sp1_lib/
ed25519.rs

1use crate::{syscall_ed_add, utils::AffinePoint};
2
3/// The number of limbs in [Ed25519AffinePoint].
4pub const N: usize = 8;
5
6/// An affine point on the Ed25519 curve.
7#[derive(Copy, Clone)]
8#[repr(align(8))]
9pub struct Ed25519AffinePoint(pub [u64; N]);
10
11impl AffinePoint<N> for Ed25519AffinePoint {
12    /// The generator/base point for the Ed25519 curve. Reference: https://datatracker.ietf.org/doc/html/rfc7748#section-4.1
13    const GENERATOR: [u64; N] = [
14        13254768563189591678,
15        7223677240904510747,
16        11837459681205989215,
17        14107110925517789205,
18        3231187496542550688,
19        8386596743812984063,
20        16293584715996958308,
21        12755452578091664582,
22    ];
23
24    #[allow(deprecated)]
25    const GENERATOR_T: Self = Self(Self::GENERATOR);
26
27    fn new(limbs: [u64; N]) -> Self {
28        Self(limbs)
29    }
30
31    fn identity() -> Self {
32        Self::identity()
33    }
34
35    fn limbs_ref(&self) -> &[u64; N] {
36        &self.0
37    }
38
39    fn limbs_mut(&mut self) -> &mut [u64; N] {
40        &mut self.0
41    }
42
43    fn add_assign(&mut self, other: &Self) {
44        let a = self.limbs_mut();
45        let b = other.limbs_ref();
46        unsafe {
47            syscall_ed_add(a, b);
48        }
49    }
50
51    fn is_identity(&self) -> bool {
52        self.0 == Self::IDENTITY
53    }
54
55    /// In Edwards curves, doubling is the same as adding a point to itself.
56    fn double(&mut self) {
57        let a = self.limbs_mut();
58        unsafe {
59            syscall_ed_add(a, a);
60        }
61    }
62}
63
64impl Ed25519AffinePoint {
65    const IDENTITY: [u64; N] = [0, 0, 0, 0, 1, 0, 0, 0];
66
67    pub fn identity() -> Self {
68        Self(Self::IDENTITY)
69    }
70}
sp1_lib/ed25519.rs

sp1_lib/
ed25519.rs
