pairing: Move PairingCurveAffine::Prepared to MultiMillerLoop trait
Prepared elements are only used by MultiMillerLoop, and we don't need the ability to "prepare" G1 elements there.
This commit is contained in:
Jack Grigg
parent
02dc1763a3
commit
a1a27128f2
|
|
@ -3,7 +3,7 @@
|
|||
//! [Groth16]: https://eprint.iacr.org/2016/260
|
||||
|
||||
use group::CurveAffine;
|
||||
use pairing::{Engine, PairingCurveAffine};
|
||||
use pairing::{Engine, MultiMillerLoop};
|
||||
|
||||
use crate::SynthesisError;
|
||||
|
||||
|
|
@ -398,13 +398,13 @@ impl<E: Engine> Parameters<E> {
|
|||
}
|
||||
}
|
||||
|
||||
pub struct PreparedVerifyingKey<E: Engine> {
|
||||
pub struct PreparedVerifyingKey<E: MultiMillerLoop> {
|
||||
/// Pairing result of alpha*beta
|
||||
alpha_g1_beta_g2: E::Gt,
|
||||
/// -gamma in G2
|
||||
neg_gamma_g2: <E::G2Affine as PairingCurveAffine>::Prepared,
|
||||
neg_gamma_g2: E::G2Prepared,
|
||||
/// -delta in G2
|
||||
neg_delta_g2: <E::G2Affine as PairingCurveAffine>::Prepared,
|
||||
neg_delta_g2: E::G2Prepared,
|
||||
/// Copy of IC from `VerifiyingKey`.
|
||||
ic: Vec<E::G1Affine>,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -335,20 +335,16 @@ impl Engine for DummyEngine {
|
|||
type Gt = Fr;
|
||||
|
||||
fn pairing(p: &Self::G1Affine, q: &Self::G2Affine) -> Self::Gt {
|
||||
Self::multi_miller_loop(&[(p, &(q.prepare()))]).final_exponentiation()
|
||||
Self::multi_miller_loop(&[(p, &(*q).into())]).final_exponentiation()
|
||||
}
|
||||
}
|
||||
|
||||
impl MultiMillerLoop for DummyEngine {
|
||||
type G2Prepared = Fr;
|
||||
// TODO: This should be F_645131 or something. Doesn't matter for now.
|
||||
type Result = Fr;
|
||||
|
||||
fn multi_miller_loop(
|
||||
terms: &[(
|
||||
&Self::G1Affine,
|
||||
&<Self::G2Affine as PairingCurveAffine>::Prepared,
|
||||
)],
|
||||
) -> Self::Result {
|
||||
fn multi_miller_loop(terms: &[(&Self::G1Affine, &Self::G2Prepared)]) -> Self::Result {
|
||||
let mut acc = <Fr as Field>::zero();
|
||||
|
||||
for &(a, b) in terms {
|
||||
|
|
@ -484,14 +480,9 @@ impl CurveAffine for Fr {
|
|||
}
|
||||
|
||||
impl PairingCurveAffine for Fr {
|
||||
type Prepared = Fr;
|
||||
type Pair = Fr;
|
||||
type PairingResult = Fr;
|
||||
|
||||
fn prepare(&self) -> Self::Prepared {
|
||||
*self
|
||||
}
|
||||
|
||||
fn pairing_with(&self, other: &Self::Pair) -> Self::PairingResult {
|
||||
self.mul(*other)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,19 +1,19 @@
|
|||
use group::{CurveAffine, CurveProjective};
|
||||
use pairing::{Engine, MillerLoopResult, MultiMillerLoop, PairingCurveAffine};
|
||||
use pairing::{MillerLoopResult, MultiMillerLoop};
|
||||
use std::ops::{AddAssign, Neg};
|
||||
|
||||
use super::{PreparedVerifyingKey, Proof, VerifyingKey};
|
||||
|
||||
use crate::SynthesisError;
|
||||
|
||||
pub fn prepare_verifying_key<E: Engine>(vk: &VerifyingKey<E>) -> PreparedVerifyingKey<E> {
|
||||
pub fn prepare_verifying_key<E: MultiMillerLoop>(vk: &VerifyingKey<E>) -> PreparedVerifyingKey<E> {
|
||||
let gamma = vk.gamma_g2.neg();
|
||||
let delta = vk.delta_g2.neg();
|
||||
|
||||
PreparedVerifyingKey {
|
||||
alpha_g1_beta_g2: E::pairing(&vk.alpha_g1, &vk.beta_g2),
|
||||
neg_gamma_g2: gamma.prepare(),
|
||||
neg_delta_g2: delta.prepare(),
|
||||
neg_gamma_g2: gamma.into(),
|
||||
neg_delta_g2: delta.into(),
|
||||
ic: vk.ic.clone(),
|
||||
}
|
||||
}
|
||||
|
|
@ -42,7 +42,7 @@ pub fn verify_proof<'a, E: MultiMillerLoop>(
|
|||
// which allows us to do a single final exponentiation.
|
||||
|
||||
Ok(E::multi_miller_loop(&[
|
||||
(&proof.a, &proof.b.prepare()),
|
||||
(&proof.a, &proof.b.into()),
|
||||
(&acc.to_affine(), &pvk.neg_gamma_g2),
|
||||
(&proof.c, &pvk.neg_delta_g2),
|
||||
])
|
||||
|
|
|
|||
Loading…
Reference in New Issue