Optimize a bit further, removing some double operations

lambdaclass · Apr 20, 2024 · 18c2fb0 · 18c2fb0
1 parent 70386c4
commit 18c2fb0
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/precompiles/EcPairing.yul b/precompiles/EcPairing.yul
@@ -459,6 +459,21 @@ object "EcPairing" {
                 ny0, ny1 := fp2Neg(y0, y1)
             }
 
+            /// @notice Negates a G2 point in Jacobian coordinates.
+            /// @dev The coordinates are encoded in Montgomery form.
+            /// @dev The negation of a point (x, y, z) is (x, -y, z).
+            /// @param x0, x1 The x coordinate of the point.
+            /// @param y0, y1 The y coordinate of the point.
+            /// @param z0, z1 The z coordinate of the point.
+            /// @return nx0, nx1, ny0, ny1, nz0, nz1 The coordinates of the negated point.
+            function g2JacobianNeg(x0, x1, y0, y1, z0, z1) -> nx0, nx1, ny0, ny1, nz0, nz1 {
+                nx0 := x0
+                nx1 := x1
+                ny0, ny1 := fp2Neg(y0, y1)
+                nz0 := z0
+                nz1 := z1
+            }
+
             /// @notice Constant function for the alt_bn128 returning `(xi)^ ((N - 1) // 2)`. Where `xi` is D-type twist param.
             /// @dev See https://eprint.iacr.org/2022/352.pdf (2 Preliminaries) for further details.
             /// @return ret Twisted curve `xi2 = (xi)^ ((N - 1) // 2)` value in Montgomery form.
@@ -479,9 +494,7 @@ object "EcPairing" {
             /// @dev The given G2 point is in affine coordinates and Montgomery Form.
             /// @return ret G2 Point multiplied by X in Montgomery Form.
             function g2TimesXNAF(pa00, pa01, pa10, pa11) -> q00, q01, q10, q11, q20, q21 {
-                let pan00, pan01, pan10, pan11 := g2AffineNeg(pa00, pa01, pa10, pa11)
                 let p00, p01, p10, p11, p20, p21 := g2ProjectiveFromAffine(pa00, pa01, pa10, pa11)
-                let pn00, pn01, pn10, pn11, pn20, pn21 := g2ProjectiveFromAffine(pan00, pan01, pan10, pan11)
 
                 q00, q01, q10, q11, q20, q21 := G2_INFINITY()
 
@@ -496,11 +509,11 @@ object "EcPairing" {
 
                     // naf digit = -1
                     if and(naf, 2) {
+                        let pn00, pn01, pn10, pn11, pn20, pn21 := g2JacobianNeg(p00, p01, p10, p11, p20, p21)
                         q00, q01, q10, q11, q20, q21 := g2JacobianAdd(q00, q01, q10, q11, q20, q21, pn00, pn01, pn10, pn11, pn20, pn21)
                     }
 
                     p00, p01, p10, p11, p20, p21 := g2JacobianDouble(p00, p01, p10, p11, p20, p21)
-                    pn00, pn01, pn10, pn11, pn20, pn21 := g2JacobianDouble(pn00, pn01, pn10, pn11, pn20, pn21)
 
                     naf := shr(2, naf)
                 }