The standard aims to standarise the construction of elliptic curves for circuits based on different elliptic curve families. We are still working on the general standard proposal and the current draft only contains an example of a generated elliptic curve motivated by zkSNARK. In particular, given a prime p, we searched for a safe (meaning, satisfying SafeCurves critera) Montgomery curve defined over F_p using a deterministic algorithm to avoid speculation of trapdoors. The draft can be found here: https://github.com/bellesmarta/CallForProposals.

# ZKProof Proposal: Generation of elliptic curves for circuit use

2 Likes

The proposal addresses the generation of an embedded elliptic curve (of Edwards shape) over a given pairing-friendly elliptic curve (e.g. BN128 or BLS12-381). We can add to the proposal:

- The generation of an embedded pairing-friendly elliptic curve (of Weierstrass shape) if one wants to do in-circuit pairing based computations (e.g. BLS signatures).
- The generation of pairing-friendly EC cycles (e.g. MNT4 and MNT6 as used in Coda) if one wants to do recursive zkSNARKs.
- The generation of pairing-friendly EC chains (e.g. BLS12-377 and Cocks-pinch as used in Zexe) if one wants to do bounded recursive zkSNARKs or aggregate many proofs into one.

The second and third point require the generation of at least two EC where pairing-friendliness and high 2-adicity w.r.t. both the subgroup order and the field size are into consideration.

1 Like