Lib.rs

Cryptography
#elliptic-curve #finite-fields

no-std ark-bn254

The BN254 pairing-friendly elliptic curve

by Marti, Dev Ojha, Pratyush Mishra, Weikeng Chen, arkworks contributors (86 contributors). Co-owned by arkworks.

7 unstable releases

0.5.0 Oct 28, 2024
0.5.0-alpha.0 Jun 20, 2024
0.4.0 Jan 17, 2023
0.4.0-alpha.2 Dec 28, 2022
0.2.0 Mar 25, 2021

#723 in Cryptography

Download history 71464/week @ 2024-11-21 69174/week @ 2024-11-28 86166/week @ 2024-12-05 71499/week @ 2024-12-12 46014/week @ 2024-12-19 33066/week @ 2024-12-26 67470/week @ 2025-01-02 85697/week @ 2025-01-09 82388/week @ 2025-01-16 82149/week @ 2025-01-23 94905/week @ 2025-01-30 91475/week @ 2025-02-06 92049/week @ 2025-02-13 92933/week @ 2025-02-20 99859/week @ 2025-02-27 103327/week @ 2025-03-06

404,951 downloads per month
Used in 1,540 crates (98 directly)

MIT/Apache

620KB
13K SLoC

This library implements the BN254 curve that was sampled as part of the [BCTV14] paper . The name denotes that it is a Barreto--Naehrig curve of embedding degree 12, defined over a 254-bit (prime) field. The scalar field is highly 2-adic.

This curve is also implemented in libff under the name bn128. It is the same as the bn256 curve used in Ethereum (eg: go-ethereum).

#CAUTION This curve does not satisfy the 128-bit security level anymore.

Curve information:

  • Base field: q = 21888242871839275222246405745257275088696311157297823662689037894645226208583
  • Scalar field: r = 21888242871839275222246405745257275088548364400416034343698204186575808495617
  • valuation(q - 1, 2) = 1
  • valuation(r - 1, 2) = 28
  • G1 curve equation: y^2 = x^3 + 3
  • G2 curve equation: y^2 = x^3 + B, where
    • B = 3/(u+9) where Fq2 is represented as Fq[u]/(u^2+1) = Fq2(19485874751759354771024239261021720505790618469301721065564631296452457478373, 266929791119991161246907387137283842545076965332900288569378510910307636690)

Dependencies

~3.5–5MB
~95K SLoC