scalar

package

v0.0.0-...-1f23a7b Latest Latest Go to latest Published: Sep 4, 2023 License: BSD-3-Clause Imports: 9 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/oasisprotocol/curve25519-voi

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package scalar implements arithmetic on scalars (integers mod the group order).

Index ¶

Constants
Variables
func ScMinimalVartime(scalar []byte) bool
func ToRadix2wSizeHint(w uint) uint
type Scalar

Constants ¶

View Source

const (
	// ScalarSize is the size of a scalar in bytes.
	ScalarSize = 32

	// ScalarWideSize is the size of a wide scalar in bytes.
	ScalarWideSize = 64
)

Variables ¶

View Source

var (

	// BASEPOINT_ORDER is the order of the Ed25519 basepoint and the Ristretto
	// group.
	BASEPOINT_ORDER = func() *Scalar {

		s, err := NewFromBits([]byte{
			0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
			0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
		})
		if err != nil {
			panic("curve/scalar: failed to define basepoint order constant: " + err.Error())
		}
		return s
	}()
)

Functions ¶

func ScMinimalVartime ¶

func ScMinimalVartime(scalar []byte) bool

ScMinimalVartime returns true if the given byte-encoded scalar is less than the order of the curve, in variable-time.

This method is intended for verification applications, and is significantly faster than deserializing the scalar and calling IsCanonical.

func ToRadix2wSizeHint ¶

func ToRadix2wSizeHint(w uint) uint

ToRadix2wSizeHint returns a size hint indicating how many entries of the return value of ToRadix2w are nonzero.

Types ¶

type Scalar ¶

type Scalar struct {
	disalloweq.DisallowEqual //nolint:unused
	// contains filtered or unexported fields
}

Scalar holds an integer s < 2^255 which represents an element of Z/L.

func New ¶

func New() *Scalar

New returns a scalar set to zero.

func NewFromBits ¶

func NewFromBits(in []byte) (*Scalar, error)

NewFromBits constructs a scalar from the low 255 bits of a 256-bit integer.

This function is intended for applications like X25519 which require specific bit-patterns when performing scalar multiplication.

func NewFromBytesModOrder ¶

func NewFromBytesModOrder(in []byte) (*Scalar, error)

NewFromBytesModOrder constructs a scalar by reducing a 256-bit little-endian integer modulo the group order L.

func NewFromBytesModOrderWide ¶

func NewFromBytesModOrderWide(in []byte) (*Scalar, error)

NewFromBytesModOrderWide constructs a scalar by reducing a 512-bit little-endian integer modulo the group order L.

func NewFromCanonicalBytes ¶

func NewFromCanonicalBytes(in []byte) (*Scalar, error)

NewFromCanonicalBytes attempts to construct a scalar from a canoical byte representation.

func NewFromUint64 ¶

func NewFromUint64(x uint64) *Scalar

NewFromUint64 returns a scalar set to the given uint64.

func One ¶

func One() *Scalar

One returns a scalar set to 1.

func (*Scalar) Add ¶

func (s *Scalar) Add(a, b *Scalar) *Scalar

Add sets `s= a + b (mod l)`, and returns s.

func (*Scalar) BatchInvert ¶

func (s *Scalar) BatchInvert(inputs []*Scalar) *Scalar

BatchInvert computes the inverses of slice of `Scalar`s in a batch, and sets s to the product of all inverses, and returns s. Each element of the input slice is replaced by its inverse.

WARNING: The input scalars MUST be nonzero. If you cannot prove that this is the case you MUST not use this function.

func (*Scalar) Bits ¶

func (s *Scalar) Bits() [8 * ScalarSize]byte

Bits gets the bits of the scalar.

func (*Scalar) ConditionalSelect ¶

func (s *Scalar) ConditionalSelect(a, b *Scalar, choice int)

ConditionalSelect sets s to a iff choice == 0 and b iff choice == 1.

func (*Scalar) Equal ¶

func (s *Scalar) Equal(t *Scalar) int

Equal returns 1 iff the s and t are equal, 0 otherwise. This function will execute in constant-time.

func (*Scalar) Invert ¶

func (s *Scalar) Invert(t *Scalar) *Scalar

Invert sets s to the multiplicative inverse of the nonzero scalar t, and returns s.

