From 151f284da6caad1545a38f871c421c5bb2da8f6a Mon Sep 17 00:00:00 2001
From: Mamy Ratsimbazafy <mamy_github@numforge.co>
Date: Thu, 8 Jun 2023 22:13:31 +0200
Subject: [PATCH] Add C API for BN254 snarks

---
 bindings_generators/constantine_bls12_381.nim |   2 +-
 .../constantine_bn254_snarks.nim              |  87 +++++++
 constantine.nimble                            |   4 +
 include/constantine_bn254_snarks.h            | 235 ++++++++++++++++++
 4 files changed, 327 insertions(+), 1 deletion(-)
 create mode 100644 bindings_generators/constantine_bn254_snarks.nim
 create mode 100644 include/constantine_bn254_snarks.h

diff --git a/bindings_generators/constantine_bls12_381.nim b/bindings_generators/constantine_bls12_381.nim
index 82115a19d..b34c9c8ca 100644
--- a/bindings_generators/constantine_bls12_381.nim
+++ b/bindings_generators/constantine_bls12_381.nim
@@ -6,7 +6,7 @@
 #   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
 # at your option. This file may not be copied, modified, or distributed except according to those terms.
 
-import ./gen_bindings, gen_header
+import ./gen_bindings, ./gen_header
 
 type
   bls12381_fr = Fr[BLS12_381]
diff --git a/bindings_generators/constantine_bn254_snarks.nim b/bindings_generators/constantine_bn254_snarks.nim
new file mode 100644
index 000000000..e57d69fd7
--- /dev/null
+++ b/bindings_generators/constantine_bn254_snarks.nim
@@ -0,0 +1,87 @@
+# Constantine
+# Copyright (c) 2018-2019    Status Research & Development GmbH
+# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
+# Licensed and distributed under either of
+#   * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
+#   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
+# at your option. This file may not be copied, modified, or distributed except according to those terms.
+
+import ./gen_bindings, ./gen_header
+
+type
+  bn254snarks_fr = Fr[BN254_Snarks]
+  bn254snarks_fp = Fp[BN254_Snarks]
+  bn254snarks_fp2 = Fp2[BN254_Snarks]
+  bn254snarks_ec_g1_aff = ECP_ShortW_Aff[Fp[BN254_Snarks], G1]
+  bn254snarks_ec_g1_jac = ECP_ShortW_Jac[Fp[BN254_Snarks], G1]
+  bn254snarks_ec_g1_prj = ECP_ShortW_Prj[Fp[BN254_Snarks], G1]
+  bn254snarks_ec_g2_aff = ECP_ShortW_Aff[Fp2[BN254_Snarks], G2]
+  bn254snarks_ec_g2_jac = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2]
+  bn254snarks_ec_g2_prj = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]
+
+collectBindings(cBindings):
+  genBindingsField(bn254snarks_fr)
+  genBindingsField(bn254snarks_fp)
+  genBindingsFieldSqrt(bn254snarks_fp)
+  genBindingsExtField(bn254snarks_fp2)
+  genBindingsExtFieldSqrt(bn254snarks_fp2)
+  genBindings_EC_ShortW_Affine(bn254snarks_ec_g1_aff, bn254snarks_fp)
+  genBindings_EC_ShortW_NonAffine(bn254snarks_ec_g1_jac, bn254snarks_ec_g1_aff, bn254snarks_fp)
+  genBindings_EC_ShortW_NonAffine(bn254snarks_ec_g1_prj, bn254snarks_ec_g1_aff, bn254snarks_fp)
+  genBindings_EC_ShortW_Affine(bn254snarks_ec_g2_aff, bn254snarks_fp2)
+  genBindings_EC_ShortW_NonAffine(bn254snarks_ec_g2_jac, bn254snarks_ec_g2_aff, bn254snarks_fp2)
+  genBindings_EC_ShortW_NonAffine(bn254snarks_ec_g2_prj, bn254snarks_ec_g2_aff, bn254snarks_fp2)
+
+# Write header
+when isMainModule and defined(CTT_GENERATE_HEADERS):
+  import std/[os, strformat]
+
+  proc main() =
+    # echo "Running bindings generation for " & getAppFilename().extractFilename()
+
+    var dir = "."
