diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/Algebra/Field.v | 95 | ||||
-rw-r--r-- | src/Algebra/Field_test.v | 13 | ||||
-rw-r--r-- | src/CompleteEdwardsCurve/CompleteEdwardsCurveTheorems.v | 11 | ||||
-rw-r--r-- | src/Spec/MontgomeryCurve.v | 48 | ||||
-rw-r--r-- | src/WeierstrassCurve/WeierstrassCurveTheorems.v | 80 |
5 files changed, 134 insertions, 113 deletions
diff --git a/src/Algebra/Field.v b/src/Algebra/Field.v index 76b2a9ed3..ebc92c0e5 100644 --- a/src/Algebra/Field.v +++ b/src/Algebra/Field.v @@ -231,17 +231,6 @@ Ltac goal_to_field_equality fld := end end. -Ltac _introduce_inverse fld d d_nz := - let eq := match type of fld with Algebra.field(eq:=?eq) => eq end in - let mul := match type of fld with Algebra.field(mul:=?mul) => mul end in - let one := match type of fld with Algebra.field(one:=?one) => one end in - let inv := match type of fld with Algebra.field(inv:=?inv) => inv end in - match goal with [H: eq (mul d _) one |- _ ] => fail 1 | _ => idtac end; - let d_i := fresh "i" in - unique pose proof (right_multiplicative_inverse(H:=fld) _ d_nz); - set (inv d) as d_i in *; - clearbody d_i. - Ltac inequalities_to_inverse_equations fld := let eq := match type of fld with Algebra.field(eq:=?eq) => eq end in let zero := match type of fld with Algebra.field(zero:=?zero) => zero end in @@ -250,52 +239,80 @@ Ltac inequalities_to_inverse_equations fld := repeat match goal with | [H: not (eq _ _) |- _ ] => lazymatch type of H with - | not (eq ?d zero) => _introduce_inverse fld d H - | not (eq zero ?d) => _introduce_inverse fld d (symmetry(R:=fun a b => not (eq a b)) H) - | not (eq ?x ?y) => _introduce_inverse fld (sub x y) (Ring.neq_sub_neq_zero _ _ H) + | not (eq ?d zero) => + unique pose proof (right_multiplicative_inverse(H:=fld) _ H) + | not (eq zero ?d) => + unique pose proof (right_multiplicative_inverse(H:=fld) _ (symmetry(R:=fun a b => not (eq a b)) H)) + | not (eq ?x ?y) => + unique pose proof (right_multiplicative_inverse(H:=fld) _ (Ring.neq_sub_neq_zero _ _ H)) end end. -Ltac _nonzero_tac fld := - solve [trivial | IntegralDomain.solve_constant_nonzero | goal_to_field_equality fld; nsatz; IntegralDomain.solve_constant_nonzero]. +Ltac unique_pose_implication pf := + let B := match type of pf with ?A -> ?B => B end in + match goal with + | [H:B|-_] => fail 1 + | _ => unique pose proof pf + end. -Ltac _inverse_to_equation_by fld d tac := +Ltac inverses_to_conditional_equations fld := let eq := match type of fld with Algebra.field(eq:=?eq) => eq end in - let zero := match type of fld with Algebra.field(zero:=?zero) => zero end in - let one := match type of fld with Algebra.field(one:=?one) => one end in - let mul := match type of fld with Algebra.field(mul:=?mul) => mul end in - let div := match type of fld with Algebra.field(div:=?div) => div end in let inv := match type of fld with Algebra.field(inv:=?inv) => inv end in - let d_nz := fresh "nz" in - assert (not (eq d zero)) as d_nz by tac; - lazymatch goal with - | H: eq (mul ?di d) one |- _ => rewrite <-!(left_inv_unique(H:=fld) _ _ H) in * - | H: eq (mul d ?di) one |- _ => rewrite <-!(right_inv_unique(H:=fld) _ _ H) in * - | _ => _introduce_inverse fld d d_nz - end; - clear d_nz. - -Ltac inverses_to_equations_by fld tac := + repeat match goal with + | |- context[inv ?d] => + unique_pose_implication constr:(right_multiplicative_inverse(H:=fld) d) + | H: context[inv ?d] |- _ => + unique_pose_implication constr:(right_multiplicative_inverse(H:=fld) d) + end. + +Ltac clear_hypotheses_with_nonzero_requirements fld := + let eq := match type of fld with Algebra.field(eq:=?eq) => eq end in + let zero := match type of fld with Algebra.field(zero:=?zero) => zero end in + repeat match goal with + [H: not (eq _ zero) -> _ |- _ ] => clear H + end. + +Ltac forward_nonzero fld solver_tac := let eq := match type of fld with Algebra.field(eq:=?eq) => eq end in let zero := match type of fld with Algebra.field(zero:=?zero) => zero end in - let inv := match type of fld with Algebra.field(inv:=?inv) => inv end in repeat match goal with - | |- context[inv ?d] => _inverse_to_equation_by fld d tac - | H: context[inv ?d] |- _ => _inverse_to_equation_by fld d tac + | [H: not (eq ?x zero) -> _ |- _ ] + => let H' := fresh in + assert (H' : not (eq x zero)) by (clear_hypotheses_with_nonzero_requirements; solver_tac); specialize (H H') + | [H: not (eq ?x zero) -> _ |- _ ] + => let H' := fresh in + assert (H' : not (eq x zero)) by (clear H; solver_tac); specialize (H H') end. Ltac divisions_to_inverses fld := rewrite ?(field_div_definition(field:=fld)) in *. -Ltac fsatz := - let fld := guess_field in +Ltac fsatz_solve_on fld := goal_to_field_equality fld; - inequalities_to_inverse_equations fld; - divisions_to_inverses fld; - inverses_to_equations_by fld ltac:(solve_debugfail ltac:(_nonzero_tac fld)); + forward_nonzero fld ltac:(fsatz_solve_on fld); nsatz; solve_debugfail ltac:(IntegralDomain.solve_constant_nonzero). +Ltac fsatz_solve := + let fld := guess_field in + fsatz_solve_on fld. + +Ltac fsatz_prepare_hyps_on fld := + divisions_to_inverses fld; + inequalities_to_inverse_equations fld; + inverses_to_conditional_equations fld; + forward_nonzero fld ltac:(fsatz_solve_on fld). + +Ltac fsatz_prepare_hyps := + let fld := guess_field in + fsatz_prepare_hyps_on fld. + +Ltac fsatz := + let fld := guess_field in + fsatz_prepare_hyps_on fld; + fsatz_solve_on fld. + + Section FieldSquareRoot. Context {T eq zero one opp add mul sub inv div} `{@field T eq zero one opp add sub mul inv div} {eq_dec:DecidableRel eq}. Local Infix "=" := eq : type_scope. Local Notation "a <> b" := (not (a = b)) : type_scope. diff --git a/src/Algebra/Field_test.v b/src/Algebra/Field_test.v index 13a0ffa95..2df673163 100644 --- a/src/Algebra/Field_test.v +++ b/src/Algebra/Field_test.v @@ -55,7 +55,16 @@ Module _fsatz_test. Lemma fractional_equation_no_solution x (A:x<>1) (B:x<>opp two) (C:x*x+x <> two) (X:nine/(x*x + x - two) = opp three/(x+two) + seven*inv(x-1)) : False. Proof. fsatz. Qed. - Local Notation "x ^ 2" := (x*x). Local Notation "x ^ 3" := (x^2*x). + Local Notation "x ^ 2" := (x*x). + Lemma recursive_nonzero_solving + (a sqrt_a d x y : F) + (Hpoly : a * x^2 + y^2 = one + d * x^2 * y^2) + (Hsqrt : sqrt_a^2 = a) + (Hfrac : (sqrt_a / y)^2 <> d) + : x^2 = (y^2 - one) / (d * y^2 - a). + Proof. fsatz. Qed. + + Local Notation "x ^ 3" := (x^2*x). Lemma weierstrass_associativity_main a b x1 y1 x2 y2 x4 y4 (A: y1^2=x1^3+a*x1+b) (B: y2^2=x2^3+a*x2+b) @@ -77,6 +86,6 @@ Module _fsatz_test. x9 (Hx9: x9 = λ9^2-x1-x6) y9 (Hy9: y9 = λ9*(x1-x9)-y1) : x7 = x9 /\ y7 = y9. - Proof. split; fsatz. Qed. + Proof. fsatz_prepare_hyps; split; fsatz. Qed. End _test. End _fsatz_test.
\ No newline at end of file diff --git a/src/CompleteEdwardsCurve/CompleteEdwardsCurveTheorems.v b/src/CompleteEdwardsCurve/CompleteEdwardsCurveTheorems.v index a52bf38f6..996c5d672 100644 --- a/src/CompleteEdwardsCurve/CompleteEdwardsCurveTheorems.v +++ b/src/CompleteEdwardsCurve/CompleteEdwardsCurveTheorems.v @@ -95,14 +95,9 @@ Module E. Section PointCompression. Local Notation "x ^ 2" := (x*x). - Lemma a_d_y2_nonzero y : d * y^2 - a <> 0. - Proof. - destruct square_a as [sqrt_a], (dec (y=0)); - pose proof nonzero_a; pose proof (nonsquare_d (sqrt_a/y)); fsatz. - Qed. - - Lemma solve_correct : forall x y, onCurve x y <-> (x^2 = (y^2-1) / (d*y^2-a)). - Proof. pose proof a_d_y2_nonzero; t. Qed. + Lemma solve_correct x y : onCurve x y <-> (x^2 = (y^2-1) / (d*y^2-a)). + Proof. destruct square_a as [sqrt_a]; pose proof (nonsquare_d (sqrt_a/y)); + split; intros; fsatz. Qed. (* TODO: move *) Definition exist_option {A} (P : A -> Prop) (x : option A) diff --git a/src/Spec/MontgomeryCurve.v b/src/Spec/MontgomeryCurve.v index 2717f6bbc..cff35104c 100644 --- a/src/Spec/MontgomeryCurve.v +++ b/src/Spec/MontgomeryCurve.v @@ -60,6 +60,8 @@ Module M. end. Next Obligation. Proof. t. Qed. + Program Definition zero : point := ∞. + Program Definition opp (P:point) : point := match P return F*F+∞ with | (x, y) => (x, -y) @@ -73,23 +75,55 @@ Module M. Local Notation "27" := (3*9). Context {char_ge_28:@Ring.char_ge F Feq Fzero Fone Fopp Fadd Fsub Fmul 28}. - Let WeierstrassA := ((3-a^2)/(3*b^2)). - Let WeierstrassB := ((2*a^3-9*a)/(27*b^3)). + Local Notation WeierstrassA := ((3-a^2)/(3*b^2)). + Local Notation WeierstrassB := ((2*a^3-9*a)/(27*b^3)). Local Notation Wpoint := (@W.point F Feq Fadd Fmul WeierstrassA WeierstrassB). Local Notation Wadd := (@W.add F Feq Fzero Fone Fopp Fadd Fsub Fmul Finv Fdiv field Feq_dec char_ge_3 WeierstrassA WeierstrassB). + Program Definition to_Weierstrass (P:point) : Wpoint := + match coordinates P return F*F+∞ with + | (x, y) => ((x + a/3)/b, y/b) + | _ => ∞ + end. + Next Obligation. + Proof. clear char_ge_3; destruct P; t. Qed. + Program Definition of_Weierstrass (P:Wpoint) : point := match W.coordinates P return F*F+∞ with | (x,y) => (b*x-a/3, b*y) | _ => ∞ end. Next Obligation. - Proof. clear char_ge_3; subst WeierstrassA; subst WeierstrassB; destruct P; t. Qed. + Proof. clear char_ge_3; destruct P; t. Qed. - Lemma of_Weierstrass_add P1 P2 : - eq (of_Weierstrass (W.add P1 P2)) - (add (of_Weierstrass P1) (of_Weierstrass P2)). - Proof. cbv [WeierstrassA WeierstrassB eq of_Weierstrass W.add add coordinates W.coordinates proj1_sig] in *; clear char_ge_3; t. Qed. + (* TODO: move *) + Program Definition Wopp (P:Wpoint) : Wpoint := + match P return F*F+∞ with + | (x, y) => (x, -y) + | ∞ => ∞ + end. + Next Obligation. destruct P; t. Qed. + + Axiom Wgroup : @Algebra.group Wpoint (@W.eq F Feq Fadd Fmul WeierstrassA WeierstrassB) + Wadd (@W.zero F Feq Fadd Fmul WeierstrassA WeierstrassB) Wopp. + Program Definition _MW : _ /\ _ /\ _ := + @Group.group_from_redundant_representation + Wpoint W.eq Wadd W.zero Wopp + Wgroup + point eq add zero opp + of_Weierstrass + to_Weierstrass + _ _ _ _ _ + . + Next Obligation. cbv [W.eq eq to_Weierstrass of_Weierstrass W.add add coordinates W.coordinates proj1_sig] in *; t. Qed. + Next Obligation. cbv [W.eq eq to_Weierstrass of_Weierstrass W.add add coordinates W.coordinates proj1_sig] in *. clear char_ge_3. t. 2:intuition idtac. 2:intuition idtac. 2:intuition idtac. + { repeat split; destruct_head' and; t. } Qed. + Next Obligation. + (* addition case, same issue as in Weierstrass associativity *) + cbv [W.eq eq to_Weierstrass of_Weierstrass W.add add coordinates W.coordinates proj1_sig] in *. + clear char_ge_3. t. Qed. + Next Obligation. cbv [W.eq eq to_Weierstrass of_Weierstrass W.add add Wopp opp coordinates W.coordinates proj1_sig] in *. clear char_ge_3. t. Qed. + Next Obligation. cbv [W.eq eq to_Weierstrass of_Weierstrass W.add add Wopp opp coordinates W.coordinates proj1_sig] in *. clear char_ge_3. t. Qed. Section AddX. Lemma homogeneous_x_differential_addition_releations P1 P2 : diff --git a/src/WeierstrassCurve/WeierstrassCurveTheorems.v b/src/WeierstrassCurve/WeierstrassCurveTheorems.v index aa444c9ee..b9f7458b0 100644 --- a/src/WeierstrassCurve/WeierstrassCurveTheorems.v +++ b/src/WeierstrassCurve/WeierstrassCurveTheorems.v @@ -10,74 +10,40 @@ Module W. Context {F Feq Fzero Fone Fopp Fadd Fsub Fmul Finv Fdiv} {a b:F} {field:@Algebra.field F Feq Fzero Fone Fopp Fadd Fsub Fmul Finv Fdiv} {char_ge_3:@Ring.char_ge F Feq Fzero Fone Fopp Fadd Fsub Fmul (BinNat.N.succ_pos (BinNat.N.two))} - {char_ge_12:@Ring.char_ge F Feq Fzero Fone Fopp Fadd Fsub Fmul 12%positive} (* FIXME: we shouldn't need this *) + {char_ge_12:@Ring.char_ge F Feq Fzero Fone Fopp Fadd Fsub Fmul 12%positive} (* FIXME: shouldn't need we need 4, not 12? *) {Feq_dec:DecidableRel Feq}. Local Infix "=" := Feq : type_scope. Local Notation "a <> b" := (not (a = b)) : type_scope. Local Notation "0" := Fzero. Local Notation "1" := Fone. - Local Infix "+" := Fadd. Local Infix "*" := Fmul. - Local Infix "-" := Fsub. Local Infix "/" := Fdiv. - Local Notation eq := (@W.eq F Feq Fadd Fmul a b). - Local Notation point := (@W.point F Feq Fadd Fmul a b). - Local Notation "0" := Fzero. Local Notation "1" := Fone. - Local Notation "2" := (1+1). Local Notation "3" := (1+2). Local Notation "4" := (1+3). - Local Notation "8" := (1+(1+(1+(1+4)))). Local Notation "12" := (1+(1+(1+(1+8)))). - Local Notation "16" := (1+(1+(1+(1+12)))). Local Notation "20" := (1+(1+(1+(1+16)))). - Local Notation "24" := (1+(1+(1+(1+20)))). Local Notation "27" := (1+(1+(1+24))). - Local Notation "x ^ 2" := (x*x) (at level 30). Local Notation "x ^ 3" := (x*x^2) (at level 30). - Context {discriminant_nonzero:4*a^3 + 27*b^2 <> 0}. + Local