Documentation ¶
Overview ¶
Package fields_bls24315 implements the fields arithmetic of the Fp24 tower used to compute the pairing over the BLS24-315 curve.
𝔽p²[u] = 𝔽p/u²-13 𝔽p⁴[v] = 𝔽p²/v²-u 𝔽p¹²[w] = 𝔽p⁴/w³-v 𝔽p²⁴[i] = 𝔽p¹²/i²-w
Reference: https://eprint.iacr.org/2022/1162
Index ¶
- Variables
- func Mul034By034(api frontend.API, d3, d4, c3, c4 E4) *[5]E4
- type E12
- func (e *E12) Add(api frontend.API, e1, e2 E12) *E12
- func (e *E12) AssertIsEqual(api frontend.API, other E12)
- func (e *E12) Assign(a *bls24315.E12)
- func (e *E12) DivUnchecked(api frontend.API, e1, e2 E12) *E12
- func (e *E12) Inverse(api frontend.API, e1 E12) *E12
- func (e *E12) Mul(api frontend.API, e1, e2 E12) *E12
- func (e *E12) Mul0By01(api frontend.API, a0, b0, b1 E4) *E12
- func (e *E12) MulBy01(api frontend.API, c0, c1 E4) *E12
- func (e *E12) MulByE4(api frontend.API, e1 E12, e2 E4) *E12
- func (e *E12) MulByFp2(api frontend.API, e1 E12, e2 E4) *E12
- func (e *E12) MulByNonResidue(api frontend.API, e1 E12) *E12
- func (e *E12) Neg(api frontend.API, e1 E12) *E12
- func (e *E12) SetOne() *E12
- func (e *E12) SetZero() *E12
- func (e *E12) Square(api frontend.API, x E12) *E12
- func (e *E12) Sub(api frontend.API, e1, e2 E12) *E12
- type E2
- func (e *E2) Add(api frontend.API, e1, e2 E2) *E2
- func (e *E2) AssertIsEqual(api frontend.API, other E2)
- func (e *E2) Assign(a *bls24315.E2)
- func (e *E2) Conjugate(api frontend.API, e1 E2) *E2
- func (e *E2) DivUnchecked(api frontend.API, e1, e2 E2) *E2
- func (e *E2) Double(api frontend.API, e1 E2) *E2
- func (e *E2) Inverse(api frontend.API, e1 E2) *E2
- func (e *E2) Lookup2(api frontend.API, b1, b2 frontend.Variable, r1, r2, r3, r4 E2) *E2
- func (e *E2) Mul(api frontend.API, e1, e2 E2) *E2
- func (e *E2) MulByFp(api frontend.API, e1 E2, c interface{}) *E2
- func (e *E2) MulByNonResidue(api frontend.API, e1 E2) *E2
- func (e *E2) Neg(api frontend.API, e1 E2) *E2
- func (e *E2) Select(api frontend.API, b frontend.Variable, r1, r2 E2) *E2
- func (e *E2) SetOne() *E2
- func (e *E2) SetZero() *E2
- func (e *E2) Square(api frontend.API, x E2) *E2
- func (e *E2) Sub(api frontend.API, e1, e2 E2) *E2
- type E24
- func (e *E24) Add(api frontend.API, e1, e2 E24) *E24
- func (e *E24) AssertIsEqual(api frontend.API, other E24)
- func (e *E24) Assign(a *bls24315.E24)
- func (e *E24) Conjugate(api frontend.API, e1 E24) *E24
- func (e *E24) CyclotomicSquare(api frontend.API, x E24) *E24
- func (e *E24) CyclotomicSquareCompressed(api frontend.API, x E24) *E24
- func (e *E24) Decompress(api frontend.API, x E24) *E24
- func (e *E24) DivUnchecked(api frontend.API, e1, e2 E24) *E24
- func (e *E24) Expt(api frontend.API, x E24, exponent uint64) *E24
- func (e *E24) Frobenius(api frontend.API, x E24) *E24
- func (e *E24) FrobeniusQuad(api frontend.API, x E24) *E24
- func (e *E24) FrobeniusSquare(api frontend.API, x E24) *E24
- func (e *E24) Inverse(api frontend.API, e1 E24) *E24
- func (e *E24) Mul(api frontend.API, e1, e2 E24) *E24
- func (e *E24) MulBy034(api frontend.API, c3, c4 E4) *E24
- func (e *E24) Neg(api frontend.API, e1 E24) *E24
- func (e *E24) SetOne() *E24
- func (e *E24) SetZero() *E24
- func (e *E24) Square(api frontend.API, x E24) *E24
- func (e *E24) Square034(api frontend.API, x E24) *E24
- func (e *E24) Sub(api frontend.API, e1, e2 E24) *E24
- type E4
- func (e *E4) Add(api frontend.API, e1, e2 E4) *E4
- func (e *E4) AssertIsEqual(api frontend.API, other E4)
- func (e *E4) Assign(a *bls24315.E4)
- func (e *E4) Conjugate(api frontend.API, e1 E4) *E4
- func (e *E4) DivUnchecked(api frontend.API, e1, e2 E4) *E4
- func (e *E4) Double(api frontend.API, e1 E4) *E4
- func (e *E4) Inverse(api frontend.API, e1 E4) *E4
- func (e *E4) Lookup2(api frontend.API, b1, b2 frontend.Variable, r1, r2, r3, r4 E4) *E4
- func (e *E4) Mul(api frontend.API, e1, e2 E4) *E4
- func (e *E4) MulByFp(api frontend.API, e1 E4, c interface{}) *E4
- func (e *E4) MulByNonResidue(api frontend.API, e1 E4) *E4
- func (e *E4) Neg(api frontend.API, e1 E4) *E4
- func (e *E4) Select(api frontend.API, b frontend.Variable, r1, r2 E4) *E4
- func (e *E4) SetOne() *E4
- func (e *E4) SetZero() *E4
- func (e *E4) Square(api frontend.API, x E4) *E4
- func (e *E4) Sub(api frontend.API, e1, e2 E4) *E4
- type Extension
Constants ¶
This section is empty.
Variables ¶
var DivE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, b, c bls24315.E12 a.C0.B0.A0.SetBigInt(inputs[0]) a.C0.B0.A1.SetBigInt(inputs[1]) a.C0.B1.A0.SetBigInt(inputs[2]) a.C0.B1.A1.SetBigInt(inputs[3]) a.C1.B0.A0.SetBigInt(inputs[4]) a.C1.B0.A1.SetBigInt(inputs[5]) a.C1.B1.A0.SetBigInt(inputs[6]) a.C1.B1.A1.SetBigInt(inputs[7]) a.C2.B0.A0.SetBigInt(inputs[8]) a.C2.B0.A1.SetBigInt(inputs[9]) a.C2.B1.A0.SetBigInt(inputs[10]) a.C2.B1.A1.SetBigInt(inputs[11]) b.C0.B0.A0.SetBigInt(inputs[12]) b.C0.B0.A1.SetBigInt(inputs[13]) b.C0.B1.A0.SetBigInt(inputs[14]) b.C0.B1.A1.SetBigInt(inputs[15]) b.C1.B0.A0.SetBigInt(inputs[16]) b.C1.B0.A1.SetBigInt(inputs[17]) b.C1.B1.A0.SetBigInt(inputs[18]) b.C1.B1.A1.SetBigInt(inputs[19]) b.C2.B0.A0.SetBigInt(inputs[20]) b.C2.B0.A1.SetBigInt(inputs[21]) b.C2.B1.A0.SetBigInt(inputs[22]) b.C2.B1.A1.SetBigInt(inputs[23]) c.Inverse(&b).Mul(&c, &a) c.C0.B0.A0.BigInt(res[0]) c.C0.B0.A1.BigInt(res[1]) c.C0.B1.A0.BigInt(res[2]) c.C0.B1.A1.BigInt(res[3]) c.C1.B0.A0.BigInt(res[4]) c.C1.B0.A1.BigInt(res[5]) c.C1.B1.A0.BigInt(res[6]) c.C1.B1.A1.BigInt(res[7]) c.C2.B0.A0.BigInt(res[8]) c.C2.B0.A1.BigInt(res[9]) c.C2.B1.A0.BigInt(res[10]) c.C2.B1.A1.BigInt(res[11]) return nil }
