added multiple_miller_loop to alt_bn128 and configured double_miller_loop to use it

src/algebra/curves/alt_bn128/alt_bn128_pairing.cpp

@@ -418,18 +418,19 @@ alt_bn128_Fq12 alt_bn128_ate_miller_loop(const alt_bn128_ate_G1_precomp &prec_P,
     return f;
 }
 
-alt_bn128_Fq12 alt_bn128_ate_double_miller_loop(const alt_bn128_ate_G1_precomp &prec_P1,
-                                     const alt_bn128_ate_G2_precomp &prec_Q1,
-                                     const alt_bn128_ate_G1_precomp &prec_P2,
-                                     const alt_bn128_ate_G2_precomp &prec_Q2)
-{
-    enter_block("Call to alt_bn128_ate_double_miller_loop");
 
-    alt_bn128_Fq12 f = alt_bn128_Fq12::one();
+alt_bn128_Fq12 alt_bn128_ate_multiple_miller_loop(
+    const std::initializer_list<std::pair<
+        const alt_bn128_ate_G1_precomp&,
+        const alt_bn128_ate_G2_precomp&
+    > >& v
+)
+{
+    enter_block("Call to alt_bn128_ate_multiple_miller_loop");
+    auto f = alt_bn128_Fq12::one();
 
     bool found_one = false;
     size_t idx = 0;
-
     const bigint<alt_bn128_Fr::num_limbs> &loop_count = alt_bn128_ate_loop_count;
     for (long i = loop_count.max_bits(); i >= 0; --i)
     {
@@ -445,48 +446,62 @@ alt_bn128_Fq12 alt_bn128_ate_double_miller_loop(const alt_bn128_ate_G1_precomp &
            alt_bn128_param_p (skipping leading zeros) in MSB to LSB
            order */
 
-        alt_bn128_ate_ell_coeffs c1 = prec_Q1.coeffs[idx];
-        alt_bn128_ate_ell_coeffs c2 = prec_Q2.coeffs[idx];
-        ++idx;
-
         f = f.squared();
-
-        f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV);
-        f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV);
+        for(auto& p:v){
+            auto c = p.second.coeffs[idx];
+            f = f.mul_by_024(c.ell_0, p.first.PY * c.ell_VW, p.first.PX * c.ell_VV);
+        }
+        ++idx;       
 
         if (bit)
         {
-            alt_bn128_ate_ell_coeffs c1 = prec_Q1.coeffs[idx];
-            alt_bn128_ate_ell_coeffs c2 = prec_Q2.coeffs[idx];
+            for(auto& p:v){
+                auto c = p.second.coeffs[idx];
+                f = f.mul_by_024(c.ell_0, p.first.PY * c.ell_VW, p.first.PX * c.ell_VV);
+            }
             ++idx;
 
-            f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV);
-            f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV);
         }
     }
 
     if (alt_bn128_ate_is_loop_count_neg)
     {
-    	f = f.inverse();
+        f = f.inverse();
     }
 
-    alt_bn128_ate_ell_coeffs c1 = prec_Q1.coeffs[idx];
-    alt_bn128_ate_ell_coeffs c2 = prec_Q2.coeffs[idx];
-    ++idx;
-    f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV);
-    f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV);
+    for(auto& p:v){
+        auto c = p.second.coeffs[idx];
+        f = f.mul_by_024(c.ell_0, p.first.PY * c.ell_VW, p.first.PX * c.ell_VV);
+    }
+    ++idx;       
 
-    c1 = prec_Q1.coeffs[idx];
-    c2 = prec_Q2.coeffs[idx];
-    ++idx;
-    f = f.mul_by_024(c1.ell_0, prec_P1.PY * c1.ell_VW, prec_P1.PX * c1.ell_VV);
-    f = f.mul_by_024(c2.ell_0, prec_P2.PY * c2.ell_VW, prec_P2.PX * c2.ell_VV);
+    for(auto& p:v){
+        auto c = p.second.coeffs[idx];
+        f = f.mul_by_024(c.ell_0, p.first.PY * c.ell_VW, p.first.PX * c.ell_VV);
+    }
+    ++idx;       
 
+    leave_block("Call to alt_bn128_ate_multiple_miller_loop"); 
+    return f;
+}
+
+alt_bn128_Fq12 alt_bn128_ate_double_miller_loop(const alt_bn128_ate_G1_precomp &prec_P1,
+                                     const alt_bn128_ate_G2_precomp &prec_Q1,
+                                     const alt_bn128_ate_G1_precomp &prec_P2,
+                                     const alt_bn128_ate_G2_precomp &prec_Q2)
+{
+    enter_block("Call to alt_bn128_ate_double_miller_loop");
+
+    auto f = alt_bn128_ate_multiple_miller_loop({
+        std::make_pair(prec_P1,prec_Q1),
+        std::make_pair(prec_P2,prec_Q2)
+    });
     leave_block("Call to alt_bn128_ate_double_miller_loop");
 
     return f;
 }
 
+
 alt_bn128_Fq12 alt_bn128_ate_pairing(const alt_bn128_G1& P, const alt_bn128_G2 &Q)
 {
     enter_block("Call to alt_bn128_ate_pairing");

src/algebra/curves/alt_bn128/alt_bn128_pairing.hpp

@@ -56,6 +56,12 @@ alt_bn128_Fq12 alt_bn128_ate_double_miller_loop(const alt_bn128_ate_G1_precomp &
                                      const alt_bn128_ate_G2_precomp &prec_Q1,
                                      const alt_bn128_ate_G1_precomp &prec_P2,
                                      const alt_bn128_ate_G2_precomp &prec_Q2);
+alt_bn128_Fq12 alt_bn128_ate_multiple_miller_loop(
+    const std::initializer_list<std::pair<
+        const alt_bn128_ate_G1_precomp&,
+        const alt_bn128_ate_G2_precomp&
+    > >& v
+);
 
 alt_bn128_Fq12 alt_bn128_ate_pairing(const alt_bn128_G1& P,
                           const alt_bn128_G2 &Q);

src/algebra/curves/alt_bn128/alt_bn128_pp.cpp

@@ -43,6 +43,15 @@ alt_bn128_Fq12 alt_bn128_pp::double_miller_loop(const alt_bn128_G1_precomp &prec
     return alt_bn128_double_miller_loop(prec_P1, prec_Q1, prec_P2, prec_Q2);
 }
 
+alt_bn128_Fq12 alt_bn128_pp::multiple_miller_loop(
+    const std::initializer_list<std::pair<
+        const alt_bn128_ate_G1_precomp&,
+        const alt_bn128_ate_G2_precomp&
+    > >& v
+)
+{
+   return alt_bn128_ate_multiple_miller_loop(v); 
+}
 alt_bn128_Fq12 alt_bn128_pp::pairing(const alt_bn128_G1 &P,
                                      const alt_bn128_G2 &Q)
 {

src/algebra/curves/alt_bn128/alt_bn128_pp.hpp

@@ -39,6 +39,12 @@ class alt_bn128_pp {
                                              const alt_bn128_G2_precomp &prec_Q1,
                                              const alt_bn128_G1_precomp &prec_P2,
                                              const alt_bn128_G2_precomp &prec_Q2);
+    static alt_bn128_Fq12 multiple_miller_loop(
+        const std::initializer_list<std::pair<
+            const alt_bn128_ate_G1_precomp&,
+            const alt_bn128_ate_G2_precomp&
+        > >& v
+    );
     static alt_bn128_Fq12 pairing(const alt_bn128_G1 &P,
                                   const alt_bn128_G2 &Q);
     static alt_bn128_Fq12 reduced_pairing(const alt_bn128_G1 &P,

src/algebra/curves/bn128/bn128_pairing.cpp

@@ -201,6 +201,26 @@ bn128_Fq12 bn128_double_ate_miller_loop(const bn128_ate_G1_precomp &prec_P1,
     return f;
 }
 
