Documentation ¶
Index ¶
- Constants
- func Mul014By014(d0, d1, d4, c0, c1, c4 *fp.Element) [5]fp.Element
- func Mul01By01(d0, d1, c0, c1 *fp.Element) [5]fp.Element
- type E3
- func (z *E3) Add(x, y *E3) *E3
- func (z *E3) Clone() *E3
- func (z *E3) DecompressTorus() E6
- func (z *E3) Double(x *E3) *E3
- func (z *E3) Equal(x *E3) bool
- func (z *E3) Inverse(x *E3) *E3
- func (z *E3) IsOne() bool
- func (z *E3) IsZero() bool
- func (z *E3) Mul(x, y *E3) *E3
- func (z *E3) MulAssign(x *E3) *E3
- func (z *E3) MulBy01(c0, c1 *fp.Element) *E3
- func (z *E3) MulBy1(c1 *fp.Element) *E3
- func (x *E3) MulBy12(b1, b2 *fp.Element) *E3
- func (z *E3) MulByElement(x *E3, y *fp.Element) *E3
- func (z *E3) MulByNonResidue(x *E3) *E3
- func (z *E3) Neg(x *E3) *E3
- func (z *E3) Set(x *E3) *E3
- func (z *E3) SetOne() *E3
- func (z *E3) SetRandom() (*E3, error)
- func (z *E3) SetString(s1, s2, s3 string) *E3
- func (z *E3) SetZero() *E3
- func (z *E3) Square(x *E3) *E3
- func (z *E3) String() string
- func (z *E3) Sub(x, y *E3) *E3
- type E6
- func (z *E6) Add(x, y *E6) *E6
- func (z *E6) Bytes() (r [SizeOfGT]byte)
- func (z *E6) CompressTorus() (E3, error)
- func (z *E6) Conjugate(x *E6) *E6
- func (z *E6) CyclotomicExp(x E6, k *big.Int) *E6
- func (z *E6) CyclotomicSquare(x *E6) *E6
- func (z *E6) CyclotomicSquareCompressed(x *E6) *E6
- func (z *E6) DecompressKarabina(x *E6) *E6
- func (z *E6) Double(x *E6) *E6
- func (z *E6) Equal(x *E6) bool
- func (z *E6) Exp(x E6, k *big.Int) *E6
- func (z *E6) ExpGLV(x E6, k *big.Int) *E6
- func (z *E6) Expc1(x *E6) *E6
- func (z *E6) Expc2(x *E6) *E6
- func (z *E6) Expt(x *E6) *E6
- func (z *E6) ExptMinus1(x *E6) *E6
- func (z *E6) ExptMinus1Div3(x *E6) *E6
- func (z *E6) ExptMinus1Square(x *E6) *E6
- func (z *E6) ExptPlus1(x *E6) *E6
- func (z *E6) Frobenius(x *E6) *E6
- func (z *E6) Inverse(x *E6) *E6
- func (z *E6) InverseUnitary(x *E6) *E6
- func (z *E6) IsInSubGroup() bool
- func (z *E6) IsOne() bool
- func (z *E6) IsZero() bool
- func (z *E6) Mul(x, y *E6) *E6
- func (z *E6) MulBy01(c0, c1 *fp.Element) *E6
- func (z *E6) MulBy01245(x *[5]fp.Element) *E6
- func (z *E6) MulBy014(c0, c1, c4 *fp.Element) *E6
- func (z *E6) Set(x *E6) *E6
- func (z *E6) SetBytes(e []byte) error
- func (z *E6) SetOne() *E6
- func (z *E6) SetRandom() (*E6, error)
- func (z *E6) SetString(s0, s1, s2, s3, s4, s5 string) *E6
- func (z *E6) Square(x *E6) *E6
- func (z *E6) String() string
- func (z *E6) Sub(x, y *E6) *E6
Constants ¶
const SizeOfGT = fp.Bytes * 6
SizeOfGT represents the size in bytes that a GT element need in binary form
Variables ¶
This section is empty.
Functions ¶
func Mul014By014 ¶ added in v0.13.0
Mul014By014 multiplication of sparse element (c0,c1,0,0,c4,0) by sparse element (d0,d1,0,0,d4,0)
Types ¶
type E3 ¶ added in v0.5.0
E3 is a degree-three finite field extension of fp3
func BatchCompressTorus ¶ added in v0.8.0
BatchCompressTorus GT/E6 elements to half their size using a batch inversion
func BatchInvertE3 ¶ added in v0.8.0
BatchInvertE3 returns a new slice with every element in a inverted. It uses Montgomery batch inversion trick.
