Struct secp256kfun::Scalar
source · [−]Expand description
A secp256k1 scalar (an integer mod the curve order)
The term scalar comes from interpreting the secp256k1 elliptic curve group
as a vector space with a point as a notional single element vector
and the field of integers modulo the curve order as its
scalars. Specifically, a Scalar
represents an integer modulo the curve
order q
where
q = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
The thing that makes secp256k1 and other elliptic curves useful for cryptography is that scalar multiplication can be done efficiently:
use secp256kfun::{g, Scalar, G};
let x = Scalar::random(&mut rand::thread_rng());
let X = g!(x * G);
But finding x
from (X,G)
is hard because there is no known efficient
algorithm to divide X
by G
to get x
. This is known as the elliptic
curve discrete logarithm problem. Because of this, scalars are often
used as a secret keys with the points obtained by multiplying them by G
as
their corresponding public keys.
Markers
A Scalar<S,Z>
has two markers:
S
: ASecrecy
to determine whether operations on this scalar should be done in constant time or not. By default scalars areSecret
so operations run in constant-time.Z
: AZeroChoice
to keep track of whether the point might be zero or is guaranteed to non-zero.
Implementations
sourceimpl<Z, S> Scalar<S, Z>
impl<Z, S> Scalar<S, Z>
sourceimpl Scalar<Secret, NonZero>
impl Scalar<Secret, NonZero>
sourcepub fn random<R: RngCore + CryptoRng>(rng: &mut R) -> Self
pub fn random<R: RngCore + CryptoRng>(rng: &mut R) -> Self
Generates a random scalar from randomness taken from a caller provided cryptographically secure random number generator.
Example
use secp256kfun::{g, Scalar, G};
let secret_scalar = Scalar::random(&mut rand::thread_rng());
let public_point = g!(secret_scalar * G);
sourcepub fn from_hash(hash: impl Digest<OutputSize = U32>) -> Self
pub fn from_hash(hash: impl Digest<OutputSize = U32>) -> Self
Converts the output of a 32-byte hash into a scalar by reducing it modulo the curve order.
Example
use digest::Digest;
use secp256kfun::Scalar;
let mut hash = sha2::Sha256::default();
hash.update(b"Chancellor on brink of second bailout for banks".as_ref());
let scalar = Scalar::from_hash(hash);
sourcepub fn from_non_zero_u32(int: NonZeroU32) -> Self
pub fn from_non_zero_u32(int: NonZeroU32) -> Self
Converts a NonZeroU32
into a Scalar<Secret,NonZero>
.
sourceimpl Scalar<Secret, Zero>
impl Scalar<Secret, Zero>
sourcepub fn from_bytes_mod_order(bytes: [u8; 32]) -> Self
pub fn from_bytes_mod_order(bytes: [u8; 32]) -> Self
Converts 32 bytes into a scalar by reducing it modulo the curve order q
.
Example
use secp256kfun::{hex, Scalar};
let scalar = Scalar::from_bytes_mod_order(*b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
assert_eq!(scalar.to_bytes(), *b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
let scalar_overflowed = Scalar::from_bytes_mod_order(
hex::decode_array("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364142")
.unwrap(),
);
assert_eq!(scalar_overflowed, Scalar::one())
sourcepub fn from_slice_mod_order(slice: &[u8]) -> Option<Self>
pub fn from_slice_mod_order(slice: &[u8]) -> Option<Self>
Exactly like from_bytes_mod_order
except
it operates on a 32-byte slice rather than an array. If the slice is
not 32 bytes long then the function returns None
.
Example
let bytes = b"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
assert!(Scalar::from_slice_mod_order(&bytes[..31]).is_none());
assert_eq!(
Scalar::from_slice_mod_order(&bytes[..]).unwrap(),
Scalar::from_bytes_mod_order(*bytes)
);
sourcepub fn from_bytes(bytes: [u8; 32]) -> Option<Self>
pub fn from_bytes(bytes: [u8; 32]) -> Option<Self>
Creates a scalar from 32 big-endian encoded bytes. If the bytes
represent an integer greater than or equal to the curve order then it returns None
.
Example
use secp256kfun::{marker::*, Scalar};
assert!(Scalar::from_bytes([0u8; 32]).is_some());
assert!(Scalar::from_bytes([255u8; 32]).is_none());
sourceimpl<S> Scalar<S, Zero>
impl<S> Scalar<S, Zero>
sourcepub fn expect_nonzero(self, reason: &str) -> Scalar<S, NonZero>
pub fn expect_nonzero(self, reason: &str) -> Scalar<S, NonZero>
Converts a scalar marked with Zero
to one that is marked NonZero
.
You must provide a justification for this as the reason
.
If you’re wrong the method will panic with the reason.
This is shorthand for:
use secp256kfun::marker::{Mark, NonZero};
scalar.mark::<NonZero>().expect(reason);
Example
use secp256kfun::{s, Scalar};
let two = s!(1 + 1).expect_nonzero("one plus one is not zero");
Trait Implementations
sourceimpl<Z, S> ChangeMark<Scalar<S, Z>> for NonZero
impl<Z, S> ChangeMark<Scalar<S, Z>> for NonZero
sourceimpl<Z, S> ChangeMark<Scalar<S, Z>> for Zero
impl<Z, S> ChangeMark<Scalar<S, Z>> for Zero
sourceimpl<'de, S> Deserialize<'de> for Scalar<S, NonZero>
impl<'de, S> Deserialize<'de> for Scalar<S, NonZero>
sourcefn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, NonZero>, Deser::Error>
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, NonZero>, Deser::Error>
Deserialize this value from the given Serde deserializer. Read more
sourceimpl<'de, S> Deserialize<'de> for Scalar<S, Zero>
impl<'de, S> Deserialize<'de> for Scalar<S, Zero>
sourcefn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, Zero>, Deser::Error>
fn deserialize<Deser: Deserializer<'de>>(
deserializer: Deser
) -> Result<Scalar<S, Zero>, Deser::Error>
Deserialize this value from the given Serde deserializer. Read more
impl<Z: Clone> Copy for Scalar<Public, Z>
impl<S: Eq, Z: Eq> Eq for Scalar<S, Z>
impl<S, Z> StructuralEq for Scalar<S, Z>
Auto Trait Implementations
impl<S, Z> RefUnwindSafe for Scalar<S, Z> where
S: RefUnwindSafe,
Z: RefUnwindSafe,
impl<S, Z> Send for Scalar<S, Z> where
S: Send,
Z: Send,
impl<S, Z> Sync for Scalar<S, Z> where
S: Sync,
Z: Sync,
impl<S, Z> Unpin for Scalar<S, Z> where
S: Unpin,
Z: Unpin,
impl<S, Z> UnwindSafe for Scalar<S, Z> where
S: UnwindSafe,
Z: UnwindSafe,
Blanket Implementations
sourceimpl<T> BorrowMut<T> for T where
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
const: unstable · sourcefn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
sourceimpl<Z, S, SNew> ChangeMark<Scalar<S, Z>> for SNew where
SNew: Secrecy,
impl<Z, S, SNew> ChangeMark<Scalar<S, Z>> for SNew where
SNew: Secrecy,
sourcefn change_mark(scalar: Scalar<S, Z>) -> <SNew as ChangeMark<Scalar<S, Z>>>::Out
fn change_mark(scalar: Scalar<S, Z>) -> <SNew as ChangeMark<Scalar<S, Z>>>::Out
Marks item
with Self
.
sourceimpl<T> Mark for T
impl<T> Mark for T
sourcefn mark<M>(self) -> <M as ChangeMark<T>>::Out where
M: ChangeMark<T>,
fn mark<M>(self) -> <M as ChangeMark<T>>::Out where
M: ChangeMark<T>,
Returns a new instance of the invocant that will be marked with M
. Read more
sourceimpl<T> ToOwned for T where
T: Clone,
impl<T> ToOwned for T where
T: Clone,
type Owned = T
type Owned = T
The resulting type after obtaining ownership.
sourcefn clone_into(&self, target: &mut T)
fn clone_into(&self, target: &mut T)
toowned_clone_into
)Uses borrowed data to replace owned data, usually by cloning. Read more