[−][src]Module sapling_crypto_ce::alt_babyjubjub
Alternative Baby Jubjub is a twisted Edwards curve defined over the BN256 scalar
field, Fr.
Fr modulus = 21888242871839275222246405745257275088548364400416034343698204186575808495617
It takes the form -x^2 + y^2 = 1 + dx^2y^2 with
d = -(168696/168700) using the isomorphism from usual Baby Jubjub
with a requirement that a' = -1, a = 168696, that results in
scaling = 1911982854305225074381251344103329931637610209014896889891168275855466657090
a' = 21888242871839275222246405745257275088548364400416034343698204186575808495616 == -1 = a*scale^2 mod P
d' = 12181644023421730124874158521699555681764249180949974110617291017600649128846 == -(168696/168700) = d*scale^2
It is birationally equivalent to a Montgomery
curve of the form y^2 = x^3 + Ax^2 + x with A = 168698. This
value A is the smallest integer choice such that:
(A - 2) / 4is a small integer (10240).A^2 - 4is quadratic nonresidue.- The group order of the curve and its quadratic twist has a large prime factor.
Jubjub has s = 2736030358979909402780800718157159386076813972158567259200215660948447373041
as the prime subgroup order, with cofactor 8. (The twist has
cofactor 4.)
It is a complete twisted Edwards curve, so the equivalence with the Montgomery curve forms a group isomorphism, allowing points to be freely converted between the two forms.
Re-exports
pub use super::jubjub::Unknown; |
pub use super::jubjub::PrimeOrder; |
pub use super::jubjub::FixedGenerators; |
pub use super::jubjub::ToUniform; |
pub use super::jubjub::JubjubEngine; |
pub use super::jubjub::JubjubParams; |
pub use super::jubjub::edwards; |
pub use super::jubjub::montgomery; |
Modules
| fs | This is an implementation of the scalar field for Jubjub. |
Structs
| AltJubjubBn256 |