curve

package
v0.0.0-...-1f23a7b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2023 License: BSD-3-Clause Imports: 11 Imported by: 9

Documentation

Overview

Package curve provides group operations on the Edwards and Montgomery forms of Curve25519, and on the prime-order Ristretto group.

Most users should NOT use this package.

Index

Constants

View Source 
const (
	// CompressedPointSize is the size of a compressed point in bytes.
	CompressedPointSize = 32

	// MontgomeryPointSize is the size of the u-coordinate of a point on
	// the Montgomery form in bytes.
	MontgomeryPointSize = 32

	// RistrettoUniformSize is the size of the uniformly random bytes
	// required to construct a random Ristretto point.
	RistrettoUniformSize = 64
)

Variables

View Source 
var (
	// ED25519_BASEPOINT_COMPRESSED is the Ed25519 basepoint, in
	// CompressedEdwardsY format.
	ED25519_BASEPOINT_COMPRESSED = &CompressedEdwardsY{
		0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
		0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
		0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
		0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
	}

	// X25519_BASEPOINT is the X25519 basepoint, in MontgomeryPoint
	// format.
	X25519_BASEPOINT = &MontgomeryPoint{
		0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	}

	// RISTRETTO_BASEPOINT_COMPRESED is the Ristretto basepoint, in
	// CompressedRistretto format.
	RISTRETTO_BASEPOINT_COMPRESSED = &CompressedRistretto{
		0xe2, 0xf2, 0xae, 0x0a, 0x6a, 0xbc, 0x4e, 0x71,
		0xa8, 0x84, 0xa9, 0x61, 0xc5, 0x00, 0x51, 0x5f,
		0x58, 0xe3, 0x0b, 0x6a, 0xa5, 0x82, 0xdd, 0x8d,
		0xb6, 0xa6, 0x59, 0x45, 0xe0, 0x8d, 0x2d, 0x76,
	}

	// RISTRETTO_BASEPOINT_POINT is the Ristretto basepoint, in
	// RistrettoPoint format.
	RISTRETTO_BASEPOINT_POINT = &RistrettoPoint{
		inner: *ED25519_BASEPOINT_POINT,
	}

	// RISTRETTO_BASEPOINT_TABLE is the Ristretto basepoint, as a
	// RistrettoBasepointTable for scalar multiplication.
	RISTRETTO_BASEPOINT_TABLE = &RistrettoBasepointTable{
		inner: *ED25519_BASEPOINT_TABLE,
	}
)
View Source 
var (
	// ED25519_BASEPOINT_POINT is the Ed25519 basepoint as an EdwardsPoint.
	ED25519_BASEPOINT_POINT = newEdwardsPoint(
		field.NewElement51(
			1738742601995546,
			1146398526822698,
			2070867633025821,
			562264141797630,
			587772402128613,
		),
		field.NewElement51(
			1801439850948184,
			1351079888211148,
			450359962737049,
			900719925474099,
			1801439850948198,
		),
		field.NewElement51(1, 0, 0, 0, 0),
		field.NewElement51(
			1841354044333475,
			16398895984059,
			755974180946558,
			900171276175154,
			1821297809914039,
		),
	)

	// The 8-torsion subgroup (E[8]).
	EIGHT_TORSION = eightTorsionInnerDocHidden
)
View Source 
var (
	// ED25519_BASEPOINT_TABLE is a table containing precomputed multiples of
	// the Ed25519 basepoint (B = (x, 4/5)).
	ED25519_BASEPOINT_TABLE = edwardsBasepointTableInnerDocHidden
)

Functions

This section is empty.

Types

type CompressedEdwardsY 

type CompressedEdwardsY [CompressedPointSize]byte

CompressedEdwardsY represents a curve point by the y-coordinate and the sign of x.

func NewCompressedEdwardsY 

func NewCompressedEdwardsY() *CompressedEdwardsY

NewCompressedEdwardsY constructs a new compressed Edwards point, set to the identity element.

func NewCompressedEdwardsYFromBytes 

func NewCompressedEdwardsYFromBytes(in []byte) (*CompressedEdwardsY, error)

NewCompressedEdwardsYFromBytes constructs a new compressed Edwards point, set to provided byte representation.

func (*CompressedEdwardsY) Equal 

func (p *CompressedEdwardsY) Equal(other *CompressedEdwardsY) int

Equal returns 1 iff the compressed points are equal, 0 otherwise. This function will execute in constant-time.

This routine does a byte-comparison and will return 0 if comparing the canonical and non-canonical encodings of the same point.

func (*CompressedEdwardsY) Identity 

func (p *CompressedEdwardsY) Identity() *CompressedEdwardsY

Identity sets the compressed point to the identity element.

func (*CompressedEdwardsY) IsCanonicalVartime 

func (p *CompressedEdwardsY) IsCanonicalVartime() bool

IsCanonicalVartime returns true if p is a canonical encoding in variable-time.

func (*CompressedEdwardsY) MarshalBinary 

func (p *CompressedEdwardsY) MarshalBinary() ([]byte, error)

MarshalBinary encodes the compressed Edwards point into a binary form and returns the result.

This function always produces output in canonical form.

func (*CompressedEdwardsY) SetBytes 

func (p *CompressedEdwardsY) SetBytes(in []byte) (*CompressedEdwardsY, error)

SetBytes constructs a compressed Edwards point from a byte representation.

func (*CompressedEdwardsY) SetEdwardsPoint 

func (p *CompressedEdwardsY) SetEdwardsPoint(point *EdwardsPoint) *CompressedEdwardsY

SetEdwardsPoint compresses an Edwards point.

func (*CompressedEdwardsY) UnmarshalBinary 

func (p *CompressedEdwardsY) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a binary serialized compressed Edwards point.

This function accepts non-canonical encodings, and rejects invalid points.

type CompressedRistretto 

type CompressedRistretto [CompressedPointSize]byte

CompressedRistretto represents a Ristretto point in wire format.

func NewCompressedRistretto 

func NewCompressedRistretto() *CompressedRistretto

NewCompressedRistretto constructs a new compressed Ristretto point, set to the identity element.

func (*CompressedRistretto) Equal 

func (p *CompressedRistretto) Equal(other *CompressedRistretto) int

Equal returns 1 iff the compressed points are equal, 0 otherwise. This function will execute in constant-time.

func (*CompressedRistretto) Identity 

func (p *CompressedRistretto) Identity() *CompressedRistretto

Identity sets the compressed point to the identity element.

func (*CompressedRistretto) MarshalBinary 

func (p *CompressedRistretto) MarshalBinary() ([]byte, error)

MarshalBinary encodes the compressed Ristretto point into a binary form and returns the result.

func (*CompressedRistretto) SetBytes 

func (p *CompressedRistretto) SetBytes(in []byte) (*CompressedRistretto, error)

SetBytes constructs a compressed Ristretto point from a byte representation.

func (*CompressedRistretto) SetRistrettoPoint 

func (p *CompressedRistretto) SetRistrettoPoint(ristrettoPoint *RistrettoPoint) *CompressedRistretto

SetRistrettoPoint compresses a Ristretto point into a CompressedRistretto.

func (*CompressedRistretto) UnmarshalBinary 

func (p *CompressedRistretto) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a binary serialized compressed Ristretto point.

type EdwardsBasepointTable 

type EdwardsBasepointTable struct {
	// contains filtered or unexported fields
}

EdwardsBasepointTable defines a precomputed table of multiples of a basepoint, for accelerating fixed-based scalar multiplication.

func NewEdwardsBasepointTable 

func NewEdwardsBasepointTable(basepoint *EdwardsPoint) *EdwardsBasepointTable

NewEdwardsBasepointTable creates a table of precomputed multiples of `basepoint`.

func (*EdwardsBasepointTable) Basepoint 

func (tbl *EdwardsBasepointTable) Basepoint() *EdwardsPoint

Basepoint returns the basepoint of the table.

type EdwardsPoint 

type EdwardsPoint struct {
	// contains filtered or unexported fields
}

EdwardsPoint represents a point on the Edwards form of Curve25519.

