curveforge 0.3.0

Optimised, secure, and generalised algorithms for elliptic curve arithmetic
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

//! Implementations of the rtr curves.
//!
//! These curves are designed to embed the NIST P-256 and P-384 curves. Specifically, this module
//! provides:
//! * [DOrtr256a] and [DOrtr256c], double-odd curves embedding NIST P-256.
//!   The former has a small $a$ constant, while the latter has a small $a^2-4b$ constant.
//! * [DOrtr384a] and [DOrtr384c], double-odd curves embedding NIST P-384.
//!   Same note as above regarding the constants.
//! * [SWrtr256] and [SWrtr384], short Weierstrass curves birationally
//!   equivalent to the above double-odd curves.

use crate::models::double_odd::*;
use crate::models::short_weierstrass::*;
use crate::prelude::*;

// TODO: add reference to paper

elliptic_curve! {
    [attributes]
    name = SWrtr256
    model = ShortWeierstrass

    field_size = 0x1fffffffe00000001ffffffffffffffff1eb1966f360542db00e94d45be2a7c47
    group_size = 0x0ffffffff00000001000000000000000000000000ffffffffffffffffffffffff

    generator = (1,
                 114165705840197728083464924859967599769682147081469689541137150115956467348767,
                 1)
    identity = (0x0, 0x1, 0x0)

    [constants]
    a = 26
    b = 28880095863165008888393613830468719547927605665533599206387487459874023114262
}

elliptic_curve! {
    [attributes]
    name = DOrtr256a
    model = DoubleOdd

    field_size = 0x1fffffffe00000001ffffffffffffffff1eb1966f360542db00e94d45be2a7c47
    group_size = 0x0ffffffff00000001000000000000000000000000ffffffffffffffffffffffff

    generator = (58648740995584267839764227395309417201281428358956322342058582274507236455718,
                 1,
                 1,
                 1)
    identity = (1, 1, 0, 0)

    [constants]
    a = 1
    b = 15351982821052165536023819805406831880448831953558516541185795256070283739117

    [properties]
    elligator_z = 23
}

elliptic_curve! {
    [attributes]
    name = DOrtr256c
    model = DoubleOdd

    field_size = 0x1fffffffe00000001ffffffffffffffff1eb1966f360542db00e94d45be2a7c47
    group_size = 0x0ffffffff00000001000000000000000000000000ffffffffffffffffffffffff

    generator = (12293611918679890470111869346858119117168403225620402032420410269301231816722,
                 1,
                 1,
                 1)
    identity = (1, 1, 0, 0)

    [constants]
    a = 10235671802036023468039884723187492222702884943751260739557154928387917946364
    b = 227847763829967088882661869097555066190300565657074152628985017841518898863779

    [properties]
    elligator_z = 23
}

elliptic_curve! {
    [attributes]
    name = SWrtr384
    model = ShortWeierstrass

    field_size = 0x1fffffffffffffffffffffffffffffffffffffffffffffffdf8030d48c0284b22aa360e4bda0ba58f359a7fff5c2ccc5d
    group_size = 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff

    generator = (1,
                 3973861370176544726124479880674785439584661605791686636927809635591598894333509319937239406508149268386837279841759,
                 1)
    identity = (0x0, 0x1, 0x0)

    [constants]
    a = 8
    b = 14745578018780352760745477760298522365413307416857261535898959067305304260505172292116506690972067556809500795498840
}

elliptic_curve! {
    [attributes]
    name = DOrtr384a
    model = DoubleOdd

    field_size = 0x1fffffffffffffffffffffffffffffffffffffffffffffffdf8030d48c0284b22aa360e4bda0ba58f359a7fff5c2ccc5d
    group_size = 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff

    generator = (9557170541177444756444706369000125059809985949666049410255273305093102612714708157561425657823549838924458727668091,
                 1,
                 2,
                 4)
    identity = (1, 1, 0, 0)

    [constants]
    a = 1
    b = 2012011627847588061269851377757138426194109697717291135253887070701977692783493307798510542356327609603526867186068

    [properties]
    elligator_z = 2
}

elliptic_curve! {
    [attributes]
    name = DOrtr384c
    model = DoubleOdd

    field_size = 0x1fffffffffffffffffffffffffffffffffffffffffffffffdf8030d48c0284b22aa360e4bda0ba58f359a7fff5c2ccc5d
    group_size = 0x0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff

    generator = (26030906573566820575924792251696889251849955686677128591985792443718598601588909760329073838051531329794756583159387,
                 1,
                 3,
                 9)
    identity = (1, 1, 0, 0)

    [constants]
    a = 21885735713080095546028464691616014189256017717732983814642830762893521563989714543584707204059990012387033811442248
    b = 67567408601836460989417221723538297998423766743243777019588623992534454309360066649817783496293852632141705274699727

    [properties]
    elligator_z = 2
}