You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been porting my circom/snarkjs circuits to arkworks, and found that the implementation of ed_on_bn254 isn't compatible with the curve as described in ERC-2494, in the iden3 js-crypto library, and in the circomlib circuits.
Particularly, the TECurveConfig specifies an a coefficient of 1, calculates the d coefficient in some manner I'm not familiar with, and specifies an affine generator which is different from the spec. The MontCurveConfig is similarly different in specifying the b coefficient as 1.
By "fixing" the coefficients, and using the base 8 point, I get the same outputs as js-crypto and circomlib produce.
Is there some logic underlying the difference in arkworks' implementation of babyjub?
The text was updated successfully, but these errors were encountered:
I've been porting my circom/snarkjs circuits to arkworks, and found that the implementation of ed_on_bn254 isn't compatible with the curve as described in ERC-2494, in the iden3 js-crypto library, and in the circomlib circuits.
Particularly, the TECurveConfig specifies an
acoefficient of 1, calculates thedcoefficient in some manner I'm not familiar with, and specifies an affine generator which is different from the spec. The MontCurveConfig is similarly different in specifying thebcoefficient as 1.By "fixing" the coefficients, and using the base 8 point, I get the same outputs as js-crypto and circomlib produce.
Is there some logic underlying the difference in arkworks' implementation of babyjub?
The text was updated successfully, but these errors were encountered: