RustCrypto: NIST P-256 (secp256r1) elliptic curve

Pure Rust implementation of the NIST P-256 (a.k.a. secp256r1, prime256v1) elliptic curve with support for ECDH, ECDSA signing/verification, and general purpose curve arithmetic support implemented in terms of traits from the elliptic-curve crate.

Documentation

⚠️ Security Warning

The elliptic curve arithmetic contained in this crate has never been independently audited!

This crate has been designed with the goal of ensuring that secret-dependent operations are performed in constant time (using the subtle crate and constant-time formulas). However, it has not been thoroughly assessed to ensure that generated assembly is constant time on common CPU architectures.

USE AT YOUR OWN RISK!

Supported Algorithms

• Elliptic Curve Diffie-Hellman (ECDH): gated under the ecdh feature.
• Elliptic Curve Digital Signature Algorithm (ECDSA): gated under the ecdsa feature.

About NIST P-256

NIST P-256 is a Weierstrass curve specified in SP 800-186: Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters.

Also known as prime256v1 (ANSI X9.62) and secp256r1 (SECG), it's included in the US National Security Agency's "Suite B" and is widely used in protocols like TLS and the associated X.509 PKI.

Minimum Supported Rust Version

Rust 1.73 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

SemVer Policy

• All on-by-default features of this library are covered by SemVer
• MSRV is considered exempt from SemVer as noted above

License

All crates licensed under either of

• Apache License, Version 2.0
• MIT license

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.