The proposal addresses the generation of an embedded elliptic curve (of Edwards shape) over a given pairing-friendly elliptic curve (e.g. BN128 or BLS12-381). We can add to the proposal:
- The generation of an embedded pairing-friendly elliptic curve (of Weierstrass shape) if one wants to do in-circuit pairing based computations (e.g. BLS signatures).
- The generation of pairing-friendly EC cycles (e.g. MNT4 and MNT6 as used in Coda) if one wants to do recursive zkSNARKs.
- The generation of pairing-friendly EC chains (e.g. BLS12-377 and Cocks-pinch as used in Zexe) if one wants to do bounded recursive zkSNARKs or aggregate many proofs into one.
The second and third point require the generation of at least two EC where pairing-friendliness and high 2-adicity w.r.t. both the subgroup order and the field size are into consideration.