1 // Package bls12381 provides bilinear pairings using the BLS12-381 curve. 2 // 3 // A pairing system consists of three groups G1 and G2 (additive notation) and 4 // Gt (multiplicative notation) of the same order. 5 // Scalars can be used interchangeably between groups. 6 // 7 // These groups have the same order equal to: 8 // 9 // Order = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001 10 // 11 // # Serialization Format 12 // 13 // Elements of G1 and G2 can be encoded in uncompressed form (the x-coordinate 14 // followed by the y-coordinate) or in compressed form (just the x-coordinate). 15 // G1 elements occupy 96 bytes in uncompressed form, and 48 bytes in compressed 16 // form. G2 elements occupy 192 bytes in uncompressed form, and 96 bytes in 17 // compressed form. 18 // 19 // The most-significant three bits of a G1 or G2 encoding should be masked away 20 // before the coordinates are interpreted. These bits are used to unambiguously 21 // represent the underlying element: 22 // 23 // * The most significant bit, when set, indicates that the point is in 24 // compressed form. Otherwise, the point is in uncompressed form. 25 // 26 // * The second-most significant bit indicates that the point is at infinity. 27 // If this bit is set, the remaining bits of the group element's encoding 28 // should be set to zero. 29 // 30 // * The third-most significant bit is set if (and only if) this point is in 31 // compressed form AND it is not the point at infinity AND its y-coordinate 32 // is the lexicographically largest of the two associated with the encoded 33 // x-coordinate. 34 // 35 // |----------------------------------------------------| 36 // | Serialization Format | 37 // |-----|-------|-------|---------------|--------------| 38 // | MSB | MSB-1 | MSB-2 | Description | Encoding | 39 // |-----|-------|-------|---------------|--------------| 40 // | 0 | X | X | Uncompressed | e || x || y | 41 // | 1 | X | X | Compressed | e || x | 42 // |-----|-------|-------|---------------|--------------| 43 // | X | 0 | X | Non-Infinity | e || x || y | 44 // | X | 1 | X | Infinity | e || 0 || 0 | 45 // |-----|-------|-------|---------------|--------------| 46 // | | | | Compressed, | | 47 // | 1 | 0 | 1 | Non-Infinity, | e || x | 48 // | | | | Big y-coord | | 49 // |-----|-------|-------|---------------|--------------| 50 // | | | | Compressed, | | 51 // | 1 | 0 | 0 | Non-Infinity, | e || x | 52 // | | | | Small y-coord | | 53 // |----------------------------------------------------| 54 package bls12381 55