WARNING: The scalar MUST be nonzero. If you cannot prove that this is the case you MUST not use this function.

func (*Scalar) IsCanonical ¶

func (s *Scalar) IsCanonical() bool

IsCanonical checks if this scalar is the canonical representative mod L.

This is intended for uses like input validation, where variable-time code is acceptable.

func (*Scalar) MarshalBinary ¶

func (s *Scalar) MarshalBinary() ([]byte, error)

MarshalBinary encodes the scalar into a binary form and returns the result.

func (*Scalar) Mul ¶

func (s *Scalar) Mul(a, b *Scalar) *Scalar

Mul sets `s = a * b (mod l)`, and returns s.

func (*Scalar) Neg ¶

func (s *Scalar) Neg(t *Scalar) *Scalar

Neg `s = -t`, and returns s.

func (*Scalar) NonAdjacentForm ¶

func (s *Scalar) NonAdjacentForm(w uint) [256]int8

NonAdjacentForm returns a width-w "Non-Adjacent Form" of this scalar.

func (*Scalar) One ¶

func (s *Scalar) One() *Scalar

One sets s to one, and returns s.

func (*Scalar) Product ¶

func (s *Scalar) Product(values []*Scalar) *Scalar

Product sets s to the product of values, and returns s.

func (*Scalar) Reduce ¶

func (s *Scalar) Reduce(t *Scalar) *Scalar

Reduce reduces t modulo L, and returns s.

func (*Scalar) Set ¶

func (s *Scalar) Set(t *Scalar) *Scalar

Set sets s to t, and returns s.

func (*Scalar) SetBits ¶

func (s *Scalar) SetBits(in []byte) (*Scalar, error)

SetBits constructs a scalar from the low 255 bits of a 256-bit integer.

This function is intended for applications like X25519 which require specific bit-patterns when performing scalar multiplication.

func (*Scalar) SetBytesModOrder ¶

func (s *Scalar) SetBytesModOrder(in []byte) (*Scalar, error)

SetBytesModOrder sets s to the scalar constructed by reducing a 256-bit little-endian integer modulo the group order L.

func (*Scalar) SetBytesModOrderWide ¶

func (s *Scalar) SetBytesModOrderWide(in []byte) (*Scalar, error)

SetBytesModOrderWide sets s to the scalar constructed by reducing a 512-bit little-endian integer modulo the group order L.

func (*Scalar) SetCanonicalBytes ¶

func (s *Scalar) SetCanonicalBytes(in []byte) (*Scalar, error)

SetCanonicalBytes sets s from a canonical byte representation.

func (*Scalar) SetRandom ¶

func (s *Scalar) SetRandom(rng io.Reader) (*Scalar, error)

SetRandom sets s to a scalar chosen uniformly at random using entropy from the user-provided io.Reader. If rng is nil, the runtime library's entropy source will be used.

func (*Scalar) SetUint64 ¶

func (s *Scalar) SetUint64(x uint64) *Scalar

SetUint64 sets s to the given uint64, and returns s.

func (*Scalar) Sub ¶

func (s *Scalar) Sub(a, b *Scalar) *Scalar

Sub sets `s = a - b (mod l)`, and returns s.

func (*Scalar) Sum ¶

func (s *Scalar) Sum(values []*Scalar) *Scalar

Sum sets s to the sum of values, and returns s.

func (*Scalar) ToBytes ¶

func (s *Scalar) ToBytes(out []byte) error

ToBytes packs the scalar into 32 bytes.

func (*Scalar) ToRadix16 ¶

func (s *Scalar) ToRadix16() [64]int8

ToRadix16 returns the scalar in radix 16, with coefficients in [-8,8).

func (*Scalar) ToRadix2w ¶

func (s *Scalar) ToRadix2w(w uint) [43]int8

ToRadix2w returns a representation of a scalar in radix 64, 128, or 256.

func (*Scalar) UnmarshalBinary ¶

func (s *Scalar) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes a binary serialized scalar.

func (*Scalar) Zero ¶

func (s *Scalar) Zero() *Scalar

Zero sets s to zero, and returns s.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL