-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: BN254 pairing #411
feat: BN254 pairing #411
Conversation
64aeba2
to
245b5f1
Compare
note on perf; compile time for R1CS is slowww, and mostly, due to known issues.
|
e57b0a6
to
8346b5e
Compare
So, rebased on top of develop and compile time is still slow (a few minutes), but doable. I did a profile but there wasn't anything very particular. There is a lot of work in assertIsBoolean, but this is to be expected (this PR is not using range checking yet. When range checking is merged then will start natively use them). Added documentation and examples. |
aca7e55
to
c2f401d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. It seems a mutatis-mutandis translation of the BN254 pairing in gnark-crypto, which is working fine. There are couple of circuit-specific optimisations that I started on a different PR. Also I'm thinking of how to do the infinity points filtering in-circuit or just proceed them (as the MultiMillerLoop is what is needed in the ECPAIR precompile). For the record, so far:
- MillerLoop:
Groth16 9.9M / Plonk 24.9M - FinalExp:
Groth16 11.4M / Plonk 29.4M
@ivokub One more thing, I would like to reorganise the packages a bit: |
I'm OK with that. At some point I tried to make the towers more general, but got a bit stuck with non-ideal type inference in Go generics. But it should get better with Go 1.21 and maybe then would make more sense. Right now I wouldn't generalize too much. I had at some point idea to implement BLS12-381 as it is asked for, I'll try it then. What do you think about having something like |
Totally agree. That's the best way to go. |
This PR adds pairing on BN254. The interface which is made public is small, but in general includes G2 and GT operations.