Crate fullcodec_jubjub 

This crate provides an implementation of the Jubjub elliptic curve and its associated field arithmetic. See README.md

API

• JubJubAffine / JubJubExtended which are implementations of Jubjub group arithmetic
• AffineNielsPoint / ExtendedNielsPoint which are pre-processed Jubjub points
• BlsScalar, which is the base field of Jubjub
• Fr, which is the scalar field of Jubjub
• batch_normalize for converting many JubJubExtendeds into JubJubAffines efficiently.

Constant Time

All operations are constant time unless explicitly noted; these functions will contain “vartime” in their name and they will be documented as variable time.

This crate uses the subtle crate to perform constant-time operations.

Modules

elgamal

Implementation of ElGamal encryption scheme with JubJub

Structs

AffineNielsPoint

This is a pre-processed version of an affine point (x, y) in the form (y + x, y - x, x * y * 2d). This can be added to an JubJubExtended.

BlsScalar

Represents an element of the scalar field $\mathbb{F}_q$ of the BLS12-381 elliptic curve construction.

ExtendedNielsPoint

This is a pre-processed version of an extended point (X, Y, Z, T1, T2) in the form (Y + X, Y - X, Z, T1 * T2 * 2d).

JubJubAffine

This represents a Jubjub point in the affine (x, y) coordinates.

JubJubExtended

This represents an extended point (X, Y, Z, T1, T2) with Z nonzero, corresponding to the affine point (X/Z, Y/Z). We always have T1 * T2 = XY/Z.

JubJubScalar

Represents an element of the scalar field $\mathbb{F}_r$ of the Jubjub elliptic curve construction.

Constants

EDWARDS_D

d = -(10240/10241)

EDWARDS_D2

2*EDWARDS_D

GENERATOR

Use a fixed generator point. The point is then reduced according to the prime field. We need only to state the coordinates, so users can exploit its properties which are proven by tests, checking:

GENERATOR_EXTENDED

GENERATOR in JubJubExtended form

GENERATOR_NUMS

GENERATOR NUMS which is obtained following the specs in: https://app.gitbook.com/@dusk-network/s/specs/specifications/poseidon/pedersen-commitment-scheme The counter = 18 and the hash function used to compute it was blake2b Using: x = 0x5e67b8f316f414f7bd9514c773fd4456931e316a39fe4541921710179df76377

GENERATOR_NUMS_EXTENDED

GENERATOR_NUMS in JubJubExtended form

Functions

batch_normalize

This takes a mutable slice of JubJubExtendeds and “normalizes” them using only a single inversion for the entire batch. This normalization results in all of the points having a Z-coordinate of one. Further, an iterator is returned which can be used to obtain JubJubAffines for each element in the slice.

dhke

Compute a shared secret secret · public using DHKE protocol

Type Aliases

Scalar

A better name than Fr.