HaRold HarryR

## zexe_sw6.sage
"""
https://cryptosith.org/michael/data/talks/2013-08-01-SIAMAG13.pdf
https://www.issac-conference.org/2015/Slides/Schost.pdf
http://www.craigcostello.com.au/pairings/PairingsForBeginners.pdf
"""

fresh_compute = False	# Perform expensive-(ish) computations for curve orders

field_modulus = 22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825577
desired_curve_order = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177

## mimc_fp2.py
# Let (L, R) = x, 0
# for i in range(128): (L, R) = (L, R) ** 3 + (k_i1, k_i2) (interpreting the two values as an element of some quadratic field over F_p,
# so the # actual equations are newL = L**3 + 3*q*L*R**2 + k_i1, newR = 3*L**2*R + q*R**3 + k_i2,


from random import randint

q = 21888242871839275222246405745257275088696311157297823662689037894645226208583
q = 199

## bls12_381.sage
field_modulus = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
desired_curve_order = 52435875175126190479447740508185965837690552500527637822603658699938581184513

Fp = GF(field_modulus)

PARAM_A4 = 0
PARAM_A6 = 4

E = EllipticCurve(Fp, [PARAM_A4, PARAM_A6])
E_order = E.order()

## chacharng.hpp
#ifndef CHACHARNG_HPP_
#define CHACHARNG_HPP_

// C++ port of Rust's ChaChaRng
// https://rust-num.github.io/num/src/rand/chacha.rs.html

#include <cstdint>


template<size_t nRounds>

## cocks-pinch-derive-elements.py
D = -3572
k = 6
q = 447231129305840782240237212949663229744995012174421358105320171206333968505891497257173296273883152751267692209531558911549014331037613855148689298263886841953
# log2(q) 527.025659602
t = 678535529027017531887434617617827405828167042133406771522385895475121806814108
r_torsion = 21888242871839275222246405745257275088696311157297823662689037894645226208583
a4 = 42712243339421257868660507567123354675510133075791388004452184727050960820502924907704571467862154994392063936591279133153055638947148552957928421434686670171
a6 = 131738226030767995270565871104903809777878096841386516668655049559644995686736483226876210759529899795643641377453253635430103115971908064841330245626213375876
point_count = 447231129305840782240237212949663229744995012174421358105320171206333968505891496578637767246865620863833074591704153083381972197630842332762793823142080027846
h = point_count // r_torsion

## gen-montops-rust.py
"""
Generates verbose code for montgomery operations
"""

def mont_reduce(fp_bits, limb_bits=64):
    assert fp_bits % limb_bits == 0
    n_limbs = fp_bits // limb_bits
    n_limbs2 = n_limbs * 2
    args = ', '.join([f'{"&mut " if _ != 0 else ""}r{_}: u{limb_bits}' for _ in range(n_limbs2)])
    yield "#[inline]"

## KZG10.py
from typing import List, NamedTuple, Tuple, Union
from math import ceil, log2
from random import randint
from functools import reduce
import operator
from py_ecc import bn128 as curve

"""
Implementation of PolyCommit_{DL} from:

## arbitrary-modulus.py
from math import gcd

p = 21888242871839275222246405745257275088548364400416034343698204186575808495617

primes = [int(_) for _ in """
      2      3      5      7     11     13     17     19     23     29
     31     37     41     43     47     53     59     61     67     71
     73     79     83     89     97    101    103    107    109    113
    127    131    137    139    149    151    157    163    167    173
    179    181    191    193    197    199    211    223    227    229

## ecrecover.json
{
	"linkReferences": {},
	"object": "6060604052341561000f57600080fd5b5b6102338061001f6000396000f300606060405263ffffffff7c0100000000000000000000000000000000000000000000000000000000600035041663eca135cb811461003d575b600080fd5b341561004857600080fd5b61009e60046024813581810190830135806020601f820181900481020160405190810160405281815292919060208401838380828437509496505060ff85351694602081013594506040013592506100a0915050565b005b60006001856040518082805190602001908083835b602083106100d557805182525b601f1990920191602091820191016100b5565b6001836020036101000a038019825116818451161790925250505091909101925060409150505180910390208585856040518060005260200160405260006040516020015260405193845260ff90921660208085019190915260408085019290925260608401929092526080909201915160208103908084039060008661646e5a03f1151561016357600080fd5b50506020604051035190503073ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff161415156101a857600080fd5b3373ffffffffffffffffffffffffffffffffffffffff166108fc3073fffffffffffffffffff

## poseidon.py
#!/usr/bin/env python

"""
Implements the Poseidon permutation:

Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof Systems
 - Lorenzo Grassi, Daniel Kales, Dmitry Khovratovich, Arnab Roy, Christian Rechberger, and Markus Schofnegger
 - https://eprint.iacr.org/2019/458.pdf

Other implementations:
	"""
	https://cryptosith.org/michael/data/talks/2013-08-01-SIAMAG13.pdf
	https://www.issac-conference.org/2015/Slides/Schost.pdf
	http://www.craigcostello.com.au/pairings/PairingsForBeginners.pdf
	"""

	fresh_compute = False # Perform expensive-(ish) computations for curve orders

	field_modulus = 22369874298875696930346742206501054934775599465297184582183496627646774052458024540232479018147881220178054575403841904557897715222633333372134756426301062487682326574958588001132586331462553235407484089304633076250782629492557320825577
	desired_curve_order = 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
	# Let (L, R) = x, 0
	# for i in range(128): (L, R) = (L, R) ** 3 + (k_i1, k_i2) (interpreting the two values as an element of some quadratic field over F_p,
	# so the # actual equations are newL = L*3 + 3qLR*2 + k_i1, newR = 3L*2R + qR*3 + k_i2,


	from random import randint

	q = 21888242871839275222246405745257275088696311157297823662689037894645226208583
	q = 199
	field_modulus = 4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787
	desired_curve_order = 52435875175126190479447740508185965837690552500527637822603658699938581184513

	Fp = GF(field_modulus)

	PARAM_A4 = 0
	PARAM_A6 = 4

	E = EllipticCurve(Fp, [PARAM_A4, PARAM_A6])
	E_order = E.order()
	#ifndef CHACHARNG_HPP_
	#define CHACHARNG_HPP_

	// C++ port of Rust's ChaChaRng
	// https://rust-num.github.io/num/src/rand/chacha.rs.html

	#include <cstdint>


	template<size_t nRounds>
	D = -3572
	k = 6
	q = 447231129305840782240237212949663229744995012174421358105320171206333968505891497257173296273883152751267692209531558911549014331037613855148689298263886841953
	# log2(q) 527.025659602
	t = 678535529027017531887434617617827405828167042133406771522385895475121806814108
	r_torsion = 21888242871839275222246405745257275088696311157297823662689037894645226208583
	a4 = 42712243339421257868660507567123354675510133075791388004452184727050960820502924907704571467862154994392063936591279133153055638947148552957928421434686670171
	a6 = 131738226030767995270565871104903809777878096841386516668655049559644995686736483226876210759529899795643641377453253635430103115971908064841330245626213375876
	point_count = 447231129305840782240237212949663229744995012174421358105320171206333968505891496578637767246865620863833074591704153083381972197630842332762793823142080027846
	h = point_count // r_torsion
	"""
	Generates verbose code for montgomery operations
	"""

	def mont_reduce(fp_bits, limb_bits=64):
	assert fp_bits % limb_bits == 0
	n_limbs = fp_bits // limb_bits
	n_limbs2 = n_limbs * 2
	args = ', '.join([f'{"&mut " if _ != 0 else ""}r{_}: u{limb_bits}' for _ in range(n_limbs2)])
	yield "#[inline]"
	from typing import List, NamedTuple, Tuple, Union
	from math import ceil, log2
	from random import randint
	from functools import reduce
	import operator
	from py_ecc import bn128 as curve

	"""
	Implementation of PolyCommit_{DL} from:
	from math import gcd

	p = 21888242871839275222246405745257275088548364400416034343698204186575808495617

	primes = [int(_) for _ in """
	2 3 5 7 11 13 17 19 23 29
	31 37 41 43 47 53 59 61 67 71
	73 79 83 89 97 101 103 107 109 113
	127 131 137 139 149 151 157 163 167 173
	179 181 191 193 197 199 211 223 227 229
	{
	"linkReferences": {},
	"object": "6060604052341561000f57600080fd5b5b6102338061001f6000396000f300606060405263ffffffff7c0100000000000000000000000000000000000000000000000000000000600035041663eca135cb811461003d575b600080fd5b341561004857600080fd5b61009e60046024813581810190830135806020601f820181900481020160405190810160405281815292919060208401838380828437509496505060ff85351694602081013594506040013592506100a0915050565b005b60006001856040518082805190602001908083835b602083106100d557805182525b601f1990920191602091820191016100b5565b6001836020036101000a038019825116818451161790925250505091909101925060409150505180910390208585856040518060005260200160405260006040516020015260405193845260ff90921660208085019190915260408085019290925260608401929092526080909201915160208103908084039060008661646e5a03f1151561016357600080fd5b50506020604051035190503073ffffffffffffffffffffffffffffffffffffffff168173ffffffffffffffffffffffffffffffffffffffff161415156101a857600080fd5b3373ffffffffffffffffffffffffffffffffffffffff166108fc3073fffffffffffffffffff
	#!/usr/bin/env python

	"""
	Implements the Poseidon permutation:

	Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof Systems
	- Lorenzo Grassi, Daniel Kales, Dmitry Khovratovich, Arnab Roy, Christian Rechberger, and Markus Schofnegger
	- https://eprint.iacr.org/2019/458.pdf

	Other implementations: