non arkworks point compression

penumbra-zone · Jan 29, 2024 · 0086342 · 0086342
1 parent 7fd8963
commit 0086342
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 18 deletions.
diff --git a/src/encoding.rs b/src/encoding.rs
@@ -87,11 +87,6 @@ impl Element {
         Element { inner: -self.inner }
     }
 
-    #[deprecated(note = "please use `vartime_compress_to_field` instead")]
-    pub fn compress_to_field(&self) -> Fq {
-        self.vartime_compress_to_field()
-    }
-
     pub fn vartime_compress_to_field(&self) -> Fq {
         // This isn't a constant, only because traits don't have const methods
         // yet and subtraction is only implemented as part of the Sub trait.
@@ -118,11 +113,6 @@ impl Element {
         s
     }
 
-    #[deprecated(note = "please use `vartime_compress` instead")]
-    pub fn compress(&self) -> Encoding {
-        self.vartime_compress()
-    }
-
     pub fn vartime_compress(&self) -> Encoding {
         let s = self.vartime_compress_to_field();
 

diff --git a/src/lib.rs b/src/lib.rs
@@ -8,6 +8,9 @@ pub mod fields;
 pub mod smol_curve;
 pub use fields::{fp::Fp, fq::Fq, fr::Fr};
 
+mod sign;
+use sign::Sign;
+
 cfg_if! {
     if #[cfg(feature = "arkworks")] {
         pub mod bls12_377;
@@ -22,7 +25,6 @@ cfg_if! {
         mod ops;
         pub mod rand;
         pub mod serialize;
-        mod sign;
 
         pub use constants::ZETA;
         pub use element::{AffineElement, Element};
@@ -37,7 +39,6 @@ cfg_if! {
         pub use bls12_377::Bls12_377;
 
         use on_curve::OnCurve;
-        use sign::Sign;
 
         /// Return the conventional generator for `decaf377`.
         pub fn basepoint() -> Element {

diff --git a/src/sign.rs b/src/sign.rs
@@ -18,10 +18,6 @@ pub trait Sign: core::ops::Neg<Output = Self> + Sized {
 
 impl Sign for Fq {
     fn is_nonnegative(&self) -> bool {
-        use ark_serialize::CanonicalSerialize;
-        let mut bytes = [0u8; 32];
-        self.serialize_compressed(&mut bytes[..])
-            .expect("serialization into array should be infallible");
-        bytes[0] & 1 == 0
+        (self.to_le_limbs()[0] & 1) == 0
     }
 }
diff --git a/src/smol_curve/element.rs b/src/smol_curve/element.rs
@@ -1,7 +1,7 @@
 use core::ops::{Add, Neg};
 use subtle::{Choice, ConditionallySelectable};
 
-use crate::Fq;
+use crate::{encoding::Encoding, sign::Sign, Fq};
 
 /// COEFF_A = -1
 const COEFF_A: Fq = Fq::from_montgomery_limbs_64([
@@ -151,6 +151,32 @@ impl Element {
     pub fn scalar_mul(self, le_bits: &[u64]) -> Self {
         Self::scalar_mul_both::<true>(self, le_bits)
     }
+
+    pub fn vartime_compress_to_field(&self) -> Fq {
+        let A_MINUS_D = COEFF_A - COEFF_D;
+
+        // 1.
+        let u_1 = (self.x + self.t) * (self.x - self.t);
+
+        // 2.
+        let (_always_square, v) =
+            Fq::non_arkworks_sqrt_ratio_zeta(&Fq::one(), &(u_1 * A_MINUS_D * self.x.square()));
+
+        // 3.
+        let u_2 = (v * u_1).abs();
+
+        // 4.
+        let u_3 = u_2 * self.z - self.t;
+
+        // 5.
+        (A_MINUS_D * v * u_3 * self.x).abs()
+    }
+
+    pub fn vartime_compress(&self) -> Encoding {
+        let s = self.vartime_compress_to_field();
+        let bytes = s.to_bytes_le();
+        Encoding(bytes)
+    }
 }
 
 impl Add for Element {

diff --git a/src/smol_curve/encoding.rs b/src/smol_curve/encoding.rs
@@ -0,0 +1,2 @@
+#[derive(Copy, Clone, Default, Eq, Ord, PartialOrd, PartialEq)]
+pub struct Encoding(pub [u8; 32]);
diff --git a/src/smol_curve/mod.rs b/src/smol_curve/mod.rs
@@ -1,4 +1,5 @@
 mod constants;
 pub mod element;
+pub mod encoding;
 mod invsqrt;
 mod ops;
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#[derive(Copy, Clone, Default, Eq, Ord, PartialOrd, PartialEq)]
		pub struct Encoding(pub [u8; 32]);