Implement curve BN-254 in pairing

[lucasvo]

The main reason to add BN-254 support would be to allow the use of bellman to design circuits that can be verified on Ethereum.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 0.5 ETH (139.86 USD @ $279.71/ETH) attached to it.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
  • Want to chip in? Add your own contribution here.
  • Questions? Checkout Gitcoin Help or the Gitcoin Slack
  • $20,678.98 more funded OSS Work available on the Gitcoin Issue Explorer

[lastmjs]

I'm curious to do this, but can you provide a little roadmap of what needs to be done and how difficult it would be? I have extensive programming experience but not yet in Rust nor with elliptic curve implementations

[lucasvo]

There might be a bit of a learning curve if you don't know either Rust or elliptic curves, but if you are up for the challenge it's not an impossible thing to do. There are a few people that can talk about those details with more authority but here's where I would start:

The BLS12_381 curve is implemented here: https://github.com/zkcrypto/pairing/tree/master/src/bls12_381

The goal for this issue is to implement the bn-254 curve in pairing implementing the same API and feature set. @schaeff of ZoKrates probably has a few good pointers as well as @ebfull (although he's probably pretty busy with zcash's sapling release at the moment)

[Pratyush]

If you want a big head start, you can check out Sean's previous crate for bn-254 here: https://github.com/zcash-hackworks/bn

I'm not sure how rigorously audited that code is, but it's probably better than nothing.

[lastmjs]

I'll get back to this on Monday

On Fri, Sep 14, 2018, 5:31 PM Pratyush Mishra notifications@github.com wrote:

If you want a big head start, you can check out Sean's previous crate for bn-254 here: https://github.com/zcash-hackworks/bn

I'm not sure how rigorously audited that code is, but it's probably better than nothing.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/zkcrypto/pairing/issues/95#issuecomment-421509941, or mute the thread https://github.com/notifications/unsubscribe-auth/AGrSj-pHVNumCzcI21suitj3lm7UGED9ks5ubDxpgaJpZM4WMdNP .

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 10 months, 2 weeks from now. Please review their action plans below:

1) debragail has started work.

Learn more on the Gitcoin Issue Details page.

[burdges]

I briefly considered implementing the traits here for curves in the amcl library, which basically gives you this, different auditing, and constant time claims, but you'll incur some performance penalty from the fact that amcl does not expose the miller loop the same way.

[shamatar]

The “community edition” of pairing, bellman and sapling-crypto are open at https://github.com/matterinc/

Gadget library (sapling-crypto) is extended with BabyJubjub, Eddsa, some convenience primitives

[debragail]

Hi, working on this and wanted to be able to have something to test against. Can you provide info on how to properly test? All I have is from the README.md. You briefly mentioned using it for circuits on ETH and I wasn wondering if you had a project you could point me or more spec.

pairing

This is a Rust crate for using pairing-friendly elliptic curves. Currently, only the BLS12-381 construction is implemented.

Documentation

Bring the pairing crate into your project just as you normally would.

Security Warnings

This library does not make any guarantees about constant-time operations, memory access patterns, or resistance to side-channel attacks.

License

Licensed under either of

• Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

[shamatar]

I would suggest to close this. BN254 and many other features are now part of “community edition” https://github.com/matter-labs/bellman

[debragail]

agreed

[gitcoinbot]

Issue Status: 1. Open 2. Cancelled

---

Work has been started.

These users each claimed they can complete the work by 1 month, 3 weeks from now. Please review their action plans below:

1) debragail has started work.

Learn more on the Gitcoin Issue Details page.

[gitcoinbot]

Issue Status: 1. Open 2. Cancelled

---

The funding of 0.5 ETH (147.01 USD @ $294.02/ETH) attached to this issue has been cancelled by the bounty submitter

• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $131,058.13 more funded OSS Work available on the Gitcoin Issue Explorer