ell circuit, Fq12::mul_by_034

Author: Hakkush-07

src/circuits/bn254/fq12.rs

@@ -134,6 +134,31 @@ impl Fq12 {
         circuit
     }
 
+    pub fn mul_by_034(a: Wires, c0: Wires, c3: Wires, c4: Wires)-> Circuit {
+        assert_eq!(a.len(), Self::N_BITS);
+        assert_eq!(c0.len(), Fq2::N_BITS);
+        assert_eq!(c3.len(), Fq2::N_BITS);
+        assert_eq!(c4.len(), Fq2::N_BITS);
+        let mut circuit = Circuit::empty();
+
+        let a_c0 = a[0..Fq6::N_BITS].to_vec();
+        let a_c1 = a[Fq6::N_BITS..2*Fq6::N_BITS].to_vec();
+
+        let wires_1 = circuit.extend(Fq6::mul_by_01(a_c1.clone(), c3.clone(), c4.clone()));
+        let wires_2 = circuit.extend(Fq6::mul_by_nonresidue(wires_1.clone()));
+        let wires_3 = circuit.extend(Fq6::mul_by_fq2(a_c0.clone(), c0.clone()));
+        let new_c0 = circuit.extend(Fq6::add(wires_2.clone(), wires_3.clone()));
+        let wires_4 = circuit.extend(Fq6::add(a_c0.clone(), a_c1.clone()));
+        let wires_5 = circuit.extend(Fq2::add(c3.clone(), c0.clone()));
+        let wires_6 = circuit.extend(Fq6::mul_by_01(wires_4.clone(), wires_5.clone(), c4.clone()));
+        let wires_7 = circuit.extend(Fq6::add(wires_1, wires_3));
+        let new_c1 = circuit.extend(Fq6::sub(wires_6, wires_7));
+
+        circuit.add_wires(new_c0);
+        circuit.add_wires(new_c1);
+        circuit
+    }
+
     pub fn square(a: Wires) -> Circuit {
         assert_eq!(a.len(), Self::N_BITS);
         let mut circuit = Circuit::empty();
@@ -271,6 +296,24 @@ mod tests {
         assert_eq!(c, b);
     }
 
+    #[test]
+    #[serial]
+    fn test_fq12_mul_by_034() {
+        let a = random_fq12();
+        let c0 = random_fq2();
+        let c3 = random_fq2();
+        let c4 = random_fq2();
+        let circuit = Fq12::mul_by_034(wires_set_from_fq12(a.clone()), wires_set_from_fq2(c0.clone()), wires_set_from_fq2(c3.clone()), wires_set_from_fq2(c4.clone()));
+        circuit.print_gate_type_counts();
+        for mut gate in circuit.1 {
+            gate.evaluate();
+        }
+        let c = fq12_from_wires(circuit.0);
+        let mut b = a;
+        b.mul_by_034(&c0, &c3, &c4);
+        assert_eq!(c, b);
+    }
+
     #[test]
     #[serial]
     fn test_fq12_square() {

src/circuits/bn254/fq2.rs

@@ -152,6 +152,21 @@ impl Fq2 {
         circuit
     }
 
+    pub fn mul_by_fq(a: Wires, b: Wires) -> Circuit {
+        assert_eq!(a.len(), Self::N_BITS);
+        assert_eq!(b.len(), Fq::N_BITS);
+        let mut circuit = Circuit::empty();
+
+        let a_c0 = a[0..Fq::N_BITS].to_vec();
+        let a_c1 = a[Fq::N_BITS..2*Fq::N_BITS].to_vec();
+
+        let wires_1 = circuit.extend(Fq::mul(a_c0.clone(), b.clone()));
+        let wires_2 = circuit.extend(Fq::mul(a_c1.clone(), b.clone()));
+        circuit.add_wires(wires_1);
+        circuit.add_wires(wires_2);
+        circuit
+    }
+
     pub fn mul_by_constant_fq(a: Wires, b: ark_bn254::Fq) -> Circuit {
         assert_eq!(a.len(), Self::N_BITS);
         let mut circuit = Circuit::empty();
@@ -238,7 +253,7 @@ impl Fq2 {
 #[cfg(test)]
 mod tests {
     use ark_ff::{AdditiveGroup, Fp6Config};
-    use crate::circuits::bn254::utils::{fq2_from_wires, random_fq, random_fq2, wires_set_from_fq2};
+    use crate::circuits::bn254::utils::{fq2_from_wires, random_fq, random_fq2, wires_set_from_fq, wires_set_from_fq2};
     use super::*;
 
     #[test]
@@ -329,6 +344,19 @@ mod tests {
         assert_eq!(c, a * b);
     }
 
+    #[test]
+    fn test_fq2_mul_by_fq() {
+        let a = random_fq2();
+        let b = random_fq();
+        let circuit = Fq2::mul_by_fq(wires_set_from_fq2(a.clone()), wires_set_from_fq(b.clone()));
+        circuit.print_gate_type_counts();
+        for mut gate in circuit.1 {
+            gate.evaluate();
+        }
+        let c = fq2_from_wires(circuit.0);
+        assert_eq!(c, a * ark_bn254::Fq2::new(b, ark_bn254::Fq::ZERO));
+    }
+
     #[test]
     fn test_fq2_mul_by_constant_fq() {
         let a = random_fq2();

