Struct curve25519_dalek::montgomery::CompressedMontgomeryU

pub struct CompressedMontgomeryU(pub [u8; 32]);

In "Montgomery u" format, as used in X25519, a point (u,v) on the Montgomery curve

v² = u * (u² + 486662*u + 1)

is represented just by u. Note that we use (u,v) instead of (x,y) for Montgomery coordinates to avoid confusion with Edwards coordinates. For Montgomery curves, it is possible to compute the u-coordinate of n(u,v) just from n and u, so it is not necessary to use v for a Diffie-Hellman key exchange.

Methods

impl CompressedMontgomeryU

fn as_bytes<'a>(&'a self) -> &'a [u8; 32]

View this CompressedMontgomeryU as an array of bytes.

fn to_bytes(&self) -> [u8; 32]

Convert this CompressedMontgomeryU to an array of bytes.

fn decompress_edwards(&self) -> Option<ExtendedPoint>

Attempt to decompress to an ExtendedPoint.

Note

Since there are two curve points with the same u-coordinate, the u-coordinate does not fully specify a point. That is, roundtripping between an ExtendedPoint and a CompressedMontgomeryU discards its sign bit.

Warning

This function is not constant time.

Return

An Option<ExtendedPoint>, which will be None if either condition holds:

• u = -1, or
• v is not square.

fn decompress(&self) -> MontgomeryPoint

Decompress this CompressedMontgomeryU to a MontgomeryPoint.

Going from affine to projective coordinates, we have:

    u → U/W

Returns

A projective MontgomeryPoint corresponding to this compressed point.

fn to_edwards_y(u: &FieldElement32) -> FieldElement32

Given a Montgomery u coordinate, compute an Edwards y via y = (u-1)/(u+1).

Return

A FieldElement corresponding to this coordinate, but in Edwards form.

fn to_montgomery_v(u: &FieldElement32) -> (u8, FieldElement32)

Given a Montgomery u coordinate, compute the corresponding Montgomery v coordinate by computing the right-hand side of the Montgomery field equation, v² = u(u² + Au +1).

Return

A tuple of (u8, FieldElement), where the u8 is 1 if the v² was actually a square and 0 if otherwise, along with a FieldElement: the Montgomery v corresponding to this u.

fn to_edwards_x(
    u: &FieldElement32,
    v: &FieldElement32,
    sign: &u8
) -> FieldElement32

Given Montgomery coordinates (u, v), recover the Edwards x coordinate.

Inputs

• u and v are both &FieldElements, corresponding the the (u, v) coordinates of this CompressedMontgomeryU.
• sign is an &u8.

Explanation of choice of sign

Original Signal behaviour:

• 1u8 will leave x negative if it is negative, and will negate x if it is positive, and
• 0u8 will leave x positive if it is positive, and will negate x if it is negative.

Hence, if sign is 1u8, the returned x will be negative. Otherwise, if sign is 0u8, the returned x will be positive.

Return

A FieldElement, the Edwards x coordinate, by using (u, v) to convert from Montgomery to Edwards form via the right-hand side of the equation: x=(u/v)*sqrt(-A-2).

Trait Implementations

impl Copy for CompressedMontgomeryU

impl Clone for CompressedMontgomeryU

fn clone(&self) -> CompressedMontgomeryU

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CompressedMontgomeryU

fn fmt(&self, __arg_0: &mut Formatter) -> Result

Formats the value using the given formatter.

impl PartialEq for CompressedMontgomeryU

fn eq(&self, __arg_0: &CompressedMontgomeryU) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, __arg_0: &CompressedMontgomeryU) -> bool

This method tests for !=.

impl Eq for CompressedMontgomeryU