Elliptic-curves - Collection of pure Rust elliptic curve implementations (e.g. P-256, P-384, secp256k1)

Overview

RustCrypto: Elliptic Curves Rust Version Project Chat dependency status

General purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof.

All curves reside in the separate crates and implemented using traits from the elliptic-curve crate.

Crates in this repo do not require the standard library (i.e. no_std capable) and can be easily used for bare-metal or WebAssembly programming.

Crates

Name Curve arithmetic? Crates.io Documentation Build Status
bp256 brainpoolP256r1/t1 🚫 crates.io Documentation build
bp384 brainpoolP384r1/t1 🚫 crates.io Documentation build
k256 secp256k1 βœ… crates.io Documentation build
p256 NIST P-256 βœ… crates.io Documentation build
p384 NIST P-384 🚫 crates.io Documentation build

NOTE: Some crates contain field/point arithmetic implementations gated under the arithmetic cargo feature as noted above.

Please see our tracking issue for additional elliptic curves if you are interested in curves beyond the ones listed here.

Minimum Supported Rust Version

All crates in this repository support Rust 1.56 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

License

All crates licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Comments
  • New arithmetic for k256

    New arithmetic for k256

    This PR implements "lazy reduction" arithmetic for SECP256k1, based on libsecp256k1.

    (Disclaimer: this is my first non-trivial piece of Rust code. Don't hesitate to point out my mistakes).

    • adds 5x52bit and 10x26bit arithmetic for the internal field (the old Montgomery one is preserved)
    • adds 4x64bit and 8x32bit arithmetic for scalars
    • adds more tests for fields and scalars (using num-bigint as a reference)
    • adds a fixed window point-scalar multiplication

    More advanced multiplication routines (wNAF, endomorphism, batch multiplication) will not be included in this PR β€” it has too much stuff already. Even the windowed multiplication already gives a good performance boost. As compared to the baseline performance, I currently see an almost 3x speedup (300us vs 106us per mul).

    The old Montgomery field can be enabled with field-montgomery, 32-bit fields & scalars on a 64-bit target can be enabled with force-32-bit.

    opened by fjarri 33
  • New releases of elliptic curve crates

    New releases of elliptic curve crates

    I'd like to cut releases of the following crates relatively soon (next few days / week):

    These will be the first releases supporting an integrated ECDSA implementation as well as initial (and rather rudimentary) support for implementing algorithms generically over elliptic curve groups.

    If there's anything else you'd like to get into these releases, let me know, otherwise I plan on doing it soon.

    When I say that, I'm also looking for small items rather than more significant changes. There's plenty of bigger issues to address (e.g. eliminating fallible APIs via eliminating the invalid representations that cause them in PublicKey/SecretKey) but I'd rather not make any bigger items release blockers at this point and we can continue making large and breaking changes in the next release.

    cc @str4d @tuxxy @fjarri @nickray

    opened by tarcieri 29
  • Optimized linear combination of points

    Optimized linear combination of points

    The goal of this PR is to optimize a commonly used operation (x * k + y * l) where x and y are curve points, and k and l are scalars. It is currently used in verify.rs and recoverable.rs.

    On my machine it speeds up ECDSA verification from 176us to 145us (and the newly added benchmark shows speed-up from 157us to 124us for linear combination alone).

    Currently there PR contains a lincomb_generic() that takes arrays, and it has two aliases: mul() (internal, used in operator traits) and lincomb() (public, for two-point linear combinations).

    opened by fjarri 22
  • k256: Add non-biased/non-zero constructors to Scalar

    k256: Add non-biased/non-zero constructors to Scalar

    This is a "spitballing" PR, intended primarily for illustration of required API and discussion.

    There are two things I'm missing from the current Scalar API:

    • an ability to generate random NonZeroScalars (without unwrapping)
    • an ability to generate a Scalar/NonZeroScalar from a digest safely according to hash-to-curve standard

    The latter needs the scalar to be reduced from L = ceil((ceil(log2(p)) + k) / 8) bytes (Section 5.3), where p is the order, and k is the security parameter. For k = 256 this gives 64 bytes, for k = 128 it's 48 bytes. I went with 64 for simplicity.

    The public methods added to Scalar:

    • pub fn random_nonzero(rng: impl RngCore) -> NonZeroScalar
    • pub fn from_digest_safe<D>(digest: D) -> Self where D: Digest<OutputSize = U64>
    • pub fn from_digest_safe_nonzero<D>(digest: D) -> NonZeroScalar where D: Digest<OutputSize = U64>

    Now for the problems:

    • random() is a part of the Field trait. If NonZeroScalar implemented Field, the code from random_nonzero() could go there.
    • FromDigest requires OutputSize = FieldSize, so it can't be changed to 64 bytes output. The ways to deal with it include:
      • adding a SafeExpansionSize (or whatever) type and locking FromDigest to it
      • adding a FromDigestSafe trait
    • from_digest_safe_nonzero() can be an impl of FromDigest for NonZeroScalar (but again there's the size problem)
    • The added internal function Scalar::from_wide_bytes_reduced() assumes that WideScalar::reduce() can reduce any 512 bit, and not just anything below order^2. I'm 99.9% certain that's true, but I can't present a formal proof right now. I did test it for 0xfff...fff, and it works.
    • WideScalar::reduce_nonzero() assumes that reduce() works just as well for the modulus decreased by one. See the comment above about being 99.9% sure.
    • WideScalar::reduce_nonzero() contains an unwrap(). Ideally I'd prefer to have something like NonZeroScalar::from_bytes_unchecked() to avoid it.
    k256 
    opened by fjarri 17
  • p384: arithmetic + ECDSA support

    p384: arithmetic + ECDSA support

    Hi,

    Is there a way to compute and verify p384 signatures yet?

    p384 has an ecdsa feature, but I couldn't get anything done with it. ProjectiveArithmetic is not implemented for NistP384. The arithmetic feature of the elliptic_curve crate isn't set, so I wasn't even able to manually compute a public key.

    Is it possible to use it in a similar way as p256 and k256? Or to use it for ECDSA at all? Or is it still a work in progress?

    Thanks for your help :)

    p384 
    opened by jedisct1 14
  • ecdsa::hazmat::DigestPrimitive is not implemented for Secp256k1

    ecdsa::hazmat::DigestPrimitive is not implemented for Secp256k1

    Hi,

    Since version 0.5, Secp256k1 signatures cannot be created nor verified due to DigestPrimitive not being implemented.

    The example code from the documentation fails:

       | let signature: Signature = signing_key.sign(message);
       |                                        ^^^^ the trait `ecdsa::hazmat::DigestPrimitive` is not implemented for `Secp256k1`
       |
       = note: required because of the requirements on the impl of `PrehashSignature` for `ecdsa::Signature<Secp256k1>`
       = note: required because of the requirements on the impl of `Signer<ecdsa::Signature<Secp256k1>>` for `SigningKey`
    
    opened by jedisct1 14
  • Generic curve arithmetic

    Generic curve arithmetic

    One of the goals of the elliptic-curve crate is to be able to write code that's generic over (at least Weierstrass) elliptic curve types.

    Now that the p256 and k256 crates have arithmetic implementations (thanks @str4d and @tuxxy!), an open question is how to write code that's generic over the underlying AffinePoint and/or ProjectivePoint types.

    It seems like AffinePoint and ProjectivePoint could benefit from having traits which at the very least are bounded by the point arithmetic they must support.

    It also seems like there needs to be some trait connecting the two of them which can be used to access the From impls and arithmetic (e.g. Add) between the two different point types.

    Finally, it seems like there needs to be a trait a weierstrass::Curve type can impl which provides that curve's AffinePoint and ProjectivePoint types as associated types.

    Curious if people think this is a good idea and what those traits might look like.

    cc @tuxxy

    opened by tarcieri 14
  • Arithmetic feature requires atomics

    Arithmetic feature requires atomics

    Currently using the arithmetic feature requires atomics. Compilling on a platform without atomics (such as RV32IMC) results in this error:

    error[E0432]: unresolved imports `core::sync::atomic::AtomicBool`, `core::sync::atomic::AtomicI16`, `core::sync::atomic::AtomicI32`, `core::sync::atomic::AtomicI8`, `core::sync::atomic::AtomicIsize`, `core::sync::atomic::AtomicPtr`, `core::sync::atomic::AtomicU16`, `core::sync::atomic::AtomicU32`, `core::sync::atomic::AtomicU8`, `core::sync::atomic::AtomicUsize`
      --> /home/alistair/.cargo/registry/src/github.com-1ecc6299db9ec823/radium-0.3.0/src/lib.rs:29:11
       |
    29 |     self, AtomicBool, AtomicI16, AtomicI32, AtomicI8, AtomicIsize, AtomicPtr, AtomicU16, AtomicU32,
       |           ^^^^^^^^^^  ^^^^^^^^^  ^^^^^^^^^  ^^^^^^^^  ^^^^^^^^^^^  ^^^^^^^^^  ^^^^^^^^^  ^^^^^^^^^ no `AtomicU32` in `sync::atomic`
       |           |           |          |          |         |            |          |
       |           |           |          |          |         |            |          no `AtomicU16` in `sync::atomic`
       |           |           |          |          |         |            no `AtomicPtr` in `sync::atomic`
       |           |           |          |          |         no `AtomicIsize` in `sync::atomic`
       |           |           |          |          no `AtomicI8` in `sync::atomic`
       |           |           |          no `AtomicI32` in `sync::atomic`
       |           |           no `AtomicI16` in `sync::atomic`
       |           no `AtomicBool` in `sync::atomic`
    30 |     AtomicU8, AtomicUsize, Ordering,
       |     ^^^^^^^^  ^^^^^^^^^^^ no `AtomicUsize` in `sync::atomic`
       |     |
       |     no `AtomicU8` in `sync::atomic`
    
    error: aborting due to previous error
    
    For more information about this error, try `rustc --explain E0432`.
    error: could not compile `radium`.
    
    To learn more, run the command again with --verbose.
    make: *** [Makefile:141: flash-opentitan] Error 101
    

    cargo tree reports that Radium comes from:

    β”œβ”€β”€ ecdsa v0.8.0
    β”‚   β”œβ”€β”€ elliptic-curve v0.6.0
    β”‚   β”‚   β”œβ”€β”€ bitvec v0.18.3
    β”‚   β”‚   β”‚   β”œβ”€β”€ funty v1.0.1
    β”‚   β”‚   β”‚   β”œβ”€β”€ radium v0.3.0
    β”‚   β”‚   β”‚   └── wyz v0.2.0
    

    I have opened an issue for Radium: https://github.com/mystor/radium/issues/3 but it would also be great if these libraries could stop depending on it.

    opened by alistair23 13
  • k256 Point deserialization+serialization round trips incorrectly

    k256 Point deserialization+serialization round trips incorrectly

    TBH I'm not sure if this is a bug in k256 or a Rust miscompilation bug.

    We've found that in certain cases k256 compressed point serialization and deserialization do not round trip correctly. In particular the sign of y will for certain rare points, be flipped.

    This is using k256 0.10.2, rustc 1.58.1

    use k256::elliptic_curve::group::GroupEncoding;
    use k256::elliptic_curve::sec1::FromEncodedPoint;
    
    pub fn deserialize(bytes: &[u8]) -> Option<k256::ProjectivePoint> {
        match k256::EncodedPoint::from_bytes(bytes) {
            Ok(ept) => {
                let apt = k256::AffinePoint::from_encoded_point(&ept);
    
                if bool::from(apt.is_some()) {
                    Some(k256::ProjectivePoint::from(apt.unwrap()))
                } else {
                    None
                }
            }
            Err(_) => None,
        }
    }
    
    pub fn serialize(pt: k256::ProjectivePoint) -> Vec<u8> {
        pt.to_affine().to_bytes().to_vec()
    }
    
    fn main() {
        let bits =
            hex::decode("024b395881d9965c4621459ad2ec12716fa7f669b6108ad3b8b82b91644fb44808").unwrap();
    
        let pt = deserialize(&bits).unwrap();
    
        let pt_bytes = serialize(pt);
    
        assert_eq!(bits, pt_bytes);
    }
    

    In release mode (only), this fails:

    $ cargo run --release
       Compiling k256-bug v0.1.0 (/home/jack/sw/k256-bug)
        Finished release [optimized] target(s) in 0.58s
         Running `target/release/k256-bug`
    thread 'main' panicked at 'assertion failed: `(left == right)`
      left: `[2, 75, 57, 88, 129, 217, 150, 92, 70, 33, 69, 154, 210, 236, 18, 113, 111, 167, 246, 105, 182, 16, 138, 211, 184, 184, 43, 145, 100, 79, 180, 72, 8]`,
     right: `[3, 75, 57, 88, 129, 217, 150, 92, 70, 33, 69, 154, 210, 236, 18, 113, 111, 167, 246, 105, 182, 16, 138, 211, 184, 184, 43, 145, 100, 79, 180, 72, 8]`', src/main.rs:31:5
    

    So far we have not been able to reproduce this in either debug mode or with coverage guided fuzzing enabled.

    opened by randombit 12
  • Some serializers fail to serialize/deserialize `VerifyingKey`s & `Signature`s correctly (k256)

    Some serializers fail to serialize/deserialize `VerifyingKey`s & `Signature`s correctly (k256)

    It seems that some Serde serializers have issues when serializing VerifyingKeys and Signatures. They all serialize fine, but Serde returns an error for certain serializers when deserializing back to the original type.

    I've tested it with three serializers, and it seems to be a bit of a hit or miss if it works. It's a bit verbose, but I've included tests that reproduce the issue. I would normally just include a Rust Playground link, but they don't support k256.

    #[cfg(test)]
    mod test {
        use k256::ecdsa::{Signature, SigningKey, signature::Signer};
        use rand::rngs::OsRng;
        use serde::{Deserialize, Serialize};
        use std::fmt::Debug;
    
        fn ser_deser_test<'a, D, S, T, U>(ser: S, deser: D, val: T)
        where
            D: Fn(&U) -> Result<T, String>,
            S: Fn(&T) -> Result<U, String>,
            T: Debug + Deserialize<'a> + PartialEq + Serialize,
        {
            let ser = ser(&val).unwrap();
            let deser = deser(&ser).expect("Deserialization failure");
    
            assert_eq!(val, deser);
        }
    
        fn create_fake_sig() -> Signature {
            let k = SigningKey::random(&mut OsRng);
            let msg: Vec<_> = (0..100).collect();
    
            k.sign(&msg)
        }
    
        #[test]
        fn json_signing_key() {
            ser_deser_test(
                |val| serde_json::to_string(val).map_err(|err| err.to_string()),
                |str| serde_json::from_str(str).map_err(|err| err.to_string()),
                SigningKey::random(&mut OsRng).verifying_key(),
            );
        }
    
        #[test]
        fn json_signature() {
            ser_deser_test(
                |val| serde_json::to_string(val).map_err(|err| err.to_string()),
                |str| serde_json::from_str(str).map_err(|err| err.to_string()),
                create_fake_sig(),
            );
        }
    
        #[test]
        fn toml_signing_key() {
            ser_deser_test(
                |val| toml::to_string(val).map_err(|err| err.to_string()),
                |str| toml::from_str(str).map_err(|err| err.to_string()),
                SigningKey::random(&mut OsRng).verifying_key(),
            );
        }
    
        #[test]
        fn toml_signature() {
            ser_deser_test(
                |val| toml::to_string(val).map_err(|err| err.to_string()),
                |str| toml::from_str(str).map_err(|err| err.to_string()),
                create_fake_sig(),
            );
        }
    
        #[test]
        fn bincode_signing_key() {
            ser_deser_test(
                |val| bincode::serialize(val).map_err(|err| err.to_string()),
                |bytes| bincode::deserialize(bytes).map_err(|err| err.to_string()),
                SigningKey::random(&mut OsRng).verifying_key(),
            );
        }
    
        #[test]
        fn bincode_signature() {
            ser_deser_test(
                |val| bincode::serialize(val).map_err(|err| err.to_string()),
                |bytes| bincode::deserialize(bytes).map_err(|err| err.to_string()),
                create_fake_sig(),
            );
        }
    }
    

    Dependencies:

    [dependencies]
    k256 = {version = "0.10.4", features = ["serde", "pem"] }
    bincode = "1.3.3"
    serde_json = "1.0.59"
    rand = {version = "0.8.5", features = ["getrandom"] }
    toml = "0.5.8"
    serde = "1.0"
    serde_yaml = "0.8"
    

    With results:

    test test::bincode_signing_key ... ok
    test test::json_signature ... ok
    test test::bincode_signature ... ok
    test test::json_signing_key ... FAILED ("panicked at 'Deserialization failure: invalid type: sequence, expected a borrowed byte array at line 1 column 1")
    test test::toml_signing_key ... FAILED ("panicked at 'Deserialization failure: "expected a right bracket, found a comma at line 1 column 4")
    test test::toml_signature ... FAILED ("panicked at 'Deserialization failure: "expected an equals, found eof at line 1 column 131")
    

    I'm not very experienced with cryptography, so let me know if I'm doing something that I shouldn't be. :slightly_smiling_face:

    opened by BGluth 10
  • p384: v0.11 release tracking issue

    p384: v0.11 release tracking issue

    This is a tracking ticket for work items it would be nice to have before cutting a final v0.11 release which includes an initial arithmetic implementation.

    NOTE: not all of these need to be completed prior to a release and they can be added after-the-fact.

    • [x] #573
    • [x] Test vectors
      • [x] #567
      • [x] #570
      • [x] #569
      • [x] #574

    cc @brycx @jedisct1

    opened by tarcieri 9
  • Scalar multiplication by the generator

    Scalar multiplication by the generator

    This PR introduces a way to multiply a scalar by the generator by keeping precomputed lookup tables. Speeds up signing by about 6% according to benchmarks; I was hoping for more, but it does only get rid of 7 point additions (creation of the lookup table), so, I guess, it was expected. Up to you if you think that the measly speed-up justifies the increase in complexity.

    Currently it is exposed just as a mul_by_generator() function; ideally we should probably add a MulByGenerator trait in elliptic-curve alongside LinearCombination and expose the functionality through that. I can do that if we decide to proceed with it.

    opened by fjarri 4
  • iter::Product and iter::Sum for Scalar

    iter::Product and iter::Sum for Scalar

    I assume these are missing since nobody needed them so far, or is there a concern?

    Doing a bunch of iterator.fold(Scalar::ZERO, |acc, summand| acc + summand) where I'd like to just write iterator.sum().

    Would also be nice to have Sum for AffinePoint.

    opened by nickray 2
  • p256: Add implementation of Elligator Squared.

    p256: Add implementation of Elligator Squared.

    This is in big need of more scrutiny, documenting, and refactoring, but I wanted to push early and allow for input.

    Elligator Squared is obviously not a standard anything, nor is the simplified Shallue-van de Woestijne-Ulas encoding, so I’m pretty open to this being a bad fit for inclusion in this crate. This is well into β€œscience project” territory and really not something I’d responsibly recommend to anyone.

    Buuut it’s neat and I’ve got a hobby project which might could use it and it seems like a decent focal point for conversations about what an EC API looks like which would allow me to ~commit these sorts of crimes~ implement this sort of functionality without having to maintain my own fork. At a minimum, that’d probably be access to FieldElement, curve constants, and point construction.

    Ostensibly this could also be implemented for k256, but it’d need a similar degree of specialization.

    Absolutely no hurry on this, BTW.

    opened by codahale 4
  • k256: type safety for non-normalized field elements

    k256: type safety for non-normalized field elements

    The k256 crate uses lazy normalization of field elements. While not a user-facing concern as we deliberately encapsulate FieldElement, there is a potential for bugs in code in k256 itself in the event one "forgets" to normalize a field element prior to returning it as the result of some computation. See #530 as an example (although there have been others).

    One potential way to eliminate this class of bugs is to use separate types for normalized vs non-normalized field elements. For example, we could introduce something like LazyFieldElement on which all of the arithmetic operations are defined, while retaining FieldElement for the normalized form and defining all serialization operations on that.

    LazyFieldElement::normalize could return FieldElement, and we could additionally have bidirectional From conversions between the two.

    Things would be a bit tricky in regard to the the ff::Field traits. I imagine for compatibility reasons they would need to be impl'd on FieldElement, converting to a LazyFieldElement to perform the arithmetic, and then calling normalize() to get a FieldElement again as a result, which would mean that the performance benefits of lazy normalization wouldn't be available under such an API. However, that is the only safe usage pattern since the traits are designed to abstract over different fields/field implementations, and not all of them have lazy normalization.

    cc @fjarri

    opened by tarcieri 1
  • curve25519: ed25519, x25519 and ristretto255

    curve25519: ed25519, x25519 and ristretto255

    While working on voprf and opaque-ke I noticed that a lot of implementations and traits could be removed if curve25519-dalek would support necessary traits from elliptic-curves, like Curve and ProjectiveArithmetic. Using some of these already uncovered serious bugs and other issues.

    It might be possible to implement some of it through PR's or wrappers for ed25519 and x25519, but it will be much harder for ristretto255. Among other problems in the library, the dependency maintenance story isn't ideal, as seen by the many PR's to update rand.

    Specifically, voprf is interested in support for ristretto255 arithmetic, including hash2curve. For opaque-ke x25519 and ristretto255 support for DH is a requirement.

    I am myself no cryptographer and sadly can only contribute, but not actually implement something like it.

    opened by daxpedda 8
Owner
Rust Crypto
Cryptographic algorithms written in pure Rust
Rust Crypto
Private key finder based on the (Bitcoin) secp256k1 elliptic curve.

keyripper keyripper is a powerful tool developed in Rust to assist in the recovery of Bitcoin private keys by leveraging the Baby-Step Giant-Step (BSG

Denzy 12 Sep 27, 2024
X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.

x25519-dalek A pure-Rust implementation of x25519 elliptic curve Diffie-Hellman key exchange, with curve operations provided by curve25519-dalek. This

dalek cryptography 252 Dec 26, 2022
Bulletproofs and Bulletproofs+ Rust implementation for Aggregated Range Proofs over multiple elliptic curves

Bulletproofs This library implements Bulletproofs+ and Bulletproofs aggregated range proofs with multi-exponent verification. The library supports mul

[ZenGo X] 62 Dec 13, 2022
Rust implementation of multi-party Schnorr signatures over elliptic curves.

Multi Party Schnorr Signatures This library contains several Rust implementations of multi-signature Schnorr schemes. Generally speaking, these scheme

[ZenGo X] 148 Dec 15, 2022
L2 validity rollup combined with blind signatures over elliptic curves inside zkSNARK, to provide offchain anonymous voting with onchain binding execution on Ethereum

blind-ovote Blind-OVOTE is a L2 voting solution which combines the validity rollup ideas with blind signatures over elliptic curves inside zkSNARK, to

Aragon ZK Research 3 Nov 18, 2022
Flexible secp256k1 curve math library.

secp A flexible and secure secp256k1 elliptic curve math library, with constant-time support, and superb ergonomics. secp takes full advantage of Rust

null 7 Nov 1, 2023
Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm).

Multi-party ECDSA This project is a Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm). Threshold ECDSA include

[ZenGo X] 706 Jan 5, 2023
Implementation of the BLS12-381 pairing-friendly elliptic curve group

bls12_381 This crate provides an implementation of the BLS12-381 pairing-friendly elliptic curve construction. This implementation has not been review

Zero-knowledge Cryptography in Rust 183 Dec 27, 2022
Elliptic curve cryptography on Soroban.

Elliptic Curve Cryptography on Soroban Contract examples and reusable primitives. Groth 16 verifier. This crate provides a SorobanGroth16Verifier obje

Xycloo Labs 5 Feb 10, 2023
A blazingly fast, ShareX uploader coded in Rust (using actix web) which utilizes AES-256-GCM-SIV to securely store uploaded content.

Magnesium Oxide ❔ What is this? Magnesium-Oxide (MGO) is a secure file uploader with support for ShareX. ?? Features ?? Blazingly fast uploads and enc

Nitrogen Development 26 Nov 25, 2022
A simple and secure rust command-line tool to protect your text by encrypting and decrypting it using the robust AES-256 algorithm.

Secret Keeper A simple and secure command-line tool to protect your text by encrypting and decrypting it using the robust AES-256 algorithm. Built wit

Kunal Bagaria 9 May 11, 2023
NIST P-256 signatures for Cortex-M4 microcontrollers

nisty NIST P256 signatures for Cortex-M4 microcontrollers What is this? Sometimes NIST P256 signatures need to be used. This is an attempt to create a

null 13 Mar 14, 2021
Basis Spline Fun(ctions) and NURBS Curves / Surfaces

bsfun Basis Spline Fun(ctions) This is a super simple Rust library for working with basis splines and NURBS (Non-Uniform Rational B-Splines) with zero

null 5 May 14, 2023
Pure-Rust traits and utilities for constant-time cryptographic implementations.

subtle Pure-Rust traits and utilities for constant-time cryptographic implementations. It consists of a Choice type, and a collection of traits using

dalek cryptography 196 Dec 13, 2022
OpenZKP - pure Rust implementations of Zero-Knowledge Proof systems.

OpenZKP OpenZKP - pure Rust implementations of Zero-Knowledge Proof systems. Overview Project current implements ?? the Stark protocol (see its readme

0x 529 Jan 5, 2023
Pure Rust implementations of the key-committing (and context-committing) AEADs

kc-aeads Pure Rust implementations of the key-committing (and context-committing) AEADs defined in Bellare and Hoang '22. Crash course on the paper: T

Michael Rosenberg 2 Aug 10, 2022
ZKP fork for rust-secp256k1, adds wrappers for range proofs, pedersen commitments, etc

rust-secp256k1 rust-secp256k1 is a wrapper around libsecp256k1, a C library by Peter Wuille for producing ECDSA signatures using the SECG curve secp25

null 53 Dec 19, 2022
stealth addresses library implementing ERC-5564 over secp256k1 in rust

eth-stealth-addresses rust library implementing ERC-5564 stealth addresses using canonical ECC over the secp256k1 curve. let's make privacy on evm cha

κασσάνδρα.eth 30 Oct 9, 2023
Implementation of the Grumpkin curve in Rust.

Grumpkin curve implementation in Rust This repository implements the Grumpkin curve for use in Rust, by building off of the code provided by ZCash and

Jules 3 Dec 26, 2022