feat(stdlib): Implement elliptic curve primitives #964
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
guipublic
approved these changes
Mar 15, 2023
This was referenced Apr 12, 2023
| } | ||
|
|
||
| // SWU map-to-curve method (via rational map) | ||
| fn swu_map(self, z: Field, u: Field) -> Point { |
There was a problem hiding this comment.
Shouldn't z be fixed to a constant satisfying the conditions here https://datatracker.ietf.org/doc/id/draft-irtf-cfrg-hash-to-curve-06.html#section-6.6.2
rather than a parameter?
There was a problem hiding this comment.
It should indeed. At the time of this PR, it wasn't possible to compute the constant in Noir without adding unnecessary constraints, which is why I left it as a parameter here, unlike the case of the Elligator 2 method whose constant depends only on the field and not on the curve. Now that unconstrained functions are a thing, this should be easy to resolve.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related issue(s)
Partially resolves #393
Description
This PR implements elliptic curve primitives over
Field, specifically the group operations (addition, subtraction, scalar multiplication) and curve mappings required forhash_to_curve(Simplified SWU and Elligator 2 methods). The implementation includes Montgomery, Short Weierstraß and Twisted Edwards curve configurations, though the Montgomery curve implementation is minimal and included only for the purpose of curve mappings (i.e. the group operations are induced by those for the corresponding Twisted Edwards curve). All curves include both affine and 'CurveGroup' (i.e. projective or extended) coordinate representations. The structure and choice of terminology are loosely based on those of ark-ec. A more detailed description of the implementation is included inec.nr.Multi-scalar multiplication is implemented as well but does not work at the moment due to the lack of support for arrays of structs. Also, I was hoping to avoid code duplication e.g. in the definition of
bit_mul(multiplication by a scalar represented by a bit array) for each curve configuration by using higher-order functions (cf. the commented-out definition ofbit_mulinec.nr), but I ran into the problem where I couldn't generate proofs.Summary of changes
ec.nrand underec/field.nrDependency additions / changes
Test additions / changes
One test case in
nargo/tests/test_data/ec_baby_jubjub, which tests the library on the Baby Jubjub curve.Checklist
cargo fmtwith default settings.Documentation needs
Additional context