1. 引言
Toposware团队2022年论文《Security Analysis of Elliptic Curves over Sextic Extension of Small Prime Fields》,开源代码见:
- https://github.com/ToposWare/cheetah(Rust)
- https://github.com/toposware/cheetah_evidence(Python&SageMath,为Cheetah椭圆曲线安全论证)
Cheetah定位为STARK友好的椭圆曲线 y 2 = x 3 + x + B y^2=x^3+x+B y2=x3+x+B,其基域为:Goldilocks素数域( p = 2 64 − 2 32 + 1 p=2^{64}-2^{32}+1 p=264−232+1)的sextic extension,其中:【该基域具有large two-adicity,适于FFT相关运算 以及 基于椭圆曲线的签名】
- B = u + 395 B=u+395 B=u+395, u 6 − 7 = 0 u^6-7=0 u6−7=0为the polynomial defining
Fp6/Fp
。
Cheetah定义了一个subgroup G G G,其prime order为:
- q = 55610362957290864006699123731285679659474893560816383126640993521607086746831 q=55610362957290864006699123731285679659474893560816383126640993521607086746831 q=55610362957290864006699123731285679659474893560816383126640993521607086746831
参考资料
[1] Cheetah: A STARK-friendly elliptic curve for fast native and in-circuit computations