- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
Classes | |
| struct | g1Projective |
| Struct representing a point in G1 in homogeneous projective coordinates. More... | |
| struct | g2Projective |
| struct | miller_lines |
Functions | |
| constexpr void | doubling_step_for_miller_loop (g2Projective &work_point, fq12::ell_coeffs &line) |
| Doubling step for Miller loop calculation. | |
| constexpr void | mixed_addition_step_for_miller_loop (const g2Projective &Q, g2Projective &work_point, fq12::ell_coeffs &line) |
| Addition step for Miller loop calculation. | |
| constexpr void | precompute_miller_lines (const g2Projective &Q, miller_lines &lines) |
| Precomputation of Miller lines for a point Q in G2. | |
| constexpr void | precompute_miller_lines (const g2::element &Q, miller_lines &lines) |
| constexpr fq12 | miller_loop (const g1::affine_element &P, const miller_lines &lines) |
| Miller loop implementation. | |
| constexpr fq12 | miller_loop_batch (const g1::affine_element *points, const miller_lines *lines, size_t num_pairs) |
| Compute the Miller loop for multiple pairs of points. | |
| constexpr g2Projective | twisted_frobenius (const g2Projective &a) |
| Compute \(\Psi^{-1} \circ \phi_q \circ \Psi(Q)\) where \(\Psi\) is the untwisting isomorphism and \(\phi_q\) is the Frobenius morphism. | |
| constexpr fq12 | final_exponentiation_easy_part (const fq12 &elt) |
| constexpr fq12 | final_exponentiation_exp_by_z (const fq12 &elt) |
| constexpr fq12 | final_exponentiation_tricky_part (const fq12 &elt) |
| constexpr fq12 | reduced_ate_pairing (const g1::affine_element &P_affine, const g2::affine_element &Q_affine) |
| fq12 | reduced_ate_pairing_batch_precomputed (const g1::affine_element *P_affines, const miller_lines *lines, const size_t num_points) |
| fq12 | reduced_ate_pairing_batch (const g1::affine_element *P_affines, const g2::affine_element *Q_affines, const size_t num_points) |
Variables | |
| constexpr size_t | loop_length = 64 |
| constexpr size_t | z_loop_length = 62 |
| constexpr size_t | precomputed_coefficients_length = 87 |
| constexpr std::array< uint8_t, loop_length > | loop_bits |
| constexpr std::array< bool, z_loop_length > | z_loop_bits |
| constexpr fq | two_inv = fq(2).invert() |
|
constexpr |
Doubling step for Miller loop calculation.
This function computes the constants required to evaluate the tangent line at work_point and updates work_point to 2 * work_point. The formulas are taken from https://cacr.uwaterloo.ca/techreports/2012/cacr2012-17.pdf, section 4.2.
| work_point | |
| line |
Definition at line 42 of file pairing_impl.hpp.
Definition at line 213 of file pairing_impl.hpp.
Definition at line 220 of file pairing_impl.hpp.
Definition at line 233 of file pairing_impl.hpp.
|
constexpr |
Miller loop implementation.
This function computes the Miller loop
\[ f_{6z + 2, Q}(P) \cdot l_{(6z + 2)Q, Q'}(P) \cdot l_{(6z + 2)Q + Q', -Q''}(P) \]
where Q' is the image of Q under the Frobenius map and Q'' is minus the image of Q' under the Frobenius map. For the point P and the precomputed Miller lines of Q.
| P | |
| lines |
Definition at line 124 of file pairing_impl.hpp.
|
constexpr |
Compute the Miller loop for multiple pairs of points.
The structure of the Miller loop allows computing the product of the Miller loops for multiple pairs (P_i, Q_i) with a single loop over the bits of 6z + 2: at each step in the loop we aggregate all the contributions from each point so to perform a single squaring.
| points | |
| lines | |
| num_pairs |
Definition at line 165 of file pairing_impl.hpp.
|
constexpr |
Addition step for Miller loop calculation.
This function computes the constants required to evaluate the line through work_point and Q and updates work_point to work_point + Q. The formulas are taken from https://cacr.uwaterloo.ca/techreports/2012/cacr2012-17.pdf, section 4.2.
| Q | |
| work_point | |
| line |
Definition at line 64 of file pairing_impl.hpp.
|
constexpr |
Definition at line 116 of file pairing_impl.hpp.
|
constexpr |
Precomputation of Miller lines for a point Q in G2.
This function computes the lines that are evaluated in the calculation of the Miller loop for the point Q. Setting work_point = Q as the MSB bit in the signed decomposition of 6z + 2 is 1, for each bit in the signed decomposition of 6z + 2 (except the MSB) we need:
| Q | |
| lines |
Definition at line 90 of file pairing_impl.hpp.
|
constexpr |
Definition at line 258 of file pairing_impl.hpp.
| fq12 bb::pairing::reduced_ate_pairing_batch | ( | const g1::affine_element * | P_affines, |
| const g2::affine_element * | Q_affines, | ||
| const size_t | num_points | ||
| ) |
Definition at line 300 of file pairing_impl.hpp.
| fq12 bb::pairing::reduced_ate_pairing_batch_precomputed | ( | const g1::affine_element * | P_affines, |
| const miller_lines * | lines, | ||
| const size_t | num_points | ||
| ) |
Definition at line 284 of file pairing_impl.hpp.
|
inlineconstexpr |
Compute \(\Psi^{-1} \circ \phi_q \circ \Psi(Q)\) where \(\Psi\) is the untwisting isomorphism and \(\phi_q\) is the Frobenius morphism.
| a |
Definition at line 27 of file pairing_impl.hpp.
|
constexpr |
Definition at line 33 of file pairing.hpp.
|
constexpr |
Definition at line 21 of file pairing.hpp.
|
constexpr |
Definition at line 28 of file pairing.hpp.
Definition at line 18 of file pairing_impl.hpp.
|
constexpr |
Definition at line 39 of file pairing.hpp.
|
constexpr |
Definition at line 23 of file pairing.hpp.
1.9.8