1 files changed, 36 insertions, 53 deletions

diff --git a/vendor/elliptic-curve/src/ops.rs b/vendor/elliptic-curve/src/ops.rs
index 580c5aefc..b7e9e3d46 100644
--- a/vendor/elliptic-curve/src/ops.rs
+++ b/vendor/elliptic-curve/src/ops.rs
@@ -1,14 +1,9 @@
 //! Traits for arithmetic operations on elliptic curve field elements.
 
-pub use core::ops::{Add, AddAssign, Mul, Neg, Sub, SubAssign};
+pub use core::ops::{Add, AddAssign, Mul, Neg, Shr, ShrAssign, Sub, SubAssign};
 
-use crypto_bigint::{ArrayEncoding, ByteArray, Integer};
-
-#[cfg(feature = "arithmetic")]
-use {group::Group, subtle::CtOption};
-
-#[cfg(feature = "digest")]
-use digest::FixedOutput;
+use crypto_bigint::Integer;
+use group::Group;
 
 /// Perform an inversion on a field element (i.e. base field element or scalar)
 pub trait Invert {
@@ -17,14 +12,16 @@ pub trait Invert {
 
     /// Invert a field element.
     fn invert(&self) -> Self::Output;
-}
-
-#[cfg(feature = "arithmetic")]
-impl<F: ff::Field> Invert for F {
-    type Output = CtOption<F>;
 
-    fn invert(&self) -> CtOption<F> {
-        ff::Field::invert(self)
+    /// Invert a field element in variable time.
+    ///
+    /// ⚠️ WARNING!
+    ///
+    /// This method should not be used with secret values, as its variable-time
+    /// operation can potentially leak secrets through sidechannels.
+    fn invert_vartime(&self) -> Self::Output {
+        // Fall back on constant-time implementation by default.
+        self.invert()
     }
 }
 
@@ -34,8 +31,6 @@ impl<F: ff::Field> Invert for F {
 /// linear combinations (e.g. Shamir's Trick), or otherwise provides a default
 /// non-optimized implementation.
 // TODO(tarcieri): replace this with a trait from the `group` crate? (see zkcrypto/group#25)
-#[cfg(feature = "arithmetic")]
-#[cfg_attr(docsrs, doc(cfg(feature = "arithmetic")))]
 pub trait LinearCombination: Group {
     /// Calculates `x * k + y * l`.
     fn lincomb(x: &Self, k: &Self::Scalar, y: &Self, l: &Self::Scalar) -> Self {
@@ -43,44 +38,28 @@ pub trait LinearCombination: Group {
     }
 }
 
-/// Modular reduction.
-pub trait Reduce<UInt: Integer + ArrayEncoding>: Sized {
-    /// Perform a modular reduction, returning a field element.
-    fn from_uint_reduced(n: UInt) -> Self;
-
-    /// Interpret the given byte array as a big endian integer and perform
-    /// a modular reduction.
-    fn from_be_bytes_reduced(bytes: ByteArray<UInt>) -> Self {
-        Self::from_uint_reduced(UInt::from_be_byte_array(bytes))
+/// Multiplication by the generator.
+///
+/// May use optimizations (e.g. precomputed tables) when available.
+// TODO(tarcieri): replace this with `Group::mul_by_generator``? (see zkcrypto/group#44)
+pub trait MulByGenerator: Group {
+    /// Multiply by the generator of the prime-order subgroup.
+    #[must_use]
+    fn mul_by_generator(scalar: &Self::Scalar) -> Self {
+        Self::generator() * scalar
     }
+}
 
-    /// Interpret the given byte array as a little endian integer and perform a
-    /// modular reduction.
-    fn from_le_bytes_reduced(bytes: ByteArray<UInt>) -> Self {
-        Self::from_uint_reduced(UInt::from_le_byte_array(bytes))
-    }
+/// Modular reduction.
+pub trait Reduce<Uint: Integer>: Sized {
+    /// Bytes used as input to [`Reduce::reduce_bytes`].
+    type Bytes: AsRef<[u8]>;
 
-    /// Interpret a digest as a big endian integer and perform a modular
-    /// reduction.
-    #[cfg(feature = "digest")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "digest")))]
-    fn from_be_digest_reduced<D>(digest: D) -> Self
-    where
-        D: FixedOutput<OutputSize = UInt::ByteSize>,
-    {
-        Self::from_be_bytes_reduced(digest.finalize_fixed())
-    }
+    /// Perform a modular reduction, returning a field element.
+    fn reduce(n: Uint) -> Self;
 
-    /// Interpret a digest as a little endian integer and perform a modular
-    /// reduction.
-    #[cfg(feature = "digest")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "digest")))]
-    fn from_le_digest_reduced<D>(digest: D) -> Self
-    where
-        D: FixedOutput<OutputSize = UInt::ByteSize>,
-    {
-        Self::from_le_bytes_reduced(digest.finalize_fixed())
-    }
+    /// Interpret the given bytes as an integer and perform a modular reduction.
+    fn reduce_bytes(bytes: &Self::Bytes) -> Self;
 }
 
 /// Modular reduction to a non-zero output.
@@ -90,7 +69,11 @@ pub trait Reduce<UInt: Integer + ArrayEncoding>: Sized {
 ///
 /// End users should use the [`Reduce`] impl on
 /// [`NonZeroScalar`][`crate::NonZeroScalar`] instead.
-pub trait ReduceNonZero<UInt: Integer + ArrayEncoding>: Sized {
+pub trait ReduceNonZero<Uint: Integer>: Reduce<Uint> + Sized {
     /// Perform a modular reduction, returning a field element.
-    fn from_uint_reduced_nonzero(n: UInt) -> Self;
+    fn reduce_nonzero(n: Uint) -> Self;
+
+    /// Interpret the given bytes as an integer and perform a modular reduction
+    /// to a non-zero output.
+    fn reduce_nonzero_bytes(bytes: &Self::Bytes) -> Self;
 }