Documentation
¶
Overview ¶
Package fields_bw6761 implements the fields arithmetic of the Fp6 tower used to compute the pairing over the BW6-761 curve.
𝔽p³[u] = 𝔽p/u³+4 𝔽p⁶[v] = 𝔽p²/v²-u
Index ¶
- func GetHints() []solver.Hint
- type E6
- type Ext6
- func (e Ext6) Add(x, y *E6) *E6
- func (e Ext6) AssertFinalExponentiationIsOne(x *E6)
- func (e Ext6) AssertIsEqual(a, b *E6)
- func (e Ext6) Conjugate(x *E6) *E6
- func (e Ext6) Copy(x *E6) *E6
- func (e Ext6) CyclotomicSquareKarabina12345(x *E6) *E6
- func (e Ext6) DecompressKarabina12345(x *E6) *E6
- func (e Ext6) DivUnchecked(x, y *E6) *E6
- func (e Ext6) Double(x *E6) *E6
- func (e Ext6) ExpByU1(x *E6) *E6
- func (e Ext6) ExpByU2(z *E6) *E6
- func (e Ext6) ExpC1(z *E6) *E6
- func (e Ext6) ExpC2(z *E6) *E6
- func (e Ext6) ExpX0Minus1(z *E6) *E6
- func (e Ext6) ExpX0Minus1Square(z *E6) *E6
- func (e Ext6) ExpX0Plus1(z *E6) *E6
- func (e Ext6) ExptMinus1Div3(z *E6) *E6
- func (e Ext6) Frobenius(x *E6) *E6
- func (e Ext6) Inverse(x *E6) *E6
- func (e Ext6) Mul(x, y *E6) *E6
- func (e Ext6) Mul023By023(d0, d1, c0, c1 *baseEl) [5]*baseEl
- func (e *Ext6) MulBy023(z *E6, c0, c1 *baseEl) *E6
- func (e *Ext6) MulBy02345(z *E6, x [5]*baseEl) *E6
- func (e Ext6) MulByConstElement(x *E6, y *big.Int) *E6
- func (e Ext6) MulByElement(x *E6, y *baseEl) *E6
- func (e Ext6) Neg(x *E6) *E6
- func (e Ext6) One() *E6
- func (e Ext6) Reduce(x *E6) *E6
- func (e Ext6) Select(selector frontend.Variable, z1, z0 *E6) *E6
- func (e Ext6) Square(x *E6) *E6
- func (e Ext6) Sub(x, y *E6) *E6
- func (e Ext6) Zero() *E6
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Ext6 ¶
type Ext6 struct {
// contains filtered or unexported fields
}
func (Ext6) AssertFinalExponentiationIsOne ¶
AssertFinalExponentiationIsOne checks that a Miller function output x lies in the same equivalence class as the reduced pairing. This replaces the final exponentiation step in-circuit. The method is adapted from Section 4 of On Proving Pairings paper by A. Novakovic and L. Eagen.
func (Ext6) AssertIsEqual ¶
func (Ext6) CyclotomicSquareKarabina12345 ¶
Karabina's compressed cyclotomic square SQR12345 https://eprint.iacr.org/2010/542.pdf Sec. 5.6 with minor modifications to fit our tower
func (Ext6) DecompressKarabina12345 ¶
DecompressKarabina12345 decompresses Karabina's cyclotomic square result SQR12345
func (Ext6) DivUnchecked ¶
func (Ext6) ExpByU1 ¶
ExpByU1 set z to z^(x₀^3-x₀^2+1) in E12 and return z x₀^3-x₀^2+1 = 880904806456922042166256752416502360965158762994674434049
func (Ext6) ExpC2 ¶
ExpC2 set z to z^C2 in E6 and return z ht, hy = 13, 9 C2 = (ht**2+3*hy**2)/4 = 103
func (Ext6) ExpX0Minus1 ¶
ExpX0Minus1 set z to z^{x₀-1} in E6 and return z x₀-1 = 9586122913090633728
func (Ext6) ExpX0Minus1Square ¶
ExpX0Minus1Square set z to z^{(x₀-1)²} in E6 and return z (x₀-1)² = 91893752504881257682351033800651177984
func (Ext6) ExpX0Plus1 ¶
ExpX0Plus1 set z to z^(x₀+1) in E6 and return z x₀+1 = 9586122913090633730
func (Ext6) ExptMinus1Div3 ¶
ExptMinus1Div3 set z to z^(x₀-1)/3 in E6 and return z (x₀-1)/3 = 3195374304363544576
func (Ext6) Mul023By023 ¶
func (e Ext6) Mul023By023(d0, d1, c0, c1 *baseEl) [5]*baseEl
Mul023By023 multiplies two E6 sparse element of the form:
E6{A0: c0, A1: 0, A2: c1, A3: 1, A4: 0, A5: 0}
and
E6{A0: c0, A1: 0, A2: c1, A3: 1, A4: 0, A5: 0}
func (*Ext6) MulBy023 ¶
MulBy023 multiplies z by an E6 sparse element of the form
E6{A0: c0, A1: 0, A2: c1, A3: 1, A4: 0, A5: 0}
func (*Ext6) MulBy02345 ¶
MulBy02345 multiplies z by an E6 sparse element of the form
E6{A0: y0, A1: 0, A2: y1, A3: y2, A4: y3, A5: y4},
}
Source Files