tiny clean-up

examples/kzg.ml

@@ -18,50 +18,6 @@ module type Polynomial_commitment = sig
     common_input -> commitment -> scalar -> evaluation -> proof -> bool
 end
 
-let images_from_abscissa (ell : 'a Elliptic_curve.t) (x : 'a) =
-  let open Elliptic_curve in
-  let a1 = get_a1 ell in
-  let a2 = get_a2 ell in
-  let a3 = get_a3 ell in
-  let a4 = get_a4 ell in
-  let a6 = get_a6 ell in
-  let open Finite_field in
-  let open Finite_field.Infix in
-  (*Y^2 + a_1 XY + a_3 Y = X^3 + a_2 X^2 + a_4 X + a_6*)
-  Polynomial.roots_ff
-    (Polynomial.create
-       [|
-         inj_ring @@ one x;
-         inj_ring ((a1 * x) + a3);
-         inj_ring
-           Infix.(
-             ~-((x ^ Integer.of_int 3)
-               + (a2 * (x ^ Integer.of_int 2))
-               + (a4 * x) + a6));
-       |])
-
-(* l must be prime different from the characteristic of the field over which the curve is defined.
-
-   Inefficient way to find the elements of an l-torsion subgroup: find the abscissa of such
-   a elements by looking at the roots of the l-division polynomial. *)
-let _l_torsion_subgroup ell ~l =
-  let l_div = Elliptic_curve.l_division_polynomial ell ~l in
-  let l_div_roots = Polynomial.roots_ff l_div in
-  let len = Vector.length l_div_roots in
-  let c = ref 0 in
-  let sg = Array.make (2 * len) (Elliptic_curve.zero ell) in
-  for i = 1 to len do
-    let x = Vector.(l_div_roots.%[i]) in
-    let ys = images_from_abscissa ell x in
-    for j = 1 to Vector.length ys do
-      let y = Vector.(ys.%[j]) in
-      let p = Elliptic_curve.of_coordinates ~x ~y in
-      sg.(!c) <- p;
-      c := !c + 1
-    done
-  done;
-  Array.init !c (fun i -> sg.(i))
-
 type kzg_common_input = {
   srs_g1 : (Finite_field.t Elliptic_curve.elt, [ `ROW ]) Vector.t;
   srs_g2 : (Finite_field.t Elliptic_curve.elt, [ `ROW ]) Vector.t;
@@ -82,9 +38,9 @@ module ToyCurve = struct
       (`Quotient
         (Polynomial.create
            [|
-             Finite_field.(inj_ring @@ one fp);
-             Finite_field.(inj_ring @@ zero fp);
-             Finite_field.(inj_ring @@ one fp);
+             Finite_field.(inj_ring (one fp));
+             Finite_field.(inj_ring (zero fp));
+             Finite_field.(inj_ring (one fp));
            |]))
 
   let g1_x =
@@ -107,10 +63,11 @@ module ToyCurve = struct
   let g2 = Elliptic_curve.of_coordinates ~x:g2_x ~y:g2_y
 
   let curve =
-    Elliptic_curve.create
-      ~a6:(Finite_field.finite_field_element [| Integer.of_int 1 |] quad_ext_p)
-      ~dom:quad_ext_p ()
-    |> Option.get
+    Option.get
+      (Elliptic_curve.create
+         ~a6:
+           (Finite_field.finite_field_element [| Integer.of_int 1 |] quad_ext_p)
+         ~dom:quad_ext_p ())
 end
 
 module KZG :
@@ -129,12 +86,12 @@ module KZG :
 
   let commit c p =
     assert (Polynomial.degree p < Vector.length c.srs_g1);
-    Polynomial.fold_left2_vec
-      ~f:(fun x p cm ->
-        let n = Polynomial.(Finite_field.(residue_class (inj_field x)).%[0]) in
-        Elliptic_curve.(add c.curve cm (mul c.curve ~n ~p)))
-      ~acc:(Elliptic_curve.zero c.curve)
-      p c.srs_g1
+    let f x p cm =
+      let n = Polynomial.(Finite_field.(residue_class (inj_field x)).%[0]) in
+      Elliptic_curve.(add c.curve cm (mul c.curve ~n ~p))
+    in
+    let acc = Elliptic_curve.zero c.curve in
+    Polynomial.fold_left2_vec ~f ~acc p c.srs_g1
 
   let prove c p x =
     let y = Polynomial.(create [| eval p (Finite_field.inj_ring x) |]) in
@@ -143,35 +100,35 @@ module KZG :
       Polynomial.create
         [|
           Finite_field.(inj_ring (one c.finite_field_generator));
-          Finite_field.(inj_ring (Infix.( ~- ) x));
+          Finite_field.(inj_ring (neg x));
         |]
     in
     let q = Polynomial.div n d in
     commit c q
 
