[Feature] Add additional features to the "group" element type about leo HOT 8 CLOSED

@matthewdgreen I've implemented a list of new opcodes that include the aforementioned types. You can check the full list of new opcodes here: https://github.com/AleoHQ/snarkVM/pull/1576

The Leo team will introduce methods to integrate each of these opcodes soon.

from leo.

Awesome! I am writing a little test "library" that implements: classic Elgamal encryption/decryption, ECIES-like encryption/decryption, Schnorr signatures and an OPRF. These should support all of those cases (I think.)

from leo.

@matthewdgreen we've landed all of the features specified above into Aleo instructions. Leo will be updated over the next 1-2 weeks to support the same features.

• https://github.com/AleoHQ/snarkVM/pull/1594
  • group::GEN is now a valid operand
• https://github.com/AleoHQ/snarkVM/pull/1665
  • cast r0 into r1 as group.x
  • cast r0 into r1 as group.y
  • cast r0 into r1 as field, where r0 is a group.
• https://github.com/AleoHQ/snarkVM/pull/1656

commit.bhp256 r0 r1 into r2 as address;
commit.bhp256 r0 r1 into r2 as field;
commit.bhp256 r0 r1 into r2 as group;
commit.bhp512 ...;
commit.bhp768 ...;
commit.bhp1024 ...;
commit.ped64 ...;
commit.ped128 ...;

• https://github.com/AleoHQ/snarkVM/pull/1647

hash.bhp256 r0 into r1 as address;
hash.bhp256 r0 into r1 as field;
hash.bhp256 r0 into r1 as group;
hash.bhp256 r0 into r1 as i8;
hash.bhp256 r0 into r1 as i16;
hash.bhp256 r0 into r1 as i32;
hash.bhp256 r0 into r1 as i64;
hash.bhp256 r0 into r1 as i128;
hash.bhp256 r0 into r1 as u8;
hash.bhp256 r0 into r1 as u16;
hash.bhp256 r0 into r1 as u32;
hash.bhp256 r0 into r1 as u64;
hash.bhp256 r0 into r1 as u128;
hash.bhp256 r0 into r1 as scalar;
hash.bhp512 ...;
hash.bhp768 ...;
hash.bhp1024 ...;
hash.ped64 ...;
hash.ped128 ...;
hash.psd2 ...;
hash.psd4 ...;
hash.psd8 ...;

from leo.

Additionally, it would be nice if you could use Poseidon to hash to a group element. (This could be a combination of hashing to a field element and then assigning the field element to the x-coordinate of the group.)

from leo.

Agreed. We should introduce hash_to_group and hash_to_scalar for Poseidon. The impls are already in snarkVM.

from leo.

I see this repo and understand the motivation.

We're currently discussing introducing a group::GEN constant into Aleo instructions and Leo as well, so that there is direct access to the prime subgroup generator.

We're also currently looking into implementing cast instructions that can take out the x or y coordinate as so (in Aleo instructions):

input r0 as group.public;
cast r0 into r1 as group.x;
cast r0 into r2 as group.y;

This would of course then be mirrored in Leo as element.to_x_coordinate() and element.to_y_coordinate.

from leo.

We've added the group::GEN syntax in https://github.com/AleoHQ/snarkVM/pull/1594, which will land in the next snarkVM release today.

from leo.

@matthewdgreen
Leo now supports the features discussed above.

1. group::to_x_coordinate(a) or a.to_x_coordinate()
2. Poseidon2::hash_to_group(a)
3. group::GEN

The relevant PRs are:

• #2401
• #2415
• #2427

Some relevant examples are:

• https://github.com/AleoHQ/leo/blob/c373b898c4ecc57913e9cd6034668986aabe4ef9/examples/groups/src/main.leo
• https://github.com/AleoHQ/leo/blob/testnet3/tests/tests/execution/group_operations.leo

from leo.