bn256

package
v2.2.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 6, 2021 License: GPL-3.0, BSD-3-Clause, BSD-3-Clause Imports: 8 Imported by: 9

Documentation

Overview

Package bn256 implements a particular bilinear group at the 128-bit security level.

Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.

This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.

Index

Constants

This section is empty.

Variables

View Source
var Order = bigFromBase10("21888242871839275222246405745257275088548364400416034343698204186575808495617")

Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1.

View Source
var P = bigFromBase10("21888242871839275222246405745257275088696311157297823662689037894645226208583")

P is a prime over which we form a basic field: 36u⁴+36u³+24u²+6u+1.

Functions

func BytesToGfp

func BytesToGfp(b []byte) *gfP

func GfpToBytes

func GfpToBytes(p *gfP) []byte

func PairingCheck

func PairingCheck(a []*G1, b []*G2) bool

PairingCheck calculates the Optimal Ate pairing for a set of points.

Types

type G1

type G1 struct {
	// contains filtered or unexported fields
}

G1 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

func RandomG1

func RandomG1(r io.Reader) (*big.Int, *G1, error)

RandomG1 returns x and g₁ˣ where x is a random, non-zero number read from r.

func (*G1) Add

func (e *G1) Add(a, b *G1) *G1

Add sets e to a+b and then returns e.

func (*G1) DecodeRLP

func (e *G1) DecodeRLP(s *rlp.Stream) error

DecodeRLP implements rlp.Decoder

func (*G1) EncodeRLP

func (e *G1) EncodeRLP(w io.Writer) error

func (*G1) IsInfinity

func (e *G1) IsInfinity() bool

add by demmon

func (*G1) Marshal

func (e *G1) Marshal() []byte

Marshal converts e to a byte slice.

func (*G1) Neg

func (e *G1) Neg(a *G1) *G1

Neg sets e to -a and then returns e.

func (*G1) ScalarBaseMult

func (e *G1) ScalarBaseMult(k *big.Int) *G1

ScalarBaseMult sets e to g*k where g is the generator of the group and then returns e.

func (*G1) ScalarMult

func (e *G1) ScalarMult(a *G1, k *big.Int) *G1

ScalarMult sets e to a*k and then returns e.

func (*G1) Set

func (e *G1) Set(a *G1) *G1

Set sets e to a and then returns e.

func (*G1) String

func (g *G1) String() string

func (*G1) Unmarshal

func (e *G1) Unmarshal(m []byte) ([]byte, error)

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

func (*G1) UnmarshalPure

func (e *G1) UnmarshalPure(m []byte) ([]byte, error)

type G2

type G2 struct {
	// contains filtered or unexported fields
}

00304909d06b42ada9adb7ef89a120811441d72296e715b323f32363fba1f9c1 3034056910c65d7c0ea28dc6f7e037dc833f936ed18ab4da182d68b2dcdb0386 G2 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

func RandomG2

func RandomG2(r io.Reader) (*big.Int, *G2, error)

RandomG2 returns x and g₂ˣ where x is a random, non-zero number read from r.

func (*G2) Add

func (e *G2) Add(a, b *G2) *G2

Add sets e to a+b and then returns e.

func (*G2) DecodeRLP

func (e *G2) DecodeRLP(s *rlp.Stream) error

DecodeRLP implements rlp.Decoder

func (*G2) EncodeRLP

func (e *G2) EncodeRLP(w io.Writer) error

func (*G2) IsInfinity

func (e *G2) IsInfinity() bool

add by demmon

func (*G2) Marshal

func (e *G2) Marshal() []byte

Marshal converts e into a byte slice.

func (*G2) Neg

func (e *G2) Neg(a *G2) *G2

Neg sets e to -a and then returns e.

func (*G2) ScalarBaseMult

func (e *G2) ScalarBaseMult(k *big.Int) *G2

ScalarBaseMult sets e to g*k where g is the generator of the group and then returns out.

func (*G2) ScalarMult

func (e *G2) ScalarMult(a *G2, k *big.Int) *G2

ScalarMult sets e to a*k and then returns e.

func (*G2) Set

func (e *G2) Set(a *G2) *G2

Set sets e to a and then returns e.

func (*G2) String

func (e *G2) String() string

func (*G2) Unmarshal

func (e *G2) Unmarshal(m []byte) ([]byte, error)

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

func (*G2) UnmarshalPure

func (e *G2) UnmarshalPure(m []byte) ([]byte, error)

type GT

type GT struct {
	// contains filtered or unexported fields
}

GT is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

func Miller

func Miller(g1 *G1, g2 *G2) *GT

Miller applies Miller's algorithm, which is a bilinear function from the source groups to F_p^12. Miller(g1, g2).Finalize() is equivalent to Pair(g1, g2).

func Pair

func Pair(g1 *G1, g2 *G2) *GT

Pair calculates an Optimal Ate pairing.

func (*GT) Add

func (e *GT) Add(a, b *GT) *GT

Add sets e to a+b and then returns e.

func (*GT) Finalize

func (e *GT) Finalize() *GT

Finalize is a linear function from F_p^12 to GT.

func (*GT) Marshal

func (e *GT) Marshal() []byte

Marshal converts e into a byte slice.

func (*GT) Neg

func (e *GT) Neg(a *GT) *GT

Neg sets e to -a and then returns e.

func (*GT) ScalarMult

func (e *GT) ScalarMult(a *GT, k *big.Int) *GT

ScalarMult sets e to a*k and then returns e.

func (*GT) Set

func (e *GT) Set(a *GT) *GT

Set sets e to a and then returns e.

func (*GT) String

func (g *GT) String() string

func (*GT) Unmarshal

func (e *GT) Unmarshal(m []byte) ([]byte, error)

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL