Documentation ¶
Overview ¶
Package fields_bls12377 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BLS12-377 curve.
𝔽p²[u] = 𝔽p/u²+5 𝔽p⁶[v] = 𝔽p²/v³-u 𝔽p¹²[w] = 𝔽p⁶/w²-v
Reference: https://eprint.iacr.org/2022/1162
Index ¶
- func GetHints() []solver.Hint
- func Mul034By034(api frontend.API, d3, d4, c3, c4 E2) *[5]E2
- type E12
- func (e *E12) Add(api frontend.API, e1, e2 E12) *E12
- func (x *E12) AssertFinalExponentiationIsOne(api frontend.API)
- func (e *E12) AssertIsEqual(api frontend.API, other E12)
- func (e *E12) Assign(a *bls12377.E12)
- func (e *E12) Conjugate(api frontend.API, e1 E12) *E12
- func (e *E12) CyclotomicSquare(api frontend.API, x E12) *E12
- func (e *E12) CyclotomicSquareKarabina12345(api frontend.API, x E12) *E12
- func (e *E12) CyclotomicSquareKarabina2345(api frontend.API, x E12) *E12
- func (e *E12) DecompressKarabina12345(api frontend.API, x E12) *E12
- func (e *E12) DecompressKarabina2345(api frontend.API, x E12) *E12
- func (e *E12) DivUnchecked(api frontend.API, e1, e2 E12) *E12
- func (e *E12) ExpU(api frontend.API, e1 E12) *E12
- func (e *E12) ExpX0(api frontend.API, e1 E12) *E12
- func (e *E12) ExpX0Minus1Square(api frontend.API, e1 E12) *E12
- func (e *E12) Frobenius(api frontend.API, e1 E12) *E12
- func (e *E12) FrobeniusSquare(api frontend.API, e1 E12) *E12
- func (e *E12) Inverse(api frontend.API, e1 E12) *E12
- func (e *E12) Mul(api frontend.API, e1, e2 E12) *E12
- func (e *E12) MulBy01234(api frontend.API, x [5]E2) *E12
- func (e *E12) MulBy034(api frontend.API, c3, c4 E2) *E12
- func (e *E12) Neg(api frontend.API, e1 E12) *E12
- func (e *E12) Select(api frontend.API, b frontend.Variable, r1, r2 E12) *E12
- func (e *E12) SetOne() *E12
- func (e *E12) SetZero() *E12
- func (e *E12) Square(api frontend.API, x E12) *E12
- func (e *E12) Square034(api frontend.API, x E12) *E12
- func (e *E12) Sub(api frontend.API, e1, e2 E12) *E12
- type E2
- func (e *E2) Add(api frontend.API, e1, e2 E2) *E2
- func (e *E2) AssertIsEqual(api frontend.API, other E2)
- func (e *E2) Assign(a *bls12377.E2)
- func (e *E2) Conjugate(api frontend.API, e1 E2) *E2
- func (e *E2) DivUnchecked(api frontend.API, e1, e2 E2) *E2
- func (e *E2) Double(api frontend.API, e1 E2) *E2
- func (e *E2) Inverse(api frontend.API, e1 E2) *E2
- func (e *E2) IsZero(api frontend.API) frontend.Variable
- func (e *E2) Lookup2(api frontend.API, b1, b2 frontend.Variable, r1, r2, r3, r4 E2) *E2
- func (e *E2) Mul(api frontend.API, e1, e2 E2) *E2
- func (e *E2) MulByFp(api frontend.API, e1 E2, c interface{}) *E2
- func (e *E2) MulByNonResidue(api frontend.API, e1 E2) *E2
- func (e *E2) Neg(api frontend.API, e1 E2) *E2
- func (e *E2) Select(api frontend.API, b frontend.Variable, r1, r2 E2) *E2
- func (e *E2) SetOne() *E2
- func (e *E2) SetZero() *E2
- func (e *E2) Square(api frontend.API, x E2) *E2
- func (e *E2) Sub(api frontend.API, e1, e2 E2) *E2
- type E6
- func (e *E6) Add(api frontend.API, e1, e2 E6) *E6
- func (e *E6) AssertIsEqual(api frontend.API, other E6)
