nist

package
v0.0.0-...-0b3308b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 19, 2017 License: MPL-2.0 Imports: 17 Imported by: 8

Documentation

Overview

Package nist implements cryptographic groups and ciphersuites based on the NIST standards, using Go's built-in crypto library.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAES128SHA256P256

func NewAES128SHA256P256() abstract.Suite

Ciphersuite based on AES-128, SHA-256, and the NIST P-256 elliptic curve.

func NewAES128SHA256QR512

func NewAES128SHA256QR512() abstract.Suite

Ciphersuite based on AES-128, SHA-256, and a residue group of quadratic residues modulo a 512-bit prime. This group size should be used only for testing and experimentation; 512-bit DSA-style groups are no longer considered secure.

Types

type ByteOrder

type ByteOrder bool
const (
	LittleEndian ByteOrder = true
	BigEndian    ByteOrder = false
)

type Int

type Int struct {
	V  big.Int   // Integer value from 0 through M-1
	M  *big.Int  // Modulus for finite field arithmetic
	BO ByteOrder // Endianness considered for this int
}

Int is a generic implementation of finite field arithmetic on integer finite fields with a given constant modulus, built using Go's built-in big.Int package. Int satisfies the abstract abstract.Scalar interface, and hence serves as a basic implementation of abstract.Scalar, e.g., representing discrete-log exponents of Schnorr groups or scalar multipliers for elliptic curves.

Int offers an API similar to and compatible with big.Int, but "carries around" a pointer to the relevant modulus and automatically normalizes the value to that modulus after all arithmetic operations, simplifying modular arithmetic. Binary operations assume that the source(s) have the same modulus, but do not check this assumption. Unary and binary arithmetic operations may be performed on uninitialized target objects, and receive the modulus of the first operand. For efficiency the modulus field M is a pointer, whose target is assumed never to change.

func NewInt

func NewInt(v *big.Int, m *big.Int) *Int

NewInt creaters a new Int with a given big.Int and a big.Int modulus.

func NewInt64

func NewInt64(v int64, M *big.Int) *Int

NewInt64 creates a new Int with a given int64 value and big.Int modulus.

func NewIntBytes

func NewIntBytes(a []byte, m *big.Int) *Int

NewIntBytes creates a new Int with a given slice of bytes and a big.Int modulus.

func NewIntString

func NewIntString(n, d string, base int, m *big.Int) *Int

NewIntString creates a new Int with a given string and a big.Int modulus. The value is set to a rational fraction n/d in a given base.

func (*Int) Add

func (i *Int) Add(a, b abstract.Scalar) abstract.Scalar

Set target to a + b mod M, where M is a's modulus..

func (*Int) BigEndian

func (i *Int) BigEndian(min, max int) []byte

Encode the value of this Int into a big-endian byte-slice at least min bytes but no more than max bytes long. Panics if max != 0 and the Int cannot be represented in max bytes.

func (*Int) Bytes

func (i *Int) Bytes() []byte

Bytes returns the variable length byte slice of the value. It returns the byte slice using the same endianness as i.

func (*Int) Clone

func (i *Int) Clone() abstract.Scalar

func (*Int) Cmp

func (i *Int) Cmp(s2 abstract.Scalar) int

Compare two Ints for equality or inequality

func (*Int) Div

func (i *Int) Div(a, b abstract.Scalar) abstract.Scalar

Set to a * b^-1 mod M, where b^-1 is the modular inverse of b.

func (*Int) Equal

func (i *Int) Equal(s2 abstract.Scalar) bool

Test two Ints for equality

func (*Int) Exp

func (i *Int) Exp(a abstract.Scalar, e *big.Int) abstract.Scalar

Set to a^e mod M, where e is an arbitrary big.Int exponent (not necessarily 0 <= e < M).

func (*Int) HideDecode

func (i *Int) HideDecode(buf []byte)

HideDecode a uniform representation of this object from a slice, whose length must be exactly HideLen().

