halo2curves/pasta/
pallas.rs

Help
1use core::{
2    cmp,
3    fmt::Debug,
4    iter::Sum,
5    ops::{Add, Mul, Neg, Sub},
6};
7
8use ff::{Field, PrimeField, WithSmallOrderMulGroup};
9use rand::RngCore;
10use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
11
12use super::{fp::Fp, fq::Fq};
13use crate::{
14    group::{cofactor::CofactorGroup, prime::PrimeCurveAffine, Curve, Group, GroupEncoding},
15    impl_binops_additive, impl_binops_additive_specify_output, impl_binops_multiplicative,
16    impl_binops_multiplicative_mixed, new_curve_impl, Coordinates, CurveAffine, CurveExt,
17};
18
19new_curve_impl!(
20    (pub),
21    Pallas,
22    PallasAffine,
23    Fp,
24    Fq,
25    (- Fp::ONE, Fp::from_raw([2,0,0,0])),
26    Fp::ZERO,
27    Fp::from_raw([5,0,0,0]),
28    "pasta",
29    |domain_prefix| crate::hash_to_curve::hash_to_curve(domain_prefix, Pallas::default_hash_to_curve_suite()),
30    crate::serde::CompressedFlagConfig::SingleSpare,
31    standard_sign
32);
33
34impl CofactorGroup for Pallas {
35    type Subgroup = Pallas;
36
37    fn clear_cofactor(&self) -> Self {
38        *self
39    }
40
41    fn into_subgroup(self) -> CtOption<Self::Subgroup> {
42        CtOption::new(self, 1.into())
43    }
44
45    fn is_torsion_free(&self) -> Choice {
46        1.into()
47    }
48}
49
50impl Pallas {
51    /// Z = -13
52    pub const SVDW_Z: Fp = Fp::from_raw([
53        0x992d30ecfffffff4,
54        0x224698fc094cf91b,
55        0x0000000000000000,
56        0x4000000000000000,
57    ]);
58
59    fn default_hash_to_curve_suite() -> crate::hash_to_curve::Suite<Self, sha2::Sha256, 48> {
60        crate::hash_to_curve::Suite::<Pallas, sha2::Sha256, 48>::new(
61            b"pallas:SHA-256_SVDW_RO_",
62            Self::SVDW_Z,
63            crate::hash_to_curve::Method::SVDW,
64        )
65    }
66}
67
68#[cfg(test)]
69mod test {
70
71    use group::UncompressedEncoding;
72    use rand_core::OsRng;
73
74    use super::*;
75    use crate::{curve_testing_suite, serde::SerdeObject};
76
77    curve_testing_suite!(
78        Pallas,
79        "constants",
80        Fp::MODULUS,
81        Fp::ZERO,
82        Fp::from_raw([5, 0, 0, 0]),
83        -Fp::ONE,
84        Fp::from_raw([2, 0, 0, 0]),
85        Fq::MODULUS
86    );
87
88    curve_testing_suite!(Pallas);
89    curve_testing_suite!(Pallas, "endo_consistency");
90    curve_testing_suite!(Pallas, "ecdsa_example");
91}
halo2curves/pasta/pallas.rs

halo2curves/pasta/
pallas.rs