+    if paramCount() == 1:
+      dir = paramStr(1)
+    elif paramCount() > 1:
+      let exeName = getAppFilename().extractFilename()
+      echo &"Usage: {exeName} <optional directory to save header to>"
+      echo "Found more than one parameter"
+      quit 1
+
+    var header: string
+    header = genBuiltinsTypes()
+    header &= '\n'
+    header &= genCttBaseTypedef()
+    header &= '\n'
+    header &= genWordsRequired()
+    header &= '\n'
+    header &= genField("bn254snarks_fr", BN254_Snarks.getCurveOrderBitWidth())
+    header &= '\n'
+    header &= genField("bn254snarks_fp", BN254_Snarks.getCurveBitWidth())
+    header &= '\n'
+    header &= genExtField("bn254snarks_fp2", 2, "bn254snarks_fp")
+    header &= '\n'
+    header &= genEllipticCurvePoint("bn254snarks_ec_g1_aff", "x, y", "bn254snarks_fp")
+    header &= '\n'
+    header &= genEllipticCurvePoint("bn254snarks_ec_g1_jac", "x, y, z", "bn254snarks_fp")
+    header &= '\n'
+    header &= genEllipticCurvePoint("bn254snarks_ec_g1_prj", "x, y, z", "bn254snarks_fp")
+    header &= '\n'
+    header &= genEllipticCurvePoint("bn254snarks_ec_g2_aff", "x, y", "bn254snarks_fp2")
+    header &= '\n'
+    header &= genEllipticCurvePoint("bn254snarks_ec_g2_jac", "x, y, z", "bn254snarks_fp2")
+    header &= '\n'
+    header &= genEllipticCurvePoint("bn254snarks_ec_g2_prj", "x, y, z", "bn254snarks_fp2")
+    header &= '\n'
+    header &= declNimMain("bn254snarks")
+    header &= '\n'
+    header &= cBindings
+    header &= '\n'
+
+    header = genCpp(header)
+    header = genHeader("BN@%$SNARKS", header)
+    header = genHeaderLicense() & header
+
+    writeFile(dir/"constantine_bn254_snarks.h", header)
+
+  main()
\ No newline at end of file
diff --git a/constantine.nimble b/constantine.nimble
index c76e5cfc5..1fbd28372 100644
--- a/constantine.nimble
+++ b/constantine.nimble
@@ -219,6 +219,10 @@ task bindings, "Generate Constantine bindings":
   genDynamicBindings(kCurve, "constantine_pasta", "ctt_pasta_init_")
   genHeaders("constantine_pasta")
   echo ""
+  genStaticBindings(kCurve, "constantine_bn254_snarks", "ctt_bn254snarks_init_")
+  genDynamicBindings(kCurve, "constantine_bn254_snarks", "ctt_bn254snarks_init_")
+  genHeaders("constantine_bn254_snarks")
+  echo ""
 
   # Protocols
   genStaticBindings(kProtocol, "ethereum_bls_signatures", "ctt_eth_bls_init_")
diff --git a/include/constantine_bn254_snarks.h b/include/constantine_bn254_snarks.h
new file mode 100644
index 000000000..94f35b264
--- /dev/null
+++ b/include/constantine_bn254_snarks.h
@@ -0,0 +1,235 @@
+/** Constantine
+ *  Copyright (c) 2018-2019    Status Research & Development GmbH
+ *  Copyright (c) 2020-Present Mamy André-Ratsimbazafy
+ *  Licensed and distributed under either of
+ *    * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
+ *    * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
+ *  at your option. This file may not be copied, modified, or distributed except according to those terms.
+ */
+#ifndef __CTT_H_BN@%$SNARKS__
+#define __CTT_H_BN@%$SNARKS__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(__SIZE_TYPE__) && defined(__PTRDIFF_TYPE__)
+typedef __SIZE_TYPE__    size_t;
+typedef __PTRDIFF_TYPE__ ptrdiff_t;
+#else
+#include <stddef.h>
+#endif
+
+#if defined(__UINT8_TYPE__) && defined(__UINT32_TYPE__) && defined(__UINT64_TYPE__)
+typedef __UINT8_TYPE__   uint8_t;
+typedef __UINT32_TYPE__  uint32_t;
+typedef __UINT64_TYPE__  uint64_t;
+#else
+#include <stdint.h>
+#endif
+
+typedef size_t           secret_word;
+typedef size_t           secret_bool;
+typedef uint8_t          byte;
+
+#define WordBitWidth         (sizeof(secret_word)*8)
+#define words_required(bits) ((bits+WordBitWidth-1)/WordBitWidth)
+
+typedef struct { secret_word limbs[words_required(254)]; } bn254snarks_fr;
+typedef struct { secret_word limbs[words_required(254)]; } bn254snarks_fp;
+typedef struct { bn254snarks_fp c[2]; } bn254snarks_fp2;
+typedef struct { bn254snarks_fp x, y; } bn254snarks_ec_g1_aff;
+typedef struct { bn254snarks_fp x, y, z; } bn254snarks_ec_g1_jac;
+typedef struct { bn254snarks_fp x, y, z; } bn254snarks_ec_g1_prj;
+typedef struct { bn254snarks_fp2 x, y; } bn254snarks_ec_g2_aff;
+typedef struct { bn254snarks_fp2 x, y, z; } bn254snarks_ec_g2_jac;
+typedef struct { bn254snarks_fp2 x, y, z; } bn254snarks_ec_g2_prj;
+
+/*
+ * Initializes the library:
+ * - detect CPU features like ADX instructions support (MULX, ADCX, ADOX)
+ */
+void ctt_bn254snarks_init_NimMain(void);
+
+void        ctt_bn254snarks_fr_unmarshalBE(bn254snarks_fr* dst, const byte src[], ptrdiff_t src_len);
+void        ctt_bn254snarks_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const bn254snarks_fr* src);
+secret_bool ctt_bn254snarks_fr_is_eq(const bn254snarks_fr* a, const bn254snarks_fr* b);
+secret_bool ctt_bn254snarks_fr_is_zero(const bn254snarks_fr* a);
+secret_bool ctt_bn254snarks_fr_is_one(const bn254snarks_fr* a);
+secret_bool ctt_bn254snarks_fr_is_minus_one(const bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_set_zero(bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_set_one(bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_set_minus_one(bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_neg(bn254snarks_fr* r, const bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_neg_in_place(bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_sum(bn254snarks_fr* r, const bn254snarks_fr* a, const bn254snarks_fr* b);
+void        ctt_bn254snarks_fr_add_in_place(bn254snarks_fr* a, const bn254snarks_fr* b);
+void        ctt_bn254snarks_fr_diff(bn254snarks_fr* r, const bn254snarks_fr* a, const bn254snarks_fr* b);
+void        ctt_bn254snarks_fr_sub_in_place(bn254snarks_fr* a, const bn254snarks_fr* b);
+void        ctt_bn254snarks_fr_double(bn254snarks_fr* r, const bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_double_in_place(bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_prod(bn254snarks_fr* r, const bn254snarks_fr* a, const bn254snarks_fr* b);
+void        ctt_bn254snarks_fr_mul_in_place(bn254snarks_fr* a, const bn254snarks_fr* b);
+void        ctt_bn254snarks_fr_square(bn254snarks_fr* r, const bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_square_in_place(bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_div2(bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_inv(bn254snarks_fr* r, const bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_inv_in_place(bn254snarks_fr* a);
+void        ctt_bn254snarks_fr_ccopy(bn254snarks_fr* a, const bn254snarks_fr* b, const secret_bool ctl);
