sike

package
v0.0.0-...-928146c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2024 License: GPL-2.0, BSD-3-Clause, ISC, + 2 more Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// 001 - SIDH: corresponds to 2-torsion group
	KeyVariant_SIDH_A KeyVariant = 1 << 0
	// 010 - SIDH: corresponds to 3-torsion group
	KeyVariant_SIDH_B = 1 << 1
	// 110 - SIKE
	KeyVariant_SIKE = 1<<2 | KeyVariant_SIDH_B
	// Number of uint64 limbs used to store field element
	FP_WORDS = 7
)

Variables

This section is empty.

Functions

func Decapsulate 

func Decapsulate(prv *PrivateKey, pub *PublicKey, ctext []byte) ([]byte, error)

Decapsulate given the keypair and ciphertext as inputs, Decapsulate outputs a shared secret if plaintext verifies correctly, otherwise function outputs random value. Decapsulation may fail in case input is wrongly formatted. Constant time for properly initialized input.

func Decrypt 

func Decrypt(prv *PrivateKey, ctext []byte) ([]byte, error)

Uses SIKE private key to decrypt ciphertext. Returns plaintext in case decryption succeeds or error in case unexptected input was provided. Constant time

func DeriveSecret 

func DeriveSecret(prv *PrivateKey, pub *PublicKey) ([]byte, error)

Computes a shared secret which is a j-invariant. Function requires that pub has different KeyVariant than prv. Length of returned output is 2*ceil(log_2 P)/8), where P is a prime defining finite field.

It's important to notice that each keypair must not be used more than once to calculate shared secret.

Function may return error. This happens only in case provided input is invalid. Constant time for properly initialized private and public key.

func Encapsulate 

func Encapsulate(rng io.Reader, pub *PublicKey) (ctext []byte, secret []byte, err error)

Encapsulation receives the public key and generates SIKE ciphertext and shared secret. The generated ciphertext is used for authentication. The rng must be cryptographically secure PRNG. Error is returned in case PRNG fails or wrongly formatted input was provided.

func Encrypt 

func Encrypt(rng io.Reader, pub *PublicKey, ptext []byte) ([]byte, error)

Uses SIKE public key to encrypt plaintext. Requires cryptographically secure PRNG Returns ciphertext in case encryption succeeds. Returns error in case PRNG fails or wrongly formatted input was provided.

func Fp2Batch3Inv 

func Fp2Batch3Inv(x1, x2, x3, y1, y2, y3 *Fp2)

Set (y1, y2, y3) = (1/x1, 1/x2, 1/x3).

All xi, yi must be distinct.

func Jinvariant 

func Jinvariant(cparams *ProjectiveCurveParameters, j *Fp2)

Computes j-invariant for a curve y2=x3+A/Cx+x with A,C in F_(p^2). Result is returned in 'j'. Implementation corresponds to Algorithm 9 from SIKE.

func NewIsogeny3 

func NewIsogeny3() isogeny

Constructs isogeny3 objects

func NewIsogeny4 

func NewIsogeny4() isogeny

Constructs isogeny4 objects

func Pow2k 

func Pow2k(xP *ProjectivePoint, params *CurveCoefficientsEquiv, k uint32)

Given the curve parameters, xP = x(P), computes xP = x([2^k]P) Safe to overlap xP, x2P.

func Pow3k 

func Pow3k(xP *ProjectivePoint, params *CurveCoefficientsEquiv, k uint32)

Given the curve parameters, xP = x(P), and k >= 0, compute xP = x([3^k]P).

Safe to overlap xP, xR.

func RecoverCoordinateA 

func RecoverCoordinateA(curve *ProjectiveCurveParameters, xp, xq, xr *Fp2)

Given affine points x(P), x(Q) and x(Q-P) in a extension field F_{p^2}, function recorvers projective coordinate A of a curve. This is Algorithm 10 from SIKE.

func RecoverCurveCoefficients3 

func RecoverCurveCoefficients3(cparams *ProjectiveCurveParameters, coefEq *CurveCoefficientsEquiv)

Recovers (A:C) curve parameters from projectively equivalent (A+2C:A-2C).

func RecoverCurveCoefficients4 

func RecoverCurveCoefficients4(cparams *ProjectiveCurveParameters, coefEq *CurveCoefficientsEquiv)

Recovers (A:C) curve parameters from projectively equivalent (A+2C:4C).

Types

type CurveCoefficientsEquiv 

type CurveCoefficientsEquiv struct {
	A Fp2
	C Fp2
}

Stores curve projective parameters equivalent to A/C. Meaning of the values depends on the context. When working with isogenies over subgroup that are powers of: * three then (A:C) ~ (A+2C:A-2C) * four then (A:C) ~ (A+2C: 4C) See Appendix A of SIKE for more details

func CalcCurveParamsEquiv3 

func CalcCurveParamsEquiv3(cparams *ProjectiveCurveParameters) CurveCoefficientsEquiv

Computes equivalence (A:C) ~ (A+2C : A-2C)

func CalcCurveParamsEquiv4 

func CalcCurveParamsEquiv4(cparams *ProjectiveCurveParameters) CurveCoefficientsEquiv

Computes equivalence (A:C) ~ (A+2C : 4C)

type DomainParams 

type DomainParams struct {
	// P, Q and R=P-Q base points
	Affine_P, Affine_Q, Affine_R Fp2
	// Size of a compuatation strategy for x-torsion group
	IsogenyStrategy []uint32
	// Max size of secret key for x-torsion group
	SecretBitLen uint
	// Max size of secret key for x-torsion group
	SecretByteLen uint
}

type Fp 

type Fp [FP_WORDS]uint64

Representation of an element of the base field F_p.

