Merge pull request #82 from ConsenSys/perf/bn254-ML

small opt.: BN254 ML
Consensys · Oct 19, 2021 · df9d1b5 · df9d1b5
2 parents fad5fbd + 5b6fe9a
commit df9d1b5
Show file tree

Hide file tree

Showing 9 changed files with 341 additions and 35 deletions.
diff --git a/ecc/bls12-377/pairing_test.go b/ecc/bls12-377/pairing_test.go
diff --git a/ecc/bls12-381/pairing_test.go b/ecc/bls12-381/pairing_test.go
diff --git a/ecc/bls24-315/pairing_test.go b/ecc/bls24-315/pairing_test.go
diff --git a/ecc/bn254/internal/fptower/e12_pairing.go b/ecc/bn254/internal/fptower/e12_pairing.go
@@ -88,3 +88,36 @@ func (z *E12) MulBy034(c0, c3, c4 *E2) *E12 {
 
 	return z
 }
+
+// Mul034By034 multiplication of sparse element (c0,0,0,c3,c4,0) by sparse element (d0,0,0,d3,d4,0)
+func (z *E12) Mul034by034(d0, d3, d4, c0, c3, c4 *E2) *E12 {
+	var tmp, x0, x3, x4, x04, x03, x34 E2
+	x0.Mul(c0, d0)
+	x3.Mul(c3, d3)
+	x4.Mul(c4, d4)
+	tmp.Add(c0, c4)
+	x04.Add(d0, d4).
+		Mul(&x04, &tmp).
+		Sub(&x04, &x0).
+		Sub(&x04, &x4)
+	tmp.Add(c0, c3)
+	x03.Add(d0, d3).
+		Mul(&x03, &tmp).
+		Sub(&x03, &x0).
+		Sub(&x03, &x3)
+	tmp.Add(c3, c4)
+	x34.Add(d3, d4).
+		Mul(&x34, &tmp).
+		Sub(&x34, &x3).
+		Sub(&x34, &x4)
+
+	z.C0.B0.MulByNonResidue(&x4).
+		Add(&z.C0.B0, &x0)
+	z.C0.B1.Set(&x3)
+	z.C0.B2.Set(&x34)
+	z.C1.B0.Set(&x03)
+	z.C1.B1.Set(&x04)
+	z.C1.B2.SetZero()
+
+	return z
+}
diff --git a/ecc/bn254/pairing.go b/ecc/bn254/pairing.go
@@ -182,6 +182,8 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 	}
 
 	var Q1, Q2 G2Affine
+	var l0 lineEvaluation
+	var tmp GT
 	// cf https://eprint.iacr.org/2010/354.pdf for instance for optimal Ate Pairing
 	for k := 0; k < n; k++ {
 		//Q1 = Frob(Q)
@@ -192,17 +194,15 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 		Q2.X.MulByNonResidue2Power2(&q[k].X)
 		Q2.Y.MulByNonResidue2Power3(&q[k].Y).Neg(&Q2.Y)
 
-		qProj[k].AddMixedStep(&l, &Q1)
-		// line evaluation
-		l.r0.MulByElement(&l.r0, &p[k].Y)
-		l.r1.MulByElement(&l.r1, &p[k].X)
-		result.MulBy034(&l.r0, &l.r1, &l.r2)
+		qProj[k].AddMixedStep(&l0, &Q1)
+		l0.r0.MulByElement(&l0.r0, &p[k].Y)
+		l0.r1.MulByElement(&l0.r1, &p[k].X)
 
 		qProj[k].AddMixedStep(&l, &Q2)
-		// line evaluation
 		l.r0.MulByElement(&l.r0, &p[k].Y)
 		l.r1.MulByElement(&l.r1, &p[k].X)
-		result.MulBy034(&l.r0, &l.r1, &l.r2)
+		tmp.Mul034by034(&l.r0, &l.r1, &l.r2, &l0.r0, &l0.r1, &l0.r2)
+		result.Mul(&result, &tmp)
 	}
 
 	return result, nil

diff --git a/ecc/bn254/pairing_test.go b/ecc/bn254/pairing_test.go