Struct secp256kfun::Scalar

source[]
pub struct Scalar<S = Secret, Z = NonZero>(_, _);
Expand description

A secp256k1 scalar (an integer mod the curve order)

The term scalar comes from interpreting the secp256k1 elliptic curve group as a vector space with a point as a notional single element vector and the field of integers modulo the curve order as its scalars. Specifically, a Scalar represents an integer modulo the curve order q where

q = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141

The thing that makes secp256k1 and other elliptic curves useful for cryptography is that scalar multiplication can be done efficiently:

use secp256kfun::{g, Scalar, G};
let x = Scalar::random(&mut rand::thread_rng());
let X = g!(x * G);

But finding x from (X,G) is hard because there is no known efficient algorithm to divide X by G to get x. This is known as the elliptic curve discrete logarithm problem. Because of this, scalars are often used as a secret keys with the points obtained by multiplying them by G as their corresponding public keys.

Markers

A Scalar<S,Z> has two markers:

  • S: A Secrecy to determine whether operations on this scalar should be done in constant time or not. By default scalars are Secret so operations run in constant-time.
  • Z: A ZeroChoice to keep track of whether the point might be zero or is guaranteed to non-zero.

Implementations

Serializes the scalar to its 32-byte big-endian representation

Negates the scalar in-place if cond is true.

Returns whether the scalar is greater than the curve_order/2.

Returns true if the scalar is equal to zero

A hack that is necessary when writing deserialization code until rust issue #44491 is fixed. Don’t use this method use mark which checks the type is a valid secrecy.

Returns the multiplicative inverse of the scalar modulo the curve order.

Example
use secp256kfun::{s, Scalar};
let a = Scalar::random(&mut rand::thread_rng());
let a_inverse = a.invert();
assert_eq!(s!(a * a_inverse), Scalar::one());

Generates a random scalar from randomness taken from a caller provided cryptographically secure random number generator.

Example
use secp256kfun::{g, Scalar, G};
let secret_scalar = Scalar::random(&mut rand::thread_rng());
let public_point = g!(secret_scalar * G);

Converts the output of a 32-byte hash into a scalar by reducing it modulo the curve order.

Example
use digest::Digest;
use secp256kfun::Scalar;
let mut hash = sha2::Sha256::default();
hash.update(b"Chancellor on brink of second bailout for banks".as_ref());
let scalar = Scalar::from_hash(hash);

Converts a NonZeroU32 into a Scalar<Secret,NonZero>.

Returns the integer 1 as a Scalar<Secret, NonZero>.

Returns the integer -1 (modulo the curve order) as a Scalar<Secret, NonZero>.

Converts 32 bytes into a scalar by reducing it modulo the curve order q.

Example
use secp256kfun::{hex, Scalar};
let scalar = Scalar::from_bytes_mod_order(*b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
assert_eq!(scalar.to_bytes(), *b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
let scalar_overflowed = Scalar::from_bytes_mod_order(
    hex::decode_array("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364142")
        .unwrap(),
);
assert_eq!(scalar_overflowed, Scalar::one())

Exactly like from_bytes_mod_order except it operates on a 32-byte slice rather than an array. If the slice is not 32 bytes long then the function returns None.

Example
let bytes = b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
assert!(Scalar::from_slice_mod_order(&bytes[..31]).is_none());
assert_eq!(
    Scalar::from_slice_mod_order(&bytes[..]).unwrap(),
    Scalar::from_bytes_mod_order(*bytes)
);

Creates a scalar from 32 big-endian encoded bytes. If the bytes represent an integer greater than or equal to the curve order then it returns None.

Example
use secp256kfun::{marker::*, Scalar};
assert!(Scalar::from_bytes([0u8; 32]).is_some());
assert!(Scalar::from_bytes([255u8; 32]).is_none());

Creates a scalar from 32 big-endian encoded bytes in a slice. If the length of the slice is not 32 or the bytes represent an integer greater than or equal to the curve order then it returns None.

Returns the zero scalar.

Example
let x = Scalar::random(&mut rand::thread_rng());
let zero = Scalar::zero();
assert_eq!(s!(zero * x), zero);
assert_eq!(s!(x + zero), x);

Converts a scalar marked with Zero to one that is marked NonZero. You must provide a justification for this as the reason. If you’re wrong the method will panic with the reason.

This is shorthand for:

use secp256kfun::marker::{Mark, NonZero};
scalar.mark::<NonZero>().expect(reason);
Example
use secp256kfun::{s, Scalar};
let two = s!(1 + 1).expect_nonzero("one plus one is not zero");

Trait Implementations

The result type of marking T with Self

Marks item with Self.

The result type of marking T with Self

Marks item with Self.

The result type of marking T with Self

Marks item with Self.

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the type as hex and any markers on the type.

Returns the “default value” for a type. Read more

Returns the “default value” for a type. Read more

Deserialize this value from the given Serde deserializer. Read more

Deserialize this value from the given Serde deserializer. Read more

Displays as hex.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Parses the string as hex and interprets tries to convert the resulting byte array into the desired value.

The associated error which can be returned from parsing.

Parses the string as hex and interprets tries to convert the resulting byte array into the desired value.

The associated error which can be returned from parsing.

Feeds this value into the given Hasher. Read more

Feeds a slice of this type into the given Hasher. Read more

Asks the item to convert itself to bytes and add itself to hash.

The resulting type after applying the - operator.

Performs the unary - operation. Read more

The resulting type after applying the - operator.

Performs the unary - operation. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

The result type of marking T with Self

Marks item with Self.

The result type of marking T with Self

Marks item with Self.

Performs the conversion.

Performs the conversion.

Returns a new instance of the invocant that will be marked with M. Read more

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

Converts the given value to a String. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.