Merge pull request #1 from 0xjei/main

add `Enclave` parameter sets

Author: 0xjei

src/fields/enclave_bfv_512.nr

@@ -0,0 +1,16 @@
+use crate::bignum::BigNum;
+use crate::bignum::derive_bignum;
+use crate::params::BigNumParams;
+
+/// BFV parameters set corresponding to INSECURE_SET_512_10_1.
+pub global Enclave_BFV_512_PARAMS: BigNumParams<1, 51> = BigNumParams {
+    has_multiplicative_inverse: true,
+    modulus: [0x07fffffffe0001],
+    double_modulus: [0x0100000000000000000ffffffffc0001],
+    redc_param: [0x800000001ffff0],
+};
+
+#[derive_bignum(1, 51, quote { Enclave_BFV_512_PARAMS })]
+pub struct Enclave_BFV_512 {
+    limbs: [u128; 1],
+}

src/fields/enclave_bfv_8192.nr

@@ -0,0 +1,16 @@
+use crate::bignum::BigNum;
+use crate::bignum::derive_bignum;
+use crate::params::BigNumParams;
+
+/// BFV parameters set corresponding to SET_8192_100_4.
+pub global Enclave_BFV_8192_PARAMS: BigNumParams<1, 113> = BigNumParams {
+    has_multiplicative_inverse: false,
+    modulus: [0x010000000418000203d8ac04180001],
+    double_modulus: [0x01020000000830000407b15808300001],
+    redc_param: [0x3ffffffef9ffff833a650308b8b343],
+};
+
+#[derive_bignum(1, 113, quote { Enclave_BFV_8192_PARAMS })]
+pub struct Enclave_BFV_8192 {
+    limbs: [u128; 1],
+}

src/fields/enclave_trbfv_512.nr

@@ -0,0 +1,16 @@
+use crate::bignum::BigNum;
+use crate::bignum::derive_bignum;
+use crate::params::BigNumParams;
+
+/// TRBFV parameters set corresponding to INSECURE_SET_512_10_1.
+pub global Enclave_TRBFV_512_PARAMS: BigNumParams<1, 72> = BigNumParams {
+    has_multiplicative_inverse: false,
+    modulus: [0xffffb2002437fb2001],
+    double_modulus: [0x01000000000001ffff6400486ff64001],
+    redc_param: [0x100004dfff38bf60b973],
+};
+
+#[derive_bignum(1, 72, quote { Enclave_TRBFV_512_PARAMS })]
+pub struct Enclave_TRBFV_512 {
+    limbs: [u128; 1],
+}

src/fields/enclave_trbfv_8192.nr

@@ -0,0 +1,16 @@
+use crate::bignum::BigNum;
+use crate::bignum::derive_bignum;
+use crate::params::BigNumParams;
+
+/// TRBFV parameters set corresponding to SET_8192_100_4.
+pub global Enclave_TRBFV_8192_PARAMS: BigNumParams<2, 208> = BigNumParams {
+    has_multiplicative_inverse: false,
+    modulus: [0xfe38ce2cf15ff03368791001340001, 0x8000000db0002869ba02ea],
+    double_modulus: [0x01fc719c59e2bfe066d0f22002680002, 0x010000001b600050d37405d4],
+    redc_param: [0x447d587f4015acebd23b19ddd6f6c5, 0x1ffffffc93fff6433e016463],
+};
+
+#[derive_bignum(2, 208, quote { Enclave_TRBFV_8192_PARAMS })]
+pub struct Enclave_TRBFV_8192 {
+    limbs: [u128; 2],
+}

src/fields/mod.nr

@@ -27,3 +27,7 @@ pub mod U1024;
 pub mod U2048;
 pub mod U4096;
 pub mod U8192;
+pub mod enclave_bfv_512;
+pub mod enclave_bfv_8192;
+pub mod enclave_trbfv_512;
+pub mod enclave_trbfv_8192;

src/fns/constrained_ops.nr

@@ -51,7 +51,7 @@ pub(crate) fn limbs_to_field<let N: u32, let MOD_BITS: u32>(
         limbs[0] as Field
     } else if N == 2 {
         validate_in_range::<_, N, MOD_BITS>(limbs);
-        (limbs[0] + limbs[1] * TWO_POW_120) as Field
+        limbs[0] as Field + limbs[1] as Field * TWO_POW_120 as Field
     } else {
         // validate_in_range::<N, 254>(limbs);
         (
@@ -332,6 +332,7 @@ pub(crate) fn validate_gt<let N: u32, let MOD_BITS: u32>(lhs: [u128; N], rhs: [u
     // so we do... p - x - r = 0 and there might be borrow flags
     // a - b = r
     // p + a - b - r = 0
+    // Safety: fix
     let (underflow, result, borrow_flags) = unsafe { __validate_gt_with_flags(lhs, rhs) };
     validate_in_range::<_, _, MOD_BITS>(result);
     assert(!underflow, "BigNum::validate_gt check fails");
@@ -376,6 +377,7 @@ pub(crate) fn validate_in_field<let N: u32, let MOD_BITS: u32>(
     for i in 0..N {
         p_minus_self[i] = (modulus[i] as Field - val[i] as Field);
     }
+    // Safety: fix
     let borrow_flags = unsafe { __validate_in_field_compute_borrow_flags(params, val) };
     p_minus_self[0] += (borrow_flags[0] as Field * TWO_POW_120 as Field);
     for i in 1..N - 1 {
@@ -388,6 +390,7 @@ pub(crate) fn validate_in_field<let N: u32, let MOD_BITS: u32>(
 
 // a comparison function. returns true if lhs > rhs and false otherwise
 pub(crate) fn cmp<let N: u32, let MOD_BITS: u32>(lhs: [u128; N], rhs: [u128; N]) -> Ordering {
+    // Safety: fix
     let (underflow, result, borrow_flags) = unsafe { __validate_gt_with_flags(lhs, rhs) };
     // if underflow is true, swap lhs and rhs
     let (lhs, rhs) = if underflow { (rhs, lhs) } else { (lhs, rhs) };
@@ -412,7 +415,7 @@ pub(crate) fn neg<let N: u32, let MOD_BITS: u32>(
             __neg(params.modulus, val)
         }
     } else {
-        // so we do... p - x - r = 0 and there might be borrow flags
+        // Safety: fix
         let (result, borrow_flags) = unsafe { __neg_with_flags(params.modulus, val) };
         validate_in_range::<_, _, MOD_BITS>(result);
         let modulus = params.modulus;
@@ -443,7 +446,7 @@ pub(crate) fn add<let N: u32, let MOD_BITS: u32>(
             __add(params.modulus, lhs, rhs)
         }
     } else {
-        // so we do... p - x - r = 0 and there might be borrow flags
+        // Safety: fix
         let (result, carry_flags, borrow_flags, overflow_modulus) =
             unsafe { __add_with_flags(params.modulus, lhs, rhs) };
         validate_in_range::<_, _, MOD_BITS>(result);
@@ -493,6 +496,7 @@ pub(crate) fn sub<let N: u32, let MOD_BITS: u32>(
         // so we do... p - x - r = 0 and there might be borrow flags
         // a - b = r
         // p + a - b - r = 0
+        // Safety: fix
         let (result, carry_flags, borrow_flags, underflow) =
             unsafe { __sub_with_flags(params.modulus, lhs, rhs) };
 
