Documentation ¶
Index ¶
- Constants
- Variables
- func IsEven(x *big.Int) bool
- type AffinePoint
- type Ed25519
- func (e Ed25519) Add(a, b group.Element) group.Element
- func (e Ed25519) BasePointMult(s *big.Int) group.Element
- func (e Ed25519) ConstM() group.Element
- func (e Ed25519) ConstN() group.Element
- func (e Ed25519) ConstS() group.Element
- func (e Ed25519) ElementFromBytes(b []byte) (group.Element, error)
- func (e Ed25519) ElementSize() int
- func (e Ed25519) ElementToBytes(i group.Element) []byte
- func (e Ed25519) Order() *big.Int
- func (e Ed25519) PasswordToScalar(pw []byte) *big.Int
- func (e Ed25519) RandomScalar() (*big.Int, error)
- func (e Ed25519) ScalarMult(a group.Element, s *big.Int) group.Element
- type ExtendedPoint
- func (e ExtendedPoint) Add(b group.Element) group.Element
- func (e *ExtendedPoint) Cmp(other *ExtendedPoint) int
- func (e ExtendedPoint) Double() ExtendedPoint
- func (e ExtendedPoint) Negate() group.Element
- func (e ExtendedPoint) ScalarMult(s *big.Int) group.Element
- func (e *ExtendedPoint) ScalarMultFast(s *big.Int) ExtendedPoint
- func (e *ExtendedPoint) ScalarMultSlow(s *big.Int) ExtendedPoint
- func (e ExtendedPoint) String() string
- func (e *ExtendedPoint) ToAffine() AffinePoint
- type NotOnCurve
Constants ¶
const (
// ScalarSize is size of the scalar in bits
ScalarSize = 32
)
Variables ¶
var ( // Q is the order of group which is 2^255 - 19 Q = q() // L is the order of subgroup which is 2^252 + 27742317777372353535851937790883648493 L = l() // D is a constant TODO: fix the documentation D = d() // By is y co-ordinate of base point By = by() // Bx is X co-ordinate of the base point Bx = bx() // I is constant TODO fix the documentation I = i() // B is curve base point (generator point) in Affine form B = b() // Base is curve base point (generator point) in extended form Base = base() // Zero is identity element in extended co-ordinate system Zero = extendedZero() )
Functions ¶
Types ¶
type AffinePoint ¶
AffinePoint is original representation of points on twisted edwards curve
func NewAffinePoint ¶
func NewAffinePoint(x, y string, base int) AffinePoint
NewAffinePoint creates new affine point with big integer's given in string format and of provided base.
func (*AffinePoint) Compress ¶
func (a *AffinePoint) Compress() []byte
Compress encodes the Affine Point into 32 byte little-endian b255 is the sign
func (*AffinePoint) Decompress ¶
func (a *AffinePoint) Decompress(s []byte) error
Decompress reconstructs the AffinePoint from given 32 byte which is considered as Y co-ordinate compressed using Compress function above
func (*AffinePoint) IsOnCurve ¶
func (a *AffinePoint) IsOnCurve() bool
IsOnCurve returns true if the given point is on curve
func (AffinePoint) String ¶
func (a AffinePoint) String() string
func (*AffinePoint) ToExtended ¶
func (a *AffinePoint) ToExtended() ExtendedPoint
ToExtended converts AffinePoint to ExtendedPoint representation
type Ed25519 ¶
type Ed25519 struct{}
Ed25519 is a group over twisted Edwards curve
func (Ed25519) BasePointMult ¶
BasePointMult multiplies given scalar s to Base point of the curve and returns the result as big.Int
func (Ed25519) ConstM ¶
ConstM returns the constant M used in SPAKE2 calculation Value returned by this function is calculated using following python code from python-spake2 module
from spake2.parameters.ed25519 import ParamsEd25519 from spake2.ed25519_basic import bytes_to_scalar bytes_to_scalar(ParamsEd25519.M.to_bytes())
func (Ed25519) ConstN ¶
ConstN returns the constant N used in SPAKE2 calculation Value returned by this function is calculated using following python code from python-spake2 module
from spake2.parameters.ed25519 import ParamsEd25519 from spake2.ed25519_basic import bytes_to_scalar bytes_to_scalar(ParamsEd25519.N.to_bytes())
func (Ed25519) ConstS ¶
ConstS returns the constant S used in SPAKE2 calculation in symmetric mode Value returned by this function is calculated using following python code from python-spake2 module
from spake2.parameters.ed25519 import ParamsEd25519 from spake2.ed25519_basic import bytes_to_scalar bytes_to_scalar(ParamsEd25519.S.to_bytes())
func (Ed25519) ElementFromBytes ¶
ElementFromBytes creates Ed25519 group element from given byte slice
func (Ed25519) ElementSize ¶
ElementSize returns the size of group element in bytes
func (Ed25519) ElementToBytes ¶
ElementToBytes convert Ed25519 point to array of bytes
func (Ed25519) PasswordToScalar ¶
PasswordToScalar expands given password bytes to ScalarSize + 16 and then reduces result to curve order.and returns big.Int resulting from the final bytes.
