Skip to content

Commit

Permalink
Python implementation for bn254 (alt_bn128) pairing (matter-labs#16)
Browse files Browse the repository at this point in the history 
* ecadd tests

* ecmul tests

* Add test utils

* Add test suit generator

* Remove old tests

* Update tests

* Fix ecadd

* Fix ecmul

* Handle modexp tests

* Add modexp tests

* Update call helper function

* Fix helper function

* Fix test utils

* Improve ecmul precompile

* Add test helper

* Add python script to test double and add algorithm (matter-labs#13)

* Add montgomery reduction algorithm

* Add Rust playground crate

* Update montgomery reduction script

* Add Montgomery reduction precompile

* ecAdd refactor

* Montgomery fix

* Add montgomery inv & modexp

* Fix N'

* Fix REDC

* Fix Montgomery modular inverse

* Remove comments

* Fix prints

* Change to bytes comparison instead of decoded output

* Patch tests with extra check for errors in ecadd and ecmul

* Add EOL

* Update modexp precompile

* Finish optimizing ecAdd & ecMul

* Implement optimized montgomery invmod

* modexpGasCost

* Cleanup

* Last version of ecAdd, ecMul & modexp

* Fix modexp tests calldata

* Fix modexp tests to pass with actual vm state

* Update Montgomery precompile

* Rename montgomery lib

* Add alt_bn128 projective point lib

* Add quadratic extension field arithmetic lib

* Add alt_bn128 pairing script

* Finish quadratic extension field arithmetics

Co-authored-by: Nacho Avecilla <nachoavecilla@gmail.com>

* Fix Montgomery lib

Co-authored-by: Nacho Avecilla <nachoavecilla@gmail.com>

* Implement double and addition steps

Co-authored-by: Nacho Avecilla <nachoavecilla@gmail.com>

* Arithmetics over Fp2 in Python (matter-labs#14)

* Finish fp2 arithmetic

* Add more precomputed values

* Fix fp2 inv

* Add EOF

* Rename module

* Fix point at infinity

* Rename lib

* Arithmetics over Fp6 in Python (matter-labs#15)

* Finish fp2 arithmetic

* Add more precomputed values

* Add arithmetic operations for fp6

* Update constant name

Co-authored-by: Ivan Litteri <67517699+ilitteri@users.noreply.github.com>

* Replace epsilon for XI

* Change script name

* Add multiplication by xi in fp2 and fp6

* Add alternative inverse method

* Fix inverse operation

---------

Co-authored-by: Iván Litteri <ilitteri@fi.uba.ar>
Co-authored-by: Ivan Litteri <67517699+ilitteri@users.noreply.github.com>

* Fp12 arithmetic (matter-labs#21)

* WIP

* add fp12 arithmetics

* fix typo

* add addition tests

* add sub test

* rename gamma function

* add mul tests

* fix function call

* fix typo

* mul fixes

* fix mul by 1

* fix square

* fix fp12 inverse

* add multiply by 2 asserts

* add EOF

---------

Co-authored-by: Iván Litteri <ilitteri@fi.uba.ar>

* Add jacobian coordinates in Python (matter-labs#22)

* Rename file

* Add implementation for jacobian projective coordinates

* Fix fp12 merge error

* Fix addition

* Rename function to check inifinity and add extra comments

* Fp2, Fp6 and Fp12 arithmetics in Yul (matter-labs#23)

* Add fp2 arithmetics

* Add fp6 arithmetics

* Rename funcs

* Fix compilation errors in fp6 operations

* Add tests for inverse and sub for fp2

* Fix square and multiplication for fp6

* Add tests for add, mul, sub and square in fp6

* add fp12 arithmetic

* Fix inverse in fp6

* Add tests for inverse in fp6

* add fp12 tests

* add inverse test for fp12

* changes mul for sub

---------

Co-authored-by: Iván Litteri <ilitteri@fi.uba.ar>
Co-authored-by: Joaquin Carletti <joaquin.carletti@lambdaclass.com>

* Add point addition and line evaluation algorithm (matter-labs#24)

* Point doubling and line evaluation (matter-labs#25)

* Refactor for line evaluation functions (matter-labs#29)

* Move point doubling and line evaluation to pairing file

* Change return type in point adding and line evaluation to match with doubling

* Remove incorrect parameter

* Change name to match with other pairing function

* add mul by gamma functions (matter-labs#31)

