fix: DoublePairFixedQ with different inputs

Consensys · Oct 23, 2023 · 4937e78 · 4937e78
1 parent 9122010
commit 4937e78
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 16 deletions.
diff --git a/std/algebra/emulated/sw_bw6761/pairing.go b/std/algebra/emulated/sw_bw6761/pairing.go
@@ -617,12 +617,12 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P [2]*G1Affine, Q *G2Affine) (*GTEl, er
 			accQ, l0, l1 = pr.doubleAndAddStep(accQ, imQneg)
 			l0 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l0.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l0.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l0.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l0.R1, &l0.R0)
 			l1 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l1.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l1.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l1.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l1.R1, &l1.R0)
 
@@ -639,12 +639,12 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P [2]*G1Affine, Q *G2Affine) (*GTEl, er
 			accQ, l0, l1 = pr.doubleAndAddStep(accQ, negQ)
 			l0 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l0.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l0.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l0.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l0.R1, &l0.R0)
 			l1 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l1.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l1.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l1.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l1.R1, &l1.R0)
 
@@ -661,7 +661,7 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P [2]*G1Affine, Q *G2Affine) (*GTEl, er
 			accQ, l0 = pr.doubleStep(accQ)
 			l0 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l0.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l0.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l0.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l0.R1, &l0.R0)
 
@@ -674,12 +674,12 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P [2]*G1Affine, Q *G2Affine) (*GTEl, er
 			accQ, l0, l1 = pr.doubleAndAddStep(accQ, Q)
 			l0 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l0.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l0.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l0.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l0.R1, &l0.R0)
 			l1 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l1.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l1.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l1.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l1.R1, &l1.R0)
 
@@ -696,12 +696,12 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P [2]*G1Affine, Q *G2Affine) (*GTEl, er
 			accQ, l0, l1 = pr.doubleAndAddStep(accQ, imQ)
 			l0 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l0.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l0.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l0.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l0.R1, &l0.R0)
 			l1 = &lineEvaluation{
 				R0: *pr.curveF.MulMod(&l1.R0, xNegOverY[1]),
-				R1: *pr.curveF.MulMod(&l1.R1, yInv[0]),
+				R1: *pr.curveF.MulMod(&l1.R1, yInv[1]),
 			}
 			result = pr.MulBy014(result, &l1.R1, &l1.R0)
 
@@ -732,7 +732,7 @@ func (pr Pairing) DoubleMillerLoopFixedQ(P [2]*G1Affine, Q *G2Affine) (*GTEl, er
 	l0 = pr.tangentCompute(accQ)
 	l0 = &lineEvaluation{
 		R0: *pr.curveF.MulMod(&l0.R0, xNegOverY[1]),
-		R1: *pr.curveF.MulMod(&l0.R1, yInv[0]),
+		R1: *pr.curveF.MulMod(&l0.R1, yInv[1]),
 	}
 	result = pr.MulBy014(result, &l0.R1, &l0.R0)
 	// fixed-argument

diff --git a/std/algebra/emulated/sw_bw6761/pairing_test.go b/std/algebra/emulated/sw_bw6761/pairing_test.go
@@ -240,13 +240,14 @@ func (c *DoublePairFixedCircuit) Define(api frontend.API) error {
 
 func TestDoublePairFixedTestSolve(t *testing.T) {
 	assert := test.NewAssert(t)
-	p, q := randomG1G2Affines()
+	p1, q := randomG1G2Affines()
+	p2, _ := randomG1G2Affines()
 	_, _, _, G2AffGen := bw6761.Generators()
-	res, err := bw6761.Pair([]bw6761.G1Affine{p, p}, []bw6761.G2Affine{q, G2AffGen})
+	res, err := bw6761.Pair([]bw6761.G1Affine{p1, p2}, []bw6761.G2Affine{G2AffGen, q})
 	assert.NoError(err)
 	witness := DoublePairFixedCircuit{
-		In1G1: NewG1Affine(p),
-		In2G1: NewG1Affine(p),
+		In1G1: NewG1Affine(p1),
+		In2G1: NewG1Affine(p2),
 		In1G2: NewG2Affine(q),
 		Res:   NewGTEl(res),
 	}

diff --git a/std/algebra/emulated/sw_bw6761/precomputations.go b/std/algebra/emulated/sw_bw6761/precomputations.go
@@ -9,8 +9,8 @@ import (
 // precomputed lines going through Q and multiples of Q
 // where Q is the fixed canonical generator of G2
 //
-// Q.X = 0x
-// Q.Y = 0x
+// Q.X = 0x110133241d9b816c852a82e69d660f9d61053aac5a7115f4c06201013890f6d26b41c5dab3da268734ec3f1f09feb58c5bbcae9ac70e7c7963317a300e1b6bace6948cb3cd208d700e96efbc2ad54b06410cf4fe1bf995ba830c194cd025f1c
+// Q.Y = 0x17c3357761369f8179eb10e4b6d2dc26b7cf9acec2181c81a78e2753ffe3160a1d86c80b95a59c94c97eb733293fef64f293dbd2c712b88906c170ffa823003ea96fcd504affc758aa2d3a3c5a02a591ec0594f9eac689eb70a16728c73b61
 
 type baseEl = emulated.Element[emulated.BW6761Fp]