Implementation negation for G1/G2 affine

Author: jayz22

soroban-sdk/src/crypto/bls12_381.rs

@@ -7,7 +7,7 @@ use crate::{
 use core::{
     cmp::Ordering,
     fmt::Debug,
-    ops::{Add, Mul, Sub},
+    ops::{Add, Mul, Neg, Sub},
 };
 
 /// Bls12_381 provides access to curve and field arithmetics on the BLS12-381
@@ -16,6 +16,54 @@ pub struct Bls12_381 {
     env: Env,
 }
 
+fn sbb_for_sub_with_borrow(a: &mut u64, b: u64, borrow: u8) -> u8 {
+    let tmp = (1u128 << 64) + (*a as u128) - (b as u128) - (borrow as u128);
+    *a = tmp as u64;
+    u8::from(tmp >> 64 == 0)
+}
+
+#[derive(Debug)]
+pub(crate) struct BigInt<const N: usize>(pub [u64; N]);
+
+impl<const N: usize> BigInt<N> {
+    pub fn sub_with_borrow(&mut self, other: &Self) -> bool {
+        let mut borrow = 0;
+        for i in 0..N {
+            borrow = sbb_for_sub_with_borrow(&mut self.0[i], other.0[i], borrow);
+        }
+        borrow != 0
+    }
+
+    pub fn copy_into_slice(&self, slice: &mut [u8]) {
+        if slice.len() != N * 8 {
+            sdk_panic!("BigInt::copy_into_slice with mismatched slice length")
+        }
+        for i in 0..N {
+            let limb_bytes = self.0[N - 1 - i].to_be_bytes();
+            slice[i * 8..(i + 1) * 8].copy_from_slice(&limb_bytes);
+        }
+    }
+}
+
+impl<const N: usize, const M: usize> Into<BigInt<N>> for BytesN<M> {
+    fn into(self) -> BigInt<N> {
+        if M != N * 8 {
+            sdk_panic!("BytesN::Into<BigInt> - length mismatch")
+        }
+
+        let array = self.to_array();
+        let mut limbs = [0u64; N];
+        for i in 0..N {
+            let start = i * 8;
+            let end = start + 8;
+            let mut bytes = [0u8; 8];
+            bytes.copy_from_slice(&array[start..end]);
+            limbs[N - 1 - i] = u64::from_be_bytes(bytes);
+        }
+        BigInt(limbs)
+    }
+}
+
 /// `G1Affine` is a point in the G1 group (subgroup defined over the base field
 ///  `Fq`) of the BLS12-381 elliptic curve
 ///
@@ -101,6 +149,57 @@ impl_bytesn_repr!(G2Affine, 192);
 impl_bytesn_repr!(Fp, 48);
 impl_bytesn_repr!(Fp2, 96);
 
+impl Fp {
+    pub fn env(&self) -> &Env {
+        self.0.env()
+    }
+
+    pub fn map_to_g1(&self) -> G1Affine {
+        self.env().crypto().bls12_381().map_fp_to_g1(self)
+    }
+}
+
+impl Into<BigInt<6>> for Fp {
+    fn into(self) -> BigInt<6> {
+        let inner: Bytes = self.0.into();
+        let mut limbs = [0u64; 6];
+        for i in 0..6u32 {
+            let start = i * 8;
+            let mut slice = [0u8; 8];
+            inner.slice(start..start + 8).copy_into_slice(&mut slice);
+            limbs[5 - i as usize] = u64::from_be_bytes(slice);
+        }
+        BigInt(limbs)
+    }
+}
+
+impl Neg for Fp {
+    type Output = Fp;
+
+    fn neg(self) -> Self::Output {
+        if self.to_array() == [0; 48] {
+            return self;
+        }
+
+        let env = self.env().clone();
+        let fp_bigint: BigInt<6> = self.0.into();
+        // BLS12-381 base field modulus
+        let mut res = BigInt([
+            13402431016077863595,
+            2210141511517208575,
+            7435674573564081700,
+            7239337960414712511,
+            5412103778470702295,
+            1873798617647539866,
+        ]);
+        // Compute modulus - value
+        res.sub_with_borrow(&fp_bigint);
+        let mut bytes = [0u8; 48];
+        res.copy_into_slice(&mut bytes);
+        Fp::from_array(&env, &bytes)
+    }
+}
+
 impl G1Affine {
     pub fn env(&self) -> &Env {
         self.0.env()
@@ -131,6 +230,45 @@ impl Mul<Fr> for G1Affine {
     }
 }
 
+impl Neg for G1Affine {
+    type Output = G1Affine;
+
+    fn neg(self) -> Self::Output {
+        let mut inner: Bytes = self.0.into();
+        let y = Fp::try_from_val(inner.env(), inner.slice(48..).as_val()).unwrap_optimized();
+        let neg_y = -y;
+        inner.copy_from_slice(48, &neg_y.to_array());
+        G1Affine::from_bytes(BytesN::try_from_val(inner.env(), inner.as_val()).unwrap_optimized())
+    }
+}
+
+impl Fp2 {
+    pub fn env(&self) -> &Env {
+        self.0.env()
+    }
+
+    pub fn map_to_g2(&self) -> G2Affine {
+        self.env().crypto().bls12_381().map_fp2_to_g2(self)
+    }
+}
+
+impl Neg for Fp2 {
+    type Output = Fp2;
+
+    fn neg(self) -> Self::Output {
+        let mut inner = self.to_array();
+        let mut slice0 = [0; 48];
+        let mut slice1 = [0; 48];
+        slice0.copy_from_slice(&inner[0..48]);
+        slice1.copy_from_slice(&inner[48..96]);
+        let c0 = -Fp::from_array(self.env(), &slice0);
+        let c1 = -Fp::from_array(self.env(), &slice1);
+        inner[0..48].copy_from_slice(&c0.to_array());
+        inner[48..96].copy_from_slice(&c1.to_array());
+        Fp2::from_array(self.env(), &inner)
+    }
+}
+
 impl G2Affine {
     pub fn env(&self) -> &Env {
         self.0.env()
@@ -161,23 +299,15 @@ impl Mul<Fr> for G2Affine {
     }
 }
 
-impl Fp {
-    pub fn env(&self) -> &Env {
-        self.0.env()
-    }
-
-    pub fn map_to_g1(&self) -> G1Affine {
-        self.env().crypto().bls12_381().map_fp_to_g1(self)
-    }
-}
-
-impl Fp2 {
-    pub fn env(&self) -> &Env {
-        self.0.env()
-    }
+impl Neg for G2Affine {
+    type Output = G2Affine;
 
-    pub fn map_to_g2(&self) -> G2Affine {
-        self.env().crypto().bls12_381().map_fp2_to_g2(self)
+    fn neg(self) -> Self::Output {
+        let mut inner: Bytes = self.0.into();
+        let y = Fp2::try_from_val(inner.env(), inner.slice(96..).as_val()).unwrap_optimized();
+        let neg_y = -y;
+        inner.copy_from_slice(96, &neg_y.to_array());
+        G2Affine::from_bytes(BytesN::try_from_val(inner.env(), inner.as_val()).unwrap_optimized())
     }
 }
 

soroban-sdk/src/tests/crypto_bls12_381.rs

@@ -4,6 +4,68 @@ use crate::{
     vec, Bytes, Env, Vec, U256,
 };
 
