kris
/
go-sike
1
0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
16 提交
2 分支
501 KiB
 
 
目录树: fee32327c1
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'fee32327c1'
${ noResults }
go-sike/p503/consts.go

180 行
6.7 KiB
原始文件 Blame 文件历史 

  1. package sike

  2. 

  3. const (

  4. 	// Number of uint64 limbs used to store field element

  5. 	FP_WORDS = 8

  6. )

  7. 

  8. // Used internally by this package

  9. // -------------------------------

  10. 

  11. var p = Fp{

  12. 	0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xABFFFFFFFFFFFFFF,

  13. 	0x13085BDA2211E7A0, 0x1B9BF6C87B7E7DAF, 0x6045C6BDDA77A4D0, 0x004066F541811E1E,

  14. }

  15. 

  16. // 2*503

  17. var pX2 = Fp{

  18. 	0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0x57FFFFFFFFFFFFFF,

  19. 	0x2610B7B44423CF41, 0x3737ED90F6FCFB5E, 0xC08B8D7BB4EF49A0, 0x0080CDEA83023C3C,

  20. }

  21. 

  22. // p503 + 1

  23. var p1 = Fp{

  24. 	0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0xAC00000000000000,

  25. 	0x13085BDA2211E7A0, 0x1B9BF6C87B7E7DAF, 0x6045C6BDDA77A4D0, 0x004066F541811E1E,

  26. }

  27. 

  28. // R^2=(2^512)^2 mod p

  29. var pR2 = Fp{

  30. 	0x5289A0CF641D011F, 0x9B88257189FED2B9, 0xA3B365D58DC8F17A, 0x5BC57AB6EFF168EC,

  31. 	0x9E51998BD84D4423, 0xBF8999CBAC3B5695, 0x46E9127BCE14CDB6, 0x003F6CFCE8B81771,

  32. }

  33. 

  34. // 1/2 * R mod p

  35. var half = Fp2{

  36. 	A: Fp{

  37. 		0x00000000000001FC, 0x0000000000000000, 0x0000000000000000, 0xB000000000000000,

  38. 		0x3B69BB2464785D2A, 0x36824A2AF0FE9896, 0xF5899F427A94F309, 0x0033B15203C83BB8},

  39. }

  40. 

  41. // 1*R mod p

  42. var one = Fp2{

  43. 	A: Fp{

  44. 		0x00000000000003F9, 0x0000000000000000, 0x0000000000000000, 0xB400000000000000,

  45. 		0x63CB1A6EA6DED2B4, 0x51689D8D667EB37D, 0x8ACD77C71AB24142, 0x0026FBAEC60F5953},

  46. }

  47. 

  48. // 6*R mod p

  49. var six = Fp2{

  50. 	A: Fp{

  51. 		0x00000000000017D8, 0x0000000000000000, 0x0000000000000000, 0xE000000000000000,

  52. 		0x30B1E6E3A51520FA, 0xB13BC3BF6FFB3992, 0x8045412EEB3E3DED, 0x0069182E2159DBB8},

  53. }

  54. 

  55. var Params SidhParams

  56. 

  57. func init() {

  58. 	Params = SidhParams{

  59. 		// SIDH public key byte size.

  60. 		PublicKeySize: 378,

  61. 		// SIDH shared secret byte size.

  62. 		SharedSecretSize: 126,

  63. 		InitCurve: ProjectiveCurveParameters{

  64. 			A: six,

  65. 			C: one,

  66. 		},

  67. 		A: DomainParams{

  68. 			// The x-coordinate of PA

  69. 			Affine_P: Fp2{

  70. 				A: Fp{

  71. 					0x5D083011589AD893, 0xADFD8D2CB67D0637, 0x330C9AC34FFB6361, 0xF0D47489A2E805A2,

  72. 					0x27E2789259C6B8DC, 0x63866A2C121931B9, 0x8D4C65A7137DCF44, 0x003A183AE5967B3F,

  73. 				},

  74. 				B: Fp{

  75. 					0x7E3541B8C96D1519, 0xD3ADAEEC0D61A26C, 0xC0A2219CE7703DD9, 0xFF3E46658FCDBC52,

  76. 					0xD5B38DEAE6E196FF, 0x1AAC826364956D58, 0xEC9F4875B9A5F27A, 0x001B0B475AB99843,

  77. 				},

  78. 			},

  79. 			// The x-coordinate of QA

  80. 			Affine_Q: Fp2{

  81. 				A: Fp{

  82. 					0x4D83695107D03BAD, 0x221F3299005E2FCF, 0x78E6AE22F30DECF2, 0x6D982DB5111253E4,

  83. 					0x504C80A8AB4526A8, 0xEFD0C3AA210BB024, 0xCB77483501DC6FCF, 0x001052544A96BDF3,

  84. 				},

  85. 				B: Fp{

  86. 					0x0D74FE3402BCAE47, 0xDF5B8CDA832D8AED, 0xB86BCF06E4BD837E, 0x892A2933A0FA1F63,

  87. 					0x9F88FC67B6CCB461, 0x822926EA9DDA3AC8, 0xEAC8DDE5855425ED, 0x000618FE6DA37A80,

  88. 				},

  89. 			},

  90. 			// The x-coordinate of RA = PA-QA

  91. 			Affine_R: Fp2{

  92. 				A: Fp{

  93. 					0x6B6F4A4F786CF310, 0xB019D444BDCFDBE3, 0xA14CB06680607834, 0xCB0D5582E7E6E60A,

  94. 					0xBA4EE8771667E241, 0xE42A114FCB12E5FF, 0x9A0C074E275BCD98, 0x001871329B28689E,

  95. 				},

  96. 				B: Fp{

  97. 					0x685FA8378513FE76, 0x84E8FC1785E8BDF0, 0x8A380F177CB7C1B7, 0x2227464F4F812C94,

  98. 					0x117C94A81A90C279, 0x193D73132FB9FA28, 0x99335336F192C9EB, 0x0006C2FE778A34FD,

  99. 				},

  100. 			},

  101. 			// Max size of secret key for 2-torsion group, corresponds to 2^e2 - 1

  102. 			SecretBitLen: 250,

  103. 			// SecretBitLen in bytes.

  104. 			SecretByteLen: uint((250 + 7) / 8),

  105. 			// 2-torsion group computation strategy

  106. 			IsogenyStrategy: []uint32{

  107. 				0x3D, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01,

  108. 				0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02,

  109. 				0x01, 0x01, 0x02, 0x01, 0x01, 0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01,

  110. 				0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01,

  111. 				0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x1D, 0x10, 0x08, 0x04, 0x02, 0x01,

  112. 				0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 0x02,

  113. 				0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x0D, 0x08,

  114. 				0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01,

  115. 				0x05, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01},

  116. 		},

  117. 		B: DomainParams{

  118. 			// The x-coordinate of PB

  119. 			Affine_P: Fp2{

  120. 				A: Fp{

  121. 					0xDF630FC5FB2468DB, 0xC30C5541C102040E, 0x3CDC9987B76511FC, 0xF54B5A09353D0CDD,

  122. 					0x3ADBA8E00703C42F, 0x8253F9303DDC95D0, 0x62D30778763ABFD7, 0x001CD00FB581CD55,

  123. 				},

  124. 				B: Fp{

  125. 					0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,

  126. 					0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,

  127. 				},

  128. 			},

  129. 			// The x-coordinate of QB

  130. 			Affine_Q: Fp2{

  131. 				A: Fp{

  132. 					0x2E3457A12B429261, 0x311F94E89627DCF8, 0x5B71C98FD1DB73F6, 0x3671DB7DCFC21541,

  133. 					0xB6D1484C9FE0CF4F, 0x19CD110717356E35, 0xF4F9FB00AC9919DF, 0x0035BC124D38A70B,

  134. 				},

  135. 				B: Fp{

  136. 					0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,

  137. 					0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,

  138. 				},

  139. 			},

  140. 			// The x-coordinate of RB = PB - QB

  141. 			Affine_R: Fp2{

  142. 				A: Fp{

  143. 					0x2E08BB99413D2952, 0xD3021467CD088D72, 0x21017AF859752245, 0x26314ED8FFD9DE5C,

  144. 					0x4AF43C73344B6686, 0xCFA1F91149DF0993, 0xF327A95365587A89, 0x000DBF54E03D3906,

  145. 				},

  146. 				B: Fp{

  147. 					0xFC1FC00CBD0A0CFB, 0x66C29FB284B491A9, 0x7FBED0B26D7F18E0, 0x9C02361066F4C67D,

  148. 					0x2D83758DD0B19E6F, 0x0827029DB2CDC1D7, 0x58700A85FAD38A71, 0x0006FA256B614AD2,

  149. 				},

  150. 			},

  151. 			// Size of secret key for 3-torsion group, corresponds to log_2(3^e3) - 1.

  152. 			SecretBitLen: 252,

  153. 			// SecretBitLen in bytes.

  154. 			SecretByteLen: uint((252 + 7) / 8),

  155. 			// 3-torsion group computation strategy

  156. 			IsogenyStrategy: []uint32{

  157. 				0x47, 0x26, 0x15, 0x0D, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02,

  158. 				0x01, 0x01, 0x02, 0x01, 0x01, 0x05, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02,

  159. 				0x01, 0x01, 0x01, 0x09, 0x05, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01,

  160. 				0x01, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x11, 0x09, 0x05, 0x03, 0x02,

  161. 				0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02,

  162. 				0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01,

  163. 				0x01, 0x02, 0x01, 0x01, 0x21, 0x11, 0x09, 0x05, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01,

  164. 				0x02, 0x01, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04,

  165. 				0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01,

  166. 				0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01,

  167. 				0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01,

  168. 				0x01, 0x02, 0x01, 0x01},

  169. 		},

  170. 		OneFp2:  one,

  171. 		HalfFp2: half,

  172. 		MsgLen:  24,

  173. 		// SIKEp503 provides 128 bit of classical security ([SIKE], 5.1)

  174. 		KemSize: 24,

  175. 		// ceil(503+7/8)

  176. 		Bytelen:        63,

  177. 		CiphertextSize: 24 + 378,

  178. 	}

  179. }