go-bn128

A production-ready, pure Go implementation of BN128 (BN254) elliptic curve pairing operations for zero-knowledge proofs and blockchain applications. This library provides the cryptographic foundation for zkSNARKs, BLS signatures, and privacy-preserving protocols used in Ethereum, Zcash, and modern blockchain systems

What is BN128?

BN128 (also known as BN254 or alt_bn128) is a pairing-friendly elliptic curve that enables advanced cryptographic operations essential for modern blockchain systems:

• Zero-knowledge proofs - Prove statements without revealing underlying data
• Signature aggregation - Combine multiple signatures into one
• Identity-based encryption - Encrypt using identifiers as public keys
• Verifiable random functions - Generate provably fair randomness

This library powers privacy-preserving transactions, Layer 2 scaling solutions, and consensus mechanisms in Ethereum, Zcash, Filecoin, and many other blockchain systems.

Features

• Complete implementation - Full field tower (Fp, Fp2, Fp6, Fp12), curve operations (G1, G2), and optimal ate pairing
• Pure Go - Zero external dependencies, easy to audit and integrate
• Production-ready - 85+ tests with >93% coverage, comprehensive benchmarks
• EIP-196/197 compatible - Works with Ethereum's precompiled contracts
• Well-documented - Clear API, mathematical explanations, real-world examples

Installation

go get github.com/zacksfF/go-bn128

License

MIT License - see LICENSE file for details.

---

Built for the blockchain community | Pure Go | Production Ready

package main

import (
    "fmt"
    "math/big"
    bn128 "github.com/zacksfF/go-bn128"
)

func main() {
    // Get generator points
    g1 := bn128.G1Generator()
    g2 := bn128.G2Generator()
    
    // Scalar multiplication
    scalar := big.NewInt(42)
    point := g1.ScalarMult(scalar)
    
    // Compute pairing
    result := bn128.Pair(point, g2)
    
    // Pairing check (for verification)
    pairs := [][2]interface{}{
        {g1, g2},
        {g1.Neg(), g2},
    }
    valid := bn128.PairingCheck(pairs)
    fmt.Printf("Pairing check: %v\n", valid) // true
}

Real-World Examples

The library includes five complete applications demonstrating practical use cases:

1. zkSNARK Proof Verification

Verify zero-knowledge proofs for privacy-preserving transactions:

// Verify Groth16 proof
pairs := [][2]interface{}{
    {proof.A, proof.B},
    {vk.Alpha.Neg(), vk.Beta},
    {inputCommitment.Neg(), vk.Gamma},
    {proof.C.Neg(), vk.Delta},
}
valid := bn128.PairingCheck(pairs)

Used in: Zcash, Tornado Cash, zkSync, Loopring

2. BLS Multi-Signature Aggregation

Combine multiple signatures for blockchain consensus:

// Aggregate 4 validator signatures
aggSig := sig1.Add(sig2).Add(sig3).Add(sig4)

// Verify with one pairing check
pairs := [][2]interface{}{
    {aggSig, g2},
    {messageHash.Neg(), aggPubKey},
}
valid := bn128.PairingCheck(pairs)

Used in: Ethereum 2.0, Filecoin, Dfinity, Cosmos

3. Identity-Based Encryption

Encrypt messages using email addresses as public keys:

// Encrypt for bob@example.com
bobID := hashToG1("bob@example.com")
ciphertext := encrypt(message, bobID, masterPubKey)

// Bob decrypts with his private key
plaintext := decrypt(ciphertext, bobPrivKey)

Used in: Enterprise blockchain, secure messaging

4. Verifiable Random Function (VRF)

Generate provably fair randomness for leader election:

// Generate VRF output
vrfOutput := epochValue.ScalarMult(validatorSecret)
randomness := hash(vrfOutput)

// Verify correctness
if verifyVRF(vrfOutput, validatorPubKey) {
    if isLeader(randomness) {
        proposeBlock()
    }
}

Used in: Algorand, Cardano, Chainlink VRF

5. Anonymous Voting System

Implement privacy-preserving on-chain governance:

// Cast encrypted vote
vote := encryptVote(choice, electionKey)
nullifier := hash(voterSecret) // Prevents double voting

// Tally without revealing individual votes
results := tallyVotes(allVotes)

Used in: Snapshot, Aragon, MakerDAO

Performance

Benchmarks on Apple M2:

Operation	Time	Notes
G1 Addition	~100 µs	Affine coordinates
G1 Scalar Mult	~3 ms	256-bit scalar
G2 Addition	~200 µs	Over Fp2
G2 Scalar Mult	~6 ms	256-bit scalar
Pairing	~15 ms	Miller loop + final exp
Pairing Check (2)	~30 ms	zkSNARK verification

Run benchmarks:

make bench              # All benchmarks
make bench-pairing      # Pairing operations only
make benchmark-all      # Comprehensive suite

Testing

make test              # Full test suite with coverage
make test-short        # Quick tests
make coverage          # Generate HTML coverage report

Test coverage: >93%

Contributing

Contributions are welcome! Areas for improvement:

• Performance optimizations (assembly, better algorithms)
• Additional features (hash-to-curve, constant-time operations)
• More examples and documentation
• Additional test vectors