Mocktography (#49)
Added mocktography (feature `use-insecure-test-only-mock-crypto) and factored out CI execution script.
This commit is contained in:
parent
90f63e34e9
commit
d133bb6d79
13
.travis.yml
13
.travis.yml
|
@ -11,15 +11,4 @@ addons:
|
||||||
before_install:
|
before_install:
|
||||||
- rustup component add --toolchain=${TRAVIS_RUST_VERSION} rustfmt-preview clippy-preview
|
- rustup component add --toolchain=${TRAVIS_RUST_VERSION} rustfmt-preview clippy-preview
|
||||||
- cargo deadlinks --version || cargo install cargo-deadlinks
|
- cargo deadlinks --version || cargo install cargo-deadlinks
|
||||||
env:
|
script: ./ci.sh
|
||||||
global:
|
|
||||||
- RUST_BACKTRACE=1
|
|
||||||
# Enables additional cpu-specific optimizations.
|
|
||||||
- RUSTFLAGS="-D warnings -C target-cpu=native"
|
|
||||||
script:
|
|
||||||
- cargo clippy --tests --examples --benches -- --deny clippy
|
|
||||||
- cargo fmt -- --check
|
|
||||||
- cargo test --release
|
|
||||||
- cargo test --all-features --release
|
|
||||||
- cargo doc
|
|
||||||
- cargo deadlinks --dir target/doc/threshold_crypto/
|
|
||||||
|
|
|
@ -106,6 +106,10 @@ $ RUSTFLAGS="-C target_cpu=native" cargo bench
|
||||||
|
|
||||||
We use the [`criterion`](https://crates.io/crates/criterion) benchmarking library.
|
We use the [`criterion`](https://crates.io/crates/criterion) benchmarking library.
|
||||||
|
|
||||||
|
### Mock cryptography
|
||||||
|
|
||||||
|
To speed up automatic tests of crates depending on `threshold_crypto`, the `use-insecure-test-only-mock-crypto` feature is available. **Activating this feature will effectively disable encryption and should only be used during tests!**. Essentially, the underlying elliptic curves will be replaced by small finite fields, yielding a 10-200X speed-up in execution. The resulting ciphers can be trivially broken in a number of ways and should never be used in production.
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
Licensed under either of:
|
Licensed under either of:
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -xe
|
||||||
|
|
||||||
|
export RUST_BACKTRACE=1
|
||||||
|
|
||||||
|
# Enables additional cpu-specific optimizations.
|
||||||
|
export RUSTFLAGS="-D warnings -C target-cpu=native"
|
||||||
|
|
||||||
|
cargo clippy --tests --examples --benches -- --deny clippy
|
||||||
|
cargo clippy --all-features --tests --examples --benches -- --deny clippy
|
||||||
|
cargo fmt -- --check
|
||||||
|
cargo test --release
|
||||||
|
cargo test --all-features --release
|
||||||
|
cargo doc
|
||||||
|
cargo deadlinks --dir target/doc/threshold_crypto/
|
25
src/lib.rs
25
src/lib.rs
|
@ -1,6 +1,15 @@
|
||||||
// Clippy warns that it's dangerous to derive `PartialEq` and explicitly implement `Hash`, but the
|
// Clippy warns that it's dangerous to derive `PartialEq` and explicitly implement `Hash`, but the
|
||||||
// `pairing::bls12_381` types don't implement `Hash`, so we can't derive it.
|
// `pairing::bls12_381` types don't implement `Hash`, so we can't derive it.
|
||||||
#![cfg_attr(feature = "cargo-clippy", allow(derive_hash_xor_eq))]
|
#![cfg_attr(feature = "cargo-clippy", allow(derive_hash_xor_eq))]
|
||||||
|
// When using the mocktography, the resulting field elements become wrapped `u32`s, suddenly
|
||||||
|
// triggering pass-by-reference warnings. They are conditionally disabled for this reason:
|
||||||
|
#![cfg_attr(
|
||||||
|
all(
|
||||||
|
feature = "cargo-clippy",
|
||||||
|
feature = "use-insecure-test-only-mock-crypto"
|
||||||
|
),
|
||||||
|
allow(trivially_copy_pass_by_ref)
|
||||||
|
)]
|
||||||
|
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
extern crate bincode;
|
extern crate bincode;
|
||||||
|
@ -46,15 +55,17 @@ use into_fr::IntoFr;
|
||||||
use poly::{Commitment, Poly};
|
use poly::{Commitment, Poly};
|
||||||
use secret::{clear_fr, ContainsSecret, MemRange, FR_SIZE};
|
use secret::{clear_fr, ContainsSecret, MemRange, FR_SIZE};
|
||||||
|
|
||||||
// #[cfg(not(feature = "use-insecure-test-only-mock-crypto"))]
|
#[cfg(not(feature = "use-insecure-test-only-mock-crypto"))]
|
||||||
pub use pairing::bls12_381::{Bls12 as PEngine, Fr, G1Affine, G2Affine, G1, G2};
|
pub use pairing::bls12_381::{Bls12 as PEngine, Fr, G1Affine, G2Affine, G1, G2};
|
||||||
|
|
||||||
// TODO: Add mock cryptography for tests.
|
#[cfg(feature = "use-insecure-test-only-mock-crypto")]
|
||||||
// #[cfg(feature = "use-insecure-test-only-mock-crypto")]
|
mod mock;
|
||||||
// pub use pairing::mock::{
|
|
||||||
// Mersenne8 as Fr, Mocktography as PEngine, Ms8Affine as G1Affine, Ms8Affine as G2Affine,
|
#[cfg(feature = "use-insecure-test-only-mock-crypto")]
|
||||||
// Ms8Projective as G1, Ms8Projective as G2,
|
pub use mock::{
|
||||||
// };
|
Mersenne8 as Fr, Mocktography as PEngine, Ms8Affine as G1Affine, Ms8Affine as G2Affine,
|
||||||
|
Ms8Projective as G1, Ms8Projective as G2,
|
||||||
|
};
|
||||||
|
|
||||||
/// Wrapper for a byte array, whose `Debug` implementation outputs shortened hexadecimal strings.
|
/// Wrapper for a byte array, whose `Debug` implementation outputs shortened hexadecimal strings.
|
||||||
pub struct HexBytes<'a>(pub &'a [u8]);
|
pub struct HexBytes<'a>(pub &'a [u8]);
|
||||||
|
|
|
@ -0,0 +1,322 @@
|
||||||
|
//! Mock cryptography implementation of a `pairing` engine.
|
||||||
|
//!
|
||||||
|
//! Affectionately known as *mocktography*, the `mock` module implements a valid `pairing::Engine`
|
||||||
|
//! on top of simpler cryptographic primitives; instead of elliptic curves, a simple finite field of
|
||||||
|
//! Mersenne prime order is used. The resulting engine is trivially breakable (the key space is
|
||||||
|
//! smaller than 2^31), but should not produce accidental collisions at an unacceptable rate.
