Merge remote-tracking branch 'upstream/master' into vec-allocator

* upstream/master:
  Add a note on `add_assign_mixed` to CHANGELOG (arkworks-rs#600)
  Fix linting on nightly Rust (arkworks-rs#598)
  Build docs correctly on docs.rs (arkworks-rs#590)
  Set correct minimum supported Rust version (arkworks-rs#592)
  Add back pairing benchmarks. (arkworks-rs#586)
  Create test-templates/README (arkworks-rs#585)
  Create README.md for `bench-templates` (arkworks-rs#583)
  Update `master` branch to 0.4.0 (arkworks-rs#582)
  Unify model configs (arkworks-rs#580)
  Correctly evaluate over domain when `self` is zero polynomial (arkworks-rs#575)
  Improve `impl From<u128> for Fp` (arkworks-rs#573)
  should just check the top bit, not two bits (arkworks-rs#560)

Author: andrewmilson

CHANGELOG.md

@@ -71,6 +71,7 @@
 - [\#446](https://github.com/arkworks-rs/algebra/pull/446) (`ark-ff`) Add `CyclotomicMultSubgroup` trait and implement it for extension fields
 - [\#447](https://github.com/arkworks-rs/algebra/pull/447) (`ark-ec`, `ark-algebra-test-templates`) Rename and refactor group infrastructure, and test infrastructure for fields, groups, and pairings:
     - Create new `Group` trait and move some functionality from `ProjectiveCurve` to it.
+    - Refactor `add_assign_mixed` → `add_assign` that's polymorphic over its RHS.
     - Rename `ProjectiveCurve` to `CurveGroup: Group`.
         - Rename some associated types:
             - `AffineCurve` → `Affine`

bench-templates/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ark-algebra-bench-templates"
-version = "0.4.0-alpha.6"
+version = "0.4.0"
 authors = [ "arkworks contributors" ]
 description = "A benchmark library for finite fields and elliptic curves"
 homepage = "https://arkworks.rs"
@@ -11,15 +11,16 @@ categories = ["cryptography"]
 include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
 license = "MIT/Apache-2.0"
 edition = "2021"
+rust-version = "1.63"
 
 ################################# Dependencies ################################
 
 [dependencies]
 criterion = { version = "0.4.0", features = [ "html_reports" ] }
-ark-std = { version = "0.4.0-alpha", default-features = false }
-ark-ec = { version = "0.4.0-alpha", path = "../ec", default-features = false }
-ark-ff = { version = "0.4.0-alpha", path = "../ff", default-features = false }
-ark-serialize = { version = "0.4.0-alpha", path = "../serialize", default-features = false }
+ark-std = { version = "0.4.0", default-features = false }
+ark-ec = { version = "0.4.0", path = "../ec", default-features = false }
+ark-ff = { version = "0.4.0", path = "../ff", default-features = false }
+ark-serialize = { version = "0.4.0", path = "../serialize", default-features = false }
 paste = { version = "1.0" }
 
 [features]

bench-templates/README.md

@@ -0,0 +1,4 @@
+# bench-templates
+
+**Warning!!!** This package does not implement any benchmarks, but exports templates and macros for benchmarking.
+In order to benchmark arkworks, please run `cargo bench` inside [ark-curves](https://github.com/arkworks-rs/curves).

bench-templates/src/macros/mod.rs

@@ -34,7 +34,8 @@ macro_rules! bench {
                 [<$Fr:lower>]::benches,
                 [<$Fq:lower>]::benches,
                 [<$FqExt:lower>]::benches,
-                [<$FqTarget:lower>]::benches
+                [<$FqTarget:lower>]::benches,
+                pairing::benches
             );
         }
     };

ec/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "ark-ec"
-version = "0.4.0-alpha.6"
+version = "0.4.0"
 authors = [ "arkworks contributors" ]
 description = "A library for elliptic curves and pairings"
 homepage = "https://arkworks.rs"
@@ -11,13 +11,13 @@ categories = ["cryptography"]
 include = ["Cargo.toml", "src", "README.md", "LICENSE-APACHE", "LICENSE-MIT"]
 license = "MIT/Apache-2.0"
 edition = "2021"
-rust-version = "1.57"
+rust-version = "1.63"
 