@@ -541,6 +545,7 @@ pub(crate) fn mul<let N: u32, let MOD_BITS: u32>(
     lhs: [u128; N],
     rhs: [u128; N],
 ) -> [u128; N] {
+    // Safety: fix
     let result = unsafe { __mul::<_, MOD_BITS>(params, lhs, rhs) };
     if !std::runtime::is_unconstrained() {
         evaluate_quadratic_expression(
@@ -566,6 +571,7 @@ pub(crate) fn div<let N: u32, let MOD_BITS: u32>(
         params.has_multiplicative_inverse,
         "BigNum has no multiplicative inverse. Use udiv for unsigned integer division",
     );
+    // Safety: fix
     let result = unsafe { __div::<_, MOD_BITS>(params, lhs, rhs) };
     if !std::runtime::is_unconstrained() {
         evaluate_quadratic_expression(
@@ -593,6 +599,7 @@ pub(crate) fn udiv_mod<let N: u32, let MOD_BITS: u32>(
     numerator: [u128; N],
     divisor: [u128; N],
 ) -> ([u128; N], [u128; N]) {
+    // Safety: fix
     let (quotient, remainder) = unsafe { __udiv_mod(numerator, divisor) };
     if !std::runtime::is_unconstrained() {
         // self / divisor = quotient rounded

src/fns/expressions.nr

@@ -260,6 +260,7 @@ pub(crate) fn evaluate_quadratic_expression<let N: u32, let MOD_BITS: u32, let L
     linear_flags: [bool; ADD_N],
 ) {
     // use an unconstrained function to compute the value of the quotient
+    // Safety: fix
     let (quotient, borrow_flags): ([u128; N], [bool; 2 * N - 2]) = unsafe {
         __compute_quadratic_expression_with_borrow_flags::<_, MOD_BITS, _, _, _, _>(
             params,

src/lib.nr

@@ -29,6 +29,10 @@ pub use fields::bls12_381Fr::BLS12_381_Fr;
 pub use fields::bn254Fq::BN254_Fq;
 pub use fields::ed25519Fq::ED25519_Fq;
 pub use fields::ed25519Fr::ED25519_Fr;
+pub use fields::enclave_bfv_512::Enclave_BFV_512;
+pub use fields::enclave_bfv_8192::Enclave_BFV_8192;
+pub use fields::enclave_trbfv_512::Enclave_TRBFV_512;
+pub use fields::enclave_trbfv_8192::Enclave_TRBFV_8192;
 pub use fields::mnt4_753Fq::MNT4_753_Fq;
 pub use fields::mnt4_753Fr::MNT4_753_Fr;
 pub use fields::mnt6_753Fq::MNT6_753_Fq;

