Comment on page

Algebraic Primitives & Notation

Algebraic Primitives
Unless otherwise specified, all values are assumed to be elements of the Scalar field of BN254 as defined in EIP-197. We will refer to this field as the "BN254 Scalar field" or Fp\mathbb{F}_pFp​
 for short. We will use ppp
 to refer to the order of the BN254 scalar field.
For all elliptic curve cryptography, including our addressing and signature schemes, we use the Baby Jubjub curve, the curve whose base field is Fp\mathbb{F_p}Fp​
 as defined in EIP-2494. All operations are performed in Baby Jubjub's prime-order subgroup, which we will refer to as "Baby Jubjub", or G\mathbb{G}G
 (blackboard "G" as opposed to regular "G") for short.
We will use r rr
 to refer to the order of Baby Jubjub's scalar field (again, the prime-order subgroup, not the curve group), and we will refer that scalar field as "Baby Jubjub Scalar field", or Fr\mathbb{F}_rFr​
 for short.
We will use additive notation. More specifically, we use:
"+++
" to denote curve addition or field addition depending on whether we are adding curve elements or field elements
"⋅\cdot⋅
" or juxtaposition to denote field multiplication
"×\times×
" to denote scalar multiplication, in order to clearly distinguish it from field multiplication
Additionally, for byte arrays, we will use "slice" notation to specify "sub-arrays" - bytes[K:N]\text{bytes}[K:N]bytes[K:N]
 means "from the KKK
th byte up to, but not including the NNN
th byte".
Furthermore, we will use all-capital letters for curve elements and all-lowercase lettrs for field elements.
Hashing
We use the Poseidon hash function defined over the Fp\mathbb{F}_pFp​
, the BN254 scalar field, instantiated using the parameters set in circomlib's implementation. We will denote this function HHH
. 

Protocol Concepts - Previous

Operations

Next - Protocol Details

Keys & Key Derivation

Last modified 2mo ago