Consensys · gbotrel · Aug 18, 2023 · May 4, 2023 · May 4, 2023 · May 5, 2023
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -27,18 +27,21 @@ jobs:
           ${{ runner.os }}-go-
     - name: gofmt
       run: if [[ -n $(gofmt -l .) ]]; then echo "please run gofmt"; exit 1; fi
-    - name: golangci-lint
-      uses: golangci/golangci-lint-action@v3
-      with:
-          args: --timeout=5m
     - name: install deps
       run: go install golang.org/x/tools/cmd/goimports@latest && go install github.com/klauspost/asmfmt/cmd/asmfmt@latest
     - name: generated files should not be modified
       run: |
         go generate ./...
         git update-index --assume-unchanged go.mod
         git update-index --assume-unchanged go.sum
-        if [[ -n $(git status --porcelain) ]]; then echo "git repo is dirty after runing go generate -- please don't modify generated files"; echo $(git diff);echo $(git status --porcelain); exit 1; fi
+        if [[ -n $(git status --porcelain) ]]; then echo "git repo is dirty after running go generate -- please don't modify generated files"; echo $(git diff);echo $(git status --porcelain); exit 1; fi
+    # A hack to get golangci-lint to examine generated files
+    - name: remove "generated by" comments
+      run: find . -type f -name "*.go" -exec perl -i -pe 's/Code generated by .* DO NOT EDIT/FOO/g' {} \;
+    - name: golangci-lint
+      uses: golangci/golangci-lint-action@v3
+      with:
+        args: --timeout=5m
 
   test:
     strategy:

diff --git a/.golangci.yml b/.golangci.yml
@@ -1,7 +1,3 @@
-linters-settings:
-  govet:
-    check-shadowing: true
-
 linters:
   disable-all: true
   enable:
@@ -11,7 +7,7 @@ linters:
     - gosimple
     - govet
     - ineffassign
-    # - errcheck
+    - misspell
 
 run:
   issues-exit-code: 1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -657,6 +657,7 @@
 - remove unecessary inverse in KZG-verify
 - faster GLV scalar decompostion
 
+
 ### Refactor
 - fft is done in the main loop
 - kzg uses DivideByXminusA from polynomial module
@@ -683,10 +684,13 @@
 - remove dead code ([#230](https://github.com/ConsenSys/gnark-crypto/issues/230))
 - inneficient -> inefficient
 - cosmetic changes ([#197](https://github.com/ConsenSys/gnark-crypto/issues/197))
-- use bytes package
-- removed dead code
-- fixed comment
-- cleaned comments, removed dead code
+- replace modulus generated by constants, add zero-alloc SetRandom ([#194](https://github.com/ConsenSys/gnark-crypto/issues/194))
+- remove unneeded x86 asm and files ([#192](https://github.com/ConsenSys/gnark-crypto/issues/192))
+- polish readme.md with updated godoc subpackage links ([#235](https://github.com/ConsenSys/gnark-crypto/issues/235))
+- acknowledge that inv(0)==0 in comments as a convention ([#233](https://github.com/ConsenSys/gnark-crypto/issues/233))
+- added note in pairing godoc - doesn't check inputs are in correct subgroup ([#231](https://github.com/ConsenSys/gnark-crypto/issues/231))
+- add security estimates of implemented curves in comments
+
 
 ### Test
 - cleanup
@@ -987,37 +991,16 @@
 - update field IsUIint64 doc
 
 ### Feat
-- addition of test with a tampered proof
-- addition of permutation proof in lookup proof (table version)
-- addition of proof of permutation
-- added UnmarshalJSON and MarshalJSON on fields
-- added field.Text(base) to return field element string in a given base, like big.Int
-- field.SetString now supports 0b 0o 0x prefixes (base 2, 8 and 16)
-- Autogen P20
-- ScalarMul-->mulWindowed, modified blinding of scalar in tests
-- Three ways of dealing with signed numbers in montgomery reduction
-- Signed mont-reduce
-- code gen for integrating permutation proof
-- Test for corrective factor consistency
-- Naive GCD works
-- addition of benchmark
-- added field.SetInt64
-- added quick and dirty benchmarking script
-- added support for intX and uintX fixes [#109](https://github.com/ConsenSys/gnark-crypto/issues/109)
-- pre-compute addition chains for Sqrt and Legendre exp functions
-- added addchain for all sqrt
-- Naive GCD improved
-- Full paper implemented, unknown bug
-- Full paper implemented, tests passing
-- **bls24:** experiment with Fp-Fp2-Fp4-Fp12-Fp24 tower
-- **kzg:** test tampered proofs whith quotient set to zero
-- **plookup:** challenges are derived using Fiat Shamir
-- **plookup:** addition of prover and verifier for tables
-- **plookup:** proof generation
-- **plookup:** addition of templates
-- **plookup:** adding missing files in templates
-- **plookup:** generated plookup for all curves
-- **plookup:** addition of benchmark
+
+- **plookup:** added plookup lookup proof
+- **field:** generate optimized addition chains for Sqrt & Legendre exp functions
+- **field:** added field.SetInt64, support for intX and uintX [#109](https://github.com/ConsenSys/gnark-crypto/issues/109)
+- **field:** added UnmarshalJSON and MarshalJSON on fields
+- **field:** added field.Text(base) to return field element string in a given base, like big.Int
+- **field:** field.SetString now supports 0b 0o 0x prefixes (base 2, 8 and 16)
+- **kzg:** test tampered proofs with quotient set to zero
+- **bls24:** Fp-Fp2-Fp4-Fp12-Fp24 tower
+
 
 ### Fix
 - Optimization 3 works, but with many watches
@@ -1312,38 +1295,10 @@
 - save allocation when possible when adding 2 polynomials
 - ecc encoder now handles []Element so gnark don't have to
 - ecc encoders uses binary.Write and binary.Read to support basic types
-- addition of methods GetClaimedValue(s) on opening proofs
-- Add,Sub,ScalarMul ops added to Digest
-- add new curve bls24-315
-- code gen corresponding to previous commit
-- added mul_by_13 asm impl in field arithmetic
-- Element.SetInterface returns an error instead of panicking if unsupported type
-- added Fuzz pairing billinearity
-- added kzg Fuzz test
-- added Fuzz for fft with cosets
-- added Fuzz() for fft pacakge
-- addition of method Marshal for Kzg proofs
-- addition of BatchVerifyMultiPoints in kzg
-- added element_fuzz.go with build tag gofuzz to expose non-asm (generic) impl for fuzz testing
-- kzg scheme serialization (bn254)
-- code gen for kzg scheme serialization + tests
-- helper to build a new kzg scheme for testing purpose
-- tests for mock commitment (if claimed values are correct, etc)
-- addition of test for claimed values (polynomial commitments)
-- added subgroup check for proof and digests in kzg
-- fixes [#38](https://github.com/ConsenSys/gnark-crypto/issues/38)
-- **all curves:** faster GT memebership
-- **bw6:** GT membership
-- **bw6-633:** add bw6-633 to hash and fiat-shamir
-- **bw6-633:** add twisted edwards companion to bw6-633
-- **bw6-633:** optimized frobenius
-- **ecc:** multiexp takes nbTasks as parameter instead of semaphore
-- **fft:** addition of param to set precomputations in domain struct
-- **kzg:** test polynomials of different sizes
-- **kzg:** added /kzg with NewSRS(curveID) API for serialization purposes
-- **kzg:** kzg objects implement io.ReaderFrom and io.WriterTo
-- **kzg:** hash function is passed as parameter
-- **kzg:** added optional nbTasks to pass through multiExp api
+- added ecc.Implemented() that returns list of curve fully implemented
+- added Reference benchmarks for continuous benchmarking. fixes [#54](https://github.com/ConsenSys/gnark-crypto/issues/54)
+- added curve level go-fuzz fuzz functions
+- **all curves:** faster GT membership
 - **twisted Edwards:** tests use gopter, no more hardcoded values
 
 ### Fix
@@ -1408,18 +1363,7 @@
 - **bw6:** new optimized final exp (hard part)
 - **bw6-633:** divide G1 cofactor formula by 4
 - **bw6-633:** optimized hard part in final exp
-- **fft:** introduced flatten kernel for n==8 and asm impl for butterfly to minimze memory writes
-- **kzg:** use syntetic division to divide by x-a
-- **kzg:** dividePolyByXminusA parallelism
-- **kzg:** dividePolyByXminusA uses precomputed domain twiddle
-- **kzg:** merge both loop in divideXpoly into 1
-- **kzg:** Open will split the msm in 2 if numCpus > 16
-- **kzg:** perform polynomial evaluations in parallel inside batchOpen
-- **kzg:** reuse memory for batchopen poly division
-- **kzg:** added batch inversion in dividePolyByXminusA
-- **kzg:** parallelize s = 1 / (x-a)
-- **kzg:** remove useless fft in dividebyxminusa
-- **kzg:** simplified dividePolyByXminusA, no need to shift
+- **fft:** introduced flatten kernel for n==8 and asm impl for butterfly to minimize memory writes
 
 ### Refactor
 - removed deprecated MulAssign, AddAssign and SubAssign apis
@@ -1521,10 +1465,9 @@
 ### Fix
 - handle case where numCPU < 4 in precomputeExpTable
 - incorrect comment and size returned in twistededwards SetBytes fixes [#34](https://github.com/ConsenSys/gnark-crypto/issues/34)
-- add/dbl exJac
-- add/dbl exJac
 - point.SetBytes can now be called concurently with same byte slice input
 
+
 ### Perf
 - delay coordinates conversion
 - delay coordinates conversion

diff --git a/ecc/bls12-377/ecdsa/doc.go b/ecc/bls12-377/ecdsa/doc.go
diff --git a/ecc/bls12-377/ecdsa/ecdsa.go b/ecc/bls12-377/ecdsa/ecdsa.go
diff --git a/ecc/bls12-377/ecdsa/ecdsa_test.go b/ecc/bls12-377/ecdsa/ecdsa_test.go
diff --git a/ecc/bls12-377/ecdsa/marshal.go b/ecc/bls12-377/ecdsa/marshal.go
diff --git a/ecc/bls12-377/ecdsa/marshal_test.go b/ecc/bls12-377/ecdsa/marshal_test.go
diff --git a/ecc/bls12-377/fp/element.go b/ecc/bls12-377/fp/element.go