pub fn is_on_curve<const LIMBS: usize>(
x: &FieldElement<LIMBS>,
y: &FieldElement<LIMBS>,
params: &CurveParams<LIMBS>,
) -> boolExpand description
Check whether the affine point (x, y) lies on the short Weierstrass curve
y^2 = x^3 + a*x + b defined by params.
Critical for ECDH: any externally-supplied public key must be validated with this function before being multiplied by a secret scalar. Otherwise an “invalid curve attack” can recover bits of the secret key by feeding crafted off-curve points whose order in the broken group is small.
Returns true iff the affine equation holds modulo p.