cerc-io/go-ethereum
18
0
Fork 0
Code Issues 9 Pull Requests Packages Projects Releases 66 Wiki Activity

crypto/bn256: refine comments according to #19577, #21595, and #21836 (#21847)

Browse Source
This commit is contained in:
Sad Pencil 2020-11-17 16:51:36 +08:00 committed by GitHub
parent 92c56eb820
commit 1ea7537997
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/bn256/cloudflare/bn256.go
View File

@ -9,8 +9,13 @@
// //
// This package specifically implements the Optimal Ate pairing over a 256-bit // This package specifically implements the Optimal Ate pairing over a 256-bit
// Barreto-Naehrig curve as described in // Barreto-Naehrig curve as described in
// http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible // http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is not
// with the implementation described in that paper. // compatible with the implementation described in that paper, as different
// parameters are chosen.
//
// (This package previously claimed to operate at a 128-bit security level.
// However, recent improvements in attacks mean that is no longer true. See
// https://moderncrypto.org/mail-archive/curves/2016/000740.html.)
package bn256 package bn256
import ( import (

5
crypto/bn256/google/bn256.go
View File

@ -12,8 +12,9 @@
// //
// This package specifically implements the Optimal Ate pairing over a 256-bit // This package specifically implements the Optimal Ate pairing over a 256-bit
// Barreto-Naehrig curve as described in // Barreto-Naehrig curve as described in
// http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible // http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is not
// with the implementation described in that paper. // compatible with the implementation described in that paper, as different
// parameters are chosen.
// //
// (This package previously claimed to operate at a 128-bit security level. // (This package previously claimed to operate at a 128-bit security level.
// However, recent improvements in attacks mean that is no longer true. See // However, recent improvements in attacks mean that is no longer true. See

2
crypto/bn256/google/constants.go
View File

@ -20,7 +20,9 @@ var u = bigFromBase10("4965661367192848881")
var P = bigFromBase10("21888242871839275222246405745257275088696311157297823662689037894645226208583") var P = bigFromBase10("21888242871839275222246405745257275088696311157297823662689037894645226208583")
// Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1. // Order is the number of elements in both G₁ and G₂: 36u⁴+36u³+18u²+6u+1.
// Needs to be highly 2-adic for efficient SNARK key and proof generation.
// Order - 1 = 2^28 * 3^2 * 13 * 29 * 983 * 11003 * 237073 * 405928799 * 1670836401704629 * 13818364434197438864469338081. // Order - 1 = 2^28 * 3^2 * 13 * 29 * 983 * 11003 * 237073 * 405928799 * 1670836401704629 * 13818364434197438864469338081.
// Refer to https://eprint.iacr.org/2013/879.pdf and https://eprint.iacr.org/2013/507.pdf for more information on these parameters.
var Order = bigFromBase10("21888242871839275222246405745257275088548364400416034343698204186575808495617") var Order = bigFromBase10("21888242871839275222246405745257275088548364400416034343698204186575808495617")
// xiToPMinus1Over6 is ξ^((p-1)/6) where ξ = i+9. // xiToPMinus1Over6 is ξ^((p-1)/6) where ξ = i+9.