Prime Field Notes
In 2016, this paper https://eprint.iacr.org/2016/1102 led to a lower security estimate for the BN254 curve. Specifically, its security is now considered to be around 96-bits. https://eprint.iacr.org/2017/334.pdf Many applications recommend switching to BLS curves instead of BN254 for security reasons. We need to take this into consideration when considering a prime field to work on. The reason why BN254 is still used is because of the dependence on Ethereum, but this is not the case for us.
https://github.com/zcash/zcash/issues/2502
https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-pairing-friendly-curves-09
https://hackmd.io/@benjaminion/bls12-381#Security-level
Privacy Preserving Signatures