Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Elliptic Curve Pairing

The pairing extension enables usage of the optimal Ate pairing check on the BN254 and BLS12-381 elliptic curves. The following field extension tower for \(\mathbb{F}_{p^{12}}\) is used for pairings in this crate:

$$ \mathbb{F_{p^2}} = \mathbb{F_{p}}[u]/(u^2 - \beta)\\ \mathbb{F_{p^6}} = \mathbb{F_{p^2}}[v]/(v^3 - \xi)\\ \mathbb{F_{p^{12}}} = \mathbb{F_{p^6}}[w]/(w^2 - v) $$

The main feature of the pairing extension is the pairing_check function, which asserts that a product of pairings evaluates to 1. For example, for the BLS12-381 curve,

    let res = Bls12_381::pairing_check(&[p0, -q0], &[p1, q1]);
    assert!(res.is_ok());

This asserts that \(e(p_0, q_0) e(p_1, q_1) = 1\). Naturally, this can be extended to more points by adding more elements to the arrays.

The pairing extension additionally provides field operations in \(\mathbb{F_{p^{12}}}\) for both BN254 and BLS12-381 curves where \(\mathbb{F}\) is the coordinate field.

See the pairing guest library for usage details.