ForeignCurve
Deprecated
ForeignCurve is now deprecated and will be removed in a future release. Please use ForeignCurveV2 instead.
Extended by
Constructors
new ForeignCurve()
new ForeignCurve(g: {
"x": number | bigint | Field3 | AlmostForeignField;
"y": number | bigint | Field3 | AlmostForeignField;
}): ForeignCurve
Create a new ForeignCurve from an object representing the (affine) x and y coordinates.
Parameters
• g
• g.x: number | bigint | Field3 | AlmostForeignField
• g.y: number | bigint | Field3 | AlmostForeignField
Returns
Example
let x = new ForeignCurve({ x: 1n, y: 1n });
Important: By design, there is no way for a ForeignCurve to represent the zero point.
Warning: This fails for a constant input which does not represent an actual point on the curve.
Source
lib/provable/crypto/foreign-curve.ts:54
Properties
x
x: AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:39
y
y: AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:40
_Bigint?
static optional _Bigint: {};
Source
lib/provable/crypto/foreign-curve.ts:249
_Field?
static optional _Field: typeof AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:250
_Scalar?
static optional _Scalar: typeof AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:251
_provable?
static optional _provable: ProvablePureExtended<ForeignCurve, {
"x": bigint;
"y": bigint;
}, {
"x": string;
"y": string;
}>;
Source
lib/provable/crypto/foreign-curve.ts:252
Accessors
Constructor
get Constructor(): typeof ForeignCurve
Returns
typeof ForeignCurve
Source
lib/provable/crypto/foreign-curve.ts:246
modulus
get modulus(): bigint
The size of the curve's base field.
Returns
bigint
Source
lib/provable/crypto/foreign-curve.ts:90
Bigint
get static Bigint(): {}
Curve arithmetic on JS bigints.
Returns
{}
Source
lib/provable/crypto/foreign-curve.ts:261
Field
get static Field(): typeof AlmostForeignField
The base field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Source
lib/provable/crypto/foreign-curve.ts:268
Scalar
get static Scalar(): typeof AlmostForeignField
The scalar field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Source
lib/provable/crypto/foreign-curve.ts:275
generator
get static generator(): ForeignCurve
The constant generator point.
Returns
Source
lib/provable/crypto/foreign-curve.ts:78
modulus
get static modulus(): bigint
The size of the curve's base field.
Returns
bigint
Source
lib/provable/crypto/foreign-curve.ts:84
provable
get static provable(): ProvablePureExtended<ForeignCurve, {
"x": bigint;
"y": bigint;
}, {
"x": string;
"y": string;
}>
Provable<ForeignCurve>
Returns
ProvablePureExtended\<ForeignCurve, {
"x": bigint;
"y": bigint;
}, {
"x": string;
"y": string;
}>
Source
lib/provable/crypto/foreign-curve.ts:282
Methods
add()
add(h: ForeignCurve | FlexiblePoint): ForeignCurve
Elliptic curve addition.
let r = p.add(q); // r = p + q
Important: this is incomplete addition and does not handle the degenerate cases:
- Inputs are equal,
g = h(where you would use double). In this case, the result of this method is garbage and can be manipulated arbitrarily by a malicious prover. - Inputs are inverses of each other,
g = -h, so that the result would be the zero point. In this case, the proof fails.
If you want guaranteed soundness regardless of the input, use addSafe instead.
Parameters
• h: ForeignCurve | FlexiblePoint
Returns
Throws
if the inputs are inverses of each other.
Source
lib/provable/crypto/foreign-curve.ts:130
addSafe()
addSafe(h: ForeignCurve | FlexiblePoint): ForeignCurve
Safe elliptic curve addition.
This is the same as add, but additionally proves that the inputs are not equal. Therefore, the method is guaranteed to either fail or return a valid addition result.
Beware: this is more expensive than add, and is still incomplete in that it does not succeed on equal or inverse inputs.
Parameters
• h: ForeignCurve | FlexiblePoint
Returns
Throws
if the inputs are equal or inverses of each other.
Source
lib/provable/crypto/foreign-curve.ts:148
assertInSubgroup()
assertInSubgroup(): void
Assert that this point lies in the subgroup defined by order*P = 0.
Note: this is a no-op if the curve has cofactor equal to 1. Otherwise
it performs the full scalar multiplication order*P and is expensive.
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:228
assertOnCurve()
assertOnCurve(): void
Assert that this point lies on the elliptic curve, which means it satisfies the equation
y^2 = x^3 + ax + b
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:212
double()
double(): ForeignCurve
Elliptic curve doubling.
Returns
Example
let r = p.double(); // r = 2 * p
Source
lib/provable/crypto/foreign-curve.ts:167
isConstant()
isConstant(): boolean
Checks whether this curve point is constant.
See FieldVar to understand constants vs variables.
Returns
boolean
Source
lib/provable/crypto/foreign-curve.ts:99
negate()
negate(): ForeignCurve
Elliptic curve negation.
Returns
Example
let r = p.negate(); // r = -p
Source
lib/provable/crypto/foreign-curve.ts:181
scale()
scale(scalar: number | bigint | AlmostForeignField): ForeignCurve
Elliptic curve scalar multiplication, where the scalar is represented as a ForeignField element.
Important: this proves that the result of the scalar multiplication is not the zero point.
Parameters
• scalar: number | bigint | AlmostForeignField
Returns
Throws
if the scalar multiplication results in the zero point; for example, if the scalar is zero.
Example
let r = p.scale(s); // r = s * p
Source
lib/provable/crypto/foreign-curve.ts:197
toBigint()
toBigint(): GroupAffine
Convert this curve point to a point with bigint coordinates.
Returns
GroupAffine
Source
lib/provable/crypto/foreign-curve.ts:106
assertInSubgroup()
static assertInSubgroup(g: ForeignCurve): void
Parameters
• g: ForeignCurve
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:216
assertOnCurve()
static assertOnCurve(g: ForeignCurve): void
Parameters
• g: ForeignCurve
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:204
check()
static check(g: ForeignCurve): void
Check that this is a valid element of the target subgroup of the curve:
- Check that the coordinates are valid field elements
- Use () to check that the point lies on the curve
- If the curve has cofactor unequal to 1, use ().
Parameters
• g: ForeignCurve
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:238
from()
static from(g: ForeignCurve | FlexiblePoint): ForeignCurve
Coerce the input to a ForeignCurve.
Parameters
• g: ForeignCurve | FlexiblePoint