Lib.rs

Cryptography
#pairing #curve #barreto-naehrig #security #group #g2

witnet-bn

Pairing cryptography with the Barreto-Naehrig curve

Owned by witnet, tmpolaczyk.

2 releases

Uses old Rust 2015

0.4.5 May 5, 2020
0.4.4 May 5, 2020

#1411 in Cryptography

Download history 35/week @ 2023-11-20 45/week @ 2023-11-27 22/week @ 2023-12-04 20/week @ 2023-12-18 42/week @ 2024-01-01 13/week @ 2024-01-08 15/week @ 2024-01-15 3/week @ 2024-01-22 18/week @ 2024-02-12 13/week @ 2024-02-19 39/week @ 2024-02-26 44/week @ 2024-03-04

114 downloads per month
Used in bls-signatures-rs

MIT/Apache

2.5MB
4K SLoC

bn Crates.io Build status

This is a pairing cryptography library written in pure Rust. It makes use of the Barreto-Naehrig (BN) curve construction from [BCTV2015] to provide two cyclic groups G1 and G2, with an efficient bilinear pairing:

e: G1 × G2 → GT

Security warnings

This library, like other pairing cryptography libraries implementing this construction, is not resistant to side-channel attacks.

Usage

Add the bn crate to your dependencies in Cargo.toml...

[dependencies]
bn = "0.4.2"

...and add an extern crate declaration to your crate root:

extern crate bn;

API

  • Fr is an element of Fr
  • G1 is a point on the BN curve E/Fq : y^2 = x^3 + b
  • G2 is a point on the twisted BN curve E'/Fq2 : y^2 = x^3 + b/xi
  • Gt is a group element (written multiplicatively) obtained with the pairing function over G1 and G2.

Examples

Joux's key agreement protocol

In a typical Diffie-Hellman key exchange, relying on ECDLP, a three-party key exchange requires two rounds. A single round protocol is possible through the use of a bilinear pairing: given Alice's public key aP1 and Bob's public key bP2, Carol can compute the shared secret with her private key c by e(aP1, bP2)c.

(See examples/joux.rs for the full example.)

// Generate private keys
let alice_sk = Fr::random(rng);
let bob_sk = Fr::random(rng);
let carol_sk = Fr::random(rng);

// Generate public keys in G1 and G2
let (alice_pk1, alice_pk2) = (G1::one() * alice_sk, G2::one() * alice_sk);
let (bob_pk1, bob_pk2) = (G1::one() * bob_sk, G2::one() * bob_sk);
let (carol_pk1, carol_pk2) = (G1::one() * carol_sk, G2::one() * carol_sk);

// Each party computes the shared secret
let alice_ss = pairing(bob_pk1, carol_pk2).pow(alice_sk);
let bob_ss = pairing(carol_pk1, alice_pk2).pow(bob_sk);
let carol_ss = pairing(alice_pk1, bob_pk2).pow(carol_sk);

assert!(alice_ss == bob_ss && bob_ss == carol_ss);

License

Licensed under either of

at your option.

Copyright 2016 Zcash Electric Coin Company. The Zcash Company promises to maintain the "bn" crate on crates.io under this MIT/Apache-2.0 dual license.

Authors

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies