I created an add_or_double() function because the regular add() assumes that p != q (I will add a docstring documenting this properly). This is roughly equivalent to circom-pairing's EllipticCurveAdd, but doing what gnark's AddUnified does instead should be more efficient. This might be left for a future constraint-optimization PR though.
wwared
commented
8 months ago
Still heavily WIP. Logic based mostly from
circom-pairing's bls12_381_hash_to_G2.circom with help frombls12_381's map_g2.rs.What's working so far (with tests):
psi()andpsi2()clear_cofactor()assert_subgroup_check()for G2scalar_mul_by_seed_square()for G1iso3_map()sgn0()opt_simple_swu2()map_to_g2()To finish:
assert_is_on_curve()for both G1 and G2phi()andassert_subgroup_check()for G1I created an
add_or_double()function because the regularadd()assumes thatp != q(I will add a docstring documenting this properly). This is roughly equivalent tocircom-pairing'sEllipticCurveAdd, but doing what gnark'sAddUnifieddoes instead should be more efficient. This might be left for a future constraint-optimization PR though.