 [dependencies]
-ark-std = { version = "0.4.0-alpha", default-features = false }
-ark-serialize = { version = "0.4.0-alpha", path = "../serialize", default-features = false }
-ark-ff = { version = "0.4.0-alpha", path = "../ff", default-features = false }
-ark-poly = { version = "0.4.0-alpha", path = "../poly", default-features = false }
+ark-std = { version = "0.4.0", default-features = false }
+ark-serialize = { version = "0.4.0", path = "../serialize", default-features = false }
+ark-ff = { version = "0.4.0", path = "../ff", default-features = false }
+ark-poly = { version = "0.4.0", path = "../poly", default-features = false }
 derivative = { version = "2", features = ["use_core"] }
 num-traits = { version = "0.2", default-features = false }
 rayon = { version = "1", optional = true }
@@ -26,7 +26,7 @@ hashbrown = "0.13.1"
 itertools = { version = "0.10", default-features = false }
 
 [dev-dependencies]
-ark-test-curves = { version = "0.4.0-alpha", path = "../test-curves", default-features = false, features = ["bls12_381_curve"] }
+ark-test-curves = { version = "0.4.0", path = "../test-curves", default-features = false, features = ["bls12_381_curve"] }
 sha2 = { version = "0.10", default-features = false }
 libtest-mimic = "0.6.0"
 serde = "1.0.110"
@@ -38,3 +38,6 @@ hex = "0.4"
 default = []
 std = [ "ark-std/std", "ark-ff/std", "ark-serialize/std" ]
 parallel = [ "std", "rayon", "ark-std/parallel" ]
+
+[package.metadata.docs.rs]
+rustdoc-args = ["--html-in-header", "./doc/katex-header.html"]

ec/doc/katex-header.html

@@ -0,0 +1 @@
+../../doc/katex-header.html

ec/src/models/bn/mod.rs

@@ -23,7 +23,7 @@ pub enum TwistType {
     D,
 }
 
-pub trait BnConfig: 'static {
+pub trait BnConfig: 'static + Sized {
     /// The absolute value of the BN curve parameter `X`
     /// (as in `q = 36 X^4 + 36 X^3 + 24 X^2 + 6 X + 1`).
     const X: &'static [u64];
@@ -46,65 +46,11 @@ pub trait BnConfig: 'static {
         BaseField = Fp2<Self::Fp2Config>,
         ScalarField = <Self::G1Config as CurveConfig>::ScalarField,
     >;
-}
-
-pub mod g1;
-pub mod g2;
-
-pub use self::{
-    g1::{G1Affine, G1Prepared, G1Projective},
-    g2::{G2Affine, G2Prepared, G2Projective},
-};
-
-#[derive(Derivative)]
-#[derivative(Copy, Clone, PartialEq, Eq, Debug, Hash)]
-pub struct Bn<P: BnConfig>(PhantomData<fn() -> P>);
-
-impl<P: BnConfig> Bn<P> {
-    /// Evaluates the line function at point p.
-    fn ell(f: &mut Fp12<P::Fp12Config>, coeffs: &g2::EllCoeff<P>, p: &G1Affine<P>) {
-        let mut c0 = coeffs.0;
-        let mut c1 = coeffs.1;
-        let mut c2 = coeffs.2;
-
-        match P::TWIST_TYPE {
-            TwistType::M => {
-                c2.mul_assign_by_fp(&p.y);
-                c1.mul_assign_by_fp(&p.x);
-                f.mul_by_014(&c0, &c1, &c2);
-            },
-            TwistType::D => {
-                c0.mul_assign_by_fp(&p.y);
-                c1.mul_assign_by_fp(&p.x);
-                f.mul_by_034(&c0, &c1, &c2);
-            },
-        }
-    }
-
-    fn exp_by_neg_x(mut f: Fp12<P::Fp12Config>) -> Fp12<P::Fp12Config> {
-        f = f.cyclotomic_exp(P::X);
-        if !P::X_IS_NEGATIVE {
-            f.cyclotomic_inverse_in_place();
-        }
-        f
-    }
-}
-
-impl<P: BnConfig> Pairing for Bn<P> {
-    type BaseField = <P::G1Config as CurveConfig>::BaseField;
-    type ScalarField = <P::G1Config as CurveConfig>::ScalarField;
-    type G1 = G1Projective<P>;
-    type G1Affine = G1Affine<P>;
-    type G1Prepared = G1Prepared<P>;
-    type G2 = G2Projective<P>;
-    type G2Affine = G2Affine<P>;
-    type G2Prepared = G2Prepared<P>;
-    type TargetField = Fp12<P::Fp12Config>;
 
