Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
elliptic-curve: consolidate
AffineCoordinates
trait (#1237)
See RustCrypto/elliptic-curves#50 for some historic context. After being able to get by on `AffineXCoordinate` for generic ECDH and ECDSA, #1199 added an `AffineYIsOdd` trait which was needed to enable the generic ECDSA implementation in the `ecdsa` crate to compute the "recovery ID" for signatures (which is effectively point compression for the `R` curve point). This commit consolidates `AffineXCoordinate` and `AffineYIsOdd` into an `AffineCoordinates` trait. Some observations since prior discussion in RustCrypto/elliptic-curves#50: - Access to coordinates is through bytes, namely `FieldBytes`. This is so as to avoid exposing a crate's field element type. This approach isn't type safe (base field elements and scalar field elements share the same serialization) but does make ECDSA's weird reduction of a base field element into the scalar field straightforward in generic code. - Prior to this attempts were made to extract ECDSA-specific bits into a trait to handle these conversions, but it complicates both writing generic code and optimizing performance. While this still might be worth exploring, so far those explorations have largely failed. - Generally there have been a lot of requests for coordinate access specifically for things like point serialization formats. We ended up adding "compaction" support upstream but we have had requests for several other formats (e.g. Elligator Squared) where direct coordinate access would be useful. This trait can hopefully be replaced by a coordinate access API provided by the `group` crate in the future. See zkcrypto/group#30
- Loading branch information