Struct curve25519_dalek::ristretto::RistrettoPoint

source · 
pub struct RistrettoPoint(_);
Expand description

A RistrettoPoint represents a point in the Ristretto group for Curve25519. Ristretto, a variant of Decaf, constructs a prime-order group as a quotient group of a subgroup of (the Edwards form of) Curve25519.

Internally, a RistrettoPoint is implemented as a wrapper type around EdwardsPoint, with custom equality, compression, and decompression routines to account for the quotient. This means that operations on RistrettoPoints are exactly as fast as operations on EdwardsPoints.

Implementations§

Compress this point using the Ristretto encoding.

Double-and-compress a batch of points. The Ristretto encoding is not batchable, since it requires an inverse square root.

However, given input points \( P_1, \ldots, P_n, \) it is possible to compute the encodings of their doubles \( \mathrm{enc}( [2]P_1), \ldots, \mathrm{enc}( [2]P_n ) \) in a batch.

extern crate rand_core;
use rand_core::OsRng;

let mut rng = OsRng;
let points: Vec<RistrettoPoint> =
    (0..32).map(|_| RistrettoPoint::random(&mut rng)).collect();

let compressed = RistrettoPoint::double_and_compress_batch(&points);

for (P, P2_compressed) in points.iter().zip(compressed.iter()) {
    assert_eq!(*P2_compressed, (P + P).compress());
}

Return a RistrettoPoint chosen uniformly at random using a user-provided RNG.

Inputs
  • rng: any RNG which implements the RngCore + CryptoRng interface.
Returns

A random element of the Ristretto group.

Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown. The map is applied twice and the results are added, to ensure a uniform distribution.

Hash a slice of bytes into a RistrettoPoint.

Takes a type parameter D, which is any Digest producing 64 bytes of output.

Convenience wrapper around from_hash.

Implementation

Uses the Ristretto-flavoured Elligator 2 map, so that the discrete log of the output point with respect to any other point should be unknown. The map is applied twice and the results are added, to ensure a uniform distribution.

Example
extern crate sha2;
use sha2::Sha512;

let msg = "To really appreciate architecture, you may even need to commit a murder";
let P = RistrettoPoint::hash_from_bytes::<Sha512>(msg.as_bytes());

Construct a RistrettoPoint from an existing Digest instance.

Use this instead of hash_from_bytes if it is more convenient to stream data into the Digest than to pass a single byte slice.

Construct a RistrettoPoint from 64 bytes of data.

If the input bytes are uniformly distributed, the resulting point will be uniformly distributed over the group, and its discrete log with respect to other points should be unknown.

Implementation

This function splits the input array into two 32-byte halves, takes the low 255 bits of each half mod p, applies the Ristretto-flavored Elligator map to each, and adds the results.

Compute \(aA + bB\) in variable time, where \(B\) is the Ristretto basepoint.

Trait Implementations§

The resulting type after applying the + operator.
Performs the + operation. Read more
The resulting type after applying the + operator.
Performs the + operation. Read more
The resulting type after applying the + operator.
Performs the + operation. Read more
The resulting type after applying the + operator.
Performs the + operation. Read more
Performs the += operation. Read more
Performs the += operation. Read more
Returns a copy of the value. Read more
Performs copy-assignment from source. Read more

Conditionally select between self and other.

Example
use subtle::ConditionallySelectable;
use subtle::Choice;

let A = RistrettoPoint::identity();
let B = constants::RISTRETTO_BASEPOINT_POINT;

let mut P = A;

P = RistrettoPoint::conditional_select(&A, &B, Choice::from(0));
assert_eq!(P, A);
P = RistrettoPoint::conditional_select(&A, &B, Choice::from(1));
assert_eq!(P, B);
Conditionally assign other to self, according to choice. Read more
Conditionally swap self and other if choice == 1; otherwise, reassign both unto themselves. Read more

Test equality between two RistrettoPoints.

Returns
  • Choice(1) if the two RistrettoPoints are equal;
  • Choice(0) otherwise.
Formats the value using the given formatter. Read more
Returns the “default value” for a type. Read more
Returns the identity element of the curve. Can be used as a constructor. Read more

Scalar multiplication: compute self * scalar.

The resulting type after applying the * operator.
The resulting type after applying the * operator.
Performs the * operation. Read more

Scalar multiplication: compute scalar * self.

The resulting type after applying the * operator.
The resulting type after applying the * operator.
Performs the * operation. Read more
The resulting type after applying the * operator.
Performs the * operation. Read more
The resulting type after applying the * operator.
Performs the * operation. Read more
The resulting type after applying the * operator.
Performs the * operation. Read more
The resulting type after applying the * operator.
Performs the * operation. Read more
Performs the *= operation. Read more
Performs the *= operation. Read more
The type of point being multiplied, e.g., RistrettoPoint.
Given an iterator of (possibly secret) scalars and an iterator of public points, compute $$ Q = c_1 P_1 + \cdots + c_n P_n. $$ Read more
The resulting type after applying the - operator.
Performs the unary - operation. Read more
The resulting type after applying the - operator.
Performs the unary - operation. Read more
This method tests for self and other values to be equal, and is used by ==. Read more
This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason. Read more
The resulting type after applying the - operator.
Performs the - operation. Read more
The resulting type after applying the - operator.
Performs the - operation. Read more
The resulting type after applying the - operator.
Performs the - operation. Read more
The resulting type after applying the - operator.
Performs the - operation. Read more
Performs the -= operation. Read more
Performs the -= operation. Read more
Method which takes an iterator and generates Self from the elements by “summing up” the items. Read more
The type of point being multiplied, e.g., RistrettoPoint.
Given an iterator of public scalars and an iterator of Options of points, compute either Some(Q), where $$ Q = c_1 P_1 + \cdots + c_n P_n, $$ if all points were Some(P_i), or else return None. Read more
Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more
Negate self if choice == Choice(1); otherwise, leave it unchanged. Read more

Returns the argument unchanged.

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Return true if this element is the identity element of the curve.
Should always be Self
The resulting type after obtaining ownership.
Creates owned data from borrowed data, usually by cloning. Read more
Uses borrowed data to replace owned data, usually by cloning. Read more
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.