EIP101: some basic mathematical descriptions

pirapira · Apr 18, 2017 · 5d68ab6 · 5d68ab6
1 parent 882ce06
commit 5d68ab6
Showing 1 changed file with 42 additions and 0 deletions.
diff --git a/Paper.tex b/Paper.tex
@@ -1401,6 +1401,48 @@ \section{Precompiled Contracts}\label{app:precompiled}
 \mathbf{o} &=& I_\mathbf{d}
 \end{eqnarray}
 
+\subsection{zkSNARK Related Precompiled Contracts}
+
+We choose two numbers, both of which are prime.
+\begin{eqnarray}
+p &\equiv& 21888242871839275222246405745257275088696311157297823662689037894645226208583 \\
+q &\equiv& 21888242871839275222246405745257275088548364400416034343698204186575808495617
+\end{eqnarray}
+Since $p$ is a prime number, $\{0, 1, \ldots, p - 1\}$ forms a field with addition and multiplication modulo $p$. We call this field $F_p$.
+
+We define a set~$C_1$ with
+\begin{equation}
+C_1\equiv\{(X,Y)\in F_p\times F_p\mid Y^2=X^3+3\}\cup\{(0,0)\}
+\end{equation}
+We define a binary operation $+$ on $C_1$ with
+\begin{eqnarray}\label{eq:ec-addition}
+(X_1, Y_1) + (X_2, Y_2)&\equiv&\begin{cases}
+(X,Y)&\text{if}\ X_1\neq X_2\\
+(0,0)&\text{otherwise}
+\end{cases}\\
+X&\equiv&\lambda^2-X_1-X_2\\
+Y&\equiv&\lambda(X_1-X)-Y_1\\
+\lambda&\equiv&\frac{Y_2-Y_1}{X_2-X_1}
+\end{eqnarray}
+
+$(C_1,+)$ is known to form a group. We define the scalar multiplication $\cdot$ with
+\begin{equation}\label{eq:ec-scalar-multiplication}
+n\cdot P\equiv(0,0)+\underbrace{P+\cdots+P}_{n}
+\end{equation}
+for a natural number $n$ and a point $P$ in $C_1$.
+
+We define $P_1$ to be a point $(1,2)$ on $C_1$. Let $G_1$ be the subgroup of $(C_1,+)$ generated by $P_1$. $G_1$ is known to be a cyclic group of order $q$. For a point $P$ in $G_1$, we define $\log_{P_1}(P)$ to be the smallest natural number $n$ satisfying $n\cdot P_1=P$. $\log_{P_1}(P)$ is at most $q-1$.
+
+Let $F_{p^2}$ be a field $F_p[i]/(i+1)$. We define a set $C_2$ with
+\begin{equation}
+C_2\equiv\{(X,Y)\in F_{p^2}\times F_{p^2}\mid Y^2=X^3+3\}\cup\{(0,0)\}
+\end{equation}
+We define a binary operation $+$ and a scalar multiplication $\cdot$ with the same equations (\ref{eq:ec-addition}) and (\ref{eq:ec-scalar-multiplication}). $(C_2,+)$ is also known to be a group. We define $P_2$ in $C_2$ with
+\begin{eqnarray}
+P_2&\equiv&
+(11559732032986387107991004021392285783925812861821192530917403151452391805634 \times i\\\nonumber &&+ 10857046999023057135944570762232829481370756359578518086990519993285655852781,\\\nonumber && 4082367875863433681332203403145435568316851327593401208105741076214120093531 \times i\\\nonumber &&+ 8495653923123431417604973247489272438418190587263600148770280649306958101930)
+\end{eqnarray}
+We define $G_2$ to be the subgroup of $(C_2,+)$ generated by $P_2$. $G_2$ is known to be a cyclic group of order $q$. For a point $P$ in $G_2$, we define $\log_{P_2}(P)$ be the smallest natural number $n$ satisfying $n\cdot P_2=P$. With this definition, $\log_{P_2}(P)$ is at most $q-1$.
 
 \section{Signing Transactions}\label{app:signing}