The default value is NOT valid and MUST only be used as a receiver.

func NewEdwardsPoint 

func NewEdwardsPoint() *EdwardsPoint

NewEdwardsPoint constructs a new Edwards point set to the identity element.

func (*EdwardsPoint) Add 

func (p *EdwardsPoint) Add(a, b *EdwardsPoint) *EdwardsPoint

Add sets `p = a + b`, and returns p.

func (*EdwardsPoint) ConditionalSelect 

func (p *EdwardsPoint) ConditionalSelect(a, b *EdwardsPoint, choice int)

ConditionalSelect sets the point to a iff choice == 0 and b iff choice == 1.

func (*EdwardsPoint) DoubleScalarMulBasepointVartime 

func (p *EdwardsPoint) DoubleScalarMulBasepointVartime(a *scalar.Scalar, A *EdwardsPoint, b *scalar.Scalar) *EdwardsPoint

DoubleScalarMulBasepointVartime sets `p = (aA + bB)` in variable-time, where B is the Ed25519 basepoint, and returns p.

func (*EdwardsPoint) Equal 

func (p *EdwardsPoint) Equal(other *EdwardsPoint) int

Equal returns 1 iff the points are equal, 0 otherwise. This function will execute in constant-time.

This function performs a canonicalized comparision. For example it will treat EdwardsPoints derived from the canonical and non-canonical compressed encodings as equal.

func (*EdwardsPoint) ExpandedDoubleScalarMulBasepointVartime 

func (p *EdwardsPoint) ExpandedDoubleScalarMulBasepointVartime(a *scalar.Scalar, A *ExpandedEdwardsPoint, b *scalar.Scalar) *EdwardsPoint

ExpandedDoubleScalarMulBasepointVartime sets `p = (aA + bB)` in variable-time, where B is the Ed25519 basepoint, and returns p.

func (*EdwardsPoint) ExpandedMultiscalarMulVartime 

func (p *EdwardsPoint) ExpandedMultiscalarMulVartime(staticScalars []*scalar.Scalar, staticPoints []*ExpandedEdwardsPoint, dynamicScalars []*scalar.Scalar, dynamicPoints []*EdwardsPoint) *EdwardsPoint

ExpandedMultiscalarMulVartime sets `p = staticScalars[0] * staticPoints[0] + ... + staticScalars[n] * staticPoints[n] + dynamicScalars[0] * dynamicPoints[0] + ... + dynamicScalars[n] * dynamicPoints[n]` in variable-time, and returns p.

WARNING: This function will panic if `len(staticScalars) != len(staticPoints)` or `len(dynamicScalars) != len(dynamicPoints)`.

func (*EdwardsPoint) ExpandedTripleScalarMulBasepointVartime 

func (p *EdwardsPoint) ExpandedTripleScalarMulBasepointVartime(a *scalar.Scalar, A *ExpandedEdwardsPoint, b *scalar.Scalar, C *EdwardsPoint) *EdwardsPoint

ExpandedTripleScalarMulBasepoint sets `p = [delta a]A + [delta b]B - [delta]C` in variable-time, where delta is a value invertible mod ell, which is selected internally to this method.

func (*EdwardsPoint) Identity 

func (p *EdwardsPoint) Identity() *EdwardsPoint

Identity sets the Edwards point to the identity element.

func (*EdwardsPoint) IsIdentity 

func (p *EdwardsPoint) IsIdentity() bool

IsIdentity returns true iff the point is equivalent to the identity element of the curve.

func (*EdwardsPoint) IsSmallOrder 

func (p *EdwardsPoint) IsSmallOrder() bool

IsSmallOrder returns true if p is in the torsion subgroup `E[8]`.

func (*EdwardsPoint) IsTorsionFree 

func (p *EdwardsPoint) IsTorsionFree() bool

IsTorsionFree returns true if p is "torsion-free", i.e., is contained in the prime-order subgroup.

func (*EdwardsPoint) MarshalBinary 

func (p *EdwardsPoint) MarshalBinary() ([]byte, error)

MarshalBinary encodes the Edwards point into a binary form and returns the result.

This function always produces output in canonical form.

func (*EdwardsPoint) Mul 

func (p *EdwardsPoint) Mul(point *EdwardsPoint, scalar *scalar.Scalar) *EdwardsPoint

Mul sets `p = point * scalar` in constant-time (variable-base scalar multiplication), and returns p.

func (*EdwardsPoint) MulBasepoint 

func (p *EdwardsPoint) MulBasepoint(basepoint *EdwardsBasepointTable, scalar *scalar.Scalar) *EdwardsPoint

MulBasepoint sets `p = basepoint * scalar` in constant-time, and returns p.

func (*EdwardsPoint) MulByCofactor 

func (p *EdwardsPoint) MulByCofactor(t *EdwardsPoint) *EdwardsPoint

MulByCofactor sets `p = [8]t`, and returns p.

func (*EdwardsPoint) MultiscalarMul 

func (p *EdwardsPoint) MultiscalarMul(scalars []*scalar.Scalar, points []*EdwardsPoint) *EdwardsPoint

MultiscalarMul sets `p = scalars[0] * points[0] + ... scalars[n] * points[n]` in constant-time, and returns p.

WARNING: This function will panic if `len(scalars) != len(points)`.

func (*EdwardsPoint) MultiscalarMulVartime 

func (p *EdwardsPoint) MultiscalarMulVartime(scalars []*scalar.Scalar, points []*EdwardsPoint) *EdwardsPoint

MultiscalarMulVartime sets `p = scalars[0] * points[0] + ... + scalars[n] * points[n]` in variable-time, and returns p.

WARNING: This function will panic if `len(scalars) != len(points)`.

func (*EdwardsPoint) Neg 

func (p *EdwardsPoint) Neg(t *EdwardsPoint) *EdwardsPoint

Neg sets `p = -t`, and returns p.

func (*EdwardsPoint) Set 

func (p *EdwardsPoint) Set(t *EdwardsPoint) *EdwardsPoint

Set sets `p = t`, and returns p.

func (*EdwardsPoint) SetCompressedY 

func (p *EdwardsPoint) SetCompressedY(compressedY *CompressedEdwardsY) (*EdwardsPoint, error)

SetCompressedY attempts to decompress a CompressedEdwardsY into an EdwardsPoint.

This function accepts non-canonical encodings of points.

func (*EdwardsPoint) SetExpanded 

func (p *EdwardsPoint) SetExpanded(expandedPoint *ExpandedEdwardsPoint) *EdwardsPoint

SetExpanded sets the Edwards point to the expanded point.

func (*EdwardsPoint) SetMontgomery 

func (p *EdwardsPoint) SetMontgomery(montgomeryU *MontgomeryPoint, sign uint8) (*EdwardsPoint, error)

SetMontgomery attempts to convert a MontgomeryPoint into an EdwardsPoint using the supplied choice of sign for the EdwardsPoint.

func (*EdwardsPoint) Sub 

func (p *EdwardsPoint) Sub(a, b *EdwardsPoint) *EdwardsPoint

Sub sets `p = a - b`, and returns p.

func (*EdwardsPoint) Sum 

func (p *EdwardsPoint) Sum(values []*EdwardsPoint) *EdwardsPoint

Sum sets p to the sum of values, and returns p.

func (*EdwardsPoint) TripleScalarMulBasepointVartime 

func (p *EdwardsPoint) TripleScalarMulBasepointVartime(a *scalar.Scalar, A *EdwardsPoint, b *scalar.Scalar, C *EdwardsPoint) *EdwardsPoint

TripleScalarMulBasepoint sets `p = [delta a]A + [delta b]B - [delta]C` in variable-time, where delta is a value invertible mod ell, which is selected internally to this method.

func (*EdwardsPoint) UnmarshalBinary 

func (p *EdwardsPoint) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a binary serialized Edwards point.

