Documentation ¶
Index ¶
- func MakeInt(s Scalar) *saferith.Int
- type Curve
- type Edwards25519
- type Edwards25519Point
- func (p *Edwards25519Point) Add(that Point) Point
- func (*Edwards25519Point) Curve() Curve
- func (p *Edwards25519Point) Equal(that Point) bool
- func (p *Edwards25519Point) HasEvenY() bool
- func (p *Edwards25519Point) IsIdentity() bool
- func (p *Edwards25519Point) MarshalBinary() ([]byte, error)
- func (p *Edwards25519Point) Negate() Point
- func (p *Edwards25519Point) Set(that Point) Point
- func (p *Edwards25519Point) Sub(that Point) Point
- func (p *Edwards25519Point) UnmarshalBinary(data []byte) error
- func (p *Edwards25519Point) XScalar() Scalar
- func (p *Edwards25519Point) YScalar() Scalar
- type Edwards25519Scalar
- func (s *Edwards25519Scalar) Act(that Point) Point
- func (s *Edwards25519Scalar) ActOnBase() Point
- func (s *Edwards25519Scalar) Add(that Scalar) Scalar
- func (s *Edwards25519Scalar) Bytes() []byte
- func (*Edwards25519Scalar) Curve() Curve
- func (s *Edwards25519Scalar) Equal(that Scalar) bool
- func (s *Edwards25519Scalar) Invert() Scalar
- func (s *Edwards25519Scalar) IsZero() bool
- func (s *Edwards25519Scalar) MarshalBinary() ([]byte, error)
- func (s *Edwards25519Scalar) Mul(that Scalar) Scalar
- func (s *Edwards25519Scalar) Negate() Scalar
- func (s *Edwards25519Scalar) Set(that Scalar) Scalar
- func (s *Edwards25519Scalar) SetNat(x *saferith.Nat) Scalar
- func (s *Edwards25519Scalar) Sub(that Scalar) Scalar
- func (s *Edwards25519Scalar) UnmarshalBinary(data []byte) error
- type Point
- type Scalar
- type Secp256k1
- func (Secp256k1) LiftX(data []byte) (*Secp256k1Point, error)
- func (Secp256k1) Name() string
- func (Secp256k1) NewBasePoint() Point
- func (Secp256k1) NewPoint() Point
- func (Secp256k1) NewScalar() Scalar
- func (Secp256k1) Order() *saferith.Modulus
- func (Secp256k1) SafeScalarBytes() int
- func (Secp256k1) ScalarBits() int
- type Secp256k1Point
- func (p *Secp256k1Point) Add(that Point) Point
- func (*Secp256k1Point) Curve() Curve
- func (p *Secp256k1Point) Equal(that Point) bool
- func (p *Secp256k1Point) HasEvenY() bool
- func (p *Secp256k1Point) IsIdentity() bool
- func (p *Secp256k1Point) MarshalBinary() ([]byte, error)
- func (p *Secp256k1Point) Negate() Point
- func (p *Secp256k1Point) Set(that Point) Point
- func (p *Secp256k1Point) Sub(that Point) Point
- func (p *Secp256k1Point) UnmarshalBinary(data []byte) error
- func (p *Secp256k1Point) XScalar() Scalar
- func (p *Secp256k1Point) YScalar() Scalar
- type Secp256k1Scalar
- func (s *Secp256k1Scalar) Act(that Point) Point
- func (s *Secp256k1Scalar) ActOnBase() Point
- func (s *Secp256k1Scalar) Add(that Scalar) Scalar
- func (s *Secp256k1Scalar) Bytes() []byte
- func (*Secp256k1Scalar) Curve() Curve
- func (s *Secp256k1Scalar) Equal(that Scalar) bool
- func (s *Secp256k1Scalar) Invert() Scalar
- func (s *Secp256k1Scalar) IsZero() bool
- func (s *Secp256k1Scalar) MarshalBinary() ([]byte, error)
- func (s *Secp256k1Scalar) Mul(that Scalar) Scalar
- func (s *Secp256k1Scalar) Negate() Scalar
- func (s *Secp256k1Scalar) Set(that Scalar) Scalar
- func (s *Secp256k1Scalar) SetNat(x *saferith.Nat) Scalar
- func (s *Secp256k1Scalar) Sub(that Scalar) Scalar
- func (s *Secp256k1Scalar) UnmarshalBinary(data []byte) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Curve ¶
type Curve interface { // NewPoint creates an identity point. NewPoint() Point // NewBasePoint creates the generator of this group. NewBasePoint() Point // NewScalar creates a scalar with the value of 0. NewScalar() Scalar // Name returns the name of this curve. // // This should be unique between curves. Name() string // ScalarBits returns the number of significant bits in a scalar. ScalarBits() int // SafeScalarBytes returns the number of random bytes need to sample a scalar through modular reduction. // // Usually, this is going to be the number of bytes in the scalar, plus an extra // security parameters worth of bytes, say 32. This is to make sure that the modular // reduction doesn't introduce any bias. SafeScalarBytes() int // Order returns a Modulus holding order of this group. Order() *saferith.Modulus }
Curve represents the starting point for working with an Elliptic Curve group.
The expectation is that this interface will be implemented by a nominal struct, and use associated types for its Point and Scalar. These types are only expected to work with other members of their type, and not with arbitrary elements satisfying the Point and Scalar interfaces.
type Edwards25519 ¶
type Edwards25519 struct{}
func (Edwards25519) Name ¶
func (Edwards25519) Name() string
func (Edwards25519) NewBasePoint ¶
func (Edwards25519) NewBasePoint() Point
func (Edwards25519) NewPoint ¶
func (Edwards25519) NewPoint() Point
func (Edwards25519) NewScalar ¶
func (Edwards25519) NewScalar() Scalar
func (Edwards25519) Order ¶
func (Edwards25519) Order() *saferith.Modulus
func (Edwards25519) SafeScalarBytes ¶
func (Edwards25519) SafeScalarBytes() int
func (Edwards25519) ScalarBits ¶
func (Edwards25519) ScalarBits() int
type Edwards25519Point ¶
type Edwards25519Point struct {
// contains filtered or unexported fields
}
func (*Edwards25519Point) Add ¶
func (p *Edwards25519Point) Add(that Point) Point
func (*Edwards25519Point) Curve ¶
func (*Edwards25519Point) Curve() Curve
func (*Edwards25519Point) Equal ¶
func (p *Edwards25519Point) Equal(that Point) bool
func (*Edwards25519Point) HasEvenY ¶
func (p *Edwards25519Point) HasEvenY() bool
func (*Edwards25519Point) IsIdentity ¶
func (p *Edwards25519Point) IsIdentity() bool
func (*Edwards25519Point) MarshalBinary ¶
func (p *Edwards25519Point) MarshalBinary() ([]byte, error)
func (*Edwards25519Point) Negate ¶
func (p *Edwards25519Point) Negate() Point
func (*Edwards25519Point) Set ¶
func (p *Edwards25519Point) Set(that Point) Point
func (*Edwards25519Point) Sub ¶
func (p *Edwards25519Point) Sub(that Point) Point
func (*Edwards25519Point) UnmarshalBinary ¶
func (p *Edwards25519Point) UnmarshalBinary(data []byte) error
func (*Edwards25519Point) XScalar ¶
func (p *Edwards25519Point) XScalar() Scalar
func (*Edwards25519Point) YScalar ¶
func (p *Edwards25519Point) YScalar() Scalar
type Edwards25519Scalar ¶
type Edwards25519Scalar struct {
// contains filtered or unexported fields
}
func (*Edwards25519Scalar) Act ¶
func (s *Edwards25519Scalar) Act(that Point) Point
func (*Edwards25519Scalar) ActOnBase ¶
func (s *Edwards25519Scalar) ActOnBase() Point
func (*Edwards25519Scalar) Add ¶
func (s *Edwards25519Scalar) Add(that Scalar) Scalar
func (*Edwards25519Scalar) Bytes ¶
func (s *Edwards25519Scalar) Bytes() []byte
func (*Edwards25519Scalar) Curve ¶
func (*Edwards25519Scalar) Curve() Curve
func (*Edwards25519Scalar) Equal ¶
func (s *Edwards25519Scalar) Equal(that Scalar) bool
func (*Edwards25519Scalar) Invert ¶
func (s *Edwards25519Scalar) Invert() Scalar
func (*Edwards25519Scalar) IsZero ¶
func (s *Edwards25519Scalar) IsZero() bool
func (*Edwards25519Scalar) MarshalBinary ¶
func (s *Edwards25519Scalar) MarshalBinary() ([]byte, error)
func (*Edwards25519Scalar) Mul ¶
func (s *Edwards25519Scalar) Mul(that Scalar) Scalar
func (*Edwards25519Scalar) Negate ¶
func (s *Edwards25519Scalar) Negate() Scalar
func (*Edwards25519Scalar) Set ¶
func (s *Edwards25519Scalar) Set(that Scalar) Scalar
func (*Edwards25519Scalar) Sub ¶
func (s *Edwards25519Scalar) Sub(that Scalar) Scalar
func (*Edwards25519Scalar) UnmarshalBinary ¶
func (s *Edwards25519Scalar) UnmarshalBinary(data []byte) error
type Point ¶
type Point interface { // You're free to implement the binary marshalling however you'd like. // // This marshalling should also work with the identity element, ideally, // but this isn't strictly necessary. encoding.BinaryMarshaler encoding.BinaryUnmarshaler // Curve returns the Elliptic Curve group associated with this type of Point. Curve() Curve // Add returns a new Point, by adding another Point to this one. // // This should not mutate this point. Add(Point) Point // Sub returns a new Point, by subtracting another Point from this one. // // This can be implemented with Add and Negate, but can be more efficient. // // This shouldn't mutate this point. Sub(Point) Point // Negate returns the negated version of this point. // // This does not mutate this point. Negate() Point // Equal checks if this point is equal to another. // // This check should, ideally, be done in constant time. Equal(Point) bool // IsIdentity checks if this is the identity element of this group. IsIdentity() bool HasEvenY() bool // XScalar is an optional method, returning the x coordinate of this Point as a Scalar. // // This is used in ECDSA, but isn't available on every curve, necessarily. // // If you choose not to implement this method, simply return nil. XScalar() Scalar YScalar() Scalar }
Point represents an element of our Elliptic Curve group.
The methods on Point are intended to be immutable, never modifying the receiver.
When implementing this interface, you're only expected to make operations work with elements of the same type. It's perfectly fine to cast incoming elements to your concrete type. This interface is not designed to be able to handle different Point types, but we can't encode that in the type system.
type Scalar ¶
type Scalar interface { // This should encode the Scalar as Big Endian bytes, without failure. encoding.BinaryMarshaler // This should decode the Scalar from Big Endian bytes. encoding.BinaryUnmarshaler // Curves returns the Curve associated with this kind of Scalar. Curve() Curve // Add mutates this Scalar, by adding in another. Add(Scalar) Scalar // Sub mutates this Scalar, by subtracting another. // // This should be equivalent to .Add(_.Negate()), but may be implemented faster, // and won't mutate its input. Sub(Scalar) Scalar // Negate mutates this Scalar, replacing it with its negation. Negate() Scalar // Mul mutates this Scalar, replacing it with another. Mul(Scalar) Scalar // Invert mutates this Scalar, replacing it with its multiplicative inverse. Invert() Scalar // Equal checks if this Scalar is equal to another. // // This check should be done in constant time. Equal(Scalar) bool // IsZero checks if this Scalar is equal to 0. // // This check should be done in constant time. // // While this can be accomplished through the Equal method, IsZero may // be implemented more efficiently. IsZero() bool // Set mutates this Scalar, replacing its value with another. Set(Scalar) Scalar // SetNat mutates this Scalar, replacing it with the value of a number. // // This number must be interpreted modulo the order of the group. SetNat(*saferith.Nat) Scalar // Act acts on a Point with this Scalar, returning a new Point. // // This shouldn't mutate the Scalar, or the Point. Act(Point) Point // Act acts on the Base Point with this Scalar, returning a new Point. // // This can be accomplished with Act, but can be made more efficient, in many cases. ActOnBase() Point Bytes() []byte }
Scalar represents a number modulo the order of some Elliptic Curve group.
Scalars act on points in the group, but should also form a field amongst themselves.
The methods on Scalar are all intended to be mutable, modifying the current scalar, before returning it.
When implementing this interface, you're only expected to make operations work with elements of the same type. It's perfectly fine to cast incoming elements to your concrete type. This interface is not designed to be able to handle different Scalar types, but we can't encode that in the type system.
func FromHash ¶
FromHash converts a hash value to a Scalar.
There is some disagreement about how this should be done. [NSA] suggests that this is done in the obvious manner, but [SECG] truncates the hash to the bit-length of the curve order first. We follow [SECG] because that's what OpenSSL does. Additionally, OpenSSL right shifts excess bits from the number if the hash is too large and we mirror that too.
Taken from crypto/ecdsa.
type Secp256k1 ¶
type Secp256k1 struct{}
func (Secp256k1) NewBasePoint ¶
func (Secp256k1) SafeScalarBytes ¶
func (Secp256k1) ScalarBits ¶
type Secp256k1Point ¶
type Secp256k1Point struct {
// contains filtered or unexported fields
}
func (*Secp256k1Point) Add ¶
func (p *Secp256k1Point) Add(that Point) Point
func (*Secp256k1Point) Curve ¶
func (*Secp256k1Point) Curve() Curve
func (*Secp256k1Point) Equal ¶
func (p *Secp256k1Point) Equal(that Point) bool
func (*Secp256k1Point) HasEvenY ¶
func (p *Secp256k1Point) HasEvenY() bool
func (*Secp256k1Point) IsIdentity ¶
func (p *Secp256k1Point) IsIdentity() bool
func (*Secp256k1Point) MarshalBinary ¶
func (p *Secp256k1Point) MarshalBinary() ([]byte, error)
func (*Secp256k1Point) Negate ¶
func (p *Secp256k1Point) Negate() Point
func (*Secp256k1Point) Set ¶
func (p *Secp256k1Point) Set(that Point) Point
func (*Secp256k1Point) Sub ¶
func (p *Secp256k1Point) Sub(that Point) Point
func (*Secp256k1Point) UnmarshalBinary ¶
func (p *Secp256k1Point) UnmarshalBinary(data []byte) error
func (*Secp256k1Point) XScalar ¶
func (p *Secp256k1Point) XScalar() Scalar
func (*Secp256k1Point) YScalar ¶
func (p *Secp256k1Point) YScalar() Scalar
type Secp256k1Scalar ¶
type Secp256k1Scalar struct {
// contains filtered or unexported fields
}
func (*Secp256k1Scalar) Act ¶
func (s *Secp256k1Scalar) Act(that Point) Point
func (*Secp256k1Scalar) ActOnBase ¶
func (s *Secp256k1Scalar) ActOnBase() Point
func (*Secp256k1Scalar) Add ¶
func (s *Secp256k1Scalar) Add(that Scalar) Scalar
func (*Secp256k1Scalar) Bytes ¶
func (s *Secp256k1Scalar) Bytes() []byte
func (*Secp256k1Scalar) Curve ¶
func (*Secp256k1Scalar) Curve() Curve
func (*Secp256k1Scalar) Equal ¶
func (s *Secp256k1Scalar) Equal(that Scalar) bool
func (*Secp256k1Scalar) Invert ¶
func (s *Secp256k1Scalar) Invert() Scalar
func (*Secp256k1Scalar) IsZero ¶
func (s *Secp256k1Scalar) IsZero() bool
func (*Secp256k1Scalar) MarshalBinary ¶
func (s *Secp256k1Scalar) MarshalBinary() ([]byte, error)
func (*Secp256k1Scalar) Mul ¶
func (s *Secp256k1Scalar) Mul(that Scalar) Scalar
func (*Secp256k1Scalar) Negate ¶
func (s *Secp256k1Scalar) Negate() Scalar
func (*Secp256k1Scalar) Set ¶
func (s *Secp256k1Scalar) Set(that Scalar) Scalar
func (*Secp256k1Scalar) Sub ¶
func (s *Secp256k1Scalar) Sub(that Scalar) Scalar
func (*Secp256k1Scalar) UnmarshalBinary ¶
func (s *Secp256k1Scalar) UnmarshalBinary(data []byte) error