How to use Schnorr over BN254 + Grumpkin

paulmillr / noble-curves

Audited & minimal JS implementation of elliptic curve cryptography.

https://paulmillr.com/noble

MIT License

691 stars 63 forks source link

How to use Schnorr over BN254 + Grumpkin #44

Closed colinnielsen closed 1 year ago

colinnielsen commented 1 year ago

Hello, For context, I am working with the Noir lang and the Aztec protocol, which uses bn254 and Grumpkin curves, defined here.

How can I set up pairing on bn254? I am looking into how to set up a weierstrass instance of bn254 with a G2 pairing group so I can do aggregation - will this lib allow for that?

(amazing work btw, keep it up!)

paulmillr commented 1 year ago

Pairing has not been implemented on bn254 at this point.

colinnielsen commented 1 year ago

Gotcha, so I would have to create an instance of both curves, and use pairing functions directly?

paulmillr commented 1 year ago

Yeah, and I don't think bls pairing would work for bn. They are probably different? I didn't do a deep dive though.

colinnielsen commented 1 year ago

I will be using Schnorr aggregate / threshold signatures in this context. I bet I could set up the Cruve and ProjectivePoint instances, and do the math manually.

Thanks!

paulmillr commented 1 year ago

yup