Open
Description
Hi all,
I believe I found a small bug in libff on the develop and master branches, where e(g_1^0, g_2) != e(g_1, g_2^0), but they should be equal.
I am able to reproduce it with the following test:
diff --git a/libff/algebra/curves/tests/test_bilinearity.cpp b/libff/algebra/curves/tests/test_bilinearity.cpp
index ecfaca8..a9074dd 100755
--- a/libff/algebra/curves/tests/test_bilinearity.cpp
+++ b/libff/algebra/curves/tests/test_bilinearity.cpp
@@ -40,6 +40,11 @@ void pairing_test()
{
GT<ppT> GT_one = GT<ppT>::one();
+ printf("Checking e(0*g1, g2) = e(g1, 0*g2)"); // = e(g1, g2)^0
+ GT<ppT> lhs = ppT::reduced_pairing(G1<ppT>::zero(), G2<ppT>::one());
+ GT<ppT> rhs = ppT::reduced_pairing(G1<ppT>::one(), G2<ppT>::zero());
+ EXPECT_EQ(lhs, rhs);
+
printf("Running bilinearity tests:\n");
G1<ppT> P = (Fr<ppT>::random_element()) * G1<ppT>::one();
//G1<ppT> P = Fr<ppT>("2") * G1<ppT>::one();
And then building and running the tests as per the README:
mkdir build && cd build
cmake ..
make
make test
I discovered this while using BN128 from the master branch in one one of my projects and then reproduced it in the develop branch above.
Specifically, in my project, if I compare e(g_1^0, g_2) with e(g_1, g_2^0), which it should be equal to, I get:
ReducedPairing(G1::zero(), ck.getGen2()) =
([[1,0],
[0,0],
[0,0]] [[0,0],
[0,0],
[0,0]])
ReducedPairing(ck.getGen1(), G2::zero()) =
([[0,0],
[0,0],
[0,0]] [[0,0],
[0,0],
[0,0]])
As you can see, the LHS begins with a [1,0] while the RHS with a [0,0].
Metadata
Metadata
Assignees
Labels
No labels