arkworks-rs · vasemkin · Feb 2, 2025 · Feb 2, 2025 · Feb 2, 2025 · Feb 20, 2025
@@ -1,6 +1,7 @@
 # CHANGELOG
 
 ## Pending
+-   [\#926](https://github.com/arkworks-rs/algebra/pull/926) Add the circom compatible Baby Jubjub curve
 
 ### Breaking changes
 

@@ -3,6 +3,7 @@
 members = [
     "curve-constraint-tests",
 
+    "baby_jubjub",
     "bls12_377",
     "ed_on_bls12_377",
 

@@ -0,0 +1,31 @@
+[package]
+name = "ark-babyjubjub"
+version.workspace = true
+authors.workspace = true
+description = "The Baby Jubjub Twisted Edwards curve"
+homepage.workspace = true
+repository.workspace = true
+documentation = "https://docs.rs/ark-babyjubjub/"
+keywords.workspace = true
+categories.workspace = true
+include.workspace = true
+license.workspace = true
+edition.workspace = true
+
+[dependencies]
+ark-ff = { workspace = true }
+ark-ec = { workspace = true }
+ark-std = { workspace = true }
+ark-r1cs-std = { workspace = true, optional = true }
+ark-bn254 = { workspace = true, features = [ "scalar_field" ] }
+
+[dev-dependencies]
+ark-relations = { workspace = true }
+ark-serialize = { workspace = true }
+ark-algebra-test-templates = { workspace = true }
+ark-curve-constraint-tests = { path = "../curve-constraint-tests" }
+
+[features]
+default = []
+std = [ "ark-std/std", "ark-ff/std", "ark-ec/std", "ark-bn254/std" ]
+r1cs = ["ark-r1cs-std"]
@@ -0,0 +1 @@
+../LICENSE-APACHE
@@ -0,0 +1 @@
+../LICENSE-MIT
@@ -0,0 +1,11 @@
+use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
+
+use crate::{constraints::FqVar, *};
+
+/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
+pub type EdwardsVar = AffineVar<EdwardsConfig, FqVar>;
+
+#[test]
+fn test() {
+    ark_curve_constraint_tests::curves::te_test::<EdwardsConfig, EdwardsVar>().unwrap();
+}
@@ -0,0 +1,9 @@
+use ark_r1cs_std::fields::fp::FpVar;
+
+/// A variable that is the R1CS equivalent of `crate::Fq`.
+pub type FqVar = FpVar<crate::Fq>;
+
+#[test]
+fn test() {
+    ark_curve_constraint_tests::fields::field_test::<_, _, FqVar>().unwrap();
+}
@@ -0,0 +1,8 @@
+//! This module implements the R1CS equivalent of `ark_babyjubjub`.
+//! It requires a curve that embeds Baby Jubjub curve.
+
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;
@@ -0,0 +1,77 @@
+use ark_ec::{
+    models::CurveConfig,
+    twisted_edwards::{Affine, MontCurveConfig, Projective, TECurveConfig},
+};
+use ark_ff::{Field, MontFp};
+
+use crate::{Fq, Fr};
+
+#[cfg(test)]
+mod tests;
+
+pub type EdwardsAffine = Affine<EdwardsConfig>;
+pub type EdwardsProjective = Projective<EdwardsConfig>;
+
+/// `Baby-JubJub` is a twisted Edwards curve. These curves have equations of the
+/// form: ax² + y² = 1 + dx²y².
+/// over some base finite field Fq.
+///
+/// Baby-JubJub's curve equation: Ax^2 + y^2 = 1 + Dx^2y^2, where
+///    * A = 168700
+///    * D = 168696
+///
+/// q = 21888242871839275222246405745257275088548364400416034343698204186575808495617
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct EdwardsConfig;
+
+impl CurveConfig for EdwardsConfig {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+
+    /// COFACTOR = 8
+    const COFACTOR: &'static [u64] = &[8];
+
+    /// COFACTOR^(-1) mod r =
+    /// 2394026564107420727433200628387514462817212225638746351800188703329891451411
+    const COFACTOR_INV: Fr =
+        MontFp!("2394026564107420727433200628387514462817212225638746351800188703329891451411");
+}
+
+impl TECurveConfig for EdwardsConfig {
+    /// COEFF_A = 168700
+    const COEFF_A: Fq = MontFp!("168700");
+
+    /// COEFF_D = 168696
+    const COEFF_D: Fq = MontFp!("168696");
+
+    /// Standard base points from https://eips.ethereum.org/EIPS/eip-2494.
+    /// Note: A base point B is used instead of a generator G satisfying B = 8 * G.
+    /// The Montgomery form is
+    ///     x = 7,
+    ///     y = 4258727773875940690362607550498304598101071202821725296872974770776423442226
+    /// The twisted Edwards form is
+    ///     x = 995203441582195749578291179787384436505546430278305826713579947235728471134
+    ///     y = 5472060717959818805561601436314318772137091100104008585924551046643952123905
+    const GENERATOR: EdwardsAffine = EdwardsAffine::new_unchecked(GENERATOR_X, GENERATOR_Y);
+
+    type MontCurveConfig = EdwardsConfig;
+}
+
+impl MontCurveConfig for EdwardsConfig {
+    /// COEFF_A = 168698
+    const COEFF_A: Fq = MontFp!("168698");
+    /// COEFF_B = 1
+    const COEFF_B: Fq = Fq::ONE;
+
+    type TECurveConfig = EdwardsConfig;
+}
+
+/// GENERATOR_X =
+/// 5299619240641551281634865583518297030282874472190772894086521144482721001553
+pub const GENERATOR_X: Fq =
+    MontFp!("5299619240641551281634865583518297030282874472190772894086521144482721001553");
+
+/// GENERATOR_Y =
+/// 16950150798460657717958625567821834550301663161624707787222815936182638968203
+pub const GENERATOR_Y: Fq =
+    MontFp!("16950150798460657717958625567821834550301663161624707787222815936182638968203");
@@ -0,0 +1,4 @@
+use crate::*;
+use ark_algebra_test_templates::*;
+
+test_group!(te; EdwardsProjective; te);
@@ -0,0 +1,8 @@
+use ark_ff::fields::{Fp256, MontBackend, MontConfig};
+
+#[derive(MontConfig)]
+#[modulus = "21888242871839275222246405745257275088548364400416034343698204186575808495617"]
+#[generator = "5"]
+
+pub struct FqConfig;
+pub type Fq = Fp256<MontBackend<FqConfig, 4>>;
@@ -0,0 +1,8 @@
+use ark_ff::fields::{Fp256, MontBackend, MontConfig};
+
+#[derive(MontConfig)]
+#[modulus = "2736030358979909402780800718157159386076813972158567259200215660948447373041"]
+#[generator = "31"]
+
+pub struct FrConfig;
+pub type Fr = Fp256<MontBackend<FrConfig, 4>>;
@@ -0,0 +1,8 @@
+pub mod fq;
+pub mod fr;
+
+pub use fq::*;
+pub use fr::*;
+
+#[cfg(test)]
+mod tests;