Circuit-based zero-knowledge proofs have arose as a solution to the implementation
of privacy in blockchain applications, and to current scalability problems that blockchains suffer
from. The most efficient circuit-based zero-knowledge proofs use a pairing-friendly elliptic curve to
generate and validate proofs. In particular, the circuits are built connecting wires that carry elements
from a large prime field, whose order is determined by the number of elements of the pairing-friendly
elliptic ...
Circuit-based zero-knowledge proofs have arose as a solution to the implementation
of privacy in blockchain applications, and to current scalability problems that blockchains suffer
from. The most efficient circuit-based zero-knowledge proofs use a pairing-friendly elliptic curve to
generate and validate proofs. In particular, the circuits are built connecting wires that carry elements
from a large prime field, whose order is determined by the number of elements of the pairing-friendly
elliptic curve. In this context, it is important to generate an inner curve using this field, because it
allows to create circuits that can verify public-key cryptography primitives, such as digital signatures
and encryption schemes. To this purpose, in this article, we present a deterministic algorithm for
generating twisted Edwards elliptic curves defined over a given prime field. We also provide an
algorithm for checking the resilience of this type of curve against most common security attacks.
Additionally, we use our algorithms to generate Baby Jubjub, a curve that can be used to implement
elliptic-curve cryptography in circuits that can be validated in the Ethereum blockchain.
+