forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-03-23 19:38:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
go-ethereum/crypto/bn256/gnark/g2.go
cui 88922d2bf5
Some checks are pending
/ Windows Build (push) Waiting to run
Details
/ Docker Image (push) Waiting to run
Details
/ Linux Build (push) Waiting to run
Details
/ Linux Build (arm) (push) Waiting to run
Details
crypto/bn256: refactor to use bitutil.TestBytes (#32435)
2025-08-15 15:12:22 +08:00

86 lines
2.2 KiB
Go
Raw Blame History

package bn256
import (
"errors"
"github.com/consensys/gnark-crypto/ecc/bn254"
"github.com/ethereum/go-ethereum/common/bitutil"
)
// G2 is the affine representation of a G2 group element.
//
// Since this code is used for precompiles, using Jacobian
// points are not beneficial because there are no intermediate
// points and G2 in particular is only used for the pairing input.
//
// Note: We also use this struct so that we can conform to the existing API
// that the precompiles want.
type G2 struct {
inner bn254.G2Affine
}
// Unmarshal deserializes `buf` into `g`
//
// The input is expected to be in the EVM format:
// 128 bytes: [32-byte x.1][32-byte x.0][32-byte y.1][32-byte y.0]
// where each value is a big-endian integer.
//
// This method also checks whether the point is on the
// curve and in the prime order subgroup.
func (g *G2) Unmarshal(buf []byte) (int, error) {
if len(buf) < 128 {
return 0, errors.New("invalid G2 point size")
}
if !bitutil.TestBytes(buf[:128]) {
// point at infinity
g.inner.X.A0.SetZero()
g.inner.X.A1.SetZero()
g.inner.Y.A0.SetZero()
g.inner.Y.A1.SetZero()
return 128, nil
}
if err := g.inner.X.A1.SetBytesCanonical(buf[0:32]); err != nil {
return 0, err
}
if err := g.inner.X.A0.SetBytesCanonical(buf[32:64]); err != nil {
return 0, err
}
if err := g.inner.Y.A1.SetBytesCanonical(buf[64:96]); err != nil {
return 0, err
}
if err := g.inner.Y.A0.SetBytesCanonical(buf[96:128]); err != nil {
return 0, err
}
if !g.inner.IsOnCurve() {
return 0, errors.New("point is not on curve")
}
if !g.inner.IsInSubGroup() {
return 0, errors.New("point is not in correct subgroup")
}
return 128, nil
}
// Marshal serializes the point into a byte slice.
//
// The output is in EVM format: 128 bytes total.
// [32-byte x.1][32-byte x.0][32-byte y.1][32-byte y.0]
// where each value is a big-endian integer.
func (g *G2) Marshal() []byte {
output := make([]byte, 128)
xA1Bytes := g.inner.X.A1.Bytes()
copy(output[:32], xA1Bytes[:])
xA0Bytes := g.inner.X.A0.Bytes()
copy(output[32:64], xA0Bytes[:])
yA1Bytes := g.inner.Y.A1.Bytes()
copy(output[64:96], yA1Bytes[:])
yA0Bytes := g.inner.Y.A0.Bytes()
copy(output[96:128], yA0Bytes[:])
return output
}
Reference in a new issue View git blame Copy permalink