+void        ctt_bn254snarks_fr_cswap(bn254snarks_fr* a, bn254snarks_fr* b, const secret_bool ctl);
+void        ctt_bn254snarks_fr_cset_zero(bn254snarks_fr* a, const secret_bool ctl);
+void        ctt_bn254snarks_fr_cset_one(bn254snarks_fr* a, const secret_bool ctl);
+void        ctt_bn254snarks_fr_cneg_in_place(bn254snarks_fr* a, const secret_bool ctl);
+void        ctt_bn254snarks_fr_cadd_in_place(bn254snarks_fr* a, const bn254snarks_fr* b, const secret_bool ctl);
+void        ctt_bn254snarks_fr_csub_in_place(bn254snarks_fr* a, const bn254snarks_fr* b, const secret_bool ctl);
+void        ctt_bn254snarks_fp_unmarshalBE(bn254snarks_fp* dst, const byte src[], ptrdiff_t src_len);
+void        ctt_bn254snarks_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const bn254snarks_fp* src);
+secret_bool ctt_bn254snarks_fp_is_eq(const bn254snarks_fp* a, const bn254snarks_fp* b);
+secret_bool ctt_bn254snarks_fp_is_zero(const bn254snarks_fp* a);
+secret_bool ctt_bn254snarks_fp_is_one(const bn254snarks_fp* a);
+secret_bool ctt_bn254snarks_fp_is_minus_one(const bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_set_zero(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_set_one(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_set_minus_one(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_neg(bn254snarks_fp* r, const bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_neg_in_place(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_sum(bn254snarks_fp* r, const bn254snarks_fp* a, const bn254snarks_fp* b);
+void        ctt_bn254snarks_fp_add_in_place(bn254snarks_fp* a, const bn254snarks_fp* b);
+void        ctt_bn254snarks_fp_diff(bn254snarks_fp* r, const bn254snarks_fp* a, const bn254snarks_fp* b);
+void        ctt_bn254snarks_fp_sub_in_place(bn254snarks_fp* a, const bn254snarks_fp* b);
+void        ctt_bn254snarks_fp_double(bn254snarks_fp* r, const bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_double_in_place(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_prod(bn254snarks_fp* r, const bn254snarks_fp* a, const bn254snarks_fp* b);
+void        ctt_bn254snarks_fp_mul_in_place(bn254snarks_fp* a, const bn254snarks_fp* b);
+void        ctt_bn254snarks_fp_square(bn254snarks_fp* r, const bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_square_in_place(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_div2(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_inv(bn254snarks_fp* r, const bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_inv_in_place(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_ccopy(bn254snarks_fp* a, const bn254snarks_fp* b, const secret_bool ctl);
+void        ctt_bn254snarks_fp_cswap(bn254snarks_fp* a, bn254snarks_fp* b, const secret_bool ctl);
+void        ctt_bn254snarks_fp_cset_zero(bn254snarks_fp* a, const secret_bool ctl);
+void        ctt_bn254snarks_fp_cset_one(bn254snarks_fp* a, const secret_bool ctl);
+void        ctt_bn254snarks_fp_cneg_in_place(bn254snarks_fp* a, const secret_bool ctl);
+void        ctt_bn254snarks_fp_cadd_in_place(bn254snarks_fp* a, const bn254snarks_fp* b, const secret_bool ctl);
+void        ctt_bn254snarks_fp_csub_in_place(bn254snarks_fp* a, const bn254snarks_fp* b, const secret_bool ctl);
+secret_bool ctt_bn254snarks_fp_is_square(const bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_invsqrt(bn254snarks_fp* r, const bn254snarks_fp* a);