   let verify c cm x y pi =
-    let d =
+    let denominator =
       Elliptic_curve.(
         sub c.curve
           Vector.(c.srs_g2.%[2])
           (mul c.curve
              ~n:Polynomial.((Finite_field.residue_class x).%[0])
              ~p:c.g2))
     in
-    let n =
+    let numerator =
       Elliptic_curve.(
         sub c.curve cm
           (mul c.curve
              ~n:Polynomial.((Finite_field.residue_class y).%[0])
              ~p:c.g1))
     in
     let lhs =
-      Elliptic_curve.weil_pairing_ff c.curve ~l:c.curve_subgroup_order ~p:pi
-        ~q:d
+      Elliptic_curve.weil_pairing c.curve ~l:c.curve_subgroup_order pi
+        denominator
     in
     let rhs =
-      Elliptic_curve.weil_pairing_ff c.curve ~l:c.curve_subgroup_order ~p:n
-        ~q:c.g2
+      Elliptic_curve.weil_pairing c.curve ~l:c.curve_subgroup_order numerator
+        c.g2
     in
     Finite_field.equal lhs rhs
 end
@@ -186,10 +143,6 @@ let c =
           Finite_field.(residue_class (pow secret (Integer.of_int i))).%[0])
       ~p
   in
-  (*let sg = l_torsion_subgroup ToyCurve.curve ~l:(Signed.Long.of_int 641) in
-    Printf.eprintf "\nsubgroup\n";
-    Array.iter (fun e -> Printf.eprintf "\n%s\n" @@ gentostr e) sg;
-    Printf.eprintf "\nend subgroup\n";*)
   let srs_g1 = Vector.init 100 ~f:(coeff ToyCurve.g1) in
   let srs_g2 = Vector.init 100 ~f:(coeff ToyCurve.g2) in
   {
@@ -243,12 +196,12 @@ let r =
 
 let lhs =
   Finite_field.mul
-    (Elliptic_curve.weil_pairing_ff c.curve ~l:ToyCurve.r ~p:c.g1 ~q:r)
-    (Elliptic_curve.weil_pairing_ff c.curve ~l:ToyCurve.r ~p:c.g2 ~q:r)
+    (Elliptic_curve.weil_pairing c.curve ~l:ToyCurve.r c.g1 r)
+    (Elliptic_curve.weil_pairing c.curve ~l:ToyCurve.r c.g2 r)
 
 let rhs =
-  Elliptic_curve.weil_pairing_ff c.curve ~l:ToyCurve.r
-    ~p:(Elliptic_curve.add c.curve c.g1 c.g2)
-    ~q:r
+  Elliptic_curve.weil_pairing c.curve ~l:ToyCurve.r
+    (Elliptic_curve.add c.curve c.g1 c.g2)
+    r
 
 let () = assert (Finite_field.(equal lhs rhs))

examples/pohlig_helman.ml

@@ -120,7 +120,7 @@ let rho_pollard_with_retries ~one ~mul ~pow ~class_x ~group_order ~base h =
   let rec loop () =
     match f ~start:(start group_order) () with
     | Some res -> Some res
-    | None -> loop()
+    | None -> loop ()
   in
   match f () with Some res -> Some res | None -> loop ()
 

src/pari.ml

@@ -220,9 +220,6 @@ module Polynomial = struct
   let eval p x = poleval p x
   let degree t = degree t |> Signed.Long.to_int
 
-  let get_coeff t i =
-    gcopy @@ Ctypes.(!@(coerce gen (ptr gen) t +@ Int.add i 2))
-
   let create (p : 'a array) : 'a t =
     let len = Array.length p in
     let size = Signed.Long.of_int (Int.add len 2) in
@@ -403,6 +400,8 @@ module Finite_field = struct
 
   let equal a b = ff_equal a b = 1
   let add = ff_add
+  let sub = ff_sub
+  let neg = ff_neg
   let mul = ff_mul
   let pow x n = ff_pow x n
   let random = genrand
@@ -478,12 +477,12 @@ module Elliptic_curve = struct
   let random = ellrandom
   let l_division_polynomial ell ~l = elldivpol ell l Signed.Long.zero
   let to_string ell = gentostr ell
-  let weil_pairing_ff ell ~l ~p ~q = ellweilpairing ell p q l
+  let weil_pairing ell ~l p q = ellweilpairing ell p q l
   let add = elladd
   let sub = ellsub
   let mul ell ~n ~p = ellmul ell p n
   let equal a b = gequal a b = 1
-  let generators_ff ell = ff_ellgens ell
+  let generators ell = ellgenerators ell
   let zero _ = ellinf ()
 
   let get_coordinates p =

src/pari.mli

@@ -278,7 +278,6 @@ module rec Polynomial : sig
   val neg : 'a t -> 'a t
   val eval : 'a t -> 'a -> 'a
   val degree : 'a t -> int
-  val get_coeff : 'a t -> int -> 'a
 
