Barretenberg: src/barretenberg/ecc/curves/bn254/pairing.hpp Source File

// === AUDIT STATUS ===

// internal:    { status: not started, auditors: [], date: YYYY-MM-DD }

// external_1:  { status: not started, auditors: [], date: YYYY-MM-DD }

// external_2:  { status: not started, auditors: [], date: YYYY-MM-DD }

// =====================


#pragma once


#include <random>


#include "./fq12.hpp"

#include "./fq2.hpp"

#include "./fq6.hpp"

#include "./g1.hpp"

#include "./g2.hpp"


namespace bb::pairing {

constexpr size_t loop_length = 64;

constexpr size_t neg_z_loop_length = 62;

constexpr size_t precomputed_coefficients_length = 87;


constexpr std::array<uint8_t, loop_length> loop_bits{ 1, 0, 1, 0, 0, 0, 3, 0, 3, 0, 0, 0, 3, 0, 1, 0, 3, 0, 0, 3, 0, 0,

                                                      0, 0, 0, 1, 0, 0, 3, 0, 1, 0, 0, 3, 0, 0, 0, 0, 3, 0, 1, 0, 0, 0,

                                                      3, 0, 3, 0, 0, 1, 0, 0, 0, 3, 0, 0, 3, 0, 1, 0, 1, 0, 0, 0 };


constexpr std::array<bool, neg_z_loop_length> neg_z_loop_bits{

    false, false, false, true,  false, false, true,  true,  true, false, true,  false, false, true,  true,  false,

    false, true,  false, false, true,  false, true,  false, true, true,  false, true,  false, false, false, true,

    false, false, true,  false, true,  false, false, true,  true, false, true,  false, false, true,  false, false,

    false, false, true,  false, false, true,  true,  true,  true, true,  false, false, false, true

};


struct miller_lines {

    std::array<fq12::ell_coeffs, precomputed_coefficients_length> lines;

};


constexpr void doubling_step_for_flipped_miller_loop(g2::element& current, fq12::ell_coeffs& ell);


constexpr void mixed_addition_step_for_flipped_miller_loop(const g2::element& base,

                                                           g2::element& Q,

                                                           fq12::ell_coeffs& line);


constexpr void precompute_miller_lines(const g2::element& Q, miller_lines& lines);


constexpr fq12 miller_loop(const g1::element& P, const miller_lines& lines);


constexpr fq12 miller_loop_batch(const g1::element* points, const miller_lines* lines, size_t num_pairs);


constexpr void final_exponentiation_easy_part(const fq12& elt, fq12& r);


constexpr void final_exponentiation_exp_by_neg_z(const fq12& elt, fq12& r);


constexpr void final_exponentiation_tricky_part(const fq12& elt, fq12& r);


constexpr fq12 reduced_ate_pairing(const g1::affine_element& P_affine, const g2::affine_element& Q_affine);


inline fq12 reduced_ate_pairing_batch(const g1::affine_element* P_affines,

                                      const g2::affine_element* Q_affines,

                                      size_t num_points);


inline fq12 reduced_ate_pairing_batch_precomputed(const g1::affine_element* P_affines,

                                                  const miller_lines* lines,

                                                  size_t num_points);


} // namespace bb::pairing


#include "./pairing_impl.hpp"

bb::field12
Definition field12.hpp:11

bb::group_elements::affine_element
Definition affine_element.hpp:21

bb::group_elements::element
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic....
Definition element.hpp:33

fq12.hpp

fq2.hpp

fq6.hpp

g1.hpp

g2.hpp

bb::pairing
Definition pairing.hpp:17

bb::pairing::precompute_miller_lines
constexpr void precompute_miller_lines(const g2::element &Q, miller_lines &lines)
Definition pairing_impl.hpp:103

bb::pairing::precomputed_coefficients_length
constexpr size_t precomputed_coefficients_length
Definition pairing.hpp:20

bb::pairing::final_exponentiation_tricky_part
constexpr void final_exponentiation_tricky_part(const fq12 &elt, fq12 &r)

bb::pairing::miller_loop
constexpr fq12 miller_loop(const g1::element &P, const miller_lines &lines)

bb::pairing::loop_bits
constexpr std::array< uint8_t, loop_length > loop_bits
Definition pairing.hpp:22

bb::pairing::miller_loop_batch
constexpr fq12 miller_loop_batch(const g1::element *points, const miller_lines *lines, size_t num_pairs)
Definition pairing_impl.hpp:172

bb::pairing::reduced_ate_pairing
constexpr fq12 reduced_ate_pairing(const g1::affine_element &P_affine, const g2::affine_element &Q_affine)
Definition pairing_impl.hpp:263

bb::pairing::final_exponentiation_easy_part
constexpr void final_exponentiation_easy_part(const fq12 &elt, fq12 &r)

bb::pairing::neg_z_loop_length
constexpr size_t neg_z_loop_length
Definition pairing.hpp:19

bb::pairing::doubling_step_for_flipped_miller_loop
constexpr void doubling_step_for_flipped_miller_loop(g2::element &current, fq12::ell_coeffs &ell)
Definition pairing_impl.hpp:27

bb::pairing::reduced_ate_pairing_batch_precomputed
fq12 reduced_ate_pairing_batch_precomputed(const g1::affine_element *P_affines, const miller_lines *lines, size_t num_points)
Definition pairing_impl.hpp:282

bb::pairing::final_exponentiation_exp_by_neg_z
constexpr void final_exponentiation_exp_by_neg_z(const fq12 &elt, fq12 &r)

bb::pairing::reduced_ate_pairing_batch
fq12 reduced_ate_pairing_batch(const g1::affine_element *P_affines, const g2::affine_element *Q_affines, size_t num_points)
Definition pairing_impl.hpp:296

bb::pairing::neg_z_loop_bits
constexpr std::array< bool, neg_z_loop_length > neg_z_loop_bits
Definition pairing.hpp:26

bb::pairing::loop_length
constexpr size_t loop_length
Definition pairing.hpp:18

bb::pairing::mixed_addition_step_for_flipped_miller_loop
constexpr void mixed_addition_step_for_flipped_miller_loop(const g2::element &base, g2::element &Q, fq12::ell_coeffs &line)
Definition pairing_impl.hpp:66

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

pairing_impl.hpp

bb::field12::ell_coeffs
Definition field12.hpp:50

bb::pairing::miller_lines
Definition pairing.hpp:33

bb::pairing::miller_lines::lines
std::array< fq12::ell_coeffs, precomputed_coefficients_length > lines
Definition pairing.hpp:34