ecrust-ec 0.1.1

Elliptic-curve abstractions and point arithmetic for the ecrust ecosystem.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

//! Elliptic curve definition in Jacobi intersection form.
//!
//! # Equation
//!
//! $$
//! s^2 + c^2 = 1,
//! \quad
//! a s^2 + d^2 = 1
//! $$
//!
//! over a field $F$ with $\mathrm{char}(F) \ne 2$.
//!
//! The EFD records that this model is birationally equivalent to the Weierstrass
//! curve
//!
//! ```text
//! y² = x³ + (2-a)x² + (1-a)x.
//! ```
//!
use core::fmt;
use fp::field_ops::{FieldOps, FieldRandom};

use crate::curve_ops::Curve;
use crate::curve_weierstrass::WeierstrassCurve;
use crate::point_jacobi_intersection::JacobiIntersectionPoint;

/// A Jacobi-intersection curve.
///
/// With the equation
/// $$
/// s^2 + c^2 = 1,
/// \quad
/// a s^2 + d^2 = 1
/// $$
/// or
/// $$
/// y^2 = x^3 + (2 - a)x^2 + (1 - a)x.
/// $$
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct JacobiIntersectionCurve<F: FieldOps> {
    /// The variable a in the definition of the curve
    pub a: F,
}

impl<F> fmt::Display for JacobiIntersectionCurve<F>
where
    F: FieldOps + fmt::Display,
{
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        if f.alternate() {
            write!(
                f,
                "JacobiIntersectionCurve {{\n  s^2 + c^2 = 1\n  a s^2 + d^2 = 1\n  a = {}\n}}",
                self.a
            )
        } else {
            write!(f, "s^2 + c^2 = 1, {} s^2 + d^2 = 1", self.a)
        }
    }
}

impl<F: FieldOps + FieldRandom> JacobiIntersectionCurve<F> {
    /// Construct a Jacobi intersection from its parameter `a`.
    pub fn new(a: F) -> Self {
        assert!(
            F::characteristic()[0] != 2,
            "Jacobi intersections require char(F) != 2"
        );
        assert!(Self::is_smooth(&a), "singular Jacobi intersection");
        Self { a }
    }

    /// Smoothness requirement: `a != 0` and `a != 1`.
    pub fn is_smooth(a: &F) -> bool {
        *a != F::zero() && *a != F::one()
    }

    /// Check both defining quadrics.
    pub fn contains(&self, s: &F, c: &F, d: &F) -> bool {
        let s2 = <F as FieldOps>::square(s);
        let c2 = <F as FieldOps>::square(c);
        let d2 = <F as FieldOps>::square(d);

        s2 + c2 == F::one() && self.a * s2 + d2 == F::one()
    }

    /// Returns the corresponding invariant `a` (not the a-invariants
    /// of the Jacobian)
    pub fn a_invariants(&self) -> [F; 1] {
        [self.a]
    }

    /// Sample a random affine point on this Jacobi-intersection curve using the
    /// provided RNG.
    ///
    /// The method repeatedly samples `s` and then solves the defining quadrics
    /// for `c` and `d` by square-root extraction, returning a point
    /// `(s, c, d)` on the curve.
    pub fn random_point(&self, rng: &mut (impl rand::CryptoRng + rand::Rng)) -> JacobiIntersectionPoint<F> {
        loop {
            let s = F::random(rng);
            let s2 = <F as FieldOps>::square(&s);

            let c2 = F::one() - s2;
            let d2 = F::one() - self.a * s2;

            if let (Some(c), Some(d)) = (c2.sqrt().into_option(), d2.sqrt().into_option()) {
                let p = JacobiIntersectionPoint::new(s, c, d);
                debug_assert!(self.is_on_curve(&p));
                return p;
            }
        }
    }

    /// Birationally equivalent Weierstrass model
    /// $y^2 = x^3 + (2-a)x^2 + (1-a)x$.
    pub fn to_weierstrass_curve(&self) -> WeierstrassCurve<F> {
        let two = <F as FieldOps>::double(&F::one());
        WeierstrassCurve::new(
            F::zero(),
            two - self.a,
            F::zero(),
            F::one() - self.a,
            F::zero(),
        )
    }
}

impl<F: FieldOps + FieldRandom> Curve for JacobiIntersectionCurve<F> {
    type BaseField = F;
    type Point = JacobiIntersectionPoint<F>;

    fn is_on_curve(&self, point: &Self::Point) -> bool {
        self.contains(&point.s, &point.c, &point.d)
    }

    fn random_point(&self, rng: &mut (impl rand::CryptoRng + rand::Rng)) -> Self::Point {
        JacobiIntersectionCurve::random_point(self, rng)
    }

    fn j_invariant(&self) -> F {
        self.to_weierstrass_curve().j_invariant()
    }

    fn a_invariants(&self) -> Vec<Self::BaseField> {
        JacobiIntersectionCurve::a_invariants(self).to_vec()
    }
}