package sike // I keep it bool in order to be able to apply logical NOT type KeyVariant uint // Representation of an element of the base field F_p. // // No particular meaning is assigned to the representation -- it could represent // an element in Montgomery form, or not. Tracking the meaning of the field // element is left to higher types. type Fp [FP_WORDS]uint64 // Represents an intermediate product of two elements of the base field F_p. type FpX2 [2 * FP_WORDS]uint64 // Represents an element of the extended field Fp^2 = Fp(x+i) type Fp2 struct { A Fp B Fp } type DomainParams struct { // P, Q and R=P-Q base points Affine_P, Affine_Q, Affine_R Fp2 // Size of a compuatation strategy for x-torsion group IsogenyStrategy []uint32 // Max size of secret key for x-torsion group SecretBitLen uint // Max size of secret key for x-torsion group SecretByteLen uint } type SidhParams struct { Id uint8 // Bytelen of P Bytelen int // The public key size, in bytes. PublicKeySize int // The shared secret size, in bytes. SharedSecretSize int // 2- and 3-torsion group parameter definitions A, B DomainParams // Precomputed identity element in the Fp2 in Montgomery domain OneFp2 Fp2 // Precomputed 1/2 in the Fp2 in Montgomery domain HalfFp2 Fp2 // Length of SIKE secret message. Must be one of {24,32,40}, // depending on size of prime field used (see [SIKE], 1.4 and 5.1) MsgLen int // Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1) KemSize int // Size of a ciphertext returned by encapsulation in bytes CiphertextSize int } // Stores curve projective parameters equivalent to A/C. Meaning of the // values depends on the context. When working with isogenies over // subgroup that are powers of: // * three then (A:C) ~ (A+2C:A-2C) // * four then (A:C) ~ (A+2C: 4C) // See Appendix A of SIKE for more details type CurveCoefficientsEquiv struct { A Fp2 C Fp2 } // A point on the projective line P^1(F_{p^2}). // // This represents a point on the Kummer line of a Montgomery curve. The // curve is specified by a ProjectiveCurveParameters struct. type ProjectivePoint struct { X Fp2 Z Fp2 } // Base type for public and private key. Used mainly to carry domain // parameters. type key struct { // Domain parameters of the algorithm to be used with a key params *SidhParams // Flag indicates wether corresponds to 2-, 3-torsion group or SIKE keyVariant KeyVariant } // Defines operations on private key type PrivateKey struct { key // Secret key Scalar []byte // Used only by KEM S []byte } // Defines operations on public key type PublicKey struct { key affine_xP Fp2 affine_xQ Fp2 affine_xQmP Fp2 } // A point on the projective line P^1(F_{p^2}). // // This is used to work projectively with the curve coefficients. type ProjectiveCurveParameters struct { A Fp2 C Fp2 } const ( // First 2 bits identify SIDH variant third bit indicates // wether key is a SIKE variant (set) or SIDH (not set) // 001 - SIDH: corresponds to 2-torsion group KeyVariant_SIDH_A KeyVariant = 1 << 0 // 010 - SIDH: corresponds to 3-torsion group KeyVariant_SIDH_B = 1 << 1 // 110 - SIKE KeyVariant_SIKE = 1<<2 | KeyVariant_SIDH_B )