G2 Curve Points for `bn254.sign()`

[mattdesl]

Thanks for this great library. Apologies if this issue is out of scope or a misunderstanding on my part (I am only just learning about ECC).

I'm trying to use bn254 so that the outputs of my JS program can be fed into an EVM contract that is verified through currently supported precompiles.

I have an example working below: https://gist.github.com/mattdesl/f1554460fb1fceaed76c733778a33453

Now, all of that works beautifully, but I'm trying to find out how to also add signature verification to the contract, which I assume shouldn't be that much harder using pairing precompile 0x8. However, I can't seem to figure out how to map the message hash and signature into a G2 curve point with the functions exposed by noble/bn254—is this possible?

Here's roughly the sort of method I'd probably end up writing: https://hackmd.io/@liangcc/bls-solidity#Verify-Single

    function verifySignature(
        uint256 _sigR,
        uint256 _sigS,
        uint256 _messageHash,
        uint256 _pubKeyX,
        uint256 _pubKeyY
    ) public view returns (bool) {
        uint256[12] memory input = [
            /* TODO */
        ];
        uint256[1] memory out;
        bool success;
        // solium-disable-next-line security/no-inline-assembly
        assembly {
            success := staticcall(sub(gas(), 2000), 8, input, 384, out, 0x20)
            switch success
                case 0 {
                    invalid()
                }
        }
        require(success, "");
        return out[0] != 0;
    }

[paulmillr]

we don't support bn254 pairings or g2 for now

70