search

iden3 / circomlib

Library of basic circuits for circom
620 stars 211 forks source link

Question about BabyPbk babyjub.circom #88

Closed akileshtangella closed 1 year ago

akileshtangella commented 1 year ago

https://github.com/iden3/circomlib/blob/master/circuits/babyjub.circom#L96-L97

Why in this circuit is there a check that the private key is within 253 bits? I thought valid private keys are within 254 bit prime field corresponding to BN254?

simon-perriard commented 1 year ago

If you follow the standard for key generation for EdDSA https://www.rfc-editor.org/rfc/rfc8032#section-5.1.5, s is 256 bits long after step 2, then the public key extraction implemented in circomlibjs shifts everything to the right by 3 bits, hence 253 bits for the private key. Did this help?

akileshtangella commented 1 year ago

If you follow the standard for key generation for EdDSA https://www.rfc-editor.org/rfc/rfc8032#section-5.1.5, s is 256 bits long after step 2, then the public key extraction implemented in circomlibjs shifts everything to the right by 3 bits, hence 253 bits for the private key. Did this help?

Yes thank you.

simon-perriard commented 1 year ago

@saiakilesh can you close the issue if it is solved please?