Struct confidential_identity_v1::Scalar

pub struct Scalar { /* private fields */ }

The Scalar struct holds an integer \(s < 2^{255} \) which represents an element of \(\mathbb Z / \ell\).

Implementations

impl Scalar

pub fn from_bytes_mod_order(bytes: [u8; 32]) -> Scalar

Construct a Scalar by reducing a 256-bit little-endian integer modulo the group order \( \ell \).

pub fn from_bytes_mod_order_wide(input: &[u8; 64]) -> Scalar

Construct a Scalar by reducing a 512-bit little-endian integer modulo the group order \( \ell \).

pub fn from_canonical_bytes(bytes: [u8; 32]) -> Option<Scalar>

Attempt to construct a Scalar from a canonical byte representation.

Return

• Some(s), where s is the Scalar corresponding to bytes, if bytes is a canonical byte representation;
• None if bytes is not a canonical byte representation.

pub const fn from_bits(bytes: [u8; 32]) -> Scalar

Construct a Scalar from the low 255 bits of a 256-bit integer.

This function is intended for applications like X25519 which require specific bit-patterns when performing scalar multiplication.

impl Scalar

pub fn random<R>(rng: &mut R) -> Scalarwhere R: RngCore + CryptoRng,

Return a Scalar chosen uniformly at random using a user-provided RNG.

Inputs

• rng: any RNG which implements the RngCore + CryptoRng interface.

Returns

A random scalar within ℤ/lℤ.

Example

extern crate rand_core;
use curve25519_dalek_ng::scalar::Scalar;

use rand_core::OsRng;

let mut csprng = OsRng;
let a: Scalar = Scalar::random(&mut csprng);

pub fn hash_from_bytes<D>(input: &[u8]) -> Scalarwhere D: Digest<OutputSize = UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>> + Default,

Hash a slice of bytes into a scalar.

Takes a type parameter D, which is any Digest producing 64 bytes (512 bits) of output.

Convenience wrapper around from_hash.

Example

extern crate sha2;

use sha2::Sha512;

let msg = "To really appreciate architecture, you may even need to commit a murder";
let s = Scalar::hash_from_bytes::<Sha512>(msg.as_bytes());

pub fn from_hash<D>(hash: D) -> Scalarwhere D: Digest<OutputSize = UInt<UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, B0>>,

Construct a scalar from an existing Digest instance.

Use this instead of hash_from_bytes if it is more convenient to stream data into the Digest than to pass a single byte slice.

Example

extern crate sha2;

use sha2::Digest;
use sha2::Sha512;

let mut h = Sha512::new()
    .chain("To really appreciate architecture, you may even need to commit a murder.")
    .chain("While the programs used for The Manhattan Transcripts are of the most extreme")
    .chain("nature, they also parallel the most common formula plot: the archetype of")
    .chain("murder. Other phantasms were occasionally used to underline the fact that")
    .chain("perhaps all architecture, rather than being about functional standards, is")
    .chain("about love and death.");

let s = Scalar::from_hash(h);

println!("{:?}", s.to_bytes());
assert!(s == Scalar::from_bits([ 21,  88, 208, 252,  63, 122, 210, 152,
                                154,  38,  15,  23,  16, 167,  80, 150,
                                192, 221,  77, 226,  62,  25, 224, 148,
                                239,  48, 176,  10, 185,  69, 168,  11, ]));

pub fn to_bytes(&self) -> [u8; 32]

Convert this Scalar to its underlying sequence of bytes.

Example

use curve25519_dalek_ng::scalar::Scalar;

let s: Scalar = Scalar::zero();

assert!(s.to_bytes() == [0u8; 32]);

pub fn as_bytes(&self) -> &[u8; 32]

View the little-endian byte encoding of the integer representing this Scalar.

Example

use curve25519_dalek_ng::scalar::Scalar;

let s: Scalar = Scalar::zero();

assert!(s.as_bytes() == &[0u8; 32]);

pub fn zero() -> Scalar

Construct the scalar \( 0 \).

pub fn one() -> Scalar

Construct the scalar \( 1 \).

pub fn invert(&self) -> Scalar

Given a nonzero Scalar, compute its multiplicative inverse.

Warning

self MUST be nonzero. If you cannot prove that this is the case, you SHOULD NOT USE THIS FUNCTION.