func (*Int) HideEncode

func (i *Int) HideEncode(rand cipher.Stream) []byte

HideEncode a Int such that it appears indistinguishable from a HideLen()-byte string chosen uniformly at random, assuming the Int contains a uniform integer modulo M. For a Int this always succeeds and returns non-nil.

func (*Int) HideLen

func (i *Int) HideLen() int

Return the length in bytes of a uniform byte-string encoding of this Int, satisfying the requirements of the Hiding interface. For a Int this is always the same length as the normal encoding.

func (*Int) Init

func (i *Int) Init(V *big.Int, m *big.Int) *Int

Initialize a Int with a given big.Int value and modulus pointer. Note that the value is copied; the modulus is not.

func (*Int) Init64

func (i *Int) Init64(v int64, m *big.Int) *Int

Initialize a Int with an int64 value and big.Int modulus.

func (*Int) InitBytes

func (i *Int) InitBytes(a []byte, m *big.Int) *Int

Initialize to a number represented in a big-endian byte string.

func (*Int) InitString

func (i *Int) InitString(n, d string, base int, m *big.Int) *Int

Initialize a Int to a rational fraction n/d specified with a pair of strings in a given base.

func (*Int) Int64

func (i *Int) Int64() int64

Return the int64 representation of the value. If the value is not representable in an int64 the result is undefined.

func (*Int) Inv

func (i *Int) Inv(a abstract.Scalar) abstract.Scalar

Set to the modular inverse of a with respect to modulus M.

func (*Int) Jacobi

func (i *Int) Jacobi(as abstract.Scalar) abstract.Scalar

Set to the Jacobi symbol of (a/M), which indicates whether a is zero (0), a positive square in M (1), or a non-square in M (-1).

func (*Int) LittleEndian

func (i *Int) LittleEndian(min, max int) []byte

Encode the value of this Int into a little-endian byte-slice at least min bytes but no more than max bytes long. Panics if max != 0 and the Int cannot be represented in max bytes.

func (*Int) MarshalBinary

func (i *Int) MarshalBinary() ([]byte, error)

Encode the value of this Int into a byte-slice exactly Len() bytes long.

func (*Int) MarshalSize

func (i *Int) MarshalSize() int

Return the length in bytes of encoded integers with modulus M. The length of encoded Ints depends only on the size of the modulus, and not on the the value of the encoded integer, making the encoding is fixed-length for simplicity and security.

func (*Int) MarshalTo

func (i *Int) MarshalTo(w io.Writer) (int, error)

func (*Int) Mul

func (i *Int) Mul(a, b abstract.Scalar) abstract.Scalar

Set to a * b mod M. Target receives a's modulus.

func (*Int) Neg

func (i *Int) Neg(a abstract.Scalar) abstract.Scalar

Set to -a mod M.

func (*Int) Nonzero

func (i *Int) Nonzero() bool

Returns true if the integer value is nonzero.

func (*Int) One

func (i *Int) One() abstract.Scalar

Set to the value 1. The modulus must already be initialized.

func (*Int) Pick

func (i *Int) Pick(rand cipher.Stream) abstract.Scalar

Pick a [pseudo-]random integer modulo M using bits from the given stream cipher.

func (*Int) Set

func (i *Int) Set(a abstract.Scalar) abstract.Scalar

Set both value and modulus to be equal to another Int. Since this method copies the modulus as well, it may be used as an alternative to Init().

func (*Int) SetBytes

func (i *Int) SetBytes(a []byte) abstract.Scalar

SetBytes set the value value to a number represented by a byte string. Endianness depends on the endianess set in i.

func (*Int) SetInt64

func (i *Int) SetInt64(v int64) abstract.Scalar

Set to an arbitrary 64-bit "small integer" value. The modulus must already be initialized.

func (*Int) SetString

func (i *Int) SetString(n, d string, base int) (*Int, bool)

Set value to a rational fraction n/d represented by a pair of strings. If d == "", then the denominator is taken to be 1. Returns (i,true) on success, or (nil,false) if either string fails to parse.

func (*Int) SetUint64

func (i *Int) SetUint64(v uint64) abstract.Scalar

Set to an arbitrary uint64 value. The modulus must already be initialized.

func (*Int) Sqrt

func (i *Int) Sqrt(as abstract.Scalar) bool

Compute some square root of a mod M of one exists. Assumes the modulus M is an odd prime. Returns true on success, false if input a is not a square. (This really should be part of Go's big.Int library.)

func (*Int) String

func (i *Int) String() string

Return the Int's integer value in decimal string representation.

func (*Int) Sub

func (i *Int) Sub(a, b abstract.Scalar) abstract.Scalar

Set target to a - b mod M. Target receives a's modulus.

func (*Int) Uint64

func (i *Int) Uint64() uint64

Return the uint64 representation of the value. If the value is not representable in an uint64 the result is undefined.

func (*Int) UnmarshalBinary

func (i *Int) UnmarshalBinary(buf []byte) error

Attempt to decode a Int from a byte-slice buffer. Returns an error if the buffer is not exactly Len() bytes long or if the contents of the buffer represents an out-of-range integer.

func (*Int) UnmarshalFrom

func (i *Int) UnmarshalFrom(r io.Reader) (int, error)

func (*Int) Zero

func (i *Int) Zero() abstract.Scalar

Set to the value 0. The modulus must already be initialized.

type ResidueGroup

type ResidueGroup struct {
	dsa.Parameters
	R *big.Int
}

A ResidueGroup represents a DSA-style modular integer arithmetic group, defined by two primes P and Q and an integer R, such that P = Q*R+1. Points in a ResidueGroup are R-residues modulo P, and Scalars are integer exponents modulo the group order Q.

In traditional DSA groups P is typically much larger than Q, and hence use a large multiple R. This is done to minimize the computational cost of modular exponentiation while maximizing security against known classes of attacks: P must be on the order of thousands of bits long while for security Q is believed to require only hundreds of bits. Such computation-optimized groups are suitable for Diffie-Hellman agreement, DSA or ElGamal signatures, etc., which depend on Point.Mul() and homomorphic properties.

However, residue groups with large R are less suitable for public-key cryptographic techniques that require choosing Points pseudo-randomly or to contain embedded data, as required by ElGamal encryption for example, or by Dissent's hash-generator construction for verifiable DC-nets. For such purposes quadratic residue groups are more suitable - representing the special case where R=2 and hence P=2Q+1. As a result, the Point.Pick() method should be expected to work efficiently ONLY on quadratic residue groups in which R=2.

func (*ResidueGroup) Order

func (g *ResidueGroup) Order() *big.Int

Returns the order of this Residue group, namely the prime Q.

func (*ResidueGroup) Point

func (g *ResidueGroup) Point() abstract.Point

Create a Point associated with this Residue group, with an initial value of nil.

func (*ResidueGroup) PointLen

func (g *ResidueGroup) PointLen() int

Return the number of bytes in the encoding of a Point for this Residue group.

func (*ResidueGroup) PrimeOrder

func (g *ResidueGroup) PrimeOrder() bool

func (*ResidueGroup) QuadraticResidueGroup

func (g *ResidueGroup) QuadraticResidueGroup(bitlen uint, rand cipher.Stream)

Initialize Residue group parameters for a quadratic residue group, by picking primes P and Q such that P=2Q+1 and the smallest valid generator G for this group.

func (*ResidueGroup) Scalar

func (g *ResidueGroup) Scalar() abstract.Scalar

Create a Scalar associated with this Residue group, with an initial value of nil.

func (*ResidueGroup) ScalarLen

func (g *ResidueGroup) ScalarLen() int

Return the number of bytes in the encoding of a Scalar for this Residue group.

func (*ResidueGroup) SetParams

func (g *ResidueGroup) SetParams(P, Q, R, G *big.Int)

Explicitly initialize a ResidueGroup with given parameters.

func (*ResidueGroup) String

func (g *ResidueGroup) String() string

func (*ResidueGroup) Valid

func (g *ResidueGroup) Valid() bool

Validate the parameters for a Residue group, checking that P and Q are prime, P=Q*R+1, and that G is a valid generator for this group.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL