README
¶
siec
Super-Isolated Elliptic Curve Implementation in Go
This package exports a super-isolated elliptic curve. Over the base field 𝔽ₚ, the curve E does not admit any isogenies to other curves.
We can verify the curve properties in Sage.
K.<isqrt3> = QuadraticField(-3)
pi = 2^127 + 2^25 + 2^12 + 2^6 + (1 - isqrt3)/2
p = ZZ(pi.norm())
N = ZZ((pi-1).norm())
E = EllipticCurve(GF(p),[0,19]) # E: y^2 = x^3 + 19
G = E([5,12])
# p is a 255 bit prime with hamming weight 14
assert p.is_prime()
assert len(p.bits()) == 255
assert sum(p.bits()) == 14
# N is a 255 bit prime
assert N.is_prime()
assert len(N.bits()) == 255
# E has N points
assert E.count_points() == N
# The Frobenius endomorphism on E satisfies the same minimal polynomial as pi
assert E.frobenius_polynomial() == pi.minpoly()
# pi generates a maximal order
assert K.order([pi]).is_maximal()
# K has class number 1
assert K.class_number() == 1
# Examples of order 6 endomorphisms
assert E([28948022309329048855892746252183396360433790236562615305258360005404201062400*G[0],-G[1]]) == 170141183460469231731687303715917664320*G
assert 170141183460469231731687303715917664320^3 % N == N-1
Documentation
¶
Index ¶
- type SIEC255Params
- func (curve *SIEC255Params) Add(x1, y1, x2, y2 *big.Int) (x3, y3 *big.Int)
- func (curve *SIEC255Params) Compress(x, y *big.Int) (c [32]byte)
- func (curve *SIEC255Params) Decompress(c [32]byte) (x, y *big.Int)
- func (curve *SIEC255Params) Double(x1, y1 *big.Int) (x3, y3 *big.Int)
- func (curve *SIEC255Params) GenerateKey(rand io.Reader) (k []byte, x, y *big.Int, err error)
- func (curve *SIEC255Params) IsOnCurve(x, y *big.Int) bool
- func (curve *SIEC255Params) Params() *SIEC255Params
- func (curve *SIEC255Params) ScalarBaseMult(k []byte) (x, y *big.Int)
- func (curve *SIEC255Params) ScalarMult(x1, y1 *big.Int, k []byte) (x, y *big.Int)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SIEC255Params ¶
type SIEC255Params struct {
P *big.Int // the order of the underlying field
N *big.Int // the order of the base point
A *big.Int // the other constant of the curve equation
B *big.Int // the constant of the curve equation
Gx, Gy *big.Int // (x,y) of the base point
BitSize int // the size of the underlying field
Name string // the canonical name of the curve
}
SIEC255Params contains the parameters of an elliptic curve and also provides a generic, non-constant time implementation of Curve.
func (*SIEC255Params) Add ¶
func (curve *SIEC255Params) Add(x1, y1, x2, y2 *big.Int) (x3, y3 *big.Int)
Add returns the sum of (x1,y1) and (x2,y2)
func (*SIEC255Params) Compress ¶
func (curve *SIEC255Params) Compress(x, y *big.Int) (c [32]byte)
Compress compresses a point down to 32 bytes. The first 31 bytes (index 0,1,2, and most of 3) represent the x coordinate (little endian). The last bit of the fourth byte is the parity of the y coordinate.
func (*SIEC255Params) Decompress ¶
func (curve *SIEC255Params) Decompress(c [32]byte) (x, y *big.Int)
Decompress uncompresses a point and returns an actual (x,y) pair.
func (*SIEC255Params) Double ¶
func (curve *SIEC255Params) Double(x1, y1 *big.Int) (x3, y3 *big.Int)
Double returns 2*(x,y)
func (*SIEC255Params) GenerateKey ¶
GenerateKey returns a public/private key pair. The private key is generated using the given reader, which must return random data. This is copied from https://golang.org/src/crypto/elliptic/elliptic.go?s=7368:7453#L266
func (*SIEC255Params) IsOnCurve ¶
func (curve *SIEC255Params) IsOnCurve(x, y *big.Int) bool
IsOnCurve reports whether the given (x,y) lies on the curve.
func (*SIEC255Params) Params ¶
func (curve *SIEC255Params) Params() *SIEC255Params
Params returns the parameters for the curve.
func (*SIEC255Params) ScalarBaseMult ¶
func (curve *SIEC255Params) ScalarBaseMult(k []byte) (x, y *big.Int)
ScalarBaseMult returns k*G, where G is the base point of the group and k is an integer in big-endian form.
func (*SIEC255Params) ScalarMult ¶
ScalarMult returns k*(Bx,By) where k is a number in big-endian form.
Source Files
Directories