simfony_as_rust/jet/elliptic_curve_functions.rs
1/* This file has been automatically generated. */
2
3//! # Elliptic curve functions
4//!
5//! This module defines jets that replicate the functional behavior of (a specific version of) libsecp256k1's elliptic curve operations <https://github.com/bitcoin-core/secp256k1/tree/v0.3.0>.
6//! The functions defined here return precisely the same field and point representatives that the corresponding libsecp256k1's functions do, with a few exceptions with the way the point at infinity is handled.
7
8#![allow(unused)]
9#![allow(clippy::complexity)]
10
11use super::*;
12
13/// Decompress a point into affine coordinates.
14///
15/// - Return `None` if the x-coordinate is not on the curve.
16/// - Return `Some(ge)` even if the x-coordinate is not normalized.
17///
18/// ## Cost
19///
20/// 10861 mWU _(milli weight units)_
21pub fn decompress(a: Point) -> Option<Ge> {
22 todo!()
23}
24
25/// Add two field elements.
26///
27/// ## Cost
28///
29/// 755 mWU _(milli weight units)_
30pub fn fe_add(a: Fe, b: Fe) -> Fe {
31 todo!()
32}
33
34/// Compute the modular inverse of a field element.
35///
36/// ## Cost
37///
38/// 3175 mWU _(milli weight units)_
39pub fn fe_invert(a: Fe) -> Fe {
40 todo!()
41}
42
43/// Check if the canonical representative of the field element is odd.
44///
45/// ## Cost
46///
47/// 290 mWU _(milli weight units)_
48pub fn fe_is_odd(a: Fe) -> bool {
49 todo!()
50}
51
52/// Check if the field element represents zero.
53///
54/// ## Cost
55///
56/// 268 mWU _(milli weight units)_
57pub fn fe_is_zero(a: Fe) -> bool {
58 todo!()
59}
60
61/// Multiply two field elements.
62///
63/// ## Cost
64///
65/// 808 mWU _(milli weight units)_
66pub fn fe_multiply(a: Fe, b: Fe) -> Fe {
67 todo!()
68}
69
70/// Multiply a field element by the canonical primitive cube root of unity (beta).
71///
72/// ## Cost
73///
74/// 579 mWU _(milli weight units)_
75pub fn fe_multiply_beta(a: Fe) -> Fe {
76 todo!()
77}
78
79/// Negate a field element.
80///
81/// ## Cost
82///
83/// 531 mWU _(milli weight units)_
84pub fn fe_negate(a: Fe) -> Fe {
85 todo!()
86}
87
88/// Return the canonical representation of a field element.
89///
90/// ## Cost
91///
92/// 521 mWU _(milli weight units)_
93pub fn fe_normalize(a: Fe) -> Fe {
94 todo!()
95}
96
97/// Square a field element.
98///
99/// ## Cost
100///
101/// 556 mWU _(milli weight units)_
102pub fn fe_square(a: Fe) -> Fe {
103 todo!()
104}
105
106/// Compute the modular square root of a field element if it exists.
107///
108/// ## Cost
109///
110/// 10275 mWU _(milli weight units)_
111pub fn fe_square_root(a: Fe) -> Option<Fe> {
112 todo!()
113}
114
115/// Check if the given point satisfies the curve equation y² = x³ + 7.
116///
117/// ## Cost
118///
119/// 642 mWU _(milli weight units)_
120pub fn ge_is_on_curve(a: Ge) -> bool {
121 todo!()
122}
123
124/// Negate a point.
125///
126/// ## Cost
127///
128/// 945 mWU _(milli weight units)_
129pub fn ge_negate(a: Ge) -> Ge {
130 todo!()
131}
132
133/// Add two points.
134///
135/// ## Cost
136///
137/// 2897 mWU _(milli weight units)_
138pub fn gej_add(a: Gej, b: Gej) -> Gej {
139 todo!()
140}
141
142/// Double a point. If the result is the point at infinity, it is returned in canonical form.
143///
144/// ## Cost
145///
146/// 1764 mWU _(milli weight units)_
147pub fn gej_double(a: Gej) -> Gej {
148 todo!()
149}
150
151/// Check if two points represent the same point.
152///
153/// ## Cost
154///
155/// 2220 mWU _(milli weight units)_
156pub fn gej_equiv(a: Gej, b: Gej) -> bool {
157 todo!()
158}
159
160/// Add two points. If the result is the point at infinity, it is returned in canonical form.
161///
162/// ## Cost
163///
164/// 2477 mWU _(milli weight units)_
165pub fn gej_ge_add(a: Gej, b: Ge) -> Gej {
166 todo!()
167}
168
169/// Add two points. Also return the ration of the `a`s z-coordinate and the result's z-coordinate. If the result is the point at infinity, it is returned in canonical form.
170///
171/// ## Cost
172///
173/// 2719 mWU _(milli weight units)_
174pub fn gej_ge_add_ex(a: Gej, b: Ge) -> (Fe, Gej) {
175 todo!()
176}
177
178/// Check if two points represent the same point.
179///
180/// ## Cost
181///
182/// 1765 mWU _(milli weight units)_
183pub fn gej_ge_equiv(a: Gej, b: Ge) -> bool {
184 todo!()
185}
186
187/// Return the canonical representation of the point at infinity.
188///
189/// ## Cost
190///
191/// 716 mWU _(milli weight units)_
192pub fn gej_infinity() -> Gej {
193 todo!()
194}
195
196/// Check if the point represents infinity.
197///
198/// ## Cost
199///
200/// 666 mWU _(milli weight units)_
201pub fn gej_is_infinity(a: Gej) -> bool {
202 todo!()
203}
204
205/// Check if the given point satisfies the curve equation y² = x³ + 7.
206///
207/// ## Cost
208///
209/// 1016 mWU _(milli weight units)_
210pub fn gej_is_on_curve(a: Gej) -> bool {
211 todo!()
212}
213
214/// Negate a point.
215///
216/// ## Cost
217///
218/// 1381 mWU _(milli weight units)_
219pub fn gej_negate(a: Gej) -> Gej {
220 todo!()
221}
222
223/// Convert the point into affine coordinates with canonical field representatives. If the result is the point at infinity, it is returned in canonical form.
224///
225/// ## Cost
226///
227/// 4099 mWU _(milli weight units)_
228pub fn gej_normalize(a: Gej) -> Option<Ge> {
229 todo!()
230}
231
232/// Change the representatives of a point by multiplying the z-coefficient by the given value.
233///
234/// ## Cost
235///
236/// 1908 mWU _(milli weight units)_
237pub fn gej_rescale(a: Gej, b: Fe) -> Gej {
238 todo!()
239}
240
241/// Check if the point represents an affine point with the given x-coordinate.
242///
243/// ## Cost
244///
245/// 1047 mWU _(milli weight units)_
246pub fn gej_x_equiv(a: Fe, b: Gej) -> bool {
247 todo!()
248}
249
250/// Check if the point represents an affine point with odd y-coordinate.
251///
252/// ## Cost
253///
254/// 3651 mWU _(milli weight units)_
255pub fn gej_y_is_odd(a: Gej) -> bool {
256 todo!()
257}
258
259/// Multiply the generator point with the given scalar.
260///
261/// ## Cost
262///
263/// 50071 mWU _(milli weight units)_
264pub fn generate(a: Scalar) -> Gej {
265 todo!()
266}
267
268/// A cryptographic hash function that results in a point on the secp256k1 curve.
269///
270/// This matches the hash function used to map asset IDs to asset commitments.
271///
272/// ## Cost
273///
274/// 68094 mWU _(milli weight units)_
275pub fn hash_to_curve(a: u256) -> Ge {
276 todo!()
277}
278
279/// Compute the linear combination `b * a + c * g` for point `b` and scalars `a` and `c`, where `g` is the generator point.
280///
281/// ## Cost
282///
283/// 84674 mWU _(milli weight units)_
284pub fn linear_combination_1(a: (Scalar, Gej), b: Scalar) -> Gej {
285 todo!()
286}
287
288/// Assert that a point `b` is equal to the linear combination `a.0 * a.1 + a.2 * g`, where `g` is the generator point.
289///
290/// ## Panics
291/// The assertion fails.
292///
293/// ## Cost
294///
295/// 43364 mWU _(milli weight units)_
296pub fn linear_verify_1(a: ((Scalar, Ge), Scalar), b: Ge) {
297 todo!()
298}
299
300/// Assert that a point `b` is equal to the linear combination `a.0 * a.1 + a.2 * g`, where `g` is the generator point.
301///
302/// ## Panics
303/// - The assertion fails.
304/// - Fails if the points cannot be decompressed.
305///
306/// ## Cost
307///
308/// 41494 mWU _(milli weight units)_
309pub fn point_verify_1(a: ((Scalar, Point), Scalar), b: Point) {
310 todo!()
311}
312
313/// Add two scalars.
314///
315/// ## Cost
316///
317/// 739 mWU _(milli weight units)_
318pub fn scalar_add(a: Scalar, b: Scalar) -> Scalar {
319 todo!()
320}
321
322/// Compute the modular inverse of a scalar.
323///
324/// ## Cost
325///
326/// 3193 mWU _(milli weight units)_
327pub fn scalar_invert(a: Scalar) -> Scalar {
328 todo!()
329}
330
331/// Check if the scalar represents zero.
332///
333/// ## Cost
334///
335/// 271 mWU _(milli weight units)_
336pub fn scalar_is_zero(a: Scalar) -> bool {
337 todo!()
338}
339
340/// Multiply two scalars.
341///
342/// ## Cost
343///
344/// 774 mWU _(milli weight units)_
345pub fn scalar_multiply(a: Scalar, b: Scalar) -> Scalar {
346 todo!()
347}
348
349/// Multiply a scalar with the canonical primitive cube of unity (lambda)
350///
351/// ## Cost
352///
353/// 557 mWU _(milli weight units)_
354pub fn scalar_multiply_lambda(a: Scalar) -> Scalar {
355 todo!()
356}
357
358/// Negate a scalar.
359///
360/// ## Cost
361///
362/// 490 mWU _(milli weight units)_
363pub fn scalar_negate(a: Scalar) -> Scalar {
364 todo!()
365}
366
367/// Return the canonical representation of the scalar.
368///
369/// ## Cost
370///
371/// 472 mWU _(milli weight units)_
372pub fn scalar_normalize(a: Scalar) -> Scalar {
373 todo!()
374}
375
376/// Square a scalar.
377///
378/// ## Cost
379///
380/// 575 mWU _(milli weight units)_
381pub fn scalar_square(a: Scalar) -> Scalar {
382 todo!()
383}
384
385/// Multiply a point by a scalar.
386///
387/// ## Cost
388///
389/// 72675 mWU _(milli weight units)_
390pub fn scale(a: Scalar, b: Gej) -> Gej {
391 todo!()
392}
393
394/// Algebraically distribute a field element over the secp256k1 curve as defined in
395/// ["Indifferentiable Hashing to Barreto-Naehrig Curves" by Pierre-Alain Fouque, Mehdi Tibouchi](https://inria.hal.science/hal-01094321/file/FT12.pdf).
396///
397/// While this by itself is not a cryptographic hash function, it can be used as a subroutine
398/// in a [`hash_to_curve`] function. However, the distribution only approaches uniformity when it is called twice.
399///
400/// ## Cost
401///
402/// 32120 mWU _(milli weight units)_
403pub fn swu(a: Fe) -> Ge {
404 todo!()
405}