From 86c800bcc7a2fa1bed01c98c85fcf43e1334fa89 Mon Sep 17 00:00:00 2001 From: Tristan Britt Date: Fri, 16 Aug 2024 13:29:31 -0700 Subject: [PATCH] [wip] cleanup dead code --- src/fields/extensions.rs | 5 ++- src/fields/fp.rs | 53 ++++++++++-------------------- src/fields/fp12.rs | 32 +++++++++--------- src/fields/fp2.rs | 71 +++++++++++++++++++++++----------------- src/fields/fp6.rs | 40 +++++----------------- src/fields/utils.rs | 6 ++-- src/groups/g1.rs | 12 +++---- src/groups/g2.rs | 5 ++- src/groups/group.rs | 6 ++-- src/groups/gt.rs | 4 +-- src/groups/mod.rs | 6 +--- src/hasher.rs | 27 ++++++--------- src/lib.rs | 1 + src/pairing.rs | 14 ++++---- src/svdw.rs | 8 ++--- 15 files changed, 123 insertions(+), 167 deletions(-) diff --git a/src/fields/extensions.rs b/src/fields/extensions.rs index 08790d9..19117a3 100644 --- a/src/fields/extensions.rs +++ b/src/fields/extensions.rs @@ -30,12 +30,11 @@ impl> From Self::new(&retval) } } -#[allow(dead_code)] impl> FieldExtension { - pub(crate) const fn new(c: &[F; N]) -> Self { + pub const fn new(c: &[F; N]) -> Self { Self(*c) } - pub(crate) fn scale(&self, factor: F) -> Self { + pub fn scale(&self, factor: F) -> Self { let mut i = 0; let mut retval = [F::zero(); N]; while i < N { diff --git a/src/fields/fp.rs b/src/fields/fp.rs index c344567..7f096f1 100644 --- a/src/fields/fp.rs +++ b/src/fields/fp.rs @@ -43,6 +43,12 @@ use num_traits::{Euclid, Inv, One, Pow, Zero}; use std::ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Rem, Sub, SubAssign}; use subtle::CtOption; +pub(crate) const BN254_FP_MODULUS: Fp = Fp::new(U256::from_words([ + 0x3C208C16D87CFD47, + 0x97816A916871CA8D, + 0xB85045B68181585D, + 0x30644E72E131A029, +])); /// This defines the key properties of a field extension. Now, mathematically, /// a finite field satisfies many rigorous mathematical properties. The /// (non-exhaustive) list below simply suffices to illustrate those properties @@ -74,15 +80,12 @@ pub(crate) trait FieldExtensionTrait: // heavily such a value below fn quadratic_non_residue() -> Self; // this endomorphism is key for twist operations - #[allow(dead_code)] fn frobenius(&self, exponent: usize) -> Self; // specialized algorithms exist in each extension // for sqrt and square, simply helper functions really - #[allow(dead_code)] fn sqrt(&self) -> CtOption; fn square(&self) -> Self; - #[allow(dead_code)] fn rand(rng: &mut R) -> Self; fn is_square(&self) -> Choice; @@ -91,7 +94,7 @@ pub(crate) trait FieldExtensionTrait: fn curve_constant() -> Self; } -pub(crate) trait FinitePrimeField: +pub trait FinitePrimeField: FieldExtensionTrait + Rem + Euclid + Pow + From where UintType: ConcatMixed>, @@ -115,18 +118,18 @@ macro_rules! define_finite_prime_field { //special struct for const-time arithmetic on montgomery form integers mod p type $output = crypto_bigint::modular::ConstMontyForm<$mod_struct, { $mod_struct::LIMBS }>; #[derive(Clone, Debug, Copy)] //to be used in const contexts - pub(crate) struct $wrapper_name($mod_struct, $output); - #[allow(dead_code)] + pub struct $wrapper_name($mod_struct, $output); + impl FinitePrimeField<$limbs, $uint_type, $degree, $nreps> for $wrapper_name {} - #[allow(dead_code)] + impl $wrapper_name { // builder structure to create elements in the base field of a given value - pub(crate) const fn new(value: $uint_type) -> Self { + pub const fn new(value: $uint_type) -> Self { Self($mod_struct, $output::new(&value)) } - #[allow(dead_code)] // this is indeed used in the test cases, which are ignored by + // this is indeed used in the test cases, which are ignored by // the linter - pub(crate) fn new_from_str(value: &str) -> Option { + pub fn new_from_str(value: &str) -> Option { let ints: Vec<_> = { let mut acc = Self::zero(); (0..11) @@ -150,10 +153,10 @@ macro_rules! define_finite_prime_field { Some(res) } // take the element and convert it to "normal" form from montgomery form - pub(crate) const fn value(&self) -> $uint_type { + pub const fn value(&self) -> $uint_type { self.1.retrieve() } - pub(crate) fn characteristic() -> $uint_type { + pub fn characteristic() -> $uint_type { <$uint_type>::from($mod_struct::MODULUS.as_nz_ref().get()) } pub const ZERO: Self = Self::new(<$uint_type>::from_words([0x0; 4])); @@ -170,12 +173,7 @@ macro_rules! define_finite_prime_field { fn quadratic_non_residue() -> Self { //this is p - 1 mod p = -1 mod p = 0 - 1 mod p // = -1 - Self::new(U256::from_words([ - 4332616871279656262, - 10917124144477883021, - 13281191951274694749, - 3486998266802970665, - ])) + Self::new((-Self::ONE).1.retrieve()) } fn frobenius(&self, _exponent: usize) -> Self { Self::zero() @@ -483,25 +481,10 @@ impl FieldExtensionTrait<2, 2> for Fp { #[cfg(test)] mod tests { use super::*; - const MODULUS: [u64; 4] = [ - 0x3C208C16D87CFD47, - 0x97816A916871CA8D, - 0xB85045B68181585D, - 0x30644E72E131A029, - ]; fn create_field(value: [u64; 4]) -> Fp { Fp::new(U256::from_words(value)) } - mod test_modulus_conversion { - use super::*; - #[test] - fn test_modulus() { - for i in U256::from_be_hex(BN254_MOD_STRING).as_limbs() { - println!("{:X}", i.0); - } - } - } mod addition_tests { use super::*; @@ -545,7 +528,7 @@ mod tests { ); // Addition that wraps around the modulus - let e = create_field(MODULUS); + let e = BN254_FP_MODULUS; let f = create_field([1, 0, 0, 0]); assert_eq!( (e + f).value(), @@ -633,7 +616,7 @@ mod tests { ); // Subtraction resulting in zero - let g = create_field(MODULUS); + let g = BN254_FP_MODULUS; assert_eq!( (g - g).value(), U256::from_words([0, 0, 0, 0]), diff --git a/src/fields/fp12.rs b/src/fields/fp12.rs index 306e344..2ce681b 100644 --- a/src/fields/fp12.rs +++ b/src/fields/fp12.rs @@ -14,8 +14,7 @@ use crate::fields::extensions::FieldExtension; use crate::fields::fp::{FieldExtensionTrait, Fp}; use crate::fields::fp2::Fp2; use crate::fields::fp6::Fp6; -use crate::fields::utils::u256_to_u4096; -use crypto_bigint::{rand_core::CryptoRngCore, subtle::ConditionallySelectable, U256, U4096}; +use crypto_bigint::{rand_core::CryptoRngCore, subtle::ConditionallySelectable, U256}; use num_traits::{Inv, One, Zero}; use std::ops::{Div, DivAssign, Mul, MulAssign}; use subtle::{Choice, CtOption}; @@ -163,26 +162,27 @@ const FROBENIUS_COEFF_FP12_C1: &[Fp2; 12] = &[ ])), ]), ]; -pub(crate) type Fp12 = FieldExtension<12, 2, Fp6>; +const FP12_QUADRATIC_NON_RESIDUE: Fp12 = Fp12::new(&[ + Fp6::new(&[ + Fp2::new(&[Fp::ZERO, Fp::ZERO]), + Fp2::new(&[Fp::ZERO, Fp::ZERO]), + Fp2::new(&[Fp::ZERO, Fp::ZERO]), + ]), + Fp6::new(&[ + Fp2::new(&[Fp::ONE, Fp::ZERO]), + Fp2::new(&[Fp::ZERO, Fp::ZERO]), + Fp2::new(&[Fp::ZERO, Fp::ZERO]), + ]), +]); -impl Fp12 { - // we have no need to define a residue multiplication since this - // is the top of our tower extension - #[allow(dead_code)] - fn characteristic() -> U4096 { - let wide_p = u256_to_u4096(&Fp::characteristic()); - let wide_p2 = wide_p * wide_p; - let wide_p6 = wide_p2 * wide_p2 * wide_p2; - wide_p6 * wide_p6 - } -} +pub(crate) type Fp12 = FieldExtension<12, 2, Fp6>; impl FieldExtensionTrait<12, 2> for Fp12 { fn quadratic_non_residue() -> Self { - Self::new(&[Fp6::zero(), Fp6::one()]) + // Self::new(&[Fp6::zero(), Fp6::one()]) + FP12_QUADRATIC_NON_RESIDUE } fn frobenius(&self, exponent: usize) -> Self { - // TODO: integrate generic D into struct to not hardcode degrees Self::new(&[ >::frobenius(&self.0[0], exponent), >::frobenius(&self.0[1], exponent) diff --git a/src/fields/fp2.rs b/src/fields/fp2.rs index 032ed36..e133574 100644 --- a/src/fields/fp2.rs +++ b/src/fields/fp2.rs @@ -3,8 +3,7 @@ //! that elements of this field are represented as a_0 + a_1*X. This implements //! the specific behaviour for this extension, such as multiplication. use crate::fields::extensions::FieldExtension; -use crate::fields::fp::{FieldExtensionTrait, Fp}; -use crate::fields::utils::u256_to_u512; +use crate::fields::fp::{FieldExtensionTrait, Fp, BN254_FP_MODULUS}; use crypto_bigint::{rand_core::CryptoRngCore, subtle::ConditionallySelectable, U256, U512}; use num_traits::{Inv, One, Pow, Zero}; use std::ops::{Div, DivAssign, Mul, MulAssign}; @@ -17,23 +16,45 @@ pub(crate) const TWO_INV: Fp = Fp::new(U256::from_words([ 15863968012492123182, 1743499133401485332, ])); + +// (BN254_FP_MODULUS - Fp::THREE)/Fp::FOUR +const P_MINUS_3_OVER_4: Fp = Fp::new(U256::from_words([ + 5694840236247301969, + 7340967054546858659, + 7931984006246061591, + 871749566700742666, +])); +// (BN254_FP_MODULUS - Fp::ONE)/Fp::TWO +const P_MINUS_1_OVER_2: Fp = Fp::new(U256::from_words([ + 11389680472494603939, + 14681934109093717318, + 15863968012492123182, + 1743499133401485332, +])); +const FP2_TWIST_CURVE_CONSTANT: Fp2 = Fp2::new(&[ + Fp::new(U256::from_words([ + 3632125457679333605, + 13093307605518643107, + 9348936922344483523, + 3104278944836790958, + ])), + Fp::new(U256::from_words([ + 16474938222586303954, + 12056031220135172178, + 14784384838321896948, + 42524369107353300, + ])), +]); pub(crate) type Fp2 = FieldExtension<2, 2, Fp>; // there are some specific things that must be defined as // helper functions for us on this specific extension, but // don't generalize to any extension. impl Fp2 { - // variable runtime with respect to the input argument, - // aka the size of the argument to the exponentiation. - // the naming convention makes it explicit to us that - // this should be used only in scenarios where we know - // precisely what we're doing to not expose vectors - // for side channel attacks in our api. - // the below is not exposed publicly - #[allow(dead_code)] - pub(crate) fn pow_vartime(&self, by: &[u64]) -> Self { + pub(crate) fn pow(&self, by: &Fp) -> Self { + let bits = by.value().to_words(); let mut res = Self::one(); - for e in by.iter().rev() { + for e in bits.iter().rev() { for i in (0..64).rev() { res = res * res; if ((*e >> i) & 1) == 1 { @@ -43,13 +64,7 @@ impl Fp2 { } res } - // type casting must be done on case-by-case basis - #[allow(dead_code)] - fn characteristic() -> U512 { - let wide_p = u256_to_u512(&Fp::characteristic()); - wide_p * wide_p - } - + pub(crate) fn residue_mul(&self) -> Self { *self * FP2_QUADRATIC_NON_RESIDUE } @@ -74,13 +89,10 @@ impl FieldExtensionTrait<2, 2> for Fp2 { } } fn sqrt(&self) -> CtOption { - let p_minus_3_over_4 = ((Fp::new(Fp::characteristic()) - Fp::THREE) / Fp::FOUR).value(); - let p_minus_1_over_2 = ((Fp::new(Fp::characteristic()) - Fp::ONE) / Fp::TWO).value(); - let p = Fp::characteristic(); - let a1 = self.pow_vartime(&p_minus_3_over_4.to_words()); + let a1 = self.pow(&P_MINUS_3_OVER_4); let alpha = a1 * a1 * (*self); - let a0 = alpha.pow_vartime(&p.to_words()); + let a0 = alpha.pow(&BN254_FP_MODULUS); if a0 == -Fp2::one() { return CtOption::new(Fp2::zero(), Choice::from(0u8)); } @@ -93,7 +105,7 @@ impl FieldExtensionTrait<2, 2> for Fp2 { >::square(&sqrt).ct_eq(self), ) } else { - let b = (alpha + Fp2::one()).pow_vartime(&p_minus_1_over_2.to_words()); + let b = (alpha + Fp2::one()).pow(&P_MINUS_1_OVER_2); let sqrt = b * a1 * (*self); CtOption::new( sqrt, @@ -119,8 +131,7 @@ impl FieldExtensionTrait<2, 2> for Fp2 { } fn is_square(&self) -> Choice { let legendre = |x: &Fp| -> i32 { - let exp = ((Fp::new(Fp::characteristic()) - Fp::ONE) / Fp::from(2)).value(); - let res = x.pow(exp); + let res = x.pow(P_MINUS_1_OVER_2.value()); if res.is_one() { 1 @@ -144,7 +155,8 @@ impl FieldExtensionTrait<2, 2> for Fp2 { fn curve_constant() -> Self { // this is the curve constant for the twist curve in Fp2. In short Weierstrass form the // curve over the twist is $y'^2 = x'^3 + b$, where $b=3/(9+u)$, which is the below. - Self::from(3) / FP2_QUADRATIC_NON_RESIDUE + // Self::THREE / FP2_QUADRATIC_NON_RESIDUE + FP2_TWIST_CURVE_CONSTANT } } @@ -156,7 +168,6 @@ impl Mul for Fp2 { // multiplication. // See https://eprint.iacr.org/2006/471.pdf, Sec 3 // We create the addition chain from Algo 1 of https://eprint.iacr.org/2022/367.pdf - // TODO: Implement optimized squaring algorithm in base field? let t0 = self.0[0] * other.0[0]; let t1 = self.0[1] * other.0[1]; @@ -424,7 +435,7 @@ mod tests { let q = FP2_QUADRATIC_NON_RESIDUE; let a1 = (Fp::new(Fp::characteristic()) - Fp::from(1)) / Fp::from(3); - let c1_1 = q.pow_vartime(&a1.value().to_words()); + let c1_1 = q.pow(&a1); let c1_1_real = create_field_extension( [ 0x99e39557176f553d, diff --git a/src/fields/fp6.rs b/src/fields/fp6.rs index 7dd7f3c..51acf85 100644 --- a/src/fields/fp6.rs +++ b/src/fields/fp6.rs @@ -5,8 +5,7 @@ use crate::fields::extensions::FieldExtension; use crate::fields::fp::{FieldExtensionTrait, Fp}; use crate::fields::fp2::Fp2; -use crate::fields::utils::u256_to_u2048; -use crypto_bigint::{rand_core::CryptoRngCore, subtle::ConditionallySelectable, U2048, U256}; +use crypto_bigint::{rand_core::CryptoRngCore, subtle::ConditionallySelectable, U256}; use num_traits::{Inv, One, Zero}; use std::ops::{Div, DivAssign, Mul, MulAssign}; use subtle::{Choice, CtOption}; @@ -166,24 +165,23 @@ const FROBENIUS_COEFF_FP6_C2: &[Fp2; 6] = &[ ])), ]), ]; +const FP6_QUADRATIC_NON_RESIDUE: Fp6 = Fp6::new(&[ + Fp2::new(&[Fp::ZERO, Fp::ZERO]), + Fp2::new(&[Fp::ONE, Fp::ZERO]), + Fp2::new(&[Fp::ZERO, Fp::ZERO]), +]); + pub(crate) type Fp6 = FieldExtension<6, 3, Fp2>; impl Fp6 { - #[allow(dead_code)] pub(crate) fn residue_mul(&self) -> Self { Self([self.0[2].residue_mul(), self.0[0], self.0[1]]) } - // mainly for debug formatting - #[allow(dead_code)] - fn characteristic() -> U2048 { - let wide_p = u256_to_u2048(&Fp::characteristic()); - let wide_p2 = wide_p * wide_p; - wide_p2 * wide_p2 * wide_p2 - } } impl FieldExtensionTrait<6, 3> for Fp6 { fn quadratic_non_residue() -> Self { - Self::new(&[Fp2::zero(), Fp2::one(), Fp2::zero()]) + // Self::new(&[Fp2::zero(), Fp2::one(), Fp2::zero()]) + FP6_QUADRATIC_NON_RESIDUE } fn frobenius(&self, exponent: usize) -> Self { Self::new(&[ @@ -356,26 +354,6 @@ mod tests { Fp2::new(&[create_field(v5), create_field(v6)]), ]) } - - mod residue_tests { - use super::*; - #[test] - fn test_residue() { - let q1 = >::quadratic_non_residue(); - let q2 = >::quadratic_non_residue(); - let q3 = >::quadratic_non_residue(); - println!("{:?}\n", q1.value()); - for i in q2.0 { - println!("{:?}", i.value()); - } - println!("\n"); - for j in q3.0 { - for k in j.0 { - println!("{:?} ", k.value()); - } - } - } - } mod addition_tests { use super::*; diff --git a/src/fields/utils.rs b/src/fields/utils.rs index d5fca9c..3c9aacd 100644 --- a/src/fields/utils.rs +++ b/src/fields/utils.rs @@ -11,15 +11,15 @@ pub(crate) fn to_larger_uint(smaller_bytes: &[u8 pub(crate) fn u256_to_u512(u256: &U256) -> U512 { U512::from_be_bytes(to_larger_uint::<32, 64>(&u256.to_be_bytes())) } -#[allow(dead_code)] + pub(crate) fn u256_to_u1024(u256: &U256) -> U1024 { U1024::from_be_bytes(to_larger_uint::<32, 128>(&u256.to_be_bytes())) } -#[allow(dead_code)] + pub(crate) fn u256_to_u2048(u256: &U256) -> U2048 { U2048::from_be_bytes(to_larger_uint::<32, 256>(&u256.to_be_bytes())) } -#[allow(dead_code)] + pub(crate) fn u256_to_u4096(u256: &U256) -> U4096 { U4096::from_be_bytes(to_larger_uint::<32, 512>(&u256.to_be_bytes())) } diff --git a/src/groups/g1.rs b/src/groups/g1.rs index 4281818..a5b3183 100644 --- a/src/groups/g1.rs +++ b/src/groups/g1.rs @@ -18,9 +18,9 @@ use crypto_bigint::rand_core::CryptoRngCore; use num_traits::Zero; use subtle::{Choice, ConstantTimeEq}; -#[allow(dead_code)] + pub(crate) type G1Affine = GroupAffine<1, 1, Fp>; -#[allow(dead_code)] + pub(crate) type G1Projective = GroupProjective<1, 1, Fp>; impl GroupTrait<1, 1, Fp> for G1Affine { @@ -68,7 +68,7 @@ impl GroupTrait<1, 1, Fp> for G1Affine { } } } -#[allow(dead_code)] + impl G1Affine { /// this needs to be defined in order to have user interaction, but currently /// is only visible in tests, and therefore is seen by the linter as unused @@ -78,7 +78,6 @@ impl G1Affine { let x2 = >::square(x); let lhs = y2 - (x2 * (*x)); let rhs = >::curve_constant(); - // println!("{:?}, {:?}", lhs, rhs); lhs.ct_eq(&rhs) | *z }; @@ -89,7 +88,6 @@ impl G1Affine { let is_on_curve: Choice = _g1affine_is_on_curve(&v[0], &v[1], &Choice::from(0u8)); match bool::from(is_on_curve) { true => { - // println!("Is on curve!"); let is_in_torsion: Choice = _g1affine_is_torsion_free(&v[0], &v[1], &Choice::from(0u8)); match bool::from(is_in_torsion) { @@ -161,7 +159,7 @@ impl GroupTrait<1, 1, Fp> for G1Projective { } } impl G1Projective { - #[allow(dead_code)] + pub(crate) fn new(v: [Fp; 3]) -> Result { let _g1projective_is_on_curve = |x: &Fp, y: &Fp, z: &Fp| -> Choice { let y2 = >::square(y); @@ -169,7 +167,6 @@ impl G1Projective { let z2 = >::square(z); let lhs = y2 * (*z); let rhs = x2 * (*x) + z2 * (*z) * >::curve_constant(); - // println!("{:?}, {:?}", lhs.value(), rhs.value()); lhs.ct_eq(&rhs) | Choice::from(z.is_zero() as u8) }; let _g1projective_is_torsion_free = @@ -177,7 +174,6 @@ impl G1Projective { let is_on_curve: Choice = _g1projective_is_on_curve(&v[0], &v[1], &v[2]); match bool::from(is_on_curve) { true => { - // println!("Is on curve!"); let is_in_torsion: Choice = _g1projective_is_torsion_free(&v[0], &v[1], &v[2]); match bool::from(is_in_torsion) { true => Ok(Self { diff --git a/src/groups/g2.rs b/src/groups/g2.rs index 84f104f..79b6f6c 100644 --- a/src/groups/g2.rs +++ b/src/groups/g2.rs @@ -92,9 +92,9 @@ const C2: Fp = Fp::new(U256::from_words([ ])); // the parameter that generates this member of the BN family pub(crate) const BLS_X: Fp = Fp::new(U256::from_words([4965661367192848881, 0, 0, 0])); -#[allow(dead_code)] + pub(crate) type G2Affine = GroupAffine<2, 2, Fp2>; -#[allow(dead_code)] + pub(crate) type G2Projective = GroupProjective<2, 2, Fp2>; impl GroupTrait<2, 2, Fp2> for G2Affine { @@ -267,7 +267,6 @@ impl G2Projective { let z2 = >::square(z); let lhs = y2 * (*z); let rhs = x2 * (*x) + z2 * (*z) * >::curve_constant(); - // println!("{:?}, {:?}", lhs.value(), rhs.value()); lhs.ct_eq(&rhs) | Choice::from(z.is_zero() as u8) }; // This method is where the magic happens. In a naïve approach, in order to check for diff --git a/src/groups/group.rs b/src/groups/group.rs index d898f11..27c9352 100644 --- a/src/groups/group.rs +++ b/src/groups/group.rs @@ -42,7 +42,7 @@ pub(crate) enum GroupError { /// without addition, which is very specific to the choice of affine, // projective, or mixed addition, and therefore cannot be defined for all instances satisfying // a group trait -#[allow(dead_code)] + pub(crate) trait GroupTrait>: Sized + Copy + Clone + std::fmt::Debug + Neg + ConstantTimeEq + ConditionallySelectable + PartialEq { @@ -144,7 +144,7 @@ impl> GroupAffine bool { bool::from(self.infinity) } @@ -177,7 +177,7 @@ impl> GroupProjecti z: F::zero(), } } - #[allow(dead_code)] + pub(crate) fn is_zero(&self) -> bool { self.z.is_zero() } diff --git a/src/groups/gt.rs b/src/groups/gt.rs index bc56cda..d6c0658 100644 --- a/src/groups/gt.rs +++ b/src/groups/gt.rs @@ -226,12 +226,12 @@ impl GroupTrait<12, 2, Fp12> for Gt { } impl Gt { /// Returns the group identity, which is $1$. - pub fn identity() -> Gt { + pub(crate) fn identity() -> Gt { Gt(Fp12::one()) } /// Doubles this group element. - pub fn double(&self) -> Gt { + pub(crate) fn double(&self) -> Gt { Gt(self.0.square()) } } diff --git a/src/groups/mod.rs b/src/groups/mod.rs index 7210892..6d2bf40 100644 --- a/src/groups/mod.rs +++ b/src/groups/mod.rs @@ -316,8 +316,6 @@ mod tests { d = d + G1Projective::generator(); } assert_eq!(j, d, "Generator multiplication not valid"); - let c2 = >::quadratic_non_residue(); - println!("{:?}", c2.value().to_words()); } } mod addition_tests { @@ -437,9 +435,7 @@ mod tests { #[test] fn test_closure() { let expander = XMDExpander::::new(DST, K); - if let Ok(d) = G1Projective::hash_to_curve(&expander, MSG) { - println!("{:?}", d) - } + if let Ok(_d) = G1Projective::hash_to_curve(&expander, MSG) {} } #[test] diff --git a/src/hasher.rs b/src/hasher.rs index 1d07184..727da3d 100644 --- a/src/hasher.rs +++ b/src/hasher.rs @@ -14,16 +14,6 @@ pub(crate) enum HashError { ExpandMessage, ConvertInt, } -#[allow(dead_code)] -fn to_hex(bytes: &[u8]) -> String { - // A simple utility function to convert a byte array into a big endian hex string - bytes - .iter() - .fold(String::with_capacity(bytes.len() * 2), |mut acc, &b| { - acc.push_str(&format!("{:02x}", b)); - acc - }) -} fn i2osp(val: u64, length: usize) -> Result, HashError> { // this is an integer to octet representation of the given length @@ -75,7 +65,6 @@ pub(crate) struct XMDExpander { } impl XMDExpander { - #[allow(dead_code)] pub(crate) fn new(dst: &[u8], security_param: u64) -> Self { let dst_prime = if dst.len() > 255 { let mut hasher = D::default(); @@ -154,7 +143,6 @@ struct XOFExpander { } impl XOFExpander { - #[allow(dead_code)] fn new(dst: &[u8], security_param: u64) -> Self { let dst_prime = if dst.len() > 255 { let mut hasher = D::default(); @@ -192,6 +180,15 @@ mod tests { use super::*; use std::collections::HashMap; use std::sync::OnceLock; + fn to_hex(bytes: &[u8]) -> String { + // A simple utility function to convert a byte array into a big endian hex string + bytes + .iter() + .fold(String::with_capacity(bytes.len() * 2), |mut acc, &b| { + acc.push_str(&format!("{:02x}", b)); + acc + }) + } fn short_xof_hashmap() -> &'static HashMap<&'static str, &'static str> { static HASHMAP: OnceLock> = OnceLock::new(); HASHMAP.get_or_init(|| { @@ -298,12 +295,8 @@ mod tests { "Conversion for short XMD failed" ); let res = expander.hash_to_field(msg.as_bytes(), 2, 48).expect( - "Short XMD failed to \ - cast to field", + "Short XMD failed to cast to field" ); - for r in res { - println!("{:?}", r); - } } } #[test] diff --git a/src/lib.rs b/src/lib.rs index 4b0a7c6..f98705f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,6 +1,7 @@ #![cfg_attr(docsrs, feature(doc_auto_cfg))] // #![doc = include_str!("../README.md")] #![deny(unsafe_code)] +#![deny(dead_code)] #![warn( clippy::unwrap_used, // missing_docs, diff --git a/src/pairing.rs b/src/pairing.rs index 782c78e..b90fa49 100644 --- a/src/pairing.rs +++ b/src/pairing.rs @@ -74,7 +74,7 @@ impl<'b> MulAssign<&'b MillerLoopResult> for MillerLoopResult { pub(crate) struct Ell(Fp2, Fp2, Fp2); impl MillerLoopResult { - pub fn final_exponentiation(&self) -> Gt { + pub(crate) fn final_exponentiation(&self) -> Gt { /// As part of the cyclotomic acceleration of the final exponentiation step, there is a /// shortcut to take when using multiplication in Fp4. We built the tower of extensions using /// degrees 2, 6, and 12, but there is an additional way to write Fp12: @@ -144,7 +144,7 @@ impl MillerLoopResult { /// This is a simple double and add algorithm for exponentiation. You can get more /// complicated algorithms if you go to a compressed representation, such as Algorithm /// 5.5.4, listing 27 - pub fn cyclotomic_exp(f: Fp12, exponent: &Fp) -> Fp12 { + pub(crate) fn cyclotomic_exp(f: Fp12, exponent: &Fp) -> Fp12 { let bits = exponent.value().to_words(); let mut res = Fp12::one(); for e in bits.iter().rev() { @@ -159,7 +159,7 @@ impl MillerLoopResult { } /// This is a helper function to determine f^z, where $z$ is the generator of this /// particular member of the BN family - pub fn exp_by_neg_z(f: Fp12) -> Fp12 { + pub(crate) fn exp_by_neg_z(f: Fp12) -> Fp12 { cyclotomic_exp(f, &BLS_X).unitary_inverse() } /// The below is the easy part of the final exponentiation step, corresponding to Lines @@ -226,12 +226,12 @@ impl MillerLoopResult { /// digits, each also with an addition step. After the loop, there are 2 more addition steps, so /// the total number of coefficients we need to store is 64+9+12+2 = 87. #[derive(PartialEq)] -pub struct G2PreComputed { - pub q: G2Affine, - pub coeffs: [Ell; 87], +pub(crate) struct G2PreComputed { + pub(crate) q: G2Affine, + pub(crate) coeffs: [Ell; 87], } impl G2PreComputed { - pub fn miller_loop(&self, g1: &G1Affine) -> MillerLoopResult { + pub(crate) fn miller_loop(&self, g1: &G1Affine) -> MillerLoopResult { let mut f = Fp12::one(); let mut idx = 0; diff --git a/src/svdw.rs b/src/svdw.rs index 8d0b022..7ede9e2 100644 --- a/src/svdw.rs +++ b/src/svdw.rs @@ -29,14 +29,14 @@ pub(crate) struct SvdW>: Sized { /// This is the actual struct containing the relevant information. There are a few input /// constants, namely the coefficients A and B that define the curve in its short Weierstrass /// representation. The constants c1-c4 and Z are determined by the algorithm. - #[allow(dead_code)] + fn find_z_svdw(a: F, b: F) -> F { let g = |x: &F| -> F { (*x) * (*x) * (*x) + a * (*x) + b }; let h = |x: &F| -> F { -(F::from(3) * (*x) * (*x) + F::from(4) * a) / (F::from(4) * g(x)) }; @@ -61,7 +61,7 @@ pub(crate) trait SvdWTrait Result, MapError> { let g = |x: &F| -> F { (*x) * (*x) * (*x) + a * (*x) + b }; let z = Self::find_z_svdw(a, b); @@ -98,7 +98,7 @@ pub(crate) trait SvdWTrait> SvdWTrait for SvdW { - #[allow(dead_code)] + fn unchecked_map_to_point(&self, u: F) -> Result<[F; 2], MapError> { // Implements the SvdW algorithm for a single scalar point let cmov = |x: &F, y: &F, b: &Choice| -> F {