yumi-sakemi
commented
4 years ago Hi, Kobi!
I am so sorry for my late reply. Thank you for your interest in our draft and I appreciate your suggestions.
In our draft, we select the recommended pairing-friendly curves that match two selection policies: "widely-used" and "security (the curves are shown in peer-reviewed papers)". From a viewpoint of "widely-used", in our understanding, the BLS12-377 has fewer adoptions than the BLS12-381.
Also, as Riad pointed out by e-mail, if both BLS12-377 and BLS12-381 were proposed in the same draft, there is a possibility that the draft could confuse the readers. For these reasons, we consider that it is difficult to add the BLS12-377 to our draft as the recommended parameter.
On the other hand, I feel that your activities that promote the use of pairing are so great, and I appreciate for your contribution. So, we plan to refer your OSS (which is published in the following GitHub page) in the version 08 of our draft as one of the adoption results of pairing-friendly curves.
Hello Yumi Sakemi, Tetsutaro Kobayashi, Tsunekazu Saito and Riad S. Wahby,
I'd like to propose to add BLS12-377 - a pairing friendly curve gaining adoption in the last year.
BLS12-377 has been introduced in the Zexe paper, for the case where both the scalar and the base fields have high 2-adicity. This makes BLS12-377 efficient for creating SNARK over and for creating SNARKs with statement involving BLS12-377 operations.
These properties made it highly interesting for a few projects, some of which are running in production - Celo, EY Nightfall among others.
Having it standardized would be beneficial for all the projects involved.
Please let me know what you think and what could be done to improve it!