Documentation
¶
Overview ¶
Package scalar implements arithmetic on scalars (integers mod the group order).
Index ¶
- Constants
- Variables
- func ScMinimalVartime(scalar []byte) bool
- func ToRadix2wSizeHint(w uint) uint
- type Scalar
- func (s *Scalar) Add(a, b *Scalar) *Scalar
- func (s *Scalar) BatchInvert(inputs []*Scalar) *Scalar
- func (s *Scalar) Bits() [8 * ScalarSize]byte
- func (s *Scalar) ConditionalSelect(a, b *Scalar, choice int)
- func (s *Scalar) Equal(t *Scalar) int
- func (s *Scalar) Invert(t *Scalar) *Scalar
- func (s *Scalar) IsCanonical() bool
- func (s *Scalar) MarshalBinary() ([]byte, error)
- func (s *Scalar) Mul(a, b *Scalar) *Scalar
- func (s *Scalar) Neg(t *Scalar) *Scalar
- func (s *Scalar) NonAdjacentForm(w uint) [256]int8
- func (s *Scalar) One() *Scalar
- func (s *Scalar) Product(values []*Scalar) *Scalar
- func (s *Scalar) Reduce(t *Scalar) *Scalar
- func (s *Scalar) Set(t *Scalar) *Scalar
- func (s *Scalar) SetBits(in []byte) (*Scalar, error)
- func (s *Scalar) SetBytesModOrder(in []byte) (*Scalar, error)
- func (s *Scalar) SetBytesModOrderWide(in []byte) (*Scalar, error)
- func (s *Scalar) SetCanonicalBytes(in []byte) (*Scalar, error)
- func (s *Scalar) SetRandom(rng io.Reader) (*Scalar, error)
- func (s *Scalar) SetUint64(x uint64) *Scalar
- func (s *Scalar) Sub(a, b *Scalar) *Scalar
- func (s *Scalar) Sum(values []*Scalar) *Scalar
- func (s *Scalar) ToBytes(out []byte) error
- func (s *Scalar) ToRadix16() [64]int8
- func (s *Scalar) ToRadix2w(w uint) [43]int8
- func (s *Scalar) UnmarshalBinary(data []byte) error
- func (s *Scalar) Zero() *Scalar
Constants ¶
const ( // ScalarSize is the size of a scalar in bytes. ScalarSize = 32 // ScalarWideSize is the size of a wide scalar in bytes. ScalarWideSize = 64 )
Variables ¶
var ( // BASEPOINT_ORDER is the order of the Ed25519 basepoint and the Ristretto // group. BASEPOINT_ORDER = func() *Scalar { s, err := NewFromBits([]byte{ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, }) if err != nil { panic("curve/scalar: failed to define basepoint order constant: " + err.Error()) } return s }() )
Functions ¶
func ScMinimalVartime ¶
ScMinimalVartime returns true if the given byte-encoded scalar is less than the order of the curve, in variable-time.
This method is intended for verification applications, and is significantly faster than deserializing the scalar and calling IsCanonical.
func ToRadix2wSizeHint ¶
ToRadix2wSizeHint returns a size hint indicating how many entries of the return value of ToRadix2w are nonzero.
Types ¶
type Scalar ¶
type Scalar struct {
disalloweq.DisallowEqual //nolint:unused
// contains filtered or unexported fields
}
Scalar holds an integer s < 2^255 which represents an element of Z/L.
func NewFromBits ¶
NewFromBits constructs a scalar from the low 255 bits of a 256-bit integer.
This function is intended for applications like X25519 which require specific bit-patterns when performing scalar multiplication.
func NewFromBytesModOrder ¶
NewFromBytesModOrder constructs a scalar by reducing a 256-bit little-endian integer modulo the group order L.
func NewFromBytesModOrderWide ¶
NewFromBytesModOrderWide constructs a scalar by reducing a 512-bit little-endian integer modulo the group order L.
func NewFromCanonicalBytes ¶
NewFromCanonicalBytes attempts to construct a scalar from a canoical byte representation.
func NewFromUint64 ¶
NewFromUint64 returns a scalar set to the given uint64.
func (*Scalar) BatchInvert ¶
BatchInvert computes the inverses of slice of `Scalar`s in a batch, and sets s to the product of all inverses, and returns s. Each element of the input slice is replaced by its inverse.
WARNING: The input scalars MUST be nonzero. If you cannot prove that this is the case you MUST not use this function.
func (*Scalar) Bits ¶
func (s *Scalar) Bits() [8 * ScalarSize]byte
Bits gets the bits of the scalar.
func (*Scalar) ConditionalSelect ¶
ConditionalSelect sets s to a iff choice == 0 and b iff choice == 1.
func (*Scalar) Equal ¶
Equal returns 1 iff the s and t are equal, 0 otherwise. This function will execute in constant-time.
func (*Scalar) Invert ¶
Invert sets s to the multiplicative inverse of the nonzero scalar t, and returns s.
WARNING: The scalar MUST be nonzero. If you cannot prove that this is the case you MUST not use this function.
func (*Scalar) IsCanonical ¶
IsCanonical checks if this scalar is the canonical representative mod L.
This is intended for uses like input validation, where variable-time code is acceptable.
func (*Scalar) MarshalBinary ¶
MarshalBinary encodes the scalar into a binary form and returns the result.
func (*Scalar) NonAdjacentForm ¶
NonAdjacentForm returns a width-w "Non-Adjacent Form" of this scalar.
func (*Scalar) SetBits ¶
SetBits constructs a scalar from the low 255 bits of a 256-bit integer.
This function is intended for applications like X25519 which require specific bit-patterns when performing scalar multiplication.
func (*Scalar) SetBytesModOrder ¶
SetBytesModOrder sets s to the scalar constructed by reducing a 256-bit little-endian integer modulo the group order L.
func (*Scalar) SetBytesModOrderWide ¶
SetBytesModOrderWide sets s to the scalar constructed by reducing a 512-bit little-endian integer modulo the group order L.
func (*Scalar) SetCanonicalBytes ¶
SetCanonicalBytes sets s from a canonical byte representation.
func (*Scalar) SetRandom ¶
SetRandom sets s to a scalar chosen uniformly at random using entropy from the user-provided io.Reader. If rng is nil, the runtime library's entropy source will be used.
func (*Scalar) UnmarshalBinary ¶
UnmarshalBinary decodes a binary serialized scalar.
Source Files