[][src]Crate jubjub

This crate provides an implementation of the Jubjub elliptic curve and its associated field arithmetic. See README.md for more details about Jubjub.

API

  • AffinePoint / ExtendedPoint which are implementations of Jubjub group arithmetic
  • AffineNielsPoint / ExtendedNielsPoint which are pre-processed Jubjub points
  • Fq, which is the base field of Jubjub
  • Fr, which is the scalar field of Jubjub
  • batch_normalize for converting many ExtendedPoints into AffinePoints efficiently.

Constant Time

All operations are constant time unless explicitly noted; these functions will contain "vartime" in their name and they will be documented as variable time.

This crate relies on the subtle crate for achieving constant time arithmetic. It is recommended to enable the nightly feature on this crate (which enables the nightly feature in the subtle crate) to defend against compiler optimizations that may compromise constant time arithmetic. However, this requires use of the nightly version of the Rust compiler.

Features

  • nightly: This enables subtle/nightly which attempts to prevent the compiler from performing optimizations that could compromise constant time arithmetic. It is recommended to enable this if you are able to use a nightly version of the Rust compiler.

Structs

AffineNielsPoint

This is a pre-processed version of an affine point (u, v) in the form (v + u, v - u, u * v * 2d). This can be added to an ExtendedPoint.

AffinePoint

This represents a Jubjub point in the affine (u, v) coordinates.

ExtendedNielsPoint

This is a pre-processed version of an extended point (U, V, Z, T1, T2) in the form (V + U, V - U, Z, T1 * T2 * 2d).

ExtendedPoint

This represents an extended point (U, V, Z, T1, T2) with Z nonzero, corresponding to the affine point (U/Z, V/Z). We always have T1 * T2 = UV/Z.

Fq

Represents an element of GF(q).

Fr

Represents an element of GF(r).

Functions

batch_normalize

This takes a mutable slice of ExtendedPoints and "normalizes" them using only a single inversion for the entire batch. This normalization results in all of the points having a Z-coordinate of one. Further, an iterator is returned which can be used to obtain AffinePoints for each element in the slice.