diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index c7e7b4c..9e36188 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -1,4 +1,6 @@ -#pragma once +#ifndef MCL_INCLUDE_MCL_BN_HPP +#define MCL_INCLUDE_MCL_BN_HPP +// use MCL_INCLUDE_MCL_BN_HPP instead of #pragma once to be able to include twice /** @file @brief optimal ate pairing over BN-curve / BLS12-curve @@ -9,6 +11,7 @@ #include #include #include +#include #include #ifndef CYBOZU_DONT_USE_EXCEPTION #include @@ -24,58 +27,12 @@ #ifndef MCL_MAX_FR_BIT_SIZE #define MCL_MAX_FR_BIT_SIZE MCL_MAX_FP_BIT_SIZE #endif +#ifndef MCL_NAMESPACE_BN + #define MCL_NAMESPACE_BN bn +#endif namespace mcl { -struct CurveParam { - /* - y^2 = x^3 + b - i^2 = -1 - xi = xi_a + i - v^3 = xi - w^2 = v - */ - const char *z; - int b; // y^2 = x^3 + b - int xi_a; // xi = xi_a + i - /* - BN254, BN381 : Dtype - BLS12-381 : Mtype - */ - bool isMtype; - int curveType; // same in curve_type.h - bool operator==(const CurveParam& rhs) const - { - return strcmp(z, rhs.z) == 0 && b == rhs.b && xi_a == rhs.xi_a && isMtype == rhs.isMtype; - } - bool operator!=(const CurveParam& rhs) const { return !operator==(rhs); } -}; - -const CurveParam BN254 = { "-0x4080000000000001", 2, 1, false, MCL_BN254 }; // -(2^62 + 2^55 + 1) -// provisional(experimental) param with maxBitSize = 384 -const CurveParam BN381_1 = { "-0x400011000000000000000001", 2, 1, false, MCL_BN381_1 }; // -(2^94 + 2^76 + 2^72 + 1) // A Family of Implementation-Friendly BN Elliptic Curves -const CurveParam BN381_2 = { "-0x400040090001000000000001", 2, 1, false, MCL_BN381_2 }; // -(2^94 + 2^78 + 2^67 + 2^64 + 2^48 + 1) // used in relic-toolkit -const CurveParam BN462 = { "0x4001fffffffffffffffffffffbfff", 5, 2, false, MCL_BN462 }; // 2^114 + 2^101 - 2^14 - 1 // https://eprint.iacr.org/2017/334 -const CurveParam BN_SNARK1 = { "4965661367192848881", 3, 9, false, MCL_BN_SNARK1 }; -const CurveParam BLS12_381 = { "-0xd201000000010000", 4, 1, true, MCL_BLS12_381 }; -const CurveParam BN160 = { "0x4000000031", 3, 4, false, MCL_BN160 }; - -inline const CurveParam& getCurveParam(int type) -{ - switch (type) { - case MCL_BN254: return mcl::BN254; - case MCL_BN381_1: return mcl::BN381_1; - case MCL_BN381_2: return mcl::BN381_2; - case MCL_BN462: return mcl::BN462; - case MCL_BN_SNARK1: return mcl::BN_SNARK1; - case MCL_BLS12_381: return mcl::BLS12_381; - case MCL_BN160: return mcl::BN160; - default: - assert(0); - return mcl::BN254; - } -} - -namespace bn { +namespace MCL_NAMESPACE_BN { namespace local { struct FpTag; @@ -314,7 +271,6 @@ public: } }; -#include struct MapTo { enum { @@ -332,7 +288,7 @@ struct MapTo { int type_; int mapToMode_; bool useOriginalG2cofactor_; - MapToG2_WB19 mapToG2_WB19_; + MapToG2_WB19 mapToG2_WB19_; MapTo() : type_(0) , mapToMode_(MCL_MAP_TO_MODE_ORIGINAL) @@ -2320,7 +2276,7 @@ inline const Fr& getG2cofactorAdjInv() inline bool ethMsgToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize) { if (!BN::param.isBLS12) return false; - BN::local::hashToFp2(out, msg, msgSize, ctr, dst, dstSize); + hashToFp2(out, msg, msgSize, ctr, dst, dstSize); return true; } @@ -2340,3 +2296,4 @@ inline bool ethMsgToG2(G2& out, const void *msg, size_t msgSize, const void *dst } } // mcl::bn +#endif diff --git a/include/mcl/curve_type.h b/include/mcl/curve_type.h index 1081559..01127cc 100644 --- a/include/mcl/curve_type.h +++ b/include/mcl/curve_type.h @@ -42,3 +42,62 @@ enum { MCL_MAP_TO_MODE_ETH2, // old eth2.0 spec MCL_MAP_TO_MODE_WB19 // used in new eth2.0 spec }; + +#ifdef __cplusplus + +#include +#include + +namespace mcl { + +struct CurveParam { + /* + y^2 = x^3 + b + i^2 = -1 + xi = xi_a + i + v^3 = xi + w^2 = v + */ + const char *z; + int b; // y^2 = x^3 + b + int xi_a; // xi = xi_a + i + /* + BN254, BN381 : Dtype + BLS12-381 : Mtype + */ + bool isMtype; + int curveType; // same in curve_type.h + bool operator==(const CurveParam& rhs) const + { + return strcmp(z, rhs.z) == 0 && b == rhs.b && xi_a == rhs.xi_a && isMtype == rhs.isMtype; + } + bool operator!=(const CurveParam& rhs) const { return !operator==(rhs); } +}; + +const CurveParam BN254 = { "-0x4080000000000001", 2, 1, false, MCL_BN254 }; // -(2^62 + 2^55 + 1) +// provisional(experimental) param with maxBitSize = 384 +const CurveParam BN381_1 = { "-0x400011000000000000000001", 2, 1, false, MCL_BN381_1 }; // -(2^94 + 2^76 + 2^72 + 1) // A Family of Implementation-Friendly BN Elliptic Curves +const CurveParam BN381_2 = { "-0x400040090001000000000001", 2, 1, false, MCL_BN381_2 }; // -(2^94 + 2^78 + 2^67 + 2^64 + 2^48 + 1) // used in relic-toolkit +const CurveParam BN462 = { "0x4001fffffffffffffffffffffbfff", 5, 2, false, MCL_BN462 }; // 2^114 + 2^101 - 2^14 - 1 // https://eprint.iacr.org/2017/334 +const CurveParam BN_SNARK1 = { "4965661367192848881", 3, 9, false, MCL_BN_SNARK1 }; +const CurveParam BLS12_381 = { "-0xd201000000010000", 4, 1, true, MCL_BLS12_381 }; +const CurveParam BN160 = { "0x4000000031", 3, 4, false, MCL_BN160 }; + +inline const CurveParam& getCurveParam(int type) +{ + switch (type) { + case MCL_BN254: return mcl::BN254; + case MCL_BN381_1: return mcl::BN381_1; + case MCL_BN381_2: return mcl::BN381_2; + case MCL_BN462: return mcl::BN462; + case MCL_BN_SNARK1: return mcl::BN_SNARK1; + case MCL_BLS12_381: return mcl::BLS12_381; + case MCL_BN160: return mcl::BN160; + default: + assert(0); + return mcl::BN254; + } +} + +} // mcl +#endif diff --git a/include/mcl/mapto_wb19.hpp b/include/mcl/mapto_wb19.hpp index fc6453d..78d2941 100644 --- a/include/mcl/mapto_wb19.hpp +++ b/include/mcl/mapto_wb19.hpp @@ -7,8 +7,10 @@ http://opensource.org/licenses/BSD-3-Clause ref. https://eprint.iacr.org/2019/403 , https://github.com/algorand/bls_sigs_ref */ +namespace mcl { // ctr = 0 or 1 or 2 +template inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, const void *dst, size_t dstSize) { const bool addZeroByte = true; // append zero byte to msg @@ -35,6 +37,7 @@ inline void hashToFp2(Fp2& out, const void *msg, size_t msgSize, uint8_t ctr, co } } +template struct MapToG2_WB19 { Fp2 xi; Fp2 Ell2p_a; @@ -667,3 +670,5 @@ struct MapToG2_WB19 { } }; +} // mcl + diff --git a/sample/multi.cpp b/sample/multi.cpp new file mode 100644 index 0000000..24591cc --- /dev/null +++ b/sample/multi.cpp @@ -0,0 +1,65 @@ +/* + dirty hack to make multi instance of pairing functions +*/ +#include +// BLS12-381 ; sizeof(Fp) = 48, sizeof(Fr) = 32 +#define MCL_MAX_FP_BIT_SIZE 384 +#define MCL_MAX_FR_BIT_SIZE 256 +#include +// remove include gurad of bn.hpp +#undef MCL_INCLUDE_MCL_BN_HPP +// define other fp size +// BN254 ; sizeof(Fp) = 32, sizeof(Fr) = 32 +#undef MCL_MAX_FP_BIT_SIZE +#define MCL_MAX_FP_BIT_SIZE 256 +// define another namespace instead of bn +#undef MCL_NAMESPACE_BN +#define MCL_NAMESPACE_BN bn2 +#include + +#define PUT(x) std::cout << #x "=" << (x) << std::endl; +int main() + try +{ + using namespace mcl; + mpz_class a = 123; + mpz_class b = 456; + bn::initPairing(mcl::BLS12_381); + bn2::initPairing(mcl::BN254); + + bn::G1 P1; + bn::G2 Q1; + bn::GT e1, f1; + + bn2::G1 P2; + bn2::G2 Q2; + bn2::GT e2, f2; + + bn::hashAndMapToG1(P1, "abc", 3); + bn2::hashAndMapToG1(P2, "abc", 3); + PUT(P1); + PUT(P2); + + bn::hashAndMapToG2(Q1, "abc", 3); + bn2::hashAndMapToG2(Q2, "abc", 3); + + PUT(Q1); + PUT(Q2); + P1 += P1; + Q2 += Q2; + + bn::pairing(e1, P1, Q1); + bn2::pairing(e2, P2, Q2); + P1 *= a; + Q1 *= b; + P2 *= a; + Q2 *= b; + bn::pairing(f1, P1, Q1); + bn2::pairing(f2, P2, Q2); + bn::GT::pow(e1, e1, a * b); + bn2::GT::pow(e2, e2, a * b); + printf("eq %d %d\n", e1 == f1, e2 == f2); +} catch (std::exception& e) { + printf("err %s\n", e.what()); + return 1; +} diff --git a/test/mapto_wb19_test.cpp b/test/mapto_wb19_test.cpp index 09f49c4..405c367 100644 --- a/test/mapto_wb19_test.cpp +++ b/test/mapto_wb19_test.cpp @@ -10,7 +10,7 @@ using namespace mcl; using namespace mcl::bn; -typedef mcl::bn::local::MapToG2_WB19 MapTo; +typedef mcl::MapToG2_WB19 MapTo; typedef MapTo::Point Point; void dump(const void *msg, size_t msgSize) @@ -634,7 +634,7 @@ CYBOZU_TEST_AUTO(test) initPairing(mcl::BLS12_381); Fp::setETHserialization(true); bn::setMapToMode(MCL_MAP_TO_MODE_WB19); - const mcl::bn::local::MapToG2_WB19& mapto = BN::param.mapTo.mapToG2_WB19_; + const MapTo& mapto = BN::param.mapTo.mapToG2_WB19_; py_eccTest(mapto); py_eccTest2(mapto); osswu2_helpTest(mapto);