• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • C
      • Farray
      • Rp-rewriter
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • Java
      • Taspi
      • Bitcoin
      • Riscv
      • Des
      • Ethereum
      • X86isa
      • Sha-2
      • Yul
      • Zcash
        • Jubjub
          • Jubjub-abst
          • Jubjub-r-pointp
          • Jubjub-pointp
          • Jubjub-d
          • Jubjub-montgomery
          • Maybe-jubjub-pointp
          • Jubjub-point->u
          • Jubjub-q
          • Jubjub-point->v
          • Point-on-jubjub-p
          • Jubjub-rstar-pointp
          • Jubjub-add
          • Jubjub-r-properties
          • Jubjub-point-abscissa-is-not-1
          • Jubjub-mul
          • Jubjub-curve
          • Jubjub-a
          • Jubjub-neg
          • Jubjub-r
          • Jubjub-point-satisfies-curve-equation
          • Jubjub-h
          • Jubjub-mul-of-2
          • *jubjub-l*
        • Verify-zcash-r1cs
        • Lift-zcash-r1cs
        • Pedersen-hash
        • Zcash-gadgets
        • Bit/byte/integer-conversions
        • Constants
        • Blake2-hash
        • Randomness-beacon
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Axe
      • Bigmems
      • Builtins
      • Execloader
      • Aleo
      • Solidity
      • Paco
      • Concurrent-programs
      • Bls12-377-curves
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Zcash

Jubjub

The Jubjub complete twisted Edwards elliptic curve [ZPS:5.4.9.3].

We define the Jubjub curve, as a constant value of the fixtype ecurve::twisted-edwards-curve of twisted Edwards elliptic curves. We show that the curve is complete.

The prime and coefficient of Jubjub are formalized as nullary functions. We keep disabled also their executable counterparts because we generally want to treat them as algebraic quantities in proofs; in particular, we want to avoid their combination into new constants by the prime field normalizing rules.

We also define various notions related to Jubjub, such as recognizers of points in the curve's group and subgroup.

Subtopics

Jubjub-abst
The function \mathsf{abst}_\mathbb{J} [ZPS:5.4.9.3].
Jubjub-r-pointp
Recognize elements of \mathbb{J}^{(r)} [ZPS:5.4.9.3].
Jubjub-pointp
Recognize elements of \mathbb{J} [ZPS:5.4.9.3].
Jubjub-d
The Jubjub coefficient d_\mathbb{J} [ZPS:5.4.9.3].
Jubjub-montgomery
The Montgomery form of the Jubjub curve [ZPS:A.2].
Maybe-jubjub-pointp
Recognize Jubjub points and nil.
Jubjub-point->u
The function \mathcal{U} in [ZPS:5.4.9.4].
Jubjub-q
The Jubjub prime q_\mathbb{J} [ZPS:5.4.9.3].
Jubjub-point->v
The function \mathcal{V} in [ZPS:5.4.9.4].
Point-on-jubjub-p
Check if a point is on the Jubjub curve [ZPS:5.4.9.3].
Jubjub-rstar-pointp
Recognize elements of \mathbb{J}^{(r)*} [ZPS:5.4.9.3].
Jubjub-add
Group addition [ZPS:4.1.8], on Jubjub.
Jubjub-r-properties
Properties about jubjub-r-pointp.
Jubjub-point-abscissa-is-not-1
A Jubjub point cannot have abscissa 1.
Jubjub-mul
Scalar multiplication [ZPS:4.1.8], on Jubjub.
Jubjub-curve
The Jubjub curve [ZPS:5.4.9.3].
Jubjub-a
The Jubjub coefficient a_\mathbb{J} [ZPS:5.4.9.3].
Jubjub-neg
Group negation, on Jubjub.
Jubjub-r
The constant r_\mathbb{J} in [ZPS:5.4.9.3].
Jubjub-point-satisfies-curve-equation
A Jubjub point satisfies the curve equation.
Jubjub-h
The constant h_\mathbb{J} in [ZPS:5.4.9.3].
Jubjub-mul-of-2
Doubling a point is like adding the point to itself.
*jubjub-l*
The constant \ell_\mathbb{J} [ZPS:5.4.9.3].