Allow usage of MillerLoopResult independently of the builtin apis

zkcrypto / bls12_381

Implementation of the BLS12-381 pairing-friendly elliptic curve group

Other

284 stars 171 forks source link

Allow usage of MillerLoopResult independently of the builtin apis #67

Closed dignifiedquire closed 2 years ago

dignifiedquire commented 3 years ago

In the former implementation of pairing it was possible to use Fp12 directly to work with the intermediary results of miller loops, before doing the final accumulation. With the new API of MillerLoopResult and Gt this is impossible.

You can see an example of this here: https://github.com/filecoin-project/bls-signatures/blob/master/src/signature.rs#L158-L208, which I am trying to migrate to this crate.

dignifiedquire commented 3 years ago

Actually most of it is possible, I am just missing a way to create an empty MillerLoopResult I realized, so just implementing Default for it would probably be enough for my use case.

str4d commented 2 years ago

Yeah, impl Default for MillerLoopResult seems reasonable to me. Though now that Iterator::reduce is available (which doesn't require an initial accumulator value), is this necessary?