|
||||||
|
//!
|
||||||
|
//! As a result, all "cryptographic" operations can be carried out much faster. This module is
|
||||||
|
//! intended to be used during unit-tests of applications that build on top of `threshold_crypto`;
|
||||||
|
//! enabling this in production code of any application will immediately break its cryptographic
|
||||||
|
//! security.
|
||||||
|
|
||||||
|
pub mod ms8;
|
||||||
|
|
||||||
|
use std::{fmt, mem, slice};
|
||||||
|
|
||||||
|
use pairing::{EncodedPoint, Field, GroupDecodingError, PrimeField};
|
||||||
|
use rand;
|
||||||
|
|
||||||
|
use super::{CurveAffine, CurveProjective, Engine};
|
||||||
|
|
||||||
|
pub use self::ms8::Mersenne8;
|
||||||
|
|
||||||
|
/// A `pairing` Engine based on `Mersenne8` prime fields.
|
||||||
|
#[derive(Clone, Debug)]
|
||||||
|
pub struct Mocktography;
|
||||||
|
|
||||||
|
/// Affine type for `Mersenne8`.
|
||||||
|
#[derive(Copy, Clone, Debug, Default, Eq, Ord, PartialEq, PartialOrd)]
|
||||||
|
pub struct Ms8Affine(Mersenne8);
|
||||||
|
|
||||||
|
/// Projective type for `Mersenne8`.
|
||||||
|
#[derive(Copy, Clone, Debug, Default, Eq, Ord, PartialEq, PartialOrd)]
|
||||||
|
pub struct Ms8Projective(Mersenne8);
|
||||||
|
|
||||||
|
impl fmt::Display for Ms8Affine {
|
||||||
|
#[inline]
|
||||||
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||||
|
fmt::Display::fmt(&self.0, f)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl fmt::Display for Ms8Projective {
|
||||||
|
#[inline]
|
||||||
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||||
|
fmt::Display::fmt(&self.0, f)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl rand::Rand for Ms8Affine {
|
||||||
|
#[inline]
|
||||||
|
fn rand<R: rand::Rng>(rng: &mut R) -> Self {
|
||||||
|
Ms8Affine(rng.gen())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl rand::Rand for Ms8Projective {
|
||||||
|
#[inline]
|
||||||
|
fn rand<R: rand::Rng>(rng: &mut R) -> Self {
|
||||||
|
Ms8Projective(rng.gen())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<Ms8Projective> for Ms8Affine {
|
||||||
|
fn from(Ms8Projective(x): Ms8Projective) -> Ms8Affine {
|
||||||
|
Ms8Affine(x)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<Ms8Affine> for Ms8Projective {
|
||||||
|
fn from(Ms8Affine(x): Ms8Affine) -> Ms8Projective {
|
||||||
|
Ms8Projective(x)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Engine for Mocktography {
|
||||||
|
type G1 = Ms8Projective;
|
||||||
|
type G1Affine = Ms8Affine;
|
||||||
|
type G2 = Ms8Projective;
|
||||||
|
type G2Affine = Ms8Affine;
|
||||||
|
type Fq = Mersenne8;
|
||||||
|
type Fqe = Mersenne8;
|
||||||
|
type Fqk = Mersenne8;
|
||||||
|
|
||||||
|
// In newer versions of pairing, this must be moved to `ScalarEngine`:
|
||||||
|
type Fr = Mersenne8;
|
||||||
|
|
||||||
|
fn miller_loop<'a, I>(_i: I) -> Self::Fqk
|
||||||
|
where
|
||||||
|
I: IntoIterator<
|
||||||
|
Item = &'a (
|
||||||
|
&'a <Self::G1Affine as CurveAffine>::Prepared,
|
||||||
|
&'a <Self::G2Affine as CurveAffine>::Prepared,
|
||||||
|
),
|
||||||
|
>,
|
||||||
|
{
|
||||||
|
// Unused?
|
||||||
|
unimplemented!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn final_exponentiation(_: &Self::Fqk) -> Option<Self::Fqk> {
|
||||||
|
// Unused?
|
||||||
|
unimplemented!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn pairing<G1, G2>(p: G1, q: G2) -> Self::Fqk
|
||||||
|
where
|
||||||
|
G1: Into<Self::G1Affine>,
|
||||||
|
G2: Into<Self::G2Affine>,
|
||||||
|
{
|
||||||
|
p.into().0 * q.into().0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AsRef<[u64]> for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn as_ref(&self) -> &[u64] {
|
||||||
|
panic!("Not supported: AsRef<[u64]>")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AsRef<[u8]> for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn as_ref(&self) -> &[u8] {
|
||||||
|
unsafe { slice::from_raw_parts(&self.0 as *const u32 as *const u8, 4) }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AsMut<[u64]> for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn as_mut(&mut self) -> &mut [u64] {
|
||||||
|
panic!("Not supported: AsMut<[u64]>")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AsMut<[u8]> for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn as_mut(&mut self) -> &mut [u8] {
|
||||||
|
unsafe { slice::from_raw_parts_mut(&mut self.0 as *mut u32 as *mut u8, 4) }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AsRef<[u8]> for Ms8Affine {
|
||||||
|
#[inline]
|
||||||
|
fn as_ref(&self) -> &[u8] {
|
||||||
|
self.0.as_ref()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl AsMut<[u8]> for Ms8Affine {
|
||||||
|
#[inline]
|
||||||
|
fn as_mut(&mut self) -> &mut [u8] {
|
||||||
|
self.0.as_mut()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl CurveAffine for Ms8Affine {
|
||||||
|
type Engine = Mocktography;
|
||||||
|
type Scalar = Mersenne8;
|
||||||
|
type Base = Mersenne8;
|
||||||
|
type Projective = Ms8Projective;
|
||||||
|
type Prepared = Ms8Affine;
|
||||||
|
type Uncompressed = Ms8Affine;
|
||||||
|
type Compressed = Ms8Affine;
|
||||||
|
type Pair = Ms8Affine;
|
||||||
|
type PairingResult = Mersenne8;
|
||||||
|
|
||||||
|
fn zero() -> Self {
|
||||||
|
Ms8Affine(Mersenne8::zero())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn one() -> Self {
|
||||||
|
Ms8Affine(Mersenne8::one())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn is_zero(&self) -> bool {
|
||||||
|
self.0.is_zero()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn negate(&mut self) {
|
||||||
|
self.0.negate();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn mul<S: Into<<Self::Scalar as PrimeField>::Repr>>(&self, other: S) -> Self::Projective {
|
||||||
|
// FIXME: Is this correct?
