Skip to main content

Standard curve database

Search

BLS12-381

381-bit prime field Weierstrass curve.

Curve from https://electriccoin.co/blog/new-snark-curve/. As used in ZCash Sapling.


y2x3+ax+by^2 \equiv x^3 + ax + b

Parameters

NameValue
p0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
a0x00
b0x04
G(0x17F1D3A73197D7942695638C4FA9AC0FC3688C4F9774B905A14E3A3F171BAC586C55E83FF97A1AEFFB3AF00ADB22C6BB, 0x08B3F481E3AAA0F1A09E30ED741D8AE4FCF5E095D5D00AF600DB18CB2C04B3EDD03CC744A2888AE40CAA232946C5E7E1)
n0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001
h0x396C8C005555E1568C00AAAB0000AAAB


Characteristics

  • j-invariant:
    0
  • Trace of Frobenius:
    -15132376222941642751
  • Discriminant:
    4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272552875
  • Embedding degree:
    60529504891766571012
  • CM-discriminant:
    -3
  • Conductor:
    2310096550715768212670172227226928237551693238409523516757

SAGE

p = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
K = GF(p)
a = K(0x00)
b = K(0x04)
E = EllipticCurve(K, (a, b))
G = E(0x17F1D3A73197D7942695638C4FA9AC0FC3688C4F9774B905A14E3A3F171BAC586C55E83FF97A1AEFFB3AF00ADB22C6BB, 0x08B3F481E3AAA0F1A09E30ED741D8AE4FCF5E095D5D00AF600DB18CB2C04B3EDD03CC744A2888AE40CAA232946C5E7E1)
E.set_order(0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001 * 0x396C8C005555E1568C00AAAB0000AAAB)
SAGE

PARI/GP

p = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
a = Mod(0x00, p)
b = Mod(0x04, p)
E = ellinit([a, b])
E[16][1] = 0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001 * 0x396C8C005555E1568C00AAAB0000AAAB
G = [Mod(0x17F1D3A73197D7942695638C4FA9AC0FC3688C4F9774B905A14E3A3F171BAC586C55E83FF97A1AEFFB3AF00ADB22C6BB, p), Mod(0x08B3F481E3AAA0F1A09E30ED741D8AE4FCF5E095D5D00AF600DB18CB2C04B3EDD03CC744A2888AE40CAA232946C5E7E1, p)]

JSON

{
  "name": "BLS12-381",
  "desc": "Curve from https://electriccoin.co/blog/new-snark-curve/. As used in ZCash Sapling.",
  "sources": [
    {
      "name": "New zk-SNARK Curve",
      "url": "https://electriccoin.co/blog/new-snark-curve/"
    },
    {
      "name": "ZCash Protocol Specification",
      "url": "https://zips.z.cash/protocol/protocol.pdf"
    },
    {
      "name": "EIP-2537",
      "url": "https://eips.ethereum.org/EIPS/eip-2537"
    }
  ],
  "form": "Weierstrass",
  "field": {
    "type": "Prime",
    "p": "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab",
    "bits": 381
  },
  "params": {
    "a": {
      "raw": "0x00"
    },
    "b": {
      "raw": "0x04"
    }
  },
  "generator": {
    "x": {
      "raw": "0x17F1D3A73197D7942695638C4FA9AC0FC3688C4F9774B905A14E3A3F171BAC586C55E83FF97A1AEFFB3AF00ADB22C6BB"
    },
    "y": {
      "raw": "0x08B3F481E3AAA0F1A09E30ED741D8AE4FCF5E095D5D00AF600DB18CB2C04B3EDD03CC744A2888AE40CAA232946C5E7E1"
    }
  },
  "order": "0x73EDA753299D7D483339D80809A1D80553BDA402FFFE5BFEFFFFFFFF00000001",
  "cofactor": "0x396C8C005555E1568C00AAAB0000AAAB",
  "characteristics": {
    "cm_disc": "-3",
    "conductor": "2310096550715768212670172227226928237551693238409523516757",
    "discriminant": "4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272552875",
    "j_invariant": "0",
    "embedding_degree": "60529504891766571012",
    "trace_of_frobenius": "-15132376222941642751"
  }
}
JSON

© 2020-2025 Jan Jancar | Built with Dox theme for Gatsby