Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

std::math::Fp2 implementation for BN254 is not correct due to choice of quadratic non residue #1432

Open
onurinanc opened this issue Jun 7, 2024 · 2 comments
Open

std::math::Fp2 implementation for BN254 is not correct due to choice of quadratic non residue #1432

onurinanc opened this issue Jun 7, 2024 · 2 comments
Labels
stdlib

Comments

@onurinanc
Copy link
Collaborator

In the std::math::Fp2 line 8. It is specified that /// the Goldilocks or the BN254 field) relative to the irreducible polynomial X^2 - 7.

X^2 - 7 is an irreducible polynomial over the Goldilocks field.

However, X^2 - 7 is not an irreducible polynomial over the BN254 field. It means that the Fp2 implementation of the BN254 is not proper, and might have issues since "not every element has an inverse in the extension field"

So, we need to separate the fp2 implementations of Goldilocks and BN254

For, BN254 Fp2 implementation, we can choose the irreducible polynomial X^2 + 1
@onurinanc
Copy link
Collaborator Author

I double-checked this and realized I made the irreducibility test with the bn254 base field, which is wrong. I made the test with the bn254 scalar field right now and x^2 - 7 is irreducible.

We can close this issue.

@chriseth
Copy link
Member

Still, the implementation does not assert anything about the field.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stdlib
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chriseth @onurinanc