Scalar Field
Scalar 域 $F_{q}$ 上 modulus
console.log('ScalarField modulus:', ScalarField.modulus.toString());
# output
ScalarField modulus: 28948022309329048855892746252171976963363056481941647379679742748393362948097
Scalar 主要有两个成员变量, high254: Field 和 lowBit: Bool
表示形式:
t = s - 2^255 mod q
lowBit = t&1
high254 = t>>1
根据 high254 和 lowBit 计算 s:
const sk = PrivateKey.random();
const sks = sk.s;
const high254 = sks.high254.toBigInt();
const lowBit = sks.lowBit.toField().toBigInt();
const two = BigInt(2);
const t = high254 * two + lowBit;
const two255 = BigInt(Math.pow(2, 255))
const s = Scalar.fromValue( t + two255);
Field
Field 域 $F_{p}$ 上 modulus
console.log('BaseField modulus:', (Field(-1).toBigInt() + Field(1).toBigInt()).toString());
# output
BaseField modulus: 28948022309329048855892746252171976963363056481941560715954676764349967630337
Scalar, Base Field 转换
注意: Scalar 域较 Base 域大.
const baseElem = Field.random();
const baseElemBigInt = baseElem.toBigInt();
const scalarElem = Scalar.fromValue(baseElemBigInt);
const scalarElemBigInt = scalarElem.toBigInt();
const baseElem2 = Field.fromValue(baseElemBigInt);
baseElem.assertEquals(baseElem2);
pallas & vesta curve
一般来说, 椭圆曲线 Scalar 域用 $F{p}$ 表示, Base 域用 $F{q}$ 表示. 椭圆曲线群 $G{1}$ 上的 affine 点 $P = (x, y)$, $x, y \in F{q}$. 由于 Mina 电路使用的 Field 是 $F_{p}$, 所以电路是在 vesta 曲线上编译的. 电路中约束用 vesta 上 Scalar 域上元素表示, 生成的证明(一般是椭圆曲线上的点)在 Base 域上.
pallas
Scalar 域: $F{q}$
Base 域: $F{p}$
G1_GENERATOR = (1, 12418654782883325593414442427049395787963493412651469444558597405572177144507)
vesta
Scalar 域: $F{p}$
Base 域: $F{q}$
G1_GENERATOR = (1, 11426906929455361843568202299992114520848200991084027513389447476559454104162)
更多请看: https://github.com/o1-labs/proof-systems/blob/master/curves
PrivateKey(sk)
A signing key. You can generate one via PrivateKey.random.
公私钥是在 pallas曲线上进行的, PrivateKey 是 pallas 曲线上 Scalar 域($F{q}$)上的元素, 对应生成的 PublicKey 是 $F^{2}{p}$ 上的元素(为了方便在电路中使用公钥).
常用方法:
// generate key
new PrivateKey(s: Scalar): PrivateKey
static random(): PrivateKey
static randomKeypair(): {"privateKey": PrivateKey; "publicKey": PublicKey;}
// Base58 encode/decode
static fromBase58(privateKeyBase58: string): PrivateKey
toBase58(): string
// Derives the associated public key.
toPublicKey(): PublicKey
// convert to Bigint
static fromValue<T>(this: T, v: bigint | PrivateKey): InstanceType<T>
static toValue(v: PrivateKey): bigint
static toFields<T>(this: T, v: InstanceType<T>): Field[]
static toConstant<T>(this: T, t: InstanceType<T>): InstanceType<T>
PublicKey(pk)
A public key, which is also an address on the Mina network. You can derive a PublicKey directly from a PrivateKey.
Mina 链上地址是 PublicKey 的 Base58 编码.
PublicKey 可通过 PrivateKey.toPublicKey() 生成, 相当于 $\text{PublicKey} = \text{PrivateKey}\cdot g$, 这里 $g$ 是 pallas 曲线群 G1 的生成元.
PublicKey 主要有两个成员变量, x 坐标和一个布尔变量 isOdd, 可在椭圆曲线上唯一确定该点, 这种表示方式是椭圆曲线点压缩的一种常见方式.
常用方法:
// generate key
static fromPrivateKey(__namedParameters: PrivateKey): PublicKey
static empty<T>(): InstanceType<T>
// Base58 encode/decode
static fromBase58(publicKeyBase58: string): PublicKey
toBase58(): string
// convert to Bigint
static fromValue<T>(this: T, v: bigint | PrivateKey): InstanceType<T>
static toValue(v: PrivateKey): bigint
static toFields<T>(this: T, v: InstanceType<T>): Field[]
// (x, y), 非压缩格式
toGroup(): Group
static toConstant<T>(this: T, t: InstanceType<T>): InstanceType<T>
