native

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2023 License: Apache-2.0 Imports: 11 Imported by: 1

Documentation

Index

Constants

View Source 
const Field4Bytes = 32

Field4Bytes is the number of bytes needed to represent this field.

View Source 
const Field4Limbs = 4

Field4Limbs is the number of limbs needed to represent this field.

View Source 
const Field6Bytes = 48

Field6Bytes is the number of bytes needed to represent this field.

View Source 
const Field6Limbs = 6

Field6Limbs is the number of limbs needed to represent this field.

View Source 
const MaxDstLen = 255

MaxDstLen the max size for dst in hash to curve.

View Source 
const WideField4Bytes = 64

WideField4Bytes is the number of bytes needed for safe conversion to this field to avoid bias when reduced.

View Source 
const WideField6Bytes = 96

WideField6Bytes is the number of bytes needed for safe conversion to this field to avoid bias when reduced.

Variables

View Source 
var OversizeDstSalt = []byte("H2C-OVERSIZE-DST-")

OversizeDstSalt is the salt used to hash a dst over MaxDstLen.

Functions

func ExpandMsgXmd 

func ExpandMsgXmd(h *EllipticPointHasher, msg, domain []byte, outLen int) []byte

ExpandMsgXmd expands the msg with the domain to output a byte array with outLen in size using a fixed size hash. See https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-13#section-5.4.1

func ExpandMsgXof 

func ExpandMsgXof(h *EllipticPointHasher, msg, domain []byte, outLen int) []byte

ExpandMsgXof expands the msg with the domain to output a byte array with outLen in size using a xof hash See https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-13#section-5.4.2

func Pow 

func Pow(out, base, exp *[Field4Limbs]uint64, params *Field4Params, arithmetic Field4Arithmetic)

Pow raises base^exp. The result is written to out. Public only for convenience for some internal implementations.

func Pow2k 

func Pow2k(out, arg *[Field4Limbs]uint64, k int, arithmetic Field4Arithmetic)

Pow2k raises arg to the power `2^k`. This result is written to out. Public only for convenience for some internal implementations.

func Pow2k6 added in v1.1.0 

func Pow2k6(out, arg *[Field6Limbs]uint64, k int, arithmetic Field6Arithmetic)

Pow2k6 raises arg to the power `2^k`. This result is written to out. Public only for convenience for some internal implementations.

func Pow6 added in v1.1.0 

func Pow6(out, base, exp *[Field6Limbs]uint64, params *Field6Params, arithmetic Field6Arithmetic)

Pow6 raises base^exp. The result is written to out. Public only for convenience for some internal implementations.

Types

type EllipticPoint4 added in v1.1.0 

type EllipticPoint4 struct {
	X          *Field4
	Y          *Field4
	Z          *Field4
	Params     *EllipticPoint4Params
	Arithmetic EllipticPoint4Arithmetic
}

EllipticPoint4 represents a Weierstrauss elliptic curve point.

func (*EllipticPoint4) Add added in v1.1.0 

func (p *EllipticPoint4) Add(lhs, rhs *EllipticPoint4) *EllipticPoint4

Add adds the two points.

func (*EllipticPoint4) BigInt added in v1.1.0 

func (p *EllipticPoint4) BigInt() (x, y *big.Int)

BigInt returns the x and y as big.Ints in affine.

func (*EllipticPoint4) CMove added in v1.1.0 

func (*EllipticPoint4) CMove(pt1, pt2 *EllipticPoint4, choice int) *EllipticPoint4

CMove returns arg1 if choice == 0, otherwise returns arg2.

func (*EllipticPoint4) Double added in v1.1.0 

func (p *EllipticPoint4) Double(point *EllipticPoint4) *EllipticPoint4

Double this point.

func (*EllipticPoint4) Equal added in v1.1.0 

func (p *EllipticPoint4) Equal(rhs *EllipticPoint4) int

Equal returns 1 if the two points are equal 0 otherwise.

func (*EllipticPoint4) Generator added in v1.1.0 

func (p *EllipticPoint4) Generator() *EllipticPoint4

Generator returns the base point for the curve.

func (*EllipticPoint4) GetX added in v1.1.0 

func (p *EllipticPoint4) GetX() *Field4

GetX returns the affine X coordinate.

func (*EllipticPoint4) GetY added in v1.1.0 

func (p *EllipticPoint4) GetY() *Field4

GetY returns the affine Y coordinate.

