Documentation ¶
Overview ¶
Package bn256 implements a particular bilinear group at the 128-bit security level.
Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.
This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.
Index ¶
- Variables
- func BigIsOdd(n *big.Int) bool
- func PairingCheck(a []*G1, b []*G2) bool
- type Fq
- func (fq Fq) Add(a, b *big.Int) *big.Int
- func (fq Fq) Affine(a *big.Int) *big.Int
- func (fq Fq) Copy(a *big.Int) *big.Int
- func (fq Fq) Div(a, b *big.Int) *big.Int
- func (fq Fq) Double(a *big.Int) *big.Int
- func (fq Fq) Equal(a, b *big.Int) bool
- func (fq Fq) Exp(base *big.Int, e *big.Int) *big.Int
- func (fq Fq) Inverse(a *big.Int) *big.Int
- func (fq Fq) IsZero(a *big.Int) bool
- func (fq Fq) Mul(a, b *big.Int) *big.Int
- func (fq Fq) MulScalar(base, e *big.Int) *big.Int
- func (fq Fq) Neg(a *big.Int) *big.Int
- func (fq Fq) One() *big.Int
- func (fq Fq) Rand() (*big.Int, error)
- func (fq Fq) Square(a *big.Int) *big.Int
- func (fq Fq) Sub(a, b *big.Int) *big.Int
- func (fq Fq) Zero() *big.Int
- type G1
- type G2
- type GT
Constants ¶
This section is empty.
Variables ¶
var Order = bigFromBase10("21888242871839275222246405745257275088548364400416034343698204186575808495617")
Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1. Needs to be highly 2-adic for efficient SNARK key and proof generation. Order - 1 = 2^28 * 3^2 * 13 * 29 * 983 * 11003 * 237073 * 405928799 * 1670836401704629 * 13818364434197438864469338081. Refer to https://eprint.iacr.org/2013/879.pdf and https://eprint.iacr.org/2013/507.pdf for more information on these parameters.
var P = bigFromBase10("21888242871839275222246405745257275088696311157297823662689037894645226208583")
P is a prime over which we form a basic field: 36u⁴+36u³+24u²+6u+1.
Functions ¶
func PairingCheck ¶
PairingCheck calculates the Optimal Ate pairing for a set of points.
Types ¶
type Fq ¶
Fq is the Z field over modulus Q
type G1 ¶
type G1 struct {
// contains filtered or unexported fields
}
G1 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.
func (*G1) ScalarBaseMult ¶
ScalarBaseMult sets e to g*k where g is the generator of the group and then returns e.
func (*G1) ScalarMult ¶
ScalarMult sets e to a*k and then returns e.
type G2 ¶
type G2 struct {
// contains filtered or unexported fields
}
G2 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.
func (*G2) ScalarBaseMult ¶
ScalarBaseMult sets e to g*k where g is the generator of the group and then returns out.
func (*G2) ScalarMult ¶
ScalarMult sets e to a*k and then returns e.
type GT ¶
type GT struct {
// contains filtered or unexported fields
}
GT is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.
func Miller ¶ added in v0.0.2
Miller applies Miller's algorithm, which is a bilinear function from the source groups to F_p^12. Miller(g1, g2).Finalize() is equivalent to Pair(g1, g2).
func (*GT) ScalarMult ¶
ScalarMult sets e to a*k and then returns e.