Implement support for the Pasta curves #100
Conversation
There was a problem hiding this comment.
Thanks, looks good!
I had forgotten how much work it was to work out all the constants and stuff. It would be nice if we could compute most of them at compile time, but I think it's tricky in Rust since compile time computations are so limited, e.g. we can't allocate BigUInts.
We should probably unify the tests at some point (a la test_arithmetic), but I can do that afterward.
Thanks. :)
Yes, I gave this some thought since it proved quite error-prone to work out which values needed to be converted to Montgomery form and which didn't, and to do the Montgomery calculation "manually" for each value and copy it across. I think it's probably possible to make Montgomery multiplication a
Agreed. I'm also happy to do the refactoring; I guess we'll see who gets there first. :) |
This PR implements support for the Pasta curve pair which provide some benefits over the Tweedle* curve pair.
This PR does not attempt to implement any of the performance improvements mentioned in the aforementioned reference; the benefits such are likely to be fairly modest.
Most of the work was just converting the published constants into Montgomery form and pasting them into the right slots. This means that there is some additional duplication with the other field and curve implementations; this will be refactored in due course. The only exception to this was the choice of the
ZETAandZETA_SCALARparameters which are not mandated by the Pasta curves, just their properties; so a choice was made and set in the implementation.