arkworks-rs · ineiti · Jan 24, 2025 · Pratyush · Feb 26, 2025 · Pratyush
diff --git a/curves/Cargo.toml b/curves/Cargo.toml
@@ -40,6 +40,8 @@ members = [
 
     "curve25519",
     "ed25519",
+
+    "tom_256",
 ]
 resolver = "2"
 

diff --git a/curves/tom_256/Cargo.toml b/curves/tom_256/Cargo.toml
@@ -0,0 +1,36 @@
+[package]
+name = "ark-tom256"
+version.workspace = true
+authors.workspace = true
+description = "The Tom-256 curve"
+homepage.workspace = true
+repository.workspace = true
+documentation = "https://docs.rs/ark-tom256/"
+keywords.workspace = true
+categories.workspace = true
+include.workspace = true
+license.workspace = true
+edition.workspace = true
+
+[dependencies]
+ark-ff = { workspace = true }
+ark-ec = { workspace = true }
+ark-r1cs-std = { workspace = true, optional = true }
+ark-std = { workspace = true }
+
+[dev-dependencies]
+ark-relations = { workspace = true }
+ark-serialize = { workspace = true }
+ark-algebra-test-templates = { workspace = true }
+ark-algebra-bench-templates = { workspace = true }
+ark-curve-constraint-tests = { path = "../curve-constraint-tests" }
+
+[features]
+default = []
+std = [ "ark-std/std", "ark-ff/std", "ark-ec/std" ]
+r1cs = [ "ark-r1cs-std" ]
+
+[[bench]]
+name = "tom256"
+path = "benches/tom256.rs"
+harness = false
diff --git a/curves/tom_256/LICENSE-APACHE b/curves/tom_256/LICENSE-APACHE
@@ -0,0 +1 @@
+../LICENSE-APACHE
diff --git a/curves/tom_256/LICENSE-MIT b/curves/tom_256/LICENSE-MIT
@@ -0,0 +1 @@
+../LICENSE-MIT
diff --git a/curves/tom_256/benches/tom256.rs b/curves/tom_256/benches/tom256.rs
@@ -0,0 +1,9 @@
+use ark_algebra_bench_templates::*;
+use ark_secp256k1::{fq::Fq, fr::Fr, Projective as G};
+
+bench!(
+    Name = "Secp256k1",
+    Group = G,
+    ScalarField = Fr,
+    PrimeBaseField = Fq,
+);
diff --git a/curves/tom_256/src/constraints/curves.rs b/curves/tom_256/src/constraints/curves.rs
@@ -0,0 +1,10 @@
+use crate::{constraints::FqVar, *};
+use ark_r1cs_std::groups::curves::short_weierstrass::ProjectiveVar;
+
+/// A group element in the secp256k1 curve.
+pub type GVar = ProjectiveVar<Config, FqVar>;
+
+#[test]
+fn test() {
+    ark_curve_constraint_tests::curves::sw_test::<Config, GVar>().unwrap();
+}
diff --git a/curves/tom_256/src/constraints/fields.rs b/curves/tom_256/src/constraints/fields.rs
@@ -0,0 +1,11 @@
+use ark_r1cs_std::fields::fp::FpVar;
+
+use crate::fq::Fq;
+
+/// A variable that is the R1CS equivalent of `crate::Fq`.
+pub type FqVar = FpVar<Fq>;
+
+#[test]
+fn test() {
+    ark_curve_constraint_tests::fields::field_test::<_, _, FqVar>().unwrap();
+}
diff --git a/curves/tom_256/src/constraints/mod.rs b/curves/tom_256/src/constraints/mod.rs
@@ -0,0 +1,7 @@
+//! This module implements the R1CS equivalent of `ark_secp256k1`.
+
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;
diff --git a/curves/tom_256/src/curves/mod.rs b/curves/tom_256/src/curves/mod.rs
@@ -0,0 +1,50 @@
+use ark_ec::{
+    models::CurveConfig,
+    short_weierstrass::{self as sw, SWCurveConfig},
+};
+use ark_ff::{Field, MontFp};
+
+use crate::{fq::Fq, fr::Fr};
+
+#[cfg(test)]
+mod tests;
+
+pub type Affine = sw::Affine<Config>;
+pub type Projective = sw::Projective<Config>;
+
+#[derive(Copy, Clone, Default, PartialEq, Eq)]
+pub struct Config;
+
+impl CurveConfig for Config {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+
+    /// COFACTOR = 1
+    const COFACTOR: &'static [u64] = &[0x1];
+
+    /// COFACTOR_INV = COFACTOR^{-1} mod r = 1
+    #[rustfmt::skip]
+    const COFACTOR_INV: Fr =  Fr::ONE;
+}
+
+impl SWCurveConfig for Config {
+    /// COEFF_A = 115792089210356248762697446949407573530594504085698471288169790229257723883796
+    const COEFF_A: Fq =
+        MontFp!("115792089210356248762697446949407573530594504085698471288169790229257723883796");
+
+    /// COEFF_B = 81531206846337786915455327229510804132577517753388365729879493166393691077718
+    const COEFF_B: Fq =
+        MontFp!("81531206846337786915455327229510804132577517753388365729879493166393691077718");
+
+    /// GENERATOR = (G_GENERATOR_X, G_GENERATOR_Y)
+    const GENERATOR: Affine = Affine::new_unchecked(G_GENERATOR_X, G_GENERATOR_Y);
+}
+
+/// G_GENERATOR_X =
+/// 3
+pub const G_GENERATOR_X: Fq = MontFp!("3");
+
+/// G_GENERATOR_Y =
+/// 40902200210088653215032584946694356296222563095503428277299570638400093548589
+pub const G_GENERATOR_Y: Fq =
+    MontFp!("40902200210088653215032584946694356296222563095503428277299570638400093548589");
diff --git a/curves/tom_256/src/curves/tests.rs b/curves/tom_256/src/curves/tests.rs
@@ -0,0 +1,4 @@
+use crate::Projective;
+use ark_algebra_test_templates::*;
+
+test_group!(g1; Projective; sw);
diff --git a/curves/tom_256/src/fields/fq.rs b/curves/tom_256/src/fields/fq.rs
@@ -0,0 +1,9 @@
+use ark_ff::fields::{Fp256, MontBackend, MontConfig};
+
+#[derive(MontConfig)]
+#[modulus = "115792089210356248762697446949407573530594504085698471288169790229257723883799"]
+#[generator = "6"]
+// #[small_subgroup_base = "3"]
+// #[small_subgroup_power = "1"]
-// #[small_subgroup_base = "3"]
-// #[small_subgroup_power = "1"]
-// #[small_subgroup_base = "3"]
-// #[small_subgroup_power = "1"]
+pub struct FqConfig;
+pub type Fq = Fp256<MontBackend<FqConfig, 4>>;
diff --git a/curves/tom_256/src/fields/fr.rs b/curves/tom_256/src/fields/fr.rs
@@ -0,0 +1,9 @@
+use ark_ff::fields::{Fp256, MontBackend, MontConfig};
+
+#[derive(MontConfig)]
+#[modulus = "115792089210356248762697446949407573530086143415290314195533631308867097853951"]
+#[generator = "6"]
+// #[small_subgroup_base = "3"]
+// #[small_subgroup_power = "1"]
-// #[small_subgroup_base = "3"]
-// #[small_subgroup_power = "1"]
-// #[small_subgroup_base = "3"]
-// #[small_subgroup_power = "1"]
+pub struct FrConfig;
+pub type Fr = Fp256<MontBackend<FrConfig, 4>>;
diff --git a/curves/tom_256/src/fields/mod.rs b/curves/tom_256/src/fields/mod.rs
@@ -0,0 +1,8 @@
+pub mod fq;
+pub use self::fq::*;
+
+pub mod fr;
+pub use self::fr::*;
+
+#[cfg(test)]
+mod tests;
diff --git a/curves/tom_256/src/fields/tests.rs b/curves/tom_256/src/fields/tests.rs
@@ -0,0 +1,5 @@
+use crate::{Fq, Fr};
+use ark_algebra_test_templates::*;
+
+test_field!(fr; Fr; mont_prime_field);
+test_field!(fq; Fq; mont_prime_field);
diff --git a/curves/tom_256/src/lib.rs b/curves/tom_256/src/lib.rs
@@ -0,0 +1,40 @@
+#![cfg_attr(not(feature = "std"), no_std)]
+#![deny(
+    warnings,
+    unused,
+    future_incompatible,
+    nonstandard_style,
+    rust_2018_idioms
+)]
+#![forbid(unsafe_code)]
+
+//! This library implements the tom256 curve and is a copy of the secp256k1 implementation.
+//! Parameters source: <https://neuromancer.sk/std/other/Tom-256#>
+//! Paper: <https://eprint.iacr.org/2021/1183>
+//!
+//! Curve information - in parantheses names from neuromancer.sk:
+//! * Base field: q (p) =
+//!   secp: 115792089237316195423570985008687907852837564279074904382605163141518161494337
+//!   115792089210356248762697446949407573530594504085698471288169790229257723883799
+//! * Scalar field: r (n) =
+//!   secp: 115792089237316195423570985008687907853269984665640564039457584007908834671663
+//!   115792089210356248762697446949407573530086143415290314195533631308867097853951
+//! * Curve equation a (a) =
+//!   secp: 0
+//!   115792089210356248762697446949407573530594504085698471288169790229257723883796
+//! * Curve equation b (b) =
+//!   secp: 7
+//!   81531206846337786915455327229510804132577517753388365729879493166393691077718
+//! * Base point G =
+//!   secp: (55066263022277343669578718895168534326250603453777594175500187360389116729240,
+//!          32670510020758816978083085130507043184471273380659243275938904335757337482424)
+//!   (3, 40902200210088653215032584946694356296222563095503428277299570638400093548589)
+//! * Curve equation: y^2 = x^3 + ax + b
+
+#[cfg(feature = "r1cs")]
+pub mod constraints;
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;