0
# Optimized Operations
1
2
High-performance versions of BLS12-381 and BN128 operations with additional specialized functions for production use. These optimized implementations provide significant performance improvements over the reference implementations while maintaining the same API.
3
4
## Optimized BLS12-381
5
6
```python { .api }
7
# Import optimized BLS12-381 operations
8
from py_ecc.optimized_bls12_381 import (
9
G1, G2, G12, Z1, Z2,
10
add, double, multiply, neg, eq, is_inf, is_on_curve, normalize,
11
pairing, final_exponentiate,
12
multiply_clear_cofactor_G1, multiply_clear_cofactor_G2,
13
optimized_swu_G1, optimized_swu_G2, iso_map_G1, iso_map_G2,
14
curve_order, field_modulus, twist, b, b2, b12
15
)
16
```
17
18
## Optimized BN128
19
20
```python { .api }
21
# Import optimized BN128 operations
22
from py_ecc.optimized_bn128 import (
23
G1, G2, G12, Z1, Z2,
24
add, double, multiply, neg, eq, is_inf, is_on_curve, normalize,
25
pairing, final_exponentiate,
26
curve_order, field_modulus, twist, b, b2, b12
27
)
28
```
29
30
## Capabilities
31
32
### Enhanced Point Operations
33
34
All standard point operations with optimized implementations for better performance.
35
36
```python { .api }
37
def add(p1, p2):
38
"""Optimized point addition with improved performance."""
39
40
def double(p):
41
"""Optimized point doubling with improved performance."""
42
43
def multiply(p, n):
44
"""Optimized scalar multiplication with windowing and precomputation."""
45
46
def normalize(p):
47
"""
48
Normalize a point to affine coordinates.
49
50
Args:
51
p: Point in projective or jacobian coordinates
52
53
Returns:
54
Point in affine coordinates (x, y)
55
"""
56
```
57
58
### Specialized BLS12-381 Operations
59
60
Additional operations specific to BLS12-381 that are not available in the reference implementation.
61
62
```python { .api }
63
def multiply_clear_cofactor_G1(p):
64
"""
65
Clear the cofactor for a G1 point to ensure it's in the correct subgroup.
66
67
Args:
68
p: Point in G1 (may not be in correct subgroup)
69
70
Returns:
71
Point in the correct G1 subgroup
72
"""
73
74
def multiply_clear_cofactor_G2(p):
75
"""
76
Clear the cofactor for a G2 point to ensure it's in the correct subgroup.
77
78
Args:
79
p: Point in G2 (may not be in correct subgroup)
80
81
Returns:
82
Point in the correct G2 subgroup
83
"""
84
```
85
86
### Hash-to-Curve Operations
87
88
Optimized implementations of hash-to-curve operations for BLS12-381.
89
90
```python { .api }
91
def optimized_swu_G1(t):
92
"""
93
Optimized Simplified SWU hash-to-curve for G1.
94
95
Args:
96
t: Field element to map to curve
97
98
Returns:
99
Point on the G1 curve
100
"""
101
102
def optimized_swu_G2(t):
103
"""
104
Optimized Simplified SWU hash-to-curve for G2.
105
106
Args:
107
t: Field element (in Fp2) to map to curve
108
109
Returns:
110
Point on the G2 curve
111
"""
112
113
def iso_map_G1(p):
114
"""
115
Apply the isomorphism map for G1 points.
116
117
Args:
118
p: Point on the isogenous curve
119
120
Returns:
121
Point on the target G1 curve
122
"""
123
124
def iso_map_G2(p):
125
"""
126
Apply the isomorphism map for G2 points.
127
128
Args:
129
p: Point on the isogenous curve
130
131
Returns:
132
Point on the target G2 curve
133
"""
134
```
135
136
### Enhanced Pairing Operations
137
138
Optimized pairing computations with better performance characteristics.
139
140
```python { .api }
141
def pairing(p1, p2):
142
"""
143
Optimized bilinear pairing computation.
144
145
Args:
146
p1: Point in G1
147
p2: Point in G2
148
149
Returns:
150
Element in GT with optimized computation
151
"""
152
153
def final_exponentiate(p):
154
"""
155
Optimized final exponentiation for pairing.
156
157
Args:
158
p: Element from Miller loop
159
160
Returns:
161
Final pairing result with optimized exponentiation
162
"""
163
```
164
165
## Usage Examples
166
167
### Performance Comparison
168
169
```python
170
import time
171
from py_ecc.bls12_381 import multiply as ref_multiply, G1 as ref_G1
172
from py_ecc.optimized_bls12_381 import multiply as opt_multiply, G1 as opt_G1
173
174
# Large scalar for performance testing
175
large_scalar = 2**128 + 12345
176
177
# Reference implementation timing
178
start = time.time()
179
ref_result = ref_multiply(ref_G1, large_scalar)
180
ref_time = time.time() - start
181
182
# Optimized implementation timing
183
start = time.time()
184
opt_result = opt_multiply(opt_G1, large_scalar)
185
opt_time = time.time() - start
186
187
print(f"Reference time: {ref_time:.4f}s")
188
print(f"Optimized time: {opt_time:.4f}s")
189
print(f"Speedup: {ref_time/opt_time:.2f}x")
190
```
191
192
### Subgroup Operations
193
194
```python
195
from py_ecc.optimized_bls12_381 import (
196
G1, G2, multiply_clear_cofactor_G1, multiply_clear_cofactor_G2,
197
is_on_curve
198
)
199
200
# Create points that may not be in the correct subgroup
201
# (In practice, these might come from untrusted sources)
202
point_g1 = multiply(G1, 12345)
203
point_g2 = multiply(G2, 67890)
204
205
# Ensure points are in correct subgroups
206
cleared_g1 = multiply_clear_cofactor_G1(point_g1)
207
cleared_g2 = multiply_clear_cofactor_G2(point_g2)
208
209
# Verify they're still on the curve
210
assert is_on_curve(cleared_g1)
211
assert is_on_curve(cleared_g2)
212
213
print("Subgroup clearing completed")
214
```
215
216
### Hash-to-Curve Pipeline
217
218
```python
219
from py_ecc.optimized_bls12_381 import (
220
optimized_swu_G1, optimized_swu_G2,
221
iso_map_G1, iso_map_G2,
222
multiply_clear_cofactor_G1, multiply_clear_cofactor_G2
223
)
224
from py_ecc.fields import optimized_bls12_381_FQ as FQ, optimized_bls12_381_FQ2 as FQ2
225
226
def hash_to_g1(data: bytes):
227
"""Complete hash-to-G1 pipeline."""
