fix: calculate proper constants

src/ed25519/curve.rs

@@ -155,12 +155,6 @@ impl Ed25519 {
     }
 }
 
-impl Ed25519 {
-    fn endomorphism_base(&self) -> Self {
-        unimplemented!();
-    }
-}
-
 impl Ed25519Affine {
     /// Constructs the neutral element `(0, 1)`.
     pub const fn identity() -> Self {
@@ -351,8 +345,13 @@ impl CurveExt for Ed25519 {
 
     const CURVE_ID: &'static str = "ed25519";
 
+    fn is_on_curve(&self) -> Choice {
+        let affine = Ed25519Affine::from(*self);
+        !self.z.is_zero() & affine.is_on_curve() & (affine.x * affine.y * self.z).ct_eq(&self.t)
+    }
+
     fn endo(&self) -> Self {
-        self.endomorphism_base()
+        unimplemented!();
     }
 
     fn jacobian_coordinates(&self) -> (Fq, Fq, Fq) {
@@ -363,14 +362,6 @@ impl CurveExt for Ed25519 {
         unimplemented!();
     }
 
-    fn is_on_curve(&self) -> Choice {
-        let affine = Ed25519Affine::from(*self);
-
-        println!("affine: {:?}", affine);
-
-        !self.z.is_zero() & affine.is_on_curve() & (affine.x * affine.y * self.z).ct_eq(&self.t)
-    }
-
     fn a() -> Self::Base {
         unimplemented!()
     }

src/ed25519/fq.rs

@@ -45,8 +45,8 @@ const MODULUS_LIMBS_32: [u32; 8] = [
 /// Constant representing the modulus as static str
 const MODULUS_STR: &str = "0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed";
 
-/// Obtained with:
-/// `sage: GF(57896044618658097711785492504343953926634992332820282019728792003956564819949).primitive_element()`
+/// Obtained with sage:
+/// `GF(0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed).primitive_element()`
 const MULTIPLICATIVE_GENERATOR: Fq = Fq::from_raw([0x02, 0x0, 0x0, 0x0]);
 
 /// INV = -(p^{-1} mod 2^64) mod 2^64
@@ -80,12 +80,26 @@ const SQRT_MINUS_ONE: Fq = Fq::from_raw([
     0x2b8324804fc1df0b,
 ]);
 
-/// TODO
-const ZETA: Fq = Fq::zero();
-/// TODO
-const DELTA: Fq = Fq::zero();
-/// TODO
-const ROOT_OF_UNITY_INV: Fq = Fq::zero();
+// Element in small order subgroup (3-order)
+const ZETA: Fq = Fq::from_raw([
+    0xaa86d89d8618e538,
+    0x1a1aada8413a4550,
+    0xd9872fccc55bd529,
+    0x381cba36aa6565b5,
+]);
+const ROOT_OF_UNITY: Fq = Fq::from_raw([
+    0xc4ee1b274a0ea0b0,
+    0x2f431806ad2fe478,
+    0x2b4d00993dfbd7a7,
+    0x2b8324804fc1df0b,
+]);
+const ROOT_OF_UNITY_INV: Fq = Fq::from_raw([
+    0x3b11e4d8b5f15f3d,
+    0xd0bce7f952d01b87,
+    0xd4b2ff66c2042858,
+    0x547cdb7fb03e20f4,
+]);
+const DELTA: Fq = Fq::from_raw([0x10, 0, 0, 0]);
 
 use crate::{
     field_arithmetic, field_common, field_specific, impl_add_binop_specify_output,
@@ -206,17 +220,15 @@ impl ff::Field for Fq {
 impl ff::PrimeField for Fq {
     type Repr = [u8; 32];
 
+    const MODULUS: &'static str = MODULUS_STR;
     const NUM_BITS: u32 = 256;
     const CAPACITY: u32 = 255;
-    const MODULUS: &'static str = MODULUS_STR;
-    const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR;
-    /// TODO
-    const ROOT_OF_UNITY: Self = Self::one();
-    /// TODO
-    const ROOT_OF_UNITY_INV: Self = Self::zero();
     const TWO_INV: Self = TWO_INV;
+    const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR;
+    const S: u32 = 2;
+    const ROOT_OF_UNITY: Self = ROOT_OF_UNITY;
+    const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV;
     const DELTA: Self = DELTA;
-    const S: u32 = 1;
 
     fn from_repr(repr: Self::Repr) -> CtOption<Self> {
         let mut tmp = Fq([0, 0, 0, 0]);
@@ -281,7 +293,6 @@ impl FromUniformBytes<64> for Fq {
 }
 
 impl WithSmallOrderMulGroup<3> for Fq {
-    /// TODO
     const ZETA: Self = ZETA;
 }
 

src/ed25519/fr.rs

@@ -45,6 +45,10 @@ const MODULUS_LIMBS_32: [u32; 8] = [
 ///Constant representing the modulus as static str
 const MODULUS_STR: &str = "0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed";
 
+/// Obtained with sage:
+/// `GF(0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed).primitive_element()`
+const MULTIPLICATIVE_GENERATOR: Fr = Fr::from_raw([0x02, 0x0, 0x0, 0x0]);
+
 /// INV = -(q^{-1} mod 2^64) mod 2^64
 const INV: u64 = 0xd2b51da312547e1b;
 
@@ -91,9 +95,26 @@ const SQRT_MINUS_ONE: Fr = Fr::from_raw([
     0x094a7310e07981e7,
 ]);
 
-const ZETA: Fr = Fr::zero();
-const DELTA: Fr = Fr::zero();
-const ROOT_OF_UNITY_INV: Fr = Fr::zero();
+// Element in small order subgroup (3-order)
+const ZETA: Fr = Fr::from_raw([
+    0x158687e51e07e223,
+    0x471dd911c6cce91e,
+    0xeb08f579fb8841ae,
+    0x0378d9ddc674005f,
+]);
+const ROOT_OF_UNITY: Fr = Fr::from_raw([
+    0xbe8775dfebbe07d4,
+    0x0ef0565342ce83fe,
+    0x7d3d6d60abc1c27a,
+    0x094a7310e07981e7,
+]);
+const ROOT_OF_UNITY_INV: Fr = Fr::from_raw([
+    0x998aed3a7137cc19,
+    0x05eea38b602918d7,
+    0x82c2929f543e3d86,
+    0x06b58cef1f867e18,
+]);
+const DELTA: Fr = Fr::from_raw([0x10, 0, 0, 0]);
 
 use crate::{
     field_arithmetic, field_common, field_specific, impl_add_binop_specify_output,
@@ -213,18 +234,15 @@ impl ff::Field for Fr {
 impl ff::PrimeField for Fr {
     type Repr = [u8; 32];
 
+    const MODULUS: &'static str = MODULUS_STR;
     const NUM_BITS: u32 = 256;
     const CAPACITY: u32 = 255;
-    const MODULUS: &'static str = MODULUS_STR;
-    /// TODO
-    const MULTIPLICATIVE_GENERATOR: Self = Self::one();
-    /// TODO
-    const ROOT_OF_UNITY: Self = Self::one();
-    /// TODO
-    const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV;
     const TWO_INV: Self = TWO_INV;
+    const MULTIPLICATIVE_GENERATOR: Self = MULTIPLICATIVE_GENERATOR;
+    const S: u32 = 2;
+    const ROOT_OF_UNITY: Self = ROOT_OF_UNITY;
+    const ROOT_OF_UNITY_INV: Self = ROOT_OF_UNITY_INV;
     const DELTA: Self = DELTA;
-    const S: u32 = 6;
 
     fn from_repr(repr: Self::Repr) -> CtOption<Self> {
         let mut tmp = Fr([0, 0, 0, 0]);
@@ -289,7 +307,6 @@ impl FromUniformBytes<64> for Fr {
 }
 
 impl WithSmallOrderMulGroup<3> for Fr {
-    /// TODO
     const ZETA: Self = ZETA;
 }