+#[test]
+fn test_g1_negation() {
+    let env = Env::default();
+    // Test case 1: Generator point (G1)
+    let g1_generator = G1Affine::from_bytes(bytesn!(&env,
+        0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb08b3f481e3aaa0f1a09e30ed741d8ae4fcf5e095d5d00af600db18cb2c04b3edd03cc744a2888ae40caa232946c5e7e1
+    ));
+    let neg_g1_generator = G1Affine::from_bytes(bytesn!(&env,
+        0x17f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb114d1d6855d545a8aa7d76c8cf2e21f267816aef1db507c96655b9d5caac42364e6f38ba0ecb751bad54dcd6b939c2ca
+    ));
+    assert_eq!(-g1_generator, neg_g1_generator);
+
+    // Test case 2: Identity/infinity point
+    let identity = G1Affine::from_bytes(bytesn!(&env,
+        0x40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    ));
+    assert_eq!(-identity.clone(), identity);
+
+    // Test case 3: Random point
+    let random_point = G1Affine::from_bytes(bytesn!(&env,
+        0x00b2ea3a6c75f43ff24d0a93f4302b4e2cf8f5eb2980eb7bb0f65af703c72c19e293cfe7cd98d3645a5d7c5f467d629213b7a1d9aa5e09c52eb2d5590b3b74ebb42bf3631a022a283dcf4ec73087fce37725ba5d9d483f84f0ea725acc853b4e
+    ));
+    let neg_random_point = G1Affine::from_bytes(bytesn!(&env,
+        0x00b2ea3a6c75f43ff24d0a93f4302b4e2cf8f5eb2980eb7bb0f65af703c72c19e293cfe7cd98d3645a5d7c5f467d6292064970108f21dcd51c68d25d381037ebb04b5821d982e897296183d9c628f940a78645a1140bc07ac9148da5337a6f5d
+    ));
+    assert_eq!(-random_point, neg_random_point);
+}
+
+#[test]
+fn test_g2_negation() {
+    let env = Env::default();
+
+    // Test case 1: Generator point (G2)
+    let g2_generator = G2Affine::from_bytes(bytesn!(&env,
+        0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb80606c4a02ea734cc32acd2b02bc28b99cb3e287e85a763af267492ab572e99ab3f370d275cec1da1aaa9075ff05f79be0ce5d527727d6e118cc9cdc6da2e351aadfd9baa8cbdd3a76d429a695160d12c923ac9cc3baca289e193548608b82801
+    ));
+
+    let neg_g2_generator = G2Affine::from_bytes(bytesn!(&env,
+        0x13e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb813fa4d4a0ad8b1ce186ed5061789213d993923066dddaf1040bc3ff59f825c78df74f2d75467e25e0f55f8a00fa030ed0d1b3cc2c7027888be51d9ef691d77bcb679afda66c73f17f9ee3837a55024f78c71363275a75d75d86bab79f74782aa
+    ));
+
+    assert_eq!(-g2_generator, neg_g2_generator);
+
+    // Test case 2: Identity/infinity point
+    let identity = G2Affine::from_bytes(bytesn!(&env,
+        0x400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+    ));
+
+    assert_eq!(-identity.clone(), identity);
+
+    // Test case 3: Random point
+    let random_point = G2Affine::from_bytes(bytesn!(&env,
+        0x04de7359c488ccf4753d08b99f3fb44de6c4c46b5872c45ddd90a37442dc679591a40ab8ee539b2aa30c333774c71ed01676197052a7a651e5618151d8374fdf4c25ce3f57c06f65b81dbaf0373b67d7be97e7f4f1f87cf71d761ecf04c05b150499bf4cf6242da563d185c2bce880ae59e5f3816b34f70d0a6f30e9ca3064ba179dd4ccda8dd025cb3a2c9628fe0c0b09defb3faaae69a59510cd90badf0b87a82e52a4876837e29466fced187483012c900b4d4a693b2347cab3f9cdd86035
+    ));
+
+    let neg_random_point = G2Affine::from_bytes(bytesn!(&env,
+        0x04de7359c488ccf4753d08b99f3fb44de6c4c46b5872c45ddd90a37442dc679591a40ab8ee539b2aa30c333774c71ed01676197052a7a651e5618151d8374fdf4c25ce3f57c06f65b81dbaf0373b67d7be97e7f4f1f87cf71d761ecf04c05b151567529d435bb8f4e74a21f386632c290a91580388501bb25cc1a1b72c80916a070e2b31d6c62fd9eec4d369d7019ea0102216aa8ed17cf4b60ada25886ca14fbc48f8e06c1cdadcd2c9d5b3de3c7322f21bf4b166eac4dc72344c0632274a76
+    ));
+
+    assert_eq!(-random_point, neg_random_point);
+}
+
 #[test]
 fn test_bls_g1() {
     let env = Env::default();