edwards25519

package standard library
go1.17.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2021 License: BSD-3-Clause Imports: 5 Imported by: 0

Documentation

Overview

Package edwards25519 implements group logic for the twisted Edwards curve

-x^2 + y^2 = 1 + -(121665/121666)*x^2*y^2

This is better known as the Edwards curve equivalent to Curve25519, and is the curve used by the Ed25519 signature scheme.

Most users don't need this package, and should instead use crypto/ed25519 for signatures, golang.org/x/crypto/curve25519 for Diffie-Hellman, or github.com/gtank/ristretto255 for prime order group logic.

However, developers who do need to interact with low-level edwards25519 operations can use filippo.io/edwards25519, an extended version of this package repackaged as an importable module.

(Note that filippo.io/edwards25519 and github.com/gtank/ristretto255 are not maintained by the Go team and are not covered by the Go 1 Compatibility Promise.)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Point added in go1.17

type Point struct {
	// contains filtered or unexported fields
}

Point represents a point on the edwards25519 curve.

This type works similarly to math/big.Int, and all arguments and receivers are allowed to alias.

The zero value is NOT valid, and it may be used only as a receiver.

func NewGeneratorPoint added in go1.17

func NewGeneratorPoint() *Point

NewGeneratorPoint returns a new Point set to the canonical generator.

func NewIdentityPoint added in go1.17

func NewIdentityPoint() *Point

NewIdentityPoint returns a new Point set to the identity.

func (*Point) Add added in go1.17

func (v *Point) Add(p, q *Point) *Point

Add sets v = p + q, and returns v.

func (*Point) Bytes added in go1.17

func (v *Point) Bytes() []byte

Bytes returns the canonical 32-byte encoding of v, according to RFC 8032, Section 5.1.2.

func (*Point) Equal added in go1.17

func (v *Point) Equal(u *Point) int

Equal returns 1 if v is equivalent to u, and 0 otherwise.

func (*Point) Negate added in go1.17

func (v *Point) Negate(p *Point) *Point

Negate sets v = -p, and returns v.

func (*Point) ScalarBaseMult added in go1.17

func (v *Point) ScalarBaseMult(x *Scalar) *Point

ScalarBaseMult sets v = x * B, where B is the canonical generator, and returns v.

The scalar multiplication is done in constant time.

func (*Point) ScalarMult added in go1.17

func (v *Point) ScalarMult(x *Scalar, q *Point) *Point

ScalarMult sets v = x * q, and returns v.

The scalar multiplication is done in constant time.

func (*Point) Set added in go1.17

func (v *Point) Set(u *Point) *Point

Set sets v = u, and returns v.

func (*Point) SetBytes added in go1.17

func (v *Point) SetBytes(x []byte) (*Point, error)

SetBytes sets v = x, where x is a 32-byte encoding of v. If x does not represent a valid point on the curve, SetBytes returns nil and an error and the receiver is unchanged. Otherwise, SetBytes returns v.

Note that SetBytes accepts all non-canonical encodings of valid points. That is, it follows decoding rules that match most implementations in the ecosystem rather than RFC 8032.

func (*Point) Subtract added in go1.17

func (v *Point) Subtract(p, q *Point) *Point

Subtract sets v = p - q, and returns v.

func (*Point) VarTimeDoubleScalarBaseMult added in go1.17

func (v *Point) VarTimeDoubleScalarBaseMult(a *Scalar, A *Point, b *Scalar) *Point

VarTimeDoubleScalarBaseMult sets v = a * A + b * B, where B is the canonical generator, and returns v.

Execution time depends on the inputs.

type Scalar added in go1.17

type Scalar struct {
	// contains filtered or unexported fields
}

A Scalar is an integer modulo

l = 2^252 + 27742317777372353535851937790883648493

which is the prime order of the edwards25519 group.

This type works similarly to math/big.Int, and all arguments and receivers are allowed to alias.

The zero value is a valid zero element.

func NewScalar added in go1.17

func NewScalar() *Scalar

NewScalar returns a new zero Scalar.

func (*Scalar) Add added in go1.17

func (s *Scalar) Add(x, y *Scalar) *Scalar

Add sets s = x + y mod l, and returns s.

func (*Scalar) Bytes added in go1.17

func (s *Scalar) Bytes() []byte

Bytes returns the canonical 32-byte little-endian encoding of s.

func (*Scalar) Equal added in go1.17

func (s *Scalar) Equal(t *Scalar) int

Equal returns 1 if s and t are equal, and 0 otherwise.

func (*Scalar) Multiply added in go1.17

func (s *Scalar) Multiply(x, y *Scalar) *Scalar

Multiply sets s = x * y mod l, and returns s.

func (*Scalar) MultiplyAdd added in go1.17

func (s *Scalar) MultiplyAdd(x, y, z *Scalar) *Scalar

MultiplyAdd sets s = x * y + z mod l, and returns s.

func (*Scalar) Negate added in go1.17

func (s *Scalar) Negate(x *Scalar) *Scalar

Negate sets s = -x mod l, and returns s.

func (*Scalar) Set added in go1.17

func (s *Scalar) Set(x *Scalar) *Scalar

Set sets s = x, and returns s.

func (*Scalar) SetBytesWithClamping added in go1.17

func (s *Scalar) SetBytesWithClamping(x []byte) *Scalar

SetBytesWithClamping applies the buffer pruning described in RFC 8032, Section 5.1.5 (also known as clamping) and sets s to the result. The input must be 32 bytes, and it is not modified.

Note that since Scalar values are always reduced modulo the prime order of the curve, the resulting value will not preserve any of the cofactor-clearing properties that clamping is meant to provide. It will however work as expected as long as it is applied to points on the prime order subgroup, like in Ed25519. In fact, it is lost to history why RFC 8032 adopted the irrelevant RFC 7748 clamping, but it is now required for compatibility.

func (*Scalar) SetCanonicalBytes added in go1.17

func (s *Scalar) SetCanonicalBytes(x []byte) (*Scalar, error)

SetCanonicalBytes sets s = x, where x is a 32-byte little-endian encoding of s, and returns s. If x is not a canonical encoding of s, SetCanonicalBytes returns nil and an error, and the receiver is unchanged.

func (*Scalar) SetUniformBytes added in go1.17

func (s *Scalar) SetUniformBytes(x []byte) *Scalar

SetUniformBytes sets s to an uniformly distributed value given 64 uniformly distributed random bytes.

func (*Scalar) Subtract added in go1.17

func (s *Scalar) Subtract(x, y *Scalar) *Scalar

Subtract sets s = x - y mod l, and returns s.

Directories

Path Synopsis
Package field implements fast arithmetic modulo 2^255-19.
Package field implements fast arithmetic modulo 2^255-19.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL