github.com/consensys/gnark-crypto@v0.14.0/ecc/bls12-381/bandersnatch/curve.go

github.com/consensys/gnark-crypto@v0.14.0/ecc/bls12-381/bandersnatch/curve.go (about)

     1  // Copyright 2020 Consensys Software Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Code generated by consensys/gnark-crypto DO NOT EDIT
    16  
    17  package bandersnatch
    18  
    19  import (
    20  	"math/big"
    21  	"sync"
    22  
    23  	"github.com/consensys/gnark-crypto/ecc"
    24  	"github.com/consensys/gnark-crypto/ecc/bls12-381/fr"
    25  )
    26  
    27  // CurveParams curve parameters: ax^2 + y^2 = 1 + d*x^2*y^2
    28  type CurveParams struct {
    29  	A, D     fr.Element
    30  	Cofactor fr.Element
    31  	Order    big.Int
    32  	Base     PointAffine
    33  	// endomorphism
    34  	endo     [2]fr.Element
    35  	lambda   big.Int
    36  	glvBasis ecc.Lattice
    37  }
    38  
    39  // GetEdwardsCurve returns the twisted Edwards curve on bls12-381/Fr
    40  func GetEdwardsCurve() CurveParams {
    41  	initOnce.Do(initCurveParams)
    42  	// copy to keep Order private
    43  	var res CurveParams
    44  
    45  	res.A.Set(&curveParams.A)
    46  	res.D.Set(&curveParams.D)
    47  	res.Cofactor.Set(&curveParams.Cofactor)
    48  	res.Order.Set(&curveParams.Order)
    49  	res.Base.Set(&curveParams.Base)
    50  	res.endo[0].Set(&curveParams.endo[0])
    51  	res.endo[1].Set(&curveParams.endo[1])
    52  	res.lambda.Set(&curveParams.lambda)
    53  	res.glvBasis = curveParams.glvBasis // TODO @gbotrel do proper copy of that
    54  
    55  	return res
    56  }
    57  
    58  var (
    59  	initOnce    sync.Once
    60  	curveParams CurveParams
    61  )
    62  
    63  func initCurveParams() {
    64  	curveParams.A.SetString("-5")
    65  	curveParams.D.SetString("45022363124591815672509500913686876175488063829319466900776701791074614335719")
    66  	curveParams.Cofactor.SetString("4")
    67  	curveParams.Order.SetString("13108968793781547619861935127046491459309155893440570251786403306729687672801", 10)
    68  
    69  	curveParams.Base.X.SetString("18886178867200960497001835917649091219057080094937609519140440539760939937304")
    70  	curveParams.Base.Y.SetString("19188667384257783945677642223292697773471335439753913231509108946878080696678")
    71  	curveParams.endo[0].SetString("37446463827641770816307242315180085052603635617490163568005256780843403514036")
    72  	curveParams.endo[1].SetString("49199877423542878313146170939139662862850515542392585932876811575731455068989")
    73  	curveParams.lambda.SetString("8913659658109529928382530854484400854125314752504019737736543920008458395397", 10)
    74  	ecc.PrecomputeLattice(&curveParams.Order, &curveParams.lambda, &curveParams.glvBasis)
    75  }
    76  
    77  // mulByA multiplies fr.Element by curveParams.A
    78  func mulByA(x *fr.Element) {
    79  	x.Neg(x)
    80  	fr.MulBy5(x)
    81  }