group

package
v1.4.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2023 License: BSD-3-Clause Imports: 14 Imported by: 0

Documentation

Overview

Package group provides prime-order groups based on elliptic curves.

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrType      = errors.New("group: type mismatch")
	ErrUnmarshal = errors.New("group: error unmarshaling")
	ErrSelector  = errors.New("group: selector must be 0 or 1")
)

Functions

func HashToField

func HashToField(u []big.Int, b []byte, e expander.Expander, p *big.Int, L uint)

HashToField generates a set of elements {u1,..., uN} = Hash(b) where each u in GF(p) and L is the security parameter.

Types

type Element

type Element interface {
	// Returns the group that the element belongs to.
	Group() Group
	// Set the receiver to x, and returns the receiver.
	Set(x Element) Element
	// Copy returns a new element equal to the receiver.
	Copy() Element
	// IsIdentity returns true if the receiver is the identity element of the
	// group.
	IsIdentity() bool
	// IsEqual returns true if the receiver is equal to x.
	IsEqual(x Element) bool
	// CMov sets the receiver to x if b=1; the receiver is unmodified if b=0;
	// otherwise panics if b is not 0 or 1. In all the cases, it returns the
	// receiver.
	CMov(b int, x Element) Element
	// CSelect sets the receiver to x if b=1; sets the receiver to y if b=0;
	// otherwise panics if b is not 0 or 1. In all the cases, it returns the
	// receiver.
	CSelect(b int, x, y Element) Element
	// Add sets the receiver to x + y, and returns the receiver.
	Add(x, y Element) Element
	// Dbl sets the receiver to 2 * x, and returns the receiver.
	Dbl(x Element) Element
	// Neg sets the receiver to -x, and returns the receiver.
	Neg(x Element) Element
	// Mul sets the receiver to s * x, and returns the receiver.
	Mul(x Element, s Scalar) Element
	// MulGen sets the receiver to s * Generator(), and returns the receiver.
	MulGen(s Scalar) Element
	// BinaryMarshaler returns a byte representation of the element.
	encoding.BinaryMarshaler
	// BinaryUnmarshaler recovers an element from a byte representation
	// produced either by encoding.BinaryMarshaler or MarshalBinaryCompress.
	encoding.BinaryUnmarshaler
	// MarshalBinaryCompress returns a byte representation of an element in a
	// compact form whenever the group supports it; otherwise, returns the
	// same byte representation produced by encoding.BinaryMarshaler.
	MarshalBinaryCompress() ([]byte, error)
}

Element represents an element of a prime-order group.

type Group

type Group interface {
	Params() *Params // Params returns parameters for the group
	// Creates an element of the group set to the identity of the group.
	NewElement() Element
	// Creates a scalar of the group set to zero.
	NewScalar() Scalar
	// Creates an element of the group set to the identity of the group.
	Identity() Element
	// Creates an element of the group set to the generator of the group.
	Generator() Element
	// Returns a scalar set to the group order.
	Order() Scalar
	// RandomElement creates an element chosen at random (using randomness
	// from rnd) from the set of group elements. Use crypto/rand.Reader as
	// a cryptographically secure random number generator
	RandomElement(rnd io.Reader) Element
	// RandomScalar creates a scalar chosen at random (using randomness
	// from rnd) from the set of group scalars. Use crypto/rand.Reader as
	// a cryptographically secure random number generator
	RandomScalar(rnd io.Reader) Scalar
	// RandomNonZeroScalar creates a scalar chosen at random (using randomness
	// from rnd) from the set of group scalars. Use crypto/rand.Reader as
	// a cryptographically secure random number generator. It is guaranteed
	// the scalar is not zero.
	RandomNonZeroScalar(io.Reader) Scalar
	// HashToElement hashes a message (msg) using a domain separation string
	// (dst) producing a group element with uniform distribution.
	HashToElement(msg, dst []byte) Element
	// HashToElementNonUniform hashes a message (msg) using a domain separation
	// string (dst) producing a group element with nonuniform distribution.
	HashToElementNonUniform(msg, dst []byte) Element
	// HashToScalar hashes a message (msg) using a domain separation string
	// (dst) producing a group scalar with uniform distribution.
	HashToScalar(msg, dst []byte) Scalar
}

Group represents an additive prime-order group based on elliptic curves.

var (
	// P256 is the group generated by P-256 elliptic curve.
	P256 Group = wG{elliptic.P256()}
	// P384 is the group generated by P-384 elliptic curve.
	P384 Group = wG{p384.P384()}
	// P521 is the group generated by P-521 elliptic curve.
	P521 Group = wG{elliptic.P521()}
)
var Ristretto255 Group = ristrettoGroup{}

Ristretto255 is a quotient group generated from the edwards25519 curve.

type Params

type Params struct {
	ElementLength           uint // Length in bytes of an element.
	CompressedElementLength uint // Length in bytes of a compressed element.
	ScalarLength            uint // Length in bytes of a scalar.
}

Params stores the size in bytes of elements and scalars.

type Scalar

type Scalar interface {
	// Returns the group that the scalar belongs to.
	Group() Group
	// Set the receiver to x, and returns the receiver.
	Set(x Scalar) Scalar
	// Copy returns a new scalar equal to the receiver.
	Copy() Scalar
	// IsZero returns true if the receiver is equal to zero.
	IsZero() bool
	// IsEqual returns true if the receiver is equal to x.
	IsEqual(x Scalar) bool
	// SetUint64 sets the receiver to x, and returns the receiver.
	SetUint64(x uint64) Scalar
	// SetBigInt sets the receiver to x, and returns the receiver.
	// Warning: operations on big.Int are not constant time. Do not use them
	// for cryptography unless you're sure it's safe in your use-case.
	SetBigInt(b *big.Int) Scalar
	// CMov sets the receiver to x if b=1; the receiver is unmodified if b=0;
	// otherwise panics if b is not 0 or 1. In all the cases, it returns the
	// receiver.
	CMov(b int, x Scalar) Scalar
	// CSelect sets the receiver to x if b=1; sets the receiver to y if b=0;
	// otherwise panics if b is not 0 or 1. In all the cases, it returns the
	// receiver.
	CSelect(b int, x, y Scalar) Scalar
	// Add sets the receiver to x + y, and returns the receiver.
	Add(x, y Scalar) Scalar
	// Sub sets the receiver to x - y, and returns the receiver.
	Sub(x, y Scalar) Scalar
	// Mul sets the receiver to x * y, and returns the receiver.
	Mul(x, y Scalar) Scalar
	// Neg sets the receiver to -x, and returns the receiver.
	Neg(x Scalar) Scalar
	// Inv sets the receiver to 1/x, and returns the receiver.
	Inv(x Scalar) Scalar
	// BinaryMarshaler returns a byte representation of the scalar.
	encoding.BinaryMarshaler
	// BinaryUnmarshaler recovers a scalar from a byte representation produced
	// by encoding.BinaryMarshaler.
	encoding.BinaryUnmarshaler
}

Scalar represents a scalar of a prime-order group.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL