Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pairing: Refactor traits to reflect bls12_381 crate API #238

Merged
merged 7 commits into from
Jun 16, 2020
Merged

pairing: Refactor traits to reflect bls12_381 crate API #238

merged 7 commits into from
Jun 16, 2020

Conversation

str4d
Copy link
Contributor

@str4d str4d commented May 30, 2020

No description provided.

str4d added 3 commits May 31, 2020 08:22
@str4d
group: Remove CurveProjective::Base and CurveAffine::Base
5a40a0f 
These associated types were completly unused. The only place we need
information about the base field of an elliptic curve is inside Jubjub
when operating over its coordinates to implement EC math inside the
circuit, and we can handle that either concretely, or with a future
trait specifically for that use-case.
@str4d
pairing: Remove Engine::Fq and Engine::Fqe
534c993 
These are unused now that the Base associated types have been removed
from the group traits.
@str4d
pairing: Separate associated types for MillerLoopResult and Gt
c8bf2e9
@str4d str4d requested a review from ebfull May 30, 2020 20:30
str4d added 3 commits May 31, 2020 08:34
@str4d
pairing: Move final_exponentiation into a MillerLoopResult trait
57bb18c
@str4d
pairing: Pass affine references to Engine::pairing
da2e638
@str4d
pairing: Extract Engine::miller_loop into a MultiMillerLoop trait
b9d6df9 
This enables MultiMillerLoop to be conditionally implemented, for
example in libraries where Engine::pairing supports no-std, but
MultiMillerLoop requires an allocator.
@str4d str4d force-pushed the pairing-refactor branch from ffc94db to b9d6df9 Compare May 30, 2020 20:35
str4d
str4d commented May 30, 2020
View reviewed changes
pairing/src/lib.rs Outdated
@@ -23,14 +23,13 @@ pub mod bls12_381;
use core::ops::Mul;
use ff::{Field, PrimeField, ScalarEngine};
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The lint here is expected; it will be resolved when both this PR and #237 have been merged.

@codecov
Copy link

codecov bot commented May 30, 2020
edited
Loading

Codecov Report

Merging #238 into master will decrease coverage by 30.12%.
The diff coverage is 0.00%.

Impacted file tree graph

@@             Coverage Diff             @@
##           master     #238       +/-   ##
===========================================
- Coverage   65.43%   35.31%   -30.13%     
===========================================
  Files         105       93       -12     
  Lines       14936    11246     -3690     
===========================================
- Hits         9774     3971     -5803     
- Misses       5162     7275     +2113
Impacted Files Coverage Δ
bellman/src/groth16/mod.rs 0.00% <ø> (-66.23%) ⬇️
bellman/src/groth16/tests/dummy_engine.rs 0.00% <0.00%> (-7.79%) ⬇️
pairing/src/bls12_381/ec.rs 0.00% <0.00%> (-73.20%) ⬇️
pairing/src/bls12_381/mod.rs 0.00% <0.00%> (-62.04%) ⬇️
bellman/src/groth16/generator.rs 0.00% <0.00%> (-89.23%) ⬇️
bellman/src/gadgets/sha256.rs 0.00% <0.00%> (-86.67%) ⬇️
bellman/tests/mimc.rs 0.00% <0.00%> (-85.19%) ⬇️
bellman/src/groth16/prover.rs 0.00% <0.00%> (-85.13%) ⬇️
bellman/src/multiexp.rs 0.00% <0.00%> (-81.82%) ⬇️
zcash_history/src/node_data.rs 0.00% <0.00%> (-77.07%) ⬇️
... and 47 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5ff8562...03f0862. Read the comment docs.

daira
daira reviewed Jun 1, 2020
View reviewed changes
pairing/src/lib.rs
/// function.
///
/// `MillerLoopResult`s cannot be compared with each other until
/// [`MillerLoopResult::final_exponentiation`] is called, which is also expensive.
Copy link
Contributor

@daira daira Jun 1, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment suggests that calling final_exponentiation on each of two MillerLoopResults is the preferred way to compare them. Even if you can't rewrite to a single multi_miller_loop, it's still more efficient to conjugate one of the loop results, multiply by the other, apply a single final exponentiation, and compare to the identity in Gt. So it might be worth exposing a std::cmp::Eq implemention that does that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would make equality-checking very expensive, which would be very non-obvious in a == b usage.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's fine as long as it's documented. But it doesn't block this PR, anyway.

daira
daira approved these changes Jun 1, 2020
View reviewed changes
Copy link
Contributor

@daira daira left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

@str4d
pairing: Move PairingCurveAffine::Prepared to MultiMillerLoop trait
03f0862 
Prepared elements are only used by MultiMillerLoop, and we don't need
the ability to "prepare" G1 elements there.
@str4d str4d force-pushed the pairing-refactor branch from d1b7a3b to 03f0862 Compare June 3, 2020 08:50
@str4d str4d added this to the Core Sprint 2020-21 milestone Jun 3, 2020
@str4d str4d merged commit 4e685a8 into zcash:master Jun 16, 2020
@str4d str4d deleted the pairing-refactor branch June 16, 2020 21:49
@str4d str4d mentioned this pull request Jun 16, 2020
Merged
@str4d str4d mentioned this pull request Jun 26, 2020
Closed
@ebfull ebfull mentioned this pull request Jun 26, 2020
Closed
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daira daira daira approved these changes

@ebfull ebfull ebfull approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Core Sprint 2020-23
Development

Successfully merging this pull request may close these issues.
4 participants
@str4d @daira @ebfull @r3ld3v