Open paulmillr opened 3 weeks ago
paulmillr
commented
3 weeks ago 
holgerd77
commented
1 week ago We are currently looking into replacing our rustbn-wasm build with this library for the bn254 (bn128) ADD, MUL, PAIRING precompiles from EIP-196 and EIP-197, so I agree that adding support for "bn254 g2, bn254 pairing" would be great idea! (respectively pretty valuable to us)
holgerd77
commented
1 week ago (side question: do you think we could use Noble for the BLS precompiles (so https://eips.ethereum.org/EIPS/eip-2537 ?)
paulmillr
commented
1 week ago Yes, bls precompiles are ok.
bn254 will need to be added
paulmillr
commented
1 week ago @holgerd77 the performance would be decreased compared to wasm. For example, bls12 does 100 pairings/sec on fast mac. For comparison, ETH can do 4000 signatures/sec on the same cpu. Your current rustbn wasm solution is likely several times faster.
How constrained are you in terms of performance?
holgerd77
commented
1 week ago Cool!
For BLS I've compiled down the following list of potential function mappings, if you have something to add:
mcl.add -> bls12_381.fields.Fp.add
mcl.mul -> bls12_381.fields.Fp.mul
mcl.mulVec -> ? (bls12_381.fields.Fp.mulN ?)
mcl.millerLoop -> bls12_381.millerLoop
mcl.finalExp -> ?
mcl.G1/G2 -> bls12_381.G1/G2
mcl.Fp(2) -> bls12_381.fields.Fp (2)
mcl.verifyOrderG1/G2 -> bls12_381.G1.isWithinCurveOrderWe will go our "classic" route here, and provide the JS implementation as default and then let people opt-in (dependency-inect) WASM if they want to.
Actually with the pairing and if we could replace bn254 we would be completely "WASM free" for the EVM which would be a pretty big deal! 🤩
paulmillr
commented
1 week ago I will make it a priority then.
holgerd77
commented
1 week ago Great to hear (if you need financial support for this let me know)! 🙏 🤩