Struct CurveParams 

pub struct CurveParams {
    pub p: BigUint,
    pub a: BigUint,
    pub b: BigUint,
    pub n: BigUint,
    pub h: u64,
    pub gx: BigUint,
    pub gy: BigUint,
    pub coord_len: usize,
    /* private fields */
}

Parameters for a short-Weierstrass elliptic curve y² = x³ + ax + b (mod p).

All coordinates and coefficients are ordinary residues in [0, p). The two MontgomeryCtx fields are pre-built at construction and shared by every arithmetic operation on the curve.

A CurveParams value is relatively large (two Montgomery contexts plus six BigUints) but heap-allocated and cheap to clone once built.

Fields

p: BigUint

Field prime — all point coordinates are reduced modulo p.

a: BigUint

Curve coefficient a in F_p.

b: BigUint

Curve coefficient b in F_p.

n: BigUint

Prime order of the base-point subgroup.

h: u64

Cofactor h. For all named curves here h = 1.

gx: BigUint

x-coordinate of the standard base point G.

gy: BigUint

y-coordinate of the standard base point G.

coord_len: usize

Byte length of a field element: ⌈p.bits() / 8⌉.

Used for fixed-length point encoding; coordinates are zero-padded to this length so that every encoded coordinate has the same width.

Implementations

impl CurveParams

pub fn new( field_prime: BigUint, curve_a: BigUint, curve_b: BigUint, subgroup_order: BigUint, cofactor: u64, base_x: BigUint, base_y: BigUint, ) -> Option<Self>

Construct curve parameters from raw field values.

Returns None if the field prime p or subgroup order n is even, which would prevent building a Montgomery context. Well-formed cryptographic curves always have an odd prime field and odd prime order, so None indicates a programming error in the caller.

pub fn new_binary( modulus_poly: BigUint, degree: usize, curve_a: BigUint, curve_b: BigUint, subgroup_order: BigUint, cofactor: u64, base_point: (BigUint, BigUint), ) -> Option<Self>

Construct binary-curve parameters for a short-Weierstrass curve over GF(2^m): y² + xy = x³ + ax² + b.

• poly is the irreducible polynomial of degree degree, encoded as a BigUint bit-pattern.
• n must be an odd prime (the scalar-field Montgomery context requires this).

Returns None if n is even (which would indicate malformed curve parameters).

pub fn gf2m_degree(&self) -> Option<usize>

Return the field degree m if this is a binary-extension-field curve, or None for a prime-field curve.

pub fn base_point(&self) -> AffinePoint

The standard base point G = (Gx, Gy).

pub fn is_on_curve(&self, point: &AffinePoint) -> bool

Return true if point lies on this curve.

For prime-field curves verifies y² ≡ x³ + ax + b (mod p). For binary-field curves verifies y² + xy = x³ + ax² + b in GF(2^m). The point at infinity trivially passes.

pub fn negate(&self, point: &AffinePoint) -> AffinePoint

Negate a point.

Prime curves: (x, y) → (x, −y mod p). Binary curves: (x, y) → (x, x ⊕ y) (since −1 = 1 in GF(2)).

pub fn add(&self, p: &AffinePoint, q: &AffinePoint) -> AffinePoint

Add two affine curve points.

pub fn double(&self, p: &AffinePoint) -> AffinePoint

Double an affine curve point (2P).

pub fn scalar_mul(&self, point: &AffinePoint, k: &BigUint) -> AffinePoint

Scalar multiplication k·P.

Returns the point at infinity when k = 0 or P = ∞.

pub fn diffie_hellman( &self, private_scalar: &BigUint, public_point: &AffinePoint, ) -> AffinePoint

Compute the ECDH shared point d·Q.

In Diffie-Hellman, Alice holds private scalar d and receives Bob’s public point Q = d_B·G; the shared secret is the x-coordinate of d·Q = d·d_B·G.

pub fn random_scalar<R: Csprng>(&self, rng: &mut R) -> BigUint

Sample a uniform random scalar in [1, n).

This is the standard private-key range for ECDH and ECDSA. The scalar is sampled by rejection sampling over the n-bit range, which is the FIPS 186-5 recommended method.

Panics

Panics only if the curve order n is malformed (n <= 1), which would indicate a bug in the curve parameters.

pub fn generate_keypair<R: Csprng>(&self, rng: &mut R) -> (BigUint, AffinePoint)

Generate a random key pair (d, Q) where Q = d·G.

Returns (private_scalar, public_point).

Panics

Panics only if the curve parameters are malformed in a way that makes random_scalar fail.

pub fn scalar_invert(&self, k: &BigUint) -> Option<BigUint>

Compute k⁻¹ mod n (modular inverse of a scalar modulo the subgroup order).

Used in ECDSA signing. Returns None if k = 0 (which the caller must prevent; a zero nonce breaks ECDSA signing regardless).

pub fn encode_point(&self, point: &AffinePoint) -> Vec<u8>

Encode a point as an uncompressed SEC 1 byte string.

Format: 04 || x (coord_len bytes big-endian) || y (coord_len bytes big-endian).

The leading 04 tag is the SEC 1 v2.0 uncompressed-point identifier. The total length is 1 + 2·coord_len bytes. The point at infinity encodes as the single byte 00.

pub fn encode_point_compressed(&self, point: &AffinePoint) -> Vec<u8>

Encode a point in compressed SEC 1 form.

Prime curves: format 02 || x if y is even, 03 || x if y is odd. Binary curves: format 02 || x if LSB(y·x⁻¹) = 0, 03 || x otherwise (per FIPS 186-4 §4.3.6; falls back to 02 when x = 0).

The point at infinity encodes as 00.

Panics

Panics only if an internal binary-field invariant is violated after the explicit x = 0 guard, which would indicate a bug in the compression logic.

pub fn decode_point(&self, bytes: &[u8]) -> Option<AffinePoint>

Decode an uncompressed or compressed SEC 1 point.

Returns None for any of:

• wrong byte length for the tag,
• unrecognised tag byte,
• coordinates that fail the on-curve check,
• prime-field compressed encoding on a curve with p ≢ 3 (mod 4),
• binary-field compressed encoding with an invalid x-coordinate.

Trait Implementations

impl Clone for CurveParams

fn clone(&self) -> CurveParams

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CurveParams

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.