Finished implementation of secp256k1

Author: hdvanegasm

src/math/ec/mod.rs

@@ -4,14 +4,31 @@ use super::field::FiniteField;
 
 pub mod secp256k1;
 
+/// Trait that defines an elliptic curve point using certain number of limbs for the scalar and
+/// prime field.
 pub trait EllipticCurve<const LIMBS: usize>: Serialize + for<'a> Deserialize<'a> {
     type ScalarField: FiniteField<LIMBS>;
+
+    /// Field in which the elliptic curve is defined. The points in the elliptic curve will be
+    /// pairs in this field.
     type PrimeField: FiniteField<LIMBS>;
 
+    /// Returns the generator of the curve.
     fn gen() -> Self;
+
+    /// Computes the group addition between two points in the elliptic curve.
     fn add(&self, rhs: &Self) -> Self;
+
+    /// Computes the subtraction between two elements in the elliptic curve.
     fn sub(&self, rhs: &Self) -> Self;
+
+    /// Computes the multiplication by an scalar between an element in the scalar field and an
+    /// point in the elliptic curve.
     fn scalar_mul(&self, rhs: &Self::ScalarField) -> Self;
+
+    /// Returns whether two points in the elliptic curve are equal.
     fn eq(&self, other: &Self) -> bool;
+
+    /// Returns the additive inverse of the point in the elliptic curve.
     fn negate(&self) -> Self;
 }

src/math/ec/secp256k1.rs

@@ -1,4 +1,4 @@
-use std::ops::Mul;
+use std::ops::{Add, Mul};
 
 use crypto_bigint::Uint;
 use serde::{Deserialize, Serialize};
@@ -24,6 +24,23 @@ pub struct Secp256k1(
 #[derive(Serialize, Deserialize, Debug, Clone, Copy)]
 pub struct AffinePoint(Secp256k1PrimeField, Secp256k1PrimeField);
 
+impl AffinePoint {
+    pub fn x(&self) -> &Secp256k1PrimeField {
+        &self.0
+    }
+
+    pub fn y(&self) -> &Secp256k1PrimeField {
+        &self.1
+    }
+
+    pub fn is_valid(&self) -> bool {
+        let b = Secp256k1PrimeField::from(7);
+        let lhs = self.y().mul(self.y());
+        let rhs = self.x().mul(self.x()).mul(self.x()).add(&b);
+        lhs.eq(&rhs)
+    }
+}
+
 impl Secp256k1 {
     /// Point at infinity using affine coordinates.
     pub const POINT_AT_INFINITY: Self = Self(
@@ -52,7 +69,7 @@ impl Secp256k1 {
         if self.z().eq(&Secp256k1PrimeField::ONE) {
             AffinePoint(*self.x(), *self.y())
         } else {
-            // TODO: Check the safety of this unwrap.
+            assert!(!(self.z() == &Secp256k1PrimeField::ZERO));
             let z = self.z().inverse().unwrap();
             AffinePoint(self.x().mul(&z), self.y().mul(&z))
         }
@@ -89,6 +106,7 @@ impl Secp256k1 {
         t1 = *self.x() * self.y();
         x3 = t0 * &t1;
         x3 = x3 + &x3;
+
         Self(x3, y3, z3)
     }
 }
@@ -99,10 +117,10 @@ impl EllipticCurve<4> for Secp256k1 {
 
     fn gen() -> Self {
         Self(
-            Secp256k1PrimeField::new(Uint::from_le_hex(
+            Secp256k1PrimeField::new(Uint::from_be_hex(
                 "79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
             )),
-            Secp256k1PrimeField::new(Uint::from_le_hex(
+            Secp256k1PrimeField::new(Uint::from_be_hex(
                 "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
             )),
             Secp256k1PrimeField::ONE,
@@ -180,7 +198,7 @@ impl EllipticCurve<4> for Secp256k1 {
             let mut result = Self::POINT_AT_INFINITY;
             let naf = scalar.to_naf();
             for i in (0..naf.len()).rev() {
-                result = self.dbl();
+                result = result.dbl();
                 if naf.pos(i) {
                     result = result.add(self);
                 } else if naf.neg(i) {

src/math/field/mersenne61.rs

@@ -40,6 +40,14 @@ impl Ring for Mersenne61 {
         Self::from(value)
     }
 
+    fn random_non_zero<R: RngCore>(generator: &mut R) -> Self {
+        let mut value = generator.next_u64();
+        while value == 0 {
+            value = generator.next_u64();
+        }
+        Self::from(value)
+    }
+
     fn negate(&self) -> Self {
         if !self.eq(&Self::ZERO) {
             Self::from(u64::from(Self::MODULUS.to_limbs()[0]) - self.0)

src/math/field/mod.rs

@@ -12,7 +12,7 @@ pub mod secp256k1_prime;
 
 pub mod secp256k1_scalar;
 
-mod naf;
+pub mod naf;
 
 /// Errors for mathematical operations between field elements.
 #[derive(Error, Debug)]

src/math/field/naf.rs

@@ -1,14 +1,17 @@
-/// Representation of a NAF encoding. The encoding is done in the following way:
+/// Representation of a non-adjacent form (NAF) encoding. The encoding is done in the following way:
 /// - Value 1 is encoded as 1 inside the array,
 /// - Value 0 is encoded as 0 inside the array,
 /// - Value -1 is encoded as 2 inside the array.
+#[derive(Eq, PartialEq, Debug)]
 pub struct NafEncoding(Vec<u8>);
 
 impl NafEncoding {
+    /// Returns the length of the representation.
     pub fn len(&self) -> usize {
         self.0.len()
     }
 
+    /// Creates a new NAF representation using a given maximum number of digits.
     pub fn new(capacity: usize) -> Self {
         Self(vec![0; capacity])
     }

src/math/field/secp256k1_prime.rs

@@ -55,6 +55,14 @@ impl Ring for Secp256k1PrimeField {
         let value = Uint::<4>::random_mod(generator, &Self::MODULUS);
         Self(value)
     }
+
+    fn random_non_zero<R: RngCore>(generator: &mut R) -> Self {
+        let mut value = Uint::<4>::random_mod(generator, &Self::MODULUS);
+        while bool::from(value.is_zero()) {
+            value = Uint::<4>::random_mod(generator, &Self::MODULUS);
+        }
+        Self(value)
+    }
 }
 
 impl Add<&Self> for Secp256k1PrimeField {

src/math/field/secp256k1_scalar.rs

@@ -74,7 +74,7 @@ impl From<u64> for Secp256k1ScalarField {
 }
 
 impl Ring for Secp256k1ScalarField {
-    const BIT_SIZE: usize = Self::LIMBS * u64::BITS as usize;
+    const BIT_SIZE: usize = Self::LIMBS * Limb::BITS as usize;
     const ZERO: Self = Self(Uint::ZERO);
     const ONE: Self = Self(Uint::ONE);
     const LIMBS: usize = 4;
@@ -87,6 +87,14 @@ impl Ring for Secp256k1ScalarField {
         let value = Uint::<4>::random_mod(generator, &Self::MODULUS);
         Self(value)
     }
+
+    fn random_non_zero<R: RngCore>(generator: &mut R) -> Self {
+        let mut value = Uint::<4>::random_mod(generator, &Self::MODULUS);
+        while bool::from(value.is_zero()) {
+            value = Uint::<4>::random_mod(generator, &Self::MODULUS);
+        }
+        Self(value)
+    }
 }
 
 impl Add<&Self> for Secp256k1ScalarField {

src/math/ring.rs

@@ -36,4 +36,6 @@ pub trait Ring:
 
     /// Generates a random finite ring element with a provided pseudo-random generator.
     fn random<R: RngCore>(generator: &mut R) -> Self;
+
+    fn random_non_zero<R: RngCore>(generator: &mut R) -> Self;
 }

tests/mersenne61.rs

@@ -54,7 +54,7 @@ fn subract() {
 fn inverse() {
     const SAMPLES: usize = 100;
     for _ in 0..SAMPLES {
-        let elem = Mersenne61::random(&mut OsRng);
+        let elem = Mersenne61::random_non_zero(&mut OsRng);
         let s = elem.mul(&elem.inverse().unwrap());
         assert_eq!(s, Mersenne61::ONE);
     }

tests/naf.rs

@@ -0,0 +1,26 @@
+use scl_rs::math::{
+    field::{naf::NafEncoding, secp256k1_scalar::Secp256k1ScalarField},
+    ring::Ring,
+};
+
+#[test]
+fn fixed_naf() {
+    let naf = Secp256k1ScalarField::ZERO.to_naf();
+    assert_eq!(NafEncoding::new(Secp256k1ScalarField::BIT_SIZE + 1), naf);
+
+    let naf = Secp256k1ScalarField::from(13).to_naf();
+    let mut true_naf = NafEncoding::new(Secp256k1ScalarField::BIT_SIZE + 1);
+    true_naf.create_pos(0);
+    true_naf.create_pos(4);
+    true_naf.create_neg(2);
+    assert_eq!(naf, true_naf);
+
+    let naf = Secp256k1ScalarField::from(213).to_naf();
+    let mut true_naf = NafEncoding::new(Secp256k1ScalarField::BIT_SIZE + 1);
+    true_naf.create_pos(0);
+    true_naf.create_pos(2);
+    true_naf.create_pos(4);
+    true_naf.create_pos(8);
+    true_naf.create_neg(6);
+    assert_eq!(naf, true_naf);
+}