Skip to content
Supporting evidence for security of the baby_jubjub curve to be used in altbn128, Ethereum
Branch: master
Clone or download
Pull request Compare This branch is 8 commits ahead of daira:master.
barryWhiteHat Merge pull request #4 from bellesmarta/master
Deterministic search of the generating and the base points.
Latest commit b59f498 Apr 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE Add LICENSE and .gitignore. Also fix the curve equation. Nov 2, 2017
README.md Update README.md Aug 3, 2018
a curve for altbn~128~253 Jul 31, 2018
d curve for altbn~128~253 Jul 31, 2018
findCurve.sage Update findCurve.sage Oct 19, 2018
l curve for altbn~128~253 Jul 31, 2018
p curve for altbn~128~253 Jul 31, 2018
rigid Initial commit (including the original verify.sage). Nov 2, 2017
run.sh Add run.sh. Nov 2, 2017
shape Initial commit (including the original verify.sage). Nov 2, 2017
verify.sage Change the directory in which the Pocklington proof files are created. Nov 2, 2017
x0 Deterministic search of generating and base point Oct 19, 2018
x1 Deterministic search of generating and base point Oct 19, 2018
y0 Deterministic search of generating and base point Oct 19, 2018
y1 Deterministic search of generating and base point Oct 19, 2018

README.md

baby_Jubjub supporting evidence

This repository contains supporting evidence that the twisted Edwards curve 168700.x^2 + y^2 = 1 + 168696.x^2.y^2 of rational points over GF(21888242871839275222246405745257275088548364400416034343698204186575808495617), also called babyJubJub based upone "Jubjub", satisfies the SafeCurves criteria.

The script verify.sage is based on this script from the SafeCurves site, modified by Daira Hopwood

  • to support twisted Edwards curves;
  • to generate a file 'primes' containing the primes needed for primality proofs, if it is not already present;
  • to change the directory in which Pocklington proof files are generated (proof/ rather than ../../../proof), and to create that directory if it does not exist.

Prerequisites:

  • apt-get install sagemath
  • pip install sortedcontainers

Run sage verify.sage ., or ./run.sh to also print out the results.

You can generate the curve by running sage findCurve.sage 168698 This is the lowest A=168698 of a montgomary curve that statifies the critieria defined in ref7748

Note that the "rigidity" criterion cannot be checked automatically.

You can’t perform that action at this time.