bn256

package
v0.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2020 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package bn256 provides efficient elliptic curve and pairing implementation for bn256

Index

Examples

Constants

View Source 
const ID = gurvy.BN256

ID bn256 ID

Variables

This section is empty.

Functions

func BatchJacobianToAffineG1 added in v0.3.0 

func BatchJacobianToAffineG1(points []G1Jac, result []G1Affine)

BatchJacobianToAffineG1 converts points in Jacobian coordinates to Affine coordinates performing a single field inversion (Montgomery batch inversion trick) result must be allocated with len(result) == len(points)

func Generators added in v0.3.0 

func Generators() (g1 G1Jac, g2 G2Jac, g1Aff G1Affine, g2Aff G2Affine)

Generators return the generators of the r-torsion group, resp. in ker(pi-id), ker(Tr)

Types

type CPUSemaphore added in v0.3.4 

type CPUSemaphore struct {
	// contains filtered or unexported fields
}

CPUSemaphore enables users to set optional number of CPUs the multiexp will use this is thread safe and can be used accross parallel calls of gurvy.MultiExp

func NewCPUSemaphore added in v0.3.4 

func NewCPUSemaphore(numCpus int) *CPUSemaphore

NewCPUSemaphore returns a new multiExp options to be used with MultiExp this option can be shared between different MultiExp calls and will ensure only numCpus are used through a semaphore

type G1Affine 

type G1Affine struct {
	X, Y fp.Element
}

G1Affine point in affine coordinates

func BatchScalarMultiplicationG1 added in v0.3.0 

func BatchScalarMultiplicationG1(base *G1Affine, scalars []fr.Element) []G1Affine

BatchScalarMultiplicationG1 multiplies the same base (generator) by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm

func EncodeToCurveG1Svdw added in v0.3.4 

func EncodeToCurveG1Svdw(msg, dst []byte) (G1Affine, error)

EncodeToCurveG1Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-2.2.2

func HashToCurveG1Svdw added in v0.3.4 

func HashToCurveG1Svdw(msg, dst []byte) (G1Affine, error)

HashToCurveG1Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-3

func MapToCurveG1Svdw added in v0.3.4 

func MapToCurveG1Svdw(t fp.Element) G1Affine

MapToCurveG1Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-2.2.1

func (*G1Affine) Equal 

func (p *G1Affine) Equal(a *G1Affine) bool

Equal tests if two points (in Affine coordinates) are equal

func (*G1Affine) FromJacobian added in v0.2.0 

func (p *G1Affine) FromJacobian(p1 *G1Jac) *G1Affine

FromJacobian rescale a point in Jacobian coord in z=1 plane

func (*G1Affine) IsInSubGroup added in v0.3.3 

func (p *G1Affine) IsInSubGroup() bool

IsInSubGroup returns true if p is in the correct subgroup, false otherwise

func (*G1Affine) IsInfinity 

func (p *G1Affine) IsInfinity() bool

IsInfinity checks if the point is infinity (in affine, it's encoded as (0,0))

func (*G1Affine) IsOnCurve added in v0.3.0 

func (p *G1Affine) IsOnCurve() bool

IsOnCurve returns true if p in on the curve

func (*G1Affine) Neg 

func (p *G1Affine) Neg(a *G1Affine) *G1Affine

Neg computes -G

func (*G1Affine) ScalarMultiplication added in v0.3.4 

func (p *G1Affine) ScalarMultiplication(a *G1Affine, s *big.Int) *G1Affine

ScalarMultiplication computes and returns p = a*s

func (*G1Affine) String 

func (p *G1Affine) String() string

type G1Jac 

type G1Jac struct {
	X, Y, Z fp.Element
}

G1Jac is a point with fp.Element coordinates

func (*G1Jac) AddAssign added in v0.2.0 

func (p *G1Jac) AddAssign(a *G1Jac) *G1Jac

AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl

func (*G1Jac) AddMixed 

func (p *G1Jac) AddMixed(a *G1Affine) *G1Jac

AddMixed point addition http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl

func (*G1Jac) Double 

func (p *G1Jac) Double(q *G1Jac) *G1Jac

Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl

func (*G1Jac) DoubleAssign added in v0.2.0 

func (p *G1Jac) DoubleAssign() *G1Jac

DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl

func (*G1Jac) Equal 

func (p *G1Jac) Equal(a *G1Jac) bool

Equal tests if two points (in Jacobian coordinates) are equal

func (*G1Jac) FromAffine added in v0.2.0 

func (p *G1Jac) FromAffine(Q *G1Affine) *G1Jac

FromAffine sets p = Q, p in Jacboian, Q in affine

func (*G1Jac) IsInSubGroup added in v0.3.3 

func (p *G1Jac) IsInSubGroup() bool

IsInSubGroup returns true if p is on the r-torsion, false otherwise. For bn curves, the r-torsion in E(Fp) is the full group, so we just check that the point is on the curve.

func (*G1Jac) IsOnCurve added in v0.3.0 

func (p *G1Jac) IsOnCurve() bool

IsOnCurve returns true if p in on the curve

func (*G1Jac) MultiExp 

func (p *G1Jac) MultiExp(points []G1Affine, scalars []fr.Element, opts ...*CPUSemaphore) *G1Jac

MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a CPUSemaphore struct enabling to set max number of cpus to use

func (*G1Jac) Neg 

func (p *G1Jac) Neg(a *G1Jac) *G1Jac

Neg computes -G

func (*G1Jac) ScalarMultiplication added in v0.2.0 

func (p *G1Jac) ScalarMultiplication(a *G1Jac, s *big.Int) *G1Jac

ScalarMultiplication computes and returns p = a*s see https://www.iacr.org/archive/crypto2001/21390189.pdf

func (*G1Jac) Set 

func (p *G1Jac) Set(a *G1Jac) *G1Jac

Set set p to the provided point

func (*G1Jac) String 

func (p *G1Jac) String() string

func (*G1Jac) SubAssign added in v0.2.0 

func (p *G1Jac) SubAssign(a *G1Jac) *G1Jac

SubAssign substracts two points on the curve

type G2Affine 

type G2Affine struct {
	X, Y e2
}

G2Affine point in affine coordinates

func BatchScalarMultiplicationG2 added in v0.3.0 

func BatchScalarMultiplicationG2(base *G2Affine, scalars []fr.Element) []G2Affine

BatchScalarMultiplicationG2 multiplies the same base (generator) by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm

func EncodeToCurveG2Svdw added in v0.3.4 

func EncodeToCurveG2Svdw(msg, dst []byte) (G2Affine, error)

EncodeToCurveG2Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-2.2.2

func HashToCurveG2Svdw added in v0.3.4 

func HashToCurveG2Svdw(msg, dst []byte) (G2Affine, error)

HashToCurveG2Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-3

func MapToCurveG2Svdw added in v0.3.4 

func MapToCurveG2Svdw(t e2) G2Affine

MapToCurveG2Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-2.2.1

func (*G2Affine) ClearCofactor added in v0.3.4 

func (p *G2Affine) ClearCofactor(a *G2Affine) *G2Affine

ClearCofactor maps a point in E(Fp) to E(Fp)[r] cf https://eprint.iacr.org/2019/403.pdf, 5

func (*G2Affine) Equal 

func (p *G2Affine) Equal(a *G2Affine) bool

Equal tests if two points (in Affine coordinates) are equal

func (*G2Affine) FromJacobian added in v0.2.0 

func (p *G2Affine) FromJacobian(p1 *G2Jac) *G2Affine

FromJacobian rescale a point in Jacobian coord in z=1 plane

func (*G2Affine) IsInSubGroup added in v0.3.3 

func (p *G2Affine) IsInSubGroup() bool

IsInSubGroup returns true if p is in the correct subgroup, false otherwise

func (*G2Affine) IsInfinity 

func (p *G2Affine) IsInfinity() bool

IsInfinity checks if the point is infinity (in affine, it's encoded as (0,0))

func (*G2Affine) IsOnCurve added in v0.3.0 

func (p *G2Affine) IsOnCurve() bool

IsOnCurve returns true if p in on the curve

func (*G2Affine) Neg 

func (p *G2Affine) Neg(a *G2Affine) *G2Affine

Neg computes -G

func (*G2Affine) ScalarMultiplication added in v0.3.4 

func (p *G2Affine) ScalarMultiplication(a *G2Affine, s *big.Int) *G2Affine

ScalarMultiplication computes and returns p = a*s

func (*G2Affine) String 

func (p *G2Affine) String() string

type G2Jac 

type G2Jac struct {
	X, Y, Z e2
}

G2Jac is a point with e2 coordinates

func (*G2Jac) AddAssign added in v0.2.0 

func (p *G2Jac) AddAssign(a *G2Jac) *G2Jac

AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#addition-add-2007-bl

func (*G2Jac) AddMixed 

func (p *G2Jac) AddMixed(a *G2Affine) *G2Jac

AddMixed point addition http://www.hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-0.html#addition-madd-2007-bl

func (*G2Jac) ClearCofactor added in v0.3.0 

func (p *G2Jac) ClearCofactor(a *G2Jac) *G2Jac

ClearCofactor maps a point in E'(Fp2) to E'(Fp2)[r] cf http://cacr.uwaterloo.ca/techreports/2011/cacr2011-26.pdf, 6.1