     fn multi_miller_loop(
-        a: impl IntoIterator<Item = impl Into<Self::G1Prepared>>,
-        b: impl IntoIterator<Item = impl Into<Self::G2Prepared>>,
-    ) -> MillerLoopOutput<Self> {
+        a: impl IntoIterator<Item = impl Into<G1Prepared<Self>>>,
+        b: impl IntoIterator<Item = impl Into<G2Prepared<Self>>>,
+    ) -> MillerLoopOutput<Bn<Self>> {
         let mut pairs = a
             .into_iter()
             .zip_eq(b)
@@ -119,44 +65,44 @@ impl<P: BnConfig> Pairing for Bn<P> {
 
         let mut f = cfg_chunks_mut!(pairs, 4)
             .map(|pairs| {
-                let mut f = Self::TargetField::one();
-                for i in (1..P::ATE_LOOP_COUNT.len()).rev() {
-                    if i != P::ATE_LOOP_COUNT.len() - 1 {
+                let mut f = <Bn<Self> as Pairing>::TargetField::one();
+                for i in (1..Self::ATE_LOOP_COUNT.len()).rev() {
+                    if i != Self::ATE_LOOP_COUNT.len() - 1 {
                         f.square_in_place();
                     }
 
                     for (p, coeffs) in pairs.iter_mut() {
-                        Self::ell(&mut f, &coeffs.next().unwrap(), &p.0);
+                        Bn::<Self>::ell(&mut f, &coeffs.next().unwrap(), &p.0);
                     }
 
-                    let bit = P::ATE_LOOP_COUNT[i - 1];
+                    let bit = Self::ATE_LOOP_COUNT[i - 1];
                     if bit == 1 || bit == -1 {
                         for (p, coeffs) in pairs.iter_mut() {
-                            Self::ell(&mut f, &coeffs.next().unwrap(), &p.0);
+                            Bn::<Self>::ell(&mut f, &coeffs.next().unwrap(), &p.0);
                         }
                     }
                 }
                 f
             })
-            .product::<Self::TargetField>();
+            .product::<<Bn<Self> as Pairing>::TargetField>();
 
-        if P::X_IS_NEGATIVE {
+        if Self::X_IS_NEGATIVE {
             f.cyclotomic_inverse_in_place();
         }
 
         for (p, coeffs) in &mut pairs {
-            Self::ell(&mut f, &coeffs.next().unwrap(), &p.0);
+            Bn::<Self>::ell(&mut f, &coeffs.next().unwrap(), &p.0);
         }
 
         for (p, coeffs) in &mut pairs {
-            Self::ell(&mut f, &coeffs.next().unwrap(), &p.0);
+            Bn::<Self>::ell(&mut f, &coeffs.next().unwrap(), &p.0);
         }
 
         MillerLoopOutput(f)
     }
 
     #[allow(clippy::let_and_return)]
-    fn final_exponentiation(f: MillerLoopOutput<Self>) -> Option<PairingOutput<Self>> {
+    fn final_exponentiation(f: MillerLoopOutput<Bn<Self>>) -> Option<PairingOutput<Bn<Self>>> {
         // Easy part: result = elt^((q^6-1)*(q^2+1)).
         // Follows, e.g., Beuchat et al page 9, by computing result as follows:
         //   elt^((q^6-1)*(q^2+1)) = (conj(elt) * elt^(-1))^(q^2+1)
@@ -191,13 +137,13 @@ impl<P: BnConfig> Pairing for Bn<P> {
             //
             // result = elt^( 2z * ( 6z^2 + 3z + 1 ) * (q^4 - q^2 + 1)/r ).
 
-            let y0 = Self::exp_by_neg_x(r);
+            let y0 = Bn::<Self>::exp_by_neg_x(r);
             let y1 = y0.cyclotomic_square();
             let y2 = y1.cyclotomic_square();
             let mut y3 = y2 * &y1;
-            let y4 = Self::exp_by_neg_x(y3);
+            let y4 = Bn::<Self>::exp_by_neg_x(y3);
             let y5 = y4.cyclotomic_square();
-            let mut y6 = Self::exp_by_neg_x(y5);
+            let mut y6 = Bn::<Self>::exp_by_neg_x(y5);
             y3.cyclotomic_inverse_in_place();
             y6.cyclotomic_inverse_in_place();
             let y7 = y6 * &y4;
@@ -219,3 +165,68 @@ impl<P: BnConfig> Pairing for Bn<P> {
         })
     }
 }
+
+pub mod g1;
+pub mod g2;
+
+pub use self::{
+    g1::{G1Affine, G1Prepared, G1Projective},
+    g2::{G2Affine, G2Prepared, G2Projective},
+};
+
+#[derive(Derivative)]
+#[derivative(Copy, Clone, PartialEq, Eq, Debug, Hash)]
+pub struct Bn<P: BnConfig>(PhantomData<fn() -> P>);
+
+impl<P: BnConfig> Bn<P> {
+    /// Evaluates the line function at point p.
+    fn ell(f: &mut Fp12<P::Fp12Config>, coeffs: &g2::EllCoeff<P>, p: &G1Affine<P>) {
+        let mut c0 = coeffs.0;
+        let mut c1 = coeffs.1;
+        let mut c2 = coeffs.2;
+
+        match P::TWIST_TYPE {
+            TwistType::M => {
+                c2.mul_assign_by_fp(&p.y);
+                c1.mul_assign_by_fp(&p.x);
+                f.mul_by_014(&c0, &c1, &c2);
+            },
+            TwistType::D => {
+                c0.mul_assign_by_fp(&p.y);
+                c1.mul_assign_by_fp(&p.x);
+                f.mul_by_034(&c0, &c1, &c2);
+            },
+        }
+    }
+
+    fn exp_by_neg_x(mut f: Fp12<P::Fp12Config>) -> Fp12<P::Fp12Config> {
+        f = f.cyclotomic_exp(P::X);
+        if !P::X_IS_NEGATIVE {
+            f.cyclotomic_inverse_in_place();
+        }
+        f
+    }
+}
+
+impl<P: BnConfig> Pairing for Bn<P> {
+    type BaseField = <P::G1Config as CurveConfig>::BaseField;
+    type ScalarField = <P::G1Config as CurveConfig>::ScalarField;
+    type G1 = G1Projective<P>;
+    type G1Affine = G1Affine<P>;
+    type G1Prepared = G1Prepared<P>;
+    type G2 = G2Projective<P>;
+    type G2Affine = G2Affine<P>;
+    type G2Prepared = G2Prepared<P>;
+    type TargetField = Fp12<P::Fp12Config>;
+
+    fn multi_miller_loop(
+        a: impl IntoIterator<Item = impl Into<Self::G1Prepared>>,
+        b: impl IntoIterator<Item = impl Into<Self::G2Prepared>>,
+    ) -> MillerLoopOutput<Self> {
+        P::multi_miller_loop(a, b)
+    }
+
+    fn final_exponentiation(f: MillerLoopOutput<Self>) -> Option<PairingOutput<Self>> {
+        P::final_exponentiation(f)
+    }
+}

ec/src/models/mnt4/mod.rs

@@ -26,7 +26,7 @@ pub use self::{
 
 pub type GT<P> = Fp4<P>;
 
-pub trait MNT4Config: 'static {
+pub trait MNT4Config: 'static + Sized {
     const TWIST: Fp2<Self::Fp2Config>;
     const TWIST_COEFF_A: Fp2<Self::Fp2Config>;
     const ATE_LOOP_COUNT: &'static [i8];
@@ -43,6 +43,34 @@ pub trait MNT4Config: 'static {
         BaseField = Fp2<Self::Fp2Config>,
         ScalarField = <Self::G1Config as CurveConfig>::ScalarField,
     >;
+    fn multi_miller_loop(
+        a: impl IntoIterator<Item = impl Into<G1Prepared<Self>>>,
+        b: impl IntoIterator<Item = impl Into<G2Prepared<Self>>>,
+    ) -> MillerLoopOutput<MNT4<Self>> {
+        let pairs = a
+            .into_iter()
+            .zip_eq(b)
+            .map(|(a, b)| (a.into(), b.into()))
+            .collect::<Vec<_>>();
+        let result = cfg_into_iter!(pairs)
+            .map(|(a, b)| MNT4::<Self>::ate_miller_loop(&a, &b))
+            .product();
+        MillerLoopOutput(result)
+    }
+
+    fn final_exponentiation(f: MillerLoopOutput<MNT4<Self>>) -> Option<PairingOutput<MNT4<Self>>> {
+        let value = f.0;
+        let value_inv = value.inverse().unwrap();
+        let value_to_first_chunk =
+            MNT4::<Self>::final_exponentiation_first_chunk(&value, &value_inv);
+        let value_inv_to_first_chunk =
+            MNT4::<Self>::final_exponentiation_first_chunk(&value_inv, &value);
+        let result = MNT4::<Self>::final_exponentiation_last_chunk(
+            &value_to_first_chunk,
+            &value_inv_to_first_chunk,
+        );
+        Some(PairingOutput(result))
+    }
 }
 
 #[derive(Derivative)]
@@ -211,24 +239,10 @@ impl<P: MNT4Config> Pairing for MNT4<P> {
         a: impl IntoIterator<Item = impl Into<Self::G1Prepared>>,
         b: impl IntoIterator<Item = impl Into<Self::G2Prepared>>,
     ) -> MillerLoopOutput<Self> {
-        let pairs = a
-            .into_iter()
-            .zip_eq(b)
-            .map(|(a, b)| (a.into(), b.into()))
-            .collect::<Vec<_>>();
-        let result = cfg_into_iter!(pairs)
-            .map(|(a, b)| Self::ate_miller_loop(&a, &b))
-            .product();
-        MillerLoopOutput(result)
+        P::multi_miller_loop(a, b)
     }
 
     fn final_exponentiation(f: MillerLoopOutput<Self>) -> Option<PairingOutput<Self>> {
-        let value = f.0;
-        let value_inv = value.inverse().unwrap();
-        let value_to_first_chunk = Self::final_exponentiation_first_chunk(&value, &value_inv);
-        let value_inv_to_first_chunk = Self::final_exponentiation_first_chunk(&value_inv, &value);
-        let result =
-            Self::final_exponentiation_last_chunk(&value_to_first_chunk, &value_inv_to_first_chunk);
-        Some(PairingOutput(result))
+        P::final_exponentiation(f)
     }
 }