This issue tracks the extension of ZnaKes to support the Decaf377. The goal is to add support for the Decaf377 in ZnaKes and provide unit tests for it.
Background
The Decaf377 is an embedded elliptic curve of the BLS12_377 mentioned in the Zexe paper in Twisted Edwards form. This enables the use of ECC primitives within the BLS12_377 to form signature verification schemes e.g. EdDSA. These can be nested inside Zero Knowledge Proofs to incorporate security goals like authenticity, integrity and non-repudiation. According to SOOS, the curve is under MIT license.
Properties
This implementation is based on the values provided by the Penumbra Protocol:
253 - bit prime/base field = 8444461749428370424248824938781546531375899335154063827935233455917409239041
curve order / scalar field = 8444461749428370424248824938781546531355483705633632780774740985578885441532
c = 4
a = -1
d = 3021
subgroup of prime order = 2111115437357092606062206234695386632838870926408408195193685246394721360383
x = 4959445789346820725352484487855828915252512307947624787834978378872129235627
y = 6060471950081851567114691557659790004756535011754163002297540472747064943288
Safety
The Decaf377 satisfies the SafeCurves criteria of Daniel J. Bernstein and Tanja Lange. This was tested with Daira-Emma Hopwoods script on which the JubJub was evaluated.
Description
This issue tracks the extension of ZnaKes to support the Decaf377. The goal is to add support for the Decaf377 in ZnaKes and provide unit tests for it.
Background
The Decaf377 is an embedded elliptic curve of the BLS12_377 mentioned in the Zexe paper in Twisted Edwards form. This enables the use of ECC primitives within the BLS12_377 to form signature verification schemes e.g. EdDSA. These can be nested inside Zero Knowledge Proofs to incorporate security goals like authenticity, integrity and non-repudiation. According to SOOS, the curve is under MIT license.
Properties
This implementation is based on the values provided by the Penumbra Protocol:
Safety
The Decaf377 satisfies the SafeCurves criteria of Daniel J. Bernstein and Tanja Lange. This was tested with Daira-Emma Hopwoods script on which the JubJub was evaluated.