## elliptic-curves

Thomas Chust

### Description

This library allows you to perform basic arithmetic and cryptographic primitives on elliptic curve groups over finite fields with arbitrarily large integer moduli.

Points on elliptic curves are represented by complex numbers, the infinitely remote point is represented by the number zero.

### API

#### Module elliptic-curve-parameters

This module defines an elliptic curve parameter record as follows:

``` (defstruct ec-parameters
;; Prime modulus of the curve's underlying field
p
;; Parameter a of the Weierstrass equation
a
;; Parameter b of the Weierstrass equation
b
;; Base point of the curve
[G #f]
;; Order of the base point
[n #f]
;; Cofactor of the base point
[h #f]
;; Optional name of the parameter set
[name #f])```
(define-ec-parameters id p a b x y n h)syntax

A shorthand for

``` (define id
(make-ec-parameters
p: (string->number p 16)
a: (string->number a 16)
b: (string->number b 16)
G: (make-rectangular
(string->number x 16)
(string->number y 16))
n: (string->number n 16)
h: (string->number h 16)
name: 'id))```
brainpool-P160r1constant
brainpool-P192r1constant
brainpool-P224r1constant
brainpool-P256r1constant
brainpool-P320r1constant
brainpool-P384r1constant
brainpool-P512r1constant

Constants for standardized elliptic curves suitable for cryptographic use. Refer to the ECC Brainpool site for more information.

#### Module elliptic-curve-arithmetic

parameters P ...procedure

Computes the sum of the points P on the elliptic curve specified by the given parameters, similar to the standard procedure +.

parameters A P ...procedure

Computes the difference of point A and all points P or the additive inverse of A on the elliptic curve specified by the given parameters, similar to the standard procedure -.

parameters P nprocedure

Computes the scalar product of point P with the integer n on the elliptic curve specified by the given parameters, but does so much more efficiently than iteratively summing up copies of P.

If n is negative, the additive inverse of P is multiplied by (abs n).

on-elliptic-curve? parameters Pprocedure

Checks whether the point P is a member of the elliptic curve specified by the given parameters.

(with-elliptic-curve parameters body ...)syntax

Overloads the symbols +, - and * inside body with versions operating on elements of the elliptic curve specified by the given parameters.

#### Module elliptic-curve-cryptography

parametersrandom-integerprocedure

Given elliptic curve parameters and a cryptographically strong random-integer generator for huge numbers with analoguous behaviour as the standard procedure (random n), a procedure is generated that returns a random new public key and private key. The public key is a point on the elliptic curve, the private key is an integer.

parametersrandom-integer d messageprocedure

Given elliptic curve parameters and a cryptographically strong random-integer generator for huge numbers with analoguous behaviour as the standard procedure (random n), a signature procedure is generated that computes a signature from the private key d and the given message.

The message is a number and the signature is a pair of two numbers.

For practical applications, you should convert some message digest into a number with the same bit length as the base point order of the elliptic curve and pass it as the message argument.

parameters P message signatureprocedure

Given elliptic curve parameters, a signature verification procedure is generated that checks a signature given the public key P of the signer, the original message and the signature.

The message is a number and the signature is a pair of two numbers.

For practical applications, you should convert some message digest into a number with the same bit length as the base point order of the elliptic curve and pass it as the message argument.

parameters d Pprocedure

Given elliptic curve parameters, a shared secret generator is created that computes a shared secret given the secret key d of the "sender" and the public key P of the recipient.

The shared secret is a point on the elliptic curve.

For practical applications you should hash the returned point together with some strong random salt value to derive a key for symmetric encryption.

``` Copyright (c) 2010, Thomas Chust

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:

* Redistributions of source code must retain the above copyright notice, this list of conditions and the following
disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of the author nor the names of its contributors may be used to endorse or promote
products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.```

### Version history

1.0.1
Fixed some import specifications
1.0.0
Initial release