#elliptic-curve #finite-fields #scalar-field #math

no-std ark-ed-on-bls12-381-bandersnatch

Bandersnatch: a curve defined over the scalar field of the BLS12-381 curve

5 releases

0.5.0 Oct 28, 2024
0.5.0-alpha.0 Jun 20, 2024
0.4.0 Jan 17, 2023
0.4.0-alpha.2 Dec 28, 2022
0.4.0-alpha.1 Nov 29, 2022

#2425 in Cryptography

Download history 33081/week @ 2024-08-19 45084/week @ 2024-08-26 51493/week @ 2024-09-02 44548/week @ 2024-09-09 42611/week @ 2024-09-16 43459/week @ 2024-09-23 45695/week @ 2024-09-30 43311/week @ 2024-10-07 42182/week @ 2024-10-14 46515/week @ 2024-10-21 36430/week @ 2024-10-28 50358/week @ 2024-11-04 38597/week @ 2024-11-11 37954/week @ 2024-11-18 40597/week @ 2024-11-25 31214/week @ 2024-12-02

149,520 downloads per month
Used in 17 crates (3 directly)

MIT/Apache

1MB
16K SLoC

This library implements the Bendersnatch curve, a twisted Edwards curve whose base field is the scalar field of the curve BLS12-381. This allows defining cryptographic primitives that use elliptic curves over the scalar field of the latter curve. This curve was generated by Simon Masson from Anoma, and Antonio Sanso from Ethereum Foundation, and is also known as bandersnatch.

See here for the specification of the curve. There was also a Python implementation here.

Curve information:

  • Base field: q = 52435875175126190479447740508185965837690552500527637822603658699938581184513
  • Scalar field: r = 13108968793781547619861935127046491459309155893440570251786403306729687672801
  • Valuation(q - 1, 2) = 32
  • Valuation(r - 1, 2) = 5
  • Curve equation: ax^2 + y^2 =1 + dx^2y^2, where
    • a = -5
    • d = 45022363124591815672509500913686876175488063829319466900776701791074614335719

Dependencies

~3.5–5MB
~88K SLoC