|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 |
- package sike
-
- // I keep it bool in order to be able to apply logical NOT
- type KeyVariant uint
-
- // Representation of an element of the base field F_p.
- //
- // No particular meaning is assigned to the representation -- it could represent
- // an element in Montgomery form, or not. Tracking the meaning of the field
- // element is left to higher types.
- type Fp [FP_WORDS]uint64
-
- // Represents an intermediate product of two elements of the base field F_p.
- type FpX2 [2 * FP_WORDS]uint64
-
- // Represents an element of the extended field Fp^2 = Fp(x+i)
- type Fp2 struct {
- A Fp
- B Fp
- }
-
- type DomainParams struct {
- // P, Q and R=P-Q base points
- Affine_P, Affine_Q, Affine_R Fp2
- // Size of a compuatation strategy for x-torsion group
- IsogenyStrategy []uint32
- // Max size of secret key for x-torsion group
- SecretBitLen uint
- // Max size of secret key for x-torsion group
- SecretByteLen uint
- }
-
- type SidhParams struct {
- Id uint8
- // Bytelen of P
- Bytelen int
- // The public key size, in bytes.
- PublicKeySize int
- // The shared secret size, in bytes.
- SharedSecretSize int
- // Defines A,C constant for starting curve Cy^2 = x^3 + Ax^2 + x
- InitCurve ProjectiveCurveParameters
- // 2- and 3-torsion group parameter definitions
- A, B DomainParams
- // Precomputed 1/2 in the Fp2 in Montgomery domain
- HalfFp2 Fp2
- // Precomputed identity element in the Fp2 in Montgomery domain
- OneFp2 Fp2
- // Length of SIKE secret message. Must be one of {24,32,40},
- // depending on size of prime field used (see [SIKE], 1.4 and 5.1)
- MsgLen int
- // Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1)
- KemSize int
- // Size of a ciphertext returned by encapsulation in bytes
- CiphertextSize int
- }
-
- // Stores curve projective parameters equivalent to A/C. Meaning of the
- // values depends on the context. When working with isogenies over
- // subgroup that are powers of:
- // * three then (A:C) ~ (A+2C:A-2C)
- // * four then (A:C) ~ (A+2C: 4C)
- // See Appendix A of SIKE for more details
- type CurveCoefficientsEquiv struct {
- A Fp2
- C Fp2
- }
-
- // A point on the projective line P^1(F_{p^2}).
- //
- // This represents a point on the Kummer line of a Montgomery curve. The
- // curve is specified by a ProjectiveCurveParameters struct.
- type ProjectivePoint struct {
- X Fp2
- Z Fp2
- }
-
- // Base type for public and private key. Used mainly to carry domain
- // parameters.
- type key struct {
- // Domain parameters of the algorithm to be used with a key
- params *SidhParams
- // Flag indicates wether corresponds to 2-, 3-torsion group or SIKE
- keyVariant KeyVariant
- }
-
- // Defines operations on private key
- type PrivateKey struct {
- key
- // Secret key
- Scalar []byte
- // Used only by KEM
- S []byte
- }
-
- // Defines operations on public key
- type PublicKey struct {
- key
- affine_xP Fp2
- affine_xQ Fp2
- affine_xQmP Fp2
- }
-
- // A point on the projective line P^1(F_{p^2}).
- //
- // This is used to work projectively with the curve coefficients.
- type ProjectiveCurveParameters struct {
- A Fp2
- C Fp2
- }
-
- const (
- // First 2 bits identify SIDH variant third bit indicates
- // wether key is a SIKE variant (set) or SIDH (not set)
-
- // 001 - SIDH: corresponds to 2-torsion group
- KeyVariant_SIDH_A KeyVariant = 1 << 0
- // 010 - SIDH: corresponds to 3-torsion group
- KeyVariant_SIDH_B = 1 << 1
- // 110 - SIKE
- KeyVariant_SIKE = 1<<2 | KeyVariant_SIDH_B
- )
|
