Function fawkes_crypto_phase2::utils::merge_pairs

pub fn merge_pairs<G: CurveAffine>(v1: &[G], v2: &[G]) -> (G, G)

Computes a random linear combination over v1/v2.

Checking that many pairs of elements are exponentiated by the same x can be achieved (with high probability) with the following technique:

Given v1 = [a, b, c] and v2 = [as, bs, cs], compute (ar1 + br2 + c*r3, (as)*r1 + (bs)*r2 + (cs)*r3) for some random r1, r2, r3. Given (g, g^s)...

e(g, (as)r1 + (bs)r2 + (cs)r3) = e(g^s, ar1 + br2 + cr3)

... with high probability.