Cathie Yun
Cathie Yun
In a recent paper, Gentry, Halevi, and Lyubashevsky introduced a technique for making a lightweight bulletproof for linear relations, which they call a linear proof. It is a proof of...
Currently, variables are just a holder for an index of an Assignment in a `ConstraintSystem`. There is nothing preventing variable misuse, such as: - an invalid variable being created or...
Currently, external contributions are not supported - potential contributors are advised to file issues in the project. In order to interface better with the open-source community and to increase the...
Added tests: - FindQuorum tests (with examples from the paper and from the `.toml` files)
See curve25519 scalar field arithmetic for reference: https://github.com/dalek-cryptography/curve25519-dalek/blob/master/src/backend/serial/u64/scalar.rs
Added skeleton for group ops. - Addition formula from section 3.1, a=-1 special case in https://eprint.iacr.org/2008/522.pdf - Naive doubling and subtraction formulas TODO (next PR?): - actually get the right...
Make an `AllocatedPoint` type which has: - the encoding of a doppio point (affine might be more efficient in a circuit setting, TBD) - the Bulletproofs variables that represent the...
Implement point operations over doppio points, which are represented as `AllocatedPoint`s. Each operation will take the input `AllocatedPoints` and the constraint system (if the `AllocatedPoint` doesn't store a reference to...
Unsure if this is necessary (maybe it's enough to just do point operations over the doppio points, without a doppio scalar field?). Also unsure what this scalar field would look...
Curve parameters given here: https://twitter.com/ebfull/status/1087571257057406976 Can use the addition and subtraction formulas (unoptimized) out of HWCD: https://eprint.iacr.org/2008/522 Probably makes sense to use projective coordinates, for machine (non-circuit) performance