The highest tagged major version is
Documentation
¶
Overview ¶
Package fields_bls12377 implements the fields arithmetic of the Fp12 tower used to compute the pairing over the BLS12-377 curve.
𝔽p²[u] = 𝔽p/u²+5 𝔽p⁶[v] = 𝔽p²/v³-u 𝔽p¹²[w] = 𝔽p⁶/w²-v
Reference: https://eprint.iacr.org/2022/1162
Index ¶
- Variables
- func Mul034By034(api frontend.API, d3, d4, c3, c4 E2) *[5]E2
- type E12
- func (e *E12) Add(api frontend.API, e1, e2 E12) *E12
- func (e *E12) AssertIsEqual(api frontend.API, other E12)
- func (e *E12) Assign(a *bls12377.E12)
- func (e *E12) Conjugate(api frontend.API, e1 E12) *E12
- func (e *E12) CyclotomicSquare(api frontend.API, x E12) *E12
- func (e *E12) CyclotomicSquareKarabina12345(api frontend.API, x E12) *E12
- func (e *E12) CyclotomicSquareKarabina2345(api frontend.API, x E12) *E12
- func (e *E12) DecompressKarabina12345(api frontend.API, x E12) *E12
- func (e *E12) DecompressKarabina2345(api frontend.API, x E12) *E12
- func (e *E12) DivUnchecked(api frontend.API, e1, e2 E12) *E12
- func (e *E12) ExpX0(api frontend.API, e1 E12) *E12
- func (e *E12) ExpX0Minus1Square(api frontend.API, e1 E12) *E12
- func (e *E12) Frobenius(api frontend.API, e1 E12) *E12
- func (e *E12) FrobeniusSquare(api frontend.API, e1 E12) *E12
- func (e *E12) Inverse(api frontend.API, e1 E12) *E12
- func (e *E12) Mul(api frontend.API, e1, e2 E12) *E12
- func (e *E12) MulBy01234(api frontend.API, x [5]E2) *E12
- func (e *E12) MulBy034(api frontend.API, c3, c4 E2) *E12
- func (e *E12) Neg(api frontend.API, e1 E12) *E12
- func (e *E12) Select(api frontend.API, b frontend.Variable, r1, r2 E12) *E12
- func (e *E12) SetOne() *E12
- func (e *E12) SetZero() *E12
- func (e *E12) Square(api frontend.API, x E12) *E12
- func (e *E12) Square034(api frontend.API, x E12) *E12
- func (e *E12) Sub(api frontend.API, e1, e2 E12) *E12
- type E2
- func (e *E2) Add(api frontend.API, e1, e2 E2) *E2
- func (e *E2) AssertIsEqual(api frontend.API, other E2)
- func (e *E2) Assign(a *bls12377.E2)
- func (e *E2) Conjugate(api frontend.API, e1 E2) *E2
- func (e *E2) DivUnchecked(api frontend.API, e1, e2 E2) *E2
- func (e *E2) Double(api frontend.API, e1 E2) *E2
- func (e *E2) Inverse(api frontend.API, e1 E2) *E2
- func (e *E2) IsZero(api frontend.API) frontend.Variable
- func (e *E2) Lookup2(api frontend.API, b1, b2 frontend.Variable, r1, r2, r3, r4 E2) *E2
- func (e *E2) Mul(api frontend.API, e1, e2 E2) *E2
- func (e *E2) MulByFp(api frontend.API, e1 E2, c interface{}) *E2
- func (e *E2) MulByNonResidue(api frontend.API, e1 E2) *E2
- func (e *E2) Neg(api frontend.API, e1 E2) *E2
- func (e *E2) Select(api frontend.API, b frontend.Variable, r1, r2 E2) *E2
- func (e *E2) SetOne() *E2
- func (e *E2) SetZero() *E2
- func (e *E2) Square(api frontend.API, x E2) *E2
- func (e *E2) Sub(api frontend.API, e1, e2 E2) *E2
- type E6
- func (e *E6) Add(api frontend.API, e1, e2 E6) *E6
- func (e *E6) AssertIsEqual(api frontend.API, other E6)
- func (e *E6) Assign(a *bls12377.E6)
- func (e *E6) DivUnchecked(api frontend.API, e1, e2 E6) *E6
- func (e *E6) Inverse(api frontend.API, e1 E6) *E6
- func (e *E6) Mul(api frontend.API, e1, e2 E6) *E6
- func (e *E6) Mul0By01(api frontend.API, a0, b0, b1 E2) *E6
- func (e *E6) MulBy01(api frontend.API, c0, c1 E2) *E6
- func (e *E6) MulByE2(api frontend.API, e1 E6, e2 E2) *E6
- func (e *E6) MulByFp2(api frontend.API, e1 E6, e2 E2) *E6
- func (e *E6) MulByNonResidue(api frontend.API, e1 E6) *E6
- func (e *E6) Neg(api frontend.API, e1 E6) *E6
- func (e *E6) Select(api frontend.API, b frontend.Variable, r1, r2 E6) *E6
- func (e *E6) SetOne() *E6
- func (e *E6) SetZero() *E6
- func (e *E6) Square(api frontend.API, x E6) *E6
- func (e *E6) Sub(api frontend.API, e1, e2 E6) *E6
- type Extension
Constants ¶
This section is empty.
Variables ¶
View Source
var DivE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, b, c bls12377.E12 a.C0.B0.A0.SetBigInt(inputs[0]) a.C0.B0.A1.SetBigInt(inputs[1]) a.C0.B1.A0.SetBigInt(inputs[2]) a.C0.B1.A1.SetBigInt(inputs[3]) a.C0.B2.A0.SetBigInt(inputs[4]) a.C0.B2.A1.SetBigInt(inputs[5]) a.C1.B0.A0.SetBigInt(inputs[6]) a.C1.B0.A1.SetBigInt(inputs[7]) a.C1.B1.A0.SetBigInt(inputs[8]) a.C1.B1.A1.SetBigInt(inputs[9]) a.C1.B2.A0.SetBigInt(inputs[10]) a.C1.B2.A1.SetBigInt(inputs[11]) b.C0.B0.A0.SetBigInt(inputs[12]) b.C0.B0.A1.SetBigInt(inputs[13]) b.C0.B1.A0.SetBigInt(inputs[14]) b.C0.B1.A1.SetBigInt(inputs[15]) b.C0.B2.A0.SetBigInt(inputs[16]) b.C0.B2.A1.SetBigInt(inputs[17]) b.C1.B0.A0.SetBigInt(inputs[18]) b.C1.B0.A1.SetBigInt(inputs[19]) b.C1.B1.A0.SetBigInt(inputs[20]) b.C1.B1.A1.SetBigInt(inputs[21]) b.C1.B2.A0.SetBigInt(inputs[22]) b.C1.B2.A1.SetBigInt(inputs[23]) c.Inverse(&b).Mul(&c, &a) c.C0.B0.A0.BigInt(res[0]) c.C0.B0.A1.BigInt(res[1]) c.C0.B1.A0.BigInt(res[2]) c.C0.B1.A1.BigInt(res[3]) c.C0.B2.A0.BigInt(res[4]) c.C0.B2.A1.BigInt(res[5]) c.C1.B0.A0.BigInt(res[6]) c.C1.B0.A1.BigInt(res[7]) c.C1.B1.A0.BigInt(res[8]) c.C1.B1.A1.BigInt(res[9]) c.C1.B2.A0.BigInt(res[10]) c.C1.B2.A1.BigInt(res[11]) return nil }
View Source
var DivE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, b, c bls12377.E2 a.A0.SetBigInt(inputs[0]) a.A1.SetBigInt(inputs[1]) b.A0.SetBigInt(inputs[2]) b.A1.SetBigInt(inputs[3]) c.Inverse(&b).Mul(&c, &a) c.A0.BigInt(res[0]) c.A1.BigInt(res[1]) return nil }
View Source
var DivE6Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, b, c bls12377.E6 a.B0.A0.SetBigInt(inputs[0]) a.B0.A1.SetBigInt(inputs[1]) a.B1.A0.SetBigInt(inputs[2]) a.B1.A1.SetBigInt(inputs[3]) a.B2.A0.SetBigInt(inputs[4]) a.B2.A1.SetBigInt(inputs[5]) b.B0.A0.SetBigInt(inputs[6]) b.B0.A1.SetBigInt(inputs[7]) b.B1.A0.SetBigInt(inputs[8]) b.B1.A1.SetBigInt(inputs[9]) b.B2.A0.SetBigInt(inputs[10]) b.B2.A1.SetBigInt(inputs[11]) c.Inverse(&b).Mul(&c, &a) c.B0.A0.BigInt(res[0]) c.B0.A1.BigInt(res[1]) c.B1.A0.BigInt(res[2]) c.B1.A1.BigInt(res[3]) c.B2.A0.BigInt(res[4]) c.B2.A1.BigInt(res[5]) return nil }
View Source
var InverseE12Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, c bls12377.E12 a.C0.B0.A0.SetBigInt(inputs[0]) a.C0.B0.A1.SetBigInt(inputs[1]) a.C0.B1.A0.SetBigInt(inputs[2]) a.C0.B1.A1.SetBigInt(inputs[3]) a.C0.B2.A0.SetBigInt(inputs[4]) a.C0.B2.A1.SetBigInt(inputs[5]) a.C1.B0.A0.SetBigInt(inputs[6]) a.C1.B0.A1.SetBigInt(inputs[7]) a.C1.B1.A0.SetBigInt(inputs[8]) a.C1.B1.A1.SetBigInt(inputs[9]) a.C1.B2.A0.SetBigInt(inputs[10]) a.C1.B2.A1.SetBigInt(inputs[11]) c.Inverse(&a) c.C0.B0.A0.BigInt(res[0]) c.C0.B0.A1.BigInt(res[1]) c.C0.B1.A0.BigInt(res[2]) c.C0.B1.A1.BigInt(res[3]) c.C0.B2.A0.BigInt(res[4]) c.C0.B2.A1.BigInt(res[5]) c.C1.B0.A0.BigInt(res[6]) c.C1.B0.A1.BigInt(res[7]) c.C1.B1.A0.BigInt(res[8]) c.C1.B1.A1.BigInt(res[9]) c.C1.B2.A0.BigInt(res[10]) c.C1.B2.A1.BigInt(res[11]) return nil }
View Source
var InverseE2Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, c bls12377.E2 a.A0.SetBigInt(inputs[0]) a.A1.SetBigInt(inputs[1]) c.Inverse(&a) c.A0.BigInt(res[0]) c.A1.BigInt(res[1]) return nil }
View Source
var InverseE6Hint = func(_ *big.Int, inputs []*big.Int, res []*big.Int) error { var a, c bls12377.E6 a.B0.A0.SetBigInt(inputs[0]) a.B0.A1.SetBigInt(inputs[1]) a.B1.A0.SetBigInt(inputs[2]) a.B1.A1.SetBigInt(inputs[3]) a.B2.A0.SetBigInt(inputs[4]) a.B2.A1.SetBigInt(inputs[5]) c.Inverse(&a) c.B0.A0.BigInt(res[0]) c.B0.A1.BigInt(res[1]) c.B1.A0.BigInt(res[2]) c.B1.A1.BigInt(res[3]) c.B2.A0.BigInt(res[4]) c.B2.A1.BigInt(res[5]) return nil }
Functions ¶
Types ¶
type E12 ¶
type E12 struct {
C0, C1 E6
}
E12 element in a quadratic extension
func (*E12) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E12) CyclotomicSquare ¶
Granger-Scott's cyclotomic square squares a Fp12 elt in the cyclotomic group https://eprint.iacr.org/2009/565.pdf, 3.2
func (*E12) CyclotomicSquareKarabina12345 ¶
func (*E12) CyclotomicSquareKarabina2345 ¶
Karabina's compressed cyclotomic square https://eprint.iacr.org/2010/542.pdf Th. 3.2 with minor modifications to fit our tower
func (*E12) DecompressKarabina12345 ¶
DecompressKarabina12345 Karabina's cyclotomic square result SQR12345
func (*E12) DecompressKarabina2345 ¶
DecompressKarabina2345 Karabina's cyclotomic square result SQR2345
func (*E12) DivUnchecked ¶
DivUnchecked e12 elmts
func (*E12) ExpX0Minus1Square ¶
ExpX0Minus1Square computes e1^((X0-1)^2), where X0=9586122913090633729
func (*E12) FrobeniusSquare ¶
FrobeniusSquare applies frob**2 to an fp12 elmt
type E2 ¶
E2 element in a quadratic extension
func (*E2) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E2) DivUnchecked ¶
DivUnchecked e2 elmts
func (*E2) Lookup2 ¶
Lookup2 implements two-bit lookup. It returns:
- r1 if b1=0 and b2=0,
- r2 if b1=0 and b2=1,
- r3 if b1=1 and b2=0,
- r3 if b1=1 and b2=1.
func (*E2) MulByNonResidue ¶
MulByNonResidue multiplies an fp2 elmt by the imaginary elmt ext.uSquare is the square of the imaginary root
type E6 ¶
type E6 struct {
B0, B1, B2 E2
}
E6 element in a quadratic extension
func (*E6) AssertIsEqual ¶
AssertIsEqual constraint self to be equal to other into the given constraint system
func (*E6) DivUnchecked ¶
DivUnchecked e6 elmts
func (*E6) MulByFp2 ¶
MulByFp2 creates a fp6elmt from fp elmts icube is the imaginary elmt to the cube
func (*E6) MulByNonResidue ¶
MulByNonResidue multiplies e by the imaginary elmt of Fp6 (noted a+bV+cV where V**3 in F²)
Source Files
Click to show internal directories.
Click to hide internal directories.