No particular meaning is assigned to the representation -- it could represent an element in Montgomery form, or not. Tracking the meaning of the field element is left to higher types.

type Fp2 

type Fp2 struct {
	A Fp
	B Fp
}

Represents an element of the extended field Fp^2 = Fp(x+i)

type FpX2 

type FpX2 [2 * FP_WORDS]uint64

Represents an intermediate product of two elements of the base field F_p.

type KeyVariant 

type KeyVariant uint

I keep it bool in order to be able to apply logical NOT

type PrivateKey 

type PrivateKey struct {

	// Secret key
	Scalar []byte
	// Used only by KEM
	S []byte
	// contains filtered or unexported fields
}

Defines operations on private key

func NewPrivateKey 

func NewPrivateKey(v KeyVariant) *PrivateKey

NewPrivateKey initializes private key. Usage of this function guarantees that the object is correctly initialized.

func (*PrivateKey) Export 

func (prv *PrivateKey) Export() []byte

Exports currently stored key. In case structure hasn't been filled with key data returned byte string is filled with zeros.

func (*PrivateKey) Generate 

func (prv *PrivateKey) Generate(rand io.Reader) error

Generates random private key for SIDH or SIKE. Generated value is formed as little-endian integer from key-space <2^(e2-1)..2^e2 - 1> for KeyVariant_A or <2^(s-1)..2^s - 1>, where s = floor(log_2(3^e3)), for KeyVariant_B.

Returns error in case user provided RNG fails.

func (*PrivateKey) GeneratePublicKey 

func (prv *PrivateKey) GeneratePublicKey() *PublicKey

Generates public key.

Constant time.

func (*PrivateKey) Import 

func (prv *PrivateKey) Import(input []byte) error

Import clears content of the private key currently stored in the structure and imports key from octet string. In case of SIKE, the random value 'S' must be prepended to the value of actual private key (see SIKE spec for details). Function doesn't import public key value to PrivateKey object.

func (*PrivateKey) Size 

func (prv *PrivateKey) Size() int

Size returns size of the private key in bytes

type ProjectiveCurveParameters 

type ProjectiveCurveParameters struct {
	A Fp2
	C Fp2
}

A point on the projective line P^1(F_{p^2}).

This is used to work projectively with the curve coefficients.

type ProjectivePoint 

type ProjectivePoint struct {
	X Fp2
	Z Fp2
}

A point on the projective line P^1(F_{p^2}).

This represents a point on the Kummer line of a Montgomery curve. The curve is specified by a ProjectiveCurveParameters struct.

func ScalarMul3Pt 

func ScalarMul3Pt(cparams *ProjectiveCurveParameters, P, Q, PmQ *ProjectivePoint, nbits uint, scalar []uint8) ProjectivePoint

ScalarMul3Pt is a right-to-left point multiplication that given the x-coordinate of P, Q and P-Q calculates the x-coordinate of R=Q+[scalar]P. nbits must be smaller or equal to len(scalar).

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

Defines operations on public key

func NewPublicKey 

func NewPublicKey(v KeyVariant) *PublicKey

NewPublicKey initializes public key. Usage of this function guarantees that the object is correctly initialized.

func (*PublicKey) Export 

func (pub *PublicKey) Export() []byte

Exports currently stored key. In case structure hasn't been filled with key data returned byte string is filled with zeros.

func (*PublicKey) Import 

func (pub *PublicKey) Import(input []byte) error

Import clears content of the public key currently stored in the structure and imports key stored in the byte string. Returns error in case byte string size is wrong. Doesn't perform any validation.

func (*PublicKey) Size 

func (pub *PublicKey) Size() int

Size returns size of the public key in bytes

type SidhParams 

type SidhParams struct {
	Id uint8
	// Bytelen of P
	Bytelen int
	// The public key size, in bytes.
	PublicKeySize int
	// The shared secret size, in bytes.
	SharedSecretSize int
	// Defines A,C constant for starting curve Cy^2 = x^3 + Ax^2 + x
	InitCurve ProjectiveCurveParameters
	// 2- and 3-torsion group parameter definitions
	A, B DomainParams
	// Precomputed 1/2 in the Fp2 in Montgomery domain
	HalfFp2 Fp2
	// Precomputed identity element in the Fp2 in Montgomery domain
	OneFp2 Fp2
	// Length of SIKE secret message. Must be one of {24,32,40},
	// depending on size of prime field used (see [SIKE], 1.4 and 5.1)
	MsgLen int
	// Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1)
	KemSize int
	// Size of a ciphertext returned by encapsulation in bytes
	CiphertextSize int
}
var (

	// R^2=(2^448)^2 mod p
	R2 = Fp{
		0x28E55B65DCD69B30, 0xACEC7367768798C2, 0xAB27973F8311688D, 0x175CC6AF8D6C7C0B,
		0xABCD92BF2DDE347E, 0x69E16A61C7686D9A, 0x000025A89BCDD12A,
	}

	Params SidhParams
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.