Currently all curves of embedding degree 12 (ie. everything except BW6-761) implement (and test!) all six of the methods MulByV, MulByVW, MulByV2W, MulByVWNRInv, MulByV2NRInv, MulByWNRInv even though each curve actually uses only three:
- BLS12-381 pairing uses only
MulByVWNRInv, MulByV2NRInv, MulByWNRInv
- BLS12-377, BN256 pairings use only
MulByVW, MulByV, MulByV2W
These methods appear in e12.go for each curve.
This is bad design. The original purpose was to facilitate automatic generation of known-answer tests in sage---ie. so we can use the same sage script to generate KATs for all degree-twelve field extensions in all curves. (The relevant sage script is pointed to in #6.)
BW6-761 needs its own new trio of methods: MulByVMinusThree, MulByVminusTwo, MulByVminusFive. I don't think we should simply pile these three additional methods on top of the other six. Instead, we should remove these methods from e12.go to pairing.go; each curve should keep only the three methods it needs instead of supporting all of them.
There's no need for KATs for these methods, so we can simply remove them from the sage script to save time. Instead, we can test these methods in pure Go by comparing against the output of Mul. Code will be simpler, tests will be simpler.
Currently all curves of embedding degree 12 (ie. everything except BW6-761) implement (and test!) all six of the methods
MulByV,MulByVW,MulByV2W,MulByVWNRInv,MulByV2NRInv,MulByWNRInveven though each curve actually uses only three:MulByVWNRInv,MulByV2NRInv,MulByWNRInvMulByVW,MulByV,MulByV2WThese methods appear in
e12.gofor each curve.This is bad design. The original purpose was to facilitate automatic generation of known-answer tests in sage---ie. so we can use the same sage script to generate KATs for all degree-twelve field extensions in all curves. (The relevant sage script is pointed to in #6.)
BW6-761 needs its own new trio of methods:
MulByVMinusThree,MulByVminusTwo,MulByVminusFive. I don't think we should simply pile these three additional methods on top of the other six. Instead, we should remove these methods frome12.gotopairing.go; each curve should keep only the three methods it needs instead of supporting all of them.There's no need for KATs for these methods, so we can simply remove them from the sage script to save time. Instead, we can test these methods in pure Go by comparing against the output of
Mul. Code will be simpler, tests will be simpler.