Trait halo2_backend::arithmetic::CurveExt

pub trait CurveExt: PrimeCurve<Affine = Self::AffineExt, Scalar = Self::ScalarExt> + Group + Default + ConditionallySelectable + ConstantTimeEq + From<Self::Affine> {
    type ScalarExt: WithSmallOrderMulGroup<3>;
    type Base: WithSmallOrderMulGroup<3>;
    type AffineExt: CurveAffine<CurveExt = Self, ScalarExt = Self::ScalarExt, Output = Self, Output = Self> + Mul<Self::ScalarExt> + for<'r> Mul<Self::ScalarExt>;

    const CURVE_ID: &'static str;

    // Required methods
    fn endo(&self) -> Self;
    fn jacobian_coordinates(&self) -> (Self::Base, Self::Base, Self::Base);
    fn hash_to_curve<'a>(
        domain_prefix: &'a str
    ) -> Box<dyn Fn(&[u8]) -> Self + 'a>;
    fn is_on_curve(&self) -> Choice;
    fn a() -> Self::Base;
    fn b() -> Self::Base;
    fn new_jacobian(
        x: Self::Base,
        y: Self::Base,
        z: Self::Base
    ) -> CtOption<Self>;
}
Expand description

This trait is a common interface for dealing with elements of an elliptic curve group in a “projective” form, where that arithmetic is usually more efficient.

Requires the alloc feature flag because of hash_to_curve.

Required Associated Types§

type ScalarExt: WithSmallOrderMulGroup<3>

The scalar field of this elliptic curve.

type Base: WithSmallOrderMulGroup<3>

The base field over which this elliptic curve is constructed.

type AffineExt: CurveAffine<CurveExt = Self, ScalarExt = Self::ScalarExt, Output = Self, Output = Self> + Mul<Self::ScalarExt> + for<'r> Mul<Self::ScalarExt>

The affine version of the curve

Required Associated Constants§

const CURVE_ID: &'static str

CURVE_ID used for hash-to-curve.

Required Methods§

fn endo(&self) -> Self

Apply the curve endomorphism by multiplying the x-coordinate by an element of multiplicative order 3.

fn jacobian_coordinates(&self) -> (Self::Base, Self::Base, Self::Base)

Return the Jacobian coordinates of this point.

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> Self + 'a>

Requests a hasher that accepts messages and returns near-uniformly distributed elements in the group, given domain prefix domain_prefix.

This method is suitable for use as a random oracle.

§Example
use pasta_curves::arithmetic::CurveExt;
fn pedersen_commitment<C: CurveExt>(
    x: C::ScalarExt,
    r: C::ScalarExt,
) -> C::Affine {
    let hasher = C::hash_to_curve("z.cash:example_pedersen_commitment");
    let g = hasher(b"g");
    let h = hasher(b"h");
    (g * x + &(h * r)).to_affine()
}

fn is_on_curve(&self) -> Choice

Returns whether or not this element is on the curve; should always be true unless an “unchecked” API was used.

fn a() -> Self::Base

Returns the curve constant a.

fn b() -> Self::Base

Returns the curve constant b.

fn new_jacobian(x: Self::Base, y: Self::Base, z: Self::Base) -> CtOption<Self>

Obtains a point given Jacobian coordinates $X : Y : Z$, failing if the coordinates are not on the curve.

Object Safety§

This trait is not object safe.

