jq255e

package
v0.0.0-...-3227541 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2022 License: Unlicense Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Jq255eCheckPoint 

func Jq255eCheckPoint(src []byte) int

Test whether a given chunk of 32 bytes is a valid representation of a jq255e group element. This is faster than actually decoding it. Returned value is: 

 1   valid encoding of a non-neutral group element
 0   valid encoding of the neutral group element
-1   invalid encoding

func Jq255eKeyExchange 

func Jq255eKeyExchange(sk *Jq255ePrivateKey, peer_pk []byte) (secret [32]byte, ok int)

Key exchange with jq255e: given our private key, and the public key from the peer, a 32-byte shared secret is produced. The peer's public key is provided encoded; it should have length exactly 32 bytes. If the provided sequence of bytes has not length exactly 32 bytes, or if it is not otherwise a valid jq255e point encoding, then the key exchange fails. On failure, a byte sequence of the requested length is still generated; that byte sequence is not predictable by outsiders, and cannot be distinguished from the output of a successful ECDH exchange by outsiders. This is meant to support rare protocols where exchanged keys are not public, and the exchange should not have any validation semantics. The 'ok' returned value has value 1 on success, 0 on error (an 'int' is used to promote constant-time processing).

Types

type Jq255ePoint 

type Jq255ePoint struct {
	// contains filtered or unexported fields
}

Jq255ePoint is the type for a jq255e point.

Default value for a point structure is not valid. The NewJq255ePoint() function makes sure to return only initialized structures. If allocating a point structure manually, make sure to properly set it to a valid point before using it as source.

func Jq255eHashToCurve 

func Jq255eHashToCurve(data []byte, opts crypto.SignerOpts) (*Jq255ePoint, error)

Hash some input data into a curve point. The input data ('data') is either raw or pre-hashed, as identified by the opts parameter. If the hash function identifier is not recognized, then an error is returned. Otherwise, the output point is returned.

func NewJq255ePoint 

func NewJq255ePoint() *Jq255ePoint

Create a new point. The point is set to the group neutral element (N).

func (*Jq255ePoint) Add 

func (P *Jq255ePoint) Add(P1, P2 *Jq255ePoint) *Jq255ePoint

Set this point to the sum of the two provided points. A pointer to this structure (P) is returned.

func (*Jq255ePoint) Bytes 

func (P *Jq255ePoint) Bytes() [32]byte

Encode a point into exactly 32 bytes.

func (*Jq255ePoint) Decode 

func (P *Jq255ePoint) Decode(src []byte) int

Decode a point from exactly 32 bytes. Returned value is 1 if the point could be successfully decoded into a non-neutral group element, 0 if it could be successfully decoded as the neutral element, or -1 if it could not be decoded. If the decoding was not successful, then the destination structure is set to the neutral element.

This function is constant-time with regard to the decoded value and also with regard to the validity status (timing-based side channels do not leak whether the value was found to be a valid point).

Returned value is: 

 1   valid encoding of a non-neutral group element
 0   valid encoding of the neutral element
-1   invalid encoding

func (*Jq255ePoint) Double 

func (P *Jq255ePoint) Double(Q *Jq255ePoint) *Jq255ePoint

Set this point (P) to the double of the provided point Q. A pointer to this structure (P) is returned.

func (*Jq255ePoint) DoubleX 

func (P *Jq255ePoint) DoubleX(Q *Jq255ePoint, n uint) *Jq255ePoint

Set this point (P) to (2^n)*Q (i.e. perform n successive doublings). This function is constant-time with regard to the point values, but not to the number of doublings (n); computation time is proportional to n. A pointer to this structure (P) is returned.

func (*Jq255ePoint) Encode 

func (P *Jq255ePoint) Encode(dst []byte) []byte

Encode a point into exactly 32 bytes. The bytes are appended to the provided slice; the new slice is returned. The extension is done in place if the provided slice has enough capacity.

func (*Jq255ePoint) Equal 

func (P *Jq255ePoint) Equal(Q *Jq255ePoint) int

Test whether this structure (P) represents the same point as the provided other structure (Q). Returned value is 1 if both points are the same, 0 otherwise.

func (*Jq255ePoint) Generator 

func (P *Jq255ePoint) Generator() *Jq255ePoint

Set the point P to the conventional generator (G). A pointer to this structure is returned.

func (*Jq255ePoint) IsNeutral 

func (P *Jq255ePoint) IsNeutral() int

Test whether a point is the neutral element. Returned value is 1 for the neutral, 0 otherwise.

func (*Jq255ePoint) MapBytes 

func (P *Jq255ePoint) MapBytes(bb []byte) *Jq255ePoint

Map a sequence of bytes into a curve element. The mapping is not injective or surjective, and not uniform among possible outputs; however, any given point has only a limited number of possible pre-images by the map. A hash-to-curve process can be built on top of this map, as follows:

  • Hash some input data in 64 bytes, with a secure hash function or XOF (e.g. SHAKE).
  • Split these 64 bytes into two halves, and map each of them to a point with this map.
  • Add the two points together.

func (*Jq255ePoint) Mul 

func (P *Jq255ePoint) Mul(Q *Jq255ePoint, n *Jq255eScalar) *Jq255ePoint

Multiply a point Q by a given scalar n. A pointer to this structure (P) is returned.

func (*Jq255ePoint) Mul128AddMulGenVartime 

func (P *Jq255ePoint) Mul128AddMulGenVartime(Q *Jq255ePoint, c *[2]uint64, s *Jq255eScalar) *Jq255ePoint

Set this structure (P) to Q*c + s*G, for a 128-bit unsigned integer c (provided as two 64-bit limbs, in little-endian order), scalar s, and conventional generator G. A pointer to this structure (P) is returned.

func (*Jq255ePoint) MulGen 

func (P *Jq255ePoint) MulGen(n *Jq255eScalar) *Jq255ePoint

Multiply the conventional generator by a given scalar n. This is functionally equivalent (but faster) to P.Generator().Mul(&P, n). A pointer to this structure (P) is returned.

func (*Jq255ePoint) Neg 

func (P *Jq255ePoint) Neg(Q *Jq255ePoint) *Jq255ePoint

Set P to the opposite of point Q. A pointer to this structure (P) is returned.

func (*Jq255ePoint) Neutral 

func (P *Jq255ePoint) Neutral() *Jq255ePoint

Set the point P to the neutral element (N). A pointer to this structure is returned.

func (*Jq255ePoint) Select 

func (P *Jq255ePoint) Select(P1, P2 *Jq255ePoint, ctl int)

If ctl == 1, then copy point Q1 into P. If ctl == 0, then copy point Q2 into P. ctl MUST be 0 or 1. This is a constant-time selection primitive.

func (*Jq255ePoint) Set 

func (P *Jq255ePoint) Set(Q *Jq255ePoint) *Jq255ePoint

Copy a point structure into another. A pointer to this structure is returned.

func (*Jq255ePoint) Sub 

func (P *Jq255ePoint) Sub(P1, P2 *Jq255ePoint) *Jq255ePoint

Set this point to the difference of the two provided points (P1 - P2). A pointer to this structure (P) is returned.

type Jq255ePrivateKey 

type Jq255ePrivateKey struct {
	// contains filtered or unexported fields
}

A private key structure contains a private key, i.e. a non-zero scalar for jq255e. For efficiency reasons, it internally caches a copy of the public key as well.

func Jq255eDecodePrivateKey 

func Jq255eDecodePrivateKey(src []byte) (*Jq255ePrivateKey, error)

Decode a private key from bytes. This function expects exactly 32 bytes. If the provided slice does not have length exactly 32, or if what it contains is not the canonical encoding of a valid non-zero scalar for jq255e, then this function returns nil and an error.

func Jq255eGenerateKeyPair 

func Jq255eGenerateKeyPair(rand io.Reader) (*Jq255ePrivateKey, error)

Key pair generation with jq255e: from a random source 'rand', a private key (a scalar value) and the corresponding public key (group element) are generated. The random source MUST be cryptographically secure. If 'rand' is nil, then crypto/rand.Reader is used (this is the recommended way).

func (*Jq255ePrivateKey) Encode 

func (sk *Jq255ePrivateKey) Encode(dst []byte) []byte

Encode a private key into bytes. The private key (exactly 32 bytes) is appended to the provided slice. If 'dst' has enough capacity, then it is returned; otherwise, a new slice is allocated, and receives the concatenation of the current contents of 'dst' and the encoded private key.

func (*Jq255ePrivateKey) Public 

func (sk *Jq255ePrivateKey) Public() *Jq255ePublicKey

Get the public key corresponding to a given private key.

func (*Jq255ePrivateKey) Sign 

func (sk *Jq255ePrivateKey) Sign(rand io.Reader, data []byte, opts crypto.SignerOpts) (signature []byte, err error)

Schnorr signature with jq255e. The data to sign ('data') may be either raw data, or a hash value. The 'opts' parameter specifies the hash function that was used to pre-hash the data (use crypto.Hash(0) for raw data).

If 'rand' is nil, then the signature is deterministic (this is safe). If 'rand' is not nil, then 32 bytes are read from it and used to complement the internal per-signature nonce generation process, making the signature non-deterministic, in case a specific protocol requires this property. Non-deterministic signatures might also improve implementation robustness against some kinds of physical attacks (in particular fault attacks). It is not necessary that the extra randomness returned by 'rand' has high quality; the security of the signature will be maintained in all case, even if that data is fully predictable.

The signature is returned as a newly allocated slice. Its length is exactly 48 bytes. An error is reported if 'rand' is not nil but a read attempt returns an error. An error is also reported if the hash function identified by 'opts' is not known.

type Jq255ePublicKey 

type Jq255ePublicKey struct {
	// contains filtered or unexported fields
}

A public key structure contains a non-neutral group element.

func Jq255eDecodePublicKey 

func Jq255eDecodePublicKey(src []byte) (*Jq255ePublicKey, error)

Decode a public key from bytes. This function expects exactly 32 bytes. If the provided slice does not have length exactly 32, or if what it contains is not the canonical encoding of a valid non-neutral jq255e element, then this function returns nil and an error.

func (*Jq255ePublicKey) Encode 

func (pk *Jq255ePublicKey) Encode(dst []byte) []byte

Encode a public key into bytes. The public key (exactly 32 bytes) is appended to the provided slice. If 'dst' has enough capacity, then it is returned; otherwise, a new slice is allocated, and receives the concatenation of the current contents of 'dst' and the encoded public key.

func (Jq255ePublicKey) Equal 

func (pk Jq255ePublicKey) Equal(other crypto.PublicKey) bool

Test whether a public key is equal to another.

func (*Jq255ePublicKey) VerifyVartime 

func (pk *Jq255ePublicKey) VerifyVartime(data []byte, opts crypto.SignerOpts, sig []byte) bool

Verify a signature on a message, relatively to a public key.

The message data is provided in 'data'. This is interpreted as raw data if opts is crypto.Hash(0)); otherwise, it will be considered to be pre-hashed data, processed with the hash function identified by opts.

Returned value is true if the hash function is recognized, and the signature is valid relatively to the provided public key. In all other cases, false is returned.

This function is not constant-time, under the assumption that public keys and signatures are public data.

type Jq255eScalar 

type Jq255eScalar [4]uint64

Jq255eScalar is the type for an integer modulo the prime order of the jq255e group. Default value is zero.

func (*Jq255eScalar) Add 

func (s *Jq255eScalar) Add(a, b *Jq255eScalar) *Jq255eScalar

Scalar addition: s is set to a + b (mod r). A pointer to s is returned.

func (*Jq255eScalar) Bytes 

func (s *Jq255eScalar) Bytes() [32]byte

Encode a scalar into exactly 32 bytes.

func (*Jq255eScalar) Decode 

func (s *Jq255eScalar) Decode(src []byte) int

Decode a scalar from exactly 32 bytes. Returned value is: 

 1   scalar properly decoded, value is not zero
 0   scalar properly decoded, value is zero
-1   source bytes were not a valid scalar encoding

If the decoding fails, then the scalar value is forced to zero.

func (*Jq255eScalar) DecodeReduce 

func (s *Jq255eScalar) DecodeReduce(src []byte)

Decode a scalar from some bytes. All provided bytes are read and interpreted as an integer in unsigned little endian convention, which is reduced modulo the curve subgroup order. This process cannot fail.

func (*Jq255eScalar) Encode 

func (s *Jq255eScalar) Encode(dst []byte) []byte

Encode a scalar into exactly 32 bytes. The bytes are appended to the provided slice; the new slice is returned. The extension is done in place if the provided slice has enough capacity.

func (*Jq255eScalar) Equal 

func (s *Jq255eScalar) Equal(a *Jq255eScalar) int

Compare two scalars together. Returned value is 1 if the scalars are equal to each other, 0 otherwise.

func (*Jq255eScalar) IsZero 

func (s *Jq255eScalar) IsZero() int

Compare a scalar with zero. Returned value is 1 if the scalar is zero, 0 otherwise.

func (*Jq255eScalar) Mul 

func (s *Jq255eScalar) Mul(a, b *Jq255eScalar) *Jq255eScalar

Scalar multiplication: s is set to a*b (mod r). A pointer to s is returned.

func (*Jq255eScalar) Neg 

func (s *Jq255eScalar) Neg(a *Jq255eScalar) *Jq255eScalar

Scalar negation: s is set to -a (mod r). A pointer to s is returned.

func (*Jq255eScalar) SplitMu 

func (k *Jq255eScalar) SplitMu(k0, k1 *[2]uint64)

Split scalar k (256 bits) into k0 and k1 (128 bits each, signed), such that k = k0 + k1*mu mod r, where mu is a square root of -1 modulo r.

func (*Jq255eScalar) Sub 

func (s *Jq255eScalar) Sub(a, b *Jq255eScalar) *Jq255eScalar

Scalar subtraction: s is set to a - b (mod r). A pointer to s is returned.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.