Documentation ¶
Overview ¶
Package bn256 implements a particular bilinear group.
Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.
This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.
This package previously claimed to operate at a 128-bit security level. However, recent improvements in attacks mean that is no longer true. See https://moderncrypto.org/mail-archive/curves/2016/000740.html.
Index ¶
- Variables
- type Suite
- func (s *Suite) G1() kyber.Group
- func (s *Suite) G2() kyber.Group
- func (s *Suite) GT() kyber.Group
- func (c Suite) Hash() hash.Hash
- func (c Suite) New(t reflect.Type) interface{}
- func (s *Suite) Pair(p1 kyber.Point, p2 kyber.Point) kyber.Point
- func (c Suite) RandomStream() cipher.Stream
- func (c Suite) Read(r io.Reader, objs ...interface{}) error
- func (c Suite) String() string
- func (s *Suite) ValidatePairing(p1, p2, inv1, inv2 kyber.Point) bool
- func (c Suite) Write(w io.Writer, objs ...interface{}) error
- func (c Suite) XOF(seed []byte) kyber.XOF
- type SuiteBn256
- func (c SuiteBn256) Hash() hash.Hash
- func (c SuiteBn256) New(t reflect.Type) interface{}
- func (s *SuiteBn256) Point() kyber.Point
- func (s *SuiteBn256) PointLen() int
- func (c SuiteBn256) RandomStream() cipher.Stream
- func (c SuiteBn256) Read(r io.Reader, objs ...interface{}) error
- func (s *SuiteBn256) Scalar() kyber.Scalar
- func (s *SuiteBn256) ScalarLen() int
- func (s *SuiteBn256) String() string
- func (c SuiteBn256) Write(w io.Writer, objs ...interface{}) error
- func (c SuiteBn256) XOF(seed []byte) kyber.XOF
Constants ¶
This section is empty.
Variables ¶
var Order = bigFromBase10("21888242871839275222246405745257275088548364400416034343698204186575808495617")
Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1. Needs to be highly 2-adic for efficient SNARK key and proof generation. Order - 1 = 2^28 * 3^2 * 13 * 29 * 983 * 11003 * 237073 * 405928799 * 1670836401704629 * 13818364434197438864469338081. Refer to https://eprint.iacr.org/2013/879.pdf and https://eprint.iacr.org/2013/507.pdf for more information on these parameters.
var P = bigFromBase10("21888242871839275222246405745257275088696311157297823662689037894645226208583")
P is a prime over which we form a basic field: 36u⁴+36u³+24u²+6u+1.
Functions ¶
This section is empty.
Types ¶
type Suite ¶
type Suite struct {
// contains filtered or unexported fields
}
Suite implements the pairing.Suite interface for the BN256 bilinear pairing.
func NewSuiteRand ¶
NewSuiteRand generates and returns a new BN256 suite seeded by the given cipher stream.
func (*Suite) Pair ¶
Pair takes the points p1 and p2 in groups G1 and G2, respectively, as input and computes their pairing in GT.
func (Suite) RandomStream ¶
RandomStream returns a cipher.Stream which corresponds to a key stream from crypto/rand.
func (Suite) String ¶
func (c Suite) String() string
String returns a recognizable string that this is a combined suite.
func (*Suite) ValidatePairing ¶
type SuiteBn256 ¶
SuiteBn256 is an adapter that implements the suites.Suite interface so that bn256 can be used as a common suite to generate key pairs for instance but still preserves the properties of the pairing (e.g. the Pair function).
It's important to note that the Point function will generate a point compatible with public keys only (group G2) where the signature must be used as a point from the group G1.
func (*SuiteBn256) Point ¶
func (s *SuiteBn256) Point() kyber.Point
Point generates a point from the G2 group that can only be used for public keys
func (*SuiteBn256) PointLen ¶
func (s *SuiteBn256) PointLen() int
PointLen returns the length of a G2 point
func (SuiteBn256) RandomStream ¶
RandomStream returns a cipher.Stream which corresponds to a key stream from crypto/rand.
func (*SuiteBn256) ScalarLen ¶
func (s *SuiteBn256) ScalarLen() int
ScalarLen returns the lenght of a scalar
func (*SuiteBn256) String ¶
func (s *SuiteBn256) String() string
String returns the name of the suite