Skip to content

Commit

Permalink
tiny clean-up
Browse files Browse the repository at this point in the history
  • Loading branch information
@jtcoolen
jtcoolen committed Dec 5, 2023
1 parent b9189b8 commit 44f2845
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 78 deletions.
97 changes: 25 additions & 72 deletions examples/kzg.ml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,50 +18,6 @@ module type Polynomial_commitment = sig
common_input -> commitment -> scalar -> evaluation -> proof -> bool
end

let images_from_abscissa (ell : 'a Elliptic_curve.t) (x : 'a) =
let open Elliptic_curve in
let a1 = get_a1 ell in
let a2 = get_a2 ell in
let a3 = get_a3 ell in
let a4 = get_a4 ell in
let a6 = get_a6 ell in
let open Finite_field in
let open Finite_field.Infix in
(*Y^2 + a_1 XY + a_3 Y = X^3 + a_2 X^2 + a_4 X + a_6*)
Polynomial.roots_ff
(Polynomial.create
[|
inj_ring @@ one x;
inj_ring ((a1 * x) + a3);
inj_ring
Infix.(
~-((x ^ Integer.of_int 3)
+ (a2 * (x ^ Integer.of_int 2))
+ (a4 * x) + a6));
|])

(* l must be prime different from the characteristic of the field over which the curve is defined.
Inefficient way to find the elements of an l-torsion subgroup: find the abscissa of such
a elements by looking at the roots of the l-division polynomial. *)
let _l_torsion_subgroup ell ~l =
let l_div = Elliptic_curve.l_division_polynomial ell ~l in
let l_div_roots = Polynomial.roots_ff l_div in
let len = Vector.length l_div_roots in
let c = ref 0 in
let sg = Array.make (2 * len) (Elliptic_curve.zero ell) in
for i = 1 to len do
let x = Vector.(l_div_roots.%[i]) in
let ys = images_from_abscissa ell x in
for j = 1 to Vector.length ys do
let y = Vector.(ys.%[j]) in
let p = Elliptic_curve.of_coordinates ~x ~y in
sg.(!c) <- p;
c := !c + 1
done
done;
Array.init !c (fun i -> sg.(i))

type kzg_common_input = {
srs_g1 : (Finite_field.t Elliptic_curve.elt, [ `ROW ]) Vector.t;
srs_g2 : (Finite_field.t Elliptic_curve.elt, [ `ROW ]) Vector.t;
Expand All @@ -82,9 +38,9 @@ module ToyCurve = struct
(`Quotient
(Polynomial.create
[|
Finite_field.(inj_ring @@ one fp);
Finite_field.(inj_ring @@ zero fp);
Finite_field.(inj_ring @@ one fp);
Finite_field.(inj_ring (one fp));
Finite_field.(inj_ring (zero fp));
Finite_field.(inj_ring (one fp));
|]))

let g1_x =
Expand All @@ -107,10 +63,11 @@ module ToyCurve = struct
let g2 = Elliptic_curve.of_coordinates ~x:g2_x ~y:g2_y

let curve =
Elliptic_curve.create
~a6:(Finite_field.finite_field_element [| Integer.of_int 1 |] quad_ext_p)
~dom:quad_ext_p ()
|> Option.get
Option.get
(Elliptic_curve.create
~a6:
(Finite_field.finite_field_element [| Integer.of_int 1 |] quad_ext_p)
~dom:quad_ext_p ())
end

module KZG :
Expand All @@ -129,12 +86,12 @@ module KZG :

let commit c p =
assert (Polynomial.degree p < Vector.length c.srs_g1);
Polynomial.fold_left2_vec
~f:(fun x p cm ->
let n = Polynomial.(Finite_field.(residue_class (inj_field x)).%[0]) in
Elliptic_curve.(add c.curve cm (mul c.curve ~n ~p)))
~acc:(Elliptic_curve.zero c.curve)
p c.srs_g1
let f x p cm =
let n = Polynomial.(Finite_field.(residue_class (inj_field x)).%[0]) in
Elliptic_curve.(add c.curve cm (mul c.curve ~n ~p))
in
let acc = Elliptic_curve.zero c.curve in
Polynomial.fold_left2_vec ~f ~acc p c.srs_g1

let prove c p x =
let y = Polynomial.(create [| eval p (Finite_field.inj_ring x) |]) in
Expand All @@ -143,35 +100,35 @@ module KZG :
Polynomial.create
[|
Finite_field.(inj_ring (one c.finite_field_generator));
Finite_field.(inj_ring (Infix.( ~- ) x));
Finite_field.(inj_ring (neg x));
|]
in
let q = Polynomial.div n d in
commit c q

