README
¶
This part codes mainly refer two projects:
- bn256, 主要是基域运算。这个项目的主要问题在于测试太少。后续进行了大量改进:增加测试、减少乘法、常量时间运行的ScalarMult实现、优化的Invert/Sqrt实现、直至替换基础域计算实现。
- gmssl sm9,主要是2-4-12塔式扩域(现在实现了1-2-4-12扩域以及1-2-6-12扩域,以及相互转换),以及r-ate等。这个项目的主要问题在于性能没有怎么优化。基于性能考虑,后续r-rate还是参考了bn256的op-ate,并结合sm9的特殊性做了适应性改造。
- SM9 precompute pairing per master public key level。
- G1, G2曲线倍点运算预计算。
- 更加高效的基础域gfP汇编方法实现。
- 分圆子群上的特殊平方运算实现。
- Miller运算中,line add/double运算不返回新建对象。
- Marshal/Unmarshal,select,set的asm实现。
Documentation
¶
Overview ¶
Package bn256 defines/implements ShangMi(SM) sm9's curves and pairing.
Code generated by addchain. DO NOT EDIT.
Code generated by addchain. DO NOT EDIT.
Index ¶
- Variables
- func GenerateGTFieldTable(basePoint *GT) *[32 * 2]GTFieldTable
- func GenerateKey(curve Curve, rand io.Reader) (priv []byte, x, y *big.Int, err error)
- func Marshal(curve Curve, x, y *big.Int) []byte
- func MarshalCompressed(curve Curve, x, y *big.Int) []byte
- func NewCurveGenerator() *curvePoint
- func NewCurvePoint() *curvePoint
- func NewTwistGenerator() *twistPoint
- func NewTwistPoint() *twistPoint
- func NormalizeScalar(scalar []byte) []byte
- func Sqrt(e, x *gfP) (isSquare bool)
- func Unmarshal(curve Curve, data []byte) (x, y *big.Int)
- func UnmarshalCompressed(curve Curve, data []byte) (x, y *big.Int)
- type Curve
- type CurveParams
- func (curve *CurveParams) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)
- func (curve *CurveParams) Double(x1, y1 *big.Int) (*big.Int, *big.Int)
- func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool
- func (curve *CurveParams) Params() *CurveParams
- func (curve *CurveParams) ScalarBaseMult(k []byte) (*big.Int, *big.Int)
- func (curve *CurveParams) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int)
- type G1
- func (e *G1) Add(a, b *G1) *G1
- func (e *G1) Double(a *G1) *G1
- func (e *G1) Equal(other *G1) bool
- func (e *G1) IsOnCurve() bool
- func (e *G1) Marshal() []byte
- func (e *G1) MarshalCompressed() []byte
- func (e *G1) MarshalUncompressed() []byte
- func (e *G1) Neg(a *G1) *G1
- func (e *G1) ScalarBaseMult(scalar []byte) (*G1, error)
- func (e *G1) ScalarMult(a *G1, scalar []byte) (*G1, error)
- func (e *G1) Set(a *G1) *G1
- func (g *G1) String() string
- func (e *G1) Unmarshal(m []byte) ([]byte, error)
- func (e *G1) UnmarshalCompressed(data []byte) ([]byte, error)
- type G1Curve
- func (g1 *G1Curve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int)
- func (g1 *G1Curve) Double(x, y *big.Int) (*big.Int, *big.Int)
- func (g1 *G1Curve) IsOnCurve(x, y *big.Int) bool
- func (g1 *G1Curve) Params() *CurveParams
- func (g1 *G1Curve) ScalarBaseMult(scalar []byte) (*big.Int, *big.Int)
- func (g1 *G1Curve) ScalarMult(Bx, By *big.Int, scalar []byte) (*big.Int, *big.Int)
- func (curve *G1Curve) Unmarshal(data []byte) (x, y *big.Int)
- func (curve *G1Curve) UnmarshalCompressed(data []byte) (x, y *big.Int)
- type G2
- func (e *G2) Add(a, b *G2) *G2
- func (e *G2) Equal(other *G2) bool
- func (e *G2) IsOnCurve() bool
- func (e *G2) Marshal() []byte
- func (e *G2) MarshalCompressed() []byte
- func (e *G2) MarshalUncompressed() []byte
- func (e *G2) Neg(a *G2) *G2
- func (e *G2) ScalarBaseMult(scalar []byte) (*G2, error)
- func (e *G2) ScalarMult(a *G2, scalar []byte) (*G2, error)
- func (e *G2) Set(a *G2) *G2
- func (e *G2) String() string
- func (e *G2) Unmarshal(m []byte) ([]byte, error)
- func (e *G2) UnmarshalCompressed(data []byte) ([]byte, error)
- type GT
- func (e *GT) Add(a, b *GT) *GT
- func (e *GT) Finalize() *GT
- func (e *GT) Marshal() []byte
- func (e *GT) ScalarBaseMult(k *big.Int) *GT
- func (e *GT) ScalarMult(a *GT, k *big.Int) *GT
- func (e *GT) Set(a *GT) *GT
- func (e *GT) SetOne() *GT
- func (g *GT) String() string
- func (e *GT) Unmarshal(m []byte) ([]byte, error)
- type GTFieldTable
Constants ¶
This section is empty.
Variables ¶
var Gen1 = &G1{curveGen}
Gen1 is the generator of G1.
var Gen2 = &G2{twistGen}
Gen2 is the generator of G2.
var Order = bigFromHex("b640000002a3a6f1d603ab4ff58ec74449f2934b18ea8beee56ee19cd69ecf25")
Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1.
Functions ¶
func GenerateGTFieldTable ¶
func GenerateGTFieldTable(basePoint *GT) *[32 * 2]GTFieldTable
func GenerateKey ¶
GenerateKey returns a public/private key pair. The private key is generated using the given reader, which must return random data.
func Marshal ¶
Marshal converts a point on the curve into the uncompressed form specified in SEC 1, Version 2.0, Section 2.3.3. If the point is not on the curve (or is the conventional point at infinity), the behavior is undefined.
func MarshalCompressed ¶
MarshalCompressed converts a point on the curve into the compressed form specified in SEC 1, Version 2.0, Section 2.3.3. If the point is not on the curve (or is the conventional point at infinity), the behavior is undefined.
func NewCurveGenerator ¶
func NewCurveGenerator() *curvePoint
func NewCurvePoint ¶
func NewCurvePoint() *curvePoint
func NewTwistGenerator ¶
func NewTwistGenerator() *twistPoint
func NewTwistPoint ¶
func NewTwistPoint() *twistPoint
func NormalizeScalar ¶ added in v0.15.4
func Sqrt ¶ added in v0.17.1
func Sqrt(e, x *gfP) (isSquare bool)
Sqrt sets e to a square root of x. If x is not a square, Sqrt returns false and e is unchanged. e and x can overlap.
func Unmarshal ¶
Unmarshal converts a point, serialized by Marshal, into an x, y pair. It is an error if the point is not in uncompressed form, is not on the curve, or is the point at infinity. On error, x = nil.
func UnmarshalCompressed ¶
UnmarshalCompressed converts a point, serialized by MarshalCompressed, into an x, y pair. It is an error if the point is not in compressed form, is not on the curve, or is the point at infinity. On error, x = nil.
Types ¶
type Curve ¶
type Curve interface {
// Params returns the parameters for the curve.
Params() *CurveParams
// IsOnCurve reports whether the given (x,y) lies on the curve.
IsOnCurve(x, y *big.Int) bool
// Add returns the sum of (x1,y1) and (x2,y2)
Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int)
// Double returns 2*(x,y)
Double(x1, y1 *big.Int) (x, y *big.Int)
// ScalarMult returns k*(Bx,By) where k is a number in big-endian form.
ScalarMult(x1, y1 *big.Int, k []byte) (x, y *big.Int)
// ScalarBaseMult returns k*G, where G is the base point of the group
// and k is an integer in big-endian form.
ScalarBaseMult(k []byte) (x, y *big.Int)
}
A Curve represents a short-form Weierstrass curve with a=0.
The behavior of Add, Double, and ScalarMult when the input is not a point on the curve is undefined.
Note that the conventional point at infinity (0, 0) is not considered on the curve, although it can be returned by Add, Double, ScalarMult, or ScalarBaseMult (but not the Unmarshal or UnmarshalCompressed functions).
type CurveParams ¶
type CurveParams struct {
P *big.Int // the order of the underlying field
N *big.Int // the order of the base point
B *big.Int // the constant of the curve equation
Gx, Gy *big.Int // (x,y) of the base point
BitSize int // the size of the underlying field
Name string // the canonical name of the curve
}
CurveParams contains the parameters of an elliptic curve and also provides a generic, non-constant time implementation of Curve.
func (*CurveParams) Params ¶
func (curve *CurveParams) Params() *CurveParams
func (*CurveParams) ScalarBaseMult ¶
func (*CurveParams) ScalarMult ¶
type G1 ¶
type G1 struct {
// contains filtered or unexported fields
}
G1 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.
func (*G1) MarshalCompressed ¶
MarshalCompressed converts e to a byte slice with compress prefix. If the point is not on the curve (or is the conventional point at infinity), the behavior is undefined.
func (*G1) MarshalUncompressed ¶
MarshalUncompressed converts e to a byte slice with prefix
func (*G1) ScalarBaseMult ¶
ScalarBaseMult sets e to scaler*g where g is the generator of the group and then returns e.
func (*G1) ScalarMult ¶
ScalarMult sets e to a*k and then returns e.
type G1Curve ¶
type G1Curve struct {
// contains filtered or unexported fields
}
func (*G1Curve) Params ¶
func (g1 *G1Curve) Params() *CurveParams
func (*G1Curve) ScalarBaseMult ¶
func (*G1Curve) ScalarMult ¶
type G2 ¶
type G2 struct {
// contains filtered or unexported fields
}
G2 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.
func (*G2) MarshalCompressed ¶
MarshalCompressed converts e into a byte slice with uncompressed point prefix
func (*G2) MarshalUncompressed ¶
MarshalUncompressed converts e into a byte slice with uncompressed point prefix
func (*G2) ScalarBaseMult ¶
ScalarBaseMult sets e to g*k where g is the generator of the group and then returns out.
func (*G2) ScalarMult ¶
ScalarMult sets e to a*k and then returns e.
type GT ¶
type GT struct {
// contains filtered or unexported fields
}
GT is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.
func Miller ¶
Miller applies Miller's algorithm, which is a bilinear function from the source groups to F_p^12. Miller(g1, g2).Finalize() is equivalent to Pair(g1, g2).
func ScalarBaseMultGT ¶
func ScalarBaseMultGT(tables *[32 * 2]GTFieldTable, scalar []byte) (*GT, error)
ScalarBaseMultGT compute basepoint^r with precomputed table
func ScalarMultGT ¶ added in v0.15.4
ScalarMultGT compute a^scalar
func (*GT) ScalarBaseMult ¶
ScalarBaseMult sets e to g*k where g is the generator of the group and then returns out.
func (*GT) ScalarMult ¶
ScalarMult sets e to a*k and then returns e.
type GTFieldTable ¶
type GTFieldTable [15]*GT
A GTFieldTable holds the first 15 Exp of a value at offset -1, so P is at table[0], P^15 is at table[14], and P^0 is implicitly the identity point.
func (*GTFieldTable) Select ¶
func (table *GTFieldTable) Select(p *GT, n uint8)
Select selects the n-th multiple of the table base point into p. It works in constant time by iterating over every entry of the table. n must be in [0, 15].
Source Files