Name: bn
Owner: Parity Technologies
Description: Pairing cryptography library in Rust
Forked from: zcash-hackworks/bn
Created: 2017-03-21 21:01:13.0
Updated: 2018-03-29 17:08:24.0
Pushed: 2018-03-26 16:42:48.0
Size: 6833
Language: Rust
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This is a pairing cryptography library written in pure Rust. It makes use of the Barreto-Naehrig (BN) curve construction from [[BCTV2015]](https://eprint.iacr.org/2013/879.pdf) to provide two cyclic groups G1 and G2, with an efficient bilinear pairing:
e: G1 × G2 ? GT
This library, like other pairing cryptography libraries implementing this construction, is not resistant to side-channel attacks.
Add the bn
crate to your dependencies in Cargo.toml
…
endencies]
"0.4.2"
…and add an extern crate
declaration to your crate root:
rn crate bn;
Fr
is an element of FrG1
is a point on the BN curve E/Fq : y2 = x3 + bG2
is a point on the twisted BN curve E'/Fq2 : y2 = x3 + b/xiGt
is a group element (written multiplicatively) obtained with the pairing
function over G1
and G2
.In a typical Diffie-Hellman key exchange, relying on ECDLP, a three-party key exchange requires two rounds. A single round protocol is possible through the use of a bilinear pairing: given Alice's public key aP1 and Bob's public key bP2, Carol can compute the shared secret with her private key c by e(aP1, bP2)c.
(See examples/joux.rs
for the full example.)
enerate private keys
alice_sk = Fr::random(rng);
bob_sk = Fr::random(rng);
carol_sk = Fr::random(rng);
enerate public keys in G1 and G2
(alice_pk1, alice_pk2) = (G1::one() * alice_sk, G2::one() * alice_sk);
(bob_pk1, bob_pk2) = (G1::one() * bob_sk, G2::one() * bob_sk);
(carol_pk1, carol_pk2) = (G1::one() * carol_sk, G2::one() * carol_sk);
ach party computes the shared secret
alice_ss = pairing(bob_pk1, carol_pk2).pow(alice_sk);
bob_ss = pairing(carol_pk1, alice_pk2).pow(bob_sk);
carol_ss = pairing(alice_pk1, bob_pk2).pow(carol_sk);
rt!(alice_ss == bob_ss && bob_ss == carol_ss);
Licensed under either of
at your option.
Copyright 2016 Zcash Electric Coin Company. The Zcash Company promises to maintain the “bn” crate on crates.io under this MIT/Apache-2.0 dual license.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.