bls12377

package
v0.0.0-...-6ae651b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2022 License: Apache-2.0, MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const SizeOfG1AffineCompressed = 48

SizeOfG1AffineCompressed represents the size in bytes that a G1Affine need in binary form, compressed

View Source 
const SizeOfG1AffineUncompressed = SizeOfG1AffineCompressed * 2

SizeOfG1AffineUncompressed represents the size in bytes that a G1Affine need in binary form, uncompressed

Variables

This section is empty.

Functions

func Execute 

func Execute(nbIterations int, work func(int, int), maxCpus ...int)

Execute process in parallel the work function

func ReadPoints 

func ReadPoints(path string) (points [][]G1EdMSM, err error)

func ReadScalars 

func ReadScalars(path string) (scalars [][]fr.Element, err error)

func SerializePoints 

func SerializePoints(points [][]G1Affine) []byte

func SerializeResults 

func SerializeResults(points []G1Affine) []byte

func SerializeScalars 

func SerializeScalars(scalars [][]fr.Element) []byte

Types

type G1Affine 

type G1Affine struct {
	X, Y fp.Element
}

G1Affine point in affine coordinates

func BatchJacobianToAffineG1 

func BatchJacobianToAffineG1(points []G1Jac) []G1Affine

BatchJacobianToAffineG1 converts points in Jacobian coordinates to Affine coordinates performing a single field inversion (Montgomery batch inversion trick).

func BatchScalarMultiplicationG1 

func BatchScalarMultiplicationG1(base *G1Affine, scalars []fr.Element) []G1Affine

BatchScalarMultiplicationG1 multiplies the same base by all scalars and return resulting points in affine coordinates uses a simple windowed-NAF like exponentiation algorithm

func ReadResults 

func ReadResults(path string) (points []G1Affine, err error)

func (*G1Affine) Add 

func (p *G1Affine) Add(a, b *G1Affine) *G1Affine

Add adds two point in affine coordinates. This should rarely be used as it is very inefficient compared to Jacobian

func (*G1Affine) ClearCofactor 

func (p *G1Affine) ClearCofactor(a *G1Affine) *G1Affine

ClearCofactor maps a point in curve to r-torsion

func (*G1Affine) Equal 

func (p *G1Affine) Equal(a *G1Affine) bool

Equal tests if two points (in Affine coordinates) are equal

func (*G1Affine) FromExtendedEd 

func (a *G1Affine) FromExtendedEd(p *G1EdExtended) *G1Affine

FromEdExtended converts a point in twisted Edwards (extended) to short Weierstrass (affine)

func (*G1Affine) FromJacobian 

func (p *G1Affine) FromJacobian(p1 *G1Jac) *G1Affine

FromJacobian rescales a point in Jacobian coord in z=1 plane

func (*G1Affine) IsInSubGroup 

func (p *G1Affine) IsInSubGroup() bool

IsInSubGroup returns true if p is in the correct subgroup, false otherwise

func (*G1Affine) IsInfinity 

func (p *G1Affine) IsInfinity() bool

IsInfinity checks if the point is infinity in affine, it's encoded as (0,0) (0,0) is never on the curve for j=0 curves

func (*G1Affine) IsOnCurve 

func (p *G1Affine) IsOnCurve() bool

IsOnCurve returns true if p in on the curve

func (*G1Affine) MultiExp 

func (p *G1Affine) MultiExp(points []G1Affine, scalars []fr.Element, config ecc.MultiExpConfig) (*G1Affine, error)

MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf

This call return an error if len(scalars) != len(points) or if provided config is invalid.

func (*G1Affine) Neg 

func (p *G1Affine) Neg(a *G1Affine) *G1Affine

Neg sets p to -a

func (*G1Affine) ScalarMultiplication 

func (p *G1Affine) ScalarMultiplication(a *G1Affine, s *big.Int) *G1Affine

ScalarMultiplication computes and returns p = a ⋅ s

func (*G1Affine) Set 

func (p *G1Affine) Set(a *G1Affine) *G1Affine

Set sets p to the provided point

func (*G1Affine) String 

func (p *G1Affine) String() string

String returns the string representation of the point or "O" if it is infinity

func (*G1Affine) Sub 

func (p *G1Affine) Sub(a, b *G1Affine) *G1Affine

Sub subs two point in affine coordinates. This should rarely be used as it is very inefficient compared to Jacobian

func (*G1Affine) ZBytes 

func (p *G1Affine) ZBytes() (res [SizeOfG1AffineCompressed]byte)

ZBytes returns binary representation of p will store X coordinate in regular form and a parity bit we follow the BLS12-381 style encoding as specified in ZCash and now IETF

The most significant bit, when set, indicates that the point is in compressed form. Otherwise, the point is in uncompressed form.

The second-most significant bit indicates that the point is at infinity. If this bit is set, the remaining bits of the group element's encoding should be set to zero.

The third-most significant bit is set if (and only if) this point is in compressed form and it is not the point at infinity and its y-coordinate is the lexicographically largest of the two associated with the encoded x-coordinate.

func (*G1Affine) ZSetBytes 

func (p *G1Affine) ZSetBytes(buf []byte) (int, error)

ZSetBytes sets p from binary representation in buf and returns number of consumed bytes this follow arkworks little endian and flags conventions https://docs.rs/ark-serialize/latest/src/ark_serialize/flags.rs.html#74-76 https://github.com/arkworks-rs/algebra/blob/80857c9714c5a59068f8c20f1298e2138440a1d0/ff/src/fields/models/fp/mod.rs#L581

type G1EdExtended 

type G1EdExtended struct {
	X, Y, Z, T fp.Element
}

G1EdExtended point in extended coordinates on a twisted Edwards curve (x=X/Z, y=Y/Z, x*y=T/Z)

func BatchFromAffineSW 

func BatchFromAffineSW(a []G1Affine) []G1EdExtended

BatchFromAffineSW converts a_i from affine short Weierstrass to extended twisted Edwards performing a single field inversion (Montgomery batch inversion trick).

func (*G1EdExtended) DedicatedDouble 

func (p *G1EdExtended) DedicatedDouble(q *G1EdExtended)

DedicatedDouble doubles a point in twisted Edwards extended coordinates https://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd

func (*G1EdExtended) Equal 

func (p *G1EdExtended) Equal(q *G1EdExtended) bool

Equal returns true if p=q false otherwise If one point is on the affine chart Z=0 it returns false

func (*G1EdExtended) FromAffineSW 

func (p *G1EdExtended) FromAffineSW(a *G1Affine) *G1EdExtended

FromAffine sets p = a, p in twisted Edwards (extended), a in Short Weierstrass (affine)

func (*G1EdExtended) IsInfinity 

func (p *G1EdExtended) IsInfinity() bool

IsInfinity returns true if p=0 false otherwise

func (*G1EdExtended) MultiExp 

func (p *G1EdExtended) MultiExp(points []G1EdMSM, scalars []fr.Element, config ecc.MultiExpConfig) (*G1EdExtended, error)

MultiExp implements section 4 of https://eprint.iacr.org/2012/549.pdf

This call return an error if len(scalars) != len(points) or if provided config is invalid.

func (*G1EdExtended) Neg 

func (p *G1EdExtended) Neg(q *G1EdExtended) *G1EdExtended

Neg set p to -q

func (*G1EdExtended) Set 

func (p *G1EdExtended) Set(q *G1EdExtended) *G1EdExtended

Set sets p to q and return it

func (*G1EdExtended) UnifiedAdd 

func (p *G1EdExtended) UnifiedAdd(q *G1EdExtended)

UnifiedAdd adds any two points (p+q) in twisted Edwards extended coordinates https://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-3

func (*G1EdExtended) UnifiedMixedAdd 

func (p *G1EdExtended) UnifiedMixedAdd(q *G1EdMSM)

UnifiedMixedAdd adds any two points (p+q) in twisted Edwards extended coordinates when q.Z=1 adapted from (re-madd): https://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-madd-2008-hwcd-3

func (*G1EdExtended) UnifiedMixedSub 

func (p *G1EdExtended) UnifiedMixedSub(q *G1EdMSM)

UnifiedMixedSub subtracts any two points (p-q) in twisted Edwards extended coordinates when q.Z=1 adapted from (re-madd): https://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-madd-2008-hwcd-3

func (*G1EdExtended) UnifiedReAdd 

func (p *G1EdExtended) UnifiedReAdd(q1, q2 *G1EdExtended, aux *fp.Element)

UnifiedReAdd adds any two points (p+q) in twisted Edwards extended coordinates https://hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#addition-add-2008-hwcd-3

type G1EdMSM 

type G1EdMSM struct {
	X, Y, T fp.Element
}

G1EdMSM point in custom affine coordinates on a twisted Edwards curve (y-x=X, y+x=Y, 2d*x*y=T)

func BatchFromAffineSWC 

func BatchFromAffineSWC(a []G1Affine) []G1EdMSM

BatchFromAffineSWC converts a_i from affine short Weierstrass to custom twisted Edwards performing a single field inversion (Montgomery batch inversion trick).

func (*G1EdMSM) FromExtendedEd 

func (p *G1EdMSM) FromExtendedEd(q *G1EdExtended) *G1EdMSM

FromEdExtended converts a point in twisted Edwards from extended (Z=1) to custom coordinates

type G1Jac 

type G1Jac struct {
	X, Y, Z fp.Element
}

G1Jac is a point with fp.Element coordinates

func (*G1Jac) AddAssign 

func (p *G1Jac) AddAssign(a *G1Jac) *G1Jac

AddAssign point addition in montgomery form https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl

func (*G1Jac) AddMixed 

func (p *G1Jac) AddMixed(a *G1Affine) *G1Jac

AddMixed point addition http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-madd-2007-bl

func (*G1Jac) ClearCofactor 

func (p *G1Jac) ClearCofactor(a *G1Jac) *G1Jac

ClearCofactor maps a point in E(Fp) to E(Fp)[r]

func (*G1Jac) Double 

func (p *G1Jac) Double(q *G1Jac) *G1Jac

Double doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl

func (*G1Jac) DoubleAssign 

func (p *G1Jac) DoubleAssign() *G1Jac

DoubleAssign doubles a point in Jacobian coordinates https://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2007-bl

func (*G1Jac) Equal 

func (p *G1Jac) Equal(a *G1Jac) bool

Equal tests if two points (in Jacobian coordinates) are equal

func (*G1Jac) FromAffine 

func (p *G1Jac) FromAffine(Q *G1Affine) *G1Jac

FromAffine sets p = Q, p in Jacobian, Q in affine

func (*G1Jac) IsInSubGroup 

func (p *G1Jac) IsInSubGroup() bool

IsInSubGroup returns true if p is on the r-torsion, false otherwise. Z[r,0]+Z[-lambdaG1Affine, 1] is the kernel of (u,v)->u+lambdaG1Affinev mod r. Expressing r, lambdaG1Affine as polynomials in x, a short vector of this Zmodule is 1, x². So we check that p+x²ϕ(p) is the infinity.

func (*G1Jac) IsOnCurve 

func (p *G1Jac) IsOnCurve() bool

IsOnCurve returns true if p in on the curve

func (*G1Jac) Neg 

func (p *G1Jac) Neg(a *G1Jac) *G1Jac

Neg computes -G

func (*G1Jac) ScalarMultiplication 

func (p *G1Jac) ScalarMultiplication(a *G1Jac, s *big.Int) *G1Jac

ScalarMultiplication computes and returns p = a ⋅ s see https://www.iacr.org/archive/crypto2001/21390189.pdf

func (*G1Jac) ScalarMultiplicationAffine 

func (p *G1Jac) ScalarMultiplicationAffine(a *G1Affine, s *big.Int) *G1Jac

ScalarMultiplicationAffine computes and returns p = a ⋅ s Takes an affine point and returns a Jacobian point (useful for KZG)

func (*G1Jac) Set 

func (p *G1Jac) Set(a *G1Jac) *G1Jac

Set sets p to the provided point

func (*G1Jac) String 

func (p *G1Jac) String() string

String returns canonical representation of the point in affine coordinates

func (*G1Jac) SubAssign 

func (p *G1Jac) SubAssign(a *G1Jac) *G1Jac

SubAssign subtracts two points on the curve

Source Files

View all Source files

Directories

Path Synopsis
Package fp contains field arithmetic operations for modulus = 0x1ae3a4...000001.
 Package fp contains field arithmetic operations for modulus = 0x1ae3a4...000001.
Package fr contains field arithmetic operations for modulus = 0x12ab65...000001.
 Package fr contains field arithmetic operations for modulus = 0x12ab65...000001.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.