CD2H gitForager

paritytech/bn

Name: bn

Owner: Parity Technologies

Description: Pairing cryptography library in Rust

Forked from: zcash-hackworks/bn

Created: 2017-03-21 21:01:13.0

Updated: 2018-03-29 17:08:24.0

Pushed: 2018-03-26 16:42:48.0

Homepage:

Size: 6833

Language: Rust

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

bn

This is a pairing cryptography library written in pure Rust. It makes use of the Barreto-Naehrig (BN) curve construction from [[BCTV2015]](https://eprint.iacr.org/2013/879.pdf) to provide two cyclic groups G₁ and G₂, with an efficient bilinear pairing:

e: G₁ � G₂ ? G_T

Security warnings

This library, like other pairing cryptography libraries implementing this construction, is not resistant to side-channel attacks.

Usage

Add the bn crate to your dependencies in Cargo.toml…

endencies]
 "0.4.2"

…and add an extern crate declaration to your crate root:

rn crate bn;

API

Fr is an element of F_r
G1 is a point on the BN curve E/Fq : y^{2 = x}3 + b
G2 is a point on the twisted BN curve E'/Fq2 : y^{2 = x}3 + b/xi
Gt is a group element (written multiplicatively) obtained with the pairing function over G1 and G2.

Examples

Joux's key agreement protocol

In a typical Diffie-Hellman key exchange, relying on ECDLP, a three-party key exchange requires two rounds. A single round protocol is possible through the use of a bilinear pairing: given Alice's public key aP₁ and Bob's public key bP₂, Carol can compute the shared secret with her private key c by e(aP₁, bP₂)^c.

(See examples/joux.rs for the full example.)

enerate private keys
alice_sk = Fr::random(rng);
bob_sk = Fr::random(rng);
carol_sk = Fr::random(rng);

enerate public keys in G1 and G2
(alice_pk1, alice_pk2) = (G1::one() * alice_sk, G2::one() * alice_sk);
(bob_pk1, bob_pk2) = (G1::one() * bob_sk, G2::one() * bob_sk);
(carol_pk1, carol_pk2) = (G1::one() * carol_sk, G2::one() * carol_sk);

ach party computes the shared secret
alice_ss = pairing(bob_pk1, carol_pk2).pow(alice_sk);
bob_ss = pairing(carol_pk1, alice_pk2).pow(bob_sk);
carol_ss = pairing(alice_pk1, bob_pk2).pow(carol_sk);

rt!(alice_ss == bob_ss && bob_ss == carol_ss);

License

Licensed under either of

MIT license, (LICENSE-MIT or http://opensource.org/licenses/MIT)
Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)

at your option.

Authors

Sean Bowe

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.