Module Curve25519.AffineMontgomery

by^2 = x3 + ax^2 + x with b * (a^2 - 4) != 0

exception Not_on_curve of Stdlib.Bytes.t
type t

Represents an element on the curve. In the case of a curve with a cofactor, the element is not necessarily in the prime subgroup.

val size_in_bytes : int

The size of a point representation, in bytes

val check_bytes : Stdlib.Bytes.t -> bool

Check if a point, represented as a byte array, is on the curve *

val of_bytes_opt : Stdlib.Bytes.t -> t option

Attempt to construct a point from a byte array

val of_bytes_exn : Stdlib.Bytes.t -> t

Attempt to construct a point from a byte array. Raise Not_on_curve if the point is not on the curve

val to_bytes : t -> Stdlib.Bytes.t

Return a representation in bytes

val zero : t

Zero of the elliptic curve

val one : t

A fixed generator of the elliptic curve

val is_zero : t -> bool

Return true if the given element is zero

val random : ?state:Stdlib.Random.State.t -> unit -> t

Generate a random element

val add : t -> t -> t

Return the addition of two element

val double : t -> t

Double the element

val negate : t -> t

Return the opposite of the element

val eq : t -> t -> bool

Return true if the two elements are algebraically the same

val mul : t -> Scalar.t -> t

Multiply an element by a scalar

val a : Base.t
val b : Base.t
val cofactor : Z.t
val is_on_curve : x:Base.t -> y:Base.t -> bool

is_on_curve ~x ~y returns true if the coordinates (x, y) represents a point on the curve. It does not check the point is in the prime subgroup.

val is_in_prime_subgroup : x:Base.t -> y:Base.t -> bool

is_in_prime_subgroup ~x ~y returns true if the coordinates (x, y) represents a point in the prime subgroup. The coordinates must be a point on the curve

val get_x_coordinate : t -> Base.t
val get_y_coordinate : t -> Base.t
val to_twisted_curve_parameters : unit -> (Base.t * Base.t * Z.t * (Base.t * Base.t)) option
val to_twisted : t -> (Base.t * Base.t) option
val to_weierstrass_curve_parameters : unit -> (Base.t * Base.t * Z.t * (Base.t * Base.t)) option
val to_weierstrass : t -> (Base.t * Base.t) option
val from_coordinates_opt : x:Base.t -> y:Base.t -> t option

Build a point from the affine coordinates. If the point is not on the curve and in the subgroup, returns None

val from_coordinates_exn : x:Base.t -> y:Base.t -> t

Build a point from the affine coordinates. If the point is not on the curve and in the subgroup, raise Not_on_curve.

val of_compressed_bytes_exn : Stdlib.Bytes.t -> t

Build a point from a compressed representation. It supposes the base field leaves at least a free bit in the last byte to encode the sign. Raise Not_on_curve if the bytes do not represent a point on the curve and in the prime subgroup.

val of_compressed_bytes_opt : Stdlib.Bytes.t -> t option

Same than of_compressed_bytes_exn but returns an option instead of raising an exception

val to_compressed_bytes : t -> Stdlib.Bytes.t

Return the compressed representation of the point