Module jubjub

Jubjub is a twisted Edwards curve defined over the BLS12-381 scalar field, Fr. It takes the form -x^2 + y^2 = 1 + dx^2y^2 with d = -(10240/10241). It is birationally equivalent to a Montgomery curve of the form y^2 = x^3 + Ax^2 + x with A = 40962. This value A is the smallest integer choice such that:

• (A - 2) / 4 is a small integer (10240).
• A^2 - 4 is quadratic nonresidue.
• The group order of the curve and its quadratic twist has a large prime factor.

Jubjub has s = 0x0e7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7 as the prime subgroup order, with cofactor 8. (The twist has cofactor 4.)

It is a complete twisted Edwards curve, so the equivalence with the Montgomery curve forms a group isomorphism, allowing points to be freely converted between the two forms.

Modules

• edwards
  This is an implementation of the twisted Edwards Jubjub curve.
• fs
  This is an implementation of the scalar field for Jubjub.
• montgomery
  This is an implementation of the birationally equivalent Montgomery curve.

Structs

• JubjubBls12

Enums

• FixedGenerators
  Fixed generators of the Jubjub curve of unknown exponent.
• PrimeOrder
  Point of prime order.
• Unknown
  Point of unknown order.

Traits

• JubjubEngine
  This is an extension to the pairing Engine trait which offers a scalar field for the embedded curve (Jubjub) and some pre-computed parameters.
• JubjubParams
  The pre-computed parameters for Jubjub, including curve constants and various limits and window tables.
• ToUniform