Documentation ¶
Index ¶
- Constants
- type E12
- func (z *E12) Add(x, y *E12) *E12
- func (z *E12) Bytes() (r [SizeOfGT]byte)
- func (z *E12) CompressTorus() (E6, error)
- func (z *E12) Conjugate(x *E12) *E12
- func (z *E12) CyclotomicExp(x E12, k *big.Int) *E12
- func (z *E12) CyclotomicSquare(x *E12) *E12
- func (z *E12) CyclotomicSquareCompressed(x *E12) *E12
- func (z *E12) DecompressKarabina(x *E12) *E12
- func (z *E12) Div(x *E12, y *E12) *E12
- func (z *E12) Double(x *E12) *E12
- func (z *E12) Equal(x *E12) bool
- func (z *E12) Exp(x E12, k *big.Int) *E12
- func (z *E12) ExpGLV(x E12, k *big.Int) *E12
- func (z *E12) Expt(x *E12) *E12
- func (z *E12) Frobenius(x *E12) *E12
- func (z *E12) FrobeniusSquare(x *E12) *E12
- func (z *E12) Inverse(x *E12) *E12
- func (z *E12) InverseUnitary(x *E12) *E12
- func (z *E12) IsInSubGroup() bool
- func (z *E12) IsOne() bool
- func (z *E12) IsZero() bool
- func (z *E12) Marshal() []byte
- func (z *E12) Mul(x, y *E12) *E12
- func (z *E12) MulBy01(c0, c1 *E2) *E12
- func (z *E12) MulBy01245(x *[5]E2) *E12
- func (z *E12) MulBy014(c0, c1, c4 *E2) *E12
- func (z *E12) Select(cond int, caseZ *E12, caseNz *E12) *E12
- func (z *E12) Set(x *E12) *E12
- func (z *E12) SetBytes(e []byte) error
- func (z *E12) SetOne() *E12
- func (z *E12) SetRandom() (*E12, error)
- func (z *E12) SetString(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11 string) *E12
- func (z *E12) Square(x *E12) *E12
- func (z *E12) String() string
- func (z *E12) Sub(x, y *E12) *E12
- func (z *E12) Unmarshal(buf []byte) error
- type E2
- func (z *E2) Add(x, y *E2) *E2
- func (z *E2) Bits() E2
- func (z *E2) Cmp(x *E2) int
- func (z *E2) Conjugate(x *E2) *E2
- func (z *E2) Div(x *E2, y *E2) *E2
- func (z *E2) Double(x *E2) *E2
- func (z *E2) Equal(x *E2) bool
- func (z *E2) Exp(x E2, k *big.Int) *E2
- func (z *E2) Halve()
- func (z *E2) Inverse(x *E2) *E2
- func (z *E2) IsOne() bool
- func (z *E2) IsZero() bool
- func (z *E2) Legendre() int
- func (z *E2) LexicographicallyLargest() bool
- func (z *E2) Mul(x, y *E2) *E2
- func (z *E2) MulByElement(x *E2, y *fp.Element) *E2
- func (z *E2) MulByNonResidue(x *E2) *E2
- func (z *E2) MulByNonResidue1Power1(x *E2) *E2
- func (z *E2) MulByNonResidue1Power2(x *E2) *E2
- func (z *E2) MulByNonResidue1Power3(x *E2) *E2
- func (z *E2) MulByNonResidue1Power4(x *E2) *E2
- func (z *E2) MulByNonResidue1Power5(x *E2) *E2
- func (z *E2) MulByNonResidue2Power1(x *E2) *E2
- func (z *E2) MulByNonResidue2Power2(x *E2) *E2
- func (z *E2) MulByNonResidue2Power3(x *E2) *E2
- func (z *E2) MulByNonResidue2Power4(x *E2) *E2
- func (z *E2) MulByNonResidue2Power5(x *E2) *E2
- func (z *E2) MulByNonResidueInv(x *E2) *E2
- func (z *E2) Neg(x *E2) *E2
- func (z *E2) Select(cond int, caseZ *E2, caseNz *E2) *E2
- func (z *E2) Set(x *E2) *E2
- func (z *E2) SetOne() *E2
- func (z *E2) SetRandom() (*E2, error)
- func (z *E2) SetString(s1, s2 string) *E2
- func (z *E2) SetZero() *E2
- func (z *E2) Sqrt(x *E2) *E2
- func (z *E2) Square(x *E2) *E2
- func (z *E2) String() string
- func (z *E2) Sub(x, y *E2) *E2
- type E6
- func (z *E6) Add(x, y *E6) *E6
- func (z *E6) DecompressTorus() E12
- func (z *E6) Div(x *E6, y *E6) *E6
- func (z *E6) Double(x *E6) *E6
- func (z *E6) Equal(x *E6) bool
- func (z *E6) Inverse(x *E6) *E6
- func (z *E6) IsOne() bool
- func (z *E6) IsZero() bool
- func (z *E6) Mul(x, y *E6) *E6
