[−][src]Module zerocaf::ristretto

Implementation of the Ristretto Protocol over the Sonnycurve.

Notes extracted from: https://ristretto.group/ristretto.html. Go there for the full lecture or check the paper here: https://tools.ietf.org/pdf/draft-hdevalence-cfrg-ristretto-00.pdf

The code wa originaly created by Isis Agora Lovecruft and Henry de Valence here

What's Ristretto?

Ristretto is a construction of a prime-order group using a non-prime-order Edwards curve. The Decaf paper suggests using a non-prime-order curve E\mathcal EE to implement a prime-order group by constructing a quotient group. Ristretto uses the same idea, but with different formulas, in order to allow the use of cofactor 8 curves such as Curve25519.

Internally, a Ristretto point is represented by an Edwards point. Two Edwards points P, Q may represent the same Ristretto point, in the same way that different projective (X,Y,Z) coordinates may represent the same Edwards point.

Group operations on Ristretto points are carried out with no overhead by performing the operations on the representative Edwards points.

Reference: https://tools.ietf.org/html/draft-hdevalence-cfrg-ristretto-00

Structs

CompressedRistretto	Ristretto Point expressed in wire format. Since the Ristretto bytes encoding is canonical, two points are equal if their encodin form is equal.
RistrettoPoint