edwards25519 – filippo.io/edwards25519 Index | Files

package edwards25519

import "filippo.io/edwards25519"

Package edwards25519 implements group logic for the twisted Edwards curve 

-x^2 + y^2 = 1 + -(121665/121666)*x^2*y^2

This is better known as the Edwards curve equivalent to Curve25519, and is the curve used by the Ed25519 signature scheme.

Most users don't need this package, and should instead use crypto/ed25519 for signatures, golang.org/x/crypto/curve25519 for Diffie-Hellman, or github.com/gtank/ristretto255 for prime order group logic. However, for anyone currently using a fork of crypto/ed25519/internal/edwards25519 or github.com/agl/edwards25519, this package should be a safer, faster, and more powerful alternative.

Index

Types

type Point 

type Point struct {
	// contains filtered or unexported fields
}

Point represents a point on the edwards25519 curve.

This type works similarly to math/big.Int, and all arguments and receivers are allowed to alias.

The zero value is NOT valid, and it may be used only as a receiver.

func NewGeneratorPoint 

func NewGeneratorPoint() *Point

NewGeneratorPoint returns a new Point set to the canonical generator.

func NewIdentityPoint 

func NewIdentityPoint() *Point

NewIdentityPoint returns a new Point set to the identity.

func (*Point) Add 

func (v *Point) Add(p, q *Point) *Point

Add sets v = p + q, and returns v.

func (*Point) Equal 

func (v *Point) Equal(u *Point) int

Equal returns 1 if v is equivalent to u, and 0 otherwise.

func (*Point) MultiScalarMult 

func (v *Point) MultiScalarMult(scalars []*Scalar, points []*Point) *Point

MultiScalarMult sets v = sum(scalars[i] * points[i]), and returns v.

Execution time depends only on the lengths of the two slices, which must match.

func (*Point) Negate 

func (v *Point) Negate(p *Point) *Point

Negate sets v = -p, and returns v.

func (*Point) ScalarBaseMult 

func (v *Point) ScalarBaseMult(x *Scalar) *Point

ScalarBaseMult sets v = x * B, and returns v.

The scalar multiplication is done in constant time.

func (*Point) ScalarMult 

func (v *Point) ScalarMult(x *Scalar, q *Point) *Point

ScalarMult sets v = x * q, and returns v.

The scalar multiplication is done in constant time.

func (*Point) Set 

func (v *Point) Set(u *Point) *Point

Set sets v = u, and returns v.

func (*Point) Subtract 

func (v *Point) Subtract(p, q *Point) *Point

Subtract sets v = p - q, and returns v.

func (*Point) VarTimeDoubleScalarBaseMult 

func (v *Point) VarTimeDoubleScalarBaseMult(a *Scalar, A *Point, b *Scalar) *Point

VarTimeDoubleScalarBaseMult sets v = a * A + b * B, and returns v.

Execution time depends on the inputs.

func (*Point) VarTimeMultiScalarMult 

func (v *Point) VarTimeMultiScalarMult(scalars []*Scalar, points []*Point) *Point

VarTimeMultiScalarMult sets v = sum(scalars[i] * points[i]), and returns v.

Execution time depends on the inputs.

type Scalar 

type Scalar struct {
	// contains filtered or unexported fields
}

A Scalar is an integer modulo 

l = 2^252 + 27742317777372353535851937790883648493

which is the prime order of the edwards25519 group.

This type works similarly to math/big.Int, and all arguments and receivers are allowed to alias.

The zero value is a valid zero element.

func NewScalar 

func NewScalar() *Scalar

NewScalar returns a new zero Scalar.

func (*Scalar) Add 

func (s *Scalar) Add(x, y *Scalar) *Scalar

Add sets s = x + y mod l, and returns s.

func (*Scalar) Bytes 

func (s *Scalar) Bytes() []byte

Bytes returns the canonical 32 bytes little-endian encoding of s.

func (*Scalar) Equal 

func (s *Scalar) Equal(t *Scalar) int

Equal returns 1 if s and t are equal, and 0 otherwise.

func (*Scalar) Invert 

func (s *Scalar) Invert(t *Scalar) *Scalar

Invert sets s to the inverse of a nonzero scalar v, and returns s.

If t is zero, Invert will panic.

func (*Scalar) Multiply 

func (s *Scalar) Multiply(x, y *Scalar) *Scalar

Multiply sets s = x * y mod l, and returns s.

func (*Scalar) Negate 

func (s *Scalar) Negate(x *Scalar) *Scalar

Negate sets s = -x mod l, and returns s.

func (*Scalar) Set 

func (s *Scalar) Set(x *Scalar) *Scalar

Set sets s = x, and returns s.

func (*Scalar) SetBytesWithClamping 

func (s *Scalar) SetBytesWithClamping(x []byte) *Scalar

SetBytesWithClamping applies the buffer pruning described in RFC 8032, Section 5.1.5 (also known as clamping) and sets s to the result. The input must be 32 bytes, and it is not modified.

Note that since Scalar values are always reduced modulo the prime order of the curve, the resulting value will not preserve any of the cofactor-clearing properties that clamping is meant to provide. It will however work as expected as long as it is applied to points on the prime order subgroup, like in Ed25519. In fact, it is lost to history why RFC 8032 adopted the irrelevant RFC 7748 clamping, but it is now required for compatibility.

func (*Scalar) SetCanonicalBytes 

func (s *Scalar) SetCanonicalBytes(x []byte) error

SetCanonicalBytes sets s = x, where x is a 32 bytes little-endian encoding of s. If x is not a canonical encoding of s, SetCanonicalBytes returns an error and the receiver is unchanged.

func (*Scalar) SetUniformBytes 

func (s *Scalar) SetUniformBytes(x []byte) *Scalar

SetUniformBytes sets s to an uniformly distributed value given 64 uniformly distributed random bytes.

func (*Scalar) Subtract 

func (s *Scalar) Subtract(x, y *Scalar) *Scalar

Subtract sets s = x - y mod l, and returns s.

Source Files

edwards25519.go fe.go fe_generic.go fe_mul_bits.go fe_noasm.go scalar.go scalarmult.go table_constants.go tables.go

Version
v1.0.0-alpha.1
Published
Nov 23, 2020
Platform
js/wasm
Imports
4 packages
Last checked
now

Tools for package owners.