From b672f7805e316477fdf2327b43afa4177ffe5912 Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Fri, 18 Aug 2023 12:33:39 +0100 Subject: [PATCH 1/5] perf(bn254/pairing): pre-compute negations -x/y --- std/algebra/emulated/sw_bn254/pairing.go | 67 +++++++++++++----------- 1 file changed, 35 insertions(+), 32 deletions(-) diff --git a/std/algebra/emulated/sw_bn254/pairing.go b/std/algebra/emulated/sw_bn254/pairing.go index 7b9bf43013..8c991134a8 100644 --- a/std/algebra/emulated/sw_bn254/pairing.go +++ b/std/algebra/emulated/sw_bn254/pairing.go @@ -335,7 +335,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc := make([]*G2Affine, n) QNeg := make([]*G2Affine, n) yInv := make([]*emulated.Element[emulated.BN254Fp], n) - xOverY := make([]*emulated.Element[emulated.BN254Fp], n) + xNegOverY := make([]*emulated.Element[emulated.BN254Fp], n) for k := 0; k < n; k++ { Qacc[k] = Q[k] @@ -346,7 +346,9 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { // Anyway (x,0) cannot be on BN254 because -3 is a cubic non-residue in Fp. // So, 1/y is well defined for all points P's. yInv[k] = pr.curveF.Inverse(&P[k].Y) - xOverY[k] = pr.curveF.MulMod(&P[k].X, yInv[k]) + xNegOverY[k] = pr.curveF.MulMod(&P[k].X, yInv[k]) + xNegOverY[k] = pr.curveF.MulMod(&P[k].X, yInv[k]) + xNegOverY[k] = pr.curveF.Neg(xNegOverY[k]) } // Compute ∏ᵢ { fᵢ_{6x₀+2,Q}(P) } @@ -357,7 +359,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { // (assign line to res) Qacc[0], l1 = pr.doubleStep(Qacc[0]) // line evaluation at P[0] - res.C1.B0 = *pr.MulByElement(&l1.R0, xOverY[0]) + res.C1.B0 = *pr.MulByElement(&l1.R0, xNegOverY[0]) res.C1.B1 = *pr.MulByElement(&l1.R1, yInv[0]) if n >= 2 { @@ -366,7 +368,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[1], l1 = pr.doubleStep(Qacc[1]) // line evaluation at P[1] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[1]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[1]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[1]) // ℓ × res @@ -384,7 +386,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[2], l1 = pr.doubleStep(Qacc[2]) // line evaluation at P[1] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[2]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[2]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[2]) // ℓ × res @@ -396,7 +398,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[k], l1 = pr.doubleStep(Qacc[k]) // line evaluation at P[k] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[k]) // ℓ × res @@ -419,7 +421,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { l2 = pr.lineCompute(Qacc[k], QNeg[k]) // line evaluation at P[k] - l2.R0 = *pr.MulByElement(&l2.R0, xOverY[k]) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY[k]) l2.R1 = *pr.MulByElement(&l2.R1, yInv[k]) // Qacc[k] ← Qacc[k]+Q[k] and @@ -427,7 +429,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[k], l1 = pr.addStep(Qacc[k], Q[k]) // line evaluation at P[k] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[k]) // ℓ × ℓ @@ -451,7 +453,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[k], l1s[k] = pr.doubleStep(Qacc[k]) // line evaluation at P[k] - l1s[k].R0 = *pr.MulByElement(&l1s[k].R0, xOverY[k]) + l1s[k].R0 = *pr.MulByElement(&l1s[k].R0, xNegOverY[k]) l1s[k].R1 = *pr.MulByElement(&l1s[k].R1, yInv[k]) } @@ -481,11 +483,11 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[k], l1, l2 = pr.doubleAndAddStep(Qacc[k], Q[k]) // line evaluation at P[k] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[k]) // line evaluation at P[k] - l2.R0 = *pr.MulByElement(&l2.R0, xOverY[k]) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY[k]) l2.R1 = *pr.MulByElement(&l2.R1, yInv[k]) // ℓ × ℓ @@ -503,11 +505,11 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[k], l1, l2 = pr.doubleAndAddStep(Qacc[k], QNeg[k]) // line evaluation at P[k] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[k]) // line evaluation at P[k] - l2.R0 = *pr.MulByElement(&l2.R0, xOverY[k]) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY[k]) l2.R1 = *pr.MulByElement(&l2.R1, yInv[k]) // ℓ × ℓ @@ -541,13 +543,13 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[k], l1 = pr.addStep(Qacc[k], Q1) // line evaluation at P[k] - l1.R0 = *pr.Ext2.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.Ext2.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.Ext2.MulByElement(&l1.R1, yInv[k]) // l2 the line passing Qacc[k] and -π²(Q) l2 = pr.lineCompute(Qacc[k], Q2) // line evaluation at P[k] - l2.R0 = *pr.MulByElement(&l2.R0, xOverY[k]) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY[k]) l2.R1 = *pr.MulByElement(&l2.R1, yInv[k]) // ℓ × ℓ @@ -580,7 +582,7 @@ func (pr Pairing) doubleAndAddStep(p1, p2 *G2Affine) (*G2Affine, *lineEvaluation // omit y3 computation // compute line1 - line1.R0 = *pr.Ext2.Neg(l1) + line1.R0 = *l1 line1.R1 = *pr.Ext2.Mul(l1, &p1.X) line1.R1 = *pr.Ext2.Sub(&line1.R1, &p1.Y) @@ -605,7 +607,7 @@ func (pr Pairing) doubleAndAddStep(p1, p2 *G2Affine) (*G2Affine, *lineEvaluation p.Y = *y4 // compute line2 - line2.R0 = *pr.Ext2.Neg(l2) + line2.R0 = *l2 line2.R1 = *pr.Ext2.Mul(l2, &p1.X) line2.R1 = *pr.Ext2.Sub(&line2.R1, &p1.Y) @@ -639,7 +641,7 @@ func (pr Pairing) doubleStep(p1 *G2Affine) (*G2Affine, *lineEvaluation) { p.X = *xr p.Y = *yr - line.R0 = *pr.Ext2.Neg(λ) + line.R0 = *λ line.R1 = *pr.Ext2.Mul(λ, &p1.X) line.R1 = *pr.Ext2.Sub(&line.R1, &p1.Y) @@ -671,7 +673,7 @@ func (pr Pairing) addStep(p1, p2 *G2Affine) (*G2Affine, *lineEvaluation) { res.Y = *yr var line lineEvaluation - line.R0 = *pr.Ext2.Neg(λ) + line.R0 = *λ line.R1 = *pr.Ext2.Mul(λ, &p1.X) line.R1 = *pr.Ext2.Sub(&line.R1, &p1.Y) @@ -688,7 +690,7 @@ func (pr Pairing) lineCompute(p1, p2 *G2Affine) *lineEvaluation { λ := pr.Ext2.DivUnchecked(qypy, qxpx) var line lineEvaluation - line.R0 = *pr.Ext2.Neg(λ) + line.R0 = *λ line.R1 = *pr.Ext2.Mul(λ, &p1.X) line.R1 = *pr.Ext2.Sub(&line.R1, &p1.Y) @@ -811,9 +813,10 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er var Qacc, QNeg *G2Affine Qacc = Q QNeg = &G2Affine{X: Q.X, Y: *pr.Ext2.Neg(&Q.Y)} - var yInv, xOverY, y2Inv, x2OverY2 *emulated.Element[emulated.BN254Fp] + var yInv, xNegOverY, y2Inv, x2OverY2 *emulated.Element[emulated.BN254Fp] yInv = pr.curveF.Inverse(&P.Y) - xOverY = pr.curveF.MulMod(&P.X, yInv) + xNegOverY = pr.curveF.MulMod(&P.X, yInv) + xNegOverY = pr.curveF.Neg(xNegOverY) y2Inv = pr.curveF.Inverse(&T.Y) x2OverY2 = pr.curveF.MulMod(&T.X, y2Inv) @@ -825,7 +828,7 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er Qacc, l1 = pr.doubleStep(Qacc) // line evaluation at P - l1.R0 = *pr.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.MulByElement(&l1.R1, yInv) // precomputed-ℓ × ℓ @@ -846,7 +849,7 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er l2 = pr.lineCompute(Qacc, QNeg) // line evaluation at P - l2.R0 = *pr.MulByElement(&l2.R0, xOverY) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY) l2.R1 = *pr.MulByElement(&l2.R1, yInv) // Qacc ← Qacc+Q and @@ -854,7 +857,7 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er Qacc, l1 = pr.addStep(Qacc, Q) // line evaluation at P - l1.R0 = *pr.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.MulByElement(&l1.R1, yInv) // ℓ × ℓ @@ -885,7 +888,7 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er Qacc, l1 = pr.doubleStep(Qacc) // line evaluation at P - l1.R0 = *pr.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.MulByElement(&l1.R1, yInv) // precomputed-ℓ × ℓ @@ -915,11 +918,11 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er Qacc, l1, l2 = pr.doubleAndAddStep(Qacc, Q) // line evaluation at P - l1.R0 = *pr.