+secret_bool ctt_bn254snarks_fp_invsqrt_in_place(bn254snarks_fp* r, const bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_sqrt_in_place(bn254snarks_fp* a);
+secret_bool ctt_bn254snarks_fp_sqrt_if_square_in_place(bn254snarks_fp* a);
+void        ctt_bn254snarks_fp_sqrt_invsqrt(bn254snarks_fp* sqrt, bn254snarks_fp* invsqrt, const bn254snarks_fp* a);
+secret_bool ctt_bn254snarks_fp_sqrt_invsqrt_if_square(bn254snarks_fp* sqrt, bn254snarks_fp* invsqrt, const bn254snarks_fp* a);
+secret_bool ctt_bn254snarks_fp_sqrt_ratio_if_square(bn254snarks_fp* r, const bn254snarks_fp* u, const bn254snarks_fp* v);
+secret_bool ctt_bn254snarks_fp2_is_eq(const bn254snarks_fp2* a, const bn254snarks_fp2* b);
+secret_bool ctt_bn254snarks_fp2_is_zero(const bn254snarks_fp2* a);
+secret_bool ctt_bn254snarks_fp2_is_one(const bn254snarks_fp2* a);
+secret_bool ctt_bn254snarks_fp2_is_minus_one(const bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_set_zero(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_set_one(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_set_minus_one(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_neg(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_sum(bn254snarks_fp2* r, const bn254snarks_fp2* a, const bn254snarks_fp2* b);
+void        ctt_bn254snarks_fp2_add_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b);
+void        ctt_bn254snarks_fp2_diff(bn254snarks_fp2* r, const bn254snarks_fp2* a, const bn254snarks_fp2* b);
+void        ctt_bn254snarks_fp2_sub_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b);
+void        ctt_bn254snarks_fp2_double(bn254snarks_fp2* r, const bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_double_in_place(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_conj(bn254snarks_fp2* r, const bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_conj_in_place(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_conjneg(bn254snarks_fp2* r, const bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_conjneg_in_place(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_prod(bn254snarks_fp2* r, const bn254snarks_fp2* a, const bn254snarks_fp2* b);
+void        ctt_bn254snarks_fp2_mul_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b);
+void        ctt_bn254snarks_fp2_square(bn254snarks_fp2* r, const bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_square_in_place(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_div2(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_inv(bn254snarks_fp2* r, const bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_inv_in_place(bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_ccopy(bn254snarks_fp2* a, const bn254snarks_fp2* b, const secret_bool ctl);
+void        ctt_bn254snarks_fp2_cset_zero(bn254snarks_fp2* a, const secret_bool ctl);
+void        ctt_bn254snarks_fp2_cset_one(bn254snarks_fp2* a, const secret_bool ctl);
+void        ctt_bn254snarks_fp2_cneg_in_place(bn254snarks_fp2* a, const secret_bool ctl);
+void        ctt_bn254snarks_fp2_cadd_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b, const secret_bool ctl);
+void        ctt_bn254snarks_fp2_csub_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b, const secret_bool ctl);
+secret_bool ctt_bn254snarks_fp2_is_square(const bn254snarks_fp2* a);
+void        ctt_bn254snarks_fp2_sqrt_in_place(bn254snarks_fp2* a);
+secret_bool ctt_bn254snarks_fp2_sqrt_if_square_in_place(bn254snarks_fp2* a);
+secret_bool ctt_bn254snarks_ec_g1_aff_is_eq(const bn254snarks_ec_g1_aff* P, const bn254snarks_ec_g1_aff* Q);
+secret_bool ctt_bn254snarks_ec_g1_aff_is_inf(const bn254snarks_ec_g1_aff* P);
