Barretenberg
The ZK-SNARK library at the core of Aztec
Loading...
Searching...
No Matches
pairing.test.cpp
Go to the documentation of this file.
1#include "pairing.hpp"
2#include <gtest/gtest.h>
3
4using namespace bb;
5
6TEST(pairing, ReducedAtePairingCheckAgainstConstants)
7{
8 constexpr g1::affine_element P = {
9 uint256_t(0x956e256b9db00c13, 0x66d29ac18e1b2bff, 0x5d6f055e34402f6e, 0x5bfcbaaff0feb62),
10 uint256_t(0x564099dc0ef0a96, 0xa97eca7453f67dd2, 0x850e976b207e8c18, 0x20187f89a1d789cd)
11 };
12 constexpr g2::affine_element Q = {
13 { uint256_t(0x3b25f1ad9a7f9cd2, 0xddb8b066d21ce86, 0xf8a4e318abd3cff7, 0x1272ee5f2e7e9dc1),
14 uint256_t(0xc7b14ea54dc1436f, 0x1f9384eb12b6941a, 0x3afe17a00720e8e3, 0x2a171f424ab98d8) },
15 { uint256_t(0x890d5a50c1d88e96, 0x6ae79a7a2b439172, 0x4c120a629ced363c, 0x295bd556fe685dd),
16 uint256_t(0xa3189c7f120d4738, 0x4416da0df17c8ee, 0x4cc514acc1c2ac45, 0xb17d8f998e4ebe6) }
17 };
18 constexpr fq12 expected = {
19
20 { { uint256_t(0xd3b91c8dc40a9b8c, 0x5c8a39a470fcb4ea, 0x763e904e585a87e7, 0x2026f0077c50afa4),
21 uint256_t(0xddc69495371e5f38, 0x290bfc6512704e60, 0xc208c0f8e90bd52f, 0x2e82c92370a2f000) },
22 { uint256_t(0xdcbc2917451b8e12, 0x183016aa113a74eb, 0x9a2ff2a059f7d14d, 0x1166fc0ed488820c),
23 uint256_t(0x3b2c1e19e47214ff, 0x374df83e0ac59c1a, 0x3e1c5ed4fd611cb2, 0x26179258a104da1a) },
24 { uint256_t(0xc948bdff07912922, 0x3417ba2a42303918, 0x89336b54f20ff8a9, 0xb7eed88572fcac4),
25
26 uint256_t(0x85524385a79574ba, 0xe7746ad78e659d8e, 0x997e4848cc70eca5, 0x2a9e3f37c50e6c9a) } },
27
28 { { uint256_t(0xc7eed1ca5aaa5a82, 0xea8d1f0be1ef0d7, 0xd7d539fd8136038a, 0x27196e24cd6d028e),
29 uint256_t(0xcb7b6528984002e4, 0x1d3221c223e0587, 0xda44f3e957677f97, 0x1e3df34445cc3876) },
30 { uint256_t(0xf3e958491c2b4c43, 0x1dbafe473f7034b9, 0x129efae93ff9d8c9, 0xdedbf49d35171b9),
31 uint256_t(0x7da7c99cf811a603, 0xfcb99b8309663279, 0x1d80151ef8fcdb59, 0x1b09a01856170269) },
32 { uint256_t(0xa048b10941003960, 0x73d941c906a24cd0, 0x9c10f82a6bf78e2e, 0x13a41dbdd3d616d),
33 uint256_t(0x31d7525fa8914a4c, 0xe1ed738718e2e8b8, 0x18305c749a9d97a2, 0x20534d878e1e9db0) } }
34 };
35
36#if defined(__wasm__)
37 const fq12 result = pairing::reduced_ate_pairing(P, Q);
38#else
39 constexpr fq12 result = pairing::reduced_ate_pairing(P, Q);
40 static_assert(result == expected); // test to see if compiler can evaluate bilinear pairing at compile time
41#endif
42
43 EXPECT_EQ(result, expected);
44}
45
46TEST(pairing, PisInfinity)
47{
48 g1::affine_element P = g1::element::infinity();
49 g2::affine_element Q = g2::element::random_element();
50
51 fq12 result = pairing::reduced_ate_pairing(P, Q).from_montgomery_form();
52 fq12 expected = fq12::one().from_montgomery_form();
53
54 EXPECT_EQ(result, expected);
55}
56
57TEST(pairing, QisInfinity)
58{
59 g1::affine_element P = g1::element::random_element();
60 g2::affine_element Q = g2::element::infinity();
61
62 fq12 result = pairing::reduced_ate_pairing(P, Q).from_montgomery_form();
63 fq12 expected = fq12::one().from_montgomery_form();
64
65 EXPECT_EQ(result, expected);
66}
67
68TEST(pairing, ReduceAtePairingBatchWithPointsAtInfinity)
69{
70
71 g1::affine_element P1 = g1::element::random_element();
72 g1::affine_element P2 = g1::element::random_element();
73 g1::affine_element P3 = g1::element::infinity();
74 g2::affine_element Q1 = g2::element::random_element();
75 g2::affine_element Q2 = g2::element::infinity();
76 g2::affine_element Q3 = g2::element::random_element();
77
78 std::vector<g1::affine_element> P{ P1, P2, P3 };
79 std::vector<g2::affine_element> Q{ Q1, Q2, Q3 };
80
81 fq12 result = pairing::reduced_ate_pairing_batch(&P[0], &Q[0], 3).from_montgomery_form();
82 fq12 expected = pairing::reduced_ate_pairing(P1, Q1).from_montgomery_form();
83
84 EXPECT_EQ(result, expected);
85}
86
87TEST(pairing, ReduceAtePairingBatchOnlyPointsAtInfinity)
88{
89 g1::affine_element P1 = g1::element::infinity();
90 g1::affine_element P2 = g1::element::infinity();
91 g2::affine_element Q1 = g2::element::infinity();
92 g2::affine_element Q2 = g2::element::infinity();
93
94 std::vector<g1::affine_element> P{ P1, P2 };
95 std::vector<g2::affine_element> Q{ Q1, Q2 };
96
97 fq12 result = pairing::reduced_ate_pairing_batch(&P[0], &Q[0], 2).from_montgomery_form();
98 fq12 expected = fq12::one().from_montgomery_form();
99
100 EXPECT_EQ(result, expected);
101}
102
103TEST(pairing, ReducedAtePairingConsistencyCheck)
104{
105 g1::affine_element P = g1::element::random_element();
106 g2::affine_element Q = g2::element::random_element();
107
108 fr scalar = fr::random_element();
109
110 g1::affine_element Pmul = P * scalar;
111 g2::affine_element Qmul = Q * scalar;
112
113 fq12 result = pairing::reduced_ate_pairing(Pmul, Q).from_montgomery_form();
114 fq12 expected = pairing::reduced_ate_pairing(P, Qmul).from_montgomery_form();
115
116 EXPECT_EQ(result, expected);
117}
118
119TEST(pairing, ReducedAtePairingConsistencyCheckBatch)
120{
121 size_t num_points = 10;
122
123 std::vector<g1::affine_element> P_a(num_points);
124 std::vector<g2::affine_element> Q_a(num_points);
125 std::vector<g1::affine_element> P_b(num_points);
126 std::vector<g2::affine_element> Q_b(num_points);
127 std::vector<fr> scalars(num_points + num_points);
128 for (size_t i = 0; i < 10; ++i) {
129 scalars[i] = fr::random_element();
130 scalars[i + num_points] = fr::random_element();
131 g1::affine_element P = g1::element::random_element();
132 g2::affine_element Q = g2::element::random_element();
133 P_a[i] = P;
134 Q_a[i] = Q;
135 P_b[i] = P;
136 Q_b[i] = Q;
137 }
138
139 for (size_t i = 0; i < 10; ++i) {
140 P_a[i] = P_a[i] * scalars[i];
141 Q_b[i] = Q_b[i] * scalars[i];
142 P_b[i] = P_b[i] * scalars[i + num_points];
143 Q_a[i] = Q_a[i] * scalars[i + num_points];
144 }
145
146 fq12 result = pairing::reduced_ate_pairing_batch(&P_a[0], &Q_a[0], num_points).from_montgomery_form();
147 fq12 expected = pairing::reduced_ate_pairing_batch(&P_b[0], &Q_b[0], num_points).from_montgomery_form();
148
149 EXPECT_EQ(result, expected);
150}
151
152TEST(pairing, ReducedAtePairingPrecomputeConsistencyCheckBatch)
153{
154 size_t num_points = 10;
155 std::vector<g1::affine_element> P_a(num_points);
156 std::vector<g2::affine_element> Q_a(num_points);
157 std::vector<g1::affine_element> P_b(num_points);
158 std::vector<g2::affine_element> Q_b(num_points);
159 std::vector<pairing::miller_lines> precompute_miller_lines(num_points);
160 std::vector<fr> scalars(num_points + num_points);
161 for (size_t i = 0; i < 10; ++i) {
162 scalars[i] = fr::random_element();
163 scalars[i + num_points] = fr::random_element();
164 g1::affine_element P = g1::element::random_element();
165 g2::affine_element Q = g2::element::random_element();
166 P_a[i] = P;
167 Q_a[i] = Q;
168 P_b[i] = P;
169 Q_b[i] = Q;
170 }
171 for (size_t i = 0; i < 10; ++i) {
172 P_a[i] = P_a[i] * scalars[i];
173 Q_b[i] = Q_b[i] * scalars[i];
174 P_b[i] = P_b[i] * scalars[i + num_points];
175 Q_a[i] = Q_a[i] * scalars[i + num_points];
176 }
177 for (size_t i = 0; i < 10; ++i) {
178 g2::element jac;
179 jac = g2::element(Q_a[i]);
180 pairing::precompute_miller_lines(jac, precompute_miller_lines[i]);
181 }
182 fq12 result = pairing::reduced_ate_pairing_batch_precomputed(&P_a[0], &precompute_miller_lines[0], num_points)
183 .from_montgomery_form();
184 fq12 expected = pairing::reduced_ate_pairing_batch(&P_b[0], &Q_b[0], num_points).from_montgomery_form();
185
186 EXPECT_EQ(result, expected);
187}
bb::field12::one
static constexpr field12 one()
Definition field12.hpp:57
bb::field12::from_montgomery_form
constexpr field12 from_montgomery_form()
Definition field12.hpp:263
bb::group_elements::affine_element
Definition affine_element.hpp:21
bb::group_elements::element
element class. Implements ecc group arithmetic using Jacobian coordinates See https://hyperelliptic....
Definition element.hpp:33
bb::group::element
group_elements::element< Fq, Fr, Params > element
Definition group.hpp:41
bb::numeric::uint256_t
Definition uint256.hpp:32
bb::pairing::precompute_miller_lines
constexpr void precompute_miller_lines(const g2::element &Q, miller_lines &lines)
Definition pairing_impl.hpp:103
bb::pairing::reduced_ate_pairing
constexpr fq12 reduced_ate_pairing(const g1::affine_element &P_affine, const g2::affine_element &Q_affine)
Definition pairing_impl.hpp:263
bb::pairing::reduced_ate_pairing_batch_precomputed
fq12 reduced_ate_pairing_batch_precomputed(const g1::affine_element *P_affines, const miller_lines *lines, size_t num_points)
Definition pairing_impl.hpp:282
bb::pairing::reduced_ate_pairing_batch
fq12 reduced_ate_pairing_batch(const g1::affine_element *P_affines, const g2::affine_element *Q_affines, size_t num_points)
Definition pairing_impl.hpp:296
bb
Entry point for Barretenberg command-line interface.
Definition acir_format_getters.cpp:6
bb::TEST
TEST(MegaCircuitBuilder, CopyConstructor)
Definition mega_circuit_builder.test.cpp:14
std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13
bb::field< Bn254FrParams >::random_element
static field random_element(numeric::RNG *engine=nullptr) noexcept
Definition field_impl.hpp:665