use super::Params;
use crate::arithmetic::{best_multiexp, parallelize, CurveAffine};
use ff::Field;
use group::Group;
#[derive(Debug, Clone)]
pub struct MSM<'a, C: CurveAffine> {
pub(crate) params: &'a Params<C>,
g_scalars: Option<Vec<C::Scalar>>,
w_scalar: Option<C::Scalar>,
u_scalar: Option<C::Scalar>,
other_scalars: Vec<C::Scalar>,
other_bases: Vec<C>,
}
impl<'a, C: CurveAffine> MSM<'a, C> {
pub fn new(params: &'a Params<C>) -> Self {
let g_scalars = None;
let w_scalar = None;
let u_scalar = None;
let other_scalars = vec![];
let other_bases = vec![];
MSM {
params,
g_scalars,
w_scalar,
u_scalar,
other_scalars,
other_bases,
}
}
pub fn add_msm(&mut self, other: &Self) {
self.other_scalars.extend(other.other_scalars.iter());
self.other_bases.extend(other.other_bases.iter());
if let Some(g_scalars) = &other.g_scalars {
self.add_to_g_scalars(g_scalars);
}
if let Some(w_scalar) = &other.w_scalar {
self.add_to_w_scalar(*w_scalar);
}
if let Some(u_scalar) = &other.u_scalar {
self.add_to_u_scalar(*u_scalar);
}
}
pub fn append_term(&mut self, scalar: C::Scalar, point: C) {
self.other_scalars.push(scalar);
self.other_bases.push(point);
}
pub fn add_constant_term(&mut self, constant: C::Scalar) {
if let Some(g_scalars) = self.g_scalars.as_mut() {
g_scalars[0] += &constant;
} else {
let mut g_scalars = vec![C::Scalar::zero(); self.params.n as usize];
g_scalars[0] += &constant;
self.g_scalars = Some(g_scalars);
}
}
pub fn add_to_g_scalars(&mut self, scalars: &[C::Scalar]) {
assert_eq!(scalars.len(), self.params.n as usize);
if let Some(g_scalars) = &mut self.g_scalars {
parallelize(g_scalars, |g_scalars, start| {
for (g_scalar, scalar) in g_scalars.iter_mut().zip(scalars[start..].iter()) {
*g_scalar += scalar;
}
})
} else {
self.g_scalars = Some(scalars.to_vec());
}
}
pub fn add_to_w_scalar(&mut self, scalar: C::Scalar) {
self.w_scalar = self.w_scalar.map_or(Some(scalar), |a| Some(a + &scalar));
}
pub fn add_to_u_scalar(&mut self, scalar: C::Scalar) {
self.u_scalar = self.u_scalar.map_or(Some(scalar), |a| Some(a + &scalar));
}
pub fn scale(&mut self, factor: C::Scalar) {
if let Some(g_scalars) = &mut self.g_scalars {
parallelize(g_scalars, |g_scalars, _| {
for g_scalar in g_scalars {
*g_scalar *= &factor;
}
})
}
if !self.other_scalars.is_empty() {
parallelize(&mut self.other_scalars, |other_scalars, _| {
for other_scalar in other_scalars {
*other_scalar *= &factor;
}
})
}
self.w_scalar = self.w_scalar.map(|a| a * &factor);
self.u_scalar = self.u_scalar.map(|a| a * &factor);
}
pub fn eval(self) -> bool {
let len = self.g_scalars.as_ref().map(|v| v.len()).unwrap_or(0)
+ self.w_scalar.map(|_| 1).unwrap_or(0)
+ self.u_scalar.map(|_| 1).unwrap_or(0)
+ self.other_scalars.len();
let mut scalars: Vec<C::Scalar> = Vec::with_capacity(len);
let mut bases: Vec<C> = Vec::with_capacity(len);
scalars.extend(&self.other_scalars);
bases.extend(&self.other_bases);
if let Some(w_scalar) = self.w_scalar {
scalars.push(w_scalar);
bases.push(self.params.w);
}
if let Some(u_scalar) = self.u_scalar {
scalars.push(u_scalar);
bases.push(self.params.u);
}
if let Some(g_scalars) = &self.g_scalars {
scalars.extend(g_scalars);
bases.extend(self.params.g.iter());
}
assert_eq!(scalars.len(), len);
bool::from(best_multiexp(&scalars, &bases).is_identity())
}
}