a portable and fast pairing-based cryptography library
A portable and fast pairing-based cryptography library.
mcl is a library for pairing-based cryptography, which supports the optimal Ate pairing over BN curves and BLS12-381 curves.
{G1,G2}::mulVec(z, xVec, yVec, n)
has improved for n >= 256. (about 2x speed up for n = 512).
const G*
to G*
because xVec may be normalized when computing.MCL_MAX_BIT_SIZE=512
so disable to support NICT_P521
.BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_RO_POP_
.mclBn_eth*
functions are removed.mcl::bn::mapToG1(G1& out, const Fp& v)
supports BLS12_MAP_FP_TO_G1
in EIP 2537.mcl::bn::hashAndMapToG1(G1& out, const void *msg, size_t msgSize)
supports (hash-to-curve-09 BLS12381G1_XMD:SHA-256_SSWU_RO_)MCL_MAP_TO_MODE_HASH_TO_CURVE_07
is added for hash-to-curve-draft-07.make UPDATE_ASM=1
once.See bls if you want mcl for BLS-signature.
See api.md and FAQ for serialization and hash-to-curve.
x86-64/ARM/ARM64 Linux, macOS and mingw64 are supported.
GMP is necessary only to build test programs.
sudo apt install libgmp-dev
on Ubuntubrew install gmp
on macOSOpenMP is optional (make MCL_USE_OMP=1
to use OpenMP for mulVec
)
sudo apt install libomp-dev
on Ubuntubrew install libomp
For x86-64 Linux and macOS,
git clone https://github.com/herumi/mcl
cd mcl
make -j4
clang++ is required except for x86-64 on Linux and Windows.
make -j4 CXX=clang++
lib/libmcl.*
; core librarylib/libmclbn384_256.*
; library to use C-API of BLS12-381 pairingFor x86-64 Linux and macOS.
mkdir build
cd build
cmake ..
make
For the other platform, clang++ is required.
mkdir build
cd build
cmake .. -DCMAKE_CXX_COMPILER=clang++
make
For Visual Studio,
mkdir build
cd build
cmake .. -A x64
msbuild mcl.sln /p:Configuration=Release /m
see cmake .. -LA
.
make test binaries in ./bin
.
cmake .. -DBUILD_TESTING=ON
make -j4
clang (clang-cl on Windows) is necessary to build files with a suffix ll.
src/base${BIT}.ll
is necessary if MCL_USE_LLVM
is defined.
src/bint${BIT}.ll
is necessary if MCL_BINT_ASM=1
.
src/bint-x64-{amd64,win}.asm
is used instead if MCL_BINT_ASM_X64=1
.src/bint64.ll
because it uses mulx/adox/adcx.These files may be going to be unified in the future.
# C
make bin/bn_c384_256_test.exe && bin/bn_c384_256_test.exe
# C++
make bin/bls12_test.exe && bin/bls12_test.exe
make MCL_USE_PROF=1 bin/bls12_test.exe
env MCL_PROF=1 bin/bls12_test.exe
Supporse VTune is installed in /opt/intel/vtune_amplifier/
.
make MCL_USE_PROF=2 bin/bls12_test.exe
env MCL_PROF=2 bin/bls12_test.exe
Build GMP for 32-bit mode.
sudo apt install g++-multilib
sudo apt install clang-14
cd <GMP dir>
env ABI=32 ./configure --enable-cxx --prefix=<install dir>
make -j install
cd <mcl dir>
make ARCH=x86 LLVM_VER=-14 GMP_DIR=<install dir>
Python3 is necessary. Open a console window, and
git clone https://github.com/herumi/mcl
cd mcl
# How to build a library for arm with clang++ on Linux
make -f Makefile.cross BIT=32 TARGET=armv7l sudo apt install g++-arm-linux-gnueabi arm-linux-gnueabi-g++ sample/pairing.cpp -O3 -DNDEBUG -I ./include/ lib/libmclbn384_256.a -DMCL_MAX_BIT_SIZE=384 env QEMU_LD_PREFIX=/usr/arm-linux-gnueabi/ qemu-arm ./a.out
# static library
mklib
mk -s test\bls12_test.cpp && bin\bls12_test.exe
# dynamic library
mklib dll
mk -d test\bls12_test.cpp && bin\bls12_test.exe
(not maintenanced) Open mcl.sln and build or if you have msbuild.exe
msbuild /p:Configuration=Release
cd mcl
mklib dll
cd ffi/cs
dotnet build mcl.sln
cd ../../bin
../ffi/cs/test/bin/Debug/netcoreapp3.1/test.exe
mcl supports emcc (Emscripten) and test/bn_test.cpp
runs on browers such as Firefox, Chrome and Edge.
The timing of a pairing on BN254
is 2.8msec on 64-bit Firefox with Skylake 3.4GHz.
curveType | binary | clang-6.0.0 | gcc-7.3.0 |
---|---|---|---|
BN254 | bin/bn_test.exe | 882Kclk | 933Kclk |
BLS12-381 | bin/bls12_test.exe | 2290Kclk | 2630Kclk |
curveType | binary | clang-6.0.0 | gcc-7.3.0 |
---|---|---|---|
BN254 | bin/bn_test.exe | 900Kclk | 954Kclk |
BLS12-381 | bin/bls12_test.exe | 2340Kclk | 2680Kclk |
For JavaScript(WebAssembly), see ID based encryption demo.
paramter | x64 | Firefox on x64 | Safari on iPhone7 |
---|---|---|---|
BN254 | 0.25 | 2.48 | 4.78 |
BN381_1 | 0.95 | 7.91 | 11.74 |
BN462 | 2.16 | 14.73 | 22.77 |
test/bn_test.cpp
.test/bn512_test.cpp
.The other benchmark results are bench.txt.
sudo cpufreq-set -g performance
software | x64 | x86 | arm | arm64(msec) |
---|---|---|---|---|
ate-pairing | 0.21 | - | - | - |
mcl | 0.31 | 1.6 | 22.6 | 3.9 |
TEPLA | 1.76 | 3.7 | 37 | 17.9 |
RELIC PRIME=254 | 0.30 | 3.5 | 36 | - |
MIRACL ake12bnx | 4.2 | - | 78 | - |
NEONabe | - | - | 16 | - |
cmake -DARITH=x64-asm-254 -DFP_PRIME=254 -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP"
mcl uses Xbyak JIT engine if it is available on x64 architecture, otherwise mcl uses a little slower functions generated by LLVM. The default mode enables SELinux security policy on CentOS, then JIT is disabled.
% sudo setenforce 1
% getenforce
Enforcing
% bin/bn_test.exe
JIT 0
pairing 1.496Mclk
finalExp 581.081Kclk
% sudo setenforce 0
% getenforce
Permissive
% bin/bn_test.exe
JIT 1
pairing 1.394Mclk
finalExp 546.259Kclk
The asm files generated by this way are already put in src/asm
, then it is not necessary to do this.
Install LLVM.
make MCL_USE_LLVM=1 LLVM_VER=<llvm-version> UPDATE_ASM=1
For example, specify -3.8
for <llvm-version>
if opt-3.8
and llc-3.8
are installed.
If you want to use Fp with 1024-bit prime on x86-64, then
make MCL_USE_LLVM=1 LLVM_VER=<llvm-version> UPDATE_ASM=1 MCL_MAX_BIT_SIZE=1024
See java.md
modified new BSD License http://opensource.org/licenses/BSD-3-Clause
This library contains some part of the followings software licensed by BSD-3-Clause.
mclBn_init
is changed from maxUnitSize
to compiledTimeVar
, which must be MCLBN_COMPILED_TIME_VAR
.MCL_USE_OLD_MAPTO_FOR_BLS12
is defined, then the old function is used, but this will be removed in the future.The behavior of setHashOf
function may be a little different from what you want.
Please use the following code:
template<class F>
void setHash(F& x, const void *msg, size_t msgSize)
{
uint8_t md[32];
mcl::fp::sha256(md, sizeof(md), msg, msgSize);
x.setBigEndianMod(md, sizeof(md));
// or x.setLittleEndianMod(md, sizeof(md));
}
MITSUNARI Shigeo([email protected])