* Improve fp6 and fp12 arithmetics return type (matter-labs#35)

* Change fp6 return type to single tuple

* change return to single tuple

---------

Co-authored-by: Joaquin Carletti <joaquin.carletti@lambdaclass.com>

* add millers loop (matter-labs#30)

* add millers loop basics

* add PI functions to loop

* add neg of a G2 point

* add loop counter

* fix return of negate funciton

* fix loop_counter values

* rename utils file

* fix imports

* change constants to fp6 file

* fix miller loop set up

* add comment

* fix comment

* fix typo

* Add Final exponentiation (matter-labs#32)

* Add ten in montgomery form as constant

* Add frobenius operations

* Add negate operation for fp6

* Add conjugate operation for fp2

* Add operations in fp2 used in final exponentiation

* Add final exponentiation function

* Fix return types to match with new changes

* Add corrections to n_square function

* Use montgomery for gamma factors and add frobenius tests

* Add test for cyclotomic square

* Add another final exponentiation implementation and test

* fix fp6 arithmetic (matter-labs#42)

* Precompute Frobenius constants (matter-labs#44)

* Add pairing tests for python implementation (matter-labs#36)

* Add function utils to check elements in curve and twisted curve

* Add conditional for g2 from affine

* Add tests for conjugate in fp12 and fp2

* Fix miller loop errors

* Add pair function

* Add pairing test from eth tests

* Correct NAF representation

* Change exponentiation impl to be able to test it correctly

* Correct point doubling and miller loop

* Add test for point doubling and line evaluation

* add addition tests

* Add tests for frobenius

* Add line evaluation test after point addition

* Add point doubling and adding functions for projective coordinates

* Fix in miller loop function

* Add test refactors with new functions

* Fix constant for fp12

* Add functions for g2 in projective and affine

* Fix NAF representation

* add eth tests

* add tests names

* add expt

* change final_exp

* fix fp6 square

* Delete test generator for pairing in python

* Delete unnecesary comments

* Delete unused exponentiation function

* Delete unused import and old todo

* Improve naming of doubling and addition steps in miller loop

---------

Co-authored-by: Joaquin Carletti <joaquin.carletti@lambdaclass.com>

* Frobenius Operator in Yul (matter-labs#43)

* Implement Frobenius operator in Yul

* Fix Frobenius functions returns

* Fix Frobenius functions returns

* Add tests

* Update comment

* add mix addition in yul (matter-labs#45)

* Add function utils to check elements in curve and twisted curve

* Add conditional for g2 from affine

* Add tests for conjugate in fp12 and fp2

* Fix miller loop errors

* Add pair function

* Add pairing test from eth tests

* Correct NAF representation

* Change exponentiation impl to be able to test it correctly

* Correct point doubling and miller loop

* Add test for point doubling and line evaluation

* add addition tests

* Add tests for frobenius

* Add line evaluation test after point addition

* Add point doubling and adding functions for projective coordinates

* Fix in miller loop function

* Add test refactors with new functions

* Fix constant for fp12

* Add functions for g2 in projective and affine

* Fix NAF representation

* add eth tests

* add tests names

* add expt

* change final_exp

* fix fp6 square

* Delete test generator for pairing in python

* Delete unnecesary comments

* Delete unused exponentiation function

* Delete unused import and old todo

* Improve naming of doubling and addition steps in miller loop

* add mix addition in yul

* fix function

* Update precompiles/Playground.yul

Co-authored-by: Ivan Litteri <67517699+ilitteri@users.noreply.github.com>

---------

Co-authored-by: IAvecilla <iavecilla@fi.uba.ar>
Co-authored-by: Iván Litteri <ilitteri@fi.uba.ar>
Co-authored-by: Ivan Litteri <67517699+ilitteri@users.noreply.github.com>

* Add cyclotomicSquare and nSquare (matter-labs#47)