src/runtime_bignum.nr

@@ -116,6 +116,7 @@ impl<let N: u32, let MOD_BITS: u32> RuntimeBigNum<N, MOD_BITS> {
     // UNCONSTRAINED! (Hence `__` prefix).
     pub fn __neg(self) -> Self {
         let params = self.params;
+        // Safety: fix
         let limbs = unsafe { __neg(params.modulus, self.limbs) };
         Self { params, limbs }
     }
@@ -124,6 +125,7 @@ impl<let N: u32, let MOD_BITS: u32> RuntimeBigNum<N, MOD_BITS> {
     pub fn __add(self, other: Self) -> Self {
         let params = self.params;
         assert(params == other.params);
+        // Safety: fix
         let limbs = unsafe { __add(params.modulus, self.limbs, other.limbs) };
         Self { params, limbs }
     }
@@ -132,6 +134,7 @@ impl<let N: u32, let MOD_BITS: u32> RuntimeBigNum<N, MOD_BITS> {
     pub fn __sub(self, other: Self) -> Self {
         let params = self.params;
         assert(params == other.params);
+        // Safety: fix
         let limbs = unsafe { __sub(params.modulus, self.limbs, other.limbs) };
         Self { params, limbs }
     }
@@ -140,6 +143,7 @@ impl<let N: u32, let MOD_BITS: u32> RuntimeBigNum<N, MOD_BITS> {
     pub fn __mul(self, other: Self) -> Self {
         let params = self.params;
         assert(params == other.params);
+        // Safety: fix
         let limbs = unsafe { __mul::<_, MOD_BITS>(params, self.limbs, other.limbs) };
         Self { params, limbs }
     }
@@ -148,6 +152,7 @@ impl<let N: u32, let MOD_BITS: u32> RuntimeBigNum<N, MOD_BITS> {
     pub fn __div(self, divisor: Self) -> Self {
         let params = self.params;
         assert(params == divisor.params);
+        // Safety: fix
         let limbs = unsafe { __div::<_, MOD_BITS>(params, self.limbs, divisor.limbs) };
         Self { params, limbs }
     }
@@ -156,6 +161,7 @@ impl<let N: u32, let MOD_BITS: u32> RuntimeBigNum<N, MOD_BITS> {
     pub fn __udiv_mod(self, divisor: Self) -> (Self, Self) {
         let params = self.params;
         assert(params == divisor.params);
+        // Safety: fix
         let (q, r) = unsafe { __udiv_mod(self.limbs, divisor.limbs) };
         (Self { limbs: q, params }, Self { limbs: r, params })
     }
@@ -164,6 +170,7 @@ impl<let N: u32, let MOD_BITS: u32> RuntimeBigNum<N, MOD_BITS> {
     pub fn __invmod(self) -> Self {
         let params = self.params;
         assert(params.has_multiplicative_inverse);
+        // Safety: fix
         let limbs = unsafe { __invmod::<_, MOD_BITS>(params, self.limbs) };
         Self { limbs, params }
     }
@@ -172,13 +179,15 @@ impl<let N: u32, let MOD_BITS: u32> RuntimeBigNum<N, MOD_BITS> {
     pub fn __pow(self, exponent: Self) -> Self {
         let params = self.params;
         assert(params == exponent.params);
+        // Safety: fix
         let limbs = unsafe { __pow::<_, MOD_BITS>(params, self.limbs, exponent.limbs) };
         Self { limbs, params }
     }
 
     // UNCONSTRAINED! (Hence `__` prefix).
     pub fn __tonelli_shanks_sqrt(self) -> std::option::Option<Self> {
         let params = self.params;
+        // Safety: fix
         let maybe_limbs = unsafe { __tonelli_shanks_sqrt(params, self.limbs) };
         maybe_limbs.map(|limbs| Self { limbs, params })
     }
@@ -295,6 +304,7 @@ pub fn __compute_quadratic_expression<let N: u32, let MOD_BITS: u32, let LHS_N:
     linear_terms: [RuntimeBigNum<N, MOD_BITS>; ADD_N],
     linear_flags: [bool; ADD_N],
 ) -> (RuntimeBigNum<N, MOD_BITS>, RuntimeBigNum<N, MOD_BITS>) {
+    // Safety: fix
     let (q_limbs, r_limbs) = unsafe {
         crate::fns::expressions::__compute_quadratic_expression::<_, MOD_BITS, _, _, _, _>(
             params,
@@ -335,6 +345,7 @@ pub fn __batch_invert<let N: u32, let MOD_BITS: u32, let M: u32>(
 ) -> [RuntimeBigNum<N, MOD_BITS>; M] {
     let params = x[0].params;
     assert(params.has_multiplicative_inverse);
+    // Safety: fix
     let all_limbs = unsafe {
         crate::fns::unconstrained_ops::batch_invert::<_, MOD_BITS, _>(
             params,

src/tests/bignum_test.nr

@@ -1047,6 +1047,7 @@ fn test_SecP224r1_mul_regression() {
     let mut x: SecP224r1 =
         SecP224r1 { limbs: [0x03c1d356c21122343280d6115c1d21, 0xb70e0cbd6bb4bf7f321390b94a] };
     let res = x * x;
+    // Safety: fix
     let expected = unsafe { SecP224r1::__mul(x, x) };
     res.validate_in_field();
     expected.validate_in_field();