fix(MillerLoop): return 1 when size(pairs)=0 after infinity filter

ecc/bls12-377/pairing.go

@@ -133,22 +133,25 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 	}
 
 	var result GT
+	result.SetOne()
 	var l1, l2 lineEvaluation
 	var prodLines [5]E2
 
 	// Compute ∏ᵢ { fᵢ_{x₀,Q}(P) }
-	// i = 62, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// loopCounter[62] = 0
-	// k = 0, separately to avoid MulBy034 (res × ℓ)
-	// (assign line to res)
-
-	// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
-	qProj[0].doubleStep(&l1)
-	// line evaluation at P[0] (assign)
-	result.C0.B0.MulByElement(&l1.r0, &p[0].Y)
-	result.C1.B0.MulByElement(&l1.r1, &p[0].X)
-	result.C1.B1.Set(&l1.r2)
+	if n >= 1 {
+		// i = 62, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// loopCounter[62] = 0
+		// k = 0, separately to avoid MulBy034 (res × ℓ)
+		// (assign line to res)
+
+		// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
+		qProj[0].doubleStep(&l1)
+		// line evaluation at P[0] (assign)
+		result.C0.B0.MulByElement(&l1.r0, &p[0].Y)
+		result.C1.B0.MulByElement(&l1.r1, &p[0].X)
+		result.C1.B1.Set(&l1.r2)
+	}
 
 	if n >= 2 {
 		// k = 1, separately to avoid MulBy034 (res × ℓ)

ecc/bls12-378/pairing.go

@@ -132,22 +132,25 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 	}
 
 	var result GT
+	result.SetOne()
 	var l1, l2 lineEvaluation
 	var prodLines [5]E2
 
 	// Compute ∏ᵢ { fᵢ_{x₀,Q}(P) }
-	// i = 62, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// loopCounter[62] = 0
-	// k = 0, separately to avoid MulBy014 (res × ℓ)
-	// (assign line to res)
-
-	// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
-	qProj[0].doubleStep(&l1)
-	// line evaluation at P[0] (assign)
-	result.C0.B0.Set(&l1.r0)
-	result.C0.B1.MulByElement(&l1.r1, &p[0].X)
-	result.C1.B1.MulByElement(&l1.r2, &p[0].Y)
+	if n >= 1 {
+		// i = 62, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// loopCounter[62] = 0
+		// k = 0, separately to avoid MulBy014 (res × ℓ)
+		// (assign line to res)
+
+		// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
+		qProj[0].doubleStep(&l1)
+		// line evaluation at P[0] (assign)
+		result.C0.B0.Set(&l1.r0)
+		result.C0.B1.MulByElement(&l1.r1, &p[0].X)
+		result.C1.B1.MulByElement(&l1.r2, &p[0].Y)
+	}
 
 	if n >= 2 {
 		// k = 1, separately to avoid MulBy014 (res × ℓ)

ecc/bls12-381/pairing.go

@@ -132,36 +132,39 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 	}
 
 	var result GT
+	result.SetOne()
 	var l1, l2 lineEvaluation
 	var prodLines [5]E2
 
 	// Compute ∏ᵢ { fᵢ_{x₀,Q}(P) }
-	// i = 62, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// loopCounter[62] = 1
-	// k = 0, separately to avoid MulBy014 (res × ℓ)
-	// (assign line to res)
-
-	// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
-	qProj[0].doubleStep(&l1)
-	// line evaluation at P[0] (assign)
-	result.C0.B0.Set(&l1.r0)
-	result.C0.B1.MulByElement(&l1.r1, &p[0].X)
-	result.C1.B1.MulByElement(&l1.r2, &p[0].Y)
-
-	// qProj[0] ← qProj[0]+Q[0] and
-	// l2 the line ℓ passing qProj[0] and Q[0]
-	qProj[0].addMixedStep(&l2, &q[0])
-	// line evaluation at P[0] (assign)
-	l2.r1.MulByElement(&l2.r1, &p[0].X)
-	l2.r2.MulByElement(&l2.r2, &p[0].Y)
-	// ℓ × res
-	prodLines = fptower.Mul014By014(&l2.r0, &l2.r1, &l2.r2, &result.C0.B0, &result.C0.B1, &result.C1.B1)
-	result.C0.B0 = prodLines[0]
-	result.C0.B1 = prodLines[1]
-	result.C0.B2 = prodLines[2]
-	result.C1.B1 = prodLines[3]
-	result.C1.B2 = prodLines[4]
+	if n >= 1 {
+		// i = 62, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// loopCounter[62] = 1
+		// k = 0, separately to avoid MulBy014 (res × ℓ)
+		// (assign line to res)
+
+		// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
+		qProj[0].doubleStep(&l1)
+		// line evaluation at P[0] (assign)
+		result.C0.B0.Set(&l1.r0)
+		result.C0.B1.MulByElement(&l1.r1, &p[0].X)
+		result.C1.B1.MulByElement(&l1.r2, &p[0].Y)
+
+		// qProj[0] ← qProj[0]+Q[0] and
+		// l2 the line ℓ passing qProj[0] and Q[0]
+		qProj[0].addMixedStep(&l2, &q[0])
+		// line evaluation at P[0] (assign)
+		l2.r1.MulByElement(&l2.r1, &p[0].X)
+		l2.r2.MulByElement(&l2.r2, &p[0].Y)
+		// ℓ × res
+		prodLines = fptower.Mul014By014(&l2.r0, &l2.r1, &l2.r2, &result.C0.B0, &result.C0.B1, &result.C1.B1)
+		result.C0.B0 = prodLines[0]
+		result.C0.B1 = prodLines[1]
+		result.C0.B2 = prodLines[2]
+		result.C1.B1 = prodLines[3]
+		result.C1.B2 = prodLines[4]
+	}
 
 	// k >= 1
 	for k := 1; k < n; k++ {

ecc/bls24-315/pairing.go

@@ -143,22 +143,25 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 	}
 
 	var result GT
+	result.SetOne()
 	var l1, l2 lineEvaluation
 	var prodLines [5]fptower.E4
 
 	// Compute ∏ᵢ { fᵢ_{x₀,Q}(P) }
-	// i = 31, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// loopCounter[31] = 0
-	// k = 0, separately to avoid MulBy014 (res × ℓ)
-	// (assign line to res)
-
-	// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]	qProj[0].doubleStep(&l1)
-	qProj[0].doubleStep(&l1)
-	// line evaluation at P[0] (assign)
-	result.D0.C0.MulByElement(&l1.r0, &p[0].Y)
-	result.D1.C0.MulByElement(&l1.r1, &p[0].X)
-	result.D1.C1.Set(&l1.r2)
+	if n >= 1 {
+		// i = 31, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// loopCounter[31] = 0
+		// k = 0, separately to avoid MulBy014 (res × ℓ)
+		// (assign line to res)
+
+		// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]	qProj[0].doubleStep(&l1)
+		qProj[0].doubleStep(&l1)
+		// line evaluation at P[0] (assign)
+		result.D0.C0.MulByElement(&l1.r0, &p[0].Y)
+		result.D1.C0.MulByElement(&l1.r1, &p[0].X)
+		result.D1.C1.Set(&l1.r2)
+	}
 
 	if n >= 2 {
 		// k = 1, separately to avoid MulBy014 (res × ℓ)

ecc/bls24-317/pairing.go

@@ -147,22 +147,25 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 	}
 
 	var result GT
+	result.SetOne()
 	var l1, l2 lineEvaluation
 	var prodLines [5]fptower.E4
 
 	// Compute ∏ᵢ { fᵢ_{x₀,Q}(P) }
-	// i = 31, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// loopCounter[31] = 0
-	// k = 0, separately to avoid MulBy014 (res × ℓ)
-	// (assign line to res)
-
-	// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
-	qProj[0].doubleStep(&l1)
-	// line evaluation at P[0] (assign)
-	result.D0.C0.Set(&l1.r0)
-	result.D0.C1.MulByElement(&l1.r1, &p[0].X)
-	result.D1.C1.MulByElement(&l1.r2, &p[0].Y)
+	if n >= 1 {
+		// i = 31, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// loopCounter[31] = 0
+		// k = 0, separately to avoid MulBy014 (res × ℓ)
+		// (assign line to res)
+
+		// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
+		qProj[0].doubleStep(&l1)
+		// line evaluation at P[0] (assign)
+		result.D0.C0.Set(&l1.r0)
+		result.D0.C1.MulByElement(&l1.r1, &p[0].X)
+		result.D1.C1.MulByElement(&l1.r2, &p[0].Y)
+	}
 
 	if n >= 2 {
 		// k = 1, separately to avoid MulBy014 (res × ℓ)

ecc/bn254/pairing.go

@@ -140,22 +140,25 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 	}
 
 	var result GT
+	result.SetOne()
 	var l2, l1 lineEvaluation
 	var prodLines [5]E2
 
 	// Compute ∏ᵢ { fᵢ_{6x₀+2,Q}(P) }
-	// i = 64, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// loopCounter[64] = 0
-	// k = 0, separately to avoid MulBy034 (res × ℓ)
-	// (assign line to res)
-
-	// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
-	qProj[0].doubleStep(&l1)
-	// line evaluation at P[0] (assign)
-	result.C0.B0.MulByElement(&l1.r0, &p[0].Y)
-	result.C1.B0.MulByElement(&l1.r1, &p[0].X)
-	result.C1.B1.Set(&l1.r2)
+	if n >= 1 {
+		// i = 64, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// loopCounter[64] = 0
+		// k = 0, separately to avoid MulBy034 (res × ℓ)
+		// (assign line to res)
+
+		// qProj[0] ← 2qProj[0] and l1 the tangent ℓ passing 2qProj[0]
+		qProj[0].doubleStep(&l1)
+		// line evaluation at P[0] (assign)
+		result.C0.B0.MulByElement(&l1.r0, &p[0].Y)
+		result.C1.B0.MulByElement(&l1.r1, &p[0].X)
+		result.C1.B1.Set(&l1.r2)
+	}
 
