Mamy Ratsimbazafy
Mamy Ratsimbazafy
The current assembly backend is restricted to up to 384-bit primes (6 limbs) as otherwise it requires register spilling. https://github.com/mratsim/constantine/blob/7f0f5117607707f3698ba14a151039c9ccee7c0b/constantine/arithmetic/limbs_montgomery.nim#L302-L311 For Zero-Knowledge one-layer proof composition, a curve needs to be...
There is currently a growing interest in WASM Snarks for zero-knowledge proofs in the browser: - https://community.zkproof.org/t/zksnarks-in-webassembly-running-demo-and-discussion/30 - https://github.com/iden3/wasmsnark - https://github.com/arnaucube/go-snark/tree/master/wasm For this we have a couple of hurdles to...
Zero Knowledge Proofs work by handling constraints circuits with millions of gates corresponding to field operations. Those can be executed in parallel and the full constant-time design with no branch...
The paper - Avoiding Full Extension Field Arithmetic inPairing Computations\ Craig Costello, Colin Boyd, Juan Manuel Gonz alez Nieto, and Kenneth Koon-Ho Wong, 2010\ https://eprint.iacr.org/2010/104.pdf Proposes quadruple-and-add and octuple-and-add to...
The CMOV instruction that is used for conditional copy is likely optimal for 4~6 limbs. From Agner Fog tables  https://www.agner.org/optimize/instruction_tables.pdf The throughput is 0.5 hence 2 independent CMOV can...
The GLV-SAC paper introduces an alternative scalar multiplication for a fixed base. For example signing is always done using the generator point as a fixed base - Efficient and Secure...
Currently the coverage of assembly backend introduced in #69 is inequal. Some of the CI VMs supports ADX and BMI2 and some do not. We need to properly test both...
Glossary: - We talk about scalar multiplication for additive groups G1 (over Fp) and G2 (over Fp2 thanks to a sextic twist) - We talk about exponentiation for multiplicative group...
From Patrick Longa's PhD Thesis Appendix:  ---------------- Note: Jacobian coordinates do not have a complete exception-free addition formula, they require special casing adding infinity, the same number or its...
It is often needed to compute scalar multiplication in parallel via ``` R