bn256

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2023 License: MIT, BSD-3-Clause Imports: 9 Imported by: 0

Documentation

Overview

Package bn256 defines/implements ShangMi(SM) sm9's curves and pairing.

Code generated by addchain. DO NOT EDIT.

Code generated by addchain. DO NOT EDIT.

Index

Constants

This section is empty.

Variables

View Source 
var Gen1 = &G1{curveGen}

Gen1 is the generator of G1.

View Source 
var Gen2 = &G2{twistGen}

Gen2 is the generator of G2.

View Source 
var Order = bigFromHex("b640000002a3a6f1d603ab4ff58ec74449f2934b18ea8beee56ee19cd69ecf25")

Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1.

Functions

func GenerateGTFieldTable 

func GenerateGTFieldTable(basePoint *GT) *[32 * 2]GTFieldTable

func NewCurveGenerator 

func NewCurveGenerator() *curvePoint

func NewCurvePoint 

func NewCurvePoint() *curvePoint

func NewTwistGenerator 

func NewTwistGenerator() *twistPoint

func NewTwistPoint 

func NewTwistPoint() *twistPoint

func NormalizeScalar 

func NormalizeScalar(scalar []byte) []byte

func Sqrt 

func Sqrt(e, x *gfP) (isSquare bool)

Sqrt sets e to a square root of x. If x is not a square, Sqrt returns false and e is unchanged. e and x can overlap.

Types

type G1 

type G1 struct {
	// contains filtered or unexported fields
}

G1 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

func RandomG1 

func RandomG1(r io.Reader) (*big.Int, *G1, error)

RandomG1 returns x and g₁ˣ where x is a random, non-zero number read from r.

func (*G1) Add 

func (e *G1) Add(a, b *G1) *G1

Add sets e to a+b and then returns e.

func (*G1) Double 

func (e *G1) Double(a *G1) *G1

Double sets e to [2]a and then returns e.

func (*G1) Equal 

func (e *G1) Equal(other *G1) bool

Equal compare e and other

func (*G1) IsOnCurve 

func (e *G1) IsOnCurve() bool

IsOnCurve returns true if e is on the curve.

func (*G1) Marshal 

func (e *G1) Marshal() []byte

Marshal converts e to a byte slice.

func (*G1) MarshalCompressed 

func (e *G1) MarshalCompressed() []byte

MarshalCompressed converts e to a byte slice with compress prefix. If the point is not on the curve (or is the conventional point at infinity), the behavior is undefined.

func (*G1) MarshalUncompressed 

func (e *G1) MarshalUncompressed() []byte

MarshalUncompressed converts e to a byte slice with prefix

func (*G1) Neg 

func (e *G1) Neg(a *G1) *G1

Neg sets e to -a and then returns e.

func (*G1) ScalarBaseMult 

func (e *G1) ScalarBaseMult(scalar []byte) (*G1, error)

ScalarBaseMult sets e to scaler*g where g is the generator of the group and then returns e.

func (*G1) ScalarMult 

func (e *G1) ScalarMult(a *G1, scalar []byte) (*G1, error)

ScalarMult sets e to a*k and then returns e.

func (*G1) Set 

func (e *G1) Set(a *G1) *G1

Set sets e to a and then returns e.

func (*G1) String 

func (g *G1) String() string

func (*G1) Unmarshal 

func (e *G1) Unmarshal(m []byte) ([]byte, error)

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

func (*G1) UnmarshalCompressed 

func (e *G1) UnmarshalCompressed(data []byte) ([]byte, error)

UnmarshalCompressed sets e to the result of converting the output of Marshal back into a group element and then returns e.

type G2 

type G2 struct {
	// contains filtered or unexported fields
}

G2 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

func RandomG2 

func RandomG2(r io.Reader) (*big.Int, *G2, error)

RandomG2 returns x and g₂ˣ where x is a random, non-zero number read from r.

func (*G2) Add 

func (e *G2) Add(a, b *G2) *G2

Add sets e to a+b and then returns e.

func (*G2) Equal 

func (e *G2) Equal(other *G2) bool

Equal compare e and other

func (*G2) IsOnCurve 

func (e *G2) IsOnCurve() bool

IsOnCurve returns true if e is on the twist curve.

func (*G2) Marshal 

func (e *G2) Marshal() []byte

Marshal converts e into a byte slice.

func (*G2) MarshalCompressed 

func (e *G2) MarshalCompressed() []byte

MarshalCompressed converts e into a byte slice with uncompressed point prefix

func (*G2) MarshalUncompressed 

func (e *G2) MarshalUncompressed() []byte

MarshalUncompressed converts e into a byte slice with uncompressed point prefix

func (*G2) Neg 

func (e *G2) Neg(a *G2) *G2

Neg sets e to -a and then returns e.

func (*G2) ScalarBaseMult 

func (e *G2) ScalarBaseMult(scalar []byte) (*G2, error)

ScalarBaseMult sets e to g*k where g is the generator of the group and then returns out.

func (*G2) ScalarMult 

func (e *G2) ScalarMult(a *G2, scalar []byte) (*G2, error)

ScalarMult sets e to a*k and then returns e.

func (*G2) Set 

func (e *G2) Set(a *G2) *G2

Set sets e to a and then returns e.

func (*G2) String 

func (e *G2) String() string

func (*G2) Unmarshal 

func (e *G2) Unmarshal(m []byte) ([]byte, error)

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

func (*G2) UnmarshalCompressed 

func (e *G2) UnmarshalCompressed(data []byte) ([]byte, error)

UnmarshalCompressed sets e to the result of converting the output of Marshal back into a group element and then returns e.

type GT 

type GT struct {
	// contains filtered or unexported fields
}

GT is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

func Miller 

func Miller(g1 *G1, g2 *G2) *GT

Miller applies Miller's algorithm, which is a bilinear function from the source groups to F_p^12. Miller(g1, g2).Finalize() is equivalent to Pair(g1, g2).

func Pair 

func Pair(g1 *G1, g2 *G2) *GT

Pair calculates an R-Ate pairing.

func RandomGT 

func RandomGT(r io.Reader) (*big.Int, *GT, error)

RandomGT returns x and e(g₁, g₂)ˣ where x is a random, non-zero number read from r.

func ScalarBaseMultGT 

func ScalarBaseMultGT(tables *[32 * 2]GTFieldTable, scalar []byte) (*GT, error)

ScalarBaseMultGT compute basepoint^r with precomputed table

func ScalarMultGT 

func ScalarMultGT(a *GT, scalar []byte) (*GT, error)

ScalarMultGT compute a^scalar

func (*GT) Add 

func (e *GT) Add(a, b *GT) *GT

Add sets e to a+b and then returns e.

func (*GT) Finalize 

func (e *GT) Finalize() *GT

Finalize is a linear function from F_p^12 to GT.

func (*GT) Marshal 

func (e *GT) Marshal() []byte

Marshal converts e into a byte slice. To support SM9 alg, we marshal it as 1-2-4-12 towering extentions here.

func (*GT) ScalarBaseMult 

func (e *GT) ScalarBaseMult(k *big.Int) *GT

ScalarBaseMult sets e to g*k where g is the generator of the group and then returns out.

func (*GT) ScalarMult 

func (e *GT) ScalarMult(a *GT, k *big.Int) *GT

ScalarMult sets e to a*k and then returns e.

func (*GT) Set 

func (e *GT) Set(a *GT) *GT

Set sets e to a and then returns e.

func (*GT) SetOne 

func (e *GT) SetOne() *GT

Set sets e to one and then returns e.

func (*GT) String 

func (g *GT) String() string

func (*GT) Unmarshal 

func (e *GT) Unmarshal(m []byte) ([]byte, error)

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e. To support SM9 alg, we unmarshal it as 1-2-4-12 towering extentions here.

type GTFieldTable 

type GTFieldTable [15]*GT

A GTFieldTable holds the first 15 Exp of a value at offset -1, so P is at table[0], P^15 is at table[14], and P^0 is implicitly the identity point.

func (*GTFieldTable) Select 

func (table *GTFieldTable) Select(p *GT, n uint8)

Select selects the n-th multiple of the table base point into p. It works in constant time by iterating over every entry of the table. n must be in [0, 15].

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.