Custom Group generator points | Mina Protocol | Page 1

dusky star Jun 14, 2024, 9:13 PM

#

I’m wondering if it is possible to do something like

aG + bK

Where G and K are different generator points on the same curve. This is particularly useful to make Pedersen commitments and value blinding in general.

keen seal Jun 15, 2024, 7:44 AM

#

Yes thats possible, its also kinda the basis of how IPA works. But for this to work, the dlog of G and K has to be unknown

shrewd wigeon Jun 18, 2024, 6:07 AM

#

you mean in o1js @dusky star? there's Group.scale() and Group.add() for EC scalar muls and additions -- everything you need!

with ForeignCurve you can even do the same on any curve! (at significantly higher cost)

dusky star Jun 18, 2024, 8:08 AM

#

wow, indeed that is easy!

import { Field, Scalar, Group } from 'o1js';

// make k as a scalar where k=123 (example)
const k: Scalar = Scalar.fromField(new Field(123));

// make K = k*G
const K: Group = Group.generator.scale(k);

// let a=18 and b=19 (example)
const a: Scalar = Scalar.fromField(new Field(18));
const b: Scalar = Scalar.fromField(new Field(19));

// now we can prepare M=a*G+b*K where
const M: Group = Group.generator.scale(a).add(K.scale(b))

thanks guys!

shrewd wigeon Jun 18, 2024, 10:04 AM

#

@dusky star as an optimization, I recommend passing a Field into Group.scale() directly. this can use a more efficient code path than transforming the field to a scalar first and scaling with it

#Custom Group generator points