go-sike/p434/types.go

package sike

// I keep it bool in order to be able to apply logical NOT
type KeyVariant uint

// Representation of an element of the base field F_p.
//
// No particular meaning is assigned to the representation -- it could represent
// an element in Montgomery form, or not.  Tracking the meaning of the field
// element is left to higher types.
type Fp [FP_WORDS]uint64

// Represents an intermediate product of two elements of the base field F_p.
type FpX2 [2 * FP_WORDS]uint64

// Represents an element of the extended field Fp^2 = Fp(x+i)
type Fp2 struct {
	A Fp
	B Fp
}

type DomainParams struct {
	// P, Q and R=P-Q base points
	Affine_P, Affine_Q, Affine_R Fp2
	// Size of a compuatation strategy for x-torsion group
	IsogenyStrategy []uint32
	// Max size of secret key for x-torsion group
	SecretBitLen uint
	// Max size of secret key for x-torsion group
	SecretByteLen uint
}

type SidhParams struct {
	Id uint8
	// Bytelen of P
	Bytelen int
	// The public key size, in bytes.
	PublicKeySize int
	// The shared secret size, in bytes.
	SharedSecretSize int
	// Defines A,C constant for starting curve Cy^2 = x^3 + Ax^2 + x
	InitCurve ProjectiveCurveParameters
	// 2- and 3-torsion group parameter definitions
	A, B DomainParams
	// Precomputed 1/2 in the Fp2 in Montgomery domain
	HalfFp2 Fp2
	// Precomputed identity element in the Fp2 in Montgomery domain
	OneFp2 Fp2
	// Length of SIKE secret message. Must be one of {24,32,40},
	// depending on size of prime field used (see [SIKE], 1.4 and 5.1)
	MsgLen int
	// Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1)
	KemSize int
	// Size of a ciphertext returned by encapsulation in bytes
	CiphertextSize int
}

// Stores curve projective parameters equivalent to A/C. Meaning of the
// values depends on the context. When working with isogenies over
// subgroup that are powers of:
// * three then  (A:C) ~ (A+2C:A-2C)
// * four then   (A:C) ~ (A+2C:  4C)
// See Appendix A of SIKE for more details
type CurveCoefficientsEquiv struct {
	A Fp2
	C Fp2
}

// A point on the projective line P^1(F_{p^2}).
//
// This represents a point on the Kummer line of a Montgomery curve.  The
// curve is specified by a ProjectiveCurveParameters struct.
type ProjectivePoint struct {
	X Fp2
	Z Fp2
}

// Base type for public and private key. Used mainly to carry domain
// parameters.
type key struct {
	// Domain parameters of the algorithm to be used with a key
	params *SidhParams
	// Flag indicates wether corresponds to 2-, 3-torsion group or SIKE
	keyVariant KeyVariant
}

// Defines operations on private key
type PrivateKey struct {
	key
	// Secret key
	Scalar []byte
	// Used only by KEM
	S []byte
}

// Defines operations on public key
type PublicKey struct {
	key
	affine_xP   Fp2
	affine_xQ   Fp2
	affine_xQmP Fp2
}

// A point on the projective line P^1(F_{p^2}).
//
// This is used to work projectively with the curve coefficients.
type ProjectiveCurveParameters struct {
	A Fp2
	C Fp2
}

const (
	// First 2 bits identify SIDH variant third bit indicates
	// wether key is a SIKE variant (set) or SIDH (not set)

	// 001 - SIDH: corresponds to 2-torsion group
	KeyVariant_SIDH_A KeyVariant = 1 << 0
	// 010 - SIDH: corresponds to 3-torsion group
	KeyVariant_SIDH_B = 1 << 1
	// 110 - SIKE
	KeyVariant_SIKE = 1<<2 | KeyVariant_SIDH_B
)
Implementation of P434 2019-06-27 14:38:14 +01:00			`package sike`

			`// I keep it bool in order to be able to apply logical NOT`
			`type KeyVariant uint`

			`// Representation of an element of the base field F_p.`
			`//`
			`// No particular meaning is assigned to the representation -- it could represent`
			`// an element in Montgomery form, or not. Tracking the meaning of the field`
			`// element is left to higher types.`
			`type Fp [FP_WORDS]uint64`

			`// Represents an intermediate product of two elements of the base field F_p.`
			`type FpX2 [2 * FP_WORDS]uint64`

			`// Represents an element of the extended field Fp^2 = Fp(x+i)`
			`type Fp2 struct {`
			`A Fp`
			`B Fp`
			`}`

			`type DomainParams struct {`
			`// P, Q and R=P-Q base points`
			`Affine_P, Affine_Q, Affine_R Fp2`
			`// Size of a compuatation strategy for x-torsion group`
			`IsogenyStrategy []uint32`
			`// Max size of secret key for x-torsion group`
			`SecretBitLen uint`
			`// Max size of secret key for x-torsion group`
			`SecretByteLen uint`
			`}`

			`type SidhParams struct {`
			`Id uint8`
			`// Bytelen of P`
			`Bytelen int`
			`// The public key size, in bytes.`
			`PublicKeySize int`
			`// The shared secret size, in bytes.`
			`SharedSecretSize int`
			`// Defines A,C constant for starting curve Cy^2 = x^3 + Ax^2 + x`
			`InitCurve ProjectiveCurveParameters`
			`// 2- and 3-torsion group parameter definitions`
			`A, B DomainParams`
			`// Precomputed 1/2 in the Fp2 in Montgomery domain`
			`HalfFp2 Fp2`
			`// Precomputed identity element in the Fp2 in Montgomery domain`
			`OneFp2 Fp2`
			`// Length of SIKE secret message. Must be one of {24,32,40},`
			`// depending on size of prime field used (see [SIKE], 1.4 and 5.1)`
			`MsgLen int`
			`// Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1)`
			`KemSize int`
			`// Size of a ciphertext returned by encapsulation in bytes`
			`CiphertextSize int`
			`}`

			`// Stores curve projective parameters equivalent to A/C. Meaning of the`
			`// values depends on the context. When working with isogenies over`
			`// subgroup that are powers of:`
			`// * three then (A:C) ~ (A+2C:A-2C)`
			`// * four then (A:C) ~ (A+2C: 4C)`
			`// See Appendix A of SIKE for more details`
			`type CurveCoefficientsEquiv struct {`
			`A Fp2`
			`C Fp2`
			`}`

			`// A point on the projective line P^1(F_{p^2}).`
			`//`
			`// This represents a point on the Kummer line of a Montgomery curve. The`
			`// curve is specified by a ProjectiveCurveParameters struct.`
			`type ProjectivePoint struct {`
			`X Fp2`
			`Z Fp2`
			`}`

			`// Base type for public and private key. Used mainly to carry domain`
			`// parameters.`
			`type key struct {`
			`// Domain parameters of the algorithm to be used with a key`
			`params *SidhParams`
			`// Flag indicates wether corresponds to 2-, 3-torsion group or SIKE`
			`keyVariant KeyVariant`
			`}`

			`// Defines operations on private key`
			`type PrivateKey struct {`
			`key`
			`// Secret key`
			`Scalar []byte`
			`// Used only by KEM`
			`S []byte`
			`}`

			`// Defines operations on public key`
			`type PublicKey struct {`
			`key`
			`affine_xP Fp2`
			`affine_xQ Fp2`
			`affine_xQmP Fp2`
			`}`

			`// A point on the projective line P^1(F_{p^2}).`
			`//`
			`// This is used to work projectively with the curve coefficients.`
			`type ProjectiveCurveParameters struct {`
			`A Fp2`
			`C Fp2`
			`}`

			`const (`
			`// First 2 bits identify SIDH variant third bit indicates`
			`// wether key is a SIKE variant (set) or SIDH (not set)`

			`// 001 - SIDH: corresponds to 2-torsion group`
			`KeyVariant_SIDH_A KeyVariant = 1 << 0`
			`// 010 - SIDH: corresponds to 3-torsion group`
			`KeyVariant_SIDH_B = 1 << 1`
			`// 110 - SIKE`
			`KeyVariant_SIKE = 1<<2 \| KeyVariant_SIDH_B`
			`)`