt(res[5]) - - return nil -} - -func init() { - solver.RegisterHint(InverseE6Hint) -} - // Inverse e6 elmts func (e *E6) Inverse(api frontend.API, e1 E6) *E6 { - res, err := api.NewHint(InverseE6Hint, 6, e1.B0.A0, e1.B0.A1, e1.B1.A0, e1.B1.A1, e1.B2.A0, e1.B2.A1) + res, err := api.NewHint(inverseE6Hint, 6, e1.B0.A0, e1.B0.A1, e1.B1.A0, e1.B1.A1, e1.B2.A0, e1.B2.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/fields_bls12377/hints.go b/std/algebra/native/fields_bls12377/hints.go new file mode 100644 index 0000000000..9138ca997c --- /dev/null +++ b/std/algebra/native/fields_bls12377/hints.go @@ -0,0 +1,185 @@ +package fields_bls12377 + +import ( + "math/big" + + bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377" + "github.com/consensys/gnark/constraint/solver" +) + +func GetHints() []solver.Hint { + return []solver.Hint{ + divE2Hint, + divE6Hint, + divE12Hint, + inverseE2Hint, + inverseE6Hint, + inverseE12Hint, + } +} + +func init() { + solver.RegisterHint(GetHints()...) +} + +func inverseE2Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, c bls12377.E2 + + a.A0.SetBigInt(inputs[0]) + a.A1.SetBigInt(inputs[1]) + + c.Inverse(&a) + + c.A0.BigInt(res[0]) + c.A1.BigInt(res[1]) + + return nil +} + +func divE2Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, b, c bls12377.E2 + + a.A0.SetBigInt(inputs[0]) + a.A1.SetBigInt(inputs[1]) + b.A0.SetBigInt(inputs[2]) + b.A1.SetBigInt(inputs[3]) + + c.Inverse(&b).Mul(&c, &a) + + c.A0.BigInt(res[0]) + c.A1.BigInt(res[1]) + + return nil +} + +func divE6Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, b, c bls12377.E6 + + a.B0.A0.SetBigInt(inputs[0]) + a.B0.A1.SetBigInt(inputs[1]) + a.B1.A0.SetBigInt(inputs[2]) + a.B1.A1.SetBigInt(inputs[3]) + a.B2.A0.SetBigInt(inputs[4]) + a.B2.A1.SetBigInt(inputs[5]) + + b.B0.A0.SetBigInt(inputs[6]) + b.B0.A1.SetBigInt(inputs[7]) + b.B1.A0.SetBigInt(inputs[8]) + b.B1.A1.SetBigInt(inputs[9]) + b.B2.A0.SetBigInt(inputs[10]) + b.B2.A1.SetBigInt(inputs[11]) + + c.Inverse(&b).Mul(&c, &a) + + c.B0.A0.BigInt(res[0]) + c.B0.A1.BigInt(res[1]) + c.B1.A0.BigInt(res[2]) + c.B1.A1.BigInt(res[3]) + c.B2.A0.BigInt(res[4]) + c.B2.A1.BigInt(res[5]) + + return nil +} + +func inverseE6Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, c bls12377.E6 + + a.B0.A0.SetBigInt(inputs[0]) + a.B0.A1.SetBigInt(inputs[1]) + a.B1.A0.SetBigInt(inputs[2]) + a.B1.A1.SetBigInt(inputs[3]) + a.B2.A0.SetBigInt(inputs[4]) + a.B2.A1.SetBigInt(inputs[5]) + + c.Inverse(&a) + + c.B0.A0.BigInt(res[0]) + c.B0.A1.BigInt(res[1]) + c.B1.A0.BigInt(res[2]) + c.B1.A1.BigInt(res[3]) + c.B2.A0.BigInt(res[4]) + c.B2.A1.BigInt(res[5]) + + return nil +} + +func divE12Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, b, c bls12377.E12 + + a.C0.B0.A0.SetBigInt(inputs[0]) + a.C0.B0.A1.SetBigInt(inputs[1]) + a.C0.B1.A0.SetBigInt(inputs[2]) + a.C0.B1.A1.SetBigInt(inputs[3]) + a.C0.B2.A0.SetBigInt(inputs[4]) + a.C0.B2.A1.SetBigInt(inputs[5]) + a.C1.B0.A0.SetBigInt(inputs[6]) + a.C1.B0.A1.SetBigInt(inputs[7]) + a.C1.B1.A0.SetBigInt(inputs[8]) + a.C1.B1.A1.SetBigInt(inputs[9]) + a.C1.B2.A0.SetBigInt(inputs[10]) + a.C1.B2.A1.SetBigInt(inputs[11]) + + b.C0.B0.A0.SetBigInt(inputs[12]) + b.C0.B0.A1.SetBigInt(inputs[13]) + b.C0.B1.A0.SetBigInt(inputs[14]) + b.C0.B1.A1.SetBigInt(inputs[15]) + b.C0.B2.A0.SetBigInt(inputs[16]) + b.C0.B2.A1.SetBigInt(inputs[17]) + b.C1.B0.A0.SetBigInt(inputs[18]) + b.C1.B0.A1.SetBigInt(inputs[19]) + b.C1.B1.A0.SetBigInt(inputs[20]) + b.C1.B1.A1.SetBigInt(inputs[21]) + b.C1.B2.A0.SetBigInt(inputs[22]) + b.C1.B2.A1.SetBigInt(inputs[23]) + + c.Inverse(&b).Mul(&c, &a) + + c.C0.B0.A0.BigInt(res[0]) + c.C0.B0.A1.BigInt(res[1]) + c.C0.B1.A0.BigInt(res[2]) + c.C0.B1.A1.BigInt(res[3]) + c.C0.B2.A0.BigInt(res[4]) + c.C0.B2.A1.BigInt(res[5]) + c.C1.B0.A0.BigInt(res[6]) + c.C1.B0.A1.BigInt(res[7]) + c.C1.B1.A0.BigInt(res[8]) + c.C1.B1.A1.BigInt(res[9]) + c.C1.B2.A0.BigInt(res[10]) + c.C1.B2.A1.BigInt(res[11]) + + return nil +} + +func inverseE12Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, c bls12377.E12 + + a.C0.B0.A0.SetBigInt(inputs[0]) + a.C0.B0.A1.SetBigInt(inputs[1]) + a.C0.B1.A0.SetBigInt(inputs[2]) + a.C0.B1.A1.SetBigInt(inputs[3]) + a.C0.B2.A0.SetBigInt(inputs[4]) + a.C0.B2.A1.SetBigInt(inputs[5]) + a.C1.B0.A0.SetBigInt(inputs[6]) + a.C1.B0.A1.SetBigInt(inputs[7]) + a.C1.B1.A0.SetBigInt(inputs[8]) + a.C1.B1.A1.SetBigInt(inputs[9]) + a.C1.B2.A0.SetBigInt(inputs[10]) + a.C1.B2.A1.SetBigInt(inputs[11]) + + c.Inverse(&a) + + c.C0.B0.A0.BigInt(res[0]) + c.C0.B0.A1.BigInt(res[1]) + c.C0.B1.A0.BigInt(res[2]) + c.C0.B1.A1.BigInt(res[3]) + c.C0.B2.A0.BigInt(res[4]) + c.C0.B2.A1.BigInt(res[5]) + c.C1.B0.A0.BigInt(res[6]) + c.C1.B0.A1.BigInt(res[7]) + c.C1.B1.A0.BigInt(res[8]) + c.C1.B1.A1.BigInt(res[9]) + c.C1.B2.A0.BigInt(res[10]) + c.C1.B2.A1.BigInt(res[11]) + + return nil +} diff --git a/std/algebra/native/fields_bls24315/e12.go b/std/algebra/native/fields_bls24315/e12.go index 9d62cf5d75..a65ac76118 100644 --- a/std/algebra/native/fields_bls24315/e12.go +++ b/std/algebra/native/fields_bls24315/e12.go @@ -17,10 +17,7 @@ limitations under the License. package fields_bls24315 import ( - "math/big" - bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" ) @@ -174,48 +171,10 @@ func (e *E12) Square(api frontend.API, x E12) *E12 { return e } -var InverseE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, c bls24315.E12 - - a.C0.B0.A0.SetBigInt(inputs[0]) - a.C0.B0.A1.SetBigInt(inputs[1]) - a.C0.B1.A0.SetBigInt(inputs[2]) - a.C0.B1.A1.SetBigInt(inputs[3]) - a.C1.B0.A0.SetBigInt(inputs[4]) - a.C1.B0.A1.SetBigInt(inputs[5]) - a.C1.B1.A0.SetBigInt(inputs[6]) - a.C1.B1.A1.SetBigInt(inputs[7]) - a.C2.B0.A0.SetBigInt(inputs[8]) - a.C2.B0.A1.SetBigInt(inputs[9]) - a.C2.B1.A0.SetBigInt(inputs[10]) - a.C2.B1.A1.SetBigInt(inputs[11]) - - c.Inverse(&a) - - c.C0.B0.A0.BigInt(res[0]) - c.C0.B0.A1.BigInt(res[1]) - c.C0.B1.A0.BigInt(res[2]) - c.C0.B1.A1.BigInt(res[3]) - c.C1.B0.A0.BigInt(res[4]) - c.C1.B0.A1.BigInt(res[5]) - c.C1.B1.A0.BigInt(res[6]) - c.C1.B1.A1.BigInt(res[7]) - c.C2.B0.A0.BigInt(res[8]) - c.C2.B0.A1.BigInt(res[9]) - c.C2.B1.A0.BigInt(res[10]) - c.C2.B1.A1.BigInt(res[11]) - - return nil -} - -func init() { - solver.RegisterHint(InverseE12Hint) -} - // Inverse e12 elmts func (e *E12) Inverse(api frontend.API, e1 E12) *E12 { - res, err := api.NewHint(InverseE12Hint, 12, e1.C0.B0.A0, e1.C0.B0.A1, e1.C0.B1.A0, e1.C0.B1.A1, e1.C1.B0.A0, e1.C1.B0.A1, e1.C1.B1.A0, e1.C1.B1.A1, e1.C2.B0.A0, e1.C2.B0.A1, e1.C2.B1.A0, e1.C2.B1.A1) + res, err := api.NewHint(inverseE12Hint, 12, e1.C0.B0.A0, e1.C0.B0.A1, e1.C0.B1.A0, e1.C0.B1.A1, e1.C1.B0.A0, e1.C1.B0.A1, e1.C1.B1.A0, e1.C1.B1.A1, e1.C2.B0.A0, e1.C2.B0.A1, e1.C2.B1.A0, e1.C2.B1.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -234,61 +193,10 @@ func (e *E12) Inverse(api frontend.API, e1 E12) *E12 { return e } -var DivE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, b, c bls24315.E12 - - a.C0.B0.A0.SetBigInt(inputs[0]) - a.C0.B0.A1.SetBigInt(inputs[1]) - a.C0.B1.A0.SetBigInt(inputs[2]) - a.C0.B1.A1.SetBigInt(inputs[3]) - a.C1.B0.A0.SetBigInt(inputs[4]) - a.C1.B0.A1.SetBigInt(inputs[5]) - a.C1.B1.A0.SetBigInt(inputs[6]) - a.C1.B1.A1.SetBigInt(inputs[7]) - a.C2.B0.A0.SetBigInt(inputs[8]) - a.C2.B0.A1.SetBigInt(inputs[9]) - a.C2.B1.A0.SetBigInt(inputs[10]) - a.C2.B1.A1.SetBigInt(inputs[11]) - - b.C0.B0.A0.SetBigInt(inputs[12]) - b.C0.B0.A1.SetBigInt(inputs[13]) - b.C0.B1.A0.SetBigInt(inputs[14]) - b.C0.B1.A1.SetBigInt(inputs[15]) - b.C1.B0.A0.SetBigInt(inputs[16]) - b.C1.B0.A1.SetBigInt(inputs[17]) - b.C1.B1.A0.SetBigInt(inputs[18]) - b.C1.B1.A1.SetBigInt(inputs[19]) - b.C2.B0.A0.SetBigInt(inputs[20]) - b.C2.B0.A1.SetBigInt(inputs[21]) - b.C2.B1.A0.SetBigInt(inputs[22]) - b.C2.B1.A1.SetBigInt(inputs[23]) - - c.Inverse(&b).Mul(&c, &a) - - c.C0.B0.A0.BigInt(res[0]) - c.C0.B0.A1.BigInt(res[1]) - c.C0.B1.A0.BigInt(res[2]) - c.C0.B1.A1.BigInt(res[3]) - c.C1.B0.A0.BigInt(res[4]) - c.C1.B0.A1.BigInt(res[5]) - c.C1.B1.A0.BigInt(res[6]) - c.C1.B1.A1.BigInt(res[7]) - c.C2.B0.A0.BigInt(res[8]) - c.C2.B0.A1.BigInt(res[9]) - c.C2.B1.A0.BigInt(res[10]) - c.C2.B1.A1.BigInt(res[11]) - - return nil -} - -func init() { - solver.RegisterHint(DivE12Hint) -} - // DivUnchecked e12 elmts func (e *E12) DivUnchecked(api frontend.API, e1, e2 E12) *E12 { - res, err := api.NewHint(DivE12Hint, 12, e1.C0.B0.A0, e1.C0.B0.A1, e1.C0.B1.A0, e1.C0.B1.A1, e1.C1.B0.A0, e1.C1.B0.A1, e1.C1.B1.A0, e1.C1.B1.A1, e1.C2.B0.A0, e1.C2.B0.A1, e1.C2.B1.A0, e1.C2.B1.A1, e2.C0.B0.A0, e2.C0.B0.A1, e2.C0.B1.A0, e2.C0.B1.A1, e2.C1.B0.A0, e2.C1.B0.A1, e2.C1.B1.A0, e2.C1.B1.A1, e2.C2.B0.A0, e2.C2.B0.A1, e2.C2.B1.A0, e2.C2.B1.A1) + res, err := api.NewHint(divE12Hint, 12, e1.C0.B0.A0, e1.C0.B0.A1, e1.C0.B1.A0, e1.C0.B1.A1, e1.C1.B0.A0, e1.C1.B0.A1, e1.C1.B1.A0, e1.C1.B1.A1, e1.C2.B0.A0, e1.C2.B0.A1, e1.C2.B1.A0, e1.C2.B1.A1, e2.C0.B0.A0, e2.C0.B0.A1, e2.C0.B1.A0, e2.C0.B1.A1, e2.C1.B0.A0, e2.C1.B0.A1, e2.C1.B1.A0, e2.C1.B1.A1, e2.C2.B0.A0, e2.C2.B0.A1, e2.C2.B1.A0, e2.C2.B1.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/fields_bls24315/e2.go b/std/algebra/native/fields_bls24315/e2.go index eb548b5f8f..396c20707a 100644 --- a/std/algebra/native/fields_bls24315/e2.go +++ b/std/algebra/native/fields_bls24315/e2.go @@ -17,11 +17,8 @@ limitations under the License. package fields_bls24315 import ( - "math/big" - bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/internal/utils" ) @@ -148,30 +145,10 @@ func (e *E2) Conjugate(api frontend.API, e1 E2) *E2 { return e } -var DivE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, b, c bls24315.E2 - - a.A0.SetBigInt(inputs[0]) - a.A1.SetBigInt(inputs[1]) - b.A0.SetBigInt(inputs[2]) - b.A1.SetBigInt(inputs[3]) - - c.Inverse(&b).Mul(&c, &a) - - c.A0.BigInt(res[0]) - c.A1.BigInt(res[1]) - - return nil -} - -func init() { - solver.RegisterHint(DivE2Hint) -} - // DivUnchecked e2 elmts func (e *E2) DivUnchecked(api frontend.API, e1, e2 E2) *E2 { - res, err := api.NewHint(DivE2Hint, 2, e1.A0, e1.A1, e2.A0, e2.A1) + res, err := api.NewHint(divE2Hint, 2, e1.A0, e1.A1, e2.A0, e2.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -189,28 +166,10 @@ func (e *E2) DivUnchecked(api frontend.API, e1, e2 E2) *E2 { return e } -var InverseE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, c bls24315.E2 - - a.A0.SetBigInt(inputs[0]) - a.A1.SetBigInt(inputs[1]) - - c.Inverse(&a) - - c.A0.BigInt(res[0]) - c.A1.BigInt(res[1]) - - return nil -} - -func init() { - solver.RegisterHint(InverseE2Hint) -} - // Inverse e2 elmts func (e *E2) Inverse(api frontend.API, e1 E2) *E2 { - res, err := api.NewHint(InverseE2Hint, 2, e1.A0, e1.A1) + res, err := api.NewHint(inverseE2Hint, 2, e1.A0, e1.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/fields_bls24315/e24.go b/std/algebra/native/fields_bls24315/e24.go index e396ba78a0..886c7bf6dc 100644 --- a/std/algebra/native/fields_bls24315/e24.go +++ b/std/algebra/native/fields_bls24315/e24.go @@ -20,7 +20,6 @@ import ( "math/big" bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" ) @@ -356,72 +355,10 @@ func (e *E24) Conjugate(api frontend.API, e1 E24) *E24 { return e } -var InverseE24Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, c bls24315.E24 - - a.D0.C0.B0.A0.SetBigInt(inputs[0]) - a.D0.C0.B0.A1.SetBigInt(inputs[1]) - a.D0.C0.B1.A0.SetBigInt(inputs[2]) - a.D0.C0.B1.A1.SetBigInt(inputs[3]) - a.D0.C1.B0.A0.SetBigInt(inputs[4]) - a.D0.C1.B0.A1.SetBigInt(inputs[5]) - a.D0.C1.B1.A0.SetBigInt(inputs[6]) - a.D0.C1.B1.A1.SetBigInt(inputs[7]) - a.D0.C2.B0.A0.SetBigInt(inputs[8]) - a.D0.C2.B0.A1.SetBigInt(inputs[9]) - a.D0.C2.B1.A0.SetBigInt(inputs[10]) - a.D0.C2.B1.A1.SetBigInt(inputs[11]) - a.D1.C0.B0.A0.SetBigInt(inputs[12]) - a.D1.C0.B0.A1.SetBigInt(inputs[13]) - a.D1.C0.B1.A0.SetBigInt(inputs[14]) - a.D1.C0.B1.A1.SetBigInt(inputs[15]) - a.D1.C1.B0.A0.SetBigInt(inputs[16]) - a.D1.C1.B0.A1.SetBigInt(inputs[17]) - a.D1.C1.B1.A0.SetBigInt(inputs[18]) - a.D1.C1.B1.A1.SetBigInt(inputs[19]) - a.D1.C2.B0.A0.SetBigInt(inputs[20]) - a.D1.C2.B0.A1.SetBigInt(inputs[21]) - a.D1.C2.B1.A0.SetBigInt(inputs[22]) - a.D1.C2.B1.A1.SetBigInt(inputs[23]) - - c.Inverse(&a) - - c.D0.C0.B0.A0.BigInt(res[0]) - c.D0.C0.B0.A1.BigInt(res[1]) - c.D0.C0.B1.A0.BigInt(res[2]) - c.D0.C0.B1.A1.BigInt(res[3]) - c.D0.C1.B0.A0.BigInt(res[4]) - c.D0.C1.B0.A1.BigInt(res[5]) - c.D0.C1.B1.A0.BigInt(res[6]) - c.D0.C1.B1.A1.BigInt(res[7]) - c.D0.C2.B0.A0.BigInt(res[8]) - c.D0.C2.B0.A1.BigInt(res[9]) - c.D0.C2.B1.A0.BigInt(res[10]) - c.D0.C2.B1.A1.BigInt(res[11]) - c.D1.C0.B0.A0.BigInt(res[12]) - c.D1.C0.B0.A1.BigInt(res[13]) - c.D1.C0.B1.A0.BigInt(res[14]) - c.D1.C0.B1.A1.BigInt(res[15]) - c.D1.C1.B0.A0.BigInt(res[16]) - c.D1.C1.B0.A1.BigInt(res[17]) - c.D1.C1.B1.A0.BigInt(res[18]) - c.D1.C1.B1.A1.BigInt(res[19]) - c.D1.C2.B0.A0.BigInt(res[20]) - c.D1.C2.B0.A1.BigInt(res[21]) - c.D1.C2.B1.A0.BigInt(res[22]) - c.D1.C2.B1.A1.BigInt(res[23]) - - return nil -} - -func init() { - solver.RegisterHint(InverseE24Hint) -} - // Inverse e24 elmts func (e *E24) Inverse(api frontend.API, e1 E24) *E24 { - res, err := api.NewHint(InverseE24Hint, 24, e1.D0.C0.B0.A0, e1.D0.C0.B0.A1, e1.D0.C0.B1.A0, e1.D0.C0.B1.A1, e1.D0.C1.B0.A0, e1.D0.C1.B0.A1, e1.D0.C1.B1.A0, e1.D0.C1.B1.A1, e1.D0.C2.B0.A0, e1.D0.C2.B0.A1, e1.D0.C2.B1.A0, e1.D0.C2.B1.A1, e1.D1.C0.B0.A0, e1.D1.C0.B0.A1, e1.D1.C0.B1.A0, e1.D1.C0.B1.A1, e1.D1.C1.B0.A0, e1.D1.C1.B0.A1, e1.D1.C1.B1.A0, e1.D1.C1.B1.A1, e1.D1.C2.B0.A0, e1.D1.C2.B0.A1, e1.D1.C2.B1.A0, e1.D1.C2.B1.A1) + res, err := api.NewHint(inverseE24Hint, 24, e1.D0.C0.B0.A0, e1.D0.C0.B0.A1, e1.D0.C0.B1.A0, e1.D0.C0.B1.A1, e1.D0.C1.B0.A0, e1.D0.C1.B0.A1, e1.D0.C1.B1.A0, e1.D0.C1.B1.A1, e1.D0.C2.B0.A0, e1.D0.C2.B0.A1, e1.D0.C2.B1.A0, e1.D0.C2.B1.A1, e1.D1.C0.B0.A0, e1.D1.C0.B0.A1, e1.D1.C0.B1.A0, e1.D1.C0.B1.A1, e1.D1.C1.B0.A0, e1.D1.C1.B0.A1, e1.D1.C1.B1.A0, e1.D1.C1.B1.A1, e1.D1.C2.B0.A0, e1.D1.C2.B0.A1, e1.D1.C2.B1.A0, e1.D1.C2.B1.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -441,97 +378,10 @@ func (e *E24) Inverse(api frontend.API, e1 E24) *E24 { return e } -var DivE24Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, b, c bls24315.E24 - - a.D0.C0.B0.A0.SetBigInt(inputs[0]) - a.D0.C0.B0.A1.SetBigInt(inputs[1]) - a.D0.C0.B1.A0.SetBigInt(inputs[2]) - a.D0.C0.B1.A1.SetBigInt(inputs[3]) - a.D0.C1.B0.A0.SetBigInt(inputs[4]) - a.D0.C1.B0.A1.SetBigInt(inputs[5]) - a.D0.C1.B1.A0.SetBigInt(inputs[6]) - a.D0.C1.B1.A1.SetBigInt(inputs[7]) - a.D0.C2.B0.A0.SetBigInt(inputs[8]) - a.D0.C2.B0.A1.SetBigInt(inputs[9]) - a.D0.C2.B1.A0.SetBigInt(inputs[10]) - a.D0.C2.B1.A1.SetBigInt(inputs[11]) - a.D1.C0.B0.A0.SetBigInt(inputs[12]) - a.D1.C0.B0.A1.SetBigInt(inputs[13]) - a.D1.C0.B1.A0.SetBigInt(inputs[14]) - a.D1.C0.B1.A1.SetBigInt(inputs[15]) - a.D1.C1.B0.A0.SetBigInt(inputs[16]) - a.D1.C1.B0.A1.SetBigInt(inputs[17]) - a.D1.C1.B1.A0.SetBigInt(inputs[18]) - a.D1.C1.B1.A1.SetBigInt(inputs[19]) - a.D1.C2.B0.A0.SetBigInt(inputs[20]) - a.D1.C2.B0.A1.SetBigInt(inputs[21]) - a.D1.C2.B1.A0.SetBigInt(inputs[22]) - a.D1.C2.B1.A1.SetBigInt(inputs[23]) - - b.D0.C0.B0.A0.SetBigInt(inputs[24]) - b.D0.C0.B0.A1.SetBigInt(inputs[25]) - b.D0.C0.B1.A0.SetBigInt(inputs[26]) - b.D0.C0.B1.A1.SetBigInt(inputs[27]) - b.D0.C1.B0.A0.SetBigInt(inputs[28]) - b.D0.C1.B0.A1.SetBigInt(inputs[29]) - b.D0.C1.B1.A0.SetBigInt(inputs[30]) - b.D0.C1.B1.A1.SetBigInt(inputs[31]) - b.D0.C2.B0.A0.SetBigInt(inputs[32]) - b.D0.C2.B0.A1.SetBigInt(inputs[33]) - b.D0.C2.B1.A0.SetBigInt(inputs[34]) - b.D0.C2.B1.A1.SetBigInt(inputs[35]) - b.D1.C0.B0.A0.SetBigInt(inputs[36]) - b.D1.C0.B0.A1.SetBigInt(inputs[37]) - b.D1.C0.B1.A0.SetBigInt(inputs[38]) - b.D1.C0.B1.A1.SetBigInt(inputs[39]) - b.D1.C1.B0.A0.SetBigInt(inputs[40]) - b.D1.C1.B0.A1.SetBigInt(inputs[41]) - b.D1.C1.B1.A0.SetBigInt(inputs[42]) - b.D1.C1.B1.A1.SetBigInt(inputs[43]) - b.D1.C2.B0.A0.SetBigInt(inputs[44]) - b.D1.C2.B0.A1.SetBigInt(inputs[45]) - b.D1.C2.B1.A0.SetBigInt(inputs[46]) - b.D1.C2.B1.A1.SetBigInt(inputs[47]) - - c.Inverse(&b).Mul(&c, &a) - - c.D0.C0.B0.A0.BigInt(res[0]) - c.D0.C0.B0.A1.BigInt(res[1]) - c.D0.C0.B1.A0.BigInt(res[2]) - c.D0.C0.B1.A1.BigInt(res[3]) - c.D0.C1.B0.A0.BigInt(res[4]) - c.D0.C1.B0.A1.BigInt(res[5]) - c.D0.C1.B1.A0.BigInt(res[6]) - c.D0.C1.B1.A1.BigInt(res[7]) - c.D0.C2.B0.A0.BigInt(res[8]) - c.D0.C2.B0.A1.BigInt(res[9]) - c.D0.C2.B1.A0.BigInt(res[10]) - c.D0.C2.B1.A1.BigInt(res[11]) - c.D1.C0.B0.A0.BigInt(res[12]) - c.D1.C0.B0.A1.BigInt(res[13]) - c.D1.C0.B1.A0.BigInt(res[14]) - c.D1.C0.B1.A1.BigInt(res[15]) - c.D1.C1.B0.A0.BigInt(res[16]) - c.D1.C1.B0.A1.BigInt(res[17]) - c.D1.C1.B1.A0.BigInt(res[18]) - c.D1.C1.B1.A1.BigInt(res[19]) - c.D1.C2.B0.A0.BigInt(res[20]) - c.D1.C2.B0.A1.BigInt(res[21]) - c.D1.C2.B1.A0.BigInt(res[22]) - c.D1.C2.B1.A1.BigInt(res[23]) - - return nil -} - -func init() { - solver.RegisterHint(DivE24Hint) -} - // DivUnchecked e24 elmts func (e *E24) DivUnchecked(api frontend.API, e1, e2 E24) *E24 { - res, err := api.NewHint(DivE24Hint, 24, e1.D0.C0.B0.A0, e1.D0.C0.B0.A1, e1.D0.C0.B1.A0, e1.D0.C0.B1.A1, e1.D0.C1.B0.A0, e1.D0.C1.B0.A1, e1.D0.C1.B1.A0, e1.D0.C1.B1.A1, e1.D0.C2.B0.A0, e1.D0.C2.B0.A1, e1.D0.C2.B1.A0, e1.D0.C2.B1.A1, e1.D1.C0.B0.A0, e1.D1.C0.B0.A1, e1.D1.C0.B1.A0, e1.D1.C0.B1.A1, e1.D1.C1.B0.A0, e1.D1.C1.B0.A1, e1.D1.C1.B1.A0, e1.D1.C1.B1.A1, e1.D1.C2.B0.A0, e1.D1.C2.B0.A1, e1.D1.C2.B1.A0, e1.D1.C2.B1.A1, e2.D0.C0.B0.A0, e2.D0.C0.B0.A1, e2.D0.C0.B1.A0, e2.D0.C0.B1.A1, e2.D0.C1.B0.A0, e2.D0.C1.B0.A1, e2.D0.C1.B1.A0, e2.D0.C1.B1.A1, e2.D0.C2.B0.A0, e2.D0.C2.B0.A1, e2.D0.C2.B1.A0, e2.D0.C2.B1.A1, e2.D1.C0.B0.A0, e2.D1.C0.B0.A1, e2.D1.C0.B1.A0, e2.D1.C0.B1.A1, e2.D1.C1.B0.A0, e2.D1.C1.B0.A1, e2.D1.C1.B1.A0, e2.D1.C1.B1.A1, e2.D1.C2.B0.A0, e2.D1.C2.B0.A1, e2.D1.C2.B1.A0, e2.D1.C2.B1.A1) + res, err := api.NewHint(divE24Hint, 24, e1.D0.C0.B0.A0, e1.D0.C0.B0.A1, e1.D0.C0.B1.A0, e1.D0.C0.B1.A1, e1.D0.C1.B0.A0, e1.D0.C1.B0.A1, e1.D0.C1.B1.A0, e1.D0.C1.B1.A1, e1.D0.C2.B0.A0, e1.D0.C2.B0.A1, e1.D0.C2.B1.A0, e1.D0.C2.B1.A1, e1.D1.C0.B0.A0, e1.D1.C0.B0.A1, e1.D1.C0.B1.A0, e1.D1.C0.B1.A1, e1.D1.C1.B0.A0, e1.D1.C1.B0.A1, e1.D1.C1.B1.A0, e1.D1.C1.B1.A1, e1.D1.C2.B0.A0, e1.D1.C2.B0.A1, e1.D1.C2.B1.A0, e1.D1.C2.B1.A1, e2.D0.C0.B0.A0, e2.D0.C0.B0.A1, e2.D0.C0.B1.A0, e2.D0.C0.B1.A1, e2.D0.C1.B0.A0, e2.D0.C1.B0.A1, e2.D0.C1.B1.A0, e2.D0.C1.B1.A1, e2.D0.C2.B0.A0, e2.D0.C2.B0.A1, e2.D0.C2.B1.A0, e2.D0.C2.B1.A1, e2.D1.C0.B0.A0, e2.D1.C0.B0.A1, e2.D1.C0.B1.A0, e2.D1.C0.B1.A1, e2.D1.C1.B0.A0, e2.D1.C1.B0.A1, e2.D1.C1.B1.A0, e2.D1.C1.B1.A1, e2.D1.C2.B0.A0, e2.D1.C2.B0.A1, e2.D1.C2.B1.A0, e2.D1.C2.B1.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/fields_bls24315/e4.go b/std/algebra/native/fields_bls24315/e4.go index a01c6b24dd..0bd78e2820 100644 --- a/std/algebra/native/fields_bls24315/e4.go +++ b/std/algebra/native/fields_bls24315/e4.go @@ -17,10 +17,7 @@ limitations under the License. package fields_bls24315 import ( - "math/big" - bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" ) @@ -147,36 +144,10 @@ func (e *E4) Conjugate(api frontend.API, e1 E4) *E4 { return e } -var DivE4Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, b, c bls24315.E4 - - a.B0.A0.SetBigInt(inputs[0]) - a.B0.A1.SetBigInt(inputs[1]) - a.B1.A0.SetBigInt(inputs[2]) - a.B1.A1.SetBigInt(inputs[3]) - b.B0.A0.SetBigInt(inputs[4]) - b.B0.A1.SetBigInt(inputs[5]) - b.B1.A0.SetBigInt(inputs[6]) - b.B1.A1.SetBigInt(inputs[7]) - - c.Inverse(&b).Mul(&c, &a) - - c.B0.A0.BigInt(res[0]) - c.B0.A1.BigInt(res[1]) - c.B1.A0.BigInt(res[2]) - c.B1.A1.BigInt(res[3]) - - return nil -} - -func init() { - solver.RegisterHint(DivE4Hint) -} - // DivUnchecked e4 elmts func (e *E4) DivUnchecked(api frontend.API, e1, e2 E4) *E4 { - res, err := api.NewHint(DivE4Hint, 4, e1.B0.A0, e1.B0.A1, e1.B1.A0, e1.B1.A1, e2.B0.A0, e2.B0.A1, e2.B1.A0, e2.B1.A1) + res, err := api.NewHint(divE4Hint, 4, e1.B0.A0, e1.B0.A1, e1.B1.A0, e1.B1.A1, e2.B0.A0, e2.B0.A1, e2.B1.A0, e2.B1.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -194,32 +165,10 @@ func (e *E4) DivUnchecked(api frontend.API, e1, e2 E4) *E4 { return e } -var InverseE4Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { - var a, c bls24315.E4 - - a.B0.A0.SetBigInt(inputs[0]) - a.B0.A1.SetBigInt(inputs[1]) - a.B1.A0.SetBigInt(inputs[2]) - a.B1.A1.SetBigInt(inputs[3]) - - c.Inverse(&a) - - c.B0.A0.BigInt(res[0]) - c.B0.A1.BigInt(res[1]) - c.B1.A0.BigInt(res[2]) - c.B1.A1.BigInt(res[3]) - - return nil -} - -func init() { - solver.RegisterHint(InverseE4Hint) -} - // Inverse e4 elmts func (e *E4) Inverse(api frontend.API, e1 E4) *E4 { - res, err := api.NewHint(InverseE4Hint, 4, e1.B0.A0, e1.B0.A1, e1.B1.A0, e1.B1.A1) + res, err := api.NewHint(inverseE4Hint, 4, e1.B0.A0, e1.B0.A1, e1.B1.A0, e1.B1.A1) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/fields_bls24315/hints.go b/std/algebra/native/fields_bls24315/hints.go new file mode 100644 index 0000000000..9ab227f130 --- /dev/null +++ b/std/algebra/native/fields_bls24315/hints.go @@ -0,0 +1,317 @@ +package fields_bls24315 + +import ( + "math/big" + + bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315" + "github.com/consensys/gnark/constraint/solver" +) + +func GetHints() []solver.Hint { + return []solver.Hint{ + divE2Hint, + divE4Hint, + divE12Hint, + divE24Hint, + inverseE2Hint, + inverseE4Hint, + inverseE12Hint, + inverseE24Hint, + } +} + +func init() { + solver.RegisterHint(GetHints()...) +} + +var inverseE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, c bls24315.E2 + + a.A0.SetBigInt(inputs[0]) + a.A1.SetBigInt(inputs[1]) + + c.Inverse(&a) + + c.A0.BigInt(res[0]) + c.A1.BigInt(res[1]) + + return nil +} + +func divE2Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, b, c bls24315.E2 + + a.A0.SetBigInt(inputs[0]) + a.A1.SetBigInt(inputs[1]) + b.A0.SetBigInt(inputs[2]) + b.A1.SetBigInt(inputs[3]) + + c.Inverse(&b).Mul(&c, &a) + + c.A0.BigInt(res[0]) + c.A1.BigInt(res[1]) + + return nil +} + +func divE4Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, b, c bls24315.E4 + + a.B0.A0.SetBigInt(inputs[0]) + a.B0.A1.SetBigInt(inputs[1]) + a.B1.A0.SetBigInt(inputs[2]) + a.B1.A1.SetBigInt(inputs[3]) + b.B0.A0.SetBigInt(inputs[4]) + b.B0.A1.SetBigInt(inputs[5]) + b.B1.A0.SetBigInt(inputs[6]) + b.B1.A1.SetBigInt(inputs[7]) + + c.Inverse(&b).Mul(&c, &a) + + c.B0.A0.BigInt(res[0]) + c.B0.A1.BigInt(res[1]) + c.B1.A0.BigInt(res[2]) + c.B1.A1.BigInt(res[3]) + + return nil +} + +func inverseE4Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, c bls24315.E4 + + a.B0.A0.SetBigInt(inputs[0]) + a.B0.A1.SetBigInt(inputs[1]) + a.B1.A0.SetBigInt(inputs[2]) + a.B1.A1.SetBigInt(inputs[3]) + + c.Inverse(&a) + + c.B0.A0.BigInt(res[0]) + c.B0.A1.BigInt(res[1]) + c.B1.A0.BigInt(res[2]) + c.B1.A1.BigInt(res[3]) + + return nil +} + +func divE12Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, b, c bls24315.E12 + + a.C0.B0.A0.SetBigInt(inputs[0]) + a.C0.B0.A1.SetBigInt(inputs[1]) + a.C0.B1.A0.SetBigInt(inputs[2]) + a.C0.B1.A1.SetBigInt(inputs[3]) + a.C1.B0.A0.SetBigInt(inputs[4]) + a.C1.B0.A1.SetBigInt(inputs[5]) + a.C1.B1.A0.SetBigInt(inputs[6]) + a.C1.B1.A1.SetBigInt(inputs[7]) + a.C2.B0.A0.SetBigInt(inputs[8]) + a.C2.B0.A1.SetBigInt(inputs[9]) + a.C2.B1.A0.SetBigInt(inputs[10]) + a.C2.B1.A1.SetBigInt(inputs[11]) + + b.C0.B0.A0.SetBigInt(inputs[12]) + b.C0.B0.A1.SetBigInt(inputs[13]) + b.C0.B1.A0.SetBigInt(inputs[14]) + b.C0.B1.A1.SetBigInt(inputs[15]) + b.C1.B0.A0.SetBigInt(inputs[16]) + b.C1.B0.A1.SetBigInt(inputs[17]) + b.C1.B1.A0.SetBigInt(inputs[18]) + b.C1.B1.A1.SetBigInt(inputs[19]) + b.C2.B0.A0.SetBigInt(inputs[20]) + b.C2.B0.A1.SetBigInt(inputs[21]) + b.C2.B1.A0.SetBigInt(inputs[22]) + b.C2.B1.A1.SetBigInt(inputs[23]) + + c.Inverse(&b).Mul(&c, &a) + + c.C0.B0.A0.BigInt(res[0]) + c.C0.B0.A1.BigInt(res[1]) + c.C0.B1.A0.BigInt(res[2]) + c.C0.B1.A1.BigInt(res[3]) + c.C1.B0.A0.BigInt(res[4]) + c.C1.B0.A1.BigInt(res[5]) + c.C1.B1.A0.BigInt(res[6]) + c.C1.B1.A1.BigInt(res[7]) + c.C2.B0.A0.BigInt(res[8]) + c.C2.B0.A1.BigInt(res[9]) + c.C2.B1.A0.BigInt(res[10]) + c.C2.B1.A1.BigInt(res[11]) + + return nil +} + +func inverseE12Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, c bls24315.E12 + + a.C0.B0.A0.SetBigInt(inputs[0]) + a.C0.B0.A1.SetBigInt(inputs[1]) + a.C0.B1.A0.SetBigInt(inputs[2]) + a.C0.B1.A1.SetBigInt(inputs[3]) + a.C1.B0.A0.SetBigInt(inputs[4]) + a.C1.B0.A1.SetBigInt(inputs[5]) + a.C1.B1.A0.SetBigInt(inputs[6]) + a.C1.B1.A1.SetBigInt(inputs[7]) + a.C2.B0.A0.SetBigInt(inputs[8]) + a.C2.B0.A1.SetBigInt(inputs[9]) + a.C2.B1.A0.SetBigInt(inputs[10]) + a.C2.B1.A1.SetBigInt(inputs[11]) + + c.Inverse(&a) + + c.C0.B0.A0.BigInt(res[0]) + c.C0.B0.A1.BigInt(res[1]) + c.C0.B1.A0.BigInt(res[2]) + c.C0.B1.A1.BigInt(res[3]) + c.C1.B0.A0.BigInt(res[4]) + c.C1.B0.A1.BigInt(res[5]) + c.C1.B1.A0.BigInt(res[6]) + c.C1.B1.A1.BigInt(res[7]) + c.C2.B0.A0.BigInt(res[8]) + c.C2.B0.A1.BigInt(res[9]) + c.C2.B1.A0.BigInt(res[10]) + c.C2.B1.A1.BigInt(res[11]) + + return nil +} + +func divE24Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, b, c bls24315.E24 + + a.D0.C0.B0.A0.SetBigInt(inputs[0]) + a.D0.C0.B0.A1.SetBigInt(inputs[1]) + a.D0.C0.B1.A0.SetBigInt(inputs[2]) + a.D0.C0.B1.A1.SetBigInt(inputs[3]) + a.D0.C1.B0.A0.SetBigInt(inputs[4]) + a.D0.C1.B0.A1.SetBigInt(inputs[5]) + a.D0.C1.B1.A0.SetBigInt(inputs[6]) + a.D0.C1.B1.A1.SetBigInt(inputs[7]) + a.D0.C2.B0.A0.SetBigInt(inputs[8]) + a.D0.C2.B0.A1.SetBigInt(inputs[9]) + a.D0.C2.B1.A0.SetBigInt(inputs[10]) + a.D0.C2.B1.A1.SetBigInt(inputs[11]) + a.D1.C0.B0.A0.SetBigInt(inputs[12]) + a.D1.C0.B0.A1.SetBigInt(inputs[13]) + a.D1.C0.B1.A0.SetBigInt(inputs[14]) + a.D1.C0.B1.A1.SetBigInt(inputs[15]) + a.D1.C1.B0.A0.SetBigInt(inputs[16]) + a.D1.C1.B0.A1.SetBigInt(inputs[17]) + a.D1.C1.B1.A0.SetBigInt(inputs[18]) + a.D1.C1.B1.A1.SetBigInt(inputs[19]) + a.D1.C2.B0.A0.SetBigInt(inputs[20]) + a.D1.C2.B0.A1.SetBigInt(inputs[21]) + a.D1.C2.B1.A0.SetBigInt(inputs[22]) + a.D1.C2.B1.A1.SetBigInt(inputs[23]) + + b.D0.C0.B0.A0.SetBigInt(inputs[24]) + b.D0.C0.B0.A1.SetBigInt(inputs[25]) + b.D0.C0.B1.A0.SetBigInt(inputs[26]) + b.D0.C0.B1.A1.SetBigInt(inputs[27]) + b.D0.C1.B0.A0.SetBigInt(inputs[28]) + b.D0.C1.B0.A1.SetBigInt(inputs[29]) + b.D0.C1.B1.A0.SetBigInt(inputs[30]) + b.D0.C1.B1.A1.SetBigInt(inputs[31]) + b.D0.C2.B0.A0.SetBigInt(inputs[32]) + b.D0.C2.B0.A1.SetBigInt(inputs[33]) + b.D0.C2.B1.A0.SetBigInt(inputs[34]) + b.D0.C2.B1.A1.SetBigInt(inputs[35]) + b.D1.C0.B0.A0.SetBigInt(inputs[36]) + b.D1.C0.B0.A1.SetBigInt(inputs[37]) + b.D1.C0.B1.A0.SetBigInt(inputs[38]) + b.D1.C0.B1.A1.SetBigInt(inputs[39]) + b.D1.C1.B0.A0.SetBigInt(inputs[40]) + b.D1.C1.B0.A1.SetBigInt(inputs[41]) + b.D1.C1.B1.A0.SetBigInt(inputs[42]) + b.D1.C1.B1.A1.SetBigInt(inputs[43]) + b.D1.C2.B0.A0.SetBigInt(inputs[44]) + b.D1.C2.B0.A1.SetBigInt(inputs[45]) + b.D1.C2.B1.A0.SetBigInt(inputs[46]) + b.D1.C2.B1.A1.SetBigInt(inputs[47]) + + c.Inverse(&b).Mul(&c, &a) + + c.D0.C0.B0.A0.BigInt(res[0]) + c.D0.C0.B0.A1.BigInt(res[1]) + c.D0.C0.B1.A0.BigInt(res[2]) + c.D0.C0.B1.A1.BigInt(res[3]) + c.D0.C1.B0.A0.BigInt(res[4]) + c.D0.C1.B0.A1.BigInt(res[5]) + c.D0.C1.B1.A0.BigInt(res[6]) + c.D0.C1.B1.A1.BigInt(res[7]) + c.D0.C2.B0.A0.BigInt(res[8]) + c.D0.C2.B0.A1.BigInt(res[9]) + c.D0.C2.B1.A0.BigInt(res[10]) + c.D0.C2.B1.A1.BigInt(res[11]) + c.D1.C0.B0.A0.BigInt(res[12]) + c.D1.C0.B0.A1.BigInt(res[13]) + c.D1.C0.B1.A0.BigInt(res[14]) + c.D1.C0.B1.A1.BigInt(res[15]) + c.D1.C1.B0.A0.BigInt(res[16]) + c.D1.C1.B0.A1.BigInt(res[17]) + c.D1.C1.B1.A0.BigInt(res[18]) + c.D1.C1.B1.A1.BigInt(res[19]) + c.D1.C2.B0.A0.BigInt(res[20]) + c.D1.C2.B0.A1.BigInt(res[21]) + c.D1.C2.B1.A0.BigInt(res[22]) + c.D1.C2.B1.A1.BigInt(res[23]) + + return nil +} + +func inverseE24Hint(_ *big.Int, inputs []*big.Int, res []*big.Int) error { + var a, c bls24315.E24 + + a.D0.C0.B0.A0.SetBigInt(inputs[0]) + a.D0.C0.B0.A1.SetBigInt(inputs[1]) + a.D0.C0.B1.A0.SetBigInt(inputs[2]) + a.D0.C0.B1.A1.SetBigInt(inputs[3]) + a.D0.C1.B0.A0.SetBigInt(inputs[4]) + a.D0.C1.B0.A1.SetBigInt(inputs[5]) + a.D0.C1.B1.A0.SetBigInt(inputs[6]) + a.D0.C1.B1.A1.SetBigInt(inputs[7]) + a.D0.C2.B0.A0.SetBigInt(inputs[8]) + a.D0.C2.B0.A1.SetBigInt(inputs[9]) + a.D0.C2.B1.A0.SetBigInt(inputs[10]) + a.D0.C2.B1.A1.SetBigInt(inputs[11]) + a.D1.C0.B0.A0.SetBigInt(inputs[12]) + a.D1.C0.B0.A1.SetBigInt(inputs[13]) + a.D1.C0.B1.A0.SetBigInt(inputs[14]) + a.D1.C0.B1.A1.SetBigInt(inputs[15]) + a.D1.C1.B0.A0.SetBigInt(inputs[16]) + a.D1.C1.B0.A1.SetBigInt(inputs[17]) + a.D1.C1.B1.A0.SetBigInt(inputs[18]) + a.D1.C1.B1.A1.SetBigInt(inputs[19]) + a.D1.C2.B0.A0.SetBigInt(inputs[20]) + a.D1.C2.B0.A1.SetBigInt(inputs[21]) + a.D1.C2.B1.A0.SetBigInt(inputs[22]) + a.D1.C2.B1.A1.SetBigInt(inputs[23]) + + c.Inverse(&a) + + c.D0.C0.B0.A0.BigInt(res[0]) + c.D0.C0.B0.A1.BigInt(res[1]) + c.D0.C0.B1.A0.BigInt(res[2]) + c.D0.C0.B1.A1.BigInt(res[3]) + c.D0.C1.B0.A0.BigInt(res[4]) + c.D0.C1.B0.A1.BigInt(res[5]) + c.D0.C1.B1.A0.BigInt(res[6]) + c.D0.C1.B1.A1.BigInt(res[7]) + c.D0.C2.B0.A0.BigInt(res[8]) + c.D0.C2.B0.A1.BigInt(res[9]) + c.D0.C2.B1.A0.BigInt(res[10]) + c.D0.C2.B1.A1.BigInt(res[11]) + c.D1.C0.B0.A0.BigInt(res[12]) + c.D1.C0.B0.A1.BigInt(res[13]) + c.D1.C0.B1.A0.BigInt(res[14]) + c.D1.C0.B1.A1.BigInt(res[15]) + c.D1.C1.B0.A0.BigInt(res[16]) + c.D1.C1.B0.A1.BigInt(res[17]) + c.D1.C1.B1.A0.BigInt(res[18]) + c.D1.C1.B1.A1.BigInt(res[19]) + c.D1.C2.B0.A0.BigInt(res[20]) + c.D1.C2.B0.A1.BigInt(res[21]) + c.D1.C2.B1.A0.BigInt(res[22]) + c.D1.C2.B1.A1.BigInt(res[23]) + + return nil +} diff --git a/std/algebra/native/sw_bls12377/g1.go b/std/algebra/native/sw_bls12377/g1.go index 42479031a2..7541f85b76 100644 --- a/std/algebra/native/sw_bls12377/g1.go +++ b/std/algebra/native/sw_bls12377/g1.go @@ -23,7 +23,6 @@ import ( bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/std/algebra/algopts" ) @@ -160,31 +159,6 @@ func (P *G1Affine) ScalarMul(api frontend.API, Q G1Affine, s interface{}, opts . } } -var DecomposeScalarG1 = func(scalarField *big.Int, inputs []*big.Int, res []*big.Int) error { - cc := getInnerCurveConfig(scalarField) - sp := ecc.SplitScalar(inputs[0], cc.glvBasis) - res[0].Set(&(sp[0])) - res[1].Set(&(sp[1])) - one := big.NewInt(1) - // add (lambda+1, lambda) until scalar compostion is over Fr to ensure that - // the high bits are set in decomposition. - for res[0].Cmp(cc.lambda) < 1 && res[1].Cmp(cc.lambda) < 1 { - res[0].Add(res[0], cc.lambda) - res[0].Add(res[0], one) - res[1].Add(res[1], cc.lambda) - } - // figure out how many times we have overflowed - res[2].Mul(res[1], cc.lambda).Add(res[2], res[0]) - res[2].Sub(res[2], inputs[0]) - res[2].Div(res[2], cc.fr) - - return nil -} - -func init() { - solver.RegisterHint(DecomposeScalarG1) -} - // varScalarMul sets P = [s] Q and returns P. func (P *G1Affine) varScalarMul(api frontend.API, Q G1Affine, s frontend.Variable, opts ...algopts.AlgebraOption) *G1Affine { cfg, err := algopts.NewConfig(opts...) @@ -217,7 +191,7 @@ func (P *G1Affine) varScalarMul(api frontend.API, Q G1Affine, s frontend.Variabl // the hints allow to decompose the scalar s into s1 and s2 such that // s1 + 位 * s2 == s mod r, // where 位 is third root of one in 饾斀_r. - sd, err := api.Compiler().NewHint(DecomposeScalarG1, 3, s) + sd, err := api.Compiler().NewHint(decomposeScalarG1, 3, s) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -474,14 +448,14 @@ func (P *G1Affine) jointScalarMul(api frontend.API, Q, R G1Affine, s, t frontend func (P *G1Affine) jointScalarMulUnsafe(api frontend.API, Q, R G1Affine, s, t frontend.Variable) *G1Affine { cc := getInnerCurveConfig(api.Compiler().Field()) - sd, err := api.Compiler().NewHint(DecomposeScalarG1, 3, s) + sd, err := api.Compiler().NewHint(decomposeScalarG1, 3, s) if err != nil { // err is non-nil only for invalid number of inputs panic(err) } s1, s2 := sd[0], sd[1] - td, err := api.Compiler().NewHint(DecomposeScalarG1, 3, t) + td, err := api.Compiler().NewHint(decomposeScalarG1, 3, t) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/sw_bls12377/g2.go b/std/algebra/native/sw_bls12377/g2.go index 4b46b2726d..bf2317d151 100644 --- a/std/algebra/native/sw_bls12377/g2.go +++ b/std/algebra/native/sw_bls12377/g2.go @@ -22,7 +22,6 @@ import ( "github.com/consensys/gnark-crypto/ecc" bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/std/algebra/algopts" "github.com/consensys/gnark/std/algebra/native/fields_bls12377" @@ -168,31 +167,6 @@ func (P *g2AffP) ScalarMul(api frontend.API, Q g2AffP, s interface{}, opts ...al } } -var DecomposeScalarG2 = func(scalarField *big.Int, inputs []*big.Int, res []*big.Int) error { - cc := getInnerCurveConfig(scalarField) - sp := ecc.SplitScalar(inputs[0], cc.glvBasis) - res[0].Set(&(sp[0])) - res[1].Set(&(sp[1])) - one := big.NewInt(1) - // add (lambda+1, lambda) until scalar compostion is over Fr to ensure that - // the high bits are set in decomposition. - for res[0].Cmp(cc.lambda) < 1 && res[1].Cmp(cc.lambda) < 1 { - res[0].Add(res[0], cc.lambda) - res[0].Add(res[0], one) - res[1].Add(res[1], cc.lambda) - } - // figure out how many times we have overflowed - res[2].Mul(res[1], cc.lambda).Add(res[2], res[0]) - res[2].Sub(res[2], inputs[0]) - res[2].Div(res[2], cc.fr) - - return nil -} - -func init() { - solver.RegisterHint(DecomposeScalarG2) -} - // varScalarMul sets P = [s] Q and returns P. func (P *g2AffP) varScalarMul(api frontend.API, Q g2AffP, s frontend.Variable, opts ...algopts.AlgebraOption) *g2AffP { cfg, err := algopts.NewConfig(opts...) @@ -226,7 +200,7 @@ func (P *g2AffP) varScalarMul(api frontend.API, Q g2AffP, s frontend.Variable, o // the hints allow to decompose the scalar s into s1 and s2 such that // s1 + 位 * s2 == s mod r, // where 位 is third root of one in 饾斀_r. - sd, err := api.Compiler().NewHint(DecomposeScalarG2, 3, s) + sd, err := api.Compiler().NewHint(decomposeScalarG2, 3, s) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/sw_bls12377/hints.go b/std/algebra/native/sw_bls12377/hints.go new file mode 100644 index 0000000000..d34b321af9 --- /dev/null +++ b/std/algebra/native/sw_bls12377/hints.go @@ -0,0 +1,61 @@ +package sw_bls12377 + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc" + "github.com/consensys/gnark/constraint/solver" +) + +func GetHints() []solver.Hint { + return []solver.Hint{ + decomposeScalarG1, + decomposeScalarG2, + } +} + +func init() { + solver.RegisterHint(GetHints()...) +} + +func decomposeScalarG1(scalarField *big.Int, inputs []*big.Int, res []*big.Int) error { + cc := getInnerCurveConfig(scalarField) + sp := ecc.SplitScalar(inputs[0], cc.glvBasis) + res[0].Set(&(sp[0])) + res[1].Set(&(sp[1])) + one := big.NewInt(1) + // add (lambda+1, lambda) until scalar compostion is over Fr to ensure that + // the high bits are set in decomposition. + for res[0].Cmp(cc.lambda) < 1 && res[1].Cmp(cc.lambda) < 1 { + res[0].Add(res[0], cc.lambda) + res[0].Add(res[0], one) + res[1].Add(res[1], cc.lambda) + } + // figure out how many times we have overflowed + res[2].Mul(res[1], cc.lambda).Add(res[2], res[0]) + res[2].Sub(res[2], inputs[0]) + res[2].Div(res[2], cc.fr) + + return nil +} + +func decomposeScalarG2(scalarField *big.Int, inputs []*big.Int, res []*big.Int) error { + cc := getInnerCurveConfig(scalarField) + sp := ecc.SplitScalar(inputs[0], cc.glvBasis) + res[0].Set(&(sp[0])) + res[1].Set(&(sp[1])) + one := big.NewInt(1) + // add (lambda+1, lambda) until scalar compostion is over Fr to ensure that + // the high bits are set in decomposition. + for res[0].Cmp(cc.lambda) < 1 && res[1].Cmp(cc.lambda) < 1 { + res[0].Add(res[0], cc.lambda) + res[0].Add(res[0], one) + res[1].Add(res[1], cc.lambda) + } + // figure out how many times we have overflowed + res[2].Mul(res[1], cc.lambda).Add(res[2], res[0]) + res[2].Sub(res[2], inputs[0]) + res[2].Div(res[2], cc.fr) + + return nil +} diff --git a/std/algebra/native/sw_bls12377/pairing2.go b/std/algebra/native/sw_bls12377/pairing2.go index 82dc7d8088..01515242bd 100644 --- a/std/algebra/native/sw_bls12377/pairing2.go +++ b/std/algebra/native/sw_bls12377/pairing2.go @@ -175,7 +175,7 @@ func (c *Curve) MultiScalarMul(P []*G1Affine, scalars []*Scalar, opts ...algopts gamma := c.packScalarToVar(scalars[0]) // decompose gamma in the endomorphism eigenvalue basis and bit-decompose the sub-scalars cc := getInnerCurveConfig(c.api.Compiler().Field()) - sd, err := c.api.Compiler().NewHint(DecomposeScalarG1, 3, gamma) + sd, err := c.api.Compiler().NewHint(decomposeScalarG1, 3, gamma) if err != nil { panic(err) } diff --git a/std/algebra/native/sw_bls24315/g1.go b/std/algebra/native/sw_bls24315/g1.go index b0d7a7a6b6..861e2abe3e 100644 --- a/std/algebra/native/sw_bls24315/g1.go +++ b/std/algebra/native/sw_bls24315/g1.go @@ -22,7 +22,6 @@ import ( "github.com/consensys/gnark-crypto/ecc" bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/std/algebra/algopts" ) @@ -159,31 +158,6 @@ func (P *G1Affine) ScalarMul(api frontend.API, Q G1Affine, s interface{}, opts . } } -var DecomposeScalarG1 = func(scalarField *big.Int, inputs []*big.Int, res []*big.Int) error { - cc := getInnerCurveConfig(scalarField) - sp := ecc.SplitScalar(inputs[0], cc.glvBasis) - res[0].Set(&(sp[0])) - res[1].Set(&(sp[1])) - one := big.NewInt(1) - // add (lambda+1, lambda) until scalar compostion is over Fr to ensure that - // the high bits are set in decomposition. - for res[0].Cmp(cc.lambda) < 1 && res[1].Cmp(cc.lambda) < 1 { - res[0].Add(res[0], cc.lambda) - res[0].Add(res[0], one) - res[1].Add(res[1], cc.lambda) - } - // figure out how many times we have overflowed - res[2].Mul(res[1], cc.lambda).Add(res[2], res[0]) - res[2].Sub(res[2], inputs[0]) - res[2].Div(res[2], cc.fr) - - return nil -} - -func init() { - solver.RegisterHint(DecomposeScalarG1) -} - // varScalarMul sets P = [s] Q and returns P. func (P *G1Affine) varScalarMul(api frontend.API, Q G1Affine, s frontend.Variable, opts ...algopts.AlgebraOption) *G1Affine { cfg, err := algopts.NewConfig(opts...) @@ -216,7 +190,7 @@ func (P *G1Affine) varScalarMul(api frontend.API, Q G1Affine, s frontend.Variabl // the hints allow to decompose the scalar s into s1 and s2 such that // s1 + 位 * s2 == s mod r, // where 位 is third root of one in 饾斀_r. - sd, err := api.Compiler().NewHint(DecomposeScalarG1, 3, s) + sd, err := api.Compiler().NewHint(decomposeScalarG1, 3, s) if err != nil { // err is non-nil only for invalid number of inputs panic(err) @@ -456,14 +430,14 @@ func (P *G1Affine) ScalarMulBase(api frontend.API, s frontend.Variable, opts ... func (P *G1Affine) jointScalarMul(api frontend.API, Q, R G1Affine, s, t frontend.Variable) *G1Affine { cc := getInnerCurveConfig(api.Compiler().Field()) - sd, err := api.Compiler().NewHint(DecomposeScalarG1, 3, s) + sd, err := api.Compiler().NewHint(decomposeScalarG1, 3, s) if err != nil { // err is non-nil only for invalid number of inputs panic(err) } s1, s2 := sd[0], sd[1] - td, err := api.Compiler().NewHint(DecomposeScalarG1, 3, t) + td, err := api.Compiler().NewHint(decomposeScalarG1, 3, t) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/sw_bls24315/g2.go b/std/algebra/native/sw_bls24315/g2.go index 2139b02f8b..7125fc865a 100644 --- a/std/algebra/native/sw_bls24315/g2.go +++ b/std/algebra/native/sw_bls24315/g2.go @@ -22,7 +22,6 @@ import ( "github.com/consensys/gnark-crypto/ecc" bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315" - "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/std/algebra/algopts" "github.com/consensys/gnark/std/algebra/native/fields_bls24315" @@ -168,31 +167,6 @@ func (P *g2AffP) ScalarMul(api frontend.API, Q g2AffP, s interface{}, opts ...al } } -var DecomposeScalarG2 = func(scalarField *big.Int, inputs []*big.Int, res []*big.Int) error { - cc := getInnerCurveConfig(scalarField) - sp := ecc.SplitScalar(inputs[0], cc.glvBasis) - res[0].Set(&(sp[0])) - res[1].Set(&(sp[1])) - one := big.NewInt(1) - // add (lambda+1, lambda) until scalar compostion is over Fr to ensure