diff --git a/dh/sidh/api.go b/dh/sidh/api.go index dc89d53..db3fe0d 100644 --- a/dh/sidh/api.go +++ b/dh/sidh/api.go @@ -180,12 +180,12 @@ func GeneratePublicKey(prv *PrivateKey) (*PublicKey, error) { } } -// Computes a shared secret. Function requires that pub has different KeyVariant than -// prv. +// Computes a shared secret which is a j-invariant. Function requires that pub has +// different KeyVariant than prv. Length of returned output is 2*ceil(log_2 P)/8), +// where P is a prime defining finite field. // -// Function returns shared secret that can be used as a symmetric key. It's important -// to notice that each keypair must not be used more than once to calculate -// shared secret. +// It's important to notice that each keypair must not be used more than once +// to calculate shared secret. // // Function may return error. This happens only in case provided input is invalid. // Constant time for properly initialized private and public key. diff --git a/dh/sidh/internal/p751/curve.go b/dh/sidh/internal/p751/curve.go index 061246a..0f0dcb4 100644 --- a/dh/sidh/internal/p751/curve.go +++ b/dh/sidh/internal/p751/curve.go @@ -294,7 +294,7 @@ func (x3P *ProjectivePoint) Pow3k(params *CurveCoefficientsEquiv, xP *Projective t1.Sub(&t1, &t2) // t1 = t1 - t2 t5.Mul(&t3, ¶ms.A) // t5 = t3 * A24+ t3.Mul(&t3, &t5) // t3 = t5 * t3 - t6.Mul(¶ms.C, &t2) // t6 = t2 * A24- + t6.Mul(&t2, ¶ms.C) // t6 = t2 * A24- t2.Mul(&t2, &t6) // t2 = t2 * t6 t3.Sub(&t2, &t3) // t3 = t2 - t3 t2.Sub(&t5, &t6) // t2 = t5 - t6 diff --git a/dh/sidh/internal/p751/isogeny.go b/dh/sidh/internal/p751/isogeny.go index 3fb0bf7..bedb4d1 100644 --- a/dh/sidh/internal/p751/isogeny.go +++ b/dh/sidh/internal/p751/isogeny.go @@ -88,7 +88,7 @@ func (phi *isogeny3) EvaluatePoint(p *ProjectivePoint) ProjectivePoint { t2.Square(&t2) // t2 = t2 ^ 2 t0.Square(&t0) // t0 = t0 ^ 2 q.X.Mul(px, &t2) // XQ'= XQ * t2 - q.Z.Mul(pz, &t0) // XZ'= ZQ * t0 + q.Z.Mul(pz, &t0) // ZQ'= ZQ * t0 return q }