snark_verifier::util::arithmetic

Trait CurveExt

Source
pub trait CurveExt:
    PrimeCurve<Affine = Self::AffineExt, Scalar = Self::ScalarExt>
    + Group
    + Default
    + ConditionallySelectable
    + ConstantTimeEq
    + From<Self::Affine> {
    type ScalarExt: WithSmallOrderMulGroup<3>;
    type Base: WithSmallOrderMulGroup<3>;
    type AffineExt: CurveAffine<CurveExt = Self, ScalarExt = Self::ScalarExt, Output = Self, Output = Self> + Mul<Self::ScalarExt> + for<'r> Mul<Self::ScalarExt>;

    const CURVE_ID: &'static str;

    // Required methods
    fn endo(&self) -> Self;
    fn jacobian_coordinates(&self) -> (Self::Base, Self::Base, Self::Base);
    fn hash_to_curve<'a>(
        domain_prefix: &'a str,
    ) -> Box<dyn Fn(&[u8]) -> Self + 'a>;
    fn is_on_curve(&self) -> Choice;
    fn a() -> Self::Base;
    fn b() -> Self::Base;
    fn new_jacobian(
        x: Self::Base,
        y: Self::Base,
        z: Self::Base,
    ) -> CtOption<Self>;
}
Expand description

This trait is a common interface for dealing with elements of an elliptic curve group in a “projective” form, where that arithmetic is usually more efficient.

Requires the alloc feature flag because of hash_to_curve.

Required Associated Constants§

Source

const CURVE_ID: &'static str

CURVE_ID used for hash-to-curve.

Required Associated Types§

Source

type ScalarExt: WithSmallOrderMulGroup<3>

The scalar field of this elliptic curve.

Source

type Base: WithSmallOrderMulGroup<3>

The base field over which this elliptic curve is constructed.

Source

type AffineExt: CurveAffine<CurveExt = Self, ScalarExt = Self::ScalarExt, Output = Self, Output = Self> + Mul<Self::ScalarExt> + for<'r> Mul<Self::ScalarExt>

The affine version of the curve

Required Methods§

Source

fn endo(&self) -> Self

Apply the curve endomorphism by multiplying the x-coordinate by an element of multiplicative order 3.

Source

fn jacobian_coordinates(&self) -> (Self::Base, Self::Base, Self::Base)

Return the Jacobian coordinates of this point.

Source

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> Self + 'a>

Requests a hasher that accepts messages and returns near-uniformly distributed elements in the group, given domain prefix domain_prefix.

This method is suitable for use as a random oracle.

§Example
use pasta_curves::arithmetic::CurveExt;
fn pedersen_commitment<C: CurveExt>(
    x: C::ScalarExt,
    r: C::ScalarExt,
) -> C::Affine {
    let hasher = C::hash_to_curve("z.cash:example_pedersen_commitment");
    let g = hasher(b"g");
    let h = hasher(b"h");
    (g * x + &(h * r)).to_affine()
}
Source

fn is_on_curve(&self) -> Choice

Returns whether or not this element is on the curve; should always be true unless an “unchecked” API was used.

Source

fn a() -> Self::Base

Returns the curve constant a.

Source

fn b() -> Self::Base

Returns the curve constant b.

Source

fn new_jacobian(x: Self::Base, y: Self::Base, z: Self::Base) -> CtOption<Self>

Obtains a point given Jacobian coordinates $X : Y : Z$, failing if the coordinates are not on the curve.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementations on Foreign Types§

Source§

impl CurveExt for G1Projective

Source§

impl CurveExt for G2Projective

Source§

impl CurveExt for G1

Source§

const CURVE_ID: &'static str = "bn256_g1"

Source§

type ScalarExt = Fr

Source§

type Base = Fq

Source§

type AffineExt = G1Affine

Source§

fn endo(&self) -> G1

Source§

fn jacobian_coordinates(&self) -> (Fq, Fq, Fq)

Source§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G1 + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <G1 as CurveExt>::Base

Source§

fn a() -> <G1 as CurveExt>::Base

Source§

fn new_jacobian( x: <G1 as CurveExt>::Base, y: <G1 as CurveExt>::Base, z: <G1 as CurveExt>::Base, ) -> CtOption<G1>

Source§

impl CurveExt for G2

Source§

const CURVE_ID: &'static str = "bn256_g2"

Source§

type ScalarExt = Fr

Source§

type Base = Fq2

Source§

type AffineExt = G2Affine

Source§

fn endo(&self) -> G2

Source§

fn jacobian_coordinates(&self) -> (Fq2, Fq2, Fq2)

Source§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G2 + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <G2 as CurveExt>::Base

Source§

fn a() -> <G2 as CurveExt>::Base

Source§

fn new_jacobian( x: <G2 as CurveExt>::Base, y: <G2 as CurveExt>::Base, z: <G2 as CurveExt>::Base, ) -> CtOption<G2>

Source§

impl CurveExt for Ed25519

Source§

impl CurveExt for G1

Source§

const CURVE_ID: &'static str = "grumpkin_g1"

Source§

type ScalarExt = Fq

Source§

type Base = Fr

Source§

type AffineExt = G1Affine

Source§

fn endo(&self) -> G1

Source§

fn jacobian_coordinates(&self) -> (Fr, Fr, Fr)

Source§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G1 + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <G1 as CurveExt>::Base

Source§

fn a() -> <G1 as CurveExt>::Base

Source§

fn new_jacobian( x: <G1 as CurveExt>::Base, y: <G1 as CurveExt>::Base, z: <G1 as CurveExt>::Base, ) -> CtOption<G1>

Source§

impl CurveExt for Eris

Source§

const CURVE_ID: &'static str = "eris"

Source§

type ScalarExt = Fp

Source§

type Base = Fq

Source§

type AffineExt = ErisAffine

Source§

fn endo(&self) -> Eris

Source§

fn jacobian_coordinates(&self) -> (Fq, Fq, Fq)

Source§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> Eris + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <Eris as CurveExt>::Base

Source§

fn a() -> <Eris as CurveExt>::Base

Source§

fn new_jacobian( x: <Eris as CurveExt>::Base, y: <Eris as CurveExt>::Base, z: <Eris as CurveExt>::Base, ) -> CtOption<Eris>

Source§

impl CurveExt for G1

Source§

const CURVE_ID: &'static str = "pluto"

Source§

type ScalarExt = Fq

Source§

type Base = Fp

Source§

type AffineExt = G1Affine

Source§

fn endo(&self) -> G1

Source§

fn jacobian_coordinates(&self) -> (Fp, Fp, Fp)

Source§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G1 + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <G1 as CurveExt>::Base

Source§

fn a() -> <G1 as CurveExt>::Base

Source§

fn new_jacobian( x: <G1 as CurveExt>::Base, y: <G1 as CurveExt>::Base, z: <G1 as CurveExt>::Base, ) -> CtOption<G1>

Source§

impl CurveExt for G2

Source§

const CURVE_ID: &'static str = "triton"

Source§

type ScalarExt = Fq

Source§

type Base = Fp2

Source§

type AffineExt = G2Affine

Source§

fn endo(&self) -> G2

Source§

fn jacobian_coordinates(&self) -> (Fp2, Fp2, Fp2)

Source§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G2 + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <G2 as CurveExt>::Base

Source§

fn a() -> <G2 as CurveExt>::Base

Source§

fn new_jacobian( x: <G2 as CurveExt>::Base, y: <G2 as CurveExt>::Base, z: <G2 as CurveExt>::Base, ) -> CtOption<G2>

Source§

impl CurveExt for Secp256k1

Source§

const CURVE_ID: &'static str = "secp256k1"

Source§

type ScalarExt = Fq

Source§

type Base = Fp

Source§

type AffineExt = Secp256k1Affine

Source§

fn endo(&self) -> Secp256k1

Source§

fn jacobian_coordinates(&self) -> (Fp, Fp, Fp)

Source§

fn hash_to_curve<'a>( domain_prefix: &'a str, ) -> Box<dyn Fn(&[u8]) -> Secp256k1 + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <Secp256k1 as CurveExt>::Base

Source§

fn a() -> <Secp256k1 as CurveExt>::Base

Source§

fn new_jacobian( x: <Secp256k1 as CurveExt>::Base, y: <Secp256k1 as CurveExt>::Base, z: <Secp256k1 as CurveExt>::Base, ) -> CtOption<Secp256k1>

Source§

impl CurveExt for Secp256r1

Source§

const CURVE_ID: &'static str = "secp256r1"

Source§

type ScalarExt = Fq

Source§

type Base = Fp

Source§

type AffineExt = Secp256r1Affine

Source§

fn endo(&self) -> Secp256r1

Source§

fn jacobian_coordinates(&self) -> (Fp, Fp, Fp)

Source§

fn hash_to_curve<'a>( domain_prefix: &'a str, ) -> Box<dyn Fn(&[u8]) -> Secp256r1 + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <Secp256r1 as CurveExt>::Base

Source§

fn a() -> <Secp256r1 as CurveExt>::Base

Source§

fn new_jacobian( x: <Secp256r1 as CurveExt>::Base, y: <Secp256r1 as CurveExt>::Base, z: <Secp256r1 as CurveExt>::Base, ) -> CtOption<Secp256r1>

Source§

impl CurveExt for Secq256k1

Source§

const CURVE_ID: &'static str = "secq256k1"

Source§

type ScalarExt = Fp

Source§

type Base = Fq

Source§

type AffineExt = Secq256k1Affine

Source§

fn endo(&self) -> Secq256k1

Source§

fn jacobian_coordinates(&self) -> (Fq, Fq, Fq)

Source§

fn hash_to_curve<'a>( domain_prefix: &'a str, ) -> Box<dyn Fn(&[u8]) -> Secq256k1 + 'a>

Source§

fn is_on_curve(&self) -> Choice

Source§

fn b() -> <Secq256k1 as CurveExt>::Base

Source§

fn a() -> <Secq256k1 as CurveExt>::Base

Source§

fn new_jacobian( x: <Secq256k1 as CurveExt>::Base, y: <Secq256k1 as CurveExt>::Base, z: <Secq256k1 as CurveExt>::Base, ) -> CtOption<Secq256k1>

Implementors§