curves icon indicating copy to clipboard operation
curves copied to clipboard

Published 20 hours ago verified publisher icon arkworks-rs

Support for non-pairing groups like Curve25519?

Open drewstone opened this issue 4 years ago • 6 comments

drewstone avatar Dec 04 '20 18:12 drewstone

You can already implement non-pairing based curves from their parameters atm. (You can define curves in short weierstrass form or edwards form atm. Here is an example for an edwards curves: https://github.com/arkworks-rs/curves/tree/master/ed_on_bls12_381)

Theres no implementation at the moment for Curve25519, though you could add one by specifying the parameters. For curve25519 in particular though, I think it'd be best to add a wrapper of dalek's curve25519 implementation with the Arkworks group interface in https://github.com/arkworks-rs/curves . (Dalek's library should yield much better performance for Curve25519)

ValarDragon avatar Dec 04 '20 18:12 ValarDragon

After Curve25519 there might be Ristretto. https://ristretto.group/

weikengchen avatar Dec 04 '20 19:12 weikengchen

What method/software do you use to calculate the static BigNumbers? A bit unfamiliar with how to calculate R and others.

So far for Curve25519 I have:

	/// MODULUS = 57896044618658097711785492504343953926634992332820282019728792003956564819949
	#[rustfmt::skip]
	const MODULUS: BigInteger = BigInteger([
		0xffffffffffffffed,
		0xffffffffffffffff,
		0xffffffffffffffff,
		0x7fffffffffffffff,
	]);

	const MODULUS_BITS: u32 = 255;
	const CAPACITY: u32 = Self::MODULUS_BITS - 1;

	#[rustfmt::skip]
	const MODULUS_MINUS_ONE_DIV_TWO: BigInteger = BigInteger([
		0xfffffffffffffff6,
		0xffffffffffffffff,
		0xffffffffffffffff,
		0x3fffffffffffffff,
	]);

	// GENERATOR = 9

drewstone avatar Dec 05 '20 23:12 drewstone

Some description of these parameters and how to calculate them are here: https://github.com/arkworks-rs/algebra/blob/master/ff/src/fields/mod.rs#L202

Warning: some of them need to be in the Montgomery form. The documentation of this is still in progress. (https://github.com/arkworks-rs/algebra/issues/69) This is why generator 7 does not look like 7.

These files may contain some discussion on what needs to be in the Montgomery form and what not. https://github.com/arkworks-rs/curves/blob/master/ed_on_mnt4_298/src/fields/fr.rs https://github.com/arkworks-rs/curves/blob/master/ed_on_mnt4_298/src/curves/mod.rs

weikengchen avatar Dec 06 '20 00:12 weikengchen

I would hold off a little on implementing this until this PR is merged: https://github.com/arkworks-rs/algebra/pull/96

This PR should make implementing this much easier

Pratyush avatar Dec 06 '20 00:12 Pratyush

Yes. That PR would simplify the matter a lot.

By the way, previously I used Python to calculate. To chop a big number into u64 u64, I use % pow(2, 64) and / pow(2, 64).

weikengchen avatar Dec 06 '20 00:12 weikengchen