Add parameters of Ed25519 and support twisted Edwards curves #317
Conversation
querolita
changed the title
|
Most of the diff is recompiling the bindings to make CI happy |
|
The files that this PR is directly modifying are: |
| name: 'Ed25519', | ||
| modulus: exampleFields.f25519.modulus, // 2^255 - 19 | ||
| order: 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3edn, //2^252 + 27742317777372353535851937790883648493, | ||
| cofactor: 8n, |
There was a problem hiding this comment.
This is an optional parameter, please a pair of eyes to double check it's correct.
|
|
||
| // Twisted Edwards curve tests | ||
|
|
||
| const Ed25519 = createCurveTwisted(TwistedCurveParams.Ed25519); |
There was a problem hiding this comment.
What's your preferred convention? CurveTwisted or TwistedCurve? Asking because in affine I believe I have read both.
| if (z === 0n) { | ||
| // degenerate case | ||
| return twistedZero; | ||
| } else if (z === 1n && g.x === 0n && g.y === 1n) { |
There was a problem hiding this comment.
If I didn't treat this case separately, the following else if would place a false in the infinity parameter and then unit tests would complain because they used to find assertions of (0,1,false) != (0,1,true). But note that this is a branch that does not exist in the affine counterpart, and it is assuming that the "only" infinity point is exactly (0,1,1).
| const Field = createField(p); | ||
| const Scalar = createField(order); | ||
| const one = { ...generator, infinity: false }; | ||
| const Endo = undefined; // for Ed25519 |
There was a problem hiding this comment.
Not sure how to generalize this. When we use this interface for something different than Ed25519, maybe this parameter should change.
This is related to o1-labs/o1js#1283