Expand description
This crate provides a pure Rust implementation of Curve448, Edwards, Decaf, and Ristretto. It is intended to be portable, fast, and safe.
§Usage
use ed448_goldilocks_plus::{EdwardsPoint, CompressedEdwardsY, Scalar, elliptic_curve::hash2curve::ExpandMsgXof, sha3::Shake256};
use rand_core::OsRng;
let secret_key = Scalar::TWO;
let public_key = EdwardsPoint::GENERATOR * &secret_key;
assert_eq!(public_key, EdwardsPoint::GENERATOR + EdwardsPoint::GENERATOR);
let secret_key = Scalar::random(&mut OsRng);
let public_key = EdwardsPoint::GENERATOR * &secret_key;
let compressed_public_key = public_key.compress();
assert_eq!(compressed_public_key.to_bytes().len(), 57);
let hashed_scalar = Scalar::hash::<ExpandMsgXof<Shake256>>(b"test", b"edwards448_XOF:SHAKE256_ELL2_RO_");
let input = hex_literal::hex!("c8c6c8f584e0c25efdb6af5ad234583c56dedd7c33e0c893468e96740fa0cf7f1a560667da40b7bde340a39252e89262fcf707d1180fd43400");
let expected_scalar = Scalar::from_canonical_bytes(&input.into()).unwrap();
assert_eq!(hashed_scalar, expected_scalar);
let hashed_point = EdwardsPoint::hash::<ExpandMsgXof<Shake256>>(b"test", b"edwards448_XOF:SHAKE256_ELL2_RO_");
let expected = hex_literal::hex!("d15c4427b5c5611a53593c2be611fd3635b90272d331c7e6721ad3735e95dd8b9821f8e4e27501ce01aa3c913114052dce2e91e8ca050f4980");
let expected_point = CompressedEdwardsY(expected).decompress().unwrap();
assert_eq!(hashed_point, expected_point);
let hashed_point = EdwardsPoint::hash_with_defaults(b"test");
assert_eq!(hashed_point, expected_point);
EdwardsPoint
implements the elliptic_curve::Group
and elliptic_curve::group::GroupEncoding
and Scalar
implements elliptic_curve::Field
and elliptic_curve::PrimeField
traits.
Re-exports§
pub use elliptic_curve;
pub use rand_core;
pub use sha3;
pub use subtle;
Structs§
- Affine point on untwisted curve
- A compressed decaf point
- Represents a point on the Compressed Twisted Edwards Curve in little endian format where the most significant bit is the sign bit and the remaining 448 bits represent the y-coordinate
- Decaf448 curve.
- Affine point on the twisted curve
- Edwards448 curve.
- Represent points on the (untwisted) edwards curve using Extended Homogenous Projective Co-ordinates (x, y) -> (X/Z, Y/Z, Z, T) a = 1, d = -39081 XXX: Make this more descriptive Should this be renamed to EdwardsPoint so that we are consistent with Dalek crypto? Necessary as ExtendedPoint is not regular lingo?
- This is the scalar field size = 4q = 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d We can therefore use 14 saturated 32-bit limbs
Constants§
Type Aliases§
- Bytes of the Decaf448 field
- Non-zero scalar of the Decaf448 scalar
- Scalar bits of the Decaf448 scalar
- Bytes of the Ed448 field
- Non-zero scalar of the Ed448 scalar
- Scalar bits of the Ed448 scalar
- The number of bytes needed to represent the scalar field
- The number of bytes needed to represent the safely create a scalar from a random bytes