Documentation
¶
Overview ¶
Package bls12381 provides a Go interface to the implementation of the BLS12-381 bilinear pairing. See https://z.cash/blog/new-snark-curve/ for more information about BLS12-381.
Index ¶
- Variables
- func G1AffineEqual(a *G1Affine, b *G1Affine) bool
- func G1Equal(a *G1, b *G1) bool
- func G2AffineEqual(a *G2Affine, b *G2Affine) bool
- func G2Equal(a *G2, b *G2) bool
- func GTEqual(a *GT, b *GT) bool
- type G1
- func (result *G1) Add(a *G1, b *G1) *G1
- func (result *G1) AddMixed(a *G1, b *G1Affine) *G1
- func (result *G1) Copy(a *G1) *G1
- func (result *G1) Double(a *G1) *G1
- func (result *G1) FromAffine(a *G1Affine) *G1
- func (result *G1) Multiply(a *G1, scalar *big.Int) *G1
- func (result *G1) MultiplyAffine(a *G1Affine, scalar *big.Int) *G1
- func (result *G1) Negate(a *G1) *G1
- func (result *G1) Random() *G1
- type G1Affine
- func (result *G1Affine) Copy(a *G1Affine) *G1Affine
- func (result *G1Affine) FromProjective(a *G1) *G1Affine
- func (result *G1Affine) Hash(buffer []byte) *G1Affine
- func (g *G1Affine) Marshal(into []byte, compressed bool) []byte
- func (result *G1Affine) Negate(a *G1Affine) *G1Affine
- func (g *G1Affine) Unmarshal(marshalled []byte, compressed bool, checked bool) *G1Affine
- type G2
- func (result *G2) Add(a *G2, b *G2) *G2
- func (result *G2) AddMixed(a *G2, b *G2Affine) *G2
- func (result *G2) Copy(a *G2) *G2
- func (result *G2) Double(a *G2) *G2
- func (result *G2) FromAffine(a *G2Affine) *G2
- func (result *G2) Multiply(a *G2, scalar *big.Int) *G2
- func (result *G2) MultiplyAffine(a *G2Affine, scalar *big.Int) *G2
- func (result *G2) Negate(a *G2) *G2
- func (result *G2) Random() *G2
- type G2Affine
- func (result *G2Affine) Copy(a *G2Affine) *G2Affine
- func (result *G2Affine) FromProjective(a *G2) *G2Affine
- func (result *G2Affine) Hash(buffer []byte) *G2Affine
- func (g *G2Affine) Marshal(into []byte, compressed bool) []byte
- func (result *G2Affine) Negate(a *G2Affine) *G2Affine
- func (g *G2Affine) Unmarshal(marshalled []byte, compressed bool, checked bool) *G2Affine
- type G2Prepared
- type GT
- func (result *GT) Add(a *GT, b *GT) *GT
- func (result *GT) Copy(a *GT) *GT
- func (result *GT) Double(a *GT) *GT
- func (g *GT) Marshal(into []byte) []byte
- func (result *GT) Multiply(a *GT, scalar *big.Int) *GT
- func (result *GT) Negate(a *GT) *GT
- func (result *GT) Pairing(a *G1Affine, b *G2Affine) *GT
- func (result *GT) PairingSum(a []*G1Affine, b []*G2Affine, c []*G1Affine, d []*G2Prepared) *GT
- func (result *GT) PreparedPairing(a *G1Affine, b *G2Prepared) *GT
- func (result *GT) Random(a *GT) (*GT, *big.Int)
- func (g *GT) Unmarshal(marshalled []byte) *GT
Constants ¶
This section is empty.
Variables ¶
var ( G1MarshalledCompressedSize = int(C.embedded_pairing_bls12_381_g1_marshalled_compressed_size) G1MarshalledUncompressedSize = int(C.embedded_pairing_bls12_381_g1_marshalled_uncompressed_size) G2MarshalledCompressedSize = int(C.embedded_pairing_bls12_381_g2_marshalled_compressed_size) G2MarshalledUncompressedSize = int(C.embedded_pairing_bls12_381_g2_marshalled_uncompressed_size) GTMarshalledSize = int(C.embedded_pairing_bls12_381_gt_marshalled_size) )
Sizes of group elements when marshalled
var G1GeneratorAffine = (*G1Affine)(unsafe.Pointer(C.embedded_pairing_bls12_381_g1affine_generator))
G1GeneratorAffine is a generator of group G1, in affine representation.
var G1Zero = (*G1)(unsafe.Pointer(C.embedded_pairing_bls12_381_g1_zero))
G1Zero is the zero (identity) element of group G1, in projective representation.
var G1ZeroAffine = (*G1Affine)(unsafe.Pointer(C.embedded_pairing_bls12_381_g1affine_zero))
G1ZeroAffine is the zero (identity) element of group G1, in affine representation.
var G2GeneratorAffine = (*G2Affine)(unsafe.Pointer(C.embedded_pairing_bls12_381_g2affine_generator))
G2GeneratorAffine is a generator of group G2, in affine representation.
var G2Zero = (*G2)(unsafe.Pointer(C.embedded_pairing_bls12_381_g2_zero))
G2Zero is the zero (identity) element of group G2, in projective representation.
var G2ZeroAffine = (*G2Affine)(unsafe.Pointer(C.embedded_pairing_bls12_381_g2affine_zero))
G2ZeroAffine is the zero (identity) element of group G2, in affine representation.
var GTGenerator = (*GT)(unsafe.Pointer(C.embedded_pairing_bls12_381_gt_generator))
GTGenerator is the generator of group GT.
var GTZero = (*GT)(unsafe.Pointer(C.embedded_pairing_bls12_381_gt_zero))
GTZero is the zero (identity) element of group GT.
var GroupOrder = internal.BigIntFromC(new(big.Int), unsafe.Pointer(C.embedded_pairing_bls12_381_group_order), 32)
GroupOrder is a 255-bit prime number that is the order of G1, G2, and GT.
Functions ¶
func G1AffineEqual ¶
G1AffineEqual tests whether two elements of G1 are equal.
func G2AffineEqual ¶
G2AffineEqual tests whether two elements of G2 are equal.
Types ¶
type G1 ¶
type G1 struct {
Data C.embedded_pairing_bls12_381_g1_t
}
G1 is an element of G1, the smaller and faster source group of the BLS12-381 pairing, in projective representation.
func (*G1) FromAffine ¶
FromAffine computes result := a.
func (*G1) MultiplyAffine ¶
MultiplyAffine computes result := scalar * a.
type G1Affine ¶
type G1Affine struct {
Data C.embedded_pairing_bls12_381_g1affine_t
}
G1Affine is an element of G1, the smaller and faster source group of the BLS12-381 pairing, in affine representation.
func (*G1Affine) FromProjective ¶
FromProjective computes result := a.
func (*G1Affine) Hash ¶
Hash hashes the contents of the provided buffer to an element of G1, and stores it in result.
func (*G1Affine) Marshal ¶
Marshal encodes an element of G1 into the provided byte slice, in either compressed or uncompressed form depending on the argument, and then returns the byte slice.
func (*G1Affine) Unmarshal ¶
Unmarshal recovers an element of G1 from a byte slice, which must encode either its compressed or uncompressed form, depending on the argument. If CHECKED is set to false, then unmarshalling is faster (some checks on the result are skipped), but the function will not detect if the resulting group element is invalid.
type G2 ¶
type G2 struct {
Data C.embedded_pairing_bls12_381_g2_t
}
G2 is an element of G2, the larger and slower source group of the BLS12-381 pairing, in projective representation.
func (*G2) FromAffine ¶
FromAffine computes result := a.
func (*G2) MultiplyAffine ¶
MultiplyAffine computes result := scalar * a.
type G2Affine ¶
type G2Affine struct {
Data C.embedded_pairing_bls12_381_g2affine_t
}
G2Affine is an element of G2, the larger and slower source group of the BLS12-381 pairing, in affine representation.
func (*G2Affine) FromProjective ¶
FromProjective computes result := a.
func (*G2Affine) Hash ¶
Hash hashes the contents of the provided buffer to an element of G2, and stores it in result.
func (*G2Affine) Marshal ¶
Marshal encodes an element of G2 into the provided byte slice, in either compressed or uncompressed form depending on the argument, and then returns the byte slice.
func (*G2Affine) Unmarshal ¶
Unmarshal recovers an element of G2 from a byte slice, which must encode either its compressed or uncompressed form, depending on the argument. If CHECKED is set to false, then unmarshalling is faster (some checks on the result are skipped), but the function will not detect if the resulting group element is invalid.
type G2Prepared ¶
type G2Prepared struct {
Data C.embedded_pairing_bls12_381_g2prepared_t
}
G2Prepared represents a precomputed value derived from an element of G2 that accelerates pairing computations involving that element. Note that this is large (~20 KB) compared to other structures in this library.
func (*G2Prepared) Prepare ¶
func (result *G2Prepared) Prepare(a *G2Affine) *G2Prepared
Prepare precomputes a value that can be used to accelerate future pairing computations using a (see PreparedPairing), and store it in result.
type GT ¶
type GT struct {
Data C.embedded_pairing_bls12_381_fq12_t
}
GT represents an element of GT, the target group of the BLS12-381 pairing.
func (*GT) Marshal ¶
Marshal encodes an element of GT into the provided byte slice, and then returns the byte slice.
func (*GT) PairingSum ¶
PairingSum computes the sum of e(a[i], b[i]) for i = 0 ... len(a) - 1 and e(c[j], d[j]) for j = 0 ... len(c) - 1 (so the sum of len(a) + len(c) terms total), and stores the in result. It is significantly faster than computing each term separately using Pairing() or PreparedPairing and then computing the sum using Add.
func (*GT) PreparedPairing ¶
func (result *GT) PreparedPairing(a *G1Affine, b *G2Prepared) *GT
PreparedPairing computes result := e(a, b).
Source Files