Crate jubjub[][src]

Expand description

This crate provides an implementation of the Jubjub elliptic curve and its associated field arithmetic. See README.md for more details about Jubjub.

API

  • AffinePoint / ExtendedPoint which are implementations of Jubjub group arithmetic
  • AffineNielsPoint / ExtendedNielsPoint which are pre-processed Jubjub points
  • Fq, which is the base field of Jubjub
  • Fr, which is the scalar field of Jubjub
  • batch_normalize for converting many ExtendedPoints into AffinePoints efficiently.

Constant Time

All operations are constant time unless explicitly noted; these functions will contain “vartime” in their name and they will be documented as variable time.

This crate uses the subtle crate to perform constant-time operations.

Structs

AffineNielsPoint

This is a pre-processed version of an affine point (u, v) in the form (v + u, v - u, u * v * 2d). This can be added to an ExtendedPoint.

AffinePoint

This represents a Jubjub point in the affine (u, v) coordinates.

ExtendedNielsPoint

This is a pre-processed version of an extended point (U, V, Z, T1, T2) in the form (V + U, V - U, Z, T1 * T2 * 2d).

ExtendedPoint

This represents an extended point (U, V, Z, T1, T2) with Z nonzero, corresponding to the affine point (U/Z, V/Z). We always have T1 * T2 = UV/Z.

Fq

Represents an element of the scalar field $\mathbb{F}_q$ of the BLS12-381 elliptic curve construction.

Fr

Represents an element of the scalar field $\mathbb{F}_r$ of the Jubjub elliptic curve construction.

SubgroupPoint

This represents a point in the prime-order subgroup of Jubjub, in extended coordinates.

Functions

batch_normalize

This takes a mutable slice of ExtendedPoints and “normalizes” them using only a single inversion for the entire batch. This normalization results in all of the points having a Z-coordinate of one. Further, an iterator is returned which can be used to obtain AffinePoints for each element in the slice.

Type Definitions

Scalar

A better name than Fr.