Struct zerocaf::edwards::EdwardsPoint

pub struct EdwardsPoint {
    pub X: FieldElement,
    pub Y: FieldElement,
    pub Z: FieldElement,
    pub T: FieldElement,
}

An EdwardsPoint represents a point on the Sonny Curve which is expressed in the Twisted Edwards Extended Coordinates format, eg. (X, Y, Z, T).

Extended coordinates represent X & Y as(X Y Z T) satisfying the following equations: X=X/Z Y=Y/Z X*Y=T/Z

Fields

X: FieldElement

Y: FieldElement

Z: FieldElement

T: FieldElement

Methods

impl EdwardsPoint

pub fn to_montgomery(&self) -> MontgomeryPoint

Convert this EdwardsPoint on the Edwards model to the corresponding MontgomeryPoint on the Montgomery model.

pub fn coset4(&self) -> [EdwardsPoint; 4]

Prints the 4Coset where the input EdwardsPoint lives in.

pub fn compress(&self) -> CompressedEdwardsY

Compress this point to CompressedEdwardsY format.

pub fn new_from_y_coord(y: &FieldElement, sign: Choice) -> Option<EdwardsPoint>

This function tries to build a Point over the Sonny Curve from a Y coordinate and a Choice that determines the sign of the X coordinate that the user wants to use.

The function gets X by solving: +-X = mod_sqrt((y^2 -1)/(dy^2 - a)).

The sign of x is choosen with a Choice parameter.

For Choice(0) -> Negative result. For Choice(1) -> Positive result.

Then Z is always equal to 1.

Returns

• Some(EdwardsPoint) if there exists a result for the mod_sqrt.
• None if the resulting x^2 isn't a QR modulo FIELD_L.

pub fn new_random_point<T: Rng + CryptoRng>(rand: &mut T) -> EdwardsPoint

This function tries to build a Point over the Sonny Curve from a random Y coordinate and a random Choice that determines the sign of the X coordinate.

Trait Implementations

impl<'a, 'b> Add<&'b EdwardsPoint> for &'a EdwardsPoint

type Output = EdwardsPoint

The resulting type after applying the + operator.

fn add(self, other: &'b EdwardsPoint) -> EdwardsPoint

Add two EdwardsPoints and give the resulting EdwardsPoint. This implementation is specific for curves with a = -1 as Sonny is.

[Source: 2008 Hisil–Wong–Carter–Dawson], (http://eprint.iacr.org/2008/522), Section 3.1.

impl Add<EdwardsPoint> for EdwardsPoint

type Output = EdwardsPoint

The resulting type after applying the + operator.

fn add(self, other: EdwardsPoint) -> EdwardsPoint

Add two EdwardsPoints and give the resulting EdwardsPoint. This implementation is specific for curves with a = -1 as Sonny is.

[Source: 2008 Hisil–Wong–Carter–Dawson], (http://eprint.iacr.org/2008/522), Section 3.1.

impl Clone for EdwardsPoint

fn clone(&self) -> EdwardsPoint

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl ConstantTimeEq for EdwardsPoint

fn ct_eq(&self, other: &EdwardsPoint) -> Choice

Determine if two items are equal.

impl Copy for EdwardsPoint

impl Debug for EdwardsPoint

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl Default for EdwardsPoint

fn default() -> EdwardsPoint

Returns the default EdwardsPoint Extended Coordinates: (0, 1, 1, 0).

impl<'a> Double for &'a EdwardsPoint

type Output = EdwardsPoint

fn double(self) -> EdwardsPoint

Performs the point doubling operation ie. 2*P over the Twisted Edwards Extended Coordinates.

This implementation is specific for curves with a = -1 as Sonny is. Source: 2008 Hisil–Wong–Carter–Dawson, http://eprint.iacr.org/2008/522, Section 3.1. Cost: 4M+ 4S+ 1D

impl Eq for EdwardsPoint

impl From<AffinePoint> for EdwardsPoint

fn from(point: AffinePoint) -> EdwardsPoint

In affine form, each elliptic curve point has 2 coordinates, like (x,y). In the new projective form, each point will have 3 coordinates, like (X,Y,Z), with the restriction that Z is never zero.

The forward mapping is given by (X,Y)→(XZ,YZ,Z), for any non-zero z (usually chosen to be 1 for convenience).

After this is done, we move from Projective to Extended by setting the new coordinate T = X * Y.

impl From<EdwardsPoint> for ProjectivePoint

fn from(point: EdwardsPoint) -> ProjectivePoint

Given (X:Y:T:Z) in εε, passing to ε is cost-free by simply ignoring T.

Twisted Edwards Curves Revisited - Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson, Section 3.

impl From<EdwardsPoint> for AffinePoint

fn from(point: EdwardsPoint) -> AffinePoint

Given (X:Y:Z:T) in εε, passing to affine can be performed in 3M+ 1I by computing:

First, move to Projective Coordinates by removing T.

Then, reduce the point from Projective to Affine coordinates computing: (XZinv, YZinv, Z*Zinv).

And once Z coord = 1 we can simply remove it.

Twisted Edwards Curves Revisited - Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson.

impl From<ProjectivePoint> for EdwardsPoint

fn from(point: ProjectivePoint) -> EdwardsPoint

Given (X:Y:Z) in ε passing to εε can beperformed in 3M+ 1S by computing (XZ, YZ, X*Y, Z^2).

Twisted Edwards Curves Revisited - Huseyin Hisil, Kenneth Koon-Ho Wong, Gary Carter, and Ed Dawson, Section 3.

impl Identity for EdwardsPoint

fn identity() -> EdwardsPoint

Returns the Edwards Point identity value = (0, 1, 1, 0).

impl<'a, 'b> Mul<&'b Scalar> for &'a EdwardsPoint

type Output = EdwardsPoint

The resulting type after applying the * operator.

fn mul(self, scalar: &'b Scalar) -> EdwardsPoint

Scalar multiplication: compute self * Scalar. This implementation uses the algorithm: add_and_doubling which is the standard one for this operations and also adds less constraints on R1CS.

Hankerson, Darrel; Vanstone, Scott; Menezes, Alfred (2004). Guide to Elliptic Curve Cryptography. Springer Professional Computing. New York: Springer-Verlag.

impl Mul<Scalar> for EdwardsPoint

type Output = EdwardsPoint

The resulting type after applying the * operator.

fn mul(self, scalar: Scalar) -> EdwardsPoint

Scalar multiplication: compute Scalar * self. This implementation uses the algorithm: add_and_doubling which is the standard one for this operations and also adds less constraints on R1CS.

Hankerson, Darrel; Vanstone, Scott; Menezes, Alfred (2004). Guide to Elliptic Curve Cryptography. Springer Professional Computing. New York: Springer-Verlag.

impl<'a> Neg for &'a EdwardsPoint

type Output = EdwardsPoint

The resulting type after applying the - operator.

fn neg(self) -> EdwardsPoint

Negates an EdwardsPoint giving it's negated value as a result.

Since the negative of a point is (-X:Y:Z:-T), it gives as a result: (-X:Y:Z:-T).

impl Neg for EdwardsPoint

type Output = EdwardsPoint

The resulting type after applying the - operator.

fn neg(self) -> EdwardsPoint

Negates an EdwardsPoint giving it as a result

impl PartialEq<EdwardsPoint> for EdwardsPoint

fn eq(&self, other: &EdwardsPoint) -> bool

This method tests for self and other values to be equal, and is used by ==.

#[must_use] fn ne(&self, other: &Rhs) -> bool

This method tests for !=.

impl<'a, 'b> Sub<&'b EdwardsPoint> for &'a EdwardsPoint

type Output = EdwardsPoint

The resulting type after applying the - operator.

fn sub(self, other: &'b EdwardsPoint) -> EdwardsPoint

Substract two EdwardsPoints and give the resulting EdwardsPoint This implementation is specific for curves with a = -1 as Sonny is. Source: 2008 Hisil–Wong–Carter–Dawson, http://eprint.iacr.org/2008/522, Section 3.1.

The only thing we do is negate the second EdwardsPoint and add it following the same addition algorithm.

impl Sub<EdwardsPoint> for EdwardsPoint

type Output = EdwardsPoint

The resulting type after applying the - operator.

fn sub(self, other: EdwardsPoint) -> EdwardsPoint

Substract two EdwardsPoints and give the resulting EdwardsPoint This implementation is specific for curves with a = -1 as Sonny is. Source: 2008 Hisil–Wong–Carter–Dawson, http://eprint.iacr.org/2008/522, Section 3.1.

The only thing we do is negate the second EdwardsPoint and add it following the same addition algorithm.

impl ValidityCheck for EdwardsPoint

fn is_valid(&self) -> Choice

Verifies if the curve equation (in projective twisted edwards coordinates) holds given the (X, Y, Z) coordinates of a point in Projective Coordinates.