README
¶
bn254
Package bn254 implements a particular bilinear group.
Note: this is the curve implemented in Ethereum.
Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.
This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.
This package previously claimed to operate at a 128-bit security level. However, recent improvements in attacks mean that is no longer true. See https://moderncrypto.org/mail-archive/curves/2016/000740.html.
Kyber additions
The basis for this package is Cloudflare's bn256 implementation which itself is an improved version of the official bn256 package. The package at hand maintains compatibility to Cloudflare's library. The biggest difference is the replacement of their public API by a new one that is compatible to Kyber's scalar, point, group, and suite interfaces.
Documentation
¶
Overview ¶
package bn254 implements a particular bilinear group.
Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.
This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.
This package previously claimed to operate at a 128-bit security level. However, recent improvements in attacks mean that is no longer true. See https://moderncrypto.org/mail-archive/curves/2016/000740.html.
Index ¶
- Variables
- type Suite
- func (s *Suite) G1() kyber.Group
- func (s *Suite) G2() kyber.Group
- func (s *Suite) GT() kyber.Group
- func (c Suite) Hash() hash.Hash
- func (c Suite) New(t reflect.Type) interface{}
- func (s *Suite) Pair(p1 kyber.Point, p2 kyber.Point) kyber.Point
- func (c Suite) RandomStream() cipher.Stream
- func (c Suite) Read(r io.Reader, objs ...interface{}) error
- func (s *Suite) SetDomainG1(dst []byte)
- func (s *Suite) SetDomainG2(dst []byte)
- func (c Suite) String() string
- func (s *Suite) ValidatePairing(p1, p2, inv1, inv2 kyber.Point) bool
- func (c Suite) Write(w io.Writer, objs ...interface{}) error
- func (c Suite) XOF(seed []byte) kyber.XOF
- type SuiteBn254
- func (c SuiteBn254) Hash() hash.Hash
- func (c SuiteBn254) New(t reflect.Type) interface{}
- func (s *SuiteBn254) Point() kyber.Point
- func (s *SuiteBn254) PointLen() int
- func (c SuiteBn254) RandomStream() cipher.Stream
- func (c SuiteBn254) Read(r io.Reader, objs ...interface{}) error
- func (s *SuiteBn254) Scalar() kyber.Scalar
- func (s *SuiteBn254) ScalarLen() int
- func (s *SuiteBn254) String() string
- func (c SuiteBn254) Write(w io.Writer, objs ...interface{}) error
- func (c SuiteBn254) XOF(seed []byte) kyber.XOF
Constants ¶
This section is empty.
Variables ¶
var Order = bigFromBase10("21888242871839275222246405745257275088548364400416034343698204186575808495617")
Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1. Needs to be highly 2-adic for efficient SNARK key and proof generation. Order - 1 = 2^28 * 3^2 * 13 * 29 * 983 * 11003 * 237073 * 405928799 * 1670836401704629 * 13818364434197438864469338081. Refer to https://eprint.iacr.org/2013/879.pdf and https://eprint.iacr.org/2013/507.pdf for more information on these parameters.
Functions ¶
This section is empty.
Types ¶
type Suite ¶
type Suite struct {
// contains filtered or unexported fields
}
Suite implements the pairing.Suite interface for the BN254 bilinear pairing.
func NewSuiteRand ¶
NewSuiteRand generates and returns a new BN254 suite seeded by the given cipher stream.
func (*Suite) Pair ¶
Pair takes the points p1 and p2 in groups G1 and G2, respectively, as input and computes their pairing in GT.
func (Suite) RandomStream ¶
RandomStream returns a cipher.Stream which corresponds to a key stream from crypto/rand.
func (Suite) String ¶
func (c Suite) String() string
String returns a recognizable string that this is a combined suite.
func (*Suite) ValidatePairing ¶
NB: Not safe for concurrent calls
type SuiteBn254 ¶
SuiteBn254 is an adapter that implements the suites.Suite interface so that bn254 can be used as a common suite to generate key pairs for instance but still preserves the properties of the pairing (e.g. the Pair function).
It's important to note that the Point function will generate a point compatible with public keys only (group G2) where the signature must be used as a point from the group G1.
func (*SuiteBn254) Point ¶
func (s *SuiteBn254) Point() kyber.Point
Point generates a point from the G2 group that can only be used for public keys
func (*SuiteBn254) PointLen ¶
func (s *SuiteBn254) PointLen() int
PointLen returns the length of a G2 point
func (SuiteBn254) RandomStream ¶
RandomStream returns a cipher.Stream which corresponds to a key stream from crypto/rand.
func (*SuiteBn254) ScalarLen ¶
func (s *SuiteBn254) ScalarLen() int
ScalarLen returns the lenght of a scalar
func (*SuiteBn254) String ¶
func (s *SuiteBn254) String() string
String returns the name of the suite
Source Files