--- ID: 1609 post_title: Pairing cryptography in Rust author: Sean Bowe post_excerpt: "" layout: post permalink: > https://blog.z.cash/pairing-cryptography-in-rust/ published: true post_date: 2016-07-06 00:00:00 --- Pairing cryptography is an exciting area of research, and an essential component of Zcash's zkSNARKs — proofs that transactions are valid without requiring users to reveal private information. Earlier this year we also used zkSNARKs to make Bitcoin's first zero-knowledge contingent payment! One of our goals going forward is to better explain how these tools work, and to make them more accessible to the public. As a first step, we're starting development of a pairing cryptography library for Rust called "bn". Pairing cryptography is important for zkSNARKs, but what exactly is it?
Alice Computes | Bob Computes | Carol Computes |
---|---|---|
:math:`e(B_{1}^{pk}, C_{2}^{pk})^{A^{sk}}` | :math:`e(C_{1}^{pk}, A_{2}^{pk})^{B^{sk}}` | :math:`e(A_{1}^{pk}, B_{2}^{pk})^{C^{sk}}` |
All equivalent to :math:`e(g_{1}, g_{2})^{A^{sk} B^{sk} C^{sk}}` |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
// Generate private keys let alice_sk = Scalar::random(rng); let bob_sk = Scalar::random(rng); let carol_sk = Scalar::random(rng); // Generate public keys in G1 and G2 let (alice_pk1, alice_pk2) = (G1::one() * &alice_sk, G2::one() * &alice_sk); let (bob_pk1, bob_pk2) = (G1::one() * &bob_sk, G2::one() * &bob_sk); let (carol_pk1, carol_pk2) = (G1::one() * &carol_sk, G2::one() * &carol_sk); // Each party computes the shared secret let alice_ss = pairing(&bob_pk1, &carol_pk2) ^ &alice_sk; let bob_ss = pairing(&carol_pk1, &alice_pk2) ^ &bob_sk; let carol_ss = pairing(&alice_pk1, &bob_pk2) ^ &carol_sk; assert!(alice_ss == bob_ss && bob_ss == carol_ss); |