bls12

package module
v0.0.0-...-afb2fe3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 30, 2019 License: MIT Imports: 8 Imported by: 0

README

go-bls12-381

Package go-bls12-381 implements the BLS12-381 pairing-friendly elliptic curve construction that targets the 128-bit security level.

This project uses the constant-time hashing to the BLS12-381 elliptic curve proposed by Wahby, Boneh. For G1/G2 signatures, use sig1/sig2 respectively.

There is a lattices branch that implements the 2-GLV method on G1 and 4-GLS method on G2 - both methods use an efficent endomorphism and scalar decomposition to speed up elliptic curve scalar multiplication.

Test vectors taken from Relic. Inspiration taken from Cloudflare's bn256 implementation.

Benchmarks

branch master:

BenchmarkG1-8        	    3000	    595602 ns/op
BenchmarkG2-8        	    1000	   2117188 ns/op
BenchmarkPairing-8   	     300	   5985261 ns/op

branch lattices:

BenchmarkG1-8        	    5000	    359453 ns/op
BenchmarkG2-8        	    1000	   1433320 ns/op
BenchmarkPairing-8   	     300	   5702674 ns/op

Documentation

Overview

Package bls12 implements bls12-381 pairing-friendly elliptic curve construction. This package operates, internally, on projective coordinates.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Pair 

func Pair(g1 *G1Point, g2 *G2Point) *fq12

Pair implements the optimal ate pairing algorithm on BLS curves. See https://eprint.iacr.org/2019/077.pdf - Algorithm 1.

func RandFieldElement 

func RandFieldElement(reader io.Reader) (*big.Int, error)

RandFieldElement returns a random scalar between 0 and r.

Types

type G1Point 

type G1Point struct {
	// contains filtered or unexported fields
}

func (*G1Point) Add 

func (z *G1Point) Add(x, y *G1Point) *G1Point

Add returns the sum of (x1,y1) and (x2,y2)

func (*G1Point) HashToPoint 

func (z *G1Point) HashToPoint(buf []byte) *G1Point

HashToPoint uses the Shallue and van de Woestijne encoding. The point is guaranteed to be in the subgroup.

func (*G1Point) Marshal 

func (z *G1Point) Marshal() []byte

func (*G1Point) ScalarBaseMult 

func (z *G1Point) ScalarBaseMult(scalar *big.Int) *G1Point

ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form.

func (*G1Point) ScalarMult 

func (z *G1Point) ScalarMult(x *G1Point, scalar *big.Int) *G1Point

ScalarMult returns k*(Bx,By) where k is a number in big-endian form.

func (*G1Point) ToAffine 

func (z *G1Point) ToAffine() *G1Point

func (*G1Point) Unmarshal 

func (z *G1Point) Unmarshal(data []byte) error

type G2Point 

type G2Point struct {
	// contains filtered or unexported fields
}

func (*G2Point) Add 

func (z *G2Point) Add(x, y *G2Point) *G2Point

Add sets z to the sum x+y and returns z.

func (*G2Point) Equal 

func (x *G2Point) Equal(y *G2Point) bool

Equal reports whether x is equal to y.

func (*G2Point) HashToPoint 

func (z *G2Point) HashToPoint(buf []byte) *G2Point

func (*G2Point) HashToPointWithDomain 

func (z *G2Point) HashToPointWithDomain(buf []byte, domain uint64) *G2Point

HashToPointWithDomain uses the Shallue and van de Woestijne encoding. The point is guaranteed to be in the subgroup.

func (*G2Point) ScalarBaseMult 

func (z *G2Point) ScalarBaseMult(scalar *big.Int) *G2Point

ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form.

func (*G2Point) ScalarMult 

func (z *G2Point) ScalarMult(x *G2Point, scalar *big.Int) *G2Point

ScalarMult returns k*(Bx,By) where k is a number in big-endian form.

func (*G2Point) Set 

func (z *G2Point) Set(x *G2Point) *G2Point

Set sets z to the value of x and returns z.

func (*G2Point) ToAffine 

func (z *G2Point) ToAffine() *G2Point

type GT 

type GT struct {
	// contains filtered or unexported fields
}

func (*GT) Add 

func (z *GT) Add(x, y *fq12) *fq12

Add sets z to the sum x+y and returns z.

func (*GT) Conjugate 

func (z *GT) Conjugate(x *fq12) *fq12

Conjugate sets z to the conjugate of x and returns z.

func (*GT) Equal 

func (x *GT) Equal(y *fq12) bool

Equal reports whether x is equal to y.

func (*GT) Exp 

func (z *GT) Exp(x *fq12, y *big.Int) *fq12

Exp sets z=x**y and returns z.

func (*GT) Frobenius 

func (z *GT) Frobenius(x *fq12, power uint64) *fq12

Frobenius sets z to the pth-power Frobenius of x and returns z.

func (*GT) Inv 

func (z *GT) Inv(x *fq12) *fq12

Inv sets z to 1/x and returns z. See "Implementing cryptographic pairings", M. Scott - section 3.2.

func (*GT) Mul 

func (z *GT) Mul(x, y *fq12) *fq12

Mul sets z to the product x*y and returns z. Mul utilizes Karatsuba's method.

func (*GT) Set 

func (z *GT) Set(x *fq12) *fq12

Set sets z to x and returns z.

func (*GT) SetOne 

func (z *GT) SetOne() *fq12

SetOne sets z to 1 and returns z.

func (*GT) SparseMul014 

func (z *GT) SparseMul014(x *fq12, c0 *fq2, c1 *fq2, c4 *fq2) *fq12

SparseMult sets z to the product of x with c0, c1, c4 and returns z. SparseMult utilizes the sparness property to avoid full fq12 arithmetic. See https://github.com/zkcrypto/pairing/blob/master/src/bls12_381/fq12.rs#L34.

func (*GT) Sqr 

func (z *GT) Sqr(x *fq12) *fq12

Sqr sets z to the product x*x and returns z. Sqr utilizes complex squaring.

Source Files

View all Source files

Directories

Path Synopsis
Package sig1 implements the BLS signature scheme with signatures on G1.
 Package sig1 implements the BLS signature scheme with signatures on G1.
Package sig2 implements the BLS signature scheme with signatures on G2.
 Package sig2 implements the BLS signature scheme with signatures on G2.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.