summaryrefslogtreecommitdiffstats
path: root/vendor/group/src/cofactor.rs
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/group/src/cofactor.rs')
-rw-r--r--vendor/group/src/cofactor.rs100
1 files changed, 100 insertions, 0 deletions
diff --git a/vendor/group/src/cofactor.rs b/vendor/group/src/cofactor.rs
new file mode 100644
index 0000000..84bfe0a
--- /dev/null
+++ b/vendor/group/src/cofactor.rs
@@ -0,0 +1,100 @@
+use core::fmt;
+use core::ops::{Mul, Neg};
+use ff::PrimeField;
+use subtle::{Choice, CtOption};
+
+use crate::{prime::PrimeGroup, Curve, Group, GroupEncoding, GroupOps, GroupOpsOwned};
+
+/// This trait represents an element of a cryptographic group with a large prime-order
+/// subgroup and a comparatively-small cofactor.
+pub trait CofactorGroup:
+ Group
+ + GroupEncoding
+ + GroupOps<<Self as CofactorGroup>::Subgroup>
+ + GroupOpsOwned<<Self as CofactorGroup>::Subgroup>
+{
+ /// The large prime-order subgroup in which cryptographic operations are performed.
+ /// If `Self` implements `PrimeGroup`, then `Self::Subgroup` may be `Self`.
+ type Subgroup: PrimeGroup<Scalar = Self::Scalar> + Into<Self>;
+
+ /// Maps `self` to the prime-order subgroup by multiplying this element by some
+ /// `k`-multiple of the cofactor.
+ ///
+ /// The value `k` does not vary between inputs for a given implementation, but may
+ /// vary between different implementations of `CofactorGroup` because some groups have
+ /// more efficient methods of clearing the cofactor when `k` is allowed to be
+ /// different than `1`.
+ ///
+ /// If `Self` implements [`PrimeGroup`], this returns `self`.
+ fn clear_cofactor(&self) -> Self::Subgroup;
+
+ /// Returns `self` if it is contained in the prime-order subgroup.
+ ///
+ /// If `Self` implements [`PrimeGroup`], this returns `Some(self)`.
+ fn into_subgroup(self) -> CtOption<Self::Subgroup>;
+
+ /// Determines if this element is of small order.
+ ///
+ /// Returns:
+ /// - `true` if `self` is in the torsion subgroup.
+ /// - `false` if `self` is not in the torsion subgroup.
+ fn is_small_order(&self) -> Choice {
+ self.clear_cofactor().is_identity()
+ }
+
+ /// Determines if this element is "torsion free", i.e., is contained in the
+ /// prime-order subgroup.
+ ///
+ /// Returns:
+ /// - `true` if `self` has trivial torsion and is in the prime-order subgroup.
+ /// - `false` if `self` has non-zero torsion component and is not in the prime-order
+ /// subgroup.
+ fn is_torsion_free(&self) -> Choice;
+}
+
+/// Efficient representation of an elliptic curve point guaranteed to be
+/// in the correct prime order subgroup.
+pub trait CofactorCurve:
+ Curve<AffineRepr = <Self as CofactorCurve>::Affine> + CofactorGroup
+{
+ type Affine: CofactorCurveAffine<Curve = Self, Scalar = Self::Scalar>
+ + Mul<Self::Scalar, Output = Self>
+ + for<'r> Mul<&'r Self::Scalar, Output = Self>;
+}
+
+/// Affine representation of an elliptic curve point guaranteed to be
+/// in the correct prime order subgroup.
+pub trait CofactorCurveAffine:
+ GroupEncoding
+ + Copy
+ + Clone
+ + Sized
+ + Send
+ + Sync
+ + fmt::Debug
+ + PartialEq
+ + Eq
+ + 'static
+ + Neg<Output = Self>
+ + Mul<<Self as CofactorCurveAffine>::Scalar, Output = <Self as CofactorCurveAffine>::Curve>
+ + for<'r> Mul<
+ &'r <Self as CofactorCurveAffine>::Scalar,
+ Output = <Self as CofactorCurveAffine>::Curve,
+ >
+{
+ type Scalar: PrimeField;
+ type Curve: CofactorCurve<Affine = Self, Scalar = Self::Scalar>;
+
+ /// Returns the additive identity.
+ fn identity() -> Self;
+
+ /// Returns a fixed generator of unknown exponent.
+ fn generator() -> Self;
+
+ /// Determines if this point represents the point at infinity; the
+ /// additive identity.
+ fn is_identity(&self) -> Choice;
+
+ /// Converts this element to its curve representation.
+ fn to_curve(&self) -> Self::Curve;
+}