Documentation ¶
Overview ¶
Package fields_bn254 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BN254 curve.
𝔽p²[u] = 𝔽p/u²+1 𝔽p⁶[v] = 𝔽p²/v³-9-u 𝔽p¹²[w] = 𝔽p⁶/w²-v
Index ¶
- func GetHints() []solver.Hint
- type E12
- type E2
- type E6
- type Ext12
- func (e Ext12) Add(x, y *E12) *E12
- func (e Ext12) AssertFinalExponentiationIsOne(x *E12)
- func (e Ext12) AssertIsEqual(x, y *E12)
- func (e Ext12) CompressTorus(x *E12) *E6
- func (e Ext12) Conjugate(x *E12) *E12
- func (e Ext12) CyclotomicSquare(x *E12) *E12
- func (e Ext12) DecompressTorus(y *E6) *E12
- func (e Ext12) DivUnchecked(x, y *E12) *E12
- func (e Ext12) ExpByU(x *E12) *E12
- func (e Ext12) ExptTorus(x *E6) *E6
- func (e Ext12) Frobenius(x *E12) *E12
- func (e Ext12) FrobeniusCube(x *E12) *E12
- func (e Ext12) FrobeniusCubeTorus(y *E6) *E6
- func (e Ext12) FrobeniusSquare(x *E12) *E12
- func (e Ext12) FrobeniusSquareTorus(y *E6) *E6
- func (e Ext12) FrobeniusTorus(y *E6) *E6
- func (e Ext12) Inverse(x *E12) *E12
- func (e Ext12) InverseTorus(y *E6) *E6
- func (e Ext12) IsEqual(x, y *E12) frontend.Variable
- func (e Ext12) IsZero(z *E12) frontend.Variable
- func (e Ext12) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E12) *E12
- func (e Ext12) Mul(x, y *E12) *E12
- func (e *Ext12) Mul01234By034(x [5]*E2, z3, z4 *E2) *E12
- func (e *Ext12) Mul034By034(d3, d4, c3, c4 *E2) [5]*E2
- func (e *Ext12) MulBy01234(z *E12, x [5]*E2) *E12
- func (e *Ext12) MulBy034(z *E12, c3, c4 *E2) *E12
- func (e Ext12) MulTorus(y1, y2 *E6) *E6
- func (e Ext12) One() *E12
- func (e Ext12) Select(selector frontend.Variable, z1, z0 *E12) *E12
- func (e Ext12) Square(x *E12) *E12
- func (e *Ext12) Square034(x *E12) *E12
- func (e Ext12) SquareTorus(y *E6) *E6
- func (e Ext12) Sub(x, y *E12) *E12
- func (e Ext12) Zero() *E12
- type Ext2
- func (e Ext2) Add(x, y *E2) *E2
- func (e Ext2) AssertIsEqual(x, y *E2)
- func (e Ext2) Conjugate(x *E2) *E2
- func (e Ext2) DivUnchecked(x, y *E2) *E2
- func (e Ext2) Double(x *E2) *E2
- func (e Ext2) Inverse(x *E2) *E2
- func (e Ext2) IsEqual(x, y *E2) frontend.Variable
- func (e Ext2) IsZero(z *E2) frontend.Variable
- func (e Ext2) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E2) *E2
- func (e Ext2) Mul(x, y *E2) *E2
- func (e Ext2) MulByConstElement(x *E2, y *big.Int) *E2
- func (e Ext2) MulByElement(x *E2, y *baseEl) *E2
- func (e Ext2) MulByNonResidue(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power1(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power2(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power3(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power4(x *E2) *E2
- func (e Ext2) MulByNonResidue1Power5(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power1(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power2(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power3(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power4(x *E2) *E2
- func (e Ext2) MulByNonResidue2Power5(x *E2) *E2
- func (e Ext2) MulByNonResidue3Power1(x *E2) *E2
- func (e Ext2) MulByNonResidue3Power2(x *E2) *E2
- func (e Ext2) MulByNonResidue3Power3(x *E2) *E2
- func (e Ext2) MulByNonResidue3Power4(x *E2) *E2
- func (e Ext2) MulByNonResidue3Power5(x *E2) *E2
- func (e Ext2) MulByNonResidueGeneric(x *E2, power, coef int) *E2
- func (e Ext2) Neg(x *E2) *E2
- func (e Ext2) One() *E2
- func (e Ext2) Select(selector frontend.Variable, z1, z0 *E2) *E2
- func (e Ext2) Square(x *E2) *E2
- func (e Ext2) Sub(x, y *E2) *E2
- func (e Ext2) Zero() *E2
- type Ext6
- func (e Ext6) Add(x, y *E6) *E6
- func (e Ext6) AssertIsEqual(x, y *E6)
- func (e Ext6) DivUnchecked(x, y *E6) *E6
- func (e Ext6) Double(x *E6) *E6
- func (e Ext6) FrobeniusSquare(x *E6) *E6
- func (e Ext6) Inverse(x *E6) *E6
- func (e Ext6) IsEqual(x, y *E6) frontend.Variable
- func (e Ext6) IsZero(z *E6) frontend.Variable
- func (e Ext6) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E6) *E6
- func (e Ext6) Mul(x, y *E6) *E6
- func (e Ext6) Mul01By01(c0, c1, d0, d1 *E2) *E6
- func (e Ext6) MulBy0(z *E6, c0 *E2) *E6
- func (e Ext6) MulBy01(z *E6, c0, c1 *E2) *E6
- func (e Ext6) MulByConstE2(x *E6, y *E2) *E6
- func (e Ext6) MulByE2(x *E6, y *E2) *E6
- func (e Ext6) MulByNonResidue(x *E6) *E6
- func (e Ext6) Neg(x *E6) *E6
- func (e Ext6) One() *E6
- func (e Ext6) Select(selector frontend.Variable, z1, z0 *E6) *E6
- func (e Ext6) Square(x *E6) *E6
- func (e Ext6) Sub(x, y *E6) *E6
- func (e Ext6) Zero() *E6
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Ext12 ¶
type Ext12 struct {
*Ext6
}
func (Ext12) AssertFinalExponentiationIsOne ¶
AssertFinalExponentiationIsOne checks that a Miller function output x lies in the same equivalence class as the reduced pairing. This replaces the final exponentiation step in-circuit. The method follows Section 4 of On Proving Pairings paper by A. Novakovic and L. Eagen.
func (Ext12) AssertIsEqual ¶
func (Ext12) CompressTorus ¶
CompressTorus compresses x ∈ E12 to (x.C0 + 1)/x.C1 ∈ E6
func (Ext12) CyclotomicSquare ¶
Granger--Scott cyclotomic square
func (Ext12) DecompressTorus ¶
DecompressTorus decompresses y ∈ E6 to (y+w)/(y-w) ∈ E12
func (Ext12) DivUnchecked ¶
func (Ext12) ExptTorus ¶
Exponentiation by the seed t=4965661367192848881 The computations are performed on E6 compressed form using Torus-based arithmetic.
func (Ext12) FrobeniusCube ¶
func (Ext12) FrobeniusCubeTorus ¶
FrobeniusCubeTorus raises a compressed elements y ∈ E6 to the cube modulus p^3 and returns y^(p^3) / v^((p^3-1)/2)
func (Ext12) FrobeniusSquare ¶
func (Ext12) FrobeniusSquareTorus ¶
FrobeniusSquareTorus raises a compressed elements y ∈ E6 to the square modulus p^2 and returns y^(p^2) / v^((p^2-1)/2)
func (Ext12) FrobeniusTorus ¶
FrobeniusTorus raises a compressed elements y ∈ E6 to the modulus p and returns y^p / v^((p-1)/2)
func (Ext12) InverseTorus ¶
InverseTorus inverses a compressed elements y ∈ E6 and returns -y
func (*Ext12) Mul01234By034 ¶
multiplies two E12 sparse element of the form: E12{ C0: E6{B0: x0, B1: x1, B2: x2}, C1: E6{B0: x3, B1: x4, B2: 0}, }
and
E12{ C0: E6{B0: 1, B1: 0, B2: 0}, C1: E6{B0: z3, B1: z4, B2: 0}, }
func (*Ext12) Mul034By034 ¶
multiplies two E12 sparse element of the form: E12{ C0: E6{B0: 1, B1: 0, B2: 0}, C1: E6{B0: c3, B1: c4, B2: 0}, }
and
E12{ C0: E6{B0: 1, B1: 0, B2: 0}, C1: E6{B0: d3, B1: d4, B2: 0}, }
func (*Ext12) MulBy01234 ¶
MulBy01234 multiplies z by an E12 sparse element of the form
E12{ C0: E6{B0: c0, B1: c1, B2: c2}, C1: E6{B0: c3, B1: c4, B2: 0}, }
func (*Ext12) MulBy034 ¶
MulBy034 multiplies z by an E12 sparse element of the form
E12{ C0: E6{B0: 1, B1: 0, B2: 0}, C1: E6{B0: c3, B1: c4, B2: 0}, }
func (Ext12) MulTorus ¶
MulTorus multiplies two compressed elements y1, y2 ∈ E6 and returns (y1 * y2 + v)/(y1 + y2) N.B.: we use MulTorus in the final exponentiation throughout y1 ≠ -y2 always.
func (*Ext12) Square034 ¶
Square034 squares an E12 sparse element of the form
E12{ C0: E6{B0: 1, B1: 0, B2: 0}, C1: E6{B0: c3, B1: c4, B2: 0}, }
func (Ext12) SquareTorus ¶
SquareTorus squares a compressed elements y ∈ E6 and returns (y + v/y)/2
It uses a hint to verify that (2x-y)y = v saving one E6 AssertIsEqual.
type Ext2 ¶
type Ext2 struct {
// contains filtered or unexported fields
}
func (Ext2) AssertIsEqual ¶
func (Ext2) DivUnchecked ¶
func (Ext2) MulByElement ¶
func (Ext2) MulByNonResidue ¶
MulByNonResidue return x*(9+u)
func (Ext2) MulByNonResidue1Power1 ¶
MulByNonResidue1Power1 returns x*(9+u)^(1*(p^1-1)/6)
func (Ext2) MulByNonResidue1Power2 ¶
MulByNonResidue1Power2 returns x*(9+u)^(2*(p^1-1)/6)
func (Ext2) MulByNonResidue1Power3 ¶
MulByNonResidue1Power3 returns x*(9+u)^(3*(p^1-1)/6)
func (Ext2) MulByNonResidue1Power4 ¶
MulByNonResidue1Power4 returns x*(9+u)^(4*(p^1-1)/6)
func (Ext2) MulByNonResidue1Power5 ¶
MulByNonResidue1Power5 returns x*(9+u)^(5*(p^1-1)/6)
func (Ext2) MulByNonResidue2Power1 ¶
MulByNonResidue2Power1 returns x*(9+u)^(1*(p^2-1)/6)
func (Ext2) MulByNonResidue2Power2 ¶
MulByNonResidue2Power2 returns x*(9+u)^(2*(p^2-1)/6)
func (Ext2) MulByNonResidue2Power3 ¶
MulByNonResidue2Power3 returns x*(9+u)^(3*(p^2-1)/6)
func (Ext2) MulByNonResidue2Power4 ¶
MulByNonResidue2Power4 returns x*(9+u)^(4*(p^2-1)/6)
func (Ext2) MulByNonResidue2Power5 ¶
MulByNonResidue2Power5 returns x*(9+u)^(5*(p^2-1)/6)
func (Ext2) MulByNonResidue3Power1 ¶
MulByNonResidue3Power1 returns x*(9+u)^(1*(p^3-1)/6)
func (Ext2) MulByNonResidue3Power2 ¶
MulByNonResidue3Power2 returns x*(9+u)^(2*(p^3-1)/6)
func (Ext2) MulByNonResidue3Power3 ¶
MulByNonResidue3Power3 returns x*(9+u)^(3*(p^3-1)/6)
func (Ext2) MulByNonResidue3Power4 ¶
MulByNonResidue3Power4 returns x*(9+u)^(4*(p^3-1)/6)
func (Ext2) MulByNonResidue3Power5 ¶
MulByNonResidue3Power5 returns x*(9+u)^(5*(p^3-1)/6)
func (Ext2) MulByNonResidueGeneric ¶
type Ext6 ¶
type Ext6 struct {
*Ext2
}
func (Ext6) AssertIsEqual ¶
func (Ext6) DivUnchecked ¶
func (Ext6) FrobeniusSquare ¶
func (Ext6) Mul01By01 ¶
Mul01By01 multiplies two E6 sparse element of the form:
E6{ B0: c0, B1: c1, B2: 0, }
and
E6{ B0: d0, B1: d1, B2: 0, }
func (Ext6) MulBy0 ¶
MulBy0 multiplies z by an E6 sparse element of the form
E6{ B0: c0, B1: 0, B2: 0, }
func (Ext6) MulBy01 ¶
MulBy01 multiplies z by an E6 sparse element of the form
E6{ B0: c0, B1: c1, B2: 0, }