sarah
/
ristretto255
mirror of https://github.com/gtank/ristretto255
1
0
Fork 0
Code Issues Releases Wiki Activity
148 Commits 5 Branches 3 Tags 402 KiB
Commit Graph

148 Commits

Author SHA1 Message Date
Filippo Valsorda 2a0f4ba3cc internal/radix51: replace ToBytes with AppendBytes 2019-03-30 21:23:15 -04:00
George Tankersley 382beb7062 internal/radix51: fix aliasing bug in CondNeg (#21) 2019-03-24 20:32:49 -04:00
Filippo Valsorda ec44dec9b8 internal/radix51: actually, uhm, check the result of TestAliasing 2019-03-15 17:37:41 -04:00
George Tankersley ea3deb459c radix51: change API of FromBytes and ToBytes to use slices 2019-03-02 21:40:51 -05:00
Filippo Valsorda a68796f011 internal/radix51: test all combinations of argument and receiver aliasing 2019-03-02 19:44:59 -05:00
Henry de Valence 5758cbf76c internal/radix51: add property-based tests that multiplication distributes over addition 
Closes #12
 2019-03-02 19:44:59 -05:00
George Tankersley 4ac00273fd radix51: use go1.12 intrinsics for 128-bit multiplications 2019-02-19 18:36:55 -05:00
Filippo Valsorda 6b0cdf071a internal/radix51: define a mask64Bits constant 2019-01-28 10:53:34 -05:00
Filippo Valsorda 032d7f64e8 internal/group: set Z to 1, not 0 in FromAffine 2019-01-28 10:53:34 -05:00
Filippo Valsorda 6781d1fcec internal/group: fix typo 2019-01-28 10:53:34 -05:00
Filippo Valsorda b9aebb71e8 internal/group: derive twoD from D 2019-01-28 10:53:34 -05:00
George Tankersley 968377f9c5 ed25519: fix ScalarMult and improve test to catch the bug (#1) 2019-01-28 10:53:34 -05:00
Filippo Valsorda 982236110c internal/radix51: add MinusOne 2019-01-28 10:53:34 -05:00
Filippo Valsorda 380ecb67b1 internal/group: make conversion APIs caller-allocated 2019-01-28 10:53:34 -05:00
Filippo Valsorda 79589420d8 internal/group: rewrite DoubleZ1 because stack is cheaper than mental state 2019-01-28 10:53:34 -05:00
Filippo Valsorda 2925e841f7 internal: make all APIs chainable 2019-01-28 10:53:34 -05:00
Filippo Valsorda 6c2fda803c internal/radix51: make all APIs not consider the receiver an input 2019-01-28 10:53:34 -05:00
Filippo Valsorda 930ef44224 all: refactor field API to be methods based 2019-01-28 10:53:34 -05:00
Filippo Valsorda b0a75c0ab7 Import gtank/ed25519#8 and refactor on top of it 2019-01-26 22:20:45 -05:00
Filippo Valsorda a3540ec35a Implement FromUniformBytes 2019-01-21 23:39:45 -05:00
Filippo Valsorda dcc5867ec2 Update gtank/ed25519 code to fe6e0954e0 
Our Ristretto-agnostic field operations are now upstreamed, so we can
drop the internal package.
 2019-01-21 18:13:23 -05:00
Filippo Valsorda fe6e0954e0 internal/radix51: add constant time field operations 2019-01-21 17:58:03 -05:00
Filippo Valsorda 7ec609da40 internal/radix51: remove FeEqual 
It does not normalize the representative before comparing them so it
will have false negatives.
 2019-01-21 17:58:03 -05:00
Filippo Valsorda 0e8b4dbb24 internal/radix51: remove FeCSwap 
It's unused and it does not do what it says in the docs.
 2019-01-21 17:58:03 -05:00
Filippo Valsorda 7522470fbc Replace x/crypto/ed25519 code with github.com/gtank/ed25519 
Code pulled from commit 0a030f62c0 with
FeEqual and FeCSwap removed.
 2019-01-21 17:43:47 -05:00
George Tankersley 2156d823cd implement SQRT_RATIO_M1 2019-01-20 17:59:28 -05:00
Filippo Valsorda 6140fa2e7b Refactor const.go 2019-01-20 17:36:31 -05:00
Filippo Valsorda 8264e09462 First ristretto255 function: EQUALS 2019-01-20 17:32:31 -05:00
Filippo Valsorda 268ae6be59 Selectively expose types and functions from the inner x/crypto implementation 2019-01-20 17:32:31 -05:00
George Tankersley e93531adad internal: initialize Ristretto constants 2019-01-20 16:53:02 -05:00
Filippo Valsorda f963b4ec88 Add constant time field operations 2019-01-20 16:52:53 -05:00
Filippo Valsorda f1ea30515a Add FeEqual and feFromBig 2019-01-20 16:33:45 -05:00
George Tankersley 3db329037d initial import from x/crypto ff983b9c42bc9fbf91556e191cc8efb585c16908 2019-01-20 15:44:03 -05:00
George Tankersley 0a030f62c0 make things more generally presentable 2017-07-25 16:24:16 -07:00
George Tankersley 08a76875a4 Cache the field representation of d 2017-07-25 16:23:20 -07:00
George Tankersley ad98326f8c Remove 32-bit code and update license. 
The assembly is faster on target amd64 platforms.
 2017-07-25 16:23:20 -07:00
George Tankersley 86c2863f5b Add short randomized segment to TestScalarMult 2017-07-25 16:23:20 -07:00
George Tankersley f8bd1037cf Use Bits() for FeToBig. 
This doesn't help quite as much as it does with FeFromBig, because
FeToBig runtime is dominated by the reduction step. Still helps though.
 2017-07-25 16:23:19 -07:00
George Tankersley 0ba575b405 Implement ScalarMult using Montgomery pattern and dedicated 
extended-coordinates doubling. This will be slow.
 2017-07-25 16:23:19 -07:00
George Tankersley ce27eaf07c Explain Z1=1 again 2017-07-25 16:23:19 -07:00
George Tankersley c9f6a1c183 use faster FeFromBig & a horrible assortment of other random changes 2017-07-25 16:23:19 -07:00
George Tankersley 4d11c7b5a6 group logic WIP 2017-07-25 16:23:19 -07:00
George Tankersley 7ae6271616 add equality for field elements 2017-07-25 16:23:19 -07:00
George Tankersley ca2029ab22 Add radix51 FieldElement implementation 
This contains both a pure Go and an amd64 assembly implementation of
operations over GF(2^255-19) using radix 2^51. This results in notable
speedups when using the assembly, but doesn't help much in pure Go -
most of the possible gains are lost to the lack of widening multiply for
64 bit integers.
 2017-07-25 16:23:19 -07:00
George Tankersley 54cdb2aef0 Add documentation 2017-07-25 16:23:19 -07:00
George Tankersley 259e08bc29 Use mdbl-2008-bbjlp directly 
Since we are always converting from affine, we know that Z1=1. This
formula is slightly faster and avoids converting through
CompletedGroupElement unnecessarily.

Assumptions: Z1=1.

Cost: 2M + 4S + 1*a + 7add + 1*2.

Source: 2008 Bernstein-Birkner-Joye-Lange-Peters,
        https://eprint.iacr.org/2008/013,
        plus Z1=1, plus standard simplification.

Explicit formulas:
      B = (X1+Y1)^2
      C = X1^2
      D = Y1^2
      E = a*C
      F = E+D
      X3 = (B-C-D)*(F-2)
      Y3 = F*(E-D)
      Z3 = F2-2*F

https://hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-mdbl-2008-bbjlp
 2017-07-25 16:23:19 -07:00
George Tankersley 26b25b0ac0 Add LICENSE 2017-07-25 16:23:19 -07:00
George Tankersley 19d7f4d83d Implement an elliptic.Curve for ed25519 2017-07-25 16:23:19 -07:00