logo

Struct curve25519_dalek::ristretto::RistrettoPoint

source · []
pub struct RistrettoPoint(_);
Expand description

A RistrettoPoint represents a point in the Ristretto group for Curve25519. Ristretto, a variant of Decaf, constructs a prime-order group as a quotient group of a subgroup of (the Edwards form of) Curve25519.

Internally, a RistrettoPoint is implemented as a wrapper type around EdwardsPoint, with custom equality, compression, and decompression routines to account for the quotient. This means that operations on RistrettoPoints are exactly as fast as operations on EdwardsPoints.

Implementations

Compress this point using the Ristretto encoding.

Double-and-compress a batch of points. The Ristretto encoding is not batchable, since it requires an inverse square root.

However, given input points \( P_1, \ldots, P_n, \) it is possible to compute the encodings of their doubles \( \mathrm{enc}( [2]P_1), \ldots, \mathrm{enc}( [2]P_n ) \) in a batch.

extern crate rand_core;
use rand_core::OsRng;

let mut rng = OsRng;
let points: Vec<RistrettoPoint> =
    (0..32).map(|_| RistrettoPoint::random(&mut rng)).collect();

let compressed = RistrettoPoint::double_and_compress_batch(&points);

for (P, P2_compressed) in points.iter().zip(compressed.iter()) {
    assert_eq!(*P2_compressed, (P + P).compress());
}

Return a RistrettoPoint chosen uniformly at random using a user-provided RNG.

Inputs
  • rng: any RNG which implements the RngCore + CryptoRng interface.
Returns

A random element of the Ristretto group.

Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown. The map is applied twice and the results are added, to ensure a uniform distribution.

Hash a slice of bytes into a RistrettoPoint.

Takes a type parameter D, which is any Digest producing 64 bytes of output.

Convenience wrapper around from_hash.

Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown. The map is applied twice and the results are added, to ensure a uniform distribution.

Example
extern crate sha2;
use sha2::Sha512;

let msg = "To really appreciate architecture, you may even need to commit a murder";
let P = RistrettoPoint::hash_from_bytes::<Sha512>(msg.as_bytes());

Construct a RistrettoPoint from an existing Digest instance.

Use this instead of hash_from_bytes if it is more convenient to stream data into the Digest than to pass a single byte slice.

Construct a RistrettoPoint from 64 bytes of data.

If the input bytes are uniformly distributed, the resulting point will be uniformly distributed over the group, and its discrete log with respect to other points should be unknown.

Implementation

This function splits the input array into two 32-byte halves, takes the low 255 bits of each half mod p, applies the Ristretto-flavored Elligator map to each, and adds the results.

Compute \(aA + bB\) in variable time, where \(B\) is the Ristretto basepoint.

Trait Implementations

The resulting type after applying the + operator.

Performs the + operation. Read more

The resulting type after applying the + operator.

Performs the + operation. Read more

The resulting type after applying the + operator.

Performs the + operation. Read more

The resulting type after applying the + operator.

Performs the + operation. Read more

Performs the += operation. Read more

Performs the += operation. Read more

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Conditionally select between self and other.

Example
use subtle::ConditionallySelectable;
use subtle::Choice;

let A = RistrettoPoint::identity();
let B = constants::RISTRETTO_BASEPOINT_POINT;

let mut P = A;

P = RistrettoPoint::conditional_select(&A, &B, Choice::from(0));
assert_eq!(P, A);
P = RistrettoPoint::conditional_select(&A, &B, Choice::from(1));
assert_eq!(P, B);

Conditionally assign other to self, according to choice. Read more

Conditionally swap self and other if choice == 1; otherwise, reassign both unto themselves. Read more

Test equality between two RistrettoPoints.

Returns
  • Choice(1) if the two RistrettoPoints are equal;
  • Choice(0) otherwise.

Formats the value using the given formatter. Read more

Returns the “default value” for a type. Read more

Returns the identity element of the curve. Can be used as a constructor. Read more

Scalar multiplication: compute self * scalar.

The resulting type after applying the * operator.

The resulting type after applying the * operator.

Performs the * operation. Read more

Scalar multiplication: compute scalar * self.

The resulting type after applying the * operator.

The resulting type after applying the * operator.

Performs the * operation. Read more

The resulting type after applying the * operator.

Performs the * operation. Read more

The resulting type after applying the * operator.

Performs the * operation. Read more

The resulting type after applying the * operator.

Performs the * operation. Read more

The resulting type after applying the * operator.

Performs the * operation. Read more

Performs the *= operation. Read more

Performs the *= operation. Read more

The type of point being multiplied, e.g., RistrettoPoint.

Given an iterator of (possibly secret) scalars and an iterator of public points, compute $$ Q = c_1 P_1 + \cdots + c_n P_n. $$ Read more

The resulting type after applying the - operator.

Performs the unary - operation. Read more

The resulting type after applying the - operator.

Performs the unary - operation. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

The resulting type after applying the - operator.

Performs the - operation. Read more

The resulting type after applying the - operator.

Performs the - operation. Read more

The resulting type after applying the - operator.

Performs the - operation. Read more

The resulting type after applying the - operator.

Performs the - operation. Read more

Performs the -= operation. Read more

Performs the -= operation. Read more

Method which takes an iterator and generates Self from the elements by “summing up” the items. Read more

The type of point being multiplied, e.g., RistrettoPoint.

Given an iterator of public scalars and an iterator of Options of points, compute either Some(Q), where $$ Q = c_1 P_1 + \cdots + c_n P_n, $$ if all points were Some(P_i), or else return None. Read more

Given an iterator of public scalars and an iterator of public points, compute $$ Q = c_1 P_1 + \cdots + c_n P_n, $$ using variable-time operations. Read more

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Numeric cast from self to T.

Negate self if choice == Choice(1); otherwise, leave it unchanged. Read more

Performs the conversion.

Safe lossless bitwise transmute from T to Self.

Numeric cast from T to Self.

Performs the conversion.

Safe lossless bitwise transmute from self to T.

Return true if this element is the identity element of the curve.

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.