Infix "+" := Fadd. Local Infix "-" := Fsub. Local Infix "*" := Fmul. + Local Notation "4" := (1+1+1+1). Local Notation "27" := (4*4 + 4+4 +1+1+1). + Context {discriminant_nonzero:4*a*a*a + 27*b*b <> 0}. - Program Definition inv (P:point) : point + Program Definition inv (P:@W.point F Feq Fadd Fmul a b) : @W.point F Feq Fadd Fmul a b := match W.coordinates P return F*F+_ with | inl (x1, y1) => inl (x1, Fopp y1) | _ => P end. Next Obligation. destruct P as [[[??]|[]]?]; cbv; trivial; fsatz. Qed. - Lemma same_x_same_y - (xA yA : F) - (A : yA ^ 2 = xA ^ 3 + a * xA + b) - (xB yB : F) - (B : yB ^ 2 = xB ^ 3 + a * xB + b) - (Hx: xA = xB) - (Hy:yB <> Fopp yA) - : yB = yA. - Proof. fsatz. Qed. - - Let is_redundant {T} (x:T) := x. - Ltac clear_marked_redundant := + Global Instance commutative_group : abelian_group(eq:=W.eq)(op:=W.add)(id:=W.zero)(inv:=inv). + Proof. repeat match goal with - [H:?P, Hr:is_redundant ?P |- _] => clear H Hr + | _ => solve [ contradiction | trivial | exact _ ] + | _ => intro + | |- Equivalence _ => split + | |- abelian_group => split | |- group => split | |- monoid => split + | |- is_associative => split | |- is_commutative => split + | |- is_left_inverse => split | |- is_right_inverse => split + | |- is_left_identity => split | |- is_right_identity => split + | _ => progress destruct_head' @W.point + | _ => progress destruct_head' sum + | _ => progress destruct_head' prod + | _ => progress destruct_head' unit + | _ => progress destruct_head' and + | _ => progress cbv [inv W.eq W.zero W.add W.coordinates proj1_sig]in* + | _ => progress break_match end. - Ltac t_step := - match goal with - | _ => solve [ contradiction | trivial | exact _ ] - | _ => intro - | [ A : ?yA ^ 2 = ?xA ^ 3 + a * ?xA + b, - B : ?yB ^ 2 = ?xB ^ 3 + a * ?xB + b, - Hx: ?xA = ?xB, - Hy: ?yB <> Fopp ?yA - |- _] => unique pose proof (same_x_same_y _ _ A _ _ B Hx Hy) - | |- Equivalence _ => split - | |- abelian_group => split | |- group => split | |- monoid => split - | |- is_associative => split | |- is_commutative => split - | |- is_left_inverse => split | |- is_right_inverse => split - | |- is_left_identity => split | |- is_right_identity => split - | p:point |- _ => destruct p - | _ => progress destruct_head' sum - | _ => progress destruct_head' prod - | _ => progress destruct_head' unit - | _ => progress destruct_head' and - | |- context[?P] => - unique pose proof (proj2_sig P); - unique pose proof (proj2_sig P:(is_redundant _)) - | _ => progress cbv [inv W.eq W.zero W.add W.coordinates proj1_sig] in * - | _ => progress break_match - | |- _ /\ _ => split | |- _ <-> _ => split - end. - Ltac t := repeat t_step; clear_marked_redundant. - - Global Instance commutative_group : abelian_group(eq:=W.eq)(op:=W.add)(id:=W.zero)(inv:=inv). - Proof. t. all:try (abstract fsatz). Qed. - + all: try abstract(fsatz_prepare_hyps; repeat split; fsatz_solve). + Qed. End W. End W. |