search

herumi / mcl

a portable and fast pairing-based cryptography library
BSD 3-Clause "New" or "Revised" License
450 stars 152 forks source link

Clarify how to init() in JavaScript #61

Closed mhewett-ks closed 5 years ago

mhewett-ks commented 5 years ago 
mcl.init(mcl.BLS12_381).then(() => {
    console.log("mcl initialized to BLS12-381.");
    console.log("G1 = " + mcl.getBasePointG1().getStr(16));
});

G1 prints as 0, so it is apparently not initialized. I can't tell from reading mcl.js how to properly initialize G1 and G2. I would like to use the same G1 and G2 points as zksnark.

I see your note on initialization but I don't see similar initialization functions in the JavaScript API. Can you please clarify how to initialize G1 and G2 in JavaScript?

Also, there is no function mcl.getBasePointG2() that we can use to verify that G2 is properly initialized.

herumi commented 5 years ago

I'm sorry for the poor document. getBasePointG1() is for only secp or NIST curve, so it does not return the correct value for BN/BLS12 curves. see .https://github.com/herumi/mcl/blob/master/include/mcl/bn.h#L427-L432 The reason is that the generator is not specified. If you want to use the point for zk-SNARK described at Generators, then you have to set it yourself as the followings:

const G1 = new mcl.G1()
G1.setStr('1 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569')

const G2 = new mcl.G2()
G2.setStr('1 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582')
mhewett-ks commented 5 years ago

Thanks for the clarification. MCL is a very useful library. Thank you for producing it.

FYI, there is a security protocol called Pythia that I am implementing. Pythia's library is too large when compiled to WebAssembly, mainly because it uses the Relic math library. MCL provides the high quality functions I need in a smaller package.

mhewett-ks commented 5 years ago

Is there a JavaScript version of Fp12::mulGeneric()? I need to multiply an Fp12 by an Fr. I would implement it myself but I can't find a definition of arithmetic functions for Fp6 and Fp12.

herumi commented 5 years ago

Does your intent not mul(x, y) but pow(x, y)?

For x in GT(in Fp12) and y in Fr, The result of mul(x, y) = x * y is not in GT.(elemental multiplication). pow(x, y) = x^y is in GT.

You can use mcl.pow(x, y) for the latter.

mhewett-ks commented 5 years ago

Thank you for the correction. Using mcl.pow() produces exactly the right answer for my test case! Thank you for your help.