-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Bilinear pairings
--   
--   Optimal Ate pairing over Barreto-Naehrig curves
@package pairing
@version 1.0.0

module Data.Pairing

-- | Pairings of general cryptographic groups.
--   
--   Let <tt>G1</tt> and <tt>G2</tt> be additive cyclic groups of prime
--   order <tt>r</tt>, and <tt>GT</tt> be a multiplicative cyclic group of
--   prime order <tt>r</tt>.
--   
--   Then the pairing is defined to be of type <tt>G1 x G2 -&gt; GT</tt>,
--   and satisfies bilinearity, non-degeneracy, and computability.
class (Arbitrary (G1 e), Arbitrary (G2 e), Arbitrary (GT e), Eq (G1 e), Eq (G2 e), Eq (GT e), Generic (G1 e), Generic (G2 e), Generic (GT e), Group (G1 e), Group (G2 e), Group (GT e), NFData (G1 e), NFData (G2 e), NFData (GT e), Random (G1 e), Random (G2 e), Random (GT e), Show (G1 e), Show (G2 e), Show (GT e)) => Pairing e where {
    
    -- | Left group <tt>G1</tt>.
    type family G1 e = (g :: *) | g -> e;
    
    -- | Right group <tt>G2</tt>.
    type family G2 e = (g :: *) | g -> e;
    
    -- | Target group <tt>GT</tt>.
    type family GT e = (g :: *) | g -> e;
}

-- | Computable non-degenerate bilinear map.
pairing :: Pairing e => G1 e -> G2 e -> GT e

-- | Pairings of a family of pairing-friendly elliptic curves.
--   
--   Let <tt>E(Fq)</tt> be an elliptic curve over a prime field
--   <tt>Fq</tt>, and let <tt>Fq &lt; Fq' &lt; Fq'' &lt; Fq'''</tt> be a
--   tower of simple field extensions defined by irreducible monic
--   polynomials <tt>u</tt>, <tt>v</tt>, and <tt>w</tt>.
--   
--   Then the pairing is defined to be of type <tt>E(Fq) x E(Fq') -&gt;
--   U_r</tt>, where <tt>U_r</tt> is the <tt>r</tt>-th roots of unity
--   multiplicative subgroup of <tt>Fq'''</tt>, and <tt>r</tt> is the order
--   of <tt>E(Fq)</tt> and the order of a prime field <tt>Fr</tt>.
type ECPairing e q r u v w = (Pairing e, ECPairingG1 e q r, ECPairingG2 e q r u, ECPairingGT e q r u v w)

-- | Pairing-friendly elliptic curve left group <tt>E(Fq)</tt>.
type ECPairingG1 e q r = (KnownNat q, WACurve e (Prime q) (Prime r), G1 e ~ WAPoint e (Prime q) (Prime r))

-- | Pairing-friendly elliptic curve right group <tt>E(Fq')</tt>.
type ECPairingG2 e q r u = (IrreducibleMonic u (Prime q), WACurve e (Extension u (Prime q)) (Prime r), G2 e ~ WAPoint e (Extension u (Prime q)) (Prime r))

-- | Pairing-friendly field multiplicative target group <tt>U_r</tt>.
type ECPairingGT e q r u v w = (KnownNat r, IrreducibleMonic v (Extension u (Prime q)), IrreducibleMonic w (Extension v (Extension u (Prime q))), GT e ~ RootsOfUnity r (Extension w (Extension v (Extension u (Prime q)))))

module Data.Pairing.Ate

-- | <a>Miller algorithm for Barreto-Lynn-Scott degree 12 curves</a>.
millerAlgorithmBLS12 :: ECPairing e q r u v w => [Int8] -> G1 e -> G2 e -> GT e

-- | <a>Final exponentiation for Barreto-Lynn-Scott degree 12 curves</a>.
finalExponentiationBLS12 :: ECPairing e q r u v w => Integer -> GT e -> GT e

-- | <a>Miller algorithm for Barreto-Naehrig curves</a>.
millerAlgorithmBN :: ECPairing e q r u v w => Extension u (Prime q) -> [Int8] -> G1 e -> G2 e -> GT e

-- | <a>Final exponentiation for Barreto-Naehrig curves</a>.
finalExponentiationBN :: ECPairing e q r u v w => Integer -> GT e -> GT e

module Data.Pairing.BLS12381

-- | BLS12381 curve.
data BLS12381

-- | BLS12381 curve parameter <tt>s = t</tt> in signed binary.
parameterBin :: [Int8]

-- | BLS12381 curve parameter <tt>t</tt> in hexadecimal.
parameterHex :: Integer

-- | Field of points of BLS12381 curve.
type Fq = Prime Q

-- | Field of points of BLS12381 curve over <tt>Fq2</tt>.
type Fq2 = Extension U Fq

-- | Field of points of BLS12381 curve over <tt>Fq6</tt>.
type Fq6 = Extension V Fq2

-- | Field of points of BLS12381 curve over <tt>Fq12</tt>.
type Fq12 = Extension W Fq6

-- | Field of coefficients of BLS12381 curve.
type Fr = Prime R

-- | BLS12381 curve left group <tt>G1 = E(Fq)</tt>.
type G1' = PA

-- | BLS12381 curve right group <tt>G2 = E'(Fq2)</tt>.
type G2' = PA

-- | <tt>Fq12</tt> multiplicative target group <tt>GT</tt>.
type GT' = RootsOfUnity R Fq12

-- | Precompute primitive roots of unity for binary powers that divide
--   <tt>r - 1</tt>.
getRootOfUnity :: Int -> Fr
instance Data.Pairing.Pairing Data.Curve.Weierstrass.BLS12381.BLS12381
instance Data.Field.Galois.Unity.CyclicSubgroup (Data.Field.Galois.Unity.RootsOfUnity Data.Curve.Weierstrass.BLS12381.R Data.Pairing.BLS12381.Fq12)
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BLS12381.W Data.Pairing.BLS12381.Fq6
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BLS12381.V Data.Curve.Weierstrass.BLS12381T.Fq2

module Data.Pairing.BN254

-- | BN254 curve.
data BN254

-- | BN254 curve parameter <tt>s = 6t + 2</tt> in signed binary.
parameterBin :: [Int8]

-- | BN254 curve parameter <tt>t</tt> in hexadecimal.
parameterHex :: Integer

-- | Field of points of BN254 curve.
type Fq = Prime Q

-- | Field of points of BN254 curve over <tt>Fq2</tt>.
type Fq2 = Extension U Fq

-- | Field of points of BN254 curve over <tt>Fq6</tt>.
type Fq6 = Extension V Fq2

-- | Field of points of BN254 curve over <tt>Fq12</tt>.
type Fq12 = Extension W Fq6

-- | Field of coefficients of BN254 curve.
type Fr = Prime R

-- | BN254 curve left group <tt>G1 = E(Fq)</tt>.
type G1' = PA

-- | BN254 curve right group <tt>G2 = E'(Fq2)</tt>.
type G2' = PA

-- | <tt>Fq12</tt> multiplicative target group <tt>GT</tt>.
type GT' = RootsOfUnity R Fq12

-- | Precompute primitive roots of unity for binary powers that divide
--   <tt>r - 1</tt>.
getRootOfUnity :: Int -> Fr
instance Data.Pairing.Pairing Data.Curve.Weierstrass.BN254.BN254
instance Data.Field.Galois.Unity.CyclicSubgroup (Data.Field.Galois.Unity.RootsOfUnity Data.Curve.Weierstrass.BN254.R Data.Pairing.BN254.Fq12)
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254.W Data.Pairing.BN254.Fq6
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254.V Data.Curve.Weierstrass.BN254T.Fq2

module Data.Pairing.BN254A

-- | BN254A curve.
data BN254A

-- | BN254A curve parameter <tt>s = 6t + 2</tt> in signed binary.
parameterBin :: [Int8]

-- | BN254A curve parameter <tt>t</tt> in hexadecimal.
parameterHex :: Integer

-- | Field of points of BN254A curve.
type Fq = Prime Q

-- | Field of points of BN254A curve over <tt>Fq2</tt>.
type Fq2 = Extension U Fq

-- | Field of points of BN254A curve over <tt>Fq6</tt>.
type Fq6 = Extension V Fq2

-- | Field of points of BN254A curve over <tt>Fq12</tt>.
type Fq12 = Extension W Fq6

-- | Field of coefficients of BN254A curve.
type Fr = Prime R

-- | BN254A curve left group <tt>G1 = E(Fq)</tt>.
type G1' = PA

-- | BN254A curve right group <tt>G2 = E'(Fq2)</tt>.
type G2' = PA

-- | <tt>Fq12</tt> multiplicative target group <tt>GT</tt>.
type GT' = RootsOfUnity R Fq12

-- | Precompute primitive roots of unity for binary powers that divide
--   <tt>r - 1</tt>.
getRootOfUnity :: Int -> Fr
instance Data.Pairing.Pairing Data.Curve.Weierstrass.BN254A.BN254A
instance Data.Field.Galois.Unity.CyclicSubgroup (Data.Field.Galois.Unity.RootsOfUnity Data.Curve.Weierstrass.BN254A.R Data.Pairing.BN254A.Fq12)
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254A.W Data.Pairing.BN254A.Fq6
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254A.V Data.Curve.Weierstrass.BN254AT.Fq2

module Data.Pairing.BN254B

-- | BN254B curve.
data BN254B

-- | BN254B curve parameter <tt>s = 6t + 2</tt> in signed binary.
parameterBin :: [Int8]

-- | BN254B curve parameter <tt>t</tt> in hexadecimal.
parameterHex :: Integer

-- | Field of points of BN254B curve.
type Fq = Prime Q

-- | Field of points of BN254B curve over <tt>Fq2</tt>.
type Fq2 = Extension U Fq

-- | Field of points of BN254B curve over <tt>Fq6</tt>.
type Fq6 = Extension V Fq2

-- | Field of points of BN254B curve over <tt>Fq12</tt>.
type Fq12 = Extension W Fq6

-- | Field of coefficients of BN254B curve.
type Fr = Prime R

-- | BN254B curve left group <tt>G1 = E(Fq)</tt>.
type G1' = PA

-- | BN254B curve right group <tt>G2 = E'(Fq2)</tt>.
type G2' = PA

-- | <tt>Fq12</tt> multiplicative target group <tt>GT</tt>.
type GT' = RootsOfUnity R Fq12

-- | Precompute primitive roots of unity for binary powers that divide
--   <tt>r - 1</tt>.
getRootOfUnity :: Int -> Fr
instance Data.Pairing.Pairing Data.Curve.Weierstrass.BN254B.BN254B
instance Data.Field.Galois.Unity.CyclicSubgroup (Data.Field.Galois.Unity.RootsOfUnity Data.Curve.Weierstrass.BN254B.R Data.Pairing.BN254B.Fq12)
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254B.W Data.Pairing.BN254B.Fq6
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254B.V Data.Curve.Weierstrass.BN254BT.Fq2

module Data.Pairing.BN254C

-- | BN254C curve.
data BN254C

-- | BN254C curve parameter <tt>s = 6t + 2</tt> in signed binary.
parameterBin :: [Int8]

-- | BN254C curve parameter <tt>t</tt> in hexadecimal.
parameterHex :: Integer

-- | Field of points of BN254C curve.
type Fq = Prime Q

-- | Field of points of BN254C curve over <tt>Fq2</tt>.
type Fq2 = Extension U Fq

-- | Field of points of BN254C curve over <tt>Fq6</tt>.
type Fq6 = Extension V Fq2

-- | Field of points of BN254C curve over <tt>Fq12</tt>.
type Fq12 = Extension W Fq6

-- | Field of coefficients of BN254C curve.
type Fr = Prime R

-- | BN254C curve left group <tt>G1 = E(Fq)</tt>.
type G1' = PA

-- | BN254C curve right group <tt>G2 = E'(Fq2)</tt>.
type G2' = PA

-- | <tt>Fq12</tt> multiplicative target group <tt>GT</tt>.
type GT' = RootsOfUnity R Fq12

-- | Precompute primitive roots of unity for binary powers that divide
--   <tt>r - 1</tt>.
getRootOfUnity :: Int -> Fr
instance Data.Pairing.Pairing Data.Curve.Weierstrass.BN254C.BN254C
instance Data.Field.Galois.Unity.CyclicSubgroup (Data.Field.Galois.Unity.RootsOfUnity Data.Curve.Weierstrass.BN254C.R Data.Pairing.BN254C.Fq12)
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254C.W Data.Pairing.BN254C.Fq6
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254C.V Data.Curve.Weierstrass.BN254CT.Fq2

module Data.Pairing.BN254D

-- | BN254D curve.
data BN254D

-- | BN254D curve parameter <tt>s = 6t + 2</tt> in signed binary.
parameterBin :: [Int8]

-- | BN254D curve parameter <tt>t</tt> in hexadecimal.
parameterHex :: Integer

-- | Field of points of BN254D curve.
type Fq = Prime Q

-- | Field of points of BN254D curve over <tt>Fq2</tt>.
type Fq2 = Extension U Fq

-- | Field of points of BN254D curve over <tt>Fq6</tt>.
type Fq6 = Extension V Fq2

-- | Field of points of BN254D curve over <tt>Fq12</tt>.
type Fq12 = Extension W Fq6

-- | Field of coefficients of BN254D curve.
type Fr = Prime R

-- | BN254D curve left group <tt>G1 = E(Fq)</tt>.
type G1' = PA

-- | BN254D curve right group <tt>G2 = E'(Fq2)</tt>.
type G2' = PA

-- | <tt>Fq12</tt> multiplicative target group <tt>GT</tt>.
type GT' = RootsOfUnity R Fq12

-- | Precompute primitive roots of unity for binary powers that divide
--   <tt>r - 1</tt>.
getRootOfUnity :: Int -> Fr
instance Data.Pairing.Pairing Data.Curve.Weierstrass.BN254D.BN254D
instance Data.Field.Galois.Unity.CyclicSubgroup (Data.Field.Galois.Unity.RootsOfUnity Data.Curve.Weierstrass.BN254D.R Data.Pairing.BN254D.Fq12)
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254D.W Data.Pairing.BN254D.Fq6
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN254D.V Data.Curve.Weierstrass.BN254DT.Fq2

module Data.Pairing.BN462

-- | BN462 curve.
data BN462

-- | BN462 curve parameter <tt>s = 6t + 2</tt> in signed binary.
parameterBin :: [Int8]

-- | BN462 curve parameter <tt>t</tt> in hexadecimal.
parameterHex :: Integer

-- | Field of points of BN462 curve.
type Fq = Prime Q

-- | Field of points of BN462 curve over <tt>Fq2</tt>.
type Fq2 = Extension U Fq

-- | Field of points of BN462 curve over <tt>Fq6</tt>.
type Fq6 = Extension V Fq2

-- | Field of points of BN462 curve over <tt>Fq12</tt>.
type Fq12 = Extension W Fq6

-- | Field of coefficients of BN462 curve.
type Fr = Prime R

-- | BN462 curve left group <tt>G1 = E(Fq)</tt>.
type G1' = PA

-- | BN462 curve right group <tt>G2 = E'(Fq2)</tt>.
type G2' = PA

-- | <tt>Fq12</tt> multiplicative target group <tt>GT</tt>.
type GT' = RootsOfUnity R Fq12

-- | Precompute primitive roots of unity for binary powers that divide
--   <tt>r - 1</tt>.
getRootOfUnity :: Int -> Fr
instance Data.Pairing.Pairing Data.Curve.Weierstrass.BN462.BN462
instance Data.Field.Galois.Unity.CyclicSubgroup (Data.Field.Galois.Unity.RootsOfUnity Data.Curve.Weierstrass.BN462.R Data.Pairing.BN462.Fq12)
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN462.W Data.Pairing.BN462.Fq6
instance Data.Field.Galois.Extension.IrreducibleMonic Data.Pairing.BN462.V Data.Curve.Weierstrass.BN462T.Fq2

module Data.Pairing.Hash

-- | Encodes a given byte string to a point on the BLS12 curve.
--   
--   The implementation uses the Shallue-van de Woestijne encoding to BLS12
--   curves as specified in Section 3 of <a>Fast and simple constant-time
--   hashing to the BLS12-381 elliptic curve</a>.
--   
--   This function is not implemented yet.
swEncBLS12 :: forall e m q r u v w. (MonadRandom m, ECPairing e q r u v w) => ByteString -> m (Maybe (G1 e))

-- | Encodes a given byte string to a point on the BN curve.
--   
--   The implementation uses the Shallue-van de Woestijne encoding to BN
--   curves as specified in Section 6 of <a>Indifferentiable Hashing to
--   Barreto-Naehrig Curves</a>.
--   
--   This function evaluates an empty bytestring or one that contains NUL
--   to zero and is sent to an arbitrary point on the curve.
swEncBN :: forall e m q r u v w. (MonadRandom m, ECPairing e q r u v w) => ByteString -> m (Maybe (G1 e))