Skip to main content

Module curve

arcana::ecc

Module curve 

Source
Expand description

Elliptic curve point operations on short Weierstrass curves y^2 = x^3 + ax + b.

Uses Jacobian projective coordinates (X, Y, Z) where the affine point is (X/Z^2, Y/Z^3). The point at infinity is represented by Z = 0.

Scalar multiplication uses a Montgomery ladder for constant-time execution.

Structs§

CurveParams
Parameters for a short Weierstrass curve.
JacobianPoint
A point on a short Weierstrass curve in Jacobian projective coordinates (X, Y, Z).

Functions§

brainpoolp256r1_params
brainpoolP256r1 curve parameters (BSI / RFC 5639 §3.4).
brainpoolp384r1_params
brainpoolP384r1 curve parameters (BSI / RFC 5639 §3.6).
brainpoolp512r1_params
brainpoolP512r1 curve parameters (BSI / RFC 5639 §3.7).
double_scalar_mul
Compute k1G + k2Q (used in ECDSA verify). Not constant-time in the public values (signature verification is public).
hex_to_fe
Decode a hex string into a FieldElement<LIMBS>. The hex is interpreted as big-endian and must contain an even number of hex digits.
hex_to_limbs
Decode a hex string into a [u64; LIMBS] (used for p and n). Big-endian hex; pads with leading zeros if shorter than LIMBS*8 bytes.
is_on_curve
Check whether the affine point (x, y) lies on the short Weierstrass curve y^2 = x^3 + a*x + b defined by params.
p256_params
NIST P-256 / secp256r1 curve parameters (FIPS 186-4 §D.1.2.3).
p384_params
NIST P-384 / secp384r1 curve parameters (FIPS 186-4 §D.1.2.4).
point_add
Jacobian point addition: P + Q. Uses the generic “add-2007-bl” formula (no assumption on Z coordinates).
point_double
Point doubling in Jacobian coordinates for any short Weierstrass curve y^2 = x^3 + ax + b. Uses the generic “dbl-2007-bl” formula by Bernstein-Lange (cost: 2M + 8S + 1a-mul + 10add). Works for arbitrary a, including a=0 (secp256k1) and the random a of Brainpool curves.
scalar_mul_point
Scalar multiplication using the constant-time Montgomery ladder. Computes k * P for a scalar k and a non-infinity point P.
secp256k1_params
secp256k1 curve parameters (SEC 2 v2.0 §2.4.1).
secp521r1_params
secp521r1 / NIST P-521 curve parameters (FIPS 186-4 §D.1.2.5).