Group operations over Edwards25519.

Fields

x: Fe,
y: Fe,
z: Fe,
t: Fe,
is_base: bool = false,

Types

Namespaces

Functions

fn add(p: Edwards25519, q: Edwards25519) Edwards25519

Add two Edwards25519 points.

fn clampedMul(p: Edwards25519, s: [32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519

Multiply an Edwards25519 point by a scalar after “clamping” it. Clamping forces…

Multiply an Edwards25519 point by a scalar after “clamping” it. Clamping forces the scalar to be a multiple of the cofactor in order to prevent small subgroups attacks. This is strongly recommended for DH operations. Return error.WeakPublicKey if the resulting point is the identity element.

fn clearCofactor(p: Edwards25519) Edwards25519

Multiply a point by the cofactor

fn dbl(p: Edwards25519) Edwards25519

Double an Edwards25519 point.

fn elligator2(r: Fe) struct {
    x: Fe,
    y: Fe,
    not_square: bool,
}

Elligator2 map - Returns Montgomery affine coordinates

fn fromBytes(s: [encoded_length]u8) EncodingError!Edwards25519

Decode an Edwards25519 point from its compressed (Y+sign) coordinates.

fn fromHash(h: [64]u8) Edwards25519

Map a 64-bit hash into an Edwards25519 point

fn fromString(comptime random_oracle: bool, ctx: []const u8, s: []const u8) Edwards25519

Hash a context ctx and a string s into an Edwards25519 point

Hash a context ctx and a string s into an Edwards25519 point

This function implements the edwards25519_XMD:SHA-512_ELL2_RO_ and edwards25519_XMD:SHA-512_ELL2_NU_ methods from the “Hashing to Elliptic Curves” standard document.

Although not strictly required by the standard, it is recommended to avoid NUL characters in the context in order to be compatible with other implementations.

fn fromUniform(r: [32]u8) Edwards25519

Map a 32 bit uniform bit string into an edwards25519 point

fn mul(p: Edwards25519, s: [32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519

Multiply an Edwards25519 point by a scalar without clamping it. Return error.We…

Multiply an Edwards25519 point by a scalar without clamping it. Return error.WeakPublicKey if the base generates a small-order group, and error.IdentityElement if the result is the identity element.

fn mulDoubleBasePublic(p1: Edwards25519, s1: [32]u8, p2: Edwards25519, s2: [32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519

Double-base multiplication of public parameters - Compute (p1s1)+(p2s2) *IN VA…

Double-base multiplication of public parameters - Compute (p1s1)+(p2s2) IN VARIABLE TIME This can be used for signature verification.

fn mulMulti(comptime count: usize, ps: [count]Edwards25519, ss: [count][32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519

Multiscalar multiplication IN VARIABLE TIME for public data Computes ps0*ss0 …

Multiscalar multiplication IN VARIABLE TIME for public data Computes ps0ss0 + ps1ss1 + ps2*ss2… faster than doing many of these operations individually

fn mulPublic(p: Edwards25519, s: [32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519

Multiply an Edwards25519 point by a PUBLIC scalar IN VARIABLE TIME This can…

Multiply an Edwards25519 point by a PUBLIC scalar IN VARIABLE TIME This can be used for signature verification.

inline fn neg(p: Edwards25519) Edwards25519

Flip the sign of the X coordinate.

fn rejectIdentity(p: Edwards25519) IdentityElementError!void

Reject the neutral element.

fn rejectLowOrder(p: Edwards25519) WeakPublicKeyError!void

Check that the point does not generate a low-order group. Return a `WeakPublicK…

Check that the point does not generate a low-order group. Return a WeakPublicKey error if it does.

fn rejectNonCanonical(s: [32]u8) NonCanonicalError!void

Check that the encoding of a point is canonical.

fn sub(p: Edwards25519, q: Edwards25519) Edwards25519

Subtract two Edwards25519 points.

fn toBytes(p: Edwards25519) [encoded_length]u8

Encode an Edwards25519 point.

Values

basePoint
Edwards25519

The edwards25519 base point.

encoded_length
usize

Length in bytes of a compressed representation of a point.

identityElement
Edwards25519