zec
/
pasta
mirror of https://github.com/zcash/pasta.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Commit Graph

  • e077f5840f
         Merge 6414429a67 into f0f7068552 PO 2023-05-19 20:49:22 +0800
  • 6414429a67
         Update hashtocurve.sage PO 2023-05-19 20:48:17 +0800
  • 20a16630fb
         Merge 7ed44d790c into f0f7068552 tevador 2023-02-25 18:20:28 +0100
  • 7ed44d790c Two new search strategies to find special-form primes p. tevador 2023-02-16 22:31:20 +0100
  • 485176caac
         Merge 6161ae7b77 into f0f7068552 Andy Polyakov 2021-08-17 13:18:42 +0200
  • 6161ae7b77 Shave off one multiplication from the Vesta 5-inv addition chain. Andy Polyakov 2021-08-17 13:08:38 +0200
  • f0f7068552 Add test vectors for map_to_simple_swu. master Daira Hopwood 2021-04-27 14:24:13 +0100
  • 6a4f42ce25 Resolve an ambiguity in the Internet Draft (https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-10.html#name-finding-z-for-the-shallue-va). Daira Hopwood 2021-04-21 12:35:27 +0100
  • 71094393e8 Sage-on-Python 3 compatibility fixes. Daira Hopwood 2021-04-21 12:32:27 +0100
  • d10932faf0 Add sinsemilla.sage. Daira Hopwood 2021-04-02 17:51:18 +0100
  • bdf50d9ede
         Merge pull request #2 from zcash/hashtocurve-blocksize ebfull 2021-04-01 16:21:05 -0600
  • 571dab6596 Update the Pallas test vector so that it exercises both the gx1 square and non-square branches. This matches the comment in the Rust code: Daira Hopwood 2021-03-27 13:53:00 +0000
  • 3b511bf281
         Merge pull request #1 from zcash/patch-base-tables Daira Hopwood 2021-03-22 22:36:57 +0000
  • 044baaab1f hashtocurve.sage: the block size of BLAKE2b is 128 bytes, not 64 bytes. Daira Hopwood 2021-03-22 22:34:29 +0000
  • f744721899 Add right-to-left addition chains for 5^-1 (mod p-1, q-1). Daira Hopwood 2021-03-19 20:55:49 +0000
  • 3e599445be Remove -r personalisations from Sinsemilla Q patch-base-tables therealyingtong 2021-03-15 12:54:38 +0800
  • dfeb3f7fbd base_tables.sage: corrections; window tables are not needed for Sinsemilla bases. Daira Hopwood 2021-03-06 22:52:03 +0000
  • b34ba21d5d Add base_tables.sage: compute the tables for fixed-base scalar multiplication. Daira Hopwood 2021-03-06 22:08:43 +0000
  • de872b47f7 hashtocurve.sage: minor changes to get access to the Sage EllipticCurve point from hash_to_*_jacobian. Daira Hopwood 2021-03-06 22:04:22 +0000
  • b4a8d29ca1 subgroupcheck.sage: ensure that progress dots are printed consistently by all threads. Daira Hopwood 2021-03-01 19:06:09 +0000
  • c51449a535 Change to XMD:BLAKE2b, and use the same test vectors as the Rust implementation. Daira Hopwood 2021-02-21 21:11:19 +0000
  • 779c3b117e Fix the case where the input to map_to_curve_simplified_swu is 0. Daira Hopwood 2021-02-21 21:10:23 +0000
  • 798e1e9a89 Remove non-ASCII characters from subgroupcheck.sage. Daira Hopwood 2021-02-19 19:00:04 +0000
  • 8f8d0ba399 Add subgroupcheck.sage. Daira Hopwood 2021-02-19 18:56:20 +0000
  • fb448f3538 Add isogeny for Vesta. Daira Hopwood 2021-01-13 01:11:20 +0000
  • 540fe946c1 Fix unified addition. Daira Hopwood 2021-01-02 21:01:33 +0000
  • 8e22490f43 hashtocurve.sage: make DEBUG = True work. Daira Hopwood 2021-01-02 02:23:55 +0000
  • 3523aee87f hashtocurve.sage: fix a bug due to inadvertently relying on values calculated by debug code. Daira Hopwood 2021-01-02 02:22:01 +0000
  • fd7283a979 Make map_to_curve_simple_swu take a single input again (since we no longer need batch inversion). Also make it clearer that we don't depend on Sage's elliptic curve impl except for debugging. Daira Hopwood 2021-01-02 00:50:42 +0000
  • c0f2b2d8b6 Correct a comment. Daira Hopwood 2021-01-02 00:20:36 +0000
  • 4a3a34feea Improve comments and cost accounting. Daira Hopwood 2021-01-01 19:40:51 +0000
  • 50d3e83467 Implement the optimization from [WB2019, section 4.2] that removes the remaining inversion. Daira Hopwood 2021-01-01 03:36:05 +0000
  • 391e67f250 hashtocurve.sage: correct a comment. Daira Hopwood 2020-12-31 15:26:20 +0000
  • 112983e667 hashtocurve: allow use of the sqrt optimization with the Z recommended by the Internet Draft. This also makes the sqrt and hash-to-curve implementations depend on each other less strongly. Daira Hopwood 2020-12-31 13:45:35 +0000
  • ef3405dd20 Add an optimization from [WB2019, section 4.2] that saves a square root for each map_to_curve. Daira Hopwood 2020-12-31 03:35:50 +0000
  • 71afc68f7d hashtocurve.sage: add Jacobian coordinate implementation that avoids two of the three inversions. Do not base production code on this yet! Daira Hopwood 2020-12-30 00:09:26 +0000
  • 7df33f4ce4 hashtocurve.sage: more realistic use of Montgomery's trick. Daira Hopwood 2020-12-29 17:52:35 +0000
  • 96fd2c794e [WIP] Add a prototype implementation of hash-to-curve. This intends to implement the Internet Draft but has not been checked. Daira Hopwood 2020-12-29 12:53:13 +0000
  • 7afb4e0d75 Add variant of the table-based square root that uses 16-entry tables. This could in principle be made truly constant-time. Daira Hopwood 2020-12-29 12:50:16 +0000
  • be58b5e128 Addition chains for 7^-1 (mod p-1, q-1). Daira Hopwood 2020-12-12 22:44:56 +0000
  • ad02b756cd Addition chains for 5^-1 (mod p-1, q-1). Daira Hopwood 2020-12-12 16:46:32 +0000
  • 56945c09e0 Import sys explicitly rather than relying on sage to do it. Daira Hopwood 2020-11-30 13:28:25 +0000
  • bf740d64b8 Add some nice assertions and tests to make it clearer what is going on. Daira Hopwood 2020-11-30 13:12:48 +0000
  • 7bf9015957 Assert that there are no collisions in invtab. Daira Hopwood 2020-11-30 12:00:50 +0000
  • 79738d2cb7 Improve the perfect hash function. Daira Hopwood 2020-11-30 10:43:17 +0000
  • bda5810e46 Python 2 compatibility. Daira Hopwood 2020-11-30 10:13:16 +0000
  • a8b6b48b91 Include the cost of checking the result in the squaring cost. (The algorithm will return a nonsense result for non-squares if we don't do this check.) Daira Hopwood 2020-11-29 20:47:58 +0000
  • 25dd9f0ed9 squareroottab.sage: remove unused instance variables. Daira Hopwood 2020-11-29 20:45:12 +0000
  • 223b60825c Save one squaring. Daira Hopwood 2020-11-29 20:36:08 +0000
  • d45dd14238 Make squareroot.sage more similar to squareroottab.sage to facilitate comparison. (This is actually a slight pessimisation, but we're not going to use the non-table-based variant.) Daira Hopwood 2020-11-29 20:35:36 +0000
  • e7f9d2cef6 squareroot.sage: turn off VERBOSE and EXPENSIVE. Daira Hopwood 2020-11-29 20:04:14 +0000
  • b26d051c59 Slightly optimize addition chain for Fq. Daira Hopwood 2020-11-29 20:03:25 +0000
  • 5bfaa90bf7 squareroottab.sage: inlining and shift microoptimizations. Daira Hopwood 2020-11-29 19:29:32 +0000
  • 49878117db squareroottab.sage: inline eval, and remove an unused part of gtab[3]. Daira Hopwood 2020-11-29 19:03:43 +0000
  • debab754cb squareroottab.sage: remove redundant code. Daira Hopwood 2020-11-29 18:45:04 +0000
  • 4f47706877 Add table-based variant of square root. Daira Hopwood 2020-11-29 18:43:07 +0000
  • fbd6f3b1bb squareroot.sage: improve debugging. Daira Hopwood 2020-11-29 18:42:33 +0000
  • 6d9e412d8d squareroot.sage: do expensive assertions only if DEBUG is set. Daira Hopwood 2020-11-28 15:34:45 +0000
  • 1d2c5d0826 squareroot.sage: optimize precomputation. Daira Hopwood 2020-11-28 15:33:54 +0000
  • 77524ce1a6 Prototype implementation of square roots on the Pasta fields (addition chains and Sarkar's algorithm). Daira Hopwood 2020-11-28 14:37:56 +0000
  • 15a23b3b3b README: cosmetics. Daira Hopwood 2020-11-27 09:35:53 +0000
  • 8f82a22d2c Remove requirement for sortedcontainers. Daira Hopwood 2020-11-27 09:35:07 +0000
  • 62e25b428a README: update for checksumsets etc. Daira Hopwood 2020-11-23 01:24:03 +0000
  • e3c1e1cd53 checksumsets.py: fix an off-by-one error in the final frames of the animation (not the actual check). Also update the animations for the Pasta curves. Daira Hopwood 2020-11-23 01:07:40 +0000
  • d74fbbcd01 Python 3 portability. Daira Hopwood 2020-11-20 17:03:11 +0000
  • cb6ef790f9 Update parameters for Pallas/Vesta. Daira Hopwood 2020-11-19 21:54:44 +0000
  • 1cd1766100 Pallas/Vesta README. Daira Hopwood 2020-11-19 21:53:07 +0000
