Add NonIdentity::mul_by_generator() (RustCrypto#1833)

daxpedda · daxpedda · commit 5028239ed295 · 2025-05-15T15:34:34.000+02:00
This PR adds `NonIdentity::mul_by_generator()`, which is similar to the
`MulByGenerator` trait, but returns a `NonIdentity` instead of a
`ProjectivePoint`. This is quite useful for getting the public key from
a `NonZeroScalar` without having to go through the whole conversion
dance.
diff --git a/elliptic-curve/src/point/non_identity.rs b/elliptic-curve/src/point/non_identity.rs
@@ -2,15 +2,15 @@
 
 use core::ops::{Deref, Mul};
 
-use group::{prime::PrimeCurveAffine, Curve, GroupEncoding};
+use group::{prime::PrimeCurveAffine, Curve, Group, GroupEncoding};
 use rand_core::{CryptoRng, RngCore};
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption};
 
 #[cfg(feature = "serde")]
 use serdect::serde::{de, ser, Deserialize, Serialize};
 use zeroize::Zeroize;
 
-use crate::{CurveArithmetic, NonZeroScalar, Scalar};
+use crate::{ops::MulByGenerator, CurveArithmetic, NonZeroScalar, Scalar};
 
 /// Non-identity point type.
 ///
@@ -73,6 +73,16 @@ where
             point: self.point.to_affine(),
         }
     }
+
+    /// Multiply by the generator of the prime-order subgroup.
+    pub fn mul_by_generator<C: CurveArithmetic>(scalar: &NonZeroScalar<C>) -> Self
+    where
+        P: Group<Scalar = C::Scalar> + MulByGenerator,
+    {
+        Self {
+            point: P::mul_by_generator(scalar),
+        }
+    }
 }
 
 impl<P> NonIdentity<P>
@@ -194,7 +204,7 @@ where
     }
 }
 
-impl<P: group::Group> Zeroize for NonIdentity<P> {
+impl<P: Group> Zeroize for NonIdentity<P> {
     fn zeroize(&mut self) {
         self.point = P::generator();
     }
@@ -203,7 +213,7 @@ impl<P: group::Group> Zeroize for NonIdentity<P> {
 #[cfg(all(test, feature = "dev"))]
 mod tests {
     use super::NonIdentity;
-    use crate::dev::{AffinePoint, ProjectivePoint};
+    use crate::dev::{AffinePoint, NonZeroScalar, ProjectivePoint, SecretKey};
     use group::GroupEncoding;
     use hex_literal::hex;
     use zeroize::Zeroize;
@@ -254,4 +264,18 @@ mod tests {
 
         assert_eq!(point.to_point(), ProjectivePoint::Generator);
     }
+
+    #[test]
+    fn mul_by_generator() {
+        let scalar = NonZeroScalar::from_repr(
+            hex!("c9afa9d845ba75166b5c215767b1d6934e50c3db36e89b127b8a622b120f6721").into(),
+        )
+        .unwrap();
+        let point = NonIdentity::<ProjectivePoint>::mul_by_generator(&scalar);
+
+        let sk = SecretKey::from(scalar);
+        let pk = sk.public_key();
+
+        assert_eq!(point.to_point(), pk.to_projective());
+    }
 }
