package bls12-381

You can search for identifiers within the package.

in-package search v0.2.0

package bls12-381

bls12-381
- Library bls12-381
  - Bls12_381
    
    Ff_sig
    
    BASE
    
    PRIME
    
    PRIME_WITH_ROOT_OF_UNITY
    
    Fr
    
    CURVE
    
    Scalar
    
    Fq12
    
    G1
    
    Scalar
    
    G2
    
    Scalar
    
    GT
    
    Pairing
- Sources
  - bls12-381
    
    bls12_381.ml
    
    bls12_381__.ml
    
    ff_sig.ml
    
    fq12.ml
    
    fr.ml
    
    g1.ml
    
    g2.ml
    
    gt.ml
    
    pairing.ml

Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module `Bls12_381.G2`Source

Elliptic curve built over the field Fq^2 and the equation y^2 = x^3 + 4(u + 1)

include CURVE

Sourceexception Not_on_curve of Bytes.t

Sourcetype t

The type of the element on the curve and in the prime subgroup. The point is given in jacobian coordinates

Sourcetype affine

An element on the curve and in the prime subgroup, in affine coordinates

Sourceval affine_of_jacobian : t -> affine

affine_of_jacobian p creates a new value of type affine representing the point p in affine coordinates

Sourceval jacobian_of_affine : affine -> t

jacobian_of_affine p creates a new value of type t representing the point p in jacobian coordinates

Sourcetype affine_array

Contiguous C array containing points in affine coordinates

Sourceval to_affine_array : t array -> affine_array

to_affine_array pts builds a contiguous C array and populate it with the points pts in affine coordinates. Use it with pippenger_with_affine_array to get better performance.

Sourceval of_affine_array : affine_array -> t array

Build a OCaml array of t values from the contiguous C array

Sourceval size_of_affine_array : affine_array -> int

Return the number of elements in the array

Sourceval size_in_memory : int

Actual number of bytes allocated for a value of type t

Sourceval compressed_size_in_bytes : int

Size in bytes for the compressed representation

Sourceval size_in_bytes : int

The size of a point representation, in bytes

Sourcemodule Scalar : Ff_sig.PRIME with type t = Fr.t

Sourceval check_bytes : Bytes.t -> bool

Check if a point, represented as a byte array, is on the curve and in the prime subgroup. The bytes must be of length size_in_bytes.

Sourceval of_bytes_opt : Bytes.t -> t option

Attempt to construct a point from a byte array of length size_in_bytes. Return None if the bytes do not represent a point on the curve and in the prime subgroup.

Sourceval of_bytes_exn : Bytes.t -> t

Attempt to construct a point from a byte array of length size_in_bytes. Raise Not_on_curve if the point is not on the curve and in the prime subgroup.

Sourceval of_compressed_bytes_opt : Bytes.t -> t option

Allocates a new point from a byte of length size_in_bytes / 2 array representing a point in compressed form. Return None if the bytes do not represent a point on the curve and in the prime subgroup.

Sourceval of_compressed_bytes_exn : Bytes.t -> t

Allocates a new point from a byte array of length size_in_bytes / 2 representing a point in compressed form. Raise Not_on_curve if the point is not on the curve and in the prime subgroup.

Sourceval to_bytes : t -> Bytes.t

Return a representation in bytes

Sourceval to_compressed_bytes : t -> Bytes.t

Return a compressed bytes representation

Sourceval zero : t

Zero of the elliptic curve

Sourceval one : t

A fixed generator of the elliptic curve

Sourceval is_zero : t -> bool

Return true if the given element is zero

Sourceval copy : t -> t

copy x return a fresh copy of x

Sourceval random : ?state:Random.State.t -> unit -> t

Generate a random element. The function ensures the element is on the curve and in the prime subgroup.

The routines in the module Random.State are used to generate the elements. A state can be given to the function to be used. If no state is given, Random.get_state is used.

To create a value of type Random.State.t, you can use Random.State.make [|42|].

Sourceval add : t -> t -> t

Return the addition of two element

Sourceval add_inplace : t -> t -> unit

add_inplace a b is the same than add but writes the output in a. No allocation happens.

Sourceval add_bulk : t list -> t

add_bulk xs returns the sum of the elements of xs by performing only one allocation for the output. This method is recommended to save the allocation overhead of using n times add.

Sourceval double : t -> t

double g returns 2g

Sourceval negate : t -> t

Return the opposite of the element

Sourceval eq : t -> t -> bool

Return true if the two elements are algebraically the same

Sourceval mul : t -> Scalar.t -> t

Multiply an element by a scalar

Sourceval mul_inplace : t -> Scalar.t -> unit

mul_inplace g x is the same than mul but writes the output in g. No allocation happens.

Sourceval hash_to_curve : Bytes.t -> Bytes.t -> t

hash_to_curve msg dst follows the standard Hashing to Elliptic Curves applied to BLS12-381

Sourceval pippenger : ?start:int -> ?len:int -> t array -> Scalar.t array -> t

pippenger ?start ?len pts scalars computes the multi scalar exponentiation/multiplication. The scalars are given in scalars and the points in pts. If pts and scalars are not of the same length, perform the computation on the first n points where n is the smallest size. Arguments start and len can be used to take advantages of multicore OCaml. Default value for start (resp. len) is 0 (resp. the length of the array scalars).

raises Invalid_argument
if start or len would infer out of bounds array access.

Perform allocations on the C heap to convert scalars to bytes and to convert the points pts in affine coordinates as values of type t are in jacobian coordinates.

Warning. Undefined behavior if the point to infinity is in the array

Source

val pippenger_with_affine_array : 
  ?start:int ->
  ?len:int ->
  affine_array ->
  Scalar.t array ->
  t

pippenger_with_affine_array ?start ?len pts scalars computes the multi scalar exponentiation/multiplication. The scalars are given in scalars and the points in pts. If pts and scalars are not of the same length, perform the computation on the first n points where n is the smallest length. The differences with pippenger are 1. the points are loaded in a contiguous C array to speed up the access to the elements by relying on the CPU cache 2. and the points are in affine coordinates, the form expected by the algorithm implementation, avoiding new allocations and field inversions required to convert from jacobian (representation of a points of type t, as expected by pippenger) to affine coordinates. Expect a speed improvement around 20% compared to pippenger, and less allocation on the C heap. A value of affine_array can be built using to_affine_array. Arguments start and len can be used to take advantages of multicore OCaml. Default value for start (resp. len) is 0 (resp. the length of the array scalars).

raises Invalid_argument
if start or len would infer out of bounds array access.

Perform allocations on the C heap to convert scalars to bytes.

Warning. Undefined behavior if the point to infinity is in the array

Sourceval of_z_opt : x:(Z.t * Z.t) -> y:(Z.t * Z.t) -> t option

Create a point from the coordinates. If the point is not on the curve and in the prime subgroup, returns None. The points must be given modulo the order of Fq. The points are in the form (c0, c1) where x = c1 * X + c0 and y = c1 * X + c0. To create the point at infinity, use zero

package bls12-381

Module Bls12_381.G2Source

Module `Bls12_381.G2`Source