ark_r1cs_std/pairing/
mod.rs

1use crate::{convert::ToBytesGadget, prelude::*};
2use ark_ec::pairing::Pairing;
3use ark_relations::r1cs::SynthesisError;
4use core::fmt::Debug;
5
6/// This module implements pairings for BLS12 bilinear groups.
7pub mod bls12;
8/// This module implements pairings for MNT4 bilinear groups.
9pub mod mnt4;
10/// This module implements pairings for MNT6 bilinear groups.
11pub mod mnt6;
12
13type BasePrimeField<E> = <<E as Pairing>::BaseField as ark_ff::Field>::BasePrimeField;
14
15/// Specifies the constraints for computing a pairing in the yybilinear group
16/// `E`.
17pub trait PairingVar<E: Pairing> {
18    /// An variable representing an element of `G1`.
19    /// This is the R1CS equivalent of `E::G1Projective`.
20    type G1Var: CurveVar<E::G1, BasePrimeField<E>>;
21
22    /// An variable representing an element of `G2`.
23    /// This is the R1CS equivalent of `E::G2Projective`.
24    type G2Var: CurveVar<E::G2, BasePrimeField<E>>;
25
26    /// An variable representing an element of `GT`.
27    /// This is the R1CS equivalent of `E::GT`.
28    type GTVar: FieldVar<E::TargetField, BasePrimeField<E>>;
29
30    /// An variable representing cached precomputation  that can speed up
31    /// pairings computations. This is the R1CS equivalent of
32    /// `E::G1Prepared`.
33    type G1PreparedVar: ToBytesGadget<BasePrimeField<E>>
34        + AllocVar<E::G1Prepared, BasePrimeField<E>>
35        + Clone
36        + Debug;
37    /// An variable representing cached precomputation  that can speed up
38    /// pairings computations. This is the R1CS equivalent of
39    /// `E::G2Prepared`.
40    type G2PreparedVar: ToBytesGadget<BasePrimeField<E>>
41        + AllocVar<E::G2Prepared, BasePrimeField<E>>
42        + Clone
43        + Debug;
44
45    /// Computes a multi-miller loop between elements
46    /// of `p` and `q`.
47    fn miller_loop(
48        p: &[Self::G1PreparedVar],
49        q: &[Self::G2PreparedVar],
50    ) -> Result<Self::GTVar, SynthesisError>;
51
52    /// Computes a final exponentiation over `p`.
53    fn final_exponentiation(p: &Self::GTVar) -> Result<Self::GTVar, SynthesisError>;
54
55    /// Computes a pairing over `p` and `q`.
56    #[tracing::instrument(target = "r1cs")]
57    fn pairing(
58        p: Self::G1PreparedVar,
59        q: Self::G2PreparedVar,
60    ) -> Result<Self::GTVar, SynthesisError> {
61        let tmp = Self::miller_loop(&[p], &[q])?;
62        Self::final_exponentiation(&tmp)
63    }
64
65    /// Computes a product of pairings over the elements in `p` and `q`.
66    #[must_use]
67    #[tracing::instrument(target = "r1cs")]
68    fn product_of_pairings(
69        p: &[Self::G1PreparedVar],
70        q: &[Self::G2PreparedVar],
71    ) -> Result<Self::GTVar, SynthesisError> {
72        let miller_result = Self::miller_loop(p, q)?;
73        Self::final_exponentiation(&miller_result)
74    }
75
76    /// Performs the precomputation to generate `Self::G1PreparedVar`.
77    fn prepare_g1(q: &Self::G1Var) -> Result<Self::G1PreparedVar, SynthesisError>;
78
79    /// Performs the precomputation to generate `Self::G2PreparedVar`.
80    fn prepare_g2(q: &Self::G2Var) -> Result<Self::G2PreparedVar, SynthesisError>;
81}