From 8c8d616c9b2f0c6e302eba130b2307267880751d Mon Sep 17 00:00:00 2001 From: MITSUNARI Shigeo Date: Thu, 5 Apr 2018 21:42:49 +0900 Subject: rename curve name --- ffi/go/mcl/mcl.go | 11 +++++++---- ffi/go/mcl/mcl_test.go | 4 ++-- include/mcl/bn.h | 1 + include/mcl/bn.hpp | 22 +++++++++++----------- include/mcl/curve_type.h | 6 +++--- readme.md | 40 ++++++++++++++++++++-------------------- src/bn_c_impl.hpp | 5 +++++ src/she_c_impl.hpp | 12 ++++++------ test/bls12_test.cpp | 4 ++-- test/bn384_test.cpp | 12 ++++++------ test/bn512_test.cpp | 4 ++-- test/bn_test.cpp | 2 +- 12 files changed, 66 insertions(+), 57 deletions(-) diff --git a/ffi/go/mcl/mcl.go b/ffi/go/mcl/mcl.go index 8a030fc..bce2d56 100644 --- a/ffi/go/mcl/mcl.go +++ b/ffi/go/mcl/mcl.go @@ -18,6 +18,9 @@ const CurveFp382_1 = C.mclBn_CurveFp382_1 // CurveFp382_2 -- 382 bit curve 2 const CurveFp382_2 = C.mclBn_CurveFp382_2 +// BLS12_381 +const BLS12_381 = C.MCL_BLS12_381 + // Init -- // call this function before calling all the other operations // this function is not thread safe @@ -102,7 +105,7 @@ func (x *Fr) SetString(s string, base int) error { func (x *Fr) Deserialize(buf []byte) error { // #nosec err := C.mclBnFr_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) - if err != 0 { + if err == 0 { return fmt.Errorf("err mclBnFr_deserialize %x", buf) } return nil @@ -231,7 +234,7 @@ func (x *G1) SetString(s string, base int) error { func (x *G1) Deserialize(buf []byte) error { // #nosec err := C.mclBnG1_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) - if err != 0 { + if err == 0 { return fmt.Errorf("err mclBnG1_deserialize %x", buf) } return nil @@ -341,7 +344,7 @@ func (x *G2) SetString(s string, base int) error { func (x *G2) Deserialize(buf []byte) error { // #nosec err := C.mclBnG2_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) - if err != 0 { + if err == 0 { return fmt.Errorf("err mclBnG2_deserialize %x", buf) } return nil @@ -452,7 +455,7 @@ func (x *GT) SetString(s string, base int) error { func (x *GT) Deserialize(buf []byte) error { // #nosec err := C.mclBnGT_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) - if err != 0 { + if err == 0 { return fmt.Errorf("err mclBnGT_deserialize %x", buf) } return nil diff --git a/ffi/go/mcl/mcl_test.go b/ffi/go/mcl/mcl_test.go index b1e0aba..85900be 100644 --- a/ffi/go/mcl/mcl_test.go +++ b/ffi/go/mcl/mcl_test.go @@ -124,7 +124,7 @@ func TestMclMain(t *testing.T) { if GetMaxOpUnitSize() == 6 { t.Log("CurveFp382_1") testMcl(t, CurveFp382_1) - t.Log("CurveFp382_2") - testMcl(t, CurveFp382_2) + t.Log("BLS12_381") + testMcl(t, BLS12_381) } } diff --git a/include/mcl/bn.h b/include/mcl/bn.h index b141f5e..1140c42 100644 --- a/include/mcl/bn.h +++ b/include/mcl/bn.h @@ -134,6 +134,7 @@ MCLBN_DLL_API int mclBn_getOpUnitSize(); 58 if mclBn_CurveFpA462 */ MCLBN_DLL_API int mclBn_getG1ByteSize(); +MCLBN_DLL_API int mclBn_getFrByteSize(); /* return decimal string of the order of the curve(=the characteristic of Fr) diff --git a/include/mcl/bn.hpp b/include/mcl/bn.hpp index f8c5b85..b25f76c 100644 --- a/include/mcl/bn.hpp +++ b/include/mcl/bn.hpp @@ -37,10 +37,10 @@ struct CurveParam { bool operator!=(const CurveParam& rhs) const { return !operator==(rhs); } }; -const CurveParam BN254BNb = { "-0x4080000000000001", 2, 1, false, MCL_BN254BNb }; // -(2^62 + 2^55 + 1) +const CurveParam BN254 = { "-0x4080000000000001", 2, 1, false, MCL_BN254 }; // -(2^62 + 2^55 + 1) // provisional(experimental) param with maxBitSize = 384 -const CurveParam BN382_1 = { "-0x400011000000000000000001", 2, 1, false, MCL_BN382_1 }; // -(2^94 + 2^76 + 2^72 + 1) // A Family of Implementation-Friendly BN Elliptic Curves -const CurveParam BN382_2 = { "-0x400040090001000000000001", 2, 1, false, MCL_BN382_2 }; // -(2^94 + 2^78 + 2^67 + 2^64 + 2^48 + 1) // used in relic-toolkit +const CurveParam BN381_1 = { "-0x400011000000000000000001", 2, 1, false, MCL_BN381_1 }; // -(2^94 + 2^76 + 2^72 + 1) // A Family of Implementation-Friendly BN Elliptic Curves +const CurveParam BN381_2 = { "-0x400040090001000000000001", 2, 1, false, MCL_BN381_2 }; // -(2^94 + 2^78 + 2^67 + 2^64 + 2^48 + 1) // used in relic-toolkit const CurveParam BN462 = { "0x4001fffffffffffffffffffffbfff", 5, 2, false, MCL_BN462 }; // 2^114 + 2^101 - 2^14 - 1 // https://eprint.iacr.org/2017/334 const CurveParam BN_SNARK1 = { "4965661367192848881", 3, 9, false, MCL_BN_SNARK1 }; const CurveParam BLS12_381 = { "-0xd201000000010000", 4, 1, true, MCL_BLS12_381 }; @@ -48,9 +48,9 @@ const CurveParam BLS12_381 = { "-0xd201000000010000", 4, 1, true, MCL_BLS12_381 inline const CurveParam& getCurveParam(int type) { switch (type) { - case MCL_BN254BNb: return mcl::BN254BNb; - case MCL_BN382_1: return mcl::BN382_1; - case MCL_BN382_2: return mcl::BN382_2; + case MCL_BN254: return mcl::BN254; + case MCL_BN381_1: return mcl::BN381_1; + case MCL_BN381_2: return mcl::BN381_2; case MCL_BN462: return mcl::BN462; case MCL_BN_SNARK1: return mcl::BN_SNARK1; case MCL_BLS12_381: return mcl::BLS12_381; @@ -990,7 +990,7 @@ struct BNT { if (isNegative) s = -s; param.glv2.pow(z, x, s, constTime); } - static void init(const mcl::CurveParam& cp = mcl::BN254BNb, fp::Mode mode = fp::FP_AUTO) + static void init(const mcl::CurveParam& cp = mcl::BN254, fp::Mode mode = fp::FP_AUTO) { param.init(cp, mode); G2withF::init(cp.isMtype); @@ -1013,7 +1013,7 @@ struct BNT { static void pow_z(Fp12& y, const Fp12& x) { #if 1 - if (param.cp.curveType == MCL_BN254BNb) { + if (param.cp.curveType == MCL_BN254) { Compress::fixed_power(y, x); } else { Fp12 orgX = x; @@ -1824,9 +1824,9 @@ util::ParamT BNT::param; // backward compatibility using mcl::CurveParam; -static const CurveParam& CurveFp254BNb = BN254BNb; -static const CurveParam& CurveFp382_1 = BN382_1; -static const CurveParam& CurveFp382_2 = BN382_2; +static const CurveParam& CurveFp254BNb = BN254; +static const CurveParam& CurveFp382_1 = BN381_1; +static const CurveParam& CurveFp382_2 = BN381_2; static const CurveParam& CurveFp462 = BN462; static const CurveParam& CurveSNARK1 = BN_SNARK1; diff --git a/include/mcl/curve_type.h b/include/mcl/curve_type.h index b7b0118..537ce11 100644 --- a/include/mcl/curve_type.h +++ b/include/mcl/curve_type.h @@ -8,9 +8,9 @@ */ enum { - MCL_BN254BNb = 0, - MCL_BN382_1 = 1, - MCL_BN382_2 = 2, + MCL_BN254 = 0, + MCL_BN381_1 = 1, + MCL_BN381_2 = 2, MCL_BN462 = 3, MCL_BN_SNARK1 = 4, MCL_BLS12_381 = 5 diff --git a/readme.md b/readme.md index 6517e32..bea95da 100644 --- a/readme.md +++ b/readme.md @@ -22,15 +22,15 @@ The current version supports the optimal Ate pairing over BN curves. p(z) = 36z^4 + 36z^3 + 24z^2 + 6z + 1. -* CurveFp254BNb ; a BN curve over the 254-bit prime p(z) where z = -(2^62 + 2^55 + 1). -* CurveSNARK1 ; a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity. -* CurveFp381 ; a BN curve over the 381-bit prime p(z) where z = -(2^94 + 2^76 + 2^72 + 1). -* CurveFp462 ; a BN curve over the 462-bit prime p(z) where z = 2^114 + 2^101 - 2^14 - 1. -* mcl::BLS12_381 ; new [a BLS12-381 curve](https://blog.z.cash/new-snark-curve/) +* BN254 ; a BN curve over the 254-bit prime p(z) where z = -(2^62 + 2^55 + 1). +* BN\_SNARK1 ; a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity. +* BN381\_1 ; a BN curve over the 381-bit prime p(z) where z = -(2^94 + 2^76 + 2^72 + 1). +* BN462 ; a BN curve over the 462-bit prime p(z) where z = 2^114 + 2^101 - 2^14 - 1. +* BLS12\_381 ; new [a BLS12-381 curve](https://blog.z.cash/new-snark-curve/) # Benchmark -A benchmark of a BN curve CurveFp254BNb(2016/12/25). +A benchmark of a BN curve BN254(2016/12/25). * x64, x86 ; Inte Core i7-6700 3.4GHz(Skylake) upto 4GHz on Ubuntu 16.04. * `sudo cpufreq-set -g performance` @@ -54,17 +54,17 @@ cmake -DARITH=x64-asm-254 -DFP_PRIME=254 -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_ME For JavaScript(WebAssembly), see [ID based encryption demo](https://herumi.github.io/mcl-wasm/ibe-demo.html). -paramter | x64| Firefox on x64|Safari on iPhone7| -----------------|-----|---------------|-----------------| -CurveFpBN254BNb | 0.29| 2.48| 4.78| -CurveFp382_1 | 0.95| 7.91| 11.74| -CurveFp462 | 2.16| 14.73| 22.77| +paramter | x64| Firefox on x64|Safari on iPhone7| +-----------|-----|---------------|-----------------| +BN254 | 0.29| 2.48| 4.78| +BN381\_1 | 0.95| 7.91| 11.74| +BN462 | 2.16| 14.73| 22.77| * x64 : 'Kaby Lake Core i7-7700(3.6GHz)'. * Firefox : 64-bit version 58. * iPhone7 : iOS 11.2.1. -* CurveFpBN254BNb is by `test/bn_test.cpp`. -* CurveFp382_1 and CurveFp462 are by `test/bn512_test.cpp`. +* BN254 is by `test/bn_test.cpp`. +* BN381\_1 and CurveFp462 are by `test/bn512_test.cpp`. * All the timings are given in ms(milliseconds). The other benchmark results are [bench.txt](bench.txt). @@ -85,7 +85,7 @@ git clone git://github.com/herumi/cybozulib git clone git://github.com/herumi/xbyak ; for only x86/x64 git clone git://github.com/herumi/cybozulib_ext ; for only Windows ``` -* Cybozulib_ext is a prerequisite for running OpenSSL and GMP on VC (Visual C++). +* Cybozulib\_ext is a prerequisite for running OpenSSL and GMP on VC (Visual C++). # Build and test on x86-64 Linux, macOS, ARM and ARM64 Linux To make lib/libmcl.a and test it: @@ -157,7 +157,7 @@ emcc -O3 -I ./include/ -I ../cybozulib/include/ src/fp.cpp test/bn_test.cpp -DND emrun --no_browser --port 8080 --no_emrun_detect . ``` and open `http://
:8080/t.html`. -The timing of a pairing on `CurveFp254BNb` is 2.8msec on 64-bit Firefox with Skylake 3.4GHz. +The timing of a pairing on `BN254` is 2.8msec on 64-bit Firefox with Skylake 3.4GHz. ### Node.js @@ -200,17 +200,17 @@ If you want to remove '_dy` of so files, then `makeSHARE_BASENAME_SUF=`. Call `mcl::bn256::initPairing` before calling any operations. ``` #include -mcl::bn::CurveParam cp = mcl::bn::CurveFp254BNb; // or mcl::bn::CurveSNARK1 +mcl::bn::CurveParam cp = mcl::BN254; // or mcl::BN_SNARK1 mcl::bn256::initPairing(cp); mcl::bn256::G1 P(...); mcl::bn256::G2 Q(...); mcl::bn256::Fp12 e; mcl::bn256::BN::pairing(e, P, Q); ``` -1. (CurveFp254BNb) a BN curve over the 254-bit prime p = p(z) where z = -(2^62 + 2^55 + 1). -2. (CurveSNARK1) a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity. -3. CurveFp381 with `mcl/bn384.hpp`. -4. CurveFp462 with `mcl/bn512.hpp`. +1. (BN254) a BN curve over the 254-bit prime p = p(z) where z = -(2^62 + 2^55 + 1). +2. (BN_SNARK1) a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity. +3. BN381_1 with `mcl/bn384.hpp`. +4. BN462 with `mcl/bn512.hpp`. See [test/bn_test.cpp](https://github.com/herumi/mcl/blob/master/test/bn_test.cpp). diff --git a/src/bn_c_impl.hpp b/src/bn_c_impl.hpp index 9c3ee2a..1e00084 100644 --- a/src/bn_c_impl.hpp +++ b/src/bn_c_impl.hpp @@ -144,6 +144,11 @@ int mclBn_getG1ByteSize() return (int)Fp::getByteSize(); } +int mclBn_getFrByteSize() +{ + return (int)Fr::getByteSize(); +} + mclSize copyStrAndReturnSize(char *buf, mclSize maxBufSize, const std::string& str) { if (str.size() >= maxBufSize) return 0; diff --git a/src/she_c_impl.hpp b/src/she_c_impl.hpp index 9c2c9dc..ca00903 100644 --- a/src/she_c_impl.hpp +++ b/src/she_c_impl.hpp @@ -61,14 +61,14 @@ int sheInit(int curve, int maxUnitSize) mcl::CurveParam cp; switch (curve) { - case MCL_BN254BNb: - cp = mcl::BN254BNb; + case MCL_BN254: + cp = mcl::BN254; break; - case MCL_BN382_1: - cp = mcl::BN382_1; + case MCL_BN381_1: + cp = mcl::BN381_1; break; - case MCL_BN382_2: - cp = mcl::BN382_2; + case MCL_BN381_2: + cp = mcl::BN381_2; break; case MCL_BN462: cp = mcl::BN462; diff --git a/test/bls12_test.cpp b/test/bls12_test.cpp index aa650ce..7a60e8d 100644 --- a/test/bls12_test.cpp +++ b/test/bls12_test.cpp @@ -617,8 +617,8 @@ void testCurve(const mcl::CurveParam& cp) } CYBOZU_TEST_AUTO(multi) { - puts("BN254BNb"); - testCurve(mcl::BN254BNb); + puts("BN254"); + testCurve(mcl::BN254); puts("BLS12_381"); testCurve(mcl::BLS12_381); } diff --git a/test/bn384_test.cpp b/test/bn384_test.cpp index abb6f84..a3c5a48 100644 --- a/test/bn384_test.cpp +++ b/test/bn384_test.cpp @@ -38,13 +38,13 @@ void testCurve(const mcl::CurveParam& cp) CYBOZU_TEST_AUTO(pairing) { - puts("BN254BNb"); + puts("BN254"); // support 256-bit pairing - testCurve(mcl::BN254BNb); - puts("BN382_1"); - testCurve(mcl::BN382_1); - puts("BN382_2"); - testCurve(mcl::BN382_2); + testCurve(mcl::BN254); + puts("BN381_1"); + testCurve(mcl::BN381_1); + puts("BN381_2"); + testCurve(mcl::BN381_2); puts("BLS12_381"); testCurve(mcl::BLS12_381); // Q is not on EcT, but bad order diff --git a/test/bn512_test.cpp b/test/bn512_test.cpp index 0f6aaab..dae3d0e 100644 --- a/test/bn512_test.cpp +++ b/test/bn512_test.cpp @@ -41,9 +41,9 @@ CYBOZU_TEST_AUTO(pairing) puts("CurveFp462"); testCurve(mcl::BN462); puts("CurveFp382_1"); - testCurve(mcl::BN382_1); + testCurve(mcl::BN381_1); puts("CurveFp382_2"); - testCurve(mcl::BN382_2); + testCurve(mcl::BN381_2); puts("CurveFp254BNb"); testCurve(mcl::bn::CurveFp254BNb); } diff --git a/test/bn_test.cpp b/test/bn_test.cpp index 126602c..6fb3b7a 100644 --- a/test/bn_test.cpp +++ b/test/bn_test.cpp @@ -168,7 +168,7 @@ void testCyclotomic() void testCompress(const G1& P, const G2& Q) { - if (BN::param.cp.curveType != MCL_BN254BNb) return; + if (BN::param.cp.curveType != MCL_BN254) return; Fp12 a; BN::pairing(a, P, Q); BN::mapToCyclotomic(a, a); -- cgit