zec
/
pasta_curves
mirror of https://github.com/zcash/pasta_curves.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
800 Commits 6 Branches 6 Tags 5.1 MiB
Rust 98.4%
Shell 0.8%
HTML 0.6%
Makefile 0.2%
Go to file
Luke Parker c14b406197
Merge a46b5be95c into df67e299e6 		2023-12-20 11:16:42 -07:00
.github Bump actions/checkout from 2 to 3 2023-03-02 16:19:33 +00:00
benches Add benchmarks for point operations. 2021-08-11 15:09:34 +01:00
book book: Fix broken links 2021-03-04 14:02:12 +00:00
src Add zeroize 2023-05-18 18:26:06 -04:00
.gitignore Add book/Makefile for local HTML generation. 2020-12-26 15:33:59 +00:00
CHANGELOG.md Bump MSRV to 1.60.0 2023-03-02 17:09:58 +00:00
COPYING.md Ensure that GitHub's "View license" link points to complete license information. 2022-01-04 17:30:00 +00:00
Cargo.toml Merge a46b5be95c into df67e299e6 2023-12-20 11:16:42 -07:00
LICENSE-APACHE Relicense `pasta_curves` as MIT OR Apache-2.0 2021-09-17 16:32:36 +01:00
LICENSE-MIT Relicense `pasta_curves` as MIT OR Apache-2.0 2021-09-17 16:32:36 +01:00
README.md Point to the RFC process 2023-12-19 15:36:50 +00:00
katex-header.html Initial commit 2020-08-22 14:15:39 -06:00
rust-toolchain.toml Bump MSRV to 1.60.0 2023-03-02 17:09:58 +00:00

README.md

pasta_curves

This crate provides an implementation of the Pasta elliptic curve constructions, Pallas and Vesta. More details about the Pasta curves can be found in this blog post.

RFC process

This crate follows the zkcrypto RFC process. If you want to propose "substantial" changes to this crate, please create an RFC for wider discussion.

Documentation

Minimum Supported Rust Version

Requires Rust 1.60 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

Curve Descriptions

  • Pallas: y2 = x3 + 5 over GF(0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001).

  • Vesta: y2 = x3 + 5 over GF(0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001).

The Pasta curves form a cycle with one another: the order of each curve is exactly the base field of the other. This property is critical to the efficiency of recursive proof systems. They are designed to be highly 2-adic, meaning that a large power-of-two multiplicative subgroup exists in each field. This is important for the performance of polynomial arithmetic over their scalar fields and is essential for protocols similar to PLONK.

These curves can be reproducibly obtained using a curve search utility weve published.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.