Struct elastic_elgamal::group::Curve25519Subgroup

pub struct Curve25519Subgroup(_);

Prime-order subgroup of Curve25519 without any transforms performed for EC points.

Since the curve has cofactor 8, ElementOps::deserialize_element() implementation explicitly checks on deserializing each EC point that the point is torsion-free (belongs to the prime-order subgroup), which is moderately slow (takes ~0.1ms on a laptop).

Prefer using Ristretto if compatibility with other Curve25519 applications is not a concern. (If it is a concern, beware of [cofactor pitfalls]!)

Trait Implementations

impl Clone for Curve25519Subgroup

fn clone(&self) -> Curve25519Subgroup

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Curve25519Subgroup

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ElementOps for Curve25519Subgroup

type Element = EdwardsPoint

Element of the group. Arithmetic operations requested here (addition among elements and multiplication by a Scalar) must be constant-time.

const ELEMENT_SIZE: usize = 32usize

Byte size of a serialized Self::Element.

fn identity() -> Self::Element

Returns the identity of the group (aka point at infinity for EC groups).

fn is_identity(element: &Self::Element) -> bool

Checks if the specified element is the identity.

fn generator() -> Self::Element

Returns the agreed-upon generator of the group.

fn serialize_element(element: &Self::Element, buffer: &mut [u8])

Serializes element into the provided buffer, which is guaranteed to have length Self::ELEMENT_SIZE.

fn deserialize_element(buffer: &[u8]) -> Option<Self::Element>

Deserializes an element from buffer, which is guaranteed to have length Self::ELEMENT_SIZE. This method returns None if the buffer does not correspond to a representation of a valid scalar.

impl Group for Curve25519Subgroup

fn mul_generator(k: &Scalar) -> Self::Element

Multiplies the provided scalar by ElementOps::generator(). This operation must be constant-time.

fn vartime_mul_generator(k: &Scalar) -> Self::Element

Multiplies the provided scalar by ElementOps::generator(). Unlike Self::mul_generator(), this operation does not need to be constant-time; thus, it may employ additional optimizations.

fn multi_mul<'a, I, J>(scalars: I, elements: J) -> Self::Element where
    I: IntoIterator<Item = &'a Self::Scalar>,
    J: IntoIterator<Item = Self::Element>, 

Multiplies provided scalars by elements. This operation must be constant-time w.r.t. the given length of elements.

fn vartime_double_mul_generator(
    k: &Scalar,
    k_element: Self::Element,
    r: &Scalar
) -> Self::Element

Calculates k * k_element + r * G, where G is the group generator. This operation does not need to be constant-time.

fn vartime_multi_mul<'a, I, J>(scalars: I, elements: J) -> Self::Element where
    I: IntoIterator<Item = &'a Self::Scalar>,
    J: IntoIterator<Item = Self::Element>, 

Multiplies provided scalars by elements. Unlike Self::multi_mul(), this operation does not need to be constant-time; thus, it may employ additional optimizations.

impl Hash for Curve25519Subgroup

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H) where
    H: Hasher, 

Feeds a slice of this type into the given Hasher.

impl PartialEq<Curve25519Subgroup> for Curve25519Subgroup

fn eq(&self, other: &Curve25519Subgroup) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Curve25519Subgroup) -> bool

This method tests for !=.

impl ScalarOps for Curve25519Subgroup

type Scalar = Scalar

Scalar type. As per Group contract, scalars must form a prime field. Arithmetic operations on scalars requested here must be constant-time.

const SCALAR_SIZE: usize = 32usize

Byte size of a serialized Self::Scalar.

fn generate_scalar<R: CryptoRng + RngCore>(rng: &mut R) -> Self::Scalar

Generates a random scalar based on the provided CSPRNG. This operation must be constant-time.

fn scalar_from_random_bytes(source: RandomBytesProvider<'_>) -> Self::Scalar

Generates a scalar from a source of random bytes. This operation must be constant-time. The source is guaranteed to return any necessary number of bytes.

fn invert_scalar(scalar: Self::Scalar) -> Self::Scalar

Inverts the scalar, which is guaranteed to be non-zero. This operation does not need to be constant-time.

fn invert_scalars(scalars: &mut [Self::Scalar])

Inverts scalars in a batch. This operation does not need to be constant-time.

fn serialize_scalar(scalar: &Self::Scalar, buffer: &mut [u8])

Serializes the scalar into the provided buffer, which is guaranteed to have length Self::SCALAR_SIZE.

fn deserialize_scalar(buffer: &[u8]) -> Option<Self::Scalar>

Deserializes the scalar from buffer, which is guaranteed to have length Self::SCALAR_SIZE. This method returns None if the buffer does not correspond to a representation of a valid scalar.

impl Copy for Curve25519Subgroup

impl Eq for Curve25519Subgroup

impl StructuralEq for Curve25519Subgroup

impl StructuralPartialEq for Curve25519Subgroup