go-sike/p503/types.go

123 lines
3.2 KiB
Go
Raw Permalink Normal View History

2019-05-17 20:40:22 +01:00
package sike
// I keep it bool in order to be able to apply logical NOT
type KeyVariant uint
// Representation of an element of the base field F_p.
//
// No particular meaning is assigned to the representation -- it could represent
// an element in Montgomery form, or not. Tracking the meaning of the field
// element is left to higher types.
type Fp [FP_WORDS]uint64
// Represents an intermediate product of two elements of the base field F_p.
type FpX2 [2 * FP_WORDS]uint64
// Represents an element of the extended field Fp^2 = Fp(x+i)
type Fp2 struct {
A Fp
B Fp
}
type DomainParams struct {
// P, Q and R=P-Q base points
Affine_P, Affine_Q, Affine_R Fp2
// Size of a compuatation strategy for x-torsion group
IsogenyStrategy []uint32
// Max size of secret key for x-torsion group
SecretBitLen uint
// Max size of secret key for x-torsion group
SecretByteLen uint
}
type SidhParams struct {
Id uint8
// Bytelen of P
Bytelen int
// The public key size, in bytes.
PublicKeySize int
// The shared secret size, in bytes.
SharedSecretSize int
2019-06-25 18:21:00 +01:00
// Defines A,C constant for starting curve Cy^2 = x^3 + Ax^2 + x
InitCurve ProjectiveCurveParameters
2019-05-17 20:40:22 +01:00
// 2- and 3-torsion group parameter definitions
A, B DomainParams
// Precomputed 1/2 in the Fp2 in Montgomery domain
HalfFp2 Fp2
2019-06-25 18:21:00 +01:00
// Precomputed identity element in the Fp2 in Montgomery domain
OneFp2 Fp2
2019-05-17 20:40:22 +01:00
// Length of SIKE secret message. Must be one of {24,32,40},
// depending on size of prime field used (see [SIKE], 1.4 and 5.1)
MsgLen int
// Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1)
KemSize int
// Size of a ciphertext returned by encapsulation in bytes
CiphertextSize int
}
// Stores curve projective parameters equivalent to A/C. Meaning of the
// values depends on the context. When working with isogenies over
// subgroup that are powers of:
// * three then (A:C) ~ (A+2C:A-2C)
// * four then (A:C) ~ (A+2C: 4C)
// See Appendix A of SIKE for more details
type CurveCoefficientsEquiv struct {
A Fp2
C Fp2
}
// A point on the projective line P^1(F_{p^2}).
//
// This represents a point on the Kummer line of a Montgomery curve. The
// curve is specified by a ProjectiveCurveParameters struct.
type ProjectivePoint struct {
X Fp2
Z Fp2
}
// Base type for public and private key. Used mainly to carry domain
// parameters.
type key struct {
// Domain parameters of the algorithm to be used with a key
params *SidhParams
// Flag indicates wether corresponds to 2-, 3-torsion group or SIKE
keyVariant KeyVariant
}
// Defines operations on private key
type PrivateKey struct {
key
// Secret key
Scalar []byte
// Used only by KEM
S []byte
}
// Defines operations on public key
type PublicKey struct {
key
affine_xP Fp2
affine_xQ Fp2
affine_xQmP Fp2
}
// A point on the projective line P^1(F_{p^2}).
//
// This is used to work projectively with the curve coefficients.
type ProjectiveCurveParameters struct {
A Fp2
C Fp2
}
const (
// First 2 bits identify SIDH variant third bit indicates
// wether key is a SIKE variant (set) or SIDH (not set)
// 001 - SIDH: corresponds to 2-torsion group
KeyVariant_SIDH_A KeyVariant = 1 << 0
// 010 - SIDH: corresponds to 3-torsion group
KeyVariant_SIDH_B = 1 << 1
// 110 - SIKE
KeyVariant_SIKE = 1<<2 | KeyVariant_SIDH_B
)