UltrafastSecp256k1 3.50.0
Ultra high-performance secp256k1 elliptic curve cryptography library
Loading...
Searching...
No Matches
ellswift.hpp
Go to the documentation of this file.
1#ifndef SECP256K1_ELLSWIFT_HPP
2#define SECP256K1_ELLSWIFT_HPP
3#pragma once
4
5// ============================================================================
6// ElligatorSwift encoding for secp256k1 (BIP-324)
7// ============================================================================
8// Implements the ElligatorSwift encoding as specified in BIP-324, which uses
9// a variant of the Elligator Squared technique to encode secp256k1 public keys
10// as uniformly random-looking 64-byte strings.
11//
12// The encoding is:
13// ellswift_encode(pubkey) -> 64 bytes (u || t), indistinguishable from random
14// ellswift_decode(64 bytes) -> pubkey (x-only)
15//
16// For BIP-324 ECDH:
17// ellswift_xdh(our_ell64, their_ell64, our_privkey, initiator) -> 32-byte secret
18//
19// Reference: BIP-324, https://github.com/bitcoin/bips/blob/master/bip-0324.mediawiki
20// ============================================================================
21
22#include <array>
23#include <cstdint>
24#include <cstddef>
25#include "secp256k1/point.hpp"
26#include "secp256k1/scalar.hpp"
27#include "secp256k1/field.hpp"
28
29namespace secp256k1 {
30
31using fast::Scalar;
32using fast::Point;
33using fast::FieldElement;
34
35// -- ElligatorSwift encoding/decoding -----------------------------------------
36
37// Decode a 64-byte ElligatorSwift encoding to an x-coordinate.
38// Returns the x-coordinate of the encoded point.
39FieldElement ellswift_decode(const std::uint8_t encoding[64]) noexcept;
40
41// Create a 64-byte ElligatorSwift encoding from a private key.
42// Generates a uniformly random-looking 64 bytes that encodes privkey * G.
43// Uses OS CSPRNG for the randomness needed by the encoding.
44std::array<std::uint8_t, 64> ellswift_create(const Scalar& privkey);
45
46// -- ElligatorSwift ECDH (BIP-324) --------------------------------------------
47
48// Perform x-only ECDH using ElligatorSwift-encoded public keys.
49// Both ell_a64 and ell_b64 are 64-byte ElligatorSwift encodings.
50// our_privkey is our secret key.
51// initiating: true if we are the connection initiator (determines key order).
52// Returns 32-byte shared secret (SHA256-based).
53std::array<std::uint8_t, 32> ellswift_xdh(
54 const std::uint8_t ell_a64[64],
55 const std::uint8_t ell_b64[64],
56 const Scalar& our_privkey,
57 bool initiating) noexcept;
58
59} // namespace secp256k1
60
61#endif // SECP256K1_ELLSWIFT_HPP
secp256k1::ellswift_decode
FieldElement ellswift_decode(const std::uint8_t encoding[64]) noexcept
secp256k1::ellswift_xdh
std::array< std::uint8_t, 32 > ellswift_xdh(const std::uint8_t ell_a64[64], const std::uint8_t ell_b64[64], const Scalar &our_privkey, bool initiating) noexcept
secp256k1::ellswift_create
std::array< std::uint8_t, 64 > ellswift_create(const Scalar &privkey)