Introduce other point coordinate systems about cheetah HOT 4 CLOSED

It seems using Jacobian coordinates, while offering a speed-up of ~10% in the computation of s.G + h.P in the Schnorr signature verification, would be tricky to integrate inside our AIR program, as they are not complete and we would need a selector for the first bit set to 1 in the scalar multiplication (adding P. to acc = Infinity) to just assign the value of P instead of computing the addition.

Complete addition formulas for Jacobian coordinates, while possible, would induce a higer bidegree, which would make then impractical with respect to existing Projective coordinates formulas.

from cheetah.

The use of Jacobian coordinates now that Lookups are integrated would actually be much more beneficial (while still problematic in the AIR program). In particular, we now have 256 doublings and 64 additions (compared to 256 doublings and 256 additions with prior double-and-add algorithms) for a scalar multiplication, i.e. 80% of doublings.

from cheetah.

There's actually one issue with the use of Jacobian coordinates is constant-time addition of points (either homogenous or mixed with an affine point). While doubling can be made easily constant-time and still efficient (necessitating a final check before returning, similarly to its projective counterpart), there is no efficient exception-free jacobian addition formula, which requires to perform several additional checks (whether p1 or p2 is the infinity point, or if p1 = +/- p2), which would make any jacobian scalar multiplication non-competitive with the existing projective coordinates based one.

from cheetah.

It may make sense to have Jacobian coordinates (or variants) for variable-time operation purposes only, as in that case it would be faster than equivalent variable time scalar multiplication methods in other coordinate systems.

from cheetah.