FP512BN

Documentation

Index

• Constants
• Variables
• func Another(r []*FP12, P1 *ECP2, Q1 *ECP)
• func Another_pc(r []*FP12, T []*FP4, QV *ECP)
• func AuthDecap(config_id int, skR []byte, pkE []byte, pkR []byte, pkS []byte) []byte
• func AuthEncap(config_id int, skE []byte, skS []byte, pkE []byte, pkR []byte, pkS []byte) []byte
• func Comp(a *BIG, b *BIG) int
• func Core_Sign(SIG []byte, M []byte, S []byte) int
• func Core_Verify(SIG []byte, M []byte, W []byte) int
• func Decap(config_id int, skR []byte, pkE []byte, pkR []byte) []byte
• func DeriveKeyPair(config_id int, SK []byte, PK []byte, SEED []byte) bool
• func ECDH_ECIES_DECRYPT(sha int, P1 []byte, P2 []byte, V []byte, C []byte, T []byte, U []byte) []byte
• func ECDH_ECIES_ENCRYPT(sha int, P1 []byte, P2 []byte, RNG *core.RAND, W []byte, M []byte, V []byte, ...) []byte
• func ECDH_ECPSP_DSA(sha int, RNG *core.RAND, S []byte, F []byte, C []byte, D []byte) int
• func ECDH_ECPSVDP_DH(S []byte, WD []byte, Z []byte, typ int) int
• func ECDH_ECPVP_DSA(sha int, W []byte, F []byte, C []byte, D []byte) int
• func ECDH_IN_RANGE(S []byte) bool
• func ECDH_KEY_PAIR_GENERATE(RNG *core.RAND, S []byte, W []byte) int
• func ECDH_PUBLIC_KEY_VALIDATE(W []byte) int
• func Encap(config_id int, skE []byte, pkE []byte, pkR []byte) []byte
• func FP_tpo(i *FP, s *FP) int
• func G1member(P *ECP) bool
• func G2member(P *ECP2) bool
• func GTcyclotomic(m *FP12) bool
• func GTmember(m *FP12) bool
• func Init() int
• func KEY_PAIR_GENERATE(RNG *core.RAND, D []byte, Q []byte) int
• func KeyPairGenerate(IKM []byte, S []byte, W []byte) int
• func KeySchedule(config_id int, mode int, Z []byte, info []byte, psk []byte, pskID []byte) ([]byte, []byte, []byte)
• func MPIN_CLIENT_1(CID []byte, rng *core.RAND, X []byte, pin int, TOKEN []byte, SEC []byte, ...) int
• func MPIN_CLIENT_2(X []byte, Y []byte, SEC []byte) int
• func MPIN_ENCODE_TO_CURVE(DST []byte, ID []byte, HCID []byte)
• func MPIN_EXTRACT_PIN(CID []byte, pin int, TOKEN []byte) int
• func MPIN_GET_CLIENT_SECRET(S []byte, IDHTC []byte, CST []byte) int
• func MPIN_GET_SERVER_SECRET(S []byte, SST []byte) int
• func MPIN_HASH_ID(sha int, ID []byte) []byte
• func MPIN_RANDOM_GENERATE(rng *core.RAND, S []byte) int
• func MPIN_SERVER(HID []byte, Y []byte, SST []byte, xID []byte, mSEC []byte) int
• func RFC7748(r *BIG)
• func SIGNATURE(ph bool, D []byte, ctx []byte, M []byte, SIG []byte) int
• func VERIFY(ph bool, Q []byte, ctx []byte, M []byte, SIG []byte) bool
• type BIG
  • func BIG_frombytearray(b []byte, n int) *BIG
  • func FromBytes(b []byte) *BIG
  • func Modadd(a1, b1, m *BIG) *BIG
  • func Modmul(a1, b1, m *BIG) *BIG
  • func Modneg(a1, m *BIG) *BIG
  • func Modsqr(a1, m *BIG) *BIG
  • func NewBIG() *BIG
  • func NewBIGcopy(x *BIG) *BIG
  • func NewBIGdcopy(x *DBIG) *BIG
  • func NewBIGint(x int) *BIG
  • func NewBIGints(x [NLEN]Chunk) *BIG
  • func Random(rng *core.RAND) *BIG
  • func Randomnum(q *BIG, rng *core.RAND) *BIG
  • func Randtrunc(q *BIG, trunc int, rng *core.RAND) *BIG
  • func (r *BIG) Invmodp(p *BIG)
  • func (r *BIG) Jacobi(p *BIG) int
  • func (r *BIG) Minus(x *BIG) *BIG
  • func (r *BIG) Mod(m *BIG)
  • func (r *BIG) Nbits() int
  • func (r *BIG) Plus(x *BIG) *BIG
  • func (r *BIG) Powmod(e1 *BIG, m *BIG) *BIG
  • func (r *BIG) ToBytes(b []byte)
  • func (r *BIG) ToString() string
• type Chunk
• type DBIG
  • func DBIG_fromBytes(b []byte) *DBIG
  • func NewDBIG() *DBIG
  • func NewDBIGcopy(x *DBIG) *DBIG
  • func NewDBIGscopy(x *BIG) *DBIG
  • func (r *DBIG) Mod(m *BIG) *BIG
• type ECP
  • func ECP_fromBytes(b []byte) *ECP
  • func ECP_generator() *ECP
  • func ECP_hap2point(h *BIG) *ECP
  • func ECP_map2point(h *FP) *ECP
  • func ECP_mapit(h []byte) *ECP
  • func ECP_muln(n int, X []*ECP, e []*BIG) *ECP
  • func G1mul(P *ECP, e *BIG) *ECP
  • func NewECP() *ECP
  • func NewECPbig(ix *BIG) *ECP
  • func NewECPbigint(ix *BIG, s int) *ECP
  • func NewECPbigs(ix *BIG, iy *BIG) *ECP
  • func (E *ECP) Add(Q *ECP)
  • func (E *ECP) Affine()
  • func (E *ECP) Cfp()
  • func (E *ECP) Copy(P *ECP)
  • func (E *ECP) Equals(Q *ECP) bool
  • func (E *ECP) GetS() int
  • func (E *ECP) GetX() *BIG
  • func (E *ECP) GetY() *BIG
  • func (E *ECP) Is_infinity() bool
  • func (E *ECP) Mul(e *BIG) *ECP
  • func (E *ECP) Mul2(e *BIG, Q *ECP, f *BIG) *ECP
  • func (E *ECP) Neg()
  • func (E *ECP) Sub(Q *ECP)
  • func (E *ECP) ToBytes(b []byte, compress bool)
  • func (E *ECP) ToString() string
• type ECP2
  • func ECP2_fromBytes(b []byte) *ECP2
  • func ECP2_generator() *ECP2
  • func ECP2_hap2point(h *BIG) *ECP2
  • func ECP2_map2point(H *FP2) *ECP2
  • func ECP2_mapit(h []byte) *ECP2
  • func G2mul(P *ECP2, e *BIG) *ECP2
  • func NewECP2() *ECP2
  • func NewECP2fp2(ix *FP2, s int) *ECP2
  • func NewECP2fp2s(ix *FP2, iy *FP2) *ECP2
  • func (E *ECP2) Add(Q *ECP2) int
  • func (E *ECP2) Affine()
  • func (E *ECP2) Cfp()
  • func (E *ECP2) Copy(P *ECP2)
  • func (E *ECP2) Equals(Q *ECP2) bool
  • func (E *ECP2) GetX() *FP2
  • func (E *ECP2) GetY() *FP2
  • func (E *ECP2) Is_infinity() bool
  • func (E *ECP2) Mul(e *BIG) *ECP2
  • func (E *ECP2) Sub(Q *ECP2) int
  • func (E *ECP2) ToBytes(b []byte, compress bool)
  • func (E *ECP2) ToString() string
• type FP
  • func FP_fromBytes(b []byte) *FP
  • func NewFP() *FP
  • func NewFPbig(a *BIG) *FP
  • func NewFPcopy(a *FP) *FP
  • func NewFPint(a int) *FP
  • func NewFPrand(rng *core.RAND) *FP
  • func RHS(x *FP) *FP
  • func (F *FP) Equals(a *FP) bool
  • func (F *FP) ToBytes(b []byte)
  • func (F *FP) ToString() string
• type FP12
  • func Ate(P1 *ECP2, Q1 *ECP) *FP12
  • func Ate2(P1 *ECP2, Q1 *ECP, R1 *ECP2, S1 *ECP) *FP12
  • func FP12_fromBytes(w []byte) *FP12
  • func Fexp(m *FP12) *FP12
  • func GTpow(d *FP12, e *BIG) *FP12
  • func Initmp() []*FP12
  • func Miller(r []*FP12) *FP12
  • func NewFP12() *FP12
  • func NewFP12copy(x *FP12) *FP12
  • func NewFP12fp4(d *FP4) *FP12
  • func NewFP12fp4s(d *FP4, e *FP4, f *FP4) *FP12
  • func NewFP12int(d int) *FP12
  • func (F *FP12) Compow(e *BIG, r *BIG) *FP4
  • func (F *FP12) Copy(x *FP12)
  • func (F *FP12) Equals(x *FP12) bool
  • func (F *FP12) Inverse()
  • func (F *FP12) Isunity() bool
  • func (F *FP12) Mul(y *FP12)
  • func (F *FP12) Pow(e *BIG) *FP12
  • func (F *FP12) ToBytes(w []byte)
  • func (F *FP12) ToString() string
• type FP2
  • func FP2_fromBytes(bf []byte) *FP2
  • func NewFP2() *FP2
  • func NewFP2big(c *BIG) *FP2
  • func NewFP2bigs(c *BIG, d *BIG) *FP2
  • func NewFP2copy(x *FP2) *FP2
  • func NewFP2fp(c *FP) *FP2
  • func NewFP2fps(c *FP, d *FP) *FP2
  • func NewFP2int(a int) *FP2
  • func NewFP2ints(a int, b int) *FP2
  • func NewFP2rand(rng *core.RAND) *FP2
  • func RHS2(x *FP2) *FP2
  • func (F *FP2) Equals(x *FP2) bool
  • func (F *FP2) GetA() *BIG
  • func (F *FP2) GetB() *BIG
  • func (F *FP2) ToBytes(bf []byte)
  • func (F *FP2) ToString() string
• type FP4
  • func FP4_fromBytes(bf []byte) *FP4
  • func NewFP4() *FP4
  • func NewFP4copy(x *FP4) *FP4
  • func NewFP4fp(c *FP) *FP4
  • func NewFP4fp2(c *FP2) *FP4
  • func NewFP4fp2s(c *FP2, d *FP2) *FP4
  • func NewFP4int(a int) *FP4
  • func NewFP4ints(a int, b int) *FP4
  • func NewFP4rand(rng *core.RAND) *FP4
  • func (F *FP4) Equals(x *FP4) bool
  • func (F *FP4) ToBytes(bf []byte)

