10 unstable releases (3 breaking)
Uses old Rust 2015
|0.4.3||Apr 2, 2017|
|0.4.2||Dec 14, 2016|
|0.4.1||Oct 14, 2016|
|0.4.0||Sep 19, 2016|
|0.1.0||Jul 6, 2016|
#435 in Cryptography
83 downloads per month
Used in zksnark
This is a pairing cryptography library written in pure Rust. It makes use of the Barreto-Naehrig (BN) curve construction from [BCTV2015] to provide two cyclic groups G1 and G2, with an efficient bilinear pairing:
e: G1 × G2 → GT
This library, like other pairing cryptography libraries implementing this construction, is not resistant to side-channel attacks.
bn crate to your dependencies in
[dependencies] bn = "0.4.3"
...and add an
extern crate declaration to your crate root:
extern crate bn;
Fris an element of Fr
G1is a point on the BN curve E/Fq : y^2 = x^3 + b
G2is a point on the twisted BN curve E'/Fq2 : y^2 = x^3 + b/xi
Gtis a group element (written multiplicatively) obtained with the
In a typical Diffie-Hellman key exchange, relying on ECDLP, a three-party key exchange requires two rounds. A single round protocol is possible through the use of a bilinear pairing: given Alice's public key aP1 and Bob's public key bP2, Carol can compute the shared secret with her private key c by e(aP1, bP2)c.
examples/joux.rs for the full example.)
// Generate private keys let alice_sk = Fr::random(rng); let bob_sk = Fr::random(rng); let carol_sk = Fr::random(rng); // Generate public keys in G1 and G2 let (alice_pk1, alice_pk2) = (G1::one() * alice_sk, G2::one() * alice_sk); let (bob_pk1, bob_pk2) = (G1::one() * bob_sk, G2::one() * bob_sk); let (carol_pk1, carol_pk2) = (G1::one() * carol_sk, G2::one() * carol_sk); // Each party computes the shared secret let alice_ss = pairing(bob_pk1, carol_pk2).pow(alice_sk); let bob_ss = pairing(carol_pk1, alice_pk2).pow(bob_sk); let carol_ss = pairing(alice_pk1, bob_pk2).pow(carol_sk); assert!(alice_ss == bob_ss && bob_ss == carol_ss);
Licensed under either of
- MIT license, (LICENSE-MIT or http://opensource.org/licenses/MIT)
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
at your option.
Copyright 2016 Zcash Electric Coin Company. The Zcash Company promises to maintain the "bn" crate on crates.io under this MIT/Apache-2.0 dual license.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.