Welcome to the resource topic for 2022/1145
Title:
Yafa-108/146: Implementing ed25519-embedding Cocks-Pinch curves in arkworks-rs
Authors: Rami Akeela, Weikeng Chen
Abstract:This note describes two pairing-friendly curves that embed ed25519, of different bit security levels. Our search is not novel—it follows the standard recipe of the Cocks-Pinch method. We implemented these two curves on arkworks-rs. This note is intended to provide a document on how the parameters are being generated and how to implement these curves in arkworks-rs 0.4.0, for further reference.
We name the two curves as Yafa-108 and Yafa-146:
-
Yafa-108 is estimated to offer 108-bit security, which we parameterized to match the 102-bit security of BN254
-
Yafa-146 is estimated to offer 146-bit security, which we parameterized to match the 131-bit security of BLS12-446 or 122-bit security of BLS12-381
We use these curves as an example to demonstrate two things:
-
The “elastic” zero-knowledge proofs, Gemini (EUROCRYPT '22), is more than being elastic, but it is more curve-agnostic and hardware-friendly.
-
The cost of nonnative field arithmetics can be drastic, and the needs of application-specific curves may be inherent. This result serves as evidence of the necessity of EIP-1962, and the insufficiency of EIP-2537.
ePrint: https://eprint.iacr.org/2022/1145
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .