algebra icon indicating copy to clipboard operation
algebra copied to clipboard
verified publisher icon arkworks-rs

SWUConfig for bn254

Open NikZak opened this issue 1 year ago • 3 comments

I wonder if SWUConfig can be implemented for bn254. Only need one param: Zeta (probably can take from Gnark). It is hard to do outside of the repo due to foreign trait on foreign types limitations

NikZak avatar Sep 06 '24 16:09 NikZak

Oh, I guess I see the issue. It is SW method simplified by Ulas which requires a*b != 0 where are a and b coming from short Weierstrass form of the curve equation. So not applicable to BN254. Then my demand changes. Can we implement the straight SW method as in the standard https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-16.html#straightline-svdw

nickz-t3 avatar Sep 07 '24 04:09 nickz-t3

I am happy to give it a try if you guys accept contributions. Should not be extremely difficult

nickz-t3 avatar Sep 07 '24 04:09 nickz-t3

@drskalman @ValarDragon @daira @Pratyush @mmagician @weikengchen tagging you as authors/contributors of the pulls 343, 147 I saw that the work of implementing the SW method was started but than was superseded by simplified SWU. SWU is great but does not cover BN254. Meanwhile BN254 is part of arkworks. So it makes arkworks incomplete compared to say https://github.com/ConsenSys/gnark-crypto/blob/master/ecc/bn254/hash_to_g1.go. And as I mentioned earlier implementing this outside of the repo requires not so beatiful wrappers around bn254 to avoid foreign trait implementation limitations. So is there a reason why this feature should not be added to the repo?

NikZak avatar Sep 08 '24 09:09 NikZak