Documentation
¶
Overview ¶
Package bw761 provides efficient elliptic curve and pairing implementation for bw761
Index ¶
- Variables
- func BatchJacobianToAffineG1(points []G1Jac, result []G1Affine)
- func Generators() (g1 G1Jac, g2 G2Jac, g1Aff G1Affine, g2Aff G2Affine)
- type G1Affine
- type G1Jac
- func (p *G1Jac) AddAssign(a *G1Jac) *G1Jac
- func (p *G1Jac) AddMixed(a *G1Affine) *G1Jac
- func (p *G1Jac) ClearCofactor(a *G1Jac) *G1Jac
- func (p *G1Jac) Double(q *G1Jac) *G1Jac
- func (p *G1Jac) DoubleAssign() *G1Jac
- func (p *G1Jac) Equal(a *G1Jac) bool
- func (p *G1Jac) FromAffine(Q *G1Affine) *G1Jac
- func (p *G1Jac) IsInSubGroup() bool
- func (p *G1Jac) IsOnCurve() bool
- func (p *G1Jac) MultiExp(points []G1Affine, scalars []fr.Element, opts ...*MultiExpOptions) *G1Jac
- func (p *G1Jac) Neg(a *G1Jac) *G1Jac
- func (p *G1Jac) ScalarMultiplication(a *G1Jac, s *big.Int) *G1Jac
- func (p *G1Jac) Set(a *G1Jac) *G1Jac
- func (p *G1Jac) String() string
- func (p *G1Jac) SubAssign(a *G1Jac) *G1Jac
- type G1Proj
- type G2Affine
- type G2Jac
- func (p *G2Jac) AddAssign(a *G2Jac) *G2Jac
- func (p *G2Jac) AddMixed(a *G2Affine) *G2Jac
- func (p *G2Jac) ClearCofactor(a *G2Jac) *G2Jac
- func (p *G2Jac) Double(q *G2Jac) *G2Jac
- func (p *G2Jac) DoubleAssign() *G2Jac
- func (p *G2Jac) Equal(a *G2Jac) bool
- func (p *G2Jac) FromAffine(Q *G2Affine) *G2Jac
- func (p *G2Jac) IsInSubGroup() bool
- func (p *G2Jac) IsOnCurve() bool
- func (p *G2Jac) MultiExp(points []G2Affine, scalars []fr.Element, opts ...*MultiExpOptions) *G2Jac
- func (p *G2Jac) Neg(a *G2Jac) *G2Jac
- func (p *G2Jac) ScalarMultiplication(a *G2Jac, s *big.Int) *G2Jac
- func (p *G2Jac) Set(a *G2Jac) *G2Jac
- func (p *G2Jac) String() string
- func (p *G2Jac) SubAssign(a *G2Jac) *G2Jac
- type G2Proj
- type GT
- func (z *GT) Expt(x *GT) *GT
- func (z *GT) FinalExponentiation(x *GT) *GT
- func (z *GT) Frobenius(x *GT) *GT
- func (z *GT) FrobeniusCube(x *GT) *GT
- func (z *GT) FrobeniusSquare(x *GT) *GT
- func (z *GT) MulByVMinusThree(x *GT, y *fp.Element) *GT
- func (z *GT) MulByVminusFive(x *GT, y *fp.Element) *GT
- func (z *GT) MulByVminusTwo(x *GT, y *fp.Element) *GT
- type MultiExpOptions
Constants ¶
This section is empty.
Variables ¶
var B fp.Element
B b coeff of the curve
var Btwist fp.Element
Btwist b coeff of the twist (defined over Fp) curve
var ID = gurvy.BW761
ID bls377 ID
Functions ¶
func BatchJacobianToAffineG1 ¶ added in v0.3.0
BatchJacobianToAffineG1 converts points in Jacobian coordinates to Affine coordinates performing a single field inversion (Montgomery batch inversion trick) result must be allocated with len(result) == len(points)
Types ¶
type G1Affine ¶
G1Affine point in affine coordinates
func BatchScalarMultiplicationG1 ¶ added in v0.3.0
BatchScalarMultiplicationG1 multiplies the same base (generator) by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm
func (*G1Affine) FromJacobian ¶
FromJacobian rescale a point in Jacobian coord in z=1 plane
func (*G1Affine) IsInSubGroup ¶ added in v0.3.3
IsInSubGroup returns true if p is in the correct subgroup, false otherwise
func (*G1Affine) IsInfinity ¶
IsInfinity checks if the point is infinity (in affine, it's encoded as (0,0))
type G1Jac ¶
G1Jac is a point with fp.Element coordinates
func (*G1Jac) AddAssign ¶
AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl
func (*G1Jac) AddMixed ¶
AddMixed point addition http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl
func (*G1Jac) ClearCofactor ¶ added in v0.3.0
ClearCofactor maps a point in E(Fp) to E(Fp2-)[r] https://eprint.iacr.org/2020/351.pdf
func (*G1Jac) Double ¶
Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G1Jac) DoubleAssign ¶
DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G1Jac) FromAffine ¶
FromAffine sets p = Q, p in Jacboian, Q in affine
func (*G1Jac) IsInSubGroup ¶ added in v0.3.3
IsInSubGroup returns true if p is on the r-torsion, false otherwise. Z[r,0]+Z[-lambdaG1, 1] is the kernel of (u,v)->u+lambdaG1v mod r. Expressing r, lambdaG1 as polynomials in x, a short vector of this Zmodule is (x+1), (x**3-x**2+1). So we check that (x+1)p+(x**3-x**2+1)*phi(p) is the infinity.
func (*G1Jac) MultiExp ¶
MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a MultiExpOptions struct enabling to set * max number of cpus to use
func (*G1Jac) ScalarMultiplication ¶
ScalarMultiplication computes and returns p = a*s see https://www.iacr.org/archive/crypto2001/21390189.pdf
type G1Proj ¶
G1Proj point in projective coordinates
func (*G1Proj) FromJacobian ¶
FromJacobian converts a point from Jacobian to projective coordinates
type G2Affine ¶
G2Affine point in affine coordinates
func BatchScalarMultiplicationG2 ¶ added in v0.3.0
BatchScalarMultiplicationG2 multiplies the same base (generator) by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm
func (*G2Affine) Equal ¶ added in v0.3.0
Equal tests if two points (in Affine coordinates) are equal
func (*G2Affine) FromJacobian ¶ added in v0.3.0
FromJacobian rescale a point in Jacobian coord in z=1 plane
func (*G2Affine) IsInSubGroup ¶ added in v0.3.3
IsInSubGroup returns true if p is in the correct subgroup, false otherwise
func (*G2Affine) IsInfinity ¶ added in v0.3.0
IsInfinity checks if the point is infinity (in affine, it's encoded as (0,0))
type G2Jac ¶
G2Jac is a point with fp.Element coordinates
func (*G2Jac) AddAssign ¶ added in v0.3.0
AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#addition-add-2007-bl
func (*G2Jac) AddMixed ¶ added in v0.3.0
AddMixed point addition http://www.hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-0.html#addition-madd-2007-bl
func (*G2Jac) ClearCofactor ¶ added in v0.3.0
ClearCofactor maps a point in E(Fp) to E(Fp2-)[r] https://eprint.iacr.org/2020/351.pdf
func (*G2Jac) Double ¶ added in v0.3.0
Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G2Jac) DoubleAssign ¶ added in v0.3.0
DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g2p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl
func (*G2Jac) FromAffine ¶ added in v0.3.0
FromAffine sets p = Q, p in Jacboian, Q in affine
func (*G2Jac) IsInSubGroup ¶ added in v0.3.3
IsInSubGroup returns true if p is on the r-torsion, false otherwise. Z[r,0]+Z[-lambdaG2, 1] is the kernel of (u,v)->u+lambdaG2v mod r. Expressing r, lambdaG2 as polynomials in x, a short vector of this Zmodule is (x+1), (x**3-x**2+1). So we check that (x+1)p+(x**3-x**2+1)*phi(p) is the infinity.
func (*G2Jac) MultiExp ¶ added in v0.3.0
MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf optionally, takes as parameter a MultiExpOptions struct enabling to set * max number of cpus to use
func (*G2Jac) ScalarMultiplication ¶ added in v0.3.0
ScalarMultiplication computes and returns p = a*s see https://www.iacr.org/archive/crypto2001/21390189.pdf
type G2Proj ¶
G2Proj point in projective coordinates
func (*G2Proj) FromJacobian ¶ added in v0.3.0
FromJacobian converts a point from Jacobian to projective coordinates
type GT ¶ added in v0.3.3
type GT = e6
GT target group of the pairing
func FinalExponentiation ¶
FinalExponentiation computes the final expo x**(p**6-1)(p**2+1)(p**4 - p**2 +1)/r
func (*GT) FinalExponentiation ¶ added in v0.3.3
FinalExponentiation sets z to the final expo x**((p**6 - 1)/r), returns z
func (*GT) FrobeniusCube ¶ added in v0.3.3
FrobeniusCube set z to Frobenius^3(x), return z
func (*GT) FrobeniusSquare ¶ added in v0.3.3
FrobeniusSquare set z to Frobenius^2(x), and return z
func (*GT) MulByVMinusThree ¶ added in v0.3.3
MulByVMinusThree set z to x*(y*v**-3) and return z (Fp6(v) where v**3=u, v**6=-4, so v**-3 = u**-1 = (-4)**-1*u)
func (*GT) MulByVminusFive ¶ added in v0.3.3
MulByVminusFive set z to x*(y*v**-5) and return z (Fp6(v) where v**3=u, v**6=-4, so v**-5 = (-4)**-1*v)
type MultiExpOptions ¶ added in v0.3.0
type MultiExpOptions struct {
// contains filtered or unexported fields
}
MultiExpOptions enables users to set optional parameters to the multiexp
func NewMultiExpOptions ¶ added in v0.3.0
func NewMultiExpOptions(numCpus int) *MultiExpOptions
NewMultiExpOptions returns a new multiExp options to be used with MultiExp this option can be shared between different MultiExp calls and will ensure only numCpus are used through a semaphore
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package fp contains field arithmetic operations for modulus 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299
|
Package fp contains field arithmetic operations for modulus 6891450384315732539396789682275657542479668912536150109513790160209623422243491736087683183289411687640864567753786613451161759120554247759349511699125301598951605099378508850372543631423596795951899700429969112842764913119068299 |
|
Package fr contains field arithmetic operations for modulus 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177
|
Package fr contains field arithmetic operations for modulus 258664426012969094010652733694893533536393512754914660539884262666720468348340822774968888139573360124440321458177 |