Support Secp256r1 #310

mitschabaude · 2024-10-24T11:52:38Z

companion of o1-labs/o1js#1885

support general curve parameter a in most elliptic curve methods
change many EC methods to take the additional a parameter
support curve parameter a = -3 in projective curve doubling
- this is the parameter used by secp256r1
- note: there is a more efficient algorithm for a=-3 than for general a. thanks to the other changes here, it would now be very simple to add the general a case as well, but for testing we would need a concrete curve with general a, and I'm skipping the work of finding one since I'm not interested in general curves here
unit-test the new curve (and also its base field)

mitschabaude · 2024-10-24T12:14:54Z

@Trivo25 can you get me the necessary reviewers for this?

Geometer1729

LGTM

querolita

Left two observations, other than that looks good

querolita · 2024-10-29T15:24:09Z

crypto/elliptic-curve-examples.ts

@@ -15,6 +15,18 @@ const secp256k1Params: CurveParams = {
  },
 };

+const secp256r1Params: CurveParams = {


querolita · 2024-10-29T15:25:37Z

crypto/finite-field-examples.ts

@@ -26,6 +26,10 @@ let exampleFields = {
  f25519: createField(p25519),
  secp256k1: createField(pSecp256k1),
  secq256k1: createField(pSecq256k1),
+  secp256r1:
+    createField(
+      0xffffffff00000001000000000000000000000000ffffffffffffffffffffffffn


querolita · 2024-10-29T16:10:11Z

crypto/elliptic-curve.ts

@@ -530,14 +623,12 @@ function createCurveAffine({
  endoScalar,
  endoBase,
 }: CurveParams) {
-  // TODO: lift this limitation by using other formulas (in projectiveScale) for a != 0
-  if (a !== 0n) throw Error('createCurveAffine only supports a = 0');


Removing this check implies you allow any a? In createCurveProjective you removed the check and called createProjectiveDouble where there's a check that a is 0 or -3. But what about here?

that's a good point, I mean we do support general a now in all the purely affine methods like affineAdd, affineDouble. the only place which doesn't support general a is projectiveDouble, which is used here by methods like scale() and isInSubgroup()

so I think we can accept general a here at this point and only when using certain unsupported methods users would hit the error.

crypto/elliptic-curve.ts

mitschabaude added 5 commits October 24, 2024 12:27

add r1 params

fdbd01a

add *k1 to elliptic curve tests

de05c5a

implement doubling for a=-3 and add a param to EC methods

d1913b0

working unit test for *r1

ea5e9c6

fix affine double

e081466

mitschabaude mentioned this pull request Oct 24, 2024

Support Secp256r1 o1-labs/o1js#1885

Merged

Geometer1729 reviewed Oct 24, 2024

View reviewed changes

querolita reviewed Oct 29, 2024

View reviewed changes

Trivo25 approved these changes Oct 30, 2024

View reviewed changes

fixup comment

e4cbf60

querolita approved these changes Oct 30, 2024

View reviewed changes

Trivo25 merged commit acc5a7c into o1-labs:main Oct 30, 2024
1 check passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support Secp256r1 #310

Support Secp256r1 #310

mitschabaude commented Oct 24, 2024 •

edited

Loading

mitschabaude commented Oct 24, 2024

Geometer1729 left a comment

querolita left a comment

querolita Oct 29, 2024

querolita Oct 29, 2024

querolita Oct 29, 2024

mitschabaude Oct 30, 2024

Support Secp256r1 #310

Support Secp256r1 #310

Conversation

mitschabaude commented Oct 24, 2024 • edited Loading

mitschabaude commented Oct 24, 2024

Geometer1729 left a comment

Choose a reason for hiding this comment

querolita left a comment

Choose a reason for hiding this comment

querolita Oct 29, 2024

Choose a reason for hiding this comment

querolita Oct 29, 2024

Choose a reason for hiding this comment

querolita Oct 29, 2024

Choose a reason for hiding this comment

mitschabaude Oct 30, 2024

Choose a reason for hiding this comment

mitschabaude commented Oct 24, 2024 •

edited

Loading