arcana::ecc::curve

Struct CurveParams

pub struct CurveParams<const LIMBS: usize> {
    pub p: [u64; LIMBS],
    pub a: FieldElement<LIMBS>,
    pub b: FieldElement<LIMBS>,
    pub gx: FieldElement<LIMBS>,
    pub gy: FieldElement<LIMBS>,
    pub n: [u64; LIMBS],
    pub qlen_bits: usize,
    pub felem_bytes: usize,
}

Expand description

Parameters for a short Weierstrass curve.

Fields§

§p: [u64; LIMBS]

Field prime p.

§a: FieldElement<LIMBS>

Coefficient a (for P-256 and P-384, a = -3 mod p).

§b: FieldElement<LIMBS>

Coefficient b.

§gx: FieldElement<LIMBS>

X coordinate of the generator point G.

§gy: FieldElement<LIMBS>

Y coordinate of the generator point G.

§n: [u64; LIMBS]

Order n.

§qlen_bits: usize

Bit length of n (aka qlen in RFC 6979).

For all curves we currently ship, qlen_bits is a multiple of 8 except for secp521r1 where it is 521 (not a multiple of 8). RFC 6979 is careful to distinguish qlen from rlen = 8*ceil(qlen/8) (aka rlen_bytes = (qlen_bits + 7) / 8), and for P-521 those two values disagree by 7 bits. All RFC 6979 byte-length decisions (int2octets, bits2octets, the HMAC-T accumulation loop) must use rlen_bytes, not LIMBS * 8.

§felem_bytes: usize

SEC1 §2.3.5 field element octet length = ceil(log2(p) / 8).

This is the external width of a field element for all serialization purposes (uncompressed / compressed SEC1 public keys, raw r/s in a signature, ECDH shared-secret output). It is distinct from the internal storage width LIMBS * 8, which is an implementation detail driven by the 64-bit limb alignment.

Curve	LIMBS*8 (internal)	felem_bytes (external)
P-256	32	32
P-384	48	48
secp256k1	32	32
brainpoolP256r1	32	32
brainpoolP384r1	48	48
brainpoolP512r1	64	64
secp521r1 (P-521)	72	66

P-521 is the only curve where the two values disagree (576-bit storage vs 521-bit field → 66 bytes externally). The 6 leading bytes of to_bytes_be() on a P-521 field element are always zero and must be stripped at the serialization boundary; conversely, parsers must left-pad a 66-byte external value into the 72-byte internal buffer before building a FieldElement<9>. The 6 byte-aligned curves treat this as a no-op because felem_bytes == LIMBS * 8.

Auto Trait Implementations§

§

CurveParams

Struct CurveParams Copy item path

Fields§

Auto Trait Implementations§

impl<const LIMBS: usize> Freeze for CurveParams<LIMBS>

impl<const LIMBS: usize> RefUnwindSafe for CurveParams<LIMBS>

impl<const LIMBS: usize> Send for CurveParams<LIMBS>

impl<const LIMBS: usize> Sync for CurveParams<LIMBS>

impl<const LIMBS: usize> Unpin for CurveParams<LIMBS>

impl<const LIMBS: usize> UnsafeUnpin for CurveParams<LIMBS>

impl<const LIMBS: usize> UnwindSafe for CurveParams<LIMBS>

Blanket Implementations§

impl<T> Any for Twhere T: 'static + ?Sized,

fn type_id(&self) -> TypeId

impl<T> Borrow<T> for Twhere T: ?Sized,

fn borrow(&self) -> &T

impl<T> BorrowMut<T> for Twhere T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

impl<T> From<T> for T

fn from(t: T) -> T

impl<T, U> Into<U> for Twhere U: From<T>,

fn into(self) -> U

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

type Error = Infallible

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Struct CurveParams

impl<T> Any for T
where T: 'static + ?Sized,

impl<T> Borrow<T> for T
where T: ?Sized,

impl<T> BorrowMut<T> for T
where T: ?Sized,

impl<T, U> Into<U> for T
where U: From<T>,

impl<T, U> TryFrom<U> for T
where U: Into<T>,

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,