Implement CurveArithmetic for Curve448

Author: daxpedda

ed448-goldilocks/src/field/element.rs

@@ -3,7 +3,7 @@ use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
 
 use super::ConstMontyType;
 use crate::{
-    AffinePoint, Decaf448, DecafPoint, Ed448, EdwardsPoint, MontgomeryPoint,
+    AffinePoint, Decaf448, DecafPoint, Ed448, EdwardsPoint, MontgomeryPoint, ORDER,
     curve::twedwards::extended::ExtendedPoint as TwistedExtendedPoint,
 };
 use elliptic_curve::{
@@ -16,7 +16,10 @@ use elliptic_curve::{
     zeroize::DefaultIsZeroes,
 };
 use hash2curve::{FromOkm, MapToCurve};
-use subtle::{Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq};
+use subtle::{
+    Choice, ConditionallyNegatable, ConditionallySelectable, ConstantTimeEq, ConstantTimeLess,
+    CtOption,
+};
 
 #[derive(Clone, Copy, Default)]
 pub struct FieldElement(pub(crate) ConstMontyType);
@@ -316,6 +319,12 @@ impl FieldElement {
         Self(ConstMontyType::new(&U448::from_le_slice(bytes)))
     }
 
+    pub fn from_repr(bytes: &[u8; 56]) -> CtOption<Self> {
+        let integer = U448::from_le_slice(bytes);
+        let is_some = integer.ct_lt(&ORDER);
+        CtOption::new(Self(ConstMontyType::from_montgomery(integer)), is_some)
+    }
+
     pub fn double(&self) -> Self {
         Self(self.0.double())
     }

ed448-goldilocks/src/lib.rs

@@ -68,7 +68,7 @@ pub use montgomery::{
 pub use sign::*;
 
 use elliptic_curve::{
-    Curve, FieldBytesEncoding, PrimeCurve,
+    Curve, CurveArithmetic, FieldBytes, FieldBytesEncoding, NonZeroScalar, PrimeCurve,
     array::typenum::{U28, U56, U57},
     bigint::{ArrayEncoding, U448},
     point::PointCompression,
@@ -80,14 +80,14 @@ use hash2curve::GroupDigest;
 pub struct Ed448;
 
 /// Bytes of the Ed448 field
-pub type Ed448FieldBytes = elliptic_curve::FieldBytes<Ed448>;
+pub type Ed448FieldBytes = FieldBytes<Ed448>;
 
 /// Scalar bits of the Ed448 scalar
 #[cfg(feature = "bits")]
 pub type Ed448ScalarBits = elliptic_curve::scalar::ScalarBits<Ed448>;
 
 /// Non-zero scalar of the Ed448 scalar
-pub type Ed448NonZeroScalar = elliptic_curve::NonZeroScalar<Ed448>;
+pub type Ed448NonZeroScalar = NonZeroScalar<Ed448>;
 
 impl Curve for Ed448 {
     type FieldBytesSize = U57;
@@ -114,7 +114,7 @@ impl FieldBytesEncoding<Ed448> for U448 {
     }
 }
 
-impl elliptic_curve::CurveArithmetic for Ed448 {
+impl CurveArithmetic for Ed448 {
     type AffinePoint = AffinePoint;
     type ProjectivePoint = EdwardsPoint;
     type Scalar = EdwardsScalar;
@@ -129,14 +129,14 @@ impl GroupDigest for Ed448 {
 pub struct Decaf448;
 
 /// Bytes of the Decaf448 field
-pub type Decaf448FieldBytes = elliptic_curve::FieldBytes<Decaf448>;
+pub type Decaf448FieldBytes = FieldBytes<Decaf448>;
 
 /// Scalar bits of the Decaf448 scalar
 #[cfg(feature = "bits")]
 pub type Decaf448ScalarBits = elliptic_curve::scalar::ScalarBits<Decaf448>;
 
 /// Non-zero scalar of the Decaf448 scalar
-pub type Decaf448NonZeroScalar = elliptic_curve::NonZeroScalar<Decaf448>;
+pub type Decaf448NonZeroScalar = NonZeroScalar<Decaf448>;
 
 impl Curve for Decaf448 {
     type FieldBytesSize = U56;
@@ -163,7 +163,7 @@ impl FieldBytesEncoding<Decaf448> for U448 {
     }
 }
 
-impl elliptic_curve::CurveArithmetic for Decaf448 {
+impl CurveArithmetic for Decaf448 {
     type AffinePoint = DecafAffinePoint;
     type ProjectivePoint = DecafPoint;
     type Scalar = DecafScalar;
@@ -176,3 +176,44 @@ impl GroupDigest for Decaf448 {
 /// Curve448 curve.
 #[derive(Copy, Clone, Debug, Default, Eq, PartialEq, Ord, PartialOrd, Hash)]
 pub struct Curve448;
+
+/// Bytes of the Curve448 field
+pub type Curve448FieldBytes = FieldBytes<Curve448>;
+
+/// Scalar bits of the Curve448 scalar
+#[cfg(feature = "bits")]
+pub type Curve448ScalarBits = elliptic_curve::scalar::ScalarBits<Curve448>;
+
+/// Non-zero scalar of the Curve448 scalar
+pub type Curve448NonZeroScalar = NonZeroScalar<Curve448>;
+
+impl Curve for Curve448 {
+    type FieldBytesSize = U56;
+    type Uint = U448;
+
+    const ORDER: U448 = ORDER;
+}
+
+impl PrimeCurve for Curve448 {}
+
+impl PointCompression for Curve448 {
+    const COMPRESS_POINTS: bool = true;
+}
+
+impl FieldBytesEncoding<Curve448> for U448 {
+    fn decode_field_bytes(field_bytes: &Curve448FieldBytes) -> Self {
+        U448::from_le_slice(field_bytes)
+    }
+
+    fn encode_field_bytes(&self) -> Curve448FieldBytes {
+        let mut data = Curve448FieldBytes::default();
+        data.copy_from_slice(&self.to_le_byte_array()[..]);
+        data
+    }
+}
+
+impl CurveArithmetic for Curve448 {
+    type AffinePoint = MontgomeryPoint;
+    type ProjectivePoint = ProjectiveMontgomeryPoint;
+    type Scalar = MontgomeryScalar;
+}

ed448-goldilocks/src/montgomery/ops.rs

@@ -3,6 +3,7 @@ use crate::field::{ConstMontyType, FieldElement};
 use core::borrow::Borrow;
 use core::iter::Sum;
 use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
+use elliptic_curve::CurveGroup;
 use elliptic_curve::bigint::U448;
 
 use super::{MontgomeryPoint, MontgomeryScalar, MontgomeryXpoint, ProjectiveMontgomeryPoint};
@@ -141,7 +142,7 @@ impl Mul<&MontgomeryScalar> for &ProjectiveMontgomeryPoint {
 
     #[inline]
     fn mul(self, scalar: &MontgomeryScalar) -> ProjectiveMontgomeryPoint {
-        MontgomeryPoint::from(self) * scalar
+        self.to_affine() * scalar
     }
 }
 
@@ -320,9 +321,6 @@ mod test {
             * MontgomeryScalar::try_from_rng(&mut OsRng).unwrap();
         let p3 = p1 + p2;
 
-        assert_eq!(
-            MontgomeryPoint::from(p3),
-            (MontgomeryPoint::from(p1) + p2).into()
-        );
+        assert_eq!(p3.to_affine(), (p1.to_affine() + p2).into());
     }
 }