func (Ed25519) RandomScalar ¶
RandomScalar returns a random scalar which is on curve. For reducing bias to safe level function reads extra 256 bits and then reduces point to curve.
type ExtendedPoint ¶
ExtendedPoint represents co-ordinate on twisted edwards curve derived from Affine Points
func AddNonUnified ¶
func AddNonUnified(a, b *ExtendedPoint) ExtendedPoint
AddNonUnified adds 2 point on elliptic curve and returns the resulting extended co-ordinate. This is based on add-2008-hwcd-4 and only for a != b. This is 10% faster than Add and safe to use in ScalarMult if points of order 1/2/4/8 are not used
func AddUnified ¶
func AddUnified(a, b *ExtendedPoint) ExtendedPoint
AddUnified adds 2 extended co-ordinates and returns resulting extended co-ordinate. This is implemented using add-2008-hwcd-3. It is slightly slower than add-2008-hwcd-4 but is unified and is safe for general purpose addition
func NewExtendedPoint ¶
func NewExtendedPoint(x, y, z, t string, base int) ExtendedPoint
NewExtendedPoint creates ExtendedPoint with given x,y,z,t arguments as string and base of the integer
func (ExtendedPoint) Add ¶
func (e ExtendedPoint) Add(b group.Element) group.Element
Add implements the group.Element interface and adds 2 ExtendedPoint and returns the resulting point as type Element
func (*ExtendedPoint) Cmp ¶
func (e *ExtendedPoint) Cmp(other *ExtendedPoint) int
Cmp compares 2 points in CompressedEdwardsY (i.e. 32 byte format representing Y co-ordinate) form and returns integer. The result will be 0 if e == other, -1 if e < other and +1 if e > other
func (ExtendedPoint) Double ¶
func (e ExtendedPoint) Double() ExtendedPoint
Double doubles given extended point. Given point P this function returns 2P. This is dbl-2008-hwcd implementation from http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html
func (ExtendedPoint) Negate ¶
func (e ExtendedPoint) Negate() group.Element
Negate negates given point e and returns -e
func (ExtendedPoint) ScalarMult ¶
func (e ExtendedPoint) ScalarMult(s *big.Int) group.Element
ScalarMult multiplies given scalar to point on elliptic curve and returns the resutling point
func (*ExtendedPoint) ScalarMultFast ¶
func (e *ExtendedPoint) ScalarMultFast(s *big.Int) ExtendedPoint
ScalarMultFast multiplies a scalar (Integer) to the point on elliptic curve (Extended Co-ordinate) and reutns the resulting point. This form only works properly when given points that are member of the main 1*L subgroup. It will give incorrect answers when called with the points of order 1/2/4/6/8, including point Zero.
func (*ExtendedPoint) ScalarMultSlow ¶
func (e *ExtendedPoint) ScalarMultSlow(s *big.Int) ExtendedPoint
ScalarMultSlow multiplies a scalar (Integer) to the point on elliptic curve (Extended Co-ordinate) and reutns the resulting point. This form is slightly slower, but tolerates arbitrary points, including those which are not in the main 1*L subgroup. This includes points of order 1 (the neutral element Zero), 2, 4, 6, 8
func (ExtendedPoint) String ¶
func (e ExtendedPoint) String() string
func (*ExtendedPoint) ToAffine ¶
func (e *ExtendedPoint) ToAffine() AffinePoint
ToAffine converts ExtendedPoint back to AffinePoint representation
type NotOnCurve ¶
type NotOnCurve struct{}
NotOnCurve is error emmited when the point got is not on the curve
func (*NotOnCurve) Error ¶
func (n *NotOnCurve) Error() string