Crate fullcodec_jubjub[−][src]
Expand description
This crate provides an implementation of the Jubjub elliptic curve and
its associated field arithmetic.
See README.md
API
JubJubAffine
/JubJubExtended
which are implementations of Jubjub group arithmeticAffineNielsPoint
/ExtendedNielsPoint
which are pre-processed Jubjub pointsBlsScalar
, which is the base field of JubjubFr
, which is the scalar field of Jubjubbatch_normalize
for converting manyJubJubExtended
s intoJubJubAffine
s efficiently.
Constant Time
All operations are constant time unless explicitly noted; these functions will contain “vartime” in their name and they will be documented as variable time.
This crate uses the subtle
crate to perform constant-time operations.
Modules
Implementation of ElGamal encryption scheme with JubJub
Structs
This is a pre-processed version of an affine point (x, y)
in the form (y + x, y - x, x * y * 2d)
. This can be added to an
JubJubExtended
.
Represents an element of the scalar field $\mathbb{F}_q$ of the BLS12-381 elliptic curve construction.
This is a pre-processed version of an extended point (X, Y, Z, T1, T2)
in the form (Y + X, Y - X, Z, T1 * T2 * 2d)
.
This represents a Jubjub point in the affine (x, y)
coordinates.
This represents an extended point (X, Y, Z, T1, T2)
with Z
nonzero, corresponding to the affine point
(X/Z, Y/Z)
. We always have T1 * T2 = XY/Z
.
Represents an element of the scalar field $\mathbb{F}_r$ of the Jubjub elliptic curve construction.
Constants
d = -(10240/10241)
2*EDWARDS_D
Use a fixed generator point. The point is then reduced according to the prime field. We need only to state the coordinates, so users can exploit its properties which are proven by tests, checking:
GENERATOR NUMS which is obtained following the specs in: https://app.gitbook.com/@dusk-network/s/specs/specifications/poseidon/pedersen-commitment-scheme The counter = 18 and the hash function used to compute it was blake2b Using: x = 0x5e67b8f316f414f7bd9514c773fd4456931e316a39fe4541921710179df76377
Functions
This takes a mutable slice of JubJubExtended
s and “normalizes” them using
only a single inversion for the entire batch. This normalization results in
all of the points having a Z-coordinate of one. Further, an iterator is
returned which can be used to obtain JubJubAffine
s for each element in the
slice.
Compute a shared secret secret · public
using DHKE protocol
Type Definitions
A better name than Fr.