* Add function utils to check elements in curve and twisted curve

* Add conditional for g2 from affine

* Add tests for conjugate in fp12 and fp2

* Fix miller loop errors

* Add pair function

* Add pairing test from eth tests

* Correct NAF representation

* Change exponentiation impl to be able to test it correctly

* Correct point doubling and miller loop

* Add test for point doubling and line evaluation

* add addition tests

* Add tests for frobenius

* Add line evaluation test after point addition

* Add point doubling and adding functions for projective coordinates

* Fix in miller loop function

* Add test refactors with new functions

* Fix constant for fp12

* Add functions for g2 in projective and affine

* Fix NAF representation

* add eth tests

* add tests names

* add expt

* change final_exp

* fix fp6 square

* Delete test generator for pairing in python

* Delete unnecesary comments

* Delete unused exponentiation function

* Delete unused import and old todo

* Improve naming of doubling and addition steps in miller loop

* add cyclotomic square

* fix assignments

* add nSquare

---------

Co-authored-by: IAvecilla <iavecilla@fi.uba.ar>
Co-authored-by: Iván Litteri <ilitteri@fi.uba.ar>

* Add `t` exponentiation for fp12 in Yul (matter-labs#48)

* Add function utils to check elements in curve and twisted curve

* Add conditional for g2 from affine

* Add tests for conjugate in fp12 and fp2

* Fix miller loop errors

* Add pair function

* Add pairing test from eth tests

* Correct NAF representation

* Change exponentiation impl to be able to test it correctly

* Correct point doubling and miller loop

* Add test for point doubling and line evaluation

* add addition tests

* Add tests for frobenius

* Add line evaluation test after point addition

* Add point doubling and adding functions for projective coordinates

* Fix in miller loop function

* Add test refactors with new functions

* Fix constant for fp12

* Add functions for g2 in projective and affine

* Fix NAF representation

* add eth tests

* add tests names

* add expt

* change final_exp

* fix fp6 square

* Delete test generator for pairing in python

* Delete unnecesary comments

* Delete unused exponentiation function

* Delete unused import and old todo

* Improve naming of doubling and addition steps in miller loop

* Add implementation for exponentiation by t for fp12

---------

Co-authored-by: Joaquin Carletti <joaquin.carletti@lambdaclass.com>
Co-authored-by: Iván Litteri <ilitteri@fi.uba.ar>

* Add final exp in yul (matter-labs#49)

* Add function utils to check elements in curve and twisted curve

* Add conditional for g2 from affine

* Add tests for conjugate in fp12 and fp2

* Fix miller loop errors

* Add pair function

* Add pairing test from eth tests

* Correct NAF representation

* Change exponentiation impl to be able to test it correctly

* Correct point doubling and miller loop

* Add test for point doubling and line evaluation

* add addition tests

* Add tests for frobenius

* Add line evaluation test after point addition

* Add point doubling and adding functions for projective coordinates

* Fix in miller loop function

* Add test refactors with new functions

* Fix constant for fp12

* Add functions for g2 in projective and affine

* Fix NAF representation

* add eth tests

* add tests names

* add expt

* change final_exp

* fix fp6 square

* Delete test generator for pairing in python

* Delete unnecesary comments

* Delete unused exponentiation function

* Delete unused import and old todo

* Improve naming of doubling and addition steps in miller loop

* add final exponentiation

* Update precompiles/Playground.yul

Co-authored-by: Ivan Litteri <67517699+ilitteri@users.noreply.github.com>

---------

Co-authored-by: IAvecilla <iavecilla@fi.uba.ar>
Co-authored-by: Ivan Litteri <67517699+ilitteri@users.noreply.github.com>

* Point doubling step of the miller loop in Yul (matter-labs#46)

* Add function utils to check elements in curve and twisted curve

* Add conditional for g2 from affine

* Add tests for conjugate in fp12 and fp2

* Fix miller loop errors

* Add pair function

* Add pairing test from eth tests

* Correct NAF representation

* Change exponentiation impl to be able to test it correctly

* Correct point doubling and miller loop

* Add test for point doubling and line evaluation

* add addition tests

* Add tests for frobenius

* Add line evaluation test after point addition

* Add point doubling and adding functions for projective coordinates

* Fix in miller loop function

* Add test refactors with new functions

* Fix constant for fp12

* Add functions for g2 in projective and affine

* Fix NAF representation

* add eth tests

* add tests names

* add expt

* change final_exp

* fix fp6 square

* Delete test generator for pairing in python

* Delete unnecesary comments

* Delete unused exponentiation function

* Delete unused import and old todo

* Improve naming of doubling and addition steps in miller loop

* Add implementation for point doubling step of the miller loop

* Fix fp2 neg function parameters

* Fix typo in parameters to return

* Add precomputation for inverse of two

---------

Co-authored-by: Joaquin Carletti <joaquin.carletti@lambdaclass.com>

* G2 Twist in Yul (matter-labs#50)

