Documentation

Overview

    Package bn256 implements a particular bilinear group.

    Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.

    This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.

    This package previously claimed to operate at a 128-bit security level. However, recent improvements in attacks mean that is no longer true. See https://moderncrypto.org/mail-archive/curves/2016/000740.html.

    Deprecated: due to its weakened security, new systems should not rely on this elliptic curve. This package is frozen, and not implemented in constant time. There is a more complete implementation at github.com/cloudflare/bn256, but note that it suffers from the same security issues of the underlying curve.

    Index

    Examples

    Constants

    This section is empty.

    Variables

    View Source
    var Order = bigFromBase10("65000549695646603732796438742359905742570406053903786389881062969044166799969")

      Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1.

      Functions

      This section is empty.

      Types

      type G1

      type G1 struct {
      	// contains filtered or unexported fields
      }

        G1 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

        func RandomG1

        func RandomG1(r io.Reader) (*big.Int, *G1, error)

          RandomG1 returns x and g₁ˣ where x is a random, non-zero number read from r.

          func (*G1) Add

          func (e *G1) Add(a, b *G1) *G1

            Add sets e to a+b and then returns e.

            Warning: this function is not complete, it fails for a equal to b.

            func (*G1) Marshal

            func (e *G1) Marshal() []byte

              Marshal converts n to a byte slice.

              func (*G1) Neg

              func (e *G1) Neg(a *G1) *G1

                Neg sets e to -a and then returns e.

                func (*G1) ScalarBaseMult

                func (e *G1) ScalarBaseMult(k *big.Int) *G1

                  ScalarBaseMult sets e to g*k where g is the generator of the group and then returns e.

                  func (*G1) ScalarMult

                  func (e *G1) ScalarMult(a *G1, k *big.Int) *G1

                    ScalarMult sets e to a*k and then returns e.

                    func (*G1) String

                    func (e *G1) String() string

                    func (*G1) Unmarshal

                    func (e *G1) Unmarshal(m []byte) (*G1, bool)

                      Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

                      type G2

                      type G2 struct {
                      	// contains filtered or unexported fields
                      }

                        G2 is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

                        func RandomG2

                        func RandomG2(r io.Reader) (*big.Int, *G2, error)

                          RandomG1 returns x and g₂ˣ where x is a random, non-zero number read from r.

                          func (*G2) Add

                          func (e *G2) Add(a, b *G2) *G2

                            Add sets e to a+b and then returns e.

                            Warning: this function is not complete, it fails for a equal to b.

                            func (*G2) Marshal

                            func (n *G2) Marshal() []byte

                              Marshal converts n into a byte slice.

                              func (*G2) ScalarBaseMult

                              func (e *G2) ScalarBaseMult(k *big.Int) *G2

                                ScalarBaseMult sets e to g*k where g is the generator of the group and then returns out.

                                func (*G2) ScalarMult

                                func (e *G2) ScalarMult(a *G2, k *big.Int) *G2

                                  ScalarMult sets e to a*k and then returns e.

                                  func (*G2) String

                                  func (e *G2) String() string

                                  func (*G2) Unmarshal

                                  func (e *G2) Unmarshal(m []byte) (*G2, bool)

                                    Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.

                                    type GT

                                    type GT struct {
                                    	// contains filtered or unexported fields
                                    }

                                      GT is an abstract cyclic group. The zero value is suitable for use as the output of an operation, but cannot be used as an input.

                                      func Pair

                                      func Pair(g1 *G1, g2 *G2) *GT

                                        Pair calculates an Optimal Ate pairing.

                                        Example
                                        Output:
                                        
                                        

                                        func (*GT) Add

                                        func (e *GT) Add(a, b *GT) *GT

                                          Add sets e to a+b and then returns e.

                                          func (*GT) Marshal

                                          func (n *GT) Marshal() []byte

                                            Marshal converts n into a byte slice.

                                            func (*GT) Neg

                                            func (e *GT) Neg(a *GT) *GT

                                              Neg sets e to -a and then returns e.

                                              func (*GT) ScalarMult

                                              func (e *GT) ScalarMult(a *GT, k *big.Int) *GT

                                                ScalarMult sets e to a*k and then returns e.

                                                func (*GT) String

                                                func (e *GT) String() string

                                                func (*GT) Unmarshal

                                                func (e *GT) Unmarshal(m []byte) (*GT, bool)

                                                  Unmarshal sets e to the result of converting the output of Marshal back into a group element and then returns e.