Expand description
This crate provides a pure Rust implementation of Curve448, Edwards, Decaf, and Ristretto. It is intended to be portable, fast, and safe.
§Usage
use ed448_goldilocks_plus::{EdwardsPoint, CompressedEdwardsY, Scalar, elliptic_curve::hash2curve::ExpandMsgXof, sha3::Shake256};
use rand_core::OsRng;
let secret_key = Scalar::TWO;
let public_key = EdwardsPoint::GENERATOR * &secret_key;
assert_eq!(public_key, EdwardsPoint::GENERATOR + EdwardsPoint::GENERATOR);
let secret_key = Scalar::random(&mut OsRng);
let public_key = EdwardsPoint::GENERATOR * &secret_key;
let compressed_public_key = public_key.compress();
assert_eq!(compressed_public_key.to_bytes().len(), 57);
let hashed_scalar = Scalar::hash::<ExpandMsgXof<Shake256>>(b"test", b"edwards448_XOF:SHAKE256_ELL2_RO_");
let input = hex_literal::hex!("c8c6c8f584e0c25efdb6af5ad234583c56dedd7c33e0c893468e96740fa0cf7f1a560667da40b7bde340a39252e89262fcf707d1180fd43400");
let expected_scalar = Scalar::from_canonical_bytes(&input.into()).unwrap();
assert_eq!(hashed_scalar, expected_scalar);
let hashed_point = EdwardsPoint::hash::<ExpandMsgXof<Shake256>>(b"test", b"edwards448_XOF:SHAKE256_ELL2_RO_");
let expected = hex_literal::hex!("d15c4427b5c5611a53593c2be611fd3635b90272d331c7e6721ad3735e95dd8b9821f8e4e27501ce01aa3c913114052dce2e91e8ca050f4980");
let expected_point = CompressedEdwardsY(expected).decompress().unwrap();
assert_eq!(hashed_point, expected_point);
let hashed_point = EdwardsPoint::hash_with_defaults(b"test");
assert_eq!(hashed_point, expected_point);EdwardsPoint implements the elliptic_curve::Group and elliptic_curve::group::GroupEncoding
and Scalar implements elliptic_curve::Field and elliptic_curve::PrimeField traits.
Re-exports§
pub use elliptic_curve;pub use rand_core;pub use sha3;pub use subtle;pub use crypto_signature;pub use pkcs8;
Structs§
- Affine
Point - Affine point on untwisted curve
- Compressed
Decaf - A compressed decaf point
- Compressed
EdwardsY - Represents a point on the Compressed Twisted Edwards Curve in little endian format where the most significant bit is the sign bit and the remaining 448 bits represent the y-coordinate
- Compressed
Ristretto - Compressed Ristretto point.
- Context
signing - Ed448 contexts as used by Ed448ph.
- Decaf448
- Decaf448 curve.
- Decaf
Affine Point - Affine point on the twisted curve
- Decaf
Point - A Decaf point in the Twisted Edwards curve
- Ed448
- Edwards448 curve.
- Edwards
Point - Represent points on the (untwisted) edwards curve using Extended Homogenous Projective Co-ordinates (x, y) -> (X/Z, Y/Z, Z, T) a = 1, d = -39081 XXX: Make this more descriptive Should this be renamed to EdwardsPoint so that we are consistent with Dalek crypto? Necessary as ExtendedPoint is not regular lingo?
- Keypair
Bytes signingandpkcs8 - Keypair bytes for Ed448
- Montgomery
Point - A point in Montgomery form
- PreHasher
Xmd signing - Signing pre-hasher for Ed448ph with a fixed output size
- PreHasher
Xof signing - Signing pre-hasher for Ed448ph with a xof output
- Projective
Montgomery Point - A Projective point in Montgomery form
- Public
KeyBytes signingandpkcs8 - This type is primarily useful for decoding/encoding SPKI public key files (either DER or PEM)
- Ristretto
Point - Ristretto point.
- Scalar
- This is the scalar field size = 4q = 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d We can therefore use 14 saturated 32-bit limbs
- Signature
signing - Ed448 signature as defined in [RFC8032 § 5.2.5]
- Signing
Key signing - Signing key for Ed448
- Verifying
Key signing - Ed448 public key as defined in [RFC8032 § 5.2.5]
Enums§
- Signing
Error signing - Signing errors
Constants§
- ALGORITHM_
ID signingandpkcs8 - The
AlgorithmIdentifierfor Ed448 as defined in [RFC8410 §2] - ALGORITHM_
OID signingandpkcs8 - The OID for Ed448 as defined in [RFC8410 §2]
- MODULUS_
LIMBS - The modulus of the scalar field as a sequence of 14 32-bit limbs
- ORDER
- The order of the scalar field
- PUBLIC_
KEY_ LENGTH signing - Length of a public key in bytes
- SECRET_
KEY_ LENGTH signing - Length of a secret key in bytes
- SIGNATURE_
LENGTH signing - Length of a signature in bytes
- WIDE_
ORDER - The wide order of the scalar field
Traits§
- PreHash
signing - Signing hash trait for Ed448ph
Type Aliases§
- Decaf448
Field Bytes - Bytes of the Decaf448 field
- Decaf448
NonZero Scalar - Non-zero scalar of the Decaf448 scalar
- Decaf448
Scalar Bits - Scalar bits of the Decaf448 scalar
- Ed448
Field Bytes - Bytes of the Ed448 field
- Ed448
NonZero Scalar - Non-zero scalar of the Ed448 scalar
- Ed448
Scalar Bits - Scalar bits of the Ed448 scalar
- Scalar
Bytes - The number of bytes needed to represent the scalar field
- Secret
Key signing - Ed448 secret key as defined in [RFC8032 § 5.2.5]
- Wide
Scalar Bytes - The number of bytes needed to represent the safely create a scalar from a random bytes