Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recursive pairing gadgets hard-code MNT4 and MNT6, we need MNT[46]753 too... #4

Open
PossiblyHarry opened this issue Nov 13, 2019 · 1 comment · May be fixed by #3
Open

Recursive pairing gadgets hard-code MNT4 and MNT6, we need MNT[46]753 too... #4

PossiblyHarry opened this issue Nov 13, 2019 · 1 comment · May be fixed by #3
Assignees
@PossiblyHarry
Labels
bug Something isn't working

Comments

@PossiblyHarry
Copy link
Collaborator

PossiblyHarry commented Nov 13, 2019
edited
Loading

There are a number of places where the MNT4 and MNT6 parameters are hard-coded into gadgets. While we can use the mnt4 and mnt6 specific gadgets with different curve parameters (as.. they are the same types of curves) I am getting build errors when trying to compile against the MNT[46]753 cycle.

Namely:

  • libsnark/gadgetlib1/gadgets/pairing/weierstrass_final_exponentiation.tcc:
  54:     compute_w1.reset(new exponentiation_gadget<FqkT<ppT>, Fp6_variable, Fp6_mul_gadget, Fp6_cyclotomic_sqr_gadget, libff::mnt6_q_limbs>(
   55:         pb, *beta_q, libff::mnt6_final_exponent_last_chunk_w1, *w1, FMT(annotation_prefix, " compute_w1")));
   56  
   57:     compute_w0.reset(new exponentiation_gadget<FqkT<ppT>, Fp6_variable, Fp6_mul_gadget, Fp6_cyclotomic_sqr_gadget, libff::mnt6_q_limbs>(
   58:         pb, (libff::mnt6_final_exponent_last_chunk_is_w0_neg ? *inv_beta : *beta), libff::mnt6_final_exponent_last_chunk_abs_of_w0, *w0, FMT(annotation_prefix, " compute_w0")));
...
 137:     compute_w1.reset(new exponentiation_gadget<FqkT<ppT>, Fp4_variable, Fp4_mul_gadget, Fp4_cyclotomic_sqr_gadget, libff::mnt4_q_limbs>(
  138:         pb, *el_q_3_minus_q, libff::mnt4_final_exponent_last_chunk_w1, *w1, FMT(annotation_prefix, " compute_w1")));
  139:     compute_w0.reset(new exponentiation_gadget<FqkT<ppT>, Fp4_variable, Fp4_mul_gadget, Fp4_cyclotomic_sqr_gadget, libff::mnt4_q_limbs>(
  140:         pb, (libff::mnt4_final_exponent_last_chunk_is_w0_neg ? *el_inv_q_2_minus_1 : *el_q_2_minus_1), libff::mnt4_final_exponent_last_chunk_abs_of_w0, *w0, FMT(annotation_prefix, " compute_w0")));
  • libsnark/gadgetlib1/gadgets/pairing/weierstrass_precomputation.hpp:
   69      {
   70          pb_linear_combination<FieldT> c0, c1;
   71:         c0.assign(pb, P.Y * ((libff::mnt4_twist).squared().c0));
   72:         c1.assign(pb, P.Y * ((libff::mnt4_twist).squared().c1));
...
   87          pb_linear_combination<FieldT> c0, c1, c2;
   88:         c0.assign(pb, P.Y * ((libff::mnt6_twist).squared().c0));
   89:         c1.assign(pb, P.Y * ((libff::mnt6_twist).squared().c1));
   90:         c2.assign(pb, P.Y * ((libff::mnt6_twist).squared().c2));

Need to update the gadgets to retrieve the twist parameter from the curve parameters (ppT) rather than hard-coding..

The other locations that are referenced are just for tests... It seems Coda haven't made these changes on their side.

Additionally need to specify types in mnt_pairing_params.hpp for these cycles - have done this already locally, so it's only the remaining places which directly reference libff::mnt[46]_
@PossiblyHarry PossiblyHarry self-assigned this Nov 13, 2019
@PossiblyHarry PossiblyHarry added the bug Something isn't working label Nov 13, 2019
@PossiblyHarry
Copy link
Collaborator Author

In my branch have made aliases of the following variables in their respective ppT class

  • mnt6_final_exponent_last_chunk_abs_of_w0
  • mnt6_final_exponent_last_chunk_is_w0_neg
  • mnt6_final_exponent_last_chunk_w1
  • mnt6_q_limbs
  • mnt4_final_exponent_last_chunk_w1
  • mnt4_final_exponent_last_chunk_is_w0_neg
  • mnt4_final_exponent_last_chunk_abs_of_w0
  • mnt4_q_limbs

This means you can use other_curve<ppT>::q_limbs for example.

@PossiblyHarry PossiblyHarry linked a pull request Nov 13, 2019 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@PossiblyHarry PossiblyHarry

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

GM17 verifier gadget for libsnark EYBlockchain/zk-swap-libsnark
1 participant
@PossiblyHarry