pub enum CurveType {
Weierstrass {
a: FieldElement,
b: FieldElement,
},
Edwards {
a: FieldElement,
d: FieldElement,
},
}Expand description
Elliptic curve type enumeration defining supported curve models.
This enum represents the two main families of elliptic curves used in cryptography, each with different mathematical properties and performance characteristics. The choice of curve model affects implementation complexity, performance, and security properties.
§Mathematical Foundations
§Weierstrass Curves
Equation: y² = x³ + ax + b
Classic curve representation used by most standardized curves including:
- NIST P-curves (P-256, P-384, P-521)
- secp256k1 (Bitcoin curve)
- Brainpool curves
Properties:
- Point addition requires case analysis (doubling vs. addition)
- Point at infinity requires special handling
- More complex implementation but widely supported
§Edwards Curves
Equation: ax² + y² = 1 + dx²y² (twisted Edwards form)
Modern curve representation with better properties:
- Ed25519 (digital signatures)
- Curve25519 (key exchange)
- More recent standardized curves
Properties:
- Unified addition formulas (no special cases)
- Complete formulas (no exceptional points)
- Faster arithmetic, simpler implementation
- Better resistance to some implementation attacks
§Security Considerations
§Implementation Attacks
- Edwards curves: More resistant to timing attacks due to unified formulas
- Weierstrass curves: Require careful handling of point doubling cases
§Side-Channel Resistance
- Both models can be implemented with constant-time arithmetic
- Edwards curves have simpler control flow
- Choice affects cache access patterns and power consumption
§Performance Characteristics
§Addition Speed
- Edwards: Faster due to unified formulas
- Weierstrass: Slightly slower due to case analysis
§Implementation Complexity
- Edwards: Simpler code, fewer edge cases
- Weierstrass: More complex, more special cases
§Memory Usage
- Both models use similar memory for point operations
- Curve parameters (a,b,d) stored in enum variants
§Usage Examples
use clock_curve_math::field::elliptic_curve::CurveType;
// secp256k1 (Bitcoin curve)
let secp256k1 = CurveType::Weierstrass {
a: FieldElement::from_u64(0),
b: FieldElement::from_u64(7),
};
// Ed25519 curve
let ed25519 = CurveType::Edwards {
a: FieldElement::from_u64(0).sub(&FieldElement::from_u64(1)), // a = -1
d: /* computed d parameter */,
};§Conversion Between Models
Some curves can be represented in both forms:
- Curve25519: Can be converted between Montgomery and Edwards forms
- secp256k1: Weierstrass form only
- NIST P-256: Weierstrass form only
The enum prevents mixing operations between incompatible curve types.
Variants§
Weierstrass
Weierstrass curve model: y² = x³ + ax + b
The classical elliptic curve representation used by most standardized cryptographic curves. Point arithmetic uses chord-tangent formulas with special cases for point doubling.
§Parameters
a: Linear coefficient in the curve equationb: Constant term in the curve equation
§Examples
- secp256k1: a=0, b=7
- NIST P-256: a=-3, b=constant
Fields
a: FieldElementCoefficient ‘a’ in the curve equation y² = x³ + ax + b
b: FieldElementCoefficient ‘b’ in the curve equation y² = x³ + ax + b
Edwards
Edwards curve model: ax² + y² = 1 + dx²y²
Modern elliptic curve representation with unified addition formulas that work for all point combinations without special cases. Provides better performance and security properties than Weierstrass curves.
§Parameters
a: Coefficient in the x² termd: Coefficient in the x²y² term
§Examples
- Ed25519: a=-1, d=specific constant
- Curve25519: a=constant, d=constant
Fields
a: FieldElementCoefficient ‘a’ in the Edwards equation ax² + y² = 1 + dx²y²
d: FieldElementCoefficient ‘d’ in the Edwards equation ax² + y² = 1 + dx²y²