org.cryptimeleon.math.structures.groups.elliptic.nopairing

Class Secp256k1

java.lang.Object

org.cryptimeleon.math.structures.groups.elliptic.nopairing.Secp256k1

All Implemented Interfaces:

RepresentationRestorer, Representable, StandaloneRepresentable, EllipticCurve, WeierstrassCurve, GroupImpl

public class Secp256k1
extends java.lang.Object
implements WeierstrassCurve

An implementation of the secp256k1 curve.

The curve is defined in Weierstrass short form \(y^2 = x^3 + b\) over a field \(\mathbb{F}_p\). Specific parameters are taken from here.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Secp256k1.HashIntoSecp256k1 A hash function mapping bit strings into the group such that

Field Summary

Fields

Modifier and Type	Field and Description
static Zp.ZpElement	b Parameter for the weierstrass equation \(y^2 = x^3 + b\).
static Zp.ZpElement	generatorX x-coordinate of generator element.
static Zp.ZpElement	generatorY y-coordinate of generator element.
static java.math.BigInteger	n The number of elements on the curve.
static java.math.BigInteger	p The prime used to instantiate the field \(\mathbb{F}_p\).
static Zp	zp The field \(\mathbb{F}_p\) over which the curve is defined.

Constructor Summary

Constructors

Constructor and Description
Secp256k1() Initialize the curve.
Secp256k1(Representation repr) Initialize the curve from a representation (not used since all parameters are fixed).

Method Summary

Modifier and Type	Method and Description
boolean	equals(java.lang.Object obj)
double	estimateCostInvPerOp() Estimates the number of inversions that can be done per group operation for the same cost.
FieldElement	getA1() Returns \(A1\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
FieldElement	getA2() Returns \(A2\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
FieldElement	getA3() Returns \(A3\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
FieldElement	getA4() Returns \(A4\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
FieldElement	getA6() Returns \(A6\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).
EllipticCurvePoint	getElement(FieldElement x, FieldElement y) Construct an point on this curve given the x- and y-coordinates.
Field	getFieldOfDefinition() Returns the base field over which the elliptic curve is defined.
GroupElementImpl	getGenerator() Returns any generator of this group if the group is cyclic and it's feasible to compute a generator.
GroupElementImpl	getNeutralElement() Returns the neutral element of this group.
Representation	getRepresentation() The representation of this object.
GroupElementImpl	getUniformlyRandomElement() Generates a uniformly random element of this group.
java.util.Optional<java.lang.Integer>	getUniqueByteLength() Returns the number of bytes returned by this structure's UniqueByteRepresentable.getUniqueByteRepresentation(), or an empty Optional if this structure's elements do not guarantee a fixed length.
int	hashCode()
boolean	hasPrimeSize() Returns true if the size of this structure is known and prime.
GroupElementImpl	restoreElement(Representation repr) Restores a group element from its representation.
java.math.BigInteger	size() Retrieves number of elements in the group if possible.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.cryptimeleon.math.structures.groups.elliptic.WeierstrassCurve

isShortForm

Methods inherited from interface org.cryptimeleon.math.structures.groups.elliptic.EllipticCurve

isCommutative

Methods inherited from interface org.cryptimeleon.math.structures.groups.GroupImpl

exp, getUniformlyRandomNonNeutral, implementsOwnExp, implementsOwnMultiExp, multiexp, restoreFromRepresentation

Field Detail

p

public static final java.math.BigInteger p

The prime used to instantiate the field \(\mathbb{F}_p\).

n

public static final java.math.BigInteger n

The number of elements on the curve.

zp

public static final Zp zp

The field \(\mathbb{F}_p\) over which the curve is defined.

b

public static final Zp.ZpElement b

Parameter for the weierstrass equation \(y^2 = x^3 + b\).

generatorX

public static final Zp.ZpElement generatorX

x-coordinate of generator element.

generatorY

public static final Zp.ZpElement generatorY

y-coordinate of generator element.

Constructor Detail

Secp256k1

public Secp256k1()

Initialize the curve.

Secp256k1

public Secp256k1(Representation repr)

Initialize the curve from a representation (not used since all parameters are fixed).

The representation is not used, as all parameters are fixed. Hence, it can be any value.

Parameters:

repr - the representation to use for restoration. Not used

Method Detail

getA6

public FieldElement getA6()

Description copied from interface: WeierstrassCurve

Returns \(A6\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Specified by:

getA6 in interface WeierstrassCurve

getA4

public FieldElement getA4()

Description copied from interface: WeierstrassCurve

Returns \(A4\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Specified by:

getA4 in interface WeierstrassCurve

getA3

public FieldElement getA3()

Description copied from interface: WeierstrassCurve

Returns \(A3\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Is zero if the curve is given by a weierstrass equation in short form.

