pairing-product for ML-KZG; update change log

zhenfeizhang · zhenfeizhang · commit 4a18d57b125b · 2022-05-20T12:10:01.000-04:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## Pending
 
+- [\#98](https://github.com/arkworks-rs/poly-commit/pull/98) Use pairing-product to accelerate `KZG` and `multilinear_pc` verifications.
+
 ### Breaking changes
 
 - [\#82](https://github.com/arkworks-rs/poly-commit/pull/82) Function parameter `opening_challenge: F` for `open`,
diff --git a/src/multilinear_pc/mod.rs b/src/multilinear_pc/mod.rs
@@ -194,39 +194,38 @@ impl<E: PairingEngine> MultilinearPC<E> {
         value: E::Fr,
         proof: &Proof<E>,
     ) -> bool {
-        let left = E::pairing(
-            commitment.g_product.into_projective() - &vk.g.mul(value),
-            vk.h,
-        );
-
         let scalar_size = E::Fr::size_in_bits();
-        let window_size = FixedBase::get_mul_window_size(vk.nv);
+        let window_size = FixedBaseMSM::get_mul_window_size(verifier_param.num_vars);
 
-        let g_table = FixedBase::get_window_table(scalar_size, window_size, vk.g.into_projective());
-        let g_mul: Vec<E::G1Projective> = FixedBase::msm(scalar_size, window_size, &g_table, point);
+        let g_table = FixedBaseMSM::get_window_table(
+            scalar_size,
+            window_size,
+            verifier_param.g.into_projective(),
+        );
+        let g_mul: Vec<E::G1Projective> =
+            FixedBaseMSM::multi_scalar_mul(scalar_size, window_size, &g_table, point);
 
-        let pairing_lefts: Vec<_> = (0..vk.nv)
-            .map(|i| vk.g_mask_random[i].into_projective() - &g_mul[i])
-            .collect();
-        let pairing_lefts: Vec<E::G1Affine> =
-            E::G1Projective::batch_normalization_into_affine(&pairing_lefts);
-        let pairing_lefts: Vec<E::G1Prepared> = pairing_lefts
-            .into_iter()
-            .map(|x| E::G1Prepared::from(x))
+        let mut g1_vec: Vec<_> = (0..verifier_param.num_vars)
+            .map(|i| verifier_param.g_mask[i].into_projective() - g_mul[i])
             .collect();
+        g1_vec.push(verifier_param.g.mul(value) - commitment.g_product.into_projective());
 
-        let pairing_rights: Vec<E::G2Prepared> = proof
-            .proofs
-            .iter()
-            .map(|x| E::G2Prepared::from(*x))
-            .collect();
+        let g1_vec: Vec<E::G1Affine> = E::G1Projective::batch_normalization_into_affine(&g1_vec);
+        let tmp = g1_vec[verifier_param.num_vars];
 
-        let pairings: Vec<_> = pairing_lefts
+        let mut pairings: Vec<_> = g1_vec
             .into_iter()
-            .zip(pairing_rights.into_iter())
+            .take(verifier_param.num_vars)
+            .map(E::G1Prepared::from)
+            .zip(proof.proofs.iter().map(|&x| E::G2Prepared::from(x)))
             .collect();
-        let right = E::product_of_pairings(pairings.iter());
-        left == right
+
+        pairings.push((
+            E::G1Prepared::from(tmp),
+            E::G2Prepared::from(verifier_param.h),
+        ));
+
+        E::product_of_pairings(pairings.iter()) == E::Fqk::one()
     }
 }
 
