Struct secp256kfun::Point[][src]

pub struct Point<T = Normal, S = Public, Z = NonZero>(_, _, _);
Expand description

A point on the secp256k1 elliptic curve.

A Point<T,S,Z> marked with Z = NonZero is any two integers modulo p (x,y) that satisfy:

y^2 = 3*x + 7 mod p

where p = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F. For every valid x-coordinate, there will be exactly two valid y-coordinates which will be the negation modulo p of each other.

If the point is marked Z = Zero then it may also be point at infinity which is the identity element of the group.

Markers

A Point<T,S,Z> has three types parameters.

  • T: A PointType used to reason about what the point can do and to specialize point operations.
  • S: A Secrecy to determine whether operations on this point should be done in constant-time or not. By default points are Public so operations run in variable time.
  • Z: A ZeroChoice to keep track of whether the point might be zero (the point at infinity) or is guaranteed to be non-zero.

Serialization

Only points that are marked with Z = NonZero and TJacobian can be serialized. A Point that is EvenY serializes to and from the 32-byte x-only representation like the XOnly type. Normal points serialize to and from the standard 33-byte representation specified in Standards for Efficient Cryptography (the same as Point::to/from_bytes)

Implementations

Creates a Point the compressed encoding specified in Standards for Efficient Cryptography. This is the typical encoding used in Bitcoin. The first byte must be 0x02 or 0x03 to indicate that the y-coordinate is even or odd respectively. The remaining 32 bytes must encode an x-coordinate on the curve. If these conditions are not then it will return None.

Examples

use secp256kfun::{Point, G};
let bytes = [
    2, 121, 190, 102, 126, 249, 220, 187, 172, 85, 160, 98, 149, 206, 135, 11, 7, 2, 155, 252,
    219, 45, 206, 40, 217, 89, 242, 129, 91, 22, 248, 23, 152,
];
let point = Point::from_bytes(bytes).unwrap();
assert_eq!(point, *G);

Convenience method for calling from_bytes wth a slice. Returns None if from_bytes would or if slice is not 33 bytes long.

Creates a Point from a 65-byte uncompressed encoding specified in Standards for Efficient Cryptography. The first byte must be 0x04. The remaining 64 bytes must encode a valid x and y coordinate on the curve. If the conditions are not met then it will return None.

Samples a point uniformly from the group.

Examples

Generate a random point from thread_rng.

let random_point = Point::random(&mut rand::thread_rng());

Converts this point into the point with the same x-coordinate but with an even y-coordinate. Returns a Point marked EvenY with a bool indicating whether the point had to be negated to make its y-coordinate even.

Examples

use secp256kfun::{marker::*, Point};
let point = Point::random(&mut rand::thread_rng());
let (point_with_even_y, was_odd) = point.clone().into_point_with_even_y();

Multiplies base by scalar and returns the resulting point. If the resulting point does not have an even y-coordinate then the scalar and point are negated so the point has an even y-coordinate and the scalar matches it.

Examples

use secp256kfun::{marker::*, Point, Scalar, G};
let mut secret_key = Scalar::random(&mut rand::thread_rng());
let public_key = Point::<EvenY>::from_scalar_mul(G, &mut secret_key);
assert!(public_key.is_y_even());

Returns true if this point the [identity element] of the group A.K.A. the point at infinity.

Examples

let point = Point::random(&mut rand::thread_rng());
assert!(!point.is_zero());
assert!(g!(0 * point).is_zero());

Negates a point based on a condition. If cond is true the value returned is the negation of the point, otherwise it will be the point.

A hack that is necessary when writing deserialization code until rust issue #44491 is fixed. Don’t use this method use mark which checks the type is a valid secrecy.

Returns the [identity element] of the group A.K.A. the point at infinity.

Example

use secp256kfun::{g, Point, G};
assert!(Point::zero().is_zero());
assert_eq!(g!({ Point::zero() } + G), *G);

Checks if this point’s x-coordiante is the equal to the scalar mod the curve order. This is only useful for ECDSA implementations.

Returns the x and y coordinates of the point as two 32-byte arrays containing their big endian encoding.

Example

let point = Point::random(&mut rand::thread_rng());
let (x_coord, y_coord) = point.coordinates();

Converts the point to its compressed encoding as specified by Standards for Efficient Cryptography.

Example

Round trip serialization with from_bytes

let point = Point::random(&mut rand::thread_rng());
let bytes = point.to_bytes();
assert!(bytes[0] == 0x02 || bytes[0] == 0x03);
assert_eq!(Point::from_bytes(bytes).unwrap(), point);

Encodes a point as its compressed encoding as specified by Standards for Efficient Cryptography.

Example

use secp256kfun::Point;
let point = Point::random(&mut rand::thread_rng());
let bytes = point.to_bytes_uncompressed();
assert_eq!(Point::from_bytes_uncompressed(bytes).unwrap(), point);

Converts a point to an XOnly (i.e. just its x-coordinate).

Example

use secp256kfun::{marker::*, Point};
let (point_even_y, _) = Point::random(&mut rand::thread_rng()).into_point_with_even_y();
let xonly = point_even_y.to_xonly();
assert_eq!(xonly.to_point(), point_even_y);

Returns whether the point has an even y-coordinate

Trait Implementations

The result type of marking T with Self

Marks item with Self.

The result type of marking T with Self

Marks item with Self.

The result type of marking T with Self

Marks item with Self.

The result type of marking T with Self

Marks item with Self.

The result type of marking T with Self

Marks item with Self.

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Select a or b according to choice. Read more

Conditionally assign other to self, according to choice. Read more

Conditionally swap self and other if choice == 1; otherwise, reassign both unto themselves. Read more

Formats the type as hex and any markers on the type.

Returns the “default value” for a type. Read more

Deserialize this value from the given Serde deserializer. Read more

Deserialize this value from the given Serde deserializer. Read more

Displays as hex.

Displays as hex.

Performs the conversion.

Performs the conversion.

Performs the conversion.

Parses the string as hex and interprets tries to convert the resulting byte array into the desired value.

The associated error which can be returned from parsing.

Parses the string as hex and interprets tries to convert the resulting byte array into the desired value.

The associated error which can be returned from parsing.

Feeds this value into the given Hasher. Read more

Feeds a slice of this type into the given Hasher. Read more

Asks the item to convert itself to bytes and add itself to hash.

The resulting type after applying the - operator.

Performs the unary - operation. Read more

The resulting type after applying the - operator.

Performs the unary - operation. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

Serialize this value into the given Serde serializer. Read more

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

The result type of marking T with Self

Marks item with Self.

The result type of marking T with Self

Marks item with Self.

Negate self if choice == Choice(1); otherwise, leave it unchanged. Read more

Performs the conversion.

Performs the conversion.

Returns a new instance of the invocant that will be marked with M. Read more

Should always be Self

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

recently added

Uses borrowed data to replace owned data, usually by cloning. Read more

Converts the given value to a String. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.