add conversion/codecs procs between bigints and field elements

bindings/c_curve_decls.nim

@@ -19,14 +19,39 @@ export curves, curves_primitives, extension_fields
 #
 # This files provides template for C bindings generation
 
-template genBindingsField*(Field: untyped) =
+template genBindingsBig*(Big: untyped) =
   when appType == "lib":
     {.push noconv, dynlib, exportc,  raises: [].} # No exceptions allowed
   else:
     {.push noconv, exportc,  raises: [].} # No exceptions allowed
 
+  func `ctt _ Big _ unmarshalBE`(dst: var Big, src: openarray[byte]): bool =
+    unmarshalBE(dst, src)
+
+  func `ctt _ Big _ marshalBE`(dst: var openarray[byte], src: Big): bool =
+    marshalBE(dst, src)
+
+  {.pop.}
+
+template genBindingsField*(Big, Field: untyped) =
+  when appType == "lib":
+    {.push noconv, dynlib, exportc,  raises: [].} # No exceptions allowed
+  else:
+    {.push noconv, exportc,  raises: [].} # No exceptions allowed
+
+  func `ctt _ Big _ from _ Field`(dst: var Big, src: Field) =
+    fromField(dst, src)
+
+  func `ctt _ Field _ from _ Big`(dst: var Field, src: Big) =
+    ## Note: conversion will not fail if the bigint is bigger than the modulus,
+    ## It will be reduced modulo the field modulus.
+    ## For protocol that want to prevent this malleability
+    ## use `unmarchalBE` to convert directly from bytes to field elements instead of
+    ## bytes -> bigint -> field element
+    fromBig(dst, src)
+
+  # --------------------------------------------------------------------------------------
   func `ctt _ Field _ unmarshalBE`(dst: var Field, src: openarray[byte]): bool =
-    ## Deserialize
     unmarshalBE(dst, src)
 
   func `ctt _ Field _ marshalBE`(dst: var openarray[byte], src: Field): bool =

bindings/lib_curves.nim

@@ -21,6 +21,12 @@ export c_curve_decls, c_curve_decls_parallel
 type
   big254 = BigInt[254]
   big255 = BigInt[255]
+  big381 = BigInt[381]
+
+collectBindings(cBindings_big):
+  genBindingsBig(big254)
+  genBindingsBig(big255)
+  genBindingsBig(big381)
 
 # ----------------------------------------------------------
 
@@ -36,8 +42,8 @@ type
   bls12_381_g2_prj = ECP_ShortW_Prj[Fp2[BLS12_381], G2]
 
 collectBindings(cBindings_bls12_381):
-  genBindingsField(bls12_381_fr)
-  genBindingsField(bls12_381_fp)
+  genBindingsField(big255, bls12_381_fr)
+  genBindingsField(big381, bls12_381_fp)
   genBindingsFieldSqrt(bls12_381_fp)
   genBindingsExtField(bls12_381_fp2)
   genBindingsExtFieldSqrt(bls12_381_fp2)
@@ -65,8 +71,8 @@ type
   bn254_snarks_g2_prj = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2]
 
 collectBindings(cBindings_bn254_snarks):
-  genBindingsField(bn254_snarks_fr)
-  genBindingsField(bn254_snarks_fp)
+  genBindingsField(big254, bn254_snarks_fr)
+  genBindingsField(big254, bn254_snarks_fp)
   genBindingsFieldSqrt(bn254_snarks_fp)
   genBindingsExtField(bn254_snarks_fp2)
   genBindingsExtFieldSqrt(bn254_snarks_fp2)
@@ -91,8 +97,8 @@ type
   pallas_ec_prj = ECP_ShortW_Prj[Fp[Pallas], G1]
 
 collectBindings(cBindings_pallas):
-  genBindingsField(pallas_fr)
-  genBindingsField(pallas_fp)
+  genBindingsField(big255, pallas_fr)
+  genBindingsField(big255, pallas_fp)
   genBindingsFieldSqrt(pallas_fp)
   genBindings_EC_ShortW_Affine(pallas_ec_aff, pallas_fp)
   genBindings_EC_ShortW_NonAffine(pallas_ec_jac, pallas_ec_aff, big255, pallas_fr)
@@ -110,8 +116,8 @@ type
   vesta_ec_prj = ECP_ShortW_Prj[Fp[Vesta], G1]
 
