Add the ed25519 curve (#121)

* add ed25519 curve * changelog * curve info * fix * cleanup the script * Update ed25519/src/curves/mod.rs * Update ed25519/src/curves/mod.rs Co-authored-by: onewayfunc <onewayfunc@gmail.com>
2026-01-11 00:11:37 +01:00 · 2022-10-29 19:33:55 -07:00
parent 5d6d31d213
commit a7d266f73d
17 changed files with 548 additions and 0 deletions
--- a/ed25519/src/constraints/curves.rs
+++ b/ed25519/src/constraints/curves.rs
@@ -0,0 +1,11 @@
+use ark_r1cs_std::groups::curves::twisted_edwards::AffineVar;
+
+use crate::{constraints::FqVar, *};
+
+/// A variable that is the R1CS equivalent of `crate::EdwardsAffine`.
+pub type EdwardsVar = AffineVar<EdwardsParameters, FqVar>;
+
+#[test]
+fn test() {
+    ark_curve_constraint_tests::curves::te_test::<EdwardsParameters, EdwardsVar>().unwrap();
+}
--- a/ed25519/src/constraints/fields.rs
+++ b/ed25519/src/constraints/fields.rs
@@ -0,0 +1,11 @@
+use ark_r1cs_std::fields::fp::FpVar;
+
+use crate::Fq;
+
+/// A variable that is the R1CS equivalent of `crate::Fq`.
+pub type FqVar = FpVar<Fq>;
+
+#[test]
+fn test() {
+    ark_curve_constraint_tests::fields::field_test::<_, _, FqVar>().unwrap();
+}
--- a/ed25519/src/constraints/mod.rs
+++ b/ed25519/src/constraints/mod.rs
@@ -0,0 +1,8 @@
+//! This module implements the R1CS equivalent of `ark_ed25519`.
+//! It requires a curve that embeds ed25519.
+
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;
--- a/ed25519/src/curves/mod.rs
+++ b/ed25519/src/curves/mod.rs
@@ -0,0 +1,72 @@
+use crate::{Fq, Fr};
+use ark_ec::{
+    models::CurveConfig,
+    twisted_edwards::{Affine, MontCurveConfig, Projective, TECurveConfig},
+};
+use ark_ff::MontFp;
+
+#[cfg(test)]
+mod tests;
+
+pub type EdwardsAffine = Affine<EdwardsParameters>;
+pub type EdwardsProjective = Projective<EdwardsParameters>;
+
+#[derive(Clone, Default, PartialEq, Eq)]
+pub struct EdwardsParameters;
+
+impl CurveConfig for EdwardsParameters {
+    type BaseField = Fq;
+    type ScalarField = Fr;
+
+    /// COFACTOR = 8
+    const COFACTOR: &'static [u64] = &[8];
+
+    /// COFACTOR_INV (mod r) =
+    /// 2713877091499598330239944961141122840321418634767465352250731601857045344121
+    const COFACTOR_INV: Fr =
+        MontFp!("2713877091499598330239944961141122840321418634767465352250731601857045344121");
+}
+
+impl TECurveConfig for EdwardsParameters {
+    /// COEFF_A = -1
+    const COEFF_A: Fq = MontFp!("-1");
+
+    /// COEFF_D = -121665 / 121666
+    const COEFF_D: Fq =
+        MontFp!("37095705934669439343138083508754565189542113879843219016388785533085940283555");
+
+    /// Standard generators from <https://neuromancer.sk/std/other/Ed25519>.
+    const GENERATOR: EdwardsAffine = EdwardsAffine::new_unchecked(GENERATOR_X, GENERATOR_Y);
+
+    type MontCurveConfig = EdwardsParameters;
+
+    /// Multiplication by `a` is just negation.
+    #[inline(always)]
+    fn mul_by_a(elem: Self::BaseField) -> Self::BaseField {
+        -elem
+    }
+}
+
+// We want to emphasize that this Montgomery curve is not Curve25519.
+impl MontCurveConfig for EdwardsParameters {
+    /// COEFF_A = 486662
+    const COEFF_A: Fq = MontFp!("486662");
+
+    /// COEFF_B = 57896044618658097711785492504343953926634992332820282019728792003956564333285
+    /// This is not one, because ed25519 != curve25519
+    const COEFF_B: Fq =
+        MontFp!("57896044618658097711785492504343953926634992332820282019728792003956564333285");
+
+    type TECurveConfig = EdwardsParameters;
+}
+
+/// GENERATOR_X =
+/// 15112221349535400772501151409588531511454012693041857206046113283949847762202
+const GENERATOR_X: Fq =
+    MontFp!("15112221349535400772501151409588531511454012693041857206046113283949847762202");
+
+/// GENERATOR_Y =
+/// (4/5)
+/// 46316835694926478169428394003475163141307993866256225615783033603165251855960
+const GENERATOR_Y: Fq =
+    MontFp!("46316835694926478169428394003475163141307993866256225615783033603165251855960");
--- a/ed25519/src/curves/tests.rs
+++ b/ed25519/src/curves/tests.rs
@@ -0,0 +1,4 @@
+use crate::*;
+use ark_algebra_test_templates::*;
+
+test_group!(te; EdwardsProjective; te);
--- a/ed25519/src/fields/fq.rs
+++ b/ed25519/src/fields/fq.rs
@@ -0,0 +1,7 @@
+use ark_ff::fields::{Fp256, MontBackend, MontConfig};
+
+#[derive(MontConfig)]
+#[modulus = "57896044618658097711785492504343953926634992332820282019728792003956564819949"]
+#[generator = "2"]
+pub struct FqConfig;
+pub type Fq = Fp256<MontBackend<FqConfig, 4>>;
--- a/ed25519/src/fields/fr.rs
+++ b/ed25519/src/fields/fr.rs
@@ -0,0 +1,7 @@
+use ark_ff::fields::{Fp256, MontBackend, MontConfig};
+
+#[derive(MontConfig)]
+#[modulus = "7237005577332262213973186563042994240857116359379907606001950938285454250989"]
+#[generator = "2"]
+pub struct FrConfig;
+pub type Fr = Fp256<MontBackend<FrConfig, 4>>;
--- a/ed25519/src/fields/mod.rs
+++ b/ed25519/src/fields/mod.rs
@@ -0,0 +1,8 @@
+mod fq;
+mod fr;
+
+pub use fq::*;
+pub use fr::*;
+
+#[cfg(test)]
+mod tests;
--- a/ed25519/src/fields/tests.rs
+++ b/ed25519/src/fields/tests.rs
@@ -0,0 +1,5 @@
+use crate::{Fq, Fr};
+use ark_algebra_test_templates::*;
+
+test_field!(fr; Fr; mont_prime_field);
+test_field!(fq; Fq; mont_prime_field);
--- a/ed25519/src/lib.rs
+++ b/ed25519/src/lib.rs
@@ -0,0 +1,28 @@
+#![cfg_attr(not(feature = "std"), no_std)]
+#![deny(
+    warnings,
+    unused,
+    future_incompatible,
+    nonstandard_style,
+    rust_2018_idioms
+)]
+#![forbid(unsafe_code)]
+
+//! This library implements the ed25519 twisted Edwards curve.
+//!
+//! Curve information:
+//! * Base field: q =
+//!   57896044618658097711785492504343953926634992332820282019728792003956564819949
+//! * Scalar field: r =
+//!   7237005577332262213973186563042994240857116359379907606001950938285454250989
+//! * Curve equation: ax^2 + y^2 =1 + dx^2y^2, where
+//!    * a = -1
+//!    * d = -121665 / 121666
+
+#[cfg(feature = "r1cs")]
+pub mod constraints;
+mod curves;
+mod fields;
+
+pub use curves::*;
+pub use fields::*;