purify
C++ Purify implementation with native circuit and BPP support
Loading...
Searching...
No Matches
Public Member Functions | Data Fields
purify::EllipticCurve Class Reference

Minimal elliptic-curve arithmetic over the Purify base field. More...

#include <curve.hpp>

Public Member Functions

 EllipticCurve (FieldElement a, FieldElement b, UInt256 n)
 Constructs a curve from its Weierstrass coefficients and subgroup order.
 
const UInt256order () const
 Returns the subgroup order used for scalar multiplication checks.
 
AffinePoint affine (const JacobianPoint &point) const
 Converts a Jacobian point to affine coordinates.
 
JacobianPoint negate (const JacobianPoint &point) const
 Negates a point without changing its projective scale.
 
bool is_x_coord (const FieldElement &x) const
 Returns true if the supplied x-coordinate lifts to a curve point.
 
std::optional< JacobianPointlift_x (const FieldElement &x) const
 Lifts an x-coordinate to a Jacobian point when a square root exists.
 
JacobianPoint double_point (const JacobianPoint &point) const
 Doubles a Jacobian point.
 
JacobianPoint add_mixed (const JacobianPoint &lhs, const AffinePoint &rhs) const
 Adds an affine point to a Jacobian point.
 
JacobianPoint add (const JacobianPoint &lhs, const JacobianPoint &rhs) const
 Adds two Jacobian points.
 
JacobianPoint mul (const JacobianPoint &point, const UInt256 &scalar) const
 Multiplies a point by a scalar using double-and-add.
 
Result< AffinePointmul_secret_affine (const JacobianPoint &point, const UInt256 &scalar) const
 Multiplies a public point by a secret scalar using exception-free complete formulas.
 

Data Fields

FieldElement a_
 
FieldElement b_
 
UInt256 n_
 

Detailed Description

The curve equation is y^2 = x^3 + ax + b.

Definition at line 46 of file curve.hpp.

Constructor & Destructor Documentation

◆ EllipticCurve()

purify::EllipticCurve::EllipticCurve ( FieldElement  a,
FieldElement  b,
UInt256  n 
)

Definition at line 84 of file curve.cpp.

Member Function Documentation

◆ add()

JacobianPoint purify::EllipticCurve::add ( const JacobianPoint lhs,
const JacobianPoint rhs 
) const

Definition at line 135 of file curve.cpp.

References a_, b_, n_, and purify_curve_add().

Referenced by purify::circuit_ec_multiply_x().

◆ add_mixed()

JacobianPoint purify::EllipticCurve::add_mixed ( const JacobianPoint lhs,
const AffinePoint rhs 
) const

Definition at line 126 of file curve.cpp.

References a_, b_, n_, and purify_curve_add_mixed().

◆ affine()

AffinePoint purify::EllipticCurve::affine ( const JacobianPoint point) const

Definition at line 87 of file curve.cpp.

References a_, b_, n_, and purify_curve_affine().

Referenced by purify::circuit_1bit_point(), purify::circuit_2bit_point(), and purify::circuit_3bit_point().

◆ double_point()

JacobianPoint purify::EllipticCurve::double_point ( const JacobianPoint point) const

Definition at line 118 of file curve.cpp.

References a_, b_, n_, and purify_curve_double().

Referenced by purify::circuit_ec_multiply_x().

◆ is_x_coord()

bool purify::EllipticCurve::is_x_coord ( const FieldElement x) const

Definition at line 102 of file curve.cpp.

References a_, b_, n_, and purify_curve_is_x_coord().

◆ lift_x()

std::optional< JacobianPoint > purify::EllipticCurve::lift_x ( const FieldElement x) const

Definition at line 108 of file curve.cpp.

References a_, b_, n_, and purify_curve_lift_x().

◆ mul()

JacobianPoint purify::EllipticCurve::mul ( const JacobianPoint point,
const UInt256 scalar 
) const

Definition at line 144 of file curve.cpp.

References a_, b_, n_, purify_curve_mul(), and scalar.

◆ mul_secret_affine()

Result< AffinePoint > purify::EllipticCurve::mul_secret_affine ( const JacobianPoint point,
const UInt256 scalar 
) const

The point input is treated as public and may be normalized with the variable-time affine helper before entering the constant-time ladder. The ladder itself, point selection, final inversion, and the Purify secret-dependent arithmetic remain constant-time in scalar.

Definition at line 152 of file curve.cpp.

References a_, b_, purify::InternalMismatch, n_, purify_curve_mul_secret_affine(), scalar, and purify::unexpected_error().

Referenced by purify_eval().

◆ negate()

JacobianPoint purify::EllipticCurve::negate ( const JacobianPoint point) const

Definition at line 95 of file curve.cpp.

References purify_curve_negate().

◆ order()

const UInt256 & purify::EllipticCurve::order ( ) const
inline

Definition at line 52 of file curve.hpp.

References n_.

Field Documentation

◆ a_

FieldElement purify::EllipticCurve::a_

Definition at line 89 of file curve.hpp.

Referenced by add(), add_mixed(), affine(), double_point(), purify::hash_to_curve(), is_x_coord(), lift_x(), mul(), and mul_secret_affine().

◆ b_

FieldElement purify::EllipticCurve::b_

Definition at line 90 of file curve.hpp.

Referenced by add(), add_mixed(), affine(), double_point(), purify::hash_to_curve(), is_x_coord(), lift_x(), mul(), and mul_secret_affine().

◆ n_

UInt256 purify::EllipticCurve::n_

Definition at line 91 of file curve.hpp.

Referenced by add(), add_mixed(), affine(), double_point(), purify::hash_to_curve(), is_x_coord(), lift_x(), mul(), mul_secret_affine(), and order().

The documentation for this class was generated from the following files: