Skip to content

Bernstein-Yang modular inversion algorithm #372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Dec 3, 2023
Merged

Bernstein-Yang modular inversion algorithm #372

merged 6 commits into from
Dec 3, 2023

Conversation

tarcieri
Copy link
Member

@tarcieri tarcieri commented Dec 2, 2023
edited
Loading

Adapted from: privacy-ethereum/halo2curves#83

Original code is Apache 2.0+MIT. Attribution has been added to the top of the module.

See also: #227

cc @dignifiedquire @fjarri @mratsim

@tarcieri
Copy link
Member Author

tarcieri commented Dec 2, 2023
edited
Loading

Hmm, re: 32-bit support, I was attempting to go off of what section 12.3 of https://gcd.cr.yp.to/safegcd-20190413.pdf had to say regarding the number of bits/iterations, but it seems something else is amiss

dignifiedquire
dignifiedquire reviewed Dec 2, 2023
View reviewed changes
dignifiedquire
dignifiedquire reviewed Dec 2, 2023
View reviewed changes
@tarcieri
Copy link
Member Author

tarcieri commented Dec 3, 2023

Going to back out attempts at 32-bit support. The paper alludes to a jump32divsteps2 function in section 12.3 but I'm not able to find any more information beyond that.

That does leave the issue of how to assemble a [u64] input on 32-bit platforms. On little endian targets it can be a pointer cast, but big endian targets will need an endianness swap.

@tarcieri
Copy link
Member Author

tarcieri commented Dec 3, 2023

Since we need to convert big integers from a saturated representation to an unsaturated 62-bit representation (and back) to perform Bernstein-Yang anyway, I changed the conversion functions to operate over Word-based inputs and outputs, leaving the implementation otherwise as-is.

That seems like enough to make the proptests pass on both 32-bit and 64-bit platforms. I haven't fully integrated it into the various modular inverse functions yet, but this is enough to get started.

@tarcieri tarcieri marked this pull request as ready for review December 3, 2023 20:52
@tarcieri tarcieri changed the title [WIP] Bernstein-Yang modular inversion algorithm Bernstein-Yang modular inversion algorithm Dec 3, 2023
@tarcieri tarcieri merged commit 7f93018 into master Dec 3, 2023
@tarcieri tarcieri deleted the bernstein-yang branch December 3, 2023 20:52
@tarcieri
Copy link
Member Author

tarcieri commented Dec 3, 2023

Note: I do intend to encapsulate this and get it out of the public API

@tarcieri tarcieri mentioned this pull request Dec 3, 2023
Closed
@tarcieri tarcieri mentioned this pull request Aug 14, 2024
Open
@sebastiencs sebastiencs mentioned this pull request Jan 7, 2025
Closed
@tarcieri tarcieri mentioned this pull request Jan 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dignifiedquire dignifiedquire dignifiedquire left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tarcieri @dignifiedquire