Struct secp256kfun::Scalar
source[−]Expand description
A secp256k1 scalar (an integer mod the curve order)
The term scalar comes from interpreting the secp256k1 elliptic curve group
as a vector space with a point as a notional single element vector
and the field of integers modulo the curve order as its
scalars. Specifically, a Scalar
represents an integer modulo the curve
order q
where
q = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
The thing that makes secp256k1 and other elliptic curves useful for cryptography is that scalar multiplication can be done efficiently:
use secp256kfun::{g, Scalar, G};
let x = Scalar::random(&mut rand::thread_rng());
let X = g!(x * G);
But finding x
from (X,G)
is hard because there is no known efficient
algorithm to divide X
by G
to get x
. This is known as the elliptic
curve discrete logarithm problem. Because of this, scalars are often
used as a secret keys with the points obtained by multiplying them by G
as
their corresponding public keys.
Markers
A Scalar<S,Z>
has two markers:
S
: ASecrecy
to determine whether operations on this scalar should be done in constant time or not. By default scalars areSecret
so operations run in constant-time.Z
: AZeroChoice
to keep track of whether the point might be zero or is guaranteed to non-zero.
Implementations
Serializes the scalar to its 32-byte big-endian representation
Negates the scalar in-place if cond
is true.
Generates a random scalar from randomness taken from a caller provided cryptographically secure random number generator.
Example
use secp256kfun::{g, Scalar, G};
let secret_scalar = Scalar::random(&mut rand::thread_rng());
let public_point = g!(secret_scalar * G);
Converts the output of a 32-byte hash into a scalar by reducing it modulo the curve order.
Example
use digest::Digest;
use secp256kfun::Scalar;
let mut hash = sha2::Sha256::default();
hash.update(b"Chancellor on brink of second bailout for banks".as_ref());
let scalar = Scalar::from_hash(hash);
Converts a NonZeroU32
into a Scalar<Secret,NonZero>
.
Converts 32 bytes into a scalar by reducing it modulo the curve order q
.
Example
use secp256kfun::{hex, Scalar};
let scalar = Scalar::from_bytes_mod_order(*b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
assert_eq!(scalar.to_bytes(), *b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
let scalar_overflowed = Scalar::from_bytes_mod_order(
hex::decode_array("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364142")
.unwrap(),
);
assert_eq!(scalar_overflowed, Scalar::one())
Exactly like from_bytes_mod_order
except
it operates on a 32-byte slice rather than an array. If the slice is
not 32 bytes long then the function returns None
.
Example
let bytes = b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
assert!(Scalar::from_slice_mod_order(&bytes[..31]).is_none());
assert_eq!(
Scalar::from_slice_mod_order(&bytes[..]).unwrap(),
Scalar::from_bytes_mod_order(*bytes)
);
Creates a scalar from 32 big-endian encoded bytes. If the bytes
represent an integer greater than or equal to the curve order then it returns None
.
Example
use secp256kfun::{marker::*, Scalar};
assert!(Scalar::from_bytes([0u8; 32]).is_some());
assert!(Scalar::from_bytes([255u8; 32]).is_none());
Creates a scalar from 32 big-endian encoded bytes in a slice. If the
length of the slice is not 32 or the bytes represent an integer greater
than or equal to the curve order then it returns None
.
Converts a scalar marked with Zero
to one that is marked NonZero
.
You must provide a justification for this as the reason
.
If you’re wrong the method will panic with the reason.
This is shorthand for:
use secp256kfun::marker::{Mark, NonZero};
scalar.mark::<NonZero>().expect(reason);
Example
use secp256kfun::{s, Scalar};
let two = s!(1 + 1).expect_nonzero("one plus one is not zero");
Trait Implementations
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, NonZero>, Deser::Error>
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, NonZero>, Deser::Error>
Deserialize this value from the given Serde deserializer. Read more
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, Zero>, Deser::Error>
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, Zero>, Deser::Error>
Deserialize this value from the given Serde deserializer. Read more
Auto Trait Implementations
impl<S, Z> RefUnwindSafe for Scalar<S, Z> where
S: RefUnwindSafe,
Z: RefUnwindSafe,
impl<S, Z> UnwindSafe for Scalar<S, Z> where
S: UnwindSafe,
Z: UnwindSafe,
Blanket Implementations
Mutably borrows from an owned value. Read more
Marks item
with Self
.
Marks item
with Self
.
Returns a new instance of the invocant that will be marked with M
. Read more