Crate dusk_jubjub
source ·Expand description
This crate provides an implementation of the Jubjub elliptic curve and
its associated field arithmetic. See README.md
for more details about Jubjub.
§API
AffinePoint
/ExtendedPoint
which are implementations of Jubjub group arithmeticAffineNielsPoint
/ExtendedNielsPoint
which are pre-processed Jubjub pointsFq
, which is the base field of JubjubFr
, which is the scalar field of Jubjubbatch_normalize
for converting manyExtendedPoint
s intoAffinePoint
s efficiently.JubJubAffine
/JubJubExtended
as convenient type aliases.
§Constant Time
All operations are constant time unless explicitly noted; these functions will contain “vartime” in their name and they will be documented as variable time.
This crate uses the subtle
crate to perform constant-time operations.
Structs§
- This is a pre-processed version of an affine point
(u, v)
in the form(v + u, v - u, u * v * 2d)
. This can be added to anExtendedPoint
. - This represents a Jubjub point in the affine
(u, v)
coordinates. - Represents an element of the scalar field $\mathbb{F}_q$ of the BLS12-381 elliptic curve construction.
- This is a pre-processed version of an extended point
(U, V, Z, T1, T2)
in the form(V + U, V - U, Z, T1 * T2 * 2d)
. - This represents an extended point
(U, V, Z, T1, T2)
withZ
nonzero, corresponding to the affine point(U/Z, V/Z)
. We always haveT1 * T2 = UV/Z
. - Represents an element of the scalar field $\mathbb{F}_q$ of the BLS12-381 elliptic curve construction.
- Represents an element of the scalar field $\mathbb{F}_r$ of the Jubjub elliptic curve construction.
- This represents a point in the prime-order subgroup of Jubjub, in extended coordinates.
Constants§
d = -(10240/10241)
- Use a fixed generator point. The point is then reduced according to the prime field. We need only to state the coordinates, so users can exploit its properties which are proven by tests, checking:
GENERATOR
inJubJubExtended
form- GENERATOR NUMS which is obtained following the specs in: https://app.gitbook.com/@dusk-network/s/specs/specifications/poseidon/pedersen-commitment-scheme The counter = 18 and the hash function used to compute it was blake2b Using: x = 0x5e67b8f316f414f7bd9514c773fd4456931e316a39fe4541921710179df76377 y = 0x43d80eb3b2f3eb1b7b162dbeeb3b34fd9949ba0f82a5507a6705b707162e3ef8
GENERATOR_NUMS
inJubJubExtended
form
Functions§
- This takes a mutable slice of
ExtendedPoint
s and “normalizes” them using only a single inversion for the entire batch. This normalization results in all of the points having a Z-coordinate of one. Further, an iterator is returned which can be used to obtainAffinePoint
s for each element in the slice. - Compute a shared secret
secret · public
using DHKE protocol
Type Aliases§
- Represents an element of the base field $\mathbb{F}_q$ of the Jubjub elliptic curve construction.
- An alias for
AffinePoint
- An alias for
ExtendedPoint
- An alias for
Fr
. - Represents an element of the scalar field $\mathbb{F}_r$ of the Jubjub elliptic curve construction.