Documentation
¶
Overview ¶
Package bls377 provides efficient elliptic curve and pairing implementation for bls377
Index ¶
- Constants
- func BatchJacobianToAffineG1Affine(points []G1Jac, result []G1Affine)
- func Generators() (g1Jac G1Jac, g2Jac G2Jac, g1Aff G1Affine, g2Aff G2Affine)
- func PairingCheck(P []G1Affine, Q []G2Affine) (bool, error)
- func RawEncoding() func(*Encoder)
- type CPUSemaphore
- type Decoder
- type E12
- type E2
- type E6
- type Encoder
- type G1Affine
- func (p *G1Affine) Bytes() (res [SizeOfG1AffineCompressed]byte)
- func (p *G1Affine) ClearCofactor(a *G1Affine) *G1Affine
- func (p *G1Affine) Equal(a *G1Affine) bool
- func (p *G1Affine) FromJacobian(p1 *G1Jac) *G1Affine
- func (p *G1Affine) IsInSubGroup() bool
- func (p *G1Affine) IsInfinity() bool
- func (p *G1Affine) IsOnCurve() bool
- func (p *G1Affine) Marshal() []byte
- func (p *G1Affine) MultiExp(points []G1Affine, scalars []fr.Element, opts ...*CPUSemaphore) *G1Affine
- func (p *G1Affine) Neg(a *G1Affine) *G1Affine
- func (p *G1Affine) RawBytes() (res [SizeOfG1AffineUncompressed]byte)
- func (p *G1Affine) ScalarMultiplication(a *G1Affine, s *big.Int) *G1Affine
- func (p *G1Affine) Set(a *G1Affine) *G1Affine
- func (p *G1Affine) SetBytes(buf []byte) (int, error)
- func (p *G1Affine) String() string
- func (p *G1Affine) Unmarshal(buf []byte) error
- type G1Jac
- func (p *G1Jac) AddAssign(a *G1Jac) *G1Jac
- func (p *G1Jac) AddMixed(a *G1Affine) *G1Jac
- func (p *G1Jac) ClearCofactor(a *G1Jac) *G1Jac
- func (p *G1Jac) Double(q *G1Jac) *G1Jac
- func (p *G1Jac) DoubleAssign() *G1Jac
- func (p *G1Jac) Equal(a *G1Jac) bool
- func (p *G1Jac) FromAffine(Q *G1Affine) *G1Jac
- func (p *G1Jac) IsInSubGroup() bool
- func (p *G1Jac) IsOnCurve() bool
- func (p *G1Jac) MultiExp(points []G1Affine, scalars []fr.Element, opts ...*CPUSemaphore) *G1Jac
- func (p *G1Jac) Neg(a *G1Jac) *G1Jac
- func (p *G1Jac) ScalarMultiplication(a *G1Jac, s *big.Int) *G1Jac
- func (p *G1Jac) Set(a *G1Jac) *G1Jac
- func (p *G1Jac) String() string
- func (p *G1Jac) SubAssign(a *G1Jac) *G1Jac
- type G2Affine
- func (p *G2Affine) Bytes() (res [SizeOfG2AffineCompressed]byte)
- func (p *G2Affine) ClearCofactor(a *G2Affine) *G2Affine
- func (p *G2Affine) Equal(a *G2Affine) bool
- func (p *G2Affine) FromJacobian(p1 *G2Jac) *G2Affine
- func (p *G2Affine) IsInSubGroup() bool
- func (p *G2Affine) IsInfinity() bool
- func (p *G2Affine) IsOnCurve() bool
- func (p *G2Affine) Marshal() []byte
- func (p *G2Affine) MultiExp(points []G2Affine, scalars []fr.Element, opts ...*CPUSemaphore) *G2Affine
- func (p *G2Affine) Neg(a *G2Affine) *G2Affine
- func (p *G2Affine) RawBytes() (res [SizeOfG2AffineUncompressed]byte)
- func (p *G2Affine) ScalarMultiplication(a *G2Affine, s *big.Int) *G2Affine
- func (p *G2Affine) Set(a *G2Affine) *G2Affine
- func (p *G2Affine) SetBytes(buf []byte) (int, error)
- func (p *G2Affine) String() string
- func (p *G2Affine) Unmarshal(buf []byte) error
- type G2Jac
- func (p *G2Jac) AddAssign(a *G2Jac) *G2Jac
- func (p *G2Jac) AddMixed(a *G2Affine) *G2Jac
- func (p *G2Jac) ClearCofactor(a *G2Jac) *G2Jac
- func (p *G2Jac) Double(q *G2Jac) *G2Jac
- func (p *G2Jac) DoubleAssign() *G2Jac
- func (p *G2Jac) Equal(a *G2Jac) bool
- func (p *G2Jac) FromAffine(Q *G2Affine) *G2Jac
- func (p *G2Jac) IsInSubGroup() bool
- func (p *G2Jac) IsOnCurve() bool
- func (p *G2Jac) MultiExp(points []G2Affine, scalars []fr.Element, opts ...*CPUSemaphore) *G2Jac
- func (p *G2Jac) Neg(a *G2Jac) *G2Jac
- func (p *G2Jac) ScalarMultiplication(a *G2Jac, s *big.Int) *G2Jac
- func (p *G2Jac) Set(a *G2Jac) *G2Jac
- func (p *G2Jac) String() string
- func (p *G2Jac) SubAssign(a *G2Jac) *G2Jac
- type GT
Examples ¶
Constants ¶
const ID = gurvy.BLS377
ID bls377 ID
const SizeOfG1AffineCompressed = 48
SizeOfG1AffineCompressed represents the size in bytes that a G1Affine need in binary form, compressed
const SizeOfG1AffineUncompressed = SizeOfG1AffineCompressed * 2
SizeOfG1AffineUncompressed represents the size in bytes that a G1Affine need in binary form, uncompressed
const SizeOfG2AffineCompressed = 48 * 2
SizeOfG2AffineCompressed represents the size in bytes that a G2Affine need in binary form, compressed
const SizeOfG2AffineUncompressed = SizeOfG2AffineCompressed * 2
SizeOfG2AffineUncompressed represents the size in bytes that a G2Affine need in binary form, uncompressed
const SizeOfGT = fptower.SizeOfGT
SizeOfGT represents the size in bytes that a GT element need in binary form
Variables ¶
This section is empty.
Functions ¶
func BatchJacobianToAffineG1Affine ¶ added in v0.3.6
BatchJacobianToAffineG1Affine converts points in Jacobian coordinates to Affine coordinates performing a single field inversion (Montgomery batch inversion trick) result must be allocated with len(result) == len(points)
func Generators ¶ added in v0.3.0
Generators return the generators of the r-torsion group, resp. in ker(pi-id), ker(Tr)
func PairingCheck ¶ added in v0.3.6
PairingCheck calculates the reduced pairing for a set of points and returns True if the result is One
func RawEncoding ¶ added in v0.3.6
func RawEncoding() func(*Encoder)
RawEncoding returns an option to use in NewEncoder(...) which sets raw encoding mode to true points will not be compressed using this option
Types ¶
type CPUSemaphore ¶ added in v0.3.4
type CPUSemaphore struct {
// contains filtered or unexported fields
}
CPUSemaphore enables users to set optional number of CPUs the multiexp will use this is thread safe and can be used accross parallel calls of gurvy.MultiExp
func NewCPUSemaphore ¶ added in v0.3.4
func NewCPUSemaphore(numCpus int) *CPUSemaphore
NewCPUSemaphore returns a new multiExp options to be used with MultiExp this option can be shared between different MultiExp calls and will ensure only numCpus are used through a semaphore
type Decoder ¶ added in v0.3.6
type Decoder struct {
// contains filtered or unexported fields
}
Decoder reads bls377 object values from an inbound stream
func NewDecoder ¶ added in v0.3.6
NewDecoder returns a binary decoder supporting curve bls377 objects in both compressed and uncompressed (raw) forms
type Encoder ¶ added in v0.3.6
type Encoder struct {
// contains filtered or unexported fields
}
Encoder writes bls377 object values to an output stream
func NewEncoder ¶ added in v0.3.6
NewEncoder returns a binary encoder supporting curve bls377 objects
func (*Encoder) BytesWritten ¶ added in v0.3.6
BytesWritten return total bytes written on writer
type G1Affine ¶
G1Affine point in affine coordinates
func BatchScalarMultiplicationG1 ¶ added in v0.3.0
BatchScalarMultiplicationG1 multiplies the same base (generator) by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm
func EncodeToCurveG1Svdw ¶ added in v0.3.4
EncodeToCurveG1Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-2.2.2
func HashToCurveG1Svdw ¶ added in v0.3.4
HashToCurveG1Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-3
func MapToCurveG1Svdw ¶ added in v0.3.4
MapToCurveG1Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-2.2.1
func (*G1Affine) Bytes ¶ added in v0.3.6
func (p *G1Affine) Bytes() (res [SizeOfG1AffineCompressed]byte)
Bytes returns binary representation of p will store X coordinate in regular form and a parity bit we follow the BLS381 style encoding as specified in ZCash and now IETF The most significant bit, when set, indicates that the point is in compressed form. Otherwise, the point is in uncompressed form. The second-most significant bit indicates that the point is at infinity. If this bit is set, the remaining bits of the group element's encoding should be set to zero. The third-most significant bit is set if (and only if) this point is in compressed form and it is not the point at infinity and its y-coordinate is the lexicographically largest of the two associated with the encoded x-coordinate.
func (*G1Affine) ClearCofactor ¶ added in v0.3.4
ClearCofactor ...
func (*G1Affine) FromJacobian ¶ added in v0.2.0
FromJacobian rescale a point in Jacobian coord in z=1 plane
func (*G1Affine) IsInSubGroup ¶ added in v0.3.3
IsInSubGroup returns true if p is in the correct subgroup, false otherwise
func (*G1Affine) IsInfinity ¶
IsInfinity checks if the point is infinity (in affine, it's encoded as (0,0))
func (*G1Affine) Marshal ¶ added in v0.3.6
Marshal converts p to a byte slice (without point compression)
func (*G1Affine) MultiExp ¶ added in v0.3.6
func (p *G1Affine) MultiExp(points []G1Affine, scalars []fr.Element, opts ...*CPUSemaphore) *G1Affine
MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a CPUSemaphore struct enabling to set max number of cpus to use
func (*G1Affine) RawBytes ¶ added in v0.3.6
func (p *G1Affine) RawBytes() (res [SizeOfG1AffineUncompressed]byte)
RawBytes returns binary representation of p (stores X and Y coordinate) see Bytes() for a compressed representation
func (*G1Affine) ScalarMultiplication ¶ added in v0.3.4
ScalarMultiplication computes and returns p = a*s
func (*G1Affine) SetBytes ¶ added in v0.3.6
SetBytes sets p from binary representation in buf and returns number of consumed bytes bytes in buf must match either RawBytes() or Bytes() output if buf is too short io.ErrShortBuffer is returned if buf contains compressed representation (output from Bytes()) and we're unable to compute the Y coordinate (i.e the square root doesn't exist) this function retunrs an error this check if the resulting point is on the curve and in the correct subgroup
type G1Jac ¶
G1Jac is a point with fp.Element coordinates
func (*G1Jac) AddAssign ¶ added in v0.2.0
AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl
func (*G1Jac) AddMixed ¶
AddMixed point addition http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl
func (*G1Jac) ClearCofactor ¶ added in v0.3.0
ClearCofactor maps a point in E(Fp) to E(Fp)[r]
func (*G1Jac) Double ¶
Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G1Jac) DoubleAssign ¶ added in v0.2.0
DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G1Jac) FromAffine ¶ added in v0.2.0
FromAffine sets p = Q, p in Jacboian, Q in affine
func (*G1Jac) IsInSubGroup ¶ added in v0.3.3
IsInSubGroup returns true if p is on the r-torsion, false otherwise. Z[r,0]+Z[-lambdaG1Affine, 1] is the kernel of (u,v)->u+lambdaG1Affinev mod r. Expressing r, lambdaG1Affine as polynomials in x, a short vector of this Zmodule is 1, x**2. So we check that p+x**2*phi(p) is the infinity.
func (*G1Jac) MultiExp ¶
MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a CPUSemaphore struct enabling to set max number of cpus to use
func (*G1Jac) ScalarMultiplication ¶ added in v0.2.0
ScalarMultiplication computes and returns p = a*s see https://www.iacr.org/archive/crypto2001/21390189.pdf
type G2Affine ¶
G2Affine point in affine coordinates
func BatchScalarMultiplicationG2 ¶ added in v0.3.0
BatchScalarMultiplicationG2 multiplies the same base (generator) by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm
func EncodeToCurveG2Svdw ¶ added in v0.3.4
EncodeToCurveG2Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-2.2.2
func HashToCurveG2Svdw ¶ added in v0.3.4
HashToCurveG2Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-3
func MapToCurveG2Svdw ¶ added in v0.3.4
MapToCurveG2Svdw maps an fp.Element to a point on the curve using the Shallue and van de Woestijne map https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-06#section-2.2.1
func (*G2Affine) Bytes ¶ added in v0.3.6
func (p *G2Affine) Bytes() (res [SizeOfG2AffineCompressed]byte)
Bytes returns binary representation of p will store X coordinate in regular form and a parity bit we follow the BLS381 style encoding as specified in ZCash and now IETF The most significant bit, when set, indicates that the point is in compressed form. Otherwise, the point is in uncompressed form. The second-most significant bit indicates that the point is at infinity. If this bit is set, the remaining bits of the group element's encoding should be set to zero. The third-most significant bit is set if (and only if) this point is in compressed form and it is not the point at infinity and its y-coordinate is the lexicographically largest of the two associated with the encoded x-coordinate.
func (*G2Affine) ClearCofactor ¶ added in v0.3.4
ClearCofactor ...
func (*G2Affine) FromJacobian ¶ added in v0.2.0
FromJacobian rescale a point in Jacobian coord in z=1 plane
func (*G2Affine) IsInSubGroup ¶ added in v0.3.3
IsInSubGroup returns true if p is in the correct subgroup, false otherwise
func (*G2Affine) IsInfinity ¶
IsInfinity checks if the point is infinity (in affine, it's encoded as (0,0))
func (*G2Affine) Marshal ¶ added in v0.3.6
Marshal converts p to a byte slice (without point compression)
func (*G2Affine) MultiExp ¶ added in v0.3.6
func (p *G2Affine) MultiExp(points []G2Affine, scalars []fr.Element, opts ...*CPUSemaphore) *G2Affine
MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a CPUSemaphore struct enabling to set max number of cpus to use
func (*G2Affine) RawBytes ¶ added in v0.3.6
func (p *G2Affine) RawBytes() (res [SizeOfG2AffineUncompressed]byte)
RawBytes returns binary representation of p (stores X and Y coordinate) see Bytes() for a compressed representation
func (*G2Affine) ScalarMultiplication ¶ added in v0.3.4
ScalarMultiplication computes and returns p = a*s
func (*G2Affine) SetBytes ¶ added in v0.3.6
SetBytes sets p from binary representation in buf and returns number of consumed bytes bytes in buf must match either RawBytes() or Bytes() output if buf is too short io.ErrShortBuffer is returned if buf contains compressed representation (output from Bytes()) and we're unable to compute the Y coordinate (i.e the square root doesn't exist) this function retunrs an error this check if the resulting point is on the curve and in the correct subgroup
type G2Jac ¶
G2Jac is a point with fptower.E2 coordinates
func (*G2Jac) AddAssign ¶ added in v0.2.0
AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl
func (*G2Jac) AddMixed ¶
AddMixed point addition http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl
func (*G2Jac) ClearCofactor ¶ added in v0.3.0
ClearCofactor ...
func (*G2Jac) Double ¶
Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G2Jac) DoubleAssign ¶ added in v0.2.0
DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G2Jac) FromAffine ¶ added in v0.2.0
FromAffine sets p = Q, p in Jacboian, Q in affine
func (*G2Jac) IsInSubGroup ¶ added in v0.3.3
IsInSubGroup returns true if p is on the r-torsion, false otherwise. Z[r,0]+Z[-lambdaG2Affine, 1] is the kernel of (u,v)->u+lambdaG2Affinev mod r. Expressing r, lambdaG2Affine as polynomials in x, a short vector of this Zmodule is 1, x**2. So we check that p+x**2*phi(p) is the infinity.
func (*G2Jac) MultiExp ¶
MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a CPUSemaphore struct enabling to set max number of cpus to use
func (*G2Jac) ScalarMultiplication ¶ added in v0.2.0
ScalarMultiplication computes and returns p = a*s see https://www.iacr.org/archive/crypto2001/21390189.pdf
type GT ¶ added in v0.3.3
GT target group of the pairing
func FinalExponentiation ¶ added in v0.2.0
FinalExponentiation computes the final expo x**(p**6-1)(p**2+1)(p**4 - p**2 +1)/r
func MillerLoop ¶ added in v0.2.0
MillerLoop Miller loop
Example ¶
// samples a random scalar r
var r big.Int
var rFr fr.Element
rFr.SetRandom()
rFr.ToBigIntRegular(&r)
// computes r*g1Gen, r*g2Gen
var rg1 G1Affine
var rg2 G2Affine
rg1.ScalarMultiplication(&g1GenAff, &r)
rg2.ScalarMultiplication(&g2GenAff, &r)
// Computes e(g1GenAff, ag2) and e(ag1, g2GenAff)
e1, _ := Pair([]G1Affine{g1GenAff}, []G2Affine{rg2})
E2, _ := Pair([]G1Affine{rg1}, []G2Affine{g2GenAff})
// checks that bilinearity property holds
check := e1.Equal(&E2)
fmt.Printf("%t\n", check)
Output: true
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package fp contains field arithmetic operations for modulus 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
|
Package fp contains field arithmetic operations for modulus 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 |
|
Package fr contains field arithmetic operations for modulus 8444461749428370424248824938781546531375899335154063827935233455917409239041
|
Package fr contains field arithmetic operations for modulus 8444461749428370424248824938781546531375899335154063827935233455917409239041 |
|
internal
|
|