diff options
Diffstat (limited to 'vendor/golang.org/x/crypto/bn256/bn256.go')
| -rw-r--r-- | vendor/golang.org/x/crypto/bn256/bn256.go | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/vendor/golang.org/x/crypto/bn256/bn256.go b/vendor/golang.org/x/crypto/bn256/bn256.go index 014f8b355..f88f3fc3b 100644 --- a/vendor/golang.org/x/crypto/bn256/bn256.go +++ b/vendor/golang.org/x/crypto/bn256/bn256.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package bn256 implements a particular bilinear group at the 128-bit security level. +// Package bn256 implements a particular bilinear group. // // Bilinear groups are the basis of many of the new cryptographic protocols // that have been proposed over the past decade. They consist of a triplet of @@ -14,6 +14,10 @@ // Barreto-Naehrig curve as described in // http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible // with the implementation described in that paper. +// +// (This package previously claimed to operate at a 128-bit security level. +// However, recent improvements in attacks mean that is no longer true. See +// https://moderncrypto.org/mail-archive/curves/2016/000740.html.) package bn256 // import "golang.org/x/crypto/bn256" import ( @@ -49,8 +53,8 @@ func RandomG1(r io.Reader) (*big.Int, *G1, error) { return k, new(G1).ScalarBaseMult(k), nil } -func (g *G1) String() string { - return "bn256.G1" + g.p.String() +func (e *G1) String() string { + return "bn256.G1" + e.p.String() } // ScalarBaseMult sets e to g*k where g is the generator of the group and @@ -92,11 +96,11 @@ func (e *G1) Neg(a *G1) *G1 { } // Marshal converts n to a byte slice. -func (n *G1) Marshal() []byte { - n.p.MakeAffine(nil) +func (e *G1) Marshal() []byte { + e.p.MakeAffine(nil) - xBytes := new(big.Int).Mod(n.p.x, p).Bytes() - yBytes := new(big.Int).Mod(n.p.y, p).Bytes() + xBytes := new(big.Int).Mod(e.p.x, p).Bytes() + yBytes := new(big.Int).Mod(e.p.y, p).Bytes() // Each value is a 256-bit number. const numBytes = 256 / 8 @@ -166,8 +170,8 @@ func RandomG2(r io.Reader) (*big.Int, *G2, error) { return k, new(G2).ScalarBaseMult(k), nil } -func (g *G2) String() string { - return "bn256.G2" + g.p.String() +func (e *G2) String() string { + return "bn256.G2" + e.p.String() } // ScalarBaseMult sets e to g*k where g is the generator of the group and |