feat(ecc): Weierstrass affine curves over complex fields (#1127)

* chore: add invert to Field trait * chore: generalize WeierstrassPoint trait * working version of G2Affine * chore: make into macro * chore: split out FromCompress trait * chore: refactor macros for weierstrass curves * chore: fixes * add unit tests
openvm-org · Dec 24, 2024 · e4eaff4 · e4eaff4
1 parent 2ef5f76
commit e4eaff4
Show file tree

Hide file tree

Showing 14 changed files with 607 additions and 255 deletions.
diff --git a/extensions/algebra/guest/src/field/mod.rs b/extensions/algebra/guest/src/field/mod.rs
@@ -6,7 +6,7 @@ use core::{
 
 use crate::{DivAssignUnsafe, DivUnsafe};
 
-// TODO: this can now extend IntMod trait
+// TODO: the shared parts of Field and IntMod should be moved into a new `IntegralDomain` trait.
 /// This is a simplified trait for field elements.
 pub trait Field:
     Sized
@@ -48,6 +48,14 @@ pub trait Field:
 
     /// Square `self` in-place
     fn square_assign(&mut self);
+
+    /// Unchecked inversion. See [DivUnsafe].
+    ///
+    /// ## Panics
+    /// If `self` is zero.
+    fn invert(&self) -> Self {
+        Self::ONE.div_unsafe(self)
+    }
 }
 
 /// Field extension trait. BaseField is the base field of the extension field.

diff --git a/extensions/ecc/guest/src/affine_point.rs b/extensions/ecc/guest/src/affine_point.rs
@@ -10,7 +10,7 @@ pub struct AffinePoint<F> {
 }
 
 impl<F: Field> AffinePoint<F> {
-    pub fn new(x: F, y: F) -> Self {
+    pub const fn new(x: F, y: F) -> Self {
         Self { x, y }
     }
 
@@ -29,6 +29,7 @@ impl<F: Field> AffinePoint<F> {
     }
 }
 
+// Note: this is true for weierstrass curves but maybe not in general
 impl<F> Neg for AffinePoint<F>
 where
     F: Neg<Output = F>,

diff --git a/extensions/ecc/guest/src/ecdsa.rs b/extensions/ecc/guest/src/ecdsa.rs
@@ -5,7 +5,7 @@ use elliptic_curve::PrimeCurve;
 use openvm_algebra_guest::{DivUnsafe, IntMod, Reduce};
 
 use crate::{
-    weierstrass::{IntrinsicCurve, WeierstrassPoint},
+    weierstrass::{FromCompressed, IntrinsicCurve, WeierstrassPoint},
     CyclicGroup, Group,
 };
 
@@ -40,6 +40,9 @@ impl<C: IntrinsicCurve> VerifyingKey<C> {
 impl<C> VerifyingKey<C>
 where
     C: PrimeCurve + IntrinsicCurve,
+    C::Point: WeierstrassPoint + CyclicGroup + FromCompressed<Coordinate<C>>,
+    Coordinate<C>: IntMod,
+    C::Scalar: IntMod + Reduce,
 {
     /// Ref: <https://github.com/RustCrypto/signatures/blob/85c984bcc9927c2ce70c7e15cbfe9c6936dd3521/ecdsa/src/recovery.rs#L297>
     ///
@@ -84,7 +87,7 @@ where
         }
         let rec_id = recovery_id.to_byte();
         // The point R decompressed from x-coordinate `r`
-        let R: C::Point = WeierstrassPoint::decompress(x, &rec_id);
+        let R: C::Point = FromCompressed::decompress(x, &rec_id);
 
         let neg_u1 = z.div_unsafe(&r);
         let u2 = s.div_unsafe(&r);

diff --git a/extensions/ecc/guest/src/group.rs b/extensions/ecc/guest/src/group.rs
@@ -24,7 +24,9 @@ pub trait Group:
 
     const IDENTITY: Self;
 
-    fn is_identity(&self) -> bool;
+    fn is_identity(&self) -> bool {
+        self == &Self::IDENTITY
+    }
 
     fn double(&self) -> Self;
     fn double_assign(&mut self);

diff --git a/extensions/ecc/guest/src/k256/mod.rs b/extensions/ecc/guest/src/k256/mod.rs
@@ -1,11 +1,13 @@
-use core::ops::{Add, AddAssign, Neg};
+use core::ops::{Add, Neg};
 
 use hex_literal::hex;
 #[cfg(not(target_os = "zkvm"))]
 use lazy_static::lazy_static;
 #[cfg(not(target_os = "zkvm"))]
 use num_bigint_dig::BigUint;
-use openvm_algebra_guest::IntMod;
+use openvm_algebra_guest::{Field, IntMod};
+use openvm_algebra_moduli_setup::moduli_declare;
+use openvm_ecc_sw_setup::sw_declare;
 
 use super::group::{CyclicGroup, Group};
 use crate::weierstrass::{CachedMulTable, IntrinsicCurve};
@@ -30,15 +32,30 @@ const fn seven_le() -> [u8; 32] {
     buf
 }
 
-openvm_algebra_moduli_setup::moduli_declare! {
+moduli_declare! {
     Secp256k1Coord { modulus = "0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F" },
     Secp256k1Scalar { modulus = "0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141" },
 }
 
-openvm_ecc_sw_setup::sw_declare! {
+sw_declare! {
     Secp256k1Point { mod_type = Secp256k1Coord, b = CURVE_B },
 }
 
+impl Field for Secp256k1Coord {
+    const ZERO: Self = <Self as IntMod>::ZERO;
+    const ONE: Self = <Self as IntMod>::ONE;
+
+    type SelfRef<'a> = &'a Self;
+
+    fn double_assign(&mut self) {
+        IntMod::double_assign(self);
+    }
+
+    fn square_assign(&mut self) {
+        IntMod::square_assign(self);
+    }
+}
+
 impl CyclicGroup for Secp256k1Point {
     const GENERATOR: Self = Secp256k1Point {
         x: Secp256k1Coord::from_const_bytes(hex!(