Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
b4e8749
Add `Group::mul_by_generator`
tarcieri Dec 30, 2022
6ab641f
Raise MSRV to 1.63
str4d Apr 16, 2025
8240c17
Update lockfile to latest MSRV-compatible dependencies
str4d Apr 16, 2025
8534991
Merge pull request #62 from zkcrypto/msrv-1.63
str4d Apr 16, 2025
055cc14
Bump to rust-random 0.9
pinkforest Jan 26, 2025
42e0ad5
Merge pull request #56 from pinkforest/bump-rand-0.9
str4d Apr 16, 2025
f3537bc
Relax `Sized` requirements on the rng
baloo Mar 3, 2025
430e26a
Merge pull request #57 from baloo/baloo/relax-rng
str4d Apr 16, 2025
4456de8
Provide a `Group::try_from_rng`
baloo Mar 3, 2025
94b7e74
Merge pull request #59 from baloo/baloo/try_from_rng
str4d Apr 16, 2025
6636782
Merge pull request #44 from tarcieri/mul_by_generator
str4d Apr 16, 2025
a260479
Preview 0.14.0-pre.0
str4d Apr 17, 2025
31e349d
Merge pull request #64 from zkcrypto/preview-0.14.0-pre.0
str4d Apr 17, 2025
87fcee0
Bump `rand_core` to v0.10; MSRV 1.85
tarcieri Feb 1, 2026
2110485
Introduce `CurveAffine` trait
str4d Jul 29, 2023
6bee6ef
Merge pull request #48 from zkcrypto/curveaffine
str4d Feb 26, 2026
62923b9
Merge pull request #71 from tarcieri/rand_core/v0.10
ebfull May 21, 2026
92f221b
Update patch to retarget ff 0.14.0 release branch
ebfull May 21, 2026
326b36b
Rename `Group::try_from_rng` to `Group::try_random`
ebfull May 21, 2026
d24dd0d
Update to `ff 0.14.0-pre.1`
ebfull May 21, 2026
b8220c8
Update CHANGELOG.md
ebfull May 21, 2026
b71b98a
Preview 0.14.0-pre.1
ebfull May 21, 2026
0562c20
Update CHANGELOG.md
ebfull May 30, 2026
8b8e53b
Update MSRV in README.md to 1.85
ebfull May 30, 2026
d0bed6d
Update to ff 0.14.0
ebfull May 30, 2026
1d05796
Use consistent CHANGELOG language for ff bump
ebfull May 30, 2026
5e5b9b9
Fix lints and minor nits
ebfull May 30, 2026
ab86533
Simplify Curve::Affine bounds
ebfull May 30, 2026
7fc1ccc
Align group random docs with ff
ebfull May 30, 2026
f9a84a7
Release 0.14.0
ebfull May 30, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ jobs:
strategy:
matrix:
target:
- wasm32-wasi
- wasm32-wasip1
- thumbv6m-none-eabi
- thumbv7em-none-eabihf
steps:
Expand Down Expand Up @@ -81,7 +81,6 @@ jobs:
- uses: actions/checkout@v4
- run: cargo fetch
# Requires #![deny(rustdoc::broken_intra_doc_links)] in crates.
- run: sudo apt-get -y install libfontconfig1-dev
- name: Check intra-doc links
run: cargo doc --all-features --document-private-items

Expand Down
32 changes: 32 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,38 @@ and this library adheres to Rust's notion of

## [Unreleased]

## [0.14.0] - 2026-06-01
Comment thread
ebfull marked this conversation as resolved.
### Added
- `group::CurveAffine`, an affine-representation trait that the curve-specific
affine traits are now built on top of.
- `group::Group::mul_by_generator`, with a default implementation. Implementors
can override it to take advantage of precomputed tables.
- `group::Group::try_random<R: TryRng + ?Sized>(rng: &mut R) -> Result<Self, R::Error>`,
a new trait method that must be implemented by downstreams. It samples a
non-identity group element using a fallible RNG and propagates the RNG's error.

### Changed
- MSRV is now 1.85.0.
- Bumped dependencies to `ff 0.14`, `rand_core 0.10`.
Comment thread
ebfull marked this conversation as resolved.
- `group::Group::random(rng: impl RngCore) -> Self` has been changed to
`Group::random<R: Rng + ?Sized>(rng: &mut R) -> Self`, to enable passing a
trait object as the RNG. It now has a default implementation in terms of
`Group::try_random`.
- The curve-related traits have been refactored around the new `CurveAffine`
trait:
- `group::Curve::AffineRepr` has been renamed to `Curve::Affine`.
- All of the trait methods and associated types on the following traits have
been removed (use `group::Curve::Affine` or the `group::CurveAffine` trait
instead; trait implementors must implement `group::CurveAffine` instead
using the same logic):
- `group::cofactor::CofactorCurve`
- `group::cofactor::CofactorCurveAffine`
- `group::prime::PrimeCurve`
- `group::prime::PrimeCurveAffine`
- `group::cofactor::CofactorCurveAffine` and `group::prime::PrimeCurveAffine`
now have blanket implementations for all types `C: group::CurveAffine` where
`C::Curve` implements `CofactorCurve` or `PrimeCurve` respectively.

## [0.13.0] - 2022-12-06
### Changed
- Bumped `ff` to `0.13`
Expand Down
28 changes: 14 additions & 14 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
[package]
name = "group"
version = "0.13.0"
version = "0.14.0"
authors = [
"Sean Bowe <ewillbefull@gmail.com>",
"Jack Grigg <jack@z.cash>",
]
edition = "2021"
rust-version = "1.56"
rust-version = "1.85"
readme = "README.md"
license = "MIT/Apache-2.0"

Expand All @@ -16,10 +16,10 @@ homepage = "https://github.com/zkcrypto/group"
repository = "https://github.com/zkcrypto/group"

[dependencies]
ff = { version = "0.13", default-features = false }
rand = { version = "0.8", optional = true, default-features = false }
rand_core = { version = "0.6", default-features = false }
rand_xorshift = { version = "0.3", optional = true }
ff = { version = "0.14", default-features = false }
rand = { version = "0.10", optional = true, default-features = false }
Comment thread
ebfull marked this conversation as resolved.
rand_core = { version = "0.10", default-features = false }
rand_xorshift = { version = "0.5", optional = true }
subtle = { version = "2.2.1", default-features = false }

# Crate for exposing the dynamic memory usage of the w-NAF structs.
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ wider discussion.

## Minimum Supported Rust Version

Requires Rust **1.56** or higher.
Requires Rust **1.85** or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a
minor version bump.
Expand Down
2 changes: 1 addition & 1 deletion rust-toolchain.toml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
[toolchain]
channel = "1.56.0"
channel = "1.85.0"
components = [ "clippy", "rustfmt" ]
48 changes: 4 additions & 44 deletions src/cofactor.rs
Original file line number Diff line number Diff line change
@@ -1,9 +1,6 @@
use core::fmt;
use core::ops::{Mul, Neg};
use ff::PrimeField;
use subtle::{Choice, CtOption};

use crate::{prime::PrimeGroup, Curve, Group, GroupEncoding, GroupOps, GroupOpsOwned};
use crate::{prime::PrimeGroup, Curve, CurveAffine, Group, GroupEncoding, GroupOps, GroupOpsOwned};

/// This trait represents an element of a cryptographic group with a large prime-order
/// subgroup and a comparatively-small cofactor.
Expand Down Expand Up @@ -54,47 +51,10 @@ pub trait CofactorGroup:

/// Efficient representation of an elliptic curve point guaranteed to be
/// in the correct prime order subgroup.
pub trait CofactorCurve:
Curve<AffineRepr = <Self as CofactorCurve>::Affine> + CofactorGroup
{
type Affine: CofactorCurveAffine<Curve = Self, Scalar = Self::Scalar>
+ Mul<Self::Scalar, Output = Self>
+ for<'r> Mul<&'r Self::Scalar, Output = Self>;
}
pub trait CofactorCurve: Curve + CofactorGroup {}
Comment thread
ebfull marked this conversation as resolved.

/// Affine representation of an elliptic curve point guaranteed to be
/// in the correct prime order subgroup.
pub trait CofactorCurveAffine:
GroupEncoding
+ Copy
+ Clone
+ Sized
+ Send
+ Sync
+ fmt::Debug
+ PartialEq
+ Eq
+ 'static
+ Neg<Output = Self>
+ Mul<<Self as CofactorCurveAffine>::Scalar, Output = <Self as CofactorCurveAffine>::Curve>
+ for<'r> Mul<
&'r <Self as CofactorCurveAffine>::Scalar,
Output = <Self as CofactorCurveAffine>::Curve,
>
{
type Scalar: PrimeField;
type Curve: CofactorCurve<Affine = Self, Scalar = Self::Scalar>;

/// Returns the additive identity.
fn identity() -> Self;
pub trait CofactorCurveAffine: CurveAffine {}

/// Returns a fixed generator of unknown exponent.
fn generator() -> Self;

/// Determines if this point represents the point at infinity; the
/// additive identity.
fn is_identity(&self) -> Choice;

/// Converts this element to its curve representation.
fn to_curve(&self) -> Self::Curve;
}
impl<C: CurveAffine> CofactorCurveAffine for C where C::Curve: CofactorCurve {}
74 changes: 63 additions & 11 deletions src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ use core::fmt;
use core::iter::Sum;
use core::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
use ff::PrimeField;
use rand_core::RngCore;
use rand_core::{Rng, TryRng};
use subtle::{Choice, CtOption};

pub mod cofactor;
Expand Down Expand Up @@ -73,10 +73,23 @@ pub trait Group:
type Scalar: PrimeField;

/// Returns an element chosen uniformly at random from the non-identity elements of
/// this group.
/// this group using a user-provided infallible RNG.
///
/// This function is non-deterministic, and samples from the user-provided RNG.
fn random(rng: impl RngCore) -> Self;
/// This is a convenience wrapper around [`Group::try_random`] for RNGs that cannot
/// fail. Use [`Group::try_random`] if your RNG may fail (for example, an OS-backed
/// entropy source).
fn random<R: Rng + ?Sized>(rng: &mut R) -> Self {
let Ok(out) = Self::try_random(rng);
out
}

/// Returns an element chosen uniformly at random from the non-identity elements of
/// this group using a user-provided fallible RNG.
///
/// Returns `Err` propagating the RNG's error if the underlying RNG fails to produce
/// the randomness required to sample an element. Implementors of `Group` must
/// provide this method; [`Group::random`] is derived from it for infallible RNGs.
fn try_random<R: TryRng + ?Sized>(rng: &mut R) -> Result<Self, R::Error>;
Comment thread
ebfull marked this conversation as resolved.

/// Returns the additive identity, also known as the "neutral element".
fn identity() -> Self;
Expand All @@ -90,18 +103,22 @@ pub trait Group:
/// Doubles this element.
#[must_use]
fn double(&self) -> Self;

/// Multiply by the generator of the prime-order subgroup.
#[must_use]
fn mul_by_generator(scalar: &Self::Scalar) -> Self {
Self::generator() * scalar
}
Comment thread
ebfull marked this conversation as resolved.
}

/// Efficient representation of an elliptic curve point guaranteed.
pub trait Curve:
Group + GroupOps<<Self as Curve>::AffineRepr> + GroupOpsOwned<<Self as Curve>::AffineRepr>
{
/// Efficient representation of an elliptic curve point.
pub trait Curve: Group + GroupOps<Self::Affine> + GroupOpsOwned<Self::Affine> {
/// The affine representation for this elliptic curve.
type AffineRepr;
type Affine: CurveAffine<Curve = Self, Scalar = Self::Scalar>;

