The type for private keys.

The type for public keys.

byte_length is the size of a ECDSA signature in bytes.

priv_of_cstruct cs decodes a private key from the buffer cs. If the provided data is invalid, an error is returned.

priv_to_cstruct p encode the private key p to a buffer.

pub_of_cstruct cs decodes a public key from the buffer cs. If the provided data is invalid, an error is returned.

pub_to_cstruct ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.

pub_of_priv p extracts the public key from the private key p.

generate ~g () generates a key pair.

sign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.

Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.

• raises Invalid_argument

  if k is not suitable or not in range.

• raises Message_too_long

  if the bit size of msg exceeds the curve.

verify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.

K_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.

Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation