Skip to content

Commit

Permalink
apply to 2P as well
Browse files Browse the repository at this point in the history
  • Loading branch information
@feltroidprime
feltroidprime committed Aug 9, 2024
1 parent 7363ea7 commit d065331
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 67 deletions.
31 changes: 31 additions & 0 deletions src/cairo/src/basic_field_ops.cairo
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,37 @@ fn compute_yInvXnegOverY_BN254(x: u384, y: u384) -> (u384, u384) {
return (outputs.get_output(yInv), outputs.get_output(xNegOverY));
}

fn compute_yInvXnegOverY_BLS12_381(x: u384, y: u384) -> (u384, u384) {
let in1 = CircuitElement::<CircuitInput<0>> {};
let in2 = CircuitElement::<CircuitInput<1>> {};
let in3 = CircuitElement::<CircuitInput<2>> {};
let yInv = circuit_inverse(in3);
let xNeg = circuit_sub(in1, in2);
let xNegOverY = circuit_mul(xNeg, yInv);

let modulus = TryInto::<
_, CircuitModulus
>::try_into(
[
0xb153ffffb9feffffffffaaab,
0x6730d2a0f6b0f6241eabfffe,
0x434bacd764774b84f38512bf,
0x1a0111ea397fe69a4b1ba7b6
]
)
.unwrap(); // BLS12_381 prime field modulus

let outputs = (yInv, xNegOverY)
.new_inputs()
.next_2([0, 0, 0, 0])
.next_2(x)
.next_2(y)
.done_2()
.eval(modulus)
.unwrap();

return (outputs.get_output(yInv), outputs.get_output(xNegOverY));
}

fn add_mod_p(a: u384, b: u384, p: u384) -> u384 {
let in1 = CircuitElement::<CircuitInput<0>> {};
Expand Down
118 changes: 51 additions & 67 deletions src/cairo/src/pairing_check.cairo
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ use garaga::definitions::{
use core::option::Option;
use garaga::utils;
use core::array::{SpanTrait};

use garaga::utils::{u384_assert_zero, usize_assert_eq, PoseidonState};
use garaga::basic_field_ops::{compute_yInvXnegOverY_BN254, compute_yInvXnegOverY_BLS12_381};

#[derive(Drop)]
struct MPCheckHintBN254 {
Expand All @@ -53,18 +54,11 @@ struct MPCheckHintBLS12_381 {
fn multi_pairing_check_bn254_2P_2F(
pair0: G1G2Pair, pair1: G1G2Pair, mut lines: Span<G2Line>, hint: MPCheckHintBN254,
) -> bool {
assert!(
hint.big_Q.len() == 87,
"Wrong Q degree for BN254 2-Pairs Pairing check, should be degree 86 (87 coefficients)"
);
assert!(
hint.Ris.len() == 53, "Wrong Number of Ris for BN254 Multi-Pairing check, should be 54"
);
usize_assert_eq(hint.big_Q.len(), 87);
usize_assert_eq(hint.Ris.len(), 53);

let (processed_pair0, processed_pair1): (BNProcessedPair, BNProcessedPair) =
run_BN254_MP_CHECK_PREPARE_PAIRS_2P_circuit(
pair0.p, pair0.q.y0, pair0.q.y1, pair1.p, pair1.q.y0, pair1.q.y1
);
let (yInv_0, xNegOverY_0) = compute_yInvXnegOverY_BN254(pair0.p.x, pair0.p.y);
let (yInv_1, xNegOverY_1) = compute_yInvXnegOverY_BN254(pair1.p.x, pair1.p.y);

// Init sponge state
let (s0, s1, s2) = hades_permutation('MPCHECK_BN254_2P_2F', 0, 1);
Expand Down Expand Up @@ -93,11 +87,11 @@ fn multi_pairing_check_bn254_2P_2F(
let mut Ris = hint.Ris;
let (R_0_of_Z) = run_BN254_EVAL_E12D_circuit(*Ris.pop_front().unwrap(), z);
let (_lhs, _c_i) = run_BN254_MP_CHECK_INIT_BIT_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
R_0_of_Z,
c_i,
Expand All @@ -112,19 +106,17 @@ fn multi_pairing_check_bn254_2P_2F(

// rest of miller loop
let mut bits = bn_bits.span();
let mut R_i_index = 1;

while let Option::Some(bit) = bits.pop_front() {
let (R_i_of_z) = run_BN254_EVAL_E12D_circuit(*Ris.pop_front().unwrap(), z);
R_i_index += 1;
let (_LHS, _c_i): (u384, u384) = match *bit {
0 => {
run_BN254_MP_CHECK_BIT0_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
LHS,
f_i_of_z,
Expand All @@ -135,12 +127,12 @@ fn multi_pairing_check_bn254_2P_2F(
},
1 => {
run_BN254_MP_CHECK_BIT1_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
LHS,
Expand All @@ -153,12 +145,12 @@ fn multi_pairing_check_bn254_2P_2F(
},
2 => {
run_BN254_MP_CHECK_BIT1_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
LHS,
Expand All @@ -171,12 +163,12 @@ fn multi_pairing_check_bn254_2P_2F(
},
_ => {
run_BN254_MP_CHECK_BIT00_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
LHS,
Expand All @@ -195,12 +187,12 @@ fn multi_pairing_check_bn254_2P_2F(
let R_n_minus_2 = Ris.pop_front().unwrap();
let R_last = Ris.pop_front().unwrap();
let (check) = run_BN254_MP_CHECK_FINALIZE_BN_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
*R_n_minus_2,
Expand All @@ -225,17 +217,11 @@ fn multi_pairing_check_bn254_2P_2F(
fn multi_pairing_check_bls12_381_2P_2F(
pair0: G1G2Pair, pair1: G1G2Pair, mut lines: Span<G2Line>, hint: MPCheckHintBLS12_381
) -> bool {
assert!(
hint.big_Q.len() == 81,
"Wrong Q degree for BLS12-381 2-Pairs Paring check, should be degree 80 (81 coeffs)"
);
assert!(
hint.Ris.len() == 36, "Wrong Number of Ris for BLS12-381 2-Pairs Paring check, should be 64"
);
let (processed_pair0, processed_pair1): (BLSProcessedPair, BLSProcessedPair) =
run_BLS12_381_MP_CHECK_PREPARE_PAIRS_2P_circuit(
pair0.p, pair1.p
);
usize_assert_eq(hint.big_Q.len(), 81);
usize_assert_eq(hint.Ris.len(), 36);

let (yInv_0, xNegOverY_0) = compute_yInvXnegOverY_BLS12_381(pair0.p.x, pair0.p.y);
let (yInv_1, xNegOverY_1) = compute_yInvXnegOverY_BLS12_381(pair1.p.x, pair1.p.y);

// Init sponge state
let (s0, s1, s2) = hades_permutation('MPCHECK_BLS12_381_2P_2F', 0, 1);
Expand Down Expand Up @@ -264,12 +250,12 @@ fn multi_pairing_check_bls12_381_2P_2F(
let mut Ris = hint.Ris;
let (R_0_of_Z) = run_BLS12_381_EVAL_E12D_circuit(*Ris.pop_front().unwrap(), z);
let (_lhs) = run_BLS12_381_MP_CHECK_INIT_BIT_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
R_0_of_Z,
Expand All @@ -287,19 +273,17 @@ fn multi_pairing_check_bls12_381_2P_2F(

// rest of miller loop
let mut bits = bls_bits.span();
let mut R_i_index = 1;

while let Option::Some(bit) = bits.pop_front() {
let (R_i_of_z) = run_BLS12_381_EVAL_E12D_circuit(*Ris.pop_front().unwrap(), z);
R_i_index += 1;
let (_LHS, _c_i): (u384, u384) = match *bit {
0 => {
run_BLS12_381_MP_CHECK_BIT0_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
LHS,
f_i_of_z,
Expand All @@ -310,12 +294,12 @@ fn multi_pairing_check_bls12_381_2P_2F(
},
1 => {
run_BLS12_381_MP_CHECK_BIT1_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
LHS,
Expand All @@ -328,12 +312,12 @@ fn multi_pairing_check_bls12_381_2P_2F(
},
_ => {
run_BLS12_381_MP_CHECK_BIT00_2P_2F_circuit(
processed_pair0.yInv,
processed_pair0.xNegOverY,
yInv_0,
xNegOverY_0,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
processed_pair1.yInv,
processed_pair1.xNegOverY,
yInv_1,
xNegOverY_1,
*lines.pop_front().unwrap(),
*lines.pop_front().unwrap(),
LHS,
Expand Down

0 comments on commit d065331

Please sign in to comment.