Comments (2)
Hi @hasinitg,
Could you please advice what is the recommended way to do this in jsnark? Is it fine to first compute the scalar multiplication a.P and then negate the resulting point? Or, should I first negate the scalar, and then perform scalar multiplication? I followed the first approach, by introducing a 'negateAffinePoint' function as below, because I am not sure how to do it using the latter approach in jsnark. I would appreciate a lot your insight on this.
For the second method, negating the scalar using the same way in your first method won't work as expected, i.e., if you use .mul(-1), it won't work correctly for the second case.)
In the second case, you have to subtract the scalar from the order of the curve (or the order of the subgroup, but in this type of curves, I recall that the scalar or the secret keys in general are selected to be higher than the subgroup order, so the order of the curve should work). You will find these constants documented in the ECDHKeyExchange gadget. You have to be sure though before doing the subtraction that a is smaller.
In terms of efficiency, the first method seems to be a better candidate, because if you already have the bits of a, you can reuse them directly. However, if you use the second, you will have to subtract and then extract the bits, which will add ~250 constraints.
By the way, as a suggestion, there are also other SNARK friendly curves that were proposed by others after the one I had in jsnark, e.g., https://z.cash/technology/jubjub/. You could also look into those, as they will be more optimized and possibly implemented for other functionalities other than key exchange.
from jsnark.
Hi @akosba
Thank you very much for your reply. I appreciate it a lot (I am sorry about the delay in reply, as I was going through a transition period).
Thank you for clarifying the pros and cons of the two approaches for obtaining the negation of a scalar multiplication. I also implemented approach 1, as approach 2 involves more constraints, as you have pointed out as well.
Thank you for pointing out jubjub. I would prefer to continue using jsnark, as I have been using it for implementation of the other circuits as well.
Thank you.
from jsnark.
Related Issues (20)
- A Trivial Issue: setWireValue(Wire w, long v) HOT 2
- What License is this? HOT 1
- `make` fails for missing includes HOT 3
- JAVA Version
- SHA 256 gadget's output wires have negative id HOT 2
- Questions about RSAEncryptionV1_5_Gadget HOT 2
- Using AES128CipherCircuitGenerator with plaintexts of size more than 16 bytes HOT 2
- Clarifying the use of the input parameter 'bitwidthPerInputElement' in SHA256 gadget HOT 3
- verifying proof on blockchain HOT 2
- toturial
- LongElement multiplication without creating prover witness wires. HOT 1
- HELP: how to implement a solution in practice?
- Change the curve HOT 2
- How to initialize a number on the prime field? HOT 1
- cmake failed HOT 2
- libsnark fails for circuits with checkNonZero depending on execution order HOT 2
- How to recover circuit output from two files HOT 3
- Questions about RSAEncryptionCircuitGenerator HOT 2
- Floating point exception (core dumped)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jsnark.