[−][src]Module sapling_crypto_ce::babyjubjub
Baby Jubjub is a twisted Edwards curve defined over the BN256 scalar
field, Fr. It takes the form 168700 * x^2 + y^2 = 1 + dx^2y^2
with
d = 168696
. It is birationally equivalent to a Montgomery
curve of the form y^2 = x^3 + Ax^2 + x
with A = 40962
. This
value A
is the smallest integer choice such that:
Curve itself is defined over BN256 prime order group with
r = 21888242871839275222246405745257275088548364400416034343698204186575808495617
(A - 2) / 4
is a small integer (10240
).A^2 - 4
is quadratic nonresidue.- The group order of the curve and its quadratic twist has a large prime factor.
Baby Jubjub has s = 2736030358979909402780800718157159386076813972158567259200215660948447373041
as the prime subgroup order, with cofactor 8. (The twist has
cofactor 4.)
It is a complete twisted Edwards curve, so the equivalence with the Montgomery curve forms a group isomorphism, allowing points to be freely converted between the two forms.
Modules
edwards | This is an implementation of the twisted Edwards Jubjub curve. |
fs | This is an implementation of the scalar field for Jubjub. |
montgomery | This is an implementation of the birationally equivalent Montgomery curve. |
Structs
JubjubBn256 |
Enums
FixedGenerators | Fixed generators of the Jubjub curve of unknown exponent. |
PrimeOrder | Point of prime order. |
Unknown | Point of unknown order. |
Traits
JubjubEngine | This is an extension to the pairing Engine trait which offers a scalar field for the embedded curve (Jubjub) and some pre-computed parameters. |
JubjubParams | The pre-computed parameters for Jubjub, including curve constants and various limits and window tables. |
ToUniform |