[feat] G2 scalar multiplication (#305)

* feat(std/sw_bls12377): G2 scalar multiplication * feat(std/sw_bls24315): G2 scalar multiplication
Consensys · Apr 14, 2022 · fbc8645 · fbc8645
1 parent 7b80430
commit fbc8645
Show file tree

Hide file tree

Showing 12 changed files with 972 additions and 157 deletions.
diff --git a/std/algebra/fields_bls12377/e2.go b/std/algebra/fields_bls12377/e2.go
@@ -232,3 +232,12 @@ func (e *E2) AssertIsEqual(api frontend.API, other E2) {
 	api.AssertIsEqual(e.A0, other.A0)
 	api.AssertIsEqual(e.A1, other.A1)
 }
+
+// Select sets e to r1 if b=1, r2 otherwise
+func (e *E2) Select(api frontend.API, b frontend.Variable, r1, r2 E2) *E2 {
+
+	e.A0 = api.Select(b, r1.A0, r2.A0)
+	e.A1 = api.Select(b, r1.A1, r2.A1)
+
+	return e
+}
diff --git a/std/algebra/fields_bls24315/e2.go b/std/algebra/fields_bls24315/e2.go
@@ -236,3 +236,12 @@ func (e *E2) AssertIsEqual(api frontend.API, other E2) {
 	api.AssertIsEqual(e.A0, other.A0)
 	api.AssertIsEqual(e.A1, other.A1)
 }
+
+// Select sets e to r1 if b=1, r2 otherwise
+func (e *E2) Select(api frontend.API, b frontend.Variable, r1, r2 E2) *E2 {
+
+	e.A0 = api.Select(b, r1.A0, r2.A0)
+	e.A1 = api.Select(b, r1.A1, r2.A1)
+
+	return e
+}
diff --git a/std/algebra/fields_bls24315/e4.go b/std/algebra/fields_bls24315/e4.go
@@ -245,3 +245,12 @@ func (e *E4) AssertIsEqual(api frontend.API, other E4) {
 	e.B0.AssertIsEqual(api, other.B0)
 	e.B1.AssertIsEqual(api, other.B1)
 }
+
+// Select sets e to r1 if b=1, r2 otherwise
+func (e *E4) Select(api frontend.API, b frontend.Variable, r1, r2 E4) *E4 {
+
+	e.B0.Select(api, b, r1.B0, r2.B0)
+	e.B1.Select(api, b, r1.B1, r2.B1)
+
+	return e
+}
diff --git a/std/algebra/sw_bls12377/g1.go b/std/algebra/sw_bls12377/g1.go
@@ -283,7 +283,7 @@ func (P *G1Affine) varScalarMul(api frontend.API, Q G1Affine, s frontend.Variabl
 	var tableQ, tablePhiQ [2]G1Affine
 	tableQ[1] = Q
 	tableQ[0].Neg(api, Q)
-	cc.phi(api, &tablePhiQ[1], &Q)
+	cc.phi1(api, &tablePhiQ[1], &Q)
 	tablePhiQ[0].Neg(api, tablePhiQ[1])
 
 	// We now initialize the accumulator. Due to the way the scalar is
@@ -345,7 +345,7 @@ func (P *G1Affine) constScalarMul(api frontend.API, Q G1Affine, s *big.Int) *G1A
 	var Acc, negQ, negPhiQ, phiQ G1Affine
 	cc := innerCurve(api.Compiler().Curve())
 	s.Mod(s, cc.fr)
-	cc.phi(api, &phiQ, &Q)
+	cc.phi1(api, &phiQ, &Q)
 
 	k := ecc.SplitScalar(s, cc.glvBasis)
 	if k[0].Sign() == -1 {