let verify c cm x y pi =
let d =
let denominator =
Elliptic_curve.(
sub c.curve
Vector.(c.srs_g2.%[2])
(mul c.curve
~n:Polynomial.((Finite_field.residue_class x).%[0])
~p:c.g2))
in
let n =
let numerator =
Elliptic_curve.(
sub c.curve cm
(mul c.curve
~n:Polynomial.((Finite_field.residue_class y).%[0])
~p:c.g1))
in
let lhs =
Elliptic_curve.weil_pairing_ff c.curve ~l:c.curve_subgroup_order ~p:pi
~q:d
Elliptic_curve.weil_pairing_ff c.curve ~l:c.curve_subgroup_order pi
denominator
in
let rhs =
Elliptic_curve.weil_pairing_ff c.curve ~l:c.curve_subgroup_order ~p:n
~q:c.g2
Elliptic_curve.weil_pairing_ff c.curve ~l:c.curve_subgroup_order numerator
c.g2
in
Finite_field.equal lhs rhs
end
Expand All @@ -186,10 +143,6 @@ let c =
Finite_field.(residue_class (pow secret (Integer.of_int i))).%[0])
~p
in
(*let sg = l_torsion_subgroup ToyCurve.curve ~l:(Signed.Long.of_int 641) in
Printf.eprintf "\nsubgroup\n";
Array.iter (fun e -> Printf.eprintf "\n%s\n" @@ gentostr e) sg;
Printf.eprintf "\nend subgroup\n";*)
let srs_g1 = Vector.init 100 ~f:(coeff ToyCurve.g1) in
let srs_g2 = Vector.init 100 ~f:(coeff ToyCurve.g2) in
{
Expand Down Expand Up @@ -243,12 +196,12 @@ let r =

let lhs =
Finite_field.mul
(Elliptic_curve.weil_pairing_ff c.curve ~l:ToyCurve.r ~p:c.g1 ~q:r)
(Elliptic_curve.weil_pairing_ff c.curve ~l:ToyCurve.r ~p:c.g2 ~q:r)
(Elliptic_curve.weil_pairing_ff c.curve ~l:ToyCurve.r c.g1 r)
(Elliptic_curve.weil_pairing_ff c.curve ~l:ToyCurve.r c.g2 r)

let rhs =
Elliptic_curve.weil_pairing_ff c.curve ~l:ToyCurve.r
~p:(Elliptic_curve.add c.curve c.g1 c.g2)
~q:r
(Elliptic_curve.add c.curve c.g1 c.g2)
r

let () = assert (Finite_field.(equal lhs rhs))
2 changes: 1 addition & 1 deletion examples/pohlig_helman.ml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ let rho_pollard_with_retries ~one ~mul ~pow ~class_x ~group_order ~base h =
let rec loop () =
match f ~start:(start group_order) () with
| Some res -> Some res
| None -> loop()
| None -> loop ()
in
match f () with Some res -> Some res | None -> loop ()

Expand Down
4 changes: 3 additions & 1 deletion src/pari.ml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,8 @@ module Finite_field = struct

let equal a b = ff_equal a b = 1
let add = ff_add
let sub = ff_sub
let neg = ff_neg
let mul = ff_mul
let pow x n = ff_pow x n
let random = genrand
Expand Down Expand Up @@ -478,7 +480,7 @@ module Elliptic_curve = struct
let random = ellrandom
let l_division_polynomial ell ~l = elldivpol ell l Signed.Long.zero
let to_string ell = gentostr ell
let weil_pairing_ff ell ~l ~p ~q = ellweilpairing ell p q l
let weil_pairing_ff ell ~l p q = ellweilpairing ell p q l
let add = elladd
let sub = ellsub
let mul ell ~n ~p = ellmul ell p n
Expand Down
10 changes: 6 additions & 4 deletions src/pari.mli
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,6 +380,8 @@ and Finite_field : sig
val residue_class : t -> (finite_field, ring) typ Polynomial.t
val equal : t -> t -> bool
val add : t -> t -> t
val sub : t -> t -> t
val neg : t -> t
val mul : t -> t -> t
val pow : t -> Integer.t -> t
val random : t -> t
Expand Down Expand Up @@ -563,10 +565,10 @@ module Elliptic_curve : sig
val weil_pairing_ff :
Finite_field.t t ->
l:Integer.t ->
p:Finite_field.t elt ->
q:Finite_field.t elt ->
Finite_field.t elt ->
Finite_field.t elt ->
Finite_field.t
(** [weil_pairing_ff ell ~l ~p ~q] returns the Weil pairing of the two points
(** [weil_pairing_ff ell ~l p q] returns the Weil pairing of the two points
of [l]-torsion [p] and [q] on the elliptic curve [ell].

{@ocaml[
Expand All @@ -579,7 +581,7 @@ module Elliptic_curve : sig
# let (p, q) = Elliptic_curve.(of_coordinates ~x:(Finite_field.prime_field_element (Integer.of_int 0) ~p:ord) ~y:(Finite_field.prime_field_element (Integer.of_int 0) ~p:ord), of_coordinates ~x:(Finite_field.prime_field_element (Integer.of_int 57) ~p:ord) ~y:(Finite_field.prime_field_element (Integer.of_int 46) ~p:ord));;
val p : Finite_field.t Elliptic_curve.elt = <abstr>
val q : Finite_field.t Elliptic_curve.elt = <abstr>
# let scalar = (Elliptic_curve.weil_pairing_ff ell ~l ~p ~q);;
# let scalar = (Elliptic_curve.weil_pairing_ff ell ~l p q);;
val scalar : Finite_field.t = <abstr>
# Finite_field.to_string scalar (* 56 mod 103 *);;
- : string = "56"
Expand Down

0 comments on commit 44f2845

Please sign in to comment.