aiken/crypto/bls12_381/g1

This module is designed for cryptographic operations involving the BLS12-381 elliptic curve, particularly focusing on the G1 group of the curve.

The key functionalities provided by this module include:

Defining the generator of the G1 group, which is a fixed base point on the elliptic curve used for various cryptographic computations.
Implementing the additive identity (zero) in the G1 group, which plays a crucial role in elliptic curve arithmetic.
Providing functions to compress and decompress points in the G1 group. Compression reduces the size of the point representation, which is useful for efficient storage and transmission. Decompression restores the original point from its compressed form.
Implementing basic arithmetic operations on the points in the G1 group, such as addition and subtraction.
Enabling the exponentiation of a point in the G1 group with a scalar, which is a fundamental operation in elliptic curve cryptography.
Offering a function to hash arbitrary data to a point in the G1 group, a process important in several cryptographic protocols.

This module ensures that all operations respect the properties of the BLS12-381 curve and the mathematical structure of the G1 group.

Constants

generator: G1Element = #<Bls12_381, G1>"97f1d3a73197d7942695638c4fa9ac0fc3688c4f9774b905a14e3a3f171bac586c55e83ff97a1aeffb3af00adb22c6bb"

The compressed generator of the G1 group of the BLS12-381 curve. This constant represents a fixed base point on the elliptic curve. Note that flat encoded plutus does not allow for the direct usage of BLS12-381 points. More explicit, any points in plutus data or scripts must be decompressed before usage onchain.

zero: G1Element = #<Bls12_381, G1>"c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"

Represents the additive identity (zero) in the G1 group. Note that flat encoded plutus does not allow for the direct usage of BLS12-381 points. More explicit, any points in plutus data or scripts must be decompressed before usage onchain.

Functions

compress(point: G1Element) -> ByteArray

Compresses a point in the G1 group into a more compact representation. The compressed representation is a 48-byte string, corresponding to a modified x coordinate. The leading most significant 3 bits of this string indicate how to reconstruct the y coordinate.

More explicitly via Zcash’s spec:

The most-significant three bits of a G1 or G2 encoding should be masked away before the coordinate(s) are interpreted. These bits are used to unambiguously represent the underlying element:

The most significant bit, when set, indicates that the point is in compressed form. Otherwise, the point is in uncompressed form.

The second-most significant bit indicates that the point is at infinity. If this bit is set, the remaining bits of the group element’s encoding should be set to zero.

The third-most significant bit is set if (and only if) this point is in compressed form and it is not the point at infinity and its y-coordinate is the lexicographically largest of the two associated with the encoded x-coordinate.

decompress(bytes: ByteArray) -> G1Element

Decompresses a point in the G1 group from its compressed form.

equal(left: G1Element, right: G1Element) -> Bool

add(left: G1Element, right: G1Element) -> G1Element

Adds two points in the G1 group.

sub(left: G1Element, right: G1Element) -> G1Element

Subtracts one point in the G1 group from another.

scale(point: G1Element, e: Scalar) -> G1Element

Exponentiates a point in the G1 group with a scalar. This operation is equivalent to the repeated addition of the point with itself e times.

hash_to_group(bytes: ByteArray, domain_separation_tag: ByteArray) -> G1Element

Hashes arbitrary data to a point in the G1 group. You can use the domain_separation_tag parameter to cryptographically separate different uses of the hash function between applications.