var DivE24Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, b, c bls24315.E24 a.D0.C0.B0.A0.SetBigInt(inputs[0]) a.D0.C0.B0.A1.SetBigInt(inputs[1]) a.D0.C0.B1.A0.SetBigInt(inputs[2]) a.D0.C0.B1.A1.SetBigInt(inputs[3]) a.D0.C1.B0.A0.SetBigInt(inputs[4]) a.D0.C1.B0.A1.SetBigInt(inputs[5]) a.D0.C1.B1.A0.SetBigInt(inputs[6]) a.D0.C1.B1.A1.SetBigInt(inputs[7]) a.D0.C2.B0.A0.SetBigInt(inputs[8]) a.D0.C2.B0.A1.SetBigInt(inputs[9]) a.D0.C2.B1.A0.SetBigInt(inputs[10]) a.D0.C2.B1.A1.SetBigInt(inputs[11]) a.D1.C0.B0.A0.SetBigInt(inputs[12]) a.D1.C0.B0.A1.SetBigInt(inputs[13]) a.D1.C0.B1.A0.SetBigInt(inputs[14]) a.D1.C0.B1.A1.SetBigInt(inputs[15]) a.D1.C1.B0.A0.SetBigInt(inputs[16]) a.D1.C1.B0.A1.SetBigInt(inputs[17]) a.D1.C1.B1.A0.SetBigInt(inputs[18]) a.D1.C1.B1.A1.SetBigInt(inputs[19]) a.D1.C2.B0.A0.SetBigInt(inputs[20]) a.D1.C2.B0.A1.SetBigInt(inputs[21]) a.D1.C2.B1.A0.SetBigInt(inputs[22]) a.D1.C2.B1.A1.SetBigInt(inputs[23]) b.D0.C0.B0.A0.SetBigInt(inputs[24]) b.D0.C0.B0.A1.SetBigInt(inputs[25]) b.D0.C0.B1.A0.SetBigInt(inputs[26]) b.D0.C0.B1.A1.SetBigInt(inputs[27]) b.D0.C1.B0.A0.SetBigInt(inputs[28]) b.D0.C1.B0.A1.SetBigInt(inputs[29]) b.D0.C1.B1.A0.SetBigInt(inputs[30]) b.D0.C1.B1.A1.SetBigInt(inputs[31]) b.D0.C2.B0.A0.SetBigInt(inputs[32]) b.D0.C2.B0.A1.SetBigInt(inputs[33]) b.D0.C2.B1.A0.SetBigInt(inputs[34]) b.D0.C2.B1.A1.SetBigInt(inputs[35]) b.D1.C0.B0.A0.SetBigInt(inputs[36]) b.D1.C0.B0.A1.SetBigInt(inputs[37]) b.D1.C0.B1.A0.SetBigInt(inputs[38]) b.D1.C0.B1.A1.SetBigInt(inputs[39]) b.D1.C1.B0.A0.SetBigInt(inputs[40]) b.D1.C1.B0.A1.SetBigInt(inputs[41]) b.D1.C1.B1.A0.SetBigInt(inputs[42]) b.D1.C1.B1.A1.SetBigInt(inputs[43]) b.D1.C2.B0.A0.SetBigInt(inputs[44]) b.D1.C2.B0.A1.SetBigInt(inputs[45]) b.D1.C2.B1.A0.SetBigInt(inputs[46]) b.D1.C2.B1.A1.SetBigInt(inputs[47]) c.Inverse(&b).Mul(&c, &a) c.D0.C0.B0.A0.BigInt(res[0]) c.D0.C0.B0.A1.BigInt(res[1]) c.D0.C0.B1.A0.BigInt(res[2]) c.D0.C0.B1.A1.BigInt(res[3]) c.D0.C1.B0.A0.BigInt(res[4]) c.D0.C1.B0.A1.BigInt(res[5]) c.D0.C1.B1.A0.BigInt(res[6]) c.D0.C1.B1.A1.BigInt(res[7]) c.D0.C2.B0.A0.BigInt(res[8]) c.D0.C2.B0.A1.BigInt(res[9]) c.D0.C2.B1.A0.BigInt(res[10]) c.D0.C2.B1.A1.BigInt(res[11]) c.D1.C0.B0.A0.BigInt(res[12]) c.D1.C0.B0.A1.BigInt(res[13]) c.D1.C0.B1.A0.BigInt(res[14]) c.D1.C0.B1.A1.BigInt(res[15]) c.D1.C1.B0.A0.BigInt(res[16]) c.D1.C1.B0.A1.BigInt(res[17]) c.D1.C1.B1.A0.BigInt(res[18]) c.D1.C1.B1.A1.BigInt(res[19]) c.D1.C2.B0.A0.BigInt(res[20]) c.D1.C2.B0.A1.BigInt(res[21]) c.D1.C2.B1.A0.BigInt(res[22]) c.D1.C2.B1.A1.BigInt(res[23]) return nil }
var DivE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, b, c bls24315.E2 a.A0.SetBigInt(inputs[0]) a.A1.SetBigInt(inputs[1]) b.A0.SetBigInt(inputs[2]) b.A1.SetBigInt(inputs[3]) c.Inverse(&b).Mul(&c, &a) c.A0.BigInt(res[0]) c.A1.BigInt(res[1]) return nil }