func (*EllipticPoint4) Hash added in v1.1.0 

func (p *EllipticPoint4) Hash(bytes []byte, hasher *EllipticPointHasher) (*EllipticPoint4, error)

Hash uses the hasher to map bytes to a valid point.

func (*EllipticPoint4) Identity added in v1.1.0 

func (p *EllipticPoint4) Identity() *EllipticPoint4

Identity returns the identity point.

func (*EllipticPoint4) IsIdentity added in v1.1.0 

func (p *EllipticPoint4) IsIdentity() bool

IsIdentity returns true if this point is at infinity.

func (*EllipticPoint4) IsOnCurve added in v1.1.0 

func (p *EllipticPoint4) IsOnCurve() bool

IsOnCurve determines if this point represents a valid curve point.

func (*EllipticPoint4) Mul added in v1.1.0 

func (p *EllipticPoint4) Mul(point *EllipticPoint4, scalar *Field4) *EllipticPoint4

Mul multiplies this point by the input scalar.

func (*EllipticPoint4) Neg added in v1.1.0 

func (p *EllipticPoint4) Neg(point *EllipticPoint4) *EllipticPoint4

Neg negates this point.

func (*EllipticPoint4) Random added in v1.1.0 

func (p *EllipticPoint4) Random(reader io.Reader) (*EllipticPoint4, error)

Random creates a random point on the curve from the specified reader.

func (*EllipticPoint4) Set added in v1.1.0 

func (p *EllipticPoint4) Set(clone *EllipticPoint4) *EllipticPoint4

Set copies clone into p.

func (*EllipticPoint4) SetBigInt added in v1.1.0 

func (p *EllipticPoint4) SetBigInt(x, y *big.Int) (*EllipticPoint4, error)

SetBigInt creates a point from affine x, y and returns the point if it is on the curve.

func (*EllipticPoint4) Sub added in v1.1.0 

func (p *EllipticPoint4) Sub(lhs, rhs *EllipticPoint4) *EllipticPoint4

Sub subtracts the two points.

func (*EllipticPoint4) SumOfProducts added in v1.1.0 

func (p *EllipticPoint4) SumOfProducts(points []*EllipticPoint4, scalars []*Field4) (*EllipticPoint4, error)

SumOfProducts computes the multi-exponentiation for the specified points and scalars and stores the result in `p`. Returns an error if the lengths of the arguments is not equal.

func (*EllipticPoint4) ToAffine added in v1.1.0 

func (p *EllipticPoint4) ToAffine(clone *EllipticPoint4) *EllipticPoint4

ToAffine converts the point into affine coordinates.

type EllipticPoint4Arithmetic added in v1.1.0 

type EllipticPoint4Arithmetic interface {
	// Hash a byte sequence to the curve using the specified hasher
	// and dst and store the result in out
	Hash(out *EllipticPoint4, hasher *EllipticPointHasher, bytes, dst []byte) error
	// Double arg and store the result in out
	Double(out, arg *EllipticPoint4)
	// Add arg1 with arg2 and store the result in out
	Add(out, arg1, arg2 *EllipticPoint4)
	// IsOnCurve tests arg if it represents a valid point on the curve
	IsOnCurve(arg *EllipticPoint4) bool
	// ToAffine converts arg to affine coordinates storing the result in out
	ToAffine(out, arg *EllipticPoint4)
	// RhsEquation computes the right-hand side of the ecc equation
	RhsEquation(out, x *Field4)
}

EllipticPoint4Arithmetic are the methods that specific curves need to implement for higher abstractions to wrap the point.

type EllipticPoint4Params added in v1.1.0 

type EllipticPoint4Params struct {
	Name    string
	A       *Field4
	B       *Field4
	Gx      *Field4
	Gy      *Field4
	BitSize int
}

EllipticPoint4Params are the Weierstrauss curve parameters such as the name, the coefficients the generator point, and the prime bit size.

type EllipticPoint6 added in v1.1.0 

type EllipticPoint6 struct {
	X          *Field6
	Y          *Field6
	Z          *Field6
	Params     *EllipticPoint6Params
	Arithmetic EllipticPoint6Arithmetic
}

EllipticPoint6 represents a Weierstrauss elliptic curve point.

func (*EllipticPoint6) Add added in v1.1.0 

func (p *EllipticPoint6) Add(lhs, rhs *EllipticPoint6) *EllipticPoint6

Add adds the two points.

func (*EllipticPoint6) BigInt added in v1.1.0 

func (p *EllipticPoint6) BigInt() (x, y *big.Int)

BigInt returns the x and y as big.Ints in affine.

func (*EllipticPoint6) CMove added in v1.1.0 

func (*EllipticPoint6) CMove(pt1, pt2 *EllipticPoint6, choice int) *EllipticPoint6

CMove returns arg1 if choice == 0, otherwise returns arg2.

func (*EllipticPoint6) Double added in v1.1.0 

func (p *EllipticPoint6) Double(point *EllipticPoint6) *EllipticPoint6

Double this point.

func (*EllipticPoint6) Equal added in v1.1.0 

func (p *EllipticPoint6) Equal(rhs *EllipticPoint6) int

Equal returns 1 if the two points are equal 0 otherwise.

func (*EllipticPoint6) Generator added in v1.1.0 

func (p *EllipticPoint6) Generator() *EllipticPoint6

Generator returns the base point for the curve.

func (*EllipticPoint6) GetX added in v1.1.0 

func (p *EllipticPoint6) GetX() *Field6

GetX returns the affine X coordinate.

func (*EllipticPoint6) GetY added in v1.1.0 

func (p *EllipticPoint6) GetY() *Field6

GetY returns the affine Y coordinate.

func (*EllipticPoint6) Hash added in v1.1.0 

func (p *EllipticPoint6) Hash(bytes []byte, hasher *EllipticPointHasher) (*EllipticPoint6, error)

Hash uses the hasher to map bytes to a valid point.

func (*EllipticPoint6) Identity added in v1.1.0 

func (p *EllipticPoint6) Identity() *EllipticPoint6

Identity returns the identity point.

func (*EllipticPoint6) IsIdentity added in v1.1.0 

func (p *EllipticPoint6) IsIdentity() bool

IsIdentity returns true if this point is at infinity.

func (*EllipticPoint6) IsOnCurve added in v1.1.0 

func (p *EllipticPoint6) IsOnCurve() bool

IsOnCurve determines if this point represents a valid curve point.

func (*EllipticPoint6) Mul added in v1.1.0 

func (p *EllipticPoint6) Mul(point *EllipticPoint6, scalar *Field6) *EllipticPoint6

Mul multiplies this point by the input scalar.

func (*EllipticPoint6) Neg added in v1.1.0 

func (p *EllipticPoint6) Neg(point *EllipticPoint6) *EllipticPoint6

Neg negates this point.

func (*EllipticPoint6) Random added in v1.1.0 

func (p *EllipticPoint6) Random(reader io.Reader) (*EllipticPoint6, error)

Random creates a random point on the curve from the specified reader.

func (*EllipticPoint6) Set added in v1.1.0 

func (p *EllipticPoint6) Set(clone *EllipticPoint6) *EllipticPoint6

Set copies clone into p.

func (*EllipticPoint6) SetBigInt added in v1.1.0 

func (p *EllipticPoint6) SetBigInt(x, y *big.Int) (*EllipticPoint6, error)

SetBigInt creates a point from affine x, y and returns the point if it is on the curve.

func (*EllipticPoint6) Sub added in v1.1.0 

func (p *EllipticPoint6) Sub(lhs, rhs *EllipticPoint6) *EllipticPoint6

Sub subtracts the two points.

func (*EllipticPoint6) SumOfProducts added in v1.1.0 

func (p *EllipticPoint6) SumOfProducts(points []*EllipticPoint6, scalars []*Field6) (*EllipticPoint6, error)

SumOfProducts computes the multi-exponentiation for the specified points and scalars and stores the result in `p`. Returns an error if the lengths of the arguments is not equal.

func (*EllipticPoint6) ToAffine added in v1.1.0 

func (p *EllipticPoint6) ToAffine(clone *EllipticPoint6) *EllipticPoint6

ToAffine converts the point into affine coordinates.

type EllipticPoint6Arithmetic added in v1.1.0 

type EllipticPoint6Arithmetic interface {
	// Hash a byte sequence to the curve using the specified hasher
	// and dst and store the result in out
	Hash(out *EllipticPoint6, hasher *EllipticPointHasher, bytes, dst []byte) error
	// Double arg and store the result in out
	Double(out, arg *EllipticPoint6)
	// Add arg1 with arg2 and store the result in out
	Add(out, arg1, arg2 *EllipticPoint6)
	// IsOnCurve tests arg if it represents a valid point on the curve
	IsOnCurve(arg *EllipticPoint6) bool
	// ToAffine converts arg to affine coordinates storing the result in out
	ToAffine(out, arg *EllipticPoint6)
	// RhsEquation computes the right-hand side of the ecc equation
	RhsEquation(out, x *Field6)
}

EllipticPoint6Arithmetic are the methods that specific curves need to implement for higher abstractions to wrap the point.

type EllipticPoint6Params added in v1.1.0 

type EllipticPoint6Params struct {
	Name    string
	A       *Field6
	B       *Field6
	Gx      *Field6
	Gy      *Field6
	BitSize int
}

EllipticPoint6Params are the Weierstrauss curve parameters such as the name, the coefficients the generator point, and the prime bit size.

type EllipticPointHashName 

type EllipticPointHashName uint

EllipticPointHashName is to indicate the hash function is used for hash to curve operations. 

const (
	SHA256 EllipticPointHashName = iota
	SHA384
	SHA512
	SHA3_256
	SHA3_384
	SHA3_512
	BLAKE2B
	SHAKE128
	SHAKE256
)

func (EllipticPointHashName) String 

func (n EllipticPointHashName) String() string

type EllipticPointHashType 

type EllipticPointHashType uint

EllipticPointHashType is to indicate which expand operation is used for hash to curve operations. 

const (
	// XMD - use ExpandMsgXmd.
	XMD EllipticPointHashType = iota
	// XOF - use ExpandMsgXof.
	XOF
)

func (EllipticPointHashType) String 

func (t EllipticPointHashType) String() string

type EllipticPointHasher 

type EllipticPointHasher struct {
	// contains filtered or unexported fields
}

EllipticPointHasher is the type of hashing methods for hashing byte sequences to curve point.

func EllipticPointHasherBlake2b 

func EllipticPointHasherBlake2b() *EllipticPointHasher

EllipticPointHasherBlake2b creates a point hasher that uses Blake2b.

func EllipticPointHasherSha256 

func EllipticPointHasherSha256() *EllipticPointHasher

EllipticPointHasherSha256 creates a point hasher that uses Sha256.

func EllipticPointHasherSha3256 

func EllipticPointHasherSha3256() *EllipticPointHasher

EllipticPointHasherSha3256 creates a point hasher that uses Sha3256.

func EllipticPointHasherSha3384 

func EllipticPointHasherSha3384() *EllipticPointHasher

EllipticPointHasherSha3384 creates a point hasher that uses Sha3384.

func EllipticPointHasherSha3512 

func EllipticPointHasherSha3512() *EllipticPointHasher

EllipticPointHasherSha3512 creates a point hasher that uses Sha3512.

func EllipticPointHasherSha384 added in v1.1.0 

func EllipticPointHasherSha384() *EllipticPointHasher

func EllipticPointHasherSha512 

func EllipticPointHasherSha512() *EllipticPointHasher

EllipticPointHasherSha512 creates a point hasher that uses Sha512.

func EllipticPointHasherShake128 

func EllipticPointHasherShake128() *EllipticPointHasher

EllipticPointHasherShake128 creates a point hasher that uses Shake128.

func EllipticPointHasherShake256 

func EllipticPointHasherShake256() *EllipticPointHasher

EllipticPointHasherShake256 creates a point hasher that uses Shake256.

func (*EllipticPointHasher) Name 

func (e *EllipticPointHasher) Name() string

Name returns the hash name for this hasher.

func (*EllipticPointHasher) Type 

func (e *EllipticPointHasher) Type() EllipticPointHashType

Type returns the hash type for this hasher.

func (*EllipticPointHasher) Xmd 

func (e *EllipticPointHasher) Xmd() hash.Hash

Xmd returns the hash method for ExpandMsgXmd.

func (*EllipticPointHasher) Xof 

func (e *EllipticPointHasher) Xof() sha3.ShakeHash

Xof returns the hash method for ExpandMsgXof.

type Field4 added in v1.1.0 

type Field4 struct {
	// Value is the field elements value
	Value [Field4Limbs]uint64
	// Params are the field parameters
	Params *Field4Params
	// Arithmetic are the field methods
	Arithmetic Field4Arithmetic
}

Field4 represents a field element.

func (*Field4) Add added in v1.1.0 

func (f *Field4) Add(lhs, rhs *Field4) *Field4

Add returns the result from adding rhs to this element.

func (*Field4) BigInt added in v1.1.0 

func (f *Field4) BigInt() *big.Int

BigInt converts this element into the big.Int struct.

func (*Field4) Bytes added in v1.1.0 

func (f *Field4) Bytes() [Field4Bytes]byte

Bytes converts this element into a byte representation in little endian byte order.

func (*Field4) CMove added in v1.1.0 

func (f *Field4) CMove(lhs, rhs *Field4, choice int) *Field4

CMove sets f = lhs if choice == 0 and f = rhs if choice == 1.

func (*Field4) Cmp added in v1.1.0 

func (f *Field4) Cmp(rhs *Field4) int

Cmp returns -1 if f < rhs 0 if f == rhs 1 if f > rhs.

func (*Field4) Double added in v1.1.0 

func (f *Field4) Double(a *Field4) *Field4

Double this element.

func (*Field4) Equal added in v1.1.0 

func (f *Field4) Equal(rhs *Field4) int

Equal returns 1 if f == rhs, 0 otherwise.

func (*Field4) Exp added in v1.1.0 

func (f *Field4) Exp(base, exp *Field4) *Field4

Exp raises base^exp.

func (*Field4) Invert added in v1.1.0 

func (f *Field4) Invert(a *Field4) (*Field4, bool)

Invert this element i.e. compute the multiplicative inverse return false, zero if this element is zero.

func (*Field4) IsNonZero added in v1.1.0 

func (f *Field4) IsNonZero() int

IsNonZero returns 1 if f != 0, 0 otherwise.

func (*Field4) IsOne added in v1.1.0 

func (f *Field4) IsOne() int

IsOne returns 1 if f == 1, 0 otherwise.

func (*Field4) IsZero added in v1.1.0 

func (f *Field4) IsZero() int

IsZero returns 1 if f == 0, 0 otherwise.

func (*Field4) Mul added in v1.1.0 

func (f *Field4) Mul(lhs, rhs *Field4) *Field4

Mul returns the result from multiplying this element by rhs.

func (*Field4) Neg added in v1.1.0 

func (f *Field4) Neg(input *Field4) *Field4

Neg returns negation of this element.

func (*Field4) New added in v1.1.0 

func (f *Field4) New() *Field4

New returns a brand new field

func (*Field4) Raw added in v1.1.0 

func (f *Field4) Raw() [Field4Limbs]uint64

Raw converts this element into the a [Field4Limbs]uint64.

func (*Field4) Set added in v1.1.0 

func (f *Field4) Set(rhs *Field4) *Field4

Set f = rhs.

func (*Field4) SetBigInt added in v1.1.0 

func (f *Field4) SetBigInt(bi *big.Int) *Field4

SetBigInt initializes an element from big.Int The value is reduced by the modulus.

func (*Field4) SetBytes added in v1.1.0 

func (f *Field4) SetBytes(input *[Field4Bytes]byte) (*Field4, error)

SetBytes attempts to convert a little endian byte representation of a scalar into a `Fp`, failing if input is not canonical.

func (*Field4) SetBytesWide added in v1.1.0 

func (f *Field4) SetBytesWide(input *[WideField4Bytes]byte) *Field4

SetBytesWide takes 64 bytes as input and treats them as a 512-bit number. Attributed to https://github.com/zcash/pasta_curves/blob/main/src/fields/Fp.rs#L255 We reduce an arbitrary 512-bit number by decomposing it into two 256-bit digits with the higher bits multiplied by 2^256. Thus, we perform two reductions

1. the lower bits are multiplied by r^2, as normal 2. the upper bits are multiplied by r^2 * 2^256 = r^3

and computing their sum in the field. It remains to see that arbitrary 256-bit numbers can be placed into Montgomery form safely using the reduction. The reduction works so long as the product is less than r=2^256 multiplied by the modulus. This holds because for any `c` smaller than the modulus, we have that (2^256 - 1)*c is an acceptable product for the reduction. Therefore, the reduction always works so long as `c` is in the field; in this case it is either the constant `r2` or `r3`.

func (*Field4) SetLimbs added in v1.1.0 

func (f *Field4) SetLimbs(input *[Field4Limbs]uint64) *Field4

SetLimbs converts an array into a field element by converting to montgomery form.

func (*Field4) SetOne added in v1.1.0 

func (f *Field4) SetOne() *Field4

SetOne f = r.

func (*Field4) SetRaw added in v1.1.0 

func (f *Field4) SetRaw(input *[Field4Limbs]uint64) *Field4

SetRaw converts a raw array into a field element Assumes input is already in montgomery form.

func (*Field4) SetUint64 added in v1.1.0 

func (f *Field4) SetUint64(rhs uint64) *Field4

SetUint64 f = rhs.

func (*Field4) SetZero added in v1.1.0 

func (f *Field4) SetZero() *Field4

SetZero f = 0.

func (*Field4) Sqrt added in v1.1.0 

func (f *Field4) Sqrt(a *Field4) (*Field4, bool)

Sqrt this element, if it exists. If true, then value is a square root. If false, value is a QNR.

func (*Field4) Square added in v1.1.0 

func (f *Field4) Square(a *Field4) *Field4

Square this element.

func (*Field4) Sub added in v1.1.0 

func (f *Field4) Sub(lhs, rhs *Field4) *Field4

Sub returns the result from subtracting rhs from this element.

type Field4Arithmetic added in v1.1.0 

type Field4Arithmetic interface {
	// ToMontgomery converts this field to montgomery form
	ToMontgomery(out, arg *[Field4Limbs]uint64)
	// FromMontgomery converts this field from montgomery form
	FromMontgomery(out, arg *[Field4Limbs]uint64)
	// Neg performs modular negation
	Neg(out, arg *[Field4Limbs]uint64)
	// Square performs modular square
	Square(out, arg *[Field4Limbs]uint64)
	// Mul performs modular multiplication
	Mul(out, arg1, arg2 *[Field4Limbs]uint64)
	// Add performs modular addition
	Add(out, arg1, arg2 *[Field4Limbs]uint64)
	// Sub performs modular subtraction
	Sub(out, arg1, arg2 *[Field4Limbs]uint64)
	// Sqrt performs modular square root
	Sqrt(wasSquare *int, out, arg *[Field4Limbs]uint64)
	// Invert performs modular inverse
	Invert(wasInverted *int, out, arg *[Field4Limbs]uint64)
	// FromBytes converts a little endian byte array into a field element
	FromBytes(out *[Field4Limbs]uint64, arg *[Field4Bytes]byte)
	// ToBytes converts a field element to a little endian byte array
	ToBytes(out *[Field4Bytes]byte, arg *[Field4Limbs]uint64)
	// Selectznz performs conditional select.
	// selects arg1 if choice == 0 and arg2 if choice == 1
	Selectznz(out, arg1, arg2 *[Field4Limbs]uint64, choice int)
}

Field4Arithmetic are the methods that can be done on a field.

type Field4Params added in v1.1.0 

type Field4Params struct {
	// R is 2^256 mod Modulus
	R [Field4Limbs]uint64
	// R2 is 2^512 mod Modulus
	R2 [Field4Limbs]uint64
	// R3 is 2^768 mod Modulus
	R3 [Field4Limbs]uint64
	// Modulus of the field
	Modulus [Field4Limbs]uint64
	// Modulus as big.Int
	BiModulus *big.Int
}

Field4Params are the field parameters.

type Field6 added in v1.1.0 

type Field6 struct {
	// Value is the field elements value
	Value [Field6Limbs]uint64
	// Params are the field parameters
	Params *Field6Params
	// Arithmetic are the field methods
	Arithmetic Field6Arithmetic
}

Field6 represents a field element.

func (*Field6) Add added in v1.1.0 

func (f *Field6) Add(lhs, rhs *Field6) *Field6

Add returns the result from adding rhs to this element.

func (*Field6) BigInt added in v1.1.0 

func (f *Field6) BigInt() *big.Int

BigInt converts this element into the big.Int struct.

func (*Field6) Bytes added in v1.1.0 

func (f *Field6) Bytes() [Field6Bytes]byte

Bytes converts this element into a byte representation in little endian byte order.

func (*Field6) CMove added in v1.1.0 

func (f *Field6) CMove(lhs, rhs *Field6, choice int) *Field6

CMove sets f = lhs if choice == 0 and f = rhs if choice == 1.

func (*Field6) Cmp added in v1.1.0 

func (f *Field6) Cmp(rhs *Field6) int

Cmp returns -1 if f < rhs 0 if f == rhs 1 if f > rhs.

func (*Field6) Double added in v1.1.0 

func (f *Field6) Double(a *Field6) *Field6

Double this element.

func (*Field6) Equal added in v1.1.0 

func (f *Field6) Equal(rhs *Field6) int

Equal returns 1 if f == rhs, 0 otherwise.

func (*Field6) Exp added in v1.1.0 

func (f *Field6) Exp(base, exp *Field6) *Field6

Exp raises base^exp.

func (*Field6) Invert added in v1.1.0 

func (f *Field6) Invert(a *Field6) (*Field6, bool)

Invert this element i.e. compute the multiplicative inverse return false, zero if this element is zero.

func (*Field6) IsNonZero added in v1.1.0 

func (f *Field6) IsNonZero() int

IsNonZero returns 1 if f != 0, 0 otherwise.

func (*Field6) IsOne added in v1.1.0 

func (f *Field6) IsOne() int

IsOne returns 1 if f == 1, 0 otherwise.

func (*Field6) IsZero added in v1.1.0 

func (f *Field6) IsZero() int

IsZero returns 1 if f == 0, 0 otherwise.

func (*Field6) Mul added in v1.1.0 

func (f *Field6) Mul(lhs, rhs *Field6) *Field6

Mul returns the result from multiplying this element by rhs.

func (*Field6) MulBy3b added in v1.1.0 

func (f *Field6) MulBy3b(arg *Field6) *Field6

func (*Field6) Neg added in v1.1.0 

func (f *Field6) Neg(input *Field6) *Field6

Neg returns negation of this element.

func (*Field6) New added in v1.1.0 

func (f *Field6) New() *Field6

New returns a brand new field

func (*Field6) Raw added in v1.1.0 

func (f *Field6) Raw() [Field6Limbs]uint64

Raw converts this element into the a [Field4Limbs]uint64.

func (*Field6) Set added in v1.1.0 

func (f *Field6) Set(rhs *Field6) *Field6

Set f = rhs.

func (*Field6) SetBigInt added in v1.1.0 

func (f *Field6) SetBigInt(bi *big.Int) *Field6

SetBigInt initializes an element from big.Int The value is reduced by the modulus.

func (*Field6) SetBytes added in v1.1.0 

func (f *Field6) SetBytes(input *[Field6Bytes]byte) (*Field6, error)

SetBytes attempts to convert a little endian byte representation of a scalar into a `Fp`, failing if input is not canonical.

func (*Field6) SetBytesWide added in v1.1.0 

func (f *Field6) SetBytesWide(input *[WideField6Bytes]byte) *Field6

SetBytesWide takes 96 bytes as input and treats them as a 512-bit number. Attributed to https://github.com/zcash/pasta_curves/blob/main/src/fields/Fp.rs#L255 We reduce an arbitrary 512-bit number by decomposing it into two 256-bit digits with the higher bits multiplied by 2^256. Thus, we perform two reductions

1. the lower bits are multiplied by r^2, as normal 2. the upper bits are multiplied by r^2 * 2^256 = r^3

and computing their sum in the field. It remains to see that arbitrary 256-bit numbers can be placed into Montgomery form safely using the reduction. The reduction works so long as the product is less than r=2^256 multiplied by the modulus. This holds because for any `c` smaller than the modulus, we have that (2^256 - 1)*c is an acceptable product for the reduction. Therefore, the reduction always works so long as `c` is in the field; in this case it is either the constant `r2` or `r3`.

func (*Field6) SetLimbs added in v1.1.0 

func (f *Field6) SetLimbs(input *[Field6Limbs]uint64) *Field6

SetLimbs converts an array into a field element by converting to montgomery form.

func (*Field6) SetOne added in v1.1.0 

func (f *Field6) SetOne() *Field6

SetOne f = r.

func (*Field6) SetRaw added in v1.1.0 

func (f *Field6) SetRaw(input *[Field6Limbs]uint64) *Field6

SetRaw converts a raw array into a field element Assumes input is already in montgomery form.

func (*Field6) SetUint64 added in v1.1.0 

func (f *Field6) SetUint64(rhs uint64) *Field6

SetUint64 f = rhs.

func (*Field6) SetZero added in v1.1.0 

func (f *Field6) SetZero() *Field6

SetZero f = 0.

func (*Field6) Sqrt added in v1.1.0 

func (f *Field6) Sqrt(a *Field6) (*Field6, bool)

Sqrt this element, if it exists. If true, then value is a square root. If false, value is a QNR.

func (*Field6) Square added in v1.1.0 

func (f *Field6) Square(a *Field6) *Field6

Square this element.

