zec
/
zips
mirror of https://github.com/zcash/zips.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Give a definition for complete twisted Edwards elliptic curves. 

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
This commit is contained in:
Daira Hopwood 2019-06-18 22:53:23 +01:00
parent 2379ba88d7
commit f4f4682d57
1 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
protocol/protocol.tex
View File

@ -627,6 +627,10 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
\newcommand{\JubjubCurve}{\mathsf{Jubjub}} \newcommand{\JubjubCurve}{\mathsf{Jubjub}}
\newcommand{\jubjubCurve}{\term{Jubjub curve}} \newcommand{\jubjubCurve}{\term{Jubjub curve}}
\newcommand{\Jubjub}{\titleterm{Jubjub}} \newcommand{\Jubjub}{\titleterm{Jubjub}}
\newcommand{\completeTwistedEdwardsEllipticCurve}{\term{complete twisted Edwards elliptic curve}}
\newcommand{\completeTwistedEdwardsEllipticCurves}{\term{complete twisted Edwards elliptic curves}}
\newcommand{\MontgomeryEllipticCurve}{\term{Montgomery elliptic curve}}
\newcommand{\MontgomeryEllipticCurves}{\term{Montgomery elliptic curves}}
\newcommand{\uniformRandomString}{\term{Uniform Random String}} \newcommand{\uniformRandomString}{\term{Uniform Random String}}
\newcommand{\uniformRandomStrings}{\term{Uniform Random Strings}} \newcommand{\uniformRandomStrings}{\term{Uniform Random Strings}}
\newcommand{\BNRepresentedPairing}{\titleterm{BN-254}} \newcommand{\BNRepresentedPairing}{\titleterm{BN-254}}
@ -2311,8 +2315,8 @@ and rational constants $\FoundersFraction$, $\PoWMaxAdjustDown$, and
$\PoWMaxAdjustUp$ will also be defined in that section. $\PoWMaxAdjustUp$ will also be defined in that section.
\notsprout{ \notsprout{
We use the abbreviation ``ctEdwards'' to refer to complete twisted Edwards elliptic We use the abbreviation ``ctEdwards'' to refer to \completeTwistedEdwardsEllipticCurves and
curves and coordinates (see \crossref{jubjub}). coordinates (see \crossref{jubjub}).
} }
@ -7386,6 +7390,13 @@ curve.
\zkSNARKCircuits, called ``Jubjub'' \cite{Carroll1876}. \zkSNARKCircuits, called ``Jubjub'' \cite{Carroll1876}.
The \representedGroup $\JubjubCurve$ of points on this curve is defined in this section. The \representedGroup $\JubjubCurve$ of points on this curve is defined in this section.
A \completeTwistedEdwardsEllipticCurve, as defined in \cite[section 4.3.4]{BL2017}, is
an elliptic curve $E$ over a non-binary field $\GF{q}$, parameterized by distinct
$a, d \typecolon \GF{q} \setminus \setof{0}$ such that $a$ is square and $d$ is nonsquare,
with equation $E : a \smult u^2 + \varv^2 = 1 + d \smult u^2 \smult \varv^2$.
We use the abbreviation ``ctEdwards'' to refer to \completeTwistedEdwardsEllipticCurves and
coordinates.
Let $\ParamJ{q} := \ParamS{r}$, as defined in \crossref{blspairing}. Let $\ParamJ{q} := \ParamS{r}$, as defined in \crossref{blspairing}.
Let $\ParamJ{r} := 6554484396890773809930967563523245729705921265872317281365359162392183254199$. Let $\ParamJ{r} := 6554484396890773809930967563523245729705921265872317281365359162392183254199$.
@ -7398,9 +7409,8 @@ Let $\ParamJ{a} := -1$.
Let $\ParamJ{d} := -10240/10241 \pmod{\ParamJ{q}}$. Let $\ParamJ{d} := -10240/10241 \pmod{\ParamJ{q}}$.
Let $\GroupJ$ be the group of points $(u, \varv)$ on a complete twisted Edwards (``ctEdwards'') Let $\GroupJ$ be the group of points $(u, \varv)$ on a ctEdwards curve $\CurveJ$ over $\GF{\ParamJ{q}}$
elliptic curve $\CurveJ$ over $\GF{\ParamJ{q}}$ with equation with equation $\ParamJ{a} \smult u^2 + \varv^2 = 1 + \ParamJ{d} \smult u^2 \smult \varv^2$.
$\ParamJ{a} \smult u^2 + \varv^2 = 1 + \ParamJ{d} \smult u^2 \smult \varv^2$.
The zero point with coordinates $(0, 1)$ is denoted $\ZeroJ$. The zero point with coordinates $(0, 1)$ is denoted $\ZeroJ$.
$\GroupJ$ has order $\ParamJ{h} \smult \ParamJ{r}$. $\GroupJ$ has order $\ParamJ{h} \smult \ParamJ{r}$.
@ -9988,6 +9998,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
2019-06-18 2019-06-18
\begin{itemize} \begin{itemize}
\item Give a definition for \completeTwistedEdwardsEllipticCurves in \crossref{jubjub}.
\item Ensure that this document builds correctly and without missing \item Ensure that this document builds correctly and without missing
characters on recent versions of \TeX Live. characters on recent versions of \TeX Live.
\item Update the \texttt{Makefile} to use Ghostscript for PDF optimization. \item Update the \texttt{Makefile} to use Ghostscript for PDF optimization.
@ -11203,9 +11214,9 @@ in \crossref{notation}.
\subsection{Elliptic curve background} \label{ecbackground} \subsection{Elliptic curve background} \label{ecbackground}
The \Sapling circuits make use of a complete twisted Edwards (``ctEdwards'') curve, The \Sapling circuits make use of a \completeTwistedEdwardsEllipticCurve (``ctEdwards curve'')
$\JubjubCurve$, and also a Montgomery curve $\MontCurve$ that is birationally equivalent $\JubjubCurve$, defined in \crossref{jubjub}, and also a \MontgomeryEllipticCurve $\MontCurve$
to $\JubjubCurve$. Following the notation in \cite{BL2017} we use that is birationally equivalent to $\JubjubCurve$. Following the notation in \cite{BL2017} we use
$(u, \varv)$ for affine coordinates on the ctEdwards curve, and $(x, y)$ for $(u, \varv)$ for affine coordinates on the ctEdwards curve, and $(x, y)$ for
affine coordinates on the Montgomery curve. affine coordinates on the Montgomery curve.