mirror of
https://github.com/henrydcase/nobs.git
synced 2024-11-25 08:31:21 +00:00
Henry Case
a152c09fd5
* makes common reusable * exports some more symbols from common * remove kem for a moment
283 lines
8.1 KiB
Go
283 lines
8.1 KiB
Go
// Code generated by go generate; DO NOT EDIT.
|
|
// This file was generated by robots.
|
|
|
|
package p751
|
|
|
|
import (
|
|
. "github.com/henrydcase/nobs/dh/sidh/common"
|
|
)
|
|
|
|
// -----------------------------------------------------------------------------
|
|
// Functions for traversing isogeny trees acoording to strategy. Key type 'A' is
|
|
//
|
|
|
|
// Traverses isogeny tree in order to compute xR, xP, xQ and xQmP needed
|
|
// for public key generation.
|
|
func traverseTreePublicKeyA(curve *ProjectiveCurveParameters, xR, phiP, phiQ, phiR *ProjectivePoint) {
|
|
var points = make([]ProjectivePoint, 0, 8)
|
|
var indices = make([]int, 0, 8)
|
|
var i, sIdx int
|
|
var phi isogeny4
|
|
|
|
cparam := CalcCurveParamsEquiv4(curve)
|
|
strat := params.A.IsogenyStrategy
|
|
stratSz := len(strat)
|
|
|
|
for j := 1; j <= stratSz; j++ {
|
|
for i <= stratSz-j {
|
|
points = append(points, *xR)
|
|
indices = append(indices, i)
|
|
|
|
k := strat[sIdx]
|
|
sIdx++
|
|
Pow2k(xR, &cparam, 2*k)
|
|
i += int(k)
|
|
}
|
|
cparam = phi.GenerateCurve(xR)
|
|
|
|
for k := 0; k < len(points); k++ {
|
|
points[k] = phi.EvaluatePoint(&points[k])
|
|
}
|
|
*phiP = phi.EvaluatePoint(phiP)
|
|
*phiQ = phi.EvaluatePoint(phiQ)
|
|
*phiR = phi.EvaluatePoint(phiR)
|
|
|
|
// pop xR from points
|
|
*xR, points = points[len(points)-1], points[:len(points)-1]
|
|
i, indices = int(indices[len(indices)-1]), indices[:len(indices)-1]
|
|
}
|
|
}
|
|
|
|
// Traverses isogeny tree in order to compute xR needed
|
|
// for public key generation.
|
|
func traverseTreeSharedKeyA(curve *ProjectiveCurveParameters, xR *ProjectivePoint) {
|
|
var points = make([]ProjectivePoint, 0, 8)
|
|
var indices = make([]int, 0, 8)
|
|
var i, sIdx int
|
|
var phi isogeny4
|
|
|
|
cparam := CalcCurveParamsEquiv4(curve)
|
|
strat := params.A.IsogenyStrategy
|
|
stratSz := len(strat)
|
|
|
|
for j := 1; j <= stratSz; j++ {
|
|
for i <= stratSz-j {
|
|
points = append(points, *xR)
|
|
indices = append(indices, i)
|
|
|
|
k := strat[sIdx]
|
|
sIdx++
|
|
Pow2k(xR, &cparam, 2*k)
|
|
i += int(k)
|
|
}
|
|
cparam = phi.GenerateCurve(xR)
|
|
|
|
for k := 0; k < len(points); k++ {
|
|
points[k] = phi.EvaluatePoint(&points[k])
|
|
}
|
|
|
|
// pop xR from points
|
|
*xR, points = points[len(points)-1], points[:len(points)-1]
|
|
i, indices = int(indices[len(indices)-1]), indices[:len(indices)-1]
|
|
}
|
|
}
|
|
|
|
// Traverses isogeny tree in order to compute xR, xP, xQ and xQmP needed
|
|
// for public key generation.
|
|
func traverseTreePublicKeyB(curve *ProjectiveCurveParameters, xR, phiP, phiQ, phiR *ProjectivePoint) {
|
|
var points = make([]ProjectivePoint, 0, 8)
|
|
var indices = make([]int, 0, 8)
|
|
var i, sIdx int
|
|
var phi isogeny3
|
|
|
|
cparam := CalcCurveParamsEquiv3(curve)
|
|
strat := params.B.IsogenyStrategy
|
|
stratSz := len(strat)
|
|
|
|
for j := 1; j <= stratSz; j++ {
|
|
for i <= stratSz-j {
|
|
points = append(points, *xR)
|
|
indices = append(indices, i)
|
|
|
|
k := strat[sIdx]
|
|
sIdx++
|
|
Pow3k(xR, &cparam, k)
|
|
i += int(k)
|
|
}
|
|
|
|
cparam = phi.GenerateCurve(xR)
|
|
for k := 0; k < len(points); k++ {
|
|
points[k] = phi.EvaluatePoint(&points[k])
|
|
}
|
|
|
|
*phiP = phi.EvaluatePoint(phiP)
|
|
*phiQ = phi.EvaluatePoint(phiQ)
|
|
*phiR = phi.EvaluatePoint(phiR)
|
|
|
|
// pop xR from points
|
|
*xR, points = points[len(points)-1], points[:len(points)-1]
|
|
i, indices = int(indices[len(indices)-1]), indices[:len(indices)-1]
|
|
}
|
|
}
|
|
|
|
// Traverses isogeny tree in order to compute xR, xP, xQ and xQmP needed
|
|
// for public key generation.
|
|
func traverseTreeSharedKeyB(curve *ProjectiveCurveParameters, xR *ProjectivePoint) {
|
|
var points = make([]ProjectivePoint, 0, 8)
|
|
var indices = make([]int, 0, 8)
|
|
var i, sIdx int
|
|
var phi isogeny3
|
|
|
|
cparam := CalcCurveParamsEquiv3(curve)
|
|
strat := params.B.IsogenyStrategy
|
|
stratSz := len(strat)
|
|
|
|
for j := 1; j <= stratSz; j++ {
|
|
for i <= stratSz-j {
|
|
points = append(points, *xR)
|
|
indices = append(indices, i)
|
|
|
|
k := strat[sIdx]
|
|
sIdx++
|
|
Pow3k(xR, &cparam, k)
|
|
i += int(k)
|
|
}
|
|
|
|
cparam = phi.GenerateCurve(xR)
|
|
for k := 0; k < len(points); k++ {
|
|
points[k] = phi.EvaluatePoint(&points[k])
|
|
}
|
|
|
|
// pop xR from points
|
|
*xR, points = points[len(points)-1], points[:len(points)-1]
|
|
i, indices = int(indices[len(indices)-1]), indices[:len(indices)-1]
|
|
}
|
|
}
|
|
|
|
// Generate a public key in the 2-torsion group. Public key is a set
|
|
// of three x-coordinates: xP,xQ,x(P-Q), where P,Q are points on E_a(Fp2)
|
|
func PublicKeyGenA(pub3Pt *[3]Fp2, prvBytes []byte) {
|
|
var xPA, xQA, xRA ProjectivePoint
|
|
var xPB, xQB, xRB, xR ProjectivePoint
|
|
var invZP, invZQ, invZR Fp2
|
|
var phi isogeny4
|
|
|
|
// Load points for A
|
|
xPA = ProjectivePoint{X: params.A.AffineP, Z: params.OneFp2}
|
|
xQA = ProjectivePoint{X: params.A.AffineQ, Z: params.OneFp2}
|
|
xRA = ProjectivePoint{X: params.A.AffineR, Z: params.OneFp2}
|
|
|
|
// Load points for B
|
|
xRB = ProjectivePoint{X: params.B.AffineR, Z: params.OneFp2}
|
|
xQB = ProjectivePoint{X: params.B.AffineQ, Z: params.OneFp2}
|
|
xPB = ProjectivePoint{X: params.B.AffineP, Z: params.OneFp2}
|
|
|
|
// Find isogeny kernel
|
|
xR = ScalarMul3Pt(¶ms.InitCurve, &xPA, &xQA, &xRA, params.A.SecretBitLen, prvBytes)
|
|
traverseTreePublicKeyA(¶ms.InitCurve, &xR, &xPB, &xQB, &xRB)
|
|
|
|
// Secret isogeny
|
|
phi.GenerateCurve(&xR)
|
|
xPA = phi.EvaluatePoint(&xPB)
|
|
xQA = phi.EvaluatePoint(&xQB)
|
|
xRA = phi.EvaluatePoint(&xRB)
|
|
Fp2Batch3Inv(&xPA.Z, &xQA.Z, &xRA.Z, &invZP, &invZQ, &invZR)
|
|
|
|
mul(&pub3Pt[0], &xPA.X, &invZP)
|
|
mul(&pub3Pt[1], &xQA.X, &invZQ)
|
|
mul(&pub3Pt[2], &xRA.X, &invZR)
|
|
}
|
|
|
|
// Generate a public key in the 2-torsion group. Public key is a set
|
|
// of three x-coordinates: xP,xQ,x(P-Q), where P,Q are points on E_a(Fp2)
|
|
func PublicKeyGenB(pub3Pt *[3]Fp2, prvBytes []byte) {
|
|
var xPB, xQB, xRB, xR ProjectivePoint
|
|
var xPA, xQA, xRA ProjectivePoint
|
|
var invZP, invZQ, invZR Fp2
|
|
var phi isogeny3
|
|
|
|
// Load points for B
|
|
xRB = ProjectivePoint{X: params.B.AffineR, Z: params.OneFp2}
|
|
xQB = ProjectivePoint{X: params.B.AffineQ, Z: params.OneFp2}
|
|
xPB = ProjectivePoint{X: params.B.AffineP, Z: params.OneFp2}
|
|
|
|
// Load points for A
|
|
xPA = ProjectivePoint{X: params.A.AffineP, Z: params.OneFp2}
|
|
xQA = ProjectivePoint{X: params.A.AffineQ, Z: params.OneFp2}
|
|
xRA = ProjectivePoint{X: params.A.AffineR, Z: params.OneFp2}
|
|
|
|
// Find isogeny kernel
|
|
xR = ScalarMul3Pt(¶ms.InitCurve, &xPB, &xQB, &xRB, params.B.SecretBitLen, prvBytes)
|
|
traverseTreePublicKeyB(¶ms.InitCurve, &xR, &xPA, &xQA, &xRA)
|
|
|
|
phi.GenerateCurve(&xR)
|
|
xPB = phi.EvaluatePoint(&xPA)
|
|
xQB = phi.EvaluatePoint(&xQA)
|
|
xRB = phi.EvaluatePoint(&xRA)
|
|
Fp2Batch3Inv(&xPB.Z, &xQB.Z, &xRB.Z, &invZP, &invZQ, &invZR)
|
|
|
|
mul(&pub3Pt[0], &xPB.X, &invZP)
|
|
mul(&pub3Pt[1], &xQB.X, &invZQ)
|
|
mul(&pub3Pt[2], &xRB.X, &invZR)
|
|
}
|
|
|
|
// -----------------------------------------------------------------------------
|
|
// Key agreement functions
|
|
//
|
|
|
|
// Establishing shared keys in in 2-torsion group
|
|
func DeriveSecretA(ss, prv []byte, pub3Pt *[3]Fp2) {
|
|
var xP, xQ, xQmP ProjectivePoint
|
|
var xR ProjectivePoint
|
|
var phi isogeny4
|
|
var jInv Fp2
|
|
|
|
// Recover curve coefficients
|
|
cparam := params.InitCurve
|
|
RecoverCoordinateA(&cparam, &pub3Pt[0], &pub3Pt[1], &pub3Pt[2])
|
|
|
|
// Find kernel of the morphism
|
|
xP = ProjectivePoint{X: pub3Pt[0], Z: params.OneFp2}
|
|
xQ = ProjectivePoint{X: pub3Pt[1], Z: params.OneFp2}
|
|
xQmP = ProjectivePoint{X: pub3Pt[2], Z: params.OneFp2}
|
|
xR = ScalarMul3Pt(&cparam, &xP, &xQ, &xQmP, params.A.SecretBitLen, prv)
|
|
|
|
// Traverse isogeny tree
|
|
traverseTreeSharedKeyA(&cparam, &xR)
|
|
|
|
// Calculate j-invariant on isogeneus curve
|
|
c := phi.GenerateCurve(&xR)
|
|
RecoverCurveCoefficients4(&cparam, &c)
|
|
Jinvariant(&cparam, &jInv)
|
|
FromMontgomery(&jInv, &jInv)
|
|
Fp2ToBytes(ss, &jInv, params.Bytelen)
|
|
}
|
|
|
|
// Establishing shared keys in in 3-torsion group
|
|
func DeriveSecretB(ss, prv []byte, pub3Pt *[3]Fp2) {
|
|
var xP, xQ, xQmP ProjectivePoint
|
|
var xR ProjectivePoint
|
|
var phi isogeny3
|
|
var jInv Fp2
|
|
|
|
// Recover curve coefficients
|
|
cparam := params.InitCurve
|
|
RecoverCoordinateA(&cparam, &pub3Pt[0], &pub3Pt[1], &pub3Pt[2])
|
|
|
|
// Find kernel of the morphism
|
|
xP = ProjectivePoint{X: pub3Pt[0], Z: params.OneFp2}
|
|
xQ = ProjectivePoint{X: pub3Pt[1], Z: params.OneFp2}
|
|
xQmP = ProjectivePoint{X: pub3Pt[2], Z: params.OneFp2}
|
|
xR = ScalarMul3Pt(&cparam, &xP, &xQ, &xQmP, params.B.SecretBitLen, prv)
|
|
|
|
// Traverse isogeny tree
|
|
traverseTreeSharedKeyB(&cparam, &xR)
|
|
|
|
// Calculate j-invariant on isogeneus curve
|
|
c := phi.GenerateCurve(&xR)
|
|
RecoverCurveCoefficients3(&cparam, &c)
|
|
Jinvariant(&cparam, &jInv)
|
|
FromMontgomery(&jInv, &jInv)
|
|
Fp2ToBytes(ss, &jInv, params.Bytelen)
|
|
}
|