Merge pull request #220 from Zokrates/update-G2-lib

Update G2 library
2025-09-23 20:28:36 +00:00 · 2019-02-01 17:43:19 +01:00 · 2019-02-01 17:43:19 +01:00 · e7a943dbf9
commit e7a943dbf9
parent 718158717f 00dbb650c9
1 changed files with 52 additions and 22 deletions
--- a/zokrates_core/src/proof_system/utils.rs
+++ b/zokrates_core/src/proof_system/utils.rs
@ -220,10 +220,45 @@ library BN256G2 {
        uint256, uint256,
        uint256, uint256
    ) {
        if (
            pt1xx == 0 && pt1xy == 0 &&
            pt1yx == 0 && pt1yy == 0
        ) {
            if (!(
                pt2xx == 0 && pt2xy == 0 &&
                pt2yx == 0 && pt2yy == 0
            )) {
                assert(_isOnCurve(
                    pt2xx, pt2xy,
                    pt2yx, pt2yy
                ));
            }
            return (
                pt2xx, pt2xy,
                pt2yx, pt2yy
            );
        } else if (
            pt2xx == 0 && pt2xy == 0 &&
            pt2yx == 0 && pt2yy == 0
        ) {
            assert(_isOnCurve(
                pt1xx, pt1xy,
                pt1yx, pt1yy
            ));
            return (
                pt1xx, pt1xy,
                pt1yx, pt1yy
            );
        }
        assert(_isOnCurve(
            pt1xx, pt1xy,
            pt1yx, pt1yy
        ));
        assert(_isOnCurve(
            pt2xx, pt2xy,
            pt2yx, pt2yy
        ));
        uint256[6] memory pt3 = _ECTwistAddJacobian(
            pt1xx, pt1xy,
@ -258,16 +293,26 @@ library BN256G2 {
        uint256, uint256,
        uint256, uint256
    ) {
-        assert(_isOnCurve(
+        uint256 pt1zx = 1;
-            pt1xx, pt1xy,
+        if (
-            pt1yx, pt1yy
+            pt1xx == 0 && pt1xy == 0 &&
-        ));
+            pt1yx == 0 && pt1yy == 0
        ) {
            pt1xx = 1;
            pt1yx = 1;
            pt1zx = 0;
        } else {
            assert(_isOnCurve(
                pt1xx, pt1xy,
                pt1yx, pt1yy
            ));
        }
        uint256[6] memory pt2 = _ECTwistMulJacobian(
            s,
            pt1xx, pt1xy,
            pt1yx, pt1yy,
-            1,     0
+            pt1zx, 0
        );
        return _fromJacobian(
@ -374,21 +419,6 @@ library BN256G2 {
        }
    }
    function _toJacobian(
        uint256 pt1xx, uint256 pt1xy,
        uint256 pt1yx, uint256 pt1yy
    ) internal pure returns (
        uint256, uint256,
        uint256, uint256,
        uint256, uint256
    ) {
        return (
            pt1xx, pt1xy,
            pt1yx, pt1yy,
            1,     0
        );
    }
    function _fromJacobian(
        uint256 pt1xx, uint256 pt1xy,
        uint256 pt1yx, uint256 pt1yy,
@ -454,8 +484,8 @@ library BN256G2 {
                    pt3[PTYX], pt3[PTYY],
                    pt3[PTZX], pt3[PTZY]
                ) = (
-                    0, 0,
+                    1, 0,
-                    0, 0,
+                    1, 0,
                    0, 0
                );
                return;