Closed snjax closed 4 years ago
https://github.com/paritytech/bn/blob/master/src/groups/mod.rs#L108 The check is here. I have seen no the same checks in bellman_ce, go-ethereum, and ethereumj. But parity-ethereum (openethereum) is still using this costly check.
Obviously, we should not check the subgroup for G1 at the prime order curve. What about checking G2 subgroup before pairing?
https://github.com/paritytech/bn/blob/master/src/groups/mod.rs#L108 The check is here. I have seen no the same checks in bellman_ce, go-ethereum, and ethereumj. But parity-ethereum (openethereum) is still using this costly check.
Obviously, we should not check the subgroup for G1 at the prime order curve. What about checking G2 subgroup before pairing?