Add WithSmallOrderMulGroup trait

zkcrypto · Nov 24, 2022 · 054a4d2 · 054a4d2
1 parent 6e7a54b
commit 054a4d2
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this library adheres to Rust's notion of
   - `ff::PrimeField::MULTIPLICATIVE_GENERATOR`
   - `ff::PrimeField::{ROOT_OF_UNITY, ROOT_OF_UNITY_INV}`
   - `ff::PrimeField::DELTA`
+- `ff::WithSmallOrderMulGroup`
 - `ff::FromUniformBytes`
 - `ff::helpers`:
   - `sqrt_tonelli_shanks`

diff --git a/src/lib.rs b/src/lib.rs
@@ -350,6 +350,24 @@ pub trait PrimeField: Field + From<u64> {
     const DELTA: Self;
 }
 
+/// The subset of prime-order fields such that `(modulus - 1)` is divisible by `N`.
+///
+/// In these fields, there will be two valid choices of [`Self::ZETA`]. Similarly to
+/// [`PrimeField::MULTIPLICATIVE_GENERATOR`], the specific choice does not matter, as long
+/// as the choice is consistent across all uses of the field.
+pub trait WithSmallOrderMulGroup<const N: u8>: PrimeField {
+    /// A field element of small multiplicative order $N$.
+    ///
+    /// The presense of this element allows you to perform (certain types of)
+    /// endomorphisms on some elliptic curves.
+    ///
+    /// It can be calculated using [SageMath] as
+    /// `GF(modulus).primitive_element() ^ ((modulus - 1) // N)`.
+    ///
+    /// [SageMath]: https://www.sagemath.org/
+    const ZETA: Self;
+}
+
 /// Trait for constructing a [`PrimeField`] element from a fixed-length uniform byte
 /// array.
 ///