Revert "Remove pairing guest library and tests (moved to new repo)"

This reverts commit 27e82aa.

Author: Avaneesh-axiom

Cargo.lock

@@ -0,0 +1,214 @@
+use alloc::vec::Vec;
+use core::ops::{Mul, MulAssign, Neg};
+
+use openvm_algebra_guest::{
+    field::{ComplexConjugate, FieldExtension},
+    DivAssignUnsafe, DivUnsafe, Field,
+};
+
+use super::{Bls12_381, Fp, Fp2};
+use crate::pairing::{fp12_invert_assign, PairingIntrinsics, SexticExtField};
+
+pub type Fp12 = SexticExtField<Fp2>;
+
+impl Fp12 {
+    pub fn invert(&self) -> Self {
+        let mut s = self.clone();
+        fp12_invert_assign::<Fp, Fp2>(&mut s.c, &Bls12_381::XI);
+        s
+    }
+}
+
+impl Field for Fp12 {
+    type SelfRef<'a> = &'a Self;
+    const ZERO: Self = Self::new([Fp2::ZERO; 6]);
+    const ONE: Self = Self::new([
+        Fp2::ONE,
+        Fp2::ZERO,
+        Fp2::ZERO,
+        Fp2::ZERO,
+        Fp2::ZERO,
+        Fp2::ZERO,
+    ]);
+
+    fn double_assign(&mut self) {
+        *self += self.clone();
+    }
+
+    fn square_assign(&mut self) {
+        *self *= self.clone();
+    }
+}
+
+impl FieldExtension<Fp2> for Fp12 {
+    const D: usize = 6;
+    type Coeffs = [Fp2; 6];
+
+    fn from_coeffs(coeffs: Self::Coeffs) -> Self {
+        Self::new(coeffs)
+    }
+
+    fn from_bytes(bytes: &[u8]) -> Self {
+        assert_eq!(bytes.len(), 576);
+        Self::from_coeffs([
+            Fp2::from_bytes(&bytes[0..96]),
+            Fp2::from_bytes(&bytes[96..192]),
+            Fp2::from_bytes(&bytes[192..288]),
+            Fp2::from_bytes(&bytes[288..384]),
+            Fp2::from_bytes(&bytes[384..480]),
+            Fp2::from_bytes(&bytes[480..576]),
+        ])
+    }
+
+    fn to_coeffs(self) -> Self::Coeffs {
+        self.c
+    }
+
+    fn to_bytes(&self) -> Vec<u8> {
+        let mut bytes = Vec::with_capacity(576);
+        for coeff in self.clone().to_coeffs() {
+            bytes.extend_from_slice(&coeff.to_bytes());
+        }
+        bytes
+    }
+
+    fn embed(c0: Fp2) -> Self {
+        Self::new([c0, Fp2::ZERO, Fp2::ZERO, Fp2::ZERO, Fp2::ZERO, Fp2::ZERO])
+    }
+
+    /// We assume that the frobenius map power is < 12
+    fn frobenius_map(&self, power: usize) -> Self {
+        if power & 1 != 0 {
+            let c0 = self.c[0].clone().conjugate();
+            let c1 = self.c[1].clone().conjugate() * &Bls12_381::FROBENIUS_COEFFS[power][0];
+            let c2 = self.c[2].clone().conjugate() * &Bls12_381::FROBENIUS_COEFFS[power][1];
+            let c3 = self.c[3].clone().conjugate() * &Bls12_381::FROBENIUS_COEFFS[power][2];
+            let c4 = self.c[4].clone().conjugate() * &Bls12_381::FROBENIUS_COEFFS[power][3];
+            let c5 = self.c[5].clone().conjugate() * &Bls12_381::FROBENIUS_COEFFS[power][4];
+            Self::new([c0, c1, c2, c3, c4, c5])
+        } else {
+            let c0 = self.c[0].clone();
+            let c1 = &self.c[1] * &Bls12_381::FROBENIUS_COEFFS[power][0];
+            let c2 = &self.c[2] * &Bls12_381::FROBENIUS_COEFFS[power][1];
+            let c3 = &self.c[3] * &Bls12_381::FROBENIUS_COEFFS[power][2];
+            let c4 = &self.c[4] * &Bls12_381::FROBENIUS_COEFFS[power][3];
+            let c5 = &self.c[5] * &Bls12_381::FROBENIUS_COEFFS[power][4];
+            Self::new([c0, c1, c2, c3, c4, c5])
+        }
+    }
+
+    fn mul_base(&self, rhs: &Fp2) -> Self {
+        Self::new([
+            &self.c[0] * rhs,
+            &self.c[1] * rhs,
+            &self.c[2] * rhs,
+            &self.c[3] * rhs,
+            &self.c[4] * rhs,
+            &self.c[5] * rhs,
+        ])
+    }
+}
+
+// This is ambiguous. It is conjugation for Fp12 over Fp6.
+impl ComplexConjugate for Fp12 {
+    fn conjugate(self) -> Self {
+        let [c0, c1, c2, c3, c4, c5] = self.c;
+        Self::new([c0, -c1, c2, -c3, c4, -c5])
+    }
+
+    fn conjugate_assign(&mut self) {
+        self.c[1].neg_assign();
+        self.c[3].neg_assign();
+        self.c[5].neg_assign();
+    }
+}
+
+impl<'a> MulAssign<&'a Fp12> for Fp12 {
+    #[inline(always)]
+    fn mul_assign(&mut self, other: &'a Fp12) {
+        *self = crate::pairing::sextic_tower_mul(self, other, &Bls12_381::XI);
+    }
+}
+
+impl<'a> Mul<&'a Fp12> for &'a Fp12 {
+    type Output = Fp12;
+    #[inline(always)]
+    fn mul(self, other: &'a Fp12) -> Self::Output {
+        crate::pairing::sextic_tower_mul(self, other, &Bls12_381::XI)
+    }
+}
+
+impl MulAssign for Fp12 {
+    #[inline(always)]
+    fn mul_assign(&mut self, other: Self) {
+        self.mul_assign(&other);
+    }
+}
+
+impl Mul for Fp12 {
+    type Output = Self;
+    #[inline(always)]
+    fn mul(mut self, other: Self) -> Self::Output {
+        self *= other;
+        self
+    }
+}
+
+impl<'a> Mul<&'a Fp12> for Fp12 {
+    type Output = Self;
+    #[inline(always)]
+    fn mul(mut self, other: &'a Fp12) -> Self::Output {
+        self *= other;
+        self
+    }
+}
+
+impl<'a> DivAssignUnsafe<&'a Fp12> for Fp12 {
+    #[inline(always)]
+    fn div_assign_unsafe(&mut self, other: &'a Fp12) {
+        *self *= other.invert();
+    }
+}
+
+impl<'a> DivUnsafe<&'a Fp12> for &'a Fp12 {
+    type Output = Fp12;
+    #[inline(always)]
+    fn div_unsafe(self, other: &'a Fp12) -> Self::Output {
+        let mut res = self.clone();
+        res.div_assign_unsafe(other);
+        res
+    }
+}
+
+impl DivAssignUnsafe for Fp12 {
+    #[inline(always)]
+    fn div_assign_unsafe(&mut self, other: Self) {
+        *self *= other.invert();
+    }
+}
+
+impl DivUnsafe for Fp12 {
+    type Output = Self;
+    #[inline(always)]
+    fn div_unsafe(mut self, other: Self) -> Self::Output {
+        self.div_assign_unsafe(other);
+        self
+    }
+}
+
+impl<'a> DivUnsafe<&'a Fp12> for Fp12 {
+    type Output = Self;
+    #[inline(always)]
+    fn div_unsafe(mut self, other: &'a Fp12) -> Self::Output {
+        self.div_assign_unsafe(other);
+        self
+    }
+}
+
+impl Neg for Fp12 {
+    type Output = Fp12;
+    #[inline(always)]
+    fn neg(self) -> Self::Output {
+        Self::ZERO - &self
+    }
+}

extensions/pairing/guest/src/bls12_381/fp12.rs

@@ -0,0 +1,76 @@
+use alloc::vec::Vec;
+use core::ops::Neg;
+
+use openvm_algebra_complex_macros::{complex_declare, complex_impl_field};
+use openvm_algebra_guest::{field::FieldExtension, Field, IntMod};
+
+use super::Fp;
+
+#[cfg(not(target_os = "zkvm"))]
+// Used in Fp2Extension config
+pub const BLS12_381_COMPLEX_STRUCT_NAME: &str = "Bls12_381Fp2";
+
+// The struct name needs to be globally unique for linking purposes.
+// The mod_type is a path used only in the struct definition.
+complex_declare! {
+    Bls12_381Fp2 { mod_type = Fp }
+}
+
+complex_impl_field! {
+    Bls12_381Fp2,
+}
+
+pub type Fp2 = Bls12_381Fp2;
+
+impl FieldExtension<Fp> for Fp2 {
+    const D: usize = 2;
+    type Coeffs = [Fp; 2];
+
+    fn from_coeffs([c0, c1]: Self::Coeffs) -> Self {
+        Self { c0, c1 }
+    }
+
+    fn from_bytes(bytes: &[u8]) -> Self {
+        assert_eq!(bytes.len(), 96);
+        Self::from_coeffs([
+            Fp::from_const_bytes(bytes[0..48].try_into().unwrap()),
+            Fp::from_const_bytes(bytes[48..96].try_into().unwrap()),
+        ])
+    }
+
+    fn to_coeffs(self) -> Self::Coeffs {
+        [self.c0, self.c1]
+    }
+
+    fn to_bytes(&self) -> Vec<u8> {
+        let mut bytes = Vec::with_capacity(96);
+        bytes.extend_from_slice(self.c0.as_le_bytes());
+        bytes.extend_from_slice(self.c1.as_le_bytes());
+        bytes
+    }
+
+    fn embed(base_elem: Fp) -> Self {
+        Self {
+            c0: base_elem,
+            c1: <Fp as Field>::ZERO,
+        }
+    }
+
+    fn frobenius_map(&self, power: usize) -> Self {
+        if power % 2 == 0 {
+            self.clone()
+        } else {
+            Self {
+                c0: self.c0.clone(),
+                c1: (&self.c1).neg(),
+            }
+        }
+    }
+
+    fn mul_base(&self, rhs: &Fp) -> Self {
+        Self {
+            c0: &self.c0 * rhs,
+            c1: &self.c1 * rhs,
+        }
+    }
+}