Struct curve25519_dalek::ristretto::RistrettoPoint

source ·
pub struct RistrettoPoint(/* private fields */);
Expand description

A RistrettoPoint represents a point in the Ristretto group for Curve25519. Ristretto, a variant of Decaf, constructs a prime-order group as a quotient group of a subgroup of (the Edwards form of) Curve25519.

Internally, a RistrettoPoint is implemented as a wrapper type around EdwardsPoint, with custom equality, compression, and decompression routines to account for the quotient. This means that operations on RistrettoPoints are exactly as fast as operations on EdwardsPoints.

Implementations§

source§

impl RistrettoPoint

source

pub fn compress(&self) -> CompressedRistretto

Compress this point using the Ristretto encoding.

source

pub fn double_and_compress_batch<'a, I>(points: I) -> Vec<CompressedRistretto>
where I: IntoIterator<Item = &'a RistrettoPoint>,

Double-and-compress a batch of points. The Ristretto encoding is not batchable, since it requires an inverse square root.

However, given input points \( P_1, \ldots, P_n, \) it is possible to compute the encodings of their doubles \( \mathrm{enc}( [2]P_1), \ldots, \mathrm{enc}( [2]P_n ) \) in a batch.

use rand_core::OsRng;

let mut rng = OsRng;

let points: Vec<RistrettoPoint> =
    (0..32).map(|_| RistrettoPoint::random(&mut rng)).collect();

let compressed = RistrettoPoint::double_and_compress_batch(&points);

for (P, P2_compressed) in points.iter().zip(compressed.iter()) {
    assert_eq!(*P2_compressed, (P + P).compress());
}
source

pub fn hash_from_bytes<D>(input: &[u8]) -> RistrettoPoint
where D: Digest<OutputSize = U64> + Default,

Hash a slice of bytes into a RistrettoPoint.

Takes a type parameter D, which is any Digest producing 64 bytes of output.

Convenience wrapper around from_hash.

§Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown. The map is applied twice and the results are added, to ensure a uniform distribution.

§Example
use sha2::Sha512;

let msg = "To really appreciate architecture, you may even need to commit a murder";
let P = RistrettoPoint::hash_from_bytes::<Sha512>(msg.as_bytes());
source

pub fn from_hash<D>(hash: D) -> RistrettoPoint
where D: Digest<OutputSize = U64> + Default,

Construct a RistrettoPoint from an existing Digest instance.

Use this instead of hash_from_bytes if it is more convenient to stream data into the Digest than to pass a single byte slice.

source

pub fn from_uniform_bytes(bytes: &[u8; 64]) -> RistrettoPoint

Construct a RistrettoPoint from 64 bytes of data.

If the input bytes are uniformly distributed, the resulting point will be uniformly distributed over the group, and its discrete log with respect to other points should be unknown.

§Implementation

This function splits the input array into two 32-byte halves, takes the low 255 bits of each half mod p, applies the Ristretto-flavored Elligator map to each, and adds the results.

source§

impl RistrettoPoint

source

pub fn mul_base(scalar: &Scalar) -> Self

Fixed-base scalar multiplication by the Ristretto base point.

Uses precomputed basepoint tables when the precomputed-tables feature is enabled, trading off increased code size for ~4x better performance.

source§

impl RistrettoPoint

source

pub fn vartime_double_scalar_mul_basepoint( a: &Scalar, A: &RistrettoPoint, b: &Scalar, ) -> RistrettoPoint

Compute \(aA + bB\) in variable time, where \(B\) is the Ristretto basepoint.

Trait Implementations§

source§

impl<'a, 'b> Add<&'b RistrettoPoint> for &'a RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the + operator.
source§

fn add(self, other: &'b RistrettoPoint) -> RistrettoPoint

Performs the + operation. Read more
source§

impl<'b> Add<&'b RistrettoPoint> for RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the + operator.
source§

fn add(self, rhs: &'b RistrettoPoint) -> RistrettoPoint

Performs the + operation. Read more
source§

impl<'a> Add<RistrettoPoint> for &'a RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the + operator.
source§

fn add(self, rhs: RistrettoPoint) -> RistrettoPoint

Performs the + operation. Read more
source§

impl Add for RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the + operator.
source§

fn add(self, rhs: RistrettoPoint) -> RistrettoPoint

Performs the + operation. Read more
source§

impl<'b> AddAssign<&'b RistrettoPoint> for RistrettoPoint

source§

fn add_assign(&mut self, _rhs: &RistrettoPoint)

