From 0a4fda1d21ac454aea6ef24da96f794a94d4c3c1 Mon Sep 17 00:00:00 2001 From: Charles Edward Gagnon Date: Sun, 2 Nov 2025 21:08:23 -0500 Subject: [PATCH 1/3] fix: MillerLoopResult type --- rust-toolchain | 1 - src/pairing.rs | 46 +++++++++++++++++++++++++++++++++++++--------- 2 files changed, 37 insertions(+), 10 deletions(-) delete mode 100644 rust-toolchain diff --git a/rust-toolchain b/rust-toolchain deleted file mode 100644 index af92bdd..0000000 --- a/rust-toolchain +++ /dev/null @@ -1 +0,0 @@ -1.63.0 diff --git a/src/pairing.rs b/src/pairing.rs index 6d51899..c1c5898 100644 --- a/src/pairing.rs +++ b/src/pairing.rs @@ -5,15 +5,17 @@ use subtle::{Choice, ConditionallySelectable}; use blst::*; -/// Execute a complete pairing operation `(p, q)`. -pub fn pairing(p: &G1Affine, q: &G2Affine) -> Gt { +/// Execute a Miller loop operation `(p, q)`, which is the first part of the +/// full [`pairing`] operation. +pub fn miller_loop(p: &G1Affine, q: &G2Affine) -> MillerLoopResult { let mut tmp = blst_fp12::default(); unsafe { blst_miller_loop(&mut tmp, &q.0, &p.0) }; + MillerLoopResult(Fp12(tmp)) +} - let mut out = blst_fp12::default(); - unsafe { blst_final_exp(&mut out, &tmp) }; - - Gt(Fp12(out)) +/// Execute a complete pairing operation `(p, q)`. +pub fn pairing(p: &G1Affine, q: &G2Affine) -> Gt { + miller_loop(p, q).final_exponentiation() } macro_rules! impl_pairing { @@ -146,12 +148,38 @@ pub fn unique_messages(msgs: &[&[u8]]) -> bool { } /// Represents results of a Miller loop, one of the most expensive portions -/// of the pairing function. `MillerLoopResult`s cannot be compared with each -/// other until `.final_exponentiation()` is called, which is also expensive. -#[derive(Copy, Clone, Debug, PartialEq, Eq)] +/// of the pairing function. +/// +/// `MillerLoopResult`s can't be compared together numerically for equality. However, two +/// `MillerLoopResult`s can be compared with [`MillerLoopResult::final_verify`], which is +/// faster than performing [`MillerLoopResult::final_exponentiation`] on both and then comparing +/// the results. +#[derive(Copy, Clone, Debug)] #[repr(transparent)] pub struct MillerLoopResult(pub(crate) Fp12); +impl MillerLoopResult { + /// Perform the final exponentiation to convert the Miller loop result + /// into a full pairing result. + pub fn final_exponentiation(&self) -> Gt { + let mut out = blst_fp12::default(); + unsafe { blst_final_exp(&mut out, &self.0.0) }; + Gt(Fp12(out)) + } + + pub fn final_verify(&self, other: &MillerLoopResult) -> bool { + unsafe { blst::blst_fp12_finalverify(&self.0.0, &other.0.0) } + } +} + +impl PartialEq for MillerLoopResult { + fn eq(&self, other: &Self) -> bool { + self.final_verify(other) + } +} + +impl Eq for MillerLoopResult {} + impl ConditionallySelectable for MillerLoopResult { fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { MillerLoopResult(Fp12::conditional_select(&a.0, &b.0, choice)) From 901520130c7146dc20ac72f46657ceefeaf0a632 Mon Sep 17 00:00:00 2001 From: Charles Edward Gagnon Date: Sun, 2 Nov 2025 21:16:17 -0500 Subject: [PATCH 2/3] fix: restore accidently removed rust-toolchain file --- rust-toolchain | 1 + 1 file changed, 1 insertion(+) create mode 100644 rust-toolchain diff --git a/rust-toolchain b/rust-toolchain new file mode 100644 index 0000000..af92bdd --- /dev/null +++ b/rust-toolchain @@ -0,0 +1 @@ +1.63.0 From 9579c76abcd680eee55d7104d4d268c05c798fcd Mon Sep 17 00:00:00 2001 From: Charles Edward Gagnon Date: Sun, 2 Nov 2025 21:20:32 -0500 Subject: [PATCH 3/3] remove `Eq` impl as it may not be sound --- src/pairing.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/pairing.rs b/src/pairing.rs index c1c5898..58bef27 100644 --- a/src/pairing.rs +++ b/src/pairing.rs @@ -178,8 +178,6 @@ impl PartialEq for MillerLoopResult { } } -impl Eq for MillerLoopResult {} - impl ConditionallySelectable for MillerLoopResult { fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self { MillerLoopResult(Fp12::conditional_select(&a.0, &b.0, choice))