Struct curve25519_dalek::edwards::ProjectivePoint

pub struct ProjectivePoint { /* fields omitted */ }

A ProjectivePoint is a point on the curve in 𝗣²(𝔽ₚ). A point (x,y) in the affine model corresponds to (x:y:1).

Methods

impl ProjectivePoint

fn to_extended(&self) -> ExtendedPoint

Convert to the extended twisted Edwards representation of this point.

From §3 in [0]:

Given (X:Y:Z) in Ɛ, passing to Ɛₑ can be performed in 3M+1S by computing (XZ,YZ,XY,Z²). (Note that in that paper, points are (X:Y:T:Z) so this really does match the code below).

fn compress(&self) -> CompressedEdwardsY

Convert this point to a CompressedEdwardsY

fn to_montgomery(&self) -> MontgomeryPoint

Convert this projective point in the Edwards model to its equivalent projective point on the Montgomery form of the curve.

Taking the Montgomery curve equation in affine coordinates:

    E_(A,B) = Bv² = u³ + Au² + u   (1)

and given its relations to the coordinates of the Edwards model:

    u = (1+y)/(1-y)        (2)     v = (λu)/(x)

Converting from affine to projective coordinates in the Montgomery model, we arrive at:

    u = (Z+Y)/(Z-Y)        (3)     v = λ * ((Z+Y)/(Z-Y)) * (Z/X)

The transition between affine and projective is given by

    u → U/W        (4)     v → V/W

thus the Montgomery curve equation (1) becomes

    E_(A,B) : BV²W = U³ + AU²W + UW² ⊆ 𝗣²  (5)

Here, again, to differentiate from points in the twisted Edwards model, we call the point (x,y) in affine coordinates (u,v) and similarly in projective space we use (U:V:W). However, since (as per Montgomery's original work) the v-coordinate is superfluous to the definition of the group law, we merely use (U:W).

Therefore, the direct translation between projective Montgomery points and projective twisted Edwards points is

    (U:W) = (Z+Y:Z-Y) (6)

Note, however, that there appears to be an exception where Z=Y, since—from equation 2—this would imply that y=1 (thus causing the denominator to be zero). If this is the case, then it follows from the twisted Edwards curve equation

    -x² + y² = 1 + dx²y² (7)

that

    -x² + 1 = 1 + dx²

and, assuming that d ≠ -1,

    -x² = x² x = 0

Therefore, the only valid point with y=1 is the twisted Edwards identity point, which correctly becomes (1:0), that is, the identity, in the Montgomery model.

impl ProjectivePoint

fn double(&self) -> CompletedPoint

Double this point: return self + self

Trait Implementations

impl Copy for ProjectivePoint

impl Clone for ProjectivePoint

fn clone(&self) -> ProjectivePoint

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Identity for ProjectivePoint

fn identity() -> ProjectivePoint

Returns the identity element of the curve. Can be used as a constructor.

impl ValidityCheck for ProjectivePoint

fn is_valid(&self) -> bool

Checks whether the point is on the curve. Not CT.

impl Debug for ProjectivePoint

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.