Tezex.Crypto.BLS.Pairing (tezex v3.2.0)
View SourceBLS12-381 pairing operations implementing the Optimal ATE pairing.
This module provides the pairing function e: G1 × G2 → GT used for BLS signature verification. The pairing satisfies the bilinearity property: e(aP, bQ) = e(P, Q)^(ab).
This is a full implementation of the BLS12-381 pairing using Miller's algorithm and final exponentiation.
Summary
Functions
Applies the twist isomorphism to convert G2 points to FQ12. Field isomorphism from Z[p] / x2 to Z[p] / x2 - 2*x + 2
Casts a G1 point to Fq12 coordinates for line function evaluation.
Implements the final exponentiation step of the pairing. Uses the optimized BLS12-381 specific algorithm instead of naive exponentiation.
Checks if two GT elements are equal.
Returns the identity element in GT.
Inverts a GT element.
Multiplies two GT elements.
Checks if a GT element is the identity.
Computes the line function for Miller's algorithm using Fq12 coordinates. This version works with twisted points that have Fq12 coordinates. Returns {numerator, denominator} to avoid unnecessary divisions.
Implements the Miller loop for pairing computation. This is the core of the pairing algorithm.
Computes the optimal ATE pairing of a G1 point and G2 point. Returns an element in GT = Fq12.
Computes the pairing with optional final exponentiation.
Performs a pairing check for BLS signature verification.
Types
@type gt() :: Tezex.Crypto.BLS.Fq12.t()
Functions
@spec apply_twist(Tezex.Crypto.BLS.G2.t()) :: %{ x: Tezex.Crypto.BLS.Fq12.t(), y: Tezex.Crypto.BLS.Fq12.t(), z: Tezex.Crypto.BLS.Fq12.t() }
Applies the twist isomorphism to convert G2 points to FQ12. Field isomorphism from Z[p] / x2 to Z[p] / x2 - 2*x + 2
@spec cast_point_to_fq12(Tezex.Crypto.BLS.G1.t()) :: %{ x: Tezex.Crypto.BLS.Fq12.t(), y: Tezex.Crypto.BLS.Fq12.t(), z: Tezex.Crypto.BLS.Fq12.t() }
Casts a G1 point to Fq12 coordinates for line function evaluation.
Implements the final exponentiation step of the pairing. Uses the optimized BLS12-381 specific algorithm instead of naive exponentiation.
Checks if two GT elements are equal.
@spec gt_identity() :: gt()
Returns the identity element in GT.
Inverts a GT element.
Multiplies two GT elements.
Checks if a GT element is the identity.
@spec line_function_fq12( %{ x: Tezex.Crypto.BLS.Fq12.t(), y: Tezex.Crypto.BLS.Fq12.t(), z: Tezex.Crypto.BLS.Fq12.t() }, %{ x: Tezex.Crypto.BLS.Fq12.t(), y: Tezex.Crypto.BLS.Fq12.t(), z: Tezex.Crypto.BLS.Fq12.t() }, %{ x: Tezex.Crypto.BLS.Fq12.t(), y: Tezex.Crypto.BLS.Fq12.t(), z: Tezex.Crypto.BLS.Fq12.t() } ) :: {Tezex.Crypto.BLS.Fq12.t(), Tezex.Crypto.BLS.Fq12.t()}
Computes the line function for Miller's algorithm using Fq12 coordinates. This version works with twisted points that have Fq12 coordinates. Returns {numerator, denominator} to avoid unnecessary divisions.
@spec miller_loop(Tezex.Crypto.BLS.G2.t(), Tezex.Crypto.BLS.G1.t(), boolean()) :: gt()
Implements the Miller loop for pairing computation. This is the core of the pairing algorithm.
Core algorithm for optimal ATE pairing computation.
@spec pairing(Tezex.Crypto.BLS.G1.t(), Tezex.Crypto.BLS.G2.t()) :: gt()
Computes the optimal ATE pairing of a G1 point and G2 point. Returns an element in GT = Fq12.
This implements the full BLS12-381 pairing algorithm:
- Miller loop computation
- Final exponentiation
@spec pairing(Tezex.Crypto.BLS.G1.t(), Tezex.Crypto.BLS.G2.t(), boolean()) :: gt()
Computes the pairing with optional final exponentiation.
@spec pairing_check( Tezex.Crypto.BLS.G1.t(), Tezex.Crypto.BLS.G2.t(), Tezex.Crypto.BLS.G1.t(), Tezex.Crypto.BLS.G2.t() ) :: boolean()
Performs a pairing check for BLS signature verification.
Implements the actual BLS verification equation: e(signature, G1_generator) == e(H(msg), pubkey)
This is equivalent to checking: e(signature, G1_generator) * e(H(msg), -pubkey) == 1
Uses the full cryptographically secure pairing implementation.