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.MulByElement(&l1.R1, yInv) // line evaluation at P - l2.R0 = *pr.MulByElement(&l2.R0, xOverY) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY) l2.R1 = *pr.MulByElement(&l2.R1, yInv) // ℓ × ℓ @@ -944,11 +947,11 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er Qacc, l1, l2 = pr.doubleAndAddStep(Qacc, QNeg) // line evaluation at P - l1.R0 = *pr.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.MulByElement(&l1.R1, yInv) // line evaluation at P - l2.R0 = *pr.MulByElement(&l2.R0, xOverY) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY) l2.R1 = *pr.MulByElement(&l2.R1, yInv) // ℓ × ℓ @@ -979,13 +982,13 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er Qacc, l1 = pr.addStep(Qacc, Q1) // line evaluation at P - l1.R0 = *pr.Ext2.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.Ext2.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.Ext2.MulByElement(&l1.R1, yInv) // l2 the line passing Qacc and -π²(Q) l2 = pr.lineCompute(Qacc, Q2) // line evaluation at P - l2.R0 = *pr.MulByElement(&l2.R0, xOverY) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY) l2.R1 = *pr.MulByElement(&l2.R1, yInv) // ℓ × ℓ From 4c9ac4467bb735b020f2e35a941632757f9a1e1a Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Fri, 18 Aug 2023 12:38:32 +0100 Subject: [PATCH 2/5] perf(bls12-381/pairing): pre-compute negations -x/y --- std/algebra/emulated/sw_bls12381/pairing.go | 52 +++++++++++---------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/std/algebra/emulated/sw_bls12381/pairing.go b/std/algebra/emulated/sw_bls12381/pairing.go index 72331dca92..9f4996d457 100644 --- a/std/algebra/emulated/sw_bls12381/pairing.go +++ b/std/algebra/emulated/sw_bls12381/pairing.go @@ -327,7 +327,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { var l1, l2 *lineEvaluation Qacc := make([]*G2Affine, n) yInv := make([]*emulated.Element[emulated.BLS12381Fp], n) - xOverY := make([]*emulated.Element[emulated.BLS12381Fp], n) + xNegOverY := make([]*emulated.Element[emulated.BLS12381Fp], n) for k := 0; k < n; k++ { Qacc[k] = Q[k] @@ -337,7 +337,8 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { // Anyway (x,0) cannot be on BLS12-381 because -4 is a cubic non-residue in Fp. // so, 1/y is well defined for all points P's yInv[k] = pr.curveF.Inverse(&P[k].Y) - xOverY[k] = pr.curveF.MulMod(&P[k].X, yInv[k]) + xNegOverY[k] = pr.curveF.MulMod(&P[k].X, yInv[k]) + xNegOverY[k] = pr.curveF.Neg(xNegOverY[k]) } // Compute ∏ᵢ { fᵢ_{x₀,Q}(P) } @@ -353,11 +354,11 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { Qacc[0], l1, l2 = pr.tripleStep(Qacc[0]) // line evaluation at P[0] // and assign line to res (R1, R0, 0, 0, 1, 0) - res.C0.B1 = *pr.MulByElement(&l1.R0, xOverY[0]) + res.C0.B1 = *pr.MulByElement(&l1.R0, xNegOverY[0]) res.C0.B0 = *pr.MulByElement(&l1.R1, yInv[0]) res.C1.B1 = *pr.Ext2.One() // line evaluation at P[0] - l2.R0 = *pr.MulByElement(&l2.R0, xOverY[0]) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY[0]) l2.R1 = *pr.MulByElement(&l2.R1, yInv[0]) // res = ℓ × ℓ prodLines := *pr.Mul014By014(&l2.R1, &l2.R0, &res.C0.B0, &res.C0.B1) @@ -373,10 +374,10 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { // l2 the line ℓ passing 2Q[k] and Q[k] Qacc[k], l1, l2 = pr.tripleStep(Qacc[k]) // line evaluation at P[k] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[k]) // line evaluation at P[k] - l2.R0 = *pr.MulByElement(&l2.R0, xOverY[k]) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY[k]) l2.R1 = *pr.MulByElement(&l2.R1, yInv[k]) // ℓ × ℓ prodLines = *pr.Mul014By014(&l1.R1, &l1.R0, &l2.R1, &l2.R0) @@ -396,7 +397,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { // Qacc[k] ← 2Qacc[k] and