Performs the += operation. Read more
source§

impl AddAssign for RistrettoPoint

source§

fn add_assign(&mut self, rhs: RistrettoPoint)

Performs the += operation. Read more
source§

impl Clone for RistrettoPoint

source§

fn clone(&self) -> RistrettoPoint

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl ConditionallySelectable for RistrettoPoint

source§

fn conditional_select( a: &RistrettoPoint, b: &RistrettoPoint, choice: Choice, ) -> RistrettoPoint

Conditionally select between self and other.

§Example
use subtle::ConditionallySelectable;
use subtle::Choice;

let A = RistrettoPoint::identity();
let B = constants::RISTRETTO_BASEPOINT_POINT;

let mut P = A;

P = RistrettoPoint::conditional_select(&A, &B, Choice::from(0));
assert_eq!(P, A);
P = RistrettoPoint::conditional_select(&A, &B, Choice::from(1));
assert_eq!(P, B);
source§

fn conditional_assign(&mut self, other: &Self, choice: Choice)

Conditionally assign other to self, according to choice. Read more
source§

fn conditional_swap(a: &mut Self, b: &mut Self, choice: Choice)

Conditionally swap self and other if choice == 1; otherwise, reassign both unto themselves. Read more
source§

impl ConstantTimeEq for RistrettoPoint

source§

fn ct_eq(&self, other: &RistrettoPoint) -> Choice

Test equality between two RistrettoPoints.

§Returns
  • Choice(1) if the two RistrettoPoints are equal;
  • Choice(0) otherwise.
source§

fn ct_ne(&self, other: &Self) -> Choice

Determine if two items are NOT equal. Read more
source§

impl Debug for RistrettoPoint

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl Default for RistrettoPoint

source§

fn default() -> RistrettoPoint

Returns the “default value” for a type. Read more
source§

impl Identity for RistrettoPoint

source§

fn identity() -> RistrettoPoint

Returns the identity element of the curve. Can be used as a constructor.
source§

impl<'a, 'b> Mul<&'b RistrettoPoint> for &'a Scalar

source§

fn mul(self, point: &'b RistrettoPoint) -> RistrettoPoint

Scalar multiplication: compute self * scalar.

source§

type Output = RistrettoPoint

The resulting type after applying the * operator.
source§

impl<'b> Mul<&'b RistrettoPoint> for Scalar

source§

type Output = RistrettoPoint

The resulting type after applying the * operator.
source§

fn mul(self, rhs: &'b RistrettoPoint) -> RistrettoPoint

Performs the * operation. Read more
source§

impl<'a, 'b> Mul<&'b Scalar> for &'a RistrettoPoint

source§

fn mul(self, scalar: &'b Scalar) -> RistrettoPoint

Scalar multiplication: compute scalar * self.

source§

type Output = RistrettoPoint

The resulting type after applying the * operator.
source§

impl<'b> Mul<&'b Scalar> for RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the * operator.
source§

fn mul(self, rhs: &'b Scalar) -> RistrettoPoint

Performs the * operation. Read more
source§

impl<'a> Mul<RistrettoPoint> for &'a Scalar

source§

type Output = RistrettoPoint

The resulting type after applying the * operator.
source§

fn mul(self, rhs: RistrettoPoint) -> RistrettoPoint

Performs the * operation. Read more
source§

impl Mul<RistrettoPoint> for Scalar

source§

type Output = RistrettoPoint

The resulting type after applying the * operator.
source§

fn mul(self, rhs: RistrettoPoint) -> RistrettoPoint

Performs the * operation. Read more
source§

impl<'a> Mul<Scalar> for &'a RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the * operator.
source§

fn mul(self, rhs: Scalar) -> RistrettoPoint

Performs the * operation. Read more
source§

impl Mul<Scalar> for RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the * operator.
source§

fn mul(self, rhs: Scalar) -> RistrettoPoint

Performs the * operation. Read more
source§

impl<'b> MulAssign<&'b Scalar> for RistrettoPoint

source§

fn mul_assign(&mut self, scalar: &'b Scalar)

Performs the *= operation. Read more
source§

impl MulAssign<Scalar> for RistrettoPoint

source§

fn mul_assign(&mut self, rhs: Scalar)

Performs the *= operation. Read more
source§

impl MultiscalarMul for RistrettoPoint

source§

type Point = RistrettoPoint

The type of point being multiplied, e.g., RistrettoPoint.
source§

fn multiscalar_mul<I, J>(scalars: I, points: J) -> RistrettoPoint

Given an iterator of (possibly secret) scalars and an iterator of public points, compute $$ Q = c_1 P_1 + \cdots + c_n P_n. $$ Read more
source§

impl<'a> Neg for &'a RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the - operator.
source§

fn neg(self) -> RistrettoPoint

Performs the unary - operation. Read more
source§

impl Neg for RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the - operator.
source§

fn neg(self) -> RistrettoPoint

Performs the unary - operation. Read more
source§

impl PartialEq for RistrettoPoint

source§

fn eq(&self, other: &RistrettoPoint) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl<'a, 'b> Sub<&'b RistrettoPoint> for &'a RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the - operator.
source§

fn sub(self, other: &'b RistrettoPoint) -> RistrettoPoint

Performs the - operation. Read more
source§

impl<'b> Sub<&'b RistrettoPoint> for RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the - operator.
source§

fn sub(self, rhs: &'b RistrettoPoint) -> RistrettoPoint

Performs the - operation. Read more
source§

impl<'a> Sub<RistrettoPoint> for &'a RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the - operator.
source§

fn sub(self, rhs: RistrettoPoint) -> RistrettoPoint

Performs the - operation. Read more
source§

impl Sub for RistrettoPoint

source§

type Output = RistrettoPoint

The resulting type after applying the - operator.
source§

fn sub(self, rhs: RistrettoPoint) -> RistrettoPoint

Performs the - operation. Read more
source§

impl<'b> SubAssign<&'b RistrettoPoint> for RistrettoPoint

source§

fn sub_assign(&mut self, _rhs: &RistrettoPoint)

Performs the -= operation. Read more
source§

impl SubAssign for RistrettoPoint

source§

fn sub_assign(&mut self, rhs: RistrettoPoint)

Performs the -= operation. Read more
source§

impl<T> Sum<T> for RistrettoPoint

source§

fn sum<I>(iter: I) -> Self
where I: Iterator<Item = T>,

Takes an iterator and generates Self from the elements by “summing up” the items.
source§

impl VartimeMultiscalarMul for RistrettoPoint

source§

type Point = RistrettoPoint

The type of point being multiplied, e.g., RistrettoPoint.
source§

fn optional_multiscalar_mul<I, J>( scalars: I, points: J, ) -> Option<RistrettoPoint>

Given an iterator of public scalars and an iterator of Options of points, compute either Some(Q), where $$ Q = c_1 P_1 + \cdots + c_n P_n, $$ if all points were Some(P_i), or else return None. Read more
source§

fn vartime_multiscalar_mul<I, J>(scalars: I, points: J) -> Self::Point
where I: IntoIterator, I::Item: Borrow<Scalar>, J: IntoIterator, J::Item: Borrow<Self::Point>, Self::Point: Clone,

Given an iterator of public scalars and an iterator of public points, compute $$ Q = c_1 P_1 + \cdots + c_n P_n, $$ using variable-time operations. Read more
source§

impl Zeroize for RistrettoPoint

source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.
source§

impl Copy for RistrettoPoint

source§

impl Eq for RistrettoPoint

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> ConditionallyNegatable for T
where T: ConditionallySelectable, &'a T: for<'a> Neg<Output = T>,

source§

fn conditional_negate(&mut self, choice: Choice)

Negate self if choice == Choice(1); otherwise, leave it unchanged. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IsIdentity for T

source§

fn is_identity(&self) -> bool

Return true if this element is the identity element of the curve.
source§

impl<T> Same for T

source§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.