This function accepts non-canonical encodings, and rejects invalid points.

type ExpandedEdwardsPoint 

type ExpandedEdwardsPoint struct {
	// contains filtered or unexported fields
}

ExpandedEdwardsPoint is an Edwards point stored in an expanded representation for the purpose of accelerating scalar point multiply operations.

The default value is NOT valid and MUST only be used as a receiver.

func NewExpandedEdwardsPoint 

func NewExpandedEdwardsPoint(p *EdwardsPoint) *ExpandedEdwardsPoint

NewExpandedEdwardsPoint creates an expanded representation of an Edwards point.

func (*ExpandedEdwardsPoint) Point 

func (ep *ExpandedEdwardsPoint) Point() *EdwardsPoint

Point returns the Edwards point represented by the expanded point.

func (*ExpandedEdwardsPoint) SetEdwardsPoint 

func (ep *ExpandedEdwardsPoint) SetEdwardsPoint(p *EdwardsPoint) *ExpandedEdwardsPoint

SetEdwardsPoint sets the expanded point to the Edwards point.

type ExpandedRistrettoPoint 

type ExpandedRistrettoPoint struct {
	// contains filtered or unexported fields
}

ExpandedRistreetoPoint is a RistrettoPoint stored in an expanded representation for the purpose of accelerating scalar point multiply operations.

The default value is NOT valid and MUST only be used as a receiver.

func NewExpandedRistrettoPoint 

func NewExpandedRistrettoPoint(p *RistrettoPoint) *ExpandedRistrettoPoint

NewExpandedRistrettoPoint creates an expanded representation of a Ristretto point.

func (*ExpandedRistrettoPoint) Point 

func (ep *ExpandedRistrettoPoint) Point() *RistrettoPoint

Point returns the Ristretto point represented by the expanded point.

func (*ExpandedRistrettoPoint) SetRistrettoPoint 

func (ep *ExpandedRistrettoPoint) SetRistrettoPoint(p *RistrettoPoint) *ExpandedRistrettoPoint

SetExpandedRistrettoPoint sets the expanded point to the Ristretto point.

type MontgomeryPoint 

type MontgomeryPoint [MontgomeryPointSize]byte

MontgomeryPoint holds the u-coordinate of a point on the Montgomery form of Curve25519 or its twist.

func NewMontgomeryPoint 

func NewMontgomeryPoint() *MontgomeryPoint

NewMontgomeryPoint constructs a new Montgomery point.

func (*MontgomeryPoint) Equal 

func (p *MontgomeryPoint) Equal(other *MontgomeryPoint) int

Equal returns 1 iff the points are equal, 0 otherwise. This function will execute in constant-time.

func (*MontgomeryPoint) Mul 

func (p *MontgomeryPoint) Mul(point *MontgomeryPoint, scalar *scalar.Scalar) *MontgomeryPoint

Mul sets `p = point * scalar` in constant-time, and returns p.

func (*MontgomeryPoint) SetBytes 

func (p *MontgomeryPoint) SetBytes(in []byte) (*MontgomeryPoint, error)

SetBytes constructs a Montgomery u-coordinate from a byte representation.

func (*MontgomeryPoint) SetEdwards 

func (p *MontgomeryPoint) SetEdwards(edwardsPoint *EdwardsPoint) *MontgomeryPoint

SetEdwards converts an EdwardsPoint to a MontgomeryPoint.

This function has one exceptional case; the identity point of the edwards curve is set to the 2-torsion point (0, 0) on the Montgomery curve.

type RistrettoBasepointTable 

type RistrettoBasepointTable struct {
	// contains filtered or unexported fields
}

RistrettoBasepointTable defines a precomputed table of multiples of a basepoint, for accelerating fixed-based scalar multiplication.

func NewRistrettoBasepointTable 

func NewRistrettoBasepointTable(basepoint *RistrettoPoint) *RistrettoBasepointTable

NewRistrettoBasepointTable creates a table of precomputed multiples of `basepoint`.

func (*RistrettoBasepointTable) Basepoint 

func (tbl *RistrettoBasepointTable) Basepoint() *RistrettoPoint

Basepoint returns the basepoint of the table.

type RistrettoPoint 

type RistrettoPoint struct {
	// contains filtered or unexported fields
}

RistrettoPoint represents a point in the Ristretto group for Curve25519.

