elliptic-curve: add AffineXCoordinate trait
#817
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Protocols like ECDH and ECDSA rely on x-coordinate access. We've tried various ways of trying to keep affine coordinate access out of the public API, but it complicates generic implementations of these protocols. Most recently RustCrypto/signatures#395 attempted to add a trait which encapsulated ECDSA signing, but a similar (or expaned version of the same) trait is needed for verification. All of these problems go away, and can be expressed with simple trait bounds, if there is some way to access the x-coordinate of an `AffinePoint` as serialized `FieldBytes`. This commit adds such a trait: `AffineXCoordinate`, which is a mandatory bound of `AffineArithmetic::AffinePoint`.
tarcieri
added a commit
to RustCrypto/signatures
that referenced
this pull request
Nov 18, 2021
Leverages the newly added `AffineXCoordinate` trait from RustCrypto/traits#817 to provide a default generic implementation of the ECDSA signature algorithm. Downstream crates can choose to override this implementation if they so desire, allowing them to potentially leverage more efficient arithmetic. This approach does have a disadvantage that it necessarily adds a `ScalarArithmetic<Scalar = Self>` bound on the curve, meaning that `SignPrimitive` can only be impl'd for a particular curve's scalar type, as opposed to the original design goal of allowing it to be impl'd for a hardware ECDSA accelerator that stores a private scalar. Either the default impl needs to be replaced with a blanket impl with more restrictive bounds, or a separate trait needs to be added to support hardware accelerators. The latter may indeed make the most sense.
tarcieri
added a commit
to RustCrypto/signatures
that referenced
this pull request
Nov 18, 2021
Leverages the newly added `AffineXCoordinate` trait from RustCrypto/traits#817 to provide a default generic implementation of the ECDSA signature algorithm. Downstream crates can choose to override this implementation if they so desire, allowing them to potentially leverage more efficient arithmetic. This approach does have a disadvantage that it necessarily adds a `ScalarArithmetic<Scalar = Self>` bound on the curve, meaning that `SignPrimitive` can only be impl'd for a particular curve's scalar type, as opposed to the original design goal of allowing it to be impl'd for a hardware ECDSA accelerator that stores a private scalar. Either the default impl needs to be replaced with a blanket impl with more restrictive bounds, or a separate trait needs to be added to support hardware accelerators. The latter may indeed make the most sense.
Merged
scv35
added a commit
to scv35/Signature-algorithms
that referenced
this pull request
Jul 4, 2025
Leverages the newly added `AffineXCoordinate` trait from RustCrypto/traits#817 to provide a default generic implementation of the ECDSA signature algorithm. Downstream crates can choose to override this implementation if they so desire, allowing them to potentially leverage more efficient arithmetic. This approach does have a disadvantage that it necessarily adds a `ScalarArithmetic<Scalar = Self>` bound on the curve, meaning that `SignPrimitive` can only be impl'd for a particular curve's scalar type, as opposed to the original design goal of allowing it to be impl'd for a hardware ECDSA accelerator that stores a private scalar. Either the default impl needs to be replaced with a blanket impl with more restrictive bounds, or a separate trait needs to be added to support hardware accelerators. The latter may indeed make the most sense.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Protocols like ECDH and ECDSA rely on x-coordinate access.
We've tried various ways of trying to keep affine coordinate access out of the public API, but it complicates generic implementations of these protocols.
Most recently RustCrypto/signatures#395 attempted to add a trait which encapsulated ECDSA signing, but a similar (or expanded version of the same) trait is needed for verification.
All of these problems go away, and can be expressed with simple trait bounds, if there is some way to access the x-coordinate of an
AffinePointas serializedFieldBytes.This commit adds such a trait:
AffineXCoordinate, which is a mandatory bound ofAffineArithmetic::AffinePoint.