# zeropool-bn 0.5.11

Pairing cryptography with the Barreto-Naehrig curve
Documentation

# bn  This is a pairing cryptography library written in pure Rust. It makes use of the Barreto-Naehrig (BN) curve construction from [BCTV2015] to provide two cyclic groups G1 and G2, with an efficient bilinear pairing:

e: G1 × G2 → GT

## Security warnings

This library, like other pairing cryptography libraries implementing this construction, is not resistant to side-channel attacks.

## Usage

Add the `bn` crate to your dependencies in `Cargo.toml`...

``````[dependencies]
bn = "0.4.2"
``````

...and add an `extern crate` declaration to your crate root:

``````extern crate bn;
``````

## API

• `Fr` is an element of Fr
• `G1` is a point on the BN curve E/Fq : y2 = x3 + b
• `G2` is a point on the twisted BN curve E'/Fq2 : y2 = x3 + b/xi
• `Gt` is a group element (written multiplicatively) obtained with the `pairing` function over `G1` and `G2`.

### Examples

#### Joux's key agreement protocol

In a typical Diffie-Hellman key exchange, relying on ECDLP, a three-party key exchange requires two rounds. A single round protocol is possible through the use of a bilinear pairing: given Alice's public key aP1 and Bob's public key bP2, Carol can compute the shared secret with her private key c by e(aP1, bP2)c.

(See `examples/joux.rs` for the full example.)

``````// Generate private keys
let alice_sk = Fr::random(rng);
let bob_sk = Fr::random(rng);
let carol_sk = Fr::random(rng);

// Generate public keys in G1 and G2
let (alice_pk1, alice_pk2) = (G1::one() * alice_sk, G2::one() * alice_sk);
let (bob_pk1, bob_pk2) = (G1::one() * bob_sk, G2::one() * bob_sk);
let (carol_pk1, carol_pk2) = (G1::one() * carol_sk, G2::one() * carol_sk);

// Each party computes the shared secret
let alice_ss = pairing(bob_pk1, carol_pk2).pow(alice_sk);
let bob_ss = pairing(carol_pk1, alice_pk2).pow(bob_sk);
let carol_ss = pairing(alice_pk1, bob_pk2).pow(carol_sk);

assert!(alice_ss == bob_ss && bob_ss == carol_ss);
``````