elliptic-curve 0.14.1

General purpose Elliptic Curve Cryptography (ECC) support, including traits and generic types for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof.
Documentation
//! Traits for elliptic curve points.

mod non_identity;

#[cfg(feature = "arithmetic")]
pub use self::non_identity::NonIdentity;
use crate::{Curve, FieldBytes};
use subtle::{Choice, CtOption};

#[cfg(feature = "arithmetic")]
use crate::CurveArithmetic;

/// Affine point type for a given curve with a [`CurveArithmetic`]
/// implementation.
#[cfg(feature = "arithmetic")]
pub type AffinePoint<C> = <C as CurveArithmetic>::AffinePoint;

/// Projective point type for a given curve with a [`CurveArithmetic`]
/// implementation.
#[cfg(feature = "arithmetic")]
pub type ProjectivePoint<C> = <C as CurveArithmetic>::ProjectivePoint;

/// Access to the affine coordinates of an elliptic curve point.
// TODO: use zkcrypto/group#30 coordinate API when available
pub trait AffineCoordinates: Sized {
    /// Field element representation with curve-specific serialization/endianness.
    type FieldRepr: AsRef<[u8]>;

    /// Creates an affine point from its coordinates.
    fn from_coordinates(x: &Self::FieldRepr, y: &Self::FieldRepr) -> CtOption<Self>;

    /// Get the affine x-coordinate as a serialized field element.
    fn x(&self) -> Self::FieldRepr;

    /// Get the affine y-coordinate as a serialized field element.
    fn y(&self) -> Self::FieldRepr;

    /// Is the affine x-coordinate odd?
    fn x_is_odd(&self) -> Choice;

    /// Is the affine y-coordinate odd?
    fn y_is_odd(&self) -> Choice;
}

/// Normalize point(s) in projective representation by converting them to their affine ones.
#[cfg(feature = "arithmetic")]
pub trait BatchNormalize<Points: ?Sized> {
    /// The output of the batch normalization; a container of affine points.
    type Output;

    /// Perform a batched conversion to affine representation on a sequence of projective points
    /// at an amortized cost that should be practically as efficient as a single conversion.
    /// Internally, implementors should rely upon `InvertBatch`.
    fn batch_normalize(points: &Points) -> Self::Output;

    /// Perform a batched conversion to affine representation on a sequence of projective points
    /// in variable-time.
    ///
    /// <div class="warning">
    /// <b>Security Warning</b>
    ///
    /// This should NOT be used on points which represent secrets!
    /// </b>
    fn batch_normalize_vartime(points: &Points) -> Self::Output {
        // Call the constant-time implementation by default
        Self::batch_normalize(points)
    }
}

/// Decompress an elliptic curve point.
///
/// Point decompression recovers an original curve point from its x-coordinate
/// and a boolean flag indicating whether or not the y-coordinate is odd.
pub trait DecompressPoint<C: Curve>: Sized {
    /// Attempt to decompress an elliptic curve point.
    fn decompress(x: &FieldBytes<C>, y_is_odd: Choice) -> CtOption<Self>;
}

/// Decompact an elliptic curve point from an x-coordinate.
///
/// Decompaction relies on properties of specially-generated keys but provides
/// a more compact representation than standard point compression.
pub trait DecompactPoint<C: Curve>: Sized {
    /// Attempt to decompact an elliptic curve point
    fn decompact(x: &FieldBytes<C>) -> CtOption<Self>;
}

/// Point compression settings.
pub trait PointCompression {
    /// Should point compression be applied by default?
    const COMPRESS_POINTS: bool;
}

/// Point compaction settings.
pub trait PointCompaction {
    /// Should point compaction be applied by default?
    const COMPACT_POINTS: bool;
}