Skip to main content

protocol/
lib.rs

1//! Protocol layer for `ecrust`.
2//!
3//! This crate is meant to sit above the reusable finite-field (`fp`) and
4//! elliptic-curve (`ec`) crates and host protocol implementations.
5//!
6//! Current modules:
7//! - [`scalar`]   fixed-width secret scalars suitable for constant-time APIs
8//! - [`ecdh`]     elliptic-curve Diffie–Hellman key agreement
9//! - [`elgamal`]  elliptic-curve ElGamal over group elements
10//!
11//! # Side-channel note
12//!
13//! The protocol layer uses a fixed-width scalar container together with the
14//! Montgomery-ladder API from `ec::point_ops::CtPointOps`, which keeps the
15//! scalar-processing path free of secret-dependent branches.
16//!
17//! That said, the current affine Weierstrass backend in `ec` still contains
18//! exceptional-case branching in point addition and doubling. So these
19//! protocols are a good constant-time-oriented structure to build on, but they
20//! should not yet be treated as production-grade hardened implementations.
21
22pub mod ecdh;
23pub mod elgamal;
24pub mod scalar;