Skip to content

Commit

Permalink
Merge pull request a16z#426 from imikushin/hyperkzg-speedup-pairing-c…
Browse files Browse the repository at this point in the history
…heck

KZG, HyperKZG: speedup pairing checks
  • Loading branch information
moodlezoup authored Jul 23, 2024
2 parents 4afd7ef + 56ffdfe commit 1f9ca2d
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 8 deletions.
5 changes: 4 additions & 1 deletion jolt-core/src/poly/commitment/hyperkzg.rs
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,7 @@ where
let R = W[0] + W[1] * d_0 + W[2] * d_1;

// Check that e(L, vk.H) == e(R, vk.tau_H)
(P::pairing(L, vk.kzg_vk.g2)) == (P::pairing(R, vk.kzg_vk.beta_g2))
P::multi_pairing([L, -R], [vk.kzg_vk.g2, vk.kzg_vk.beta_g2]).is_zero()
}

#[derive(Clone)]
Expand Down Expand Up @@ -333,6 +333,9 @@ where
polys.push(Pi);
}

assert_eq!(polys.len(), ell);
assert_eq!(polys[ell - 1].len(), 2);

// We do not need to commit to the first polynomial as it is already committed.
// Compute commitments in parallel
let com: Vec<P::G1Affine> = (1..polys.len())
Expand Down
16 changes: 9 additions & 7 deletions jolt-core/src/poly/commitment/kzg.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ use crate::utils::errors::ProofVerifyError;
use ark_ec::scalar_mul::fixed_base::FixedBase;
use ark_ec::{pairing::Pairing, AffineRepr, CurveGroup};
use ark_ff::PrimeField;
use ark_std::{One, UniformRand};
use ark_std::{One, UniformRand, Zero};
use rand_core::{CryptoRng, RngCore};
use std::marker::PhantomData;
use std::sync::Arc;
Expand Down Expand Up @@ -188,12 +188,14 @@ where
proof: &P::G1Affine,
evaluation: &P::ScalarField,
) -> Result<bool, ProofVerifyError> {
let lhs = P::pairing(
commitment.into_group() - vk.g1.into_group() * evaluation,
vk.g2,
);
let rhs = P::pairing(proof, vk.beta_g2.into_group() - (vk.g2 * point));
Ok(lhs == rhs)
Ok(P::multi_pairing(
[
commitment.into_group() - vk.g1.into_group() * evaluation,
-proof.into_group(),
],
[vk.g2, (vk.beta_g2.into_group() - (vk.g2 * point)).into()],
)
.is_zero())
}
}

Expand Down

0 comments on commit 1f9ca2d

Please sign in to comment.