Added libff

trusted_libff/AUTHORS

+SCIPR Lab:
+    Eli Ben-Sasson
+    Alessandro Chiesa
+    Eran Tromer
+    Madars Virza
+    Howard Wu
+
+External contributors:
+    Alexander Chernyakhovsky (Google Inc.)
+    Aleksejs Popovs

trusted_libff/CMakeLists.txt

+cmake_minimum_required(VERSION 2.8)
+
+project (libff)
+
+# Default to RelWithDebInfo configuration if no configuration is explicitly specified.
+if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
+  set(CMAKE_BUILD_TYPE RelWithDebInfo CACHE STRING "Build type on single-configuration generators" FORCE)
+endif()
+
+set(
+  CURVE
+  "BN128"
+  CACHE
+  STRING
+  "Default curve: one of ALT_BN128, BN128, EDWARDS, MNT4, MNT6"
+)
+
+option(
+  DEBUG
+  "Enable debugging mode"
+  OFF
+)
+option(
+  LOWMEM
+  "Limit the size of multi-exponentiation tables, for low-memory platforms"
+  OFF
+)
+option(
+  MULTICORE
+  "Enable parallelized execution, using OpenMP"
+  OFF
+)
+option(
+  BINARY_OUTPUT
+  "In serialization, output raw binary data (instead of decimal), which is smaller and faster."
+  ON
+)
+option(
+  MONTGOMERY_OUTPUT
+  "Serialize Fp elements as their Montgomery representations (faster but not human-readable)"
+  ON
+)
+option(
+  USE_PT_COMPRESSION
+  "Use point compression"
+  ON
+)
+option(
+  PROFILE_OP_COUNTS
+  "Collect counts for field and curve operations"
+  OFF
+)
+option(
+  USE_MIXED_ADDITION
+  "Convert each element of the key pair to affine coordinates"
+  OFF
+)
+
+option(
+  WITH_PROCPS
+  "Use procps for memory profiling"
+  ON
+)
+
+option(
+  CPPDEBUG
+  "Enable debugging of C++ STL (does not imply DEBUG)"
+  OFF
+)
+
+option(
+  PERFORMANCE
+  "Enable link-time and aggressive optimizations"
+  OFF
+)
+
+option(
+  USE_ASM
+  "Use architecture-specific optimized assembly code"
+  ON
+)
+
+option(
+  IS_LIBFF_PARENT
+  "Install submodule dependencies if caller originates from here"
+  ON
+)
+
+if(CMAKE_COMPILER_IS_GNUCXX OR "${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
+  # Common compilation flags and warning configuration
+  set(
+    CMAKE_CXX_FLAGS
+    "${CMAKE_CXX_FLAGS} -std=c++11 -Wall -Wextra -Wfatal-errors"
+  )
+  if("${MULTICORE}")
+      set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fopenmp")
+  endif()
+endif()
+
+find_path(GMP_INCLUDE_DIR NAMES gmp.h)
+find_library(GMP_LIBRARY gmp)
+if(GMP_LIBRARY MATCHES ${CMAKE_SHARED_LIBRARY_SUFFIX})
+  set(gmp_library_type SHARED)
+else()
+  set(gmp_library_type STATIC)
+endif()
+message(STATUS "GMP: ${GMP_LIBRARY}, ${GMP_INCLUDE_DIR}")
+add_library(GMP::gmp ${gmp_library_type} IMPORTED)
+set_target_properties(
+  GMP::gmp PROPERTIES
+  IMPORTED_LOCATION ${GMP_LIBRARY}
+  INTERFACE_INCLUDE_DIRECTORIES ${GMP_INCLUDE_DIR}
+)
+
+find_package(OpenSSL REQUIRED)
+INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
+
+if("${WITH_PROCPS}")
+  include(FindPkgConfig)
+  pkg_check_modules(
+    PROCPS
+    REQUIRED
+
+    libprocps
+  )
+else()
+  add_definitions(
+    -DNO_PROCPS
+  )
+endif()
+
+add_definitions(
+  -DCURVE_${CURVE}
+)
+
+enable_testing()
+
+if(${CURVE} STREQUAL "BN128")
+  add_definitions(
+    -DBN_SUPPORT_SNARK=1
+  )
+endif()
+
+if("${DEBUG}")
+  add_definitions(-DDEBUG=1)
+endif()
+
+if("${LOWMEM}")
+  add_definitions(-DLOWMEM=1)
+endif()
+
+if("${MULTICORE}")
+  add_definitions(-DMULTICORE=1)
+endif()
+
+if("${BINARY_OUTPUT}")
+  add_definitions(-DBINARY_OUTPUT)
+endif()
+
+if("${MONTGOMERY_OUTPUT}")
+  add_definitions(-DMONTGOMERY_OUTPUT)
+endif()
+
+if(NOT "${USE_PT_COMPRESSION}")
+  add_definitions(-DNO_PT_COMPRESSION=1)
+endif()
+
+if("${PROFILE_OP_COUNTS}")
+  add_definitions(-DPROFILE_OP_COUNTS=1)
+endif()
+
+if("${USE_MIXED_ADDITION}")
+  add_definitions(-DUSE_MIXED_ADDITION=1)
+endif()
+
+if("${CPPDEBUG}")
+  add_definitions(-D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC)
+endif()
+
+if("${PERFORMANCE}")
+  add_definitions(-DNDEBUG)
+  set(
+    CMAKE_CXX_FLAGS
+    "${CMAKE_CXX_FLAGS} -flto -fuse-linker-plugin"
+  )
+  set(
+    CMAKE_EXE_LINKER_FLAGS
+    "${CMAKE_EXE_LINKER_FLAGS} -flto"
+  )
+endif()
+
+if("${USE_ASM}")
+  add_definitions(-DUSE_ASM)
+endif()
+
+# Configure CCache if available
+find_program(CCACHE_FOUND ccache)
+if(CCACHE_FOUND)
+        set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ccache)
+        set_property(GLOBAL PROPERTY RULE_LAUNCH_LINK ccache)
+endif(CCACHE_FOUND)
+
+if ("${IS_LIBFF_PARENT}")
+  find_program(
+    MARKDOWN
+
+    markdown_py
+    DOC "Path to markdown_py binary"
+  )
+  if(MARKDOWN-NOTFOUND)
+  else()
+     add_custom_target(
+       doc
+       ${MARKDOWN} -f ${CMAKE_CURRENT_BINARY_DIR}/README.html -x toc -x extra --noisy ${CMAKE_CURRENT_SOURCE_DIR}/README.md
+       WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+       COMMENT "Translating from markdown to HTML" VERBATIM
+     )
+  endif()
+
+  # Add a `make check` target that builds and tests
+  add_custom_target(check COMMAND ${CMAKE_CTEST_COMMAND})
+
+  # Add a `make profile` target that builds and profiles
+  add_custom_target(
+    profile
+    COMMAND ${CMAKE_COMMAND}
+     -E echo 'Built target finished'
+  )
+
+  add_subdirectory(depends)
+endif()
+add_subdirectory(libff)

trusted_libff/LICENSE

+The libff library is developed by SCIPR Lab (http://scipr-lab.org)
+and contributors.
+
+Copyright (c) 2012-2014 SCIPR Lab and contributors (see AUTHORS file).
+
+All files, with the exceptions below, are released under the MIT License:
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.

trusted_libff/libff/AUTHORS

+SCIPR Lab:
+    Eli Ben-Sasson
+    Alessandro Chiesa
+    Eran Tromer
+    Madars Virza
+    Howard Wu
+
+External contributors:
+    Alexander Chernyakhovsky (Google Inc.)
+    Aleksejs Popovs

trusted_libff/libff/CMakeLists.txt

+cmake_minimum_required(VERSION 2.8)
+
+project (libff)
+
+# Default to RelWithDebInfo configuration if no configuration is explicitly specified.
+if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
+  set(CMAKE_BUILD_TYPE RelWithDebInfo CACHE STRING "Build type on single-configuration generators" FORCE)
+endif()
+
+set(
+  CURVE
+  "BN128"
+  CACHE
+  STRING
+  "Default curve: one of ALT_BN128, BN128, EDWARDS, MNT4, MNT6"
+)
+
+option(
+  DEBUG
+  "Enable debugging mode"
+  OFF
+)
+option(
+  LOWMEM
+  "Limit the size of multi-exponentiation tables, for low-memory platforms"
+  OFF
+)
+option(
+  MULTICORE
+  "Enable parallelized execution, using OpenMP"
+  OFF
+)
+option(
+  BINARY_OUTPUT
+  "In serialization, output raw binary data (instead of decimal), which is smaller and faster."
+  ON
+)
+option(
+  MONTGOMERY_OUTPUT
+  "Serialize Fp elements as their Montgomery representations (faster but not human-readable)"
+  ON
+)
+option(
+  USE_PT_COMPRESSION
+  "Use point compression"
+  ON
+)
+option(
+  PROFILE_OP_COUNTS
+  "Collect counts for field and curve operations"
+  OFF
+)
+option(
+  USE_MIXED_ADDITION
+  "Convert each element of the key pair to affine coordinates"
+  OFF
+)
+
+option(
+  WITH_PROCPS
+  "Use procps for memory profiling"
+  ON
+)
+
+option(
+  CPPDEBUG
+  "Enable debugging of C++ STL (does not imply DEBUG)"
+  OFF
+)
+
+option(
+  PERFORMANCE
+  "Enable link-time and aggressive optimizations"
+  OFF
+)
+
+option(
+  USE_ASM
+  "Use architecture-specific optimized assembly code"
+  ON
+)
+
+option(
+  IS_LIBFF_PARENT
+  "Install submodule dependencies if caller originates from here"
+  ON
+)
+
+if(CMAKE_COMPILER_IS_GNUCXX OR "${CMAKE_CXX_COMPILER_ID}" STREQUAL "Clang")
+  # Common compilation flags and warning configuration
+  set(
+    CMAKE_CXX_FLAGS
+    "${CMAKE_CXX_FLAGS} -std=c++11 -Wall -Wextra -Wfatal-errors"
+  )
+  if("${MULTICORE}")
+      set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fopenmp")
+  endif()
+endif()
+
+find_path(GMP_INCLUDE_DIR NAMES gmp.h)
+find_library(GMP_LIBRARY gmp)
+if(GMP_LIBRARY MATCHES ${CMAKE_SHARED_LIBRARY_SUFFIX})
+  set(gmp_library_type SHARED)
+else()
+  set(gmp_library_type STATIC)
+endif()
+message(STATUS "GMP: ${GMP_LIBRARY}, ${GMP_INCLUDE_DIR}")
+add_library(GMP::gmp ${gmp_library_type} IMPORTED)
+set_target_properties(
+  GMP::gmp PROPERTIES
+  IMPORTED_LOCATION ${GMP_LIBRARY}
+  INTERFACE_INCLUDE_DIRECTORIES ${GMP_INCLUDE_DIR}
+)
+
+find_package(OpenSSL REQUIRED)
+INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
+
+if("${WITH_PROCPS}")
+  include(FindPkgConfig)
+  pkg_check_modules(
+    PROCPS
+    REQUIRED
+
+    libprocps
+  )
+else()
+  add_definitions(
+    -DNO_PROCPS
+  )
+endif()
+
+add_definitions(
+  -DCURVE_${CURVE}
+)
+
+enable_testing()
+
+if(${CURVE} STREQUAL "BN128")
+  add_definitions(
+    -DBN_SUPPORT_SNARK=1
+  )
+endif()
+
+if("${DEBUG}")
+  add_definitions(-DDEBUG=1)
+endif()
+
+if("${LOWMEM}")
+  add_definitions(-DLOWMEM=1)
+endif()
+
+if("${MULTICORE}")
+  add_definitions(-DMULTICORE=1)
+endif()
+
+if("${BINARY_OUTPUT}")
+  add_definitions(-DBINARY_OUTPUT)
+endif()
+
+if("${MONTGOMERY_OUTPUT}")
+  add_definitions(-DMONTGOMERY_OUTPUT)
+endif()
+
+if(NOT "${USE_PT_COMPRESSION}")
+  add_definitions(-DNO_PT_COMPRESSION=1)
+endif()
+
+if("${PROFILE_OP_COUNTS}")
+  add_definitions(-DPROFILE_OP_COUNTS=1)
+endif()
+
+if("${USE_MIXED_ADDITION}")
+  add_definitions(-DUSE_MIXED_ADDITION=1)
+endif()
+
+if("${CPPDEBUG}")
+  add_definitions(-D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC)
+endif()
+
+if("${PERFORMANCE}")
+  add_definitions(-DNDEBUG)
+  set(
+    CMAKE_CXX_FLAGS
+    "${CMAKE_CXX_FLAGS} -flto -fuse-linker-plugin"
+  )
+  set(
+    CMAKE_EXE_LINKER_FLAGS
+    "${CMAKE_EXE_LINKER_FLAGS} -flto"
+  )
+endif()
+
+if("${USE_ASM}")
+  add_definitions(-DUSE_ASM)
+endif()
+
+# Configure CCache if available
+find_program(CCACHE_FOUND ccache)
+if(CCACHE_FOUND)
+        set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ccache)
+        set_property(GLOBAL PROPERTY RULE_LAUNCH_LINK ccache)
+endif(CCACHE_FOUND)
+
+if ("${IS_LIBFF_PARENT}")
+  find_program(
+    MARKDOWN
+
+    markdown_py
+    DOC "Path to markdown_py binary"
+  )
+  if(MARKDOWN-NOTFOUND)
+  else()
+     add_custom_target(
+       doc
+       ${MARKDOWN} -f ${CMAKE_CURRENT_BINARY_DIR}/README.html -x toc -x extra --noisy ${CMAKE_CURRENT_SOURCE_DIR}/README.md
+       WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+       COMMENT "Translating from markdown to HTML" VERBATIM
+     )
+  endif()
+
+  # Add a `make check` target that builds and tests
+  add_custom_target(check COMMAND ${CMAKE_CTEST_COMMAND})
+
+  # Add a `make profile` target that builds and profiles
+  add_custom_target(
+    profile
+    COMMAND ${CMAKE_COMMAND}
+     -E echo 'Built target finished'
+  )
+
+  add_subdirectory(depends)
+endif()
+add_subdirectory(libff)

trusted_libff/libff/LICENSE

+The libff library is developed by SCIPR Lab (http://scipr-lab.org)
+and contributors.
+
+Copyright (c) 2012-2014 SCIPR Lab and contributors (see AUTHORS file).
+
+All files, with the exceptions below, are released under the MIT License:
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.

trusted_libff/libff/README.md

+<h1 align="center">libff</h1>
+<h4 align="center">C++ library for Finite Fields and Elliptic Curves</h4>
+
+___libff___ is a C++ library for finite fields and elliptic curves. The library is developed by [SCIPR Lab] and contributors (see [AUTHORS] file) and is released under the MIT License (see [LICENSE] file).
+
+## Table of contents
+
+- [Directory structure](#directory-structure)
+- [Elliptic curve choices](#elliptic-curve-choices)
+- [Build guide](#build-guide)
+
+## Directory structure
+
+The directory structure is as follows:
+
+* [__libff__](libff): C++ source code, containing the following modules:
+  * [__algebra__](libff/algebra): fields and elliptic curve groups
+  * [__common__](libff/common): miscellaneous utilities
+* [__depends__](depends): dependency libraries
+
+## Elliptic curve choices
+
+The libsnark library currently provides three options:
+
+* `edwards`:
+   an instantiation based on an Edwards curve, providing 80 bits of security.
+
+* `bn128`:
+   an instantiation based on a Barreto-Naehrig curve, providing 128
+   bits of security. The underlying curve implementation is
+   \[ate-pairing], which has incorporated our patch that changes the
+   BN curve to one suitable for SNARK applications.
+
+    *   This implementation uses dynamically-generated machine code for the curve
+        arithmetic. Some modern systems disallow execution of code on the heap, and
+        will thus block this implementation.
+
+        For example, on Fedora 20 at its default settings, you will get the error
+        `zmInit ERR:can't protect` when running this code. To solve this,
+        run `sudo setsebool -P allow_execheap 1` to allow execution,
+        or use `make CURVE=ALT_BN128` instead.
+
+* `alt_bn128`:
+   an alternative to `bn128`, somewhat slower but avoids dynamic code generation.
+
+Note that `bn128` requires an x86-64 CPU while the other curve choices
+should be architecture-independent.
+
+## Build guide
+
+The library has the following dependencies:
+
+* [Boost](http://www.boost.org/)
+* [CMake](http://cmake.org/)
+* [GMP](http://gmplib.org/)
+* [libprocps](http://packages.ubuntu.com/trusty/libprocps-dev)
+
+The library has been tested on Linux, but it is compatible with Windows and Mac OS X.
+
+### Installation
+
+On Ubuntu 14.04 LTS:
+
+```
+sudo apt-get install build-essential git libboost-all-dev cmake libgmp3-dev libssl-dev libprocps3-dev pkg-config
+```
+
+Fetch dependencies from their GitHub repos:
+
+```
+git submodule init && git submodule update
+```
+
+### Compilation
+
+To compile, starting at the project root directory, create the build directory and Makefile:
+
+```
+mkdir build && cd build && cmake ..
+```
+Optionally, you can specify the install location by providing the desired install path prefix:
+```
+cmake .. -DCMAKE_INSTALL_PREFIX=/install/path
+```
+
+Then, to compile and install the library, run this within the build directory:
+```
+make
+make install
+```
+
+This will install `libff.a` into `/install/path/lib`; so your application should be linked using `-L/install/path/lib -lff`. It also installs the requisite headers into `/install/path/include`; so your application should be compiled using `-I/install/path/include`.
+
+## Testing
+
+To execute the tests for this library, run:
+```
+make check
+```
+
+## Profile
+
+To compile the multi-exponentiation profiler in this library, run:
+```
+make profile
+```
+The resulting profiler is named `multiexp_profile` and can be found in the `libff` folder under the build directory.
+
+[SCIPR Lab]: http://www.scipr-lab.org/ (Succinct Computational Integrity and Privacy Research Lab)
+
+[LICENSE]: LICENSE (LICENSE file in top directory of libff distribution)
+
+[AUTHORS]: AUTHORS (AUTHORS file in top directory of libff distribution)

trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_g1.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef ALT_BN128_G1_HPP_
+#define ALT_BN128_G1_HPP_
+#include <vector>
+
+#include <libff/common/utils.hpp>
+
+#include <libff/algebra/curves/alt_bn128/alt_bn128_init.hpp>
+#include <libff/algebra/curves/curve_utils.hpp>
+
+namespace libff {
+
+class alt_bn128_G1;
+class alt_bn128_G1 {
+public:
+#ifdef PROFILE_OP_COUNTS
+    static long long add_cnt;
+    static long long dbl_cnt;
+#endif
+    static std::vector<size_t> wnaf_window_table;
+    static std::vector<size_t> fixed_base_exp_window_table;
+    static alt_bn128_G1 G1_zero;
+    static alt_bn128_G1 G1_one;
+
+    typedef alt_bn128_Fq base_field;
+    typedef alt_bn128_Fr scalar_field;
+
+    alt_bn128_Fq X, Y, Z;
+
+    // using Jacobian coordinates
+    alt_bn128_G1();
+    alt_bn128_G1(const alt_bn128_Fq& X, const alt_bn128_Fq& Y, const alt_bn128_Fq& Z) : X(X), Y(Y), Z(Z) {};
+
+    void print() const;
+    void print_coordinates() const;
+
+    void to_affine_coordinates();
+    void to_special();
+    bool is_special() const;
+
+    bool is_zero() const;
+
+    bool operator==(const alt_bn128_G1 &other) const;
+    bool operator!=(const alt_bn128_G1 &other) const;
+
+    alt_bn128_G1 operator+(const alt_bn128_G1 &other) const;
+    alt_bn128_G1 operator-() const;
+    alt_bn128_G1 operator-(const alt_bn128_G1 &other) const;
+
+    alt_bn128_G1 add(const alt_bn128_G1 &other) const;
+    alt_bn128_G1 mixed_add(const alt_bn128_G1 &other) const;
+    alt_bn128_G1 dbl() const;
+
+    bool is_well_formed() const;
+
+    static alt_bn128_G1 zero();
+    static alt_bn128_G1 one();
+    static alt_bn128_G1 random_element();
+
+    static size_t size_in_bits() { return base_field::size_in_bits() + 1; }
+    static bigint<base_field::num_limbs> base_field_char() { return base_field::field_char(); }
+    static bigint<scalar_field::num_limbs> order() { return scalar_field::field_char(); }
+
+    static void batch_to_special_all_non_zeros(std::vector<alt_bn128_G1> &vec);
+};
+
+template<mp_size_t m>
+alt_bn128_G1 operator*(const bigint<m> &lhs, const alt_bn128_G1 &rhs)
+{
+    return scalar_mul<alt_bn128_G1, m>(rhs, lhs);
+}
+
+template<mp_size_t m, const bigint<m>& modulus_p>
+alt_bn128_G1 operator*(const Fp_model<m,modulus_p> &lhs, const alt_bn128_G1 &rhs)
+{
+    return scalar_mul<alt_bn128_G1, m>(rhs, lhs.as_bigint());
+}
+
+skale::ostream& operator<<(skale::ostream& out, const std::vector<alt_bn128_G1> &v);
+skale::istream& operator>>(skale::istream& in, std::vector<alt_bn128_G1> &v);
+
+} // libff
+#endif // ALT_BN128_G1_HPP_

trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_init.cpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#include <libff/algebra/curves/alt_bn128/alt_bn128_g1.hpp>
+#include <libff/algebra/curves/alt_bn128/alt_bn128_init.hpp>
+
+namespace libff {
+
+bigint<alt_bn128_r_limbs> alt_bn128_modulus_r;
+bigint<alt_bn128_q_limbs> alt_bn128_modulus_q;
+
+alt_bn128_Fq alt_bn128_coeff_b;
+alt_bn128_Fq alt_bn128_twist_mul_by_b_c0;
+alt_bn128_Fq alt_bn128_twist_mul_by_b_c1;
+
+bigint<alt_bn128_q_limbs> alt_bn128_ate_loop_count;
+bool alt_bn128_ate_is_loop_count_neg;
+bigint<12*alt_bn128_q_limbs> alt_bn128_final_exponent;
+bigint<alt_bn128_q_limbs> alt_bn128_final_exponent_z;
+bool alt_bn128_final_exponent_is_z_neg;
+
+void init_alt_bn128_params()
+{
+    typedef bigint<alt_bn128_r_limbs> bigint_r;
+    typedef bigint<alt_bn128_q_limbs> bigint_q;
+
+    assert(sizeof(mp_limb_t) == 8 || sizeof(mp_limb_t) == 4); // Montgomery assumes this
+
+    /* parameters for scalar field Fr */
+
+    alt_bn128_modulus_r = bigint_r("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+    assert(alt_bn128_Fr::modulus_is_valid());
+    if (sizeof(mp_limb_t) == 8)
+    {
+        alt_bn128_Fr::Rsquared = bigint_r("944936681149208446651664254269745548490766851729442924617792859073125903783");
+        alt_bn128_Fr::Rcubed = bigint_r("5866548545943845227489894872040244720403868105578784105281690076696998248512");
+        alt_bn128_Fr::inv = 0xc2e1f593efffffff;
+    }
+    if (sizeof(mp_limb_t) == 4)
+    {
+        alt_bn128_Fr::Rsquared = bigint_r("944936681149208446651664254269745548490766851729442924617792859073125903783");
+        alt_bn128_Fr::Rcubed = bigint_r("5866548545943845227489894872040244720403868105578784105281690076696998248512");
+        alt_bn128_Fr::inv = 0xefffffff;
+    }
+    alt_bn128_Fr::num_bits = 254;
+    alt_bn128_Fr::euler = bigint_r("10944121435919637611123202872628637544274182200208017171849102093287904247808");
+    alt_bn128_Fr::s = 28;
+    alt_bn128_Fr::t = bigint_r("81540058820840996586704275553141814055101440848469862132140264610111");
+    alt_bn128_Fr::t_minus_1_over_2 = bigint_r("40770029410420498293352137776570907027550720424234931066070132305055");
+    alt_bn128_Fr::multiplicative_generator = alt_bn128_Fr("5");
+    alt_bn128_Fr::root_of_unity = alt_bn128_Fr("19103219067921713944291392827692070036145651957329286315305642004821462161904");
+    alt_bn128_Fr::nqr = alt_bn128_Fr("5");
+    alt_bn128_Fr::nqr_to_t = alt_bn128_Fr("19103219067921713944291392827692070036145651957329286315305642004821462161904");
+
+    /* parameters for base field Fq */
+
+    alt_bn128_modulus_q = bigint_q("21888242871839275222246405745257275088696311157297823662689037894645226208583");
+    assert(alt_bn128_Fq::modulus_is_valid());
+    if (sizeof(mp_limb_t) == 8)
+    {
+        alt_bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735540968419076528771170197431451843209");
+        alt_bn128_Fq::Rcubed = bigint_q("14921786541159648185948152738563080959093619838510245177710943249661917737183");
+        alt_bn128_Fq::inv = 0x87d20782e4866389;
+    }
+    if (sizeof(mp_limb_t) == 4)
+    {
+        alt_bn128_Fq::Rsquared = bigint_q("3096616502983703923843567936837374451735540968419076528771170197431451843209");
+        alt_bn128_Fq::Rcubed = bigint_q("14921786541159648185948152738563080959093619838510245177710943249661917737183");
+        alt_bn128_Fq::inv = 0xe4866389;
+    }
+    alt_bn128_Fq::num_bits = 254;
+    alt_bn128_Fq::euler = bigint_q("10944121435919637611123202872628637544348155578648911831344518947322613104291");
+    alt_bn128_Fq::s = 1;
+    alt_bn128_Fq::t = bigint_q("10944121435919637611123202872628637544348155578648911831344518947322613104291");
+    alt_bn128_Fq::t_minus_1_over_2 = bigint_q("5472060717959818805561601436314318772174077789324455915672259473661306552145");
+    alt_bn128_Fq::multiplicative_generator = alt_bn128_Fq("3");
+    alt_bn128_Fq::root_of_unity = alt_bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
+    alt_bn128_Fq::nqr = alt_bn128_Fq("3");
+    alt_bn128_Fq::nqr_to_t = alt_bn128_Fq("21888242871839275222246405745257275088696311157297823662689037894645226208582");
+
+
+    /* choice of short Weierstrass curve and its twist */
+
+    alt_bn128_coeff_b = alt_bn128_Fq("3");
+
+    /* choice of group G1 */
+    alt_bn128_G1::G1_zero = alt_bn128_G1(alt_bn128_Fq::zero(),
+                                     alt_bn128_Fq::one(),
+                                     alt_bn128_Fq::zero());
+    alt_bn128_G1::G1_one = alt_bn128_G1(alt_bn128_Fq("1"),
+                                    alt_bn128_Fq("2"),
+                                    alt_bn128_Fq::one());
+    alt_bn128_G1::wnaf_window_table.resize(0);
+    alt_bn128_G1::wnaf_window_table.push_back(11);
+    alt_bn128_G1::wnaf_window_table.push_back(24);
+    alt_bn128_G1::wnaf_window_table.push_back(60);
+    alt_bn128_G1::wnaf_window_table.push_back(127);
+
+    alt_bn128_G1::fixed_base_exp_window_table.resize(0);
+    // window 1 is unbeaten in [-inf, 4.99]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(1);
+    // window 2 is unbeaten in [4.99, 10.99]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(5);
+    // window 3 is unbeaten in [10.99, 32.29]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(11);
+    // window 4 is unbeaten in [32.29, 55.23]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(32);
+    // window 5 is unbeaten in [55.23, 162.03]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(55);
+    // window 6 is unbeaten in [162.03, 360.15]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(162);
+    // window 7 is unbeaten in [360.15, 815.44]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(360);
+    // window 8 is unbeaten in [815.44, 2373.07]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(815);
+    // window 9 is unbeaten in [2373.07, 6977.75]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(2373);
+    // window 10 is unbeaten in [6977.75, 7122.23]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(6978);
+    // window 11 is unbeaten in [7122.23, 57818.46]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(7122);
+    // window 12 is never the best
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(0);
+    // window 13 is unbeaten in [57818.46, 169679.14]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(57818);
+    // window 14 is never the best
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(0);
+    // window 15 is unbeaten in [169679.14, 439758.91]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(169679);
+    // window 16 is unbeaten in [439758.91, 936073.41]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(439759);
+    // window 17 is unbeaten in [936073.41, 4666554.74]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(936073);
+    // window 18 is never the best
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(0);
+    // window 19 is unbeaten in [4666554.74, 7580404.42]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(4666555);
+    // window 20 is unbeaten in [7580404.42, 34552892.20]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(7580404);
+    // window 21 is never the best
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(0);
+    // window 22 is unbeaten in [34552892.20, inf]
+    alt_bn128_G1::fixed_base_exp_window_table.push_back(34552892);
+
+
+    /* pairing parameters */
+
+    alt_bn128_ate_loop_count = bigint_q("29793968203157093288");
+    alt_bn128_ate_is_loop_count_neg = false;
+    alt_bn128_final_exponent = bigint<12*alt_bn128_q_limbs>("552484233613224096312617126783173147097382103762957654188882734314196910839907541213974502761540629817009608548654680343627701153829446747810907373256841551006201639677726139946029199968412598804882391702273019083653272047566316584365559776493027495458238373902875937659943504873220554161550525926302303331747463515644711876653177129578303191095900909191624817826566688241804408081892785725967931714097716709526092261278071952560171111444072049229123565057483750161460024353346284167282452756217662335528813519139808291170539072125381230815729071544861602750936964829313608137325426383735122175229541155376346436093930287402089517426973178917569713384748081827255472576937471496195752727188261435633271238710131736096299798168852925540549342330775279877006784354801422249722573783561685179618816480037695005515426162362431072245638324744480");
+    alt_bn128_final_exponent_z = bigint_q("4965661367192848881");
+    alt_bn128_final_exponent_is_z_neg = false;
+
+}
+} // libff

trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_init.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef ALT_BN128_INIT_HPP_
+#define ALT_BN128_INIT_HPP_
+#include <libff/algebra/curves/public_params.hpp>
+#include <libff/algebra/fields/fp.hpp>
+
+namespace libff {
+
+const mp_size_t alt_bn128_r_bitcount = 254;
+const mp_size_t alt_bn128_q_bitcount = 254;
+
+const mp_size_t alt_bn128_r_limbs = (alt_bn128_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS;
+const mp_size_t alt_bn128_q_limbs = (alt_bn128_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS;
+
+extern bigint<alt_bn128_r_limbs> alt_bn128_modulus_r;
+extern bigint<alt_bn128_q_limbs> alt_bn128_modulus_q;
+
+typedef Fp_model<alt_bn128_r_limbs, alt_bn128_modulus_r> alt_bn128_Fr;
+typedef Fp_model<alt_bn128_q_limbs, alt_bn128_modulus_q> alt_bn128_Fq;
+
+// parameters for Barreto--Naehrig curve E/Fq : y^2 = x^3 + b
+extern alt_bn128_Fq alt_bn128_coeff_b;
+// parameters for twisted Barreto--Naehrig curve E'/Fq2 : y^2 = x^3 + b/xi
+extern alt_bn128_Fq alt_bn128_twist_mul_by_b_c0;
+extern alt_bn128_Fq alt_bn128_twist_mul_by_b_c1;
+
+// parameters for pairing
+extern bigint<alt_bn128_q_limbs> alt_bn128_ate_loop_count;
+extern bool alt_bn128_ate_is_loop_count_neg;
+extern bigint<12*alt_bn128_q_limbs> alt_bn128_final_exponent;
+extern bigint<alt_bn128_q_limbs> alt_bn128_final_exponent_z;
+extern bool alt_bn128_final_exponent_is_z_neg;
+
+void init_alt_bn128_params();
+
+class alt_bn128_G1;
+class alt_bn128_G2;
+
+} // libff
+#endif // ALT_BN128_INIT_HPP_

trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.cpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#include <libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
+
+namespace libff {
+
+void alt_bn128_pp::init_public_params()
+{
+    init_alt_bn128_params();
+}
+
+
+alt_bn128_G1_precomp alt_bn128_pp::precompute_G1(const alt_bn128_G1 &P)
+{
+    return alt_bn128_precompute_G1(P);
+}
+
+alt_bn128_G2_precomp alt_bn128_pp::precompute_G2(const alt_bn128_G2 &Q)
+{
+    return alt_bn128_precompute_G2(Q);
+}
+
+
+} // libff

trusted_libff/libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp

+/** @file
+*****************************************************************************
+* @author     This file is part of libff, developed by SCIPR Lab
+*             and contributors (see AUTHORS).
+* @copyright  MIT license (see LICENSE file)
+*****************************************************************************/
+
+#ifndef ALT_BN128_PP_HPP_
+#define ALT_BN128_PP_HPP_
+#include <libff/algebra/curves/alt_bn128/alt_bn128_g1.hpp>
+#include <libff/algebra/curves/alt_bn128/alt_bn128_init.hpp>
+#include <libff/algebra/curves/public_params.hpp>
+
+namespace libff {
+
+class alt_bn128_pp {
+public:
+    typedef alt_bn128_Fr Fp_type;
+    typedef alt_bn128_G1 G1_type;
+    typedef alt_bn128_G2 G2_type;
+        typedef alt_bn128_Fq Fq_type;
+
+    static const bool has_affine_pairing = false;
+
+    static void init_public_params();
+
+};
+
+} // libff
+
+#endif // ALT_BN128_PP_HPP_

trusted_libff/libff/algebra/curves/bn128/bn128_g1.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef BN128_G1_HPP_
+#define BN128_G1_HPP_
+#include <vector>
+
+#include "depends/ate-pairing/include/bn.h"
+
+#include <libff/algebra/curves/bn128/bn128_init.hpp>
+#include <libff/algebra/curves/curve_utils.hpp>
+
+namespace libff {
+
+class bn128_G1;
+skale::ostream& operator<<(skale::ostream &, const bn128_G1&);
+skale::istream& operator>>(skale::istream &, bn128_G1&);
+
+class bn128_G1 {
+private:
+    static bn::Fp sqrt(const bn::Fp &el);
+public:
+#ifdef PROFILE_OP_COUNTS
+    static long long add_cnt;
+    static long long dbl_cnt;
+#endif
+    static std::vector<size_t> wnaf_window_table;
+    static std::vector<size_t> fixed_base_exp_window_table;
+    static bn128_G1 G1_zero;
+    static bn128_G1 G1_one;
+
+    bn::Fp coord[3];
+    bn128_G1();
+    typedef bn128_Fq base_field;
+    typedef bn128_Fr scalar_field;
+
+    void print() const;
+    void print_coordinates() const;
+
+    void to_affine_coordinates();
+    void to_special();
+    bool is_special() const;
+
+    bool is_zero() const;
+
+    bool operator==(const bn128_G1 &other) const;
+    bool operator!=(const bn128_G1 &other) const;
+
+    bn128_G1 operator+(const bn128_G1 &other) const;
+    bn128_G1 operator-() const;
+    bn128_G1 operator-(const bn128_G1 &other) const;
+
+    bn128_G1 add(const bn128_G1 &other) const;
+    bn128_G1 mixed_add(const bn128_G1 &other) const;
+    bn128_G1 dbl() const;
+
+    bool is_well_formed() const;
+
+    static bn128_G1 zero();
+    static bn128_G1 one();
+    static bn128_G1 random_element();
+
+    static size_t size_in_bits() { return bn128_Fq::size_in_bits() + 1; }
+    static bigint<base_field::num_limbs> base_field_char() { return base_field::field_char(); }
+    static bigint<scalar_field::num_limbs> order() { return scalar_field::field_char(); }
+
+    friend skale::ostream& operator<<(skale::ostream &out, const bn128_G1 &g);
+    friend skale::istream& operator>>(skale::istream &in, bn128_G1 &g);
+
+    static void batch_to_special_all_non_zeros(std::vector<bn128_G1> &vec);
+};
+
+template<mp_size_t m>
+bn128_G1 operator*(const bigint<m> &lhs, const bn128_G1 &rhs)
+{
+    return scalar_mul<bn128_G1, m>(rhs, lhs);
+}
+
+template<mp_size_t m, const bigint<m>& modulus_p>
+bn128_G1 operator*(const Fp_model<m,modulus_p> &lhs, const bn128_G1 &rhs)
+{
+    return scalar_mul<bn128_G1, m>(rhs, lhs.as_bigint());
+}
+
+skale::ostream& operator<<(skale::ostream& out, const std::vector<bn128_G1> &v);
+skale::istream& operator>>(skale::istream& in, std::vector<bn128_G1> &v);
+
+
+} // libff
+#endif // BN128_G1_HPP_

trusted_libff/libff/algebra/curves/bn128/bn128_g2.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef BN128_G2_HPP_
+#define BN128_G2_HPP_
+#include <iostream>
+#include <vector>
+
+#include "depends/ate-pairing/include/bn.h"
+
+#include <libff/algebra/curves/bn128/bn128_init.hpp>
+#include <libff/algebra/curves/curve_utils.hpp>
+
+namespace libff {
+
+class bn128_G2;
+skale::ostream& operator<<(skale::ostream &, const bn128_G2&);
+skale::istream& operator>>(skale::istream &, bn128_G2&);
+
+class bn128_G2 {
+private:
+    static bn::Fp2 sqrt(const bn::Fp2 &el);
+public:
+#ifdef PROFILE_OP_COUNTS
+    static long long add_cnt;
+    static long long dbl_cnt;
+#endif
+    static std::vector<size_t> wnaf_window_table;
+    static std::vector<size_t> fixed_base_exp_window_table;
+    static bn128_G2 G2_zero;
+    static bn128_G2 G2_one;
+
+    bn::Fp2 coord[3];
+    bn128_G2();
+    typedef bn128_Fq base_field;
+    typedef bn128_Fr scalar_field;
+
+    void print() const;
+    void print_coordinates() const;
+
+    void to_affine_coordinates();
+    void to_special();
+    bool is_special() const;
+
+    bool is_zero() const;
+
+    bool operator==(const bn128_G2 &other) const;
+    bool operator!=(const bn128_G2 &other) const;
+
+    bn128_G2 operator+(const bn128_G2 &other) const;
+    bn128_G2 operator-() const;
+    bn128_G2 operator-(const bn128_G2 &other) const;
+
+    bn128_G2 add(const bn128_G2 &other) const;
+    bn128_G2 mixed_add(const bn128_G2 &other) const;
+    bn128_G2 dbl() const;
+
+    bool is_well_formed() const;
+
+    static bn128_G2 zero();
+    static bn128_G2 one();
+    static bn128_G2 random_element();
+
+    static size_t size_in_bits() { return 2*base_field::size_in_bits() + 1; }
+    static bigint<base_field::num_limbs> base_field_char() { return base_field::field_char(); }
+    static bigint<scalar_field::num_limbs> order() { return scalar_field::field_char(); }
+
+    friend skale::ostream& operator<<(skale::ostream &out, const bn128_G2 &g);
+    friend skale::istream& operator>>(skale::istream &in, bn128_G2 &g);
+
+    static void batch_to_special_all_non_zeros(std::vector<bn128_G2> &vec);
+};
+
+template<mp_size_t m>
+bn128_G2 operator*(const bigint<m> &lhs, const bn128_G2 &rhs)
+{
+    return scalar_mul<bn128_G2, m>(rhs, lhs);
+}
+
+template<mp_size_t m, const bigint<m>& modulus_p>
+bn128_G2 operator*(const Fp_model<m, modulus_p> &lhs, const bn128_G2 &rhs)
+{
+    return scalar_mul<bn128_G2, m>(rhs, lhs.as_bigint());
+}
+
+} // libff
+#endif // BN128_G2_HPP_

trusted_libff/libff/algebra/curves/bn128/bn128_gt.cpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#include <libff/algebra/curves/bn128/bn128_gt.hpp>
+
+namespace libff {
+
+bn128_GT bn128_GT::GT_one;
+bn128_GT::bn128_GT()
+{
+    this->elem.clear();
+}
+
+bool bn128_GT::operator==(const bn128_GT &other) const
+{
+    return (this->elem == other.elem);
+}
+
+bool bn128_GT::operator!=(const bn128_GT& other) const
+{
+    return !(operator==(other));
+}
+
+bn128_GT bn128_GT::operator*(const bn128_GT &other) const
+{
+    bn128_GT result;
+    bn::Fp12::mul(result.elem, this->elem, other.elem);
+    return result;
+}
+
+bn128_GT bn128_GT::unitary_inverse() const
+{
+    bn128_GT result(*this);
+    bn::Fp6::neg(result.elem.b_, result.elem.b_);
+    return result;
+}
+
+bn128_GT bn128_GT::one()
+{
+    return GT_one;
+}
+
+skale::ostream& operator<<(skale::ostream &out, const bn128_GT &g)
+{
+#ifndef BINARY_OUTPUT
+    out << g.elem.a_ << OUTPUT_SEPARATOR << g.elem.b_;
+#else
+    out.write((char*) &g.elem.a_, sizeof(g.elem.a_));
+    out.write((char*) &g.elem.b_, sizeof(g.elem.b_));
+#endif
+    return out;
+}
+
+skale::istream& operator>>(skale::istream &in, bn128_GT &g)
+{
+#ifndef BINARY_OUTPUT
+    in >> g.elem.a_;
+    consume_OUTPUT_SEPARATOR(in);
+    in >> g.elem.b_;
+#else
+    in.read((char*) &g.elem.a_, sizeof(g.elem.a_));
+    in.read((char*) &g.elem.b_, sizeof(g.elem.b_));
+#endif
+    return in;
+}
+} // libff

trusted_libff/libff/algebra/curves/bn128/bn128_gt.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef BN128_GT_HPP_
+#define BN128_GT_HPP_
+#include <iostream>
+
+#include "depends/ate-pairing/include/bn.h"
+
+#include <libff/algebra/fields/field_utils.hpp>
+#include <libff/algebra/fields/fp.hpp>
+
+namespace libff {
+
+class bn128_GT;
+skale::ostream& operator<<(skale::ostream &, const bn128_GT&);
+skale::istream& operator>>(skale::istream &, bn128_GT&);
+
+class bn128_GT {
+public:
+    static bn128_GT GT_one;
+    bn::Fp12 elem;
+
+    bn128_GT();
+    bool operator==(const bn128_GT &other) const;
+    bool operator!=(const bn128_GT &other) const;
+
+    bn128_GT operator*(const bn128_GT &other) const;
+    bn128_GT unitary_inverse() const;
+
+    static bn128_GT one();
+
+    void print() { std::cout << this->elem << "\n"; };
+
+    friend skale::ostream& operator<<(skale::ostream &out, const bn128_GT &g);
+    friend skale::istream& operator>>(skale::istream &in, bn128_GT &g);
+};
+
+template<mp_size_t m>
+bn128_GT operator^(const bn128_GT &rhs, const bigint<m> &lhs)
+{
+    return power<bn128_GT, m>(rhs, lhs);
+}
+
+
+template<mp_size_t m, const bigint<m>& modulus_p>
+bn128_GT operator^(const bn128_GT &rhs, const Fp_model<m,modulus_p> &lhs)
+{
+    return power<bn128_GT, m>(rhs, lhs.as_bigint());
+}
+
+} // libff
+#endif // BN128_GT_HPP_

trusted_libff/libff/algebra/curves/bn128/bn128_init.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef BN128_INIT_HPP_
+#define BN128_INIT_HPP_
+#include "depends/ate-pairing/include/bn.h"
+
+#include <libff/algebra/curves/public_params.hpp>
+#include <libff/algebra/fields/fp.hpp>
+
+namespace libff {
+
+const mp_size_t bn128_r_bitcount = 254;
+const mp_size_t bn128_q_bitcount = 254;
+
+const mp_size_t bn128_r_limbs = (bn128_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS;
+const mp_size_t bn128_q_limbs = (bn128_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS;
+
+extern bigint<bn128_r_limbs> bn128_modulus_r;
+extern bigint<bn128_q_limbs> bn128_modulus_q;
+
+extern bn::Fp bn128_coeff_b;
+extern size_t bn128_Fq_s;
+extern bn::Fp bn128_Fq_nqr_to_t;
+extern mie::Vuint bn128_Fq_t_minus_1_over_2;
+
+extern bn::Fp2 bn128_twist_coeff_b;
+extern size_t bn128_Fq2_s;
+extern bn::Fp2 bn128_Fq2_nqr_to_t;
+extern mie::Vuint bn128_Fq2_t_minus_1_over_2;
+
+typedef Fp_model<bn128_r_limbs, bn128_modulus_r> bn128_Fr;
+typedef Fp_model<bn128_q_limbs, bn128_modulus_q> bn128_Fq;
+
+void init_bn128_params();
+
+class bn128_G1;
+class bn128_G2;
+class bn128_GT;
+typedef bn128_GT bn128_Fq12;
+
+} // libff
+#endif // BN128_INIT_HPP_

trusted_libff/libff/algebra/curves/bn128/bn128_pairing.cpp

+/** @file
+ ********************************************************************************
+ Implements functions for computing Ate pairings over the bn128 curves, split into a
+ offline and online stages.
+ ********************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *******************************************************************************/
+
+#include <sstream>
+
+#include <libff/algebra/curves/bn128/bn128_g1.hpp>
+#include <libff/algebra/curves/bn128/bn128_g2.hpp>
+#include <libff/algebra/curves/bn128/bn128_gt.hpp>
+#include <libff/algebra/curves/bn128/bn128_init.hpp>
+#include <libff/algebra/curves/bn128/bn128_pairing.hpp>
+#include <libff/common/profiling.hpp>
+
+namespace libff {
+
+bool bn128_ate_G1_precomp::operator==(const bn128_ate_G1_precomp &other) const
+{
+    return (this->P[0] == other.P[0] &&
+            this->P[1] == other.P[1] &&
+            this->P[2] == other.P[2]);
+}
+
+skale::ostream& operator<<(skale::ostream &out, const bn128_ate_G1_precomp &prec_P)
+{
+    for (size_t i = 0; i < 3; ++i)
+    {
+#ifndef BINARY_OUTPUT
+        out << prec_P.P[i] << "\n";
+#else
+        out.write((char*) &prec_P.P[i], sizeof(prec_P.P[i]));
+#endif
+    }
+    return out;
+}
+
+skale::istream& operator>>(skale::istream &in, bn128_ate_G1_precomp &prec_P)
+{
+    for (size_t i = 0; i < 3; ++i)
+    {
+#ifndef BINARY_OUTPUT
+        in >> prec_P.P[i];
+        consume_newline(in);
+#else
+        in.read((char*) &prec_P.P[i], sizeof(prec_P.P[i]));
+#endif
+    }
+    return in;
+}
+
+bool bn128_ate_G2_precomp::operator==(const bn128_ate_G2_precomp &other) const
+{
+    if (!(this->Q[0] == other.Q[0] &&
+          this->Q[1] == other.Q[1] &&
+          this->Q[2] == other.Q[2] &&
+          this->coeffs.size() == other.coeffs.size()))
+    {
+        return false;
+    }
+
+    /* work around for upstream serialization bug */
+    for (size_t i = 0; i < this->coeffs.size(); ++i)
+    {
+        std::stringstream this_ss, other_ss;
+        this_ss << this->coeffs[i];
+        other_ss << other.coeffs[i];
+        if (this_ss.str() != other_ss.str())
+        {
+            return false;
+        }
+    }
+
+    return true;
+}
+
+skale::ostream& operator<<(skale::ostream &out, const bn128_ate_G2_precomp &prec_Q)
+{
+    for (size_t i = 0; i < 3; ++i)
+    {
+#ifndef BINARY_OUTPUT
+        out << prec_Q.Q[i].a_ << "\n";
+        out << prec_Q.Q[i].b_ << "\n";
+#else
+        out.write((char*) &prec_Q.Q[i].a_, sizeof(prec_Q.Q[i].a_));
+        out.write((char*) &prec_Q.Q[i].b_, sizeof(prec_Q.Q[i].b_));
+#endif
+    }
+
+    out << prec_Q.coeffs.size() << "\n";
+
+    for (size_t i = 0; i < prec_Q.coeffs.size(); ++i)
+    {
+#ifndef BINARY_OUTPUT
+        out << prec_Q.coeffs[i].a_.a_ << "\n";
+        out << prec_Q.coeffs[i].a_.b_ << "\n";
+        out << prec_Q.coeffs[i].b_.a_ << "\n";
+        out << prec_Q.coeffs[i].b_.b_ << "\n";
+        out << prec_Q.coeffs[i].c_.a_ << "\n";
+        out << prec_Q.coeffs[i].c_.b_ << "\n";
+#else
+        out.write((char*) &prec_Q.coeffs[i].a_.a_, sizeof(prec_Q.coeffs[i].a_.a_));
+        out.write((char*) &prec_Q.coeffs[i].a_.b_, sizeof(prec_Q.coeffs[i].a_.b_));
+        out.write((char*) &prec_Q.coeffs[i].b_.a_, sizeof(prec_Q.coeffs[i].b_.a_));
+        out.write((char*) &prec_Q.coeffs[i].b_.b_, sizeof(prec_Q.coeffs[i].b_.b_));
+        out.write((char*) &prec_Q.coeffs[i].c_.a_, sizeof(prec_Q.coeffs[i].c_.a_));
+        out.write((char*) &prec_Q.coeffs[i].c_.b_, sizeof(prec_Q.coeffs[i].c_.b_));
+#endif
+    }
+
+    return out;
+}
+
+skale::istream& operator>>(skale::istream &in, bn128_ate_G2_precomp &prec_Q)
+{
+    for (size_t i = 0; i < 3; ++i)
+    {
+#ifndef BINARY_OUTPUT
+        in >> prec_Q.Q[i].a_;
+        consume_newline(in);
+        in >> prec_Q.Q[i].b_;
+        consume_newline(in);
+#else
+        in.read((char*) &prec_Q.Q[i].a_, sizeof(prec_Q.Q[i].a_));
+        in.read((char*) &prec_Q.Q[i].b_, sizeof(prec_Q.Q[i].b_));
+#endif
+    }
+
+    size_t count;
+    in >> count;
+    consume_newline(in);
+    prec_Q.coeffs.resize(count);
+    for (size_t i = 0; i < count; ++i)
+    {
+#ifndef BINARY_OUTPUT
+        in >> prec_Q.coeffs[i].a_.a_;
+        consume_newline(in);
+        in >> prec_Q.coeffs[i].a_.b_;
+        consume_newline(in);
+        in >> prec_Q.coeffs[i].b_.a_;
+        consume_newline(in);
+        in >> prec_Q.coeffs[i].b_.b_;
+        consume_newline(in);
+        in >> prec_Q.coeffs[i].c_.a_;
+        consume_newline(in);
+        in >> prec_Q.coeffs[i].c_.b_;
+        consume_newline(in);
+#else
+        in.read((char*) &prec_Q.coeffs[i].a_.a_, sizeof(prec_Q.coeffs[i].a_.a_));
+        in.read((char*) &prec_Q.coeffs[i].a_.b_, sizeof(prec_Q.coeffs[i].a_.b_));
+        in.read((char*) &prec_Q.coeffs[i].b_.a_, sizeof(prec_Q.coeffs[i].b_.a_));
+        in.read((char*) &prec_Q.coeffs[i].b_.b_, sizeof(prec_Q.coeffs[i].b_.b_));
+        in.read((char*) &prec_Q.coeffs[i].c_.a_, sizeof(prec_Q.coeffs[i].c_.a_));
+        in.read((char*) &prec_Q.coeffs[i].c_.b_, sizeof(prec_Q.coeffs[i].c_.b_));
+#endif
+    }
+    return in;
+}
+
+bn128_ate_G1_precomp bn128_ate_precompute_G1(const bn128_G1& P)
+{
+    enter_block("Call to bn128_ate_precompute_G1");
+
+    bn128_ate_G1_precomp result;
+    bn::ecop::NormalizeJac(result.P, P.coord);
+
+    leave_block("Call to bn128_ate_precompute_G1");
+    return result;
+}
+
+bn128_ate_G2_precomp bn128_ate_precompute_G2(const bn128_G2& Q)
+{
+    enter_block("Call to bn128_ate_precompute_G2");
+
+    bn128_ate_G2_precomp result;
+    bn::components::precomputeG2(result.coeffs, result.Q, Q.coord);
+
+    leave_block("Call to bn128_ate_precompute_G2");
+    return result;
+}
+
+bn128_Fq12 bn128_ate_miller_loop(const bn128_ate_G1_precomp &prec_P,
+                                 const bn128_ate_G2_precomp &prec_Q)
+{
+    bn128_Fq12 f;
+    bn::components::millerLoop(f.elem, prec_Q.coeffs, prec_P.P);
+    return f;
+}
+
+bn128_Fq12 bn128_double_ate_miller_loop(const bn128_ate_G1_precomp &prec_P1,
+                                        const bn128_ate_G2_precomp &prec_Q1,
+                                        const bn128_ate_G1_precomp &prec_P2,
+                                        const bn128_ate_G2_precomp &prec_Q2)
+{
+    bn128_Fq12 f;
+    bn::components::millerLoop2(f.elem, prec_Q1.coeffs, prec_P1.P, prec_Q2.coeffs, prec_P2.P);
+    return f;
+}
+
+bn128_GT bn128_final_exponentiation(const bn128_Fq12 &elt)
+{
+    enter_block("Call to bn128_final_exponentiation");
+    bn128_GT eltcopy = elt;
+    eltcopy.elem.final_exp();
+    leave_block("Call to bn128_final_exponentiation");
+    return eltcopy;
+}
+} // libff

trusted_libff/libff/algebra/curves/bn128/bn128_pairing.hpp

+/** @file
+ ********************************************************************************
+ Declares functions for computing Ate pairings over the bn128 curves, split into a
+ offline and online stages.
+ ********************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *******************************************************************************/
+
+#ifndef BN128_PAIRING_HPP_
+#define BN128_PAIRING_HPP_
+#include "depends/ate-pairing/include/bn.h"
+
+#include <libff/algebra/curves/bn128/bn128_g1.hpp>
+#include <libff/algebra/curves/bn128/bn128_g2.hpp>
+#include <libff/algebra/curves/bn128/bn128_gt.hpp>
+
+namespace libff {
+
+struct bn128_ate_G1_precomp {
+    bn::Fp P[3];
+
+    bool operator==(const bn128_ate_G1_precomp &other) const;
+    friend skale::ostream& operator<<(skale::ostream &out, const bn128_ate_G1_precomp &prec_P);
+    friend skale::istream& operator>>(skale::istream &in, bn128_ate_G1_precomp &prec_P);
+};
+
+typedef bn::Fp6 bn128_ate_ell_coeffs;
+
+struct bn128_ate_G2_precomp {
+    bn::Fp2 Q[3];
+    std::vector<bn128_ate_ell_coeffs> coeffs;
+
+    bool operator==(const bn128_ate_G2_precomp &other) const;
+    friend skale::ostream& operator<<(skale::ostream &out, const bn128_ate_G2_precomp &prec_Q);
+    friend skale::istream& operator>>(skale::istream &in, bn128_ate_G2_precomp &prec_Q);
+};
+
+bn128_ate_G1_precomp bn128_ate_precompute_G1(const bn128_G1& P);
+bn128_ate_G2_precomp bn128_ate_precompute_G2(const bn128_G2& Q);
+
+bn128_Fq12 bn128_double_ate_miller_loop(const bn128_ate_G1_precomp &prec_P1,
+                                        const bn128_ate_G2_precomp &prec_Q1,
+                                        const bn128_ate_G1_precomp &prec_P2,
+                                        const bn128_ate_G2_precomp &prec_Q2);
+bn128_Fq12 bn128_ate_miller_loop(const bn128_ate_G1_precomp &prec_P,
+                                 const bn128_ate_G2_precomp &prec_Q);
+
+bn128_GT bn128_final_exponentiation(const bn128_Fq12 &elt);
+
+} // libff
+#endif // BN128_PAIRING_HPP_

trusted_libff/libff/algebra/curves/bn128/bn128_pp.cpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#include <libff/algebra/curves/bn128/bn128_pp.hpp>
+#include <libff/common/profiling.hpp>
+
+namespace libff {
+
+void bn128_pp::init_public_params()
+{
+    init_bn128_params();
+}
+
+bn128_GT bn128_pp::final_exponentiation(const bn128_GT &elt)
+{
+    return bn128_final_exponentiation(elt);
+}
+
+bn128_ate_G1_precomp bn128_pp::precompute_G1(const bn128_G1 &P)
+{
+    return bn128_ate_precompute_G1(P);
+}
+
+bn128_ate_G2_precomp bn128_pp::precompute_G2(const bn128_G2 &Q)
+{
+    return bn128_ate_precompute_G2(Q);
+}
+
+bn128_Fq12 bn128_pp::miller_loop(const bn128_ate_G1_precomp &prec_P,
+                                 const bn128_ate_G2_precomp &prec_Q)
+{
+    enter_block("Call to miller_loop<bn128_pp>");
+    bn128_Fq12 result = bn128_ate_miller_loop(prec_P, prec_Q);
+    leave_block("Call to miller_loop<bn128_pp>");
+    return result;
+}
+
+bn128_Fq12 bn128_pp::double_miller_loop(const bn128_ate_G1_precomp &prec_P1,
+                                        const bn128_ate_G2_precomp &prec_Q1,
+                                        const bn128_ate_G1_precomp &prec_P2,
+                                        const bn128_ate_G2_precomp &prec_Q2)
+{
+    enter_block("Call to double_miller_loop<bn128_pp>");
+    bn128_Fq12 result = bn128_double_ate_miller_loop(prec_P1, prec_Q1, prec_P2, prec_Q2);
+    leave_block("Call to double_miller_loop<bn128_pp>");
+    return result;
+}
+
+bn128_Fq12 bn128_pp::pairing(const bn128_G1 &P,
+                             const bn128_G2 &Q)
+{
+    enter_block("Call to pairing<bn128_pp>");
+    bn128_ate_G1_precomp prec_P = bn128_pp::precompute_G1(P);
+    bn128_ate_G2_precomp prec_Q = bn128_pp::precompute_G2(Q);
+
+    bn128_Fq12 result = bn128_pp::miller_loop(prec_P, prec_Q);
+    leave_block("Call to pairing<bn128_pp>");
+    return result;
+}
+
+bn128_GT bn128_pp::reduced_pairing(const bn128_G1 &P,
+                                   const bn128_G2 &Q)
+{
+    enter_block("Call to reduced_pairing<bn128_pp>");
+    const bn128_Fq12 f = bn128_pp::pairing(P, Q);
+    const bn128_GT result = bn128_pp::final_exponentiation(f);
+    leave_block("Call to reduced_pairing<bn128_pp>");
+    return result;
+}
+
+} // libff

trusted_libff/libff/algebra/curves/bn128/bn128_pp.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef BN128_PP_HPP_
+#define BN128_PP_HPP_
+#include <libff/algebra/curves/bn128/bn128_g1.hpp>
+#include <libff/algebra/curves/bn128/bn128_g2.hpp>
+#include <libff/algebra/curves/bn128/bn128_gt.hpp>
+#include <libff/algebra/curves/bn128/bn128_init.hpp>
+#include <libff/algebra/curves/bn128/bn128_pairing.hpp>
+#include <libff/algebra/curves/public_params.hpp>
+
+namespace libff {
+
+class bn128_pp {
+public:
+    typedef bn128_Fr Fp_type;
+    typedef bn128_G1 G1_type;
+    typedef bn128_G2 G2_type;
+    typedef bn128_ate_G1_precomp G1_precomp_type;
+    typedef bn128_ate_G2_precomp G2_precomp_type;
+    typedef bn128_Fq Fq_type;
+    typedef bn128_Fq12 Fqk_type;
+    typedef bn128_GT GT_type;
+
+    static const bool has_affine_pairing = false;
+
+    static void init_public_params();
+    static bn128_GT final_exponentiation(const bn128_Fq12 &elt);
+    static bn128_ate_G1_precomp precompute_G1(const bn128_G1 &P);
+    static bn128_ate_G2_precomp precompute_G2(const bn128_G2 &Q);
+    static bn128_Fq12 miller_loop(const bn128_ate_G1_precomp &prec_P,
+                                  const bn128_ate_G2_precomp &prec_Q);
+    static bn128_Fq12 double_miller_loop(const bn128_ate_G1_precomp &prec_P1,
+                                         const bn128_ate_G2_precomp &prec_Q1,
+                                         const bn128_ate_G1_precomp &prec_P2,
+                                         const bn128_ate_G2_precomp &prec_Q2);
+
+    /* the following are used in test files */
+    static bn128_GT pairing(const bn128_G1 &P,
+                            const bn128_G2 &Q);
+    static bn128_GT reduced_pairing(const bn128_G1 &P,
+                                    const bn128_G2 &Q);
+};
+
+} // libff
+#endif // BN128_PP_HPP_

trusted_libff/libff/algebra/curves/bn128/bn_utils.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef BN_UTILS_HPP_
+#define BN_UTILS_HPP_
+#include <vector>
+
+#include "depends/ate-pairing/include/bn.h"
+
+namespace libff {
+
+template<typename FieldT>
+void bn_batch_invert(std::vector<FieldT> &vec);
+
+} // libff
+
+#include <libff/algebra/curves/bn128/bn_utils.tcc>
+
+#endif // BN_UTILS_HPP_

trusted_libff/libff/algebra/curves/bn128/bn_utils.tcc

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef BN_UTILS_TCC_
+#define BN_UTILS_TCC_
+
+namespace libff {
+
+template<typename FieldT>
+void bn_batch_invert(std::vector<FieldT> &vec)
+{
+    std::vector<FieldT> prod;
+    prod.reserve(vec.size());
+
+    FieldT acc = 1;
+
+    for (auto el : vec)
+    {
+        assert(!el.isZero());
+        prod.emplace_back(acc);
+        FieldT::mul(acc, acc, el);
+    }
+
+    FieldT acc_inverse = acc;
+    acc_inverse.inverse();
+
+    for (long i = vec.size()-1; i >= 0; --i)
+    {
+        const FieldT old_el = vec[i];
+        FieldT::mul(vec[i], acc_inverse, prod[i]);
+        FieldT::mul(acc_inverse, acc_inverse, old_el);
+    }
+}
+
+} // libff
+#endif // FIELD_UTILS_TCC_

trusted_libff/libff/algebra/curves/curve_utils.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef CURVE_UTILS_HPP_
+#define CURVE_UTILS_HPP_
+#include <cstdint>
+
+#include <libff/algebra/fields/bigint.hpp>
+
+namespace libff {
+
+template<typename GroupT, mp_size_t m>
+GroupT scalar_mul(const GroupT &base, const bigint<m> &scalar);
+
+} // libff
+#include <libff/algebra/curves/curve_utils.tcc>
+
+#endif // CURVE_UTILS_HPP_

trusted_libff/libff/algebra/curves/curve_utils.tcc

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef CURVE_UTILS_TCC_
+#define CURVE_UTILS_TCC_
+
+namespace libff {
+
+template<typename GroupT, mp_size_t m>
+GroupT scalar_mul(const GroupT &base, const bigint<m> &scalar)
+{
+    GroupT result = GroupT::zero();
+
+    bool found_one = false;
+    for (long i = static_cast<long>(scalar.max_bits() - 1); i >= 0; --i)
+    {
+        if (found_one)
+        {
+            result = result.dbl();
+        }
+
+        if (scalar.test_bit(i))
+        {
+            found_one = true;
+            result = result + base;
+        }
+    }
+
+    return result;
+}
+
+} // libff
+#endif // CURVE_UTILS_TCC_

trusted_libff/libff/algebra/curves/edwards/edwards_g1.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef EDWARDS_G1_HPP_
+#define EDWARDS_G1_HPP_
+#include <vector>
+
+#include <libff/algebra/curves/curve_utils.hpp>
+#include <libff/algebra/curves/edwards/edwards_init.hpp>
+
+namespace libff {
+
+class edwards_G1;
+skale::ostream& operator<<(skale::ostream &, const edwards_G1&);
+skale::istream& operator>>(skale::istream &, edwards_G1&);
+
+class edwards_G1 {
+public:
+#ifdef PROFILE_OP_COUNTS
+    static long long add_cnt;
+    static long long dbl_cnt;
+#endif
+    static std::vector<size_t> wnaf_window_table;
+    static std::vector<size_t> fixed_base_exp_window_table;
+    static edwards_G1 G1_zero;
+    static edwards_G1 G1_one;
+
+    edwards_Fq X, Y, Z;
+    edwards_G1();
+private:
+    edwards_G1(const edwards_Fq& X, const edwards_Fq& Y, const edwards_Fq& Z) : X(X), Y(Y), Z(Z) {};
+
+public:
+    typedef edwards_Fq base_field;
+    typedef edwards_Fr scalar_field;
+    // using inverted coordinates
+    edwards_G1(const edwards_Fq& X, const edwards_Fq& Y) : X(Y), Y(X), Z(X*Y) {};
+
+    void print() const;
+    void print_coordinates() const;
+
+    void to_affine_coordinates();
+    void to_special();
+    bool is_special() const;
+
+    bool is_zero() const;
+
+    bool operator==(const edwards_G1 &other) const;
+    bool operator!=(const edwards_G1 &other) const;
+
+    edwards_G1 operator+(const edwards_G1 &other) const;
+    edwards_G1 operator-() const;
+    edwards_G1 operator-(const edwards_G1 &other) const;
+
+    edwards_G1 add(const edwards_G1 &other) const;
+    edwards_G1 mixed_add(const edwards_G1 &other) const;
+    edwards_G1 dbl() const;
+
+    bool is_well_formed() const;
+
+    static edwards_G1 zero();
+    static edwards_G1 one();
+    static edwards_G1 random_element();
+
+    static size_t size_in_bits() { return edwards_Fq::size_in_bits() + 1; }
+    static bigint<base_field::num_limbs> base_field_char() { return base_field::field_char(); }
+    static bigint<scalar_field::num_limbs> order() { return scalar_field::field_char(); }
+
+    friend skale::ostream& operator<<(skale::ostream &out, const edwards_G1 &g);
+    friend skale::istream& operator>>(skale::istream &in, edwards_G1 &g);
+
+    static void batch_to_special_all_non_zeros(std::vector<edwards_G1> &vec);
+};
+
+template<mp_size_t m>
+edwards_G1 operator*(const bigint<m> &lhs, const edwards_G1 &rhs)
+{
+    return scalar_mul<edwards_G1, m>(rhs, lhs);
+}
+
+template<mp_size_t m, const bigint<m>& modulus_p>
+edwards_G1 operator*(const Fp_model<m,modulus_p> &lhs, const edwards_G1 &rhs)
+{
+    return scalar_mul<edwards_G1, m>(rhs, lhs.as_bigint());
+}
+
+skale::ostream& operator<<(skale::ostream& out, const std::vector<edwards_G1> &v);
+skale::istream& operator>>(skale::istream& in, std::vector<edwards_G1> &v);
+
+} // libff
+#endif // EDWARDS_G1_HPP_

trusted_libff/libff/algebra/curves/edwards/edwards_g2.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef EDWARDS_G2_HPP_
+#define EDWARDS_G2_HPP_
+#include <iostream>
+#include <vector>
+
+#include <libff/algebra/curves/curve_utils.hpp>
+#include <libff/algebra/curves/edwards/edwards_init.hpp>
+
+namespace libff {
+
+class edwards_G2;
+skale::ostream& operator<<(skale::ostream &, const edwards_G2&);
+skale::istream& operator>>(skale::istream &, edwards_G2&);
+
+class edwards_G2 {
+public:
+#ifdef PROFILE_OP_COUNTS
+    static long long add_cnt;
+    static long long dbl_cnt;
+#endif
+    static std::vector<size_t> wnaf_window_table;
+    static std::vector<size_t> fixed_base_exp_window_table;
+
+    static edwards_G2 G2_zero;
+    static edwards_G2 G2_one;
+
+    edwards_Fq3 X, Y, Z;
+    edwards_G2();
+private:
+    edwards_G2(const edwards_Fq3& X, const edwards_Fq3& Y, const edwards_Fq3& Z) : X(X), Y(Y), Z(Z) {};
+public:
+    static edwards_Fq3 mul_by_a(const edwards_Fq3 &elt);
+    static edwards_Fq3 mul_by_d(const edwards_Fq3 &elt);
+    typedef edwards_Fq base_field;
+    typedef edwards_Fq3 twist_field;
+    typedef edwards_Fr scalar_field;
+
+    // using inverted coordinates
+    edwards_G2(const edwards_Fq3& X, const edwards_Fq3& Y) : X(Y), Y(X), Z(X*Y) {};
+
+    void print() const;
+    void print_coordinates() const;
+
+    void to_affine_coordinates();
+    void to_special();
+    bool is_special() const;
+
+    bool is_zero() const;
+
+    bool operator==(const edwards_G2 &other) const;
+    bool operator!=(const edwards_G2 &other) const;
+
+    edwards_G2 operator+(const edwards_G2 &other) const;
+    edwards_G2 operator-() const;
+    edwards_G2 operator-(const edwards_G2 &other) const;
+
+    edwards_G2 add(const edwards_G2 &other) const;
+    edwards_G2 mixed_add(const edwards_G2 &other) const;
+    edwards_G2 dbl() const;
+    edwards_G2 mul_by_q() const;
+
+    bool is_well_formed() const;
+
+    static edwards_G2 zero();
+    static edwards_G2 one();
+    static edwards_G2 random_element();
+
+    static size_t size_in_bits() { return twist_field::size_in_bits() + 1; }
+    static bigint<base_field::num_limbs> base_field_char() { return base_field::field_char(); }
+    static bigint<scalar_field::num_limbs> order() { return scalar_field::field_char(); }
+
+    friend skale::ostream& operator<<(skale::ostream &out, const edwards_G2 &g);
+    friend skale::istream& operator>>(skale::istream &in, edwards_G2 &g);
+
+    static void batch_to_special_all_non_zeros(std::vector<edwards_G2> &vec);
+};
+
+template<mp_size_t m>
+edwards_G2 operator*(const bigint<m> &lhs, const edwards_G2 &rhs)
+{
+    return scalar_mul<edwards_G2, m>(rhs, lhs);
+}
+
+template<mp_size_t m, const bigint<m>& modulus_p>
+edwards_G2 operator*(const Fp_model<m, modulus_p> &lhs, const edwards_G2 &rhs)
+{
+   return scalar_mul<edwards_G2, m>(rhs, lhs.as_bigint());
+}
+
+} // libff
+#endif // EDWARDS_G2_HPP_

trusted_libff/libff/algebra/curves/edwards/edwards_init.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef EDWARDS_INIT_HPP_
+#define EDWARDS_INIT_HPP_
+#include <libff/algebra/curves/public_params.hpp>
+#include <libff/algebra/fields/fp.hpp>
+#include <libff/algebra/fields/fp3.hpp>
+#include <libff/algebra/fields/fp6_2over3.hpp>
+
+namespace libff {
+
+const mp_size_t edwards_r_bitcount = 181;
+const mp_size_t edwards_q_bitcount = 183;
+
+const mp_size_t edwards_r_limbs = (edwards_r_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS;
+const mp_size_t edwards_q_limbs = (edwards_q_bitcount+GMP_NUMB_BITS-1)/GMP_NUMB_BITS;
+
+extern bigint<edwards_r_limbs> edwards_modulus_r;
+extern bigint<edwards_q_limbs> edwards_modulus_q;
+
+typedef Fp_model<edwards_r_limbs, edwards_modulus_r> edwards_Fr;
+typedef Fp_model<edwards_q_limbs, edwards_modulus_q> edwards_Fq;
+typedef Fp3_model<edwards_q_limbs, edwards_modulus_q> edwards_Fq3;
+typedef Fp6_2over3_model<edwards_q_limbs, edwards_modulus_q> edwards_Fq6;
+typedef edwards_Fq6 edwards_GT;
+
+// parameters for Edwards curve E_{1,d}(F_q)
+extern edwards_Fq edwards_coeff_a;
+extern edwards_Fq edwards_coeff_d;
+// parameters for twisted Edwards curve E_{a',d'}(F_q^3)
+extern edwards_Fq3 edwards_twist;
+extern edwards_Fq3 edwards_twist_coeff_a;
+extern edwards_Fq3 edwards_twist_coeff_d;
+extern edwards_Fq edwards_twist_mul_by_a_c0;
+extern edwards_Fq edwards_twist_mul_by_a_c1;
+extern edwards_Fq edwards_twist_mul_by_a_c2;
+extern edwards_Fq edwards_twist_mul_by_d_c0;
+extern edwards_Fq edwards_twist_mul_by_d_c1;
+extern edwards_Fq edwards_twist_mul_by_d_c2;
+extern edwards_Fq edwards_twist_mul_by_q_Y;
+extern edwards_Fq edwards_twist_mul_by_q_Z;
+
+// parameters for pairing
+extern bigint<edwards_q_limbs> edwards_ate_loop_count;
+extern bigint<6*edwards_q_limbs> edwards_final_exponent;
+extern bigint<edwards_q_limbs> edwards_final_exponent_last_chunk_abs_of_w0;
+extern bool edwards_final_exponent_last_chunk_is_w0_neg;
+extern bigint<edwards_q_limbs> edwards_final_exponent_last_chunk_w1;
+
+void init_edwards_params();
+
+class edwards_G1;
+class edwards_G2;
+
+} // libff
+#endif // EDWARDS_INIT_HPP_

trusted_libff/libff/algebra/curves/edwards/edwards_pairing.hpp

+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef EDWARDS_PAIRING_HPP_
+#define EDWARDS_PAIRING_HPP_
+#include <vector>
+
+#include <libff/algebra/curves/edwards/edwards_init.hpp>
+
+namespace libff {
+
+/* final exponentiation */
+
+edwards_Fq6 edwards_final_exponentiation_last_chunk(const edwards_Fq6 &elt,
+                                                    const edwards_Fq6 &elt_inv);
+edwards_Fq6 edwards_final_exponentiation_first_chunk(const edwards_Fq6 &elt,
+                                                     const edwards_Fq6 &elt_inv);
+edwards_GT edwards_final_exponentiation(const edwards_Fq6 &elt);
+
+/* Tate pairing */
+
+struct edwards_Fq_conic_coefficients {
+    edwards_Fq c_ZZ;
+    edwards_Fq c_XY;
+    edwards_Fq c_XZ;
+
+    bool operator==(const edwards_Fq_conic_coefficients &other) const;
+    friend skale::ostream& operator<<(skale::ostream &out, const edwards_Fq_conic_coefficients &cc);
+    friend skale::istream& operator>>(skale::istream &in, edwards_Fq_conic_coefficients &cc);
+};
+typedef std::vector<edwards_Fq_conic_coefficients> edwards_tate_G1_precomp;
+
+skale::ostream& operator<<(skale::ostream& out, const edwards_tate_G1_precomp &prec_P);
+skale::istream& operator>>(skale::istream& in, edwards_tate_G1_precomp &prec_P);
+
+struct edwards_tate_G2_precomp {
+    edwards_Fq3 y0, eta;
+
+    bool operator==(const edwards_tate_G2_precomp &other) const;
+    friend skale::ostream& operator<<(skale::ostream &out, const edwards_tate_G2_precomp &prec_Q);
+    friend skale::istream& operator>>(skale::istream &in, edwards_tate_G2_precomp &prec_Q);
+};
+
+edwards_tate_G1_precomp edwards_tate_precompute_G1(const edwards_G1& P);
+edwards_tate_G2_precomp edwards_tate_precompute_G2(const edwards_G2& Q);
+
+edwards_Fq6 edwards_tate_miller_loop(const edwards_tate_G1_precomp &prec_P,
+                                     const edwards_tate_G2_precomp &prec_Q);
+
+edwards_Fq6 edwards_tate_pairing(const edwards_G1& P,
+                                 const edwards_G2 &Q);
+edwards_GT edwards_tate_reduced_pairing(const edwards_G1 &P,
+                                        const edwards_G2 &Q);
+
+/* ate pairing */
+
+struct edwards_Fq3_conic_coefficients {
+    edwards_Fq3 c_ZZ;
+    edwards_Fq3 c_XY;
+    edwards_Fq3 c_XZ;
+
+    bool operator==(const edwards_Fq3_conic_coefficients &other) const;
+    friend skale::ostream& operator<<(skale::ostream &out, const edwards_Fq3_conic_coefficients &cc);
+    friend skale::istream& operator>>(skale::istream &in, edwards_Fq3_conic_coefficients &cc);
+};
+typedef std::vector<edwards_Fq3_conic_coefficients> edwards_ate_G2_precomp;
+
+skale::ostream& operator<<(skale::ostream& out, const edwards_ate_G2_precomp &prec_Q);
+skale::istream& operator>>(skale::istream& in, edwards_ate_G2_precomp &prec_Q);
+
+struct edwards_ate_G1_precomp {
+    edwards_Fq P_XY;
+    edwards_Fq P_XZ;
+    edwards_Fq P_ZZplusYZ;
+
+    bool operator==(const edwards_ate_G1_precomp &other) const;
+    friend skale::ostream& operator<<(skale::ostream &out, const edwards_ate_G1_precomp &prec_P);
+    friend skale::istream& operator>>(skale::istream &in, edwards_ate_G1_precomp &prec_P);
+};
+
+edwards_ate_G1_precomp edwards_ate_precompute_G1(const edwards_G1& P);
+edwards_ate_G2_precomp edwards_ate_precompute_G2(const edwards_G2& Q);
+
+edwards_Fq6 edwards_ate_miller_loop(const edwards_ate_G1_precomp &prec_P,
+                                    const edwards_ate_G2_precomp &prec_Q);
+edwards_Fq6 edwards_ate_double_miller_loop(const edwards_ate_G1_precomp &prec_P1,
+                                           const edwards_ate_G2_precomp &prec_Q1,
+                                           const edwards_ate_G1_precomp &prec_P2,
+                                           const edwards_ate_G2_precomp &prec_Q2);
+
+edwards_Fq6 edwards_ate_pairing(const edwards_G1& P,
+                                const edwards_G2 &Q);
+edwards_GT edwards_ate_reduced_pairing(const edwards_G1 &P,
+                                       const edwards_G2 &Q);
+
+/* choice of pairing */
+
+typedef edwards_ate_G1_precomp edwards_G1_precomp;
+typedef edwards_ate_G2_precomp edwards_G2_precomp;
+
+edwards_G1_precomp edwards_precompute_G1(const edwards_G1& P);
+edwards_G2_precomp edwards_precompute_G2(const edwards_G2& Q);
+
+edwards_Fq6 edwards_miller_loop(const edwards_G1_precomp &prec_P,
+                                const edwards_G2_precomp &prec_Q);
+
+edwards_Fq6 edwards_double_miller_loop(const edwards_G1_precomp &prec_P1,
+                                       const edwards_G2_precomp &prec_Q1,
+                                       const edwards_G1_precomp &prec_P2,
+                                       const edwards_G2_precomp &prec_Q2);
+
+edwards_Fq6 edwards_pairing(const edwards_G1& P,
+                            const edwards_G2 &Q);
+
+edwards_GT edwards_reduced_pairing(const edwards_G1 &P,
+                                   const edwards_G2 &Q);
+
+} // libff
+#endif // EDWARDS_PAIRING_HPP_

trusted_libff/libff/depends/CMakeLists.txt

+if(${CURVE} STREQUAL "BN128")
+  include_directories(ate-pairing/include)
+  include_directories(xbyak)
+  add_library(
+    zm
+    STATIC
+
+    ate-pairing/src/zm.cpp
+    ate-pairing/src/zm2.cpp
+  )
+endif()