+
+bn128_Fq12 bn128_ate_multiple_miller_loop(
+    const std::initializer_list<std::pair<
+        const bn128_ate_G1_precomp&,
+        const bn128_ate_G2_precomp&
+    > >& v
+)
+{
+    enter_block("Call to bn128_ate_multiple_miller_loop");
+    bn128_Fq12 f = bn128_Fq12::one();
+    for(auto& p:v)
+    {
+        bn128_Fq12 g;
+        bn::components::millerLoop(g.elem,p.second.coeffs,p.first.P);
+        f = f * g;
+    }
+    leave_block("Call to bn128_ate_multiple_miller_loop");
+    return f;
+
+}
 bn128_GT bn128_final_exponentiation(const bn128_Fq12 &elt)
 {
     enter_block("Call to bn128_final_exponentiation");

src/algebra/curves/bn128/bn128_pairing.hpp

@@ -46,6 +46,13 @@ bn128_Fq12 bn128_double_ate_miller_loop(const bn128_ate_G1_precomp &prec_P1,
 bn128_Fq12 bn128_ate_miller_loop(const bn128_ate_G1_precomp &prec_P,
                                  const bn128_ate_G2_precomp &prec_Q);
 
+//returns the product of Miller loops of all pairs in the list
+bn128_Fq12 bn128_ate_multiple_miller_loop(
+    const std::initializer_list<std::pair<
+        const bn128_ate_G1_precomp&,
+        const bn128_ate_G2_precomp&
+    > >& v
+);
 bn128_GT bn128_final_exponentiation(const bn128_Fq12 &elt);
 
 } // libsnark

src/algebra/curves/bn128/bn128_pp.cpp

@@ -50,6 +50,19 @@ bn128_Fq12 bn128_pp::double_miller_loop(const bn128_ate_G1_precomp &prec_P1,
     return result;
 }
 
+//returns the product of Miller loops of all pairs in the list
+bn128_Fq12 bn128_pp::multiple_miller_loop(
+    const std::initializer_list<std::pair<
+        const bn128_ate_G1_precomp&,
+        const bn128_ate_G2_precomp&
+    > >& v
+)
+{   
+    enter_block("Call to multiple_miller_loop<bn128_pp>");
+    bn128_Fq12 result = bn128_ate_multiple_miller_loop(v);
+    leave_block("Call to multiple_miller_loop<bn128_pp>");
+    return result;
+}
 bn128_Fq12 bn128_pp::pairing(const bn128_G1 &P,
                              const bn128_G2 &Q)
 {

src/algebra/curves/bn128/bn128_pp.hpp

@@ -39,6 +39,13 @@ class bn128_pp {
                                          const bn128_ate_G2_precomp &prec_Q1,
                                          const bn128_ate_G1_precomp &prec_P2,
                                          const bn128_ate_G2_precomp &prec_Q2);
+    //returns the product of Miller loops of all pairs in the list
+    static bn128_Fq12 multiple_miller_loop(
+    const std::initializer_list<std::pair<
+        const bn128_ate_G1_precomp&,
+        const bn128_ate_G2_precomp&
+    > >& v
+);
 
     /* the following are used in test files */
     static bn128_GT pairing(const bn128_G1 &P,

src/algebra/curves/edwards/edwards_pairing.cpp

@@ -772,4 +772,71 @@ edwards_GT edwards_reduced_pairing(const edwards_G1 &P,
 {
     return edwards_ate_reduced_pairing(P, Q);
 }
+
+
+/***Ariel Code ** implementing multiple miller loop***/
+//computes the product of miller loops of all pairs in the list v
+edwards_Fq6 edwards_ate_multiple_miller_loop(    const std::initializer_list<std::pair<
+        const edwards_G1_precomp&,
+        const edwards_G2_precomp&
+    > >& v
+)
+{
+    enter_block("Call to edwards_multiple_miller_loop");
+    const bigint<edwards_Fr::num_limbs> &loop_count = edwards_ate_loop_count;
+
+    edwards_Fq6 f = edwards_Fq6::one();
+    bool found_one = false;
+    size_t idx = 0;
+    for (long i = loop_count.max_bits()-1; i >= 0; --i)
+    {
+        const bool bit = loop_count.test_bit(i);
+        if (!found_one)
+        {
+            /* this skips the MSB itself */
+            found_one |= bit;
+            continue;
+        }
+
+        /* code below gets executed for all bits (EXCEPT the MSB itself) of
+           edwards_param_p (skipping leading zeros) in MSB to LSB
+           order */
+        f=f.squared();
+        for(auto& p:v){
+                auto cc = p.second[idx];
+                auto g_RR_at_P = edwards_Fq6(p.first.P_XY * cc.c_XY + p.first.P_XZ * cc.c_XZ,
+                                        p.first.P_ZZplusYZ * cc.c_ZZ);
+                f=f*g_RR_at_P;
+
+        }
+        ++idx;
+
+        if (bit)
+        {
+            for(auto& p:v){
+                auto cc = p.second[idx];
+                auto g_RQ_at_P = edwards_Fq6(p.first.P_ZZplusYZ * cc.c_ZZ,
+                                                 p.first.P_XY * cc.c_XY + p.first.P_XZ * cc.c_XZ);
+                f=f*g_RQ_at_P;
+
+            }
+            ++idx;
+        }
+    }
+    leave_block("Call to edwards_multiple_miller_loop");
+
+    return f;
+}
+
+edwards_Fq6 edwards_multiple_miller_loop(    const std::initializer_list<std::pair<
+        const edwards_G1_precomp&,
+        const edwards_G2_precomp&
+    > >& v
+)
+{
+    return edwards_ate_multiple_miller_loop(v);
+}
+
+
+
 } // libsnark

src/algebra/curves/edwards/edwards_pairing.hpp

@@ -118,5 +118,12 @@ edwards_Fq6 edwards_pairing(const edwards_G1& P,
 edwards_GT edwards_reduced_pairing(const edwards_G1 &P,
                                    const edwards_G2 &Q);
 
+/**Ariel additions***/
+edwards_Fq6 edwards_multiple_miller_loop(const std::initializer_list<std::pair<
+        const edwards_G1_precomp&,
+        const edwards_G2_precomp&
+    > >& v
+);
+
 } // libsnark
 #endif // EDWARDS_PAIRING_HPP_

src/algebra/curves/edwards/edwards_pp.cpp

@@ -42,6 +42,15 @@ edwards_Fq6 edwards_pp::double_miller_loop(const edwards_G1_precomp &prec_P1,
 {
     return edwards_double_miller_loop(prec_P1, prec_Q1, prec_P2, prec_Q2);
 }
+edwards_Fq6 edwards_pp::multiple_miller_loop(
+    const std::initializer_list<std::pair<
+        const edwards_G1_precomp&,
+        const edwards_G2_precomp&
+    > >& v
+)
+{
+   return edwards_multiple_miller_loop(v); 
+}
 
 edwards_Fq6 edwards_pp::pairing(const edwards_G1 &P,
                                 const edwards_G2 &Q)

src/algebra/curves/edwards/edwards_pp.hpp

@@ -39,6 +39,12 @@ class edwards_pp {
                                           const edwards_G2_precomp &prec_Q1,
                                           const edwards_G1_precomp &prec_P2,
                                           const edwards_G2_precomp &prec_Q2);
+    static edwards_Fq6 multiple_miller_loop(
+        const std::initializer_list<std::pair<
+            const edwards_G1_precomp&,
+            const edwards_G2_precomp&
+        > >& v
+    );
     /* the following are used in test files */
     static edwards_Fq6 pairing(const edwards_G1 &P,
                                const edwards_G2 &Q);