elliptic_curve/point.rs
1//! Traits for elliptic curve points.
2
3mod non_identity;
4
5#[cfg(feature = "arithmetic")]
6pub use self::non_identity::NonIdentity;
7use crate::{Curve, FieldBytes};
8use subtle::{Choice, CtOption};
9
10#[cfg(feature = "arithmetic")]
11use crate::CurveArithmetic;
12
13/// Affine point type for a given curve with a [`CurveArithmetic`]
14/// implementation.
15#[cfg(feature = "arithmetic")]
16pub type AffinePoint<C> = <C as CurveArithmetic>::AffinePoint;
17
18/// Projective point type for a given curve with a [`CurveArithmetic`]
19/// implementation.
20#[cfg(feature = "arithmetic")]
21pub type ProjectivePoint<C> = <C as CurveArithmetic>::ProjectivePoint;
22
23/// Access to the affine coordinates of an elliptic curve point.
24// TODO: use zkcrypto/group#30 coordinate API when available
25pub trait AffineCoordinates: Sized {
26 /// Field element representation with curve-specific serialization/endianness.
27 type FieldRepr: AsRef<[u8]>;
28
29 /// Creates an affine point from its coordinates.
30 fn from_coordinates(x: &Self::FieldRepr, y: &Self::FieldRepr) -> CtOption<Self>;
31
32 /// Get the affine x-coordinate as a serialized field element.
33 fn x(&self) -> Self::FieldRepr;
34
35 /// Get the affine y-coordinate as a serialized field element.
36 fn y(&self) -> Self::FieldRepr;
37
38 /// Is the affine x-coordinate odd?
39 fn x_is_odd(&self) -> Choice;
40
41 /// Is the affine y-coordinate odd?
42 fn y_is_odd(&self) -> Choice;
43}
44
45/// Normalize point(s) in projective representation by converting them to their affine ones.
46#[cfg(feature = "arithmetic")]
47pub trait BatchNormalize<Points: ?Sized> {
48 /// The output of the batch normalization; a container of affine points.
49 type Output;
50
51 /// Perform a batched conversion to affine representation on a sequence of projective points
52 /// at an amortized cost that should be practically as efficient as a single conversion.
53 /// Internally, implementors should rely upon `InvertBatch`.
54 fn batch_normalize(points: &Points) -> Self::Output;
55
56 /// Perform a batched conversion to affine representation on a sequence of projective points
57 /// in variable-time.
58 ///
59 /// <div class="warning">
60 /// <b>Security Warning</b>
61 ///
62 /// This should NOT be used on points which represent secrets!
63 /// </b>
64 fn batch_normalize_vartime(points: &Points) -> Self::Output {
65 // Call the constant-time implementation by default
66 Self::batch_normalize(points)
67 }
68}
69
70/// Decompress an elliptic curve point.
71///
72/// Point decompression recovers an original curve point from its x-coordinate
73/// and a boolean flag indicating whether or not the y-coordinate is odd.
74pub trait DecompressPoint<C: Curve>: Sized {
75 /// Attempt to decompress an elliptic curve point.
76 fn decompress(x: &FieldBytes<C>, y_is_odd: Choice) -> CtOption<Self>;
77}
78
79/// Decompact an elliptic curve point from an x-coordinate.
80///
81/// Decompaction relies on properties of specially-generated keys but provides
82/// a more compact representation than standard point compression.
83pub trait DecompactPoint<C: Curve>: Sized {
84 /// Attempt to decompact an elliptic curve point
85 fn decompact(x: &FieldBytes<C>) -> CtOption<Self>;
86}
87
88/// Point compression settings.
89pub trait PointCompression {
90 /// Should point compression be applied by default?
91 const COMPRESS_POINTS: bool;
92}
93
94/// Point compaction settings.
95pub trait PointCompaction {
96 /// Should point compaction be applied by default?
97 const COMPACT_POINTS: bool;
98}