|
||||||
|
let s = other.into();
|
||||||
|
|
||||||
|
Ms8Projective(self.0 * s)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn prepare(&self) -> Self::Prepared {
|
||||||
|
*self
|
||||||
|
}
|
||||||
|
|
||||||
|
fn pairing_with(&self, other: &Self::Pair) -> Self::PairingResult {
|
||||||
|
// This is the actual implementation of e: G_1 x G_2 -> G_T.
|
||||||
|
// We have chosen e(P, Q) = PQ.
|
||||||
|
self.0 * other.0
|
||||||
|
}
|
||||||
|
|
||||||
|
fn into_projective(&self) -> Self::Projective {
|
||||||
|
Ms8Projective(self.0)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl CurveProjective for Ms8Projective {
|
||||||
|
type Engine = Mocktography;
|
||||||
|
type Scalar = Mersenne8;
|
||||||
|
type Base = Mersenne8;
|
||||||
|
type Affine = Ms8Affine;
|
||||||
|
|
||||||
|
fn zero() -> Self {
|
||||||
|
Ms8Projective(Mersenne8::zero())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn one() -> Self {
|
||||||
|
Ms8Projective(Mersenne8::one())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn is_zero(&self) -> bool {
|
||||||
|
self.0.is_zero()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn batch_normalization(_v: &mut [Self]) {
|
||||||
|
// We just assume all values as already normalized. See `is_normalized()`.
|
||||||
|
}
|
||||||
|
|
||||||
|
fn is_normalized(&self) -> bool {
|
||||||
|
true
|
||||||
|
}
|
||||||
|
|
||||||
|
fn double(&mut self) {
|
||||||
|
self.0.double()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn add_assign(&mut self, other: &Self) {
|
||||||
|
self.0.add_assign(&other.0);
|
||||||
|
}
|
||||||
|
|
||||||
|
fn add_assign_mixed(&mut self, other: &Self::Affine) {
|
||||||
|
self.0.add_assign(&other.0);
|
||||||
|
}
|
||||||
|
|
||||||
|
fn negate(&mut self) {
|
||||||
|
self.0.negate();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn mul_assign<S: Into<<Self::Scalar as PrimeField>::Repr>>(&mut self, other: S) {
|
||||||
|
self.0 *= other.into();
|
||||||
|
}
|
||||||
|
|
||||||
|
fn into_affine(&self) -> Self::Affine {
|
||||||
|
Ms8Affine(self.0)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn recommended_wnaf_for_scalar(_scalar: <Self::Scalar as PrimeField>::Repr) -> usize {
|
||||||
|
2
|
||||||
|
}
|
||||||
|
|
||||||
|
fn recommended_wnaf_for_num_scalars(_num_scalars: usize) -> usize {
|
||||||
|
2
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl EncodedPoint for Ms8Affine {
|
||||||
|
type Affine = Ms8Affine;
|
||||||
|
|
||||||
|
fn empty() -> Self {
|
||||||
|
// FIXME: Ensure we are not violating any assumptions here.
|
||||||
|
Self::default()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn size() -> usize {
|
||||||
|
mem::size_of::<Self>()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn into_affine(&self) -> Result<Self::Affine, GroupDecodingError> {
|
||||||
|
Ok(*self)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn into_affine_unchecked(&self) -> Result<Self::Affine, GroupDecodingError> {
|
||||||
|
Ok(*self)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn from_affine(affine: Self::Affine) -> Self {
|
||||||
|
affine
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod test {
|
||||||
|
// There are copy & pasted results of calculations from external programs in these tests.
|
||||||
|
#![cfg_attr(feature = "cargo-clippy", allow(unreadable_literal))]
|
||||||
|
|
||||||
|
use super::{Mersenne8, Mocktography, Ms8Affine};
|
||||||
|
use Engine;
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn example_pairings() {
|
||||||
|
let pqs: Vec<(u32, u32, u32)> = vec![
|
||||||
|
(0, 0, 0),
|
||||||
|
(123, 0, 0),
|
||||||
|
(1, 1, 1),
|
||||||
|
(123, 1, 123),
|
||||||
|
(4, 5, 20),
|
||||||
|
(123456789, 987654321, 2137109934),
|
||||||
|
(456789123, 456789123, 1405297315),
|
||||||
|
];
|
||||||
|
|
||||||
|
for (p, q, res) in pqs {
|
||||||
|
let p = Ms8Affine(p.into());
|
||||||
|
let q = Ms8Affine(q.into());
|
||||||
|
println!("P, Q: {}, {}", p, q);
|
||||||
|
println!("Checking e({}, {}) = {}", p, q, res);
|
||||||
|
assert_eq!(Mocktography::pairing(p, q), Mersenne8::new(res));
|
||||||
|
|
||||||
|
// Our pairing is bilinear.
|
||||||
|
println!("Checking e({}, {}) = {}", q, p, res);
|
||||||
|
assert_eq!(Mocktography::pairing(q, p), Mersenne8::new(res));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,815 @@
|
||||||
|
//! Eigth Mersenne prime field
|
||||||
|
//!
|
||||||
|
//! The eighth [Mersenne Prime](https://en.wikipedia.org/wiki/Mersenne_prime) (`MS8 := 2^31-1) can
|
||||||
|
//! be used to construct a finite field supporting addition and multiplication. This module provides
|
||||||
|
//! a wrapper type around `u32` to implement this functionality.
|
||||||
|
//!
|
||||||
|
//! The resulting type also implements the `Field`, `PrimeField` and `SqrtField` traits. For
|
||||||
|
//! convenience, `PrimeFieldRepr` is also implemented.
|
||||||
|
|
||||||
|
use std::io::{self, Read, Write};
|
||||||
|
use std::{fmt, mem, ops};
|
||||||
|
|
||||||
|
use byteorder::{BigEndian, ByteOrder};
|
||||||
|
use pairing::{
|
||||||
|
Field, LegendreSymbol, PrimeField, PrimeFieldDecodingError, PrimeFieldRepr, SqrtField,
|
||||||
|
};
|
||||||
|
use rand;
|
||||||
|
|
||||||
|
/// Modular exponentiation
|
||||||
|
///
|
||||||
|
/// Warning: Only tested using bases and exponents `< MS8`.
|
||||||
|
#[inline]
|
||||||
|
fn modular_pow(base: u32, mut exp: u32, modulus: u32) -> u32 {
|
||||||
|
// Source: https://en.wikipedia.org/wiki/Modular_exponentiation#Right-to-left_binary_method
|
||||||
|
if modulus == 1 {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Need to use 64 bits to ensure the assert from Schneier's algorithm:
|
||||||
|
// (modulus - 1) * (modulus - 1) does not overflow base
|
||||||
|
let mut result: u64 = 1;
|
||||||
|
let md: u64 = u64::from(modulus);
|
||||||
|
let mut base = u64::from(base) % md;
|
||||||
|
|
||||||
|
while exp > 0 {
|
||||||
|
if exp % 2 == 1 {
|
||||||
|
result = (result * base) % md;
|
||||||
|
}
|
||||||
|
exp >>= 1;
|
||||||
|
base = (base * base) % md;
|
||||||
|
}
|
||||||
|
|
||||||
|
result as u32
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Eigth Mersenne prime, aka `i32::MAX`.
