arnaucube
/
go-snark
mirror of https://github.com/arnaucube/go-snark.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
4 Tags
50 MiB
Tree: 19f7216d0e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '19f7216d0e'
${ noResults }
go-snark/bn128/README.md

187 lines
5.6 KiB
Raw Normal View History

bn128 pairing, r1cs to qap
6 years ago
e(Vb, piB) == e(piB', g2) proof
6 years ago
r1cs to qap over finite field
6 years ago
bn128 pairing, r1cs to qap
6 years ago
  1. ## Bn128
  2. [![GoDoc](https://godoc.org/github.com/arnaucube/go-snark/bn128?status.svg)](https://godoc.org/github.com/arnaucube/go-snark/bn128) bn128
  3. Implementation of the bn128 pairing in Go.
  6. Implementation followng the information and the implementations from:
  7. - `Multiplication and Squaring on Pairing-Friendly
  8. Fields`, Augusto Jun Devegili, Colm Ó hÉigeartaigh, Michael Scott, and Ricardo Dahab https://pdfs.semanticscholar.org/3e01/de88d7428076b2547b60072088507d881bf1.pdf
  9. - `Optimal Pairings`, Frederik Vercauteren https://www.cosic.esat.kuleuven.be/bcrypt/optimal.pdf , https://eprint.iacr.org/2008/096.pdf
  10. - `Double-and-Add with Relative Jacobian
  11. Coordinates`, Björn Fay https://eprint.iacr.org/2014/1014.pdf
  12. - `Fast and Regular Algorithms for Scalar Multiplication
  13. over Elliptic Curves`, Matthieu Rivain https://eprint.iacr.org/2011/338.pdf
  14. - `High-Speed Software Implementation of the Optimal Ate Pairing over Barreto–Naehrig Curves`, Jean-Luc Beuchat, Jorge E. González-Díaz, Shigeo Mitsunari, Eiji Okamoto, Francisco Rodríguez-Henríquez, and Tadanori Teruya https://eprint.iacr.org/2010/354.pdf
  15. - `New software speed records for cryptographic pairings`, Michael Naehrig, Ruben Niederhagen, Peter Schwabe https://cryptojedi.org/papers/dclxvi-20100714.pdf
  16. - `Implementing Cryptographic Pairings over Barreto-Naehrig Curves`, Augusto Jun Devegili, Michael Scott, Ricardo Dahab https://eprint.iacr.org/2007/390.pdf
  17. - https://github.com/zcash/zcash/tree/master/src/snark
  18. - https://github.com/iden3/snarkjs
  19. - https://github.com/ethereum/py_ecc/tree/master/py_ecc/bn128
  21. - [x] Fq, Fq2, Fq6, Fq12 operations
  22. - [x] G1, G2 operations
  23. - [x] preparePairing
  24. - [x] PreComupteG1, PreComupteG2
  25. - [x] DoubleStep, AddStep
  26. - [x] MillerLoop
  27. - [x] Pairing
  29. ### Installation
  30. ```
  31. go get github.com/arnaucube/bn128
  32. ```
  34. #### Usage
  36. - Pairing
  37. ```go
  38. bn128, err := NewBn128()
  39. assert.Nil(t, err)
  41. big25 := big.NewInt(int64(25))
  42. big30 := big.NewInt(int64(30))
  44. g1a := bn128.G1.MulScalar(bn128.G1.G, big25)
  45. g2a := bn128.G2.MulScalar(bn128.G2.G, big30)
  47. g1b := bn128.G1.MulScalar(bn128.G1.G, big30)
  48. g2b := bn128.G2.MulScalar(bn128.G2.G, big25)
  50. pA, err := bn128.Pairing(g1a, g2a)
  51. assert.Nil(t, err)
  52. pB, err := bn128.Pairing(g1b, g2b)
  53. assert.Nil(t, err)
  54. assert.True(t, bn128.Fq12.Equal(pA, pB))
  55. ```
  57. #### Test
  58. ```
  59. go test -v
  60. ```
  62. ##### Internal operations more deeply
  64. First let's assume that we have these three basic functions to convert integer compositions to big integer compositions:
  65. ```go
  66. func iToBig(a int) *big.Int {
  67. return big.NewInt(int64(a))
  68. }
  70. func iiToBig(a, b int) [2]*big.Int {
  71. return [2]*big.Int{iToBig(a), iToBig(b)}
  72. }
  74. func iiiToBig(a, b int) [2]*big.Int {
  75. return [2]*big.Int{iToBig(a), iToBig(b)}
  76. }
  77. ```
  78. - Finite Fields (1, 2, 6, 12) operations
  79. ```go
  80. // new finite field of order 1
  81. fq1 := NewFq(iToBig(7))
  83. // basic operations of finite field 1
  84. res := fq1.Add(iToBig(4), iToBig(4))
  85. res = fq1.Double(iToBig(5))
  86. res = fq1.Sub(iToBig(5), iToBig(7))
  87. res = fq1.Neg(iToBig(5))
  88. res = fq1.Mul(iToBig(5), iToBig(11))
  89. res = fq1.Inverse(iToBig(4))
  90. res = fq1.Square(iToBig(5))
  92. // new finite field of order 2
  93. nonResidueFq2str := "-1" // i/j
  94. nonResidueFq2, ok := new(big.Int).SetString(nonResidueFq2str, 10)
  95. fq2 := Fq2{fq1, nonResidueFq2}
  96. nonResidueFq6 := iiToBig(9, 1)
  98. // basic operations of finite field of order 2
  99. res := fq2.Add(iiToBig(4, 4), iiToBig(3, 4))
  100. res = fq2.Double(iiToBig(5, 3))
  101. res = fq2.Sub(iiToBig(5, 3), iiToBig(7, 2))
  102. res = fq2.Neg(iiToBig(4, 4))
  103. res = fq2.Mul(iiToBig(4, 4), iiToBig(3, 4))
  104. res = fq2.Inverse(iiToBig(4, 4))
  105. res = fq2.Div(iiToBig(4, 4), iiToBig(3, 4))
  106. res = fq2.Square(iiToBig(4, 4))
  109. // new finite field of order 6
  110. nonResidueFq6 := iiToBig(9, 1) // TODO
  111. fq6 := Fq6{fq2, nonResidueFq6}
  113. // define two new values of Finite Field 6, in order to be able to perform the operations
  114. a := [3][2]*big.Int{
  115. iiToBig(1, 2),
  116. iiToBig(3, 4),
  117. iiToBig(5, 6)}
  118. b := [3][2]*big.Int{
  119. iiToBig(12, 11),
  120. iiToBig(10, 9),
  121. iiToBig(8, 7)}
  123. // basic operations of finite field order 6
  124. res := fq6.Add(a, b)
  125. res = fq6.Sub(a, b)
  126. res = fq6.Mul(a, b)
  127. divRes := fq6.Div(mulRes, b)
  130. // new finite field of order 12
  131. q, ok := new(big.Int).SetString("21888242871839275222246405745257275088696311157297823662689037894645226208583", 10) // i
  132. if !ok {
  133. fmt.Println("error parsing string to big integer")
  134. }
  136. fq1 := NewFq(q)
  137. nonResidueFq2, ok := new(big.Int).SetString("21888242871839275222246405745257275088696311157297823662689037894645226208582", 10) // i
  138. assert.True(t, ok)
  139. nonResidueFq6 := iiToBig(9, 1)
  141. fq2 := Fq2{fq1, nonResidueFq2}
  142. fq6 := Fq6{fq2, nonResidueFq6}
  143. fq12 := Fq12{fq6, fq2, nonResidueFq6}
  145. ```
  147. - G1 operations
  148. ```go
  149. bn128, err := NewBn128()
  150. assert.Nil(t, err)
  152. r1 := big.NewInt(int64(33))
  153. r2 := big.NewInt(int64(44))
  155. gr1 := bn128.G1.MulScalar(bn128.G1.G, bn128.Fq1.Copy(r1))
  156. gr2 := bn128.G1.MulScalar(bn128.G1.G, bn128.Fq1.Copy(r2))
  158. grsum1 := bn128.G1.Add(gr1, gr2)
  159. r1r2 := bn128.Fq1.Add(r1, r2)
  160. grsum2 := bn128.G1.MulScalar(bn128.G1.G, r1r2)
  162. a := bn128.G1.Affine(grsum1)
  163. b := bn128.G1.Affine(grsum2)
  164. assert.Equal(t, a, b)
  165. assert.Equal(t, "0x2f978c0ab89ebaa576866706b14787f360c4d6c3869efe5a72f7c3651a72ff00", utils.BytesToHex(a[0].Bytes()))
  166. assert.Equal(t, "0x12e4ba7f0edca8b4fa668fe153aebd908d322dc26ad964d4cd314795844b62b2", utils.BytesToHex(a[1].Bytes()))
  167. ```
  169. - G2 operations
  170. ```go
  171. bn128, err := NewBn128()
  172. assert.Nil(t, err)
  174. r1 := big.NewInt(int64(33))
  175. r2 := big.NewInt(int64(44))
  177. gr1 := bn128.G2.MulScalar(bn128.G2.G, bn128.Fq1.Copy(r1))
  178. gr2 := bn128.G2.MulScalar(bn128.G2.G, bn128.Fq1.Copy(r2))
  180. grsum1 := bn128.G2.Add(gr1, gr2)
  181. r1r2 := bn128.Fq1.Add(r1, r2)
  182. grsum2 := bn128.G2.MulScalar(bn128.G2.G, r1r2)
  184. a := bn128.G2.Affine(grsum1)
  185. b := bn128.G2.Affine(grsum2)
  186. assert.Equal(t, a, b)
  187. ```