pairing_bls12381

package
v0.0.0-...-7fff741 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 13, 2024 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

This code is taken from Celer Network's Brevis project https://github.com/celer-network/brevis-circuits

This package is taken from Youssef El Housni's ZKHackathon-zkCircuits repository https://github.com/yelhousni/ZKHackathon-zkCircuits

Index

Constants

View Source 
const Bytes = 1 + (fp.Bits-1)/8
View Source 
const L = 16 + Bytes // 52
View Source 
const Sha256BlockSize = 64 // 512 bits, 64 bytes
View Source 
const Sha256Size = 32
View Source 
const SignRootSize = 32
View Source 
const SizeDomain = 43

Variables

View Source 
var (
	DOMAIN_SEPERATOR = "BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_"

	SswuIsoCurveCoeffA = E2{
		A0: emulated.ValueOf[emulated.BLS12381Fp](fp.Element{0}),
		A1: emulated.ValueOf[emulated.BLS12381Fp](fp.Element{16517514583386313282, 74322656156451461, 16683759486841714365, 815493829203396097, 204518332920448171, 1306242806803223655}),
	}

	SswuIsoCurveCoeffB = E2{
		A0: emulated.ValueOf[emulated.BLS12381Fp](fp.Element{2515823342057463218, 7982686274772798116, 7934098172177393262, 8484566552980779962, 4455086327883106868, 1323173589274087377}),
		A1: emulated.ValueOf[emulated.BLS12381Fp](fp.Element{2515823342057463218, 7982686274772798116, 7934098172177393262, 8484566552980779962, 4455086327883106868, 1323173589274087377}),
	}

	Tv4Z = E2{
		A0: emulated.ValueOf[emulated.BLS12381Fp](fp.Element{9794203289623549276, 7309342082925068282, 1139538881605221074, 15659550692327388916, 16008355200866287827, 582484205531694093}),
		A1: emulated.ValueOf[emulated.BLS12381Fp](fp.Element{4897101644811774638, 3654671041462534141, 569769440802610537, 17053147383018470266, 17227549637287919721, 291242102765847046}),
	}

	DST = []byte(DOMAIN_SEPERATOR)
)
View Source 
var PrecomputedLines [4][63]E2

Functions

func Ark 

func Ark(api frontend.API, in []frontend.Variable, c []*big.Int, r int) []frontend.Variable

func E2NotEqual 

func E2NotEqual(api frontend.API, x, y E2) frontend.Variable

func E2NotOne 

func E2NotOne(api frontend.API, x E2) frontend.Variable

func E2NotZero 

func E2NotZero(api frontend.API, x E2) frontend.Variable

func ExpandMsgXmd 

func ExpandMsgXmd(api frontend.API, msg [32]frontend.Variable, count int) []frontend.Variable

func G1NotEqual 

func G1NotEqual(api frontend.API, x, y BaseEl) frontend.Variable

func G1NotEqualOne 

func G1NotEqualOne(api frontend.API, x BaseEl) frontend.Variable

func G1NotZero 

func G1NotZero(api frontend.API, x BaseEl) frontend.Variable

func G2AffineNotInfinity 

func G2AffineNotInfinity(api frontend.API, a *G2Affine) frontend.Variable

func Get64BitsFrom8Bytes 

func Get64BitsFrom8Bytes(api frontend.API, v [8]frontend.Variable) []frontend.Variable

input is 8 bytes, 64 bits equal to bigint set bytes, big-endian bytes

func GetHints 

func GetHints() []solver.Hint

GetHints returns all hint functions used in the package.

func GetRawLimbsBy8Uint64 

func GetRawLimbsBy8Uint64(api frontend.API, v [8]frontend.Variable) *emulated.Element[emulated.BLS12381Fp]

8 limbs, 8 bytes(uint64) per limb raw means this method will not do toMont on element.

func GetUint64From8Bytes 

func GetUint64From8Bytes(api frontend.API, v [8]frontend.Variable) frontend.Variable

input is 8 bytes, 64 bits equal to bigint set bytes, big-endian bytes

func Mix 

func Mix(api frontend.API, in []frontend.Variable, m [][]*big.Int) []frontend.Variable

func MixLast 

func MixLast(api frontend.API, in []frontend.Variable, m [][]*big.Int, s int) frontend.Variable

func MixS 

func MixS(api frontend.API, in []frontend.Variable, s []*big.Int, r int) []frontend.Variable

func NewExt2_ 

func NewExt2_(baseField *curveF) *ext2

func NewPoseidonHash 

func NewPoseidonHash(api frontend.API) hash.FieldHasher

func POSEIDON_C 

func POSEIDON_C(t int) []*big.Int

func POSEIDON_M 

func POSEIDON_M(t int) [][]*big.Int

func POSEIDON_P 

func POSEIDON_P(t int) [][]*big.Int

func POSEIDON_S 

func POSEIDON_S(t int) []*big.Int

func PoseidonEx 

func PoseidonEx(api frontend.API, inputs []frontend.Variable, initialState frontend.Variable, nOuts int) []frontend.Variable

func Sigma 

func Sigma(api frontend.API, in frontend.Variable) frontend.Variable

Types

type BLS12381Fp 

type BLS12381Fp struct{}

BLS12381Fp provide type parametrization for emulated field on 6 limb of width 64bits for modulus 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab. This is the base field of the BLS12-388 curve.

func (BLS12381Fp) BitsPerLimb 

func (fp BLS12381Fp) BitsPerLimb() uint

func (BLS12381Fp) IsPrime 

func (fp BLS12381Fp) IsPrime() bool

func (BLS12381Fp) Modulus 

func (fp BLS12381Fp) Modulus() *big.Int

func (BLS12381Fp) NbLimbs 

func (fp BLS12381Fp) NbLimbs() uint

type BLS12381Fr 

type BLS12381Fr struct{}

func (BLS12381Fr) BitsPerLimb 

func (fp BLS12381Fr) BitsPerLimb() uint

func (BLS12381Fr) IsPrime 

func (fp BLS12381Fr) IsPrime() bool

func (BLS12381Fr) Modulus 

func (fp BLS12381Fr) Modulus() *big.Int

func (BLS12381Fr) NbLimbs 

func (fp BLS12381Fr) NbLimbs() uint

type BaseEl 

type BaseEl = emulated.Element[emulated.BLS12381Fp]

type E12 

type E12 struct {
	C0, C1 E6
}

func FromE12 

func FromE12(y *bls12381.E12) E12

type E2 

type E2 struct {
	A0, A1 BaseEl
}

func E2Exp 

func E2Exp(api frontend.API, x E2, k *big.Int) *E2

func FromE2 

func FromE2(y *bls12381.E2) E2

func HashToField 

func HashToField(api frontend.API, msg [32]frontend.Variable, count int) []E2

func MapElementToCurve2 

func MapElementToCurve2(api frontend.API, e2 E2) (x, y *E2)

type E6 

type E6 struct {
	B0, B1, B2 E2
}

func FromE6 

func FromE6(y *bls12381.E6) E6

type Ext12 

type Ext12 struct {
	*Ext6
}

func NewExt12 

func NewExt12(api frontend.API) *Ext12

func (Ext12) Add 

func (e Ext12) Add(x, y *E12) *E12

func (Ext12) AssertIsEqual 

func (e Ext12) AssertIsEqual(x, y *E12)

func (Ext12) CompressTorus 

func (e Ext12) CompressTorus(x *E12) *E6

CompressTorus compresses x ∈ E12 to (x.C0 + 1)/x.C1 ∈ E6

func (Ext12) Conjugate 

func (e Ext12) Conjugate(x *E12) *E12

func (Ext12) DecompressTorus 

func (e Ext12) DecompressTorus(y *E6) *E12

DecompressTorus decompresses y ∈ E6 to (y+w)/(y-w) ∈ E12

func (Ext12) DivUnchecked 

func (e Ext12) DivUnchecked(x, y *E12) *E12

func (Ext12) ExptHalfTorus 

func (e Ext12) ExptHalfTorus(x *E6) *E6

ExptHalfTorus set z to x^(t/2) in E6 and return z const t/2 uint64 = 7566188111470821376 // negative

func (Ext12) ExptTorus 

func (e Ext12) ExptTorus(x *E6) *E6

ExptTorus set z to xᵗ in E6 and return z const t uint64 = 15132376222941642752 // negative

func (Ext12) FrobeniusSquareTorus 

func (e Ext12) FrobeniusSquareTorus(y *E6) *E6

FrobeniusSquareTorus raises a compressed elements y ∈ E6 to the square modulus p^2 and returns y^(p^2) / v^((p^2-1)/2)

func (Ext12) FrobeniusTorus 

func (e Ext12) FrobeniusTorus(y *E6) *E6

FrobeniusTorus raises a compressed elements y ∈ E6 to the modulus p and returns y^p / v^((p-1)/2)

func (Ext12) Inverse 

func (e Ext12) Inverse(x *E12) *E12

func (Ext12) InverseTorus 

func (e Ext12) InverseTorus(y *E6) *E6

InverseTorus inverses a compressed elements y ∈ E6 and returns -y

func (Ext12) IsZero 

func (e Ext12) IsZero(z *E12) frontend.Variable

func (Ext12) Lookup2 

func (e Ext12) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E12) *E12

func (Ext12) Mul 

func (e Ext12) Mul(x, y *E12) *E12

func (Ext12) Mul014By014 

func (e Ext12) Mul014By014(d0, d1, c0, c1 *E2) *[5]E2
multiplies two E12 sparse element of the form:

E12{
	C0: E6{B0: c0, B1: c1, B2: 0},
	C1: E6{B0: 0, B1: 1, B2: 0},
}

and 

E12{
	C0: E6{B0: d0, B1: d1, B2: 0},
	C1: E6{B0: 0, B1: 1, B2: 0},
}

func (*Ext12) MulBy01245 

func (e *Ext12) MulBy01245(z *E12, x *[5]E2) *E12

MulBy01245 multiplies z by an E12 sparse element of the form 

E12{
	C0: E6{B0: c0, B1: c1, B2: c2},
	C1: E6{B0: 0, B1: c4, B2: c5},
}

func (*Ext12) MulBy014 

func (e *Ext12) MulBy014(z *E12, c0, c1 *E2) *E12

MulBy014 multiplies z by an E12 sparse element of the form 

E12{
	C0: E6{B0: c0, B1: c1, B2: 0},
	C1: E6{B0: 0, B1: 1, B2: 0},
}

func (Ext12) MulTorus 

func (e Ext12) MulTorus(y1, y2 *E6) *E6

MulTorus multiplies two compressed elements y1, y2 ∈ E6 and returns (y1 * y2 + v)/(y1 + y2) N.B.: we use MulTorus in the final exponentiation throughout y1 ≠ -y2 always.

func (Ext12) One 

func (e Ext12) One() *E12

func (Ext12) Select 

func (e Ext12) Select(selector frontend.Variable, z1, z0 *E12) *E12

func (Ext12) Square 

func (e Ext12) Square(x *E12) *E12

func (Ext12) SquareTorus 

func (e Ext12) SquareTorus(y *E6) *E6

SquareTorus squares a compressed elements y ∈ E6 and returns (y + v/y)/2

It uses a hint to verify that (2x-y)y = v saving one E6 AssertIsEqual.

