Documentation
¶
Index ¶
- Variables
- func ConstantTimeEqual(a, b []byte) bool
- func ConstantTimeSelect(condition int, a, b []byte) []byte
- func HashConcat(inputs ...[]byte) []byte
- func HashWithDomain(domain string, data []byte) []byte
- func RandomInt(max int) (int, error)
- func SHA3256(input []byte) []byte
- func SampleGaussianVector(seed []byte, n int, sigma float64) []int32
- func SampleVectorZq(seed []byte, n, q int) []int32
- func SecureRandomBytes(n int) ([]byte, error)
- func Shake256(input []byte, outputLen int) []byte
- func Shake256Into(input []byte, output []byte)
- func Shake256WithDomain(domain string, data []byte, outputLen int) []byte
- func ValidateSeedEntropy(seed []byte) error
- func Zeroize(b []byte)
- func ZeroizeInt8(s []int8)
- func ZeroizeInt32(s []int32)
Constants ¶
This section is empty.
Variables ¶
var RandReader io.Reader = rand.Reader
Functions ¶
func ConstantTimeEqual ¶
ConstantTimeEqual compares two byte slices in constant time. It returns true if the slices are equal, false otherwise. This function leaks only the length of the slices.
func ConstantTimeSelect ¶
ConstantTimeSelect returns a if condition is 1, b if condition is 0. condition must be 0 or 1. a and b must have the same length.
func HashConcat ¶
HashConcat computes the SHA3-256 hash of the concatenation of multiple byte slices. Each slice is prefixed with its length (4 bytes, little-endian) to ensure unique encoding.
func HashWithDomain ¶
HashWithDomain computes a domain-separated SHA3-256 hash. It prefixes the data with the length of the domain string and the domain string itself. This prevents collisions between different uses of the hash function. Panics if domain is longer than 255 bytes.
func RandomInt ¶
RandomInt generates a cryptographically secure random integer in [0, max). It uses rejection sampling to ensure a uniform distribution.
func SHA3256 ¶
SHA3256 computes the SHA3-256 cryptographic hash of the input. It returns a 32-byte hash.
func SampleGaussianVector ¶
SampleGaussianVector samples a vector of integers from a discrete Gaussian distribution. It uses the Box-Muller transform on uniform random bytes generated from a seed via SHAKE256. The result is rounded to the nearest integer.
func SampleVectorZq ¶
SampleVectorZq samples a uniform random vector in Z_q^n. It uses rejection sampling on bytes generated from a seed via SHAKE256. This ensures the distribution is uniform modulo q.
func SecureRandomBytes ¶
SecureRandomBytes generates n cryptographically secure random bytes. It uses crypto/rand, which relies on the operating system's CSPRNG.
func Shake256 ¶
Shake256 computes the SHAKE256 extendable output function (XOF). It takes an input byte slice and generates an output of the specified length. This is used for generating pseudo-random bytes from a seed.
func Shake256Into ¶
Shake256Into computes SHAKE256 and writes the output into the provided buffer.
func Shake256WithDomain ¶
Shake256WithDomain computes SHAKE256 with domain separation. It works like HashWithDomain but produces an output of arbitrary length. Panics if domain is longer than 255 bytes.
func ValidateSeedEntropy ¶
ValidateSeedEntropy checks if a seed has sufficient entropy. It performs basic statistical tests to reject obviously weak seeds (e.g., all zeros, sequential). This is a sanity check, not a rigorous randomness test.
func Zeroize ¶
func Zeroize(b []byte)
Zeroize overwrites a byte slice with zeros. This is used to clear sensitive data from memory. Uses runtime.KeepAlive to prevent compiler optimization from eliminating the stores.
func ZeroizeInt32 ¶
func ZeroizeInt32(s []int32)
ZeroizeInt32 overwrites an int32 slice with zeros. Uses runtime.KeepAlive to prevent compiler optimization from eliminating the stores.
Types ¶
This section is empty.
Source Files