Documentation
¶
Index ¶
- Constants
- type E12
- func (z *E12) Add(x, y *E12) *E12
- func (z *E12) Conjugate(x *E12) *E12
- func (z *E12) DecompressTorus() E24
- func (z *E12) Double(x *E12) *E12
- func (z *E12) Equal(x *E12) bool
- func (z *E12) Exp(x E12, k *big.Int) *E12
- func (z *E12) FromMont() *E12
- func (z *E12) Inverse(x *E12) *E12
- func (z *E12) InverseUnitary(x *E12) *E12
- func (z *E12) IsZero() bool
- func (z *E12) Mul(x, y *E12) *E12
- func (z *E12) MulBy01(c0, c1 *E4) *E12
- func (z *E12) MulBy1(c1 *E4) *E12
- func (z *E12) MulByE2(x *E12, y *E4) *E12
- func (z *E12) MulByNonResidue(x *E12) *E12
- func (z *E12) Neg(x *E12) *E12
- func (z *E12) Set(x *E12) *E12
- func (z *E12) SetOne() *E12
- func (z *E12) SetRandom() (*E12, error)
- func (z *E12) SetString(s0, s1, s2, s3, s4, s5, s6, s7, s8, s9, s10, s11 string) *E12
- func (z *E12) Square(x *E12) *E12
- func (z *E12) String() string
- func (z *E12) Sub(x, y *E12) *E12
- func (z *E12) ToMont() *E12
- type E2
- func (z *E2) Add(x, y *E2) *E2
- func (z *E2) Cmp(x *E2) int
- func (z *E2) Conjugate(x *E2) *E2
- func (z *E2) Div(x *E2, y *E2) *E2
- func (z *E2) Double(x *E2) *E2
- func (z *E2) Equal(x *E2) bool
- func (z *E2) Exp(x E2, k *big.Int) *E2
- func (z *E2) FromMont() *E2
- func (z *E2) Inverse(x *E2) *E2
- func (z *E2) IsZero() bool
- func (z *E2) Legendre() int
- func (z *E2) LexicographicallyLargest() bool
- func (z *E2) Mul(x, y *E2) *E2
- func (z *E2) MulByElement(x *E2, y *fp.Element) *E2
- func (z *E2) MulByNonResidue(x *E2) *E2
- func (z *E2) MulByNonResidueInv(x *E2) *E2
- func (z *E2) Neg(x *E2) *E2
- func (z *E2) Select(cond int, caseZ *E2, caseNz *E2) *E2
- func (z *E2) Set(x *E2) *E2
- func (z *E2) SetOne() *E2
- func (z *E2) SetRandom() (*E2, error)
- func (z *E2) SetString(s1, s2 string) *E2
- func (z *E2) SetZero() *E2
- func (z *E2) Sqrt(x *E2) *E2
- func (z *E2) Square(x *E2) *E2
- func (z *E2) String() string
- func (z *E2) Sub(x, y *E2) *E2
- func (z *E2) ToMont() *E2
- type E24
- func (z *E24) Add(x, y *E24) *E24
- func (z *E24) Bytes() (r [SizeOfGT]byte)
- func (z *E24) CompressTorus() (E12, error)
- func (z *E24) Conjugate(x *E24) *E24
- func (z *E24) CyclotomicExp(x E24, k *big.Int) *E24
- func (z *E24) CyclotomicSquare(x *E24) *E24
- func (z *E24) CyclotomicSquareCompressed(x *E24) *E24
- func (z *E24) DecompressKarabina(x *E24) *E24
- func (z *E24) Double(x *E24) *E24
- func (z *E24) Equal(x *E24) bool
- func (z *E24) Exp(x E24, k *big.Int) *E24
- func (z *E24) ExpGLV(x E24, k *big.Int) *E24
- func (z *E24) Expt(x *E24) *E24
- func (z *E24) Frobenius(x *E24) *E24
- func (z *E24) FrobeniusQuad(x *E24) *E24
- func (z *E24) FrobeniusSquare(x *E24) *E24
- func (z *E24) FromMont() *E24
- func (z *E24) Inverse(x *E24) *E24
- func (z *E24) InverseUnitary(x *E24) *E24
- func (z *E24) IsInSubGroup() bool
- func (z *E24) IsZero() bool
- func (z *E24) Marshal() []byte
- func (z *E24) Mul(x, y *E24) *E24
- func (z *E24) MulBy014(c0, c1, c4 *E4) *E24
- func (z *E24) Set(x *E24) *E24
- func (z *E24) SetBytes(e []byte) error
- func (z *E24) SetOne() *E24
- func (z *E24) SetRandom() (*E24, error)
- func (z *E24) SetString(...) *E24
- func (z *E24) Square(x *E24) *E24
- func (z *E24) String() string