Implementations on Foreign Types§

§

impl CurveExt for Eris

§

type ScalarExt = Fp

§

type Base = Fq

§

type AffineExt = ErisAffine

§

const CURVE_ID: &'static str = "eris"

§

fn endo(&self) -> Eris

§

fn jacobian_coordinates(&self) -> (Fq, Fq, Fq)

§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> Eris + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <Eris as CurveExt>::Base

§

fn a() -> <Eris as CurveExt>::Base

§

fn new_jacobian( x: <Eris as CurveExt>::Base, y: <Eris as CurveExt>::Base, z: <Eris as CurveExt>::Base ) -> CtOption<Eris>

§

impl CurveExt for G1

§

type ScalarExt = Fq

§

type Base = Fp

§

type AffineExt = G1Affine

§

const CURVE_ID: &'static str = "pluto"

§

fn endo(&self) -> G1

§

fn jacobian_coordinates(&self) -> (Fp, Fp, Fp)

§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G1 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <G1 as CurveExt>::Base

§

fn a() -> <G1 as CurveExt>::Base

§

fn new_jacobian( x: <G1 as CurveExt>::Base, y: <G1 as CurveExt>::Base, z: <G1 as CurveExt>::Base ) -> CtOption<G1>

§

impl CurveExt for G1

§

type ScalarExt = Fq

§

type Base = Fr

§

type AffineExt = G1Affine

§

const CURVE_ID: &'static str = "grumpkin_g1"

§

fn endo(&self) -> G1

§

fn jacobian_coordinates(&self) -> (Fr, Fr, Fr)

§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G1 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <G1 as CurveExt>::Base

§

fn a() -> <G1 as CurveExt>::Base

§

fn new_jacobian( x: <G1 as CurveExt>::Base, y: <G1 as CurveExt>::Base, z: <G1 as CurveExt>::Base ) -> CtOption<G1>

§

impl CurveExt for G1

§

type ScalarExt = Fr

§

type Base = Fq

§

type AffineExt = G1Affine

§

const CURVE_ID: &'static str = "bn256_g1"

§

fn endo(&self) -> G1

§

fn jacobian_coordinates(&self) -> (Fq, Fq, Fq)

§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G1 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <G1 as CurveExt>::Base

§

fn a() -> <G1 as CurveExt>::Base

§

fn new_jacobian( x: <G1 as CurveExt>::Base, y: <G1 as CurveExt>::Base, z: <G1 as CurveExt>::Base ) -> CtOption<G1>

§

impl CurveExt for G1

§

type ScalarExt = Fr

§

type Base = Fq

§

type AffineExt = G1Affine

§

const CURVE_ID: &'static str = "bls12381_g1"

§

fn endo(&self) -> G1

§

fn jacobian_coordinates(&self) -> (Fq, Fq, Fq)

§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G1 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <G1 as CurveExt>::Base

§

fn a() -> <G1 as CurveExt>::Base

§

fn new_jacobian( x: <G1 as CurveExt>::Base, y: <G1 as CurveExt>::Base, z: <G1 as CurveExt>::Base ) -> CtOption<G1>

§

impl CurveExt for G2

§

type ScalarExt = Fr

§

type Base = QuadExtField<Fq>

§

type AffineExt = G2Affine

§

const CURVE_ID: &'static str = "bn256_g2"

§

fn endo(&self) -> G2

§

fn jacobian_coordinates( &self ) -> (QuadExtField<Fq>, QuadExtField<Fq>, QuadExtField<Fq>)

§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G2 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <G2 as CurveExt>::Base

§

fn a() -> <G2 as CurveExt>::Base

§

fn new_jacobian( x: <G2 as CurveExt>::Base, y: <G2 as CurveExt>::Base, z: <G2 as CurveExt>::Base ) -> CtOption<G2>

§

impl CurveExt for G2

§

type ScalarExt = Fq

§

type Base = QuadExtField<Fp>

§

type AffineExt = G2Affine

§

const CURVE_ID: &'static str = "triton"

§

fn endo(&self) -> G2

§

fn jacobian_coordinates( &self ) -> (QuadExtField<Fp>, QuadExtField<Fp>, QuadExtField<Fp>)

§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G2 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <G2 as CurveExt>::Base

§

fn a() -> <G2 as CurveExt>::Base

§

fn new_jacobian( x: <G2 as CurveExt>::Base, y: <G2 as CurveExt>::Base, z: <G2 as CurveExt>::Base ) -> CtOption<G2>

§

impl CurveExt for G2

§

type ScalarExt = Fr

§

type Base = QuadExtField<Fq>

§

type AffineExt = G2Affine

§

const CURVE_ID: &'static str = "bls12381_g2"

§

fn endo(&self) -> G2

§

fn jacobian_coordinates( &self ) -> (QuadExtField<Fq>, QuadExtField<Fq>, QuadExtField<Fq>)

§

fn hash_to_curve<'a>(domain_prefix: &'a str) -> Box<dyn Fn(&[u8]) -> G2 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <G2 as CurveExt>::Base

§

fn a() -> <G2 as CurveExt>::Base

§

fn new_jacobian( x: <G2 as CurveExt>::Base, y: <G2 as CurveExt>::Base, z: <G2 as CurveExt>::Base ) -> CtOption<G2>

§

impl CurveExt for Secp256k1

§

type ScalarExt = Fq

§

type Base = Fp

§

type AffineExt = Secp256k1Affine

§

const CURVE_ID: &'static str = "secp256k1"

§

fn endo(&self) -> Secp256k1

§

fn jacobian_coordinates(&self) -> (Fp, Fp, Fp)

§

fn hash_to_curve<'a>( domain_prefix: &'a str ) -> Box<dyn Fn(&[u8]) -> Secp256k1 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <Secp256k1 as CurveExt>::Base

§

fn a() -> <Secp256k1 as CurveExt>::Base

§

fn new_jacobian( x: <Secp256k1 as CurveExt>::Base, y: <Secp256k1 as CurveExt>::Base, z: <Secp256k1 as CurveExt>::Base ) -> CtOption<Secp256k1>

§

impl CurveExt for Secp256r1

§

type ScalarExt = Fq

§

type Base = Fp

§

type AffineExt = Secp256r1Affine

§

const CURVE_ID: &'static str = "secp256r1"

§

fn endo(&self) -> Secp256r1

§

fn jacobian_coordinates(&self) -> (Fp, Fp, Fp)

§

fn hash_to_curve<'a>( domain_prefix: &'a str ) -> Box<dyn Fn(&[u8]) -> Secp256r1 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <Secp256r1 as CurveExt>::Base

§

fn a() -> <Secp256r1 as CurveExt>::Base

§

fn new_jacobian( x: <Secp256r1 as CurveExt>::Base, y: <Secp256r1 as CurveExt>::Base, z: <Secp256r1 as CurveExt>::Base ) -> CtOption<Secp256r1>

§

impl CurveExt for Secq256k1

§

type ScalarExt = Fp

§

type Base = Fq

§

type AffineExt = Secq256k1Affine

§

const CURVE_ID: &'static str = "secq256k1"

§

fn endo(&self) -> Secq256k1

§

fn jacobian_coordinates(&self) -> (Fq, Fq, Fq)

§

fn hash_to_curve<'a>( domain_prefix: &'a str ) -> Box<dyn Fn(&[u8]) -> Secq256k1 + 'a>

§

fn is_on_curve(&self) -> Choice

§

fn b() -> <Secq256k1 as CurveExt>::Base

§

fn a() -> <Secq256k1 as CurveExt>::Base

§

fn new_jacobian( x: <Secq256k1 as CurveExt>::Base, y: <Secq256k1 as CurveExt>::Base, z: <Secq256k1 as CurveExt>::Base ) -> CtOption<Secq256k1>

Implementors§

§

impl CurveExt for Ep

§

type ScalarExt = Fq

§

type Base = Fp

§

type AffineExt = EpAffine

§

const CURVE_ID: &'static str = "pallas"

§

impl CurveExt for Eq

§

type ScalarExt = Fp

§

type Base = Fq

§

type AffineExt = EqAffine

§

const CURVE_ID: &'static str = "vesta"