-
Notifications
You must be signed in to change notification settings - Fork 400
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: added HashToG2 and BLS G2 signature verification circuit for BLS12-381 #1040
base: master
Are you sure you want to change the base?
Conversation
revised G2.addUnified function based on the Brier and Joye algorithm
fixed G2.sgn0 function and associated unit tests for BLS12-381
L'et also make it a draft for now as I have a related pending question here: #1041 The background is that I want to ensure that the |
Hi @weijiguo, thank you for this contribution! this is a great work! As you would imagine, it takes a bit of time to review all of this. But it's definitely a great PR that we are looking to merge. |
Hi @yelhousni @ivokub now that we have the 0.11 version. Can you spare some time to review yet? Really appreciate your time among your tight schedule. |
static check fails due to needing to merge Consensys/gnark-crypto#481 first |
Hi @weijiguo - actually I started reviewing the PR about a month ago, but then realized it would require a bit of work to understand completely and postponed. But indeed, it would be a great addition and it would be good to review. I'll retry again soon, hopefully being more successful. For example - the first issue I encountered with Consensys/gnark-crypto#481 is that it is implemented only for the BLS12-381 in the code generated path, so would have to add to the code generation. And I think exposing the individual method may overload the |
@ivokub Understood. Thanks again. |
Description
This PR implemented circuit for
HashToG2
and BLS G2 signature verification for the BLS12-381 curve. The implementation is based on affine coordinations.Along with the said functionalities, it also added
G2.addUnified(p, q)
function which can handle the case thatp == q
. And as an optimization, it also adopted a new hint to calculate thesqrtRatio
function with the gnark-crypto library to save constraints. Therefore this PR depends on an update to gnark-cryptoFixes # (issue)
#648
Type of change
How has this been tested?
Added unit tests to cover:
How has this been benchmarked?
Added test cases for HashToG2. Results: 2761896 constraints with SCS and 779198 with R1CS for simple message ("abcd").
Checklist:
golangci-lint
does not output errors locally