common

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2024 License: BSD-3-Clause Imports: 2 Imported by: 0

Documentation

Overview

Package common provides types, variables, constants and functions commonly used in SIDH or SIKE.

Index

Constants

View Source
const (
	// corresponds to words in P751
	FpMaxWords = 12
	// corresponds to byte size of P751 SIDH private key for B
	MaxSidhPrivateKeyBsz = 48
	// corresponds to byte size of P751 SIKE private key for B
	MaxSikePrivateKeyBsz = MaxSidhPrivateKeyBsz + MaxMsgBsz
	// corresponds to SIKE max length of 'n' (see 1.4 of SIKE spec in NIST PQC round 1)
	MaxMsgBsz = 40
	// corresponds to byte size of shared secret generated by SIKEp751
	MaxSharedSecretBsz = 188
	// corresponds to by size of the P751 public key
	MaxPublicKeySz = 3 * FpMaxWords * 64
	// corresponds to by size of the ciphertext produced by SIKE/P751
	MaxCiphertextBsz = MaxMsgBsz + MaxPublicKeySz
)
View Source
const (
	Fp503 uint8 = iota
	Fp751
	Fp434
)

Id's correspond to bitlength of the prime field characteristic Currently Fp751 is the only one supported by this implementation

Variables

This section is empty.

Functions

func BytesToFp2

func BytesToFp2(fp2 *Fp2, input []byte, bytelen int)

Read 2*bytelen(p) bytes into the given ExtensionFieldElement.

It is an error to call this function if the input byte slice is less than 2*bytelen(p) bytes long.

func Cpick

func Cpick(pick int, out, in1, in2 []byte)

Constant time select. if pick == 1 (out = in1) if pick == 0 (out = in2) else out is undefined.

func Fp2ToBytes

func Fp2ToBytes(output []byte, fp2 *Fp2, bytelen int)

Convert the input to wire format.

The output byte slice must be at least 2*bytelen(p) bytes long.

func Register

func Register(id uint8, p *SidhParams)

Registers SIDH parameters for particular field.

Types

type CurveCoefficientsEquiv

type CurveCoefficientsEquiv struct {
	A Fp2
	C Fp2
}

Stores curve projective parameters equivalent to A/C. Meaning of the values depends on the context. When working with isogenies over subgroup that are powers of: * three then (A:C) ~ (A+2C:A-2C) * four then (A:C) ~ (A+2C: 4C) See Appendix A of SIKE for more details

type DomainParams

type DomainParams struct {
	// P, Q and R=P-Q base points
	AffineP, AffineQ, AffineR Fp2
	// Size of a computation strategy for x-torsion group
	IsogenyStrategy []uint32
	// Max size of secret key for x-torsion group
	SecretBitLen uint
	// Max size of secret key for x-torsion group
	SecretByteLen uint
}

type Fp

type Fp [FpMaxWords]uint64

Representation of an element of the base field F_p.

No particular meaning is assigned to the representation -- it could represent an element in Montgomery form, or not. Tracking the meaning of the field element is left to higher types.

type Fp2

type Fp2 struct {
	A Fp
	B Fp
}

Represents an element of the extended field Fp^2 = Fp(x+i)

type FpX2

type FpX2 [2 * FpMaxWords]uint64

Represents an intermediate product of two elements of the base field F_p.

type ProjectiveCurveParameters

type ProjectiveCurveParameters struct {
	A Fp2
	C Fp2
}

A point on the projective line P^1(F_{p^2}).

This is used to work projectively with the curve coefficients.

type ProjectivePoint

type ProjectivePoint struct {
	X Fp2
	Z Fp2
}

A point on the projective line P^1(F_{p^2}).

This represents a point on the Kummer line of a Montgomery curve. The curve is specified by a ProjectiveCurveParameters struct.

type SidhParams

type SidhParams struct {
	ID uint8
	// Bytelen of P
	Bytelen int
	// The public key size, in bytes.
	PublicKeySize int
	// The shared secret size, in bytes.
	SharedSecretSize int
	// 2- and 3-torsion group parameter definitions
	A, B DomainParams
	// Precomputed identity element in the Fp2 in Montgomery domain
	OneFp2 Fp2
	// Precomputed 1/2 in the Fp2 in Montgomery domain
	HalfFp2 Fp2
	// Length of SIKE secret message. Must be one of {24,32,40},
	// depending on size of prime field used (see [SIKE], 1.4 and 5.1)
	MsgLen int
	// Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1)
	KemSize int
	// Byte size of ciphertext that KEM produces
	CiphertextSize int
	// Defines A,C constant for starting curve Cy^2 = x^3 + Ax^2 + x
	InitCurve ProjectiveCurveParameters
}

func Params

func Params(id uint8) *SidhParams

Params returns domain parameters corresponding to finite field and identified by `id` provided by the caller. Function panics in case `id` wasn't registered earlier.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL