pkg/

This implementation IS NOT constant time as it leverages math/big for big number operations.

Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fp 64 '2^254 + 45560315531419706090280762371685220353' curve description: pasta_fp machine_wordsize = 64 (from "64") requested operations: (all) m = 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001 (from "2^254 + 45560315531419706090280762371685220353") NOTE: In addition to the bounds specified above each function, all functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation.

Autogenerated: './src/ExtractionOCaml/word_by_word_montgomery' --lang Go pasta_fq 64 '2^254 + 45560315531506369815346746415080538113' curve description: pasta_fq machine_wordsize = 64 (from "64") requested operations: (all) m = 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001 (from "2^254 + 45560315531506369815346746415080538113") NOTE: In addition to the bounds specified above each function, all functions synthesized for this Montgomery arithmetic require the input to be strictly less than the prime modulus (m), and also require the input to be in the unique saturated representation.

Wraps dkg/genarro and specializes it for the 2-party case.

Package finitefield provides a finite field type (Field) that wraps big.Int operations and verifies that all mutations to the value are done within the field.

Package shamir is a port of the hashicorp/vault implementation of Shamir's Secret Sharing which has been modified to work with a finite field rather than arbitrary length content.

Package dkls implements the 2-of-2 threshold ECDSA signing algorithm of [Doerner, Kondi, Lee, and shelat](https://eprint.iacr.org/2018/499).

Verifiable encryption Verifiable encryption addresses a problem about proving statements for encrypted data.