Skip to content

Commit

Permalink
Precompute point in G1 to avoid calculate them in miller loop each time
Browse files Browse the repository at this point in the history
  • Loading branch information
@IAvecilla
IAvecilla committed Apr 19, 2024
1 parent 89430dc commit 3fe5d8a
Showing 1 changed file with 13 additions and 9 deletions.
22 changes: 13 additions & 9 deletions precompiles/EcPairing.yul
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1287,7 +1287,8 @@ object "EcPairing" {
t130, t131 := fp2Add(t130, t131, t120, t121)

// l0
l00, l01 := fp2Neg(t80, t81)
l00 := t80
l01 := t81
l10 := zero
l11 := zero
l20 := zero
Expand Down Expand Up @@ -1369,7 +1370,8 @@ object "EcPairing" {
l21 := zero

// l1
l30, l31 := fp2Neg(t10, t11)
l30 := t10
l31 := t11

// l2
l40 := t90
Expand Down Expand Up @@ -1485,11 +1487,13 @@ object "EcPairing" {
let naf := NAF_REPRESENTATIVE()
let n_iter := 63
let l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51 := FP12_ONE()
let myp := montgomerySub(0, yp)
let mxp := montgomerySub(0, xp)

// Computes the first iteration of Millers loop outside to avoid unecesariy square
// NAF[64] == 0
l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := doubleStep(t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l00, l01 := fp2ScalarMul(l00, l01, myp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)

Expand All @@ -1504,30 +1508,30 @@ object "EcPairing" {
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)
l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(xq0, xq1, yq0, yq1, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)

for {let i := 0} lt(i, n_iter) { i := add(i, 1) } {
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Square(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121)

l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := doubleStep(t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l00, l01 := fp2ScalarMul(l00, l01, myp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)

// naf digit = 1
if and(naf, 2) {
l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(xq0, xq1, yq0, yq1, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)
}

// naf digit = -1
if and(naf, 4) {
l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(mq00, mq01, mq10, mq11, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)
}

Expand All @@ -1545,12 +1549,12 @@ object "EcPairing" {

l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(r00, r01, r10, r11, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)

l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51, t00, t01, t10, t11, t20, t21 := mixedAdditionStep(r20, r21, r30, r31, t00, t01, t10, t11, t20, t21)
l00, l01 := fp2ScalarMul(l00, l01, yp)
l30, l31 := fp2ScalarMul(l30, l31, xp)
l30, l31 := fp2ScalarMul(l30, l31, mxp)
f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121 := fp12Mul(f000, f001, f010, f011, f020, f021, f100, f101, f110, f111, f120, f121, l00, l01, l10, l11, l20, l21, l30, l31, l40, l41, l50, l51)
}

Expand Down

0 comments on commit 3fe5d8a

Please sign in to comment.