libff icon indicating copy to clipboard operation
libff copied to clipboard
verified publisher icon scipr-lab

Support other elliptic curves

Open yelhousni opened this issue 5 years ago • 3 comments

Currently only ALT_BN128/BN128, MNT4-298/MNT6-298 and EDWARDS-80 elliptic curves are supported in libff. All of them have a lower security level than 128-bit. Is there any plans to support other curves like: BLS12-381, BLS12-377/BW6-761?

yelhousni avatar Oct 09 '20 13:10 yelhousni

Great, thanks @yelhousni for your PR (#71)!

Is there any plans to support other curves like: BLS12-381, BLS12-377/BW6-761?

Yes, that's something I meant to do (been side tracked by other things). I'll have a look to #71 and hopefully we can port implementation of other curves to this repo in the near future (some forks already implement several curves of interest). I think there is a little bit of work to nicely add other curves (the "big" MNT cycle, BLS12-377, BW6, SW6, JubJub - once BLS12-381 is merged, etc.) to this library though. In fact, that'd be nice to support "curve families" as a way to factorize as much code as possible across specific curves of the same family (e.g. BLS12-377/BLS12-381, or add support for other Barreto Naehrig curves - like the one used in DIZK - with minimal changes). Ideally there should be as little code as possible for each curve instantiation (and the params files could mostly be generated using the sage scripts). One thing after the other though :) I'll try to have a look at your PR when I have some time :)

AntoineRondelet avatar Oct 09 '20 14:10 AntoineRondelet

It'd be great to add BLS12-381 and BLS12-377/BW6-761!

Thank you for making the PR for #71! I think its good to merge in.

Agreed with Antoine, that in the end-state it would great to factor code per curve model, and have parameters input into a much more condensed sage script. (But that shouldn't block adding in more curves that are already of interest)

ValarDragon avatar Oct 11 '20 02:10 ValarDragon

Great, thanks @yelhousni for your PR (#71)!

Is there any plans to support other curves like: BLS12-381, BLS12-377/BW6-761?

Yes, that's something I meant to do (been side tracked by other things). I'll have a look to #71 and hopefully we can port implementation of other curves to this repo in the near future (some forks already implement several curves of interest). I think there is a little bit of work to nicely add other curves (the "big" MNT cycle, BLS12-377, BW6, SW6, JubJub - once BLS12-381 is merged, etc.) to this library though. In fact, that'd be nice to support "curve families" as a way to factorize as much code as possible across specific curves of the same family (e.g. BLS12-377/BLS12-381, or add support for other Barreto Naehrig curves - like the one used in DIZK - with minimal changes). Ideally there should be as little code as possible for each curve instantiation (and the params files could mostly be generated using the sage scripts). One thing after the other though :) I'll try to have a look at your PR when I have some time :)

hi, i am recently study your curves implementations, i wonder what paper your code are based?could you point the paper? thank you.

zlemon819 avatar Jun 02 '23 09:06 zlemon819