Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Page
Library
Module
Module type
Parameter
Class
Class type
Source
package bls12-381
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Module Bls12_381.G1Source
Elliptic curve built over the field Fq and the equation y^2 = x^3 + 4
include CURVE
The type of the element on the curve and in the prime subgroup. The point is given in jacobian coordinates
An element on the curve and in the prime subgroup, in affine coordinates
affine_of_jacobian p creates a new value of type affine representing the point p in affine coordinates
jacobian_of_affine p creates a new value of type t representing the point p in jacobian coordinates
Contiguous C array containing points in affine coordinates
to_affine_array pts builds a contiguous C array and populate it with the points pts in affine coordinates. Use it with pippenger_with_affine_array to get better performance.
Build a OCaml array of t values from the contiguous C array
Return the number of elements in the array
Actual number of bytes allocated for a value of type t
The size of a point representation, in bytes
Check if a point, represented as a byte array, is on the curve and in the prime subgroup. The bytes must be of length size_in_bytes.
Attempt to construct a point from a byte array of length size_in_bytes.
Attempt to construct a point from a byte array of length size_in_bytes. Raise Not_on_curve if the point is not on the curve
Allocates a new point from a byte of length size_in_bytes / 2 array representing a point in compressed form.
Allocates a new point from a byte array of length size_in_bytes / 2 representing a point in compressed form. Raise Not_on_curve if the point is not on the curve.
Generate a random element. The function ensures the element is on the curve and in the prime subgroup.
The routines in the module Random.State are used to generate the elements. A state can be given to the function to be used. If no state is given, Random.get_state is used.
To create a value of type Random.State.t, you can use Random.State.make [|42|].
add_inplace a b is the same than add but writes the output in a. No allocation happens.
add_bulk xs returns the sum of the elements of xs by performing only one allocation for the output. This method is recommended to save the allocation overhead of using n times add.
mul_inplace g x is the same than mul but writes the output in g. No allocation happens.
fft ~domain ~points performs a Fourier transform on points using domain The domain should be of the form w^{i} where w is a principal root of unity. If the domain is of size n, w must be a n-th principal root of unity. The number of points can be smaller than the domain size, but not larger. The complexity is in O(n log(m)) where n is the domain size and m the number of points. A new array of size n is allocated and is returned. The parameters are not modified.
fft_inplace ~domain ~points performs a Fourier transform on points using domain The domain should be of the form w^{i} where w is a principal root of unity. If the domain is of size n, w must be a n-th principal root of unity. The number of points must be in the same size than the domain. It does not return anything but modified the points directly. It does only perform one allocation of a scalar for the FFT. It is recommended to use this function if side-effect is acceptable.
ifft ~domain ~points performs an inverse Fourier transform on points using domain. The domain should be of the form w^{-i} (i.e the "inverse domain") where w is a principal root of unity. If the domain is of size n, w must be a n-th principal root of unity. The domain size must be exactly the same than the number of points. The complexity is O(n log(n)) where n is the domain size. A new array of size n is allocated and is returned. The parameters are not modified.
ifft_inplace ~domain ~points is the same than ifft but modifies the array points instead of returning a new array
hash_to_curve msg dst follows the standard Hashing to Elliptic Curves applied to BLS12-381
pippenger ?start ?len pts scalars computes the multi scalar exponentiation/multiplication. The scalars are given in scalars and the points in pts. If pts and scalars are not of the same length, perform the computation on the first n points where n is the smallest size. Arguments start and len can be used to take advantages of multicore OCaml. Default value for start (resp. len) is 0 (resp. the length of the array scalars).
Perform allocations on the C heap to convert scalars to bytes and to convert the points pts in affine coordinates as values of type t are in jacobian coordinates.
Warning. Undefined behavior if the point to infinity is in the array
Source
val pippenger_with_affine_array :
?start:int ->
?len:int ->
affine_array ->
Scalar.t array ->
tpippenger_with_affine_array ?start ?len pts scalars computes the multi scalar exponentiation/multiplication. The scalars are given in scalars and the points in pts. If pts and scalars are not of the same length, perform the computation on the first n points where n is the smallest length. The differences with pippenger are 1. the points are loaded in a contiguous C array to speed up the access to the elements by relying on the CPU cache 2. and the points are in affine coordinates, the form expected by the algorithm implementation, avoiding new allocations and field inversions required to convert from jacobian (representation of a points of type t, as expected by pippenger) to affine coordinates. Expect a speed improvement around 20% compared to pippenger, and less allocation on the C heap. A value of affine_array can be built using to_affine_array. Arguments start and len can be used to take advantages of multicore OCaml. Default value for start (resp. len) is 0 (resp. the length of the array scalars).
Perform allocations on the C heap to convert scalars to bytes.
Warning. Undefined behavior if the point to infinity is in the array