func (*G2Jac) Double 

func (p *G2Jac) Double(q *G2Jac) *G2Jac

Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl

func (*G2Jac) DoubleAssign added in v0.2.0 

func (p *G2Jac) DoubleAssign() *G2Jac

DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl

func (*G2Jac) Equal 

func (p *G2Jac) Equal(a *G2Jac) bool

Equal tests if two points (in Jacobian coordinates) are equal

func (*G2Jac) FromAffine added in v0.2.0 

func (p *G2Jac) FromAffine(Q *G2Affine) *G2Jac

FromAffine sets p = Q, p in Jacboian, Q in affine

func (*G2Jac) IsInSubGroup added in v0.3.3 

func (p *G2Jac) IsInSubGroup() bool

IsInSubGroup returns true if p is on the r-torsion, false otherwise. Z[r,0]+Z[-lambdaG2, 1] is the kernel of (u,v)->u+lambdaG2v mod r. Expressing r, lambdaG2 as polynomials in x, a short vector of this Zmodule is (4x+2), (-12x**2+4*x). So we check that (4x+2)p+(-12x**2+4*x)phi(p) is the infinity.

func (*G2Jac) IsOnCurve added in v0.3.0 

func (p *G2Jac) IsOnCurve() bool

IsOnCurve returns true if p in on the curve

func (*G2Jac) MultiExp 

func (p *G2Jac) MultiExp(points []G2Affine, scalars []fr.Element, opts ...*CPUSemaphore) *G2Jac

MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a CPUSemaphore struct enabling to set max number of cpus to use

func (*G2Jac) Neg 

func (p *G2Jac) Neg(a *G2Jac) *G2Jac

Neg computes -G

func (*G2Jac) ScalarMultiplication added in v0.2.0 

func (p *G2Jac) ScalarMultiplication(a *G2Jac, s *big.Int) *G2Jac

ScalarMultiplication computes and returns p = a*s see https://www.iacr.org/archive/crypto2001/21390189.pdf

func (*G2Jac) Set 

func (p *G2Jac) Set(a *G2Jac) *G2Jac

Set set p to the provided point

func (*G2Jac) String 

func (p *G2Jac) String() string

func (*G2Jac) SubAssign added in v0.2.0 

func (p *G2Jac) SubAssign(a *G2Jac) *G2Jac

SubAssign substracts two points on the curve

type GT added in v0.3.3 

type GT = e12

GT target group of the pairing

func FinalExponentiation added in v0.2.0 

func FinalExponentiation(z *GT, _z ...*GT) GT

FinalExponentiation computes the final expo x**(p**6-1)(p**2+1)(p**4 - p**2 +1)/r

func MillerLoop added in v0.2.0 

func MillerLoop(P G1Affine, Q G2Affine) *GT

MillerLoop Miller loop

Example 
// samples a random scalar r
var r big.Int
var rFr fr.Element
rFr.SetRandom()
rFr.ToBigIntRegular(&r)

// computes r*g1Gen, r*g2Gen
var rg1 G1Affine
var rg2 G2Affine
rg1.ScalarMultiplication(&g1GenAff, &r)
rg2.ScalarMultiplication(&g2GenAff, &r)

// Computes e(g1GenAff, ag2) and e(ag1, g2GenAff)
e1 := FinalExponentiation(MillerLoop(g1GenAff, rg2))
e2 := FinalExponentiation(MillerLoop(rg1, g2GenAff))

// checks that bilinearity property holds
check := e1.Equal(&e2)

fmt.Printf("%t\n", check)

Output:

true

func (*GT) FinalExponentiation added in v0.3.3 

func (z *GT) FinalExponentiation(x *GT) *GT

FinalExponentiation sets z to the final expo x**((p**12 - 1)/r), returns z

func (*GT) Frobenius added in v0.3.3 

func (z *GT) Frobenius(x *GT) *GT

Frobenius set z to Frobenius(x), return z

func (*GT) FrobeniusCube added in v0.3.3 

func (z *GT) FrobeniusCube(x *GT) *GT

FrobeniusCube set z to Frobenius^3(x), return z

func (*GT) FrobeniusSquare added in v0.3.3 

func (z *GT) FrobeniusSquare(x *GT) *GT

FrobeniusSquare set z to Frobenius^2(x), and return z

Source Files

View all Source files

Directories

Path Synopsis
Package fp contains field arithmetic operations for modulus 21888242871839275222246405745257275088696311157297823662689037894645226208583
 Package fp contains field arithmetic operations for modulus 21888242871839275222246405745257275088696311157297823662689037894645226208583
Package fr contains field arithmetic operations for modulus 21888242871839275222246405745257275088548364400416034343698204186575808495617
 Package fr contains field arithmetic operations for modulus 21888242871839275222246405745257275088548364400416034343698204186575808495617

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.