 collectBindings(cBindings_vesta):
-  genBindingsField(vesta_fr)
-  genBindingsField(vesta_fp)
+  genBindingsField(big255, vesta_fr)
+  genBindingsField(big255, vesta_fp)
   genBindingsFieldSqrt(vesta_fp)
   genBindings_EC_ShortW_Affine(vesta_ec_aff, vesta_fp)
   genBindings_EC_ShortW_NonAffine(vesta_ec_jac, vesta_ec_aff, big255, vesta_fr)

bindings/lib_headers.nim

@@ -108,7 +108,7 @@ proc writeParallelHeader(dirPath: string, C: static Curve, curve_decls: string)
   writeFile(relPath, header)
   echo "Generated header: ", relPath
 
-proc writeBigIntHeader(dirPath: string, bigSizes: IntSet) =
+proc writeBigIntHeader(dirPath: string, bigSizes: IntSet, big_codecs: string) =
   let relPath = dirPath/"constantine"/"curves"/"bigints.h"
 
   var header = "\n"
@@ -117,6 +117,9 @@ proc writeBigIntHeader(dirPath: string, bigSizes: IntSet) =
     header &= genBigInt(size)
     header &= '\n'
 
+  header &= big_codecs
+  header &= '\n'
+
   header = "\n" & genCpp(header)
   header = genHeaderGuardAndInclude("BIGINTS", header)
   header = genHeaderLicense() & header
@@ -151,9 +154,10 @@ proc writeCurveParallelHeaders(dir: string) =
 
   staticFor i, 0, curveMappings.len:
     writeParallelHeader(dir, curveMappings[i][0], curveMappings[i][1])
+    bigSizes.incl(curveMappings[i][0].getCurveBitWidth())
     bigSizes.incl(curveMappings[i][0].getCurveOrderBitWidth())
 
-  dir.writeBigIntHeader(bigSizes)
+  dir.writeBigIntHeader(bigSizes, cBindings_big)
 
 when isMainModule:
   proc main() {.inline.} =

constantine/curves_primitives.nim

@@ -46,6 +46,19 @@ export
   abstractions,
   curves.Curve
 
+# BigInt
+# ------------------------------------------------------------
+
+func unmarshalBE*(dst: var BigInt, src: openarray[byte]): bool =
+  ## Return true on success
+  ## Return false if destination is too small compared to source
+  return dst.unmarshal(src, bigEndian)
+
+func marshalBE*(dst: var openarray[byte], src: BigInt): bool =
+  ## Return true on success
+  ## Return false if destination is too small compared to source
+  return dst.marshal(src, bigEndian)
+
 # Scalar field Fr and Prime Field Fp
 # ------------------------------------------------------------
 
@@ -69,7 +82,7 @@ func marshalBE*(dst: var openarray[byte], src: FF): bool =
   ## Return false if destination is too small compared to source
   var raw {.noInit.}: typeof src.mres
   raw.fromField(src)
-  return dst.marshal(src, bigEndian)
+  return dst.marshal(raw, bigEndian)
 
 export arithmetic.fromBig
 export arithmetic.fromField

constantine/math/elliptic/ec_multi_scalar_mul_parallel.nim

@@ -143,7 +143,7 @@ proc bucketAccumReduce_zeroMem[bits: static int, EC, ECaff](
   zeroMem(buckets, sizeof(EC) * numBuckets)
   bucketAccumReduce(windowSum[], buckets, bitIndex, miniMsmKind, c, coefs, points, N)
 
-proc msm_vartime_parallel*[bits: static int, EC, ECaff](
+proc msm_vartime_parallel[bits: static int, EC, ECaff](
        tp: Threadpool,
        r: ptr EC,
        coefs: ptr UncheckedArray[BigInt[bits]], points: ptr UncheckedArray[EC_aff],
@@ -321,7 +321,7 @@ proc bucketAccumReduce_parallel[bits: static int, EC, ECaff](
 # Parallel MSM Affine - window-level only
 # ---------------------------------------
 
-proc msmAffine_vartime_parallel*[bits: static int, EC, ECaff](
+proc msmAffine_vartime_parallel[bits: static int, EC, ECaff](
        tp: Threadpool,
        r: ptr EC,
        coefs: ptr UncheckedArray[BigInt[bits]], points: ptr UncheckedArray[ECaff],

include/constantine/curves/bigints.h

@@ -15,9 +15,17 @@
 extern "C" {
 #endif
 
+typedef struct { secret_word limbs[CTT_WORDS_REQUIRED(381)]; } big381;
 typedef struct { secret_word limbs[CTT_WORDS_REQUIRED(255)]; } big255;
 typedef struct { secret_word limbs[CTT_WORDS_REQUIRED(254)]; } big254;
 
+ctt_bool    ctt_big254_unmarshalBE(big254* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
+ctt_bool    ctt_big254_marshalBE(byte dst[], ptrdiff_t dst_len, const big254* src) __attribute__((warn_unused_result));
+ctt_bool    ctt_big255_unmarshalBE(big255* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
+ctt_bool    ctt_big255_marshalBE(byte dst[], ptrdiff_t dst_len, const big255* src) __attribute__((warn_unused_result));
+ctt_bool    ctt_big381_unmarshalBE(big381* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
+ctt_bool    ctt_big381_marshalBE(byte dst[], ptrdiff_t dst_len, const big381* src) __attribute__((warn_unused_result));
+
 #ifdef __cplusplus
 }
 #endif

include/constantine/curves/bls12_381.h

@@ -26,6 +26,8 @@ typedef struct { bls12_381_fp2 x, y; } bls12_381_g2_aff;
 typedef struct { bls12_381_fp2 x, y, z; } bls12_381_g2_jac;
 typedef struct { bls12_381_fp2 x, y, z; } bls12_381_g2_prj;
 
+void        ctt_big255_from_bls12_381_fr(big255* dst, const bls12_381_fr* src);
+void        ctt_bls12_381_fr_from_big255(bls12_381_fr* dst, const big255* src);
 ctt_bool    ctt_bls12_381_fr_unmarshalBE(bls12_381_fr* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
 ctt_bool    ctt_bls12_381_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const bls12_381_fr* src) __attribute__((warn_unused_result));
 secret_bool ctt_bls12_381_fr_is_eq(const bls12_381_fr* a, const bls12_381_fr* b);
@@ -57,6 +59,8 @@ void        ctt_bls12_381_fr_cset_one(bls12_381_fr* a, secret_bool ctl);
 void        ctt_bls12_381_fr_cneg_in_place(bls12_381_fr* a, secret_bool ctl);
 void        ctt_bls12_381_fr_cadd_in_place(bls12_381_fr* a, const bls12_381_fr* b, secret_bool ctl);
 void        ctt_bls12_381_fr_csub_in_place(bls12_381_fr* a, const bls12_381_fr* b, secret_bool ctl);
+void        ctt_big381_from_bls12_381_fp(big381* dst, const bls12_381_fp* src);
+void        ctt_bls12_381_fp_from_big381(bls12_381_fp* dst, const big381* src);
 ctt_bool    ctt_bls12_381_fp_unmarshalBE(bls12_381_fp* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
 ctt_bool    ctt_bls12_381_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const bls12_381_fp* src) __attribute__((warn_unused_result));
 secret_bool ctt_bls12_381_fp_is_eq(const bls12_381_fp* a, const bls12_381_fp* b);

include/constantine/curves/bn254_snarks.h

@@ -26,6 +26,8 @@ typedef struct { bn254_snarks_fp2 x, y; } bn254_snarks_g2_aff;
 typedef struct { bn254_snarks_fp2 x, y, z; } bn254_snarks_g2_jac;
 typedef struct { bn254_snarks_fp2 x, y, z; } bn254_snarks_g2_prj;
 
+void        ctt_big254_from_bn254_snarks_fr(big254* dst, const bn254_snarks_fr* src);
+void        ctt_bn254_snarks_fr_from_big254(bn254_snarks_fr* dst, const big254* src);
 ctt_bool    ctt_bn254_snarks_fr_unmarshalBE(bn254_snarks_fr* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
 ctt_bool    ctt_bn254_snarks_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const bn254_snarks_fr* src) __attribute__((warn_unused_result));
 secret_bool ctt_bn254_snarks_fr_is_eq(const bn254_snarks_fr* a, const bn254_snarks_fr* b);
@@ -57,6 +59,8 @@ void        ctt_bn254_snarks_fr_cset_one(bn254_snarks_fr* a, secret_bool ctl);
 void        ctt_bn254_snarks_fr_cneg_in_place(bn254_snarks_fr* a, secret_bool ctl);
 void        ctt_bn254_snarks_fr_cadd_in_place(bn254_snarks_fr* a, const bn254_snarks_fr* b, secret_bool ctl);
 void        ctt_bn254_snarks_fr_csub_in_place(bn254_snarks_fr* a, const bn254_snarks_fr* b, secret_bool ctl);
+void        ctt_big254_from_bn254_snarks_fp(big254* dst, const bn254_snarks_fp* src);
+void        ctt_bn254_snarks_fp_from_big254(bn254_snarks_fp* dst, const big254* src);
 ctt_bool    ctt_bn254_snarks_fp_unmarshalBE(bn254_snarks_fp* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
 ctt_bool    ctt_bn254_snarks_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const bn254_snarks_fp* src) __attribute__((warn_unused_result));
 secret_bool ctt_bn254_snarks_fp_is_eq(const bn254_snarks_fp* a, const bn254_snarks_fp* b);

