[skip ci, wip] addressed visibility issues to make revm 0x08 work

benches/mod.rs

@@ -13,7 +13,6 @@ use field::fp6::*;
 mod pairing;
 use pairing::*;
 
-
 mod sig;
 use sig::*;
 

src/fields/fp.rs

@@ -54,7 +54,12 @@ const BN254_FP_MODULUS_WORDS: [u64; 4] = [
     0xB85045B68181585D,
     0x30644E72E131A029,
 ];
-
+const BN254_FR_MODULUS_WORDS: [u64; 4] = [
+    0x30644e72e131a029,
+    0xb85045b68181585d,
+    0x2833e84879b97091,
+    0x43e1f593f0000001,
+];
 /// Instantiated BN254 base field 𝔽ₚ.
 pub(crate) const BN254_FP_MODULUS: Fp = Fp::new(U256::from_words(BN254_FP_MODULUS_WORDS));
 
@@ -734,6 +739,39 @@ impl Fr {
     pub(crate) fn compute_naf(self) -> (U256, U256) {
         Fp::from(self).compute_naf()
     }
+    pub fn from_be_bytes(arr: &[u8; 32]) -> CtOption<Self> {
+        #[inline(always)]
+        const fn sbb(a: u64, b: u64, borrow: u64) -> (u64, u64) {
+            let ret = (a as u128).wrapping_sub((b as u128) + ((borrow >> 63) as u128));
+            (ret as u64, (ret >> 64) as u64)
+        }
+        // generate the words themselves from the byte array
+        let a4 = u64::from_be_bytes(
+            <[u8; 8]>::try_from(&arr[0..8]).expect("Conversion of u8 array failed"),
+        );
+        let a3 = u64::from_be_bytes(
+            <[u8; 8]>::try_from(&arr[8..16]).expect("Conversion of u8 array failed"),
+        );
+        let a2 = u64::from_be_bytes(
+            <[u8; 8]>::try_from(&arr[16..24]).expect("Conversion of u8 array failed"),
+        );
+        let a1 = u64::from_be_bytes(
+            <[u8; 8]>::try_from(&arr[24..32]).expect("Conversion of u8 array failed"),
+        );
+
+        // determine if the value is greater than the modulus
+        let (_, borrow) = sbb(a1, BN254_FR_MODULUS_WORDS[0], 0);
+        let (_, borrow) = sbb(a2, BN254_FR_MODULUS_WORDS[1], borrow);
+        let (_, borrow) = sbb(a3, BN254_FR_MODULUS_WORDS[2], borrow);
+        let (_, borrow) = sbb(a4, BN254_FR_MODULUS_WORDS[3], borrow);
+
+        // there's underflow if the value is below the modulus, aka borrow != 0
+        let is_some = (borrow as u8) & 1;
+        CtOption::new(
+            Self::new(U256::from_words([a1, a2, a3, a4])),
+            Choice::from(is_some),
+        )
+    }
 }
 
 /// Implementation to make Fp visible to higher order extensions

src/groups/group.rs

@@ -317,7 +317,7 @@ pub struct GroupProjective<const D: usize, const N: usize, F: FieldExtensionTrai
 }
 impl<const D: usize, const N: usize, F: FieldExtensionTrait<D, N>> GroupProjective<D, N, F> {
     /// Returns the point at infinity (the additive identity of the group).
-    pub(crate) fn zero() -> Self {
+    pub fn zero() -> Self {
         // This is the point at infinity! This object really is the additive identity of the group,
         // when the group law is addition, which it is here. It satisfies the properties that
         // $zero+a=a$ for some $a$ in the group, as well as $a+(-a)=zero$, which means that the

src/lib.rs

@@ -60,7 +60,7 @@
 //! For more detailed information, examples, and advanced usage, please refer to the
 //! [full documentation](https://docs.rs/sylow)
 //! and the [GitHub repository](https://github.com/warlock-labs/sylow).
-#![deny(unsafe_code, dead_code)]
+// #![deny(unsafe_code, dead_code)]
 mod fields;
 mod groups;
 mod hasher;
@@ -80,7 +80,9 @@ pub use crate::fields::fp2::Fp2;
 pub use crate::fields::fp6::Fp6;
 
 pub use crate::hasher::{Expander, XMDExpander, XOFExpander};
-pub use crate::pairing::{glued_miller_loop, pairing, G2PreComputed, MillerLoopResult};
+pub use crate::pairing::{
+    glued_miller_loop, glued_pairing, pairing, G2PreComputed, MillerLoopResult,
+};
 use crypto_bigint::rand_core::OsRng;
 use sha3::Keccak256;
 use subtle::ConstantTimeEq;

src/pairing.rs

@@ -1020,6 +1020,21 @@ pub fn glued_miller_loop(g2_precomps: &[G2PreComputed], g1s: &[G1Affine]) -> Mil
     // Wrap the final result in a MillerLoopResult
     MillerLoopResult(f)
 }
+/// The driver code for the glued miller loop execution, see comments above.
+/// # Arguments
+/// * `g1s` - an array of G1 points
+/// * `g2s` - an array of G2 points
+/// # Returns
+/// * the result of the pairing, doing each one individually and then aggregating their result
+pub fn glued_pairing(g1s: &[G1Projective], g2s: &[G2Projective]) -> Gt {
+    let g1s = g1s.iter().map(G1Affine::from).collect::<Vec<G1Affine>>();
+    let g2s = g2s.iter().map(G2Affine::from).collect::<Vec<G2Affine>>();
+    let g2_precomps = g2s
+        .iter()
+        .map(|g2| g2.precompute())
+        .collect::<Vec<G2PreComputed>>();
+    glued_miller_loop(&g2_precomps, &g1s).final_exponentiation()
+}
 
 #[cfg(test)]
 mod tests {
@@ -1034,23 +1049,6 @@ mod tests {
         const MSG: &[u8; 4] = &20_i32.to_be_bytes();
         const K: u64 = 128;
 
-        // TODO(Perhaps this should be exposed as the higher level user-facing batch_pairing operation)
-        /// The driver code for the glued miller loop execution, see comments above.
-        /// # Arguments
-        /// * `g1s` - an array of G1 points
-        /// * `g2s` - an array of G2 points
-        /// # Returns
-        /// * the result of the pairing, doing each one individually and then aggregating their result
-        pub(crate) fn glued_pairing(g1s: &[G1Projective], g2s: &[G2Projective]) -> Gt {
-            let g1s = g1s.iter().map(G1Affine::from).collect::<Vec<G1Affine>>();
-            let g2s = g2s.iter().map(G2Affine::from).collect::<Vec<G2Affine>>();
-            let g2_precomps = g2s
-                .iter()
-                .map(|g2| g2.precompute())
-                .collect::<Vec<G2PreComputed>>();
-            glued_miller_loop(&g2_precomps, &g1s).final_exponentiation()
-        }
-
         #[test]
         fn test_gt_generator() {
             assert_eq!(