# [−][src]Crate dusk_jubjub

This crate provides an implementation of the Jubjub elliptic curve and its associated field arithmetic. See `README.md`

# API

• `AffinePoint` / `ExtendedPoint` which are implementations of Jubjub group arithmetic
• `AffineNielsPoint` / `ExtendedNielsPoint` which are pre-processed Jubjub points
• `Fq`, which is the base field of Jubjub
• `Fr`, which is the scalar field of Jubjub
• `batch_normalize` for converting many `ExtendedPoint`s into `AffinePoint`s efficiently.

# Constant Time

All operations are constant time unless explicitly noted; these functions will contain "vartime" in their name and they will be documented as variable time.

This crate uses the `subtle` crate to perform constant-time operations.

## Structs

 AffineNielsPoint This is a pre-processed version of an affine point `(x, y)` in the form `(y + x, y - x, x * y * 2d)`. This can be added to an `ExtendedPoint`. AffinePoint This represents a Jubjub point in the affine `(x, y)` coordinates. ExtendedNielsPoint This is a pre-processed version of an extended point `(X, Y, Z, T1, T2)` in the form `(Y + X, Y - X, Z, T1 * T2 * 2d)`. ExtendedPoint This represents an extended point `(X, Y, Z, T1, T2)` with `Z` nonzero, corresponding to the affine point `(X/Z, Y/Z)`. We always have `T1 * T2 = XY/Z`. Fq Represents an element of the scalar field \$\mathbb{F}_q\$ of the BLS12-381 elliptic curve construction. Fr Represents an element of the scalar field \$\mathbb{F}_r\$ of the Jubjub elliptic curve construction.

## Constants

 EDWARDS_D `d = -(10240/10241)` EDWARDS_D2 `2*EDWARDS_D` GENERATOR Use a fixed generator point. The point is then reduced according to the prime field. We need only to state the coordinates, so users can exploit its properties which are proven by tests, checking: GENERATOR_NUMS GENERATOR NUMS which is obtained following the specs in: https://app.gitbook.com/@dusk-network/s/specs/specifications/poseidon/pedersen-commitment-scheme The counter = 18 and the hash function used to compute it was blake2b Using: x = 0x5e67b8f316f414f7bd9514c773fd4456931e316a39fe4541921710179df76377

## Functions

 batch_normalize This takes a mutable slice of `ExtendedPoint`s and "normalizes" them using only a single inversion for the entire batch. This normalization results in all of the points having a Z-coordinate of one. Further, an iterator is returned which can be used to obtain `AffinePoint`s for each element in the slice. dhke Compute a shared secret `secret · public` using DHKE protocol

## Type Definitions

 Scalar A better name than Fr.