better comments

evm/src/bn254_pairing.rs

@@ -129,158 +129,26 @@ pub fn invariance_inducing_power(f: Fp12) -> Fp12 {
     y.frob(3) * y_a2.frob(2) * y_a1.frob(1) * y_a0
 }
 
-/// Given an f: Fp12, this function computes
+/// We first together (so as to avoid repeated steps) compute
-///     y^a2, y^(-a1), y^(-a0)
-/// by first computing
 ///     y^a4, y^a2, y^a0
 /// where a1 is given by
 ///     a1 = a4 + 2a2 - a0
-/// thus what remains is inverting y^a0 and returning
+/// we then invert y^a0 and return
-///     y^a2, y^a4 * y^a2 * y^a2 * y^(-a0), y^(-a0)
+///     y^a2, y^a1 = y^a4 * y^a2 * y^a2 * y^(-a0), y^(-a0)
+///
+/// Represent a4, a2, a0 in *little endian* binary, define
+///     EXPS4 = [(a4[i], a2[i], a0[i]) for i in       0..len(a4)]
+///     EXPS2 = [       (a2[i], a0[i]) for i in len(a4)..len(a2)]
+///     EXPS0 = [               a0[i]  for i in len(a2)..len(a0)]
 fn get_custom_powers(f: Fp12) -> (Fp12, Fp12, Fp12) {
-    const EXPS4: [(usize, usize, usize); 64] = [
-        (1, 1, 0),
-        (1, 1, 1),
-        (1, 1, 1),
-        (0, 0, 0),
-        (0, 0, 1),
-        (1, 0, 1),
-        (0, 1, 0),
-        (1, 0, 1),
-        (1, 1, 0),
-        (1, 0, 1),
-        (0, 1, 0),
-        (1, 1, 0),
-        (1, 1, 0),
-        (1, 1, 0),
-        (0, 1, 0),
-        (0, 1, 0),
-        (0, 0, 1),
-        (1, 0, 1),
-        (1, 1, 0),
-        (0, 1, 0),
-        (1, 1, 0),
-        (1, 1, 0),
-        (1, 1, 0),
-        (0, 0, 1),
-        (0, 0, 1),
-        (1, 0, 1),
-        (1, 0, 1),
-        (1, 1, 0),
-        (1, 0, 0),
-        (1, 1, 0),
-        (0, 1, 0),
-        (1, 1, 0),
-        (1, 0, 0),
-        (0, 1, 0),
-        (0, 0, 0),
-        (1, 0, 0),
-        (1, 0, 0),
-        (1, 0, 1),
-        (0, 0, 1),
-        (0, 1, 1),
-        (0, 0, 1),
-        (0, 1, 1),
-        (0, 1, 1),
-        (0, 0, 0),
-        (1, 1, 1),
-        (1, 0, 1),
-        (1, 0, 1),
-        (0, 1, 1),
-        (1, 0, 1),
-        (0, 1, 1),
-        (0, 1, 1),
-        (1, 1, 0),
-        (1, 1, 0),
-        (1, 1, 0),
-        (1, 0, 0),
-        (0, 0, 1),
-        (1, 0, 0),
-        (0, 0, 1),
-        (1, 0, 1),
-        (1, 1, 0),
-        (1, 1, 1),
-        (0, 1, 1),
-        (0, 1, 0),
-        (1, 1, 1),
-    ];
-
-    const EXPS2: [(usize, usize); 62] = [
-        (1, 0),
-        (1, 1),
-        (0, 0),
-        (1, 0),
-        (1, 0),
-        (1, 1),
-        (1, 0),
-        (1, 1),
-        (1, 0),
-        (0, 1),
-        (0, 1),
-        (1, 1),
-        (1, 1),
-        (0, 0),
-        (1, 1),
-        (0, 0),
-        (0, 0),
-        (0, 1),
-        (0, 1),
-        (1, 1),
-        (1, 1),
-        (1, 1),
-        (0, 1),
-        (1, 1),
-        (0, 0),
-        (1, 1),
-        (1, 0),
-        (1, 1),
-        (0, 0),
-        (1, 1),
-        (1, 1),
-        (1, 0),
-        (0, 0),
-        (0, 1),
-        (0, 0),
-        (1, 1),
-        (0, 1),
-        (0, 0),
-        (1, 0),
-        (0, 1),
-        (0, 1),
-        (1, 0),
-        (0, 1),
-        (0, 0),
-        (0, 0),
-        (0, 0),
-        (0, 1),
-        (1, 0),
-        (1, 1),
-        (0, 1),
-        (1, 1),
-        (1, 0),
-        (0, 1),
-        (0, 0),
-        (1, 0),
-        (0, 1),
-        (1, 0),
-        (1, 1),
-        (1, 0),
-        (1, 1),
-        (0, 1),
-        (1, 1),
-    ];
-
-    const EXPS0: [usize; 65] = [
-        0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0,
-        0, 0, 1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1,
-        0, 0, 1, 1, 0,
-    ];
-
     let mut sq: Fp12 = f;
     let mut y0: Fp12 = UNIT_FP12;
     let mut y2: Fp12 = UNIT_FP12;
     let mut y4: Fp12 = UNIT_FP12;
 
+    // proceed via standard squaring algorithm for exponentiation
+
+    // must keep multiplying all three values: a4, a2, a0
     for (a, b, c) in EXPS4 {
         if a != 0 {
             y4 = y4 * sq;
@@ -293,8 +161,10 @@ fn get_custom_powers(f: Fp12) -> (Fp12, Fp12, Fp12) {
         }
         sq = sq * sq;
     }
+    // leading term of a4 is always 1
     y4 = y4 * sq;
 
+    // must keep multiplying remaining two values: a2, a0
     for (a, b) in EXPS2 {
         if a != 0 {
             y2 = y2 * sq;
@@ -304,17 +174,23 @@ fn get_custom_powers(f: Fp12) -> (Fp12, Fp12, Fp12) {
         }
         sq = sq * sq;
     }
+    // leading term of a2 is always 1
     y2 = y2 * sq;
 
+    // must keep multiplying remaining value: a0
     for a in EXPS0 {
         if a != 0 {
             y0 = y0 * sq;
         }
         sq = sq * sq;
     }
+    // leading term of a0 is always 1
     y0 = y0 * sq;
 
+    // invert y0 to compute y^(-a0)
     let y0_inv = y0.inv();
+
+    // return y2, y1 = y4 * y2^2 * y^(-a0), y^(-a0)
     (y2, y4 * y2 * y2 * y0_inv, y0_inv)
 }
 
@@ -369,3 +245,143 @@ pub const TWISTED_GENERATOR: TwistedCurve = {
         },
     }
 };
+
+/// The folowing constants are defined above get_custom_powers
+
+const EXPS4: [(usize, usize, usize); 64] = [
+    (1, 1, 0),
+    (1, 1, 1),
+    (1, 1, 1),
+    (0, 0, 0),
+    (0, 0, 1),
+    (1, 0, 1),
+    (0, 1, 0),
+    (1, 0, 1),
+    (1, 1, 0),
+    (1, 0, 1),
+    (0, 1, 0),
+    (1, 1, 0),
+    (1, 1, 0),
+    (1, 1, 0),
+    (0, 1, 0),
+    (0, 1, 0),
+    (0, 0, 1),
+    (1, 0, 1),
+    (1, 1, 0),
+    (0, 1, 0),
+    (1, 1, 0),
+    (1, 1, 0),
+    (1, 1, 0),
+    (0, 0, 1),
+    (0, 0, 1),
+    (1, 0, 1),
+    (1, 0, 1),
+    (1, 1, 0),
+    (1, 0, 0),
+    (1, 1, 0),
+    (0, 1, 0),
+    (1, 1, 0),
+    (1, 0, 0),
+    (0, 1, 0),
+    (0, 0, 0),
+    (1, 0, 0),
+    (1, 0, 0),
+    (1, 0, 1),
+    (0, 0, 1),
+    (0, 1, 1),
+    (0, 0, 1),
+    (0, 1, 1),
+    (0, 1, 1),
+    (0, 0, 0),
+    (1, 1, 1),
+    (1, 0, 1),
+    (1, 0, 1),
+    (0, 1, 1),
+    (1, 0, 1),
+    (0, 1, 1),
+    (0, 1, 1),
+    (1, 1, 0),
+    (1, 1, 0),
+    (1, 1, 0),
+    (1, 0, 0),
+    (0, 0, 1),
+    (1, 0, 0),
+    (0, 0, 1),
+    (1, 0, 1),
+    (1, 1, 0),
+    (1, 1, 1),
+    (0, 1, 1),
+    (0, 1, 0),
+    (1, 1, 1),
+];
+
+const EXPS2: [(usize, usize); 62] = [
+    (1, 0),
+    (1, 1),
+    (0, 0),
+    (1, 0),
+    (1, 0),
+    (1, 1),
+    (1, 0),
+    (1, 1),
+    (1, 0),
+    (0, 1),
+    (0, 1),
+    (1, 1),
+    (1, 1),
+    (0, 0),
+    (1, 1),
+    (0, 0),
+    (0, 0),
+    (0, 1),
+    (0, 1),
+    (1, 1),
+    (1, 1),
+    (1, 1),
+    (0, 1),
+    (1, 1),
+    (0, 0),
+    (1, 1),
+    (1, 0),
+    (1, 1),
+    (0, 0),
+    (1, 1),
+    (1, 1),
+    (1, 0),
+    (0, 0),
+    (0, 1),
+    (0, 0),
+    (1, 1),
+    (0, 1),
+    (0, 0),
+    (1, 0),
+    (0, 1),
+    (0, 1),
+    (1, 0),
+    (0, 1),
+    (0, 0),
+    (0, 0),
+    (0, 0),
+    (0, 1),
+    (1, 0),
+    (1, 1),
+    (0, 1),
+    (1, 1),
+    (1, 0),
+    (0, 1),
+    (0, 0),
+    (1, 0),
+    (0, 1),
+    (1, 0),
+    (1, 1),
+    (1, 0),
+    (1, 1),
+    (0, 1),
+    (1, 1),
+];
+
+const EXPS0: [usize; 65] = [
+    0, 0, 1, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0,
+    1, 0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1,
+    0,
+];