ark_vesta/curves/
mod.rs

1use crate::{fq::Fq, fr::Fr};
2use ark_ec::{
3    models::CurveConfig,
4    scalar_mul::glv::GLVConfig,
5    short_weierstrass::{self as sw, SWCurveConfig},
6};
7use ark_ff::{AdditiveGroup, BigInt, Field, MontFp, PrimeField, Zero};
8
9#[cfg(test)]
10mod tests;
11
12#[derive(Copy, Clone, Default, PartialEq, Eq)]
13pub struct VestaConfig;
14
15impl CurveConfig for VestaConfig {
16    type BaseField = Fq;
17    type ScalarField = Fr;
18
19    /// COFACTOR = 1
20    const COFACTOR: &'static [u64] = &[0x1];
21
22    /// COFACTOR_INV = 1
23    const COFACTOR_INV: Fr = Fr::ONE;
24}
25
26pub type Affine = sw::Affine<VestaConfig>;
27pub type Projective = sw::Projective<VestaConfig>;
28
29impl SWCurveConfig for VestaConfig {
30    /// COEFF_A = 0
31    const COEFF_A: Fq = Fq::ZERO;
32
33    /// COEFF_B = 5
34    const COEFF_B: Fq = MontFp!("5");
35
36    /// AFFINE_GENERATOR_COEFFS = (G1_GENERATOR_X, G1_GENERATOR_Y)
37    const GENERATOR: Affine = Affine::new_unchecked(G_GENERATOR_X, G_GENERATOR_Y);
38
39    #[inline(always)]
40    fn mul_by_a(_: Self::BaseField) -> Self::BaseField {
41        Self::BaseField::zero()
42    }
43}
44
45impl GLVConfig for VestaConfig {
46    const ENDO_COEFFS: &'static [Self::BaseField] = &[MontFp!(
47        "26005156700822196841419187675678338661165322343552424574062261873906994770353"
48    )];
49
50    const LAMBDA: Self::ScalarField =
51        MontFp!("20444556541222657078399132219657928148671392403212669005631716460534733845831");
52
53    const SCALAR_DECOMP_COEFFS: [(bool, <Self::ScalarField as PrimeField>::BigInt); 4] = [
54        (false, BigInt!("98231058071100081932162823354453065729")),
55        (true, BigInt!("98231058071186745657228807397848383488")),
56        (false, BigInt!("196462116142286827589391630752301449217")),
57        (false, BigInt!("98231058071100081932162823354453065729")),
58    ];
59
60    fn endomorphism(p: &Projective) -> Projective {
61        // Endomorphism of the points on the curve.
62        // endomorphism_p(x,y) = (BETA * x, y)
63        // where BETA is a non-trivial cubic root of unity in Fq.
64        let mut res = (*p).clone();
65        res.x *= Self::ENDO_COEFFS[0];
66        res
67    }
68
69    fn endomorphism_affine(p: &Affine) -> Affine {
70        // Endomorphism of the points on the curve.
71        // endomorphism_p(x,y) = (BETA * x, y)
72        // where BETA is a non-trivial cubic root of unity in Fq.
73        let mut res = (*p).clone();
74        res.x *= Self::ENDO_COEFFS[0];
75        res
76    }
77}
78
79/// G_GENERATOR_X = -1
80/// Encoded in Montgomery form, so the value here is -R mod p.
81pub const G_GENERATOR_X: Fq = MontFp!("-1");
82
83/// G_GENERATOR_Y = 2
84/// Encoded in Montgomery form, so the value here is 2R mod p.
85pub const G_GENERATOR_Y: Fq = MontFp!("2");