228
# In practice, you'd hash the data to get field elements
229
# This is a simplified example
230
t = FQ(int.from_bytes(data[:32], 'big'))
231
232
# Apply SWU map
233
point = optimized_swu_G1(t)
234
235
# Apply isomorphism
236
iso_point = iso_map_G1(point)
237
238
# Clear cofactor
239
final_point = multiply_clear_cofactor_G1(iso_point)
240
241
return final_point
242
243
def hash_to_g2(data: bytes):
244
"""Complete hash-to-G2 pipeline."""
245
# Create Fp2 element from data
246
t = FQ2([
247
int.from_bytes(data[:32], 'big'),
248
int.from_bytes(data[32:64], 'big')
249
])
250
251
# Apply SWU map
252
point = optimized_swu_G2(t)
253
254
# Apply isomorphism
255
iso_point = iso_map_G2(point)
256
257
# Clear cofactor
258
final_point = multiply_clear_cofactor_G2(iso_point)
259
260
return final_point
261
262
# Example usage
263
message = b"Hello, hash-to-curve!" + b"\x00" * 43 # Pad to 64 bytes
264
g1_point = hash_to_g1(message)
265
g2_point = hash_to_g2(message)
266
267
print("Hash-to-curve operations completed")
268
```
269
270
### Multi-Pairing with Optimizations
271
272
```python
273
from py_ecc.optimized_bls12_381 import G1, G2, multiply, pairing
274
from py_ecc.fields import optimized_bls12_381_FQ12 as FQ12
275
276
def optimized_multi_pairing(g1_points, g2_points):
277
"""Compute product of multiple pairings efficiently."""
278
assert len(g1_points) == len(g2_points)
279
280
# Compute individual pairings
281
pairings = []
282
for p1, p2 in zip(g1_points, g2_points):
283
pairings.append(pairing(p1, p2))
284
285
# Multiply all results
286
result = FQ12.one()
287
for p in pairings:
288
result = result * p
289
290
return result
291
292
# Example: Aggregate signature verification style computation
293
g1_points = [multiply(G1, i) for i in [123, 456, 789]]
294
g2_points = [multiply(G2, i) for i in [321, 654, 987]]
295
296
multi_pairing_result = optimized_multi_pairing(g1_points, g2_points)
297
print("Multi-pairing computation completed")
298
```
299
300
### Point Normalization
301
302
```python
303
from py_ecc.optimized_bls12_381 import G1, multiply, normalize, add
304
305
# Operations may result in points in projective coordinates
306
p1 = multiply(G1, 123)
307
p2 = multiply(G1, 456)
308
sum_point = add(p1, p2)
309
310
# Normalize to affine coordinates for storage or transmission
311
normalized_point = normalize(sum_point)
312
313
print(f"Point normalized to affine coordinates")
314
```
315
316
### Production BLS Signature Verification
317
318
```python
319
from py_ecc.optimized_bls12_381 import pairing, G1, multiply
320
from py_ecc.bls.g2_primitives import signature_to_G2, pubkey_to_G1
321
322
def fast_bls_verify(pubkey_bytes, message_hash_point, signature_bytes):
323
"""
324
Fast BLS signature verification using optimized operations.
325
326
Args:
327
pubkey_bytes: 48-byte compressed public key
328
message_hash_point: Pre-computed hash-to-curve of message
329
signature_bytes: 96-byte signature
330
331
Returns:
332
bool: True if signature is valid
333
"""
334
try:
335
# Convert bytes to curve points
336
pubkey = pubkey_to_G1(pubkey_bytes)
337
signature = signature_to_G2(signature_bytes)
338
339
# Pairing check: e(H(m), pk) == e(sig, G1)
340
lhs = pairing(message_hash_point, pubkey)
341
rhs = pairing(signature, G1)
342
343
return lhs == rhs
344
except:
345
return False
346
347
# Example usage would require proper message hashing
348
print("Fast BLS verification function defined")
349
```
350
351
## Performance Notes
352
353
The optimized implementations provide significant performance improvements:
354
355
- **Scalar Multiplication**: 2-5x faster through windowing methods and precomputation
356
- **Pairing Operations**: 20-40% faster through optimized Miller loop and final exponentiation
357
- **Field Operations**: Lower-level optimizations in field arithmetic
358
- **Memory Usage**: More efficient point representations and temporary storage
359
360
For production applications requiring high throughput (like blockchain consensus), always prefer the optimized implementations over the reference versions.
361
362
## Compatibility
363
364
The optimized implementations maintain API compatibility with their reference counterparts:
365
366
- Same function signatures and return types
367
- Same mathematical results (identical outputs)
368
- Same error handling behavior
369
- Can be used as drop-in replacements
370
371
The only differences are in performance characteristics and the availability of additional specialized functions in the optimized versions.