Documentation ¶
Overview ¶
Package fields_bls12381 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BLS12-381 curve.
𝔽p²[u] = 𝔽p/u²+1 𝔽p⁶[v] = 𝔽p²/v³-1-u 𝔽p¹²[w] = 𝔽p⁶/w²-v
Index ¶
- func GetHints() []solver.Hint
- type E12
- type E2
- type E6
- type Ext12
- func (e Ext12) Add(x, y *E12) *E12
- func (e Ext12) AssertFinalExponentiationIsOne(x *E12)
- func (e Ext12) AssertIsEqual(x, y *E12)
- func (e Ext12) CompressTorus(x *E12) *E6
- func (e Ext12) Conjugate(x *E12) *E12
- func (e Ext12) CyclotomicSquare(x *E12) *E12
- func (e Ext12) DecompressTorus(y *E6) *E12
- func (e Ext12) DivUnchecked(x, y *E12) *E12
- func (e Ext12) ExpByU(x *E12) *E12
- func (e Ext12) Expt(x *E12) *E12
- func (e Ext12) ExptHalfTorus(x *E6) *E6
- func (e Ext12) ExptTorus(x *E6) *E6
- func (e Ext12) Frobenius(x *E12) *E12
- func (e Ext12) FrobeniusSquare(x *E12) *E12
- func (e Ext12) FrobeniusSquareTorus(y *E6) *E6
- func (e Ext12) FrobeniusTorus(y *E6) *E6
- func (e Ext12) Inverse(x *E12) *E12
- func (e Ext12) InverseTorus(y *E6) *E6
- func (e Ext12) IsZero(z *E12) frontend.Variable
- func (e Ext12) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E12) *E12
- func (e Ext12) Mul(x, y *E12) *E12
- func (e Ext12) Mul014By014(d0, d1, c0, c1 *E2) [5]*E2
- func (e *Ext12) MulBy01245(z *E12, x [5]*E2) *E12
- func (e *Ext12) MulBy014(z *E12, c0, c1 *E2) *E12
- func (e Ext12) MulTorus(y1, y2 *E6) *E6
- func (e Ext12) One() *E12
- func (e Ext12) Select(selector frontend.Variable, z1, z0 *E12) *E12
- func (e Ext12) Square(x *E12) *E12
- func (e Ext12) SquareTorus(y *E6) *E6
- func (e Ext12) Sub(x, y *E12) *E12
- func (e Ext12) Zero() *E12
- type Ext2
- func (e Ext2) Add(x, y *E2) *E2
- func (e Ext2) AssertIsEqual(x, y *E2)
- func (e Ext2) Conjugate(x *E2) *E2
- func (e Ext2) DivUnchecked(x, y *E2) *E2
- func (e Ext2) Double(x *E2) *E2
- func (e Ext2) Inverse(x *E2) *E2
- func (e Ext2) IsZero(z *E2) frontend.Variable
- func (e Ext2) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E2) *E2
- func (e Ext2) Mul(x, y *E2) *E2
- func (e Ext2) MulByConstElement(x *E2, y *big.Int) *E2
- func (e Ext2) MulByElement(x *E2, y *baseEl) *E2
- func (e Ext2) MulByNonResidue(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power1(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power2(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power3(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power4(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power5(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power1(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power2(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power3(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power4(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power5(x *E2) *E2
- func (e Ext2) MulByNonResidueGeneric(x *E2, power, coef int) *E2
- func (e Ext2) Neg(x *E2) *E2
- func (e Ext2) NonResidue() *E2
- func (e Ext2) One() *E2
- func (e Ext2) Select(selector frontend.Variable, z1, z0 *E2) *E2
- func (e Ext2) Square(x *E2) *E2
- func (e Ext2) Sub(x, y *E2) *E2
- func (e Ext2) Zero() *E2
- type Ext6
- func (e Ext6) Add(x, y *E6) *E6
- func (e Ext6) AssertIsEqual(x, y *E6)
- func (e Ext6) DivUnchecked(x, y *E6) *E6
- func (e Ext6) Double(x *E6) *E6
- func (e Ext6) Inverse(x *E6) *E6
- func (e Ext6) IsZero(z *E6) frontend.Variable
- func (e Ext6) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E6) *E6
- func (e Ext6) Mul(x, y *E6) *E6
- func (e Ext6) MulBy0(z *E6, c0 *E2) *E6
- func (e Ext6) MulBy01(z *E6, c0, c1 *E2) *E6
- func (e Ext6) MulBy12(x *E6, b1, b2 *E2) *E6
- func (e Ext6) MulByE2(x *E6, y *E2) *E6
- func (e Ext6) MulByNonResidue(x *E6) *E6
- func (e Ext6) Neg(x *E6) *E6
- func (e Ext6) One() *E6
- func (e Ext6) Select(selector frontend.Variable, z1, z0 *E6) *E6
- func (e Ext6) Square(x *E6) *E6
- func (e Ext6) Sub(x, y *E6) *E6
- func (e Ext6) Zero() *E6
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Ext12 ¶
type Ext12 struct {
*Ext6
}
func (Ext12) AssertFinalExponentiationIsOne ¶
AssertFinalExponentiationIsOne checks that a Miller function output x lies in the same equivalence class as the reduced pairing. This replaces the final exponentiation step in-circuit. The method is inspired from On Proving Pairings paper by A. Novakovic and L. Eagen, and is based on a personal communication with A. Novakovic.
func (Ext12) AssertIsEqual ¶
func (Ext12) CompressTorus ¶
CompressTorus compresses x ∈ E12 to (x.C0 + 1)/x.C1 ∈ E6
func (Ext12) CyclotomicSquare ¶
Granger--Scott cyclotomic square
func (Ext12) DecompressTorus ¶
DecompressTorus decompresses y ∈ E6 to (y+w)/(y-w) ∈ E12
func (Ext12) DivUnchecked ¶
func (Ext12) ExpByU ¶
ExpByU sets z to x^U in E12 and return z where U = (u-1)^2/3 = 76329603384216526031706109802092473003
func (Ext12) ExptHalfTorus ¶
ExptHalfTorus set z to x^(t/2) in E6 and return z const t/2 uint64 = 7566188111470821376 // negative
func (Ext12) ExptTorus ¶
ExptTorus set z to xᵗ in E6 and return z const t uint64 = 15132376222941642752 // negative
func (Ext12) FrobeniusSquare ¶
func (Ext12) FrobeniusSquareTorus ¶
FrobeniusSquareTorus raises a compressed elements y ∈ E6 to the square modulus p^2 and returns y^(p^2) / v^((p^2-1)/2)
func (Ext12) FrobeniusTorus ¶
FrobeniusTorus raises a compressed elements y ∈ E6 to the modulus p and returns y^p / v^((p-1)/2)
func (Ext12) InverseTorus ¶
InverseTorus inverses a compressed elements y ∈ E6 and returns -y
func (Ext12) Mul014By014 ¶
multiplies two E12 sparse element of the form: E12{ C0: E6{B0: c0, B1: c1, B2: 0}, C1: E6{B0: 0, B1: 1, B2: 0}, }
and
E12{ C0: E6{B0: d0, B1: d1, B2: 0}, C1: E6{B0: 0, B1: 1, B2: 0}, }
func (*Ext12) MulBy01245 ¶
MulBy01245 multiplies z by an E12 sparse element of the form
E12{ C0: E6{B0: c0, B1: c1, B2: c2}, C1: E6{B0: 0, B1: c4, B2: c5}, }
func (*Ext12) MulBy014 ¶
MulBy014 multiplies z by an E12 sparse element of the form
E12{ C0: E6{B0: c0, B1: c1, B2: 0}, C1: E6{B0: 0, B1: 1, B2: 0}, }
func (Ext12) MulTorus ¶
MulTorus multiplies two compressed elements y1, y2 ∈ E6 and returns (y1 * y2 + v)/(y1 + y2) N.B.: we use MulTorus in the final exponentiation throughout y1 ≠ -y2 always.
func (Ext12) SquareTorus ¶
SquareTorus squares a compressed elements y ∈ E6 and returns (y + v/y)/2
It uses a hint to verify that (2x-y)y = v saving one E6 AssertIsEqual.
type Ext2 ¶
type Ext2 struct {
// contains filtered or unexported fields
}
func (Ext2) AssertIsEqual ¶
func (Ext2) DivUnchecked ¶
func (Ext2) MulByElement ¶
func (Ext2) MulByNonResidue ¶
MulByNonResidue returns x*(1+u)
func (Ext2) MulByNonResidue1Power1 ¶
MulByNonResidue1Power1 returns x*(1+u)^(1*(p^1-1)/6)
func (Ext2) MulByNonResidue1Power2 ¶
MulByNonResidue1Power2 returns x*(1+u)^(2*(p^1-1)/6)
func (Ext2) MulByNonResidue1Power3 ¶
MulByNonResidue1Power3 returns x*(1+u)^(3*(p^1-1)/6)
func (Ext2) MulByNonResidue1Power4 ¶
MulByNonResidue1Power4 returns x*(1+u)^(4*(p^1-1)/6)
func (Ext2) MulByNonResidue1Power5 ¶
MulByNonResidue1Power5 returns x*(1+u)^(5*(p^1-1)/6)
func (Ext2) MulByNonResidue2Power1 ¶
MulByNonResidue2Power1 returns x*(1+u)^(1*(p^2-1)/6)
func (Ext2) MulByNonResidue2Power2 ¶
MulByNonResidue2Power2 returns x*(1+u)^(2*(p^2-1)/6)
func (Ext2) MulByNonResidue2Power3 ¶
MulByNonResidue2Power3 returns x*(1+u)^(3*(p^2-1)/6)
func (Ext2) MulByNonResidue2Power4 ¶
MulByNonResidue2Power4 returns x*(1+u)^(4*(p^2-1)/6)
func (Ext2) MulByNonResidue2Power5 ¶
MulByNonResidue2Power5 returns x*(1+u)^(5*(p^2-1)/6)
func (Ext2) MulByNonResidueGeneric ¶
type Ext6 ¶
type Ext6 struct {
*Ext2
}
func (Ext6) AssertIsEqual ¶
func (Ext6) DivUnchecked ¶
func (Ext6) MulBy0 ¶
MulBy0 multiplies z by an E6 sparse element of the form
E6{ B0: c0, B1: 0, B2: 0, }
func (Ext6) MulBy01 ¶
MulBy01 multiplies z by an E6 sparse element of the form
E6{ B0: c0, B1: c1, B2: 0, }