kris
/
SIDH_p751
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
122 Commits
14 Ramas
653 KiB
 
 
 
Árbol: 2f9b10c0f0
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '2f9b10c0f0'
${ noResults }
SIDH_p751/internal/isogeny/types.go

143 líneas
4.2 KiB
Original Blame Histórico 

  1. package internal

  2. 

  3. const (

  4.     FP_MAX_WORDS = 12 // Currently p751.NumWords

  5. )

  6. 

  7. // I keep it bool in order to be able to apply logical NOT

  8. type KeyVariant uint

  9. type PrimeFieldId uint

  10. 

  11. // Representation of an element of the base field F_p.

  12. //

  13. // No particular meaning is assigned to the representation -- it could represent

  14. // an element in Montgomery form, or not.  Tracking the meaning of the field

  15. // element is left to higher types.

  16. type FpElement [FP_MAX_WORDS]uint64

  17. // Represents an intermediate product of two elements of the base field F_p.

  18. type FpElementX2 [2 * FP_MAX_WORDS]uint64

  19. // Represents an element of the extended field Fp^2 = Fp(x+i)

  20. type Fp2Element struct {

  21.     A FpElement

  22.     B FpElement

  23. }

  24. 

  25. type DomainParams struct {

  26.     // P, Q and R=P-Q base points

  27.     Affine_P, Affine_Q, Affine_R Fp2Element

  28.     // Size of a compuatation strategy for x-torsion group

  29.     IsogenyStrategy []uint32

  30.     // Max size of secret key for x-torsion group

  31.     SecretBitLen uint

  32.     // Max size of secret key for x-torsion group

  33.     SecretByteLen uint

  34. }

  35. 

  36. type SidhParams struct {

  37.     Id PrimeFieldId

  38.     // Bytelen of P

  39.     Bytelen int

  40.     // The public key size, in bytes.

  41.     PublicKeySize int

  42.     // The shared secret size, in bytes.

  43.     SharedSecretSize uint

  44.     // 2- and 3-torsion group parameter definitions

  45.     A, B DomainParams

  46.     // Precomputed identity element in the Fp2 in Montgomery domain

  47.     OneFp2 Fp2Element

  48.     // Precomputed 1/2 in the Fp2 in Montgomery domain

  49.     HalfFp2 Fp2Element

  50.     // Length of SIKE secret message. Must be one of {24,32,40},

  51.     // depending on size of prime field used (see [SIKE], 1.4 and 5.1)

  52.     MsgLen uint

  53.     // Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1)

  54.     KemSize uint

  55.     // Access to field arithmetic

  56.     Op FieldOps

  57. }

  58. 

  59. // Interface for working with isogenies.

  60. type Isogeny interface {

  61.     // Given a torsion point on a curve computes isogenous curve.

  62.     // Returns curve coefficients (A:C), so that E_(A/C) = E_(A/C)/<P>,

  63.     // where P is a provided projective point. Sets also isogeny constants

  64.     // that are needed for isogeny evaluation.

  65.     GenerateCurve(*ProjectivePoint) CurveCoefficientsEquiv

  66.     // Evaluates isogeny at caller provided point. Requires isogeny curve constants

  67.     // to be earlier computed by GenerateCurve.

  68.     EvaluatePoint(*ProjectivePoint) ProjectivePoint

  69. }

  70. 

  71. // Stores curve projective parameters equivalent to A/C. Meaning of the

  72. // values depends on the context. When working with isogenies over

  73. // subgroup that are powers of:

  74. // * three then  (A:C) ~ (A+2C:A-2C)

  75. // * four then   (A:C) ~ (A+2C:  4C)

  76. // See Appendix A of SIKE for more details

  77. type CurveCoefficientsEquiv struct {

  78.     A Fp2Element

  79.     C Fp2Element

  80. }

  81. 

  82. // A point on the projective line P^1(F_{p^2}).

  83. //

  84. // This represents a point on the Kummer line of a Montgomery curve.  The

  85. // curve is specified by a ProjectiveCurveParameters struct.

  86. type ProjectivePoint struct {

  87.     X Fp2Element

  88.     Z Fp2Element

  89. }

  90. 

  91. // A point on the projective line P^1(F_{p^2}).

  92. //

  93. // This is used to work projectively with the curve coefficients.

  94. type ProjectiveCurveParameters struct {

  95.     A Fp2Element

  96.     C Fp2Element

  97. }

  98. 

  99. // Stores Isogeny 3 curve constants

  100. type isogeny3 struct {

  101.     Field FieldOps

  102.     K1 Fp2Element

  103.     K2 Fp2Element

  104. }

  105. 

  106. // Stores Isogeny 4 curve constants

  107. type isogeny4 struct {

  108.     isogeny3

  109.     K3 Fp2Element

  110. }

  111. 

  112. type FieldOps interface {

  113.     // Set res = lhs + rhs.

  114.     //

  115.     // Allowed to overlap lhs or rhs with res.

  116.     Add(res, lhs, rhs *Fp2Element)

  117. 

  118.     // Set res = lhs - rhs.

  119.     //

  120.     // Allowed to overlap lhs or rhs with res.

  121.     Sub(res, lhs, rhs *Fp2Element)

  122. 

  123.     // Set res = lhs * rhs.

  124.     //

  125.     // Allowed to overlap lhs or rhs with res.

  126.     Mul(res, lhs, rhs *Fp2Element)

  127.     // Set res = x * x

  128.     //

  129.     // Allowed to overlap res with x.

  130.     Square(res, x *Fp2Element)

  131.     // Set res = 1/x

  132.     //

  133.     // Allowed to overlap res with x.

  134.     Inv(res, x *Fp2Element)

  135.     // If choice = 1u8, set (x,y) = (y,x). If choice = 0u8, set (x,y) = (x,y).

  136.     CondSwap(xPx, xPz, xQx, xQz *Fp2Element, choice uint8)

  137.     // Converts Fp2Element to Montgomery domain (x*R mod p)

  138.     ToMontgomery(x *Fp2Element)

  139.     // Converts 'a' in montgomery domain to element from Fp2Element

  140.     // and stores it in 'x'

  141.     FromMontgomery(x *Fp2Element, a *Fp2Element)

  142. }