bn256

package
v1.1.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2022 License: MPL-2.0, BSD-3-Clause Imports: 15 Imported by: 9

README

bn256

Package bn256 implements a particular bilinear group.

Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.

This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.

This package previously claimed to operate at a 128-bit security level. However, recent improvements in attacks mean that is no longer true. See https://moderncrypto.org/mail-archive/curves/2016/000740.html.

Benchmarks

branch master:

BenchmarkG1-4        	   10000	    154995 ns/op
BenchmarkG2-4        	    3000	    541503 ns/op
BenchmarkGT-4        	    1000	   1267811 ns/op
BenchmarkPairing-4   	    1000	   1630584 ns/op

branch lattices:

BenchmarkG1-4        	   20000	     92198 ns/op
BenchmarkG2-4        	    5000	    340622 ns/op
BenchmarkGT-4        	    2000	    635061 ns/op
BenchmarkPairing-4   	    1000	   1629943 ns/op

official version:

BenchmarkG1-4        	    1000	   2268491 ns/op
BenchmarkG2-4        	     300	   7227637 ns/op
BenchmarkGT-4        	     100	  15121359 ns/op
BenchmarkPairing-4   	      50	  20296164 ns/op

Kyber additions

The basis for this package is Cloudflare's bn256 implementation which itself is an improved version of the official bn256 package. The package at hand maintains compatibility to Cloudflare's library. The biggest difference is the replacement of their public API by a new one that is compatible to Kyber's scalar, point, group, and suite interfaces.

Documentation

Overview

Package bn256 implements a particular bilinear group.

Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.

This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.

This package previously claimed to operate at a 128-bit security level. However, recent improvements in attacks mean that is no longer true. See https://moderncrypto.org/mail-archive/curves/2016/000740.html.

Index

Constants

This section is empty.

Variables

View Source
var Order = bigFromBase10("65000549695646603732796438742359905742570406053903786389881062969044166799969")

Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1. order-1 = (2**5) * 3 * 5743 * 280941149 * 130979359433191 * 491513138693455212421542731357 * 6518589491078791937

Functions

This section is empty.

Types

type Suite

type Suite struct {
	// contains filtered or unexported fields
}

Suite implements the pairing.Suite interface for the BN256 bilinear pairing.

func NewSuite

func NewSuite() *Suite

NewSuite generates and returns a new BN256 pairing suite.

func NewSuiteG1

func NewSuiteG1() *Suite

NewSuiteG1 returns a G1 suite.

func NewSuiteG2

func NewSuiteG2() *Suite

NewSuiteG2 returns a G2 suite.

func NewSuiteGT

func NewSuiteGT() *Suite

NewSuiteGT returns a GT suite.

func NewSuiteRand

func NewSuiteRand(rand cipher.Stream) *Suite

NewSuiteRand generates and returns a new BN256 suite seeded by the given cipher stream.

func (*Suite) G1

func (s *Suite) G1() kyber.Group

G1 returns the group G1 of the BN256 pairing.

func (*Suite) G2

func (s *Suite) G2() kyber.Group

G2 returns the group G2 of the BN256 pairing.

func (*Suite) GT

func (s *Suite) GT() kyber.Group

GT returns the group GT of the BN256 pairing.

func (Suite) Hash

func (c Suite) Hash() hash.Hash

Hash returns a newly instantiated sha256 hash function.

func (Suite) New

func (c Suite) New(t reflect.Type) interface{}

New implements the kyber.Encoding interface.

func (*Suite) Pair

func (s *Suite) Pair(p1 kyber.Point, p2 kyber.Point) kyber.Point

Pair takes the points p1 and p2 in groups G1 and G2, respectively, as input and computes their pairing in GT.

func (Suite) RandomStream

func (c Suite) RandomStream() cipher.Stream

RandomStream returns a cipher.Stream which corresponds to a key stream from crypto/rand.

func (Suite) Read

func (c Suite) Read(r io.Reader, objs ...interface{}) error

Read is the default implementation of kyber.Encoding interface Read.

func (Suite) String

func (c Suite) String() string

String returns a recognizable string that this is a combined suite.

func (*Suite) ValidatePairing added in v1.1.3

func (s *Suite) ValidatePairing(p1, p2, inv1, inv2 kyber.Point) bool

func (Suite) Write

func (c Suite) Write(w io.Writer, objs ...interface{}) error

Write is the default implementation of kyber.Encoding interface Write.

func (Suite) XOF

func (c Suite) XOF(seed []byte) kyber.XOF

XOF returns a newlly instantiated blake2xb XOF function.

type SuiteBn256

type SuiteBn256 struct {
	*Suite
	kyber.Group
}

SuiteBn256 is an adapter that implements the suites.Suite interface so that bn256 can be used as a common suite to generate key pairs for instance but still preserves the properties of the pairing (e.g. the Pair function).

It's important to note that the Point function will generate a point compatible with public keys only (group G2) where the signature must be used as a point from the group G1.

func NewSuiteBn256

func NewSuiteBn256() *SuiteBn256

NewSuiteBn256 makes a new BN256 suite

func (SuiteBn256) Hash

func (c SuiteBn256) Hash() hash.Hash

Hash returns a newly instantiated sha256 hash function.

func (SuiteBn256) New

func (c SuiteBn256) New(t reflect.Type) interface{}

New implements the kyber.Encoding interface.

func (*SuiteBn256) Point

func (s *SuiteBn256) Point() kyber.Point

Point generates a point from the G2 group that can only be used for public keys

func (*SuiteBn256) PointLen

func (s *SuiteBn256) PointLen() int

PointLen returns the length of a G2 point

func (SuiteBn256) RandomStream

func (c SuiteBn256) RandomStream() cipher.Stream

RandomStream returns a cipher.Stream which corresponds to a key stream from crypto/rand.

func (SuiteBn256) Read

func (c SuiteBn256) Read(r io.Reader, objs ...interface{}) error

Read is the default implementation of kyber.Encoding interface Read.

func (*SuiteBn256) Scalar

func (s *SuiteBn256) Scalar() kyber.Scalar

Scalar generates a scalar

func (*SuiteBn256) ScalarLen

func (s *SuiteBn256) ScalarLen() int

ScalarLen returns the lenght of a scalar

func (*SuiteBn256) String

func (s *SuiteBn256) String() string

String returns the name of the suite

func (SuiteBn256) Write

func (c SuiteBn256) Write(w io.Writer, objs ...interface{}) error

Write is the default implementation of kyber.Encoding interface Write.

func (SuiteBn256) XOF

func (c SuiteBn256) XOF(seed []byte) kyber.XOF

XOF returns a newlly instantiated blake2xb XOF function.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL