Lib.rs

Cryptography
#bls12-381 #pairing #relic

no-std bls12_381_relic

Bindings for BLS12-381 implemented by relic

by Sebastian Ramacher

2 releases

0.1.1 Jun 18, 2024
0.1.0 Jun 14, 2024

#1635 in Cryptography

Apache-2.0 OR MIT

4MB
146K SLoC

C 99K SLoC // 0.2% comments Bitbake 23K SLoC // 0.0% comments GNU Style Assembly 21K SLoC // 0.1% comments Rust 3K SLoC // 0.0% comments Shell 289 SLoC // 0.1% comments

Pairing-friendly BLS12-381 curve provided by relic

relic is a library implementing pairing-friendly curves (among many other things). This crate integrates the algorithms provided by relic with the traits defined by pairing.

Security Notes

This crate has received no security audit. Use at your own risk.

License

This crate is licensed under the Apache-2.0 or MIT license.

lib.rs:

BLS12-381 from relic

This crate provides a [pairing]-compatible wrapper for BLS12-381 provided as by relic.

use bls12_381_relic::{G1Projective, G2Projective, Scalar, pair};
use bls12_381_relic::{group::Group, ff::Field};

let base = G1Projective::hash_to_curve(b"my message", b"public parameters");
let secret = Scalar::random(rand::thread_rng());
let pk = G2Projective::generator() * secret;

let sigma = base * secret;
assert_eq!(pair(sigma, G2Projective::generator()), pair(base, pk));

The goal is to be as compatible with the interface defined by [pairing] and implemented by bls12_381 crate as possible. There are however some notable differences where concepts of [pairing] have no mapping in relic. Some examples of the differences include:

  • [G1Affine] and [G2Affine] are thin wrappers of their projective counterparts since relic does not have separate types for affine representations and associated functions.
  • There is no "prepared" variant of elements in G2 for multi-miller-loops.

Additional features

The crate provides multi-product sums for pairs of group elements and scalars that is faster then evaluating the scalar multiplications and additions separately.

use bls12_381_relic::{G1Projective, Scalar};
use bls12_381_relic::{group::Group, ff::Field};
use core::iter::Sum;

let mut rng = rand::thread_rng();
let v1 = G1Projective::random(&mut rng);
let v2 = G1Projective::random(&mut rng);
let v3 = G1Projective::random(&mut rng);
let s1 = Scalar::random(&mut rng);
let s2 = Scalar::random(&mut rng);
let s3 = Scalar::random(&mut rng);
assert_eq!(
    G1Projective::sum([(v1, s1), (v2, s2), (v3, s3)].iter()),
    v1 * s1 + v2 * s2 + v3 * s3
);

This speed-up is only available if the alloc feature is enabled.

Notation

The [pairing] uses additive notation for all groups, this crate follows the same convention. This is especially noticeable in the names of some functions. Instead of talking about pairing products, the same idea is referred to as pairing sums or sums of pairings.

Dependencies

~0.6–3MB
~65K SLoC