This commit introduces a new feature called "gpu", which enables an
`ec_gpu:GpuField` implementation of `Fp` and `Fq`. This enables the
field arithmetics to be run on a GPU.
The code to convert from a u64 to a u32 vector was taken from
07a84f9727/src/lib.rs (L102-L108)
Now that we have a default implementation of `SqrtRatio::sqrt_ratio`, we
can use it and `FieldExt` in no-std environments.
We introduce an `alloc` feature flag to form a common feature dependency
between `std` and `sqrt-table`. It is currently unused directly, but
will be used after `CurveAffine` is refactored to remove the `std`
dependency.
Closeszcash/pasta_curves#25.
It is only used internally by the table-based square root impl, and we
should probably refactor this further, but for now it can live in the
sqrt extension trait.
- `ff::PrimeField::{from_repr, to_repr}` are direct replacements for
`FieldExt::{from_bytes, to_bytes}`.
- `FieldExt::{read, write}` were added for reading and writing `halo2`
proofs, but `halo2::transcript` now handles this internally.
We can use the `ff::PrimeField::root_of_unity` method everywhere we
currently use this associated constant. If there is a more general
need for accessing this as an associated constant, we should consider
that for `ff::PrimeField`.
We re-introduce the Tonelli-Shank square root algoritm that was removed
in zcash/halo2#120, to use in no-std mode (the table-based impl requires
allocations, and also uses 29kiB of memory which is a problem for
constrained environments that typically need no-std).
The `FieldExt` trait was originally the only trait implemented in this
crate. When we added `ff` support, we reworked `FieldExt` to be an
extension trait on top of `ff::PrimeField`, but left the existing impls
in `FieldExt`. This resulted in some circular dependencies that prevent
us from making `FieldExt` conditional (e.g. for no-std support).
This commit removes the cycles like so:
- `ff::PrimeField::{from_repr, to_repr}` were implemented as calls to
`FieldExt::{from_bytes, to_bytes}`. The field encoding/decoding logic
is moved into the `ff::PrimeField` trait impl, and `FieldExt` now
calls into `ff::PrimeField`.
- `ff::Field::sqrt` was implemented in terms of `FieldExt::sqrt_alt`.
Given that the latter is a trivial wrapper around the `SqrtTables`
implementation, we duplicate the call to eliminate the cycle.
- `ff::Field::random` used `FieldExt::from_bytes_wide`, which wraps
either `Fp::from_u512` or `Fq::from_u512`. We now use these internal
methods directly.
Jack Grigg
ebfull
Andy Polyakov
Daira Hopwood
Volker Mische
David Nevado