Dev Ojha

We're considering re-architecting the curve interfaces entirely (see #41). In that proposed API, I think it does make sense to separate out the canonical repr into its own file, where...

Something worth investigating is why is there such a high discrepancy between `fq12` and `fq` additions. Per the benchmarks in OP, `fq12::add_assign / fq::add_assign = 22.76` whereas we'd expect this...

The missing thing at the moment is an implementation of an efficient sqrt algorithm for cubic extensions AFAIK

You can already implement non-pairing based curves from their parameters atm. (You can define curves in short weierstrass form or edwards form atm. Here is an example for an edwards...

I don't think we need the field to return the size (due to the representation problem), I view providing the extension degree and characteristic as sufficient. Maybe we could add...

One question before implementing this is how should we be handling precomputation results for Square root algorithms. Different square root algorithms will need different precomputations

The table methods with better efficiency do. The minimal-precomputation one in that paper precomputes log(n) powers of `g`, which is fine to just compute on the fly as a first...

@daira has a really helpful sage prototype for this square root algorithm (with the table optimizations) for the pasta curves! * sqrt: https://github.com/zcash/pasta/blob/master/squareroottab.sage * addition chain: https://github.com/zcash/pasta/blob/master/addchain_sqrt.py This will probably...

Cyclotomic field work LGTM, I suggest we move that to a standalone PR to avoid a massive PR at the end of the refactor that will be super hard to...

Oh cool, I missed the `mul_by_non_residue` method!