Documentation
¶
Overview ¶
Package bn256 provides efficient elliptic curve and pairing implementation for bn256
Index ¶
- Variables
- func BatchJacobianToAffineG1(points []G1Jac, result []G1Affine)
- func Generators() (g1 G1Jac, g2 G2Jac, g1Aff G1Affine, g2Aff G2Affine)
- type E12
- func (z *E12) Add(x, y *E12) *E12
- func (z *E12) Conjugate(x *E12) *E12
- func (z *E12) CyclotomicSquare(x *E12) *E12
- func (z *E12) Double(x *E12) *E12
- func (z *E12) Equal(x *E12) bool
- func (z *E12) Exp(x *E12, e big.Int) *E12
- func (z *E12) FromMont() *E12
- func (z *E12) Inverse(x *E12) *E12
- func (z *E12) InverseUnitary(x *E12) *E12
- func (z *E12) Mul(x, y *E12) *E12
- func (z *E12) Set(x *E12) *E12
- func (z *E12) SetOne() *E12
- func (z *E12) SetRandom() *E12
- func (z *E12) SetString(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11 string) *E12
- func (z *E12) Square(x *E12) *E12
- func (z *E12) String() string
- func (z *E12) Sub(x, y *E12) *E12
- func (z *E12) ToMont() *E12
- type E2
- func (z *E2) Add(x, y *E2) *E2
- func (z *E2) Conjugate(x *E2) *E2
- func (z *E2) Double(x *E2) *E2
- func (z *E2) Equal(x *E2) bool
- func (z *E2) Exp(x *E2, e big.Int) *E2
- func (z *E2) FromMont() *E2
- func (z *E2) Inverse(x *E2) *E2
- func (z *E2) IsZero() bool
- func (z *E2) Legendre() int
- func (z *E2) Mul(x, y *E2) *E2
- func (z *E2) MulByElement(x *E2, y *fp.Element) *E2
- func (z *E2) MulByNonResidue(x *E2) *E2
- func (z *E2) MulByNonResidue1Power1(x *E2) *E2
- func (z *E2) MulByNonResidue1Power2(x *E2) *E2
- func (z *E2) MulByNonResidue1Power3(x *E2) *E2
- func (z *E2) MulByNonResidue1Power4(x *E2) *E2
- func (z *E2) MulByNonResidue1Power5(x *E2) *E2
- func (z *E2) MulByNonResidue2Power1(x *E2) *E2
- func (z *E2) MulByNonResidue2Power2(x *E2) *E2
- func (z *E2) MulByNonResidue2Power3(x *E2) *E2
- func (z *E2) MulByNonResidue2Power4(x *E2) *E2
- func (z *E2) MulByNonResidue2Power5(x *E2) *E2
- func (z *E2) MulByNonResidue3Power1(x *E2) *E2
- func (z *E2) MulByNonResidue3Power2(x *E2) *E2
- func (z *E2) MulByNonResidue3Power3(x *E2) *E2
- func (z *E2) MulByNonResidue3Power4(x *E2) *E2
- func (z *E2) MulByNonResidue3Power5(x *E2) *E2
- func (z *E2) MulByNonResidueInv(x *E2) *E2
- func (z *E2) Neg(x *E2) *E2
- func (z *E2) Set(x *E2) *E2
- func (z *E2) SetOne() *E2
- func (z *E2) SetRandom() *E2
- func (z *E2) SetString(s1, s2 string) *E2
- func (z *E2) SetZero() *E2
- func (z *E2) Sqrt(x *E2) *E2
- func (z *E2) Square(x *E2) *E2
- func (z *E2) String() string
- func (z *E2) Sub(x, y *E2) *E2
- func (z *E2) ToMont() *E2
- type E6
- func (z *E6) Add(x, y *E6) *E6
- func (z *E6) Double(x *E6) *E6
- func (z *E6) Equal(x *E6) bool
- func (z *E6) FromMont() *E6
- func (z *E6) Inverse(x *E6) *E6
- func (z *E6) Mul(x, y *E6) *E6
- func (z *E6) MulByNonResidue(x *E6) *E6
- func (z *E6) Neg(x *E6) *E6
- func (z *E6) Set(x *E6) *E6
- func (z *E6) SetOne() *E6
- func (z *E6) SetRandom() *E6
- func (z *E6) SetString(s1, s2, s3, s4, s5, s6 string) *E6
- func (z *E6) Square(x *E6) *E6
- func (z *E6) String() string
- func (z *E6) Sub(x, y *E6) *E6
- func (z *E6) ToMont() *E6
- type G1Affine
- type G1Jac
- func (p *G1Jac) AddAssign(a *G1Jac) *G1Jac
- func (p *G1Jac) AddMixed(a *G1Affine) *G1Jac
- func (p *G1Jac) Double(q *G1Jac) *G1Jac
- func (p *G1Jac) DoubleAssign() *G1Jac
- func (p *G1Jac) Equal(a *G1Jac) bool
- func (p *G1Jac) FromAffine(Q *G1Affine) *G1Jac
- func (p *G1Jac) IsOnCurve() bool
- func (p *G1Jac) MultiExp(points []G1Affine, scalars []fr.Element, opts ...*MultiExpOptions) *G1Jac
- func (p *G1Jac) Neg(a *G1Jac) *G1Jac
- func (p *G1Jac) ScalarMultiplication(a *G1Jac, s *big.Int) *G1Jac
- func (p *G1Jac) Set(a *G1Jac) *G1Jac
- func (p *G1Jac) String() string
- func (p *G1Jac) SubAssign(a *G1Jac) *G1Jac
- func (p *G1Jac) SubgroupCheck() bool
- type G1Proj
- type G2Affine
- type G2Jac
- func (p *G2Jac) AddAssign(a *G2Jac) *G2Jac
- func (p *G2Jac) AddMixed(a *G2Affine) *G2Jac
- func (p *G2Jac) ClearCofactor(a *G2Jac) *G2Jac
- func (p *G2Jac) Double(q *G2Jac) *G2Jac
- func (p *G2Jac) DoubleAssign() *G2Jac
- func (p *G2Jac) Equal(a *G2Jac) bool
- func (p *G2Jac) FromAffine(Q *G2Affine) *G2Jac
- func (p *G2Jac) IsOnCurve() bool
- func (p *G2Jac) MultiExp(points []G2Affine, scalars []fr.Element, opts ...*MultiExpOptions) *G2Jac
- func (p *G2Jac) Neg(a *G2Jac) *G2Jac
- func (p *G2Jac) ScalarMultiplication(a *G2Jac, s *big.Int) *G2Jac
- func (p *G2Jac) Set(a *G2Jac) *G2Jac
- func (p *G2Jac) String() string
- func (p *G2Jac) SubAssign(a *G2Jac) *G2Jac
- func (p *G2Jac) SubgroupCheck() bool
- type G2Proj
- type MultiExpOptions
- type PairingResult
- func (z *PairingResult) Expt(x *PairingResult) *PairingResult
- func (z *PairingResult) FinalExponentiation(x *PairingResult) *PairingResult
- func (z *PairingResult) Frobenius(x *PairingResult) *PairingResult
- func (z *PairingResult) FrobeniusCube(x *PairingResult) *PairingResult
- func (z *PairingResult) FrobeniusSquare(x *PairingResult) *PairingResult
- func (z *PairingResult) MulByV(x *PairingResult, y *E2) *PairingResult
- func (z *PairingResult) MulByV2W(x *PairingResult, y *E2) *PairingResult
- func (z *PairingResult) MulByVW(x *PairingResult, y *E2) *PairingResult
Constants ¶
This section is empty.
Variables ¶
var B fp.Element
B b coeff of the curve
var ID = gurvy.BN256
ID bn256 ID
Functions ¶
func BatchJacobianToAffineG1 ¶ added in v0.3.0
BatchJacobianToAffineG1 converts points in Jacobian coordinates to Affine coordinates performing a single field inversion (Montgomery batch inversion trick) result must be allocated with len(result) == len(points)
Types ¶
type E12 ¶ added in v0.2.0
type E12 struct {
C0, C1 E6
}
E12 is a degree two finite field extension of fp6
func (*E12) CyclotomicSquare ¶ added in v0.2.0
CyclotomicSquare https://eprint.iacr.org/2009/565.pdf, 3.2
func (*E12) InverseUnitary ¶ added in v0.2.0
InverseUnitary inverse a unitary element
type E2 ¶ added in v0.2.0
E2 is a degree two finite field extension of fp.Element
var Btwist E2
Btwist b coeff of the twist (defined over Fp2) curve
func (*E2) IsZero ¶ added in v0.2.0
IsZero returns true if the two elements are equal, fasle otherwise
func (*E2) MulByElement ¶ added in v0.2.0
MulByElement multiplies an element in E2 by an element in fp
func (*E2) MulByNonResidue ¶ added in v0.2.0
MulByNonResidue multiplies a E2 by (9,1)
func (*E2) MulByNonResidue1Power1 ¶ added in v0.2.0
MulByNonResidue1Power1 set z=x*(9,1)^(1*(p^1-1)/6) and return z
func (*E2) MulByNonResidue1Power2 ¶ added in v0.2.0
MulByNonResidue1Power2 set z=x*(9,1)^(2*(p^1-1)/6) and return z
func (*E2) MulByNonResidue1Power3 ¶ added in v0.2.0
MulByNonResidue1Power3 set z=x*(9,1)^(3*(p^1-1)/6) and return z
func (*E2) MulByNonResidue1Power4 ¶ added in v0.2.0
MulByNonResidue1Power4 set z=x*(9,1)^(4*(p^1-1)/6) and return z
func (*E2) MulByNonResidue1Power5 ¶ added in v0.2.0
MulByNonResidue1Power5 set z=x*(9,1)^(5*(p^1-1)/6) and return z
func (*E2) MulByNonResidue2Power1 ¶ added in v0.2.0
MulByNonResidue2Power1 set z=x*(9,1)^(1*(p^2-1)/6) and return z
func (*E2) MulByNonResidue2Power2 ¶ added in v0.2.0
MulByNonResidue2Power2 set z=x*(9,1)^(2*(p^2-1)/6) and return z
func (*E2) MulByNonResidue2Power3 ¶ added in v0.2.0
MulByNonResidue2Power3 set z=x*(9,1)^(3*(p^2-1)/6) and return z
func (*E2) MulByNonResidue2Power4 ¶ added in v0.2.0
MulByNonResidue2Power4 set z=x*(9,1)^(4*(p^2-1)/6) and return z
func (*E2) MulByNonResidue2Power5 ¶ added in v0.2.0
MulByNonResidue2Power5 set z=x*(9,1)^(5*(p^2-1)/6) and return z
func (*E2) MulByNonResidue3Power1 ¶ added in v0.2.0
MulByNonResidue3Power1 set z=x*(9,1)^(1*(p^3-1)/6) and return z
func (*E2) MulByNonResidue3Power2 ¶ added in v0.2.0
MulByNonResidue3Power2 set z=x*(9,1)^(2*(p^3-1)/6) and return z
func (*E2) MulByNonResidue3Power3 ¶ added in v0.2.0
MulByNonResidue3Power3 set z=x*(9,1)^(3*(p^3-1)/6) and return z
func (*E2) MulByNonResidue3Power4 ¶ added in v0.2.0
MulByNonResidue3Power4 set z=x*(9,1)^(4*(p^3-1)/6) and return z
func (*E2) MulByNonResidue3Power5 ¶ added in v0.2.0
MulByNonResidue3Power5 set z=x*(9,1)^(5*(p^3-1)/6) and return z
func (*E2) MulByNonResidueInv ¶ added in v0.2.0
MulByNonResidueInv multiplies a E2 by (9,1)^{-1}
func (*E2) Sqrt ¶ added in v0.3.0
Sqrt sets z to the square root of and returns z The function does not test wether the square root exists or not, it's up to the caller to call Legendre beforehand. cf https://eprint.iacr.org/2012/685.pdf (algo 9)
type E6 ¶ added in v0.2.0
type E6 struct {
B0, B1, B2 E2
}
E6 is a degree three finite field extension of fp2
func (*E6) MulByNonResidue ¶ added in v0.2.0
MulByNonResidue mul x by (0,1,0)
type G1Affine ¶
G1Affine point in affine coordinates
func BatchScalarMultiplicationG1 ¶ added in v0.3.0
BatchScalarMultiplicationG1 multiplies the same base (generator) by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm
func (*G1Affine) FromJacobian ¶ added in v0.2.0
FromJacobian rescale a point in Jacobian coord in z=1 plane
func (*G1Affine) IsInfinity ¶
IsInfinity checks if the point is infinity (in affine, it's encoded as (0,0))
type G1Jac ¶
G1Jac is a point with fp.Element coordinates
func (*G1Jac) AddAssign ¶ added in v0.2.0
AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl
func (*G1Jac) AddMixed ¶
AddMixed point addition http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl
func (*G1Jac) Double ¶
Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G1Jac) DoubleAssign ¶ added in v0.2.0
DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G1Jac) FromAffine ¶ added in v0.2.0
FromAffine sets p = Q, p in Jacboian, Q in affine
func (*G1Jac) MultiExp ¶
MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a MultiExpOptions struct enabling to set * max number of cpus to use
func (*G1Jac) ScalarMultiplication ¶ added in v0.2.0
ScalarMultiplication computes and returns p = a*s see https://www.iacr.org/archive/crypto2001/21390189.pdf
func (*G1Jac) SubgroupCheck ¶ added in v0.3.0
SubgroupCheck returns true if p is on the r-torsion, false otherwise. For bn curves, the r-torsion in E(Fp) is the full group, so we just check that the point is on the curve.
type G1Proj ¶ added in v0.2.0
G1Proj point in projective coordinates
func (*G1Proj) FromJacobian ¶ added in v0.2.0
FromJacobian converts a point from Jacobian to projective coordinates
type G2Affine ¶
type G2Affine struct {
X, Y E2
}
G2Affine point in affine coordinates
func BatchScalarMultiplicationG2 ¶ added in v0.3.0
BatchScalarMultiplicationG2 multiplies the same base (generator) by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm
func (*G2Affine) FromJacobian ¶ added in v0.2.0
FromJacobian rescale a point in Jacobian coord in z=1 plane
func (*G2Affine) IsInfinity ¶
IsInfinity checks if the point is infinity (in affine, it's encoded as (0,0))
type G2Jac ¶
type G2Jac struct {
X, Y, Z E2
}
G2Jac is a point with E2 coordinates
func (*G2Jac) AddAssign ¶ added in v0.2.0
AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#addition-add-2007-bl
func (*G2Jac) AddMixed ¶
AddMixed point addition http://www.hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-0.html#addition-madd-2007-bl
func (*G2Jac) ClearCofactor ¶ added in v0.3.0
ClearCofactor maps a point in E'(Fp2) to E'(Fp2)[r] cf http://cacr.uwaterloo.ca/techreports/2011/cacr2011-26.pdf, 6.1
func (*G2Jac) Double ¶
Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G2Jac) DoubleAssign ¶ added in v0.2.0
DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G2Jac) FromAffine ¶ added in v0.2.0
FromAffine sets p = Q, p in Jacboian, Q in affine
func (*G2Jac) MultiExp ¶
MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a MultiExpOptions struct enabling to set * max number of cpus to use
func (*G2Jac) ScalarMultiplication ¶ added in v0.2.0
ScalarMultiplication computes and returns p = a*s see https://www.iacr.org/archive/crypto2001/21390189.pdf
func (*G2Jac) SubgroupCheck ¶ added in v0.3.0
SubgroupCheck returns true if p is on the r-torsion, false otherwise. Z[r,0]+Z[-lambdaG2, 1] is the kernel of (u,v)->u+lambdaG2v mod r. Expressing r, lambdaG2 as polynomials in x, a short vector of this Zmodule is (4x+2), (-12x**2+4*x). So we check that (4x+2)p+(-12x**2+4*x)phi(p) is the infinity.
