github.com/consensys/gnark-crypto@v0.14.0/ecc/stark-curve/stark_curve.go (about)

     1  // Copyright 2020 ConsenSys Software Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package starkcurve efficient elliptic curve implementation for stark_curve. This is curve used in StarkNet: https://docs.starkware.co/starkex/crypto/stark-curve.html.
    16  //
    17  // stark_curve: A j!=0 curve with
    18  //
    19  //	𝔽r: r=3618502788666131213697322783095070105526743751716087489154079457884512865583
    20  //	𝔽p: p=3618502788666131213697322783095070105623107215331596699973092056135872020481 (2^251+17*2^192+1)
    21  //	(E/𝔽p): Y²=X³+x+b where b=3141592653589793238462643383279502884197169399375105820974944592307816406665
    22  //
    23  // Security: estimated 126-bit level using Pollard's \rho attack
    24  // (r is 252 bits)
    25  //
    26  // # Warning
    27  //
    28  // This code has been partially audited and is provided as-is. In particular, there is no security guarantees such as constant time implementation or side-channel attack resistance.
    29  package starkcurve
    30  
    31  import (
    32  	"github.com/consensys/gnark-crypto/ecc"
    33  	"github.com/consensys/gnark-crypto/ecc/stark-curve/fp"
    34  )
    35  
    36  // ID stark_curve ID
    37  const ID = ecc.STARK_CURVE
    38  
    39  // aCurveCoeff is the a coefficients of the curve Y²=X³+ax+b
    40  var aCurveCoeff fp.Element
    41  var bCurveCoeff fp.Element
    42  
    43  // generator of the r-torsion group
    44  var g1Gen G1Jac
    45  
    46  var g1GenAff G1Affine
    47  
    48  // point at infinity
    49  var g1Infinity G1Jac
    50  
    51  func init() {
    52  	aCurveCoeff.SetUint64(1)
    53  	bCurveCoeff.SetString("3141592653589793238462643383279502884197169399375105820974944592307816406665")
    54  
    55  	g1Gen.X.SetString("874739451078007766457464989774322083649278607533249481151382481072868806602")
    56  	g1Gen.Y.SetString("152666792071518830868575557812948353041420400780739481342941381225525861407")
    57  	g1Gen.Z.SetOne()
    58  
    59  	g1GenAff.FromJacobian(&g1Gen)
    60  
    61  	// (X,Y,Z) = (1,1,0)
    62  	g1Infinity.X.SetOne()
    63  	g1Infinity.Y.SetOne()
    64  
    65  }
    66  
    67  // Generators return the generators of the r-torsion group, resp. in ker(pi-id), ker(Tr)
    68  func Generators() (g1Jac G1Jac, g1Aff G1Affine) {
    69  	g1Aff = g1GenAff
    70  	g1Jac = g1Gen
    71  	return
    72  }
    73  
    74  // CurveCoefficients returns the a, b coefficients of the curve equation.
    75  func CurveCoefficients() (a, b fp.Element) {
    76  	return aCurveCoeff, bCurveCoeff
    77  }