* Add basic functionality for G2 Twist

* Rename neg to g2Neg

* Rename functions and fix compilation errors

* Miller loop in yul (matter-labs#52)

* Clean playground code for pairing migration

* ecPairing common tests for all Ethereum implementations (matter-labs#51)

* Add ecpairing official tests

* Change tests path for test generator script

---------

Co-authored-by: IAvecilla <iavecilla@fi.uba.ar>
Co-authored-by: Joaquin Carletti <56092489+ColoCarletti@users.noreply.github.com>
Co-authored-by: Joaquin Carletti <joaquin.carletti@lambdaclass.com>
  • Loading branch information
@ilitteri @IAvecilla @ColoCarletti
4 people authored Sep 11, 2023
1 parent de71908 commit e2e7e5e
Show file tree
Hide file tree
Showing 13 changed files with 2,553 additions and 23 deletions.
1,000 changes: 985 additions & 15 deletions precompiles/Playground.yul
View file

Large diffs are not rendered by default.

240 changes: 240 additions & 0 deletions scripts/alt_bn128_pairing.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,240 @@
import pairing_utils
import montgomery as monty
import fp2 as fp2
import fp12
import frobenius as frb
import g2
import pairing_utils as utils

def double_step(Xq0, Xq1, Yq0, Yq1, Zq0, Zq1):
two_inv = monty.inv(monty.TWO)
t0 = fp2.mul(Xq0,Xq1,Yq0,Yq1)
A = fp2.scalar_mul(*t0, two_inv)
B = fp2.mul(Yq0, Yq1, Yq0, Yq1)
C = fp2.mul(Zq0, Zq1, Zq0, Zq1)
D = fp2.add(*C, *C)
D = fp2.add(*D, *C)
E = fp2.mul(*D, *utils.TWISTED_CURVE_COEFFS)
F = fp2.add(*E, *E)
F = fp2.add(*F, *E)
G = fp2.add(*B, *F)
G = fp2.scalar_mul(*G, two_inv)
H = fp2.add(Yq0, Yq1, Zq0, Zq1)
H = fp2.mul(*H, *H)
t1 = fp2.add(*B, *C)
H = fp2.sub(*H, *t1)
I = fp2.sub(*E, *B)
J = fp2.mul(Xq0, Xq1, Xq0, Xq1)
EE = fp2.mul(*E, *E)
K = fp2.add(*EE,*EE)
K = fp2.add(*K,*EE)

Tx = fp2.sub(*B, *F)
Tx = fp2.mul(*Tx, *A)

Ty = fp2.mul(*G, *G)
Ty = fp2.sub(*Ty, *K)

Tz = fp2.mul(*B, *H)

l0 = fp2.neg(*H)
l1 = fp2.add(*J, *J)
l1 = fp2.add(*l1, *J)
l2 = I

l = (*l0,0,0,0,0,*l1,*l2,0,0)
T = Tx + Ty + Tz
return l,T

def mixed_addition_step(Xq0, Xq1, Yq0, Yq1, Xt0, Xt1, Yt0, Yt1, Zt0, Zt1):
temp = fp2.mul(Yq0,Yq1,Zt0,Zt1)
O = fp2.sub(Yt0,Yt1,*temp)
temp = fp2.mul(Xq0,Xq1,Zt0,Zt1)
L = fp2.sub(Xt0,Xt1,*temp)
C = fp2.mul(*O,*O)
D = fp2.mul(*L,*L)
E = fp2.mul(*L,*D)
F = fp2.mul(Zt0,Zt1,*C)
G = fp2.mul(Xt0,Xt1,*D)
temp = fp2.add(*G,*G)
H = fp2.add(*E,*F)
H = fp2.sub(*H,*temp)
temp = fp2.mul(Yt0, Yt1, *E)

