Private key generation can take advantage of the fact that keyspace for
secret key is (0, 2^x - 1), for some possitivite value of 'x' (see SIKE,
1.3.8). It means that all bytes in the secret key, but the last one, can
take any value between <0x00,0xFF>. Similarily for the last byte, but
generation needs to chop off some bits, to make sure generated value is
an element of a key-space.
Assuming uniform distribution of bytes generated by RNG, secret key is
still chosen uniformly at random, but there is no need to maintain field
specific assembly code.
It makes a little bit more sense to have GeneratePublicKey as a method
of PrivateKey. In this case code doesn't need to check if caller
provided pointer is nil. Object was created by NewPrivateKey(), so it
code can assume object was correctly initialized.
The old GeneratePublicKey was returning an error when caller provided
pointer was nil. As this possibility is now removed, method doesn't
return error anymore.
* implements SIKE specified here:
http://www.sike.org/files/SIDH-spec.pdf
* methods for both - KEM and PKE - are added
* adds SIKE specific key variant
* tests: known answer tests for sike
* uses cSHKAE from nobs-crypto