Function fromEdwards25519 [src]

Compute the Curve25519 equivalent to an Edwards25519 point. Note that the function doesn't check that the input point is on the prime order group, e.g. that it is an Ed25519 public key for which an Ed25519 secret key exists. If this is required, for example for compatibility with libsodium's strict validation policy, the caller can call the rejectUnexpectedSubgroup function on the input point before calling this function.

Prototype

pub fn fromEdwards25519(p: crypto.ecc.Edwards25519) IdentityElementError!Curve25519

Parameters

p: crypto.ecc.Edwards25519

Possible Errors

IdentityElement IdentityElementError

Source

  pub fn fromEdwards25519(p: crypto.ecc.Edwards25519) IdentityElementError!Curve25519 {
    try p.clearCofactor().rejectIdentity();
    const one = crypto.ecc.Edwards25519.Fe.one;
    const py = p.y.mul(p.z.invert());
    const x = one.add(py).mul(one.sub(py).invert()); // xMont=(1+yEd)/(1-yEd)
    return Curve25519{ .x = x };
}  