3for
I'm reading the [Halo paper](https://eprint.iacr.org/2019/1021.pdf), in Figure 1 of page 17, I think the `v9` val should be `r(x,y)(xy)^{3N-1}`. 
For issue #50 : 1. add ristretto scalar field restriction 2. remove wrong proof assertion in `test_poe_small_exp` and `test_poke2`
Two question: 1. The max scalar val is not proper. Actually the order of curve25519 is not 2^255-1, it's 2^\{252\} + 27742317777372353535851937790883648493. ``` pub static ref NEW_MAX_SAFE_EXPONENT: Integer = {...
1. Change multiplication proof: the algorithm in [Doubly-efficient zkSNARKs without trusted setup](https://eprint.iacr.org/2017/1132.pdf) Figure 5 is more efficient. 2. For the realization of point addition proof in this repo, P!=Q constraint...
In paper [Halo: Recursive Proof Composition without a Trusted Setup ](https://eprint.iacr.org/2019/1021.pdf), section 3.1:  And in paper [Bulletproofs: Short Proofs for Confidential Transactions and More](https://eprint.iacr.org/2017/1066.pdf), protocol 1:  Do we...
``` let cached_identity = CachedPoint::from(ExtendedPoint::identity()); println!("cached identity = {:?}", cached_identity); ``` ``` cached identity = CachedPoint(FieldElement2625x4([u32x8(121647, 121666, 33554432, 0, 243332, 67108845, 0, 33554431), u32x8(67108863, 0, 33554431, 0, 0, 67108863, 0,...
I'm following the paper to learn the mnt4 and mnt6 curves, it's said that t6=2-t4, the t4 value is 689871209842287392837045615510547309923794945,so the t6 value should be -689871209842287392837045615510547309923794943 instead of -689871209842287392837045615510547309923794944. I'm...
I want to compile the code myself, but I cannot get `github.com/bl4ck5un/CHuRP` now.
`crates.io` instead of `crate.io`.
1) According to `BASE_MODULUS`, how to calc the `BASE_M` value? 2) What's the algorithm behind `field_mul`? 3) What's the algorithm behind `field_small_scalar_shift`?