-
Notifications
You must be signed in to change notification settings - Fork 263
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
affine versioned pairing supporting for BitVM #846
base: master
Are you sure you want to change the base?
Conversation
So this pairing computation results in another target group element? |
the test result proves that it's equal with current pairing result (same element of Gt), even so for the sake of consistency with script implementation in BitVM we need a benchmark, this pairing in arkworks is my benchmark |
Eh. Why then we need code that computes the same result in a supposedly slower way? |
Okay, let me introduce a naive and toy case to explain why we need that, what the benchmark actually mean. If I want to implement a division algorithm for two numbers (whatever number is okay, even big integer) with javascript language, say So if I use assertion |
PS: Most of the time, you are computing pairings (in snark verifier), so projective is your option, if you are verifying pairings, affine is your option. It's the best option for recursive snark. |
I think what will happen with this PR is that it would be held off until the R1CS gadget for verifying affine pairing is done. If the value is the same, we do not need this in algebra, and the R1CS witness generation would be in R1CS. |
Description
This PR propose is to give caller an another more option to choose when do pairing. In current implementation, the coefficients of divisor line function is computed through projective coordinates as it's more efficient (than affine coordinates) when computing pairings, while it's not when verifying pairings (recursive snark). As Andrija and Liam stated in 5.2 section of On Proving Pairings.
So for supporting verifying pairings for BN254 in BitVM, I add one more optional method for pairing.
closes: #XXXX
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
Pending
section inCHANGELOG.md
Files changed
in the GitHub PR explorer