Skip to content

Commit

Permalink
Precompute G1 point for miller loop (#263)
Browse files Browse the repository at this point in the history 
* Precompute point in G1 to avoid calculate them in miller loop each time

* Fix miller loop with precompute point
  • Loading branch information
@IAvecilla
IAvecilla authored Apr 20, 2024
1 parent ec9a700 commit 4bdfebf
Showing 1 changed file with 12 additions and 8 deletions.
20 changes: 12 additions & 8 deletions precompiles/EcPairing.yul
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1360,7 +1360,8 @@ object "EcPairing" {
t130, t131 := fp2Add(t130, t131, t120, t121)

// l0
l00, l01 := fp2Neg(t80, t81)
l00 := t80
l01 := t81
l10 := zero
l11 := zero
l20 := zero
Expand Down Expand Up @@ -1442,7 +1443,8 @@ object "EcPairing" {
l21 := zero

// l1
l30, l31 := fp2Neg(t10, t11)
l30 := t10
l31 := t11

// l2
l40 := t90
Expand Down Expand Up @@ -1558,11 +1560,13 @@ object "EcPairing" {
let naf := NAF_REPRESENTATIVE()
let n_iter := 63
let l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51
let myp := montgomerySub(0, yp)
let mxp := montgomerySub(0, xp)

// Computes the first iteration of Millers loop outside to avoid unecesariy square
// NAF[64] == 0
l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := doubleStep(t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l00, l01 := fp2ScalarMul(l00, l01, myp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)

Expand All @@ -1577,30 +1581,30 @@ object "EcPairing" {
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)
l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(xq0, xq1, yq0, yq1, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)

for {let i := 0} lt(i, n_iter) { i := add(i, 1) } {
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Square(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121)

l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := doubleStep(t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l00, l01 := fp2ScalarMul(l00, l01, myp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)

// naf digit = 1
if and(naf, 1) {
l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(xq0, xq1, yq0, yq1, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)
}

// naf digit = -1
if and(naf, 2) {
l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(mq00, mq01, mq10, mq11, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)
}

Expand All @@ -1618,7 +1622,7 @@ object "EcPairing" {

l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(r00, r01, r10, r11, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)

l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51 := computeLine(r20, r21, r30, r31, t00, t01, t10, t11, t20, t21)
Expand Down

0 comments on commit 4bdfebf

Please sign in to comment.