Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for bn254 G2 #70

Open
matthiasgeihs opened this issue Aug 4, 2023 · 12 comments
Open

Support for bn254 G2 #70

matthiasgeihs opened this issue Aug 4, 2023 · 12 comments
Labels
enhancement New feature or request

Comments

@matthiasgeihs
Copy link

With support for bls12-381 being stagnant (EIP-2537), to the best of my knowledge, using curve alt_bn128 is currently the only way to have efficient pairings on Ethereum (EIP-197). Any plans to integrate this curve with noble-curves?

For my use case, I would only need the group operations to be included in the library, not the pairing, basically asking for a similar thing as indutny/elliptic#154. The goal is to be able to write a JavaScript / TypeScript interface that can generate the inputs to the smart contract that then computes the pairing for verification.
@paulmillr
Copy link
Owner

We have this curve, and it's called bn254.

@matthiasgeihs
Copy link
Author

@paulmillr Turns out I might actually need to compute in G_2 of alt_bn128/bn254 as well. Any suggestions how to go about this? (Background: Planning to implement Catalano-Fiore Vector Commitments.)

@matthiasgeihs matthiasgeihs reopened this Aug 7, 2023
@paulmillr
Copy link
Owner

Take a look at bls12-381 implementation for Fp2 (G2) impl there.

We provide necessary abstractions for extension fields, so it can be done.

@matthiasgeihs
Copy link
Author

matthiasgeihs commented Aug 7, 2023
edited

Thanks for the hint. Looks like a bit of work (and proper understanding) is required to do that right. Not sure if I can dedicate the necessary time currently, but will keep it in the back of my head. (Might otherwise reside to using a Rust library and compiling Rust to WASM.)

@paulmillr paulmillr changed the title Plans to support alt_bn128? Support for bn254 G2 Aug 7, 2023
@paulmillr paulmillr added the enhancement New feature or request label Aug 7, 2023
@paulmillr
Copy link
Owner

As a side note, alt_bn128 was its name when it was thought if having 128-bit security. Now that it was found to be shitty, it became bn254.

https://moderncrypto.org/mail-archive/curves/2016/000740.html
zcash/zcash#714
https://xn--2-umb.com/22/pairings/

@matthiasgeihs
Copy link
Author

I know about the issue. But are there any better alternatives on Ethereum as long as bls12-381 is not supported natively? (see EIP-2537 discussion thread)

@paulmillr
Copy link
Owner

As you've mentioned in the first post: unfortunately, no. We need to press on eth core, because it's really tragic.

@fedealconada
Copy link

The goal is to be able to write a JavaScript / TypeScript interface that can generate the inputs to the smart contract that then computes the pairing for verification.

hey @matthiasgeihs, wondering if you managed to do this? or what did you end up using

@matthiasgeihs
Copy link
Author

@fedealconada I've been resorting to existing libraries such as ffjavascript.

@lucadonnoh
Copy link

i would also like this feature!

@paulmillr paulmillr mentioned this issue Apr 15, 2024
Closed
@rishabh-vasudevan19
Copy link

I would also love to have bn254 pairings and g2. Are you planning to add this to the repository?

@paulmillr
Copy link
Owner

Contributions are welcome.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@paulmillr @fedealconada @lucadonnoh @matthiasgeihs @rishabh-vasudevan19