Struct curve25519_dalek::ristretto::RistrettoPoint [] [src]

pub struct RistrettoPoint(_);

A RistrettoPoint represents a point in the Ristretto group for Curve25519. Ristretto, a variant of Decaf, constructs a prime-order group as a quotient group of a subgroup of (the Edwards form of) Curve25519.

Internally, a RistrettoPoint is a wrapper type around ExtendedPoint, with custom equality, compression, and decompression routines to account for the quotient.

Methods

impl RistrettoPoint
[src]

[src]

Compress in Ristretto format.

Implementation Notes

The Ristretto encoding is as follows, on input in affine coordinates (x,y):

  1. If xy is negative or x = 0, "rotate" the point by setting (x,y) = (iy, ix).
  2. If x is negative, set (x,y) = (-x, -y).
  3. Compute s = +sqrt((1-y)/(1+y)).
  4. Return the little-endian 32-byte encoding of s.

However, our input is in extended twisted Edwards coordinates (X:Y:Z:T) with x = X/Z, y = Y/Z, xy = T/Z (see the module-level documentation on curve representations for more details). Since inversions are expensive, we'd like to be able to do this whole computation with only one inversion.

Since y = Y/Z, in extended coordinates the formula for s becomes

    s = sqrt((1 - Y/Z)/(1 + Y/Z)) = sqrt((Z-Y)/(Z+Y)). (1)

We can compute this as

    s = (Z - Y) / sqrt((Z-Y)(Z+Y)). (1)

The denominator is

    invsqrt((Z-Y)(Z+Y)) = invsqrt(Z² - Y²). (1)

Write the input point as (X₀:Y₀:Z₀:T₀). The rotation in step 1 of the encoding procedure replaces (X₀:Y₀:Z₀:T₀) by (iY₀:iX₀:Z₀:-T₀). We therefore wish to relate the computation of

    invsqrt(Z² - Y²) = invsqrt(Z₀² - Y₀²) [non-rotated case]

with the computation of

    invsqrt(Z² - Y²) = invsqrt(Z₀² + X₀²). [rotated case]

Recall the curve equation (in the 𝗣² model):

    (-X² + Y²)Z² = Z⁴ + dX²Y². (1)

This means that, for any point (X:Y:Z:T) in extended coordinates, we have

    -dX²Y² = Z⁴ + Z²X² - Z²Y², (2)

so that

    (-1-d)X²Y² = Z⁴ + Z²X² - Z²Y² - X²Y², (3)

and hence

    (-1-d)X²Y² = (Z² - Y²)(Z² + X²). (4)

Taking inverse square roots gives

    invsqrt(Z² + X²) = invsqrt(-1-d) sqrt((Z² - Y²)/(X²Y²)). (4)

[src]

Computes the Ristretto Elligator map.

Note

This method is not public because it's just used for hashing to a point -- proper elligator support is deferred for now.

[src]

Return a RistrettoPoint chosen uniformly at random using a user-provided RNG.

Inputs

  • rng: any RNG which implements the rand::Rng interface.

Returns

A random element of the Ristretto group.

Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown.

[src]

Hash a slice of bytes into a RistrettoPoint.

Takes a type parameter D, which is any Digest producing 32 bytes (256 bits) of output.

Convenience wrapper around from_hash.

Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown.

Example

extern crate sha2;
use sha2::Sha256;

let msg = "To really appreciate architecture, you may even need to commit a murder";
let P = RistrettoPoint::hash_from_bytes::<Sha256>(msg.as_bytes());

[src]

Construct a RistrettoPoint from an existing Digest instance.

Use this instead of hash_from_bytes if it is more convenient to stream data into the Digest than to pass a single byte slice.

Trait Implementations

impl Copy for RistrettoPoint
[src]

impl Clone for RistrettoPoint
[src]

[src]

Returns a copy of the value. Read more

1.0.0
[src]

Performs copy-assignment from source. Read more

impl Identity for RistrettoPoint
[src]

[src]

Returns the identity element of the curve. Can be used as a constructor. Read more

impl PartialEq for RistrettoPoint
[src]

[src]

This method tests for self and other values to be equal, and is used by ==. Read more

1.0.0
[src]

This method tests for !=.

impl Equal for RistrettoPoint
[src]

[src]

Test equality between two RistrettoPoints.

Returns

1u8 if the two RistrettoPoints are equal, and 0u8 otherwise.

impl Eq for RistrettoPoint
[src]

impl<'a, 'b> Add<&'b RistrettoPoint> for &'a RistrettoPoint
[src]

The resulting type after applying the + operator.

[src]

Performs the + operation.

impl<'b> AddAssign<&'b RistrettoPoint> for RistrettoPoint
[src]

[src]

Performs the += operation.

impl<'a, 'b> Sub<&'b RistrettoPoint> for &'a RistrettoPoint
[src]

The resulting type after applying the - operator.

[src]

Performs the - operation.

impl<'b> SubAssign<&'b RistrettoPoint> for RistrettoPoint
[src]

[src]

Performs the -= operation.

impl<'a> Neg for &'a RistrettoPoint
[src]

The resulting type after applying the - operator.

[src]

Performs the unary - operation.

impl<'b> MulAssign<&'b Scalar> for RistrettoPoint
[src]

[src]

Performs the *= operation.

impl<'a, 'b> Mul<&'b Scalar> for &'a RistrettoPoint
[src]

The resulting type after applying the * operator.

[src]

Scalar multiplication: compute scalar * self.

impl ConditionallyAssignable for RistrettoPoint
[src]

[src]

Conditionally assign other to self, if choice == 1u8.

Example

let A = RistrettoPoint::identity();
let B = constants::RISTRETTO_BASEPOINT_POINT;

let mut P = A;

P.conditional_assign(&B, 0u8);
assert!(P == A);
P.conditional_assign(&B, 1u8);
assert!(P == B);

impl Debug for RistrettoPoint
[src]

[src]

Formats the value using the given formatter.