Lib.rs

CryptographyMagic Beans
#elliptic-curve #elliptic-curve-cryptography #pairing-friendly #bn254 #finite

no-std ark-bn254

The BN254 pairing-friendly elliptic curve

by Marti, Dev Ojha, Pratyush Mishra, Weikeng Chen, arkworks contributors (86 contributors). Co-owned by arkworks.

7 unstable releases

0.5.0 Oct 28, 2024
0.5.0-alpha.0 Jun 20, 2024
0.4.0 Jan 17, 2023
0.4.0-alpha.2 Dec 28, 2022
0.2.0 Mar 25, 2021

#9 in #bn254

Download history 83042/week @ 2024-11-30 84813/week @ 2024-12-07 64766/week @ 2024-12-14 33349/week @ 2024-12-21 43050/week @ 2024-12-28 79589/week @ 2025-01-04 85386/week @ 2025-01-11 82355/week @ 2025-01-18 80045/week @ 2025-01-25 98644/week @ 2025-02-01 92881/week @ 2025-02-08 89618/week @ 2025-02-15 95966/week @ 2025-02-22 100880/week @ 2025-03-01 102831/week @ 2025-03-08 99491/week @ 2025-03-15

414,254 downloads per month
Used in 1,581 crates (98 directly)

MIT/Apache

620KB
13K SLoC

This library implements the BN254 curve that was sampled as part of the [BCTV14] paper . The name denotes that it is a Barreto--Naehrig curve of embedding degree 12, defined over a 254-bit (prime) field. The scalar field is highly 2-adic.

This curve is also implemented in libff under the name bn128. It is the same as the bn256 curve used in Ethereum (eg: go-ethereum).

#CAUTION This curve does not satisfy the 128-bit security level anymore.

Curve information:

  • Base field: q = 21888242871839275222246405745257275088696311157297823662689037894645226208583
  • Scalar field: r = 21888242871839275222246405745257275088548364400416034343698204186575808495617
  • valuation(q - 1, 2) = 1
  • valuation(r - 1, 2) = 28
  • G1 curve equation: y^2 = x^3 + 3
  • G2 curve equation: y^2 = x^3 + B, where
    • B = 3/(u+9) where Fq2 is represented as Fq[u]/(u^2+1) = Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)

Dependencies

~3.5–5MB
~95K SLoC