- func (e *E6) Assign(a *bls12377.E6)
- func (e *E6) DivUnchecked(api frontend.API, e1, e2 E6) *E6
- func (e *E6) Double(api frontend.API, e1 E6) *E6
- func (e *E6) Inverse(api frontend.API, e1 E6) *E6
- func (e *E6) Mul(api frontend.API, e1, e2 E6) *E6
- func (e *E6) Mul0By01(api frontend.API, a0, b0, b1 E2) *E6
- func (e *E6) MulBy01(api frontend.API, c0, c1 E2) *E6
- func (e *E6) MulByE2(api frontend.API, e1 E6, e2 E2) *E6
- func (e *E6) MulByFp2(api frontend.API, e1 E6, e2 E2) *E6
- func (e *E6) MulByNonResidue(api frontend.API, e1 E6) *E6
- func (e *E6) Neg(api frontend.API, e1 E6) *E6
- func (e *E6) Select(api frontend.API, b frontend.Variable, r1, r2 E6) *E6
- func (e *E6) SetOne() *E6
- func (e *E6) SetZero() *E6
- func (e *E6) Square(api frontend.API, x E6) *E6
- func (e *E6) Sub(api frontend.API, e1, e2 E6) *E6
- type Extension
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type E12 ¶
type E12 struct {
C0, C1 E6
}
E12 element in a quadratic extension
func (*E12) AssertFinalExponentiationIsOne ¶
AssertFinalExponentiationIsOne checks that a Miller function output x lies in the same equivalence class as the reduced pairing. This replaces the final exponentiation step in-circuit. The method follows Section 4 of On Proving Pairings paper by A. Novakovic and L. Eagen.
func (*E12) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E12) CyclotomicSquare ¶
Granger-Scott's cyclotomic square squares a Fp12 elt in the cyclotomic group https://eprint.iacr.org/2009/565.pdf, 3.2
func (*E12) CyclotomicSquareKarabina12345 ¶
func (*E12) CyclotomicSquareKarabina2345 ¶
Karabina's compressed cyclotomic square https://eprint.iacr.org/2010/542.pdf Th. 3.2 with minor modifications to fit our tower
func (*E12) DecompressKarabina12345 ¶
DecompressKarabina12345 Karabina's cyclotomic square result SQR12345
func (*E12) DecompressKarabina2345 ¶
DecompressKarabina2345 Karabina's cyclotomic square result SQR2345
func (*E12) DivUnchecked ¶
DivUnchecked e12 elmts
func (*E12) ExpX0Minus1Square ¶
ExpX0Minus1Square computes e1^((X0-1)^2), where X0=0x8508c00000000001
func (*E12) FrobeniusSquare ¶
FrobeniusSquare applies frob**2 to an fp12 elmt
type E2 ¶
E2 element in a quadratic extension
func (*E2) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E2) DivUnchecked ¶
DivUnchecked e2 elmts
func (*E2) Lookup2 ¶
Lookup2 implements two-bit lookup. It returns:
- r1 if b1=0 and b2=0,
- r2 if b1=0 and b2=1,
- r3 if b1=1 and b2=0,
- r3 if b1=1 and b2=1.
func (*E2) MulByNonResidue ¶
MulByNonResidue multiplies an fp2 elmt by the imaginary elmt ext.uSquare is the square of the imaginary root
type E6 ¶
type E6 struct {
B0, B1, B2 E2
}
E6 element in a quadratic extension
func (*E6) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E6) DivUnchecked ¶
DivUnchecked e6 elmts
func (*E6) MulByFp2 ¶
MulByFp2 creates a fp6elmt from fp elmts icube is the imaginary elmt to the cube
func (*E6) MulByNonResidue ¶
MulByNonResidue multiplies e by the imaginary elmt of Fp6 (noted a+bV+cV where V**3 in F²)