Returns

The multiplicative inverse of the this Scalar.

Example

use curve25519_dalek_ng::scalar::Scalar;

// x = 2238329342913194256032495932344128051776374960164957527413114840482143558222
let X: Scalar = Scalar::from_bytes_mod_order([
        0x4e, 0x5a, 0xb4, 0x34, 0x5d, 0x47, 0x08, 0x84,
        0x59, 0x13, 0xb4, 0x64, 0x1b, 0xc2, 0x7d, 0x52,
        0x52, 0xa5, 0x85, 0x10, 0x1b, 0xcc, 0x42, 0x44,
        0xd4, 0x49, 0xf4, 0xa8, 0x79, 0xd9, 0xf2, 0x04,
    ]);
// 1/x = 6859937278830797291664592131120606308688036382723378951768035303146619657244
let XINV: Scalar = Scalar::from_bytes_mod_order([
        0x1c, 0xdc, 0x17, 0xfc, 0xe0, 0xe9, 0xa5, 0xbb,
        0xd9, 0x24, 0x7e, 0x56, 0xbb, 0x01, 0x63, 0x47,
        0xbb, 0xba, 0x31, 0xed, 0xd5, 0xa9, 0xbb, 0x96,
        0xd5, 0x0b, 0xcd, 0x7a, 0x3f, 0x96, 0x2a, 0x0f,
    ]);

let inv_X: Scalar = X.invert();
assert!(XINV == inv_X);
let should_be_one: Scalar = &inv_X * &X;
assert!(should_be_one == Scalar::one());

pub fn batch_invert(inputs: &mut [Scalar]) -> Scalar

Given a slice of nonzero (possibly secret) Scalars, compute their inverses in a batch.

Return

Each element of inputs is replaced by its inverse.

The product of all inverses is returned.

Warning

All input Scalars MUST be nonzero. If you cannot prove that this is the case, you SHOULD NOT USE THIS FUNCTION.

Example

let mut scalars = [
    Scalar::from(3u64),
    Scalar::from(5u64),
    Scalar::from(7u64),
    Scalar::from(11u64),
];

let allinv = Scalar::batch_invert(&mut scalars);

assert_eq!(allinv, Scalar::from(3*5*7*11u64).invert());
assert_eq!(scalars[0], Scalar::from(3u64).invert());
assert_eq!(scalars[1], Scalar::from(5u64).invert());
assert_eq!(scalars[2], Scalar::from(7u64).invert());
assert_eq!(scalars[3], Scalar::from(11u64).invert());

pub fn reduce(&self) -> Scalar

Reduce this Scalar modulo \(\ell\).

pub fn is_canonical(&self) -> bool

Check whether this Scalar is the canonical representative mod \(\ell\).

This is intended for uses like input validation, where variable-time code is acceptable.

// 2^255 - 1, since `from_bits` clears the high bit
let _2_255_minus_1 = Scalar::from_bits([0xff;32]);
assert!(!_2_255_minus_1.is_canonical());

let reduced = _2_255_minus_1.reduce();
assert!(reduced.is_canonical());

Trait Implementations

impl<'a, 'b> Add<&'b Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the + operator.

fn add(self, _rhs: &'b Scalar) -> Scalar

Performs the + operation.

impl<'b> Add<&'b Scalar> for Scalar

type Output = Scalar

The resulting type after applying the + operator.

fn add(self, rhs: &'b Scalar) -> Scalar

Performs the + operation.

impl<'a> Add<Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the + operator.

fn add(self, rhs: Scalar) -> Scalar

Performs the + operation.

impl Add<Scalar> for Scalar

type Output = Scalar

The resulting type after applying the + operator.

fn add(self, rhs: Scalar) -> Scalar

Performs the + operation.

impl<'b> AddAssign<&'b Scalar> for Scalar

fn add_assign(&mut self, _rhs: &'b Scalar)

Performs the += operation.

impl AddAssign<Scalar> for Scalar

fn add_assign(&mut self, rhs: Scalar)

Performs the += operation.

impl Clone for Scalar

fn clone(&self) -> Scalar

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl ConditionallySelectable for Scalar

fn conditional_select(a: &Scalar, b: &Scalar, choice: Choice) -> Scalar

Select a or b according to choice.

fn conditional_assign(&mut self, other: &Self, choice: Choice)

Conditionally assign other to self, according to choice.

fn conditional_swap(a: &mut Self, b: &mut Self, choice: Choice)

Conditionally swap self and other if choice == 1; otherwise, reassign both unto themselves.

impl ConstantTimeEq for Scalar

fn ct_eq(&self, other: &Scalar) -> Choice

Determine if two items are equal.

impl Debug for Scalar

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Default for Scalar

fn default() -> Scalar

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for Scalar

fn deserialize<D>( deserializer: D ) -> Result<Scalar, <D as Deserializer<'de>>::Error>where D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl From<u128> for Scalar

fn from(x: u128) -> Scalar

Converts to this type from the input type.

impl From<u16> for Scalar

fn from(x: u16) -> Scalar

Converts to this type from the input type.

impl From<u32> for Scalar

fn from(x: u32) -> Scalar

Converts to this type from the input type.

impl From<u64> for Scalar

fn from(x: u64) -> Scalar

Construct a scalar from the given u64.

Inputs

An u64 to convert to a Scalar.

Returns

A Scalar corresponding to the input u64.

Example

use curve25519_dalek_ng::scalar::Scalar;

let fourtytwo = Scalar::from(42u64);
let six = Scalar::from(6u64);
let seven = Scalar::from(7u64);

assert!(fourtytwo == six * seven);

impl From<u8> for Scalar

fn from(x: u8) -> Scalar

Converts to this type from the input type.

impl Hash for Scalar

fn hash<__H>(&self, state: &mut __H)where __H: Hasher,

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl Index<usize> for Scalar

fn index(&self, _index: usize) -> &u8

Index the bytes of the representative for this Scalar. Mutation is not permitted.

type Output = u8

The returned type after indexing.

impl<'a, 'b> Mul<&'a EdwardsBasepointTable> for &'b Scalar

fn mul(self, basepoint_table: &'a EdwardsBasepointTable) -> EdwardsPoint

Construct an EdwardsPoint from a Scalar \(a\) by computing the multiple \(aB\) of this basepoint \(B\).

type Output = EdwardsPoint

The resulting type after applying the * operator.

impl<'a, 'b> Mul<&'a RistrettoBasepointTable> for &'b Scalar

type Output = RistrettoPoint

The resulting type after applying the * operator.

fn mul(self, basepoint_table: &'a RistrettoBasepointTable) -> RistrettoPoint

Performs the * operation.

impl<'a, 'b> Mul<&'b EdwardsPoint> for &'a Scalar

fn mul(self, point: &'b EdwardsPoint) -> EdwardsPoint

Scalar multiplication: compute scalar * self.

For scalar multiplication of a basepoint, EdwardsBasepointTable is approximately 4x faster.

type Output = EdwardsPoint

The resulting type after applying the * operator.

impl<'b> Mul<&'b EdwardsPoint> for Scalar

type Output = EdwardsPoint

The resulting type after applying the * operator.

fn mul(self, rhs: &'b EdwardsPoint) -> EdwardsPoint

Performs the * operation.

impl<'a, 'b> Mul<&'b MontgomeryPoint> for &'a Scalar

type Output = MontgomeryPoint

The resulting type after applying the * operator.

fn mul(self, point: &'b MontgomeryPoint) -> MontgomeryPoint

Performs the * operation.

impl<'b> Mul<&'b MontgomeryPoint> for Scalar

type Output = MontgomeryPoint

The resulting type after applying the * operator.

fn mul(self, rhs: &'b MontgomeryPoint) -> MontgomeryPoint

Performs the * operation.

impl<'a, 'b> Mul<&'b RistrettoPoint> for &'a Scalar

fn mul(self, point: &'b RistrettoPoint) -> RistrettoPoint

Scalar multiplication: compute self * scalar.

type Output = RistrettoPoint

The resulting type after applying the * operator.

impl<'b> Mul<&'b RistrettoPoint> for Scalar

type Output = RistrettoPoint

The resulting type after applying the * operator.

fn mul(self, rhs: &'b RistrettoPoint) -> RistrettoPoint

Performs the * operation.

impl<'a, 'b> Mul<&'b Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the * operator.

fn mul(self, _rhs: &'b Scalar) -> Scalar

Performs the * operation.

impl<'b> Mul<&'b Scalar> for Scalar

type Output = Scalar

The resulting type after applying the * operator.

fn mul(self, rhs: &'b Scalar) -> Scalar

Performs the * operation.

impl<'a> Mul<EdwardsPoint> for &'a Scalar

type Output = EdwardsPoint

The resulting type after applying the * operator.

fn mul(self, rhs: EdwardsPoint) -> EdwardsPoint

Performs the * operation.

impl Mul<EdwardsPoint> for Scalar

type Output = EdwardsPoint

The resulting type after applying the * operator.

fn mul(self, rhs: EdwardsPoint) -> EdwardsPoint

Performs the * operation.

impl<'a> Mul<MontgomeryPoint> for &'a Scalar

type Output = MontgomeryPoint

The resulting type after applying the * operator.

fn mul(self, rhs: MontgomeryPoint) -> MontgomeryPoint

Performs the * operation.

impl Mul<MontgomeryPoint> for Scalar

type Output = MontgomeryPoint

The resulting type after applying the * operator.

fn mul(self, rhs: MontgomeryPoint) -> MontgomeryPoint

Performs the * operation.

impl<'a> Mul<RistrettoPoint> for &'a Scalar

type Output = RistrettoPoint

The resulting type after applying the * operator.

fn mul(self, rhs: RistrettoPoint) -> RistrettoPoint

Performs the * operation.

impl Mul<RistrettoPoint> for Scalar

type Output = RistrettoPoint

The resulting type after applying the * operator.

fn mul(self, rhs: RistrettoPoint) -> RistrettoPoint

Performs the * operation.

impl<'a> Mul<Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the * operator.

fn mul(self, rhs: Scalar) -> Scalar

Performs the * operation.

impl Mul<Scalar> for Scalar

type Output = Scalar

The resulting type after applying the * operator.

fn mul(self, rhs: Scalar) -> Scalar

Performs the * operation.

impl<'b> MulAssign<&'b Scalar> for Scalar

fn mul_assign(&mut self, _rhs: &'b Scalar)

Performs the *= operation.

impl MulAssign<Scalar> for Scalar

fn mul_assign(&mut self, rhs: Scalar)

Performs the *= operation.

impl<'a> Neg for &'a Scalar

type Output = Scalar

The resulting type after applying the - operator.

fn neg(self) -> Scalar

Performs the unary - operation.

impl<'a> Neg for Scalar

type Output = Scalar

The resulting type after applying the - operator.

fn neg(self) -> Scalar

Performs the unary - operation.

impl PartialEq<Scalar> for Scalar

fn eq(&self, other: &Scalar) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<T> Product<T> for Scalarwhere T: Borrow<Scalar>,

fn product<I>(iter: I) -> Scalarwhere I: Iterator<Item = T>,

Method which takes an iterator and generates Self from the elements by multiplying the items.

impl Serialize for Scalar

fn serialize<S>( &self, serializer: S ) -> Result<<S as Serializer>::Ok, <S as Serializer>::Error>where S: Serializer,

Serialize this value into the given Serde serializer.

impl<'a, 'b> Sub<&'b Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the - operator.

fn sub(self, rhs: &'b Scalar) -> Scalar

Performs the - operation.

impl<'b> Sub<&'b Scalar> for Scalar

type Output = Scalar

The resulting type after applying the - operator.

fn sub(self, rhs: &'b Scalar) -> Scalar

Performs the - operation.

impl<'a> Sub<Scalar> for &'a Scalar

type Output = Scalar

The resulting type after applying the - operator.

fn sub(self, rhs: Scalar) -> Scalar

Performs the - operation.

impl Sub<Scalar> for Scalar

type Output = Scalar

The resulting type after applying the - operator.

fn sub(self, rhs: Scalar) -> Scalar

Performs the - operation.

impl<'b> SubAssign<&'b Scalar> for Scalar

fn sub_assign(&mut self, _rhs: &'b Scalar)

Performs the -= operation.

impl SubAssign<Scalar> for Scalar

fn sub_assign(&mut self, rhs: Scalar)

Performs the -= operation.

impl<T> Sum<T> for Scalarwhere T: Borrow<Scalar>,

fn sum<I>(iter: I) -> Scalarwhere I: Iterator<Item = T>,

Method which takes an iterator and generates Self from the elements by “summing up” the items.

impl Zeroize for Scalar

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

impl Copy for Scalar

impl Eq for Scalar