Skip to content

Add weierstrass::FixedBaseScalarMul trait #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tarcieri merged 1 commit into from
Jun 20, 2020
Merged

Add weierstrass::FixedBaseScalarMul trait #49

tarcieri merged 1 commit into from
Jun 20, 2020

Conversation

@tarcieri
Copy link
Member

@tarcieri tarcieri commented Jun 19, 2020

Adds a trait for fixed-base scalar multiplication which accepts &ScalarBytes as input and returns an associated point type, whose bounds allow for a From conversion to either the CompressedCurvePoint or UncompressedCurvePoint for a given curve.

Using this trait, a weierstrass::PublicKey<C>::from_secret_key method is conditionally implemented when the curve C impls the FixedBaseScalarMul trait, allowing generic computation of a public key from a secret key, with optional point compression (selected via a compress argument).

@tarcieri tarcieri requested review from str4d and tuxxy June 19, 2020 17:52
@tarcieri tarcieri marked this pull request as draft June 19, 2020 17:52
@tarcieri
Copy link
Member Author

tarcieri commented Jun 19, 2020
edited
Loading

@str4d @tuxxy pushing this up early for a bit of design review. I implemented FixedBaseScalarMul for k256 so far (but not for p256 yet), which is interesting because it demonstrates not all curves are obliged to implement it which is nice.

TODO: test with test vectors before merging

I added some test vectors for secp256k1, which is both what I'm immediately interested in and also provides a PoC that the trait is working at a conceptual level.

For now I left a TODO in the p256 crate's arithmetic.rs to add some test vectors, however I also feel like it's a bit redundant as it's ultimately testing that scalar mult is working.

@codecov-commenter
Copy link

codecov-commenter commented Jun 19, 2020
edited
Loading

Codecov Report

Merging #49 into master will decrease coverage by 0.74%.
The diff coverage is 62.90%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #49      +/-   ##
==========================================
- Coverage   82.02%   81.27%   -0.75%     
==========================================
  Files          12       12              
  Lines        1296     1346      +50     
==========================================
+ Hits         1063     1094      +31     
- Misses        233      252      +19
Impacted Files Coverage Δ
elliptic-curve-crate/src/weierstrass/public_key.rs 40.54% <0.00%> (-11.19%) ⬇️
k256/src/arithmetic/field.rs 85.54% <ø> (ø)
p256/src/arithmetic/field.rs 82.11% <ø> (ø)
p256/src/arithmetic/scalar.rs 75.00% <0.00%> (-18.75%) ⬇️
p256/src/arithmetic.rs 84.69% <73.33%> (-0.93%) ⬇️
k256/src/arithmetic/scalar.rs 60.60% <75.00%> (+4.60%) ⬆️
k256/src/arithmetic.rs 86.68% <95.65%> (+1.18%) ⬆️
elliptic-curve-crate/src/weierstrass/point.rs 48.14% <0.00%> (+7.40%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7faa68f...46c9a3c. Read the comment docs.

tarcieri
tarcieri commented Jun 19, 2020
View reviewed changes
tarcieri
tarcieri commented Jun 19, 2020
View reviewed changes
tarcieri
tarcieri commented Jun 19, 2020
View reviewed changes
tarcieri
tarcieri commented Jun 19, 2020
View reviewed changes
tarcieri
tarcieri commented Jun 19, 2020
View reviewed changes
@tarcieri tarcieri force-pushed the fixed-base-scalar-mult-trait branch from 9442cf9 to 71e89ca Compare June 19, 2020 18:31
@tarcieri tarcieri changed the title [WIP] FixedBaseScalarMul trait Add weierstrass::FixedBaseScalarMul trait Jun 19, 2020
@tarcieri tarcieri marked this pull request as ready for review June 19, 2020 18:31
@tarcieri tarcieri force-pushed the fixed-base-scalar-mult-trait branch 2 times, most recently from 998f55d to 73cbf5b Compare June 19, 2020 19:23
@tarcieri tarcieri requested a review from newpavlov June 19, 2020 19:23
@tarcieri tarcieri force-pushed the fixed-base-scalar-mult-trait branch from 73cbf5b to 9634ecd Compare June 19, 2020 19:40
@tarcieri
Copy link
Member Author

tarcieri commented Jun 19, 2020

Calling this effectively complete. I'm going to open another PR (which incorporates this one) to add an AffineCoordinates trait and see if I can use that to further DRY out some of the copy-and-pasted code between the k256 and p256 crates.

PTAL @str4d and @tuxxy !

@tarcieri tarcieri mentioned this pull request Jun 19, 2020
Closed
@tarcieri tarcieri force-pushed the fixed-base-scalar-mult-trait branch 2 times, most recently from 5471a48 to 9634ecd Compare June 20, 2020 00:39
@tarcieri
Add weierstrass::FixedBaseScalarMul trait
46c9a3c 
Adds a trait for fixed-base scalar multiplication which accepts
`&ScalarBytes` as input and returns an associated point type, whose
bounds allow for a `From` conversion to either the
`CompressedCurvePoint` or `UncompressedCurvePoint` for a given curve.

Using this trait, a `weierstrass::PublicKey<C>::from_secret_key` method
is conditionally implemented when the curve `C` impls the
`FixedBaseScalarMul` trait, allowing generic computation of a public key
from a secret key, with optional point compression (selected via a
`compress` argument).
@tarcieri tarcieri force-pushed the fixed-base-scalar-mult-trait branch from 9634ecd to 46c9a3c Compare June 20, 2020 16:52
tarcieri
tarcieri commented Jun 20, 2020
View reviewed changes
elliptic-curve-crate/src/weierstrass/public_key.rs
Comment on lines +117 to +130
pub fn from_secret_key(secret_key: &SecretKey<C::ScalarSize>, compress: bool) -> Option<Self> {
let ct_option = C::mul_base(secret_key.secret_scalar());

if ct_option.is_some().into() {
let affine_point = ct_option.unwrap();

if compress {
Some(PublicKey::Compressed(affine_point.into()))
} else {
Some(PublicKey::Uncompressed(affine_point.into()))
}
} else {
None
}
Copy link
Member Author

@tarcieri tarcieri Jun 20, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was able to eliminate the Default bound on AffinePoint by having this return an Option rather than a CtOption as soon as scalar multiplication is complete (i.e. unwrapping the CtOption containing the public key).

Since we're dealing with a public key after scalar multiplication is complete, this seems ok to me.

@tarcieri
Copy link
Member Author

tarcieri commented Jun 20, 2020

Going to go ahead and merge this as I think it's a pretty basic and important feature.

There are some potential alternative designs to explore/consider here, but I think this is a reasonable start.

@tarcieri tarcieri merged commit daa8a7d into master Jun 20, 2020
@tarcieri tarcieri deleted the fixed-base-scalar-mult-trait branch June 20, 2020 17:44
@tarcieri tarcieri mentioned this pull request Jul 14, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tuxxy tuxxy Awaiting requested review from tuxxy

@str4d str4d Awaiting requested review from str4d

@newpavlov newpavlov Awaiting requested review from newpavlov

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tarcieri @codecov-commenter @str4d