The default value is NOT valid and MUST only be used as a receiver.

func NewRistrettoPoint 

func NewRistrettoPoint() *RistrettoPoint

NewRistrettoPoint constructs a new Ristretto point set to the identity element.

func (*RistrettoPoint) Add 

func (p *RistrettoPoint) Add(a, b *RistrettoPoint) *RistrettoPoint

Add sets `p = a + b`, and returns p.

func (*RistrettoPoint) ConditionalSelect 

func (p *RistrettoPoint) ConditionalSelect(a, b *RistrettoPoint, choice int)

ConditionalSelect sets the point to a iff choice == 0 and b iff choice == 1.

func (*RistrettoPoint) DoubleScalarMulBasepointVartime 

func (p *RistrettoPoint) DoubleScalarMulBasepointVartime(a *scalar.Scalar, A *RistrettoPoint, b *scalar.Scalar) *RistrettoPoint

DoubleScalarMulBasepointVartime sets `p = (aA + bB)` in variable-time, where B is the Ristretto basepoint, and returns p.

func (*RistrettoPoint) Equal 

func (p *RistrettoPoint) Equal(other *RistrettoPoint) int

Equal returns 1 iff the points are equal, 0 otherwise. This function will execute in constant-time.

func (*RistrettoPoint) ExpandedDoubleScalarMulBasepointVartime 

func (p *RistrettoPoint) ExpandedDoubleScalarMulBasepointVartime(a *scalar.Scalar, A *ExpandedRistrettoPoint, b *scalar.Scalar) *RistrettoPoint

ExpandedDoubleScalarMulBasepointVartime sets `p = (aA + bB)` in variable-time, where B is the Ed25519 basepoint, and returns p.

func (*RistrettoPoint) ExpandedMultiscalarMulVartime 

func (p *RistrettoPoint) ExpandedMultiscalarMulVartime(staticScalars []*scalar.Scalar, staticPoints []*ExpandedRistrettoPoint, dynamicScalars []*scalar.Scalar, dynamicPoints []*RistrettoPoint) *RistrettoPoint

ExpandedMultiscalarMulVartime sets `p = staticScalars[0] * staticPoints[0] + ... + staticScalars[n] * staticPoints[n] + dynamicScalars[0] * dynamicPoints[0] + ... + dynamicScalars[n] * dynamicPoints[n]` in variable-time, and returns p.

WARNING: This function will panic if `len(staticScalars) != len(staticPoints)` or `len(dynamicScalars) != len(dynamicPoints)`.

func (*RistrettoPoint) ExpandedTripleScalarMulBasepointVartime 

func (p *RistrettoPoint) ExpandedTripleScalarMulBasepointVartime(a *scalar.Scalar, A *ExpandedRistrettoPoint, b *scalar.Scalar, C *RistrettoPoint) *RistrettoPoint

ExpandedTripleScalarMulBasepoint sets `p = [delta a]A + [delta b]B - [delta]C` in variable-time, where delta is a value invertible mod ell, which is selected internally to this method.

func (*RistrettoPoint) Identity 

func (p *RistrettoPoint) Identity() *RistrettoPoint

Identity sets the Ristretto point to the identity element.

func (*RistrettoPoint) IsIdentity 

func (p *RistrettoPoint) IsIdentity() bool

IsIdentity returns true iff the point is equivalent to the identity element of the curve.

func (*RistrettoPoint) MarshalBinary 

func (p *RistrettoPoint) MarshalBinary() ([]byte, error)

MarshalBinary encodes the Ristretto point into a binary form and returns the result.

func (*RistrettoPoint) Mul 

func (p *RistrettoPoint) Mul(point *RistrettoPoint, scalar *scalar.Scalar) *RistrettoPoint

Mul sets `p = point * scalar` in constant-time (variable-base scalar multiplication), and returns p.

func (*RistrettoPoint) MulBasepoint 

func (p *RistrettoPoint) MulBasepoint(basepoint *RistrettoBasepointTable, scalar *scalar.Scalar) *RistrettoPoint

MulBasepoint sets `p = basepoint * scalar` in constant-time, and returns p.

func (*RistrettoPoint) MultiscalarMul 

func (p *RistrettoPoint) MultiscalarMul(scalars []*scalar.Scalar, points []*RistrettoPoint) *RistrettoPoint

MultiscalarMul sets `p = scalars[0] * points[0] + ... scalars[n] * points[n]` in constant-time, and returns p.

WARNING: This function will panic if `len(scalars) != len(points)`.

func (*RistrettoPoint) MultiscalarMulVartime 

func (p *RistrettoPoint) MultiscalarMulVartime(scalars []*scalar.Scalar, points []*RistrettoPoint) *RistrettoPoint

MultiscalarMulVartime sets `p = scalars[0] * points[0] + ... scalars[n] * points[n]` in variable-time, and returns p.

WARNING: This function will panic if `len(scalars) != len(points)`.

func (*RistrettoPoint) Neg 

func (p *RistrettoPoint) Neg(t *RistrettoPoint) *RistrettoPoint

Neg sets `p = -t`, and returns p.

func (*RistrettoPoint) Set 

func (p *RistrettoPoint) Set(t *RistrettoPoint) *RistrettoPoint

Set sets `p = t`, and returns p.

func (*RistrettoPoint) SetCompressed 

func (p *RistrettoPoint) SetCompressed(compressed *CompressedRistretto) (*RistrettoPoint, error)

SetCompressed attempts to decompress a CompressedRistretto into a RistrettoPoint.

func (*RistrettoPoint) SetExpanded 

func (p *RistrettoPoint) SetExpanded(expandedPoint *ExpandedRistrettoPoint) *RistrettoPoint

SetExpanded sets the Ristretto point to the expanded point.

func (*RistrettoPoint) SetRandom 

func (p *RistrettoPoint) SetRandom(rng io.Reader) (*RistrettoPoint, error)

SetRandom sets the point to one chosen uniformly at random using entropy from the user-provided io.Reader. If rng is nil, the runtime library's entropy source will be used.

func (*RistrettoPoint) SetUniformBytes 

func (p *RistrettoPoint) SetUniformBytes(in []byte) (*RistrettoPoint, error)

SetUniformBytes sets the point to that from 64 bytes of random data. If the input bytes are uniformly distributed, the resulting point will be uniformly distributed over the group, and its discrete log with respect to other points should be unknown.

func (*RistrettoPoint) Sub 

func (p *RistrettoPoint) Sub(a, b *RistrettoPoint) *RistrettoPoint

Sub sets `p = a - b`, and returns p.

func (*RistrettoPoint) Sum 

func (p *RistrettoPoint) Sum(values []*RistrettoPoint) *RistrettoPoint

Sum sets p to the sum of values, and returns p.

func (*RistrettoPoint) TripleScalarMulBasepointVartime 

func (p *RistrettoPoint) TripleScalarMulBasepointVartime(a *scalar.Scalar, A *RistrettoPoint, b *scalar.Scalar, C *RistrettoPoint) *RistrettoPoint

TripleScalarMulBasepoint sets `p = [delta a]A + [delta b]B - [delta]C` in variable-time, where delta is a value invertible mod ell, which is selected internally to this method.

func (*RistrettoPoint) UnmarshalBinary 

func (p *RistrettoPoint) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a binary serialized Ristretto point.

Source Files

View all Source files

Directories

Path Synopsis
Package scalar implements arithmetic on scalars (integers mod the group order).
 Package scalar implements arithmetic on scalars (integers mod the group order).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.