eaa0de2964 | ||
---|---|---|
src | ||
.gitignore | ||
Cargo.toml | ||
LICENSE-APACHE | ||
LICENSE-MIT | ||
README.md |
README.md
bn
Documentation
This is a pairing cryptography library written in pure Rust. It makes use of the Barreto-Naehrig (BN) curve construction from [BCGTV13] to provide two cyclic groups G1 and G2, with an efficient bilinear pairing:
e: G1 × G2 → GT
This code is still under development and should not be used in production software.
Usage
Add the bn
crate to your dependencies in Cargo.toml
...
[dependencies]
bn = "0.1.*"
...and add an extern crate
declaration to your crate root:
extern crate bn;
API
Scalar
is an element of FrG1
is a point on the BN curve E/Fq : y^2 = x^3 + bG2
is a point on the twisted BN curve E'/Fq2 : y^2 = x^3 + b/xiGt
is a group element (written multiplicatively) obtained with thepairing
function overG1
andG2
.
Examples
Joux's key agreement protocol
In a typical Diffie-Hellman key exchange, relying on ECDLP, a three-party key exchange requires two rounds. A single round protocol is possible through the use of a bilinear pairing: given Alice's public key aP1 and Bob's public key bP2, Carol can compute the shared secret with her private key c by e(aP1, bP2)c.
extern crate bn;
extern crate rand;
use bn::{Scalar, G1, G2, pairing};
let rng = &mut rand::thread_rng();
// Generate private keys
let alice_sk = Scalar::random(rng);
let bob_sk = Scalar::random(rng);
let carol_sk = Scalar::random(rng);
// Generate public keys in G1 and G2
let (alice_pk1, alice_pk2) = (G1::one() * alice_sk, G2::one() * alice_sk);
let (bob_pk1, bob_pk2) = (G1::one() * bob_sk, G2::one() * bob_sk);
let (carol_pk1, carol_pk2) = (G1::one() * carol_sk, G2::one() * carol_sk);
// Each party computes the shared secret
let alice_dh = pairing(&bob_pk1, &carol_pk2).pow(&alice_sk);
let bob_dh = pairing(&alice_pk2, &carol_pk1).pow(&bob_sk);
let carol_dh = pairing(&alice_pk1, &bob_pk2).pow(&carol_sk);
assert!(alice_dh == bob_dh && bob_dh == carol_dh);
License
Licensed under either of
- MIT license, (LICENSE-MIT or http://opensource.org/licenses/MIT)
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
at your option.
Copyright 2016 Zcash Electric Coin Company. The Zcash Company promises to maintain the "bn" crate on crates.io under this MIT/Apache-2.0 dual license.
Authors
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.