Give a definition for complete twisted Edwards elliptic curves.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -627,6 +627,10 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\JubjubCurve}{\mathsf{Jubjub}}
 \newcommand{\jubjubCurve}{\term{Jubjub curve}}
 \newcommand{\Jubjub}{\titleterm{Jubjub}}
+\newcommand{\completeTwistedEdwardsEllipticCurve}{\term{complete twisted Edwards elliptic curve}}
+\newcommand{\completeTwistedEdwardsEllipticCurves}{\term{complete twisted Edwards elliptic curves}}
+\newcommand{\MontgomeryEllipticCurve}{\term{Montgomery elliptic curve}}
+\newcommand{\MontgomeryEllipticCurves}{\term{Montgomery elliptic curves}}
 \newcommand{\uniformRandomString}{\term{Uniform Random String}}
 \newcommand{\uniformRandomStrings}{\term{Uniform Random Strings}}
 \newcommand{\BNRepresentedPairing}{\titleterm{BN-254}}
@@ -2311,8 +2315,8 @@ and rational constants $\FoundersFraction$, $\PoWMaxAdjustDown$, and
 $\PoWMaxAdjustUp$ will also be defined in that section.
 
 \notsprout{
-We use the abbreviation ``ctEdwards'' to refer to complete twisted Edwards elliptic
-curves and coordinates (see \crossref{jubjub}).
+We use the abbreviation ``ctEdwards'' to refer to \completeTwistedEdwardsEllipticCurves and
+coordinates (see \crossref{jubjub}).
 }
 
 
@@ -7386,6 +7390,13 @@ curve.
 \zkSNARKCircuits, called ``Jubjub'' \cite{Carroll1876}.
 The \representedGroup $\JubjubCurve$ of points on this curve is defined in this section.
 
+A \completeTwistedEdwardsEllipticCurve, as defined in \cite[section 4.3.4]{BL2017}, is
+an elliptic curve $E$ over a non-binary field $\GF{q}$, parameterized by distinct
+$a, d \typecolon \GF{q} \setminus \setof{0}$ such that $a$ is square and $d$ is nonsquare,
+with equation $E : a \smult u^2 + \varv^2 = 1 + d \smult u^2 \smult \varv^2$.
+We use the abbreviation ``ctEdwards'' to refer to \completeTwistedEdwardsEllipticCurves and
+coordinates.
+
 Let $\ParamJ{q} := \ParamS{r}$, as defined in \crossref{blspairing}.
 
 Let $\ParamJ{r} := 6554484396890773809930967563523245729705921265872317281365359162392183254199$.
@@ -7398,9 +7409,8 @@ Let $\ParamJ{a} := -1$.
 
 Let $\ParamJ{d} := -10240/10241 \pmod{\ParamJ{q}}$.
 
-Let $\GroupJ$ be the group of points $(u, \varv)$ on a complete twisted Edwards (``ctEdwards'')
-elliptic curve $\CurveJ$ over $\GF{\ParamJ{q}}$ with equation
-$\ParamJ{a} \smult u^2 + \varv^2 = 1 + \ParamJ{d} \smult u^2 \smult \varv^2$.
+Let $\GroupJ$ be the group of points $(u, \varv)$ on a ctEdwards curve $\CurveJ$ over $\GF{\ParamJ{q}}$
+with equation $\ParamJ{a} \smult u^2 + \varv^2 = 1 + \ParamJ{d} \smult u^2 \smult \varv^2$.
 The zero point with coordinates $(0, 1)$ is denoted $\ZeroJ$.
 $\GroupJ$ has order $\ParamJ{h} \smult \ParamJ{r}$.
 
@@ -9988,6 +9998,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
 2019-06-18
 
 \begin{itemize}
+    \item Give a definition for \completeTwistedEdwardsEllipticCurves in \crossref{jubjub}.
     \item Ensure that this document builds correctly and without missing
           characters on recent versions of \TeX Live.
     \item Update the \texttt{Makefile} to use Ghostscript for PDF optimization.
@@ -11203,9 +11214,9 @@ in \crossref{notation}.
 
 \subsection{Elliptic curve background} \label{ecbackground}
 
-The \Sapling circuits make use of a complete twisted Edwards (``ctEdwards'') curve,
-$\JubjubCurve$, and also a Montgomery curve $\MontCurve$ that is birationally equivalent
-to $\JubjubCurve$. Following the notation in \cite{BL2017} we use
+The \Sapling circuits make use of a \completeTwistedEdwardsEllipticCurve (``ctEdwards curve'')
+$\JubjubCurve$, defined in \crossref{jubjub}, and also a \MontgomeryEllipticCurve $\MontCurve$
+that is birationally equivalent to $\JubjubCurve$. Following the notation in \cite{BL2017} we use
 $(u, \varv)$ for affine coordinates on the ctEdwards curve, and $(x, y)$ for
 affine coordinates on the Montgomery curve.