Content
@
0 reply
0 recast
0 reaction
Zk
@risotto
ZK Scholars Assembly Revision 3 - More Elliptic Curves, Parings and KGZ Other than Weierstrass form of elliptic curve that is used in Bitcoin & Ethereum (secp256k1) and TEE & Secure Enclave (secp256r1), there are also other forms of elliptic curves such as Montgomery Curves, Edwards Curves and Twisted Edwards Curves. Montgomery curves have no point at infinity, they can also do arithmetic operations that are more computational efficient such as differential addition and Montgomery ladder. For example scalar multiplication kP where k is a large integer. In the Weierstrass form, this involves numerous point additions and doublings, each requiring multiple field inversions. In the Montgomery form, the Montgomery ladder performs this operation using only field multiplications and squaring, significantly reducing the computational overhead.
1 reply
0 recast
0 reaction
Zk
@risotto
This not only improved efficiency of computation but also provide better security against side-channel attack such as timing attacks where an attacker infers k bits by measuring time taken for each operations as repeatedly adding a point P is based on bits of scalar k. A Montgomery curve can transform into and from Edwards curve (x^2 + y2 = 1 + d(x^2)(y^2)) with a projection function Z. For example Curve25519 (Montgomery curve) can transform into Ed25519 (twisted Edwards curve). Twisted Edwards curve is formed by adding extra coefficient a, ax^2 + y2 = 1 + d(x^2)(y^2). Thanks to geometrical symmetry (circle-like graph), one standout feature of Edwards curves is unified addition formula, this means the same formula can be used for both point addition and point doubling operations. Unlike Weierstrass form required different formulas. Twisted Edwards curves can achieve higher performance for cryptographic operations by adding flexibility with additional parameter a.
1 reply
0 recast
0 reaction
