cygnusv
October 17, 2018, 4:08pm
17
Yes, what I meant is that although your input points are in affine, you can do the computations internally in Jacobian. This uses the fact that affine to Jacobian transformation is trivial (i.e… just take the z coordinate as 1). See this example, where we add two affine points and compare with an expected result, also in affine. The main operations only take 4.5K gas.
];
bool sum_is_correct = Numerology.eq_jacobian(Numerology.addJac([expected[0], expected[1], 1], [expected[2], expected[3], 1]), [expected[4], expected[5], 1]);
bool kP_is_correct = Numerology.ecmulVerify(P_Q[0], P_Q[1], k_l[0], expected[0], expected[1]);
bool lQ_is_correct = Numerology.ecmulVerify(P_Q[2], P_Q[3], k_l[1], expected[2], expected[3]);
return sum_is_correct && kP_is_correct && lQ_is_correct;
}
function test_add_eq_jac() public view returns (bool) {
uint256 e0 = 0xaddcb45773b26a2f8ac2143627d54f47a12aab533dc1b41b4e791985e9eca496; // kP_x
uint256 e1 = 0x72da5adb3a30a2cf147d309b0cf58c76b322c82a5edae164e13dbeed6429c41d; // kP_y
uint256 e2 = 0xf07716879380e987f8b5551a1d989068d0003061088a869a33ceb9848771c6fd; // lQ_x
uint256 e3 = 0x2447ed4564b75b0f9ff84013aaa37c2ab67a2c621b0edc91a06895f19a93aebb; // lQ_y
uint256 e4 = 0x9ca8f6ff6a2eb6f62787f70b9f7c4939d1a3890ec87343e4f6716f9f6867eb86; // Rx
uint256 e5 = 0x290c40f22995dc8b956d2c63ec060d332d082124d638ed618891171db8bc206f; // Ry
return Numerology.eq_affine_jacobian([e4, e5], Numerology.add_affine_to_jac([e0, e1], [e2, e3]));
}
}