func (*Field6) Sub added in v1.1.0 

func (f *Field6) Sub(lhs, rhs *Field6) *Field6

Sub returns the result from subtracting rhs from this element.

type Field6Arithmetic added in v1.1.0 

type Field6Arithmetic interface {
	// ToMontgomery converts this field to montgomery form
	ToMontgomery(out, arg *[Field6Limbs]uint64)
	// FromMontgomery converts this field from montgomery form
	FromMontgomery(out, arg *[Field6Limbs]uint64)
	// Neg performs modular negation
	Neg(out, arg *[Field6Limbs]uint64)
	// Square performs modular square
	Square(out, arg *[Field6Limbs]uint64)
	// Mul performs modular multiplication
	Mul(out, arg1, arg2 *[Field6Limbs]uint64)
	// Add performs modular addition
	Add(out, arg1, arg2 *[Field6Limbs]uint64)
	// Sub performs modular subtraction
	Sub(out, arg1, arg2 *[Field6Limbs]uint64)
	// Sqrt performs modular square root
	Sqrt(wasSquare *int, out, arg *[Field6Limbs]uint64)
	// Invert performs modular inverse
	Invert(wasInverted *int, out, arg *[Field6Limbs]uint64)
	// FromBytes converts a little endian byte array into a field element
	FromBytes(out *[Field6Limbs]uint64, arg *[Field6Bytes]byte)
	// ToBytes converts a field element to a little endian byte array
	ToBytes(out *[Field6Bytes]byte, arg *[Field6Limbs]uint64)
	// Selectznz performs conditional select.
	// selects arg1 if choice == 0 and arg2 if choice == 1
	Selectznz(out, arg1, arg2 *[Field6Limbs]uint64, choice int)
}

Field6Arithmetic are the methods that can be done on a field.

type Field6Params added in v1.1.0 

type Field6Params struct {
	// R is 2^256 mod Modulus
	R [Field6Limbs]uint64
	// R2 is 2^512 mod Modulus
	R2 [Field6Limbs]uint64
	// R3 is 2^768 mod Modulus
	R3 [Field6Limbs]uint64
	// Modulus of the field
	Modulus [Field6Limbs]uint64
	// Modulus as big.Int
	BiModulus *big.Int
}

Field6Params are the field parameters.

type IsogenyParams 

type IsogenyParams struct {
	XNum [][Field4Limbs]uint64
	XDen [][Field4Limbs]uint64
	YNum [][Field4Limbs]uint64
	YDen [][Field4Limbs]uint64
}

IsogenyParams are the parameters needed to map from an isogeny to the main curve.

func (*IsogenyParams) Map 

func (p *IsogenyParams) Map(xIn, yIn *Field4) (x, y *Field4)

Map from the isogeny curve to the main curve using the parameters.

type Sswu4Params added in v1.1.0 

type Sswu4Params struct {
	C1, C2, A, B, Z [Field4Limbs]uint64
}

Sswu4Params for computing the Simplified SWU mapping for hash to curve implementations.

func (*Sswu4Params) Osswu3mod4 added in v1.1.0 

func (p *Sswu4Params) Osswu3mod4(u *Field4) (x, y *Field4)

Osswu3mod4 computes the simplified map optmized for 3 mod 4 primes https://tools.ietf.org/html/draft-irtf-cfrg-hash-to-curve-11#appendix-G.2.1

type Sswu6Params added in v1.1.0 

type Sswu6Params struct {
	C1, C2, A, B, Z [Field6Limbs]uint64
}

func (*Sswu6Params) Osswu3mod4 added in v1.1.0 

func (p *Sswu6Params) Osswu3mod4(u *Field6) (x, y *Field6)

Source Files

View all Source files

Directories

Path Synopsis
fp
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography.
 Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography.
fq
Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography.
 Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Go --no-wide-int --relax-primitive-carry-to-bitwidth 32,64 --cmovznz-by-mul --internal-static --package-case flatcase --public-function-case UpperCamelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case camelCase --no-prefix-fiat --doc-newline-in-typedef-bounds --doc-prepend-header 'Code generated by Fiat Cryptography.
fp
Code generated by Fiat Cryptography.
 Code generated by Fiat Cryptography.
fq
Code generated by Fiat Cryptography.
 Code generated by Fiat Cryptography.
fp
Code generated by Fiat Cryptography.
 Code generated by Fiat Cryptography.
fq
Code generated by Fiat Cryptography.
 Code generated by Fiat Cryptography.
fp
fq

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.