Skip to content

Commit

Permalink
Merge pull request #1443 from AztecProtocol/jcf/merge-testnet-into-2.1
Browse files Browse the repository at this point in the history
Jcf/merge testnet into 2.1
  • Loading branch information
joss-aztec authored Sep 16, 2022
2 parents f48b496 + c255203 commit f3982b8
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,12 @@ void generate_pippenger_point_table(g1::affine_element* points, g1::affine_eleme
*`true`.
*
* At the end of `compute_wnaf_states`, `state.wnaf_table` will contain our wnaf entries, but unsorted.
*
* @param point_schedule Pointer to the output array with all WNAFs
* @param input_skew_table Pointer to the output array with all skews
* @param round_counts The number of points in each round
* @param scalars The pointer to the region with initial scalars that need to be converted into WNAF
* @param num_initial_points The number of points before the endomorphism split
**/
void compute_wnaf_states(uint64_t* point_schedule,
bool* input_skew_table,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -473,7 +473,7 @@ TEST(scalar_multiplication, construct_addition_chains)
memset((void*)bucket_counts, 0x00, max_num_buckets * sizeof(uint32_t));
std::array<uint32_t, 22> bit_offsets = { 0 };
const size_t first_bucket = state.point_schedule[0] & 0x7fffffffULL;
const size_t last_bucket = state.point_schedule[num_points - 1] & 0x7fffffffULL;
const size_t last_bucket = state.point_schedule[state.round_counts[0] - 1] & 0x7fffffffULL;
const size_t num_buckets = last_bucket - first_bucket + 1;

scalar_multiplication::affine_product_runtime_state product_state{ monomials,
Expand Down
27 changes: 27 additions & 0 deletions src/aztec/ecc/groups/wnaf.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,15 @@ inline uint64_t get_num_scalar_bits(const uint64_t* scalar)
* output as our circuit logic cannot accomodate this edge case).
*
* Credits: Zac W.
*
* @param scalar Pointer to the 128-bit non-montgomery scalar that is supposed to be transformed into wnaf
* @param wnaf Pointer to output array that needs to accomodate enough 64-bit WNAF entries
* @param skew_map Reference to output skew value, which if true shows that the point should be added once at the end of
* computation
* @param wnaf_round_counts Pointer to output array specifying the number of points participating in each round
* @param point_index The index of the point that should be multiplied by this scalar in the point array
* @param num_points Total points in the MSM (2*num_initial_points)
*
*/
inline void fixed_wnaf_with_counts(const uint64_t* scalar,
uint64_t* wnaf,
Expand Down Expand Up @@ -273,15 +282,30 @@ inline void fixed_wnaf_with_counts(const uint64_t* scalar,
return;
}

// If there are several windows
for (size_t round_i = 1; round_i < wnaf_entries - 1; ++round_i) {

// Get a bit slice
uint64_t slice = get_wnaf_bits(scalar, wnaf_bits, round_i * wnaf_bits);

// Get the predicate (last bit is zero)
uint64_t predicate = ((slice & 1UL) == 0UL);

// Update round count
++wnaf_round_counts[max_wnaf_entries - round_i];

// Calculate entry value
// If the last bit of current slice is 1, we simply put the previous value with the point index
// If the last bit of the current slice is 0, we negate everything, so that we subtract from the WNAF form and
// make it 0
wnaf[(max_wnaf_entries - round_i) * num_points] =
((((previous - (predicate << (wnaf_bits /*+ 1*/))) ^ (0UL - predicate)) >> 1UL) | (predicate << 31UL)) |
(point_index);

// Update the previous value to the next windows
previous = slice + predicate;
}
// The final iteration for top bits
size_t final_bits = static_cast<size_t>(current_scalar_bits - (wnaf_bits * (wnaf_entries - 1)));
uint64_t slice = get_wnaf_bits(scalar, final_bits, (wnaf_entries - 1) * wnaf_bits);
uint64_t predicate = ((slice & 1UL) == 0UL);
Expand All @@ -290,9 +314,12 @@ inline void fixed_wnaf_with_counts(const uint64_t* scalar,
wnaf[((max_wnaf_entries - wnaf_entries + 1) * num_points)] =
((((previous - (predicate << (wnaf_bits /*+ 1*/))) ^ (0UL - predicate)) >> 1UL) | (predicate << 31UL)) |
(point_index);

// Saving top bits
++wnaf_round_counts[max_wnaf_entries - wnaf_entries];
wnaf[(max_wnaf_entries - wnaf_entries) * num_points] = ((slice + predicate) >> 1UL) | (point_index);

// Fill all unused slots with -1
for (size_t j = wnaf_entries; j < max_wnaf_entries; ++j) {
wnaf[(max_wnaf_entries - 1 - j) * num_points] = 0xffffffffffffffffULL;
}
Expand Down

0 comments on commit f3982b8

Please sign in to comment.