nist

package
v0.0.0-...-0b3308b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 19, 2017 License: MPL-2.0 Imports: 17 Imported by: 8

Documentation

Overview

Package nist implements cryptographic groups and ciphersuites based on the NIST standards, using Go's built-in crypto library.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAES128SHA256P256 

func NewAES128SHA256P256() abstract.Suite

Ciphersuite based on AES-128, SHA-256, and the NIST P-256 elliptic curve.

func NewAES128SHA256QR512 

func NewAES128SHA256QR512() abstract.Suite

Ciphersuite based on AES-128, SHA-256, and a residue group of quadratic residues modulo a 512-bit prime. This group size should be used only for testing and experimentation; 512-bit DSA-style groups are no longer considered secure.

Types

type ByteOrder 

type ByteOrder bool
const (
	LittleEndian ByteOrder = true
	BigEndian    ByteOrder = false
)

type Int 

type Int struct {
	V  big.Int   // Integer value from 0 through M-1
	M  *big.Int  // Modulus for finite field arithmetic
	BO ByteOrder // Endianness considered for this int
}

Int is a generic implementation of finite field arithmetic on integer finite fields with a given constant modulus, built using Go's built-in big.Int package. Int satisfies the abstract abstract.Scalar interface, and hence serves as a basic implementation of abstract.Scalar, e.g., representing discrete-log exponents of Schnorr groups or scalar multipliers for elliptic curves.

Int offers an API similar to and compatible with big.Int, but "carries around" a pointer to the relevant modulus and automatically normalizes the value to that modulus after all arithmetic operations, simplifying modular arithmetic. Binary operations assume that the source(s) have the same modulus, but do not check this assumption. Unary and binary arithmetic operations may be performed on uninitialized target objects, and receive the modulus of the first operand. For efficiency the modulus field M is a pointer, whose target is assumed never to change.

func NewInt 

func NewInt(v *big.Int, m *big.Int) *Int

NewInt creaters a new Int with a given big.Int and a big.Int modulus.

func NewInt64 

func NewInt64(v int64, M *big.Int) *Int

NewInt64 creates a new Int with a given int64 value and big.Int modulus.

func NewIntBytes 

func NewIntBytes(a []byte, m *big.Int) *Int

NewIntBytes creates a new Int with a given slice of bytes and a big.Int modulus.

func NewIntString 

func NewIntString(n, d string, base int, m *big.Int) *Int

NewIntString creates a new Int with a given string and a big.Int modulus. The value is set to a rational fraction n/d in a given base.

func (*Int) Add 

func (i *Int) Add(a, b abstract.Scalar) abstract.Scalar

Set target to a + b mod M, where M is a's modulus..

func (*Int) BigEndian 

func (i *Int) BigEndian(min, max int) []byte

Encode the value of this Int into a big-endian byte-slice at least min bytes but no more than max bytes long. Panics if max != 0 and the Int cannot be represented in max bytes.

func (*Int) Bytes 

func (i *Int) Bytes() []byte

Bytes returns the variable length byte slice of the value. It returns the byte slice using the same endianness as i.

func (*Int) Clone 

func (i *Int) Clone() abstract.Scalar

func (*Int) Cmp 

func (i *Int) Cmp(s2 abstract.Scalar) int

Compare two Ints for equality or inequality

func (*Int) Div 

func (i *Int) Div(a, b abstract.Scalar) abstract.Scalar

Set to a * b^-1 mod M, where b^-1 is the modular inverse of b.

func (*Int) Equal 

func (i *Int) Equal(s2 abstract.Scalar) bool

Test two Ints for equality

func (*Int) Exp 

func (i *Int) Exp(a abstract.Scalar, e *big.Int) abstract.Scalar

Set to a^e mod M, where e is an arbitrary big.Int exponent (not necessarily 0 <= e < M).

func (*Int) HideDecode 

func (i *Int) HideDecode(buf []byte)

HideDecode a uniform representation of this object from a slice, whose length must be exactly HideLen().

func (*Int) HideEncode 

func (i *Int) HideEncode(rand cipher.Stream) []byte

HideEncode a Int such that it appears indistinguishable from a HideLen()-byte string chosen uniformly at random, assuming the Int contains a uniform integer modulo M. For a Int this always succeeds and returns non-nil.

func (*Int) HideLen 

func (i *Int) HideLen() int

Return the length in bytes of a uniform byte-string encoding of this Int, satisfying the requirements of the Hiding interface. For a Int this is always the same length as the normal encoding.

func (*Int) Init 

func (i *Int) Init(V *big.Int, m *big.Int) *Int

Initialize a Int with a given big.Int value and modulus pointer. Note that the value is copied; the modulus is not.

func (*Int) Init64 

func (i *Int) Init64(v int64, m *big.Int) *Int

Initialize a Int with an int64 value and big.Int modulus.

func (*Int) InitBytes 

func (i *Int) InitBytes(a []byte, m *big.Int) *Int

Initialize to a number represented in a big-endian byte string.

func (*Int) InitString 

func (i *Int) InitString(n, d string, base int, m *big.Int) *Int

Initialize a Int to a rational fraction n/d specified with a pair of strings in a given base.

func (*Int) Int64 

func (i *Int) Int64() int64

Return the int64 representation of the value. If the value is not representable in an int64 the result is undefined.

func (*Int) Inv 

func (i *Int) Inv(a abstract.Scalar) abstract.Scalar

Set to the modular inverse of a with respect to modulus M.

func (*Int) Jacobi 

func (i *Int) Jacobi(as abstract.Scalar) abstract.Scalar

Set to the Jacobi symbol of (a/M), which indicates whether a is zero (0), a positive square in M (1), or a non-square in M (-1).

func (*Int) LittleEndian 

func (i *Int) LittleEndian(min, max int) []byte

Encode the value of this Int into a little-endian byte-slice at least min bytes but no more than max bytes long. Panics if max != 0 and the Int cannot be represented in max bytes.

func (*Int) MarshalBinary 

func (i *Int) MarshalBinary() ([]byte, error)

Encode the value of this Int into a byte-slice exactly Len() bytes long.

func (*Int) MarshalSize 

func (i *Int) MarshalSize() int

Return the length in bytes of encoded integers with modulus M. The length of encoded Ints depends only on the size of the modulus, and not on the the value of the encoded integer, making the encoding is fixed-length for simplicity and security.

func (*Int) MarshalTo 

func (i *Int) MarshalTo(w io.Writer) (int, error)

func (*Int) Mul 

func (i *Int) Mul(a, b abstract.Scalar) abstract.Scalar

Set to a * b mod M. Target receives a's modulus.

func (*Int) Neg 

func (i *Int) Neg(a abstract.Scalar) abstract.Scalar

Set to -a mod M.

func (*Int) Nonzero 

func (i *Int) Nonzero() bool

Returns true if the integer value is nonzero.

func (*Int) One 

func (i *Int) One() abstract.Scalar

Set to the value 1. The modulus must already be initialized.

func (*Int) Pick 

func (i *Int) Pick(rand cipher.Stream) abstract.Scalar

Pick a [pseudo-]random integer modulo M using bits from the given stream cipher.

func (*Int) Set 

func (i *Int) Set(a abstract.Scalar) abstract.Scalar

Set both value and modulus to be equal to another Int. Since this method copies the modulus as well, it may be used as an alternative to Init().

func (*Int) SetBytes 

func (i *Int) SetBytes(a []byte) abstract.Scalar

SetBytes set the value value to a number represented by a byte string. Endianness depends on the endianess set in i.

func (*Int) SetInt64 

func (i *Int) SetInt64(v int64) abstract.Scalar

Set to an arbitrary 64-bit "small integer" value. The modulus must already be initialized.

func (*Int) SetString 

func (i *Int) SetString(n, d string, base int) (*Int, bool)

Set value to a rational fraction n/d represented by a pair of strings. If d == "", then the denominator is taken to be 1. Returns (i,true) on success, or (nil,false) if either string fails to parse.

func (*Int) SetUint64 

func (i *Int) SetUint64(v uint64) abstract.Scalar

Set to an arbitrary uint64 value. The modulus must already be initialized.

func (*Int) Sqrt 

func (i *Int) Sqrt(as abstract.Scalar) bool

Compute some square root of a mod M of one exists. Assumes the modulus M is an odd prime. Returns true on success, false if input a is not a square. (This really should be part of Go's big.Int library.)

func (*Int) String 

func (i *Int) String() string

Return the Int's integer value in decimal string representation.

func (*Int) Sub 

func (i *Int) Sub(a, b abstract.Scalar) abstract.Scalar

Set target to a - b mod M. Target receives a's modulus.

func (*Int) Uint64 

func (i *Int) Uint64() uint64

Return the uint64 representation of the value. If the value is not representable in an uint64 the result is undefined.

func (*Int) UnmarshalBinary 

func (i *Int) UnmarshalBinary(buf []byte) error

Attempt to decode a Int from a byte-slice buffer. Returns an error if the buffer is not exactly Len() bytes long or if the contents of the buffer represents an out-of-range integer.

func (*Int) UnmarshalFrom 

func (i *Int) UnmarshalFrom(r io.Reader) (int, error)

func (*Int) Zero 

func (i *Int) Zero() abstract.Scalar

Set to the value 0. The modulus must already be initialized.

type ResidueGroup 

type ResidueGroup struct {
	dsa.Parameters
	R *big.Int
}

A ResidueGroup represents a DSA-style modular integer arithmetic group, defined by two primes P and Q and an integer R, such that P = Q*R+1. Points in a ResidueGroup are R-residues modulo P, and Scalars are integer exponents modulo the group order Q.

In traditional DSA groups P is typically much larger than Q, and hence use a large multiple R. This is done to minimize the computational cost of modular exponentiation while maximizing security against known classes of attacks: P must be on the order of thousands of bits long while for security Q is believed to require only hundreds of bits. Such computation-optimized groups are suitable for Diffie-Hellman agreement, DSA or ElGamal signatures, etc., which depend on Point.Mul() and homomorphic properties.

However, residue groups with large R are less suitable for public-key cryptographic techniques that require choosing Points pseudo-randomly or to contain embedded data, as required by ElGamal encryption for example, or by Dissent's hash-generator construction for verifiable DC-nets. For such purposes quadratic residue groups are more suitable - representing the special case where R=2 and hence P=2Q+1. As a result, the Point.Pick() method should be expected to work efficiently ONLY on quadratic residue groups in which R=2.

func (*ResidueGroup) Order 

func (g *ResidueGroup) Order() *big.Int

Returns the order of this Residue group, namely the prime Q.

func (*ResidueGroup) Point 

func (g *ResidueGroup) Point() abstract.Point

Create a Point associated with this Residue group, with an initial value of nil.

func (*ResidueGroup) PointLen 

func (g *ResidueGroup) PointLen() int

Return the number of bytes in the encoding of a Point for this Residue group.

func (*ResidueGroup) PrimeOrder 

func (g *ResidueGroup) PrimeOrder() bool

func (*ResidueGroup) QuadraticResidueGroup 

func (g *ResidueGroup) QuadraticResidueGroup(bitlen uint, rand cipher.Stream)

Initialize Residue group parameters for a quadratic residue group, by picking primes P and Q such that P=2Q+1 and the smallest valid generator G for this group.

func (*ResidueGroup) Scalar 

func (g *ResidueGroup) Scalar() abstract.Scalar

Create a Scalar associated with this Residue group, with an initial value of nil.

func (*ResidueGroup) ScalarLen 

func (g *ResidueGroup) ScalarLen() int

Return the number of bytes in the encoding of a Scalar for this Residue group.

func (*ResidueGroup) SetParams 

func (g *ResidueGroup) SetParams(P, Q, R, G *big.Int)

Explicitly initialize a ResidueGroup with given parameters.

func (*ResidueGroup) String 

func (g *ResidueGroup) String() string

func (*ResidueGroup) Valid 

func (g *ResidueGroup) Valid() bool

Validate the parameters for a Residue group, checking that P and Q are prime, P=Q*R+1, and that G is a valid generator for this group.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.