doppio
doppio copied to clipboard
dalek-cryptography
Embedded curve over the Ristretto255 scalar field, for use in Bulletproofs
See curve25519 scalar field arithmetic for reference: https://github.com/dalek-cryptography/curve25519-dalek/blob/master/src/backend/serial/u64/scalar.rs
As seen on the code of `field.rs`, `inverse()` FieldElement function implementation remains unimplemented. On https://github.com/dusk-network/dusk-corretto/pull/12 we've just implemented the Kalinski's Montgomery Modular Inverse algorithm for the Doppio's FieldElement mod `2^252...
Added skeleton for group ops. - Addition formula from section 3.1, a=-1 special case in https://eprint.iacr.org/2008/522.pdf - Naive doubling and subtraction formulas TODO (next PR?): - actually get the right...
Make an `AllocatedPoint` type which has: - the encoding of a doppio point (affine might be more efficient in a circuit setting, TBD) - the Bulletproofs variables that represent the...
Implement point operations over doppio points, which are represented as `AllocatedPoint`s. Each operation will take the input `AllocatedPoints` and the constraint system (if the `AllocatedPoint` doesn't store a reference to...
Unsure if this is necessary (maybe it's enough to just do point operations over the doppio points, without a doppio scalar field?). Also unsure what this scalar field would look...
Curve parameters given here: https://twitter.com/ebfull/status/1087571257057406976 Can use the addition and subtraction formulas (unoptimized) out of HWCD: https://eprint.iacr.org/2008/522 Probably makes sense to use projective coordinates, for machine (non-circuit) performance
Metadata
Owner
Metadata
Embedded curve over the Ristretto255 scalar field, for use in Bulletproofs