   val create : 'a array -> 'a t
   (** [create a] returns {m a_{n-1} X^{n-1} + ... + a_0} for array [a] of length [n].
@@ -292,13 +291,13 @@ module rec Polynomial : sig
           Integer.of_int (-189804);
         |];;
       val q : Integer.t Polynomial.t = <abstr>
-      # (Polynomial.to_string q);;
+      # Polynomial.to_string q;;
       - : string = "x^3 - 111*x^2 + 6064*x - 189804"
       # let zero = Polynomial.create [| Integer.of_int 0 |];;
       val zero : Integer.t Polynomial.t = <abstr>
       # let qq = Polynomial.create [| q; q; zero; zero |];;
       val qq : Integer.t Polynomial.t Polynomial.t = <abstr>
-      # (Polynomial.to_string qq);;
+      # Polynomial.to_string qq;;
       - : string =
       "(x^3 - 111*x^2 + 6064*x - 189804)*y^3 + (x^3 - 111*x^2 + 6064*x - 189804)*y^2"
       ]}
@@ -380,6 +379,8 @@ and Finite_field : sig
   val residue_class : t -> (finite_field, ring) typ Polynomial.t
   val equal : t -> t -> bool
   val add : t -> t -> t
+  val sub : t -> t -> t
+  val neg : t -> t
   val mul : t -> t -> t
   val pow : t -> Integer.t -> t
   val random : t -> t
@@ -390,14 +391,6 @@ and Finite_field : sig
     (finite_field, field) typ ->
     [< `Degree of int | `Quotient of (finite_field, ring) typ Polynomial.t ] ->
     t
-  (** extend the field {m K} of definition of {m a} by a root of the polynomial
-     {m P\in K[X]} assumed to be irreducible over {m K}.  Return {m [r, m]} where {m r}
-     is a root of {m P} in the extension field {m L} and {m m} is a map from {m K} to {m L},
-     see [ffmap].
-     If {m v} is given, the variable name is used to display the generator of {m L},
-     else the name of the variable of {m P} is used.
-     A generator of {m L} can be recovered using [b=ffgen(r)].
-     The image of {m P} in {m L[X]} can be recovered using [PL=ffmap(m,P)]. *)
 
   val fpxq_star :
     p:pari_ulong -> quotient:Fp.t Polynomial.t -> finite_field group_structure
@@ -560,13 +553,8 @@ module Elliptic_curve : sig
   val j_invariant : 'a t -> 'a
   val random : 'a t -> 'a elt
 
-  val weil_pairing_ff :
-    Finite_field.t t ->
-    l:Integer.t ->
-    p:Finite_field.t elt ->
-    q:Finite_field.t elt ->
-    Finite_field.t
-  (** [weil_pairing_ff ell ~l ~p ~q] returns the Weil pairing of the two points
+  val weil_pairing : 'a t -> l:Integer.t -> 'a elt -> 'a elt -> 'a
+  (** [weil_pairing ell ~l p q] returns the Weil pairing of the two points
       of [l]-torsion [p] and [q] on the elliptic curve [ell].
 
       {@ocaml[
@@ -579,7 +567,7 @@ module Elliptic_curve : sig
       # let (p, q) = Elliptic_curve.(of_coordinates ~x:(Finite_field.prime_field_element (Integer.of_int 0) ~p:ord) ~y:(Finite_field.prime_field_element (Integer.of_int 0) ~p:ord), of_coordinates ~x:(Finite_field.prime_field_element (Integer.of_int 57) ~p:ord) ~y:(Finite_field.prime_field_element (Integer.of_int 46) ~p:ord));;
       val p : Finite_field.t Elliptic_curve.elt = <abstr>
       val q : Finite_field.t Elliptic_curve.elt = <abstr>
-      # let scalar = (Elliptic_curve.weil_pairing_ff ell ~l ~p ~q);;
+      # let scalar = Elliptic_curve.weil_pairing ell ~l p q;;
       val scalar : Finite_field.t = <abstr>
       # Finite_field.to_string scalar (* 56 mod 103 *);;
       - : string = "56"
@@ -609,7 +597,7 @@ module Elliptic_curve : sig
   val sub : 'a t -> 'a elt -> 'a elt -> 'a elt
   val mul : 'a t -> n:Integer.t -> p:'a elt -> 'a elt
   val equal : 'a elt -> 'a elt -> bool
-  val generators_ff : Finite_field.t t -> (Finite_field.t, [ `ROW ]) Vector.t
+  val generators : 'a t -> ('a elt, [ `ROW ]) Vector.t
   val zero : 'a t -> 'a elt
   val get_coordinates : 'a t -> [> `inf | `point of 'a * 'a ]
   val order_elt : 'a t -> 'a elt -> Integer.t