Expand description
Ed-on-BLS12-381-Bandersnatch types and host functions.
Bandersnatch is an incomplete twisted Edwards curve: the HWCD
add/double formulas can produce projective points with z = 0 when fed
cofactor-admixed (non-prime-order-subgroup) inputs. Such points have no
affine representative, so the standard (x || y) FFI channel cannot
carry them: arkworks’ From<Projective> for Affine panics on
z.inverse().unwrap().
The shared utils::mul_te / utils::msm_te helpers detect the
degenerate case via utils::IntoAffineSafe and return
utils::Error::DegeneratePoint across the FFI boundary instead of
attempting to serialize an unrepresentable point. The runtime-side
hooks defined in this module catch that error and substitute the
all-zero projective point (0, 0, 0, 0): not a valid curve point and
with z = 0 it has no affine representative, so any downstream
validity or subgroup check on the result rejects it. The wire format
stays byte-identical to ArkScale<EdwardsAffine>: no sentinel bit, no
dedicated projective codec.
Modules§
- host_
calls - Interfaces for working with Arkworks Ed-on-BLS12-381-Bandersnatch elliptic curve related types from within the runtime.
Structs§
- Host
Hooks - Curve hooks jumping into
host_callshost functions.
Type Aliases§
- Bandersnatch
Config - Group configuration.
- Edwards
Affine - Twisted Edwards form point affine representation.
- Edwards
Config - Group configuration for Twisted Edwards form (equal to
BandersnatchConfig). - Edwards
Projective - Twisted Edwards form point projective representation.
- SWAffine
- Short Weierstrass form point affine representation.
- SWConfig
- Group configuration for Short Weierstrass form (equal to
BandersnatchConfig). - SWProjective
- Short Weierstrass form point projective representation.
- Scalar
Field - Group scalar field (Fr).