Struct ark_ed_on_bls12_381::JubjubConfig

source ·

pub struct JubjubConfig;

Expand description

JubJub is a twisted Edwards curve. These curves have equations of the form: ax² + y² = 1 - dx²y². over some base finite field Fq.

JubJub’s curve equation: -x² + y² = 1 - (10240/10241)x²y²

q = 52435875175126190479447740508185965837690552500527637822603658699938581184513.

a = -1. d = -(10240/10241) mod q = 19257038036680949359750312669786877991949435402254120286184196891950884077233.

Sage script to calculate these:

q = 52435875175126190479447740508185965837690552500527637822603658699938581184513
Fq = GF(q)
d = -(Fq(10240)/Fq(10241))

These parameters and the sage script obtained from: https://github.com/zcash/zcash/issues/2230#issuecomment-317182190

jubjub also has a short Weierstrass curve form, following the form: y² = x³ + A * x + B where

A = 52296097456646850916096512823759002727550416093741407922227928430486925478210 B = 48351165704696163914533707656614864561753505123260775585269522553028192119009

We can use the script available here to convert between the different representations.

Trait Implementations§

source §

impl Clone for JubjubConfig

source §

fn clone(&self) -> JubjubConfig

Returns a copy of the value. Read more

1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

source §

impl CurveConfig for JubjubConfig

source §

const COFACTOR: &'static [u64] = _

COFACTOR = 8

source §

const COFACTOR_INV: Fr = _

COFACTOR^(-1) mod r = 819310549611346726241370945440405716213240158234039660170669895299022906775

§

type BaseField = Fp<MontBackend<FrConfig, 4>, 4>

Base field that the curve is defined over.

§

type ScalarField = Fp<MontBackend<FrConfig, 4>, 4>

Finite prime field corresponding to an appropriate prime-order subgroup of the curve group.

source §

impl Default for JubjubConfig

source §

fn default() -> JubjubConfig

Returns the “default value” for a type. Read more

source §

impl MontCurveConfig for JubjubConfig

source §

const COEFF_A: Fq = _

COEFF_A = 40962

source §

const COEFF_B: Fq = _

COEFF_B = -40964

§

type TECurveConfig = JubjubConfig

Model parameters for the Twisted Edwards curve that is birationally equivalent to this curve.

source §

impl PartialEq<JubjubConfig> for JubjubConfig

source §

fn eq(&self, other: &JubjubConfig) -> bool

This method tests for self and other values to be equal, and is used by ==.

1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

source §

impl SWCurveConfig for JubjubConfig

source §

const COEFF_A: Self::BaseField = _

COEFF_A = 52296097456646850916096512823759002727550416093741407922227928430486925478210

source §

const COEFF_B: Self::BaseField = _

COEFF_B = 48351165704696163914533707656614864561753505123260775585269522553028192119009

source §

fn mul_by_a(elem: Self::BaseField) -> Self::BaseField

Helper method for computing elem * Self::COEFF_A. Read more

source §

fn add_b(elem: Self::BaseField) -> Self::BaseField

Helper method for computing elem + Self::COEFF_B. Read more

source §

fn is_in_correct_subgroup_assuming_on_curve(item: &Affine<Self>) -> bool

Check if the provided curve point is in the prime-order subgroup. Read more

source §

fn clear_cofactor(item: &Affine<Self>) -> Affine<Self>

Performs cofactor clearing. The default method is simply to multiply by the cofactor. Some curves can implement a more efficient algorithm.

source §

fn mul_projective(base: &Projective<Self>, scalar: &[u64]) -> Projective<Self>

Default implementation of group multiplication for projective coordinates

source §

fn mul_affine(base: &Affine<Self>, scalar: &[u64]) -> Projective<Self>

Default implementation of group multiplication for affine coordinates.

source §

fn msm(
bases: &[Affine<Self>],
scalars: &[Self::ScalarField]
) -> Result<Projective<Self>, usize>

Default implementation for multi scalar multiplication

source §

fn serialize_with_mode<W>(
 item: &Affine<Self>,
 writer: W,
 compress: Compress
) -> Result<(), SerializationError>where
 W: Write,

If uncompressed, serializes both x and y coordinates as well as a bit for whether it is infinity. If compressed, serializes x coordinate with two bits to encode whether y is positive, negative, or infinity.

source §

fn deserialize_with_mode<R>(
 reader: R,
 compress: Compress,
 validate: Validate
) -> Result<Affine<Self>, SerializationError>where
 R: Read,

If validate is Yes, calls check() to make sure the element is valid.

source §

fn serialized_size(compress: Compress) -> usize

source §

impl TECurveConfig for JubjubConfig

source §

const COEFF_A: Fq = _

COEFF_A = -1

source §

const COEFF_D: Fq = _

COEFF_D = -(10240/10241) mod q

source §

const GENERATOR: EdwardsAffine = _

AFFINE_GENERATOR_COEFFS = (GENERATOR_X, GENERATOR_Y)

source §

fn mul_by_a(elem: Self::BaseField) -> Self::BaseField

Multiplication by a is simply negation here.

§

type MontCurveConfig = JubjubConfig

Model parameters for the Montgomery curve that is birationally equivalent to this curve.

source §

fn is_in_correct_subgroup_assuming_on_curve(item: &Affine<Self>) -> bool

Checks that the current point is in the prime order subgroup given the point on the curve.

source §

fn clear_cofactor(item: &Affine<Self>) -> Affine<Self>

Performs cofactor clearing. The default method is simply to multiply by the cofactor. For some curve families though, it is sufficient to multiply by a smaller scalar.

source §