Crate babygiant_alt_bn128
source ·Expand description
This crate is accompanying the Noir library noir-elgamal.
do_compute_dlog
is supposed to be called as a last step during decryption, taking as input the value returned by the exp_elgamal_decrypt
Noir function.
This code is heavily inspired by zkay.
Two main differences with respect to zkay :
1/ We replaced scalar multiplication inside the baby steps loop by point addition, this lead to a 7x speedup on average, as well as multithreading for another 2.5x improvement
allowing to decrypt u40
instead of just u32
in less than 6 seconds (on a Mac M1 chip), this is why we replaced the max_bitwidth
argument from 32
to 40
in the baby_giant
call.
Even in the browser (see the accompanying npm package), it is now practical to decrypt a u40
in less than 9s in the worst case (WASM overhead) when using a num_threads
between 5
and 8
.
2/ Another big difference is that the imported arkworks library uses the Edwards form instead of the Twisted Edwards form which is used in Noir for the Baby Jubjub curve, so we did a coordinate transform to encode points in the Twisted Edwards form instead of the Edwards form, for using the same format as the Noir implementation.
Functions
- This function will compute the Discrete Logarithm of a point on the Baby Jubjub curve, in Twisted Edwards form.