edwards25519

package
v6.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2020 License: BSD-3-Clause Imports: 1 Imported by: 0

Documentation

Overview

Package edwards25519 implements operations in GF(2**255-19) and on an Edwards curve that is isomorphic to curve25519. See http://ed25519.cr.yp.to/.

Package edwards25519 将edwards25519中的差异代码移动到本处进行差异化管理

Index

Constants

This section is empty.

Variables

View Source 
var A = FieldElement{
	486662, 0, 0, 0, 0, 0, 0, 0, 0, 0,
}

A ...

View Source 
var SqrtM1 = FieldElement{
	-32595792, -7943725, 9377950, 3500415, 12389472, -272473, -25146209, -2005654, 326686, 11406482,
}

SqrtM1 ...

Functions

func CachedGroupElementCMove 

func CachedGroupElementCMove(t, u *CachedGroupElement, b int32)

CachedGroupElementCMove ...

func FeAdd 

func FeAdd(dst, a, b *FieldElement)

FeAdd +

func FeCMove 

func FeCMove(f, g *FieldElement, b int32)

FeCMove Preconditions: b in {0,1}.

func FeCombine 

func FeCombine(h *FieldElement, h0, h1, h2, h3, h4, h5, h6, h7, h8, h9 int64)

FeCombine 拼接

func FeCopy 

func FeCopy(dst, src *FieldElement)

FeCopy 复制

func FeDivPowm1 

func FeDivPowm1(r, u, v *FieldElement)

FeDivPowm1 ...

func FeFromBytes 

func FeFromBytes(dst *FieldElement, src *[32]byte)

FeFromBytes ...

func FeInvert 

func FeInvert(out, z *FieldElement)

FeInvert 反转

func FeIsNegative 

func FeIsNegative(f *FieldElement) byte

FeIsNegative 是否为负

func FeIsNegativeV1 

func FeIsNegativeV1(f *FieldElement) byte

FeIsNegativeV1 是否为负

func FeIsNonZero 

func FeIsNonZero(f *FieldElement) int32

FeIsNonZero 是否为非0

func FeIsNonZeroV1 

func FeIsNonZeroV1(f *FieldElement) int32

FeIsNonZeroV1 是否非0

func FeMul 

func FeMul(h, f, g *FieldElement)

FeMul calculates h = f * g Can overlap h with f or g.

Preconditions: 

|f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
|g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.

Postconditions: 

|h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.

Notes on implementation strategy:

Using schoolbook multiplication. Karatsuba would save a little in some cost models.

Most multiplications by 2 and 19 are 32-bit precomputations; cheaper than 64-bit postcomputations.

There is one remaining multiplication by 19 in the carry chain; one *19 precomputation can be merged into this, but the resulting data flow is considerably less clean.

There are 12 carries below. 10 of them are 2-way parallelizable and vectorizable. Can get away with 11 carries, but then data flow is much deeper.

With tighter constraints on inputs can squeeze carries into int32.

func FeNeg 

func FeNeg(h, f *FieldElement)

FeNeg sets h = -f Preconditions: 

|f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.

Postconditions: 

|h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.

func FeOne 

func FeOne(fe *FieldElement)

FeOne 1

func FeSquare 

func FeSquare(h, f *FieldElement)

FeSquare calculates h = f*f. Can overlap h with f.

Preconditions: 

|f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.

Postconditions: 

|h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.

func FeSquare2 

func FeSquare2(h, f *FieldElement)

FeSquare2 sets h = 2 * f * f

Can overlap h with f.

Preconditions: 

|f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.

Postconditions: 

|h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.

See fe_mul.c for discussion of implementation strategy.

func FeSub 

func FeSub(dst, a, b *FieldElement)

FeSub -

func FeToBytes 

func FeToBytes(s *[32]byte, h *FieldElement)

FeToBytes marshals h to s. Preconditions: 

|h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.

Write p=2^255-19; q=floor(h/p). Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).

Proof: 

Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.

Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
Then 0<y<1.

Write r=h-pq.
Have 0<=r<=p-1=2^255-20.
Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.

Write x=r+19(2^-255)r+y.
Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.

Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.

func FeToBytesV1 

func FeToBytesV1(s *[32]byte, h *FieldElement)

FeToBytesV1 ...

func FeZero 

func FeZero(fe *FieldElement)

FeZero 0

func GeAdd 

func GeAdd(r *CompletedGroupElement, p *ExtendedGroupElement, q *CachedGroupElement)

GeAdd +

func GeDoubleScalarMultVartime 

func GeDoubleScalarMultVartime(r *ProjectiveGroupElement, a *[32]byte, A *ExtendedGroupElement, b *[32]byte)

GeDoubleScalarMultVartime sets r = a*A + b*B where a = a[0]+256*a[1]+...+256^31 a[31]. and b = b[0]+256*b[1]+...+256^31 b[31]. B is the Ed25519 base point (x,4/5) with x positive.

func GeDoubleScalarmultPrecompVartime 

func GeDoubleScalarmultPrecompVartime(r *ProjectiveGroupElement, a *[32]byte, A *ExtendedGroupElement, b *[32]byte, Bi *DsmPreCompGroupElement)

GeDoubleScalarmultPrecompVartime ...

func GeDsmPrecomp 

func GeDsmPrecomp(r *DsmPreCompGroupElement, s *ExtendedGroupElement)

GeDsmPrecomp ...

func GeFromBytesVartime 

func GeFromBytesVartime(p *ExtendedGroupElement, s *[32]byte) bool

GeFromBytesVartime ...

func GeScalarMult 

func GeScalarMult(r *ProjectiveGroupElement, a *[32]byte, A *ExtendedGroupElement)

GeScalarMult Preconditions: 

a[31] <= 127

func GeScalarMultBase 

func GeScalarMultBase(h *ExtendedGroupElement, a *[32]byte)

GeScalarMultBase computes h = a*B, where 

a = a[0]+256*a[1]+...+256^31 a[31]
B is the Ed25519 base point (x,4/5) with x positive.

Preconditions: 

a[31] <= 127

func HashToEc 

func HashToEc(key []byte, res *ExtendedGroupElement)

HashToEc ...

func PreComputedGroupElementCMove 

func PreComputedGroupElementCMove(t, u *PreComputedGroupElement, b int32)

PreComputedGroupElementCMove ...

func ScAdd 

func ScAdd(out *[32]byte, a, b *[32]byte)

ScAdd Input: 

s[0]+256*s[1]+...+256^31*s[31] = a
s[0]+256*s[1]+...+256^31*s[31] = b

ProtoToJson: 

s[0]+256*s[1]+...+256^31*s[31] = a+b mod l
where l = 2^252 + 27742317777372353535851937790883648493.

func ScCheck 

func ScCheck(s *[32]byte) bool

ScCheck 检查

func ScIsNonZero 

func ScIsNonZero(s *[32]byte) int32

ScIsNonZero ...

func ScMulAdd 

func ScMulAdd(s, a, b, c *[32]byte)

ScMulAdd The scalars are GF(2^252 + 27742317777372353535851937790883648493). Input: 

a[0]+256*a[1]+...+256^31*a[31] = a
b[0]+256*b[1]+...+256^31*b[31] = b
c[0]+256*c[1]+...+256^31*c[31] = c

ProtoToJson: 

s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
where l = 2^252 + 27742317777372353535851937790883648493.

func ScMulSub 

func ScMulSub(s, a, b, c *[32]byte)

ScMulSub The scalars are GF(2^252 + 27742317777372353535851937790883648493). Input: 

a[0]+256*a[1]+...+256^31*a[31] = a
b[0]+256*b[1]+...+256^31*b[31] = b
c[0]+256*c[1]+...+256^31*c[31] = c

ProtoToJson: 

s[0]+256*s[1]+...+256^31*s[31] = (c-ab) mod l
where l = 2^252 + 27742317777372353535851937790883648493.

