| Adam Langley | 71484c7 | 2012-07-27 12:54:55 -0400 | [diff] [blame] | 1 | // Copyright 2012 The Go Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style |
| 3 | // license that can be found in the LICENSE file. |
| 4 | |
| 5 | package bn256 |
| 6 | |
| 7 | import ( |
| 8 | "crypto/rand" |
| 9 | ) |
| 10 | |
| 11 | func ExamplePair() { |
| 12 | // This implements the tripartite Diffie-Hellman algorithm from "A One |
| 13 | // Round Protocol for Tripartite Diffie-Hellman", A. Joux. |
| 14 | // http://www.springerlink.com/content/cddc57yyva0hburb/fulltext.pdf |
| 15 | |
| 16 | // Each of three parties, a, b and c, generate a private value. |
| 17 | a, _ := rand.Int(rand.Reader, Order) |
| 18 | b, _ := rand.Int(rand.Reader, Order) |
| 19 | c, _ := rand.Int(rand.Reader, Order) |
| 20 | |
| 21 | // Then each party calculates g₁ and g₂ times their private value. |
| 22 | pa := new(G1).ScalarBaseMult(a) |
| 23 | qa := new(G2).ScalarBaseMult(a) |
| 24 | |
| 25 | pb := new(G1).ScalarBaseMult(b) |
| 26 | qb := new(G2).ScalarBaseMult(b) |
| 27 | |
| 28 | pc := new(G1).ScalarBaseMult(c) |
| 29 | qc := new(G2).ScalarBaseMult(c) |
| 30 | |
| 31 | // Now each party exchanges its public values with the other two and |
| 32 | // all parties can calculate the shared key. |
| 33 | k1 := Pair(pb, qc) |
| 34 | k1.ScalarMult(k1, a) |
| 35 | |
| 36 | k2 := Pair(pc, qa) |
| 37 | k2.ScalarMult(k2, b) |
| 38 | |
| 39 | k3 := Pair(pa, qb) |
| 40 | k3.ScalarMult(k3, c) |
| 41 | |
| 42 | // k1, k2 and k3 will all be equal. |
| 43 | } |
