• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • C
      • Farray
      • Rp-rewriter
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • Java
      • Riscv
      • Taspi
      • Bitcoin
      • Des
      • Ethereum
      • X86isa
      • Sha-2
      • Yul
      • Zcash
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Axe
      • Aleo
        • Aleobft
        • Aleovm
        • Leo
          • Grammar
          • Early-version
            • Json2ast
            • Testing
            • Definition
              • Flattening
              • Abstract-syntax
              • Dynamic-semantics
                • Execution
                • Values
                • Dynamic-environments
                • Arithmetic-operations
                  • Integer-arithmetic-operations
                  • Field-arithmetic-operations
                  • Scalar-field-arithmetic-operations
                  • Group-arithmetic-operations
                    • Op-group-mul
                      • Op-group-sub
                      • Op-group-add
                      • Op-group-double
                      • Op-group-neg
                    • Op-mul
                    • Op-add
                    • Op-sub-wrapped
                    • Op-sub
                    • Op-rem-wrapped
                    • Op-pow-wrapped
                    • Op-pow
                    • Op-mul-wrapped
                    • Op-div-wrapped
                    • Op-div
                    • Op-add-wrapped
                    • Op-rem
                    • Op-square-root
                    • Op-square
                    • Op-neg
                    • Op-inv
                    • Op-double
                    • Op-abs-wrapped
                    • Op-abs
                  • Curve-parameterization
                  • Shift-operations
                  • Errors
                  • Value-expressions
                  • Locations
                  • Input-execution
                  • Edwards-bls12-generator
                  • Equality-operations
                  • Logical-operations
                  • Program-execution
                  • Ordering-operations
                  • Bitwise-operations
                  • Literal-evaluation
                  • Type-maps-for-struct-components
                  • Output-execution
                  • Tuple-operations
                  • Struct-operations
                • Compilation
                • Static-semantics
                • Concrete-syntax
        • Bigmems
        • Builtins
        • Execloader
        • Solidity
        • Paco
        • Concurrent-programs
        • Bls12-377-curves
      • Debugging
      • Community
      • Std
      • Proof-automation
      • Macro-libraries
      • ACL2
      • Interfacing-tools
      • Hardware-verification
      • Software-verification
      • Math
      • Testing-utilities
    • Group-arithmetic-operations

    Op-group-mul

    Leo group scalar multiplication operation.

    Signature
    (op-group-mul left/right right/left curve) → result
    Arguments
    left/right — Guard (valuep left/right).
    right/left — Guard (valuep right/left).
    curve — Guard (curvep curve).
    Returns
    result — Type (value-resultp result).

    Here one operand must be a group value and the other operand must be an scalar value. Thus, the inputs to this function are a scalar field value (either the left or the right operand) and a group element value (either the right or the left operand).

    Definitions and Theorems

    Function: op-group-mul

    (defun op-group-mul (left/right right/left curve)
  (declare (xargs :guard (and (valuep left/right)
                              (valuep right/left)
                              (curvep curve))))
  (declare (xargs :guard (and (value-case left/right :scalar)
                              (value-case right/left :group))))
  (let ((__function__ 'op-group-mul))
    (declare (ignorable __function__))
    (b* ((k (value-scalar->get left/right))
         (x (value-group->get right/left))
         ((unless (< k (curve-scalar-prime curve)))
          (reserrf (list :input-not-in-scalar-field k)))
         ((unless (curve-subgroupp x curve))
          (reserrf (list :input-not-in-subgroup x)))
         ((mv okp k*x)
          (curve-subgroup-mul k x curve))
         ((unless okp)
          (reserrf (list :output-not-in-subgroup k*x))))
      (value-group k*x))))

    Theorem: value-resultp-of-op-group-mul

    (defthm value-resultp-of-op-group-mul
  (b* ((result (op-group-mul left/right right/left curve)))
    (value-resultp result))
  :rule-classes :rewrite)

    Theorem: op-group-mul-of-value-fix-left/right

    (defthm op-group-mul-of-value-fix-left/right
  (equal (op-group-mul (value-fix left/right)
                       right/left curve)
         (op-group-mul left/right right/left curve)))

    Theorem: op-group-mul-value-equiv-congruence-on-left/right

    (defthm op-group-mul-value-equiv-congruence-on-left/right
  (implies (value-equiv left/right left/right-equiv)
           (equal (op-group-mul left/right right/left curve)
                  (op-group-mul left/right-equiv right/left curve)))
  :rule-classes :congruence)

    Theorem: op-group-mul-of-value-fix-right/left

    (defthm op-group-mul-of-value-fix-right/left
  (equal (op-group-mul left/right (value-fix right/left)
                       curve)
         (op-group-mul left/right right/left curve)))

    Theorem: op-group-mul-value-equiv-congruence-on-right/left

    (defthm op-group-mul-value-equiv-congruence-on-right/left
  (implies (value-equiv right/left right/left-equiv)
           (equal (op-group-mul left/right right/left curve)
                  (op-group-mul left/right right/left-equiv curve)))
  :rule-classes :congruence)

    Theorem: op-group-mul-of-curve-fix-curve

    (defthm op-group-mul-of-curve-fix-curve
  (equal (op-group-mul left/right right/left (curve-fix curve))
         (op-group-mul left/right right/left curve)))

    Theorem: op-group-mul-curve-equiv-congruence-on-curve

    (defthm op-group-mul-curve-equiv-congruence-on-curve
  (implies (curve-equiv curve curve-equiv)
           (equal (op-group-mul left/right right/left curve)
                  (op-group-mul left/right right/left curve-equiv)))
  :rule-classes :congruence)