Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(fiat-crypto): Inversion #66

Closed
wants to merge 11 commits into from
Closed

refactor(fiat-crypto): Inversion #66

wants to merge 11 commits into from

Conversation

TalDerei
Copy link
Collaborator

@TalDerei TalDerei commented Dec 28, 2023
edited
Loading

References #65.

Referenced BLS12-377 curve construction parameters from ZEXE paper (p.44). Retrieved BLS12-377 twisted edwards curve construction parameters from here.

Note: I slightly modified the input bounds of the fiat-generated divstep to make the output bounds explicitly return. This is merely a semantic change that simplifies the iterations in the inverse function.
Update: This change has been reverted.

@TalDerei TalDerei marked this pull request as draft December 28, 2023 20:11
@TalDerei TalDerei self-assigned this Dec 28, 2023
@TalDerei TalDerei marked this pull request as ready for review December 28, 2023 21:23
@TalDerei TalDerei mentioned this pull request Dec 29, 2023
Closed
@hdevalence
Copy link
Member

We should avoid editing the generated code, and only write wrappers around it. Otherwise, if we ever need to regenerate, we won't be able to apply the changes cleanly. This is kind of annoying to work around, considering that the generated code generates C-style APIs, but it's important for long-term maintainability and verifiability.

@TalDerei
Copy link
Collaborator Author

TalDerei commented Jan 1, 2024

We should avoid editing the generated code

agreed, fixed!

@TalDerei TalDerei requested a review from cronokirby January 9, 2024 18:14
redshiftzero
redshiftzero suggested changes Jan 10, 2024
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for taking this on!

src/fields/u32/fp/wrapper.rs Outdated
let mut d = 1;
let mut f: [u32; 13] = [0u32; 13];
fiat::fp_msat(&mut f);
let mut g = [0u32; 13];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it might be clearer in these inversion methods to define a constant N_LIMBS so it's clear that e.g. 13 is N_LIMBS + 1, 12 is N_LIMBS, etc.

Copy link
Collaborator Author

@TalDerei TalDerei Jan 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added global constants NUM_LIMBS and PRIME_ORDER

src/fields/u32/fp/wrapper.rs Outdated
let mut i = 0;
let mut j = 0;

while j < 6 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be 12 instead of 6 (to review I was comparing with the impl_bernstein_yang_invert macro where j goes up to n_limbs)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good catch! Fixed by changing limbs to a constant.

src/fields/u32/fp/wrapper.rs Outdated
use super::*;

#[test]
fn inversion_test() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be cool if these were proptests i.e. something like:

    fn fp_strategy() -> BoxedStrategy<Fp> {
        any::<[u8; 48]>()
            .prop_map(|bytes| Fp::from_bytes(&bytes))
            .boxed()
    }

    proptest! {
        #[test]
        fn inversion_proptest(element in fp_strategy().prop_filter("Non-zero element", |e| e != &Fp::zero())) {
            let inverse = element.inverse().unwrap();
            assert_eq!(element.mul(inverse), Fp::one());
        }
    }

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. In #67, we implement a proptest for inversion, but I'll include this test as well.

@TalDerei TalDerei requested a review from redshiftzero January 11, 2024 06:40
cronokirby added a commit that referenced this pull request Jan 12, 2024
@cronokirby
Implement new inversion tweaks from #66
4ed337a
@TalDerei
Copy link
Collaborator Author

TalDerei commented Jan 12, 2024
edited
Loading

Per the recent indexing changes (packing two u32s into a single u64) in #67, we effectively consume and implement the inversion functionality. Proposing to close this PR in favor of those changes? cc @redshiftzero @hdevalence.

@cronokirby let's carry over the inversion proptest to Arkworks-Compatibility.

cronokirby added a commit that referenced this pull request Jan 12, 2024
@cronokirby
Implement new inversion tweaks from #66
bcd6f35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

@hdevalence hdevalence Awaiting requested review from hdevalence

@cronokirby cronokirby Awaiting requested review from cronokirby

Assignees

@TalDerei TalDerei

Labels
None yet
Projects
Penumbra
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TalDerei @hdevalence @redshiftzero