Lib.rs

Cryptography
#elliptic-curve #finite-fields #scalar-field

no-std ark-bn254

The BN254 pairing-friendly elliptic curve

by Marcin, Dev Ojha, Pratyush Mishra, Weikeng Chen, arkworks contributors (86 contributors). Co-owned by arkworks.

7 unstable releases

0.5.0 Oct 28, 2024
0.5.0-alpha.0 Jun 20, 2024
0.4.0 Jan 17, 2023
0.4.0-alpha.2 Dec 28, 2022
0.2.0 Mar 25, 2021

#1101 in Cryptography

Download history 214691/week @ 2024-09-27 640049/week @ 2024-10-04 522329/week @ 2024-10-11 562798/week @ 2024-10-18 101261/week @ 2024-10-25 73311/week @ 2024-11-01 63687/week @ 2024-11-08 67663/week @ 2024-11-15 67153/week @ 2024-11-22 76270/week @ 2024-11-29 86344/week @ 2024-12-06 67380/week @ 2024-12-13 38877/week @ 2024-12-20 37404/week @ 2024-12-27 72986/week @ 2025-01-03 72631/week @ 2025-01-10

233,183 downloads per month
Used in 1,518 crates (79 directly)

MIT/Apache

620KB
13K SLoC

This library implements the BN254 curve that was sampled as part of the [BCTV14] paper . The name denotes that it is a Barreto--Naehrig curve of embedding degree 12, defined over a 254-bit (prime) field. The scalar field is highly 2-adic.

This curve is also implemented in libff under the name bn128. It is the same as the bn256 curve used in Ethereum (eg: go-ethereum).

#CAUTION This curve does not satisfy the 128-bit security level anymore.

Curve information:

  • Base field: q = 21888242871839275222246405745257275088696311157297823662689037894645226208583
  • Scalar field: r = 21888242871839275222246405745257275088548364400416034343698204186575808495617
  • valuation(q - 1, 2) = 1
  • valuation(r - 1, 2) = 28
  • G1 curve equation: y^2 = x^3 + 3
  • G2 curve equation: y^2 = x^3 + B, where
    • B = 3/(u+9) where Fq2 is represented as Fq[u]/(u^2+1) = Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)

Dependencies

~3.5–5MB
~90K SLoC