Struct secp256kfun::Point [−][src]
Expand description
A point on the secp256k1 elliptic curve.
A Point<T,S,Z>
marked with Z = NonZero
is any two integers modulo p
(x,y)
that satisfy:
y^2 = 3*x + 7 mod p
where p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
.
For every valid x-coordinate, there will be exactly two valid y-coordinates which will be the negation modulo p of each other.
If the point is marked Z = Zero
then it may also be point at infinity which is the identity element of the group.
Markers
A Point<T,S,Z>
has three types parameters.
T
: APointType
used to reason about what the point can do and to specialize point operations.S
: ASecrecy
to determine whether operations on this point should be done in constant-time or not. By default points arePublic
so operations run in variable time.Z
: AZeroChoice
to keep track of whether the point might be zero (the point at infinity) or is guaranteed to be non-zero.
Serialization
Only points that are marked with Z
= NonZero
and T
≠ Jacobian
can be
serialized. A Point that is EvenY
serializes to and from the 32-byte
x-only representation like the XOnly
type. Normal
points serialize to
and from the standard 33-byte representation specified in Standards for
Efficient Cryptography (the same as Point::to/from_bytes
)
Implementations
Creates a Point the compressed encoding specified in Standards for
Efficient Cryptography. This is the typical encoding used in
Bitcoin. The first byte must be 0x02
or 0x03
to indicate that the
y-coordinate is even or odd respectively. The remaining 32 bytes must
encode an x-coordinate on the curve. If these conditions are not then
it will return None
.
Examples
use secp256kfun::{Point, G}; let bytes = [ 2, 121, 190, 102, 126, 249, 220, 187, 172, 85, 160, 98, 149, 206, 135, 11, 7, 2, 155, 252, 219, 45, 206, 40, 217, 89, 242, 129, 91, 22, 248, 23, 152, ]; let point = Point::from_bytes(bytes).unwrap(); assert_eq!(point, *G);
Convenience method for calling from_bytes
wth a slice.
Returns None if from_bytes
would or if slice
is not 33 bytes long.
Creates a Point from a 65-byte uncompressed encoding specified in
Standards for Efficient Cryptography. The first byte must be
0x04
. The remaining 64 bytes must encode a valid x and y coordinate
on the curve. If the conditions are not met then it will return None
.
Converts this point into the point with the same x-coordinate but with
an even y-coordinate. Returns a Point marked EvenY
with a bool
indicating whether the point had to be negated to make its y-coordinate
even.
Examples
use secp256kfun::{marker::*, Point}; let point = Point::random(&mut rand::thread_rng()); let (point_with_even_y, was_odd) = point.clone().into_point_with_even_y();
Multiplies base
by scalar
and returns the resulting point. If the
resulting point does not have an even y-coordinate then the scalar and
point are negated so the point has an even y-coordinate and the scalar
matches it.
Examples
use secp256kfun::{marker::*, Point, Scalar, G}; let mut secret_key = Scalar::random(&mut rand::thread_rng()); let public_key = Point::<EvenY>::from_scalar_mul(G, &mut secret_key); assert!(public_key.is_y_even());
Returns true if this point the [identity element
] of the group A.K.A. the point at infinity.
Examples
let point = Point::random(&mut rand::thread_rng()); assert!(!point.is_zero()); assert!(g!(0 * point).is_zero());
pub fn conditional_negate(&self, cond: bool) -> Point<T::NegationType, S, Z> where
T: PointType,
pub fn conditional_negate(&self, cond: bool) -> Point<T::NegationType, S, Z> where
T: PointType,
Negates a point based on a condition.
If cond
is true the value returned is the negation of the point, otherwise it will be the point.
Checks if this point’s x-coordiante is the equal to the scalar mod the curve order. This is only useful for ECDSA implementations.
Returns the x and y coordinates of the point as two 32-byte arrays containing their big endian encoding.
Example
let point = Point::random(&mut rand::thread_rng()); let (x_coord, y_coord) = point.coordinates();
Converts the point to its compressed encoding as specified by Standards for Efficient Cryptography.
Example
Round trip serialization with from_bytes
let point = Point::random(&mut rand::thread_rng()); let bytes = point.to_bytes(); assert!(bytes[0] == 0x02 || bytes[0] == 0x03); assert_eq!(Point::from_bytes(bytes).unwrap(), point);
Encodes a point as its compressed encoding as specified by Standards for Efficient Cryptography.
Example
use secp256kfun::Point; let point = Point::random(&mut rand::thread_rng()); let bytes = point.to_bytes_uncompressed(); assert_eq!(Point::from_bytes_uncompressed(bytes).unwrap(), point);
Converts a point to an XOnly
(i.e. just its x-coordinate).
Example
use secp256kfun::{marker::*, Point}; let (point_even_y, _) = Point::random(&mut rand::thread_rng()).into_point_with_even_y(); let xonly = point_even_y.to_xonly(); assert_eq!(xonly.to_point(), point_even_y);
Trait Implementations
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Point<EvenY, S, NonZero>, Deser::Error>
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Point<EvenY, S, NonZero>, Deser::Error>
Deserialize this value from the given Serde deserializer. Read more
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Point<Normal, S, NonZero>, Deser::Error>
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Point<Normal, S, NonZero>, Deser::Error>
Deserialize this value from the given Serde deserializer. Read more
Auto Trait Implementations
impl<T, S, Z> RefUnwindSafe for Point<T, S, Z> where
S: RefUnwindSafe,
T: RefUnwindSafe,
Z: RefUnwindSafe,
impl<T, S, Z> UnwindSafe for Point<T, S, Z> where
S: UnwindSafe,
T: UnwindSafe,
Z: UnwindSafe,
Blanket Implementations
Mutably borrows from an owned value. Read more
Marks item
with Self
.
Marks item
with Self
.
impl<T> ConditionallyNegatable for T where
T: ConditionallySelectable,
&'a T: for<'a> Neg,
<&'a T as Neg>::Output == T,
impl<T> ConditionallyNegatable for T where
T: ConditionallySelectable,
&'a T: for<'a> Neg,
<&'a T as Neg>::Output == T,
Negate self
if choice == Choice(1)
; otherwise, leave it
unchanged. Read more
Returns a new instance of the invocant that will be marked with M
. Read more
type Output = T
type Output = T
Should always be Self