ark_bls12_381/curves/
g2_swu_iso.rs

1use crate::*;
2
3use ark_ec::{
4    hashing::curve_maps::{swu::SWUConfig, wb::IsogenyMap},
5    models::{
6        short_weierstrass::{Affine, SWCurveConfig},
7        CurveConfig,
8    },
9};
10use ark_ff::MontFp;
11
12type G2Affine = Affine<SwuIsoConfig>;
13
14#[derive(Clone, Default, PartialEq, Eq)]
15pub struct SwuIsoConfig;
16
17impl CurveConfig for SwuIsoConfig {
18    type BaseField = Fq2;
19    type ScalarField = Fr;
20
21    /// Cofactors of g2_iso and g2 are the same.
22    /// COFACTOR = (x^8 - 4 x^7 + 5 x^6) - (4 x^4 + 6 x^3 - 4 x^2 - 4 x + 13) //
23    /// 9
24    /// = 3055023339312683442009997531931215042144660192541881426676640329822676041829718840265074273592599778478322728390416166612858038233783720963550777062779109
25    #[rustfmt::skip]
26    const COFACTOR: &'static [u64] = &[
27        0xcf1c38e31c7238e5,
28        0x1616ec6e786f0c70,
29        0x21537e293a6691ae,
30        0xa628f1cb4d9e82ef,
31        0xa68a205b2e5a7ddf,
32        0xcd91de4547085aba,
33        0x91d50792876a202,
34        0x5d543a95414e7f1,
35    ];
36
37    /// COFACTOR_INV = COFACTOR^{-1} mod r
38    /// 26652489039290660355457965112010883481355318854675681319708643586776743290055
39    const COFACTOR_INV: Fr =
40        MontFp!("26652489039290660355457965112010883481355318854675681319708643586776743290055");
41}
42
43// https://datatracker.ietf.org/doc/draft-irtf-cfrg-hash-to-curve/
44// Hashing to Elliptic Curves
45// 8.8.2.  BLS12-381 G2
46//   * E': y'^2 = x'^3 + A' * x' + B', where
47//
48//      - A' = 240 * I
49//
50//      - B' = 1012 * (1 + I)
51//
52//   * Z: -(2 + I)
53impl SWCurveConfig for SwuIsoConfig {
54    /// COEFF_A = 240 * I
55    const COEFF_A: Fq2 = Fq2::new(MontFp!("0"), MontFp!("240"));
56
57    /// COEFF_B = 1012 + 1012 * I
58    const COEFF_B: Fq2 = Fq2::new(MontFp!("1012"), MontFp!("1012"));
59
60    const GENERATOR: G2Affine = G2Affine::new_unchecked(G2_GENERATOR_X, G2_GENERATOR_Y);
61}
62
63/// Lexicographically smallest, valid x-coordinate of a point P on the curve
64/// (with its corresponding y) multiplied by the cofactor. P_x = 1
65/// P_y = 1199519624119946820355795551601605892701128025883245860600494152840508171012839086684258857614063467038089173303263 + 2721622435888802346851223931977585460571674503470326381323808470905804676865417627238564067834747838523978879375704 * I
66/// P = E(P_x, P_y)
67/// G = P * COFACTOR
68const G2_GENERATOR_X: Fq2 = Fq2::new(
69    MontFp!("2595569946714414516067015540153643524656442638788025933727967960306287756885400469291119095920626560658971252184199"),
70    MontFp!("1037079738597573406765355774006601850633656296583542639082316151670128374872040593053087014315526494961765370307992")
71);
72const G2_GENERATOR_Y: Fq2 = Fq2::new(
73    MontFp!("3927929472994661655038722055497331445175131868678630546921475383290711810401295661250673209427965906654429357114487"),
74    MontFp!("3300326318345570015758639333209189167876318321385223785506096497597561910823001330832964776707374262378602791224889")
75);
76
77impl SWUConfig for SwuIsoConfig {
78    // ZETA = -(2 + u) as per IETF draft.
79    const ZETA: Fq2 = Fq2::new(MontFp!("-2"), MontFp!("-1"));
80}
81
82pub const ISOGENY_MAP_TO_G2  : IsogenyMap<'_, SwuIsoConfig, g2::Config> = IsogenyMap {
83    x_map_numerator: &[
84        Fq2::new(
85                   MontFp!("889424345604814976315064405719089812568196182208668418962679585805340366775741747653930584250892369786198727235542"),
86                   MontFp!("889424345604814976315064405719089812568196182208668418962679585805340366775741747653930584250892369786198727235542")), 
87        Fq2::new(
88                   MontFp!("0"),
89                   MontFp!("2668273036814444928945193217157269437704588546626005256888038757416021100327225242961791752752677109358596181706522")),
90        Fq2::new(
91                   MontFp!("2668273036814444928945193217157269437704588546626005256888038757416021100327225242961791752752677109358596181706526"),
92                   MontFp!("1334136518407222464472596608578634718852294273313002628444019378708010550163612621480895876376338554679298090853261")), 
93        Fq2::new(
94                   MontFp!("3557697382419259905260257622876359250272784728834673675850718343221361467102966990615722337003569479144794908942033"), 
95                   MontFp!("0")),
96    ],
97
98    x_map_denominator:  &[
99        Fq2::new(
100                   MontFp!("0"), 
101                   MontFp!("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559715")), 
102        Fq2::new(
103                   MontFp!("12"), 
104                   MontFp!("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559775")), 
105        Fq2::new(
106                   MontFp!("1"), 
107                   MontFp!("0")),
108    ],
109
110    y_map_numerator: &[
111        Fq2::new(
112                   MontFp!("3261222600550988246488569487636662646083386001431784202863158481286248011511053074731078808919938689216061999863558"),
113                   MontFp!("3261222600550988246488569487636662646083386001431784202863158481286248011511053074731078808919938689216061999863558")),
114        Fq2::new(
115                   MontFp!("0"),
116                   MontFp!("889424345604814976315064405719089812568196182208668418962679585805340366775741747653930584250892369786198727235518")),
117        Fq2::new(
118                   MontFp!("2668273036814444928945193217157269437704588546626005256888038757416021100327225242961791752752677109358596181706524"),
119                   MontFp!("1334136518407222464472596608578634718852294273313002628444019378708010550163612621480895876376338554679298090853263")),
120        Fq2::new(
121                   MontFp!("2816510427748580758331037284777117739799287910327449993381818688383577828123182200904113516794492504322962636245776"),
122                   MontFp!("0")),
123    ],
124
125    y_map_denominator: &[
126        Fq2::new(
127                   MontFp!("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559355"),
128                   MontFp!("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559355")),
129        Fq2::new(
130                   MontFp!("0"),
131                   MontFp!("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559571")),
132        Fq2::new(
133                   MontFp!("18"),
134                   MontFp!("4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559769")),
135        Fq2::new(
136                   MontFp!("1"),
137                   MontFp!("0")),
138    ],
139};
140
141#[cfg(test)]
142mod test {
143    use super::*;
144
145    #[test]
146    fn test_gen() {
147        let gen: G2Affine = curves::g2_swu_iso::SwuIsoConfig::GENERATOR;
148        assert!(gen.is_on_curve());
149        assert!(gen.is_in_correct_subgroup_assuming_on_curve());
150    }
151}
ark_bls12_381/curves/g2_swu_iso.rs

ark_bls12_381/curves/
g2_swu_iso.rs
