penumbra-zone · TalDerei · Nov 17, 2024 · Nov 17, 2024 · Nov 18, 2024 · Nov 18, 2024
diff --git a/Cargo.toml b/Cargo.toml
@@ -22,16 +22,16 @@ zeroize = { version = "1.7", default-features = false }
 num-bigint = { version = "0.4.4", optional = true, default-features = false }
 # std
 hashbrown = { version = "0.14.3", optional = true }
-ark-relations = { version = "0.4", optional = true }
-ark-r1cs-std = { version = "0.4", optional = true }
-ark-std = { version = "0.4", optional = true }
-ark-ec = { version = "0.4", optional = true }
-ark-ff = { version = "0.4", optional = true }
-ark-serialize = { version = "0.4", optional = true }
-ark-bls12-377 = { version = "0.4", optional = true }
-ark-ed-on-bls12-377 = { version = "0.4", optional = true }
-ark-groth16 = { version = "0.4", optional = true }
-ark-snark = { version = "0.4", optional = true }
+ark-relations = { version = "0.5", optional = true }
+ark-r1cs-std = { version = "0.5", optional = true }
+ark-std = { version = "0.5", optional = true }
+ark-ec = { version = "0.5", optional = true }
+ark-ff = { version = "0.5", optional = true }
+ark-serialize = { version = "0.5", optional = true }
+ark-bls12-377 = { version = "0.5", optional = true }
+ark-ed-on-bls12-377 = { version = "0.5", optional = true }
+ark-groth16 = { version = "0.5", optional = true }
+ark-snark = { version = "0.5", optional = true }
 once_cell = { version = "1.8", optional = true, default-features = false }
 
 # This matches what ark-std (a library for no_std compatibility) does, having

diff --git a/src/ark_curve/bls12_377.rs b/src/ark_curve/bls12_377.rs
@@ -5,7 +5,9 @@ use ark_ec::{
     models::CurveConfig,
     short_weierstrass::Affine,
 };
-use ark_ff::{fields::models::fp2::Fp2Config, Field, Fp12Config, Fp2, Fp6, Fp6Config};
+use ark_ff::{
+    fields::models::fp2::Fp2Config, AdditiveGroup, Field, Fp12Config, Fp2, Fp6, Fp6Config,
+};
 
 pub struct F2Config;
 

diff --git a/src/ark_curve/element.rs b/src/ark_curve/element.rs
@@ -1,6 +1,8 @@
-use ark_ec::{AffineRepr, CurveGroup, Group, ScalarMul, VariableBaseMSM};
+use ark_ec::{AffineRepr, CurveGroup, PrimeGroup, ScalarMul, VariableBaseMSM};
+use ark_ff::AdditiveGroup;
 use ark_serialize::Valid;
 use ark_std::vec::Vec;
+use core::ops::AddAssign;
 
 use crate::{
     ark_curve::{edwards::EdwardsAffine, Decaf377EdwardsConfig, EdwardsProjective},
@@ -36,25 +38,6 @@ impl ScalarMul for Element {
 
 impl VariableBaseMSM for Element {}
 
-impl Group for Element {
-    type ScalarField = Fr;
-
-    fn double_in_place(&mut self) -> &mut Self {
-        let inner = *self.inner.double_in_place();
-        *self = Element { inner };
-        self
-    }
-
-    fn generator() -> Self {
-        Self::GENERATOR
-    }
-
-    fn mul_bigint(&self, other: impl AsRef<[u64]>) -> Self {
-        let inner = self.inner.mul_bigint(other);
-        Element { inner }
-    }
-}
-
 impl CurveGroup for Element {
     // We implement `CurveGroup` as it is required by the `CurveVar`
     // trait used in the R1CS feature. The `ProjectiveCurve` trait requires
@@ -100,7 +83,7 @@ impl AffineRepr for AffinePoint {
 
     type Group = Element;
 
-    fn xy(&self) -> Option<(&Self::BaseField, &Self::BaseField)> {
+    fn xy(&self) -> Option<(Self::BaseField, Self::BaseField)> {
         self.inner.xy()
     }
 
@@ -165,3 +148,38 @@ impl From<&AffinePoint> for Element {
         }
     }
 }
+
+impl PrimeGroup for Element {
+    type ScalarField = Fr;
+
+    fn generator() -> Self {
+        Self::GENERATOR
+    }
+
+    fn mul_bigint(&self, other: impl AsRef<[u64]>) -> Self {
+        let inner = self.inner.mul_bigint(other);
+        Element { inner }
+    }
+}
+
+impl AdditiveGroup for Element {
+    type Scalar = Fr;
+
+    const ZERO: Self = Self::ZERO;
+
+    fn double(&self) -> Self {
+        let mut copy = *self;
+        copy.double_in_place();
+        copy
+    }
+
+    fn double_in_place(&mut self) -> &mut Self {
+        self.add_assign(*self);
+        self
+    }
+
+    fn neg_in_place(&mut self) -> &mut Self {
+        *self = -(*self);
+        self
+    }
+}
diff --git a/src/ark_curve/element/projective.rs b/src/ark_curve/element/projective.rs
@@ -1,15 +1,11 @@
-use core::borrow::Borrow;
-use core::hash::Hash;
-
+use super::super::constants::{B_T, B_X, B_Y, B_Z};
+use crate::{ark_curve::EdwardsProjective, Fq, Fr};
 use ark_ff::Zero;
 use ark_std::fmt::{Display, Formatter, Result as FmtResult};
-
+use core::borrow::Borrow;
+use core::hash::Hash;
 use zeroize::Zeroize;
 
-use crate::{ark_curve::EdwardsProjective, Fq, Fr};
-
-use super::super::constants::{B_T, B_X, B_Y, B_Z};
-
 #[derive(Copy, Clone)]
 pub struct Element {
     pub(crate) inner: EdwardsProjective,
@@ -24,6 +20,10 @@ impl Element {
     pub const IDENTITY: Self = Self {
         inner: EdwardsProjective::new_unchecked(Fq::ZERO, Fq::ONE, Fq::ZERO, Fq::ONE),
     };
+
+    pub const ZERO: Self = Self {
+        inner: EdwardsProjective::new_unchecked(Fq::ZERO, Fq::ZERO, Fq::ZERO, Fq::ZERO),
+    };
 }
 
 impl Hash for Element {

diff --git a/src/ark_curve/on_curve.rs b/src/ark_curve/on_curve.rs
@@ -1,6 +1,6 @@
 use ark_ec::{
-    models::{twisted_edwards::Projective, twisted_edwards::TECurveConfig},
-    Group,
+    models::twisted_edwards::{Projective, TECurveConfig},
+    PrimeGroup,
 };
 use ark_ff::{BigInteger, Field, PrimeField, Zero};
 use ark_serialize::CanonicalSerialize;

diff --git a/src/ark_curve/ops/affine.rs b/src/ark_curve/ops/affine.rs
@@ -56,10 +56,10 @@ impl<'a, 'b> Sub<&'b AffinePoint> for &'a AffinePoint {
 }
 
 impl<'b> Sub<&'b AffinePoint> for AffinePoint {
-    type Output = AffinePoint;
+    type Output = Element;
 
-    fn sub(self, other: &'b AffinePoint) -> AffinePoint {
-        &self - other
+    fn sub(self, other: &'b AffinePoint) -> Element {
+        (&self - other).into()
     }
 }
 
@@ -72,9 +72,43 @@ impl<'a> Sub<AffinePoint> for &'a AffinePoint {
 }
 
 impl Sub<AffinePoint> for AffinePoint {
-    type Output = AffinePoint;
+    type Output = Element;
 
-    fn sub(self, other: AffinePoint) -> AffinePoint {
+    fn sub(self, other: AffinePoint) -> Element {
+        (&self - &other).into()
+    }
+}
+
+impl<'a, 'b> Sub<&'b Element> for &'a AffinePoint {
+    type Output = Element;
+
+    fn sub(self, other: &'b Element) -> Element {
+        Element {
+            inner: self.inner - other.inner,
+        }
+    }
+}
+
+impl<'b> Sub<&'b Element> for AffinePoint {
+    type Output = Element;
+
+    fn sub(self, other: &'b Element) -> Element {
+        &self - other
+    }
+}
+
+impl<'a> Sub<Element> for &'a AffinePoint {
+    type Output = Element;
+
+    fn sub(self, other: Element) -> Element {
+        self - &other
+    }
+}
+
+impl Sub<Element> for AffinePoint {
+    type Output = Element;
+
+    fn sub(self, other: Element) -> Element {
         &self - &other
     }
 }

diff --git a/src/ark_curve/ops/projective.rs b/src/ark_curve/ops/projective.rs
@@ -1,6 +1,5 @@
-use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
-
 use crate::{ark_curve::element::projective::Element, ark_curve::AffinePoint, Fr};
+use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
 
