Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

elliptic-curve: consolidate AffineCoordinates trait #1237

Merged
merged 1 commit into from
Feb 1, 2023
Merged

elliptic-curve: consolidate AffineCoordinates trait #1237

merged 1 commit into from
Feb 1, 2023

Conversation

tarcieri
Copy link
Member

@tarcieri tarcieri commented Feb 1, 2023

See RustCrypto/elliptic-curves#50 for some historic context.

After being able to get by on AffineXCoordinate for generic ECDH and ECDSA, #1199 added an AffineYIsOdd trait which was needed to enable the generic ECDSA implementation in the ecdsa crate to compute the "recovery ID" for signatures (which is effectively point compression for the R curve point).

This commit consolidates AffineXCoordinate and AffineYIsOdd into an AffineCoordinates trait.

Some observations since prior discussion in
RustCrypto/elliptic-curves#50:

  • Access to coordinates is through bytes, namely FieldBytes. This is so as to avoid exposing a crate's field element type. This approach isn't type safe (base field elements and scalar field elements share the same serialization) but does make ECDSA's weird reduction of a base field element into the scalar field straightforward in generic code.
  • Prior to this attempts were made to extract ECDSA-specific bits into a trait to handle these conversions, but it complicates both writing generic code and optimizing performance. While this still might be worth exploring, so far those explorations have largely failed.
  • Generally there have been a lot of requests for coordinate access specifically for things like point serialization formats. We ended up adding "compaction" support upstream but we have had requests for several other formats (e.g. Elligator Squared) where direct coordinate access would be useful.

This trait can hopefully be replaced by a coordinate access API provided by the group crate in the future. See zkcrypto/group#30

@tarcieri
elliptic-curve: consolidate AffineCoordinates trait
a7332bc 
See RustCrypto/elliptic-curves#50 for some historic context.

After being able to get by on `AffineXCoordinate` for generic ECDH and
ECDSA, #1199 added an `AffineYIsOdd` trait which was needed to enable
the generic ECDSA implementation in the `ecdsa` crate to compute the
"recovery ID" for signatures (which is effectively point compression for
the `R` curve point).

This commit consolidates `AffineXCoordinate` and `AffineYIsOdd` into
an `AffineCoordinates` trait.

Some observations since prior discussion in
RustCrypto/elliptic-curves#50:

- Access to coordinates is through bytes, namely `FieldBytes`. This is
  so as to avoid exposing a crate's field element type. This approach
  isn't type safe (base field elements and scalar field elements share
  the same serialization) but does make ECDSA's weird reduction of a
  base field element into the scalar field straightforward in generic
  code.
- Prior to this attempts were made to extract ECDSA-specific bits into a
  trait to handle these conversions, but it complicates both writing
  generic code and optimizing performance. While this still might be
  worth exploring, so far those explorations have largely failed.
- Generally there have been a lot of requests for coordinate access
  specifically for things like point serialization formats. We ended up
  adding "compaction" support upstream but we have had requests for
  several other formats (e.g. Elligator Squared) where direct coordinate
  access would be useful.

This trait can hopefully be replaced by a coordinate access API provided
by the `group` crate in the future. See zkcrypto/group#30
@tarcieri tarcieri merged commit d69d5b9 into master Feb 1, 2023
@tarcieri tarcieri deleted the elliptic-curve/consolidate-affine-coordinates-trait branch February 1, 2023 03:30
tarcieri added a commit to RustCrypto/signatures that referenced this pull request Feb 1, 2023
@tarcieri
ecdsa: use AffineCoordinates trait
c27687d 
Switches to the newly consolidated `AffineCoordinates` trait.

See RustCrypto/traits#1237
@tarcieri tarcieri mentioned this pull request Feb 1, 2023
Merged
tarcieri added a commit to RustCrypto/signatures that referenced this pull request Feb 1, 2023
@tarcieri
ecdsa: use AffineCoordinates trait (#650)
4e2b0b2 
Switches to the newly consolidated `AffineCoordinates` trait.

See RustCrypto/traits#1237
tarcieri added a commit to RustCrypto/elliptic-curves that referenced this pull request Feb 1, 2023
@tarcieri
Use AffineCoordinates trait
ddd1756 
Switches to the newly consolidated `AffineCoordinates` trait.

See RustCrypto/traits#1237
@tarcieri tarcieri mentioned this pull request Feb 1, 2023
Merged
tarcieri added a commit to RustCrypto/elliptic-curves that referenced this pull request Feb 1, 2023
@tarcieri
Use AffineCoordinates trait (#734)
24bca78 
Switches to the newly consolidated `AffineCoordinates` trait.

See RustCrypto/traits#1237
@tarcieri tarcieri mentioned this pull request Mar 1, 2023
Merged
@tarcieri tarcieri mentioned this pull request May 11, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tarcieri