Expand description
Batch elliptic curve algorithms based on the batch-affine principle.
The principle is the following:
Usually, affine coordinates are not used because curve operations require division, which is very inefficient. However, if one is performing a large number of curve operations at the same time, then the inverses can be computed efficiently using the batch inversion algorithm which allows you to compute the inverses for an array of elements at a cost of 3 multiplications per element.
With the reduced cost of inversion, in settings where you are computing many parallel elliptic curve operations, it is actually cheaper to use affine coordinates.
Most algorithms in this module take an argument denominators: &mut Vec<F> which
is a scratch array used for performing inversions. It is passed around to
avoid re-allocating such a scratch array within each algorithm.
Functions§
- add_
pairs_ πin_ place - affine_
shamir_ window_ table - affine_
shamir_ window_ table_ one - affine_
window_ combine - affine_
window_ πcombine_ base - affine_
window_ combine_ one - affine_
window_ πcombine_ one_ base - affine_
window_ combine_ one_ endo - Given vectors of curve points
g1andg2, compute a vector whose ith entry isg1[i] + g2[i].scale(chal.to_field(endo_coeff)) - affine_
window_ πcombine_ one_ endo_ base - Uses a batch version of Algorithm 1 of
https://eprint.iacr.org/2019/1021.pdf (on page 19) to compute
g1 + g2.scale(chal.to_field(endo_coeff)) - batch_
add_ assign - Given arrays of curve points
v0andv1dov0[i] += v1[i]for each i. - batch_
add_ πassign_ no_ branch - Given arrays of curve points
v0andv1dov0[i] += v1[i]for each i, assuming that for eachi,v0[i].x != v1[i].xso we can use the ordinary addition formula and donβt have to handle the edge cases of doubling and hitting the point at infinity. - batch_
double_ πin_ place - Double an array of curve points in-place.
- batch_
endo_ πin_ place - batch_
negate_ πin_ place - shamir_
window_ table - window_
combine - window_
shamir π