pairing-friendly曲线家族

1. 目前主流的pairing-friendly曲线家族

以太坊eip-1962提案中关于曲线计算及曲线选择中指出，目前主流的pairing-friendly曲线家族有：

BLS12
BN
MNT4
MNT6
Cocks-Pinch (Tate pairing)

2. 主要应用选型

ZKProof社区关于适于circuit的曲线生成提案中指出：
The proposal addresses the generation of an embedded elliptic curve (of Edwards shape) over a given pairing-friendly elliptic curve (e.g. BN128 or BLS12-381). We can add to the proposal:

The generation of an embedded pairing-friendly elliptic curve (of Weierstrass shape) if one wants to do in-circuit pairing based computations (e.g. BLS signatures).
The generation of pairing-friendly EC cycles (e.g. MNT4 and MNT6 as used in Coda) if one wants to do recursive zkSNARKs.
The generation of pairing-friendly EC chains (e.g. BLS12-377 and Cocks-pinch as used in Zexe) if one wants to do bounded recursive zkSNARKs or aggregate many proofs into one.

The second and third point require the generation of at least two EC where pairing-friendliness and high 2-adicity w.r.t. both the subgroup order and the field size are into consideration.

EYBlockchain/nightfall中BLS12_377, SW6, MNT4753 and MNT6753曲线讨论中指出：
Computing proof generation and verification times for these curves to understand which approach to go forward with for now