[−][src]Module sapling_crypto_ce::babyjubjub
Baby Jubjub is a twisted Edwards curve defined over the BN256 scalar
field, Fr. It takes the form 168700 * x^2 + y^2 = 1 + dx^2y^2 with
d = 168696. It is birationally equivalent to a Montgomery
curve of the form y^2 = x^3 + Ax^2 + x with A = 40962. This
value A is the smallest integer choice such that:
Curve itself is defined over BN256 prime order group with
r = 21888242871839275222246405745257275088548364400416034343698204186575808495617
(A - 2) / 4is a small integer (10240).A^2 - 4is quadratic nonresidue.- The group order of the curve and its quadratic twist has a large prime factor.
Baby Jubjub has s = 2736030358979909402780800718157159386076813972158567259200215660948447373041
as the prime subgroup order, with cofactor 8. (The twist has
cofactor 4.)
It is a complete twisted Edwards curve, so the equivalence with the Montgomery curve forms a group isomorphism, allowing points to be freely converted between the two forms.
Modules
| edwards | This is an implementation of the twisted Edwards Jubjub curve. |
| fs | This is an implementation of the scalar field for Jubjub. |
| montgomery | This is an implementation of the birationally equivalent Montgomery curve. |
Structs
| JubjubBn256 |
Enums
| FixedGenerators | Fixed generators of the Jubjub curve of unknown exponent. |
| PrimeOrder | Point of prime order. |
| Unknown | Point of unknown order. |
Traits
| JubjubEngine | This is an extension to the pairing Engine trait which offers a scalar field for the embedded curve (Jubjub) and some pre-computed parameters. |
| JubjubParams | The pre-computed parameters for Jubjub, including curve constants and various limits and window tables. |
| ToUniform |