Optimize square root implementation for Fq

zkcrypto / jubjub

Implementation of the Jubjub elliptic curve group

Other

119 stars 47 forks source link

Optimize square root implementation for Fq #50

Open daira opened 2 years ago

daira commented 2 years ago

Suggested by @str4d:

The Sarkar algorithm used in the Pasta implementation is applicable to Fq since it is highly 2-adic. (Fr is not, but optimizing Fq square roots is more important for Jubjub curve point decompression, and therefore for Sapling trial decryption; see https://github.com/zcash/librustzcash/pull/423#issuecomment-894377882 ).

ashWhiteHat commented 11 months ago

It seems this closed by https://github.com/zkcrypto/bls12_381/pull/100