- func (z *E24) Sub(x, y *E24) *E24
- func (z *E24) ToMont() *E24
- func (z *E24) Unmarshal(buf []byte) error
- type E4
- func (z *E4) Add(x, y *E4) *E4
- func (z *E4) Cmp(x *E4) int
- func (z *E4) Conjugate(x *E4) *E4
- func (z *E4) Div(x *E4, y *E4) *E4
- func (z *E4) Double(x *E4) *E4
- func (z *E4) Equal(x *E4) bool
- func (z *E4) Exp(x E4, k *big.Int) *E4
- func (z *E4) Frobenius(x *E4) *E4
- func (z *E4) FromMont() *E4
- func (z *E4) Halve()
- func (z *E4) Inverse(x *E4) *E4
- func (z *E4) IsZero() bool
- func (z *E4) Legendre() int
- func (z *E4) LexicographicallyLargest() bool
- func (z *E4) Mul(x, y *E4) *E4
- func (z *E4) MulByElement(x *E4, y *fp.Element) *E4
- func (z *E4) MulByNonResidue(x *E4) *E4
- func (z *E4) MulByNonResidueInv(x *E4) *E4
- func (z *E4) MulBybTwistCurveCoeff(x *E4) *E4
- func (z *E4) Neg(x *E4) *E4
- func (z *E4) Set(x *E4) *E4
- func (z *E4) SetOne() *E4
- func (z *E4) SetRandom() (*E4, error)
- func (z *E4) SetString(s0, s1, s2, s3 string) *E4
- func (z *E4) SetZero() *E4
- func (z *E4) Sqrt(x *E4) *E4
- func (z *E4) Square(x *E4) *E4
- func (z *E4) String() string
- func (z *E4) Sub(x, y *E4) *E4
- func (z *E4) ToMont() *E4
Constants ¶
const SizeOfGT = sizeOfFp * 24
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type E12 ¶
type E12 struct {
C0, C1, C2 E4
}
E12 is a degree three finite field extension of fp4
func BatchCompressTorus ¶
BatchCompressTorus GT/E24 elements to half their size using a batch inversion
func BatchInvertE12 ¶
BatchInvertE12 returns a new slice with every element inverted. Uses Montgomery batch inversion trick
if a[i] == 0, returns result[i] = a[i]
func (*E12) DecompressTorus ¶
DecompressTorus GT/E24 a compressed element element must be in the cyclotomic subgroup "COMPRESSION IN FINITE FIELDS AND TORUS-BASED CRYPTOGRAPHY", K. RUBIN AND A. SILVERBERG
func (*E12) InverseUnitary ¶
InverseUnitary inverse a unitary element
func (*E12) MulByNonResidue ¶
MulByNonResidue mul x by (0,1,0)
type E2 ¶
E2 is a degree two finite field extension of fp.Element
func (*E2) Cmp ¶
Cmp compares (lexicographic order) z and x and returns:
-1 if z < x 0 if z == x +1 if z > x
func (*E2) Inverse ¶
Inverse sets z to the E2-inverse of x, returns z
if x == 0, sets and returns z = x
func (*E2) LexicographicallyLargest ¶
LexicographicallyLargest returns true if this element is strictly lexicographically larger than its negation, false otherwise
func (*E2) MulByElement ¶
MulByElement multiplies an element in E2 by an element in fp
func (*E2) MulByNonResidue ¶
MulByNonResidue multiplies a E2 by (1,1)
func (*E2) MulByNonResidueInv ¶
MulByNonResidueInv multiplies a E2 by (1,1)^{-1}
func (*E2) Sqrt ¶
Sqrt sets z to the square root of and returns z The function does not test wether the square root exists or not, it's up to the caller to call Legendre beforehand. cf https://eprint.iacr.org/2012/685.pdf (algo 9)
type E24 ¶
type E24 struct {
D0, D1 E12
}
E24 is a degree two finite field extension of fp6
func BatchDecompressKarabina ¶
BatchDecompressKarabina multiple Karabina's cyclotomic square results if g3 != 0
g4 = (E * g5^2 + 3 * g1^2 - 2 * g2)/4g3
if g3 == 0
g4 = 2g1g5/g2
if g3=g2=0 then g4=g5=g1=0 and g0=1 (x=1) Theorem 3.1 is well-defined for all x in Gϕₙ\{1}
Divisions by 4g3 or g2 is batched using Montgomery batch inverse
func BatchDecompressTorus ¶
BatchDecompressTorus GT/E24 compressed elements using a batch inversion
func BatchInvertE24 ¶
BatchInvertE24 returns a new slice with every element inverted. Uses Montgomery batch inversion trick
if a[i] == 0, returns result[i] = a[i]
func (*E24) CompressTorus ¶
CompressTorus GT/E24 element to half its size z must be in the cyclotomic subgroup i.e. z^(p⁴-p²+1)=1 e.g. GT "COMPRESSION IN FINITE FIELDS AND TORUS-BASED CRYPTOGRAPHY", K. RUBIN AND A. SILVERBERG z.C1 == 0 only when z ∈ {-1,1}
func (*E24) CyclotomicExp ¶
CyclotomicExp sets z=xᵏ (mod q²⁴) and returns it uses 2-NAF decomposition x must be in the cyclotomic subgroup TODO: use a windowed method
func (*E24) CyclotomicSquare ¶
Granger-Scott's cyclotomic square https://eprint.iacr.org/2009/565.pdf, 3.2
func (*E24) CyclotomicSquareCompressed ¶
Karabina's compressed cyclotomic square https://eprint.iacr.org/2010/542.pdf Th. 3.2 with minor modifications to fit our tower
func (*E24) DecompressKarabina ¶
DecompressKarabina Karabina's cyclotomic square result if g3 != 0
g4 = (E * g5^2 + 3 * g1^2 - 2 * g2)/4g3
if g3 == 0
g4 = 2g1g5/g2
if g3=g2=0 then g4=g5=g1=0 and g0=1 (x=1) Theorem 3.1 is well-defined for all x in Gϕₙ\{1}
func (*E24) ExpGLV ¶
ExpGLV sets z=xᵏ (q²⁴) and returns it uses 2-dimensional GLV with 2-bits windowed method x must be in GT TODO: use 2-NAF TODO: use higher dimensional decomposition
func (*E24) Expt ¶
Expt set z to x^t in E24 and return z (t is the seed of the curve) t = 3640754176
func (*E24) FrobeniusQuad ¶
FrobeniusQuad set z to Frobenius^4(x), return z
func (*E24) FrobeniusSquare ¶
FrobeniusSquare set z to Frobenius^2(x), return z
func (*E24) Inverse ¶
Inverse set z to the inverse of x in E24 and return z
if x == 0, sets and returns z = x
func (*E24) InverseUnitary ¶
InverseUnitary inverse a unitary element
func (*E24) IsInSubGroup ¶
IsInSubGroup ensures GT/E24 is in correct sugroup
func (*E24) SetBytes ¶
SetBytes interprets e as the bytes of a big-endian GT sets z to that value (in Montgomery form), and returns z.
type E4 ¶
type E4 struct {
B0, B1 E2
}
E4 is a degree two finite field extension of fp2
func BatchInvertE4 ¶
BatchInvertE4 returns a new slice with every element inverted. Uses Montgomery batch inversion trick
if a[i] == 0, returns result[i] = a[i]
func (*E4) Cmp ¶
Cmp compares (lexicographic order) z and x and returns:
-1 if z < x 0 if z == x +1 if z > x
func (*E4) Inverse ¶
Inverse set z to the inverse of x in E4 and return z
if x == 0, sets and returns z = x
func (*E4) LexicographicallyLargest ¶
LexicographicallyLargest returns true if this element is strictly lexicographically larger than its negation, false otherwise
func (*E4) MulByElement ¶
MulByElement multiplies an element in E4 by an element in fp
func (*E4) MulByNonResidueInv ¶
MulByNonResidueInv mul x by (0,1)⁻¹
func (*E4) MulBybTwistCurveCoeff ¶
MulBybTwistCurveCoeff multiplies by 4*(0,1)
func (*E4) Sqrt ¶
Sqrt sets z to the square root of and returns z The function does not test wether the square root exists or not, it's up to the caller to call Legendre beforehand. cf https://eprint.iacr.org/2012/685.pdf (algo 10)
Source Files