/// Converts a batch of projective elements into affine elements. This function will
/// panic if `p.len() != q.len()`.
fn batch_normalize(p: &[Self], q: &mut [Self::AffineRepr]) {
fn batch_normalize(p: &[Self], q: &mut [Self::Affine]) {
assert_eq!(p.len(), q.len());

for (p, q) in p.iter().zip(q.iter_mut()) {
Expand All @@ -110,7 +127,42 @@ pub trait Curve:
}

/// Converts this element into its affine representation.
fn to_affine(&self) -> Self::AffineRepr;
fn to_affine(&self) -> Self::Affine;
}

/// Affine representation of an elliptic curve point.
pub trait CurveAffine:
GroupEncoding
+ Copy
+ fmt::Debug
+ Eq
+ Send
+ Sync
+ 'static
+ Neg<Output = Self>
+ Mul<<Self::Curve as Group>::Scalar, Output = Self::Curve>
+ for<'r> Mul<&'r <Self::Curve as Group>::Scalar, Output = Self::Curve>
Comment thread
ebfull marked this conversation as resolved.
{
/// The efficient representation for this elliptic curve.
type Curve: Curve<Affine = Self, Scalar = Self::Scalar>;

/// Scalars modulo the order of this group's scalar field.
///
/// This associated type is temporary, and will be removed once downstream users have
/// migrated to using `Curve` as the primary generic bound.
type Scalar: PrimeField;

/// Returns the additive identity.
fn identity() -> Self;

/// Returns a fixed generator of unknown exponent.
fn generator() -> Self;

/// Determines if this point represents the additive identity.
fn is_identity(&self) -> Choice;

/// Converts this affine point to its efficient representation.
fn to_curve(&self) -> Self::Curve;
}

pub trait GroupEncoding: Sized {
Expand Down
44 changes: 4 additions & 40 deletions src/prime.rs
Original file line number Diff line number Diff line change
@@ -1,50 +1,14 @@
use core::fmt;
use core::ops::{Mul, Neg};
use ff::PrimeField;
use subtle::Choice;

use crate::{Curve, Group, GroupEncoding};
use crate::{Curve, CurveAffine, Group, GroupEncoding};

/// This trait represents an element of a prime-order cryptographic group.
pub trait PrimeGroup: Group + GroupEncoding {}

/// Efficient representation of an elliptic curve point guaranteed to be
/// in the correct prime order subgroup.
pub trait PrimeCurve: Curve<AffineRepr = <Self as PrimeCurve>::Affine> + PrimeGroup {
type Affine: PrimeCurveAffine<Curve = Self, Scalar = Self::Scalar>
+ Mul<Self::Scalar, Output = Self>
+ for<'r> Mul<&'r Self::Scalar, Output = Self>;
}
pub trait PrimeCurve: Curve + PrimeGroup {}

/// Affine representation of an elliptic curve point guaranteed to be
/// in the correct prime order subgroup.
pub trait PrimeCurveAffine: GroupEncoding
+ Copy
+ Clone
+ Sized
+ Send
+ Sync
+ fmt::Debug
+ PartialEq
+ Eq
+ 'static
+ Neg<Output = Self>
+ Mul<<Self as PrimeCurveAffine>::Scalar, Output = <Self as PrimeCurveAffine>::Curve>
+ for<'r> Mul<&'r <Self as PrimeCurveAffine>::Scalar, Output = <Self as PrimeCurveAffine>::Curve>
{
type Scalar: PrimeField;
type Curve: PrimeCurve<Affine = Self, Scalar = Self::Scalar>;

/// Returns the additive identity.
fn identity() -> Self;

/// Returns a fixed generator of unknown exponent.
fn generator() -> Self;

/// Determines if this point represents the point at infinity; the
/// additive identity.
fn is_identity(&self) -> Choice;
pub trait PrimeCurveAffine: CurveAffine {}

/// Converts this element to its curve representation.
fn to_curve(&self) -> Self::Curve;
}
impl<C: CurveAffine> PrimeCurveAffine for C where C::Curve: PrimeCurve {}
Loading
Loading