include/constantine/curves/pallas.h

@@ -22,6 +22,8 @@ typedef struct { pallas_fp x, y; } pallas_ec_aff;
 typedef struct { pallas_fp x, y, z; } pallas_ec_jac;
 typedef struct { pallas_fp x, y, z; } pallas_ec_prj;
 
+void        ctt_big255_from_pallas_fr(big255* dst, const pallas_fr* src);
+void        ctt_pallas_fr_from_big255(pallas_fr* dst, const big255* src);
 ctt_bool    ctt_pallas_fr_unmarshalBE(pallas_fr* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
 ctt_bool    ctt_pallas_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const pallas_fr* src) __attribute__((warn_unused_result));
 secret_bool ctt_pallas_fr_is_eq(const pallas_fr* a, const pallas_fr* b);
@@ -53,6 +55,8 @@ void        ctt_pallas_fr_cset_one(pallas_fr* a, secret_bool ctl);
 void        ctt_pallas_fr_cneg_in_place(pallas_fr* a, secret_bool ctl);
 void        ctt_pallas_fr_cadd_in_place(pallas_fr* a, const pallas_fr* b, secret_bool ctl);
 void        ctt_pallas_fr_csub_in_place(pallas_fr* a, const pallas_fr* b, secret_bool ctl);
+void        ctt_big255_from_pallas_fp(big255* dst, const pallas_fp* src);
+void        ctt_pallas_fp_from_big255(pallas_fp* dst, const big255* src);
 ctt_bool    ctt_pallas_fp_unmarshalBE(pallas_fp* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
 ctt_bool    ctt_pallas_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const pallas_fp* src) __attribute__((warn_unused_result));
 secret_bool ctt_pallas_fp_is_eq(const pallas_fp* a, const pallas_fp* b);

include/constantine/curves/vesta.h

@@ -22,6 +22,8 @@ typedef struct { vesta_fp x, y; } vesta_ec_aff;
 typedef struct { vesta_fp x, y, z; } vesta_ec_jac;
 typedef struct { vesta_fp x, y, z; } vesta_ec_prj;
 
+void        ctt_big255_from_vesta_fr(big255* dst, const vesta_fr* src);
+void        ctt_vesta_fr_from_big255(vesta_fr* dst, const big255* src);
 ctt_bool    ctt_vesta_fr_unmarshalBE(vesta_fr* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
 ctt_bool    ctt_vesta_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const vesta_fr* src) __attribute__((warn_unused_result));
 secret_bool ctt_vesta_fr_is_eq(const vesta_fr* a, const vesta_fr* b);
@@ -53,6 +55,8 @@ void        ctt_vesta_fr_cset_one(vesta_fr* a, secret_bool ctl);
 void        ctt_vesta_fr_cneg_in_place(vesta_fr* a, secret_bool ctl);
 void        ctt_vesta_fr_cadd_in_place(vesta_fr* a, const vesta_fr* b, secret_bool ctl);
 void        ctt_vesta_fr_csub_in_place(vesta_fr* a, const vesta_fr* b, secret_bool ctl);
+void        ctt_big255_from_vesta_fp(big255* dst, const vesta_fp* src);
+void        ctt_vesta_fp_from_big255(vesta_fp* dst, const big255* src);
 ctt_bool    ctt_vesta_fp_unmarshalBE(vesta_fp* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result));
 ctt_bool    ctt_vesta_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const vesta_fp* src) __attribute__((warn_unused_result));
 secret_bool ctt_vesta_fp_is_eq(const vesta_fp* a, const vesta_fp* b);