func (Ext12) Sub 

func (e Ext12) Sub(x, y *E12) *E12

func (Ext12) Zero 

func (e Ext12) Zero() *E12

type Ext2 

type Ext2 struct {
	// contains filtered or unexported fields
}

func NewExt2 

func NewExt2(api frontend.API) *Ext2

func (Ext2) Add 

func (e Ext2) Add(x, y *E2) *E2

func (Ext2) AssertIsEqual 

func (e Ext2) AssertIsEqual(x, y *E2)

func (Ext2) Conjugate 

func (e Ext2) Conjugate(x *E2) *E2

func (Ext2) Div 

func (e Ext2) Div(x *E2, y *E2) *E2

func (Ext2) DivUnchecked 

func (e Ext2) DivUnchecked(x, y *E2) *E2

func (Ext2) Double 

func (e Ext2) Double(x *E2) *E2

func (Ext2) Inverse 

func (e Ext2) Inverse(x *E2) *E2

func (Ext2) IsZero 

func (e Ext2) IsZero(z *E2) frontend.Variable

func (Ext2) Lookup2 

func (e Ext2) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E2) *E2

func (Ext2) Mul 

func (e Ext2) Mul(x, y *E2) *E2

func (Ext2) MulByConstElement 

func (e Ext2) MulByConstElement(x *E2, y *big.Int) *E2

func (Ext2) MulByElement 

func (e Ext2) MulByElement(x *E2, y *BaseEl) *E2

func (Ext2) MulByNonResidue 

func (e Ext2) MulByNonResidue(x *E2) *E2

MulByNonResidue returns x*(1+u)

func (Ext2) MulByNonResidue1Power1 

func (e Ext2) MulByNonResidue1Power1(x *E2) *E2

MulByNonResidue1Power1 returns x*(1+u)^(1*(p^1-1)/6)

func (Ext2) MulByNonResidue1Power2 

func (e Ext2) MulByNonResidue1Power2(x *E2) *E2

MulByNonResidue1Power2 returns x*(1+u)^(2*(p^1-1)/6)

func (Ext2) MulByNonResidue1Power3 

func (e Ext2) MulByNonResidue1Power3(x *E2) *E2

MulByNonResidue1Power3 returns x*(1+u)^(3*(p^1-1)/6)

func (Ext2) MulByNonResidue1Power4 

func (e Ext2) MulByNonResidue1Power4(x *E2) *E2

MulByNonResidue1Power4 returns x*(1+u)^(4*(p^1-1)/6)

func (Ext2) MulByNonResidue1Power5 

func (e Ext2) MulByNonResidue1Power5(x *E2) *E2

MulByNonResidue1Power5 returns x*(1+u)^(5*(p^1-1)/6)

func (Ext2) MulByNonResidue2Power1 

func (e Ext2) MulByNonResidue2Power1(x *E2) *E2

MulByNonResidue2Power1 returns x*(1+u)^(1*(p^2-1)/6)

func (Ext2) MulByNonResidue2Power2 

func (e Ext2) MulByNonResidue2Power2(x *E2) *E2

MulByNonResidue2Power2 returns x*(1+u)^(2*(p^2-1)/6)

func (Ext2) MulByNonResidue2Power3 

func (e Ext2) MulByNonResidue2Power3(x *E2) *E2

MulByNonResidue2Power3 returns x*(1+u)^(3*(p^2-1)/6)

func (Ext2) MulByNonResidue2Power4 

func (e Ext2) MulByNonResidue2Power4(x *E2) *E2

MulByNonResidue2Power4 returns x*(1+u)^(4*(p^2-1)/6)

func (Ext2) MulByNonResidue2Power5 

func (e Ext2) MulByNonResidue2Power5(x *E2) *E2

MulByNonResidue2Power5 returns x*(1+u)^(5*(p^2-1)/6)

func (Ext2) MulByNonResidueGeneric 

func (e Ext2) MulByNonResidueGeneric(x *E2, power, coef int) *E2

func (Ext2) Neg 

func (e Ext2) Neg(x *E2) *E2

func (Ext2) NonResidue 

func (e Ext2) NonResidue() *E2

returns 1+u

func (Ext2) One 

func (e Ext2) One() *E2

func (Ext2) Select 

func (e Ext2) Select(selector frontend.Variable, z1, z0 *E2) *E2

func (Ext2) Square 

func (e Ext2) Square(x *E2) *E2

func (Ext2) Sub 

func (e Ext2) Sub(x, y *E2) *E2

func (Ext2) Zero 

func (e Ext2) Zero() *E2

type Ext6 

type Ext6 struct {
	*Ext2
}

func NewExt6 

func NewExt6(api frontend.API) *Ext6

func (Ext6) Add 

func (e Ext6) Add(x, y *E6) *E6

func (Ext6) AssertIsEqual 

func (e Ext6) AssertIsEqual(x, y *E6)

func (Ext6) DivUnchecked 

func (e Ext6) DivUnchecked(x, y *E6) *E6

func (Ext6) Double 

func (e Ext6) Double(x *E6) *E6

func (Ext6) Inverse 

func (e Ext6) Inverse(x *E6) *E6

func (Ext6) IsZero 

func (e Ext6) IsZero(z *E6) frontend.Variable

func (Ext6) Lookup2 

func (e Ext6) Lookup2(s1, s2 frontend.Variable, a, b, c, d *E6) *E6

func (Ext6) Mul 

func (e Ext6) Mul(x, y *E6) *E6

func (Ext6) MulBy0 

func (e Ext6) MulBy0(z *E6, c0 *E2) *E6

MulBy0 multiplies z by an E6 sparse element of the form 

E6{
	B0: c0,
	B1: 0,
	B2: 0,
}

func (Ext6) MulBy01 

func (e Ext6) MulBy01(z *E6, c0, c1 *E2) *E6

MulBy01 multiplication by sparse element (c0,c1,0)

func (Ext6) MulBy12 

func (e Ext6) MulBy12(x *E6, b1, b2 *E2) *E6

MulBy12 multiplication by sparse element (0,b1,b2)

func (Ext6) MulByE2 

func (e Ext6) MulByE2(x *E6, y *E2) *E6

func (Ext6) MulByNonResidue 

func (e Ext6) MulByNonResidue(x *E6) *E6

func (Ext6) Neg 

func (e Ext6) Neg(x *E6) *E6

func (Ext6) One 

func (e Ext6) One() *E6

func (Ext6) Select 

func (e Ext6) Select(selector frontend.Variable, z1, z0 *E6) *E6

func (Ext6) Square 

func (e Ext6) Square(x *E6) *E6

func (Ext6) Sub 

func (e Ext6) Sub(x, y *E6) *E6

func (Ext6) Zero 

func (e Ext6) Zero() *E6

type G1Affine 

type G1Affine = sw_emulated.AffinePoint[emulated.BLS12381Fp]

func NewG1Affine 

func NewG1Affine(v bls12381.G1Affine) G1Affine

func NewG1AffineArray 

func NewG1AffineArray(v []bls12381.G1Affine) [10]G1Affine

type G2Affine 

type G2Affine struct {
	X, Y E2
}

func EncodeToG2 

func EncodeToG2(api frontend.API, msg [32]frontend.Variable) *G2Affine

func EncodeToG2OnJac 

func EncodeToG2OnJac(api frontend.API, msg [32]frontend.Variable) *G2Affine

func G2AddAssign 

func G2AddAssign(api frontend.API, p, p1 G2Affine) *G2Affine

Affine AddAssign add p1 to p and return p

func G2ClearCofactor 

func G2ClearCofactor(api frontend.API, a G2Affine) *G2Affine

ClearCofactor maps a point in curve to r-torsion

func G2Double 

func G2Double(api frontend.API, p1 G2Affine) *G2Affine

Double compute 2*p1, assign the result to p and return it Only for curve with j invariant 0 (a=0).

