From ab94a730c4d0b366389562a92855f6475fdf424e Mon Sep 17 00:00:00 2001 From: Yoichi Hirai Date: Thu, 13 Apr 2017 13:39:35 +0200 Subject: [PATCH] EIP101: some basic mathematical descriptions --- Paper.tex | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/Paper.tex b/Paper.tex index fd6c6f16..b910398f 100644 --- a/Paper.tex +++ b/Paper.tex @@ -1438,6 +1438,48 @@ \section{Precompiled Contracts}\label{app:precompiled} \mathbf{o} &=& I_\mathbf{d} \end{eqnarray} +\subsection{zkSNARK Related Precompiled Contracts} + +We choose two numbers, both of which are prime. +\begin{eqnarray} +p &\equiv& 21888242871839275222246405745257275088696311157297823662689037894645226208583 \\ +q &\equiv& 21888242871839275222246405745257275088548364400416034343698204186575808495617 +\end{eqnarray} +Since $p$ is a prime number, $\{0, 1, \ldots, p - 1\}$ forms a field with addition and multiplication modulo $p$. We call this field $F_p$. + +We define a set~$C_1$ with +\begin{equation} +C_1\equiv\{(X,Y)\in F_p\times F_p\mid Y^2=X^3+3\}\cup\{(0,0)\} +\end{equation} +We define a binary operation $+$ on $C_1$ with +\begin{eqnarray}\label{eq:ec-addition} +(X_1, Y_1) + (X_2, Y_2)&\equiv&\begin{cases} +(X,Y)&\text{if}\ X_1\neq X_2\\ +(0,0)&\text{otherwise} +\end{cases}\\ +X&\equiv&\lambda^2-X_1-X_2\\ +Y&\equiv&\lambda(X_1-X)-Y_1\\ +\lambda&\equiv&\frac{Y_2-Y_1}{X_2-X_1} +\end{eqnarray} + +$(C_1,+)$ is known to form a group. We define the scalar multiplication $\cdot$ with +\begin{equation}\label{eq:ec-scalar-multiplication} +n\cdot P\equiv(0,0)+\underbrace{P+\cdots+P}_{n} +\end{equation} +for a natural number $n$ and a point $P$ in $C_1$. + +We define $P_1$ to be a point $(1,2)$ on $C_1$. Let $G_1$ be the subgroup of $(C_1,+)$ generated by $P_1$. $G_1$ is known to be a cyclic group of order $q$. For a point $P$ in $G_1$, we define $\log_{P_1}(P)$ to be the smallest natural number $n$ satisfying $n\cdot P_1=P$. $\log_{P_1}(P)$ is at most $q-1$. + +Let $F_{p^2}$ be a field $F_p[i]/(i+1)$. We define a set $C_2$ with +\begin{equation} +C_2\equiv\{(X,Y)\in F_{p^2}\times F_{p^2}\mid Y^2=X^3+3\}\cup\{(0,0)\} +\end{equation} +We define a binary operation $+$ and a scalar multiplication $\cdot$ with the same equations (\ref{eq:ec-addition}) and (\ref{eq:ec-scalar-multiplication}). $(C_2,+)$ is also known to be a group. We define $P_2$ in $C_2$ with +\begin{eqnarray} +P_2&\equiv& +(11559732032986387107991004021392285783925812861821192530917403151452391805634 \times i\\\nonumber &&+ 10857046999023057135944570762232829481370756359578518086990519993285655852781,\\\nonumber && 4082367875863433681332203403145435568316851327593401208105741076214120093531 \times i\\\nonumber &&+ 8495653923123431417604973247489272438418190587263600148770280649306958101930) +\end{eqnarray} +We define $G_2$ to be the subgroup of $(C_2,+)$ generated by $P_2$. $G_2$ is known to be a cyclic group of order $q$. For a point $P$ in $G_2$, we define $\log_{P_2}(P)$ be the smallest natural number $n$ satisfying $n\cdot P_2=P$. With this definition, $\log_{P_2}(P)$ is at most $q-1$. \section{Signing Transactions}\label{app:signing}