Expand description
§bls12_381
This crate provides an implementation of the BLS12-381 pairing-friendly elliptic curve construction.
- This implementation has not been reviewed or audited. Use at your own risk.
- This implementation targets Rust
1.36or later. - This implementation does not require the Rust standard library.
- All operations are constant time unless explicitly noted. Source: https://github.com/privacy-scaling-explorations/bls12_381
Modules§
- hash_
to_ curve - This module implements hash_to_curve, hash_to_field and related hashing primitives for use with BLS signatures.
Structs§
- Bls12
- A
pairing::Enginefor BLS12-381 pairing operations. - Fq
- Represents an element of the base field $\mathbb{F}_p$ of the BLS12-381 elliptic
curve construction.
The internal representation of this type is six 64-bit unsigned
integers in little-endian order.
Fpvalues are always in Montgomery form; i.e., Scalar(a) = aR mod p, with R = 2^384. - Fq2
- Fq6
- This represents an element $c_0 + c_1 v + c_2 v^2$ of $\mathbb{F}{p^6} = \mathbb{F}{p^2}[v] / (v^3 - u - 1)$.
- Fq12
- This represents an element $c_0 + c_1 w$ of $\mathbb{F}{p^12} = \mathbb{F}{p^6}[w] / (w^2 - v)$.
- Fr
- Represents an element of the scalar field $\mathbb{F}_q$ of the BLS12-381 elliptic curve construction.
- G1
- This is an element of $\mathbb{G}_1$ represented in the projective coordinate space.
- G2
- This is an element of $\mathbb{G}_2$ represented in the projective coordinate space.
- G1Affine
- This is an element of $\mathbb{G}_1$ represented in the affine coordinate space. It is ideal to keep elements in this representation to reduce memory usage and improve performance through the use of mixed curve model arithmetic.
- G2Affine
- This is an element of $\mathbb{G}_2$ represented in the affine coordinate space. It is ideal to keep elements in this representation to reduce memory usage and improve performance through the use of mixed curve model arithmetic.
- G2Prepared
- This structure contains cached computations pertaining to a $\mathbb{G}_2$
element as part of the pairing function (specifically, the Miller loop) and
so should be computed whenever a $\mathbb{G}_2$ element is being used in
multiple pairings or is otherwise known in advance. This should be used in
conjunction with the
multi_miller_loopfunction provided by this crate. - Gt
- This is an element of $\mathbb{G}_T$, the target group of the pairing function. As with $\mathbb{G}_1$ and $\mathbb{G}_2$ this group has order $q$.
- Miller
Loop Result - Represents results of a Miller loop, one of the most expensive portions
of the pairing function.
MillerLoopResults cannot be compared with each other until.final_exponentiation()is called, which is also expensive.
Constants§
Functions§
- multi_
miller_ loop - Computes $$\sum_{i=1}^n \textbf{ML}(a_i, b_i)$$ given a series of terms $$(a_1, b_1), (a_2, b_2), …, (a_n, b_n).$$
- pairing
- Invoke the pairing function without the use of precomputation and other optimizations.