gnark-crypto provides:

• Elliptic curve cryptography (+pairing) on BN254, BLS12-381, BLS12-377, BW6-761, BLS24-315, BW6-633, BLS12-378 and BW6-756
• Finite field arithmetic (fast big.Int)
• FFT
• Polynomial commitment schemes
• MiMC
• EdDSA (on the "companion" twisted edwards curves)

gnark-crypto is actively developed and maintained by the team ([email protected] | HackMD) behind:

• gnark: a framework to execute (and verify) algorithms in zero-knowledge

gnark-crypto has not been audited and is provided as-is, use at your own risk. In particular, gnark-crypto makes no security guarantees such as constant time implementation or side-channel attack resistance.

To report a security bug, please refer to gnark Security Policy.

gnark-crypto packages are optimized for 64bits architectures (x86 amd64) and tested on Unix (Linux / macOS).

gnark-crypto is tested with the last 2 major releases of Go (1.16 and 1.17).

go get github.com/consensys/gnark-crypto

Note if that if you use go modules, in go.mod the module path is case sensitive (use consensys and not ConsenSys).

The APIs are consistent accross the curves. For example, here is bn254 godoc.

Most (but not all) of the code is generated from the templates in internal/generator.

The generated code contains little to no interfaces and is strongly typed with a base field (generated by the gnark-crypto/field). The two main factors driving this design choice are:

1. Performance: gnark-crypto algorithms manipulates millions (if not billions) of field elements. Interface indirection at this level, plus garbage collection indexing takes a heavy toll on perf.
2. No generics in Go: need to derive (mostly) identical code for various moduli and curves, with consistent APIs

To regenerate the files, see internal/generator/main.go. Run:

go generate ./internal/...

Benchmarking pairing-friendly elliptic curves libraries

The libraries are implemented in different languages and some use more assembly code than others. Besides the different algorithmic and software optimizations used across, it should be noted also that some libraries target constant-time implementation for some operations making it de facto slower. However, it can be clear that consensys/gnark-crypto is one of the fastest pairing-friendly elliptic curve libraries to be used in zkp projects with different curves.

If you use gnark-crypto in your research a citation would be appreciated. Please use the following BibTeX to cite the most recent release.

@software{gnark-crypto-v0.6.1,
  author       = {Gautam Botrel and
                  Thomas Piellard and
                  Youssef El Housni and
                  Arya Tabaie and
                  Ivo Kubjas},
  title        = {ConsenSys/gnark-crypto: v0.6.1},
  month        = feb,
  year         = 2022,
  publisher    = {Zenodo},
  version      = {v0.6.1},
  doi          = {10.5281/zenodo.6092968},
  url          = {https://doi.org/10.5281/zenodo.6092968}
}

We use SemVer for versioning. For the versions available, see the tags on this repository.

This project is licensed under the Apache 2 License - see the LICENSE file for details