Implement CurveArithmetic for Curve448

Author: daxpedda

ed448-goldilocks/src/constants.rs

@@ -18,3 +18,9 @@ pub const EDWARDS_BASEPOINT_ORDER: EdwardsScalar = EdwardsScalar::new(ORDER);
 /// \ell = 2^\{446\} + 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d.
 /// $$
 pub const DECAF_BASEPOINT_ORDER: DecafScalar = DecafScalar::new(ORDER);
+
+/// `BASEPOINT_ORDER` is the order of the Curve448 basepoint, i.e.,
+/// $$
+/// \ell = 2^\{446\} + 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d.
+/// $$
+pub const MONTGOMERY_BASEPOINT_ORDER: MontgomeryScalar = MontgomeryScalar::new(ORDER);

ed448-goldilocks/src/field/element.rs

@@ -2,10 +2,8 @@ use core::fmt::{self, Debug, Display, Formatter, LowerHex, UpperHex};
 use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
 
 use super::ConstMontyType;
-use crate::{
-    AffinePoint, Decaf448, DecafPoint, Ed448, EdwardsPoint,
-    curve::twedwards::extended::ExtendedPoint as TwistedExtendedPoint,
-};
+use crate::curve::twedwards::extended::ExtendedPoint as TwistedExtendedPoint;
+use crate::{AffinePoint, Decaf448, DecafPoint, Ed448, EdwardsPoint, ORDER};
 use elliptic_curve::{
     array::Array,
     bigint::{
@@ -16,7 +14,10 @@ use elliptic_curve::{
     zeroize::DefaultIsZeroes,
 };
 use hash2curve::{FromOkm, MapToCurve};
-use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq};
+use subtle::{
+    Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq, ConstantTimeLess,
+    CtOption,
+};
 
 #[derive(Clone, Copy, Default)]
 pub struct FieldElement(pub(crate) ConstMontyType);
@@ -320,6 +321,12 @@ impl FieldElement {
         Self(ConstMontyType::new(&U448::from_le_slice(bytes)))
     }
 
+    pub fn from_repr(bytes: &[u8; 56]) -> CtOption<Self> {
+        let integer = U448::from_le_slice(bytes);
+        let is_some = integer.ct_lt(&ORDER);
+        CtOption::new(Self(ConstMontyType::from_montgomery(integer)), is_some)
+    }
+
     pub fn double(&self) -> Self {
         Self(self.0.add(&self.0))
     }

ed448-goldilocks/src/lib.rs

@@ -70,7 +70,7 @@ pub use ristretto::{CompressedRistretto, RistrettoPoint};
 pub use sign::*;
 
 use elliptic_curve::{
-    Curve, FieldBytesEncoding, PrimeCurve,
+    Curve, CurveArithmetic, FieldBytes, FieldBytesEncoding, NonZeroScalar, PrimeCurve,
     array::typenum::{U28, U56, U57},
     bigint::{ArrayEncoding, U448},
     point::PointCompression,
@@ -82,14 +82,14 @@ use hash2curve::GroupDigest;
 pub struct Ed448;
 
 /// Bytes of the Ed448 field
-pub type Ed448FieldBytes = elliptic_curve::FieldBytes<Ed448>;
+pub type Ed448FieldBytes = FieldBytes<Ed448>;
 
 /// Scalar bits of the Ed448 scalar
 #[cfg(feature = "bits")]
 pub type Ed448ScalarBits = elliptic_curve::scalar::ScalarBits<Ed448>;
 
 /// Non-zero scalar of the Ed448 scalar
-pub type Ed448NonZeroScalar = elliptic_curve::NonZeroScalar<Ed448>;
+pub type Ed448NonZeroScalar = NonZeroScalar<Ed448>;
 
 impl Curve for Ed448 {
     type FieldBytesSize = U57;
@@ -116,7 +116,7 @@ impl FieldBytesEncoding<Ed448> for U448 {
     }
 }
 
-impl elliptic_curve::CurveArithmetic for Ed448 {
+impl CurveArithmetic for Ed448 {
     type AffinePoint = AffinePoint;
     type ProjectivePoint = EdwardsPoint;
     type Scalar = EdwardsScalar;
@@ -131,14 +131,14 @@ impl GroupDigest for Ed448 {
 pub struct Decaf448;
 
 /// Bytes of the Decaf448 field
-pub type Decaf448FieldBytes = elliptic_curve::FieldBytes<Decaf448>;
+pub type Decaf448FieldBytes = FieldBytes<Decaf448>;
 
 /// Scalar bits of the Decaf448 scalar
 #[cfg(feature = "bits")]
 pub type Decaf448ScalarBits = elliptic_curve::scalar::ScalarBits<Decaf448>;
 
 /// Non-zero scalar of the Decaf448 scalar
-pub type Decaf448NonZeroScalar = elliptic_curve::NonZeroScalar<Decaf448>;
+pub type Decaf448NonZeroScalar = NonZeroScalar<Decaf448>;
 
 impl Curve for Decaf448 {
     type FieldBytesSize = U56;
@@ -165,7 +165,7 @@ impl FieldBytesEncoding<Decaf448> for U448 {
     }
 }
 
-impl elliptic_curve::CurveArithmetic for Decaf448 {
+impl CurveArithmetic for Decaf448 {
     type AffinePoint = DecafAffinePoint;
     type ProjectivePoint = DecafPoint;
     type Scalar = DecafScalar;
@@ -178,3 +178,44 @@ impl GroupDigest for Decaf448 {
 /// Curve448 curve.
 #[derive(Copy, Clone, Debug, Default, Eq, PartialEq, Ord, PartialOrd, Hash)]
 pub struct Curve448;
+
+/// Bytes of the Curve448 field
+pub type Curve448FieldBytes = FieldBytes<Curve448>;
+
+/// Scalar bits of the Curve448 scalar
+#[cfg(feature = "bits")]
+pub type Curve448ScalarBits = elliptic_curve::scalar::ScalarBits<Curve448>;
+
+/// Non-zero scalar of the Curve448 scalar
+pub type Curve448NonZeroScalar = NonZeroScalar<Curve448>;
+
+impl Curve for Curve448 {
+    type FieldBytesSize = U56;
+    type Uint = U448;
+
+    const ORDER: U448 = ORDER;
+}
+
+impl PrimeCurve for Curve448 {}
+
+impl PointCompression for Curve448 {
+    const COMPRESS_POINTS: bool = true;
+}
+
+impl FieldBytesEncoding<Curve448> for U448 {
+    fn decode_field_bytes(field_bytes: &Curve448FieldBytes) -> Self {
+        U448::from_le_slice(field_bytes)
+    }
+
+    fn encode_field_bytes(&self) -> Curve448FieldBytes {
+        let mut data = Curve448FieldBytes::default();
+        data.copy_from_slice(&self.to_le_byte_array()[..]);
+        data
+    }
+}
+
+impl CurveArithmetic for Curve448 {
+    type AffinePoint = MontgomeryPoint;
+    type ProjectivePoint = ProjectiveMontgomeryPoint;
+    type Scalar = MontgomeryScalar;
+}

ed448-goldilocks/src/montgomery/ops.rs

@@ -3,6 +3,7 @@ use crate::field::{ConstMontyType, FieldElement};
 use core::borrow::Borrow;
 use core::iter::Sum;
 use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
+use elliptic_curve::CurveGroup;
 use elliptic_curve::bigint::U448;
 
 use super::{MontgomeryPoint, MontgomeryScalar, ProjectiveMontgomeryPoint};