|
||||||
|
pub const MS8: u32 = 0x7fff_ffff;
|
||||||
|
|
||||||
|
/// Eighth Mersenne prime field element
|
||||||
|
///
|
||||||
|
/// Finite field of order `2^31-1`.
|
||||||
|
#[derive(Copy, Clone, Debug, Default, Eq, Ord, PartialEq, PartialOrd)]
|
||||||
|
pub struct Mersenne8(pub u32);
|
||||||
|
|
||||||
|
// We opt to implement the same variants the standard library implements as well:
|
||||||
|
//
|
||||||
|
// FooAssign: `lhs .= rhs, lhs .= &rhs`.
|
||||||
|
// Foo: `lhs . rhs, &lhs . rhs, &lhs . &rhs, lhs . &rhs`
|
||||||
|
macro_rules! generate_op_impls {
|
||||||
|
($t:ty, $op_name:ident, $op_name_assign:ident, $op_method:ident, $op_method_assign:ident) => {
|
||||||
|
// Supplied by caller: `lhs .= rhs`
|
||||||
|
|
||||||
|
// `lhs . rhs`
|
||||||
|
impl ops::$op_name for $t {
|
||||||
|
type Output = Self;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn $op_method(mut self, rhs: $t) -> Self {
|
||||||
|
self.$op_method_assign(&rhs);
|
||||||
|
self
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// lhs .= &rhs
|
||||||
|
impl<'a> ops::$op_name_assign<&'a $t> for $t {
|
||||||
|
#[inline]
|
||||||
|
fn $op_method_assign(&mut self, rhs: &'a $t) {
|
||||||
|
ops::$op_name_assign::$op_method_assign(self, *rhs)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// `&lhs . rhs`
|
||||||
|
impl<'a> ops::$op_name<$t> for &'a $t {
|
||||||
|
type Output = $t;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn $op_method(self, other: $t) -> Self::Output {
|
||||||
|
let mut tmp = *self;
|
||||||
|
tmp.$op_method_assign(&other);
|
||||||
|
tmp
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// `&lhs . &rhs`
|
||||||
|
impl<'a, 'b> ops::$op_name<&'b $t> for &'a $t {
|
||||||
|
type Output = $t;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn $op_method(self, other: &'b $t) -> Self::Output {
|
||||||
|
let mut tmp = *self;
|
||||||
|
tmp.$op_method_assign(other);
|
||||||
|
tmp
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// `lhs . &rhs`
|
||||||
|
impl<'a> ops::$op_name<&'a $t> for $t {
|
||||||
|
type Output = $t;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn $op_method(mut self, other: &'a $t) -> Self::Output {
|
||||||
|
self.$op_method_assign(other);
|
||||||
|
self
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
impl ops::SubAssign<Mersenne8> for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn sub_assign(&mut self, rhs: Mersenne8) {
|
||||||
|
// Since `self.0` is < 2^31-1, `self.0 + 2^31-1` is still smaller than `u32::MAX`.
|
||||||
|
self.0 = (self.0 + MS8 - rhs.0) % MS8;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
generate_op_impls!(Mersenne8, Sub, SubAssign, sub, sub_assign);
|
||||||
|
|
||||||
|
impl ops::AddAssign<Mersenne8> for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn add_assign(&mut self, rhs: Mersenne8) {
|
||||||
|
self.0 = (self.0 + rhs.0) % MS8;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
generate_op_impls!(Mersenne8, Add, AddAssign, add, add_assign);
|
||||||
|
|
||||||
|
impl ops::MulAssign for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn mul_assign(&mut self, rhs: Mersenne8) {
|
||||||
|
// Usually, Schrage's method would be a good way to implement the multiplication;
|
||||||
|
// however, since we will mostly be running the code on 64-bit machines and
|
||||||
|
// `(2^31-1)^2 < 2^64`, we can cheat and do this fairly fast in 64 bits.
|
||||||
|
self.0 = (u64::from(self.0) * u64::from(rhs.0) % u64::from(MS8)) as u32;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
generate_op_impls!(Mersenne8, Mul, MulAssign, mul, mul_assign);
|
||||||
|
|
||||||
|
impl Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
pub fn new(v: u32) -> Mersenne8 {
|
||||||
|
Mersenne8(v % MS8)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
pub fn pow(self, exp: u32) -> Mersenne8 {
|
||||||
|
Mersenne8(modular_pow(self.0, exp, MS8))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<u32> for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn from(v: u32) -> Mersenne8 {
|
||||||
|
Mersenne8::new(v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<u64> for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn from(v: u64) -> Mersenne8 {
|
||||||
|
Mersenne8((v % u64::from(MS8)) as u32)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl From<Mersenne8> for u32 {
|
||||||
|
fn from(v: Mersenne8) -> u32 {
|
||||||
|
v.0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PartialEq<u32> for Mersenne8 {
|
||||||
|
fn eq(&self, other: &u32) -> bool {
|
||||||
|
self.0 == *other
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl fmt::Display for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||||
|
fmt::Display::fmt(&self.0, f)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl rand::Rand for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn rand<R: rand::Rng>(rng: &mut R) -> Self {
|
||||||
|
Mersenne8::from(<u32 as rand::Rand>::rand(rng))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Field for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn zero() -> Self {
|
||||||
|
Mersenne8(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn one() -> Self {
|
||||||
|
Mersenne8(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn is_zero(&self) -> bool {
|
||||||
|
self.0 == 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn square(&mut self) {
|
||||||
|
self.0 = (*self * *self).0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn double(&mut self) {
|
||||||
|
// MS8 fits at least twice into a single u32.
|
||||||
|
self.0 = (self.0 * 2) % MS8;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn negate(&mut self) {
|
||||||
|
self.0 = (Self::zero() - *self).0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn add_assign(&mut self, other: &Self) {
|
||||||
|
*self += other;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn sub_assign(&mut self, other: &Self) {
|
||||||
|
*self -= other;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn mul_assign(&mut self, other: &Self) {
|
||||||
|
*self *= other;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn inverse(&self) -> Option<Self> {
|
||||||
|
let (d, _s, t) = ext_euclid(MS8, self.0);
|
||||||
|
|
||||||
|
// MS8 is prime, so the gcd should always be 1, unless the number itself is 0.
