Documentation ¶
Overview ¶
Package jubjub provides an implementation of the Jubjub elliptic curve used in Zcash.
Index ¶
- Variables
- type FieldElement
- func (z *FieldElement) Add(x, y *FieldElement) *FieldElement
- func (z *FieldElement) Cmp(x *FieldElement) int
- func (z *FieldElement) Equals(x *FieldElement) bool
- func (z *FieldElement) Exp(x, y *FieldElement) *FieldElement
- func (z *FieldElement) ModInverse(x *FieldElement) *FieldElement
- func (z *FieldElement) ModSqrt(x *FieldElement) *FieldElement
- func (z *FieldElement) Mul(x, y *FieldElement) *FieldElement
- func (z *FieldElement) Neg(x *FieldElement) *FieldElement
- func (z *FieldElement) Set(x *FieldElement) *FieldElement
- func (z *FieldElement) Sub(x, y *FieldElement) *FieldElement
- func (z *FieldElement) ToBytes() []byte
- type Jubjub
- func (curve *Jubjub) Add(p1 *Point, p2 *Point) *Point
- func (curve *Jubjub) Decompress(compressed []byte) (*Point, error)
- func (curve *Jubjub) Double(p1 *Point) *Point
- func (curve *Jubjub) FeFromBytes(in []byte) *FieldElement
- func (curve *Jubjub) Generator() *Point
- func (curve *Jubjub) Identity() *Point
- func (curve *Jubjub) ScalarFromBig(n *big.Int) (*Scalar, error)
- func (curve *Jubjub) ScalarFromBytes(in []byte) (*Scalar, error)
- func (curve *Jubjub) ScalarMult(scalar *Scalar, point *Point) (*Point, error)
- func (curve *Jubjub) SubgroupGenerator() *Point
- type Point
- func (p *Point) Add(p1 *Point, p2 *Point) *Point
- func (p *Point) Clone() *Point
- func (p *Point) Compress() []byte
- func (p *Point) Double(p1 *Point) *Point
- func (p *Point) Equals(q *Point) bool
- func (p *Point) IsIdentity() bool
- func (p *Point) IsOnCurve() bool
- func (p *Point) MarshalBinary() ([]byte, error)
- func (p *Point) MulByCofactor() *Point
- func (p *Point) Neg(q *Point) *Point
- func (p *Point) UnmarshalBinary(compressed []byte) error
- type Scalar
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidPoint error = errors.New("not a valid jubjub point") ErrIdentity = errors.New("point was in the h-torsion") )
var (
ErrScalarOutOfRange = errors.New("scalar was not in the correct range")
)
Functions ¶
This section is empty.
Types ¶
type FieldElement ¶
type FieldElement struct {
// contains filtered or unexported fields
}
FieldElement is an element of an arbitrary integer field.
func (*FieldElement) Add ¶
func (z *FieldElement) Add(x, y *FieldElement) *FieldElement
Add sets z to the sum x+y, reducing the result by the field order, and returns z.
func (*FieldElement) Cmp ¶
func (z *FieldElement) Cmp(x *FieldElement) int
Cmp compares x and y and returns
-1 if x < y 0 if x == y +1 if x > y
func (*FieldElement) Equals ¶
func (z *FieldElement) Equals(x *FieldElement) bool
Equals compares two field elements and returns true if they are equal.
func (*FieldElement) Exp ¶
func (z *FieldElement) Exp(x, y *FieldElement) *FieldElement
Exp sets z = x**y mod |m| (i.e. the sign of m is ignored), and returns z. If m == nil or m == 0, z = x**y unless y <= 0 then z = 1. If m > 0, y < 0, and x and n are not relatively prime, z is unchanged and nil is returned. m is always the order of the field.
func (*FieldElement) ModInverse ¶
func (z *FieldElement) ModInverse(x *FieldElement) *FieldElement
ModInverse sets z to the multiplicative inverse of x in the field and returns z.
func (*FieldElement) ModSqrt ¶
func (z *FieldElement) ModSqrt(x *FieldElement) *FieldElement
ModSqrt sets z to a square root of x in the field if such a square root exists, and returns z. If x is not a square in the field, ModSqrt leaves z unchanged and returns nil.
func (*FieldElement) Mul ¶
func (z *FieldElement) Mul(x, y *FieldElement) *FieldElement
Mul sets z to the product x*y, reducing the result by the field order, and returns z.
func (*FieldElement) Neg ¶
func (z *FieldElement) Neg(x *FieldElement) *FieldElement
Neg sets z to -x and returns z.
func (*FieldElement) Set ¶
func (z *FieldElement) Set(x *FieldElement) *FieldElement
Set sets z to x and returns z.
func (*FieldElement) Sub ¶
func (z *FieldElement) Sub(x, y *FieldElement) *FieldElement
Sub sets z to the difference x-y, reducing the result by the field order, and returns z.
func (*FieldElement) ToBytes ¶
func (z *FieldElement) ToBytes() []byte
ToBytes converts z to a little-endian bytestring and returns the bytes.
type Jubjub ¶
type Jubjub struct {
// contains filtered or unexported fields
}
Jubjub provides a context for working with the Jubjub elliptic curve.
func Curve ¶
func Curve() *Jubjub
Curve initializes a bunch of values needed for working with the Jubjub curve and returns a handle to that context.
func (*Jubjub) Decompress ¶
Decompress reads a compressed Edwards point and returns that point or an error if it is invalid.
func (*Jubjub) FeFromBytes ¶
func (curve *Jubjub) FeFromBytes(in []byte) *FieldElement
FeFromBytes reads a field element from little-endian bytes and returns it. If the value is larger than the size of the field, FeFromBytes will return a reduced value.
func (*Jubjub) Generator ¶
Generator returns a generator for the full 8*q group on Jubjub, the positive point with y-value 11.
func (*Jubjub) ScalarFromBig ¶
ScalarFromBig converts a big.Int into a Scalar value in the correct range. If the value of the Int is outside the order of the subgroup, ScalarFromBig additionally returns an error indicating this was the case.
func (*Jubjub) ScalarFromBytes ¶
ScalarFromBytes reads a scalar value from little-endian bytes and returns it. If the value of the Int is outside the order of the subgroup, ScalarFromBytes reduces it.
func (*Jubjub) ScalarMult ¶
ScalarMult multiplies the point by the scalar and returns a newly allocated result point. It returns an error if the point is not on the curve.
func (*Jubjub) SubgroupGenerator ¶
SubgroupGenerator returns a generator for the prime-order subgroup of Jubjub.
type Point ¶
type Point struct {
// contains filtered or unexported fields
}
Point is a point on Jubjub.
func (*Point) Compress ¶
Compress returns a representation of the point in compressed Edwards y format, ignoring whether or not the point is valid. If you are not confident in the provenance of your point, use MarshalBinary directly to receive the error from the check.
func (*Point) IsIdentity ¶
IsIdentity returns true if the point is the identity point, and false if not.
func (*Point) MarshalBinary ¶
MarshalBinary returns the point in "compressed Edwards y" format.
func (*Point) MulByCofactor ¶
MulByCofactor sets p to the value of h*p and returns p.
func (*Point) UnmarshalBinary ¶
UnmarshalBinary reads a Jubjub point in compressed Edwards y format and attempts to decompress it.