Suppose one did want to build a secp256k1 gadget. I notice that libsnark already provides a general gadget for weierstrass form elliptic curves, parameterized by a field. So all we'd have to do is define the secp256k1 operations in the alt_bn128 or in bls12 fields. Is there any more clever way to do this than just providing splitting into bits to implement modular arithmetic in a different field?
On Jan 3, 2018 2:11 PM, "Sean Bowe" <s...@z.cash> wrote: > If any curve is acceptable, I would encourage Jubjub, which we'll be > using for the next version of Zcash. In which case you will be able to > leverage our Sapling crypto code once it is more mature over the next > month or so. https://github.com/zcash-hackworks/sapling-crypto > > Sean > > On Wed, Jan 3, 2018 at 1:02 PM, James Prestwich via zapps-wg > <zapps...@lists.z.cash.foundation> wrote: > > I'd prefer sha256 or bitcoin-style hash160. I'm interested in a few > > different curves, including secp256k1. Eventually for EdDSA keys as > well. Is > > there a list of supported curve operations? > > > > On Wed, Jan 3, 2018 at 12:57 PM Andrew Miller <soc1...@illinois.edu> > wrote: > >> > >> Thank you so much for expressing your question in Camenisch-Stadler > >> notation! That makes it very clear what you're going for. > >> > >> What hash function H do you have in mind, would SHA2 work? Also what > group > >> G do you have in mind, secp256k1? > >> > >> If so, I do not know of any existing implementation of secp256k1 > >> operations specifically in libsnark, so that would presumably be the > biggest > >> challenge. > >> > >> > >> On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg" > >> <zapps...@lists.z.cash.foundation> wrote: > >> > >> I'd like to participate in the setup ceremony. > >> > >> I also have an app I'd like to build using a zk-proof of knowledge of an > >> ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to > good > >> resources on getting started? > >> > >> > > >