l1 the tangent ℓ passing 2Qacc[k] Qacc[k], l1 = pr.doubleStep(Qacc[k]) // line evaluation at P[k] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[k]) // ℓ × res res = pr.MulBy014(res, &l1.R1, &l1.R0) @@ -408,10 +409,10 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { // l2 the line ℓ passing (Qacc[k]+Q[k]) and Qacc[k] Qacc[k], l1, l2 = pr.doubleAndAddStep(Qacc[k], Q[k]) // line evaluation at P[k] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[k]) // line evaluation at P[k] - l2.R0 = *pr.MulByElement(&l2.R0, xOverY[k]) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY[k]) l2.R1 = *pr.MulByElement(&l2.R1, yInv[k]) // ℓ × ℓ prodLines = *pr.Mul014By014(&l1.R1, &l1.R0, &l2.R1, &l2.R0) @@ -427,7 +428,7 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { // l1 the tangent ℓ passing 2Qacc[k] l1 = pr.tangentCompute(Qacc[k]) // line evaluation at P[k] - l1.R0 = *pr.MulByElement(&l1.R0, xOverY[k]) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY[k]) l1.R1 = *pr.MulByElement(&l1.R1, yInv[k]) // ℓ × res res = pr.MulBy014(res, &l1.R1, &l1.R0) @@ -459,7 +460,7 @@ func (pr Pairing) doubleAndAddStep(p1, p2 *G2Affine) (*G2Affine, *lineEvaluation // omit y3 computation // compute line1 - line1.R0 = *pr.Ext2.Neg(l1) + line1.R0 = *l1 line1.R1 = *pr.Ext2.Mul(l1, &p1.X) line1.R1 = *pr.Ext2.Sub(&line1.R1, &p1.Y) @@ -484,7 +485,7 @@ func (pr Pairing) doubleAndAddStep(p1, p2 *G2Affine) (*G2Affine, *lineEvaluation p.Y = *y4 // compute line2 - line2.R0 = *pr.Ext2.Neg(l2) + line2.R0 = *l2 line2.R1 = *pr.Ext2.Mul(l2, &p1.X) line2.R1 = *pr.Ext2.Sub(&line2.R1, &p1.Y) @@ -518,7 +519,7 @@ func (pr Pairing) doubleStep(p1 *G2Affine) (*G2Affine, *lineEvaluation) { p.X = *xr p.Y = *yr - line.R0 = *pr.Ext2.Neg(λ) + line.R0 = *λ line.R1 = *pr.Ext2.Mul(λ, &p1.X) line.R1 = *pr.Ext2.Sub(&line.R1, &p1.Y) @@ -550,7 +551,7 @@ func (pr Pairing) addStep(p1, p2 *G2Affine) (*G2Affine, *lineEvaluation) { res.Y = *yr var line lineEvaluation - line.R0 = *pr.Ext2.Neg(λ) + line.R0 = *λ line.R1 = *pr.Ext2.Mul(λ, &p1.X) line.R1 = *pr.Ext2.Sub(&line.R1, &p1.Y) @@ -572,7 +573,7 @@ func (pr Pairing) tripleStep(p1 *G2Affine) (*G2Affine, *lineEvaluation, *lineEva λ1 := pr.Ext2.DivUnchecked(n, d) // compute line1 - line1.R0 = *pr.Ext2.Neg(λ1) + line1.R0 = *λ1 line1.R1 = *pr.Ext2.Mul(λ1, &p1.X) line1.R1 = *pr.Ext2.Sub(&line1.R1, &p1.Y) @@ -588,7 +589,7 @@ func (pr Pairing) tripleStep(p1 *G2Affine) (*G2Affine, *lineEvaluation, *lineEva λ2 = pr.Ext2.Sub(λ2, λ1) // compute line2 - line2.R0 = *pr.Ext2.Neg(λ2) + line2.R0 = *λ2 line2.R1 = *pr.Ext2.Mul(λ2, &p1.X) line2.R1 = *pr.Ext2.Sub(&line2.R1, &p1.Y) @@ -619,7 +620,7 @@ func (pr Pairing) tangentCompute(p1 *G2Affine) *lineEvaluation { λ := pr.Ext2.DivUnchecked(n, d) var line lineEvaluation - line.R0 = *pr.Ext2.Neg(λ) + line.R0 = *λ line.R1 = *pr.Ext2.Mul(λ, &p1.X) line.R1 = *pr.Ext2.Sub(&line.R1, &p1.Y) @@ -704,9 +705,10 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er var l1, l2 *lineEvaluation var Qacc *G2Affine Qacc = Q - var yInv, xOverY, y2Inv, x2OverY2 *emulated.Element[emulated.BLS12381Fp] + var yInv, xNegOverY, y2Inv, x2OverY2 *emulated.Element[emulated.BLS12381Fp] yInv = pr.curveF.Inverse(&P.Y) - xOverY = pr.curveF.MulMod(&P.X, yInv) + xNegOverY = pr.curveF.MulMod(&P.X, yInv) + xNegOverY = pr.curveF.Neg(xNegOverY) y2Inv = pr.curveF.Inverse(&T.Y) x2OverY2 = pr.curveF.MulMod(&T.X, y2Inv) @@ -719,11 +721,11 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er Qacc, l1, l2 = pr.tripleStep(Qacc) // line evaluation at P // and assign line to res (R1, R0, 0, 0, 1, 0) - res.C0.B1 = *pr.MulByElement(&l1.R0, xOverY) + res.C0.B1 = *pr.MulByElement(&l1.R0, xNegOverY) res.C0.B0 = *pr.MulByElement(&l1.R1, yInv) res.C1.B1 = *pr.Ext2.One() // line evaluation at P - l2.R0 = *pr.MulByElement(&l2.R0, xOverY) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY) l2.R1 = *pr.MulByElement(&l2.R1, yInv) // res = ℓ × ℓ prodLines := *pr.Mul014By014(&l2.R1, &l2.R0, &res.C0.B0, &res.C0.B1) @@ -756,7 +758,7 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er // Qacc ← 2Qacc and l1 the tangent ℓ passing 2Qacc Qacc, l1 = pr.doubleStep(Qacc) // line evaluation at P - l1.R0 = *pr.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.MulByElement(&l1.R1, yInv) // ℓ × res res = pr.MulBy014(res, &l1.R1, &l1.R0) @@ -774,10 +776,10 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er // l2 the line ℓ passing (Qacc+Q) and Qacc Qacc, l1, l2 = pr.doubleAndAddStep(Qacc, Q) // line evaluation at P - l1.R0 = *pr.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.MulByElement(&l1.R1, yInv) // line evaluation at P - l2.R0 = *pr.MulByElement(&l2.R0, xOverY) + l2.R0 = *pr.MulByElement(&l2.R0, xNegOverY) l2.R1 = *pr.MulByElement(&l2.R1, yInv) // ℓ × ℓ prodLines = *pr.Mul014By014(&l1.R1, &l1.R0, &l2.R1, &l2.R0) @@ -792,7 +794,7 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, er // l1 the tangent ℓ passing 2Qacc l1 = pr.tangentCompute(Qacc) // line evaluation at P - l1.R0 = *pr.MulByElement(&l1.R0, xOverY) + l1.R0 = *pr.MulByElement(&l1.R0, xNegOverY) l1.R1 = *pr.MulByElement(&l1.R1, yInv) // ℓ × ℓ prodLines = *pr.Mul014By014( From de5a775ac836db0d38fdcc18c13863bd33157cc8 Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Fri, 18 Aug 2023 13:25:48 +0100 Subject: [PATCH 3/5] perf(bls12-377/pairing): pre-compute negations -x/y --- std/algebra/native/sw_bls12377/pairing.go | 42 +++++++++++------------ 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/std/algebra/native/sw_bls12377/pairing.go b/std/algebra/native/sw_bls12377/pairing.go index d6d8fcde99..d22fe3be26 100644 --- a/std/algebra/native/sw_bls12377/pairing.go +++ b/std/algebra/native/sw_bls12377/pairing.go @@ -53,13 +53,14 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { var l1, l2 lineEvaluation Qacc := make([]G2Affine, n) yInv := make([]frontend.Variable, n) - xOverY := make([]frontend.Variable, n) + xNegOverY := make([]frontend.Variable, n) for k := 0; k < n; k++ { Qacc[k] = Q[k] // x=0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000000 // TODO: point P=(x,0) should be ruled out yInv[k] = api.DivUnchecked(1, P[k].Y) - xOverY[k] = api.Mul(P[k].X, yInv[k]) + xNegOverY[k] = api.Mul(P[k].X, yInv[k]) + xNegOverY[k] = api.Neg(xNegOverY[k]) } // Compute ∏ᵢ { fᵢ_{x₀,Q}(P) } @@ -70,7 +71,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { // (assign line to res) Qacc[0], l1 = doubleStep(api, &Qacc[0]) // line evaluation at P[0] - res.C1.B0.MulByFp(api, l1.R0, xOverY[0]) + res.C1.B0.MulByFp(api, l1.R0, xNegOverY[0]) res.C1.B1.MulByFp(api, l1.R1, yInv[0]) if n >= 2 { @@ -79,7 +80,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[1], l1 = doubleStep(api, &Qacc[1]) // line evaluation at P[1] - l1.R0.MulByFp(api, l1.R0, xOverY[1]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[1]) l1.R1.MulByFp(api, l1.R1, yInv[1]) // ℓ × res @@ -98,7 +99,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[2], l1 = doubleStep(api, &Qacc[2]) // line evaluation at P[1] - l1.R0.MulByFp(api, l1.R0, xOverY[2]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[2]) l1.R1.MulByFp(api, l1.R1, yInv[2]) // ℓ × res @@ -110,7 +111,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1 = doubleStep(api, &Qacc[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res @@ -123,7 +124,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { // Qacc[0] ← 2Qacc[0] and l1 the tangent ℓ passing 2Qacc[0] Qacc[0], l1 = doubleStep(api, &Qacc[0]) // line evaluation at P[0] - l1.R0.MulByFp(api, l1.R0, xOverY[0]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[0]) l1.R1.MulByFp(api, l1.R1, yInv[0]) if