var DivE4Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, b, c bls24315.E4 a.B0.A0.SetBigInt(inputs[0]) a.B0.A1.SetBigInt(inputs[1]) a.B1.A0.SetBigInt(inputs[2]) a.B1.A1.SetBigInt(inputs[3]) b.B0.A0.SetBigInt(inputs[4]) b.B0.A1.SetBigInt(inputs[5]) b.B1.A0.SetBigInt(inputs[6]) b.B1.A1.SetBigInt(inputs[7]) c.Inverse(&b).Mul(&c, &a) c.B0.A0.BigInt(res[0]) c.B0.A1.BigInt(res[1]) c.B1.A0.BigInt(res[2]) c.B1.A1.BigInt(res[3]) return nil }
var InverseE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, c bls24315.E12 a.C0.B0.A0.SetBigInt(inputs[0]) a.C0.B0.A1.SetBigInt(inputs[1]) a.C0.B1.A0.SetBigInt(inputs[2]) a.C0.B1.A1.SetBigInt(inputs[3]) a.C1.B0.A0.SetBigInt(inputs[4]) a.C1.B0.A1.SetBigInt(inputs[5]) a.C1.B1.A0.SetBigInt(inputs[6]) a.C1.B1.A1.SetBigInt(inputs[7]) a.C2.B0.A0.SetBigInt(inputs[8]) a.C2.B0.A1.SetBigInt(inputs[9]) a.C2.B1.A0.SetBigInt(inputs[10]) a.C2.B1.A1.SetBigInt(inputs[11]) c.Inverse(&a) c.C0.B0.A0.BigInt(res[0]) c.C0.B0.A1.BigInt(res[1]) c.C0.B1.A0.BigInt(res[2]) c.C0.B1.A1.BigInt(res[3]) c.C1.B0.A0.BigInt(res[4]) c.C1.B0.A1.BigInt(res[5]) c.C1.B1.A0.BigInt(res[6]) c.C1.B1.A1.BigInt(res[7]) c.C2.B0.A0.BigInt(res[8]) c.C2.B0.A1.BigInt(res[9]) c.C2.B1.A0.BigInt(res[10]) c.C2.B1.A1.BigInt(res[11]) return nil }
var InverseE24Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, c bls24315.E24 a.D0.C0.B0.A0.SetBigInt(inputs[0]) a.D0.C0.B0.A1.SetBigInt(inputs[1]) a.D0.C0.B1.A0.SetBigInt(inputs[2]) a.D0.C0.B1.A1.SetBigInt(inputs[3]) a.D0.C1.B0.A0.SetBigInt(inputs[4]) a.D0.C1.B0.A1.SetBigInt(inputs[5]) a.D0.C1.B1.A0.SetBigInt(inputs[6]) a.D0.C1.B1.A1.SetBigInt(inputs[7]) a.D0.C2.B0.A0.SetBigInt(inputs[8]) a.D0.C2.B0.A1.SetBigInt(inputs[9]) a.D0.C2.B1.A0.SetBigInt(inputs[10]) a.D0.C2.B1.A1.SetBigInt(inputs[11]) a.D1.C0.B0.A0.SetBigInt(inputs[12]) a.D1.C0.B0.A1.SetBigInt(inputs[13]) a.D1.C0.B1.A0.SetBigInt(inputs[14]) a.D1.C0.B1.A1.SetBigInt(inputs[15]) a.D1.C1.B0.A0.SetBigInt(inputs[16]) a.D1.C1.B0.A1.SetBigInt(inputs[17]) a.D1.C1.B1.A0.SetBigInt(inputs[18]) a.D1.C1.B1.A1.SetBigInt(inputs[19]) a.D1.C2.B0.A0.SetBigInt(inputs[20]) a.D1.C2.B0.A1.SetBigInt(inputs[21]) a.D1.C2.B1.A0.SetBigInt(inputs[22]) a.D1.C2.B1.A1.SetBigInt(inputs[23]) c.Inverse(&a) c.D0.C0.B0.A0.BigInt(res[0]) c.D0.C0.B0.A1.BigInt(res[1]) c.D0.C0.B1.A0.BigInt(res[2]) c.D0.C0.B1.A1.BigInt(res[3]) c.D0.C1.B0.A0.BigInt(res[4]) c.D0.C1.B0.A1.BigInt(res[5]) c.D0.C1.B1.A0.BigInt(res[6]) c.D0.C1.B1.A1.BigInt(res[7]) c.D0.C2.B0.A0.BigInt(res[8]) c.D0.C2.B0.A1.BigInt(res[9]) c.D0.C2.B1.A0.BigInt(res[10]) c.D0.C2.B1.A1.BigInt(res[11]) c.D1.C0.B0.A0.BigInt(res[12]) c.D1.C0.B0.A1.BigInt(res[13]) c.D1.C0.B1.A0.BigInt(res[14]) c.D1.C0.B1.A1.BigInt(res[15]) c.D1.C1.B0.A0.BigInt(res[16]) c.D1.C1.B0.A1.BigInt(res[17]) c.D1.C1.B1.A0.BigInt(res[18]) c.D1.C1.B1.A1.BigInt(res[19]) c.D1.C2.B0.A0.BigInt(res[20]) c.D1.C2.B0.A1.BigInt(res[21]) c.D1.C2.B1.A0.BigInt(res[22]) c.D1.C2.B1.A1.BigInt(res[23]) return nil }
var InverseE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, c bls24315.E2 a.A0.SetBigInt(inputs[0]) a.A1.SetBigInt(inputs[1]) c.Inverse(&a) c.A0.BigInt(res[0]) c.A1.BigInt(res[1]) return nil }
var InverseE4Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, c bls24315.E4 a.B0.A0.SetBigInt(inputs[0]) a.B0.A1.SetBigInt(inputs[1]) a.B1.A0.SetBigInt(inputs[2]) a.B1.A1.SetBigInt(inputs[3]) c.Inverse(&a) c.B0.A0.BigInt(res[0]) c.B0.A1.BigInt(res[1]) c.B1.A0.BigInt(res[2]) c.B1.A1.BigInt(res[3]) return nil }
Functions ¶
Types ¶
type E12 ¶
type E12 struct {
C0, C1, C2 E4
}
E12 element in a quadratic extension
func (*E12) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E12) DivUnchecked ¶
DivUnchecked e12 elmts
func (*E12) MulByFp2 ¶
MulByFp2 creates a fp12elmt from fp elmts icube is the imaginary elmt to the cube
func (*E12) MulByNonResidue ¶
MulByNonResidue multiplies e by the imaginary elmt of Fp12 (noted a+bV+cV where V**3 in F²)
type E2 ¶
E2 element in a quadratic extension
func (*E2) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E2) DivUnchecked ¶
DivUnchecked e2 elmts
func (*E2) Lookup2 ¶
Lookup2 implements two-bit lookup. It returns:
- r1 if b1=0 and b2=0,
- r2 if b1=0 and b2=1,
- r3 if b1=1 and b2=0,
- r3 if b1=1 and b2=1.
func (*E2) MulByNonResidue ¶
MulByNonResidue multiplies an fp2 elmt by the imaginary elmt ext.uSquare is the square of the imaginary root
type E24 ¶
type E24 struct {
D0, D1 E12
}
E24 element in a quadratic extension
func (*E24) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E24) CyclotomicSquare ¶
Granger-Scott's cyclotomic square squares a Fp24 elt in the cyclotomic group https://eprint.iacr.org/2009/565.pdf, 3.2
func (*E24) CyclotomicSquareCompressed ¶
Karabina's compressed cyclotomic square https://eprint.iacr.org/2010/542.pdf
func (*E24) Decompress ¶
Decompress Karabina's cyclotomic square result
func (*E24) DivUnchecked ¶
DivUnchecked e24 elmts
func (*E24) Expt ¶
Expt compute e1**exponent, where the exponent is hardcoded This function is only used for the final expo of the pairing for bls24315, so the exponent is supposed to be hardcoded and on 32 bits.
func (*E24) FrobeniusQuad ¶
FrobeniusQuad applies frob**4 to an fp24 elmt
func (*E24) FrobeniusSquare ¶
FrobeniusSquare applies frob**2 to an fp24 elmt
type E4 ¶
type E4 struct {
B0, B1 E2
}
E4 element in a quadratic extension
func (*E4) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E4) DivUnchecked ¶
DivUnchecked e4 elmts
func (*E4) Lookup2 ¶
Lookup2 implements two-bit lookup. It returns:
- r1 if b1=0 and b2=0,
- r2 if b1=0 and b2=1,
- r3 if b1=1 and b2=0,
- r3 if b1=1 and b2=1.
func (*E4) MulByNonResidue ¶
MulByNonResidue multiplies an e4 elmt by the imaginary elmt ext.uSquare is the square of the imaginary root