Tx0, Tx1 = fp2.mul(*L,*H)
Ty0, Ty1 = fp2.sub(*G,*H)
Ty0, Ty1 = fp2.mul(Ty0,Ty1,*O)
Ty0, Ty1 = fp2.sub(Ty0,Ty1,*temp)
Tz0, Tz1 = fp2.mul(*E, Zt0, Zt1)

temp = fp2.mul(*L,Yq0,Yq1)
J = fp2.mul(Xq0,Xq1,*O)
J = fp2.sub(*J, *temp)

l0 = L
l1 = fp2.neg(*O)
l2 = J

l = (*l0,0,0,0,0,*l1,*l2,0,0)
T = Tx0, Tx1, Ty0, Ty1, Tz0, Tz1

return l, T

# Algorithm 6 from https://eprint.iacr.org/2015/192.pdf
def final_exponentiation(a_000, a_001, a_010, a_011, a_020, a_021, a_100, a_101, a_110, a_111, a_120, a_121):
f = (a_000, a_001, a_010, a_011, a_020, a_021, a_100, a_101, a_110, a_111, a_120, a_121)

# First part
t0 = fp12.conjugate(*f)
f= fp12.inv(*f)
t0 = fp12.mul(*t0, *f)
f_aux = frb.frobenius_square(*t0)
f = fp12.mul(*f_aux, *t0)

# Second part
t0 = fp12.expt(*f)
t0 = fp12.conjugate(*t0)
t0 = fp12.cyclotomic_square(*t0)
t1 = fp12.cyclotomic_square(*t0)
t1 = fp12.mul(*t0,*t1)
t2 = fp12.expt(*t1)
t2 = fp12.conjugate(*t2)
t3 = fp12.conjugate(*t1)
t1 = fp12.mul(*t2,*t3)
t3 = fp12.cyclotomic_square(*t2)
t4 = fp12.expt(*t3)
t4 = fp12.mul(*t4,*t1)
t3 = fp12.mul(*t4,*t0)
t0 = fp12.mul(*t2,*t4)
t0 = fp12.mul(*t0,*f)
t2 = frb.frobenius(*t3)
t0 = fp12.mul(*t2,*t0)
t2 = frb.frobenius_square(*t4)
t0 = fp12.mul(*t2,*t0)
t2 = fp12.conjugate(*f)
t2 = fp12.mul(*t2,*t3)
t2 = frb.frobenius_cube(*t2)
t0 = fp12.mul(*t2,*t0)

return t0

def miller_loop(Xq0, Xq1, Yq0, Yq1, xp, yp):

Q = Xq0, Xq1, Yq0, Yq1
T = g2.from_affine(Xq0, Xq1, Yq0, Yq1)
f = fp12.ONE

for i in range(len(utils.S_NAF) - 2, -1, -1):
f = fp12.square(*f)

line_eval, point_double = double_step(*T)
aux = list(line_eval)
aux[0], aux[1] = fp2.scalar_mul(aux[0], aux[1], yp)
aux[6], aux[7] = fp2.scalar_mul(aux[6], aux[7], xp)
line_eval = tuple(aux)
f = fp12.mul(*f,*line_eval)
T = point_double

if pairing_utils.S_NAF[i] == -1:
minus_Q = g2.neg(*Q)
line_eval, point_adding = mixed_addition_step(*minus_Q, *T)
aux = list(line_eval)
aux[0], aux[1] = fp2.scalar_mul(aux[0], aux[1], yp)
aux[6], aux[7] = fp2.scalar_mul(aux[6], aux[7], xp)
line_eval = tuple(aux)
f = fp12.mul(*f, *line_eval)
T = point_adding

elif pairing_utils.S_NAF[i] == 1:
line_eval, point_adding = mixed_addition_step(*Q,*T)
aux = list(line_eval)
aux[0], aux[1] = fp2.scalar_mul(aux[0], aux[1], yp)
aux[6], aux[7] = fp2.scalar_mul(aux[6], aux[7], xp)
line_eval = tuple(aux)
f = fp12.mul(*f,*line_eval)
T = point_adding

# Q1 <- pi_p(Q)
X_q0, X_q1 = fp2.conjugate(Xq0, Xq1)
Y_q0, Y_q1 = fp2.conjugate(Yq0, Yq1)
X_q0, X_q1 = frb.mul_by_gamma_1_2(X_q0, X_q1)
Y_q0, Y_q1 = frb.mul_by_gamma_1_3(Y_q0, Y_q1)
Q1 = X_q0, X_q1, Y_q0, Y_q1