type G2Proj ¶ added in v0.2.0
type G2Proj struct {
X, Y, Z E2
}
G2Proj point in projective coordinates
func (*G2Proj) FromJacobian ¶ added in v0.2.0
FromJacobian converts a point from Jacobian to projective coordinates
type MultiExpOptions ¶ added in v0.3.0
type MultiExpOptions struct {
// contains filtered or unexported fields
}
MultiExpOptions enables users to set optional parameters to the multiexp
func NewMultiExpOptions ¶ added in v0.3.0
func NewMultiExpOptions(numCpus int) *MultiExpOptions
NewMultiExpOptions returns a new multiExp options to be used with MultiExp this option can be shared between different MultiExp calls and will ensure only numCpus are used through a semaphore
type PairingResult ¶
type PairingResult = E12
PairingResult target group of the pairing
func FinalExponentiation ¶ added in v0.2.0
func FinalExponentiation(z *PairingResult, _z ...*PairingResult) PairingResult
FinalExponentiation computes the final expo x**(p**6-1)(p**2+1)(p**4 - p**2 +1)/r
func MillerLoop ¶ added in v0.2.0
func MillerLoop(P G1Affine, Q G2Affine) *PairingResult
MillerLoop Miller loop
func (*PairingResult) Expt ¶ added in v0.2.0
func (z *PairingResult) Expt(x *PairingResult) *PairingResult
Expt set z to x^t in PairingResult and return z (t is the generator of the BN curve)
func (*PairingResult) FinalExponentiation ¶ added in v0.2.0
func (z *PairingResult) FinalExponentiation(x *PairingResult) *PairingResult
FinalExponentiation sets z to the final expo x**((p**12 - 1)/r), returns z
func (*PairingResult) Frobenius ¶ added in v0.2.0
func (z *PairingResult) Frobenius(x *PairingResult) *PairingResult
Frobenius set z to Frobenius(x), return z
func (*PairingResult) FrobeniusCube ¶ added in v0.2.0
func (z *PairingResult) FrobeniusCube(x *PairingResult) *PairingResult
FrobeniusCube set z to Frobenius^3(x), return z
func (*PairingResult) FrobeniusSquare ¶ added in v0.2.0
func (z *PairingResult) FrobeniusSquare(x *PairingResult) *PairingResult
FrobeniusSquare set z to Frobenius^2(x), and return z
func (*PairingResult) MulByV ¶ added in v0.2.0
func (z *PairingResult) MulByV(x *PairingResult, y *E2) *PairingResult
MulByV set z to x*(y*v) and return z here y*v means the PairingResult element with C0.B1=y and all other components 0
func (*PairingResult) MulByV2W ¶ added in v0.2.0
func (z *PairingResult) MulByV2W(x *PairingResult, y *E2) *PairingResult
MulByV2W set z to x*(y*v^2*w) and return z here y*v^2*w means the PairingResult element with C1.B2=y and all other components 0
func (*PairingResult) MulByVW ¶ added in v0.2.0
func (z *PairingResult) MulByVW(x *PairingResult, y *E2) *PairingResult
MulByVW set z to x*(y*v*w) and return z here y*v*w means the PairingResult element with C1.B1=y and all other components 0
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package fp contains field arithmetic operations Package fp contains field arithmetic operations Package fp contains field arithmetic operations
|
Package fp contains field arithmetic operations Package fp contains field arithmetic operations Package fp contains field arithmetic operations |
|
Package fr contains field arithmetic operations Package fr contains field arithmetic operations Package fr contains field arithmetic operations
|
Package fr contains field arithmetic operations Package fr contains field arithmetic operations Package fr contains field arithmetic operations |