ZoKrates/zokrates_stdlib/stdlib/ecc/edwardsOnCurve.zok

from "ecc/babyjubjubParams" import BabyJubJubParams

// Check if a point is on a twisted Edwards curve
// Curve parameters are defined with the last argument
// See appendix 3.3.1 of Zcash protocol specification:
// https://github.com/zcash/zips/blob/master/protocol/protocol.pdf
def main(field[2] pt, BabyJubJubParams context) -> (bool):

    field a = context.JUBJUBA
    field d = context.JUBJUBD

    field uu = pt[0] * pt[0]
    field vv = pt[1] * pt[1]
    field uuvv = uu * vv

    a * uu + vv == 1 + d * uuvv

    return true