if a[i] == 0, returns result[i] = a[i]
func (*E3) DecompressTorus ¶ added in v0.8.0
DecompressTorus GT/E6 a compressed element element must be in the cyclotomic subgroup "COMPRESSION IN FINITE FIELDS AND TORUS-BASED CRYPTOGRAPHY", K. RUBIN AND A. SILVERBERG
func (*E3) Equal ¶ added in v0.5.0
Equal returns true if z equals x, false otherwise note this is more efficient than calling "z == x"
func (*E3) MulByElement ¶ added in v0.5.0
MulByElement multiplies an element in E3 by an element in fp
func (*E3) MulByNonResidue ¶ added in v0.5.0
MulByNonResidue mul x by (0,1,0)
type E6 ¶
type E6 struct {
B0, B1 E3
}
E6 is a degree two finite field extension of fp3
func BatchDecompressTorus ¶ added in v0.8.0
BatchDecompressTorus GT/E6 compressed elements using a batch inversion
func BatchInvertE6 ¶ added in v0.8.0
BatchInvertE6 returns a new slice with every element in a inverted. It uses Montgomery batch inversion trick.
if a[i] == 0, returns result[i] = a[i]
func (*E6) Bytes ¶
Bytes returns the regular (non montgomery) value of z as a big-endian byte array. z.C1.B2.A1 | z.C1.B2.A0 | z.C1.B1.A1 | ...
func (*E6) CompressTorus ¶ added in v0.8.0
CompressTorus GT/E6 element to half its size z must be in the cyclotomic subgroup i.e. z^(p⁴-p²+1)=1 e.g. GT "COMPRESSION IN FINITE FIELDS AND TORUS-BASED CRYPTOGRAPHY", K. RUBIN AND A. SILVERBERG z.B1 == 0 only when z ∈ {-1,1}
func (*E6) CyclotomicExp ¶ added in v0.8.0
CyclotomicExp sets z=xᵏ (mod q⁶) and returns it uses 2-NAF decomposition x must be in the cyclotomic subgroup TODO: use a windowed method
func (*E6) CyclotomicSquare ¶
Granger-Scott's cyclotomic square https://eprint.iacr.org/2009/565.pdf, 3.2
func (*E6) CyclotomicSquareCompressed ¶ added in v0.5.1
Karabina's compressed cyclotomic square https://eprint.iacr.org/2010/542.pdf Th. 3.2 with minor modifications to fit our tower
func (*E6) DecompressKarabina ¶ added in v0.8.0
DecompressKarabina Karabina's cyclotomic square result if g3 != 0
g4 = (E * g5^2 + 3 * g1^2 - 2 * g2)/4g3
if g3 == 0
g4 = 2g1g5/g2
if g3=g2=0 then g4=g5=g1=0 and g0=1 (x=1) Theorem 3.1 is well-defined for all x in Gϕₙ\{1}
func (*E6) ExpGLV ¶ added in v0.8.0
ExpGLV sets z=xᵏ (q⁶) and returns it uses 2-dimensional GLV with 2-bits windowed method x must be in GT TODO: use 2-NAF TODO: use higher dimensional decomposition
func (*E6) Expc1 ¶ added in v0.5.0
Expc1 set z to z^c1 in E6 and return z ht, hy = 13, 9 c1 = (ht+hy)/2 = 11
func (*E6) Expc2 ¶ added in v0.5.0
Expc2 set z to z^c2 in E6 and return z ht, hy = 13, 9 c2 = (ht**2+3*hy**2)/4 = 103
func (*E6) ExptMinus1 ¶ added in v0.13.0
ExptMinus1 set z to x^(t-1) in E6 and return z t-1 = 91893752504881257682351033800651177983
func (*E6) ExptMinus1Div3 ¶ added in v0.13.0
ExptMinus1Div3 set z to x^(t-1)/3 in E6 and return z (t-1)/3 = 3195374304363544576
func (*E6) ExptMinus1Square ¶ added in v0.13.0
ExptMinus1Square set z to x^{(t-1)²} in E6 and return z (t-1)² = 91893752504881257682351033800651177984
func (*E6) ExptPlus1 ¶ added in v0.13.0
ExptPlus1 set z to x^(t+1) in E6 and return z t+1 = 91893752504881257682351033800651177985
func (*E6) Inverse ¶
Inverse sets z to the inverse of x in E6 and returns z
if x == 0, sets and returns z = x
func (*E6) InverseUnitary ¶ added in v0.5.0
InverseUnitary inverses a unitary element
func (*E6) IsInSubGroup ¶ added in v0.5.0
IsInSubGroup ensures GT/E6 is in correct subgroup
func (*E6) MulBy01245 ¶ added in v0.13.0
MulBy01245 multiplies z by an E12 sparse element of the form (x0, x1, x2, 0, x4, x5)
func (*E6) SetBytes ¶
SetBytes interprets e as the bytes of a big-endian GT sets z to that value (in Montgomery form), and returns z. z.C1.B2.A1 | z.C1.B2.A0 | z.C1.B1.A1 | ...