From ea7303ee2ab8d26ecde3478f3dd1743fec8e4186 Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Tue, 4 Feb 2025 14:24:18 -0500 Subject: [PATCH] refactor: clean code --- std/algebra/native/sw_grumpkin/hints.go | 95 ------------------------- std/algebra/native/sw_grumpkin/inner.go | 6 -- 2 files changed, 101 deletions(-) delete mode 100644 std/algebra/native/sw_grumpkin/hints.go diff --git a/std/algebra/native/sw_grumpkin/hints.go b/std/algebra/native/sw_grumpkin/hints.go deleted file mode 100644 index f91b2f6ae..000000000 --- a/std/algebra/native/sw_grumpkin/hints.go +++ /dev/null @@ -1,95 +0,0 @@ -package sw_grumpkin - -import ( - "errors" - "math/big" - - "github.com/consensys/gnark-crypto/ecc" - "github.com/consensys/gnark/constraint/solver" - "github.com/consensys/gnark/frontend" - "github.com/consensys/gnark/std/math/emulated" - "github.com/consensys/gnark/std/math/emulated/emparams" -) - -func GetHints() []solver.Hint { - return []solver.Hint{ - decomposeScalar, - decompose, - } -} - -func init() { - solver.RegisterHint(GetHints()...) -} - -func decomposeScalar(nativeMod *big.Int, nativeInputs, nativeOutputs []*big.Int) error { - return emulated.UnwrapHintWithNativeInput(nativeInputs, nativeOutputs, func(nnMod *big.Int, nninputs, nnOutputs []*big.Int) error { - if len(nninputs) != 1 { - return errors.New("expecting one input") - } - if len(nnOutputs) != 2 { - return errors.New("expecting two outputs") - } - cc := getInnerCurveConfig(nativeMod) - sp := ecc.SplitScalar(nninputs[0], cc.glvBasis) - nnOutputs[0].Set(&(sp[0])) - nnOutputs[1].Neg(&(sp[1])) - - return nil - }) -} - -func callDecomposeScalar(api frontend.API, s frontend.Variable) (s1, s2 frontend.Variable) { - var fr emparams.GRUMPKINFr - cc := getInnerCurveConfig(api.Compiler().Field()) - sapi, err := emulated.NewField[emparams.GRUMPKINFr](api) - if err != nil { - panic(err) - } - // compute the decomposition using a hint. We have to use the emulated - // version which takes native input and outputs non-native outputs. - // - // the hints allow to decompose the scalar s into s1 and s2 such that - // s1 + λ * s2 == s mod r, - // where λ is third root of one in 𝔽_r. - sd, err := sapi.NewHintWithNativeInput(decomposeScalar, 2, s) - if err != nil { - panic(err) - } - // lambda as nonnative element - lambdaEmu := sapi.NewElement(cc.lambda) - // the scalar as nonnative element. We need to split at 64 bits. - limbs, err := api.NewHint(decompose, int(fr.NbLimbs()), s) - if err != nil { - panic(err) - } - semu := sapi.NewElement(limbs) - // s1 + λ * s2 == s mod r - lhs := sapi.MulNoReduce(sd[1], lambdaEmu) - lhs = sapi.Sub(sd[0], lhs) - - sapi.AssertIsEqual(semu, semu) - - s1 = 0 - s2 = 0 - b := big.NewInt(1) - for i := range sd[0].Limbs { - s1 = api.Add(s1, api.Mul(sd[0].Limbs[i], b)) - s2 = api.Add(s2, api.Mul(sd[1].Limbs[i], b)) - b.Lsh(b, 64) - } - return s1, s2 -} - -func decompose(mod *big.Int, inputs, outputs []*big.Int) error { - if len(inputs) != 1 && len(outputs) != 4 { - return errors.New("input/output length mismatch") - } - tmp := new(big.Int).Set(inputs[0]) - mask := new(big.Int).SetUint64(^uint64(0)) - for i := 0; i < 4; i++ { - outputs[i].And(tmp, mask) - tmp.Rsh(tmp, 64) - } - return nil -} diff --git a/std/algebra/native/sw_grumpkin/inner.go b/std/algebra/native/sw_grumpkin/inner.go index 689374985..63c95ca0b 100644 --- a/std/algebra/native/sw_grumpkin/inner.go +++ b/std/algebra/native/sw_grumpkin/inner.go @@ -29,12 +29,6 @@ func (cc *innerConfig) phi1(api frontend.API, res, P *G1Affine) *G1Affine { return res } -func (cc *innerConfig) phi2Neg(api frontend.API, res, P *G1Affine) *G1Affine { - res.X = api.Mul(P.X, cc.thirdRootOne2) - res.Y = api.Sub(0, P.Y) - return res -} - // getInnerCurveConfig returns the configuration of the inner elliptic curve // which can be defined on the scalars of outer curve. func getInnerCurveConfig(outerCurveScalarField *big.Int) *innerConfig {