  • a35294b64f Updates for Pallas/Vesta. Daira Hopwood 2020-11-19 19:54:53 +0000
  • 491beffc2c injectivitylemma.py: output information that I used in a slide in my ZK Study Club presentation. Daira Hopwood 2020-11-19 19:52:22 +0000
  • a7071be29a Delete injectivitylemma6.py (using both nontrivial roots of unity cannot work because roots of unity sum to 0). Daira Hopwood 2020-11-19 19:50:02 +0000
  • 9e56d94ddd amicable.py: fix low Hamming weight strategy. Daira Hopwood 2020-09-27 21:18:47 +0100
  • 4609be5090 verify.sage: make executable. Daira Hopwood 2020-09-26 21:43:46 +0100
  • 87335537b3 amicable.sage: various updates * support --isogenies and --ignoretwist options * more comprehensive usage string * if at least 6 threads are available, don't use 2 of them * test multiple gcd primes. Daira Hopwood 2020-09-26 21:43:31 +0100
  • 6c0f7ab40a amicable.sage: make executable. Daira Hopwood 2020-09-26 21:37:50 +0100
  • 3dd5b562e1 amicable.sage: the 2-adicity of p could be less than specified when using stretch (doesn't affect Tweedle curves). Daira Hopwood 2020-09-26 21:32:27 +0100
  • c6a6a04280 checksumsets.py: the fields of State can be just int, not Optional[int]. (The Optional was left over from a previous iteration of the code.) Daira Hopwood 2020-08-24 12:56:05 +0100
  • f761cc0833 Add animations. Daira Hopwood 2020-06-23 16:28:05 +0100
  • 289e616084 checksumsets.py: add support for generating animations. Daira Hopwood 2020-06-23 16:27:06 +0100
  • 5db9b7a1bc amicable.sage: fix minor bug in reporting whether bq is square (that did not affect the Tweedle curves). Daira Hopwood 2020-05-24 19:23:13 +0100
  • d93cabbaf8 injectivitylemma6.py: fix bugs in comments. Daira Hopwood 2020-04-26 11:58:21 +0100
  • e859145e33 verify.sage: tabs to spaces. Daira Hopwood 2020-04-25 18:21:59 +0100
  • f1e73dab4f verify.sage: compatibility with Python3-based sage. Daira Hopwood 2020-04-25 18:13:20 +0100
  • 5cbd39a77c amicable.sage: compatibility with Python3-based sage. Daira Hopwood 2020-04-25 17:38:14 +0100
  • 035fd2b2ce Add a hexary version of injectivitylemma.py. This is not used by the version of Halo in the paper. Daira Hopwood 2020-03-22 13:36:10 +0000
  • 15f7108bbc README: be clearer about which version of the paper is obsolete. Daira Hopwood 2020-03-15 14:47:54 +0000
  • 0ea400f339 checksumsets.py: if BRUTEFORCE_THRESHOLD is 0, don't call bruteforce_D (and don't depend on bintrees in that case). Daira Hopwood 2020-02-23 11:36:02 +0000
  • 3c69d7df58 injectivitylemma.py: add header comment. Daira Hopwood 2020-02-18 09:42:41 +0000
  • daff0c4197 injectivitylemma.py: use namedtuple for clarity, and switch to Python 3. Daira Hopwood 2020-02-18 09:41:29 +0000
  • c6e1112e1f injectivitylemma.py: change variable names to match paper. Daira Hopwood 2020-02-18 09:33:36 +0000
  • a22a02e2a4
         More precise about CM discriminant Daira Hopwood 2020-02-18 08:43:20 +0000
  • 2f60aed1ce
         Tweedledum/Tweedledee is fixed now Daira Hopwood 2020-02-18 08:40:54 +0000
  • b3091af83b Add checksumsets.py. Daira Hopwood 2020-02-10 15:06:43 +0000
  • 3f763f3f62 Fix a bug (% is not mod for negative integers). Daira Hopwood 2019-10-26 01:19:51 +0100
  • 78b0876888 Add test of injectivity lemma in the paper. Daira Hopwood 2019-10-25 23:23:02 +0100
  • c716927edd Rename t to T to avoid confusion with the trace. (Sometimes it is the trace, sometimes not!) Daira Hopwood 2019-09-17 18:31:34 +0100
  • a26bab8bfb Correct an error in computing the twist embedding degree. Daira Hopwood 2019-09-17 17:33:53 +0100
  • fc4c16613d Change to quadratic twist-secure curve. Daira Hopwood 2019-09-17 11:28:59 +0100
  • 6ca713d91f amicable.sage: various enhancements. Calculate twist security. Calculate embedding degrees. Change default 2-adicity. Update comments. Require curve constant to be primitive. Impose efficiency restrictions on primes when using --nearpowerof2. Check endomorphisms. Daira Hopwood 2019-09-17 11:25:41 +0100
  • a085850a2c amicable.sage: add --sequential option. Daira Hopwood 2019-09-17 11:18:04 +0100
  • 8bb34f96f2 Add clean.sh . Daira Hopwood 2019-09-17 11:14:04 +0100