Error in the KSS-18-638 curve initialization function

[adelapie]

Hello Diego,

I think there is a problem in the KSS-18-638 pairing-friendly curve initialization part. When running pc_param_set_any, for instance via:

    if (pc_param_set_any() != RLC_OK) {
        RLC_THROW(ERR_NO_CURVE);
        core_clean();

        return 0;
    }

the following error is thrown: ERROR THROWN in relic_ep_curve.c:141 but the results of pc_param_set_any is RLC_OK

The error seems to be related to the ep_curve_set_map function which generates the constants involved into the hash-into-curve operations:

            /* constant 3: sqrt(-g(u) * (3 * u^2 + 4 * a)) */
            fp_sqr(c3, ctx->ep_map_u);    /* c3 = u^2 */
            fp_mul_dig(c3, c3, 3);        /* c3 = 3 * u^2 */
            fp_mul_dig(c4, ctx->ep_a, 4); /* c4 = 4 * a */
            fp_add(c4, c3, c4);           /* c4 = 3 * u^2 + 4 * a */
            fp_neg(c4, c4);               /* c4 = -(3 * u^2 + 4 * a) */
            fp_mul(c3, c4, c1);           /* c3 = -g(u) * (3 * u^2 + 4 * a) */
            if (!fp_srt(c3, c3)) {        /* c3 = sqrt(-g(u) * (3 * u^2 + 4 * a)) */
                RLC_THROW(ERR_NO_VALID);
            }

This error can be reproduced for instance running the pc benchmark:

-- Benchmarks for the PC module:
ERROR THROWN in relic_ep_curve.c:141

Also the test for the pairing group seems to fail:

-- Tests for the PC module:
ERROR THROWN in relic_ep_curve.c:141

-- Curve K18-P638:

-- Group G_1:

** Utilities:

Testing if memory can be allocated...                                         [PASS]
Testing if comparison is consistent...                                        [PASS]
Testing if copy and comparison are consistent...                              [FAIL]
(at /tmp/relic/test/test_pc.c:101)

Do you think this problem could also affect the group arithmetic in the KSS-18-638 pairing-friendly curve ?

Thanks, Antonio

[dfaranha]

Oops, I made a mistake when pushing to the various branches. See if the latest commit solves it for you, as it should enable the KSS18 curve by default!

[adelapie]

Hi,

I still get the same error in the test for pc and in the benchmark, I'm not sure if this is normal. I compile via the kss18-638 preset as:

$ /tmp/relic-target  ../relic/preset/x64-pbc-kss18-638.sh ../relic                                                                                                                    

[...]

Then:

 $ /tmp/relic-target/bin  ./test_pc                                                                                                                                                    

-- Tests for the PC module:
ERROR THROWN in relic_ep_curve.c:141

-- Curve K18-P638:

-- Group G_1:

** Utilities:

Testing if memory can be allocated...                                         [PASS]
Testing if comparison is consistent...                                        [PASS]
Testing if copy and comparison are consistent...                              [FAIL]
(at /tmp/relic/test/test_pc.c:101)

 $ /tmp/relic-target/bin  ./bench_pc                                                                                                                                                 1 ✘ 
-- RELIC 0.7.0 configuration:

** Allocation mode: AUTO

** Arithmetic backend: X64_ASM_10L

** Benchmarking options:
   Number of times: 10000

** Multiple precision module options:
   Precision: 1024 bits, 16 words
   Arithmetic method: COMBA;COMBA;MONTY;SLIDE;BASIC;BASIC

** Prime field module options:
   Prime size: 638 bits, 10 words
   Arithmetic method: INTEG;INTEG;INTEG;MONTY;LOWER;LOWER;SLIDE

** Prime field extension module options:
   Arithmetic method: INTEG;INTEG;LAZYR

** Prime elliptic curve module options:
   Arithmetic method: PROJC;LWNAF;COMBS;INTER

** Bilinear pairing module options:
   Arithmetic method: LAZYR;OATEP

** Binary field module options:
   Polynomial size: 283 bits, 5 words
   Arithmetic method: LODAH;QUICK;QUICK;QUICK;QUICK;QUICK;EXGCD;SLIDE;QUICK

** Binary elliptic curve module options:
   Arithmetic method: PROJC;LWNAF;COMBS;INTER

** Elliptic Curve Cryptography module options:
   Arithmetic method: PRIME

** Edwards Curve Cryptography module options:
   Arithmetic method: PROJC;LWNAF;COMBS;INTER

** Hash function module options:
   Chosen method: SH256

-- Benchmarks for the PC module:
ERROR THROWN in relic_ep_curve.c:141

I also run other tests this time, some seem to fail:

      /tmp/relic-target/bin  ./test_ep                                                                                                                                                    ✔ 

-- Tests for the EP module:
ERROR THROWN in relic_ep_curve.c:141

-- Curve K18-P638:

** Utilities:

Testing if memory can be allocated...                                         [PASS]
Testing if copy and comparison are consistent...                              [FAIL]
(at /tmp/relic/test/test_ep.c:94)
      /tmp/relic-target/bin  ./test_epx                                                                                                                                                 1 ✘ 

-- Tests for the EPX module
ERROR THROWN in relic_ep_curve.c:141

-- Curve K18-P638:

** Utilities:

Testing if memory can be allocated...                                         [PASS]
Testing if copy and comparison are consistent...                              [FAIL]
(at /tmp/relic/test/test_epx.c:1243)
      /tmp/relic-target/bin  ./test_pp                                                                                                                                                  1 ✘ 

-- Tests for the PP module
ERROR THROWN in relic_ep_curve.c:141

-- Curve K18-P638:

** Arithmetic

Testing if miller doubling is correct...                                      [FAIL]
(at /tmp/relic/test/test_pp.c:1403)

[dfaranha]

You're right and there were other errors that I hope to have just fixed. Can you try again?

[adelapie]

Yes, it works now. Thanks a lot.

[dfaranha]

You're welcome, sorry for the partial commit ruining things on your side!