Specified by:

getA3 in interface WeierstrassCurve

getA2

public FieldElement getA2()

Description copied from interface: WeierstrassCurve

Returns \(A2\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Is zero if the curve is given by a weierstrass equation in short form.

Specified by:

getA2 in interface WeierstrassCurve

getA1

public FieldElement getA1()

Description copied from interface: WeierstrassCurve

Returns \(A1\) from the weierstrass equation \(y^2 + A1 \cdot xy + A3 \cdot y = x^3 + A2 \cdot x^2 + A4 \cdot x + A6\).

Is zero if the curve is given by a weierstrass equation in short form.

Specified by:

getA1 in interface WeierstrassCurve

getElement

public EllipticCurvePoint getElement(FieldElement x,
                                     FieldElement y)

Description copied from interface: WeierstrassCurve

Construct an point on this curve given the x- and y-coordinates.

Specified by:

getElement in interface WeierstrassCurve

Parameters:

x - the x-coordinate

y - the y-coordinate

Returns:

the corresponding elliptic curve point

getFieldOfDefinition

public Field getFieldOfDefinition()

Description copied from interface: EllipticCurve

Returns the base field over which the elliptic curve is defined.

Specified by:

getFieldOfDefinition in interface EllipticCurve

getNeutralElement

public GroupElementImpl getNeutralElement()

Description copied from interface: GroupImpl

Returns the neutral element of this group.

Specified by:

getNeutralElement in interface GroupImpl

getUniformlyRandomElement

public GroupElementImpl getUniformlyRandomElement()
                                           throws java.lang.UnsupportedOperationException

Description copied from interface: GroupImpl

Generates a uniformly random element of this group.

Specified by:

getUniformlyRandomElement in interface GroupImpl

Throws:

java.lang.UnsupportedOperationException - if the random generation cannot be done

restoreElement

public GroupElementImpl restoreElement(Representation repr)

Description copied from interface: GroupImpl

Restores a group element from its representation.

Specified by:

restoreElement in interface GroupImpl

getGenerator

public GroupElementImpl getGenerator()
                              throws java.lang.UnsupportedOperationException

Description copied from interface: GroupImpl

Returns any generator of this group if the group is cyclic and it's feasible to compute a generator.

Repeated calls may or may not always supply the same generator again (i.e. the output is not guaranteed to be random)!

Specified by:

getGenerator in interface GroupImpl

Throws:

java.lang.UnsupportedOperationException - if group is not cyclic or it's too hard to compute a generator

size

public java.math.BigInteger size()
                          throws java.lang.UnsupportedOperationException

Description copied from interface: GroupImpl

Retrieves number of elements in the group if possible.

Specified by:

size in interface GroupImpl

Returns:

size of this group (number of group elements in it) or null if infinite

Throws:

java.lang.UnsupportedOperationException - if the number of elements is unknown or is too expensive to compute

hasPrimeSize

public boolean hasPrimeSize()

Description copied from interface: GroupImpl

Returns true if the size of this structure is known and prime.

Specified by:

hasPrimeSize in interface GroupImpl

estimateCostInvPerOp

public double estimateCostInvPerOp()

Description copied from interface: GroupImpl

Estimates the number of inversions that can be done per group operation for the same cost. For example, 2 would mean that an inversion costs half as much as a group operation, on average.

Specified by:

estimateCostInvPerOp in interface GroupImpl

Returns:

Estimated number of inversions that can be done per group operation for the same cost

getUniqueByteLength

public java.util.Optional<java.lang.Integer> getUniqueByteLength()

Description copied from interface: GroupImpl

Returns the number of bytes returned by this structure's UniqueByteRepresentable.getUniqueByteRepresentation(), or an empty Optional if this structure's elements do not guarantee a fixed length.

For example, elements of Zp will always be represented by ceil(ceil(log(p))/8) bytes, hence getUniqueByteLength() would return ceil(ceil(log(p))/8).

A polynomial ring would return an empty Optional since a polynomial's unique byte representation length depends on its degree.

Specified by:

getUniqueByteLength in interface GroupImpl

Returns:

the guaranteed fixed length of getUniqueByteRepresentation(), or an empty Optional, if no guarantee

getRepresentation

public Representation getRepresentation()

Description copied from interface: Representable

The representation of this object. Used for serialization. A convenient way to implement this is using @link ReprUtil

Specified by:

getRepresentation in interface Representable

Returns:

a Representation or null if an equal object can be recreated without any information.

See Also:

Representation

equals

public boolean equals(java.lang.Object obj)

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object