-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[feat] BN254 AssertFinalExponentiationIsOne (#515)
* Add final exponentiation traits * WIP; test failing * Updated bn254 final exp * Add WIP native exponentiation as a test * debug: add debug assert to only call final exp hint when finalexp=1 * Try e(aP,bQ)e(cP,dQ) where a=5,b=10,c=-2,d=25 * Fix point negation; still failing * Rename vars * verify miller points match * It's working * Fix lints * Update cargo * Remove eyre conflict for workflow * Revert "Remove eyre conflict for workflow" This reverts commit 61dfdf4. * Use master color-eyre * Update ecc/execution/src/common/miller_loop.rs * Address PR comments --------- Co-authored-by: Jonathan Wang <[email protected]>
- Loading branch information
1 parent
73dd83d
commit f25bfc1
Showing
24 changed files
with
738 additions
and
170 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
use halo2curves_axiom::ff::Field; | ||
|
||
use super::{EcPoint, ExpBigInt, FieldExtension}; | ||
|
||
#[allow(non_snake_case)] | ||
pub trait FinalExp<Fp, Fp2, Fp12> | ||
where | ||
Fp: Field, | ||
Fp2: FieldExtension<BaseField = Fp>, | ||
Fp12: FieldExtension<BaseField = Fp2> + ExpBigInt<Fp12>, | ||
{ | ||
/// Assert in circuit that the final exponentiation is equal to one. The actual final | ||
/// exponentiaton is calculated out of circuit via final_exp_hint. Scalar coefficients | ||
/// to the curve points must equal to zero, which is checked in a debug_assert. | ||
fn assert_final_exp_is_one(&self, f: Fp12, P: &[EcPoint<Fp>], Q: &[EcPoint<Fp2>]); | ||
|
||
/// Generates a hint for the final exponentiation to be calculated out of circuit | ||
/// Input is the result of the Miller loop | ||
/// Output is c (residue witness inverse) and u (cubic nonresidue power) | ||
fn final_exp_hint(&self, f: Fp12) -> (Fp12, Fp12); | ||
} |
Oops, something went wrong.