 impl<'a, 'b> Add<&'b Element> for &'a Element {
     type Output = Element;
@@ -274,3 +273,57 @@ impl Sub<AffinePoint> for Element {
         &self - &other.into()
     }
 }
+
+impl<'a> Add<&'a mut Element> for Element {
+    type Output = Element;
+
+    fn add(self, other: &'a mut Self) -> Element {
+        Element {
+            inner: self.inner + other.inner,
+        }
+    }
+}
+
+impl<'a> Sub<&'a mut Element> for Element {
+    type Output = Element;
+
+    fn sub(self, other: &'a mut Element) -> Element {
+        Element {
+            inner: self.inner - other.inner,
+        }
+    }
+}
+
+impl<'a> AddAssign<&'a mut Element> for Element {
+    fn add_assign(&mut self, other: &'a mut Element) {
+        *self = Element {
+            inner: self.inner + other.inner,
+        }
+    }
+}
+
+impl<'a> SubAssign<&'a mut Element> for Element {
+    fn sub_assign(&mut self, other: &'a mut Element) {
+        *self = Element {
+            inner: self.inner - other.inner,
+        }
+    }
+}
+
+impl<'a> Mul<&'a mut Fr> for Element {
+    type Output = Element;
+
+    fn mul(self, point: &'a mut Fr) -> Self::Output {
+        let mut p = self.inner;
+        p *= *point;
+        Element { inner: p }
+    }
+}
+
+impl<'a> MulAssign<&'a mut Fr> for Element {
+    fn mul_assign(&mut self, point: &'a mut Fr) {
+        let mut p = self.inner;
+        p *= *point;
+        *self = Element { inner: p }
+    }
+}
diff --git a/src/ark_curve/r1cs/element.rs b/src/ark_curve/r1cs/element.rs
@@ -1,17 +1,20 @@
 #![allow(non_snake_case)]
 use core::borrow::Borrow;
+use core::ops::{Mul, MulAssign};
 
 use ark_ec::AffineRepr;
+use ark_r1cs_std::convert::ToConstraintFieldGadget;
+use ark_r1cs_std::fields::emulated_fp::EmulatedFpVar;
 use ark_r1cs_std::{alloc::AllocVar, eq::EqGadget, prelude::*, R1CSVar};
 use ark_relations::r1cs::{ConstraintSystemRef, SynthesisError};
 use ark_std::vec::Vec;
 
+use super::inner::{Decaf377EdwardsVar, ScalarMultiply, ScalarMultiplyAssign};
 use crate::ark_curve::r1cs::{lazy::LazyElementVar, FqVar};
 use crate::ark_curve::{edwards::EdwardsAffine, r1cs::inner::ElementVar as InnerElementVar};
 use crate::ark_curve::{AffinePoint, Element};
-use crate::Fq;
-
-use super::inner::Decaf377EdwardsVar;
+use crate::{Fq, Fr};
+use ark_r1cs_std::prelude::ToBitsGadget;
 
 #[derive(Clone, Debug)]
 /// Represents the R1CS equivalent of a `decaf377::Element`
@@ -187,13 +190,13 @@ impl ToBitsGadget<Fq> for ElementVar {
 }
 
 impl ToBytesGadget<Fq> for ElementVar {
-    fn to_bytes(&self) -> Result<Vec<UInt8<Fq>>, SynthesisError> {
+    fn to_bytes_le(&self) -> Result<Vec<UInt8<Fq>>, SynthesisError> {
         let compressed_fq = self
             .inner
             .element()
             .expect("element will exist")
-            .to_bytes()?;
-        let encoded_bytes = compressed_fq.to_bytes()?;
+            .to_bytes_le()?;
+        let encoded_bytes = compressed_fq.to_bytes_le()?;
         Ok(encoded_bytes)
     }
 }
@@ -256,3 +259,48 @@ impl CurveVar<Element, Fq> for ElementVar {
         })
     }
 }
+
+// Scalar multiplication
+impl ScalarMultiplyAssign<EmulatedFpVar<Fr, Fq>, LazyElementVar> for LazyElementVar {
+    fn mul_assign_scalar(&mut self, scalar: EmulatedFpVar<Fr, Fq>) {
+        *self = LazyElementVar::new_from_element(self.element().unwrap() * scalar);
+    }
+}
+
+impl ScalarMultiply<EmulatedFpVar<Fr, Fq>, LazyElementVar> for LazyElementVar {
+    fn mul_with_scalar(&self, scalar: &EmulatedFpVar<Fr, Fq>) -> LazyElementVar {
+        LazyElementVar::new_from_element(self.element().unwrap() * scalar.clone())
+    }
+}
+
+impl MulAssign<EmulatedFpVar<Fr, Fq>> for ElementVar {
+    fn mul_assign(&mut self, scalar: EmulatedFpVar<Fr, Fq>) {
+        self.inner.mul_assign_scalar(scalar);
+    }
+}
+
+impl<'a> Mul<&'a EmulatedFpVar<Fr, Fq>> for ElementVar {
+    type Output = ElementVar;
+
+    fn mul(self, scalar: &'a EmulatedFpVar<Fr, Fq>) -> Self::Output {
+        ElementVar {
+            inner: self.inner.mul_with_scalar(scalar),
+        }
+    }
+}
+
+impl Mul<EmulatedFpVar<Fr, Fq>> for ElementVar {
+    type Output = ElementVar;
+
+    fn mul(self, scalar: EmulatedFpVar<Fr, Fq>) -> Self::Output {
+        self * &scalar
+    }
+}
+
+impl ToConstraintFieldGadget<Fq> for ElementVar {
+    fn to_constraint_field(
+        &self,
+    ) -> Result<Vec<ark_r1cs_std::fields::fp::FpVar<Fq>>, ark_relations::r1cs::SynthesisError> {
+        unimplemented!()
+    }
+}