From f18a61896c554c476106c728f162b7aea868eb56 Mon Sep 17 00:00:00 2001 From: Mamy Ratsimbazafy Date: Sat, 21 Oct 2023 23:14:17 +0200 Subject: [PATCH] first jab at Rust bindings --- .github/workflows/ci.yml | 8 +- .gitignore | 30 +- Cargo.toml | 11 + bindings_generators/constantine_bls12_381.nim | 58 +-- .../constantine_bn254_snarks.nim | 62 +-- .../ctt-curve-bls12-381/Cargo.toml | 9 + constantine-rust/ctt-curve-bls12-381/build.rs | 35 ++ .../ctt-curve-bls12-381/src/lib.rs | 14 + .../ctt-curve-bn254-snarks/Cargo.toml | 8 + .../ctt-curve-bn254-snarks/build.rs | 35 ++ .../ctt-curve-bn254-snarks/src/lib.rs | 14 + constantine-rust/ctt-curve-pasta/Cargo.toml | 9 + constantine-rust/ctt-curve-pasta/build.rs | 35 ++ constantine-rust/ctt-curve-pasta/src/lib.rs | 14 + .../Cargo.toml | 8 + .../build.rs | 35 ++ .../src/lib.rs | 14 + constantine.nimble | 172 +++++--- include/constantine_bls12_381.h | 366 ++++++++--------- include/constantine_bn254_snarks.h | 378 +++++++++--------- 20 files changed, 814 insertions(+), 501 deletions(-) create mode 100644 Cargo.toml create mode 100644 constantine-rust/ctt-curve-bls12-381/Cargo.toml create mode 100644 constantine-rust/ctt-curve-bls12-381/build.rs create mode 100644 constantine-rust/ctt-curve-bls12-381/src/lib.rs create mode 100644 constantine-rust/ctt-curve-bn254-snarks/Cargo.toml create mode 100644 constantine-rust/ctt-curve-bn254-snarks/build.rs create mode 100644 constantine-rust/ctt-curve-bn254-snarks/src/lib.rs create mode 100644 constantine-rust/ctt-curve-pasta/Cargo.toml create mode 100644 constantine-rust/ctt-curve-pasta/build.rs create mode 100644 constantine-rust/ctt-curve-pasta/src/lib.rs create mode 100644 constantine-rust/ctt-proto-ethereum-bls-signatures/Cargo.toml create mode 100644 constantine-rust/ctt-proto-ethereum-bls-signatures/build.rs create mode 100644 constantine-rust/ctt-proto-ethereum-bls-signatures/src/lib.rs diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 192164c9f..33453f5c0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -232,7 +232,7 @@ jobs: shell: bash run: | cd constantine - nimble bindings --verbose + nimble make_libs --verbose nimble test_bindings --verbose nimble test_parallel --verbose - name: Run Constantine tests (UNIX no Assembly) @@ -240,7 +240,7 @@ jobs: shell: bash run: | cd constantine - CTT_ASM=0 nimble bindings --verbose + CTT_ASM=0 nimble make_libs --verbose nimble test_bindings --verbose CTT_ASM=0 nimble test_parallel --verbose - name: Run Constantine tests (Windows with Assembly) @@ -250,7 +250,7 @@ jobs: shell: msys2 {0} run: | cd constantine - nimble bindings --verbose + nimble make_libs --verbose nimble test_bindings --verbose nimble test_parallel_no_gmp --verbose - name: Run Constantine tests (Windows no Assembly) @@ -260,6 +260,6 @@ jobs: shell: msys2 {0} run: | cd constantine - CTT_ASM=0 nimble bindings --verbose + CTT_ASM=0 nimble make_libs --verbose nimble test_bindings --verbose CTT_ASM=0 nimble test_parallel_no_gmp --verbose diff --git a/.gitignore b/.gitignore index 0f21d0348..1ac3680f4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,3 @@ -nimcache/ - # Executables shall be put in an ignored build/ directory # Ignore dynamic, static libs and libtool archive files build/ @@ -10,8 +8,28 @@ build/ *.exe *.dll -# Sage -*.sage.py +# Nim +# ----------------------------------------------------------------------------------------- +nimcache/ + +# Rust +# ----------------------------------------------------------------------------------------- -# Tests -test_*.txt +# Generated by Cargo +# will have compiled files and executables +debug/ +target/ + +# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries +# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html +Cargo.lock + +# These are backup files generated by rustfmt +**/*.rs.bk + +# MSVC Windows builds of rustc generate these, which store debugging information +*.pdb + +# Sage +# ----------------------------------------------------------------------------------------- +*.sage.py \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 000000000..7f5c84f7a --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,11 @@ +[workspace] + +members = [ + "constantine-rust/ctt-curve-bls12-381", + "constantine-rust/ctt-curve-bn254-snarks", + "constantine-rust/ctt-curve-pasta", + "constantine-rust/ctt-proto-ethereum-bls-signatures", +] + +[profile.dev] +lto = "thin" # The Nim static library is compiled with LTO, always enable it \ No newline at end of file diff --git a/bindings_generators/constantine_bls12_381.nim b/bindings_generators/constantine_bls12_381.nim index b34c9c8ca..612c1a08d 100644 --- a/bindings_generators/constantine_bls12_381.nim +++ b/bindings_generators/constantine_bls12_381.nim @@ -9,28 +9,28 @@ import ./gen_bindings, ./gen_header type - bls12381_fr = Fr[BLS12_381] - bls12381_fp = Fp[BLS12_381] - bls12381_fp2 = Fp2[BLS12_381] - bls12381_ec_g1_aff = ECP_ShortW_Aff[Fp[BLS12_381], G1] - bls12381_ec_g1_jac = ECP_ShortW_Jac[Fp[BLS12_381], G1] - bls12381_ec_g1_prj = ECP_ShortW_Prj[Fp[BLS12_381], G1] - bls12381_ec_g2_aff = ECP_ShortW_Aff[Fp2[BLS12_381], G2] - bls12381_ec_g2_jac = ECP_ShortW_Jac[Fp2[BLS12_381], G2] - bls12381_ec_g2_prj = ECP_ShortW_Prj[Fp2[BLS12_381], G2] + bls12_381_fr = Fr[BLS12_381] + bls12_381_fp = Fp[BLS12_381] + bls12_381_fp2 = Fp2[BLS12_381] + bls12_381_ec_g1_aff = ECP_ShortW_Aff[Fp[BLS12_381], G1] + bls12_381_ec_g1_jac = ECP_ShortW_Jac[Fp[BLS12_381], G1] + bls12_381_ec_g1_prj = ECP_ShortW_Prj[Fp[BLS12_381], G1] + bls12_381_ec_g2_aff = ECP_ShortW_Aff[Fp2[BLS12_381], G2] + bls12_381_ec_g2_jac = ECP_ShortW_Jac[Fp2[BLS12_381], G2] + bls12_381_ec_g2_prj = ECP_ShortW_Prj[Fp2[BLS12_381], G2] collectBindings(cBindings): - genBindingsField(bls12381_fr) - genBindingsField(bls12381_fp) - genBindingsFieldSqrt(bls12381_fp) - genBindingsExtField(bls12381_fp2) - genBindingsExtFieldSqrt(bls12381_fp2) - genBindings_EC_ShortW_Affine(bls12381_ec_g1_aff, bls12381_fp) - genBindings_EC_ShortW_NonAffine(bls12381_ec_g1_jac, bls12381_ec_g1_aff, bls12381_fp) - genBindings_EC_ShortW_NonAffine(bls12381_ec_g1_prj, bls12381_ec_g1_aff, bls12381_fp) - genBindings_EC_ShortW_Affine(bls12381_ec_g2_aff, bls12381_fp2) - genBindings_EC_ShortW_NonAffine(bls12381_ec_g2_jac, bls12381_ec_g2_aff, bls12381_fp2) - genBindings_EC_ShortW_NonAffine(bls12381_ec_g2_prj, bls12381_ec_g2_aff, bls12381_fp2) + genBindingsField(bls12_381_fr) + genBindingsField(bls12_381_fp) + genBindingsFieldSqrt(bls12_381_fp) + genBindingsExtField(bls12_381_fp2) + genBindingsExtFieldSqrt(bls12_381_fp2) + genBindings_EC_ShortW_Affine(bls12_381_ec_g1_aff, bls12_381_fp) + genBindings_EC_ShortW_NonAffine(bls12_381_ec_g1_jac, bls12_381_ec_g1_aff, bls12_381_fp) + genBindings_EC_ShortW_NonAffine(bls12_381_ec_g1_prj, bls12_381_ec_g1_aff, bls12_381_fp) + genBindings_EC_ShortW_Affine(bls12_381_ec_g2_aff, bls12_381_fp2) + genBindings_EC_ShortW_NonAffine(bls12_381_ec_g2_jac, bls12_381_ec_g2_aff, bls12_381_fp2) + genBindings_EC_ShortW_NonAffine(bls12_381_ec_g2_prj, bls12_381_ec_g2_aff, bls12_381_fp2) # Write header when isMainModule and defined(CTT_GENERATE_HEADERS): @@ -55,23 +55,23 @@ when isMainModule and defined(CTT_GENERATE_HEADERS): header &= '\n' header &= genWordsRequired() header &= '\n' - header &= genField("bls12381_fr", BLS12_381.getCurveOrderBitWidth()) + header &= genField("bls12_381_fr", BLS12_381.getCurveOrderBitWidth()) header &= '\n' - header &= genField("bls12381_fp", BLS12_381.getCurveBitWidth()) + header &= genField("bls12_381_fp", BLS12_381.getCurveBitWidth()) header &= '\n' - header &= genExtField("bls12381_fp2", 2, "bls12381_fp") + header &= genExtField("bls12_381_fp2", 2, "bls12_381_fp") header &= '\n' - header &= genEllipticCurvePoint("bls12381_ec_g1_aff", "x, y", "bls12381_fp") + header &= genEllipticCurvePoint("bls12_381_ec_g1_aff", "x, y", "bls12_381_fp") header &= '\n' - header &= genEllipticCurvePoint("bls12381_ec_g1_jac", "x, y, z", "bls12381_fp") + header &= genEllipticCurvePoint("bls12_381_ec_g1_jac", "x, y, z", "bls12_381_fp") header &= '\n' - header &= genEllipticCurvePoint("bls12381_ec_g1_prj", "x, y, z", "bls12381_fp") + header &= genEllipticCurvePoint("bls12_381_ec_g1_prj", "x, y, z", "bls12_381_fp") header &= '\n' - header &= genEllipticCurvePoint("bls12381_ec_g2_aff", "x, y", "bls12381_fp2") + header &= genEllipticCurvePoint("bls12_381_ec_g2_aff", "x, y", "bls12_381_fp2") header &= '\n' - header &= genEllipticCurvePoint("bls12381_ec_g2_jac", "x, y, z", "bls12381_fp2") + header &= genEllipticCurvePoint("bls12_381_ec_g2_jac", "x, y, z", "bls12_381_fp2") header &= '\n' - header &= genEllipticCurvePoint("bls12381_ec_g2_prj", "x, y, z", "bls12381_fp2") + header &= genEllipticCurvePoint("bls12_381_ec_g2_prj", "x, y, z", "bls12_381_fp2") header &= '\n' header &= declNimMain("bls12381") header &= '\n' diff --git a/bindings_generators/constantine_bn254_snarks.nim b/bindings_generators/constantine_bn254_snarks.nim index e57d69fd7..ba22180e0 100644 --- a/bindings_generators/constantine_bn254_snarks.nim +++ b/bindings_generators/constantine_bn254_snarks.nim @@ -9,28 +9,28 @@ import ./gen_bindings, ./gen_header type - bn254snarks_fr = Fr[BN254_Snarks] - bn254snarks_fp = Fp[BN254_Snarks] - bn254snarks_fp2 = Fp2[BN254_Snarks] - bn254snarks_ec_g1_aff = ECP_ShortW_Aff[Fp[BN254_Snarks], G1] - bn254snarks_ec_g1_jac = ECP_ShortW_Jac[Fp[BN254_Snarks], G1] - bn254snarks_ec_g1_prj = ECP_ShortW_Prj[Fp[BN254_Snarks], G1] - bn254snarks_ec_g2_aff = ECP_ShortW_Aff[Fp2[BN254_Snarks], G2] - bn254snarks_ec_g2_jac = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2] - bn254snarks_ec_g2_prj = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2] + bn254_snarks_fr = Fr[BN254_Snarks] + bn254_snarks_fp = Fp[BN254_Snarks] + bn254_snarks_fp2 = Fp2[BN254_Snarks] + bn254_snarks_ec_g1_aff = ECP_ShortW_Aff[Fp[BN254_Snarks], G1] + bn254_snarks_ec_g1_jac = ECP_ShortW_Jac[Fp[BN254_Snarks], G1] + bn254_snarks_ec_g1_prj = ECP_ShortW_Prj[Fp[BN254_Snarks], G1] + bn254_snarks_ec_g2_aff = ECP_ShortW_Aff[Fp2[BN254_Snarks], G2] + bn254_snarks_ec_g2_jac = ECP_ShortW_Jac[Fp2[BN254_Snarks], G2] + bn254_snarks_ec_g2_prj = ECP_ShortW_Prj[Fp2[BN254_Snarks], G2] collectBindings(cBindings): - genBindingsField(bn254snarks_fr) - genBindingsField(bn254snarks_fp) - genBindingsFieldSqrt(bn254snarks_fp) - genBindingsExtField(bn254snarks_fp2) - genBindingsExtFieldSqrt(bn254snarks_fp2) - genBindings_EC_ShortW_Affine(bn254snarks_ec_g1_aff, bn254snarks_fp) - genBindings_EC_ShortW_NonAffine(bn254snarks_ec_g1_jac, bn254snarks_ec_g1_aff, bn254snarks_fp) - genBindings_EC_ShortW_NonAffine(bn254snarks_ec_g1_prj, bn254snarks_ec_g1_aff, bn254snarks_fp) - genBindings_EC_ShortW_Affine(bn254snarks_ec_g2_aff, bn254snarks_fp2) - genBindings_EC_ShortW_NonAffine(bn254snarks_ec_g2_jac, bn254snarks_ec_g2_aff, bn254snarks_fp2) - genBindings_EC_ShortW_NonAffine(bn254snarks_ec_g2_prj, bn254snarks_ec_g2_aff, bn254snarks_fp2) + genBindingsField(bn254_snarks_fr) + genBindingsField(bn254_snarks_fp) + genBindingsFieldSqrt(bn254_snarks_fp) + genBindingsExtField(bn254_snarks_fp2) + genBindingsExtFieldSqrt(bn254_snarks_fp2) + genBindings_EC_ShortW_Affine(bn254_snarks_ec_g1_aff, bn254_snarks_fp) + genBindings_EC_ShortW_NonAffine(bn254_snarks_ec_g1_jac, bn254_snarks_ec_g1_aff, bn254_snarks_fp) + genBindings_EC_ShortW_NonAffine(bn254_snarks_ec_g1_prj, bn254_snarks_ec_g1_aff, bn254_snarks_fp) + genBindings_EC_ShortW_Affine(bn254_snarks_ec_g2_aff, bn254_snarks_fp2) + genBindings_EC_ShortW_NonAffine(bn254_snarks_ec_g2_jac, bn254_snarks_ec_g2_aff, bn254_snarks_fp2) + genBindings_EC_ShortW_NonAffine(bn254_snarks_ec_g2_prj, bn254_snarks_ec_g2_aff, bn254_snarks_fp2) # Write header when isMainModule and defined(CTT_GENERATE_HEADERS): @@ -55,31 +55,31 @@ when isMainModule and defined(CTT_GENERATE_HEADERS): header &= '\n' header &= genWordsRequired() header &= '\n' - header &= genField("bn254snarks_fr", BN254_Snarks.getCurveOrderBitWidth()) + header &= genField("bn254_snarks_fr", BN254_Snarks.getCurveOrderBitWidth()) header &= '\n' - header &= genField("bn254snarks_fp", BN254_Snarks.getCurveBitWidth()) + header &= genField("bn254_snarks_fp", BN254_Snarks.getCurveBitWidth()) header &= '\n' - header &= genExtField("bn254snarks_fp2", 2, "bn254snarks_fp") + header &= genExtField("bn254_snarks_fp2", 2, "bn254_snarks_fp") header &= '\n' - header &= genEllipticCurvePoint("bn254snarks_ec_g1_aff", "x, y", "bn254snarks_fp") + header &= genEllipticCurvePoint("bn254_snarks_ec_g1_aff", "x, y", "bn254_snarks_fp") header &= '\n' - header &= genEllipticCurvePoint("bn254snarks_ec_g1_jac", "x, y, z", "bn254snarks_fp") + header &= genEllipticCurvePoint("bn254_snarks_ec_g1_jac", "x, y, z", "bn254_snarks_fp") header &= '\n' - header &= genEllipticCurvePoint("bn254snarks_ec_g1_prj", "x, y, z", "bn254snarks_fp") + header &= genEllipticCurvePoint("bn254_snarks_ec_g1_prj", "x, y, z", "bn254_snarks_fp") header &= '\n' - header &= genEllipticCurvePoint("bn254snarks_ec_g2_aff", "x, y", "bn254snarks_fp2") + header &= genEllipticCurvePoint("bn254_snarks_ec_g2_aff", "x, y", "bn254_snarks_fp2") header &= '\n' - header &= genEllipticCurvePoint("bn254snarks_ec_g2_jac", "x, y, z", "bn254snarks_fp2") + header &= genEllipticCurvePoint("bn254_snarks_ec_g2_jac", "x, y, z", "bn254_snarks_fp2") header &= '\n' - header &= genEllipticCurvePoint("bn254snarks_ec_g2_prj", "x, y, z", "bn254snarks_fp2") + header &= genEllipticCurvePoint("bn254_snarks_ec_g2_prj", "x, y, z", "bn254_snarks_fp2") header &= '\n' - header &= declNimMain("bn254snarks") + header &= declNimMain("bn254_snarks") header &= '\n' header &= cBindings header &= '\n' header = genCpp(header) - header = genHeader("BN@%$SNARKS", header) + header = genHeader("BN254SNARKS", header) header = genHeaderLicense() & header writeFile(dir/"constantine_bn254_snarks.h", header) diff --git a/constantine-rust/ctt-curve-bls12-381/Cargo.toml b/constantine-rust/ctt-curve-bls12-381/Cargo.toml new file mode 100644 index 000000000..7383feb01 --- /dev/null +++ b/constantine-rust/ctt-curve-bls12-381/Cargo.toml @@ -0,0 +1,9 @@ +[package] +name = "ctt-curve-bls12-381" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] + diff --git a/constantine-rust/ctt-curve-bls12-381/build.rs b/constantine-rust/ctt-curve-bls12-381/build.rs new file mode 100644 index 000000000..0935f1810 --- /dev/null +++ b/constantine-rust/ctt-curve-bls12-381/build.rs @@ -0,0 +1,35 @@ +use std::env; +use std::path::PathBuf; +use std::process::{Command, Stdio}; + +const LIB_NAME: &str = "constantine_bls12_381"; + +fn main() { + let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); + let cargo_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()); + let root_dir = cargo_dir + .parent() + .expect("rust library is nested") + .parent() + .expect("constantine-rust is nested"); + + let rust_lib_name = cargo_dir + .file_name() + .expect("Directory exist"); + + println!("Building Constantine library ..."); + + Command::new("nimble") + .arg("make_lib_rust") + .env("CTT_RUST_LIB", rust_lib_name) + .current_dir(root_dir) + .stdout(Stdio::inherit()) + .stderr(Stdio::inherit()) + .status() + .expect("failed to execute process"); + + println!("cargo:rustc-link-search=native={}", out_dir.display()); + println!("cargo:rustc-link-lib=static={}", LIB_NAME); + // Avoid full recompilation + // println!("cargo:rerun-if-changed={}", root_dir.join("constantine").display()); +} \ No newline at end of file diff --git a/constantine-rust/ctt-curve-bls12-381/src/lib.rs b/constantine-rust/ctt-curve-bls12-381/src/lib.rs new file mode 100644 index 000000000..7d12d9af8 --- /dev/null +++ b/constantine-rust/ctt-curve-bls12-381/src/lib.rs @@ -0,0 +1,14 @@ +pub fn add(left: usize, right: usize) -> usize { + left + right +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn it_works() { + let result = add(2, 2); + assert_eq!(result, 4); + } +} diff --git a/constantine-rust/ctt-curve-bn254-snarks/Cargo.toml b/constantine-rust/ctt-curve-bn254-snarks/Cargo.toml new file mode 100644 index 000000000..69012f957 --- /dev/null +++ b/constantine-rust/ctt-curve-bn254-snarks/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "ctt-curve-bn254-snarks" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] diff --git a/constantine-rust/ctt-curve-bn254-snarks/build.rs b/constantine-rust/ctt-curve-bn254-snarks/build.rs new file mode 100644 index 000000000..6ed7b2e6e --- /dev/null +++ b/constantine-rust/ctt-curve-bn254-snarks/build.rs @@ -0,0 +1,35 @@ +use std::env; +use std::path::PathBuf; +use std::process::{Command, Stdio}; + +const LIB_NAME: &str = "constantine_bn254_snarks"; + +fn main() { + let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); + let cargo_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()); + let root_dir = cargo_dir + .parent() + .expect("rust library is nested") + .parent() + .expect("constantine-rust is nested"); + + let rust_lib_name = cargo_dir + .file_name() + .expect("Directory exist"); + + println!("Building Constantine library ..."); + + Command::new("nimble") + .arg("make_lib_rust") + .env("CTT_RUST_LIB", rust_lib_name) + .current_dir(root_dir) + .stdout(Stdio::inherit()) + .stderr(Stdio::inherit()) + .status() + .expect("failed to execute process"); + + println!("cargo:rustc-link-search=native={}", out_dir.display()); + println!("cargo:rustc-link-lib=static={}", LIB_NAME); + // Avoid full recompilation + // println!("cargo:rerun-if-changed={}", root_dir.join("constantine").display()); +} \ No newline at end of file diff --git a/constantine-rust/ctt-curve-bn254-snarks/src/lib.rs b/constantine-rust/ctt-curve-bn254-snarks/src/lib.rs new file mode 100644 index 000000000..7d12d9af8 --- /dev/null +++ b/constantine-rust/ctt-curve-bn254-snarks/src/lib.rs @@ -0,0 +1,14 @@ +pub fn add(left: usize, right: usize) -> usize { + left + right +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn it_works() { + let result = add(2, 2); + assert_eq!(result, 4); + } +} diff --git a/constantine-rust/ctt-curve-pasta/Cargo.toml b/constantine-rust/ctt-curve-pasta/Cargo.toml new file mode 100644 index 000000000..4ad043f0b --- /dev/null +++ b/constantine-rust/ctt-curve-pasta/Cargo.toml @@ -0,0 +1,9 @@ +[package] +name = "ctt-curve-pasta" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] + diff --git a/constantine-rust/ctt-curve-pasta/build.rs b/constantine-rust/ctt-curve-pasta/build.rs new file mode 100644 index 000000000..b2ce7cef2 --- /dev/null +++ b/constantine-rust/ctt-curve-pasta/build.rs @@ -0,0 +1,35 @@ +use std::env; +use std::path::PathBuf; +use std::process::{Command, Stdio}; + +const LIB_NAME: &str = "constantine_pasta"; + +fn main() { + let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); + let cargo_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()); + let root_dir = cargo_dir + .parent() + .expect("rust library is nested") + .parent() + .expect("constantine-rust is nested"); + + let rust_lib_name = cargo_dir + .file_name() + .expect("Directory exist"); + + println!("Building Constantine library ..."); + + Command::new("nimble") + .arg("make_lib_rust") + .env("CTT_RUST_LIB", rust_lib_name) + .current_dir(root_dir) + .stdout(Stdio::inherit()) + .stderr(Stdio::inherit()) + .status() + .expect("failed to execute process"); + + println!("cargo:rustc-link-search=native={}", out_dir.display()); + println!("cargo:rustc-link-lib=static={}", LIB_NAME); + // Avoid full recompilation + // println!("cargo:rerun-if-changed={}", root_dir.join("constantine").display()); +} \ No newline at end of file diff --git a/constantine-rust/ctt-curve-pasta/src/lib.rs b/constantine-rust/ctt-curve-pasta/src/lib.rs new file mode 100644 index 000000000..7d12d9af8 --- /dev/null +++ b/constantine-rust/ctt-curve-pasta/src/lib.rs @@ -0,0 +1,14 @@ +pub fn add(left: usize, right: usize) -> usize { + left + right +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn it_works() { + let result = add(2, 2); + assert_eq!(result, 4); + } +} diff --git a/constantine-rust/ctt-proto-ethereum-bls-signatures/Cargo.toml b/constantine-rust/ctt-proto-ethereum-bls-signatures/Cargo.toml new file mode 100644 index 000000000..04c886b07 --- /dev/null +++ b/constantine-rust/ctt-proto-ethereum-bls-signatures/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "ctt-proto-ethereum-bls-signatures" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] diff --git a/constantine-rust/ctt-proto-ethereum-bls-signatures/build.rs b/constantine-rust/ctt-proto-ethereum-bls-signatures/build.rs new file mode 100644 index 000000000..37c5780c6 --- /dev/null +++ b/constantine-rust/ctt-proto-ethereum-bls-signatures/build.rs @@ -0,0 +1,35 @@ +use std::env; +use std::path::PathBuf; +use std::process::{Command, Stdio}; + +const LIB_NAME: &str = "constantine_ethereum_bls_signatures"; + +fn main() { + let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); + let cargo_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()); + let root_dir = cargo_dir + .parent() + .expect("rust library is nested") + .parent() + .expect("constantine-rust is nested"); + + let rust_lib_name = cargo_dir + .file_name() + .expect("Directory exist"); + + println!("Building Constantine library ..."); + + Command::new("nimble") + .arg("make_lib_rust") + .env("CTT_RUST_LIB", rust_lib_name) + .current_dir(root_dir) + .stdout(Stdio::inherit()) + .stderr(Stdio::inherit()) + .status() + .expect("failed to execute process"); + + println!("cargo:rustc-link-search=native={}", out_dir.display()); + println!("cargo:rustc-link-lib=static={}", LIB_NAME); + // Avoid full recompilation + // println!("cargo:rerun-if-changed={}", root_dir.join("constantine").display()); +} \ No newline at end of file diff --git a/constantine-rust/ctt-proto-ethereum-bls-signatures/src/lib.rs b/constantine-rust/ctt-proto-ethereum-bls-signatures/src/lib.rs new file mode 100644 index 000000000..7d12d9af8 --- /dev/null +++ b/constantine-rust/ctt-proto-ethereum-bls-signatures/src/lib.rs @@ -0,0 +1,14 @@ +pub fn add(left: usize, right: usize) -> usize { + left + right +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn it_works() { + let result = add(2, 2); + assert_eq!(result, 4); + } +} diff --git a/constantine.nimble b/constantine.nimble index f8c27cccb..932858961 100644 --- a/constantine.nimble +++ b/constantine.nimble @@ -14,7 +14,7 @@ requires "nim >= 1.6.12" # Nimscript imports # ---------------------------------------------------------------- -import std/[strformat, strutils] +import std/[strformat, strutils, os, tables] # Environment variables # ---------------------------------------------------------------- @@ -100,12 +100,16 @@ proc releaseBuildOptions(useLTO = true): string = # Reduce instructions cache misses. # https://lkml.org/lkml/2015/5/21/443 # Our non-inlined functions are large so size cost is minimal. + # + # -fmerge-all-constants + # Merge identical constants and variables, in particular + # field and curve arithmetic constant arrays. let compiler = if existsEnv"CC": " --cc:" & getEnv"CC" else: "" let (useAsmIfAble, force32) = getEnvVars() let envASM = if not useAsmIfAble: " -d:CTT_ASM=false " - else: "" + else: "" let env32 = if force32: " -d:CTT_32 " else: "" @@ -121,116 +125,160 @@ proc releaseBuildOptions(useLTO = true): string = " --mm:arc -d:useMalloc " & " --verbosity:0 --hints:off --warnings:off " & " --passC:-fno-semantic-interposition " & - " --passC:-falign-functions=64 " + " --passC:-falign-functions=64 " & + " --passC:-fmerge-all-constants" + +proc rustBuild(): string = + # Force Rust compilation, we force Clang compiler + # and use it's LTO-thin capabilities fro Nim<->Rust cross-language LTO + # - https://blog.llvm.org/2019/09/closing-gap-cross-language-lto-between.html + # - https://github.com/rust-lang/rust/pull/58057 + # - https://doc.rust-lang.org/rustc/linker-plugin-lto.html + + let compiler = " --cc:clang " + let lto = " --passC:-flto=thin --passL:-flto=thin " + + compiler & + lto & + " -d:danger " & + # " --opt:size " & + " --panics:on -d:noSignalHandler " & + " --mm:arc -d:useMalloc " & + " --verbosity:0 --hints:off --warnings:off " & + " --passC:-fno-semantic-interposition " & + " --passC:-falign-functions=64 " & + " --passC:-fmerge-all-constants" -type BindingsKind = enum +type PrimitiveKind = enum kCurve kProtocol -proc genDynamicBindings(bindingsKind: BindingsKind, bindingsName, prefixNimMain: string) = +proc genDynamicLib(primitiveKind: PrimitiveKind, primitiveName, prefixNimMain, outdir, nimcache: string) = proc compile(libName: string, flags = "") = - echo "Compiling dynamic library: lib/" & libName + echo &"Compiling dynamic library: {outdir}/" & libName exec "nim c " & flags & releaseBuildOptions(useLTO = true) & " --noMain --app:lib " & &" --nimMainPrefix:{prefixNimMain} " & - &" --out:{libName} --outdir:lib " & + &" --out:{libName} --outdir:{outdir} " & (block: - case bindingsKind + case primitiveKind of kCurve: - &" --nimcache:nimcache/bindings_curves/{bindingsName}" & - &" bindings_generators/{bindingsName}.nim" + &" --nimcache:{nimcache}/{primitiveName}" & + &" bindings_generators/{primitiveName}.nim" of kProtocol: - &" --nimcache:nimcache/bindings_protocols/{bindingsName}" & - &" constantine/{bindingsName}.nim") + &" --nimcache:{nimcache}/{primitiveName}" & + &" constantine/{primitiveName}.nim") - let bindingsName = block: - case bindingsKind - of kCurve: bindingsName - of kProtocol: "constantine_" & bindingsName + let primitiveName = block: + case primitiveKind + of kCurve: primitiveName + of kProtocol: "constantine_" & primitiveName when defined(windows): - compile bindingsName & ".dll" + compile primitiveName & ".dll" elif defined(macosx): - compile "lib" & bindingsName & ".dylib.arm", "--cpu:arm64 -l:'-target arm64-apple-macos11' -t:'-target arm64-apple-macos11'" - compile "lib" & bindingsName & ".dylib.x64", "--cpu:amd64 -l:'-target x86_64-apple-macos10.12' -t:'-target x86_64-apple-macos10.12'" - exec "lipo lib/lib" & bindingsName & ".dylib.arm " & - " lib/lib" & bindingsName & ".dylib.x64 " & - " -output lib/lib" & bindingsName & ".dylib -create" + compile "lib" & primitiveName & ".dylib.arm", "--cpu:arm64 -l:'-target arm64-apple-macos11' -t:'-target arm64-apple-macos11'" + compile "lib" & primitiveName & ".dylib.x64", "--cpu:amd64 -l:'-target x86_64-apple-macos10.12' -t:'-target x86_64-apple-macos10.12'" + exec "lipo {outdir}/lib" & primitiveName & ".dylib.arm " & + " {outdir}/lib" & primitiveName & ".dylib.x64 " & + " -output {outdir}/lib" & primitiveName & ".dylib -create" else: - compile "lib" & bindingsName & ".so" + compile "lib" & primitiveName & ".so" -proc genStaticBindings(bindingsKind: BindingsKind, bindingsName, prefixNimMain: string) = +proc genStaticLib(primitiveKind: PrimitiveKind, primitiveName, prefixNimMain, outdir, nimcache: string, rustLib = false) = proc compile(libName: string, flags = "") = - echo "Compiling static library: lib/" & libName + echo &"Compiling static library: {outdir}/" & libName exec "nim c " & flags & - releaseBuildOptions(useLTO = false) & + (if rustLib: rustBuild() else: releaseBuildOptions(useLTO = false)) & " --noMain --app:staticLib " & &" --nimMainPrefix:{prefixNimMain} " & - &" --out:{libName} --outdir:lib " & + &" --out:{libName} --outdir:{outdir} " & (block: - case bindingsKind + case primitiveKind of kCurve: - &" --nimcache:nimcache/bindings_curves/{bindingsName}" & - &" bindings_generators/{bindingsName}.nim" + &" --nimcache:{nimcache}/{primitiveName}" & + &" bindings_generators/{primitiveName}.nim" of kProtocol: - &" --nimcache:nimcache/bindings_protocols/{bindingsName}" & - &" constantine/{bindingsName}.nim") + &" --nimcache:{nimcache}/{primitiveName}" & + &" constantine/{primitiveName}.nim") - let bindingsName = block: - case bindingsKind - of kCurve: bindingsName - of kProtocol: "constantine_" & bindingsName + let primitiveName = block: + case primitiveKind + of kCurve: primitiveName + of kProtocol: "constantine_" & primitiveName when defined(windows): - compile bindingsName & ".lib" + compile primitiveName & ".lib" elif defined(macosx): - compile "lib" & bindingsName & ".a.arm", "--cpu:arm64 -l:'-target arm64-apple-macos11' -t:'-target arm64-apple-macos11'" - compile "lib" & bindingsName & ".a.x64", "--cpu:amd64 -l:'-target x86_64-apple-macos10.12' -t:'-target x86_64-apple-macos10.12'" - exec "lipo lib/lib" & bindingsName & ".a.arm " & - " lib/lib" & bindingsName & ".a.x64 " & - " -output lib/lib" & bindingsName & ".a -create" + compile "lib" & primitiveName & ".a.arm", "--cpu:arm64 -l:'-target arm64-apple-macos11' -t:'-target arm64-apple-macos11'" + compile "lib" & primitiveName & ".a.x64", "--cpu:amd64 -l:'-target x86_64-apple-macos10.12' -t:'-target x86_64-apple-macos10.12'" + exec "lipo {outdir}/lib" & primitiveName & ".a.arm " & + " {outdir}/lib" & primitiveName & ".a.x64 " & + " -output {outdir}/lib" & primitiveName & ".a -create" else: - compile "lib" & bindingsName & ".a" + compile "lib" & primitiveName & ".a" -proc genHeaders(bindingsName: string) = - echo "Generating header: include/" & bindingsName & ".h" +proc genHeader(primitiveName: string) = + echo "Generating header: include/" & primitiveName & ".h" exec "nim c -d:CTT_GENERATE_HEADERS " & " -d:release " & " --verbosity:0 --hints:off --warnings:off " & - " --out:" & bindingsName & "_gen_header.exe --outdir:build " & - " --nimcache:nimcache/bindings_curves_headers/" & bindingsName & "_header" & - " bindings_generators/" & bindingsName & ".nim" - exec "build/" & bindingsName & "_gen_header.exe include" + " --out:" & primitiveName & "_gen_header.exe --outdir:build " & + " --nimcache:nimcache/libcurves_headers/" & primitiveName & "_header" & + " bindings_generators/" & primitiveName & ".nim" + exec "build/" & primitiveName & "_gen_header.exe include" -task bindings, "Generate Constantine bindings": +task make_libs, "Build Constantine libraries": # Curve arithmetic - genStaticBindings(kCurve, "constantine_bls12_381", "ctt_bls12381_init_") - genDynamicBindings(kCurve, "constantine_bls12_381", "ctt_bls12381_init_") - genHeaders("constantine_bls12_381") + genStaticLib(kCurve, "constantine_bls12_381", "ctt_bls12_381_init_", "lib", "nimcache") + genDynamicLib(kCurve, "constantine_bls12_381", "ctt_bls12_381_init_", "lib", "nimcache") + genHeader("constantine_bls12_381") echo "" - genStaticBindings(kCurve, "constantine_pasta", "ctt_pasta_init_") - genDynamicBindings(kCurve, "constantine_pasta", "ctt_pasta_init_") - genHeaders("constantine_pasta") + genStaticLib(kCurve, "constantine_pasta", "ctt_pasta_init_", "lib", "nimcache") + genDynamicLib(kCurve, "constantine_pasta", "ctt_pasta_init_", "lib", "nimcache") + genHeader("constantine_pasta") echo "" - genStaticBindings(kCurve, "constantine_bn254_snarks", "ctt_bn254snarks_init_") - genDynamicBindings(kCurve, "constantine_bn254_snarks", "ctt_bn254snarks_init_") - genHeaders("constantine_bn254_snarks") + genStaticLib(kCurve, "constantine_bn254_snarks", "ctt_bn254_snarks_init_", "lib", "nimcache") + genDynamicLib(kCurve, "constantine_bn254_snarks", "ctt_bn254_snarks_init_", "lib", "nimcache") + genHeader("constantine_bn254_snarks") echo "" # Protocols - genStaticBindings(kProtocol, "ethereum_bls_signatures", "ctt_eth_bls_init_") - genDynamicBindings(kProtocol, "ethereum_bls_signatures", "ctt_eth_bls_init_") + genStaticLib(kProtocol, "ethereum_bls_signatures", "ctt_eth_bls_init_", "lib", "nimcache") + genDynamicLib(kProtocol, "ethereum_bls_signatures", "ctt_eth_bls_init_", "lib", "nimcache") echo "" +task make_lib_rust, "Build Constantine libraries (use within a Rust build.rs script)": + doAssert existsEnv"OUT_DIR", "Cargo needs to set the \"OUT_DIR\" environment variable" + let rustOutDir = getEnv"OUT_DIR" + + doAssert existsEnv"CTT_RUST_LIB", "Cargo needs to set the \"CTT_RUST_LIB\" to the Rust package being built" + let rustLib = getEnv"CTT_RUST_LIB" + + const mapLib = { + # Elliptic curves + "ctt-curve-bls12-381": (kCurve, "constantine_bls12_381", "ctt_bls12_381_init_"), + "ctt-curve-bn254-snarks": (kCurve, "constantine_bn254_snarks", "ctt_bn254_snarks_init_"), + "ctt-curve-pasta": (kCurve, "constantine_pasta", "ctt_pasta_init_"), + # Protocols + "ctt-proto-ethereum-bls-signatures": (kProtocol, "ethereum_bls_signatures", "ctt_eth_bls_init_"), + }.toTable() + + if not mapLib.hasKey(rustLib): + echo &"Build script for package '{rustLib}' is not configured on the Nim side." + + let (libKind, libName, libInitProc) = mapLib[rustLib] + genStaticLib(libKind, libName, libInitProc, rustOutDir, rustOutDir/"nimcache") + proc testLib(path, testName, libName: string, useGMP: bool) = let dynlibName = if defined(windows): libName & ".dll" elif defined(macosx): "lib" & libName & ".dylib" @@ -266,7 +314,7 @@ task test_bindings, "Test C bindings": # Test config # ---------------------------------------------------------------- -const buildParallel = "test_parallel.txt" +const buildParallel = "build/testsuite_parallel.txt" # Testing strategy: to reduce CI time we test leaf functionality # and skip testing codepath that would be exercised by leaves. diff --git a/include/constantine_bls12_381.h b/include/constantine_bls12_381.h index 585fc8823..a868ff2d8 100644 --- a/include/constantine_bls12_381.h +++ b/include/constantine_bls12_381.h @@ -41,15 +41,15 @@ typedef uint8_t byte; #define WordBitWidth (sizeof(secret_word)*8) #define words_required(bits) ((bits+WordBitWidth-1)/WordBitWidth) -typedef struct { secret_word limbs[words_required(255)]; } bls12381_fr; -typedef struct { secret_word limbs[words_required(381)]; } bls12381_fp; -typedef struct { bls12381_fp c[2]; } bls12381_fp2; -typedef struct { bls12381_fp x, y; } bls12381_ec_g1_aff; -typedef struct { bls12381_fp x, y, z; } bls12381_ec_g1_jac; -typedef struct { bls12381_fp x, y, z; } bls12381_ec_g1_prj; -typedef struct { bls12381_fp2 x, y; } bls12381_ec_g2_aff; -typedef struct { bls12381_fp2 x, y, z; } bls12381_ec_g2_jac; -typedef struct { bls12381_fp2 x, y, z; } bls12381_ec_g2_prj; +typedef struct { secret_word limbs[words_required(255)]; } bls12_381_fr; +typedef struct { secret_word limbs[words_required(381)]; } bls12_381_fp; +typedef struct { bls12_381_fp c[2]; } bls12_381_fp2; +typedef struct { bls12_381_fp x, y; } bls12_381_ec_g1_aff; +typedef struct { bls12_381_fp x, y, z; } bls12_381_ec_g1_jac; +typedef struct { bls12_381_fp x, y, z; } bls12_381_ec_g1_prj; +typedef struct { bls12_381_fp2 x, y; } bls12_381_ec_g2_aff; +typedef struct { bls12_381_fp2 x, y, z; } bls12_381_ec_g2_jac; +typedef struct { bls12_381_fp2 x, y, z; } bls12_381_ec_g2_prj; /* * Initializes the library: @@ -57,180 +57,180 @@ typedef struct { bls12381_fp2 x, y, z; } bls12381_ec_g2_prj; */ void ctt_bls12381_init_NimMain(void); -bool ctt_bls12381_fr_unmarshalBE(bls12381_fr* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result)); -bool ctt_bls12381_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const bls12381_fr* src) __attribute__((warn_unused_result)); -secret_bool ctt_bls12381_fr_is_eq(const bls12381_fr* a, const bls12381_fr* b); -secret_bool ctt_bls12381_fr_is_zero(const bls12381_fr* a); -secret_bool ctt_bls12381_fr_is_one(const bls12381_fr* a); -secret_bool ctt_bls12381_fr_is_minus_one(const bls12381_fr* a); -void ctt_bls12381_fr_set_zero(bls12381_fr* a); -void ctt_bls12381_fr_set_one(bls12381_fr* a); -void ctt_bls12381_fr_set_minus_one(bls12381_fr* a); -void ctt_bls12381_fr_neg(bls12381_fr* r, const bls12381_fr* a); -void ctt_bls12381_fr_neg_in_place(bls12381_fr* a); -void ctt_bls12381_fr_sum(bls12381_fr* r, const bls12381_fr* a, const bls12381_fr* b); -void ctt_bls12381_fr_add_in_place(bls12381_fr* a, const bls12381_fr* b); -void ctt_bls12381_fr_diff(bls12381_fr* r, const bls12381_fr* a, const bls12381_fr* b); -void ctt_bls12381_fr_sub_in_place(bls12381_fr* a, const bls12381_fr* b); -void ctt_bls12381_fr_double(bls12381_fr* r, const bls12381_fr* a); -void ctt_bls12381_fr_double_in_place(bls12381_fr* a); -void ctt_bls12381_fr_prod(bls12381_fr* r, const bls12381_fr* a, const bls12381_fr* b); -void ctt_bls12381_fr_mul_in_place(bls12381_fr* a, const bls12381_fr* b); -void ctt_bls12381_fr_square(bls12381_fr* r, const bls12381_fr* a); -void ctt_bls12381_fr_square_in_place(bls12381_fr* a); -void ctt_bls12381_fr_div2(bls12381_fr* a); -void ctt_bls12381_fr_inv(bls12381_fr* r, const bls12381_fr* a); -void ctt_bls12381_fr_inv_in_place(bls12381_fr* a); -void ctt_bls12381_fr_ccopy(bls12381_fr* a, const bls12381_fr* b, const secret_bool ctl); -void ctt_bls12381_fr_cswap(bls12381_fr* a, bls12381_fr* b, const secret_bool ctl); -void ctt_bls12381_fr_cset_zero(bls12381_fr* a, const secret_bool ctl); -void ctt_bls12381_fr_cset_one(bls12381_fr* a, const secret_bool ctl); -void ctt_bls12381_fr_cneg_in_place(bls12381_fr* a, const secret_bool ctl); -void ctt_bls12381_fr_cadd_in_place(bls12381_fr* a, const bls12381_fr* b, const secret_bool ctl); -void ctt_bls12381_fr_csub_in_place(bls12381_fr* a, const bls12381_fr* b, const secret_bool ctl); -bool ctt_bls12381_fp_unmarshalBE(bls12381_fp* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result)); -bool ctt_bls12381_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const bls12381_fp* src) __attribute__((warn_unused_result)); -secret_bool ctt_bls12381_fp_is_eq(const bls12381_fp* a, const bls12381_fp* b); -secret_bool ctt_bls12381_fp_is_zero(const bls12381_fp* a); -secret_bool ctt_bls12381_fp_is_one(const bls12381_fp* a); -secret_bool ctt_bls12381_fp_is_minus_one(const bls12381_fp* a); -void ctt_bls12381_fp_set_zero(bls12381_fp* a); -void ctt_bls12381_fp_set_one(bls12381_fp* a); -void ctt_bls12381_fp_set_minus_one(bls12381_fp* a); -void ctt_bls12381_fp_neg(bls12381_fp* r, const bls12381_fp* a); -void ctt_bls12381_fp_neg_in_place(bls12381_fp* a); -void ctt_bls12381_fp_sum(bls12381_fp* r, const bls12381_fp* a, const bls12381_fp* b); -void ctt_bls12381_fp_add_in_place(bls12381_fp* a, const bls12381_fp* b); -void ctt_bls12381_fp_diff(bls12381_fp* r, const bls12381_fp* a, const bls12381_fp* b); -void ctt_bls12381_fp_sub_in_place(bls12381_fp* a, const bls12381_fp* b); -void ctt_bls12381_fp_double(bls12381_fp* r, const bls12381_fp* a); -void ctt_bls12381_fp_double_in_place(bls12381_fp* a); -void ctt_bls12381_fp_prod(bls12381_fp* r, const bls12381_fp* a, const bls12381_fp* b); -void ctt_bls12381_fp_mul_in_place(bls12381_fp* a, const bls12381_fp* b); -void ctt_bls12381_fp_square(bls12381_fp* r, const bls12381_fp* a); -void ctt_bls12381_fp_square_in_place(bls12381_fp* a); -void ctt_bls12381_fp_div2(bls12381_fp* a); -void ctt_bls12381_fp_inv(bls12381_fp* r, const bls12381_fp* a); -void ctt_bls12381_fp_inv_in_place(bls12381_fp* a); -void ctt_bls12381_fp_ccopy(bls12381_fp* a, const bls12381_fp* b, const secret_bool ctl); -void ctt_bls12381_fp_cswap(bls12381_fp* a, bls12381_fp* b, const secret_bool ctl); -void ctt_bls12381_fp_cset_zero(bls12381_fp* a, const secret_bool ctl); -void ctt_bls12381_fp_cset_one(bls12381_fp* a, const secret_bool ctl); -void ctt_bls12381_fp_cneg_in_place(bls12381_fp* a, const secret_bool ctl); -void ctt_bls12381_fp_cadd_in_place(bls12381_fp* a, const bls12381_fp* b, const secret_bool ctl); -void ctt_bls12381_fp_csub_in_place(bls12381_fp* a, const bls12381_fp* b, const secret_bool ctl); -secret_bool ctt_bls12381_fp_is_square(const bls12381_fp* a); -void ctt_bls12381_fp_invsqrt(bls12381_fp* r, const bls12381_fp* a); -secret_bool ctt_bls12381_fp_invsqrt_in_place(bls12381_fp* r, const bls12381_fp* a); -void ctt_bls12381_fp_sqrt_in_place(bls12381_fp* a); -secret_bool ctt_bls12381_fp_sqrt_if_square_in_place(bls12381_fp* a); -void ctt_bls12381_fp_sqrt_invsqrt(bls12381_fp* sqrt, bls12381_fp* invsqrt, const bls12381_fp* a); -secret_bool ctt_bls12381_fp_sqrt_invsqrt_if_square(bls12381_fp* sqrt, bls12381_fp* invsqrt, const bls12381_fp* a); -secret_bool ctt_bls12381_fp_sqrt_ratio_if_square(bls12381_fp* r, const bls12381_fp* u, const bls12381_fp* v); -secret_bool ctt_bls12381_fp2_is_eq(const bls12381_fp2* a, const bls12381_fp2* b); -secret_bool ctt_bls12381_fp2_is_zero(const bls12381_fp2* a); -secret_bool ctt_bls12381_fp2_is_one(const bls12381_fp2* a); -secret_bool ctt_bls12381_fp2_is_minus_one(const bls12381_fp2* a); -void ctt_bls12381_fp2_set_zero(bls12381_fp2* a); -void ctt_bls12381_fp2_set_one(bls12381_fp2* a); -void ctt_bls12381_fp2_set_minus_one(bls12381_fp2* a); -void ctt_bls12381_fp2_neg(bls12381_fp2* a); -void ctt_bls12381_fp2_sum(bls12381_fp2* r, const bls12381_fp2* a, const bls12381_fp2* b); -void ctt_bls12381_fp2_add_in_place(bls12381_fp2* a, const bls12381_fp2* b); -void ctt_bls12381_fp2_diff(bls12381_fp2* r, const bls12381_fp2* a, const bls12381_fp2* b); -void ctt_bls12381_fp2_sub_in_place(bls12381_fp2* a, const bls12381_fp2* b); -void ctt_bls12381_fp2_double(bls12381_fp2* r, const bls12381_fp2* a); -void ctt_bls12381_fp2_double_in_place(bls12381_fp2* a); -void ctt_bls12381_fp2_conj(bls12381_fp2* r, const bls12381_fp2* a); -void ctt_bls12381_fp2_conj_in_place(bls12381_fp2* a); -void ctt_bls12381_fp2_conjneg(bls12381_fp2* r, const bls12381_fp2* a); -void ctt_bls12381_fp2_conjneg_in_place(bls12381_fp2* a); -void ctt_bls12381_fp2_prod(bls12381_fp2* r, const bls12381_fp2* a, const bls12381_fp2* b); -void ctt_bls12381_fp2_mul_in_place(bls12381_fp2* a, const bls12381_fp2* b); -void ctt_bls12381_fp2_square(bls12381_fp2* r, const bls12381_fp2* a); -void ctt_bls12381_fp2_square_in_place(bls12381_fp2* a); -void ctt_bls12381_fp2_div2(bls12381_fp2* a); -void ctt_bls12381_fp2_inv(bls12381_fp2* r, const bls12381_fp2* a); -void ctt_bls12381_fp2_inv_in_place(bls12381_fp2* a); -void ctt_bls12381_fp2_ccopy(bls12381_fp2* a, const bls12381_fp2* b, const secret_bool ctl); -void ctt_bls12381_fp2_cset_zero(bls12381_fp2* a, const secret_bool ctl); -void ctt_bls12381_fp2_cset_one(bls12381_fp2* a, const secret_bool ctl); -void ctt_bls12381_fp2_cneg_in_place(bls12381_fp2* a, const secret_bool ctl); -void ctt_bls12381_fp2_cadd_in_place(bls12381_fp2* a, const bls12381_fp2* b, const secret_bool ctl); -void ctt_bls12381_fp2_csub_in_place(bls12381_fp2* a, const bls12381_fp2* b, const secret_bool ctl); -secret_bool ctt_bls12381_fp2_is_square(const bls12381_fp2* a); -void ctt_bls12381_fp2_sqrt_in_place(bls12381_fp2* a); -secret_bool ctt_bls12381_fp2_sqrt_if_square_in_place(bls12381_fp2* a); -secret_bool ctt_bls12381_ec_g1_aff_is_eq(const bls12381_ec_g1_aff* P, const bls12381_ec_g1_aff* Q); -secret_bool ctt_bls12381_ec_g1_aff_is_inf(const bls12381_ec_g1_aff* P); -void ctt_bls12381_ec_g1_aff_set_inf(bls12381_ec_g1_aff* P); -void ctt_bls12381_ec_g1_aff_ccopy(bls12381_ec_g1_aff* P, const bls12381_ec_g1_aff* Q, const secret_bool ctl); -secret_bool ctt_bls12381_ec_g1_aff_is_on_curve(const bls12381_fp* x, const bls12381_fp* y); -void ctt_bls12381_ec_g1_aff_neg(bls12381_ec_g1_aff* P, const bls12381_ec_g1_aff* Q); -void ctt_bls12381_ec_g1_aff_neg_in_place(bls12381_ec_g1_aff* P); -secret_bool ctt_bls12381_ec_g1_jac_is_eq(const bls12381_ec_g1_jac* P, const bls12381_ec_g1_jac* Q); -secret_bool ctt_bls12381_ec_g1_jac_is_inf(const bls12381_ec_g1_jac* P); -void ctt_bls12381_ec_g1_jac_set_inf(bls12381_ec_g1_jac* P); -void ctt_bls12381_ec_g1_jac_ccopy(bls12381_ec_g1_jac* P, const bls12381_ec_g1_jac* Q, const secret_bool ctl); -void ctt_bls12381_ec_g1_jac_neg(bls12381_ec_g1_jac* P, const bls12381_ec_g1_jac* Q); -void ctt_bls12381_ec_g1_jac_neg_in_place(bls12381_ec_g1_jac* P); -void ctt_bls12381_ec_g1_jac_cneg_in_place(bls12381_ec_g1_jac* P, const secret_bool ctl); -void ctt_bls12381_ec_g1_jac_sum(bls12381_ec_g1_jac* r, const bls12381_ec_g1_jac* P, const bls12381_ec_g1_jac* Q); -void ctt_bls12381_ec_g1_jac_add_in_place(bls12381_ec_g1_jac* P, const bls12381_ec_g1_jac* Q); -void ctt_bls12381_ec_g1_jac_diff(bls12381_ec_g1_jac* r, const bls12381_ec_g1_jac* P, const bls12381_ec_g1_jac* Q); -void ctt_bls12381_ec_g1_jac_double(bls12381_ec_g1_jac* r, const bls12381_ec_g1_jac* P); -void ctt_bls12381_ec_g1_jac_double_in_place(bls12381_ec_g1_jac* P); -void ctt_bls12381_ec_g1_jac_affine(bls12381_ec_g1_aff* dst, const bls12381_ec_g1_jac* src); -void ctt_bls12381_ec_g1_jac_from_affine(bls12381_ec_g1_jac* dst, const bls12381_ec_g1_aff* src); -secret_bool ctt_bls12381_ec_g1_prj_is_eq(const bls12381_ec_g1_prj* P, const bls12381_ec_g1_prj* Q); -secret_bool ctt_bls12381_ec_g1_prj_is_inf(const bls12381_ec_g1_prj* P); -void ctt_bls12381_ec_g1_prj_set_inf(bls12381_ec_g1_prj* P); -void ctt_bls12381_ec_g1_prj_ccopy(bls12381_ec_g1_prj* P, const bls12381_ec_g1_prj* Q, const secret_bool ctl); -void ctt_bls12381_ec_g1_prj_neg(bls12381_ec_g1_prj* P, const bls12381_ec_g1_prj* Q); -void ctt_bls12381_ec_g1_prj_neg_in_place(bls12381_ec_g1_prj* P); -void ctt_bls12381_ec_g1_prj_cneg_in_place(bls12381_ec_g1_prj* P, const secret_bool ctl); -void ctt_bls12381_ec_g1_prj_sum(bls12381_ec_g1_prj* r, const bls12381_ec_g1_prj* P, const bls12381_ec_g1_prj* Q); -void ctt_bls12381_ec_g1_prj_add_in_place(bls12381_ec_g1_prj* P, const bls12381_ec_g1_prj* Q); -void ctt_bls12381_ec_g1_prj_diff(bls12381_ec_g1_prj* r, const bls12381_ec_g1_prj* P, const bls12381_ec_g1_prj* Q); -void ctt_bls12381_ec_g1_prj_double(bls12381_ec_g1_prj* r, const bls12381_ec_g1_prj* P); -void ctt_bls12381_ec_g1_prj_double_in_place(bls12381_ec_g1_prj* P); -void ctt_bls12381_ec_g1_prj_affine(bls12381_ec_g1_aff* dst, const bls12381_ec_g1_prj* src); -void ctt_bls12381_ec_g1_prj_from_affine(bls12381_ec_g1_prj* dst, const bls12381_ec_g1_aff* src); -secret_bool ctt_bls12381_ec_g2_aff_is_eq(const bls12381_ec_g2_aff* P, const bls12381_ec_g2_aff* Q); -secret_bool ctt_bls12381_ec_g2_aff_is_inf(const bls12381_ec_g2_aff* P); -void ctt_bls12381_ec_g2_aff_set_inf(bls12381_ec_g2_aff* P); -void ctt_bls12381_ec_g2_aff_ccopy(bls12381_ec_g2_aff* P, const bls12381_ec_g2_aff* Q, const secret_bool ctl); -secret_bool ctt_bls12381_ec_g2_aff_is_on_curve(const bls12381_fp2* x, const bls12381_fp2* y); -void ctt_bls12381_ec_g2_aff_neg(bls12381_ec_g2_aff* P, const bls12381_ec_g2_aff* Q); -void ctt_bls12381_ec_g2_aff_neg_in_place(bls12381_ec_g2_aff* P); -secret_bool ctt_bls12381_ec_g2_jac_is_eq(const bls12381_ec_g2_jac* P, const bls12381_ec_g2_jac* Q); -secret_bool ctt_bls12381_ec_g2_jac_is_inf(const bls12381_ec_g2_jac* P); -void ctt_bls12381_ec_g2_jac_set_inf(bls12381_ec_g2_jac* P); -void ctt_bls12381_ec_g2_jac_ccopy(bls12381_ec_g2_jac* P, const bls12381_ec_g2_jac* Q, const secret_bool ctl); -void ctt_bls12381_ec_g2_jac_neg(bls12381_ec_g2_jac* P, const bls12381_ec_g2_jac* Q); -void ctt_bls12381_ec_g2_jac_neg_in_place(bls12381_ec_g2_jac* P); -void ctt_bls12381_ec_g2_jac_cneg_in_place(bls12381_ec_g2_jac* P, const secret_bool ctl); -void ctt_bls12381_ec_g2_jac_sum(bls12381_ec_g2_jac* r, const bls12381_ec_g2_jac* P, const bls12381_ec_g2_jac* Q); -void ctt_bls12381_ec_g2_jac_add_in_place(bls12381_ec_g2_jac* P, const bls12381_ec_g2_jac* Q); -void ctt_bls12381_ec_g2_jac_diff(bls12381_ec_g2_jac* r, const bls12381_ec_g2_jac* P, const bls12381_ec_g2_jac* Q); -void ctt_bls12381_ec_g2_jac_double(bls12381_ec_g2_jac* r, const bls12381_ec_g2_jac* P); -void ctt_bls12381_ec_g2_jac_double_in_place(bls12381_ec_g2_jac* P); -void ctt_bls12381_ec_g2_jac_affine(bls12381_ec_g2_aff* dst, const bls12381_ec_g2_jac* src); -void ctt_bls12381_ec_g2_jac_from_affine(bls12381_ec_g2_jac* dst, const bls12381_ec_g2_aff* src); -secret_bool ctt_bls12381_ec_g2_prj_is_eq(const bls12381_ec_g2_prj* P, const bls12381_ec_g2_prj* Q); -secret_bool ctt_bls12381_ec_g2_prj_is_inf(const bls12381_ec_g2_prj* P); -void ctt_bls12381_ec_g2_prj_set_inf(bls12381_ec_g2_prj* P); -void ctt_bls12381_ec_g2_prj_ccopy(bls12381_ec_g2_prj* P, const bls12381_ec_g2_prj* Q, const secret_bool ctl); -void ctt_bls12381_ec_g2_prj_neg(bls12381_ec_g2_prj* P, const bls12381_ec_g2_prj* Q); -void ctt_bls12381_ec_g2_prj_neg_in_place(bls12381_ec_g2_prj* P); -void ctt_bls12381_ec_g2_prj_cneg_in_place(bls12381_ec_g2_prj* P, const secret_bool ctl); -void ctt_bls12381_ec_g2_prj_sum(bls12381_ec_g2_prj* r, const bls12381_ec_g2_prj* P, const bls12381_ec_g2_prj* Q); -void ctt_bls12381_ec_g2_prj_add_in_place(bls12381_ec_g2_prj* P, const bls12381_ec_g2_prj* Q); -void ctt_bls12381_ec_g2_prj_diff(bls12381_ec_g2_prj* r, const bls12381_ec_g2_prj* P, const bls12381_ec_g2_prj* Q); -void ctt_bls12381_ec_g2_prj_double(bls12381_ec_g2_prj* r, const bls12381_ec_g2_prj* P); -void ctt_bls12381_ec_g2_prj_double_in_place(bls12381_ec_g2_prj* P); -void ctt_bls12381_ec_g2_prj_affine(bls12381_ec_g2_aff* dst, const bls12381_ec_g2_prj* src); -void ctt_bls12381_ec_g2_prj_from_affine(bls12381_ec_g2_prj* dst, const bls12381_ec_g2_aff* src); +bool ctt_bls12_381_fr_unmarshalBE(bls12_381_fr* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result)); +bool ctt_bls12_381_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const bls12_381_fr* src) __attribute__((warn_unused_result)); +secret_bool ctt_bls12_381_fr_is_eq(const bls12_381_fr* a, const bls12_381_fr* b); +secret_bool ctt_bls12_381_fr_is_zero(const bls12_381_fr* a); +secret_bool ctt_bls12_381_fr_is_one(const bls12_381_fr* a); +secret_bool ctt_bls12_381_fr_is_minus_one(const bls12_381_fr* a); +void ctt_bls12_381_fr_set_zero(bls12_381_fr* a); +void ctt_bls12_381_fr_set_one(bls12_381_fr* a); +void ctt_bls12_381_fr_set_minus_one(bls12_381_fr* a); +void ctt_bls12_381_fr_neg(bls12_381_fr* r, const bls12_381_fr* a); +void ctt_bls12_381_fr_neg_in_place(bls12_381_fr* a); +void ctt_bls12_381_fr_sum(bls12_381_fr* r, const bls12_381_fr* a, const bls12_381_fr* b); +void ctt_bls12_381_fr_add_in_place(bls12_381_fr* a, const bls12_381_fr* b); +void ctt_bls12_381_fr_diff(bls12_381_fr* r, const bls12_381_fr* a, const bls12_381_fr* b); +void ctt_bls12_381_fr_sub_in_place(bls12_381_fr* a, const bls12_381_fr* b); +void ctt_bls12_381_fr_double(bls12_381_fr* r, const bls12_381_fr* a); +void ctt_bls12_381_fr_double_in_place(bls12_381_fr* a); +void ctt_bls12_381_fr_prod(bls12_381_fr* r, const bls12_381_fr* a, const bls12_381_fr* b); +void ctt_bls12_381_fr_mul_in_place(bls12_381_fr* a, const bls12_381_fr* b); +void ctt_bls12_381_fr_square(bls12_381_fr* r, const bls12_381_fr* a); +void ctt_bls12_381_fr_square_in_place(bls12_381_fr* a); +void ctt_bls12_381_fr_div2(bls12_381_fr* a); +void ctt_bls12_381_fr_inv(bls12_381_fr* r, const bls12_381_fr* a); +void ctt_bls12_381_fr_inv_in_place(bls12_381_fr* a); +void ctt_bls12_381_fr_ccopy(bls12_381_fr* a, const bls12_381_fr* b, const secret_bool ctl); +void ctt_bls12_381_fr_cswap(bls12_381_fr* a, bls12_381_fr* b, const secret_bool ctl); +void ctt_bls12_381_fr_cset_zero(bls12_381_fr* a, const secret_bool ctl); +void ctt_bls12_381_fr_cset_one(bls12_381_fr* a, const secret_bool ctl); +void ctt_bls12_381_fr_cneg_in_place(bls12_381_fr* a, const secret_bool ctl); +void ctt_bls12_381_fr_cadd_in_place(bls12_381_fr* a, const bls12_381_fr* b, const secret_bool ctl); +void ctt_bls12_381_fr_csub_in_place(bls12_381_fr* a, const bls12_381_fr* b, const secret_bool ctl); +bool ctt_bls12_381_fp_unmarshalBE(bls12_381_fp* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result)); +bool ctt_bls12_381_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const bls12_381_fp* src) __attribute__((warn_unused_result)); +secret_bool ctt_bls12_381_fp_is_eq(const bls12_381_fp* a, const bls12_381_fp* b); +secret_bool ctt_bls12_381_fp_is_zero(const bls12_381_fp* a); +secret_bool ctt_bls12_381_fp_is_one(const bls12_381_fp* a); +secret_bool ctt_bls12_381_fp_is_minus_one(const bls12_381_fp* a); +void ctt_bls12_381_fp_set_zero(bls12_381_fp* a); +void ctt_bls12_381_fp_set_one(bls12_381_fp* a); +void ctt_bls12_381_fp_set_minus_one(bls12_381_fp* a); +void ctt_bls12_381_fp_neg(bls12_381_fp* r, const bls12_381_fp* a); +void ctt_bls12_381_fp_neg_in_place(bls12_381_fp* a); +void ctt_bls12_381_fp_sum(bls12_381_fp* r, const bls12_381_fp* a, const bls12_381_fp* b); +void ctt_bls12_381_fp_add_in_place(bls12_381_fp* a, const bls12_381_fp* b); +void ctt_bls12_381_fp_diff(bls12_381_fp* r, const bls12_381_fp* a, const bls12_381_fp* b); +void ctt_bls12_381_fp_sub_in_place(bls12_381_fp* a, const bls12_381_fp* b); +void ctt_bls12_381_fp_double(bls12_381_fp* r, const bls12_381_fp* a); +void ctt_bls12_381_fp_double_in_place(bls12_381_fp* a); +void ctt_bls12_381_fp_prod(bls12_381_fp* r, const bls12_381_fp* a, const bls12_381_fp* b); +void ctt_bls12_381_fp_mul_in_place(bls12_381_fp* a, const bls12_381_fp* b); +void ctt_bls12_381_fp_square(bls12_381_fp* r, const bls12_381_fp* a); +void ctt_bls12_381_fp_square_in_place(bls12_381_fp* a); +void ctt_bls12_381_fp_div2(bls12_381_fp* a); +void ctt_bls12_381_fp_inv(bls12_381_fp* r, const bls12_381_fp* a); +void ctt_bls12_381_fp_inv_in_place(bls12_381_fp* a); +void ctt_bls12_381_fp_ccopy(bls12_381_fp* a, const bls12_381_fp* b, const secret_bool ctl); +void ctt_bls12_381_fp_cswap(bls12_381_fp* a, bls12_381_fp* b, const secret_bool ctl); +void ctt_bls12_381_fp_cset_zero(bls12_381_fp* a, const secret_bool ctl); +void ctt_bls12_381_fp_cset_one(bls12_381_fp* a, const secret_bool ctl); +void ctt_bls12_381_fp_cneg_in_place(bls12_381_fp* a, const secret_bool ctl); +void ctt_bls12_381_fp_cadd_in_place(bls12_381_fp* a, const bls12_381_fp* b, const secret_bool ctl); +void ctt_bls12_381_fp_csub_in_place(bls12_381_fp* a, const bls12_381_fp* b, const secret_bool ctl); +secret_bool ctt_bls12_381_fp_is_square(const bls12_381_fp* a); +void ctt_bls12_381_fp_invsqrt(bls12_381_fp* r, const bls12_381_fp* a); +secret_bool ctt_bls12_381_fp_invsqrt_in_place(bls12_381_fp* r, const bls12_381_fp* a); +void ctt_bls12_381_fp_sqrt_in_place(bls12_381_fp* a); +secret_bool ctt_bls12_381_fp_sqrt_if_square_in_place(bls12_381_fp* a); +void ctt_bls12_381_fp_sqrt_invsqrt(bls12_381_fp* sqrt, bls12_381_fp* invsqrt, const bls12_381_fp* a); +secret_bool ctt_bls12_381_fp_sqrt_invsqrt_if_square(bls12_381_fp* sqrt, bls12_381_fp* invsqrt, const bls12_381_fp* a); +secret_bool ctt_bls12_381_fp_sqrt_ratio_if_square(bls12_381_fp* r, const bls12_381_fp* u, const bls12_381_fp* v); +secret_bool ctt_bls12_381_fp2_is_eq(const bls12_381_fp2* a, const bls12_381_fp2* b); +secret_bool ctt_bls12_381_fp2_is_zero(const bls12_381_fp2* a); +secret_bool ctt_bls12_381_fp2_is_one(const bls12_381_fp2* a); +secret_bool ctt_bls12_381_fp2_is_minus_one(const bls12_381_fp2* a); +void ctt_bls12_381_fp2_set_zero(bls12_381_fp2* a); +void ctt_bls12_381_fp2_set_one(bls12_381_fp2* a); +void ctt_bls12_381_fp2_set_minus_one(bls12_381_fp2* a); +void ctt_bls12_381_fp2_neg(bls12_381_fp2* a); +void ctt_bls12_381_fp2_sum(bls12_381_fp2* r, const bls12_381_fp2* a, const bls12_381_fp2* b); +void ctt_bls12_381_fp2_add_in_place(bls12_381_fp2* a, const bls12_381_fp2* b); +void ctt_bls12_381_fp2_diff(bls12_381_fp2* r, const bls12_381_fp2* a, const bls12_381_fp2* b); +void ctt_bls12_381_fp2_sub_in_place(bls12_381_fp2* a, const bls12_381_fp2* b); +void ctt_bls12_381_fp2_double(bls12_381_fp2* r, const bls12_381_fp2* a); +void ctt_bls12_381_fp2_double_in_place(bls12_381_fp2* a); +void ctt_bls12_381_fp2_conj(bls12_381_fp2* r, const bls12_381_fp2* a); +void ctt_bls12_381_fp2_conj_in_place(bls12_381_fp2* a); +void ctt_bls12_381_fp2_conjneg(bls12_381_fp2* r, const bls12_381_fp2* a); +void ctt_bls12_381_fp2_conjneg_in_place(bls12_381_fp2* a); +void ctt_bls12_381_fp2_prod(bls12_381_fp2* r, const bls12_381_fp2* a, const bls12_381_fp2* b); +void ctt_bls12_381_fp2_mul_in_place(bls12_381_fp2* a, const bls12_381_fp2* b); +void ctt_bls12_381_fp2_square(bls12_381_fp2* r, const bls12_381_fp2* a); +void ctt_bls12_381_fp2_square_in_place(bls12_381_fp2* a); +void ctt_bls12_381_fp2_div2(bls12_381_fp2* a); +void ctt_bls12_381_fp2_inv(bls12_381_fp2* r, const bls12_381_fp2* a); +void ctt_bls12_381_fp2_inv_in_place(bls12_381_fp2* a); +void ctt_bls12_381_fp2_ccopy(bls12_381_fp2* a, const bls12_381_fp2* b, const secret_bool ctl); +void ctt_bls12_381_fp2_cset_zero(bls12_381_fp2* a, const secret_bool ctl); +void ctt_bls12_381_fp2_cset_one(bls12_381_fp2* a, const secret_bool ctl); +void ctt_bls12_381_fp2_cneg_in_place(bls12_381_fp2* a, const secret_bool ctl); +void ctt_bls12_381_fp2_cadd_in_place(bls12_381_fp2* a, const bls12_381_fp2* b, const secret_bool ctl); +void ctt_bls12_381_fp2_csub_in_place(bls12_381_fp2* a, const bls12_381_fp2* b, const secret_bool ctl); +secret_bool ctt_bls12_381_fp2_is_square(const bls12_381_fp2* a); +void ctt_bls12_381_fp2_sqrt_in_place(bls12_381_fp2* a); +secret_bool ctt_bls12_381_fp2_sqrt_if_square_in_place(bls12_381_fp2* a); +secret_bool ctt_bls12_381_ec_g1_aff_is_eq(const bls12_381_ec_g1_aff* P, const bls12_381_ec_g1_aff* Q); +secret_bool ctt_bls12_381_ec_g1_aff_is_inf(const bls12_381_ec_g1_aff* P); +void ctt_bls12_381_ec_g1_aff_set_inf(bls12_381_ec_g1_aff* P); +void ctt_bls12_381_ec_g1_aff_ccopy(bls12_381_ec_g1_aff* P, const bls12_381_ec_g1_aff* Q, const secret_bool ctl); +secret_bool ctt_bls12_381_ec_g1_aff_is_on_curve(const bls12_381_fp* x, const bls12_381_fp* y); +void ctt_bls12_381_ec_g1_aff_neg(bls12_381_ec_g1_aff* P, const bls12_381_ec_g1_aff* Q); +void ctt_bls12_381_ec_g1_aff_neg_in_place(bls12_381_ec_g1_aff* P); +secret_bool ctt_bls12_381_ec_g1_jac_is_eq(const bls12_381_ec_g1_jac* P, const bls12_381_ec_g1_jac* Q); +secret_bool ctt_bls12_381_ec_g1_jac_is_inf(const bls12_381_ec_g1_jac* P); +void ctt_bls12_381_ec_g1_jac_set_inf(bls12_381_ec_g1_jac* P); +void ctt_bls12_381_ec_g1_jac_ccopy(bls12_381_ec_g1_jac* P, const bls12_381_ec_g1_jac* Q, const secret_bool ctl); +void ctt_bls12_381_ec_g1_jac_neg(bls12_381_ec_g1_jac* P, const bls12_381_ec_g1_jac* Q); +void ctt_bls12_381_ec_g1_jac_neg_in_place(bls12_381_ec_g1_jac* P); +void ctt_bls12_381_ec_g1_jac_cneg_in_place(bls12_381_ec_g1_jac* P, const secret_bool ctl); +void ctt_bls12_381_ec_g1_jac_sum(bls12_381_ec_g1_jac* r, const bls12_381_ec_g1_jac* P, const bls12_381_ec_g1_jac* Q); +void ctt_bls12_381_ec_g1_jac_add_in_place(bls12_381_ec_g1_jac* P, const bls12_381_ec_g1_jac* Q); +void ctt_bls12_381_ec_g1_jac_diff(bls12_381_ec_g1_jac* r, const bls12_381_ec_g1_jac* P, const bls12_381_ec_g1_jac* Q); +void ctt_bls12_381_ec_g1_jac_double(bls12_381_ec_g1_jac* r, const bls12_381_ec_g1_jac* P); +void ctt_bls12_381_ec_g1_jac_double_in_place(bls12_381_ec_g1_jac* P); +void ctt_bls12_381_ec_g1_jac_affine(bls12_381_ec_g1_aff* dst, const bls12_381_ec_g1_jac* src); +void ctt_bls12_381_ec_g1_jac_from_affine(bls12_381_ec_g1_jac* dst, const bls12_381_ec_g1_aff* src); +secret_bool ctt_bls12_381_ec_g1_prj_is_eq(const bls12_381_ec_g1_prj* P, const bls12_381_ec_g1_prj* Q); +secret_bool ctt_bls12_381_ec_g1_prj_is_inf(const bls12_381_ec_g1_prj* P); +void ctt_bls12_381_ec_g1_prj_set_inf(bls12_381_ec_g1_prj* P); +void ctt_bls12_381_ec_g1_prj_ccopy(bls12_381_ec_g1_prj* P, const bls12_381_ec_g1_prj* Q, const secret_bool ctl); +void ctt_bls12_381_ec_g1_prj_neg(bls12_381_ec_g1_prj* P, const bls12_381_ec_g1_prj* Q); +void ctt_bls12_381_ec_g1_prj_neg_in_place(bls12_381_ec_g1_prj* P); +void ctt_bls12_381_ec_g1_prj_cneg_in_place(bls12_381_ec_g1_prj* P, const secret_bool ctl); +void ctt_bls12_381_ec_g1_prj_sum(bls12_381_ec_g1_prj* r, const bls12_381_ec_g1_prj* P, const bls12_381_ec_g1_prj* Q); +void ctt_bls12_381_ec_g1_prj_add_in_place(bls12_381_ec_g1_prj* P, const bls12_381_ec_g1_prj* Q); +void ctt_bls12_381_ec_g1_prj_diff(bls12_381_ec_g1_prj* r, const bls12_381_ec_g1_prj* P, const bls12_381_ec_g1_prj* Q); +void ctt_bls12_381_ec_g1_prj_double(bls12_381_ec_g1_prj* r, const bls12_381_ec_g1_prj* P); +void ctt_bls12_381_ec_g1_prj_double_in_place(bls12_381_ec_g1_prj* P); +void ctt_bls12_381_ec_g1_prj_affine(bls12_381_ec_g1_aff* dst, const bls12_381_ec_g1_prj* src); +void ctt_bls12_381_ec_g1_prj_from_affine(bls12_381_ec_g1_prj* dst, const bls12_381_ec_g1_aff* src); +secret_bool ctt_bls12_381_ec_g2_aff_is_eq(const bls12_381_ec_g2_aff* P, const bls12_381_ec_g2_aff* Q); +secret_bool ctt_bls12_381_ec_g2_aff_is_inf(const bls12_381_ec_g2_aff* P); +void ctt_bls12_381_ec_g2_aff_set_inf(bls12_381_ec_g2_aff* P); +void ctt_bls12_381_ec_g2_aff_ccopy(bls12_381_ec_g2_aff* P, const bls12_381_ec_g2_aff* Q, const secret_bool ctl); +secret_bool ctt_bls12_381_ec_g2_aff_is_on_curve(const bls12_381_fp2* x, const bls12_381_fp2* y); +void ctt_bls12_381_ec_g2_aff_neg(bls12_381_ec_g2_aff* P, const bls12_381_ec_g2_aff* Q); +void ctt_bls12_381_ec_g2_aff_neg_in_place(bls12_381_ec_g2_aff* P); +secret_bool ctt_bls12_381_ec_g2_jac_is_eq(const bls12_381_ec_g2_jac* P, const bls12_381_ec_g2_jac* Q); +secret_bool ctt_bls12_381_ec_g2_jac_is_inf(const bls12_381_ec_g2_jac* P); +void ctt_bls12_381_ec_g2_jac_set_inf(bls12_381_ec_g2_jac* P); +void ctt_bls12_381_ec_g2_jac_ccopy(bls12_381_ec_g2_jac* P, const bls12_381_ec_g2_jac* Q, const secret_bool ctl); +void ctt_bls12_381_ec_g2_jac_neg(bls12_381_ec_g2_jac* P, const bls12_381_ec_g2_jac* Q); +void ctt_bls12_381_ec_g2_jac_neg_in_place(bls12_381_ec_g2_jac* P); +void ctt_bls12_381_ec_g2_jac_cneg_in_place(bls12_381_ec_g2_jac* P, const secret_bool ctl); +void ctt_bls12_381_ec_g2_jac_sum(bls12_381_ec_g2_jac* r, const bls12_381_ec_g2_jac* P, const bls12_381_ec_g2_jac* Q); +void ctt_bls12_381_ec_g2_jac_add_in_place(bls12_381_ec_g2_jac* P, const bls12_381_ec_g2_jac* Q); +void ctt_bls12_381_ec_g2_jac_diff(bls12_381_ec_g2_jac* r, const bls12_381_ec_g2_jac* P, const bls12_381_ec_g2_jac* Q); +void ctt_bls12_381_ec_g2_jac_double(bls12_381_ec_g2_jac* r, const bls12_381_ec_g2_jac* P); +void ctt_bls12_381_ec_g2_jac_double_in_place(bls12_381_ec_g2_jac* P); +void ctt_bls12_381_ec_g2_jac_affine(bls12_381_ec_g2_aff* dst, const bls12_381_ec_g2_jac* src); +void ctt_bls12_381_ec_g2_jac_from_affine(bls12_381_ec_g2_jac* dst, const bls12_381_ec_g2_aff* src); +secret_bool ctt_bls12_381_ec_g2_prj_is_eq(const bls12_381_ec_g2_prj* P, const bls12_381_ec_g2_prj* Q); +secret_bool ctt_bls12_381_ec_g2_prj_is_inf(const bls12_381_ec_g2_prj* P); +void ctt_bls12_381_ec_g2_prj_set_inf(bls12_381_ec_g2_prj* P); +void ctt_bls12_381_ec_g2_prj_ccopy(bls12_381_ec_g2_prj* P, const bls12_381_ec_g2_prj* Q, const secret_bool ctl); +void ctt_bls12_381_ec_g2_prj_neg(bls12_381_ec_g2_prj* P, const bls12_381_ec_g2_prj* Q); +void ctt_bls12_381_ec_g2_prj_neg_in_place(bls12_381_ec_g2_prj* P); +void ctt_bls12_381_ec_g2_prj_cneg_in_place(bls12_381_ec_g2_prj* P, const secret_bool ctl); +void ctt_bls12_381_ec_g2_prj_sum(bls12_381_ec_g2_prj* r, const bls12_381_ec_g2_prj* P, const bls12_381_ec_g2_prj* Q); +void ctt_bls12_381_ec_g2_prj_add_in_place(bls12_381_ec_g2_prj* P, const bls12_381_ec_g2_prj* Q); +void ctt_bls12_381_ec_g2_prj_diff(bls12_381_ec_g2_prj* r, const bls12_381_ec_g2_prj* P, const bls12_381_ec_g2_prj* Q); +void ctt_bls12_381_ec_g2_prj_double(bls12_381_ec_g2_prj* r, const bls12_381_ec_g2_prj* P); +void ctt_bls12_381_ec_g2_prj_double_in_place(bls12_381_ec_g2_prj* P); +void ctt_bls12_381_ec_g2_prj_affine(bls12_381_ec_g2_aff* dst, const bls12_381_ec_g2_prj* src); +void ctt_bls12_381_ec_g2_prj_from_affine(bls12_381_ec_g2_prj* dst, const bls12_381_ec_g2_aff* src); #ifdef __cplusplus diff --git a/include/constantine_bn254_snarks.h b/include/constantine_bn254_snarks.h index 94f35b264..56a8ab4a1 100644 --- a/include/constantine_bn254_snarks.h +++ b/include/constantine_bn254_snarks.h @@ -6,8 +6,8 @@ * * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0). * at your option. This file may not be copied, modified, or distributed except according to those terms. */ -#ifndef __CTT_H_BN@%$SNARKS__ -#define __CTT_H_BN@%$SNARKS__ +#ifndef __CTT_H_BN254SNARKS__ +#define __CTT_H_BN254SNARKS__ #ifdef __cplusplus extern "C" { @@ -28,6 +28,12 @@ typedef __UINT64_TYPE__ uint64_t; #include #endif +#if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901 +# define bool _Bool +#else +# define bool unsigned char +#endif + typedef size_t secret_word; typedef size_t secret_bool; typedef uint8_t byte; @@ -35,196 +41,196 @@ typedef uint8_t byte; #define WordBitWidth (sizeof(secret_word)*8) #define words_required(bits) ((bits+WordBitWidth-1)/WordBitWidth) -typedef struct { secret_word limbs[words_required(254)]; } bn254snarks_fr; -typedef struct { secret_word limbs[words_required(254)]; } bn254snarks_fp; -typedef struct { bn254snarks_fp c[2]; } bn254snarks_fp2; -typedef struct { bn254snarks_fp x, y; } bn254snarks_ec_g1_aff; -typedef struct { bn254snarks_fp x, y, z; } bn254snarks_ec_g1_jac; -typedef struct { bn254snarks_fp x, y, z; } bn254snarks_ec_g1_prj; -typedef struct { bn254snarks_fp2 x, y; } bn254snarks_ec_g2_aff; -typedef struct { bn254snarks_fp2 x, y, z; } bn254snarks_ec_g2_jac; -typedef struct { bn254snarks_fp2 x, y, z; } bn254snarks_ec_g2_prj; +typedef struct { secret_word limbs[words_required(254)]; } bn254_snarks_fr; +typedef struct { secret_word limbs[words_required(254)]; } bn254_snarks_fp; +typedef struct { bn254_snarks_fp c[2]; } bn254_snarks_fp2; +typedef struct { bn254_snarks_fp x, y; } bn254_snarks_ec_g1_aff; +typedef struct { bn254_snarks_fp x, y, z; } bn254_snarks_ec_g1_jac; +typedef struct { bn254_snarks_fp x, y, z; } bn254_snarks_ec_g1_prj; +typedef struct { bn254_snarks_fp2 x, y; } bn254_snarks_ec_g2_aff; +typedef struct { bn254_snarks_fp2 x, y, z; } bn254_snarks_ec_g2_jac; +typedef struct { bn254_snarks_fp2 x, y, z; } bn254_snarks_ec_g2_prj; /* * Initializes the library: * - detect CPU features like ADX instructions support (MULX, ADCX, ADOX) */ -void ctt_bn254snarks_init_NimMain(void); +void ctt_bn254_snarks_init_NimMain(void); -void ctt_bn254snarks_fr_unmarshalBE(bn254snarks_fr* dst, const byte src[], ptrdiff_t src_len); -void ctt_bn254snarks_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const bn254snarks_fr* src); -secret_bool ctt_bn254snarks_fr_is_eq(const bn254snarks_fr* a, const bn254snarks_fr* b); -secret_bool ctt_bn254snarks_fr_is_zero(const bn254snarks_fr* a); -secret_bool ctt_bn254snarks_fr_is_one(const bn254snarks_fr* a); -secret_bool ctt_bn254snarks_fr_is_minus_one(const bn254snarks_fr* a); -void ctt_bn254snarks_fr_set_zero(bn254snarks_fr* a); -void ctt_bn254snarks_fr_set_one(bn254snarks_fr* a); -void ctt_bn254snarks_fr_set_minus_one(bn254snarks_fr* a); -void ctt_bn254snarks_fr_neg(bn254snarks_fr* r, const bn254snarks_fr* a); -void ctt_bn254snarks_fr_neg_in_place(bn254snarks_fr* a); -void ctt_bn254snarks_fr_sum(bn254snarks_fr* r, const bn254snarks_fr* a, const bn254snarks_fr* b); -void ctt_bn254snarks_fr_add_in_place(bn254snarks_fr* a, const bn254snarks_fr* b); -void ctt_bn254snarks_fr_diff(bn254snarks_fr* r, const bn254snarks_fr* a, const bn254snarks_fr* b); -void ctt_bn254snarks_fr_sub_in_place(bn254snarks_fr* a, const bn254snarks_fr* b); -void ctt_bn254snarks_fr_double(bn254snarks_fr* r, const bn254snarks_fr* a); -void ctt_bn254snarks_fr_double_in_place(bn254snarks_fr* a); -void ctt_bn254snarks_fr_prod(bn254snarks_fr* r, const bn254snarks_fr* a, const bn254snarks_fr* b); -void ctt_bn254snarks_fr_mul_in_place(bn254snarks_fr* a, const bn254snarks_fr* b); -void ctt_bn254snarks_fr_square(bn254snarks_fr* r, const bn254snarks_fr* a); -void ctt_bn254snarks_fr_square_in_place(bn254snarks_fr* a); -void ctt_bn254snarks_fr_div2(bn254snarks_fr* a); -void ctt_bn254snarks_fr_inv(bn254snarks_fr* r, const bn254snarks_fr* a); -void ctt_bn254snarks_fr_inv_in_place(bn254snarks_fr* a); -void ctt_bn254snarks_fr_ccopy(bn254snarks_fr* a, const bn254snarks_fr* b, const secret_bool ctl); -void ctt_bn254snarks_fr_cswap(bn254snarks_fr* a, bn254snarks_fr* b, const secret_bool ctl); -void ctt_bn254snarks_fr_cset_zero(bn254snarks_fr* a, const secret_bool ctl); -void ctt_bn254snarks_fr_cset_one(bn254snarks_fr* a, const secret_bool ctl); -void ctt_bn254snarks_fr_cneg_in_place(bn254snarks_fr* a, const secret_bool ctl); -void ctt_bn254snarks_fr_cadd_in_place(bn254snarks_fr* a, const bn254snarks_fr* b, const secret_bool ctl); -void ctt_bn254snarks_fr_csub_in_place(bn254snarks_fr* a, const bn254snarks_fr* b, const secret_bool ctl); -void ctt_bn254snarks_fp_unmarshalBE(bn254snarks_fp* dst, const byte src[], ptrdiff_t src_len); -void ctt_bn254snarks_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const bn254snarks_fp* src); -secret_bool ctt_bn254snarks_fp_is_eq(const bn254snarks_fp* a, const bn254snarks_fp* b); -secret_bool ctt_bn254snarks_fp_is_zero(const bn254snarks_fp* a); -secret_bool ctt_bn254snarks_fp_is_one(const bn254snarks_fp* a); -secret_bool ctt_bn254snarks_fp_is_minus_one(const bn254snarks_fp* a); -void ctt_bn254snarks_fp_set_zero(bn254snarks_fp* a); -void ctt_bn254snarks_fp_set_one(bn254snarks_fp* a); -void ctt_bn254snarks_fp_set_minus_one(bn254snarks_fp* a); -void ctt_bn254snarks_fp_neg(bn254snarks_fp* r, const bn254snarks_fp* a); -void ctt_bn254snarks_fp_neg_in_place(bn254snarks_fp* a); -void ctt_bn254snarks_fp_sum(bn254snarks_fp* r, const bn254snarks_fp* a, const bn254snarks_fp* b); -void ctt_bn254snarks_fp_add_in_place(bn254snarks_fp* a, const bn254snarks_fp* b); -void ctt_bn254snarks_fp_diff(bn254snarks_fp* r, const bn254snarks_fp* a, const bn254snarks_fp* b); -void ctt_bn254snarks_fp_sub_in_place(bn254snarks_fp* a, const bn254snarks_fp* b); -void ctt_bn254snarks_fp_double(bn254snarks_fp* r, const bn254snarks_fp* a); -void ctt_bn254snarks_fp_double_in_place(bn254snarks_fp* a); -void ctt_bn254snarks_fp_prod(bn254snarks_fp* r, const bn254snarks_fp* a, const bn254snarks_fp* b); -void ctt_bn254snarks_fp_mul_in_place(bn254snarks_fp* a, const bn254snarks_fp* b); -void ctt_bn254snarks_fp_square(bn254snarks_fp* r, const bn254snarks_fp* a); -void ctt_bn254snarks_fp_square_in_place(bn254snarks_fp* a); -void ctt_bn254snarks_fp_div2(bn254snarks_fp* a); -void ctt_bn254snarks_fp_inv(bn254snarks_fp* r, const bn254snarks_fp* a); -void ctt_bn254snarks_fp_inv_in_place(bn254snarks_fp* a); -void ctt_bn254snarks_fp_ccopy(bn254snarks_fp* a, const bn254snarks_fp* b, const secret_bool ctl); -void ctt_bn254snarks_fp_cswap(bn254snarks_fp* a, bn254snarks_fp* b, const secret_bool ctl); -void ctt_bn254snarks_fp_cset_zero(bn254snarks_fp* a, const secret_bool ctl); -void ctt_bn254snarks_fp_cset_one(bn254snarks_fp* a, const secret_bool ctl); -void ctt_bn254snarks_fp_cneg_in_place(bn254snarks_fp* a, const secret_bool ctl); -void ctt_bn254snarks_fp_cadd_in_place(bn254snarks_fp* a, const bn254snarks_fp* b, const secret_bool ctl); -void ctt_bn254snarks_fp_csub_in_place(bn254snarks_fp* a, const bn254snarks_fp* b, const secret_bool ctl); -secret_bool ctt_bn254snarks_fp_is_square(const bn254snarks_fp* a); -void ctt_bn254snarks_fp_invsqrt(bn254snarks_fp* r, const bn254snarks_fp* a); -secret_bool ctt_bn254snarks_fp_invsqrt_in_place(bn254snarks_fp* r, const bn254snarks_fp* a); -void ctt_bn254snarks_fp_sqrt_in_place(bn254snarks_fp* a); -secret_bool ctt_bn254snarks_fp_sqrt_if_square_in_place(bn254snarks_fp* a); -void ctt_bn254snarks_fp_sqrt_invsqrt(bn254snarks_fp* sqrt, bn254snarks_fp* invsqrt, const bn254snarks_fp* a); -secret_bool ctt_bn254snarks_fp_sqrt_invsqrt_if_square(bn254snarks_fp* sqrt, bn254snarks_fp* invsqrt, const bn254snarks_fp* a); -secret_bool ctt_bn254snarks_fp_sqrt_ratio_if_square(bn254snarks_fp* r, const bn254snarks_fp* u, const bn254snarks_fp* v); -secret_bool ctt_bn254snarks_fp2_is_eq(const bn254snarks_fp2* a, const bn254snarks_fp2* b); -secret_bool ctt_bn254snarks_fp2_is_zero(const bn254snarks_fp2* a); -secret_bool ctt_bn254snarks_fp2_is_one(const bn254snarks_fp2* a); -secret_bool ctt_bn254snarks_fp2_is_minus_one(const bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_set_zero(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_set_one(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_set_minus_one(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_neg(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_sum(bn254snarks_fp2* r, const bn254snarks_fp2* a, const bn254snarks_fp2* b); -void ctt_bn254snarks_fp2_add_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b); -void ctt_bn254snarks_fp2_diff(bn254snarks_fp2* r, const bn254snarks_fp2* a, const bn254snarks_fp2* b); -void ctt_bn254snarks_fp2_sub_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b); -void ctt_bn254snarks_fp2_double(bn254snarks_fp2* r, const bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_double_in_place(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_conj(bn254snarks_fp2* r, const bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_conj_in_place(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_conjneg(bn254snarks_fp2* r, const bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_conjneg_in_place(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_prod(bn254snarks_fp2* r, const