Constants

const AESKEY int = 16

const ALLOW_ALT_COMPRESS bool = false

const ATE_BITS int = 130

const BAD_PARAMS int = -11

const BAD_PIN int = -19

const BASEBITS uint = 60

const BFS int = int(MODBYTES)

const BGS int = int(MODBYTES)

const BIGBITS int = int(MODBYTES * 8)

const BIG_ENDIAN_SIGN bool = false

const BLS12 int = 2

const BLS24 int = 3

const BLS48 int = 4

const BLS_FAIL int = -1

const BLS_OK int = 0

const BN int = 1

const CHUNK int = 64 /* Set word size */

const CURVETYPE int = WEIERSTRASS

const CURVE_A int = 0

const CURVE_B_I int = 3

const CURVE_Cof_I int = 1

const CURVE_PAIRING_TYPE int = BN

const DNLEN int = 2 * NLEN

const D_TYPE int = 0

Pairing Twist type

const ECDH_ERROR int = -3

const ECDH_INVALID_PUBLIC_KEY int = -2

const EDDSA_INVALID_PUBLIC_KEY int = -2

const EDWARDS int = 1

const EFS int = int(MODBYTES)

const INVALID int = -4

const EGS int = int(MODBYTES)

const FEXCESS int32 = ((int32(1) << 28) - 1)

const FP_DENSE int = 5

const FP_ONE int = 1

const FP_SPARSE int = 4

const FP_SPARSER int = 3

const FP_SPARSEST int = 2

const FP_ZERO int = 0

Sparsity

const G2_TABLE int = 172

const GENERALISED_MERSENNE int = 3

const HASH_TYPE int = 32

const HBITS uint = (BASEBITS / 2)

const HTC_ISO int = 0

const HTC_ISO_G2 int = 0

const INVALID_POINT int = -14

const MAXPIN int32 = 10000 /* PIN less than this */

const MFS int = int(MODBYTES)

import "fmt"

const MGS int = int(MODBYTES)

const MODBITS uint = 512 /* Number of bits in Modulus */

Modulus details

const MODBYTES uint = 64

BIG length in bytes and number base

const MODTYPE int = NOT_SPECIAL //NOT_SPECIAL

const MONTGOMERY int = 2

const MONTGOMERY_FRIENDLY int = 2

const M_TYPE int = 1

const NEGATIVEX int = 1

const NEGATOWER int = 0

const NEXCESS int = (1 << (uint(CHUNK) - BASEBITS - 1))

const NLEN int = int((1 + ((8*MODBYTES - 1) / BASEBITS)))

BIG lengths and Masks

const NOT int = 0

Pairing Friendly?

const NOT_SPECIAL int = 0

Modulus types

const PBLEN int32 = 14 /* Number of bits in PIN */

const PM1D2 uint = 1 /* Modulus mod 8 */

const POSITIVEX int = 0

Pairing x parameter sign

const POSITOWER int = 1

const PSEUDO_MERSENNE int = 1

const QNRI int = 0 // Fp2 QNR

const RIADZ int = 1 /* hash-to-point Z */

const RIADZG2A int = 1 /* G2 hash-to-point Z */

const RIADZG2B int = 0 /* G2 hash-to-point Z */

const SEXTIC_TWIST int = M_TYPE

const SIGN_OF_X int = POSITIVEX

const TBITS uint = MODBITS % BASEBITS // Number of active bits in top word

const TOWER int = NEGATOWER // Tower type

const USE_GLV bool = true

const USE_GS_G2 bool = true

const USE_GS_GT bool = true

const WEIERSTRASS int = 0

Curve types

const WRONG_ORDER int = -18

Variables

var CRu = [...]Chunk{0xB0716209C79298A, 0xCEE6799B8B17C14, 0x78966BE526092AE, 0x20089C27507ACD8, 0xF8EF7611FA3074B, 0x6146B86B378EA2C, 0xFFFF9EC7DC83D2A, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}

var CURVE_B = [...]Chunk{0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}

var CURVE_BB = [4][4][9]Chunk{{{0xB306BB5E1BD810, 0x82F5C030B0F7F01, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0xB306BB5E1BD80F, 0x82F5C030B0F7F01, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0xB306BB5E1BD80F, 0x82F5C030B0F7F01, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x5403CE8956259CF, 0xA45BDA397B2D3E, 0xC65DEAB2679A279, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}}, {{0x1660D76BC37B01F, 0x5EB806161EFE02, 0xD1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x5F343A3F37E31DE, 0x8D3B7DD448AAC3F, 0xC65DEAB2679A2E1, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}, {0x5F343A3F37E31DD, 0x8D3B7DD448AAC3F, 0xC65DEAB2679A2E1, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}, {0x5F343A3F37E31DE, 0x8D3B7DD448AAC3F, 0xC65DEAB2679A2E1, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}}, {{0x1660D76BC37B01E, 0x5EB806161EFE02, 0xD1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x1660D76BC37B01F, 0x5EB806161EFE02, 0xD1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x1660D76BC37B01F, 0x5EB806161EFE02, 0xD1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x1660D76BC37B01F, 0x5EB806161EFE02, 0xD1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{0x5F343A3F37E31DF, 0x8D3B7DD448AAC3F, 0xC65DEAB2679A2E1, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}, {0x3DA2F71D92AA9AF, 0x45A3D4235C2F3C, 0xC65DEAB2679A1A8, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}, {0x1660D76BC37B01D, 0x5EB806161EFE02, 0xD1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x5F343A3F37E31DF, 0x8D3B7DD448AAC3F, 0xC65DEAB2679A2E1, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}}}

var CURVE_Bnx = [...]Chunk{0xB306BB5E1BD80F, 0x82F5C030B0F7F01, 0x68, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}

var CURVE_Cof = [...]Chunk{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}

var CURVE_Gx = [...]Chunk{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}

var CURVE_Gy = [...]Chunk{0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}

var CURVE_HTPC = [...]Chunk{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}

var CURVE_Order = [...]Chunk{0x6A64A5F519A09ED, 0x10313E04F9A2B40, 0xC65DEAB2679A34A, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}

var CURVE_Pxa = [...]Chunk{0xF07A96E0DB646B5, 0x18F87319072FFE8, 0x7BE21BCBBC78F22, 0x537863514DC6DC5, 0xDA57CC78CD0B024, 0xD29B358F0DB9B57, 0x7412F3CEA1E4BBB, 0xE138648958801BA, 0x3B165339}

var CURVE_Pxb = [...]Chunk{0xDB5CBEFDA8AE0E9, 0xCA411CD88911B3, 0xD6E1383D5ADCE4, 0x227285526E0D5E5, 0xB02566B94D9781E, 0x56DC6C6EF2476A8, 0x680ABE8B4825EA6, 0xF85067E6C89B4C4, 0x481C13CB}

var CURVE_Pya = [...]Chunk{0x2480312ADDE67A1, 0xDA17AD615EFB85E, 0x312542808B7BC5C, 0x18BDEC153E8EDD2, 0xE5C158699D4B6CD, 0xB1DF660AFCDD03E, 0xB0CBA374F277085, 0xC827C7B8292EF5A, 0x6F01EC84}

var CURVE_Pyb = [...]Chunk{0x58B7186C84F8E8B, 0xF05C2224BF76168, 0x10AD7EE279C08DF, 0x7FC3E2E50714A43, 0x3D04961941DA289, 0x38C118867B0C9B6, 0xC315F75D91F0214, 0x8B04E7831AC3640, 0x51A3BCEC}

var CURVE_SB = [2][2][9]Chunk{{{0xFAAEB208D4B9564, 0x601010BBB4B193C, 0xFFFFFFFFCF63F18, 0xFFFFFFFFFFFFFFF, 0xFFFF, 0x0, 0x0, 0x0, 0x0}, {0x5403CE8956259CE, 0xA45BDA397B2D3E, 0xC65DEAB2679A279, 0xCF1EACBE98B8E48, 0x3C111B0EF445146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}}, {{0x1660D76BC37B01F, 0x5EB806161EFE02, 0xD1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, {0x110F89749834583, 0x65FB911D16A173F, 0xFFFFFFFFCF63FE9, 0xFFFFFFFFFFFFFFF, 0xFFFF, 0x0, 0x0, 0x0, 0x0}}}

var CURVE_W = [2][9]Chunk{{0x110F89749834583, 0x65FB911D16A173F, 0xFFFFFFFFCF63FE9, 0xFFFFFFFFFFFFFFF, 0xFFFF, 0x0, 0x0, 0x0, 0x0}, {0x1660D76BC37B01F, 0x5EB806161EFE02, 0xD1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}

var CURVE_WB = [4][9]Chunk{{0x6DAB36AB55A29F0, 0xFC42C60583D30C1, 0x5555555545215FB, 0x555555555555555, 0x5555, 0x0, 0x0, 0x0, 0x0}, {0xEEB012BA2355D4B, 0xF20FC1FD7F84F17, 0x892FA9DE2BB5E5C, 0x74B96064DAD40F5, 0xD76BC3535163152, 0x806161EFE021660, 0xD105EB, 0x0, 0x0}, {0x7CF03F380289AAD, 0xBA82C117183E70C, 0xC497D4EF15DAF62, 0x3A5CB0326D6A07A, 0x6BB5E1A9A8B18A9, 0xC030B0F7F010B30, 0x6882F5, 0x0, 0x0}, {0x574A5F3F92279D1, 0xF65745A421E32BF, 0x55555555452152A, 0x555555555555555, 0x5555, 0x0, 0x0, 0x0, 0x0}}

var Fra = [...]Chunk{0x49617B1F4B73AB2, 0x71514F6202AED1F, 0xF6080D3BD8681E1, 0xF8AA9E852CBBB59, 0xC8CF2E2068398E9, 0x8A5296F791AB26B, 0x196A8C7C68B4EA1, 0xCF5BBF9095A1B79, 0x1EF71AA9}

var Frb = [...]Chunk{0x5510572DF6B481, 0xF9047EFD49B595C, 0xD055DD765E95FAF, 0xD6740E396BFD2EE, 0x7341ECEE8C1B85C, 0x1786345B7615952, 0xE695124B876776A, 0x30A4406F6A5E486, 0xE108E556}

var G2_TAB []*FP4

var Modulus = [...]Chunk{0x4EB280922ADEF33, 0x6A55CE5F4C6467B, 0xC65DEAB236FE191, 0xCF1EACBE98B8E48, 0x3C111B0EF455146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}

Base Bits= 60

var R2modp = [...]Chunk{0x1FA6DCEF99812E9, 0xAB3452895A0B74E, 0xC53EA988C079E1E, 0x1E90E033BA630B9, 0xF1EA41C0714D8B0, 0xE72785387509E28, 0xD86794F834DAB00, 0x9757C2ACCD342A1, 0x44ECB079}

var ROI = [...]Chunk{0x4EB280922ADEF32, 0x6A55CE5F4C6467B, 0xC65DEAB236FE191, 0xCF1EACBE98B8E48, 0x3C111B0EF455146, 0xA1D8CB5307C0BBE, 0xFFFF9EC7F01C60B, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}

var SQRTm3 = [...]Chunk{0x1230438164463E2, 0x337724D7C9CB1AE, 0x2ACEED1815143CC, 0x70F28B90083CB68, 0xB5CDD115000BD4F, 0x20B4A583675C89B, 0xFFFF9EC7C8EB449, 0xFFFFFFFFFFFFFFF, 0xFFFFFFFF}

var SQRTm3= [...]Chunk {0xC5D682DE3332330,0x6D2DE913AADF870,0x2ACEED15CDC2F24,0x70F28B90083CB68,0xB5CDD11500CBD4F,0x20B4A583675C89B,0xFFFF9EC7C8EB449,0xFFFFFFFFFFFFFFF,0xFFFFFFFF}

Functions

func Another

func Another(r []*FP12, P1 *ECP2, Q1 *ECP)

Accumulate another set of line functions for n-pairing

func Another_pc

func Another_pc(r []*FP12, T []*FP4, QV *ECP)

Accumulate another set of line functions for n-pairing, assuming precomputation on G2

func AuthDecap

func AuthDecap(config_id int, skR []byte, pkE []byte, pkR []byte, pkS []byte) []byte

func AuthEncap

func AuthEncap(config_id int, skE []byte, skS []byte, pkE []byte, pkR []byte, pkS []byte) []byte

func Comp

func Comp(a *BIG, b *BIG) int

Compare a and b, return 0 if a==b, -1 if a<b, +1 if a>b. Inputs must be normalised

func Core_Sign

func Core_Sign(SIG []byte, M []byte, S []byte) int

func Core_Verify

func Core_Verify(SIG []byte, M []byte, W []byte) int

func Decap

func Decap(config_id int, skR []byte, pkE []byte, pkR []byte) []byte

func DeriveKeyPair

func DeriveKeyPair(config_id int, SK []byte, PK []byte, SEED []byte) bool

func ECDH_ECIES_DECRYPT

func ECDH_ECIES_DECRYPT(sha int, P1 []byte, P2 []byte, V []byte, C []byte, T []byte, U []byte) []byte

IEEE1363 ECIES decryption. Decryption of ciphertext V,C,T using private key U outputs plaintext M

func ECDH_ECIES_ENCRYPT

func ECDH_ECIES_ENCRYPT(sha int, P1 []byte, P2 []byte, RNG *core.RAND, W []byte, M []byte, V []byte, T []byte) []byte

IEEE1363 ECIES encryption. Encryption of plaintext M uses public key W and produces ciphertext V,C,T

func ECDH_ECPSP_DSA

func ECDH_ECPSP_DSA(sha int, RNG *core.RAND, S []byte, F []byte, C []byte, D []byte) int

IEEE ECDSA Signature, C and D are signature on F using private key S

func ECDH_ECPSVDP_DH

func ECDH_ECPSVDP_DH(S []byte, WD []byte, Z []byte, typ int) int

IEEE-1363 Diffie-Hellman online calculation Z=S.WD

type = 0 is just x coordinate output type = 1 for standard compressed output type = 2 for standard uncompress output 04|x|y

func ECDH_ECPVP_DSA

func ECDH_ECPVP_DSA(sha int, W []byte, F []byte, C []byte, D []byte) int

IEEE1363 ECDSA Signature Verification. Signature C and D on F is verified using public key W

func ECDH_IN_RANGE

func ECDH_IN_RANGE(S []byte) bool

return true if S is in ranger 0 < S < order , else return false

func ECDH_KEY_PAIR_GENERATE

func ECDH_KEY_PAIR_GENERATE(RNG *core.RAND, S []byte, W []byte) int

Calculate a public/private EC GF(p) key pair W,S where W=S.G mod EC(p), * where S is the secret key and W is the public key * and G is fixed generator. * If RNG is NULL then the private key is provided externally in S * otherwise it is generated randomly internally

func ECDH_PUBLIC_KEY_VALIDATE

func ECDH_PUBLIC_KEY_VALIDATE(W []byte) int

validate public key

func Encap

func Encap(config_id int, skE []byte, pkE []byte, pkR []byte) []byte

func FP_tpo

func FP_tpo(i *FP, s *FP) int

Two for the price of one - See Hamburg https://eprint.iacr.org/2012/309.pdf Calculate inverse of i and square root of s, return QR

func G1member

func G1member(P *ECP) bool

test G1 group membership

func G2member

func G2member(P *ECP2) bool

test G2 group membership

func GTcyclotomic

func GTcyclotomic(m *FP12) bool

Check that m is in cyclotomic sub-group Check that m!=1, conj(m)*m==1, and m.m^{p^4}=m^{p^2}

func GTmember

func GTmember(m *FP12) bool

test for full GT membership

func Init

func Init() int

func KEY_PAIR_GENERATE

func KEY_PAIR_GENERATE(RNG *core.RAND, D []byte, Q []byte) int

Calculate a public/private EC GF(p) key pair. Q=D.G mod EC(p), * where D is the secret key and Q is the public key * and G is fixed generator. * RNG is a cryptographically strong RNG * If RNG==NULL, D is provided externally

func KeyPairGenerate

func KeyPairGenerate(IKM []byte, S []byte, W []byte) int

generate key pair, private key S, public key W

func KeySchedule

func KeySchedule(config_id int, mode int, Z []byte, info []byte, psk []byte, pskID []byte) ([]byte, []byte, []byte)

func MPIN_CLIENT_1

func MPIN_CLIENT_1(CID []byte, rng *core.RAND, X []byte, pin int, TOKEN []byte, SEC []byte, xID []byte) int

Implement step 1 on client side of MPin protocol

func MPIN_CLIENT_2

func MPIN_CLIENT_2(X []byte, Y []byte, SEC []byte) int

Implement step 2 on client side of MPin protocol

func MPIN_ENCODE_TO_CURVE

func MPIN_ENCODE_TO_CURVE(DST []byte, ID []byte, HCID []byte)

func MPIN_EXTRACT_PIN

func MPIN_EXTRACT_PIN(CID []byte, pin int, TOKEN []byte) int

func MPIN_GET_CLIENT_SECRET

func MPIN_GET_CLIENT_SECRET(S []byte, IDHTC []byte, CST []byte) int

func MPIN_GET_SERVER_SECRET

func MPIN_GET_SERVER_SECRET(S []byte, SST []byte) int

Extract Server Secret SST=S*Q where Q is fixed generator in G2 and S is master secret

func MPIN_HASH_ID

func MPIN_HASH_ID(sha int, ID []byte) []byte

func MPIN_RANDOM_GENERATE

func MPIN_RANDOM_GENERATE(rng *core.RAND, S []byte) int

create random secret S

func MPIN_SERVER

func MPIN_SERVER(HID []byte, Y []byte, SST []byte, xID []byte, mSEC []byte) int

Implement step 2 of MPin protocol on server side

func RFC7748

func RFC7748(r *BIG)

Transform a point multiplier to RFC7748 form

func SIGNATURE

func SIGNATURE(ph bool, D []byte, ctx []byte, M []byte, SIG []byte) int

Generate a signature using key pair (D,Q) on message M Set ph=true if message has already been pre-hashed if ph=false, then context should be NULL for ed25519. However RFC8032 mode ed25519ctx is supported by supplying a non-NULL or non-empty context

func VERIFY

func VERIFY(ph bool, Q []byte, ctx []byte, M []byte, SIG []byte) bool

Types

type BIG

type BIG struct {
	// contains filtered or unexported fields
}

func BIG_frombytearray

func BIG_frombytearray(b []byte, n int) *BIG

convert from byte array to BIG

func FromBytes

func FromBytes(b []byte) *BIG

func Modadd

func Modadd(a1, b1, m *BIG) *BIG

return a+b mod m

func Modmul

func Modmul(a1, b1, m *BIG) *BIG

return a*b mod m

func Modneg

func Modneg(a1, m *BIG) *BIG

return -a mod m

func Modsqr

func Modsqr(a1, m *BIG) *BIG

return a^2 mod m

func NewBIG

func NewBIG() *BIG

func NewBIGcopy

func NewBIGcopy(x *BIG) *BIG

func NewBIGdcopy

func NewBIGdcopy(x *DBIG) *BIG

func NewBIGint

func NewBIGint(x int) *BIG

func NewBIGints

func NewBIGints(x [NLEN]Chunk) *BIG

func Random

func Random(rng *core.RAND) *BIG

get 8*MODBYTES size random number

func Randomnum

func Randomnum(q *BIG, rng *core.RAND) *BIG

Create random BIG in portable way, one bit at a time

func Randtrunc

func Randtrunc(q *BIG, trunc int, rng *core.RAND) *BIG

func (*BIG) Invmodp

func (r *BIG) Invmodp(p *BIG)

this=1/this mod p. Binary method

func (*BIG) Jacobi

func (r *BIG) Jacobi(p *BIG) int

Jacobi Symbol (this/p). Returns 0, 1 or -1

func (*BIG) Minus

func (r *BIG) Minus(x *BIG) *BIG

return this-x

func (*BIG) Mod

func (r *BIG) Mod(m *BIG)

reduce this mod m

func (*BIG) Nbits

func (r *BIG) Nbits() int

func (*BIG) Plus

func (r *BIG) Plus(x *BIG) *BIG

return this+x

func (*BIG) Powmod

func (r *BIG) Powmod(e1 *BIG, m *BIG) *BIG

return this^e mod m

func (*BIG) ToBytes

func (r *BIG) ToBytes(b []byte)

func (*BIG) ToString

func (r *BIG) ToString() string

Convert to Hex String

type Chunk

type Chunk int64

const BMASK Chunk = ((Chunk(1) << BASEBITS) - 1)

const HMASK Chunk = ((Chunk(1) << HBITS) - 1)

const MConst Chunk = 0x692A189FCCC5C05

const OMASK Chunk = ((Chunk(-1)) << (MODBITS % BASEBITS))

Modulus Masks

const TMASK Chunk = (Chunk(1) << TBITS) - 1

type DBIG

type DBIG struct {
	// contains filtered or unexported fields
}

func DBIG_fromBytes

func DBIG_fromBytes(b []byte) *DBIG

convert from byte array to BIG

func NewDBIG

func NewDBIG() *DBIG

func NewDBIGcopy

func NewDBIGcopy(x *DBIG) *DBIG

func NewDBIGscopy

func NewDBIGscopy(x *BIG) *DBIG

func (*DBIG) Mod

func (r *DBIG) Mod(m *BIG) *BIG

reduces this DBIG mod a BIG, and returns the BIG

type ECP

type ECP struct {
	// contains filtered or unexported fields
}

func ECP_fromBytes

func ECP_fromBytes(b []byte) *ECP

convert from byte array to point

func ECP_generator

func ECP_generator() *ECP

func ECP_hap2point

func ECP_hap2point(h *BIG) *ECP

Hunt and Peck a BIG to a curve point

func ECP_map2point

func ECP_map2point(h *FP) *ECP

Constant time Map to Point

func ECP_mapit

func ECP_mapit(h []byte) *ECP

func ECP_muln

func ECP_muln(n int, X []*ECP, e []*BIG) *ECP

Generic multi-multiplication, fixed 4-bit window, P=Sigma e_i*X_i

func G1mul

func G1mul(P *ECP, e *BIG) *ECP

Multiply P by e in group G1

func NewECP

func NewECP() *ECP

Constructors

func NewECPbig

func NewECPbig(ix *BIG) *ECP

set from x - calculate y from curve equation

func NewECPbigint

func NewECPbigint(ix *BIG, s int) *ECP

set (x,y) from BIG and a bit

func NewECPbigs

func NewECPbigs(ix *BIG, iy *BIG) *ECP

set (x,y) from two BIGs

func (*ECP) Add

func (E *ECP) Add(Q *ECP)

this+=Q

func (*ECP) Affine

func (E *ECP) Affine()

set to affine - from (x,y,z) to (x,y)

func (*ECP) Cfp

func (E *ECP) Cfp()

func (*ECP) Copy

func (E *ECP) Copy(P *ECP)

this=P

func (*ECP) Equals

func (E *ECP) Equals(Q *ECP) bool

Test P == Q

func (*ECP) GetS

func (E *ECP) GetS() int

get sign of Y

func (*ECP) GetX

func (E *ECP) GetX() *BIG

extract x as a BIG

func (*ECP) GetY

func (E *ECP) GetY() *BIG

extract y as a BIG

func (*ECP) Is_infinity

func (E *ECP) Is_infinity() bool

test for O point-at-infinity

func (*ECP) Mul

func (E *ECP) Mul(e *BIG) *ECP

Public version

func (*ECP) Mul2

func (E *ECP) Mul2(e *BIG, Q *ECP, f *BIG) *ECP

func (*ECP) Neg

func (E *ECP) Neg()

this=-this

func (*ECP) Sub

func (E *ECP) Sub(Q *ECP)

this-=Q

func (*ECP) ToBytes

func (E *ECP) ToBytes(b []byte, compress bool)

convert to byte array

func (*ECP) ToString

func (E *ECP) ToString() string

convert to hex string

type ECP2

type ECP2 struct {
	// contains filtered or unexported fields
}

func ECP2_fromBytes

func ECP2_fromBytes(b []byte) *ECP2

convert from byte array to point

func ECP2_generator

func ECP2_generator() *ECP2

func ECP2_hap2point

func ECP2_hap2point(h *BIG) *ECP2

Hunt and Peck a BIG to a curve point

func ECP2_map2point

func ECP2_map2point(H *FP2) *ECP2

Constant time Map to Point

func ECP2_mapit

func ECP2_mapit(h []byte) *ECP2

Map octet string to curve point

func G2mul

func G2mul(P *ECP2, e *BIG) *ECP2

Multiply P by e in group G2

func NewECP2

func NewECP2() *ECP2

func NewECP2fp2

func NewECP2fp2(ix *FP2, s int) *ECP2

construct this from x - but set to O if not on curve

func NewECP2fp2s

func NewECP2fp2s(ix *FP2, iy *FP2) *ECP2

construct this from (x,y) - but set to O if not on curve

func (*ECP2) Add

func (E *ECP2) Add(Q *ECP2) int

this+=Q - return 0 for add, 1 for double, -1 for O

func (*ECP2) Affine

func (E *ECP2) Affine()

set to Affine - (x,y,z) to (x,y)

func (*ECP2) Cfp

func (E *ECP2) Cfp()

clear cofactor

func (*ECP2) Copy

func (E *ECP2) Copy(P *ECP2)

copy this=P

func (*ECP2) Equals

func (E *ECP2) Equals(Q *ECP2) bool

Test if P == Q

func (*ECP2) GetX

func (E *ECP2) GetX() *FP2

extract affine x as FP2

func (*ECP2) GetY

func (E *ECP2) GetY() *FP2

extract affine y as FP2

func (*ECP2) Is_infinity

func (E *ECP2) Is_infinity() bool

Test this=O?

func (*ECP2) Mul

func (E *ECP2) Mul(e *BIG) *ECP2

Public version

func (*ECP2) Sub

func (E *ECP2) Sub(Q *ECP2) int

set this-=Q

func (*ECP2) ToBytes

func (E *ECP2) ToBytes(b []byte, compress bool)

convert to byte array

func (*ECP2) ToString

func (E *ECP2) ToString() string

convert this to hex string

type FP

type FP struct {
	XES int32
	// contains filtered or unexported fields
}

func FP_fromBytes

func FP_fromBytes(b []byte) *FP

func NewFP

func NewFP() *FP

func NewFPbig

func NewFPbig(a *BIG) *FP

func NewFPcopy

func NewFPcopy(a *FP) *FP

func NewFPint

func NewFPint(a int) *FP

func NewFPrand

func NewFPrand(rng *core.RAND) *FP

func RHS

func RHS(x *FP) *FP

Calculate RHS of curve equation

func (*FP) Equals

func (F *FP) Equals(a *FP) bool

return TRUE if this==a

func (*FP) ToBytes

func (F *FP) ToBytes(b []byte)

func (*FP) ToString

func (F *FP) ToString() string

type FP12

type FP12 struct {
	// contains filtered or unexported fields
}

func Ate

func Ate(P1 *ECP2, Q1 *ECP) *FP12

Optimal R-ate pairing

func Ate2

func Ate2(P1 *ECP2, Q1 *ECP, R1 *ECP2, S1 *ECP) *FP12

Optimal R-ate double pairing e(P,Q).e(R,S)

func FP12_fromBytes

func FP12_fromBytes(w []byte) *FP12

convert from byte array to FP12

func Fexp

func Fexp(m *FP12) *FP12

final exponentiation - keep separate for multi-pairings and to avoid thrashing stack

func GTpow

func GTpow(d *FP12, e *BIG) *FP12

f=f^e Note that this method requires a lot of RAM! Better to use compressed XTR method, see FP4.java

func Initmp

func Initmp() []*FP12

prepare for multi-pairing

func Miller

func Miller(r []*FP12) *FP12

basic Miller loop

func NewFP12

func NewFP12() *FP12

func NewFP12copy

func NewFP12copy(x *FP12) *FP12

func NewFP12fp4

func NewFP12fp4(d *FP4) *FP12

Constructors

func NewFP12fp4s

func NewFP12fp4s(d *FP4, e *FP4, f *FP4) *FP12

func NewFP12int

func NewFP12int(d int) *FP12

func (*FP12) Compow

func (F *FP12) Compow(e *BIG, r *BIG) *FP4

Fast compressed FP4 power of unitary FP12

func (*FP12) Copy

func (F *FP12) Copy(x *FP12)

copy this=x

func (*FP12) Equals

func (F *FP12) Equals(x *FP12) bool

return 1 if x==y, else 0

func (*FP12) Inverse

func (F *FP12) Inverse()

this=1/this

func (*FP12) Isunity

func (F *FP12) Isunity() bool

test x==1 ?

func (*FP12) Mul

func (F *FP12) Mul(y *FP12)

FP12 full multiplication this=this*y

func (*FP12) Pow

func (F *FP12) Pow(e *BIG) *FP12

this=this^e

func (*FP12) ToBytes

func (F *FP12) ToBytes(w []byte)

convert this to byte array

func (*FP12) ToString

func (F *FP12) ToString() string

convert to hex string

type FP2

type FP2 struct {
	// contains filtered or unexported fields
}

func FP2_fromBytes

func FP2_fromBytes(bf []byte) *FP2

func NewFP2

func NewFP2() *FP2

func NewFP2big

func NewFP2big(c *BIG) *FP2

func NewFP2bigs

func NewFP2bigs(c *BIG, d *BIG) *FP2

func NewFP2copy

func NewFP2copy(x *FP2) *FP2

func NewFP2fp

func NewFP2fp(c *FP) *FP2

func NewFP2fps

func NewFP2fps(c *FP, d *FP) *FP2

func NewFP2int

func NewFP2int(a int) *FP2

Constructors

func NewFP2ints

func NewFP2ints(a int, b int) *FP2

func NewFP2rand

func NewFP2rand(rng *core.RAND) *FP2

func RHS2

func RHS2(x *FP2) *FP2

Calculate RHS of twisted curve equation x^3+B/i

func (*FP2) Equals

func (F *FP2) Equals(x *FP2) bool

test this=x

func (*FP2) GetA

func (F *FP2) GetA() *BIG

extract a

func (*FP2) GetB

func (F *FP2) GetB() *BIG

extract b

func (*FP2) ToBytes

func (F *FP2) ToBytes(bf []byte)

func (*FP2) ToString

func (F *FP2) ToString() string

output to hex string

type FP4

type FP4 struct {
	// contains filtered or unexported fields
}

func FP4_fromBytes

func FP4_fromBytes(bf []byte) *FP4

func NewFP4

func NewFP4() *FP4

func NewFP4copy

func NewFP4copy(x *FP4) *FP4

func NewFP4fp

func NewFP4fp(c *FP) *FP4

func NewFP4fp2

func NewFP4fp2(c *FP2) *FP4

func NewFP4fp2s

func NewFP4fp2s(c *FP2, d *FP2) *FP4

func NewFP4int

func NewFP4int(a int) *FP4

Constructors

func NewFP4ints

func NewFP4ints(a int, b int) *FP4

Constructors

func NewFP4rand

func NewFP4rand(rng *core.RAND) *FP4

func (*FP4) Equals

func (F *FP4) Equals(x *FP4) bool

test this=x?

func (*FP4) ToBytes

func (F *FP4) ToBytes(bf []byte)