Documentation ¶
Index ¶
- Variables
- func AddVectors(vs ...[]*big.Int) []*big.Int
- func Coefficients(S []*big.Int) []*big.Int
- func InField(x *big.Int) bool
- func IsRoot(m *big.Int, a []*big.Int) bool
- func SRMix(m *big.Int, pads []*big.Int) []*big.Int
- func SRMixPads(kp [][]byte, my int) []*big.Int
- func SharedKeys(kx *KX, ecdhPubs []*x25519.Public, cts []*PQCiphertext, sid []byte, ...) (sr [][][]byte, dc [][]*Vec, err error)
- type KX
- type PQCiphertext
- type PQPublicKey
- type PQSecretKey
- type Vec
Constants ¶
This section is empty.
Variables ¶
var F *big.Int
F is the field prime 2**127 - 1.
Functions ¶
func AddVectors ¶
AddVectors sums each vector element over F, returning a new vector. When peers are honest (DC-mix pads sum to zero) this creates the unpadded vector of message power sums.
func Coefficients ¶
Coefficients calculates a{0}..a{n} for the polynomial:
g(x) = a{0} + a{1}x + a{2}x**2 + ... + a{n-1}x**(n-1) + a{n}x**n (mod F)
where
a{n} = -1 a{n-1} = -(1/1) * a{n}*S{0} a{n-2} = -(1/2) * (a{n-1}*S{0} + a{n}*S{1}) a{n-3} = -(1/3) * (a{n-2}*S{0} + a{n-1}*S{1} + a{n}*S{2}) ...
The roots of this polynomial are the set of recovered messages.
Note that the returned slice of coefficients is one element larger than the slice of partial sums.
func IsRoot ¶
IsRoot checks that the message m is a root of the polynomial with coefficients a (mod F) without solving for every root.
func SRMix ¶
SRMix creates the padded {m**1, m**2, ..., m**n} message exponentials vector. Message must be bounded by the field prime and must be unique to every exponential SR run in a mix session to ensure anonymity.
func SRMixPads ¶
SRMixPads creates a vector of exponential DC-net pads from a vector of shared secrets with each participating peer in the DC-net.
func SharedKeys ¶
func SharedKeys(kx *KX, ecdhPubs []*x25519.Public, cts []*PQCiphertext, sid []byte, msize, run, myvk int, mcounts []int) (sr [][][]byte, dc [][]*Vec, err error)
SharedKeys creates the pairwise SR and DC shared secret keys for mcounts[myvk] mixes. ecdhPubs, cts, and mcounts must all share the same slice length.
Types ¶
type KX ¶
type KX struct { X25519 *x25519.KX PQPublic *[sntrup4591761.PublicKeySize]byte PQSecret *[sntrup4591761.PrivateKeySize]byte PQCleartexts []*[sntrup4591761.SharedKeySize]byte }
KX contains the client public and secret keys to perform shared key exchange with other peers.
func (*KX) Encapsulate ¶
func (kx *KX) Encapsulate(prng io.Reader, pubkeys []*PQPublicKey, my int) ([]*PQCiphertext, error)
Encapsulate performs encapsulation for sntrup4591761 key exchanges with each other peer in the DC-net. It populates the PQCleartexts field of kx and return encrypted cyphertexts of these shared keys.
Encapsulation in the DC-net requires randomness from a CSPRNG seeded by a committed secret; blame assignment is not possible otherwise.
type PQCiphertext ¶
type PQCiphertext = [sntrup4591761.CiphertextSize]byte
Aliases for sntrup4591761 types
type PQPublicKey ¶
type PQPublicKey = [sntrup4591761.PublicKeySize]byte
Aliases for sntrup4591761 types
type PQSecretKey ¶
type PQSecretKey = [sntrup4591761.PrivateKeySize]byte
Aliases for sntrup4591761 types
type Vec ¶
Vec is a N-element vector of Msize []byte messages.
func DCMix ¶
DCMix creates the DC-net vector of message m xor'd into m's reserved anonymous slot position of the pads DC-net pads. Panics if len(m) is not the vector's message size.
func DCMixPads ¶
DCMixPads creates the vector of DC-net pads from shared secrets with each mix participant.
func XorVectors ¶
XorVectors calculates the xor of all vectors. Panics if vectors do not share identical dimensions.