curves

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2020 License: Apache-2.0 Imports: 10 Imported by: 0

README

Curves

This library currently supports Bls12-381, and Alt bn128. Currently it wraps existing golang libraries into a common interface, and provides hashing methods for these curves.

Bls12-381

This is the set of curves which zcash is switching too. Its official documentation is located here. The underlying bls12-381 implementation used in this library is dis2's repository.

Alt bn128

The group G_1 is a cyclic group of prime order on the curve Y^2 = X^3 + 3 defined over the field F_p with p = 21888242871839275222246405745257275088696311157297823662689037894645226208583.

The generator g_1 is (1,2)

Since this curve is of prime order, every non-identity point is a generator, therefore the cofactor is 1.

The group G_2 is a cyclic subgroup of the non-prime order elliptic curve Y^2 = X^3 + 3*((i + 9)^(-1)) over the field F_p^2 = F_p[X] / (X^2 + 1) (where p is the same as above). We can write our irreducible element as i. The cofactor of this group is 21888242871839275222246405745257275088844257914179612981679871602714643921549.

The generator g_2 is defined as: (11559732032986387107991004021392285783925812861821192530917403151452391805634*i + 10857046999023057135944570762232829481370756359578518086990519993285655852781, 4082367875863433681332203403145435568316851327593401208105741076214120093531*i + 8495653923123431417604973247489272438418190587263600148770280649306958101930)

The identity element for both groups (The point at infinity in affine space) is internally represented as (0,0).

The underlying alt bn128 implementation used in this library is go-ethereums.

Benchmarks

The following benchmarks are from a 3.80GHz i7-7700HQ CPU with 16GB ram.

The pairing operation on Altbn128 takes ~1.9 milliseconds.

BenchmarkPairing-8   	    1000	   1958898 ns/op

and for Bls12 it takes ~1.5 ms:

BenchmarkPairGT-8               	    1000	   1539918 ns/op

Hashing

Currently only hashing to G1 is supported. Hashing to G2 is planned. For altbn128, the hashing algorithm is currently try-and-increment, and we support SHA3, Kangaroo twelve, Keccak256, and Blake2b.

For bls12-381, we are using Fouque-Tibouchi hashing using blake2b. This is interoperable with ebfull's repository.

References

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Altbn128 = &altbn128{}

Altbn128Inst is the instance for the altbn128 curve, with all of its functions.

View Source 
var Bls12 = &bls12Curve{}

Bls12 is the instance for the bls12 curve, with all of its functions.

Functions

func AltbnBlake2b 

func AltbnBlake2b(message []byte) []*big.Int

AltbnBlake2b Hashes a message to a point on Altbn128 using Blake2b and try and increment The return value is the x,y affine coordinate pair.

func AltbnKeccak3 

func AltbnKeccak3(message []byte) []*big.Int

AltbnKeccak3 Hashes a message to a point on Altbn128 using Keccak3 and try and increment Keccak3 is only for compatability with Ethereum hashing. The return value is the x,y affine coordinate pair.

func AltbnSha3 

func AltbnSha3(message []byte) []*big.Int

AltbnSha3 Hashes a message to a point on Altbn128 using SHA3 and try and increment The return value is the x,y affine coordinate pair.

func EthereumSum256 

func EthereumSum256(data []byte) (digest [32]byte)

EthereumSum256 returns the Keccak3-256 digest of the data. This is because Ethereum uses a non-standard hashing algo.

Types

type CurveSystem 

type CurveSystem interface {
	Name() string

	MakeG1Point([]*big.Int, bool) (Point, bool)
	MakeG2Point([]*big.Int, bool) (Point, bool)

	UnmarshalG1([]byte) (Point, bool)
	UnmarshalG2([]byte) (Point, bool)
	UnmarshalGT([]byte) (PointT, bool)

	GetG1() Point
	GetG2() Point
	GetGT() PointT

	GetG1Infinity() Point
	GetG2Infinity() Point
	GetGTIdentity() PointT

	HashToG1(message []byte) Point

	GetG1Q() *big.Int
	GetG1Order() *big.Int

	Pair(Point, Point) (PointT, bool)
	// Product of Pairings
	PairingProduct([]Point, []Point) (PointT, bool)
	// contains filtered or unexported methods
}

CurveSystem is a set of parameters and functions for a pairing based cryptosystem It has everything necessary to support all bgls functionality which we use.

type Point 

type Point interface {
	Add(Point) (Point, bool)
	Copy() Point
	Equals(Point) bool
	Marshal() []byte
	MarshalUncompressed() []byte
	Mul(*big.Int) Point
	ToAffineCoords() []*big.Int
}

Point is a way to represent a point on G1 or G2, in the first two elliptic curves.

func AggregatePoints 

func AggregatePoints(points []Point) Point

AggregatePoints takes the sum of points.

func ScalePoints 

func ScalePoints(pts []Point, factors []*big.Int) (newKeys []Point)

ScalePoints takes a set of points, and a set of multiples, and returns a new set of points multiplied by the corresponding factor.

type PointT 

type PointT interface {
	Add(PointT) (PointT, bool)
	Copy() PointT
	Equals(PointT) bool
	Marshal() []byte
	Mul(*big.Int) PointT
}

PointT is a way to represent a point on GT, in the target group

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.