pub trait VartimePrecomputedMultiscalarMul: Sized {
    type Point: Clone;

    // Required methods
    fn new<I>(static_points: I) -> Self
       where I: IntoIterator,
             I::Item: Borrow<Self::Point>;
    fn optional_mixed_multiscalar_mul<I, J, K>(
        &self,
        static_scalars: I,
        dynamic_scalars: J,
        dynamic_points: K
    ) -> Option<Self::Point>
       where I: IntoIterator,
             I::Item: Borrow<Scalar>,
             J: IntoIterator,
             J::Item: Borrow<Scalar>,
             K: IntoIterator<Item = Option<Self::Point>>;

    // Provided methods
    fn vartime_multiscalar_mul<I>(&self, static_scalars: I) -> Self::Point
       where I: IntoIterator,
             I::Item: Borrow<Scalar> { ... }
    fn vartime_mixed_multiscalar_mul<I, J, K>(
        &self,
        static_scalars: I,
        dynamic_scalars: J,
        dynamic_points: K
    ) -> Self::Point
       where I: IntoIterator,
             I::Item: Borrow<Scalar>,
             J: IntoIterator,
             J::Item: Borrow<Scalar>,
             K: IntoIterator,
             K::Item: Borrow<Self::Point> { ... }
}
Expand description

A trait for variable-time multiscalar multiplication with precomputation.

A general multiscalar multiplication with precomputation can be written as $$ Q = a_1 A_1 + \cdots + a_n A_n + b_1 B_1 + \cdots + b_m B_m, $$ where the \(B_i\) are static points, for which precomputation is possible, and the \(A_j\) are dynamic points, for which precomputation is not possible.

This trait has three methods for performing this computation:

All methods require that the lengths of the input iterators be known and matching, as if they were ExactSizeIterators. (It does not require ExactSizeIterator only because that trait is broken).

Required Associated Types§

source

type Point: Clone

The type of point to be multiplied, e.g., RistrettoPoint.

Required Methods§

source

fn new<I>(static_points: I) -> Selfwhere I: IntoIterator, I::Item: Borrow<Self::Point>,

Given the static points \( B_i \), perform precomputation and return the precomputation data.

source

fn optional_mixed_multiscalar_mul<I, J, K>( &self, static_scalars: I, dynamic_scalars: J, dynamic_points: K ) -> Option<Self::Point>where I: IntoIterator, I::Item: Borrow<Scalar>, J: IntoIterator, J::Item: Borrow<Scalar>, K: IntoIterator<Item = Option<Self::Point>>,

Given static_scalars, an iterator of public scalars \(b_i\), dynamic_scalars, an iterator of public scalars \(a_i\), and dynamic_points, an iterator of points \(A_i\), compute $$ Q = a_1 A_1 + \cdots + a_n A_n + b_1 B_1 + \cdots + b_m B_m, $$ where the \(B_j\) are the points that were supplied to new.

If any of the dynamic points were None, return None.

It is an error to call this function with iterators of inconsistent lengths.

This function is particularly useful when verifying statements involving compressed points. Accepting Option<Point> allows inlining point decompression into the multiscalar call, avoiding the need for temporary buffers.

Provided Methods§

source

fn vartime_multiscalar_mul<I>(&self, static_scalars: I) -> Self::Pointwhere I: IntoIterator, I::Item: Borrow<Scalar>,

Given static_scalars, an iterator of public scalars \(b_i\), compute $$ Q = b_1 B_1 + \cdots + b_m B_m, $$ where the \(B_j\) are the points that were supplied to new.

It is an error to call this function with iterators of inconsistent lengths.

The trait bound aims for maximum flexibility: the input must be convertable to iterators (I: IntoIter), and the iterator’s items must be Borrow<Scalar>, to allow iterators returning either Scalars or &Scalars.

source

fn vartime_mixed_multiscalar_mul<I, J, K>( &self, static_scalars: I, dynamic_scalars: J, dynamic_points: K ) -> Self::Pointwhere I: IntoIterator, I::Item: Borrow<Scalar>, J: IntoIterator, J::Item: Borrow<Scalar>, K: IntoIterator, K::Item: Borrow<Self::Point>,

Given static_scalars, an iterator of public scalars \(b_i\), dynamic_scalars, an iterator of public scalars \(a_i\), and dynamic_points, an iterator of points \(A_i\), compute $$ Q = a_1 A_1 + \cdots + a_n A_n + b_1 B_1 + \cdots + b_m B_m, $$ where the \(B_j\) are the points that were supplied to new.

It is an error to call this function with iterators of inconsistent lengths.

The trait bound aims for maximum flexibility: the inputs must be convertable to iterators (I: IntoIter), and the iterator’s items must be Borrow<Scalar> (or Borrow<Point>), to allow iterators returning either Scalars or &Scalars.

Implementors§

source§

impl VartimePrecomputedMultiscalarMul for curve25519_dalek::backend::serial::scalar_mul::precomputed_straus::VartimePrecomputedStraus

Available on crate feature alloc only.
source§

impl VartimePrecomputedMultiscalarMul for curve25519_dalek::backend::vector::scalar_mul::precomputed_straus::spec_avx2::VartimePrecomputedStraus

Available on crate feature alloc and curve25519_dalek_backend="simd" only.
source§

impl VartimePrecomputedMultiscalarMul for curve25519_dalek::backend::vector::scalar_mul::precomputed_straus::spec_avx512ifma_avx512vl::VartimePrecomputedStraus

Available on nightly and crate feature alloc and curve25519_dalek_backend="simd" only.
source§

impl VartimePrecomputedMultiscalarMul for VartimeEdwardsPrecomputation

Available on crate feature alloc only.
source§

impl VartimePrecomputedMultiscalarMul for VartimeRistrettoPrecomputation

Available on crate feature alloc only.