bn254snarks_fp2* a, const bn254snarks_fp2* b); -void ctt_bn254snarks_fp2_mul_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b); -void ctt_bn254snarks_fp2_square(bn254snarks_fp2* r, const bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_square_in_place(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_div2(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_inv(bn254snarks_fp2* r, const bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_inv_in_place(bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_ccopy(bn254snarks_fp2* a, const bn254snarks_fp2* b, const secret_bool ctl); -void ctt_bn254snarks_fp2_cset_zero(bn254snarks_fp2* a, const secret_bool ctl); -void ctt_bn254snarks_fp2_cset_one(bn254snarks_fp2* a, const secret_bool ctl); -void ctt_bn254snarks_fp2_cneg_in_place(bn254snarks_fp2* a, const secret_bool ctl); -void ctt_bn254snarks_fp2_cadd_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b, const secret_bool ctl); -void ctt_bn254snarks_fp2_csub_in_place(bn254snarks_fp2* a, const bn254snarks_fp2* b, const secret_bool ctl); -secret_bool ctt_bn254snarks_fp2_is_square(const bn254snarks_fp2* a); -void ctt_bn254snarks_fp2_sqrt_in_place(bn254snarks_fp2* a); -secret_bool ctt_bn254snarks_fp2_sqrt_if_square_in_place(bn254snarks_fp2* a); -secret_bool ctt_bn254snarks_ec_g1_aff_is_eq(const bn254snarks_ec_g1_aff* P, const bn254snarks_ec_g1_aff* Q); -secret_bool ctt_bn254snarks_ec_g1_aff_is_inf(const bn254snarks_ec_g1_aff* P); -void ctt_bn254snarks_ec_g1_aff_set_inf(bn254snarks_ec_g1_aff* P); -void ctt_bn254snarks_ec_g1_aff_ccopy(bn254snarks_ec_g1_aff* P, const bn254snarks_ec_g1_aff* Q, const secret_bool ctl); -secret_bool ctt_bn254snarks_ec_g1_aff_is_on_curve(const bn254snarks_fp* x, const bn254snarks_fp* y); -void ctt_bn254snarks_ec_g1_aff_neg(bn254snarks_ec_g1_aff* P, const bn254snarks_ec_g1_aff* Q); -void ctt_bn254snarks_ec_g1_aff_neg_in_place(bn254snarks_ec_g1_aff* P); -secret_bool ctt_bn254snarks_ec_g1_jac_is_eq(const bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q); -secret_bool ctt_bn254snarks_ec_g1_jac_is_inf(const bn254snarks_ec_g1_jac* P); -void ctt_bn254snarks_ec_g1_jac_set_inf(bn254snarks_ec_g1_jac* P); -void ctt_bn254snarks_ec_g1_jac_ccopy(bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q, const secret_bool ctl); -void ctt_bn254snarks_ec_g1_jac_neg(bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q); -void ctt_bn254snarks_ec_g1_jac_neg_in_place(bn254snarks_ec_g1_jac* P); -void ctt_bn254snarks_ec_g1_jac_cneg_in_place(bn254snarks_ec_g1_jac* P, const secret_bool ctl); -void ctt_bn254snarks_ec_g1_jac_sum(bn254snarks_ec_g1_jac* r, const bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q); -void ctt_bn254snarks_ec_g1_jac_add_in_place(bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q); -void ctt_bn254snarks_ec_g1_jac_diff(bn254snarks_ec_g1_jac* r, const bn254snarks_ec_g1_jac* P, const bn254snarks_ec_g1_jac* Q); -void ctt_bn254snarks_ec_g1_jac_double(bn254snarks_ec_g1_jac* r, const bn254snarks_ec_g1_jac* P); -void ctt_bn254snarks_ec_g1_jac_double_in_place(bn254snarks_ec_g1_jac* P); -void ctt_bn254snarks_ec_g1_jac_affine(bn254snarks_ec_g1_aff* dst, const bn254snarks_ec_g1_jac* src); -void ctt_bn254snarks_ec_g1_jac_from_affine(bn254snarks_ec_g1_jac* dst, const bn254snarks_ec_g1_aff* src); -secret_bool ctt_bn254snarks_ec_g1_prj_is_eq(const bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q); -secret_bool ctt_bn254snarks_ec_g1_prj_is_inf(const bn254snarks_ec_g1_prj* P); -void ctt_bn254snarks_ec_g1_prj_set_inf(bn254snarks_ec_g1_prj* P); -void ctt_bn254snarks_ec_g1_prj_ccopy(bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q, const secret_bool ctl); -void ctt_bn254snarks_ec_g1_prj_neg(bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q); -void ctt_bn254snarks_ec_g1_prj_neg_in_place(bn254snarks_ec_g1_prj* P); -void ctt_bn254snarks_ec_g1_prj_cneg_in_place(bn254snarks_ec_g1_prj* P, const secret_bool ctl); -void ctt_bn254snarks_ec_g1_prj_sum(bn254snarks_ec_g1_prj* r, const bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q); -void ctt_bn254snarks_ec_g1_prj_add_in_place(bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q); -void ctt_bn254snarks_ec_g1_prj_diff(bn254snarks_ec_g1_prj* r, const bn254snarks_ec_g1_prj* P, const bn254snarks_ec_g1_prj* Q); -void ctt_bn254snarks_ec_g1_prj_double(bn254snarks_ec_g1_prj* r, const bn254snarks_ec_g1_prj* P); -void ctt_bn254snarks_ec_g1_prj_double_in_place(bn254snarks_ec_g1_prj* P); -void ctt_bn254snarks_ec_g1_prj_affine(bn254snarks_ec_g1_aff* dst, const bn254snarks_ec_g1_prj* src); -void ctt_bn254snarks_ec_g1_prj_from_affine(bn254snarks_ec_g1_prj* dst, const bn254snarks_ec_g1_aff* src); -secret_bool ctt_bn254snarks_ec_g2_aff_is_eq(const bn254snarks_ec_g2_aff* P, const bn254snarks_ec_g2_aff* Q); -secret_bool ctt_bn254snarks_ec_g2_aff_is_inf(const bn254snarks_ec_g2_aff* P); -void ctt_bn254snarks_ec_g2_aff_set_inf(bn254snarks_ec_g2_aff* P); -void ctt_bn254snarks_ec_g2_aff_ccopy(bn254snarks_ec_g2_aff* P, const bn254snarks_ec_g2_aff* Q, const secret_bool ctl); -secret_bool ctt_bn254snarks_ec_g2_aff_is_on_curve(const bn254snarks_fp2* x, const bn254snarks_fp2* y); -void ctt_bn254snarks_ec_g2_aff_neg(bn254snarks_ec_g2_aff* P, const bn254snarks_ec_g2_aff* Q); -void ctt_bn254snarks_ec_g2_aff_neg_in_place(bn254snarks_ec_g2_aff* P); -secret_bool ctt_bn254snarks_ec_g2_jac_is_eq(const bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q); -secret_bool ctt_bn254snarks_ec_g2_jac_is_inf(const bn254snarks_ec_g2_jac* P); -void ctt_bn254snarks_ec_g2_jac_set_inf(bn254snarks_ec_g2_jac* P); -void ctt_bn254snarks_ec_g2_jac_ccopy(bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q, const secret_bool ctl); -void ctt_bn254snarks_ec_g2_jac_neg(bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q); -void ctt_bn254snarks_ec_g2_jac_neg_in_place(bn254snarks_ec_g2_jac* P); -void ctt_bn254snarks_ec_g2_jac_cneg_in_place(bn254snarks_ec_g2_jac* P, const secret_bool ctl); -void ctt_bn254snarks_ec_g2_jac_sum(bn254snarks_ec_g2_jac* r, const bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q); -void ctt_bn254snarks_ec_g2_jac_add_in_place(bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q); -void ctt_bn254snarks_ec_g2_jac_diff(bn254snarks_ec_g2_jac* r, const bn254snarks_ec_g2_jac* P, const bn254snarks_ec_g2_jac* Q); -void ctt_bn254snarks_ec_g2_jac_double(bn254snarks_ec_g2_jac* r, const bn254snarks_ec_g2_jac* P); -void ctt_bn254snarks_ec_g2_jac_double_in_place(bn254snarks_ec_g2_jac* P); -void ctt_bn254snarks_ec_g2_jac_affine(bn254snarks_ec_g2_aff* dst, const bn254snarks_ec_g2_jac* src); -void ctt_bn254snarks_ec_g2_jac_from_affine(bn254snarks_ec_g2_jac* dst, const bn254snarks_ec_g2_aff* src); -secret_bool ctt_bn254snarks_ec_g2_prj_is_eq(const bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q); -secret_bool ctt_bn254snarks_ec_g2_prj_is_inf(const bn254snarks_ec_g2_prj* P); -void ctt_bn254snarks_ec_g2_prj_set_inf(bn254snarks_ec_g2_prj* P); -void ctt_bn254snarks_ec_g2_prj_ccopy(bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q, const secret_bool ctl); -void ctt_bn254snarks_ec_g2_prj_neg(bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q); -void ctt_bn254snarks_ec_g2_prj_neg_in_place(bn254snarks_ec_g2_prj* P); -void ctt_bn254snarks_ec_g2_prj_cneg_in_place(bn254snarks_ec_g2_prj* P, const secret_bool ctl); -void ctt_bn254snarks_ec_g2_prj_sum(bn254snarks_ec_g2_prj* r, const bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q); -void ctt_bn254snarks_ec_g2_prj_add_in_place(bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q); -void ctt_bn254snarks_ec_g2_prj_diff(bn254snarks_ec_g2_prj* r, const bn254snarks_ec_g2_prj* P, const bn254snarks_ec_g2_prj* Q); -void ctt_bn254snarks_ec_g2_prj_double(bn254snarks_ec_g2_prj* r, const bn254snarks_ec_g2_prj* P); -void ctt_bn254snarks_ec_g2_prj_double_in_place(bn254snarks_ec_g2_prj* P); -void ctt_bn254snarks_ec_g2_prj_affine(bn254snarks_ec_g2_aff* dst, const bn254snarks_ec_g2_prj* src); -void ctt_bn254snarks_ec_g2_prj_from_affine(bn254snarks_ec_g2_prj* dst, const bn254snarks_ec_g2_aff* src); +bool ctt_bn254_snarks_fr_unmarshalBE(bn254_snarks_fr* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result)); +bool ctt_bn254_snarks_fr_marshalBE(byte dst[], ptrdiff_t dst_len, const bn254_snarks_fr* src) __attribute__((warn_unused_result)); +secret_bool ctt_bn254_snarks_fr_is_eq(const bn254_snarks_fr* a, const bn254_snarks_fr* b); +secret_bool ctt_bn254_snarks_fr_is_zero(const bn254_snarks_fr* a); +secret_bool ctt_bn254_snarks_fr_is_one(const bn254_snarks_fr* a); +secret_bool ctt_bn254_snarks_fr_is_minus_one(const bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_set_zero(bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_set_one(bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_set_minus_one(bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_neg(bn254_snarks_fr* r, const bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_neg_in_place(bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_sum(bn254_snarks_fr* r, const bn254_snarks_fr* a, const bn254_snarks_fr* b); +void ctt_bn254_snarks_fr_add_in_place(bn254_snarks_fr* a, const bn254_snarks_fr* b); +void ctt_bn254_snarks_fr_diff(bn254_snarks_fr* r, const bn254_snarks_fr* a, const bn254_snarks_fr* b); +void ctt_bn254_snarks_fr_sub_in_place(bn254_snarks_fr* a, const bn254_snarks_fr* b); +void ctt_bn254_snarks_fr_double(bn254_snarks_fr* r, const bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_double_in_place(bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_prod(bn254_snarks_fr* r, const bn254_snarks_fr* a, const bn254_snarks_fr* b); +void ctt_bn254_snarks_fr_mul_in_place(bn254_snarks_fr* a, const bn254_snarks_fr* b); +void ctt_bn254_snarks_fr_square(bn254_snarks_fr* r, const bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_square_in_place(bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_div2(bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_inv(bn254_snarks_fr* r, const bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_inv_in_place(bn254_snarks_fr* a); +void ctt_bn254_snarks_fr_ccopy(bn254_snarks_fr* a, const bn254_snarks_fr* b, const secret_bool ctl); +void ctt_bn254_snarks_fr_cswap(bn254_snarks_fr* a, bn254_snarks_fr* b, const secret_bool ctl); +void ctt_bn254_snarks_fr_cset_zero(bn254_snarks_fr* a, const secret_bool ctl); +void ctt_bn254_snarks_fr_cset_one(bn254_snarks_fr* a, const secret_bool ctl); +void ctt_bn254_snarks_fr_cneg_in_place(bn254_snarks_fr* a, const secret_bool ctl); +void ctt_bn254_snarks_fr_cadd_in_place(bn254_snarks_fr* a, const bn254_snarks_fr* b, const secret_bool ctl); +void ctt_bn254_snarks_fr_csub_in_place(bn254_snarks_fr* a, const bn254_snarks_fr* b, const secret_bool ctl); +bool ctt_bn254_snarks_fp_unmarshalBE(bn254_snarks_fp* dst, const byte src[], ptrdiff_t src_len) __attribute__((warn_unused_result)); +bool ctt_bn254_snarks_fp_marshalBE(byte dst[], ptrdiff_t dst_len, const bn254_snarks_fp* src) __attribute__((warn_unused_result)); +secret_bool ctt_bn254_snarks_fp_is_eq(const bn254_snarks_fp* a, const bn254_snarks_fp* b); +secret_bool ctt_bn254_snarks_fp_is_zero(const bn254_snarks_fp* a); +secret_bool ctt_bn254_snarks_fp_is_one(const bn254_snarks_fp* a); +secret_bool ctt_bn254_snarks_fp_is_minus_one(const bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_set_zero(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_set_one(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_set_minus_one(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_neg(bn254_snarks_fp* r, const bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_neg_in_place(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_sum(bn254_snarks_fp* r, const bn254_snarks_fp* a, const bn254_snarks_fp* b); +void ctt_bn254_snarks_fp_add_in_place(bn254_snarks_fp* a, const bn254_snarks_fp* b); +void ctt_bn254_snarks_fp_diff(bn254_snarks_fp* r, const bn254_snarks_fp* a, const bn254_snarks_fp* b); +void ctt_bn254_snarks_fp_sub_in_place(bn254_snarks_fp* a, const bn254_snarks_fp* b); +void ctt_bn254_snarks_fp_double(bn254_snarks_fp* r, const bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_double_in_place(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_prod(bn254_snarks_fp* r, const bn254_snarks_fp* a, const bn254_snarks_fp* b); +void ctt_bn254_snarks_fp_mul_in_place(bn254_snarks_fp* a, const bn254_snarks_fp* b); +void ctt_bn254_snarks_fp_square(bn254_snarks_fp* r, const bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_square_in_place(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_div2(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_inv(bn254_snarks_fp* r, const bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_inv_in_place(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_ccopy(bn254_snarks_fp* a, const bn254_snarks_fp* b, const secret_bool ctl); +void ctt_bn254_snarks_fp_cswap(bn254_snarks_fp* a, bn254_snarks_fp* b, const secret_bool ctl); +void ctt_bn254_snarks_fp_cset_zero(bn254_snarks_fp* a, const secret_bool ctl); +void ctt_bn254_snarks_fp_cset_one(bn254_snarks_fp* a, const secret_bool ctl); +void ctt_bn254_snarks_fp_cneg_in_place(bn254_snarks_fp* a, const secret_bool ctl); +void ctt_bn254_snarks_fp_cadd_in_place(bn254_snarks_fp* a, const bn254_snarks_fp* b, const secret_bool ctl); +void ctt_bn254_snarks_fp_csub_in_place(bn254_snarks_fp* a, const bn254_snarks_fp* b, const secret_bool ctl); +secret_bool ctt_bn254_snarks_fp_is_square(const bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_invsqrt(bn254_snarks_fp* r, const bn254_snarks_fp* a); +secret_bool ctt_bn254_snarks_fp_invsqrt_in_place(bn254_snarks_fp* r, const bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_sqrt_in_place(bn254_snarks_fp* a); +secret_bool ctt_bn254_snarks_fp_sqrt_if_square_in_place(bn254_snarks_fp* a); +void ctt_bn254_snarks_fp_sqrt_invsqrt(bn254_snarks_fp* sqrt, bn254_snarks_fp* invsqrt, const bn254_snarks_fp* a); +secret_bool ctt_bn254_snarks_fp_sqrt_invsqrt_if_square(bn254_snarks_fp* sqrt, bn254_snarks_fp* invsqrt, const bn254_snarks_fp* a); +secret_bool ctt_bn254_snarks_fp_sqrt_ratio_if_square(bn254_snarks_fp* r, const bn254_snarks_fp* u, const bn254_snarks_fp* v); +secret_bool ctt_bn254_snarks_fp2_is_eq(const bn254_snarks_fp2* a, const bn254_snarks_fp2* b); +secret_bool ctt_bn254_snarks_fp2_is_zero(const bn254_snarks_fp2* a); +secret_bool ctt_bn254_snarks_fp2_is_one(const bn254_snarks_fp2* a); +secret_bool ctt_bn254_snarks_fp2_is_minus_one(const bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_set_zero(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_set_one(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_set_minus_one(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_neg(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_sum(bn254_snarks_fp2* r, const bn254_snarks_fp2* a, const bn254_snarks_fp2* b); +void ctt_bn254_snarks_fp2_add_in_place(bn254_snarks_fp2* a, const bn254_snarks_fp2* b); +void ctt_bn254_snarks_fp2_diff(bn254_snarks_fp2* r, const bn254_snarks_fp2* a, const bn254_snarks_fp2* b); +void ctt_bn254_snarks_fp2_sub_in_place(bn254_snarks_fp2* a, const bn254_snarks_fp2* b); +void ctt_bn254_snarks_fp2_double(bn254_snarks_fp2* r, const bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_double_in_place(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_conj(bn254_snarks_fp2* r, const bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_conj_in_place(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_conjneg(bn254_snarks_fp2* r, const bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_conjneg_in_place(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_prod(bn254_snarks_fp2* r, const bn254_snarks_fp2* a, const bn254_snarks_fp2* b); +void ctt_bn254_snarks_fp2_mul_in_place(bn254_snarks_fp2* a, const bn254_snarks_fp2* b); +void ctt_bn254_snarks_fp2_square(bn254_snarks_fp2* r, const bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_square_in_place(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_div2(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_inv(bn254_snarks_fp2* r, const bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_inv_in_place(bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_ccopy(bn254_snarks_fp2* a, const bn254_snarks_fp2* b, const secret_bool ctl); +void ctt_bn254_snarks_fp2_cset_zero(bn254_snarks_fp2* a, const secret_bool ctl); +void ctt_bn254_snarks_fp2_cset_one(bn254_snarks_fp2* a, const secret_bool ctl); +void ctt_bn254_snarks_fp2_cneg_in_place(bn254_snarks_fp2* a, const secret_bool ctl); +void ctt_bn254_snarks_fp2_cadd_in_place(bn254_snarks_fp2* a, const bn254_snarks_fp2* b, const secret_bool ctl); +void ctt_bn254_snarks_fp2_csub_in_place(bn254_snarks_fp2* a, const bn254_snarks_fp2* b, const secret_bool ctl); +secret_bool ctt_bn254_snarks_fp2_is_square(const bn254_snarks_fp2* a); +void ctt_bn254_snarks_fp2_sqrt_in_place(bn254_snarks_fp2* a); +secret_bool ctt_bn254_snarks_fp2_sqrt_if_square_in_place(bn254_snarks_fp2* a); +secret_bool ctt_bn254_snarks_ec_g1_aff_is_eq(const bn254_snarks_ec_g1_aff* P, const bn254_snarks_ec_g1_aff* Q); +secret_bool ctt_bn254_snarks_ec_g1_aff_is_inf(const bn254_snarks_ec_g1_aff* P); +void ctt_bn254_snarks_ec_g1_aff_set_inf(bn254_snarks_ec_g1_aff* P); +void ctt_bn254_snarks_ec_g1_aff_ccopy(bn254_snarks_ec_g1_aff* P, const bn254_snarks_ec_g1_aff* Q, const secret_bool ctl); +secret_bool ctt_bn254_snarks_ec_g1_aff_is_on_curve(const bn254_snarks_fp* x, const bn254_snarks_fp* y); +void ctt_bn254_snarks_ec_g1_aff_neg(bn254_snarks_ec_g1_aff* P, const bn254_snarks_ec_g1_aff* Q); +void ctt_bn254_snarks_ec_g1_aff_neg_in_place(bn254_snarks_ec_g1_aff* P); +secret_bool ctt_bn254_snarks_ec_g1_jac_is_eq(const bn254_snarks_ec_g1_jac* P, const bn254_snarks_ec_g1_jac* Q); +secret_bool ctt_bn254_snarks_ec_g1_jac_is_inf(const bn254_snarks_ec_g1_jac* P); +void ctt_bn254_snarks_ec_g1_jac_set_inf(bn254_snarks_ec_g1_jac* P); +void ctt_bn254_snarks_ec_g1_jac_ccopy(bn254_snarks_ec_g1_jac* P, const bn254_snarks_ec_g1_jac* Q, const secret_bool ctl); +void ctt_bn254_snarks_ec_g1_jac_neg(bn254_snarks_ec_g1_jac* P, const bn254_snarks_ec_g1_jac* Q); +void ctt_bn254_snarks_ec_g1_jac_neg_in_place(bn254_snarks_ec_g1_jac* P); +void ctt_bn254_snarks_ec_g1_jac_cneg_in_place(bn254_snarks_ec_g1_jac* P, const secret_bool ctl); +void ctt_bn254_snarks_ec_g1_jac_sum(bn254_snarks_ec_g1_jac* r, const bn254_snarks_ec_g1_jac* P, const bn254_snarks_ec_g1_jac* Q); +void ctt_bn254_snarks_ec_g1_jac_add_in_place(bn254_snarks_ec_g1_jac* P, const bn254_snarks_ec_g1_jac* Q); +void ctt_bn254_snarks_ec_g1_jac_diff(bn254_snarks_ec_g1_jac* r, const bn254_snarks_ec_g1_jac* P, const bn254_snarks_ec_g1_jac* Q); +void ctt_bn254_snarks_ec_g1_jac_double(bn254_snarks_ec_g1_jac* r, const bn254_snarks_ec_g1_jac* P); +void ctt_bn254_snarks_ec_g1_jac_double_in_place(bn254_snarks_ec_g1_jac* P); +void ctt_bn254_snarks_ec_g1_jac_affine(bn254_snarks_ec_g1_aff* dst, const bn254_snarks_ec_g1_jac* src); +void ctt_bn254_snarks_ec_g1_jac_from_affine(bn254_snarks_ec_g1_jac* dst, const bn254_snarks_ec_g1_aff* src); +secret_bool ctt_bn254_snarks_ec_g1_prj_is_eq(const bn254_snarks_ec_g1_prj* P, const bn254_snarks_ec_g1_prj* Q); +secret_bool ctt_bn254_snarks_ec_g1_prj_is_inf(const bn254_snarks_ec_g1_prj* P); +void ctt_bn254_snarks_ec_g1_prj_set_inf(bn254_snarks_ec_g1_prj* P); +void ctt_bn254_snarks_ec_g1_prj_ccopy(bn254_snarks_ec_g1_prj* P, const bn254_snarks_ec_g1_prj* Q, const secret_bool ctl); +void ctt_bn254_snarks_ec_g1_prj_neg(bn254_snarks_ec_g1_prj* P, const bn254_snarks_ec_g1_prj* Q); +void ctt_bn254_snarks_ec_g1_prj_neg_in_place(bn254_snarks_ec_g1_prj* P); +void ctt_bn254_snarks_ec_g1_prj_cneg_in_place(bn254_snarks_ec_g1_prj* P, const secret_bool ctl); +void ctt_bn254_snarks_ec_g1_prj_sum(bn254_snarks_ec_g1_prj* r, const bn254_snarks_ec_g1_prj* P, const bn254_snarks_ec_g1_prj* Q); +void ctt_bn254_snarks_ec_g1_prj_add_in_place(bn254_snarks_ec_g1_prj* P, const bn254_snarks_ec_g1_prj* Q); +void ctt_bn254_snarks_ec_g1_prj_diff(bn254_snarks_ec_g1_prj* r, const bn254_snarks_ec_g1_prj* P, const bn254_snarks_ec_g1_prj* Q); +void ctt_bn254_snarks_ec_g1_prj_double(bn254_snarks_ec_g1_prj* r, const bn254_snarks_ec_g1_prj* P); +void ctt_bn254_snarks_ec_g1_prj_double_in_place(bn254_snarks_ec_g1_prj* P); +void ctt_bn254_snarks_ec_g1_prj_affine(bn254_snarks_ec_g1_aff* dst, const bn254_snarks_ec_g1_prj* src); +void ctt_bn254_snarks_ec_g1_prj_from_affine(bn254_snarks_ec_g1_prj* dst, const bn254_snarks_ec_g1_aff* src); +secret_bool ctt_bn254_snarks_ec_g2_aff_is_eq(const bn254_snarks_ec_g2_aff* P, const bn254_snarks_ec_g2_aff* Q); +secret_bool ctt_bn254_snarks_ec_g2_aff_is_inf(const bn254_snarks_ec_g2_aff* P); +void ctt_bn254_snarks_ec_g2_aff_set_inf(bn254_snarks_ec_g2_aff* P); +void ctt_bn254_snarks_ec_g2_aff_ccopy(bn254_snarks_ec_g2_aff* P, const bn254_snarks_ec_g2_aff* Q, const secret_bool ctl); +secret_bool ctt_bn254_snarks_ec_g2_aff_is_on_curve(const bn254_snarks_fp2* x, const bn254_snarks_fp2* y); +void ctt_bn254_snarks_ec_g2_aff_neg(bn254_snarks_ec_g2_aff* P, const bn254_snarks_ec_g2_aff* Q); +void ctt_bn254_snarks_ec_g2_aff_neg_in_place(bn254_snarks_ec_g2_aff* P); +secret_bool ctt_bn254_snarks_ec_g2_jac_is_eq(const bn254_snarks_ec_g2_jac* P, const bn254_snarks_ec_g2_jac* Q); +secret_bool ctt_bn254_snarks_ec_g2_jac_is_inf(const bn254_snarks_ec_g2_jac* P); +void ctt_bn254_snarks_ec_g2_jac_set_inf(bn254_snarks_ec_g2_jac* P); +void ctt_bn254_snarks_ec_g2_jac_ccopy(bn254_snarks_ec_g2_jac* P, const bn254_snarks_ec_g2_jac* Q, const secret_bool ctl); +void ctt_bn254_snarks_ec_g2_jac_neg(bn254_snarks_ec_g2_jac* P, const bn254_snarks_ec_g2_jac* Q); +void ctt_bn254_snarks_ec_g2_jac_neg_in_place(bn254_snarks_ec_g2_jac* P); +void ctt_bn254_snarks_ec_g2_jac_cneg_in_place(bn254_snarks_ec_g2_jac* P, const secret_bool ctl); +void ctt_bn254_snarks_ec_g2_jac_sum(bn254_snarks_ec_g2_jac* r, const bn254_snarks_ec_g2_jac* P, const bn254_snarks_ec_g2_jac* Q); +void ctt_bn254_snarks_ec_g2_jac_add_in_place(bn254_snarks_ec_g2_jac* P, const bn254_snarks_ec_g2_jac* Q); +void ctt_bn254_snarks_ec_g2_jac_diff(bn254_snarks_ec_g2_jac* r, const bn254_snarks_ec_g2_jac* P, const bn254_snarks_ec_g2_jac* Q); +void ctt_bn254_snarks_ec_g2_jac_double(bn254_snarks_ec_g2_jac* r, const bn254_snarks_ec_g2_jac* P); +void ctt_bn254_snarks_ec_g2_jac_double_in_place(bn254_snarks_ec_g2_jac* P); +void ctt_bn254_snarks_ec_g2_jac_affine(bn254_snarks_ec_g2_aff* dst, const bn254_snarks_ec_g2_jac* src); +void ctt_bn254_snarks_ec_g2_jac_from_affine(bn254_snarks_ec_g2_jac* dst, const bn254_snarks_ec_g2_aff* src); +secret_bool ctt_bn254_snarks_ec_g2_prj_is_eq(const bn254_snarks_ec_g2_prj* P, const bn254_snarks_ec_g2_prj* Q); +secret_bool ctt_bn254_snarks_ec_g2_prj_is_inf(const bn254_snarks_ec_g2_prj* P); +void ctt_bn254_snarks_ec_g2_prj_set_inf(bn254_snarks_ec_g2_prj* P); +void ctt_bn254_snarks_ec_g2_prj_ccopy(bn254_snarks_ec_g2_prj* P, const bn254_snarks_ec_g2_prj* Q, const secret_bool ctl); +void ctt_bn254_snarks_ec_g2_prj_neg(bn254_snarks_ec_g2_prj* P, const bn254_snarks_ec_g2_prj* Q); +void ctt_bn254_snarks_ec_g2_prj_neg_in_place(bn254_snarks_ec_g2_prj* P); +void ctt_bn254_snarks_ec_g2_prj_cneg_in_place(bn254_snarks_ec_g2_prj* P, const secret_bool ctl); +void ctt_bn254_snarks_ec_g2_prj_sum(bn254_snarks_ec_g2_prj* r, const bn254_snarks_ec_g2_prj* P, const bn254_snarks_ec_g2_prj* Q); +void ctt_bn254_snarks_ec_g2_prj_add_in_place(bn254_snarks_ec_g2_prj* P, const bn254_snarks_ec_g2_prj* Q); +void ctt_bn254_snarks_ec_g2_prj_diff(bn254_snarks_ec_g2_prj* r, const bn254_snarks_ec_g2_prj* P, const bn254_snarks_ec_g2_prj* Q); +void ctt_bn254_snarks_ec_g2_prj_double(bn254_snarks_ec_g2_prj* r, const bn254_snarks_ec_g2_prj* P); +void ctt_bn254_snarks_ec_g2_prj_double_in_place(bn254_snarks_ec_g2_prj* P); +void ctt_bn254_snarks_ec_g2_prj_affine(bn254_snarks_ec_g2_aff* dst, const bn254_snarks_ec_g2_prj* src); +void ctt_bn254_snarks_ec_g2_prj_from_affine(bn254_snarks_ec_g2_prj* dst, const bn254_snarks_ec_g2_aff* src); #ifdef __cplusplus