elliptic-curve: NonZeroScalar + Generator (replaces MulBase) #241
Conversation
elliptic-curve/src/scalar.rs
Outdated
| /// Create a [`NonZeroScalar`] from a scalar, performing a constant-time | ||
| /// check that it's non-zero. | ||
| pub fn new(scalar: S) -> CtOption<Self> { | ||
| let is_some = scalar.ct_eq(&S::default()); |
There was a problem hiding this comment.
It's a bit weird using default() and not zero()/is_zero(), but I guess it's the best that can be done at the moment. Should probably be refactored when there's a fully-functional Scalar trait (or a collection of traits) is available.
There was a problem hiding this comment.
Yeah, it's the only extant trait to define this in terms of right now.
However, I wouldn't say it's "weird" per se, at least for usage of Default in Rust: zero is the Default value for all numerical types in the standard library.
There was a problem hiding this comment.
I suppose it's ok for simple types, but this approach may fail if Scalar ever implements lazy reduction arithmetic similar to that in FieldElement (and it will fail for the current AffinePoint/ProjectivePoint), because in that case you could have something that is zero/identity and yet isn't default().
tarcieri
force-pushed
the
elliptic-curve/non-zero-scalar
branch
2 times, most recently
from
fabba1e to
f420e79
Compare
tarcieri
changed the title
|
Pushed up a slightly modified version of this PR, and also added I changed I think I'm going to move forward with this for now as it also solves the problem of generic variable-base scalar mult in addition to fixed-base, which is useful for a high-level generic ECDHE API. That's not to say I consider this to be the final say here, just incremental progress in exposing more functionality. |
Adds a `NonZeroScalar` type generic over curves along with a `Generator` trait which together with the `Mul` trait from `core` can replace the `MulBase` trait. `NonZeroScalar` is able to use the bounds on `Arithmetic::Scalar` and therefore usable anywhere a `Scalar` otherwise would, but with the guarantee that multiplication by an `AffinePoint` will not result in the point at infinity, for which no `AffinePoint` representation is possible given current trait bounds/implementations.
tarcieri
force-pushed
the
elliptic-curve/non-zero-scalar
branch
from
f420e79 to
c1bcc90
Compare
Impls the changes from RustCrypto/traits#241, replacing the `MulBase` trait with a `Mul` impl on `AffinePoint`, which is now one of the required bounds for `Arithmetic`.
Impls the changes from RustCrypto/traits#241, replacing the `MulBase` trait with a `Mul` impl on `AffinePoint`, which is now one of the required bounds for `Arithmetic`.
Simplify test vectors
Adds a
NonZeroScalartype generic over curves along with aGeneratortrait which together with theMultrait fromcorecan replace theMulBasetrait.NonZeroScalaris able to use the bounds onArithmetic::Scalarand therefore usable anywhere aScalarotherwise would, but with the guarantee that multiplication by anAffinePointwill not result in the point at infinity, for which noAffinePointrepresentation is possible given current trait bounds/implementations.cc @fjarri