Ignoring learning phase, someone might follow the Ed448 example in our
code and take a week or two to produce a twisted edwards curve
implementation over a new field implementation (BLS12-381 scalar field
in this case).
However Jubjub (https://z.cash/technology/jubjub/) appears to be
intended for evaluation inside a zk-SNARK circuit (either as the main
point of it, or at least in addition to the "standard" one), which is a
horse of a different color. There's a prototype
(https://github.com/Electric-Coin-Company/jubjub-prototype) which is
just 1200 lines of rust, but it depends on another crate dealing with
pairing friendly curves (like the BLS one here) that I did not investigate.
It's doubtful to me that this is an ECC-beginner-friendly project.
Regards,
Pete Dettman
On 23/05/2023 10:31 am, Andrew Arnott wrote:
Thanks. Do you (or anyone else on this list) have a rough estimate of
how much effort goes into implementing a new curve (e.g. JubJub) using
Bouncy Castle (whether in the library or as an external extension)?
I'm still trying to learn elliptic curve cryptography, and I'm trying
to figure out if it's on the scale of a day, a week, or a month, if I
only knew what I was doing.
I wonder if anyone here would consider a donation or freelance payment
in exchange for coding up JubJub for me.
------------------------------------------------------------------------
*From:* Peter Dettman <peter.dett...@bouncycastle.org>
*Sent:* Monday, May 22, 2023 4:56 AM
*To:* andrewarn...@gmail.com <andrewarn...@gmail.com>;
dev-crypto-csharp@bouncycastle.org
<dev-crypto-csharp@bouncycastle.org>
*Subject:* Re: [dev-crypto-csharp] How to implement the JubJub curve?
Hi Andrew,
We do not currently have any JubJub implementation in C# or Java.
The class you mention is unknown to us, so is presumably a
third-party addition in some fork.
Regards,
Pete Dettman
On 22/05/2023 10:26 am, Andrew Arnott wrote:
I'm implementing a portion of the Zcash protocol in C# and am
looking for a way to instantiate an elliptic curve for JubJub as
described in the Zcash protocol spec
<https://zips.z.cash/protocol/protocol.pdf#jubjub>.
Apparently JubJub is "a complete twisted Edwards elliptic curve".
I even found (from Bing Chat) a reference to this class:
|org.bouncycastle.math.ec.custom.ed.TwistedEdwardsCurve|
But it was for the Java version of Bouncy Castle, and I couldn't
found its source anyway.
Is there such an implementation in C#? I wouldn't mind porting it
from Java if someone can direct me to the source.
Thanks.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to
the death your right to say it." - S. G. Tallentyre
