Struct secp256kfun::Scalar [−][src]
Expand description
A secp256k1 scalar (an integer mod the curve order)
The term scalar comes from interpreting the secp256k1 elliptic curve group
as a vector space with a point as a notional single element vector
and the field of integers modulo the curve order as its
scalars. Specifically, a Scalar
represents an integer modulo the curve
order q
where
q = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
The thing that makes secp256k1 and other elliptic curves useful for cryptography is that scalar multiplication can be done efficiently:
use secp256kfun::{g, Scalar, G}; let x = Scalar::random(&mut rand::thread_rng()); let X = g!(x * G);
But finding x
from (X,G)
is hard because there is no known efficient
algorithm to divide X
by G
to get x
. This is known as the elliptic
curve discrete logarithm problem. Because of this, scalars are often
used as a secret keys with the points obtained by multiplying them by G
as
their corresponding public keys.
Markers
A Scalar<S,Z>
has two markers:
S
: ASecrecy
to determine whether operations on this scalar should be done in constant time or not. By default scalars areSecret
so operations run in constant-time.Z
: AZeroChoice
to keep track of whether the point might be zero or is guaranteed to non-zero.
Implementations
Serializes the scalar to its 32-byte big-endian representation
Negates the scalar in-place if cond
is true.
Generates a random scalar from randomness taken from a caller provided cryptographically secure random number generator.
Example
use secp256kfun::{g, Scalar, G}; let secret_scalar = Scalar::random(&mut rand::thread_rng()); let public_point = g!(secret_scalar * G);
Converts the output of a 32-byte hash into a scalar by reducing it modulo the curve order.
Example
use digest::Digest; use secp256kfun::Scalar; let mut hash = sha2::Sha256::default(); hash.update(b"Chancellor on brink of second bailout for banks".as_ref()); let scalar = Scalar::from_hash(hash);
Converts a NonZeroU32
into a Scalar<Secret,NonZero>
.
Converts 32 bytes into a scalar by reducing it modulo the curve order q
.
Example
use secp256kfun::{hex, Scalar}; let scalar = Scalar::from_bytes_mod_order(*b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"); assert_eq!(scalar.to_bytes(), *b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"); let scalar_overflowed = Scalar::from_bytes_mod_order( hex::decode_array("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364142") .unwrap(), ); assert_eq!(scalar_overflowed, Scalar::one())
Exactly like from_bytes_mod_order
except
it operates on a 32-byte slice rather than an array. If the slice is
not 32 bytes long then the function returns None
.
Example
let bytes = b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; assert!(Scalar::from_slice_mod_order(&bytes[..31]).is_none()); assert_eq!( Scalar::from_slice_mod_order(&bytes[..]).unwrap(), Scalar::from_bytes_mod_order(*bytes) );
Creates a scalar from 32 big-endian encoded bytes. If the bytes
represent an integer greater than or equal to the curve order then it returns None
.
Example
use secp256kfun::{marker::*, Scalar}; assert!(Scalar::from_bytes([0u8; 32]).is_some()); assert!(Scalar::from_bytes([255u8; 32]).is_none());
Creates a scalar from 32 big-endian encoded bytes in a slice. If the
length of the slice is not 32 or the bytes represent an integer greater
than or equal to the curve order then it returns None
.
Trait Implementations
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, NonZero>, Deser::Error>
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, NonZero>, Deser::Error>
Deserialize this value from the given Serde deserializer. Read more
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, Zero>, Deser::Error>
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, Zero>, Deser::Error>
Deserialize this value from the given Serde deserializer. Read more
Auto Trait Implementations
impl<S, Z> RefUnwindSafe for Scalar<S, Z> where
S: RefUnwindSafe,
Z: RefUnwindSafe,
impl<S, Z> UnwindSafe for Scalar<S, Z> where
S: UnwindSafe,
Z: UnwindSafe,
Blanket Implementations
Mutably borrows from an owned value. Read more
Marks item
with Self
.
Marks item
with Self
.
Returns a new instance of the invocant that will be marked with M
. Read more
type Output = T
type Output = T
Should always be Self