# bn256

package
Version: v0.0.0-...-d007484 Latest Latest

Go to latest
Published: Jul 28, 2019 License: GPL-3.0, BSD-3-Clause

## Documentation ¶

### Overview ¶

Package bn256 implements a particular bilinear group at the 128-bit security level.

Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.

This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.

### Constants ¶

This section is empty.

### Variables ¶

View Source
`var Order = bigFromBase10("21888242871839275222246405745257275088548364400416034343698204186575808495617")`

Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1.

View Source
`var P = bigFromBase10("21888242871839275222246405745257275088696311157297823662689037894645226208583")`

P is a prime over which we form a basic field: 36u⁴+36u³+24u²+6u+1.

### Functions ¶

#### func PairingCheck ¶

`func PairingCheck(a []*G1, b []*G2) bool`

PairingCheck calculates the Optimal Ate pairing for a set of points.

### Types ¶

#### type G1 ¶

```type G1 struct {
// contains filtered or unexported fields
}```

G1 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

#### func RandomG1 ¶

`func RandomG1(r io.Reader) (*big.Int, *G1, error)`

RandomG1 returns x and g₁ˣ where x is a random, non-zero number read from r.

`func (e *G1) Add(a, b *G1) *G1`

Add sets e to a+b and then returns e.

#### func (*G1) Marshal ¶

`func (e *G1) Marshal() []byte`

Marshal converts e to a byte slice.

#### func (*G1) Neg ¶

`func (e *G1) Neg(a *G1) *G1`

Neg sets e to -a and then returns e.

#### func (*G1) ScalarBaseMult ¶

`func (e *G1) ScalarBaseMult(k *big.Int) *G1`

ScalarBaseMult sets e to g*k where g is the generator of the group and then returns e.

#### func (*G1) ScalarMult ¶

`func (e *G1) ScalarMult(a *G1, k *big.Int) *G1`

ScalarMult sets e to a*k and then returns e.

#### func (*G1) Set ¶

`func (e *G1) Set(a *G1) *G1`

Set sets e to a and then returns e.

#### func (*G1) String ¶

`func (g *G1) String() string`

#### func (*G1) Unmarshal ¶

`func (e *G1) Unmarshal(m []byte) ([]byte, error)`

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

#### type G2 ¶

```type G2 struct {
// contains filtered or unexported fields
}```

G2 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

#### func RandomG2 ¶

`func RandomG2(r io.Reader) (*big.Int, *G2, error)`

RandomG2 returns x and g₂ˣ where x is a random, non-zero number read from r.

`func (e *G2) Add(a, b *G2) *G2`

Add sets e to a+b and then returns e.

#### func (*G2) Marshal ¶

`func (e *G2) Marshal() []byte`

Marshal converts e into a byte slice.

#### func (*G2) Neg ¶

`func (e *G2) Neg(a *G2) *G2`

Neg sets e to -a and then returns e.

#### func (*G2) ScalarBaseMult ¶

`func (e *G2) ScalarBaseMult(k *big.Int) *G2`

ScalarBaseMult sets e to g*k where g is the generator of the group and then returns out.

#### func (*G2) ScalarMult ¶

`func (e *G2) ScalarMult(a *G2, k *big.Int) *G2`

ScalarMult sets e to a*k and then returns e.

#### func (*G2) Set ¶

`func (e *G2) Set(a *G2) *G2`

Set sets e to a and then returns e.

#### func (*G2) String ¶

`func (e *G2) String() string`

#### func (*G2) Unmarshal ¶

`func (e *G2) Unmarshal(m []byte) ([]byte, error)`

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

#### type GT ¶

```type GT struct {
// contains filtered or unexported fields
}```

GT is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

#### func Miller ¶

`func Miller(g1 *G1, g2 *G2) *GT`

Miller applies Miller's algorithm, which is a bilinear function from the source groups to F_p^12. Miller(g1, g2).Finalize() is equivalent to Pair(g1, g2).

#### func Pair ¶

`func Pair(g1 *G1, g2 *G2) *GT`

Pair calculates an Optimal Ate pairing.

`func (e *GT) Add(a, b *GT) *GT`

Add sets e to a+b and then returns e.

#### func (*GT) Finalize ¶

`func (e *GT) Finalize() *GT`

Finalize is a linear function from F_p^12 to GT.

#### func (*GT) Marshal ¶

`func (e *GT) Marshal() []byte`

Marshal converts e into a byte slice.

#### func (*GT) Neg ¶

`func (e *GT) Neg(a *GT) *GT`

Neg sets e to -a and then returns e.

#### func (*GT) ScalarMult ¶

`func (e *GT) ScalarMult(a *GT, k *big.Int) *GT`

ScalarMult sets e to a*k and then returns e.

#### func (*GT) Set ¶

`func (e *GT) Set(a *GT) *GT`

Set sets e to a and then returns e.

#### func (*GT) String ¶

`func (g *GT) String() string`

#### func (*GT) Unmarshal ¶

`func (e *GT) Unmarshal(m []byte) ([]byte, error)`

Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.