sp1_lib/
ed25519.rs

1use crate::{syscall_ed_add, utils::AffinePoint};
2
3/// The number of limbs in [Ed25519AffinePoint].
4pub const N: usize = 16;
5
6/// An affine point on the Ed25519 curve.
7#[derive(Copy, Clone)]
8#[repr(align(4))]
9pub struct Ed25519AffinePoint(pub [u32; N]);
10
11impl AffinePoint<N> for Ed25519AffinePoint {
12    /// The generator/base point for the Ed25519 curve. Reference: https://datatracker.ietf.org/doc/html/rfc7748#section-4.1
13    const GENERATOR: [u32; N] = [
14        216936062, 3086116296, 2351951131, 1681893421, 3444223839, 2756123356, 3800373269,
15        3284567716, 2518301344, 752319464, 3983256831, 1952656717, 3669724772, 3793645816,
16        3665724614, 2969860233,
17    ];
18
19    #[allow(deprecated)]
20    const GENERATOR_T: Self = Self(Self::GENERATOR);
21
22    fn new(limbs: [u32; N]) -> Self {
23        Self(limbs)
24    }
25
26    fn identity() -> Self {
27        Self::identity()
28    }
29
30    fn limbs_ref(&self) -> &[u32; N] {
31        &self.0
32    }
33
34    fn limbs_mut(&mut self) -> &mut [u32; N] {
35        &mut self.0
36    }
37
38    fn add_assign(&mut self, other: &Self) {
39        let a = self.limbs_mut();
40        let b = other.limbs_ref();
41        unsafe {
42            syscall_ed_add(a, b);
43        }
44    }
45
46    fn is_identity(&self) -> bool {
47        self.0 == Self::IDENTITY
48    }
49
50    /// In Edwards curves, doubling is the same as adding a point to itself.
51    fn double(&mut self) {
52        let a = self.limbs_mut();
53        unsafe {
54            syscall_ed_add(a, a);
55        }
56    }
57}
58
59impl Ed25519AffinePoint {
60    const IDENTITY: [u32; N] = [0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0];
61
62    pub fn identity() -> Self {
63        Self(Self::IDENTITY)
64    }
65}
sp1_lib/ed25519.rs

sp1_lib/
ed25519.rs
