Crate dusk_jubjub

Expand description

This crate provides an implementation of the Jubjub elliptic curve and its associated field arithmetic. See README.md for more details about Jubjub.

§API

AffinePoint / ExtendedPoint which are implementations of Jubjub group arithmetic
AffineNielsPoint / ExtendedNielsPoint which are pre-processed Jubjub points
Fq, which is the base field of Jubjub
Fr, which is the scalar field of Jubjub
batch_normalize for converting many ExtendedPoints into AffinePoints efficiently.
JubJubAffine / JubJubExtended as convenient type aliases.

§Constant Time

All operations are constant time unless explicitly noted; these functions will contain “vartime” in their name and they will be documented as variable time.

This crate uses the subtle crate to perform constant-time operations.

Structs§

AffineNielsPoint: This is a pre-processed version of an affine point (u, v) in the form (v + u, v - u, u * v * 2d). This can be added to an ExtendedPoint.
AffinePoint: This represents a Jubjub point in the affine (u, v) coordinates.
BlsScalar: Represents an element of the scalar field $\mathbb{F}_q$ of the BLS12-381 elliptic curve construction.
ExtendedNielsPoint: This is a pre-processed version of an extended point (U, V, Z, T1, T2) in the form (V + U, V - U, Z, T1 * T2 * 2d).
ExtendedPoint: This represents an extended point (U, V, Z, T1, T2) with Z nonzero, corresponding to the affine point (U/Z, V/Z). We always have T1 * T2 = UV/Z.
Fq: Represents an element of the scalar field $\mathbb{F}_q$ of the BLS12-381 elliptic curve construction.
Fr: Represents an element of the scalar field $\mathbb{F}_r$ of the Jubjub elliptic curve construction.
SubgroupPoint: This represents a point in the prime-order subgroup of Jubjub, in extended coordinates.

Constants§

EDWARDS_D: d = -(10240/10241)
GENERATOR: Use a fixed generator point. The point is then reduced according to the prime field. We need only to state the coordinates, so users can exploit its properties which are proven by tests, checking:
GENERATOR_EXTENDED: GENERATOR in JubJubExtended form
GENERATOR_NUMS: GENERATOR NUMS which is obtained following the specs in: https://app.gitbook.com/@dusk-network/s/specs/specifications/poseidon/pedersen-commitment-scheme The counter = 18 and the hash function used to compute it was blake2b Using: x = 0x5e67b8f316f414f7bd9514c773fd4456931e316a39fe4541921710179df76377 y = 0x43d80eb3b2f3eb1b7b162dbeeb3b34fd9949ba0f82a5507a6705b707162e3ef8
GENERATOR_NUMS_EXTENDED: GENERATOR_NUMS in JubJubExtended form

Functions§

batch_normalize: This takes a mutable slice of ExtendedPoints and “normalizes” them using only a single inversion for the entire batch. This normalization results in all of the points having a Z-coordinate of one. Further, an iterator is returned which can be used to obtain AffinePoints for each element in the slice.
dhke: Compute a shared secret secret · public using DHKE protocol

Type Aliases§

Base: Represents an element of the base field $\mathbb{F}_q$ of the Jubjub elliptic curve construction.
JubJubAffine: An alias for AffinePoint
JubJubExtended: An alias for ExtendedPoint
JubJubScalar: An alias for Fr.
Scalar: Represents an element of the scalar field $\mathbb{F}_r$ of the Jubjub elliptic curve construction.