that - // the high bits are set in decomposition. - for res[0].Cmp(cc.lambda) < 1 && res[1].Cmp(cc.lambda) < 1 { - res[0].Add(res[0], cc.lambda) - res[0].Add(res[0], one) - res[1].Add(res[1], cc.lambda) - } - // figure out how many times we have overflowed - res[2].Mul(res[1], cc.lambda).Add(res[2], res[0]) - res[2].Sub(res[2], inputs[0]) - res[2].Div(res[2], cc.fr) - - return nil -} - -func init() { - solver.RegisterHint(DecomposeScalarG2) -} - // varScalarMul sets P = [s] Q and returns P. func (P *g2AffP) varScalarMul(api frontend.API, Q g2AffP, s frontend.Variable, opts ...algopts.AlgebraOption) *g2AffP { cfg, err := algopts.NewConfig(opts...) @@ -226,7 +200,7 @@ func (P *g2AffP) varScalarMul(api frontend.API, Q g2AffP, s frontend.Variable, o // the hints allow to decompose the scalar s into s1 and s2 such that // s1 + 位 * s2 == s mod r, // where 位 is third root of one in 饾斀_r. - sd, err := api.Compiler().NewHint(DecomposeScalarG2, 3, s) + sd, err := api.Compiler().NewHint(decomposeScalarG2, 3, s) if err != nil { // err is non-nil only for invalid number of inputs panic(err) diff --git a/std/algebra/native/sw_bls24315/hints.go b/std/algebra/native/sw_bls24315/hints.go new file mode 100644 index 0000000000..1269ecaca8 --- /dev/null +++ b/std/algebra/native/sw_bls24315/hints.go @@ -0,0 +1,61 @@ +package sw_bls24315 + +import ( + "math/big" + + "github.com/consensys/gnark-crypto/ecc" + "github.com/consensys/gnark/constraint/solver" +) + +func GetHints() []solver.Hint { + return []solver.Hint{ + decomposeScalarG1, + decomposeScalarG2, + } +} + +func init() { + solver.RegisterHint(GetHints()...) +} + +func decomposeScalarG1(scalarField *big.Int, inputs []*big.Int, res []*big.Int) error { + cc := getInnerCurveConfig(scalarField) + sp := ecc.SplitScalar(inputs[0], cc.glvBasis) + res[0].Set(&(sp[0])) + res[1].Set(&(sp[1])) + one := big.NewInt(1) + // add (lambda+1, lambda) until scalar compostion is over Fr to ensure that + // the high bits are set in decomposition. + for res[0].Cmp(cc.lambda) < 1 && res[1].Cmp(cc.lambda) < 1 { + res[0].Add(res[0], cc.lambda) + res[0].Add(res[0], one) + res[1].Add(res[1], cc.lambda) + } + // figure out how many times we have overflowed + res[2].Mul(res[1], cc.lambda).Add(res[2], res[0]) + res[2].Sub(res[2], inputs[0]) + res[2].Div(res[2], cc.fr) + + return nil +} + +func decomposeScalarG2(scalarField *big.Int, inputs []*big.Int, res []*big.Int) error { + cc := getInnerCurveConfig(scalarField) + sp := ecc.SplitScalar(inputs[0], cc.glvBasis) + res[0].Set(&(sp[0])) + res[1].Set(&(sp[1])) + one := big.NewInt(1) + // add (lambda+1, lambda) until scalar compostion is over Fr to ensure that + // the high bits are set in decomposition. + for res[0].Cmp(cc.lambda) < 1 && res[1].Cmp(cc.lambda) < 1 { + res[0].Add(res[0], cc.lambda) + res[0].Add(res[0], one) + res[1].Add(res[1], cc.lambda) + } + // figure out how many times we have overflowed + res[2].Mul(res[1], cc.lambda).Add(res[2], res[0]) + res[2].Sub(res[2], inputs[0]) + res[2].Div(res[2], cc.fr) + + return nil +} diff --git a/std/algebra/native/sw_bls24315/pairing2.go b/std/algebra/native/sw_bls24315/pairing2.go index db919ed4f8..62919fa540 100644 --- a/std/algebra/native/sw_bls24315/pairing2.go +++ b/std/algebra/native/sw_bls24315/pairing2.go @@ -171,7 +171,7 @@ func (c *Curve) MultiScalarMul(P []*G1Affine, scalars []*Scalar, opts ...algopts gamma := c.packScalarToVar(scalars[0]) // decompose gamma in the endomorphism eigenvalue basis and bit-decompose the sub-scalars cc := getInnerCurveConfig(c.api.Compiler().Field()) - sd, err := c.api.Compiler().NewHint(DecomposeScalarG1, 3, gamma) + sd, err := c.api.Compiler().NewHint(decomposeScalarG1, 3, gamma) if err != nil { panic(err) } diff --git a/std/hints.go b/std/hints.go index c95ef7b955..709c5e9b01 100644 --- a/std/hints.go +++ b/std/hints.go @@ -4,7 +4,12 @@ import ( "sync" "github.com/consensys/gnark/constraint/solver" + "github.com/consensys/gnark/std/algebra/emulated/fields_bls12381" + "github.com/consensys/gnark/std/algebra/emulated/fields_bn254" + "github.com/consensys/gnark/std/algebra/emulated/fields_bw6761" "github.com/consensys/gnark/std/algebra/emulated/sw_emulated" + "github.com/consensys/gnark/std/algebra/native/fields_bls12377" + "github.com/consensys/gnark/std/algebra/native/fields_bls24315" "github.com/consensys/gnark/std/algebra/native/sw_bls12377" "github.com/consensys/gnark/std/algebra/native/sw_bls24315" "github.com/consensys/gnark/std/evmprecompiles" @@ -29,10 +34,6 @@ func RegisterHints() { func registerHints() { // note that importing these packages may already trigger a call to solver.RegisterHint(...) - solver.RegisterHint(sw_bls24315.DecomposeScalarG1) - solver.RegisterHint(sw_bls12377.DecomposeScalarG1) - solver.RegisterHint(sw_bls24315.DecomposeScalarG2) - solver.RegisterHint(sw_bls12377.DecomposeScalarG2) solver.RegisterHint(bits.GetHints()...) solver.RegisterHint(cmp.GetHints()...) solver.RegisterHint(selector.GetHints()...) @@ -41,5 +42,20 @@ func registerHints() { solver.RegisterHint(evmprecompiles.GetHints()...) solver.RegisterHint(logderivarg.GetHints()...) solver.RegisterHint(bitslice.GetHints()...) + // emulated fields + solver.RegisterHint(fields_bls12381.GetHints()...) + solver.RegisterHint(fields_bn254.GetHints()...) + solver.RegisterHint(fields_bw6761.GetHints()...) + // native fields + solver.RegisterHint(fields_bls12377.GetHints()...) + solver.RegisterHint(fields_bls24315.GetHints()...) + // emulated curves solver.RegisterHint(sw_emulated.GetHints()...) + // native curves + solver.RegisterHint(sw_bls12377.GetHints()...) + solver.RegisterHint(sw_bls24315.GetHints()...) +} + +func init() { + RegisterHints() }