Documentation
¶
Overview ¶
Package ff provides finite fields of characteristic P381.
Package ff provides finite fields and groups useful for the BLS12-381 curve.
Fp ¶
Fp are elements of the prime field GF(p), where
p = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
The binary representation takes FpSize = 48 bytes encoded in big-endian form.
Fp2 ¶
Fp2 are elements of the finite field GF(p^2) = Fp[u]/(u^2+1) represented as
(a[1]u + a[0]) in Fp2, where a[0],a[1] in Fp
The binary representation takes Fp2Size = 96 bytes encoded as a[1] || a[0] all in big-endian form.
Fp4 ¶
Fp4 is GF(p^4)=Fp2[t]/(t^2-(u+1)). We use the representation a[1]v+a[0]. There is no fixed external form.
Fp6 ¶
Fp6 are elements of the finite field GF(p^6) = Fp2[v]/(v^3-u-1) represented as
(a[2]v^2 + a[1]v + a[0]) in Fp6, where a[0],a[1],a[2] in Fp2
The binary representation takes Fp6Size = 288 bytes encoded as a[2] || a[1] || a[0] all in big-endian form.
Fp12 ¶
Fp12 are elements of the finite field GF(p^12) = Fp6[w]/(w^2-v) represented as
(a[1]w + a[0]) in Fp12, where a[0],a[1] in Fp6
The binary representation takes Fp12Size = 576 bytes encoded as a[1] || a[0] all in big-endian form.
We can also represent this field via Fp4[w]/(w^3-t). This is the struct Fp12alt, used to accelerate the pairing calculation.
Scalar ¶
Scalar are elements of the prime field GF(r), where
r = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
The binary representation takes ScalarSize = 32 bytes encoded in big-endian form.
Groups ¶
Cyclo6 are elements of the 6th cyclotomic group contained in Fp12. For efficient arithmetic see Granger-Scott "Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions" (https://eprint.iacr.org/2009/565).
URoot are elements of the r-roots of unity group contained in Fp12.
Index ¶
- Constants
- func EasyExponentiation(g *Cyclo6, f *Fp12)
- func FpOrder() []byte
- func HardExponentiation(u *URoot, g *Cyclo6)
- func ScalarOrder() []byte
- type Cyclo6
- type Fp
- func (z *Fp) Add(x, y *Fp)
- func (z *Fp) CMov(x, y *Fp, b int)
- func (z *Fp) ExpVarTime(x *Fp, n []byte)
- func (z *Fp) Inv(x *Fp)
- func (z Fp) IsEqual(x *Fp) int
- func (z Fp) IsNegative() int
- func (z Fp) IsZero() int
- func (z *Fp) MarshalBinary() ([]byte, error)
- func (z *Fp) Mul(x, y *Fp)
- func (z *Fp) Neg()
- func (z *Fp) Random(r io.Reader) error
- func (z *Fp) SetBytes(data []byte)
- func (z *Fp) SetOne()
- func (z *Fp) SetString(s string) error
- func (z *Fp) SetUint64(n uint64)
- func (z Fp) Sgn0() int
- func (z *Fp) Sqr(x *Fp)
- func (z *Fp) Sqrt(x *Fp) int
- func (z Fp) String() string
- func (z *Fp) Sub(x, y *Fp)
- func (z *Fp) UnmarshalBinary(b []byte) error
- type Fp12
- func (z *Fp12) Add(x, y *Fp12)
- func (z *Fp12) CMov(x, y *Fp12, b int)
- func (z *Fp12) Cjg()
- func (z *Fp12) Exp(x *Fp12, n []byte)
- func (z *Fp12) Frob(x *Fp12)
- func (z *Fp12) FromFp12Alt(x *Fp12Cubic)
- func (z *Fp12) Inv(x *Fp12)
- func (z Fp12) IsEqual(x *Fp12) int
- func (z Fp12) IsZero() int
- func (z Fp12) MarshalBinary() (b []byte, e error)
- func (z *Fp12) Mul(x, y *Fp12)
- func (z *Fp12) MulBeta()
- func (z *Fp12) Neg()
- func (z *Fp12) SetOne()
- func (z *Fp12) Sqr(x *Fp12)
- func (z Fp12) String() string
- func (z *Fp12) Sub(x, y *Fp12)
- func (z *Fp12) UnmarshalBinary(b []byte) error
- type Fp12Cubic
- func (z *Fp12Cubic) Add(x *Fp12Cubic, y *Fp12Cubic)
- func (z *Fp12Cubic) FromFp12(x *Fp12)
- func (z Fp12Cubic) IsEqual(x *Fp12Cubic) int
- func (z *Fp12Cubic) Mul(x *Fp12Cubic, y *Fp12Cubic)
- func (z *Fp12Cubic) MulLine(x *Fp12Cubic, y *LineValue)
- func (z *Fp12Cubic) SetOne()
- func (z *Fp12Cubic) Sqr(x *Fp12Cubic)
- func (z Fp12Cubic) String() string
- type Fp2
- func (z *Fp2) Add(x, y *Fp2)
- func (z *Fp2) CMov(x, y *Fp2, b int)
- func (z *Fp2) Cjg()
- func (z *Fp2) ExpVarTime(x *Fp2, n []byte)
- func (z *Fp2) Frob(x *Fp2)
- func (z *Fp2) Inv(x *Fp2)
- func (z Fp2) IsEqual(x *Fp2) int
- func (z Fp2) IsNegative() int
- func (z Fp2) IsZero() int
- func (z Fp2) MarshalBinary() (b []byte, e error)
- func (z *Fp2) Mul(x, y *Fp2)
- func (z *Fp2) MulBeta()
- func (z *Fp2) Neg()
- func (z *Fp2) SetOne()
- func (z *Fp2) SetString(s0, s1 string) (err error)
- func (z Fp2) Sgn0() int
- func (z *Fp2) Sqr(x *Fp2)
- func (z *Fp2) Sqrt(x *Fp2) int
- func (z Fp2) String() string
- func (z *Fp2) Sub(x, y *Fp2)
- func (z *Fp2) UnmarshalBinary(b []byte) error
- type Fp4
- type Fp6
- func (z *Fp6) Add(x, y *Fp6)
- func (z *Fp6) CMov(x, y *Fp6, b int)
- func (z *Fp6) Frob(x *Fp6)
- func (z *Fp6) Inv(x *Fp6)
- func (z Fp6) IsEqual(x *Fp6) int
- func (z Fp6) IsZero() int
- func (z Fp6) MarshalBinary() (b []byte, e error)
- func (z *Fp6) Mul(x, y *Fp6)
- func (z *Fp6) MulBeta()
- func (z *Fp6) Neg()
- func (z *Fp6) SetOne()
- func (z *Fp6) Sqr(x *Fp6)
- func (z Fp6) String() string
- func (z *Fp6) Sub(x, y *Fp6)
- func (z *Fp6) UnmarshalBinary(b []byte) error
- type LineValue
- type Scalar
- func (z *Scalar) Add(x, y *Scalar)
- func (z *Scalar) Inv(x *Scalar)
- func (z Scalar) IsEqual(x *Scalar) int
- func (z Scalar) IsZero() int
- func (z *Scalar) MarshalBinary() ([]byte, error)
- func (z *Scalar) Mul(x, y *Scalar)
- func (z *Scalar) Neg()
- func (z *Scalar) Random(r io.Reader) error
- func (z *Scalar) Set(x *Scalar)
- func (z *Scalar) SetBytes(data []byte)
- func (z *Scalar) SetOne()
- func (z *Scalar) SetString(s string) error
- func (z *Scalar) SetUint64(n uint64)
- func (z *Scalar) Sqr(x *Scalar)
- func (z Scalar) String() string
- func (z *Scalar) Sub(x, y *Scalar)
- func (z *Scalar) UnmarshalBinary(data []byte) error
- type URoot
- func (z *URoot) Exp(x *URoot, n []byte)
- func (z *URoot) Inv(x *URoot)
- func (z URoot) IsEqual(x *URoot) int
- func (z URoot) IsIdentity() int
- func (z URoot) MarshalBinary() ([]byte, error)
- func (z *URoot) Mul(x, y *URoot)
- func (z *URoot) SetIdentity()
- func (z *URoot) Sqr(x *URoot)
- func (z URoot) String() string
- func (z *URoot) UnmarshalBinary(b []byte) error
Constants ¶
const Fp12Size = 2 * Fp6Size
Fp12Size is the length in bytes of an Fp12 element.
const Fp2Size = 2 * FpSize
Fp2Size is the length in bytes of an Fp2 element.
const Fp4Size = 4 * FpSize
Fp4Size is the size of an Fp4 element
const Fp6Size = 3 * Fp2Size
Fp6Size is the length in bytes of an Fp6 element.
const FpSize = 48
FpSize is the length in bytes of an Fp element.
const ScalarSize = 32
ScalarSize is the length in bytes of a Scalar.
const URootSize = Fp12Size
URootSize is the length in bytes of a root of unit.
Variables ¶
This section is empty.
Functions ¶
func EasyExponentiation ¶
EasyExponentiation calculates g = f^(p^6-1)(p^2+1), where g becomes an element of the 6-th cyclotomic group.
func FpOrder ¶
func FpOrder() []byte
FpOrder is the order of the base field for towering returned as a big-endian slice.
FpOrder = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab.
func HardExponentiation ¶
HardExponentiation calculates u = g^(Cy_6(p)/r), where u is a root of unity.
func ScalarOrder ¶
func ScalarOrder() []byte
ScalarOrder is the order of the scalar field of the pairing groups, order is returned as a big-endian slice.
ScalarOrder = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
Types ¶
type Cyclo6 ¶
type Cyclo6 Fp12
Cyclo6 represents an element of the 6th cyclotomic group.
func (Cyclo6) IsIdentity ¶
type Fp ¶
type Fp struct {
// contains filtered or unexported fields
}
Fp represents prime field elements as positive integers less than FpOrder.
func (*Fp) CMov ¶
CMov sets z=x if b == 0 and z=y if b == 1. Its behavior is undefined if b takes any other value.
func (*Fp) ExpVarTime ¶
ExpVarTime calculates z=x^n, where n is the exponent in big-endian order.
func (Fp) IsNegative ¶
IsNegative returns 0 if the least absolute residue for z is in [0,(p-1)/2], and 1 otherwise. Equivalently, this function returns 1 if z is lexicographically larger than -z.
func (*Fp) MarshalBinary ¶
MarshalBinary returns a slice of FpSize bytes that contains the minimal residue of z such that 0 <= z < FpOrder (in big-endian order).
func (*Fp) SetBytes ¶
SetBytes assigns to z the number modulo FpOrder stored in the slice (in big-endian order).
func (*Fp) Sqrt ¶
Sqrt returns 1 and sets z=sqrt(x) only if x is a quadratic-residue; otherwise, returns 0 and z is unmodified.
func (*Fp) UnmarshalBinary ¶
UnmarshalBinary reconstructs a Fp from a slice that must have at least FpSize bytes and contain a number (in big-endian order) from 0 to FpOrder-1.
type Fp12 ¶
type Fp12 [2]Fp6
Fp12 represents an element of the field Fp12 = Fp6[w]/(w^2-v)., where v in Fp6.
func (*Fp12) FromFp12Alt ¶
func (Fp12) MarshalBinary ¶
func (*Fp12) UnmarshalBinary ¶
type Fp2 ¶
type Fp2 [2]Fp
func (*Fp2) ExpVarTime ¶
ExpVarTime calculates z=x^n, where n is the exponent in big-endian order.
func (Fp2) IsNegative ¶
IsNegative returns 1 if z is lexicographically larger than -z; otherwise returns 0.
func (Fp2) MarshalBinary ¶
func (*Fp2) SetString ¶
SetString reconstructs a Fp2 element as s0+s1*i, where s0 and s1 are numeric strings from 0 to FpOrder-1.
func (*Fp2) Sqrt ¶
Sqrt returns 1 and sets z=sqrt(x) only if x is a quadratic-residue; otherwise, returns 0 and z is unmodified.
func (*Fp2) UnmarshalBinary ¶
type LineValue ¶
type LineValue [3]Fp2
LineValue a represents a[0]+a[1]*w^2+a[2]*w^3, with all values in Fp2. This lets us shave off a number of Fp2 multiplications.
type Scalar ¶
type Scalar struct {
// contains filtered or unexported fields
}
Scalar represents positive integers less than ScalarOrder.
func (*Scalar) MarshalBinary ¶
MarshalBinary returns a slice of ScalarSize bytes that contains the minimal residue of z such that 0 <= z < ScalarOrder (in big-endian order).
func (*Scalar) SetBytes ¶
SetBytes assigns to z the number modulo ScalarOrder stored in the slice (in big-endian order).
func (*Scalar) SetString ¶
SetString reconstructs a Fp from a numeric string from 0 to ScalarOrder-1.
func (*Scalar) UnmarshalBinary ¶
UnmarshalBinary reconstructs a Scalar from a slice that must have at least ScalarSize bytes and contain a number (in big-endian order) from 0 to ScalarOrder-1.
type URoot ¶
type URoot Cyclo6
URoot represents an n-th root of unit, that is an element x in Cyclo6 such that x^n=1, where n = ScalarOrder().
func (URoot) IsIdentity ¶
func (URoot) MarshalBinary ¶
func (*URoot) SetIdentity ¶
func (z *URoot) SetIdentity()
Source Files