func G2Isogeny 

func G2Isogeny(api frontend.API, p *G2Affine) *G2Affine

func G2Psi 

func G2Psi(api frontend.API, a G2Affine) *G2Affine

func G2SubAssign 

func G2SubAssign(api frontend.API, p, p1 G2Affine) *G2Affine

p - p1

func GetG2AffineFromG2Jac 

func GetG2AffineFromG2Jac(api frontend.API, Q *G2Jacobian) *G2Affine

func HashToG2OnJac 

func HashToG2OnJac(api frontend.API, msg [32]frontend.Variable) *G2Affine

func NewG2Affine 

func NewG2Affine(v bls12381.G2Affine) G2Affine

type G2Jacobian 

type G2Jacobian struct {
	X, Y, Z E2
}

func ClearCofactor 

func ClearCofactor(api frontend.API, a G2Jacobian) *G2Jacobian

ClearCofactor maps a point in curve to r-torsion

func G2JacobianAddAssign 

func G2JacobianAddAssign(api frontend.API, p, a G2Jacobian) G2Jacobian

G2Affine

func G2JacobianConstScalarMul 

func G2JacobianConstScalarMul(api frontend.API, a G2Jacobian) G2Jacobian

func G2JacobianDouble 

func G2JacobianDouble(api frontend.API, p G2Jacobian) G2Jacobian

func G2JacobianNeg 

func G2JacobianNeg(api frontend.API, p G2Jacobian) G2Jacobian

func G2JacobianPsi 

func G2JacobianPsi(api frontend.API, a G2Jacobian) G2Jacobian

func G2JacobianSubAssign 

func G2JacobianSubAssign(api frontend.API, p, p1 G2Jacobian) G2Jacobian

p - p1

func GetG2JacFromG2Affine 

func GetG2JacFromG2Affine(api frontend.API, Q *G2Affine) *G2Jacobian

type GTEl 

type GTEl = E12

func NewGTEl 

func NewGTEl(v bls12381.GT) GTEl

type Pairing 

type Pairing struct {
	*Ext12
	// contains filtered or unexported fields
}

func NewPairing 

func NewPairing(api frontend.API) (*Pairing, error)

func (Pairing) AddG1Points 

func (pr Pairing) AddG1Points(p1, p2 *G1Affine) *G1Affine

func (Pairing) AggregatePublicKeys 

func (pr Pairing) AggregatePublicKeys(
	publicKeys [10]G1Affine,
	bitlist, quorumW [10]frontend.Variable,
	newTotalWeight frontend.Variable,
) G1Affine

func (Pairing) AggregatePublicKeys_Rotate 

func (pr Pairing) AggregatePublicKeys_Rotate(
	publicKeys [10]G1Affine,
	bitlist [10]frontend.Variable,
) G1Affine

duplicated todo merge

func (Pairing) AssertIsEqual 

func (pr Pairing) AssertIsEqual(x, y *GTEl)

func (Pairing) CalculateTrustedWeight 

func (pr Pairing) CalculateTrustedWeight(pubKeys_old, pubKeys_new [10]G1Affine, BitList_new, oldWeights [10]frontend.Variable) frontend.Variable

func (Pairing) CommitmentCheck 

func (pr Pairing) CommitmentCheck(Comm1, Comm2 frontend.Variable) error

func (Pairing) DoubleMillerLoopFixedQ 

func (pr Pairing) DoubleMillerLoopFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, error)

func (Pairing) DoublePairFixedQ 

func (pr Pairing) DoublePairFixedQ(P, T *G1Affine, Q *G2Affine) (*GTEl, error)

func (*Pairing) E2NotEqual 

func (m *Pairing) E2NotEqual(x, y E2) frontend.Variable

func (*Pairing) E2NotZero 

func (m *Pairing) E2NotZero(x E2) frontend.Variable

func (Pairing) FinalExponentiation 

func (pr Pairing) FinalExponentiation(e *GTEl) *GTEl

FinalExponentiation computes the exponentiation (∏ᵢ zᵢ)ᵈ where 

d = (p¹²-1)/r = (p¹²-1)/Φ₁₂(p) ⋅ Φ₁₂(p)/r = (p⁶-1)(p²+1)(p⁴ - p² +1)/r

we use instead 

d=s ⋅ (p⁶-1)(p²+1)(p⁴ - p² +1)/r

where s is the cofactor 3 (Hayashida et al.).

This is the safe version of the method where e may be {-1,1}. If it is known that e ≠ {-1,1} then using the unsafe version of the method saves considerable amount of constraints. When called with the result of [MillerLoop], then current method is applicable when length of the inputs to Miller loop is 1.

func (Pairing) FinalExponentiationUnsafe 

func (pr Pairing) FinalExponentiationUnsafe(e *GTEl) *GTEl

FinalExponentiationUnsafe computes the exponentiation (∏ᵢ zᵢ)ᵈ where 

d = (p¹²-1)/r = (p¹²-1)/Φ₁₂(p) ⋅ Φ₁₂(p)/r = (p⁶-1)(p²+1)(p⁴ - p² +1)/r

we use instead 

d=s ⋅ (p⁶-1)(p²+1)(p⁴ - p² +1)/r

where s is the cofactor 3 (Hayashida et al.).

This is the unsafe version of the method where e may NOT be {-1,1}. If e ∈ {-1, 1}, then there exists no valid solution to the circuit. This method is applicable when called with the result of [MillerLoop] method when the length of the inputs to Miller loop is 1.

func (*Pairing) G1NotEqual 

func (m *Pairing) G1NotEqual(x, y BaseEl) frontend.Variable

func (*Pairing) G1NotZero 

func (m *Pairing) G1NotZero(x BaseEl) frontend.Variable

func (*Pairing) G2AffineNotInfinity 

func (m *Pairing) G2AffineNotInfinity(a *G2Affine) frontend.Variable

func (*Pairing) GetG2AffineFromG2Jac 

func (m *Pairing) GetG2AffineFromG2Jac(api frontend.API, Q *G2Jacobian) *G2Affine

func (*Pairing) GetG2JacFromG2Affine 

func (m *Pairing) GetG2JacFromG2Affine(Q *G2Affine) *G2Jacobian

func (*Pairing) HashToG2 

func (m *Pairing) HashToG2(msg [32]frontend.Variable) *G2Affine

func (Pairing) MillerLoop 

func (pr Pairing) MillerLoop(P []*G1Affine, Q []*G2Affine) (*GTEl, error)

MillerLoop computes the multi-Miller loop ∏ᵢ { fᵢ_{u,Q}(P) }

func (Pairing) MillerLoopFixedQ 

func (pr Pairing) MillerLoopFixedQ(P *G1Affine) (*GTEl, error)

func (Pairing) Pair 

func (pr Pairing) Pair(P []*G1Affine, Q []*G2Affine) (*GTEl, error)

Pair calculates the reduced pairing for a set of points ∏ᵢ e(Pᵢ, Qᵢ).

This function doesn't check that the inputs are in the correct subgroups.

func (Pairing) PairFixedQ 

func (pr Pairing) PairFixedQ(P *G1Affine) (*GTEl, error)

func (Pairing) PairingCheck 

func (pr Pairing) PairingCheck(P []*G1Affine, Q []*G2Affine) error

PairingCheck calculates the reduced pairing for a set of points and asserts if the result is One ∏ᵢ e(Pᵢ, Qᵢ) =? 1

This function doesn't check that the inputs are in the correct subgroups.

func (*Pairing) Poseidon 

func (m *Pairing) Poseidon(inputs []frontend.Variable) frontend.Variable

func (*Pairing) Reset 

func (m *Pairing) Reset()

func (*Pairing) Sum 

func (m *Pairing) Sum() frontend.Variable

func (Pairing) ThresholdCheck 

func (pr Pairing) ThresholdCheck(t1, t2 frontend.Variable) error

func (*Pairing) Write 

func (m *Pairing) Write(data ...frontend.Variable)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.