Optimize square root implementation for Fq

zkcrypto / jubjub

Implementation of the Jubjub elliptic curve group

Other

121 stars 49 forks source link

Optimize square root implementation for Fq #50

Open daira opened 3 years ago

daira commented 3 years ago

Suggested by @str4d:

The Sarkar algorithm used in the Pasta implementation is applicable to Fq since it is highly 2-adic. (Fr is not, but optimizing Fq square roots is more important for Jubjub curve point decompression, and therefore for Sapling trial decryption; see https://github.com/zcash/librustzcash/pull/423#issuecomment-894377882 ).

ashWhiteHat commented 1 year ago

It seems this closed by https://github.com/zkcrypto/bls12_381/pull/100