Daira-Emma Hopwood
Daira-Emma Hopwood
Needs more discussion.
Moving 1.0.10 tickets back into 1.0.9 since the latter has been rescheduled.
Rebased onto 1.0.10.
Note that Github is showing the commits in the wrong order; "Disable dust." should be first, followed by "Simplifications due to disabling dust." (It thought they'd fixed that commit ordering...
That's not correct, there are still dust limits.
I'm confused as to why enabling Montgomery representations should change the proof size: 1. If I understand correctly, Montgomery form represents an element x of F_p as (xR mod p)...
Oh, does this mean a Montgomery curve equation rather than a Montgomery field representation? I wish they were called something different.
Although this says "change BN128...", it would be quite confusing and incompatible to literally change which curve is designated by the `-DCURVE_[ALT_]BN128` compilation option. The new curve should be called...
Actually, I believe the name BN128 is _already_ ambiguous between the two curves mentioned in the [ate-pairing readme](https://github.com/herumi/ate-pairing/blob/master/readme.md#overview). For consistency with the names used there, we could call the new...
I raised this at today's zdep meeting: if generating a suitable secure curve will take some time, can we have a (potentially insecure) curve that is expected to have the...