darkfi_sdk::crypto::pasta_prelude

Trait CurveExt

pub trait CurveExt:
    PrimeCurve<Affine = Self::AffineExt, Scalar = Self::ScalarExt>
    + Group
    + Default
    + ConditionallySelectable
    + ConstantTimeEq
    + From<Self::Affine> {
    type ScalarExt: WithSmallOrderMulGroup<3>;
    type Base: WithSmallOrderMulGroup<3>;
    type AffineExt: CurveAffine<CurveExt = Self, ScalarExt = Self::ScalarExt, Output = Self, Output = Self> + Mul<Self::ScalarExt> + for<'r> Mul<Self::ScalarExt>;

    const CURVE_ID: &'static str;

    // Required methods
    fn endo(&self) -> Self;
    fn jacobian_coordinates(&self) -> (Self::Base, Self::Base, Self::Base);
    fn hash_to_curve<'a>(
        domain_prefix: &'a str,
    ) -> Box<dyn Fn(&[u8]) -> Self + 'a>;
    fn is_on_curve(&self) -> Choice;
    fn a() -> Self::Base;
    fn b() -> Self::Base;
    fn new_jacobian(
        x: Self::Base,
        y: Self::Base,
        z: Self::Base,
    ) -> CtOption<Self>;
}
Expand description

This trait is a common interface for dealing with elements of an elliptic curve group in a “projective” form, where that arithmetic is usually more efficient.

Requires the alloc feature flag because of hash_to_curve.

Required Associated Constants§

const CURVE_ID: &'static str

CURVE_ID used for hash-to-curve.

Required Associated Types§

type ScalarExt: WithSmallOrderMulGroup<3>

The scalar field of this elliptic curve.

type Base: WithSmallOrderMulGroup<3>

The base field over which this elliptic curve is constructed.

type AffineExt: CurveAffine<CurveExt = Self, ScalarExt = Self::ScalarExt, Output = Self, Output = Self> + Mul<Self::ScalarExt> + for<'r> Mul<Self::ScalarExt>

The affine version of the curve

Required Methods§

fn endo(&self) -> Self

Apply the curve endomorphism by multiplying the x-coordinate by an element of multiplicative order 3.

fn jacobian_coordinates(&self) -> (Self::Base, Self::Base, Self::Base)

Return the Jacobian coordinates of this point.

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> Self + 'a>

Requests a hasher that accepts messages and returns near-uniformly distributed elements in the group, given domain prefix domain_prefix.

This method is suitable for use as a random oracle.

§Example
use pasta_curves::arithmetic::CurveExt;
fn pedersen_commitment<C: CurveExt>(
    x: C::ScalarExt,
    r: C::ScalarExt,
) -> C::Affine {
    let hasher = C::hash_to_curve("z.cash:example_pedersen_commitment");
    let g = hasher(b"g");
    let h = hasher(b"h");
    (g * x + &(h * r)).to_affine()
}

fn is_on_curve(&self) -> Choice

Returns whether or not this element is on the curve; should always be true unless an “unchecked” API was used.

fn a() -> Self::Base

Returns the curve constant a.

fn b() -> Self::Base

Returns the curve constant b.

fn new_jacobian(x: Self::Base, y: Self::Base, z: Self::Base) -> CtOption<Self>

Obtains a point given Jacobian coordinates $X : Y : Z$, failing if the coordinates are not on the curve.

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§

§

impl CurveExt for Ep

§

const CURVE_ID: &'static str = "pallas"

§

type ScalarExt = Fq

§

type Base = Fp

§

type AffineExt = EpAffine

§

impl CurveExt for Eq

§

const CURVE_ID: &'static str = "vesta"

§

type ScalarExt = Fp

§

type Base = Fq

§

type AffineExt = EqAffine