|
scalar_field_value_type | derive_non_zero () |
|
void | invalidate () |
|
void | merge () |
|
template<typename InputGTIterator > |
std::enable_if< std::is_same< gt_value_type, typename std::iterator_traits< InputGTIterator >::value_type >::value >::type | merge_nonrandom (InputGTIterator a_first, InputGTIterator a_last, const gt_value_type &out) |
|
template<typename InputG1Iterator , typename InputG2Iterator > |
std::enable_if< std::is_same< g1_value_type, typename std::iterator_traits< InputG1Iterator >::value_type >::value &&std::is_same< g2_value_type, typename std::iterator_traits< InputG2Iterator >::value_type >::value >::type | merge_random (InputG1Iterator a_first, InputG1Iterator a_last, InputG2Iterator b_first, InputG2Iterator b_last, const gt_value_type &out) |
|
| pairing_check () |
|
template<typename InputG1Iterator , typename InputG2Iterator , typename = typename std::enable_if< std::is_same<g1_value_type, typename std::iterator_traits<InputG1Iterator>::value_type>::value && std::is_same<g2_value_type, typename std::iterator_traits<InputG2Iterator>::value_type>::value, bool>::type> |
| pairing_check (InputG1Iterator a_first, InputG1Iterator a_last, InputG2Iterator b_first, InputG2Iterator b_last, const gt_value_type &out) |
|
bool | verify () |
|
template<typename CurveType, typename DistributionType, typename GeneratorType>
struct nil::crypto3::zk::snark::pairing_check< CurveType, DistributionType, GeneratorType >
TODO: optimize this simple version of pairing checker PairingCheck represents a check of the form e(A,B)e(C,D)... = T. Checks can be aggregated together using random linear combination. The efficiency comes from keeping the results from the miller loop output before proceding to a final exponentiation when verifying if all checks are verified. It is a tuple:
- a miller loop result that is to be multiplied by other miller loop results before going into a final exponentiation result
- a right side result which is already in the right subgroup Gt which is to be compared to the left side when "final_exponentiatiat"-ed
template<typename CurveType , typename DistributionType , typename GeneratorType >
template<typename InputG1Iterator , typename InputG2Iterator , typename = typename std::enable_if< std::is_same<g1_value_type, typename std::iterator_traits<InputG1Iterator>::value_type>::value && std::is_same<g2_value_type, typename std::iterator_traits<InputG2Iterator>::value_type>::value, bool>::type>
returns a pairing tuple that is scaled by a random element. When aggregating pairing checks, this creates a random linear combination of all checks so that it is secure. Specifically we have e(A,B)e(C,D)... = out <=> e(g,h)^{ab + cd} = out We rescale using a random element $r$ to give e(rA,B)e(rC,D) ... = out^r <=> e(A,B)^r e(C,D)^r = out^r <=> e(g,h)^{abr + cdr} = out^r (e(g,h)^{ab + cd})^r = out^r