diff --git a/ecc/bw6-633/pairing.go b/ecc/bw6-633/pairing.go index 2f6fc9102..fec9c44ba 100644 --- a/ecc/bw6-633/pairing.go +++ b/ecc/bw6-633/pairing.go @@ -208,30 +208,12 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) { // precomputations pProj0 := make([]g1Proj, n) p1 := make([]G1Affine, n) - pProj01 := make([]g1Proj, n) // P0+P1 - pProj10 := make([]g1Proj, n) // P0-P1 - l01 := make([]lineEvaluation, n) - l10 := make([]lineEvaluation, n) for k := 0; k < n; k++ { p1[k].Y.Set(&p0[k].Y) p1[k].X.Mul(&p0[k].X, &thirdRootOneG1) p0[k].Neg(&p0[k]) pProj0[k].FromAffine(&p0[k]) - - // l_{p0,p1}(q) - pProj01[k].Set(&pProj0[k]) - pProj01[k].addMixedStep(&l01[k], &p1[k]) - l01[k].r1.Mul(&l01[k].r1, &q[k].X) - l01[k].r0.Mul(&l01[k].r0, &q[k].Y) - - // l_{-p0,p1}(q) - pProj10[k].Neg(&pProj0[k]) - pProj10[k].addMixedStep(&l10[k], &p1[k]) - l10[k].r1.Mul(&l10[k].r1, &q[k].X) - l10[k].r0.Mul(&l10[k].r0, &q[k].Y) } - p01 := BatchProjectiveToAffineG1(pProj01) - p10 := BatchProjectiveToAffineG1(pProj10) // f_{a0+λ*a1,P}(Q) var result GT @@ -299,20 +281,7 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) { l0.r0.Mul(&l0.r0, &q[k].Y) switch j { - case -4: - tmp.Neg(&p01[k]) - // pProj0[k] ← pProj0[k]-p01[k] and - // l the line ℓ passing pProj0[k] and -p01[k] - pProj0[k].addMixedStep(&l, &tmp) - // line evaluation at Q[k] - l.r1.Mul(&l.r1, &q[k].X) - l.r0.Mul(&l.r0, &q[k].Y) - // ℓ × ℓ - prodLines = fptower.Mul034By034(&l.r0, &l.r1, &l.r2, &l01[k].r0, &l01[k].r1, &l01[k].r2) - // ℓ × res - result.MulBy034(&l0.r0, &l0.r1, &l0.r2) - // (ℓ × ℓ) × res - result.MulBy01234(&prodLines) + // cases -4, -2, 2, 4 do not occur given the static loopCounters case -3: tmp.Neg(&p1[k]) // pProj0[k] ← pProj0[k]-p1[k] and @@ -325,19 +294,6 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) { prodLines = fptower.Mul034By034(&l.r0, &l.r1, &l.r2, &l0.r0, &l0.r1, &l0.r2) // (ℓ × ℓ) × res result.MulBy01234(&prodLines) - case -2: - // pProj0[k] ← pProj0[k]+p10[k] and - // l the line ℓ passing pProj0[k] and p10[k] - pProj0[k].addMixedStep(&l, &p10[k]) - // line evaluation at Q[k] - l.r1.Mul(&l.r1, &q[k].X) - l.r0.Mul(&l.r0, &q[k].Y) - // ℓ × ℓ - prodLines = fptower.Mul034By034(&l.r0, &l.r1, &l.r2, &l01[k].r0, &l01[k].r1, &l01[k].r2) - // ℓ × res - result.MulBy034(&l0.r0, &l0.r1, &l0.r2) - // (ℓ × ℓ) × res - result.MulBy01234(&prodLines) case -1: tmp.Neg(&p0[k]) // pProj0[k] ← pProj0[k]-p0[k] and @@ -364,20 +320,6 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) { prodLines = fptower.Mul034By034(&l.r0, &l.r1, &l.r2, &l0.r0, &l0.r1, &l0.r2) // (ℓ × ℓ) × res result.MulBy01234(&prodLines) - case 2: - tmp.Neg(&p10[k]) - // pProj0[k] ← pProj0[k]-p10[k] and - // l the line ℓ passing pProj0[k] and -p10[k] - pProj0[k].addMixedStep(&l, &tmp) - // line evaluation at Q[k] - l.r1.Mul(&l.r1, &q[k].X) - l.r0.Mul(&l.r0, &q[k].Y) - // ℓ × ℓ - prodLines = fptower.Mul034By034(&l.r0, &l.r1, &l.r2, &l01[k].r0, &l01[k].r1, &l01[k].r2) - // ℓ × res - result.MulBy034(&l0.r0, &l0.r1, &l0.r2) - // (ℓ × ℓ) × res - result.MulBy01234(&prodLines) case 3: // pProj0[k] ← pProj0[k]+p1[k] and // l the line ℓ passing pProj0[k] and p1[k] @@ -389,19 +331,6 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) { prodLines = fptower.Mul034By034(&l.r0, &l.r1, &l.r2, &l0.r0, &l0.r1, &l0.r2) // (ℓ × ℓ) × res result.MulBy01234(&prodLines) - case 4: - // pProj0[k] ← pProj0[k]+p01[k] and - // l the line ℓ passing pProj0[k] and p01[k] - pProj0[k].addMixedStep(&l, &p01[k]) - // line evaluation at Q[k] - l.r1.Mul(&l.r1, &q[k].X) - l.r0.Mul(&l.r0, &q[k].Y) - // ℓ × ℓ - prodLines = fptower.Mul034By034(&l.r0, &l.r1, &l.r2, &l01[k].r0, &l01[k].r1, &l01[k].r2) - // ℓ × res - result.MulBy034(&l0.r0, &l0.r1, &l0.r2) - // (ℓ × ℓ) × res - result.MulBy01234(&prodLines) default: return GT{}, errors.New("invalid loopCounter") }