n == 1 { @@ -148,7 +149,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1 = doubleStep(api, &Qacc[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res @@ -166,7 +167,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1 = doubleStep(api, &Qacc[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res @@ -182,9 +183,9 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1, l2 = doubleAndAddStep(api, &Qacc[k], &Q[k]) // lines evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) - l2.R0.MulByFp(api, l2.R0, xOverY[k]) + l2.R0.MulByFp(api, l2.R0, xNegOverY[k]) l2.R1.MulByFp(api, l2.R1, yInv[k]) // ℓ × ℓ @@ -201,9 +202,9 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { // l2 line through Qacc[k]+Q[k] and Qacc[k] l1, l2 = linesCompute(api, &Qacc[k], &Q[k]) - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) - l2.R0.MulByFp(api, l2.R0, xOverY[k]) + l2.R0.MulByFp(api, l2.R0, xNegOverY[k]) l2.R1.MulByFp(api, l2.R1, yInv[k]) // ℓ × ℓ @@ -293,7 +294,7 @@ func doubleAndAddStep(api frontend.API, p1, p2 *G2Affine) (G2Affine, lineEvaluat // omit y3 computation // compute line1 - line1.R0.Neg(api, l1) + line1.R0 = l1 line1.R1.Mul(api, l1, p1.X).Sub(api, line1.R1, p1.Y) // compute lambda2 = -lambda1-2*y1/(x3-x1) @@ -316,7 +317,7 @@ func doubleAndAddStep(api frontend.API, p1, p2 *G2Affine) (G2Affine, lineEvaluat p.Y = y4 // compute line2 - line2.R0.Neg(api, l2) + line2.R0 = l2 line2.R1.Mul(api, l2, p1.X).Sub(api, line2.R1, p1.Y) return p, line1, line2 @@ -348,7 +349,7 @@ func doubleStep(api frontend.API, p1 *G2Affine) (G2Affine, lineEvaluation) { p.X = xr p.Y = yr - line.R0.Neg(api, l) + line.R0 = l line.R1.Mul(api, l, p1.X).Sub(api, line.R1, p1.Y) return p, line @@ -371,10 +372,9 @@ func linesCompute(api frontend.API, p1, p2 *G2Affine) (lineEvaluation, lineEvalu Sub(api, x3, p1.X). Sub(api, x3, p2.X) - // omit y3 computation - - // compute line1 - line1.R0.Neg(api, l1) + // omit y3 computation + // compute line1 + line1.R0 = l1 line1.R1.Mul(api, l1, p1.X).Sub(api, line1.R1, p1.Y) // compute lambda2 = -lambda1-2*y1/(x3-x1) @@ -384,7 +384,7 @@ func linesCompute(api frontend.API, p1, p2 *G2Affine) (lineEvaluation, lineEvalu l2.Add(api, l2, l1).Neg(api, l2) // compute line2 - line2.R0.Neg(api, l2) + line2.R0 = l2 line2.R1.Mul(api, l2, p1.X).Sub(api, line2.R1, p1.Y) return line1, line2 From a9836caeee3fbf99120b683f31f5c5ffb7355a34 Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Fri, 18 Aug 2023 13:30:23 +0100 Subject: [PATCH 4/5] perf(bls24-315/pairing): pre-compute negations -x/y --- .../native/sw_bls12377/pairing_test.go | 20 -------- std/algebra/native/sw_bls24315/pairing.go | 48 +++++++++---------- 2 files changed, 24 insertions(+), 44 deletions(-) diff --git a/std/algebra/native/sw_bls12377/pairing_test.go b/std/algebra/native/sw_bls12377/pairing_test.go index a42b817290..4db40a6b01 100644 --- a/std/algebra/native/sw_bls12377/pairing_test.go +++ b/std/algebra/native/sw_bls12377/pairing_test.go @@ -24,7 +24,6 @@ import ( bls12377 "github.com/consensys/gnark-crypto/ecc/bls12-377" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/gnark/frontend" - "github.com/consensys/gnark/frontend/cs/r1cs" "github.com/consensys/gnark/std/algebra/native/fields_bls12377" "github.com/consensys/gnark/test" ) @@ -197,22 +196,3 @@ func mustbeEq(api frontend.API, fp12 fields_bls12377.E12, e12 *bls12377.GT) { api.AssertIsEqual(fp12.C1.B2.A0, e12.C1.B2.A0) api.AssertIsEqual(fp12.C1.B2.A1, e12.C1.B2.A1) } - -// bench -func BenchmarkPairing(b *testing.B) { - var c pairingBLS377 - b.ResetTimer() - for i := 0; i < b.N; i++ { - ccsBench, _ = frontend.Compile(ecc.BW6_761.ScalarField(), r1cs.NewBuilder, &c) - } - b.Log("groth16", ccsBench.GetNbConstraints()) -} - -func BenchmarkTriplePairing(b *testing.B) { - var c triplePairingBLS377 - b.ResetTimer() - for i := 0; i < b.N; i++ { - ccsBench, _ = frontend.Compile(ecc.BW6_761.ScalarField(), r1cs.NewBuilder, &c) - } - b.Log("groth16", ccsBench.GetNbConstraints()) -} diff --git a/std/algebra/native/sw_bls24315/pairing.go b/std/algebra/native/sw_bls24315/pairing.go index ab9c08c3b5..4aa381e4ba 100644 --- a/std/algebra/native/sw_bls24315/pairing.go +++ b/std/algebra/native/sw_bls24315/pairing.go @@ -57,13 +57,14 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc := make([]G2Affine, n) Qneg := make([]G2Affine, n) yInv := make([]frontend.Variable, n) - xOverY := make([]frontend.Variable, n) + xNegOverY := make([]frontend.Variable, n) for k := 0; k < n; k++ { Qacc[k] = Q[k] Qneg[k].Neg(api, Q[k]) // TODO: point P=(x,O) should be ruled out yInv[k] = api.DivUnchecked(1, P[k].Y) - xOverY[k] = api.Mul(P[k].X, yInv[k]) + xNegOverY[k] = api.Mul(P[k].X, yInv[k]) + xNegOverY[k] = api.Neg(xNegOverY[k]) } // Compute ∏ᵢ { fᵢ_{x₀,Q}(P) } @@ -73,7 +74,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { // k = 0, separately to avoid MulBy034 (res × ℓ) // (assign line to res) Qacc[0], l1 = doubleStep(api, &Qacc[0]) - res.D1.C0.MulByFp(api, l1.R0, xOverY[0]) + res.D1.C0.MulByFp(api, l1.R0, xNegOverY[0]) res.D1.C1.MulByFp(api, l1.R1, yInv[0]) if n >= 2 { @@ -82,7 +83,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[1], l1 = doubleStep(api, &Qacc[1]) // line evaluation at P[1] - l1.R0.MulByFp(api, l1.R0, xOverY[1]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[1]) l1.R1.MulByFp(api, l1.R1, yInv[1]) // ℓ × res @@ -102,7 +103,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1 = doubleStep(api, &Qacc[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res @@ -124,7 +125,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { l2 = lineCompute(api, &Qacc[k], &Qneg[k]) // line evaluation at P[k] - l2.R0.MulByFp(api, l2.R0, xOverY[k]) + l2.R0.MulByFp(api, l2.R0, xNegOverY[k]) l2.R1.MulByFp(api, l2.R1, yInv[k]) // Qacc[k] ← Qacc[k]+Q[k] and @@ -132,7 +133,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1 = addStep(api, &Qacc[k], &Q[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res @@ -153,7 +154,7 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1 = doubleStep(api, &Qacc[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res @@ -167,14 +168,14 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1, l2 = doubleAndAddStep(api, &Qacc[k], &Q[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res res.MulBy034(api, l1.R0, l1.R1) // line evaluation at P[k] - l2.R0.MulByFp(api, l2.R0, xOverY[k]) + l2.R0.MulByFp(api, l2.R0, xNegOverY[k]) l2.R1.MulByFp(api, l2.R1, yInv[k]) // ℓ × res @@ -188,14 +189,14 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { Qacc[k], l1, l2 = doubleAndAddStep(api, &Qacc[k], &Qneg[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res res.MulBy034(api, l1.R0, l1.R1) // line evaluation at P[k] - l2.R0.MulByFp(api, l2.R0, xOverY[k]) + l2.R0.MulByFp(api, l2.R0, xNegOverY[k]) l2.R1.MulByFp(api, l2.R1, yInv[k]) // ℓ × res @@ -214,14 +215,14 @@ func MillerLoop(api frontend.API, P []G1Affine, Q []G2Affine) (GT, error) { l1, l2 = linesCompute(api, &Qacc[k], &Qneg[k]) // line evaluation at P[k] - l1.R0.MulByFp(api, l1.R0, xOverY[k]) + l1.R0.MulByFp(api, l1.R0, xNegOverY[k]) l1.R1.MulByFp(api, l1.R1, yInv[k]) // ℓ × res res.MulBy034(api, l1.R0, l1.R1) // line evaluation at P[k] - l2.R0.MulByFp(api, l2.R0, xOverY[k]) + l2.R0.MulByFp(api, l2.R0, xNegOverY[k]) l2.R1.MulByFp(api, l2.R1, yInv[k]) // ℓ × res @@ -317,7 +318,7 @@ func doubleAndAddStep(api frontend.API, p1, p2 *G2Affine) (G2Affine, lineEvaluat // omit y3 computation // compute line1 - line1.R0.Neg(api, l1) + line1.R0 = l1 line1.R1.Mul(api, l1, p1.X).Sub(api, line1.R1, p1.Y) // compute lambda2 = -lambda1-2*y1/(x3-x1) @@ -340,7 +341,7 @@ func doubleAndAddStep(api frontend.API, p1, p2 *G2Affine) (G2Affine, lineEvaluat p.Y = y4 // compute line2 - line2.R0.Neg(api, l2) + line2.R0 = l2 line2.R1.Mul(api, l2, p1.X).Sub(api, line2.R1, p1.Y) return p, line1, line2 @@ -372,7 +373,7 @@ func doubleStep(api frontend.API, p1 *G2Affine) (G2Affine, lineEvaluation) { p.X = xr p.Y = yr - line.R0.Neg(api, l) + line.R0 = l line.R1.Mul(api, l, p1.X).Sub(api, line.R1, p1.Y) return p, line @@ -404,7 +405,7 @@ func addStep(api frontend.API, p1, p2 *G2Affine) (G2Affine, lineEvaluation) { res.Y = yr var line lineEvaluation - line.R0.Neg(api, λ) + line.R0 = λ line.R1.Mul(api, λ, p1.X) line.R1.Sub(api, line.R1, p1.Y) @@ -428,10 +429,9 @@ func linesCompute(api frontend.API, p1, p2 *G2Affine) (lineEvaluation, lineEvalu Sub(api, x3, p1.X). Sub(api, x3, p2.X) - // omit y3 computation - - // compute line1 - line1.R0.Neg(api, l1) + // omit y3 computation + // compute line1 + line1.R0 = l1 line1.R1.Mul(api, l1, p1.X).Sub(api, line1.R1, p1.Y) // compute lambda2 = -lambda1-2*y1/(x3-x1) @@ -441,7 +441,7 @@ func linesCompute(api frontend.API, p1, p2 *G2Affine) (lineEvaluation, lineEvalu l2.Add(api, l2, l1).Neg(api, l2) // compute line2 - line2.R0.Neg(api, l2) + line2.R0 = l2 line2.R1.Mul(api, l2, p1.X).Sub(api, line2.R1, p1.Y) return line1, line2 @@ -458,7 +458,7 @@ func lineCompute(api frontend.API, p1, p2 *G2Affine) lineEvaluation { λ.DivUnchecked(api, qypy, qxpx) var line lineEvaluation - line.R0.Neg(api, λ) + line.R0 = λ line.R1.Mul(api, λ, p1.X) line.R1.Sub(api, line.R1, p1.Y) From 32dd6f1a63ac2ab150b5e665bc61c291666dd4c2 Mon Sep 17 00:00:00 2001 From: Youssef El Housni Date: Fri, 25 Aug 2023 11:45:23 +0100 Subject: [PATCH 5/5] refactor(pairing): remove bls24 bench + remove bn254 duplicate line --- std/algebra/emulated/sw_bn254/pairing.go | 1 - std/algebra/native/sw_bls24315/pairing_test.go | 14 -------------- 2 files changed, 15 deletions(-) diff --git a/std/algebra/emulated/sw_bn254/pairing.go b/std/algebra/emulated/sw_bn254/pairing.go index 8c991134a8..a11fb80bb8 100644 --- a/std/algebra/emulated/sw_bn254/pairing.go +++ b/std/algebra/emulated/sw_bn254/pairing.go @@ -347,7 +347,6 @@ func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error) { // So, 1/y is well defined for all points P's. yInv[k] = pr.curveF.Inverse(&P[k].Y) xNegOverY[k] = pr.curveF.MulMod(&P[k].X, yInv[k]) - xNegOverY[k] = pr.curveF.MulMod(&P[k].X, yInv[k]) xNegOverY[k] = pr.curveF.Neg(xNegOverY[k]) } diff --git a/std/algebra/native/sw_bls24315/pairing_test.go b/std/algebra/native/sw_bls24315/pairing_test.go index 216bf0b345..4564eecb3d 100644 --- a/std/algebra/native/sw_bls24315/pairing_test.go +++ b/std/algebra/native/sw_bls24315/pairing_test.go @@ -24,7 +24,6 @@ import ( bls24315 "github.com/consensys/gnark-crypto/ecc/bls24-315" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" "github.com/consensys/gnark/frontend" - "github.com/consensys/gnark/frontend/cs/r1cs" "github.com/consensys/gnark/std/algebra/native/fields_bls24315" "github.com/consensys/gnark/test" ) @@ -210,16 +209,3 @@ func mustbeEq(api frontend.API, fp24 fields_bls24315.E24, e24 *bls24315.GT) { api.AssertIsEqual(fp24.D1.C2.B1.A0, e24.D1.C2.B1.A0) api.AssertIsEqual(fp24.D1.C2.B1.A1, e24.D1.C2.B1.A1) } - -// bench -func BenchmarkPairing(b *testing.B) { - var c pairingBLS24315 - ccsBench, _ = frontend.Compile(ecc.BW6_633.ScalarField(), r1cs.NewBuilder, &c) - b.Log("groth16", ccsBench.GetNbConstraints()) -} - -func BenchmarkTriplePairing(b *testing.B) { - var c triplePairingBLS24315 - ccsBench, _ = frontend.Compile(ecc.BW6_633.ScalarField(), r1cs.NewBuilder, &c) - b.Log("groth16", ccsBench.GetNbConstraints()) -}