Open xhliu opened 1 year ago
https://hackmd.io/@benjaminion/bls12-381 https://github.com/zcash/zcash/issues/2502
BLS12 in 5 slides: https://docs.google.com/presentation/d/1uN-ziUVXP1xtxEyKc5piHcVnOqcrTk26WIk-fzkbOMs/edit#slide=id.p
However, neither RSK nor Ethereum have activated native support for this curve. https://medium.com/iovlabs-innovation-stories/choosing-the-right-curve-bf183d477a
Since neither EIP-2537, nor EVM384 precompiles have been implemented on mainnet https://ethresear.ch/t/do-not-add-bls12-precompile-implement-pasta-curves-w-o-trusted-setup-instead/12808
For platform-agnostic applications, the choice requires a tradeoff between performance (BN254) and security (BLS12-381). We recommend choosing BLS12-381 as it is more secure, still fast enough to be practical, but slower than BN254. https://docs.gnark.consensys.net/en/latest/Concepts/schemes_curves/#bn254-and-bls12-381-curves
Go impl in Eth https://github.com/ethereum/go-ethereum/tree/master/crypto/bls12381
Circom impl by 0xparc: https://github.com/yi-sun/circom-pairing/tree/master/circuits See section Adapting to other elliptic curves, adapted from https://github.com/paulmillr/noble-bls12-381
As we did before for BN256: Golang https://github.com/ethereum/go-ethereum/tree/master/crypto/bn256/google
-> sCrypt https://github.com/sCrypt-Inc/boilerplate/blob/master/contracts/bn256.scrypt https://github.com/sCrypt-Inc/boilerplate/blob/master/contracts/bn256pairing.scrypt
https://eips.ethereum.org/EIPS/eip-2537
xhliu
commented
1 year ago xhliu
commented
1 year ago xhliu
commented
1 year ago
https://hackmd.io/@benjaminion/bls12-381 https://github.com/zcash/zcash/issues/2502
BLS12 in 5 slides: https://docs.google.com/presentation/d/1uN-ziUVXP1xtxEyKc5piHcVnOqcrTk26WIk-fzkbOMs/edit#slide=id.p
However, neither RSK nor Ethereum have activated native support for this curve. https://medium.com/iovlabs-innovation-stories/choosing-the-right-curve-bf183d477a
Since neither EIP-2537, nor EVM384 precompiles have been implemented on mainnet https://ethresear.ch/t/do-not-add-bls12-precompile-implement-pasta-curves-w-o-trusted-setup-instead/12808
For platform-agnostic applications, the choice requires a tradeoff between performance (BN254) and security (BLS12-381). We recommend choosing BLS12-381 as it is more secure, still fast enough to be practical, but slower than BN254. https://docs.gnark.consensys.net/en/latest/Concepts/schemes_curves/#bn254-and-bls12-381-curves
Reference implementation
Go impl in Eth https://github.com/ethereum/go-ethereum/tree/master/crypto/bls12381
Circom impl by 0xparc: https://github.com/yi-sun/circom-pairing/tree/master/circuits See section Adapting to other elliptic curves, adapted from https://github.com/paulmillr/noble-bls12-381
Test