This is a pairing cryptography library written in pure Rust. It makes use of the Barreto-Naehrig (BN) curve construction from [BCGTV13] to provide two cyclic groups G1 and G2, with an efficient bilinear pairing:
e: G1 × G2 → GT
This code is still in early development and should not be used in production software.
Add the bn crate to your dependencies in Cargo.toml...
toml
[dependencies]
bn = "0.1.*"
...and add an extern crate declaration to your crate root:
rust
extern crate bn;
Scalar is an element of FrG1 is a point on the BN curve E/Fq : y^2 = x^3 + bG2 is a point on the twisted BN curve E'/Fq2 : y^2 = x^3 + b/xiGt is a group element (written multiplicatively) obtained with the pairing function over G1 and G2.In a typical Diffie-Hellman key exchange, relying on ECDLP, a three-party key exchange requires two rounds. A single round protocol is possible through the use of a bilinear pairing: given Alice's public key aP1 and Bob's public key bP2, Carol can compute the shared secret with her private key c by e(aP1, bP2)c.
(See examples/joux.rs for the full example.)
```rust // Generate private keys let alicesk = Scalar::random(rng); let bobsk = Scalar::random(rng); let carol_sk = Scalar::random(rng);
// Generate public keys in G1 and G2 let (alicepk1, alicepk2) = (G1::one() * &alicesk, G2::one() * &alicesk); let (bobpk1, bobpk2) = (G1::one() * &bobsk, G2::one() * &bobsk); let (carolpk1, carolpk2) = (G1::one() * &carolsk, G2::one() * &carolsk);
// Each party computes the shared secret let alicess = pairing(&bobpk1, &carolpk2) ^ &alicesk; let bobss = pairing(&carolpk1, &alicepk2) ^ &bobsk; let carolss = pairing(&alicepk1, &bobpk2) ^ &carolsk;
assert!(alicess == bobss && bobss == carolss); ```
Licensed under either of
at your option.
Copyright 2016 Zcash Electric Coin Company. The Zcash Company promises to maintain the "bn" crate on crates.io under this MIT/Apache-2.0 dual license.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.