Documentation
¶
Overview ¶
Package common provides types, variables, constants and functions commonly used in SIDH or SIKE.
Index ¶
- Constants
- func BytesToFp2(fp2 *Fp2, input []byte, bytelen int)
- func Cpick(pick int, out, in1, in2 []byte)
- func Fp2ToBytes(output []byte, fp2 *Fp2, bytelen int)
- func Register(id uint8, p *SidhParams)
- type CurveCoefficientsEquiv
- type DomainParams
- type Fp
- type Fp2
- type FpX2
- type ProjectiveCurveParameters
- type ProjectivePoint
- type SidhParams
Constants ¶
const ( // corresponds to words in P751 FpMaxWords = 12 // corresponds to byte size of P751 SIDH private key for B MaxSidhPrivateKeyBsz = 48 // corresponds to byte size of P751 SIKE private key for B MaxSikePrivateKeyBsz = MaxSidhPrivateKeyBsz + MaxMsgBsz // corresponds to SIKE max length of 'n' (see 1.4 of SIKE spec in NIST PQC round 1) MaxMsgBsz = 40 MaxSharedSecretBsz = 188 // correponds to by size of the P751 public key MaxPublicKeySz = 3 * FpMaxWords * 64 // correponds to by size of the ciphertext produced by SIKE/P751 MaxCiphertextBsz = MaxMsgBsz + MaxPublicKeySz )
const ( Fp503 uint8 = iota Fp751 )
Id's correspond to bitlength of the prime field characteristic Currently Fp751 is the only one supported by this implementation
Variables ¶
This section is empty.
Functions ¶
func BytesToFp2 ¶
Read 2*bytelen(p) bytes into the given ExtensionFieldElement.
It is an error to call this function if the input byte slice is less than 2*bytelen(p) bytes long.
func Cpick ¶
Constant time select. if pick == 1 (out = in1) if pick == 0 (out = in2) else out is undefined
func Fp2ToBytes ¶
Convert the input to wire format.
The output byte slice must be at least 2*bytelen(p) bytes long.
func Register ¶
func Register(id uint8, p *SidhParams)
Registers SIDH parameters for particular field.
Types ¶
type CurveCoefficientsEquiv ¶
Stores curve projective parameters equivalent to A/C. Meaning of the values depends on the context. When working with isogenies over subgroup that are powers of: * three then (A:C) ~ (A+2C:A-2C) * four then (A:C) ~ (A+2C: 4C) See Appendix A of SIKE for more details
type DomainParams ¶
type Fp ¶
type Fp [FpMaxWords]uint64
Representation of an element of the base field F_p.
No particular meaning is assigned to the representation -- it could represent an element in Montgomery form, or not. Tracking the meaning of the field element is left to higher types.
type FpX2 ¶
type FpX2 [2 * FpMaxWords]uint64
Represents an intermediate product of two elements of the base field F_p.
type ProjectiveCurveParameters ¶
A point on the projective line P^1(F_{p^2}).
This is used to work projectively with the curve coefficients.
type ProjectivePoint ¶
A point on the projective line P^1(F_{p^2}).
This represents a point on the Kummer line of a Montgomery curve. The curve is specified by a ProjectiveCurveParameters struct.
type SidhParams ¶
type SidhParams struct {
ID uint8
// Bytelen of P
Bytelen int
// The public key size, in bytes.
PublicKeySize int
SharedSecretSize int
// 2- and 3-torsion group parameter definitions
A, B DomainParams
// Precomputed identity element in the Fp2 in Montgomery domain
OneFp2 Fp2
// Precomputed 1/2 in the Fp2 in Montgomery domain
HalfFp2 Fp2
// Length of SIKE secret message. Must be one of {24,32,40},
// depending on size of prime field used (see [SIKE], 1.4 and 5.1)
MsgLen int
// Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1)
KemSize int
// Byte size of ciphertext that KEM produces
CiphertextSize int
}
func Params ¶
func Params(id uint8) *SidhParams
Params returns domain parameters corresponding to finite field and identified by `id` provieded by the caller. Function panics in case `id` wasn't registered earlier.
Source Files