chore: Native curve audit#20936
chore: Native curve audit#20936federicobarbacovi wants to merge 17 commits intomerge-train/barretenbergfrom
Conversation
| TEST(FqConstants, RInv) | ||
| { | ||
| // r_inv = -q^{-1} mod 2^64 | ||
| uint512_t r{ 0, 1 }; |
There was a problem hiding this comment.
This was using r = 1 << 256
| static constexpr fq frobenius_on_twisted_curve_y_1{ | ||
| 0xa1d77ce45ffe77c7UL, 0x07affd117826d1dbUL, 0x6d16bd27bb7edc6bUL, 0x2c87200285defeccUL | ||
| }; | ||
| static constexpr fq twist_cube_root_0{ |
| static constexpr fq twist_coeff_b_1{ | ||
| 0x38e7ecccd1dcff67UL, 0x65f0b37d93ce0d3eUL, 0xd749d0dd22ac00aaUL, 0x0141b9ce4a688d4dUL | ||
| }; | ||
| static constexpr fq twist_mul_by_q_x_0{ |
There was a problem hiding this comment.
Changed names to make them more descriptive
…; mark from_montgomery_form as const in fq12
…ore general testing
federicobarbacovi
force-pushed
the
fb/native_curve_audit
branch
from
f7702a3 to
a003ee8
Compare
| @@ -25,18 +25,16 @@ class BN254 { | |||
| using TargetField = bb::fq12; | |||
|
|
|||
| static constexpr const char* name = "BN254"; | |||
There was a problem hiding this comment.
Old issue, closed
| static constexpr uint64_t primitive_root_3 = 0UL; | ||
|
|
||
| // Coset generators in Montgomery form for R=2^256 mod Modulus. Used in FFT-based proving systems | ||
| static constexpr uint64_t coset_generator_0 = 0x7a17caa950ad28d7ULL; |
There was a problem hiding this comment.
We need only the first coset generator, I removed the other ones from all the fields
| constexpr fq b = uint256_t{ 0x744fc10aec23e56aUL, 0x5dea4788a3b936a6UL, 0xa0a89f4a8af01df1UL, 0x72ae28836807df3UL }; | ||
| constexpr fq expected = | ||
| uint256_t{ 0x6c0a789c0028fd09UL, 0xca9520d84c684efaUL, 0xcbf3f7b023a852b4UL, 0x1b2e4dac41400621UL }; | ||
| constexpr fq a{ 0x83aa80986c4f06f8, 0xbd01cce5e3b3afc3, 0x1cba208cb70aa13b, 0x2a582eb35a932e0d }; |
There was a problem hiding this comment.
Prior to this change the elements were in non-Montgomery form. I changed them so that we use Montgomery form in all tests
| constexpr fq inv = a.invert(); | ||
| // Verify a * a^-1 = 1 | ||
| static_assert(a * inv == fq::one()); | ||
| } |
There was a problem hiding this comment.
Moved to generic field testing
| k1.self_to_montgomery_form(); | ||
| k2.self_to_montgomery_form(); | ||
|
|
||
| EXPECT_LT(uint256_t(k1).get_msb(), 128); |
There was a problem hiding this comment.
They were present in other tests so I added them here as well
| @@ -3,75 +3,6 @@ | |||
|
|
|||
| using namespace bb; | |||
There was a problem hiding this comment.
I don't see the value of these tests
| @@ -403,22 +307,6 @@ TEST(fq12, SqrCheckAgainstConstants) | |||
| EXPECT_EQ(result, expected); | |||
| } | |||
There was a problem hiding this comment.
Inverse moved to generic field testing; unitary inverse is below
|
|
||
| EXPECT_EQ(result, expected); | ||
| } | ||
|
|
There was a problem hiding this comment.
Add some generic testing
| Prime field documentation {#field_docs} | ||
| === | ||
| Barretenberg has its own implementation of finite field arithmetic. The implementation targets 254-bit (bn254, grumpkin) and 256-bit (secp256k1, secp256r1) fields. Internally the field is represented as a little-endian C-array of 4 uint64_t limbs. For 254-bit fields, the internal representation must be in the range \f$[0, 2p)\f$ (which we refer to as the _coarse representation_), while for 256-bit fields the internal representation is an arbitrary `uint256_t`. | ||
| Barretenberg has its own implementation of finite field arithmetic. The implementation targets 254-bit (bn254, grumpkin) and 256-bit (secp256k1, secp256r1) fields. Internally the field is represented as a little-endian C-array of 4 uint64_t limbs. For 254-bit fields, the internal representation must be in the range $[0, 2p)$ (which we refer to as the _coarse representation_), while for 256-bit fields the internal representation is an arbitrary `uint256_t`. |
There was a problem hiding this comment.
Changed formatting to markdown math instead of Doxygen math
| Params::coset_generator_3, | ||
| }; | ||
| #else | ||
| const field result{ |
There was a problem hiding this comment.
Removed some unused code
| } | ||
|
|
||
| constexpr field12 from_montgomery_form() | ||
| constexpr field12 from_montgomery_form() const |
There was a problem hiding this comment.
Needed for uniform testing
1 participant
🧾 Audit Context
First part of the audit of
ecc/curves. This PR is concerned with curve fields: we restructure testing, standardise struct format, and add some more constant checks.🛠️ Changes Made
✅ Checklist
📌 Notes for Reviewers