Crate bandersnatch[][src]

Expand description

This library implements the Bandersnatch curve, a twisted Edwards curve whose base field is the scalar field of the curve BLS12-381. This allows defining cryptographic primitives that use elliptic curves over the scalar field of the latter curve. This curve was generated by Simon Masson from Anoma, and Antonio Sanso from Ethereum Foundation, and is also known as bandersnatch.

See here for the specification of the curve. There was also a Python implementation here.

Curve information:

  • Base field: q = 52435875175126190479447740508185965837690552500527637822603658699938581184513
  • Scalar field: r = 13108968793781547619861935127046491459309155893440570251786403306729687672801
  • Valuation(q - 1, 2) = 32
  • Valuation(r - 1, 2) = 5
  • Curve equation: ax^2 + y^2 =1 + dx^2y^2, where
    • a = -5
    • d = 45022363124591815672509500913686876175488063829319466900776701791074614335719

Modules

constraints

This module implements the R1CS equivalent of ark_bandersnatch.

fq

Base field of bandersantch – which is also the scalar field of Bls12-381 curve.

fr

Scalar field of bandersantch.

Structs

BandersnatchParameters

banersnatch is a twisted Edwards curve. These curves have equations of the form: ax² + y² = 1 - dx²y². over some base finite field Fq.

FqParameters
FrParameters

Traits

GLVParameters

The GLV parameters that are useful to compute the endomorphism and scalar decomposition.

Functions

multi_scalar_mul
multi_scalar_mul_with_glv
two_scalar_mul

Type Definitions

EdwardsAffine
EdwardsProjective
Fq
Fr
SWAffine
SWProjective