From d46f69dc7a71e0f203a197064ed556a6f283d9e4 Mon Sep 17 00:00:00 2001
From: Marius van der Wijden <m.vanderwijden@live.de>
Date: Tue, 16 May 2023 13:27:54 +0200
Subject: [PATCH] tests/fuzzers/bn256: add PairingCheck fuzzer (#27252)

* tests/fuzzers/bn256: scale gnark result by constant

* tests/fuzzers/bn256: scale gnark result by constant
---
 tests/fuzzers/bn256/bn256_fuzz.go | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/tests/fuzzers/bn256/bn256_fuzz.go b/tests/fuzzers/bn256/bn256_fuzz.go
index 1ce20571f..abf1b8861 100644
--- a/tests/fuzzers/bn256/bn256_fuzz.go
+++ b/tests/fuzzers/bn256/bn256_fuzz.go
@@ -156,12 +156,29 @@ func FuzzPair(data []byte) int {
 	if !bytes.Equal(clPair, gPair) {
 		panic("pairing mismatch: cloudflare/google")
 	}
-
 	cPair, err := bn254.Pair([]bn254.G1Affine{*ps}, []bn254.G2Affine{*ts})
 	if err != nil {
 		panic(fmt.Sprintf("gnark/bn254 encountered error: %v", err))
 	}
-	if !bytes.Equal(clPair, cPair.Marshal()) {
+
+	// gnark uses a different pairing algorithm which might produce
+	// different but also correct outputs, we need to scale the output by s
+
+	u, _ := new(big.Int).SetString("0x44e992b44a6909f1", 0)
+	u_exp2 := new(big.Int).Exp(u, big.NewInt(2), nil)   // u^2
+	u_6_exp2 := new(big.Int).Mul(big.NewInt(6), u_exp2) // 6*u^2
+	u_3 := new(big.Int).Mul(big.NewInt(3), u)           // 3*u
+	inner := u_6_exp2.Add(u_6_exp2, u_3)                // 6*u^2 + 3*u
+	inner.Add(inner, big.NewInt(1))                     // 6*u^2 + 3*u + 1
+	u_2 := new(big.Int).Mul(big.NewInt(2), u)           // 2*u
+	s := u_2.Mul(u_2, inner)                            // 2*u(6*u^2 + 3*u + 1)
+
+	gRes := new(bn254.GT)
+	if err := gRes.SetBytes(clPair); err != nil {
+		panic(err)
+	}
+	gRes = gRes.Exp(*gRes, s)
+	if !bytes.Equal(cPair.Marshal(), gRes.Marshal()) {
 		panic("pairing mismatch: cloudflare/gnark")
 	}