- func (z *E6) MulBy01(c0, c1 *E2) *E6
- func (z *E6) MulBy1(c1 *E2) *E6
- func (x *E6) MulBy12(b1, b2 *E2) *E6
- func (z *E6) MulByE2(x *E6, y *E2) *E6
- func (z *E6) MulByNonResidue(x *E6) *E6
- func (z *E6) Neg(x *E6) *E6
- func (z *E6) Select(cond int, caseZ *E6, caseNz *E6) *E6
- func (z *E6) Set(x *E6) *E6
- func (z *E6) SetOne() *E6
- func (z *E6) SetRandom() (*E6, error)
- func (z *E6) SetString(s1, s2, s3, s4, s5, s6 string) *E6
- func (z *E6) Square(x *E6) *E6
- func (z *E6) String() string
- func (z *E6) Sub(x, y *E6) *E6
Constants ¶
const SizeOfGT = 48 * 12
SizeOfGT represents the size in bytes that a GT element need in binary form
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type E12 ¶
type E12 struct {
C0, C1 E6
}
E12 is a degree two finite field extension of fp6
func BatchDecompressKarabina ¶ added in v0.8.0
BatchDecompressKarabina multiple Karabina's cyclotomic square results if g3 != 0
g4 = (E * g5^2 + 3 * g1^2 - 2 * g2)/4g3
if g3 == 0
g4 = 2g1g5/g2
if g3=g2=0 then g4=g5=g1=0 and g0=1 (x=1) Theorem 3.1 is well-defined for all x in Gϕₙ\{1}
Divisions by 4g3 or g2 is batched using Montgomery batch inverse
func BatchDecompressTorus ¶ added in v0.8.0
BatchDecompressTorus GT/E12 compressed elements using a batch inversion
func BatchInvertE12 ¶ added in v0.8.0
BatchInvertE12 returns a new slice with every element in a inverted. It uses Montgomery batch inversion trick.
if a[i] == 0, returns result[i] = a[i]
func (*E12) Bytes ¶
Bytes returns the regular (non montgomery) value of z as a big-endian byte array. z.C1.B2.A1 | z.C1.B2.A0 | z.C1.B1.A1 | ...
func (*E12) CompressTorus ¶ added in v0.8.0
CompressTorus GT/E12 element to half its size z must be in the cyclotomic subgroup i.e. z^(p^4-p^2+1)=1 e.g. GT "COMPRESSION IN FINITE FIELDS AND TORUS-BASED CRYPTOGRAPHY", K. RUBIN AND A. SILVERBERG z.C1 == 0 only when z \in {-1,1}
func (*E12) CyclotomicExp ¶ added in v0.8.0
CyclotomicExp sets z=xᵏ (mod q¹²) and returns it uses 2-NAF decomposition x must be in the cyclotomic subgroup TODO: use a windowed method
func (*E12) CyclotomicSquare ¶
Granger-Scott's cyclotomic square https://eprint.iacr.org/2009/565.pdf, 3.2
func (*E12) CyclotomicSquareCompressed ¶
Karabina's compressed cyclotomic square https://eprint.iacr.org/2010/542.pdf Th. 3.2 with minor modifications to fit our tower
func (*E12) DecompressKarabina ¶ added in v0.8.0
DecompressKarabina Karabina's cyclotomic square result if g3 != 0
g4 = (E * g5^2 + 3 * g1^2 - 2 * g2)/4g3
if g3 == 0
g4 = 2g1g5/g2
if g3=g2=0 then g4=g5=g1=0 and g0=1 (x=1) Theorem 3.1 is well-defined for all x in Gϕₙ\{1}
func (*E12) ExpGLV ¶ added in v0.8.0
ExpGLV sets z=xᵏ (q¹²) and returns it uses 2-dimensional GLV with 2-bits windowed method x must be in GT TODO: use 2-NAF TODO: use higher dimensional decomposition
func (*E12) FrobeniusSquare ¶
FrobeniusSquare set z to Frobenius^2(x), and return z
func (*E12) Inverse ¶
Inverse sets z to the inverse of x in E12 and returns z
if x == 0, sets and returns z = x
func (*E12) InverseUnitary ¶
InverseUnitary inverses a unitary element
func (*E12) IsInSubGroup ¶
IsInSubGroup ensures GT/E12 is in correct subgroup
func (*E12) MulBy01245 ¶ added in v0.10.0
MulBy01245 multiplies z by an E12 sparse element of the form (x0, x1, x2, 0, x4, x5)
func (*E12) Select ¶
Select is conditional move. If cond = 0, it sets z to caseZ and returns it. otherwise caseNz.
func (*E12) SetBytes ¶
SetBytes interprets e as the bytes of a big-endian GT sets z to that value (in Montgomery form), and returns z. size(e) == 48 * 12 z.C1.B2.A1 | z.C1.B2.A0 | z.C1.B1.A1 | ...
type E2 ¶
E2 is a degree two finite field extension of fp.Element
func BatchInvertE2 ¶ added in v0.8.0
BatchInvertE2 returns a new slice with every element in a inverted. It uses Montgomery batch inversion trick.
if a[i] == 0, returns result[i] = a[i]
func Mul014By014 ¶ added in v0.10.0
Mul014By014 multiplication of sparse element (c0,c1,0,0,c4,0) by sparse element (d0,d1,0,0,d4,0)
func Mul01By01 ¶ added in v0.13.0
Mul01By01 multiplication of sparse element (c0,c1,0,0,1,0) by sparse element (d0,d1,0,0,1,0)
func (*E2) Cmp ¶
Cmp compares (lexicographic order) z and x and returns:
-1 if z < x 0 if z == x +1 if z > x
func (*E2) LexicographicallyLargest ¶
LexicographicallyLargest returns true if this element is strictly lexicographically larger than its negation, false otherwise
func (*E2) MulByElement ¶
MulByElement multiplies an element in E2 by an element in fp
func (*E2) MulByNonResidue ¶
MulByNonResidue multiplies a E2 by (0,1)
func (*E2) MulByNonResidue1Power1 ¶
MulByNonResidue1Power1 set z=x*(0,1)^(1*(p^1-1)/6) and return z
func (*E2) MulByNonResidue1Power2 ¶
MulByNonResidue1Power2 set z=x*(0,1)^(2*(p^1-1)/6) and return z
func (*E2) MulByNonResidue1Power3 ¶
MulByNonResidue1Power3 set z=x*(0,1)^(3*(p^1-1)/6) and return z
func (*E2) MulByNonResidue1Power4 ¶
MulByNonResidue1Power4 set z=x*(0,1)^(4*(p^1-1)/6) and return z
func (*E2) MulByNonResidue1Power5 ¶
MulByNonResidue1Power5 set z=x*(0,1)^(5*(p^1-1)/6) and return z
func (*E2) MulByNonResidue2Power1 ¶
MulByNonResidue2Power1 set z=x*(0,1)^(1*(p^2-1)/6) and return z
func (*E2) MulByNonResidue2Power2 ¶
MulByNonResidue2Power2 set z=x*(0,1)^(2*(p^2-1)/6) and return z
func (*E2) MulByNonResidue2Power3 ¶
MulByNonResidue2Power3 set z=x*(0,1)^(3*(p^2-1)/6) and return z
func (*E2) MulByNonResidue2Power4 ¶
MulByNonResidue2Power4 set z=x*(0,1)^(4*(p^2-1)/6) and return z
func (*E2) MulByNonResidue2Power5 ¶
MulByNonResidue2Power5 set z=x*(0,1)^(5*(p^2-1)/6) and return z
func (*E2) MulByNonResidueInv ¶
MulByNonResidueInv multiplies a E2 by (0,1)^{-1}
func (*E2) Select ¶
Select is conditional move. If cond = 0, it sets z to caseZ and returns it. otherwise caseNz.
func (*E2) Sqrt ¶
Sqrt sets z to the square root of and returns z The function does not test whether the square root exists or not, it's up to the caller to call Legendre beforehand. cf https://eprint.iacr.org/2012/685.pdf (algo 10)
type E6 ¶
type E6 struct {
B0, B1, B2 E2
}
E6 is a degree three finite field extension of fp2
func BatchCompressTorus ¶ added in v0.8.0
BatchCompressTorus GT/E12 elements to half their size using a batch inversion.
if len(x) == 0 or if any of the x[i].C1 coordinate is 0, this function returns an error.
func BatchInvertE6 ¶ added in v0.8.0
BatchInvertE6 returns a new slice with every element in a inverted. It uses Montgomery batch inversion trick.
if a[i] == 0, returns result[i] = a[i]
func (*E6) DecompressTorus ¶ added in v0.8.0
DecompressTorus GT/E12 a compressed element element must be in the cyclotomic subgroup "COMPRESSION IN FINITE FIELDS AND TORUS-BASED CRYPTOGRAPHY", K. RUBIN AND A. SILVERBERG
func (*E6) MulByNonResidue ¶
MulByNonResidue mul x by (0,1,0)
func (*E6) Select ¶
Select is conditional move. If cond = 0, it sets z to caseZ and returns it. otherwise caseNz.