func ScReduce 

func ScReduce(out *[32]byte, s *[64]byte)

ScReduce Input: 

s[0]+256*s[1]+...+256^63*s[63] = s

ProtoToJson: 

s[0]+256*s[1]+...+256^31*s[31] = s mod l
where l = 2^252 + 27742317777372353535851937790883648493.

func ScSub 

func ScSub(out *[32]byte, a, b *[32]byte)

ScSub Input: 

s[0]+256*s[1]+...+256^31*s[31] = a
s[0]+256*s[1]+...+256^31*s[31] = b

ProtoToJson: 

s[0]+256*s[1]+...+256^31*s[31] = a-b mod l
where l = 2^252 + 27742317777372353535851937790883648493.

Types

type CachedGroupElement 

type CachedGroupElement struct {
	Z, T2d FieldElement
	// contains filtered or unexported fields
}

CachedGroupElement 缓存

func (*CachedGroupElement) Zero 

func (c *CachedGroupElement) Zero()

Zero 0

type CompletedGroupElement 

type CompletedGroupElement struct {
	X, Y, Z, T FieldElement
}

CompletedGroupElement ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T

func (*CompletedGroupElement) ToExtended 

func (p *CompletedGroupElement) ToExtended(r *ExtendedGroupElement)

ToExtended 扩展

func (*CompletedGroupElement) ToProjective 

func (p *CompletedGroupElement) ToProjective(r *ProjectiveGroupElement)

ToProjective ...

type DsmPreCompGroupElement 

type DsmPreCompGroupElement [8]CachedGroupElement

DsmPreCompGroupElement ...

type ExtendedGroupElement 

type ExtendedGroupElement struct {
	X, Y, Z, T FieldElement
}

ExtendedGroupElement (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT

func (*ExtendedGroupElement) Double 

func (p *ExtendedGroupElement) Double(r *CompletedGroupElement)

Double x2

func (*ExtendedGroupElement) FromBytes 

func (p *ExtendedGroupElement) FromBytes(s *[32]byte) bool

FromBytes ...

func (*ExtendedGroupElement) FromCompletedGroupElement 

func (e *ExtendedGroupElement) FromCompletedGroupElement(p *CompletedGroupElement)

FromCompletedGroupElement ...

func (*ExtendedGroupElement) ToBytes 

func (p *ExtendedGroupElement) ToBytes(s *[32]byte)

ToBytes 字节化

func (*ExtendedGroupElement) ToCached 

func (p *ExtendedGroupElement) ToCached(r *CachedGroupElement)

ToCached 缓存

func (*ExtendedGroupElement) ToProjective 

func (p *ExtendedGroupElement) ToProjective(r *ProjectiveGroupElement)

ToProjective ...

func (*ExtendedGroupElement) Zero 

func (p *ExtendedGroupElement) Zero()

Zero 0

type FieldElement 

type FieldElement [10]int32

FieldElement represents an element of the field GF(2^255 - 19). An element t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on context.

type PreComputedGroupElement 

type PreComputedGroupElement struct {
	// contains filtered or unexported fields
}

PreComputedGroupElement (y+x,y-x,2dxy)

func (*PreComputedGroupElement) Zero 

func (p *PreComputedGroupElement) Zero()

Zero 0

type ProjectiveGroupElement 

type ProjectiveGroupElement struct {
	X, Y, Z FieldElement
}

ProjectiveGroupElement (X:Y:Z) satisfying x=X/Z, y=Y/Z

func (*ProjectiveGroupElement) Double 

func (p *ProjectiveGroupElement) Double(r *CompletedGroupElement)

Double x2

func (*ProjectiveGroupElement) ToBytes 

func (p *ProjectiveGroupElement) ToBytes(s *[32]byte)

ToBytes ...

func (*ProjectiveGroupElement) Zero 

func (p *ProjectiveGroupElement) Zero()

Zero 0

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.