airbender_crypto/bls12_381/
mod.rs

1pub mod consts;
2pub mod curves;
3pub mod eip2537;
4pub mod fields;
5
6pub use self::curves::{g1, g2, G1Affine, G1Projective, G2Affine, G2Projective};
7pub use self::fields::{Fq, Fq12, Fq2, Fq6, Fr};
8
9pub(crate) use self::curves::util;
10
11use crate::ark_ec::pairing::Pairing;
12use crate::ark_ec::AffineRepr;
13use crate::ark_ff::{Field, PrimeField};
14use consts::{G2_BY_TAU_POINT, PREPARED_G2_GENERATOR};
15
16#[inline(always)]
17pub fn verify_kzg_proof(
18    commitment: G1Affine,
19    proof: G1Affine,
20    z: <Fr as PrimeField>::BigInt,
21    y: <Fr as PrimeField>::BigInt,
22) -> bool {
23    // e(y - P, G₂) * e(proof, X - z) == 1
24    let mut y_minus_p = G1Affine::generator().mul_bigint(&y);
25    y_minus_p -= &commitment;
26
27    let mut g2_el: G2Projective = G2_BY_TAU_POINT.into();
28    let z_in_g2 = G2Affine::generator().mul_bigint(&z);
29    g2_el -= z_in_g2;
30
31    use crate::ark_ec::CurveGroup;
32    let y_minus_p_prepared: G1Affine = y_minus_p.into_affine();
33    let g2_el: <curves::Bls12_381 as Pairing>::G2Prepared = g2_el.into_affine().into();
34
35    let gt_el = curves::Bls12_381::multi_pairing(
36        [y_minus_p_prepared, proof],
37        [PREPARED_G2_GENERATOR.clone(), g2_el],
38    );
39    gt_el.0 == <curves::Bls12_381 as Pairing>::TargetField::ONE
40}
airbender_crypto/bls12_381/mod.rs

airbender_crypto/bls12_381/
mod.rs
