Lib.rs

Cryptography
#elliptic-curve #finite-fields #scalar-field

no-std ark-bn254

The BN254 pairing-friendly elliptic curve

by Marcin, Dev Ojha, Pratyush Mishra, Weikeng Chen, arkworks contributors (86 contributors). Co-owned by arkworks.

7 unstable releases

0.5.0 Oct 28, 2024
0.5.0-alpha.0 Jun 20, 2024
0.4.0 Jan 17, 2023
0.4.0-alpha.2 Dec 28, 2022
0.2.0 Mar 25, 2021

#518 in Cryptography

Download history 50783/week @ 2024-07-17 57011/week @ 2024-07-24 67052/week @ 2024-07-31 64100/week @ 2024-08-07 56299/week @ 2024-08-14 56162/week @ 2024-08-21 54388/week @ 2024-08-28 61635/week @ 2024-09-04 49803/week @ 2024-09-11 196507/week @ 2024-09-18 214795/week @ 2024-09-25 557150/week @ 2024-10-02 596611/week @ 2024-10-09 556682/week @ 2024-10-16 110090/week @ 2024-10-23 61231/week @ 2024-10-30

1,440,412 downloads per month
Used in 1,427 crates (74 directly)

MIT/Apache

620KB
13K SLoC

This library implements the BN254 curve that was sampled as part of the [BCTV14] paper . The name denotes that it is a Barreto--Naehrig curve of embedding degree 12, defined over a 254-bit (prime) field. The scalar field is highly 2-adic.

This curve is also implemented in libff under the name bn128. It is the same as the bn256 curve used in Ethereum (eg: go-ethereum).

#CAUTION This curve does not satisfy the 128-bit security level anymore.

Curve information:

  • Base field: q = 21888242871839275222246405745257275088696311157297823662689037894645226208583
  • Scalar field: r = 21888242871839275222246405745257275088548364400416034343698204186575808495617
  • valuation(q - 1, 2) = 1
  • valuation(r - 1, 2) = 28
  • G1 curve equation: y^2 = x^3 + 3
  • G2 curve equation: y^2 = x^3 + B, where
    • B = 3/(u+9) where Fq2 is represented as Fq[u]/(u^2+1) = Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)

Dependencies

~3.5–5MB
~91K SLoC