ForeignCurve
Constructors
new ForeignCurve(g)
new ForeignCurve(g: {
x: number | bigint | Field3 | AlmostForeignField;
y: number | bigint | Field3 | AlmostForeignField;
}): ForeignCurve
Create a new ForeignCurve from an object representing the (affine) x and y coordinates.
Parameters
• g
• g.x: number
| bigint
| Field3
| AlmostForeignField
• g.y: number
| bigint
| Field3
| AlmostForeignField
Returns
Example
let x = new ForeignCurve({ x: 1n, y: 1n });
Important: By design, there is no way for a ForeignCurve
to represent the zero point.
Warning: This fails for a constant input which does not represent an actual point on the curve.
Source
lib/provable/crypto/foreign-curve.ts:45
Properties
x
x: AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:30
y
y: AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:31
_Bigint?
static optional _Bigint: {};
Source
lib/provable/crypto/foreign-curve.ts:240
_Field?
static optional _Field: typeof AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:241
_Scalar?
static optional _Scalar: typeof AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:242
_provable?
static optional _provable: ProvablePureExtended<ForeignCurve, {
x: string;
y: string;
}>;
Source
lib/provable/crypto/foreign-curve.ts:243
Accessors
Constructor
get Constructor(): typeof ForeignCurve
Returns
typeof ForeignCurve
Source
lib/provable/crypto/foreign-curve.ts:237
modulus
get modulus(): bigint
The size of the curve's base field.
Returns
bigint
Source
lib/provable/crypto/foreign-curve.ts:81
Bigint
get static Bigint(): {}
Curve arithmetic on JS bigints.
Returns
{}
Source
lib/provable/crypto/foreign-curve.ts:251
Field
get static Field(): typeof AlmostForeignField
The base field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Source
lib/provable/crypto/foreign-curve.ts:258
Scalar
get static Scalar(): typeof AlmostForeignField
The scalar field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Source
lib/provable/crypto/foreign-curve.ts:265
generator
get static generator(): ForeignCurve
The constant generator point.
Returns
Source
lib/provable/crypto/foreign-curve.ts:69
modulus
get static modulus(): bigint
The size of the curve's base field.
Returns
bigint
Source
lib/provable/crypto/foreign-curve.ts:75
provable
get static provable(): ProvablePureExtended<ForeignCurve, {
x: string;
y: string;
}>
Provable<ForeignCurve>
Returns
ProvablePureExtended
\<ForeignCurve
, {
x
: string
;
y
: string
;
}>
Source
lib/provable/crypto/foreign-curve.ts:272
Methods
add()
add(h: ForeignCurve | FlexiblePoint): ForeignCurve
Elliptic curve addition.
let r = p.add(q); // r = p + q
Important: this is incomplete addition and does not handle the degenerate cases:
- Inputs are equal,
g = h
(where you would use double). In this case, the result of this method is garbage and can be manipulated arbitrarily by a malicious prover. - Inputs are inverses of each other,
g = -h
, so that the result would be the zero point. In this case, the proof fails.
If you want guaranteed soundness regardless of the input, use addSafe instead.
Parameters
• h: ForeignCurve
| FlexiblePoint
Returns
Throws
if the inputs are inverses of each other.
Source
lib/provable/crypto/foreign-curve.ts:121
addSafe()
addSafe(h: ForeignCurve | FlexiblePoint): ForeignCurve
Safe elliptic curve addition.
This is the same as add, but additionally proves that the inputs are not equal. Therefore, the method is guaranteed to either fail or return a valid addition result.
Beware: this is more expensive than add, and is still incomplete in that it does not succeed on equal or inverse inputs.
Parameters
• h: ForeignCurve
| FlexiblePoint
Returns
Throws
if the inputs are equal or inverses of each other.
Source
lib/provable/crypto/foreign-curve.ts:139
assertInSubgroup()
assertInSubgroup(): void
Assert that this point lies in the subgroup defined by order*P = 0
.
Note: this is a no-op if the curve has cofactor equal to 1. Otherwise
it performs the full scalar multiplication order*P
and is expensive.
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:219
assertOnCurve()
assertOnCurve(): void
Assert that this point lies on the elliptic curve, which means it satisfies the equation
y^2 = x^3 + ax + b
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:203
double()
double(): ForeignCurve
Elliptic curve doubling.
Returns
Example
let r = p.double(); // r = 2 * p
Source
lib/provable/crypto/foreign-curve.ts:158
isConstant()
isConstant(): boolean
Checks whether this curve point is constant.
See FieldVar to understand constants vs variables.
Returns
boolean
Source
lib/provable/crypto/foreign-curve.ts:90
negate()
negate(): ForeignCurve
Elliptic curve negation.
Returns
Example
let r = p.negate(); // r = -p
Source
lib/provable/crypto/foreign-curve.ts:172
scale()
scale(scalar: number | bigint | AlmostForeignField): ForeignCurve
Elliptic curve scalar multiplication, where the scalar is represented as a ForeignField element.
Important: this proves that the result of the scalar multiplication is not the zero point.
Parameters
• scalar: number
| bigint
| AlmostForeignField
Returns
Throws
if the scalar multiplication results in the zero point; for example, if the scalar is zero.
Example
let r = p.scale(s); // r = s * p
Source
lib/provable/crypto/foreign-curve.ts:188
toBigint()
toBigint(): GroupAffine
Convert this curve point to a point with bigint coordinates.
Returns
GroupAffine
Source
lib/provable/crypto/foreign-curve.ts:97
assertInSubgroup()
static assertInSubgroup(g: ForeignCurve): void
Parameters
• g: ForeignCurve
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:207
assertOnCurve()
static assertOnCurve(g: ForeignCurve): void
Parameters
• g: ForeignCurve
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:195
check()
static check(g: ForeignCurve): void
Check that this is a valid element of the target subgroup of the curve:
- Check that the coordinates are valid field elements
- Use () to check that the point lies on the curve
- If the curve has cofactor unequal to 1, use ().
Parameters
• g: ForeignCurve
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:229
from()
static from(g: ForeignCurve | FlexiblePoint): ForeignCurve
Coerce the input to a ForeignCurve.
Parameters
• g: ForeignCurve
| FlexiblePoint