Struct KummerPoint 

pub struct KummerPoint<F: FieldOps + Copy> {
    pub x: F,
    pub z: F,
}

A point on the Kummer line of a Montgomery curve, represented by (X : Z).

The affine x-coordinate is x = X / Z when Z ≠ 0. A conventional choice is:

• (1 : 0) for the identity image,
• (X : Z) with Z ≠ 0 for finite x-coordinates.

Fields

x: F

Projective x coordinate

z: F

Projective z coordinate

Implementations

impl<F: FieldOps> KummerPoint<F>

pub fn new(x: F, z: F) -> Self

Construct a projective x-line point (X : Z) without validation.

pub fn from_x(x: F) -> Self

Construct the finite x-line point corresponding to the affine x-coordinate x, i.e. (x : 1).

pub fn identity() -> Self

The image of the identity point on the Kummer line.

pub fn is_identity(&self) -> bool

Return true if this point is the image of identity.

pub fn to_x(&self) -> CtOption<F>

Attempt to recover the affine x-coordinate (succeeds when Z != 0).

impl<F: FieldOps + Copy> KummerPoint<F>

pub fn xdouble(&self, curve: &MontgomeryCurve<F>) -> Self

Point doubling on the Kummer line.

Given x(P) in projective form (X:Z), compute x([2]P).

pub fn xadd(&self, other: &Self, diff: &Self) -> Self

Differential addition. Given (in projective form (X:Z)):

• self = x(P),
• other = x(Q),
• diff = x(P - Q),

compute x(P + Q).

pub fn scalar_mul(&self, k: &[u64], curve: &MontgomeryCurve<F>) -> Self

Montgomery ladder for scalar multiplication.

Given an x-line point x(P) and a scalar k, compute x([k]P). The scalar k is given as a slice of u64 limbs in little-endian order (same convention as FieldOps::pow).

Trait Implementations

impl<F: Clone + FieldOps + Copy> Clone for KummerPoint<F>

fn clone(&self) -> KummerPoint<F>

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<F> ConditionallySelectable for KummerPoint<F>

where F: FieldOps + Copy,

fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self

Select a or b according to choice.

fn conditional_assign(&mut self, other: &Self, choice: Choice)

Conditionally assign other to self, according to choice.

fn conditional_swap(a: &mut Self, b: &mut Self, choice: Choice)

Conditionally swap self and other if choice == 1; otherwise, reassign both unto themselves.

impl<F> ConstantTimeEq for KummerPoint<F>

where F: FieldOps + Copy + ConstantTimeEq,

fn ct_eq(&self, other: &Self) -> Choice

Constant-time projective equality test on the Kummer line.

X1 Z2  ?=  X2 Z1

fn ct_ne(&self, other: &Self) -> Choice

Determine if two items are NOT equal.

impl<F: Debug + FieldOps + Copy> Debug for KummerPoint<F>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<F> Display for KummerPoint<F>

where F: FieldOps + Copy + Display,

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<F> PartialEq for KummerPoint<F>

where F: FieldOps + ConstantTimeEq,

fn eq(&self, other: &Self) -> bool

Equality of projective x-line points.

A standard criterion is cross-multiplication:

X1 Z2 = X2 Z1.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<F> PointOps for KummerPoint<F>

where F: FieldOps + Copy,

fn identity(_curve: &Self::Curve) -> Self

Return the identity image on the Kummer line.

fn is_identity(&self) -> bool

Return true if this is the identity image.

fn negate(&self, _curve: &Self::Curve) -> Self

Negation is trivial on the Kummer line because P and -P have the same image.

fn scalar_mul(&self, k: &[u64], curve: &Self::Curve) -> Self

Scalar multiplication is naturally implemented by the Montgomery ladder.

type BaseField = F

The base field $\mathbb{F}_{p^M}$

type Curve = MontgomeryCurve<F>

The elliptic curve we’re working on

impl<F: Copy + FieldOps + Copy> Copy for KummerPoint<F>

impl<F> Eq for KummerPoint<F>

where F: FieldOps + ConstantTimeEq,