🤯.

RT @Lhree: [New] Batch subgroup membership testing on pairing-friendly curves (Dimitri Koshelev and Youssef El Housni and Georgios Fotiadis….

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

However when an efficient endomorphism exists, we can turn it to a n/4-bit 4-MSM. But the repo shows that in (native) circuits this is more costly. This is because 4-bit lookups become expensive compared to native arithmetic. I tried with a multiplexer and logup argument.

In our recent paper ( we show how to turn a n-bit scalar multiplication into a n/2-bit 2-MSM, without the need of an efficient endomorphism. So up to this performance should be equivalent.

Bandersnatch was proposed in ( as a replacement to Jubjub (an embedded curve on BLS12-381 useful for things like Verkle trie) because it has an efficient endomorphism. So yes Bandersnatch is faster than Jubjub, out-circuit. But in-circuit it's not.

Continuing on my "I know probably no one cares anymore about Bandersnatch", here is a repo that compares Bandersnatch to Jubjub in-circuit: TL;DR: Jubjub is actually better in-circuit.

and here is the implementation in gnark-crypto:

It based on the paper which is a cute result. So I tried to implement it, only to discover that the exact actual formula is not on the paper. So here it is.

I know probably no one care anymore about Bandersnatch curve, but here is a small writeup about subgroup membership on it:

RT @diego_aligned: .@EFDevcon is coming to Buenos Aires. @class_lambda and @alignedlayer are going to be locals and we would like to host….

RT @HouseofZK: @jbaylina @0xPolygon @BruestleJeremy @RiscZero @NorbertVadas @thezkcloud @drakefjustin @ethereumfndn @eth_proofs @sd_eigen @….

RT @zknoxhq: Joint work with Linea and Alpen Labs to reduce ECC proving time. This is the opportunity to update protocols to bls12-381 with….

RT @Lhree: [New] Attacking Poseidon via Graeffe-Based Root-Finding over NTT-Friendly Fields (Antonio Sanso and Giuseppe Vitto) https://t.c….

RT @Lhree: [New] Fast elliptic curve scalar multiplications in SN(T)ARK circuits (Liam Eagen and Youssef El Housni and Simon Masson and Tho….

RT @MetaMask: 🍕 15 years ago today, two pizzas were purchased for 10,000 BTC. To celebrate #BitcoinPizzaDay, we paid it forward with free….

zkSummit 13 🇨🇦 was cool.

RT @Lhree: [Revised] Biextensions in pairing-based cryptography (Jianming Lin and Damien Robert and Chang-An Zhao and Yuhao Zheng) https:/….

RT @YaoGalteland: We benchmarked Plonky3’s FRI PCS vs Vortex (@LineaBuild’s polynomial commitment scheme). 🚀 Vortex commitment is 3.7× fas….

RT @RealWorldCrypto: The second Levchin Prize goes to the CADO-NFS team: Emmanuel Thomé, Pierrick Gaudry, and Paul Zimmerman! Congratulatio….