[][src]Struct curve25519_dalek::ristretto::RistrettoPoint

pub struct RistrettoPoint(pub(crate) EdwardsPoint);

A RistrettoPoint represents a point in the Ristretto group for Curve25519. Ristretto, a variant of Decaf, constructs a prime-order group as a quotient group of a subgroup of (the Edwards form of) Curve25519.

Internally, a RistrettoPoint is implemented as a wrapper type around EdwardsPoint, with custom equality, compression, and decompression routines to account for the quotient. This means that operations on RistrettoPoints are exactly as fast as operations on EdwardsPoints.

Methods

impl RistrettoPoint[src]

pub fn compress(&self) -> CompressedRistretto[src]

Compress this point using the Ristretto encoding.

Important traits for Vec<u8>
pub fn double_and_compress_batch<'a, I>(points: I) -> Vec<CompressedRistretto> where
    I: IntoIterator<Item = &'a RistrettoPoint>, 
[src]

Double-and-compress a batch of points. The Ristretto encoding is not batchable, since it requires an inverse square root.

However, given input points \( P_1, \ldots, P_n, \) it is possible to compute the encodings of their doubles \( \mathrm{enc}( [2]P_1), \ldots, \mathrm{enc}( [2]P_n ) \) in a batch.

extern crate rand_core;
use rand_core::OsRng;

let mut rng = OsRng;
let points: Vec<RistrettoPoint> =
    (0..32).map(|_| RistrettoPoint::random(&mut rng)).collect();

let compressed = RistrettoPoint::double_and_compress_batch(&points);

for (P, P2_compressed) in points.iter().zip(compressed.iter()) {
    assert_eq!(*P2_compressed, (P + P).compress());
}

fn coset4(&self) -> [EdwardsPoint; 4][src]

Return the coset self + E[4], for debugging.

pub(crate) fn elligator_ristretto_flavor(r_0: &FieldElement51) -> RistrettoPoint[src]

Computes the Ristretto Elligator map.

Note

This method is not public because it's just used for hashing to a point -- proper elligator support is deferred for now.

pub fn random<R: RngCore + CryptoRng>(rng: &mut R) -> Self[src]

Return a RistrettoPoint chosen uniformly at random using a user-provided RNG.

Inputs

  • rng: any RNG which implements the RngCore + CryptoRng interface.

Returns

A random element of the Ristretto group.

Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown. The map is applied twice and the results are added, to ensure a uniform distribution.

pub fn hash_from_bytes<D>(input: &[u8]) -> RistrettoPoint where
    D: Digest<OutputSize = U64> + Default
[src]

Hash a slice of bytes into a RistrettoPoint.

Takes a type parameter D, which is any Digest producing 64 bytes of output.

Convenience wrapper around from_hash.

Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown. The map is applied twice and the results are added, to ensure a uniform distribution.

Example

extern crate sha2;
use sha2::Sha512;

let msg = "To really appreciate architecture, you may even need to commit a murder";
let P = RistrettoPoint::hash_from_bytes::<Sha512>(msg.as_bytes());

pub fn from_hash<D>(hash: D) -> RistrettoPoint where
    D: Digest<OutputSize = U64> + Default
[src]

Construct a RistrettoPoint from an existing Digest instance.

Use this instead of hash_from_bytes if it is more convenient to stream data into the Digest than to pass a single byte slice.

pub fn from_uniform_bytes(bytes: &[u8; 64]) -> RistrettoPoint[src]

Construct a RistrettoPoint from 64 bytes of data.

If the input bytes are uniformly distributed, the resulting point will be uniformly distributed over the group, and its discrete log with respect to other points should be unknown.

Implementation

This function splits the input array into two 32-byte halves, takes the low 255 bits of each half mod p, applies the Ristretto-flavored Elligator map to each, and adds the results.

impl RistrettoPoint[src]

pub fn vartime_double_scalar_mul_basepoint(
    a: &Scalar,
    A: &RistrettoPoint,
    b: &Scalar
) -> RistrettoPoint
[src]

Compute \(aA + bB\) in variable time, where \(B\) is the Ristretto basepoint.

Trait Implementations

impl<'a, 'b> Add<&'b RistrettoPoint> for &'a RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the + operator.

impl<'b> Add<&'b RistrettoPoint> for RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the + operator.

impl<'a> Add<RistrettoPoint> for &'a RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the + operator.

impl Add<RistrettoPoint> for RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the + operator.

impl<'b> AddAssign<&'b RistrettoPoint> for RistrettoPoint[src]

impl AddAssign<RistrettoPoint> for RistrettoPoint[src]

impl Clone for RistrettoPoint[src]

impl ConditionallySelectable for RistrettoPoint[src]

fn conditional_select(
    a: &RistrettoPoint,
    b: &RistrettoPoint,
    choice: Choice
) -> RistrettoPoint
[src]

Conditionally select between self and other.

Example

use subtle::ConditionallySelectable;
use subtle::Choice;

let A = RistrettoPoint::identity();
let B = constants::RISTRETTO_BASEPOINT_POINT;

let mut P = A;

P = RistrettoPoint::conditional_select(&A, &B, Choice::from(0));
assert_eq!(P, A);
P = RistrettoPoint::conditional_select(&A, &B, Choice::from(1));
assert_eq!(P, B);

impl ConstantTimeEq for RistrettoPoint[src]

fn ct_eq(&self, other: &RistrettoPoint) -> Choice[src]

Test equality between two RistrettoPoints.

Returns

  • Choice(1) if the two RistrettoPoints are equal;
  • Choice(0) otherwise.

impl Copy for RistrettoPoint[src]

impl Debug for RistrettoPoint[src]

impl Default for RistrettoPoint[src]

impl Eq for RistrettoPoint[src]

impl<'a> From<&'a RistrettoPoint> for BatchCompressState[src]

impl Identity for RistrettoPoint[src]

impl<'a, 'b> Mul<&'b RistrettoPoint> for &'a Scalar[src]

type Output = RistrettoPoint

The resulting type after applying the * operator.

fn mul(self, point: &'b RistrettoPoint) -> RistrettoPoint[src]

Scalar multiplication: compute self * scalar.

impl<'b> Mul<&'b RistrettoPoint> for Scalar[src]

type Output = RistrettoPoint

The resulting type after applying the * operator.

impl<'a, 'b> Mul<&'b Scalar> for &'a RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the * operator.

fn mul(self, scalar: &'b Scalar) -> RistrettoPoint[src]

Scalar multiplication: compute scalar * self.

impl<'b> Mul<&'b Scalar> for RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the * operator.

impl<'a> Mul<RistrettoPoint> for &'a Scalar[src]

type Output = RistrettoPoint

The resulting type after applying the * operator.

impl Mul<RistrettoPoint> for Scalar[src]

type Output = RistrettoPoint

The resulting type after applying the * operator.

impl<'a> Mul<Scalar> for &'a RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the * operator.

impl Mul<Scalar> for RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the * operator.

impl<'b> MulAssign<&'b Scalar> for RistrettoPoint[src]

impl MulAssign<Scalar> for RistrettoPoint[src]

impl MultiscalarMul for RistrettoPoint[src]

type Point = RistrettoPoint

The type of point being multiplied, e.g., RistrettoPoint.

impl<'a> Neg for &'a RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the - operator.

impl Neg for RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the - operator.

impl PartialEq<RistrettoPoint> for RistrettoPoint[src]

impl<'a, 'b> Sub<&'b RistrettoPoint> for &'a RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the - operator.

impl<'b> Sub<&'b RistrettoPoint> for RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the - operator.

impl<'a> Sub<RistrettoPoint> for &'a RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the - operator.

impl Sub<RistrettoPoint> for RistrettoPoint[src]

type Output = RistrettoPoint

The resulting type after applying the - operator.

impl<'b> SubAssign<&'b RistrettoPoint> for RistrettoPoint[src]

impl SubAssign<RistrettoPoint> for RistrettoPoint[src]

impl<T> Sum<T> for RistrettoPoint where
    T: Borrow<RistrettoPoint>, 
[src]

impl VartimeMultiscalarMul for RistrettoPoint[src]

type Point = RistrettoPoint

The type of point being multiplied, e.g., RistrettoPoint.

Auto Trait Implementations

impl RefUnwindSafe for RistrettoPoint

impl Send for RistrettoPoint

impl Sync for RistrettoPoint

impl Unpin for RistrettoPoint

impl UnwindSafe for RistrettoPoint

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T, U> Cast<U> for T where
    U: FromCast<T>, 

impl<T> ConditionallyNegatable for T where
    T: ConditionallySelectable,
    &'a T: Neg,
    <&'a T as Neg>::Output == T, 
[src]

impl<T> From<T> for T[src]

impl<T> FromBits<T> for T

impl<T> FromCast<T> for T

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T, U> IntoBits<U> for T where
    U: FromBits<T>, 

impl<T> IsIdentity for T where
    T: ConstantTimeEq + Identity
[src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> ToOwned for T where
    T: Clone
[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = !

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.