sis

package
v0.0.0-...-4a97a7c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNotAPowerOfTwo = errors.New("d must be a power of 2")
)

Functions

func FFT64

func FFT64(a []fr.Element, twiddlesCoset []fr.Element)

FFT64 is generated by gnark-crypto and contains the unrolled code for FFT (DIF) on 64 elements equivalent code: r.Domain.FFT(k, fft.DIF, fft.OnCoset(), fft.WithNbTasks(1)) twiddlesCoset must be pre-computed from twiddles and coset table, see PrecomputeTwiddlesCoset

func LimbDecomposeBytes

func LimbDecomposeBytes(buf []byte, m fr.Vector, logTwoBound int)

Split an slice of bytes representing an array of serialized field element in big-endian form into an array of limbs representing the same field elements in little-endian form. Namely, if our field is represented with 64 bits and we have the following field element 0x0123456789abcdef (0 being the most significant character and and f being the least significant one) and our log norm bound is 16 (so 1 hex character = 1 limb). The function assigns the values of m to [f, e, d, c, b, a, ..., 3, 2, 1, 0]. m should be preallocated and zeroized. Additionally, we have the guarantee that 2 bits contributing to different field elements cannot be part of the same limb.

func NewRingSISMaker

func NewRingSISMaker(seed int64, logTwoDegree, logTwoBound, maxNbElementsToHash int) (func() hash.Hash, error)

Construct a hasher generator. It takes as input the same parameters as `NewRingSIS` and outputs a function which returns fresh hasher everytime it is called

func PrecomputeTwiddlesCoset

func PrecomputeTwiddlesCoset(generator, shifter fr.Element) []fr.Element

PrecomputeTwiddlesCoset precomputes twiddlesCoset from twiddles and coset table it then return all elements in the correct order for the unrolled FFT.

Types

type RSis

type RSis struct {

	// Vectors in ℤ_{p}/Xⁿ+1
	// A[i] is the i-th polynomial.
	// Ag the evaluation form of the polynomials in A on the coset √(g) * <g>
	A  [][]fr.Element
	Ag [][]fr.Element

	// LogTwoBound (Infinity norm) of the vector to hash. It means that each component in m
	// is < 2^B, where m is the vector to hash (the hash being A*m).
	// cf https://hackmd.io/7OODKWQZRRW9RxM5BaXtIw , B >= 3.
	LogTwoBound int

	// domain for the polynomial multiplication
	Domain *fft.Domain

	// d, the degree of X^{d}+1
	Degree int
	// contains filtered or unexported fields
}

Ring-SIS instance

func NewRSis

func NewRSis(seed int64, logTwoDegree, logTwoBound, maxNbElementsToHash int) (*RSis, error)

NewRSis creates an instance of RSis. seed: seed for the randomness for generating A. logTwoDegree: if d := logTwoDegree, the ring will be ℤ_{p}[X]/Xᵈ-1, where X^{2ᵈ} is the 2ᵈ⁺¹-th cyclotomic polynomial logTwoBound: the bound of the vector to hash (using the infinity norm). maxNbElementsToHash: maximum number of field elements the instance handles used to derived n, the number of polynomials in A, and max size of instance's internal buffer.

func (*RSis) BlockSize

func (r *RSis) BlockSize() int

BlockSize returns the hash's underlying block size. The Write method must be able to accept any amount of data, but it may operate more efficiently if all writes are a multiple of the block size.

func (*RSis) CopyWithFreshBuffer

func (r *RSis) CopyWithFreshBuffer() RSis

Returns a clone of the RSis parameters with a fresh and empty buffer. Does not mutate the current instance. The keys and the public parameters of the SIS instance are not deep-copied. It is useful when we want to hash in parallel. Otherwise, we would have to generate an entire RSis for each thread.

func (*RSis) Reset

func (r *RSis) Reset()

Reset resets the Hash to its initial state.

func (*RSis) Size

func (r *RSis) Size() int

Size returns the number of bytes Sum will return.

func (*RSis) Sum

func (r *RSis) Sum(b []byte) []byte

Sum appends the current hash to b and returns the resulting slice. It does not change the underlying hash state. The instance buffer is interpreted as a sequence of coefficients of size r.Bound bits long. The function returns the hash of the polynomial as a a sequence []fr.Elements, interpreted as []bytes, corresponding to sum_i A[i]*m Mod X^{d}+1

func (*RSis) Write

func (r *RSis) Write(p []byte) (n int, err error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL