Merge pull request #297 from ConsenSys/develop

v0.9.0 placeholder

Author: gbotrel

.github/workflows/pr.yml

@@ -10,7 +10,7 @@ jobs:
     - name: install Go
       uses: actions/setup-go@v2
       with:
-        go-version: 1.18.x
+        go-version: 1.19.x
     - name: checkout code
       uses: actions/checkout@v2
       with:
@@ -43,7 +43,7 @@ jobs:
   test:
     strategy:
       matrix:
-        go-version: [1.17.x, 1.18.x]
+        go-version: [1.18.x, 1.19.x]
         os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     needs:
@@ -68,7 +68,9 @@ jobs:
     - name: install deps
       run: go install golang.org/x/tools/cmd/goimports@latest && go install github.com/klauspost/asmfmt/cmd/asmfmt@latest
     - name: Test
-      run: go test -p=1 -v -timeout=30m ./...
+      run: |
+        go test -p=1 -v -timeout=30m ./...
+        go test -p=1 -tags=purego -v -timeout=30m ./...
     - name: Test (32 bits & race)
       if: (matrix.os == 'ubuntu-latest') && (matrix.go-version == '1.18.x')
       run: |

.golangci.yml

@@ -11,6 +11,7 @@ linters:
     - gosimple
     - govet
     - ineffassign
+    # - errcheck
 
 run:
   issues-exit-code: 1

README.md

@@ -11,7 +11,7 @@
   * [`bls12-377`] / [`bw6-761`]
   * [`bls24-315`] / [`bw6-633`]
   * [`bls12-378`] / [`bw6-756`]
-  * Each of these curve has a [`twistededwards`] sub-package with its companion curve which allow efficient elliptic curve cryptography inside zkSNARK circuits.
+  * Each of these curves has a [`twistededwards`] sub-package with its companion curve which allow efficient elliptic curve cryptography inside zkSNARK circuits.
 * [`field/goff`] - Finite field arithmetic code generator (blazingly fast big.Int)
 * [`fft`] - Fast Fourier Transform
 * [`fri`] - FRI (multiplicative) commitment scheme
@@ -46,15 +46,15 @@
 go get github.com/consensys/gnark-crypto
 ```
 
-Note if that if you use go modules, in `go.mod` the module path is case sensitive (use `consensys` and not `ConsenSys`).
+Note that if you use go modules, in `go.mod` the module path is case sensitive (use `consensys` and not `ConsenSys`).
 
 ### Development
 
 Most (but not all) of the code is generated from the templates in `internal/generator`.
 
 The generated code contains little to no interfaces and is strongly typed with a field (generated by the `gnark-crypto/field` package). The two main factors driving this design choice are:
 
-1. Performance: `gnark-crypto` algorithms manipulates millions (if not billions) of field elements. Interface indirection at this level, plus garbage collection indexing takes a heavy toll on perf.
+1. Performance: `gnark-crypto` algorithms manipulate millions (if not billions) of field elements. Interface indirection at this level, plus garbage collection indexing takes a heavy toll on perf.
 2. Need to derive (mostly) identical code for various moduli and curves, with consistent APIs. Generics introduce significant performance overhead and are not yet suited for high performance computing.
 
 To regenerate the files, see `internal/generator/main.go`. Run:
@@ -117,4 +117,4 @@ This project is licensed under the Apache 2 License - see the [LICENSE](LICENSE)
 [`kzg`]: https://pkg.go.dev/github.com/consensys/gnark-crypto/ecc/bn254/fr/kzg
 [`plookup`]: https://pkg.go.dev/github.com/consensys/gnark-crypto/ecc/bn254/fr/plookup
 [`permutation`]: https://pkg.go.dev/github.com/consensys/gnark-crypto/ecc/bn254/fr/permutation
-[`fiatshamir`]: https://pkg.go.dev/github.com/consensys/gnark-crypto/fiat-shamir
+[`fiatshamir`]: https://pkg.go.dev/github.com/consensys/gnark-crypto/fiat-shamir

accumulator/merkletree/tree.go

@@ -84,7 +84,8 @@ func sum(h hash.Hash, data ...[]byte) []byte {
 
 // leafSum returns the hash created from data inserted to form a leaf. Leaf
 // sums are calculated using:
-//		Hash(0x00 || data)
+//
+//	Hash(0x00 || data)
 func leafSum(h hash.Hash, data []byte) []byte {
 
 	//return sum(h, leafHashPrefix, data)
@@ -93,7 +94,8 @@ func leafSum(h hash.Hash, data []byte) []byte {
 
 // nodeSum returns the hash created from two sibling nodes being combined into
 // a parent node. Node sums are calculated using:
-//		Hash(0x01 || left sibling sum || right sibling sum)
+//
+//	Hash(0x01 || left sibling sum || right sibling sum)
 func nodeSum(h hash.Hash, a, b []byte) []byte {
 	//return sum(h, nodeHashPrefix, a, b)
 	return sum(h, a, b)

ecc/bls12-377/bls12-377.go

@@ -1,23 +1,29 @@
 // Package bls12377 efficient elliptic curve, pairing and hash to curve implementation for bls12-377.
 //
 // bls12-377: A Barreto--Lynn--Scott curve with
-//		embedding degree k=12
-//		seed x₀=9586122913090633729
-// 		𝔽r: r=8444461749428370424248824938781546531375899335154063827935233455917409239041 (x₀⁴-x₀²+1)
-// 		𝔽p: p=258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 ((x₀-1)² ⋅ r(x₀)/3+x₀)
-// 		(E/𝔽p): Y²=X³+1
-// 		(Eₜ/𝔽p²): Y² = X³+1/u (D-type twist)
-// 		r ∣ #E(Fp) and r ∣ #Eₜ(𝔽p²)
+//
+//	embedding degree k=12
+//	seed x₀=9586122913090633729
+//	𝔽r: r=8444461749428370424248824938781546531375899335154063827935233455917409239041 (x₀⁴-x₀²+1)
+//	𝔽p: p=258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 ((x₀-1)² ⋅ r(x₀)/3+x₀)
+//	(E/𝔽p): Y²=X³+1
+//	(Eₜ/𝔽p²): Y² = X³+1/u (D-type twist)
+//	r ∣ #E(Fp) and r ∣ #Eₜ(𝔽p²)
+//
 // Extension fields tower:
-// 		𝔽p²[u] = 𝔽p/u²+5
-// 		𝔽p⁶[v] = 𝔽p²/v³-u
-// 		𝔽p¹²[w] = 𝔽p⁶/w²-v
+//
+//	𝔽p²[u] = 𝔽p/u²+5
+//	𝔽p⁶[v] = 𝔽p²/v³-u
+//	𝔽p¹²[w] = 𝔽p⁶/w²-v
+//
 // optimal Ate loop size:
-//		x₀
+//
+//	x₀
+//
 // Security: estimated 126-bit level following [https://eprint.iacr.org/2019/885.pdf]
 // (r is 253 bits and p¹² is 4521 bits)
 //
-// Warning
+// # Warning
 //
 // This code has not been audited and is provided as-is. In particular, there is no security guarantees such as constant time implementation or side-channel attack resistance.
 package bls12377