# Q2 <- pi_p_square(Q)
X_q20, X_q21 = frb.mul_by_gamma_2_2(Xq0, Xq1)
Y_q20, Y_q21 = frb.mul_by_gamma_2_3(Yq0, Yq1)
Y_q20, Y_q21 = fp2.neg(Y_q20, Y_q21)
Q2 = X_q20, X_q21, Y_q20, Y_q21

line_eval, point_adding = mixed_addition_step(*Q1,*T)
aux = list(line_eval)
aux[0], aux[1] = fp2.scalar_mul(aux[0], aux[1], yp)
aux[6], aux[7] = fp2.scalar_mul(aux[6], aux[7], xp)
line_eval = tuple(aux)
f = fp12.mul(*f,*line_eval)
T = point_adding

line_eval, point_adding = mixed_addition_step(*Q2,*T)
aux = list(line_eval)
aux[0], aux[1] = fp2.scalar_mul(aux[0], aux[1], yp)
aux[6], aux[7] = fp2.scalar_mul(aux[6], aux[7], xp)
line_eval = tuple(aux)
f = fp12.mul(*f,*line_eval)
T = point_adding

return f

def pair(xp, yp, Xq0, Xq1, Yq0, Yq1):
f = miller_loop(Xq0, Xq1, Yq0, Yq1, xp, yp)
f = final_exponentiation(*f)
return f

def main():
# From Ethereum tests
# 1c76476f4def4bb94541d57ebba1193381ffa7aa76ada664dd31c16024c43f59 -> Xp1
# 3034dd2920f673e204fee2811c678745fc819b55d3e9d294e45c9b03a76aef41 -> Yp1

# 209dd15ebff5d46c4bd888e51a93cf99a7329636c63514396b4a452003a35bf7 -> Xq11
# 04bf11ca01483bfa8b34b43561848d28905960114c8ac04049af4b6315a41678 -> Xq10
# 2bb8324af6cfc93537a2ad1a445cfd0ca2a71acd7ac41fadbf933c2a51be344d -> Yq11
# 120a2a4cf30c1bf9845f20c6fe39e07ea2cce61f0c9bb048165fe5e4de877550 -> Yq10

# 111e129f1cf1097710d41c4ac70fcdfa5ba2023c6ff1cbeac322de49d1b6df7c -> Xp2
# 2032c61a830e3c17286de9462bf242fca2883585b93870a73853face6a6bf411 -> Yp2

# 198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c2 -> Xq21
# 1800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed -> Xq20
# 090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b -> Yq21
# 12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa -> Yq20

xp0 = monty.into(12873740738727497448187997291915224677121726020054032516825496230827252793177)
yp0 = monty.into(21804419174137094775122804775419507726154084057848719988004616848382402162497)
Xq0 = monty.into(2146841959437886920191033516947821737903543682424168472444605468016078231160)
Xq1 = monty.into(14752851163271972921165116810778899752274893127848647655434033030151679466487)
Yq0 = monty.into(8159591693044959083845993640644415462154314071906244874217244895511876957520)
Yq1 = monty.into(19774899457345372253936887903062884289284519982717033379297427576421785416781)

assert(utils.is_in_curve(xp0, yp0))
assert(utils.is_in_twisted_curve(Xq0, Xq1, Yq0, Yq1))

xp1 = monty.into(7742452358972543465462254569134860944739929848367563713587808717088650354556)
yp1 = monty.into(14563720768440487558151020426243236708567496944263114635856508834497000371217)
Xt0 = monty.into(10857046999023057135944570762232829481370756359578518086990519993285655852781)
Xt1 = monty.into(11559732032986387107991004021392285783925812861821192530917403151452391805634)
Yt0 = monty.into(8495653923123431417604973247489272438418190587263600148770280649306958101930)
Yt1 = monty.into(4082367875863433681332203403145435568316851327593401208105741076214120093531)

assert(utils.is_in_curve(xp1, yp1))
assert(utils.is_in_twisted_curve(Xt0, Xt1, Yt0, Yt1))


# Pairing Test
a = pair(xp0, yp0, Xq0, Xq1, Yq0, Yq1)
b = pair(xp1, yp1, Xt0, Xt1, Yt0, Yt1)
result = fp12.mul(*a, *b)
assert(result == fp12.ONE)
pass

if __name__ == '__main__':
main()
Loading

0 comments on commit e2e7e5e

Please sign in to comment.