Cradicle Explorer
constantine
/ sage / curves.sage
curves.sage
  1  #!/usr/bin/sage
  2  # vim: syntax=python
  3  # vim: set ts=2 sw=2 et:
  4  
  5  # Constantine
  6  # Copyright (c) 2018-2019    Status Research & Development GmbH
  7  # Copyright (c) 2020-Present Mamy André-Ratsimbazafy
  8  # Licensed and distributed under either of
  9  #   * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
 10  #   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
 11  # at your option. This file may not be copied, modified, or distributed except according to those terms.
 12  
 13  # ############################################################
 14  #
 15  #                  Curves configuration
 16  #
 17  # ############################################################
 18  
 19  import inspect
 20  
 21  # Accelerate arithmetic by accepting probabilistic proofs
 22  from sage.structure.proof.all import arithmetic
 23  arithmetic(False)
 24  
 25  def derive_BN_field(x):
 26    params = {
 27      'param': x,
 28      'modulus': 36*x^4 + 36*x^3 + 24*x^2 + 6*x + 1,
 29      'order': 36*x^4 + 36*x^3 + 18*x^2 + 6*x + 1,
 30      'trace': 6*x^2 + 1,
 31      'family': 'BN'
 32    }
 33    return params
 34  
 35  def derive_BLS12_field(x):
 36    params = {
 37      'param': x,
 38      'modulus': (x - 1)^2 * (x^4 - x^2 + 1)//3 + x,
 39      'order': x^4 - x^2 + 1,
 40      'trace': x + 1,
 41      'family': 'BLS12'
 42    }
 43    return params
 44  
 45  def derive_BW6_compose_BLS12_field(x, cofactor_trace, cofactor_y):
 46    # Brezing-Weng input
 47    r = (x^6 - 2*x^5 + 2*x^3 + x + 1) // 3 # BLS12 modulus
 48  
 49    # 6-th root of unity output + cofactors
 50    t = x^5 - 3*x^4 + 3*x^3 - x + 3 + cofactor_trace*r
 51    y = (x^5 - 3*x^4 + 3*x^3 - x + 3)//3 + cofactor_y*r
 52  
 53    # Curve parameters
 54    p = (t^2 + 3*y^2)/4
 55    trace = p+1-r # (3*y+t)/2
 56  
 57    params = {
 58      'param': x,
 59      'modulus': p,
 60      'order': r,
 61      'trace': trace,
 62      'family': 'BW6'
 63    }
 64    return params
 65  
 66  def copyright():
 67    return inspect.cleandoc("""
 68      # Constantine
 69      # Copyright (c) 2018-2019    Status Research & Development GmbH
 70      # Copyright (c) 2020-Present Mamy André-Ratsimbazafy
 71      # Licensed and distributed under either of
 72      #   * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
 73      #   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
 74      # at your option. This file may not be copied, modified, or distributed except according to those terms.
 75    """)
 76  
 77  Curves = {
 78    'BN254_Nogami': {
 79      'field': derive_BN_field(-(2^62 + 2^55 + 1)),
 80      'curve': {
 81        'form': 'short_weierstrass',
 82        'a': 0,
 83        'b': 2
 84      },
 85      'tower': {
 86        'embedding_degree': 12,
 87        'twist_degree': 6,
 88        'QNR_Fp': -1,
 89        'SNR_Fp2': [1, 1],
 90        'twist': 'D_Twist'
 91      }
 92    },
 93    'BN254_Snarks': {
 94      'field': derive_BN_field(Integer('0x44e992b44a6909f1')),
 95      'curve': {
 96        'form': 'short_weierstrass',
 97        'a': 0,
 98        'b': 3
 99      },
100      'tower': {
101        'embedding_degree': 12,
102        'twist_degree': 6,
103        'QNR_Fp': -1,
104        'SNR_Fp2': [9, 1],
105        'twist': 'D_Twist'
106      }
107    },
108    'BLS12_377': {
109      'field': derive_BLS12_field(3 * 2^46 * (7 * 13 * 499) + 1),
110      'curve': {
111        'form': 'short_weierstrass',
112        'a': 0,
113        'b': 1
114      },
115      'tower': {
116        'embedding_degree': 12,
117        'twist_degree': 6,
118        'QNR_Fp': -5,
119        'SNR_Fp2': [0, 1],
120        'twist': 'D_Twist'
121      }
122    },
123    'BLS12_381': {
124      'field': derive_BLS12_field(-(2^63 + 2^62 + 2^60 + 2^57 + 2^48 + 2^16)),
125      'curve': {
126        'form': 'short_weierstrass',
127        'a': 0,
128        'b': 4
129      },
130      'tower': {
131        'embedding_degree': 12,
132        'twist_degree': 6,
133        'QNR_Fp': -1,
134        'SNR_Fp2': [1, 1],
135        'twist': 'M_Twist'
136      }
137    },
138    'BW6_761': {
139      'field': derive_BW6_compose_BLS12_field(
140          3 * 2^46 * (7 * 13 * 499) + 1,
141          cofactor_trace = 13,
142          cofactor_y = 9
143      ),
144      'curve': {
145        'form': 'short_weierstrass',
146        'a': 0,
147        'b': -1
148      },
149      'tower': {
150        'embedding_degree': 6,
151        'twist_degree': 6,
152        'SNR_Fp': -4,
153        'twist': 'M_Twist'
154      }
155    },
156    'Pallas': {
157      'field': {
158        'modulus': Integer('0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001'),
159        'order': Integer('0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001')
160      },
161      'curve': {
162        'form': 'short_weierstrass',
163        'a': 0,
164        'b': 5
165      }
166    },
167    'Vesta': {
168      'field': {
169        'modulus':  Integer('0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001'),
170        'order': Integer('0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001'),
171      },
172      'curve': {
173        'form': 'short_weierstrass',
174        'a': 0,
175        'b': 5
176      }
177    }
178  }