github.com/platonnetwork/platon-go@v0.7.6/cases/tool/win/bls_win/include/mcl/bn.h (about) 1 #pragma once 2 /** 3 @file 4 @brief C interface of 256/384-bit optimal ate pairing over BN curves 5 @author MITSUNARI Shigeo(@herumi) 6 @license modified new BSD license 7 http://opensource.org/licenses/BSD-3-Clause 8 */ 9 /* 10 the order of an elliptic curve over Fp is Fr 11 */ 12 #ifndef MCLBN_FP_UNIT_SIZE 13 #error "define MCLBN_FP_UNIT_SIZE 4(, 6 or 8)" 14 #endif 15 #ifndef MCLBN_FR_UNIT_SIZE 16 #define MCLBN_FR_UNIT_SIZE MCLBN_FP_UNIT_SIZE 17 #endif 18 #define MCLBN_COMPILED_TIME_VAR ((MCLBN_FR_UNIT_SIZE) * 10 + (MCLBN_FP_UNIT_SIZE)) 19 20 #include <stdint.h> // for uint64_t, uint8_t 21 #include <stdlib.h> // for size_t 22 23 24 #if defined(_MSC_VER) 25 #ifdef MCLBN_DONT_EXPORT 26 #define MCLBN_DLL_API 27 #else 28 #ifdef MCLBN_DLL_EXPORT 29 #define MCLBN_DLL_API __declspec(dllexport) 30 #else 31 #define MCLBN_DLL_API __declspec(dllimport) 32 #endif 33 #endif 34 #ifndef MCLBN_NO_AUTOLINK 35 #if MCLBN_FP_UNIT_SIZE == 4 36 #pragma comment(lib, "mclbn256.lib") 37 #elif (MCLBN_FP_UNIT_SIZE == 6) && (MCLBN_FR_UNIT_SIZE == 4) 38 #pragma comment(lib, "mclbn384_256.lib") 39 #elif (MCLBN_FP_UNIT_SIZE == 6) && (MCLBN_FR_UNIT_SIZE == 6) 40 #pragma comment(lib, "mclbn384.lib") 41 #elif MCLBN_FP_UNIT_SIZE == 8 42 #pragma comment(lib, "mclbn512.lib") 43 #endif 44 #endif 45 #elif defined(__EMSCRIPTEN__) && !defined(MCLBN_DONT_EXPORT) 46 #define MCLBN_DLL_API __attribute__((used)) 47 #elif defined(__wasm__) && !defined(MCLBN_DONT_EXPORT) 48 #define MCLBN_DLL_API __attribute__((visibility("default"))) 49 #else 50 #define MCLBN_DLL_API 51 #endif 52 53 #ifdef __EMSCRIPTEN__ 54 // avoid 64-bit integer 55 #define mclSize unsigned int 56 #define mclInt int 57 #else 58 // use #define for cgo 59 #define mclSize size_t 60 #define mclInt int64_t 61 #endif 62 63 #ifdef __cplusplus 64 extern "C" { 65 #endif 66 67 #ifdef MCLBN_NOT_DEFINE_STRUCT 68 69 typedef struct mclBnFr mclBnFr; 70 typedef struct mclBnG1 mclBnG1; 71 typedef struct mclBnG2 mclBnG2; 72 typedef struct mclBnGT mclBnGT; 73 typedef struct mclBnFp mclBnFp; 74 typedef struct mclBnFp2 mclBnFp2; 75 76 #else 77 78 typedef struct { 79 uint64_t d[MCLBN_FR_UNIT_SIZE]; 80 } mclBnFr; 81 82 typedef struct { 83 uint64_t d[MCLBN_FP_UNIT_SIZE * 3]; 84 } mclBnG1; 85 86 typedef struct { 87 uint64_t d[MCLBN_FP_UNIT_SIZE * 2 * 3]; 88 } mclBnG2; 89 90 typedef struct { 91 uint64_t d[MCLBN_FP_UNIT_SIZE * 12]; 92 } mclBnGT; 93 94 typedef struct { 95 uint64_t d[MCLBN_FP_UNIT_SIZE]; 96 } mclBnFp; 97 98 typedef struct { 99 mclBnFp d[2]; 100 } mclBnFp2; 101 102 #endif 103 104 #include <mcl/curve_type.h> 105 106 #define MCLBN_IO_SERIALIZE_HEX_STR 2048 107 // for backword compatibility 108 enum { 109 mclBn_CurveFp254BNb = 0, 110 mclBn_CurveFp382_1 = 1, 111 mclBn_CurveFp382_2 = 2, 112 mclBn_CurveFp462 = 3, 113 mclBn_CurveSNARK1 = 4, 114 mclBls12_CurveFp381 = 5 115 }; 116 117 // return 0xABC which means A.BC 118 MCLBN_DLL_API int mclBn_getVersion(); 119 /* 120 init library 121 @param curve [in] type of bn curve 122 @param compiledTimeVar [in] specify MCLBN_COMPILED_TIME_VAR, 123 which macro is used to make sure that the values 124 are the same when the library is built and used 125 @return 0 if success 126 curve = BN254/BN_SNARK1 is allowed if maxUnitSize = 4 127 curve = BN381_1/BN381_2/BLS12_381 are allowed if maxUnitSize = 6 128 This parameter is used to detect a library compiled with different MCLBN_FP_UNIT_SIZE for safety. 129 @note not threadsafe 130 @note BN_init is used in libeay32 131 */ 132 MCLBN_DLL_API int mclBn_init(int curve, int compiledTimeVar); 133 134 135 /* 136 pairing : G1 x G2 -> GT 137 #G1 = #G2 = r 138 G1 is a curve defined on Fp 139 140 serialized size of elements 141 |Fr| |Fp| 142 BN254 32 32 143 BN381 48 48 144 BLS12_381 32 48 145 BN462 58 58 146 |G1| = |Fp| 147 |G2| = |G1| * 2 148 |GT| = |G1| * 12 149 */ 150 /* 151 return the num of Unit(=uint64_t) to store Fr 152 */ 153 MCLBN_DLL_API int mclBn_getOpUnitSize(void); 154 155 /* 156 return bytes for serialized G1(=Fp) 157 */ 158 MCLBN_DLL_API int mclBn_getG1ByteSize(void); 159 /* 160 return bytes for serialized Fr 161 */ 162 MCLBN_DLL_API int mclBn_getFrByteSize(void); 163 /* 164 return bytes for serialized Fp 165 */ 166 MCLBN_DLL_API int mclBn_getFpByteSize(void); 167 168 /* 169 return decimal string of the order of the curve(=the characteristic of Fr) 170 return str(buf) if success 171 */ 172 MCLBN_DLL_API mclSize mclBn_getCurveOrder(char *buf, mclSize maxBufSize); 173 174 /* 175 return decimal string of the characteristic of Fp 176 return str(buf) if success 177 */ 178 MCLBN_DLL_API mclSize mclBn_getFieldOrder(char *buf, mclSize maxBufSize); 179 180 /* 181 set ETH serialization mode for BLS12-381 182 @param ETHserialization [in] 1:enable, 0:disable 183 @note ignore the flag if curve is not BLS12-381 184 */ 185 MCLBN_DLL_API void mclBn_setETHserialization(int ETHserialization); 186 //////////////////////////////////////////////// 187 /* 188 deserialize 189 return read size if success else 0 190 */ 191 MCLBN_DLL_API mclSize mclBnFr_deserialize(mclBnFr *x, const void *buf, mclSize bufSize); 192 MCLBN_DLL_API mclSize mclBnG1_deserialize(mclBnG1 *x, const void *buf, mclSize bufSize); 193 MCLBN_DLL_API mclSize mclBnG2_deserialize(mclBnG2 *x, const void *buf, mclSize bufSize); 194 MCLBN_DLL_API mclSize mclBnGT_deserialize(mclBnGT *x, const void *buf, mclSize bufSize); 195 MCLBN_DLL_API mclSize mclBnFp_deserialize(mclBnFp *x, const void *buf, mclSize bufSize); 196 MCLBN_DLL_API mclSize mclBnFp2_deserialize(mclBnFp2 *x, const void *buf, mclSize bufSize); 197 198 /* 199 serialize 200 return written byte if sucess else 0 201 */ 202 MCLBN_DLL_API mclSize mclBnFr_serialize(void *buf, mclSize maxBufSize, const mclBnFr *x); 203 MCLBN_DLL_API mclSize mclBnG1_serialize(void *buf, mclSize maxBufSize, const mclBnG1 *x); 204 MCLBN_DLL_API mclSize mclBnG2_serialize(void *buf, mclSize maxBufSize, const mclBnG2 *x); 205 MCLBN_DLL_API mclSize mclBnGT_serialize(void *buf, mclSize maxBufSize, const mclBnGT *x); 206 MCLBN_DLL_API mclSize mclBnFp_serialize(void *buf, mclSize maxBufSize, const mclBnFp *x); 207 MCLBN_DLL_API mclSize mclBnFp2_serialize(void *buf, mclSize maxBufSize, const mclBnFp2 *x); 208 209 /* 210 set string 211 ioMode 212 10 : decimal number 213 16 : hexadecimal number 214 MCLBN_IO_SERIALIZE_HEX_STR : hex string of serialized data 215 return 0 if success else -1 216 */ 217 MCLBN_DLL_API int mclBnFr_setStr(mclBnFr *x, const char *buf, mclSize bufSize, int ioMode); 218 MCLBN_DLL_API int mclBnG1_setStr(mclBnG1 *x, const char *buf, mclSize bufSize, int ioMode); 219 MCLBN_DLL_API int mclBnG2_setStr(mclBnG2 *x, const char *buf, mclSize bufSize, int ioMode); 220 MCLBN_DLL_API int mclBnGT_setStr(mclBnGT *x, const char *buf, mclSize bufSize, int ioMode); 221 MCLBN_DLL_API int mclBnFp_setStr(mclBnFp *x, const char *buf, mclSize bufSize, int ioMode); 222 223 /* 224 buf is terminated by '\0' 225 return strlen(buf) if sucess else 0 226 */ 227 MCLBN_DLL_API mclSize mclBnFr_getStr(char *buf, mclSize maxBufSize, const mclBnFr *x, int ioMode); 228 MCLBN_DLL_API mclSize mclBnG1_getStr(char *buf, mclSize maxBufSize, const mclBnG1 *x, int ioMode); 229 MCLBN_DLL_API mclSize mclBnG2_getStr(char *buf, mclSize maxBufSize, const mclBnG2 *x, int ioMode); 230 MCLBN_DLL_API mclSize mclBnGT_getStr(char *buf, mclSize maxBufSize, const mclBnGT *x, int ioMode); 231 MCLBN_DLL_API mclSize mclBnFp_getStr(char *buf, mclSize maxBufSize, const mclBnFp *x, int ioMode); 232 233 // set zero 234 MCLBN_DLL_API void mclBnFr_clear(mclBnFr *x); 235 MCLBN_DLL_API void mclBnFp_clear(mclBnFp *x); 236 MCLBN_DLL_API void mclBnFp2_clear(mclBnFp2 *x); 237 238 // set x to y 239 MCLBN_DLL_API void mclBnFr_setInt(mclBnFr *y, mclInt x); 240 MCLBN_DLL_API void mclBnFr_setInt32(mclBnFr *y, int x); 241 242 // x = buf & (1 << bitLen(r)) - 1 243 // if (x >= r) x &= (1 << (bitLen(r) - 1)) - 1 244 // always return 0 245 MCLBN_DLL_API int mclBnFr_setLittleEndian(mclBnFr *x, const void *buf, mclSize bufSize); 246 MCLBN_DLL_API int mclBnFp_setLittleEndian(mclBnFp *x, const void *buf, mclSize bufSize); 247 248 // set (buf mod r) to x 249 // return 0 if bufSize <= (byte size of Fr * 2) else -1 250 MCLBN_DLL_API int mclBnFr_setLittleEndianMod(mclBnFr *x, const void *buf, mclSize bufSize); 251 // set (buf mod p) to x 252 // return 0 if bufSize <= (byte size of Fp * 2) else -1 253 MCLBN_DLL_API int mclBnFp_setLittleEndianMod(mclBnFp *x, const void *buf, mclSize bufSize); 254 255 // return 1 if true and 0 otherwise 256 MCLBN_DLL_API int mclBnFr_isValid(const mclBnFr *x); 257 MCLBN_DLL_API int mclBnFr_isEqual(const mclBnFr *x, const mclBnFr *y); 258 MCLBN_DLL_API int mclBnFr_isZero(const mclBnFr *x); 259 MCLBN_DLL_API int mclBnFr_isOne(const mclBnFr *x); 260 261 MCLBN_DLL_API int mclBnFp_isEqual(const mclBnFp *x, const mclBnFp *y); 262 MCLBN_DLL_API int mclBnFp2_isEqual(const mclBnFp2 *x, const mclBnFp2 *y); 263 264 #ifndef MCL_DONT_USE_CSRPNG 265 // return 0 if success 266 MCLBN_DLL_API int mclBnFr_setByCSPRNG(mclBnFr *x); 267 268 /* 269 set user-defined random function for setByCSPRNG 270 @param self [in] user-defined pointer 271 @param readFunc [in] user-defined function, 272 which writes random bufSize bytes to buf and returns bufSize if success else returns 0 273 @note if self == 0 and readFunc == 0 then set default random function 274 @note not threadsafe 275 */ 276 MCLBN_DLL_API void mclBn_setRandFunc(void *self, unsigned int (*readFunc)(void *self, void *buf, unsigned int bufSize)); 277 #endif 278 279 // hash(s) and set x 280 // return 0 if success 281 MCLBN_DLL_API int mclBnFr_setHashOf(mclBnFr *x, const void *buf, mclSize bufSize); 282 MCLBN_DLL_API int mclBnFp_setHashOf(mclBnFp *x, const void *buf, mclSize bufSize); 283 284 // map x to y 285 // return 0 if success else -1 286 MCLBN_DLL_API int mclBnFp_mapToG1(mclBnG1 *y, const mclBnFp *x); 287 MCLBN_DLL_API int mclBnFp2_mapToG2(mclBnG2 *y, const mclBnFp2 *x); 288 289 MCLBN_DLL_API void mclBnFr_neg(mclBnFr *y, const mclBnFr *x); 290 MCLBN_DLL_API void mclBnFr_inv(mclBnFr *y, const mclBnFr *x); 291 MCLBN_DLL_API void mclBnFr_sqr(mclBnFr *y, const mclBnFr *x); 292 MCLBN_DLL_API void mclBnFr_add(mclBnFr *z, const mclBnFr *x, const mclBnFr *y); 293 MCLBN_DLL_API void mclBnFr_sub(mclBnFr *z, const mclBnFr *x, const mclBnFr *y); 294 MCLBN_DLL_API void mclBnFr_mul(mclBnFr *z, const mclBnFr *x, const mclBnFr *y); 295 MCLBN_DLL_API void mclBnFr_div(mclBnFr *z, const mclBnFr *x, const mclBnFr *y); 296 297 //////////////////////////////////////////////// 298 // set zero 299 MCLBN_DLL_API void mclBnG1_clear(mclBnG1 *x); 300 301 302 // return 1 if true and 0 otherwise 303 MCLBN_DLL_API int mclBnG1_isValid(const mclBnG1 *x); 304 MCLBN_DLL_API int mclBnG1_isEqual(const mclBnG1 *x, const mclBnG1 *y); 305 MCLBN_DLL_API int mclBnG1_isZero(const mclBnG1 *x); 306 /* 307 return 1 if x has a correct order 308 x is valid point of G1 if and only if 309 mclBnG1_isValid() is true, which contains mclBnG1_isValidOrder() if mclBn_verifyOrderG1(true) 310 mclBnG1_isValid() && mclBnG1_isValidOrder() is true if mclBn_verifyOrderG1(false) 311 */ 312 MCLBN_DLL_API int mclBnG1_isValidOrder(const mclBnG1 *x); 313 314 MCLBN_DLL_API int mclBnG1_hashAndMapTo(mclBnG1 *x, const void *buf, mclSize bufSize); 315 316 317 MCLBN_DLL_API void mclBnG1_neg(mclBnG1 *y, const mclBnG1 *x); 318 MCLBN_DLL_API void mclBnG1_dbl(mclBnG1 *y, const mclBnG1 *x); 319 MCLBN_DLL_API void mclBnG1_normalize(mclBnG1 *y, const mclBnG1 *x); 320 MCLBN_DLL_API void mclBnG1_add(mclBnG1 *z, const mclBnG1 *x, const mclBnG1 *y); 321 MCLBN_DLL_API void mclBnG1_sub(mclBnG1 *z, const mclBnG1 *x, const mclBnG1 *y); 322 MCLBN_DLL_API void mclBnG1_mul(mclBnG1 *z, const mclBnG1 *x, const mclBnFr *y); 323 324 /* 325 constant time mul 326 */ 327 MCLBN_DLL_API void mclBnG1_mulCT(mclBnG1 *z, const mclBnG1 *x, const mclBnFr *y); 328 329 //////////////////////////////////////////////// 330 // set zero 331 MCLBN_DLL_API void mclBnG2_clear(mclBnG2 *x); 332 333 // return 1 if true and 0 otherwise 334 MCLBN_DLL_API int mclBnG2_isValid(const mclBnG2 *x); 335 MCLBN_DLL_API int mclBnG2_isEqual(const mclBnG2 *x, const mclBnG2 *y); 336 MCLBN_DLL_API int mclBnG2_isZero(const mclBnG2 *x); 337 // return 1 if x has a correct order 338 MCLBN_DLL_API int mclBnG2_isValidOrder(const mclBnG2 *x); 339 340 MCLBN_DLL_API int mclBnG2_hashAndMapTo(mclBnG2 *x, const void *buf, mclSize bufSize); 341 342 // return written size if sucess else 0 343 344 MCLBN_DLL_API void mclBnG2_neg(mclBnG2 *y, const mclBnG2 *x); 345 MCLBN_DLL_API void mclBnG2_dbl(mclBnG2 *y, const mclBnG2 *x); 346 MCLBN_DLL_API void mclBnG2_normalize(mclBnG2 *y, const mclBnG2 *x); 347 MCLBN_DLL_API void mclBnG2_add(mclBnG2 *z, const mclBnG2 *x, const mclBnG2 *y); 348 MCLBN_DLL_API void mclBnG2_sub(mclBnG2 *z, const mclBnG2 *x, const mclBnG2 *y); 349 MCLBN_DLL_API void mclBnG2_mul(mclBnG2 *z, const mclBnG2 *x, const mclBnFr *y); 350 /* 351 constant time mul 352 */ 353 MCLBN_DLL_API void mclBnG2_mulCT(mclBnG2 *z, const mclBnG2 *x, const mclBnFr *y); 354 355 //////////////////////////////////////////////// 356 // set zero 357 MCLBN_DLL_API void mclBnGT_clear(mclBnGT *x); 358 // set x to y 359 MCLBN_DLL_API void mclBnGT_setInt(mclBnGT *y, mclInt x); 360 MCLBN_DLL_API void mclBnGT_setInt32(mclBnGT *y, int x); 361 362 // return 1 if true and 0 otherwise 363 MCLBN_DLL_API int mclBnGT_isEqual(const mclBnGT *x, const mclBnGT *y); 364 MCLBN_DLL_API int mclBnGT_isZero(const mclBnGT *x); 365 MCLBN_DLL_API int mclBnGT_isOne(const mclBnGT *x); 366 367 MCLBN_DLL_API void mclBnGT_neg(mclBnGT *y, const mclBnGT *x); 368 MCLBN_DLL_API void mclBnGT_inv(mclBnGT *y, const mclBnGT *x); 369 MCLBN_DLL_API void mclBnGT_sqr(mclBnGT *y, const mclBnGT *x); 370 MCLBN_DLL_API void mclBnGT_add(mclBnGT *z, const mclBnGT *x, const mclBnGT *y); 371 MCLBN_DLL_API void mclBnGT_sub(mclBnGT *z, const mclBnGT *x, const mclBnGT *y); 372 MCLBN_DLL_API void mclBnGT_mul(mclBnGT *z, const mclBnGT *x, const mclBnGT *y); 373 MCLBN_DLL_API void mclBnGT_div(mclBnGT *z, const mclBnGT *x, const mclBnGT *y); 374 375 /* 376 pow for all elements of Fp12 377 */ 378 MCLBN_DLL_API void mclBnGT_powGeneric(mclBnGT *z, const mclBnGT *x, const mclBnFr *y); 379 /* 380 pow for only {x|x^r = 1} in Fp12 by GLV method 381 the value generated by pairing satisfies the condition 382 */ 383 MCLBN_DLL_API void mclBnGT_pow(mclBnGT *z, const mclBnGT *x, const mclBnFr *y); 384 385 MCLBN_DLL_API void mclBn_pairing(mclBnGT *z, const mclBnG1 *x, const mclBnG2 *y); 386 MCLBN_DLL_API void mclBn_finalExp(mclBnGT *y, const mclBnGT *x); 387 MCLBN_DLL_API void mclBn_millerLoop(mclBnGT *z, const mclBnG1 *x, const mclBnG2 *y); 388 389 // return precomputedQcoeffSize * sizeof(Fp6) / sizeof(uint64_t) 390 MCLBN_DLL_API int mclBn_getUint64NumToPrecompute(void); 391 392 // allocate Qbuf[MCLBN_getUint64NumToPrecompute()] before calling this 393 MCLBN_DLL_API void mclBn_precomputeG2(uint64_t *Qbuf, const mclBnG2 *Q); 394 395 MCLBN_DLL_API void mclBn_precomputedMillerLoop(mclBnGT *f, const mclBnG1 *P, const uint64_t *Qbuf); 396 MCLBN_DLL_API void mclBn_precomputedMillerLoop2(mclBnGT *f, const mclBnG1 *P1, const uint64_t *Q1buf, const mclBnG1 *P2, const uint64_t *Q2buf); 397 MCLBN_DLL_API void mclBn_precomputedMillerLoop2mixed(mclBnGT *f, const mclBnG1 *P1, const mclBnG2 *Q1, const mclBnG1 *P2, const uint64_t *Q2buf); 398 399 /* 400 Lagrange interpolation 401 recover out = y(0) by { (xVec[i], yVec[i]) } 402 return 0 if success else -1 403 @note *out = yVec[0] if k = 1 404 @note k >= 2, xVec[i] != 0, xVec[i] != xVec[j] for i != j 405 */ 406 MCLBN_DLL_API int mclBn_FrLagrangeInterpolation(mclBnFr *out, const mclBnFr *xVec, const mclBnFr *yVec, mclSize k); 407 MCLBN_DLL_API int mclBn_G1LagrangeInterpolation(mclBnG1 *out, const mclBnFr *xVec, const mclBnG1 *yVec, mclSize k); 408 MCLBN_DLL_API int mclBn_G2LagrangeInterpolation(mclBnG2 *out, const mclBnFr *xVec, const mclBnG2 *yVec, mclSize k); 409 410 /* 411 evaluate polynomial 412 out = f(x) = c[0] + c[1] * x + c[2] * x^2 + ... + c[cSize - 1] * x^(cSize - 1) 413 @note cSize >= 2 414 */ 415 MCLBN_DLL_API int mclBn_FrEvaluatePolynomial(mclBnFr *out, const mclBnFr *cVec, mclSize cSize, const mclBnFr *x); 416 MCLBN_DLL_API int mclBn_G1EvaluatePolynomial(mclBnG1 *out, const mclBnG1 *cVec, mclSize cSize, const mclBnFr *x); 417 MCLBN_DLL_API int mclBn_G2EvaluatePolynomial(mclBnG2 *out, const mclBnG2 *cVec, mclSize cSize, const mclBnFr *x); 418 419 /* 420 verify whether a point of an elliptic curve has order r 421 This api affetcs setStr(), deserialize() for G2 on BN or G1/G2 on BLS12 422 @param doVerify [in] does not verify if zero(default 1) 423 */ 424 MCLBN_DLL_API void mclBn_verifyOrderG1(int doVerify); 425 MCLBN_DLL_API void mclBn_verifyOrderG2(int doVerify); 426 427 /* 428 EXPERIMENTAL 429 only for curve = MCL_SECP* or MCL_NIST* 430 return standard base point of the current elliptic curve 431 */ 432 MCLBN_DLL_API int mclBnG1_getBasePoint(mclBnG1 *x); 433 434 #ifdef __cplusplus 435 } 436 #endif