Hi. My name is Dimitri Koshelev. I am a researcher from Paris in elliptic cryptography.
Recently, my article has been published in the quite prestigious Journal of Cryptographic Engineering. This article explains how to guarantee the membership of a point in the prime-order subgroup of an elliptic curve (over a finite field) satisfying some moderate conditions. For this purpose, I apply the Tate pairing on the curve, however it is not required to be pairing-friendly. Whenever the cofactor is small, the new subgroup test is much more efficient than other known ones, because it needs to compute at most two n-th power residue symbols (with small n) in the basic field. More precisely, the running time of the test is (sub-)quadratic in the bit length of the field size, which is comparable with the Decaf-style technique. The test is relevant, e.g., for the zk-SNARK friendly curves Bandersnatch and Jubjub proposed by the Ethereum and Zcash research teams, respectively.
I would like to submit an application to Zcash community grants. The purpose of the application should be a low-level implementation of the new subgroup membership test. However, I have three questions:
- Is subgroup checking actually important for Zcash ?
- Is Jubjub still used in Zcash ? Or did you completely switch to Bandersnatch, because it has an efficient endomorphism ?
- What programming language should I indicate in the application ? I saw that Zcash is mainly written in C, C++, Rust. Is it true ? Depending on the language, I will find a colleague for the application who is a professional developer in this language.
Please answer my questions. I need to know your responses to write correctly the application to Zcash community grants.