Skip to content
Package bn256 implements a particular bilinear group.
Branch: master
Clone or download
Bren2010 Merge pull request #9 from cloudflare/testMarshal
Adds identities on marshaling function for G1,G2,GT.
Latest commit 828ba4f May 24, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Add documentation. Sep 26, 2017
README.md Remove claim of 128-bit security level from README as well. May 10, 2019
bn256.go
bn256_test.go Removing extra tests and SetInfinity calls. May 23, 2019
constants.go Cleanup constants.go. Sep 26, 2017
curve.go Compress infinity for G2; move some code into its own files. Sep 26, 2017
example_test.go Implement pairing. Sep 26, 2017
gfp.go Add a generic implementation. Mar 10, 2018
gfp12.go Implement pairing. Sep 26, 2017
gfp2.go Compress infinity for G2; move some code into its own files. Sep 26, 2017
gfp6.go Implement gfp6. Sep 26, 2017
gfp_amd64.s Fix Go 1.11 compatibility. Aug 2, 2018
gfp_arm64.s Add a generic implementation. Mar 10, 2018
gfp_decl.go Run go fmt. Sep 24, 2018
gfp_generic.go Add a generic implementation. Mar 10, 2018
mul_amd64.h Namespace amd64 implementation. Jan 17, 2018
mul_arm64.h Avoid using R18. Aug 2, 2018
mul_bmi2_amd64.h Namespace amd64 implementation. Jan 17, 2018
optate.go Implement pairing. Sep 26, 2017
twist.go Compress infinity for G2; move some code into its own files. Sep 26, 2017

README.md

bn256

Package bn256 implements a particular bilinear group.

Bilinear groups are the basis of many of the new cryptographic protocols that have been proposed over the past decade. They consist of a triplet of groups (G₁, G₂ and GT) such that there exists a function e(g₁ˣ,g₂ʸ)=gTˣʸ (where gₓ is a generator of the respective group). That function is called a pairing function.

This package specifically implements the Optimal Ate pairing over a 256-bit Barreto-Naehrig curve as described in http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible with the implementation described in that paper.

This package previously claimed to operate at a 128-bit security level. However, recent improvements in attacks mean that is no longer true. See https://moderncrypto.org/mail-archive/curves/2016/000740.html.

Benchmarks

branch master:

BenchmarkG1-4        	   10000	    154995 ns/op
BenchmarkG2-4        	    3000	    541503 ns/op
BenchmarkGT-4        	    1000	   1267811 ns/op
BenchmarkPairing-4   	    1000	   1630584 ns/op

branch lattices:

BenchmarkG1-4        	   20000	     92198 ns/op
BenchmarkG2-4        	    5000	    340622 ns/op
BenchmarkGT-4        	    2000	    635061 ns/op
BenchmarkPairing-4   	    1000	   1629943 ns/op

official version:

BenchmarkG1-4        	    1000	   2268491 ns/op
BenchmarkG2-4        	     300	   7227637 ns/op
BenchmarkGT-4        	     100	  15121359 ns/op
BenchmarkPairing-4   	      50	  20296164 ns/op
You can’t perform that action at this time.