+void        ctt_bn254snarks_ec_g1_aff_set_inf(bn254snarks_ec_g1_aff* P);
+void        ctt_bn254snarks_ec_g1_aff_ccopy(bn254snarks_ec_g1_aff* P, const bn254snarks_ec_g1_aff* Q, const secret_bool ctl);
+secret_bool ctt_bn254snarks_ec_g1_aff_is_on_curve(const bn254snarks_fp* x, const bn254snarks_fp* y);
+void        ctt_bn254snarks_ec_g1_aff_neg(bn254snarks_ec_g1_aff* P, const bn254snarks_ec_g1_aff* Q);
+void        ctt_bn254snarks_ec_g1_aff_neg_in_place(bn254snarks_ec_g1_aff* P);
+secret_bool ctt_bn254snarks_ec_g1_jac_is_eq(const bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q);
+secret_bool ctt_bn254snarks_ec_g1_jac_is_inf(const bn254snarks_ec_g1_jac* P);
+void        ctt_bn254snarks_ec_g1_jac_set_inf(bn254snarks_ec_g1_jac* P);
+void        ctt_bn254snarks_ec_g1_jac_ccopy(bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q, const secret_bool ctl);
+void        ctt_bn254snarks_ec_g1_jac_neg(bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q);
+void        ctt_bn254snarks_ec_g1_jac_neg_in_place(bn254snarks_ec_g1_jac* P);
+void        ctt_bn254snarks_ec_g1_jac_cneg_in_place(bn254snarks_ec_g1_jac* P, const secret_bool ctl);
+void        ctt_bn254snarks_ec_g1_jac_sum(bn254snarks_ec_g1_jac* r, const bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q);
+void        ctt_bn254snarks_ec_g1_jac_add_in_place(bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q);
+void        ctt_bn254snarks_ec_g1_jac_diff(bn254snarks_ec_g1_jac* r, const bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q);
+void        ctt_bn254snarks_ec_g1_jac_double(bn254snarks_ec_g1_jac* r, const bn254snarks_ec_g1_jac* P);
+void        ctt_bn254snarks_ec_g1_jac_double_in_place(bn254snarks_ec_g1_jac* P);
+void        ctt_bn254snarks_ec_g1_jac_affine(bn254snarks_ec_g1_aff* dst, const bn254snarks_ec_g1_jac* src);
+void        ctt_bn254snarks_ec_g1_jac_from_affine(bn254snarks_ec_g1_jac* dst, const bn254snarks_ec_g1_aff* src);
+secret_bool ctt_bn254snarks_ec_g1_prj_is_eq(const bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q);
+secret_bool ctt_bn254snarks_ec_g1_prj_is_inf(const bn254snarks_ec_g1_prj* P);
+void        ctt_bn254snarks_ec_g1_prj_set_inf(bn254snarks_ec_g1_prj* P);
+void        ctt_bn254snarks_ec_g1_prj_ccopy(bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q, const secret_bool ctl);
+void        ctt_bn254snarks_ec_g1_prj_neg(bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q);
+void        ctt_bn254snarks_ec_g1_prj_neg_in_place(bn254snarks_ec_g1_prj* P);
+void        ctt_bn254snarks_ec_g1_prj_cneg_in_place(bn254snarks_ec_g1_prj* P, const secret_bool ctl);
+void        ctt_bn254snarks_ec_g1_prj_sum(bn254snarks_ec_g1_prj* r, const bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q);
+void        ctt_bn254snarks_ec_g1_prj_add_in_place(bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q);
+void        ctt_bn254snarks_ec_g1_prj_diff(bn254snarks_ec_g1_prj* r, const bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q);
+void        ctt_bn254snarks_ec_g1_prj_double(bn254snarks_ec_g1_prj* r, const bn254snarks_ec_g1_prj* P);
+void        ctt_bn254snarks_ec_g1_prj_double_in_place(bn254snarks_ec_g1_prj* P);
+void        ctt_bn254snarks_ec_g1_prj_affine(bn254snarks_ec_g1_aff* dst, const bn254snarks_ec_g1_prj* src);
+void        ctt_bn254snarks_ec_g1_prj_from_affine(bn254snarks_ec_g1_prj* dst, const bn254snarks_ec_g1_aff* src);
+secret_bool ctt_bn254snarks_ec_g2_aff_is_eq(const bn254snarks_ec_g2_aff* P, const bn254snarks_ec_g2_aff* Q);
+secret_bool ctt_bn254snarks_ec_g2_aff_is_inf(const bn254snarks_ec_g2_aff* P);
+void        ctt_bn254snarks_ec_g2_aff_set_inf(bn254snarks_ec_g2_aff* P);
+void        ctt_bn254snarks_ec_g2_aff_ccopy(bn254snarks_ec_g2_aff* P, const bn254snarks_ec_g2_aff* Q, const secret_bool ctl);
+secret_bool ctt_bn254snarks_ec_g2_aff_is_on_curve(const bn254snarks_fp2* x, const bn254snarks_fp2* y);
+void        ctt_bn254snarks_ec_g2_aff_neg(bn254snarks_ec_g2_aff* P, const bn254snarks_ec_g2_aff* Q);
+void        ctt_bn254snarks_ec_g2_aff_neg_in_place(bn254snarks_ec_g2_aff* P);
+secret_bool ctt_bn254snarks_ec_g2_jac_is_eq(const bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q);
+secret_bool ctt_bn254snarks_ec_g2_jac_is_inf(const bn254snarks_ec_g2_jac* P);
+void        ctt_bn254snarks_ec_g2_jac_set_inf(bn254snarks_ec_g2_jac* P);
+void        ctt_bn254snarks_ec_g2_jac_ccopy(bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q, const secret_bool ctl);
+void        ctt_bn254snarks_ec_g2_jac_neg(bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q);
+void        ctt_bn254snarks_ec_g2_jac_neg_in_place(bn254snarks_ec_g2_jac* P);
+void        ctt_bn254snarks_ec_g2_jac_cneg_in_place(bn254snarks_ec_g2_jac* P, const secret_bool ctl);
+void        ctt_bn254snarks_ec_g2_jac_sum(bn254snarks_ec_g2_jac* r, const bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q);
+void        ctt_bn254snarks_ec_g2_jac_add_in_place(bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q);
+void        ctt_bn254snarks_ec_g2_jac_diff(bn254snarks_ec_g2_jac* r, const bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q);
+void        ctt_bn254snarks_ec_g2_jac_double(bn254snarks_ec_g2_jac* r, const bn254snarks_ec_g2_jac* P);
+void        ctt_bn254snarks_ec_g2_jac_double_in_place(bn254snarks_ec_g2_jac* P);
+void        ctt_bn254snarks_ec_g2_jac_affine(bn254snarks_ec_g2_aff* dst, const bn254snarks_ec_g2_jac* src);
+void        ctt_bn254snarks_ec_g2_jac_from_affine(bn254snarks_ec_g2_jac* dst, const bn254snarks_ec_g2_aff* src);
+secret_bool ctt_bn254snarks_ec_g2_prj_is_eq(const bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q);
+secret_bool ctt_bn254snarks_ec_g2_prj_is_inf(const bn254snarks_ec_g2_prj* P);
+void        ctt_bn254snarks_ec_g2_prj_set_inf(bn254snarks_ec_g2_prj* P);
+void        ctt_bn254snarks_ec_g2_prj_ccopy(bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q, const secret_bool ctl);
+void        ctt_bn254snarks_ec_g2_prj_neg(bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q);
+void        ctt_bn254snarks_ec_g2_prj_neg_in_place(bn254snarks_ec_g2_prj* P);
+void        ctt_bn254snarks_ec_g2_prj_cneg_in_place(bn254snarks_ec_g2_prj* P, const secret_bool ctl);
+void        ctt_bn254snarks_ec_g2_prj_sum(bn254snarks_ec_g2_prj* r, const bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q);
+void        ctt_bn254snarks_ec_g2_prj_add_in_place(bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q);
+void        ctt_bn254snarks_ec_g2_prj_diff(bn254snarks_ec_g2_prj* r, const bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q);
+void        ctt_bn254snarks_ec_g2_prj_double(bn254snarks_ec_g2_prj* r, const bn254snarks_ec_g2_prj* P);
+void        ctt_bn254snarks_ec_g2_prj_double_in_place(bn254snarks_ec_g2_prj* P);
+void        ctt_bn254snarks_ec_g2_prj_affine(bn254snarks_ec_g2_aff* dst, const bn254snarks_ec_g2_prj* src);
+void        ctt_bn254snarks_ec_g2_prj_from_affine(bn254snarks_ec_g2_prj* dst, const bn254snarks_ec_g2_aff* src);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif