[−][src]Module sapling_crypto_ce::jubjub
Jubjub is a twisted Edwards curve defined over the BLS12-381 scalar
field, Fr. It takes the form -x^2 + y^2 = 1 + dx^2y^2 with
d = -(10240/10241). It is birationally equivalent to a Montgomery
curve of the form y^2 = x^3 + Ax^2 + x with A = 40962. This
value A is the smallest integer choice such that:
(A - 2) / 4is a small integer (10240).A^2 - 4is quadratic nonresidue.- The group order of the curve and its quadratic twist has a large prime factor.
Jubjub has s = 0x0e7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7
as the prime subgroup order, with cofactor 8. (The twist has
cofactor 4.)
It is a complete twisted Edwards curve, so the equivalence with the Montgomery curve forms a group isomorphism, allowing points to be freely converted between the two forms.
Modules
| edwards | This is an implementation of the twisted Edwards Jubjub curve. |
| fs | This is an implementation of the scalar field for Jubjub. |
| montgomery | This is an implementation of the birationally equivalent Montgomery curve. |
Structs
| JubjubBls12 |
Enums
| FixedGenerators | Fixed generators of the Jubjub curve of unknown exponent. |
| PrimeOrder | Point of prime order. |
| Unknown | Point of unknown order. |
Traits
| JubjubEngine | This is an extension to the pairing Engine trait which offers a scalar field for the embedded curve (Jubjub) and some pre-computed parameters. |
| JubjubParams | The pre-computed parameters for Jubjub, including curve constants and various limits and window tables. |
| ToUniform |