 	if n >= 2 {
 		// k = 1, separately to avoid MulBy034 (res × ℓ)

ecc/bw6-633/pairing.go

@@ -229,23 +229,26 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 
 	// f_{a0+λ*a1,P}(Q)
 	var result GT
+	result.SetOne()
 	var l, l0 lineEvaluation
 	var prodLines [5]fp.Element
 
 	var j int8
 
-	// i = len(loopCounter0) - 2, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// j = 0
-	// k = 0, separately to avoid MulBy034 (res × ℓ)
-	// (assign line to res)
-
-	// pProj0[0] ← 2pProj0[0] and l0 the tangent ℓ passing 2pProj0[0]
-	pProj0[0].doubleStep(&l0)
-	// line evaluation at Q[0] (assign)
-	result.B1.A0.Mul(&l0.r1, &q[0].X)
-	result.B0.A0.Mul(&l0.r0, &q[0].Y)
-	result.B1.A1.Set(&l0.r2)
+	if n >= 1 {
+		// i = len(loopCounter0) - 2, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// j = 0
+		// k = 0, separately to avoid MulBy034 (res × ℓ)
+		// (assign line to res)
+
+		// pProj0[0] ← 2pProj0[0] and l0 the tangent ℓ passing 2pProj0[0]
+		pProj0[0].doubleStep(&l0)
+		// line evaluation at Q[0] (assign)
+		result.B1.A0.Mul(&l0.r1, &q[0].X)
+		result.B0.A0.Mul(&l0.r0, &q[0].Y)
+		result.B1.A1.Set(&l0.r2)
+	}
 
 	// k = 1
 	if n >= 2 {

ecc/bw6-756/pairing.go

@@ -209,23 +209,26 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 
 	// f_{a0+λ*a1,P}(Q)
 	var result GT
+	result.SetOne()
 	var l, l0 lineEvaluation
 	var prodLines [5]fp.Element
 
 	var j int8
 
-	// i = len(loopCounter0) - 2, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// j = 0
-	// k = 0, separately to avoid MulBy034 (res × ℓ)
-	// (assign line to res)
-
-	// pProj1[0] ← 2pProj1[0] and l0 the tangent ℓ passing 2pProj1[0]
-	pProj1[0].doubleStep(&l0)
-	// line evaluation at Q[0] (assign)
-	result.B1.A0.Mul(&l0.r1, &q[0].X)
-	result.B0.A0.Mul(&l0.r0, &q[0].Y)
-	result.B1.A1.Set(&l0.r2)
+	if n >= 1 {
+		// i = len(loopCounter0) - 2, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// j = 0
+		// k = 0, separately to avoid MulBy034 (res × ℓ)
+		// (assign line to res)
+
+		// pProj1[0] ← 2pProj1[0] and l0 the tangent ℓ passing 2pProj1[0]
+		pProj1[0].doubleStep(&l0)
+		// line evaluation at Q[0] (assign)
+		result.B1.A0.Mul(&l0.r1, &q[0].X)
+		result.B0.A0.Mul(&l0.r0, &q[0].Y)
+		result.B1.A1.Set(&l0.r2)
+	}
 
 	// k = 1
 	if n >= 2 {

ecc/bw6-761/pairing.go

@@ -207,23 +207,26 @@ func MillerLoop(P []G1Affine, Q []G2Affine) (GT, error) {
 
 	// f_{a0+λ*a1,P}(Q)
 	var result GT
+	result.SetOne()
 	var l, l0 lineEvaluation
 	var prodLines [5]fp.Element
 
 	var j int8
 
-	// i = len(loopCounter0) - 2, separately to avoid an E12 Square
-	// (Square(res) = 1² = 1)
-	// j = 0
-	// k = 0, separately to avoid MulBy034 (res × ℓ)
-	// (assign line to res)
-
-	// pProj1[0] ← 2pProj1[0] and l0 the tangent ℓ passing 2pProj1[0]
-	pProj1[0].doubleStep(&l0)
-	// line evaluation at Q[0] (assign)
-	result.B1.A0.Mul(&l0.r1, &q[0].X)
-	result.B0.A0.Mul(&l0.r0, &q[0].Y)
-	result.B1.A1.Set(&l0.r2)
+	if n >= 1 {
+		// i = len(loopCounter0) - 2, separately to avoid an E12 Square
+		// (Square(res) = 1² = 1)
+		// j = 0
+		// k = 0, separately to avoid MulBy034 (res × ℓ)
+		// (assign line to res)
+
+		// pProj1[0] ← 2pProj1[0] and l0 the tangent ℓ passing 2pProj1[0]
+		pProj1[0].doubleStep(&l0)
+		// line evaluation at Q[0] (assign)
+		result.B1.A0.Mul(&l0.r1, &q[0].X)
+		result.B0.A0.Mul(&l0.r0, &q[0].Y)
+		result.B1.A1.Set(&l0.r2)
+	}
 
 	// k = 1
 	if n >= 2 {