Trait darkfi_sdk::crypto::pasta_prelude::CurveExt

pub trait CurveExt: PrimeCurve<Affine = Self::AffineExt, Scalar = Self::ScalarExt> + Group + Default + ConditionallySelectable + ConstantTimeEq + From<Self::Affine> {
    type ScalarExt: WithSmallOrderMulGroup<3>;
    type Base: WithSmallOrderMulGroup<3>;
    type AffineExt: CurveAffine<CurveExt = Self, ScalarExt = Self::ScalarExt, Output = Self, Output = Self> + Mul<Self::ScalarExt> + for<'r> Mul<Self::ScalarExt>;

    const CURVE_ID: &'static str;

    // Required methods
    fn endo(&self) -> Self;
    fn jacobian_coordinates(&self) -> (Self::Base, Self::Base, Self::Base);
    fn hash_to_curve<'a>(
        domain_prefix: &'a str,
    ) -> Box<dyn Fn(&[u8]) -> Self + 'a>;
    fn is_on_curve(&self) -> Choice;
    fn a() -> Self::Base;
    fn b() -> Self::Base;
    fn new_jacobian(
        x: Self::Base,
        y: Self::Base,
        z: Self::Base,
    ) -> CtOption<Self>;
}
Expand description

This trait is a common interface for dealing with elements of an elliptic curve group in a “projective” form, where that arithmetic is usually more efficient.

Requires the alloc feature flag because of hash_to_curve.

Required Associated Types§

type ScalarExt: WithSmallOrderMulGroup<3>

The scalar field of this elliptic curve.

type Base: WithSmallOrderMulGroup<3>

The base field over which this elliptic curve is constructed.

type AffineExt: CurveAffine<CurveExt = Self, ScalarExt = Self::ScalarExt, Output = Self, Output = Self> + Mul<Self::ScalarExt> + for<'r> Mul<Self::ScalarExt>

The affine version of the curve

Required Associated Constants§

const CURVE_ID: &'static str

CURVE_ID used for hash-to-curve.

Required Methods§

fn endo(&self) -> Self

Apply the curve endomorphism by multiplying the x-coordinate by an element of multiplicative order 3.

fn jacobian_coordinates(&self) -> (Self::Base, Self::Base, Self::Base)

Return the Jacobian coordinates of this point.

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> Self + 'a>

Requests a hasher that accepts messages and returns near-uniformly distributed elements in the group, given domain prefix domain_prefix.

This method is suitable for use as a random oracle.

§Example
use pasta_curves::arithmetic::CurveExt;
fn pedersen_commitment<C: CurveExt>(
    x: C::ScalarExt,
    r: C::ScalarExt,
) -> C::Affine {
    let hasher = C::hash_to_curve("z.cash:example_pedersen_commitment");
    let g = hasher(b"g");
    let h = hasher(b"h");
    (g * x + &(h * r)).to_affine()
}

fn is_on_curve(&self) -> Choice

Returns whether or not this element is on the curve; should always be true unless an “unchecked” API was used.

fn a() -> Self::Base

Returns the curve constant a.

fn b() -> Self::Base

Returns the curve constant b.

fn new_jacobian(x: Self::Base, y: Self::Base, z: Self::Base) -> CtOption<Self>

Obtains a point given Jacobian coordinates $X : Y : Z$, failing if the coordinates are not on the curve.

Object Safety§

This trait is not object safe.

Implementors§

§

impl CurveExt for Ep

§

type ScalarExt = Fq

§

type Base = Fp

§

type AffineExt = EpAffine

§

const CURVE_ID: &'static str = "pallas"

§

impl CurveExt for Eq

§

type ScalarExt = Fp

§

type Base = Fq

§

type AffineExt = EqAffine

§

const CURVE_ID: &'static str = "vesta"