mirror of
https://github.com/tornadocash/snarkjs.git
synced 2024-06-15 17:03:39 +02:00
191 lines
5.2 KiB
JavaScript
191 lines
5.2 KiB
JavaScript
/*
|
|
Copyright 2018 0kims association.
|
|
|
|
This file is part of snarkjs.
|
|
|
|
snarkjs is a free software: you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public License as published by the
|
|
Free Software Foundation, either version 3 of the License, or (at your option)
|
|
any later version.
|
|
|
|
snarkjs is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
more details.
|
|
|
|
You should have received a copy of the GNU General Public License along with
|
|
snarkjs. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
const fUtils = require("./futils.js");
|
|
|
|
class GCurve {
|
|
|
|
constructor(F, g) {
|
|
this.F = F;
|
|
this.g = [F.copy(g[0]), F.copy(g[1])];
|
|
if (this.g.length == 2) this.g[2] = this.F.one;
|
|
this.zero = [this.F.zero, this.F.one, this.F.zero];
|
|
}
|
|
|
|
isZero(p) {
|
|
return this.F.isZero(p[2]);
|
|
}
|
|
|
|
add(p1, p2) {
|
|
|
|
const F = this.F;
|
|
|
|
if (this.isZero(p1)) return p2;
|
|
if (this.isZero(p2)) return p1;
|
|
|
|
const res = new Array(3);
|
|
|
|
const Z1Z1 = F.square( p1[2] );
|
|
const Z2Z2 = F.square( p2[2] );
|
|
|
|
const U1 = F.mul( p1[0] , Z2Z2 ); // U1 = X1 * Z2Z2
|
|
const U2 = F.mul( p2[0] , Z1Z1 ); // U2 = X2 * Z1Z1
|
|
|
|
const Z1_cubed = F.mul( p1[2] , Z1Z1);
|
|
const Z2_cubed = F.mul( p2[2] , Z2Z2);
|
|
|
|
const S1 = F.mul( p1[1] , Z2_cubed); // S1 = Y1 * Z2 * Z2Z2
|
|
const S2 = F.mul( p2[1] , Z1_cubed); // S2 = Y2 * Z1 * Z1Z1
|
|
|
|
if (F.equals(U1,U2) && F.equals(S1,S2)) {
|
|
return this.double(p1);
|
|
}
|
|
|
|
const H = F.sub( U2 , U1 ); // H = U2-U1
|
|
|
|
const S2_minus_S1 = F.sub( S2 , S1 );
|
|
|
|
const I = F.square( F.add(H,H) ); // I = (2 * H)^2
|
|
const J = F.mul( H , I ); // J = H * I
|
|
|
|
const r = F.add( S2_minus_S1 , S2_minus_S1 ); // r = 2 * (S2-S1)
|
|
const V = F.mul( U1 , I ); // V = U1 * I
|
|
|
|
res[0] =
|
|
F.sub(
|
|
F.sub( F.square(r) , J ),
|
|
F.add( V , V )); // X3 = r^2 - J - 2 * V
|
|
|
|
const S1_J = F.mul( S1 , J );
|
|
|
|
res[1] =
|
|
F.sub(
|
|
F.mul( r , F.sub(V,res[0])),
|
|
F.add( S1_J,S1_J )); // Y3 = r * (V-X3)-2 S1 J
|
|
|
|
res[2] =
|
|
F.mul(
|
|
H,
|
|
F.sub(
|
|
F.square( F.add(p1[2],p2[2]) ),
|
|
F.add( Z1Z1 , Z2Z2 ))); // Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2) * H
|
|
|
|
return res;
|
|
}
|
|
|
|
neg(p) {
|
|
return [p[0], this.F.neg(p[1]), p[2]];
|
|
}
|
|
|
|
sub(a, b) {
|
|
return this.add(a, this.neg(b));
|
|
}
|
|
|
|
double(p) {
|
|
const F = this.F;
|
|
|
|
const res = new Array(3);
|
|
|
|
if (this.isZero(p)) return p;
|
|
|
|
const A = F.square( p[0] ); // A = X1^2
|
|
const B = F.square( p[1] ); // B = Y1^2
|
|
const C = F.square( B ); // C = B^2
|
|
|
|
let D =
|
|
F.sub(
|
|
F.square( F.add(p[0] , B )),
|
|
F.add( A , C));
|
|
D = F.add(D,D); // D = 2 * ((X1 + B)^2 - A - C)
|
|
|
|
const E = F.add( F.add(A,A), A); // E = 3 * A
|
|
const FF =F.square( E ); // F = E^2
|
|
|
|
res[0] = F.sub( FF , F.add(D,D) ); // X3 = F - 2 D
|
|
|
|
let eightC = F.add( C , C );
|
|
eightC = F.add( eightC , eightC );
|
|
eightC = F.add( eightC , eightC );
|
|
|
|
res[1] =
|
|
F.sub(
|
|
F.mul(
|
|
E,
|
|
F.sub( D, res[0] )),
|
|
eightC); // Y3 = E * (D - X3) - 8 * C
|
|
|
|
const Y1Z1 = F.mul( p[1] , p[2] );
|
|
res[2] = F.add( Y1Z1 , Y1Z1 ); // Z3 = 2 * Y1 * Z1
|
|
|
|
return res;
|
|
}
|
|
|
|
mulScalar(base, e) {
|
|
return fUtils.mulScalar(this, base, e);
|
|
}
|
|
|
|
affine(p) {
|
|
const F = this.F;
|
|
if (this.isZero(p)) {
|
|
return this.zero;
|
|
} else {
|
|
const Z_inv = F.inverse(p[2]);
|
|
const Z2_inv = F.square(Z_inv);
|
|
const Z3_inv = F.mul(Z2_inv, Z_inv);
|
|
|
|
const res = new Array(3);
|
|
res[0] = F.affine( F.mul(p[0],Z2_inv));
|
|
res[1] = F.affine( F.mul(p[1],Z3_inv));
|
|
res[2] = F.one;
|
|
|
|
return res;
|
|
}
|
|
}
|
|
|
|
equals(p1, p2) {
|
|
const F = this.F;
|
|
|
|
if (this.isZero(p1)) return this.isZero(p2);
|
|
if (this.isZero(p2)) return this.isZero(p1);
|
|
|
|
const Z1Z1 = F.square( p1[2] );
|
|
const Z2Z2 = F.square( p2[2] );
|
|
|
|
const U1 = F.mul( p1[0] , Z2Z2 );
|
|
const U2 = F.mul( p2[0] , Z1Z1 );
|
|
|
|
const Z1_cubed = F.mul( p1[2] , Z1Z1);
|
|
const Z2_cubed = F.mul( p2[2] , Z2Z2);
|
|
|
|
const S1 = F.mul( p1[1] , Z2_cubed);
|
|
const S2 = F.mul( p2[1] , Z1_cubed);
|
|
|
|
return (F.equals(U1,U2) && F.equals(S1,S2));
|
|
}
|
|
|
|
toString(p) {
|
|
const cp = this.affine(p);
|
|
return `[ ${this.F.toString(cp[0])} , ${this.F.toString(cp[1])} ]`;
|
|
}
|
|
|
|
}
|
|
|
|
module.exports = GCurve;
|
|
|