Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Source file ec_sig.ml
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340(** Basic interface for elliptic curves *)moduletypeBASE=sigexceptionNot_on_curveofBytes.t(** Represents an element on the curve. In the case of a curve with a
cofactor, the element is not necessarily in the prime subgroup.
*)typet(** The size of a point representation, in bytes *)valsize_in_bytes:intmoduleScalar:Ff_sig.PRIMEmoduleBase:Ff_sig.PRIME(** Check if a point, represented as a byte array, is on the curve **)valcheck_bytes:Bytes.t->bool(** Attempt to construct a point from a byte array *)valof_bytes_opt:Bytes.t->toption(** Attempt to construct a point from a byte array.
Raise [Not_on_curve] if the point is not on the curve
*)valof_bytes_exn:Bytes.t->t(** Return a representation in bytes *)valto_bytes:t->Bytes.t(** Zero of the elliptic curve *)valzero:t(** A fixed generator of the elliptic curve *)valone:t(** Return [true] if the given element is zero *)valis_zero:t->bool(** Generate a random element *)valrandom:?state:Random.State.t->unit->t(** Return the addition of two element *)valadd:t->t->t(** Double the element *)valdouble:t->t(** Return the opposite of the element *)valnegate:t->t(** Return [true] if the two elements are algebraically the same *)valeq:t->t->bool(** Multiply an element by a scalar *)valmul:t->Scalar.t->tend(** Curve in Weierstrass form with a and b. In affine, the curve has the
equation form y² = x³ + ax + b *)moduletypeWeierstrassT=sigincludeBASEvala:Base.tvalb:Base.tvalcofactor:Z.tendmoduletypeAffineWeierstrassT=sigincludeWeierstrassTvalget_x_coordinate:t->Base.tvalget_y_coordinate:t->Base.t(* val to_montgomery_curve_parameters : unit -> (Base.t * Base.t * Z.t * (Base.t * Base.t)) option
val to_montgomery : t -> (Base.t * Base.t) option *)(** [is_on_curve ~x ~y] returns [true] if the coordinates [(x, y)] represents
a point on the curve. It does not check the point is in the prime subgroup.
*)valis_on_curve:x:Base.t->y:Base.t->bool(** [is_in_prime_subgroup ~x ~y] returns [true] if the coordinates [(x, y)]
represents a point in the prime subgroup. The coordinates must be a point
on the curve
*)valis_in_prime_subgroup:x:Base.t->y:Base.t->bool(** Build a point from the affine coordinates. If the point is not on the curve
and in the subgroup, returns [None]
*)valfrom_coordinates_opt:x:Base.t->y:Base.t->toption(** Build a point from the affine coordinates. If the point is not on the curve
and in the subgroup, raise [Not_on_curve].
*)valfrom_coordinates_exn:x:Base.t->y:Base.t->t(** Build a point from a compressed representation. It supposes the base field
leaves at least a free bit in the last byte to encode the sign.
Raise [Not_on_curve] if the bytes do not represent a point on the curve
and in the prime subgroup.
*)valof_compressed_bytes_exn:Bytes.t->t(** Same than [of_compressed_bytes_exn] but returns an option instead of
raising an exception
*)valof_compressed_bytes_opt:Bytes.t->toption(** Return the compressed representation of the point *)valto_compressed_bytes:t->Bytes.tendmoduletypeProjectiveWeierstrassT=sigincludeWeierstrassT(** [is_on_curve ~x ~y ~z] returns [true] if the coordinates [(x, y, z)]
represents a point on the curve. It does not check the point is in the
prime subgroup.
*)valis_on_curve:x:Base.t->y:Base.t->z:Base.t->bool(** [is_in_prime_subgroup ~x ~y ~z] returns [true] if the coordinates
[(x, y, z)] represents a point in the prime subgroup. The coordinates must
be a point on the curve.
*)valis_in_prime_subgroup:x:Base.t->y:Base.t->z:Base.t->boolvalget_x_coordinate:t->Base.tvalget_y_coordinate:t->Base.tvalget_z_coordinate:t->Base.t(** Build a point from the affine coordinates. If the point is not on the curve
and in the subgroup, returns [None]
*)valfrom_coordinates_opt:x:Base.t->y:Base.t->z:Base.t->toption(** Build a point from the affine coordinates. If the point is not on the curve
and in the subgroup, raise [Not_on_curve].
*)valfrom_coordinates_exn:x:Base.t->y:Base.t->z:Base.t->tvalget_affine_x_coordinate:t->Base.tvalget_affine_y_coordinate:t->Base.tvalfrom_affine_coordinates_exn:x:Base.t->y:Base.t->tvalfrom_affine_coordinates_opt:x:Base.t->y:Base.t->tendmoduletypeJacobianWeierstrassT=sigincludeWeierstrassT(** [is_on_curve ~x ~y ~z] returns [true] if the coordinates [(x, y, z)] represents
a point on the curve. It does not check the point is in the prime subgroup.
*)valis_on_curve:x:Base.t->y:Base.t->z:Base.t->bool(** [is_in_prime_subgroup ~x ~y ~z] returns [true] if the coordinates [(x, y, z)]
represents a point in the prime subgroup. The coordinates must be a point
on the curve
*)valis_in_prime_subgroup:x:Base.t->y:Base.t->z:Base.t->boolvalget_x_coordinate:t->Base.tvalget_y_coordinate:t->Base.tvalget_z_coordinate:t->Base.t(** Build a point from the projective coordinates. If the point is not on the curve
and in the subgroup, returns [None]
*)valfrom_coordinates_opt:x:Base.t->y:Base.t->z:Base.t->toption(** Build a point from the projective coordinates. If the point is not on the curve
and in the subgroup, raise [Not_on_curve].
*)valfrom_coordinates_exn:x:Base.t->y:Base.t->z:Base.t->tvalget_affine_x_coordinate:t->Base.tvalget_affine_y_coordinate:t->Base.tvalfrom_affine_coordinates_exn:x:Base.t->y:Base.t->tvalfrom_affine_coordinates_opt:x:Base.t->y:Base.t->tendmoduletypeMontgomeryT=sigincludeBASEvala:Base.tvalb:Base.tvalcofactor:Z.tendmoduletypeAffineMontgomeryT=sig(** by^2 = x3 + ax^2 + x with b * (a^2 - 4) != 0*)includeMontgomeryT(** [is_on_curve ~x ~y] returns [true] if the coordinates [(x, y)] represents
a point on the curve. It does not check the point is in the prime subgroup.
*)valis_on_curve:x:Base.t->y:Base.t->bool(** [is_in_prime_subgroup ~x ~y] returns [true] if the coordinates [(x, y)]
represents a point in the prime subgroup. The coordinates must be a point
on the curve
*)valis_in_prime_subgroup:x:Base.t->y:Base.t->boolvalget_x_coordinate:t->Base.tvalget_y_coordinate:t->Base.tvalto_twisted_curve_parameters:unit->(Base.t*Base.t*Z.t*(Base.t*Base.t))optionvalto_twisted:t->(Base.t*Base.t)optionvalto_weierstrass_curve_parameters:unit->(Base.t*Base.t*Z.t*(Base.t*Base.t))optionvalto_weierstrass:t->(Base.t*Base.t)option(** Build a point from the affine coordinates. If the point is not on the curve
and in the subgroup, returns [None]
*)valfrom_coordinates_opt:x:Base.t->y:Base.t->toption(** Build a point from the affine coordinates. If the point is not on the curve
and in the subgroup, raise [Not_on_curve].
*)valfrom_coordinates_exn:x:Base.t->y:Base.t->t(** Build a point from a compressed representation. It supposes the base field
leaves at least a free bit in the last byte to encode the sign.
Raise [Not_on_curve] if the bytes do not represent a point on the curve
and in the prime subgroup.
*)valof_compressed_bytes_exn:Bytes.t->t(** Same than [of_compressed_bytes_exn] but returns an option instead of
raising an exception
*)valof_compressed_bytes_opt:Bytes.t->toption(** Return the compressed representation of the point *)valto_compressed_bytes:t->Bytes.tendmoduletypeAffineEdwardsT=sig(** au^2 + v^2 = 1 + du^2v^2 *)includeBASE(** The parameter [a] of the curve, from the equation a * u^2 + v^2 = 1 + d * u^2 * v^2 *)vala:Base.t(** The parameter [d] of the curve, from the equation a * u^2 + v^2 = 1 + d * u^2 * v^2 *)vald:Base.t(** The cofactor of the curve. The parameter is used in [is_small_order] and
in the random point generator.
*)valcofactor:Z.t(** [is_on_curve ~u ~v] returns [true] if the coordinates [(u, v)] represents
a point on the curve. It does not check the point is in the prime subgroup.
*)valis_on_curve:u:Base.t->v:Base.t->bool(** [is_in_prime_subgroup ~u ~v] returns [true] if the coordinates [(u, v)]
represents a point in the prime subgroup. The coordinates must be a point
on the curve
*)valis_in_prime_subgroup:u:Base.t->v:Base.t->bool(** Return the affine coordinate u (such that au^2 + v^2 = 1 + d u^2 v^2 *)valget_u_coordinate:t->Base.t(** Return the affine coordinate u (such that au^2 + v^2 = 1 + d u^2 v^2 *)valget_v_coordinate:t->Base.tvalto_montgomery_curve_parameters:unit->(Base.t*Base.t*Z.t*(Base.t*Base.t))optionvalto_montgomery:t->(Base.t*Base.t)option(** Build a point from the affine coordinates. If the point is not on the curve
and in the subgroup, returns [None]
*)valfrom_coordinates_opt:u:Base.t->v:Base.t->toption(** Build a point from the affine coordinates. If the point is not on the curve
and in the subgroup, raise [Not_on_curve].
*)valfrom_coordinates_exn:u:Base.t->v:Base.t->t(** Build a point from the affine coordinates, without verifying the point is
on the curve. Use with precaution.
*)valunsafe_from_coordinates:u:Base.t->v:Base.t->tendmoduletypePAIRING=sigmoduleG1:BASEmoduleG2:BASEmoduleGT:Ff_sig.BASEexceptionFailToComputeFinalExponentiationofGT.tvalmiller_loop:(G1.t*G2.t)list->GT.t(** Compute the miller loop on a single tuple of point *)valmiller_loop_simple:G1.t->G2.t->GT.t(** Compute a pairing result of a list of points *)valpairing:G1.t->G2.t->GT.t(** Compute the final exponentiation of the given point. Returns a [None] if
the point is null *)valfinal_exponentiation_opt:GT.t->GT.toption(** Compute the final exponentiation of the given point. Raise
[FailToComputeFinalExponentiation] if the point is null *)valfinal_exponentiation_exn:GT.t->GT.tend