kyber: go.dedis.ch/kyber/group/curve25519

## package curve25519

`import "go.dedis.ch/kyber/group/curve25519"`

Package curve25519 contains several implementations of Twisted Edwards Curves, from general and unoptimized to highly specialized and optimized.

Twisted Edwards curves are elliptic curves satisfying the equation:

```ax^2 + y^2 = c^2(1 + dx^2y^2)
```

for some scalars c, d over some field K. We assume K is a (finite) prime field for a large prime p. We also assume c == 1 because all curves in the generalized form are isomorphic to curves having c == 1.

For details see Bernstein et al, "Twisted Edwards Curves", http://eprint.iacr.org/2008/013.pdf

### type ExtendedCurve¶Uses

```type ExtendedCurve struct {
// contains filtered or unexported fields
}```

ExtendedCurve implements Twisted Edwards curves using the Extended Coordinate representation specified in: Hisil et al, "Twisted Edwards Curves Revisited", http://eprint.iacr.org/2008/522

This implementation is designed to work with all Twisted Edwards curves, foregoing the further optimizations that are available for the special case with curve parameter a=-1. We leave the task of hyperoptimization to curve-specific implementations such as the ed25519 package.

#### func (*ExtendedCurve) Init¶Uses

`func (c *ExtendedCurve) Init(p *Param, fullGroup bool) *ExtendedCurve`

Init initializes the curve with given parameters.

#### func (*ExtendedCurve) IsPrimeOrder¶Uses

`func (c *ExtendedCurve) IsPrimeOrder() bool`

#### func (*ExtendedCurve) NewKey¶Uses

`func (c *ExtendedCurve) NewKey(stream cipher.Stream) kyber.Scalar`

NewKey returns a formatted curve25519 key (avoiding subgroup attack by requiring it to be a multiple of 8). NewKey implements the kyber/util/key.Generator interface.

#### func (*ExtendedCurve) Point¶Uses

`func (c *ExtendedCurve) Point() kyber.Point`

Point creates a new Point on this curve.

#### func (*ExtendedCurve) PointLen¶Uses

`func (c *ExtendedCurve) PointLen() int`

Returns the size in bytes of an encoded Point on this curve. Uses compressed representation consisting of the y-coordinate and only the sign bit of the x-coordinate.

#### func (*ExtendedCurve) Scalar¶Uses

`func (c *ExtendedCurve) Scalar() kyber.Scalar`

Create a new Scalar for this curve.

#### func (*ExtendedCurve) ScalarLen¶Uses

`func (c *ExtendedCurve) ScalarLen() int`

Returns the size in bytes of an encoded Scalar for this curve.

#### func (*ExtendedCurve) String¶Uses

`func (c *ExtendedCurve) String() string`

### type Param¶Uses

```type Param struct {
Name string // Name of curve

P   big.Int // Prime defining the underlying field
Q   big.Int // Order of the prime-order base point
R   int     // Cofactor: Q*R is the total size of the curve

A, D big.Int // Edwards curve equation parameters

FBX, FBY big.Int // Standard base point for full group
PBX, PBY big.Int // Standard base point for prime-order subgroup

Elligator1s big.Int // Optional s parameter for Elligator 1
Elligator2u big.Int // Optional u parameter for Elligator 2
}```

Param defines a Twisted Edwards curve (TEC).

#### func Param1174¶Uses

`func Param1174() *Param`

Param1174 defines Curve1174, as specified in: Bernstein et al, "Elligator: Elliptic-curve points indistinguishable from uniform random strings" http://elligator.cr.yp.to/elligator-20130828.pdf

#### func Param25519¶Uses

`func Param25519() *Param`

Param25519 defines the Edwards version of Curve25519, as specified in: Bernstein et al, "High-speed high-security signatures", http://ed25519.cr.yp.to/ed25519-20110926.pdf

#### func Param41417¶Uses

`func Param41417() *Param`

Param41417 defines the Curve41417 curve, as specified in: Bernstein et al, "Curve41417: Karatsuba revisited", http://eprint.iacr.org/2014/526.pdf

#### func ParamE382¶Uses

`func ParamE382() *Param`

ParamE382 defines the E-382 curve specified in: Aranha et al, "A note on high-security general-purpose elliptic curves", http://eprint.iacr.org/2013/647.pdf

and more recently in:

"Additional Elliptic Curves for IETF protocols" http://tools.ietf.org/html/draft-ladd-safecurves-02 (this I-D is now expired)

#### func ParamE521¶Uses

`func ParamE521() *Param`

ParamE521 defines the E-521 curve specified in: Aranha et al, "A note on high-security general-purpose elliptic curves", http://eprint.iacr.org/2013/647.pdf

and more recently included in: "Additional Elliptic Curves for IETF protocols" http://tools.ietf.org/html/draft-ladd-safecurves-02

#### func (*Param) String¶Uses

`func (p *Param) String() string`

Return the name of this curve.

### type ProjectiveCurve¶Uses

```type ProjectiveCurve struct {
// contains filtered or unexported fields
}```

ProjectiveCurve implements Twisted Edwards curves using projective coordinate representation (X:Y:Z), satisfying the identities x = X/Z, y = Y/Z. This representation still supports all Twisted Edwards curves and avoids expensive modular inversions on the critical paths. Uses the projective arithmetic formulas in: http://cr.yp.to/newelliptic/newelliptic-20070906.pdf

#### func (*ProjectiveCurve) Init¶Uses

`func (c *ProjectiveCurve) Init(p *Param, fullGroup bool) *ProjectiveCurve`

Init initializes the curve with given parameters.

#### func (*ProjectiveCurve) IsPrimeOrder¶Uses

`func (c *ProjectiveCurve) IsPrimeOrder() bool`

#### func (*ProjectiveCurve) NewKey¶Uses

`func (c *ProjectiveCurve) NewKey(stream cipher.Stream) kyber.Scalar`

NewKey returns a formatted curve25519 key (avoiding subgroup attack by requiring it to be a multiple of 8). NewKey implements the kyber/util/key.Generator interface.

#### func (*ProjectiveCurve) Point¶Uses

`func (c *ProjectiveCurve) Point() kyber.Point`

Point creates a new Point on this curve.

#### func (*ProjectiveCurve) PointLen¶Uses

`func (c *ProjectiveCurve) PointLen() int`

Returns the size in bytes of an encoded Point on this curve. Uses compressed representation consisting of the y-coordinate and only the sign bit of the x-coordinate.

#### func (*ProjectiveCurve) Scalar¶Uses

`func (c *ProjectiveCurve) Scalar() kyber.Scalar`

Create a new Scalar for this curve.

#### func (*ProjectiveCurve) ScalarLen¶Uses

`func (c *ProjectiveCurve) ScalarLen() int`

Returns the size in bytes of an encoded Scalar for this curve.

#### func (*ProjectiveCurve) String¶Uses

`func (c *ProjectiveCurve) String() string`

### type SuiteCurve25519¶Uses

```type SuiteCurve25519 struct {
ProjectiveCurve
}```

SuiteCurve25519 is the suite for the 25519 curve

#### func NewBlakeSHA256Curve25519¶Uses

`func NewBlakeSHA256Curve25519(fullGroup bool) *SuiteCurve25519`

NewBlakeSHA256Curve25519 returns a cipher suite based on package go.dedis.ch/kyber/v3/xof/blake2xb, SHA-256, and Curve25519.

If fullGroup is false, then the group is the prime-order subgroup.

The scalars created by this group implement kyber.Scalar's SetBytes method, interpreting the bytes as a big-endian integer, so as to be compatible with the Go standard library's big.Int type.

#### func (*SuiteCurve25519) Hash¶Uses

`func (s *SuiteCurve25519) Hash() hash.Hash`

Hash returns the instance associated with the suite

#### func (*SuiteCurve25519) IsPrimeOrder¶Uses

`func (c *SuiteCurve25519) IsPrimeOrder() bool`

#### func (*SuiteCurve25519) New¶Uses

`func (s *SuiteCurve25519) New(t reflect.Type) interface{}`

New implements the kyber.encoding interface

#### func (*SuiteCurve25519) NewKey¶Uses

`func (c *SuiteCurve25519) NewKey(stream cipher.Stream) kyber.Scalar`

NewKey returns a formatted curve25519 key (avoiding subgroup attack by requiring it to be a multiple of 8). NewKey implements the kyber/util/key.Generator interface.

#### func (*SuiteCurve25519) PointLen¶Uses

`func (c *SuiteCurve25519) PointLen() int`

Returns the size in bytes of an encoded Point on this curve. Uses compressed representation consisting of the y-coordinate and only the sign bit of the x-coordinate.

#### func (*SuiteCurve25519) RandomStream¶Uses

`func (s *SuiteCurve25519) RandomStream() cipher.Stream`

RandomStream returns a cipher.Stream that returns a key stream from crypto/rand.

`func (s *SuiteCurve25519) Read(r io.Reader, objs ...interface{}) error`

#### func (*SuiteCurve25519) Scalar¶Uses

`func (c *SuiteCurve25519) Scalar() kyber.Scalar`

Create a new Scalar for this curve.

#### func (*SuiteCurve25519) ScalarLen¶Uses

`func (c *SuiteCurve25519) ScalarLen() int`

Returns the size in bytes of an encoded Scalar for this curve.

#### func (*SuiteCurve25519) String¶Uses

`func (c *SuiteCurve25519) String() string`

#### func (*SuiteCurve25519) Write¶Uses

`func (s *SuiteCurve25519) Write(w io.Writer, objs ...interface{}) error`

#### func (*SuiteCurve25519) XOF¶Uses

`func (s *SuiteCurve25519) XOF(seed []byte) kyber.XOF`

XOF creates the XOF associated with the suite

Package curve25519 imports 16 packages (graph). Updated 2019-12-02. Refresh now. Tools for package owners.