src/circuits/bn254/fq6.rs

@@ -238,6 +238,24 @@ impl Fq6 {
         circuit
     }
 
+    pub fn mul_by_fq2(a: Wires, b: Wires) -> Circuit {
+        assert_eq!(a.len(), Self::N_BITS);
+        assert_eq!(b.len(), Fq2::N_BITS);
+        let mut circuit = Circuit::empty();
+
+        let a_c0 = a[0..Fq2::N_BITS].to_vec();
+        let a_c1 = a[Fq2::N_BITS..2*Fq2::N_BITS].to_vec();
+        let a_c2 = a[2*Fq2::N_BITS..3*Fq2::N_BITS].to_vec();
+
+        let c0 = circuit.extend(Fq2::mul(a_c0, b.clone()));
+        let c1 = circuit.extend(Fq2::mul(a_c1, b.clone()));
+        let c2 = circuit.extend(Fq2::mul(a_c2, b.clone()));
+        circuit.add_wires(c0);
+        circuit.add_wires(c1);
+        circuit.add_wires(c2);
+        circuit
+    }
+
     pub fn mul_by_constant_fq2(a: Wires, b: ark_bn254::Fq2) -> Circuit {
         assert_eq!(a.len(), Self::N_BITS);
         let mut circuit = Circuit::empty();
@@ -454,6 +472,19 @@ mod tests {
         assert_eq!(c, a * b);
     }
 
+    #[test]
+    fn test_fq6_mul_by_fq2() {
+        let a = random_fq6();
+        let b = random_fq2();
+        let circuit = Fq6::mul_by_fq2(wires_set_from_fq6(a.clone()), wires_set_from_fq2(b.clone()));
+        circuit.print_gate_type_counts();
+        for mut gate in circuit.1 {
+            gate.evaluate();
+        }
+        let c = fq6_from_wires(circuit.0);
+        assert_eq!(c, a * ark_bn254::Fq6::new(b, ark_bn254::Fq2::ZERO, ark_bn254::Fq2::ZERO));
+    }
+
     #[test]
     fn test_fq6_mul_by_constant_fq2() {
         let a = random_fq6();

src/circuits/bn254/pairing.rs

@@ -1,6 +1,6 @@
 use ark_ec::{bn::BnConfig, short_weierstrass::SWCurveConfig, CurveGroup};
 use ark_ff::{AdditiveGroup, Field, Fp2Config};
-use crate::{bag::*, circuits::bn254::{fp254impl::Fp254Impl, fq::Fq, fq2::Fq2}};
+use crate::{bag::*, circuits::bn254::{fp254impl::Fp254Impl, fq::Fq, fq12::Fq12, fq2::Fq2}};
 
 pub fn double_in_place(r: &mut ark_bn254::G2Projective) -> (ark_bn254::Fq2, ark_bn254::Fq2, ark_bn254::Fq2) {
     let half = ark_bn254::Fq::from(Fq::half_modulus());
@@ -222,6 +222,23 @@ pub fn ell(f: &mut ark_bn254::Fq12, coeffs: (ark_bn254::Fq2, ark_bn254::Fq2, ark
     f.mul_by_034(&c0, &c1, &c2);
 }
 
+pub fn ell_circuit(f: Wires, coeffs: (Wires, Wires, Wires), p: Wires) -> Circuit {
+    let mut circuit = Circuit::empty();
+    let c0 = coeffs.0;
+    let c1 = coeffs.1;
+    let c2 = coeffs.2;
+
+    let px = p[0..Fq::N_BITS].to_vec();
+    let py = p[Fq::N_BITS..2*Fq::N_BITS].to_vec();
+
+    let new_c0 = circuit.extend(Fq2::mul_by_fq(c0, py));
+    let new_c1 = circuit.extend(Fq2::mul_by_fq(c1, px));
+    let new_f = circuit.extend(Fq12::mul_by_034(f, new_c0, new_c1, c2));
+
+    circuit.add_wires(new_f);
+    circuit
+}
+
 pub fn miller_loop(p: ark_bn254::G1Projective, q: ark_bn254::G2Projective) -> ark_bn254::Fq12 {
     let qell = ell_coeffs(q);
     let mut q_ell = qell.iter();
@@ -253,7 +270,7 @@ mod tests {
     use ark_std::rand::SeedableRng;
     use ark_ec::pairing::Pairing;
     use rand_chacha::ChaCha20Rng;
-    use crate::circuits::bn254::utils::{fq2_from_wires, wires_set_from_g2a, wires_set_from_g2p};
+    use crate::circuits::bn254::utils::{fq12_from_wires, fq2_from_wires, wires_set_from_fq12, wires_set_from_fq2, wires_set_from_g1p, wires_set_from_g2a, wires_set_from_g2p};
     use super::*;
 
     #[test]
@@ -324,6 +341,23 @@ mod tests {
         assert_eq!(c1, coeffs.y);
     }
 
+    #[test]
+    fn test_ell_circuit() {
+        let mut prng = ChaCha20Rng::seed_from_u64(0);
+        let mut f = ark_bn254::Fq12::rand(&mut prng);
+        let coeffs = (ark_bn254::Fq2::rand(&mut prng), ark_bn254::Fq2::rand(&mut prng), ark_bn254::Fq2::rand(&mut prng));
+        let p = ark_bn254::G1Projective::rand(&mut prng);
+
+        let circuit = ell_circuit(wires_set_from_fq12(f), (wires_set_from_fq2(coeffs.0), wires_set_from_fq2(coeffs.1), wires_set_from_fq2(coeffs.2)), wires_set_from_g1p(p));
+        circuit.print_gate_type_counts();
+        for mut gate in circuit.1 {
+            gate.evaluate();
+        }
+        let new_f = fq12_from_wires(circuit.0);
+        ell(&mut f, coeffs, p);
+        assert_eq!(f, new_f);
+    }
+
     #[test]
     fn test_miller_loop() {
         let mut prng = ChaCha20Rng::seed_from_u64(0);