Doc

dh/sidh/api.go

@@ -180,12 +180,12 @@ func GeneratePublicKey(prv *PrivateKey) (*PublicKey, error) {
 	}
 }
 
-// Computes a shared secret. Function requires that pub has different KeyVariant than
+// Computes a shared secret which is a j-invariant. Function requires that pub has
-// prv.
+// different KeyVariant than prv. Length of returned output is 2*ceil(log_2 P)/8),
+// where P is a prime defining finite field.
 //
-// Function returns shared secret that can be used as a symmetric key. It's important
+// It's important to notice that each keypair must not be used more than once
-// to notice that each keypair must not be used more than once to calculate
+// to calculate shared secret.
-// shared secret.
 //
 // Function may return error. This happens only in case provided input is invalid.
 // Constant time for properly initialized private and public key.

dh/sidh/internal/p751/curve.go

@@ -294,7 +294,7 @@ func (x3P *ProjectivePoint) Pow3k(params *CurveCoefficientsEquiv, xP *Projective
 		t1.Sub(&t1, &t2)       // t1  = t1 - t2
 		t5.Mul(&t3, &params.A) // t5  = t3 * A24+
 		t3.Mul(&t3, &t5)       // t3  = t5 * t3
-		t6.Mul(&params.C, &t2) // t6  = t2 * A24-
+		t6.Mul(&t2, &params.C) // t6  = t2 * A24-
 		t2.Mul(&t2, &t6)       // t2  = t2 * t6
 		t3.Sub(&t2, &t3)       // t3  = t2 - t3
 		t2.Sub(&t5, &t6)       // t2  = t5 - t6

dh/sidh/internal/p751/isogeny.go

@@ -88,7 +88,7 @@ func (phi *isogeny3) EvaluatePoint(p *ProjectivePoint) ProjectivePoint {
 	t2.Square(&t2)   // t2 = t2 ^ 2
 	t0.Square(&t0)   // t0 = t0 ^ 2
 	q.X.Mul(px, &t2) // XQ'= XQ * t2
-	q.Z.Mul(pz, &t0) // XZ'= ZQ * t0
+	q.Z.Mul(pz, &t0) // ZQ'= ZQ * t0
 	return q
 }