|
||||||
|
if d != 1 {
|
||||||
|
debug_assert_eq!(d, MS8);
|
||||||
|
return None;
|
||||||
|
}
|
||||||
|
|
||||||
|
Some(Mersenne8::new(
|
||||||
|
((t + i64::from(MS8)) % i64::from(MS8)) as u32,
|
||||||
|
))
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn frobenius_map(&mut self, _power: usize) {
|
||||||
|
// Does nothing, the frobenius endomorphism is the identity function in every finite field
|
||||||
|
// of prime order.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PrimeField for Mersenne8 {
|
||||||
|
type Repr = Self;
|
||||||
|
|
||||||
|
const NUM_BITS: u32 = 32;
|
||||||
|
const CAPACITY: u32 = 30;
|
||||||
|
|
||||||
|
// Not actually used.
|
||||||
|
const S: u32 = 0;
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn from_repr(v: Self::Repr) -> Result<Self, PrimeFieldDecodingError> {
|
||||||
|
Ok(v)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn into_repr(&self) -> Self::Repr {
|
||||||
|
*self
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn char() -> Self::Repr {
|
||||||
|
// Awkward. We cannot return the characteristic itself, since it's not an element of field,
|
||||||
|
// but equal to its order. Instead, we panic.
|
||||||
|
//
|
||||||
|
// Note: The return type of this function should probably be `usize`.
|
||||||
|
panic!("Cannot return characteristic of Mersenne8 as an element of Mersenne8.");
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn multiplicative_generator() -> Self {
|
||||||
|
// Any element of a finite field of prime order is a generator, but 3 is the smallest one
|
||||||
|
// that is a quadratic non-residue.
|
||||||
|
Mersenne8::new(3)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn root_of_unity() -> Self {
|
||||||
|
// Still unclear what's supposed to be implemented here, missing at least an `n`?.
|
||||||
|
unimplemented!()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl SqrtField for Mersenne8 {
|
||||||
|
fn legendre(&self) -> LegendreSymbol {
|
||||||
|
// Uses Euler's criterion: `(a/p) === a^((p-1)/2).
|
||||||
|
let exp = (MS8 - 1) / 2;
|
||||||
|
|
||||||
|
match (*self).pow(exp).0 {
|
||||||
|
1 => LegendreSymbol::QuadraticResidue,
|
||||||
|
n if n == MS8 - 1 => LegendreSymbol::QuadraticNonResidue,
|
||||||
|
0 => LegendreSymbol::Zero,
|
||||||
|
_ => panic!("Euler's criteria did not return correct Legendre symbol"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn sqrt(&self) -> Option<Self> {
|
||||||
|
unimplemented!() // FIXME, could use Tonelli-Shanks algorithm
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl PrimeFieldRepr for Mersenne8 {
|
||||||
|
#[inline]
|
||||||
|
fn sub_noborrow(&mut self, other: &Self) {
|
||||||
|
*self -= other;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn add_nocarry(&mut self, other: &Self) {
|
||||||
|
*self += other;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn num_bits(&self) -> u32 {
|
||||||
|
8 * mem::size_of::<Self>() as u32
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn is_zero(&self) -> bool {
|
||||||
|
self.0 == 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn is_odd(&self) -> bool {
|
||||||
|
self.0 % 2 == 1
|
||||||
|
}
|
||||||
|
|
||||||
|
// #[inline]
|
||||||
|
fn is_even(&self) -> bool {
|
||||||
|
!self.is_odd()
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn div2(&mut self) {
|
||||||
|
self.shr(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn shr(&mut self, amt: u32) {
|
||||||
|
self.0 >>= amt;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn mul2(&mut self) {
|
||||||
|
*self *= Mersenne8::new(2);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn shl(&mut self, amt: u32) {
|
||||||
|
// FIXME: is this correct?
|
||||||
|
self.0 <<= amt;
|
||||||
|
self.0 %= MS8;
|
||||||
|
}
|
||||||
|
|
||||||
|
fn write_be<W: Write>(&self, mut writer: W) -> io::Result<()> {
|
||||||
|
let mut buf = [0u8; 4];
|
||||||
|
BigEndian::write_u32(&mut buf, self.0);
|
||||||
|
writer.write_all(&buf)?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn read_be<R: Read>(&mut self, mut reader: R) -> io::Result<()> {
|
||||||
|
let mut buf = [0u8; 4];
|
||||||
|
reader.read_exact(&mut buf)?;
|
||||||
|
self.0 = BigEndian::read_u32(&buf);
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Extended Euclidean algorithm
|
||||||
|
///
|
||||||
|
/// Returns the `gcd(a,b)`, as well as the
|
||||||
|
/// [Bézout coefficients](https://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity) `s` and `t` (with
|
||||||
|
/// `sa + tb = gcd(a,b)`).
|
||||||
|
///
|
||||||
|
/// The function will neither panic nor overflow; however passing in `0` as either `a` or `b`
|
||||||
|
/// will not give useful results for `s` and `t`.
|
||||||
|
///
|
||||||
|
/// Note: A non-recurring implementation will probably be faster, but the recursion is simpler
|
||||||
|
/// to write.
|
||||||
|
#[inline]
|
||||||
|
fn ext_euclid(a: u32, b: u32) -> (u32, i64, i64) {
|
||||||
|
// Bézout coefficients (`s` and `t`) are bound by `|s| <= |b/d|` and `|t| <= |a/d|`
|
||||||
|
// (`d` being `gdc(a,b)`). (See https://en.wikipedia.org/wiki/B%C3%A9zout%27s_identity)
|
||||||
|
//
|
||||||
|
// FIXME: Find out of there are any larger than i32::MAX. For now, we are using an `i64` to
|
||||||
|
// avoid problems, at the expense of some runtime performance on 32 bit systems.
|
||||||
|
|
||||||
|
if b == 0 {
|
||||||
|
return (a, 1, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
let res = ext_euclid(b, a % b);
|
||||||
|
let s = res.2;
|
||||||
|
let t = res.1 - i64::from(a / b) * res.2;
|
||||||
|
(res.0, s, t)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(test)]
|
||||||
|
mod tests {
|
||||||
|
// There are copy & pasted results of calculations from external programs in these tests.
|
||||||
|
#![cfg_attr(feature = "cargo-clippy", allow(unreadable_literal))]
|
||||||
|
#![cfg_attr(feature = "cargo-clippy", allow(op_ref))]
|
||||||
|
// We test a few mathematical identities, including `c - c = 0`. Clippy complains about these
|
||||||
|
// otherwise unusual expressions, so the lint is disabled.
|
||||||
|
#![cfg_attr(feature = "cargo-clippy", allow(eq_op))]
|
||||||
|
|
||||||
|
use super::{ext_euclid, modular_pow, Mersenne8};
|
||||||
|
use pairing::Field;
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn ext_euclid_simple() {
|
||||||
|
assert_eq!(ext_euclid(56, 15), (1, -4, 15));
|
||||||
|
assert_eq!(ext_euclid(128, 44), (4, -1, 3));
|
||||||
|
assert_eq!(ext_euclid(44, 128), (4, 3, -1));
|
||||||
|
assert_eq!(ext_euclid(7, 0), (7, 1, 0));
|
||||||
|
assert_eq!(ext_euclid(0, 7), (7, 0, 1));
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn modular_pow_simple() {
|
||||||
|
assert_eq!(modular_pow(2, 8, 1024), 256);
|
||||||
|
|
||||||
|
let mods: &[u64] = &[2, 7, 256, 32000, 4294967295];
|
||||||
|
|
||||||
|
for exp in 0..20u32 {
|
||||||
|
for base in 2..8u64 {
|
||||||
|
for &m in mods {
|
||||||
|
assert_eq!(
|
||||||
|
modular_pow(base as u32, exp, m as u32),
|
||||||
|
(base.pow(exp) % m) as u32
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn construction() {
|
||||||
|
let a: Mersenne8 = 0u32.into();
|
||||||
|
let b: Mersenne8 = 1u32.into();
|
||||||
|
let c: Mersenne8 = 2147483649u32.into();
|
||||||
|
let d: Mersenne8 = 1099511627776u64.into();
|
||||||
|
|
||||||
|
assert_eq!(a, 0);
|
||||||
|
assert_eq!(b, 1);
|
||||||
|
assert_eq!(c, 2);
|
||||||
|
assert_eq!(d, 512);
|
||||||
|
|
||||||
|
assert_eq!(a, Mersenne8::new(0));
|
||||||
|
assert_eq!(b, Mersenne8::new(1));
|
||||||
|
assert_eq!(c, Mersenne8::new(2));
|
||||||
|
assert_eq!(d, Mersenne8::new(512));
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn addition() {
|
||||||
|
let a = Mersenne8::new(0);
|
||||||
|
let b = Mersenne8::new(1);
|
||||||
|
let c = Mersenne8::new(127);
|
||||||
|
let d = Mersenne8::new(1073741824);
|
||||||
|
let e = Mersenne8::new(2147483646);
|
||||||
|
|
||||||
|
// lhs . rhs
|
||||||
|
assert_eq!(a + b, Mersenne8::new(1));
|
||||||
|
assert_eq!(c + c, Mersenne8::new(254));
|
||||||
|
assert_eq!(d + c, Mersenne8::new(1073741951));
|
||||||
|
assert_eq!(d + e, Mersenne8::new(3221225470));
|
||||||
|
assert_eq!(d + e, 1073741823);
|
||||||
|
assert_eq!(e + e, Mersenne8::new(4294967292));
|
||||||
|
|
||||||
|
// &lhs . rhs
|
||||||
|
assert_eq!(a + &b, Mersenne8::new(1));
|
||||||
|
assert_eq!(c + &c, Mersenne8::new(254));
|
||||||
|
assert_eq!(d + &c, Mersenne8::new(1073741951));
|
||||||
|
assert_eq!(d + &e, Mersenne8::new(3221225470));
|
||||||
|
assert_eq!(e + &e, Mersenne8::new(4294967292));
|
||||||
|
|
||||||
|
// lhs . &rhs
|
||||||
|
assert_eq!(&a + b, Mersenne8::new(1));
|
||||||
|
assert_eq!(&c + c, Mersenne8::new(254));
|
||||||
|
assert_eq!(&d + c, Mersenne8::new(1073741951));
|
||||||
|
assert_eq!(&d + e, Mersenne8::new(3221225470));
|
||||||
|
assert_eq!(&e + e, Mersenne8::new(4294967292));
|
||||||
|
|
||||||
|
// &lhs . &rhs
|
||||||
|
assert_eq!(&a + &b, Mersenne8::new(1));
|
||||||
|
assert_eq!(&c + &c, Mersenne8::new(254));
|
||||||
|
assert_eq!(&d + &c, Mersenne8::new(1073741951));
|
||||||
|
assert_eq!(&d + &e, Mersenne8::new(3221225470));
|
||||||
|
assert_eq!(&e + &e, Mersenne8::new(4294967292));
|
||||||
|
|
||||||
|
// lhs .= rhs
|
||||||
|
let mut x = Mersenne8::new(8);
|
||||||
|
assert_eq!(x, Mersenne8::new(8));
|
||||||
|
x += a;
|
||||||
|
assert_eq!(x, Mersenne8::new(8));
|
||||||
|
x += b;
|
||||||
|
assert_eq!(x, Mersenne8::new(9));
|
||||||
|
x += c;
|
||||||
|
assert_eq!(x, Mersenne8::new(136));
|
||||||
|
x += d;
|
||||||
|
assert_eq!(x, Mersenne8::new(1073741960));
|
||||||
|
x += e;
|
||||||
|
assert_eq!(x, Mersenne8::new(1073741959));
|
||||||
|
|
||||||
|
// lhs .= &rhs
|
||||||
|
let mut y = Mersenne8::new(8);
|
||||||
|
assert_eq!(y, Mersenne8::new(8));
|
||||||
|
y += &a;
|
||||||
|
assert_eq!(y, Mersenne8::new(8));
|
||||||
|
y += &b;
|
||||||
|
assert_eq!(y, Mersenne8::new(9));
|
||||||
|
y += &c;
|
||||||
|
assert_eq!(y, Mersenne8::new(136));
|
||||||
|
y += &d;
|
||||||
|
assert_eq!(y, Mersenne8::new(1073741960));
|
||||||
|
y += &e;
|
||||||
|
assert_eq!(y, Mersenne8::new(1073741959));
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn subtraction() {
|
||||||
|
let a = Mersenne8::new(0);
|
||||||
|
let b = Mersenne8::new(1);
|
||||||
|
let c = Mersenne8::new(127);
|
||||||
|
let d = Mersenne8::new(1073741824);
|
||||||
|
let e = Mersenne8::new(2147483646);
|
||||||
|
|
||||||
|
// lhs . rhs
|
||||||
|
assert_eq!(a - b, Mersenne8::new(2147483646));
|
||||||
|
assert_eq!(c - c, Mersenne8::new(0));
|
||||||
|
assert_eq!(d - c, Mersenne8::new(1073741697));
|
||||||
|
assert_eq!(d - e, Mersenne8::new(1073741825));
|
||||||
|
|
||||||
|
// &lhs . rhs
|
||||||
|
assert_eq!(&a - b, Mersenne8::new(2147483646));
|
||||||
|
assert_eq!(&c - c, Mersenne8::new(0));
|
||||||
|
assert_eq!(&d - c, Mersenne8::new(1073741697));
|
||||||
|
assert_eq!(&d - e, Mersenne8::new(1073741825));
|
||||||
|
|
||||||
|
// lhs . &rhs
|
||||||
|
assert_eq!(a - &b, Mersenne8::new(2147483646));
|
||||||
|
assert_eq!(c - &c, Mersenne8::new(0));
|
||||||
|
assert_eq!(d - &c, Mersenne8::new(1073741697));
|
||||||
|
assert_eq!(d - &e, Mersenne8::new(1073741825));
|
||||||
|
|
||||||
|
// &lhs . &rhs
|
||||||
|
assert_eq!(&a - &b, Mersenne8::new(2147483646));
|
||||||
|
assert_eq!(&c - &c, Mersenne8::new(0));
|
||||||
|
assert_eq!(&d - &c, Mersenne8::new(1073741697));
|
||||||
|
assert_eq!(&d - &e, Mersenne8::new(1073741825));
|
||||||
|
|
||||||
|
// lhs .= rhs
|
||||||
|
let mut x = Mersenne8::new(17);
|
||||||
|
assert_eq!(x, Mersenne8::new(17));
|
||||||
|
x -= a;
|
||||||
|
assert_eq!(x, Mersenne8::new(17));
|
||||||
|
x -= b;
|
||||||
|
assert_eq!(x, Mersenne8::new(16));
|
||||||
|
x -= c;
|
||||||
|
assert_eq!(x, Mersenne8::new(2147483536));
|
||||||
|
x -= d;
|
||||||
|
assert_eq!(x, Mersenne8::new(1073741712));
|
||||||
|
x -= e;
|
||||||
|
assert_eq!(x, Mersenne8::new(1073741713));
|
||||||
|
|
||||||
|
// lhs .= &rhs
|
||||||
|
let mut y = Mersenne8::new(17);
|
||||||
|
assert_eq!(y, Mersenne8::new(17));
|
||||||
|
y -= &a;
|
||||||
|
assert_eq!(y, Mersenne8::new(17));
|
||||||
|
y -= &b;
|
||||||
|
assert_eq!(y, Mersenne8::new(16));
|
||||||
|
y -= &c;
|
||||||
|
assert_eq!(y, Mersenne8::new(2147483536));
|
||||||
|
y -= &d;
|
||||||
|
assert_eq!(y, Mersenne8::new(1073741712));
|
||||||
|
y -= &e;
|
||||||
|
assert_eq!(y, Mersenne8::new(1073741713));
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn multiplication() {
|
||||||
|
let a = Mersenne8::new(0);
|
||||||
|
let b = Mersenne8::new(1);
|
||||||
|
let c = Mersenne8::new(127);
|
||||||
|
let d = Mersenne8::new(1073741824);
|
||||||
|
let e = Mersenne8::new(384792341);
|
||||||
|
|
||||||
|
// lhs . rhs
|
||||||
|
assert_eq!(a * a, Mersenne8::new(0));
|
||||||
|
assert_eq!(a * b, Mersenne8::new(0));
|
||||||
|
assert_eq!(b * b, Mersenne8::new(1));
|
||||||
|
assert_eq!(c * c, Mersenne8::new(16129));
|
||||||
|
assert_eq!(d * c, Mersenne8::new(1073741887));
|
||||||
|
assert_eq!(d * e, Mersenne8::new(1266137994));
|
||||||
|
|
||||||
|
// &lhs . rhs
|
||||||
|
assert_eq!(&a * a, Mersenne8::new(0));
|
||||||
|
assert_eq!(&a * b, Mersenne8::new(0));
|
||||||
|
assert_eq!(&b * b, Mersenne8::new(1));
|
||||||
|
assert_eq!(&c * c, Mersenne8::new(16129));
|
||||||
|
assert_eq!(&d * c, Mersenne8::new(1073741887));
|
||||||
|
assert_eq!(&d * e, Mersenne8::new(1266137994));
|
||||||
|
|
||||||
|
// lhs . &rhs
|
||||||
|
assert_eq!(a * &a, Mersenne8::new(0));
|
||||||
|
assert_eq!(a * &b, Mersenne8::new(0));
|
||||||
|
assert_eq!(b * &b, Mersenne8::new(1));
|
||||||
|
assert_eq!(c * &c, Mersenne8::new(16129));
|
||||||
|
assert_eq!(d * &c, Mersenne8::new(1073741887));
|
||||||
|
assert_eq!(d * &e, Mersenne8::new(1266137994));
|
||||||
|
|
||||||
|
// &lhs . &rhs
|
||||||
|
assert_eq!(&a * &a, Mersenne8::new(0));
|
||||||
|
assert_eq!(&a * &b, Mersenne8::new(0));
|
||||||
|
assert_eq!(&b * &b, Mersenne8::new(1));
|
||||||
|
assert_eq!(&c * &c, Mersenne8::new(16129));
|
||||||
|
assert_eq!(&d * &c, Mersenne8::new(1073741887));
|
||||||
|
assert_eq!(&d * &e, Mersenne8::new(1266137994));
|
||||||
|
|
||||||
|
// lhs .= rhs
|
||||||
|
let mut x = Mersenne8::new(17);
|
||||||
|
x *= b;
|
||||||
|
assert_eq!(x, Mersenne8::new(17));
|
||||||
|
x *= c;
|
||||||
|
assert_eq!(x, Mersenne8::new(2159));
|
||||||
|
x *= d;
|
||||||
|
assert_eq!(x, Mersenne8::new(1073742903));
|
||||||
|
x *= e;
|
||||||
|
assert_eq!(x, Mersenne8::new(1992730062));
|
||||||
|
|
||||||
|
// // lhs .= &rhs
|
||||||
|
let mut y = Mersenne8::new(17);
|
||||||
|
y *= &b;
|
||||||
|
assert_eq!(y, Mersenne8::new(17));
|
||||||
|
y *= &c;
|
||||||
|
assert_eq!(y, Mersenne8::new(2159));
|
||||||
|
y *= &d;
|
||||||
|
assert_eq!(y, Mersenne8::new(1073742903));
|
||||||
|
y *= &e;
|
||||||
|
assert_eq!(y, Mersenne8::new(1992730062));
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn square() {
|
||||||
|
let a = Mersenne8::new(7);
|
||||||
|
let b = Mersenne8::new(1073729479);
|
||||||
|
|
||||||
|
let mut a_sq = a;
|
||||||
|
a_sq.square();
|
||||||
|
assert_eq!(a_sq, a * a);
|
||||||
|
assert_eq!(a_sq, 49);
|
||||||
|
|
||||||
|
let mut b_sq = b;
|
||||||
|
b_sq.square();
|
||||||
|
assert_eq!(b_sq, b * b);
|
||||||
|
assert_eq!(b_sq, 689257592);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn double() {
|
||||||
|
let mut a = Mersenne8::new(0);
|
||||||
|
let mut b = Mersenne8::new(1);
|
||||||
|
let mut c = Mersenne8::new(9);
|
||||||
|
let mut d = Mersenne8::new(2147483646);
|
||||||
|
|
||||||
|
a.double();
|
||||||
|
b.double();
|
||||||
|
c.double();
|
||||||
|
d.double();
|
||||||
|
|
||||||
|
assert_eq!(a, 0);
|
||||||
|
assert_eq!(b, 2);
|
||||||
|
assert_eq!(c, 18);
|
||||||
|
assert_eq!(d, 2147483645);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn negate() {
|
||||||
|
let mut a = Mersenne8::new(0);
|
||||||
|
let mut b = Mersenne8::new(1);
|
||||||
|
let mut c = Mersenne8::new(9);
|
||||||
|
let mut d = Mersenne8::new(17);
|
||||||
|
let mut e = Mersenne8::new(16441);
|
||||||
|
let mut f = Mersenne8::new(1073754169);
|
||||||
|
|
||||||
|
a.negate();
|
||||||
|
b.negate();
|
||||||
|
c.negate();
|
||||||
|
d.negate();
|
||||||
|
e.negate();
|
||||||
|
f.negate();
|
||||||
|
|
||||||
|
assert_eq!(a, 0);
|
||||||
|
assert_eq!(b, 2147483646);
|
||||||
|
assert_eq!(c, 2147483638);
|
||||||
|
assert_eq!(d, 2147483630);
|
||||||
|
assert_eq!(e, 2147467206);
|
||||||
|
assert_eq!(f, 1073729478);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn inverse() {
|
||||||
|
let a = Mersenne8::new(0);
|
||||||
|
let b = Mersenne8::new(1);
|
||||||
|
let c = Mersenne8::new(2);
|
||||||
|
let d = Mersenne8::new(1234);
|
||||||
|
let e = Mersenne8::new(1073741823);
|
||||||
|
let f = Mersenne8::new(46341);
|
||||||
|
let g = Mersenne8::new(2147483646);
|
||||||
|
let h = Mersenne8::new(923042);
|
||||||
|
|
||||||
|
assert_eq!(a.inverse(), None);
|
||||||
|
assert_eq!(b.inverse(), Some(Mersenne8::new(1)));
|
||||||
|
assert_eq!(c.inverse(), Some(Mersenne8::new(1073741824)));
|
||||||
|
assert_eq!(d.inverse(), Some(Mersenne8::new(158363867)));
|
||||||
|
assert_eq!(e.inverse(), Some(Mersenne8::new(2147483645)));
|
||||||
|
assert_eq!(f.inverse(), Some(Mersenne8::new(2147020238)));
|
||||||
|
assert_eq!(g.inverse(), Some(Mersenne8::new(2147483646)));
|
||||||
|
assert_eq!(h.inverse(), Some(Mersenne8::new(1271194309)));
|
||||||
|
|
||||||
|
assert_eq!(b.inverse().unwrap().inverse().unwrap(), b);
|
||||||
|
assert_eq!(c.inverse().unwrap().inverse().unwrap(), c);
|
||||||
|
assert_eq!(d.inverse().unwrap().inverse().unwrap(), d);
|
||||||
|
assert_eq!(e.inverse().unwrap().inverse().unwrap(), e);
|
||||||
|
assert_eq!(f.inverse().unwrap().inverse().unwrap(), f);
|
||||||
|
assert_eq!(g.inverse().unwrap().inverse().unwrap(), g);
|
||||||
|
assert_eq!(g.inverse().unwrap().inverse().unwrap(), g);
|
||||||
|
assert_eq!(h.inverse().unwrap().inverse().unwrap(), h);
|
||||||
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn frobenius_map() {
|
||||||
|
let a = Mersenne8::new(0);
|
||||||
|
let b = Mersenne8::new(1);
|
||||||
|
let c = Mersenne8::new(2);
|
||||||
|
let d = Mersenne8::new(1234);
|
||||||
|
let e = Mersenne8::new(1073741823);
|
||||||
|
let f = Mersenne8::new(46341);
|
||||||
|
let g = Mersenne8::new(2147483646);
|
||||||
|
let h = Mersenne8::new(923042);
|
||||||
|
|
||||||
|
let mut a_fm = a;
|
||||||
|
let mut b_fm = b;
|
||||||
|
let mut c_fm = c;
|
||||||
|
let mut d_fm = d;
|
||||||
|
let mut e_fm = e;
|
||||||
|
let mut f_fm = f;
|
||||||
|
let mut g_fm = g;
|
||||||
|
let mut h_fm = h;
|
||||||
|
|
||||||
|
a_fm.frobenius_map(1);
|
||||||
|
a_fm.frobenius_map(2);
|
||||||
|
a_fm.frobenius_map(3);
|
||||||
|
b_fm.frobenius_map(1);
|
||||||
|
b_fm.frobenius_map(2);
|
||||||
|
b_fm.frobenius_map(3);
|
||||||
|
c_fm.frobenius_map(1);
|
||||||
|
c_fm.frobenius_map(2);
|
||||||
|
c_fm.frobenius_map(3);
|
||||||
|
d_fm.frobenius_map(1);
|
||||||
|
d_fm.frobenius_map(2);
|
||||||
|
d_fm.frobenius_map(3);
|
||||||
|
e_fm.frobenius_map(1);
|
||||||
|
e_fm.frobenius_map(2);
|
||||||
|
e_fm.frobenius_map(3);
|
||||||
|
f_fm.frobenius_map(1);
|
||||||
|
f_fm.frobenius_map(2);
|
||||||
|
f_fm.frobenius_map(3);
|
||||||
|
g_fm.frobenius_map(1);
|
||||||
|
g_fm.frobenius_map(2);
|
||||||
|
g_fm.frobenius_map(3);
|
||||||
|
h_fm.frobenius_map(1);
|
||||||
|
h_fm.frobenius_map(2);
|
||||||
|
h_fm.frobenius_map(3);
|
||||||
|
|
||||||
|
assert_eq!(a_fm, a);
|
||||||
|
assert_eq!(b_fm, b);
|
||||||
|
assert_eq!(c_fm, c);
|
||||||
|
assert_eq!(d_fm, d);
|
||||||
|
assert_eq!(e_fm, e);
|
||||||
|
assert_eq!(f_fm, f);
|
||||||
|
assert_eq!(g_fm, g);
|
||||||
|
assert_eq!(h_fm, h);
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
use std::borrow::Cow;
|
use std::borrow::Cow;
|
||||||
|
|
||||||
use pairing::bls12_381::G1;
|
use super::G1;
|
||||||
use serde::de::Error as DeserializeError;
|
use serde::de::Error as DeserializeError;
|
||||||
use serde::{Deserialize, Deserializer, Serialize, Serializer};
|
use serde::{Deserialize, Deserializer, Serialize, Serializer};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue