Elliptic curves constructed over finite fields are another important cryptographic tool. We use elliptic curves because they provide a cryptographic group, i.e. a group in which the discrete logarithm problem (discussed below) is hard. Even though elliptic curve groups permit only one binary operation (the so called group law), the operation itself is computed within the underlying field, which by definition permits two operations (and their inverses). In cryptography, Weierstrass form is the most common elliptic curve form. Weierstrass form always uses $y^2 = x^3 + ax + b$ equation form. When we choose an elliptic curve we should be careful to the Elliptic Discriminant formula which is shown as $4a^3-27b^2 \ne0$ if this equation returns $0$ that means our elliptic curve will have a singularity at a point. If $a=0$ this singularity is cusp singularity and a cusp is a point at which two branches of a curve meet such that the tangents of each branch are equal. If $a\ne0$ then its singularity is called an ordinary double point (or node), in which case the singularity has two distinct tangent directions. This will create an ambiguity when we use tangent and chord rule to calculate group addition. That is why we want to avoid elliptic curves with singularity.

Disclaimer: This documentation was written on January, 2023. It is intended to give readers a high-level understanding. The codebase is the canonical source of truth, and over time this document might fall behind the implementation details of the code. This article explains Non-Native Field Arithmetic with Rust code implementation examples. There is a paper that explains mathematical part of the arithmetization. Notation Summary $p$ = Wrong field modulus (Base) $n$ = Native field modulus (Scalar) $2^t$ = Binary field modulus (Extra CRT modulus) $p'$ = Negative wrong field in Binary Field $q$ = Quotient from the mod p $r$ = Result from the mod p