internal

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 15, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package internal defines simple and abstract APIs to group Elements and Scalars.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrInvalidGroup indicates usage of an unavailable or invalid group.
	ErrInvalidGroup = errors.New("invalid group")

	// ErrParamNilScalar indicates a forbidden nil or empty scalar.
	ErrParamNilScalar = errors.New("nil or empty scalar")

	// ErrParamScalarLength indicates an invalid scalar length.
	ErrParamScalarLength = errors.New("invalid scalar length")

	// ErrParamNilPoint indicated a forbidden nil or empty point.
	ErrParamNilPoint = errors.New("nil or empty point")

	// ErrWrongGroup indicates an operation has been attempted between incompatible EC groups.
	ErrWrongGroup = errors.New("wrong group")

	// ErrWrongField indicates an incompatible field has been encountered.
	ErrWrongField = errors.New("incompatible fields")

	// ErrIdentity indicates that the identity point (or point at infinity) has been encountered.
	ErrIdentity = errors.New("infinity/identity point")

	// ErrBigIntConversion reports an error in converting to a *big.int.
	ErrBigIntConversion = errors.New("conversion error")

	// ErrParamScalarInvalidEncoding indicates an invalid scalar encoding has been provided, or that it's too big.
	ErrParamScalarInvalidEncoding = errors.New("invalid scalar encoding")

	// ErrUInt64TooBig indicates that the scalar is higher than the allowed values for uint64.
	ErrUInt64TooBig = errors.New("scalar is too big to be uint64")

	// ErrParamInvalidInputLength indicates the input length is invalid.
	ErrParamInvalidInputLength = errors.New("invalid input length")
)

Functions

func ConstantTimeLessOrEqBytes added in v0.10.0 

func ConstantTimeLessOrEqBytes(x, y []byte, littleEndian bool) int

ConstantTimeLessOrEqBytes returns 1 when x <= y and 0 otherwise. When littleEndian is true, x and y are interpreted as little-endian integers.

func RandomBytes 

func RandomBytes(length int) []byte

RandomBytes returns random bytes of length len (wrapper for crypto/rand).

func WrongGroupError added in v0.10.0 

func WrongGroupError(expected, got reflect.Type) error

WrongGroupError returns an error indicating a group mismatch.

Types

type Decoder 

type Decoder interface {
	// Decode sets the receiver to a decoding of the input data, and returns an error on failure.
	Decode(data []byte) error

	// DecodeHex sets the receiver to the decoding of the hex encoded input.
	DecodeHex(h string) error

	// BinaryUnmarshaler implementation.
	encoding.BinaryUnmarshaler
}

A Decoder can encode itself to machine or human-readable forms.

type Element 

type Element interface {
	// Group returns the group's Identifier.
	Group() byte

	// Base sets the element to the group's base point a.k.a. canonical generator.
	Base() Element

	// Identity sets the element to the point at infinity of the Group's underlying curve.
	Identity() Element

	// Add sets the receiver to the sum of the input and the receiver, and returns the receiver.
	Add(e Element) Element

	// Double sets the receiver to its double, and returns it.
	Double() Element

	// Negate sets the receiver to its negation, and returns it.
	Negate() Element

	// Subtract subtracts the input from the receiver, and returns the receiver.
	Subtract(e Element) Element

	// Multiply sets the receiver to the scalar multiplication of the receiver with the given Scalar, and returns it.
	Multiply(s Scalar) Element

	// Equal returns 1 if the elements are equivalent, and 0 otherwise.
	Equal(e Element) int

	// IsIdentity returns whether the Element is the point at infinity of the Group's underlying curve.
	IsIdentity() bool

	// Set sets the receiver to the value of the argument, and returns the receiver.
	Set(e Element) Element

	// Copy returns a copy of the receiver.
	Copy() Element

	// Encode returns the compressed byte encoding of the element.
	Encode() []byte

	// XCoordinate returns the encoded x coordinate of the element.
	XCoordinate() []byte

	// Decode sets the receiver to a decoding of the input data, and returns an error on failure.
	Decode(data []byte) error

	// Hex returns the fixed-sized hexadecimal encoding of e.
	Hex() string

	// DecodeHex sets e to the decoding of the hex encoded element.
	DecodeHex(data string) error
}

Element interface abstracts common operations on an Element in a prime-order Group.

type Encoder 

type Encoder interface {
	// Encode returns the compressed byte encoding.
	Encode() []byte

	// Hex returns the fixed-sized hexadecimal encoding.
	Hex() string

	// BinaryMarshaler implementation.
	encoding.BinaryMarshaler
}

An Encoder can encode itself to machine or human-readable forms.

type Group 

type Group interface {
	// NewScalar returns a new scalar set to 0.
	NewScalar() Scalar

	// NewElement returns the identity element (point at infinity).
	NewElement() Element

	// Base returns the group's base point a.k.a. canonical generator.
	Base() Element

	// HashFunc returns the RFC9380 associated hash function of the group.
	HashFunc() crypto.Hash

	// HashToScalar returns a safe mapping of the arbitrary input to a Scalar.
	// The DST must not be empty or nil, and is recommended to be longer than 16 bytes.
	HashToScalar(input, dst []byte) (Scalar, error)

	// HashToGroup returns a safe mapping of the arbitrary input to an Element in the Group.
	// The DST must not be empty or nil, and is recommended to be longer than 16 bytes.
	HashToGroup(input, dst []byte) (Element, error)

	// EncodeToGroup returns a non-uniform mapping of the arbitrary input to an Element in the Group.
	// The DST must not be empty or nil, and is recommended to be longer than 16 bytes.
	EncodeToGroup(input, dst []byte) (Element, error)

	// Ciphersuite returns the hash-to-curve ciphersuite identifier.
	Ciphersuite() string

	// ScalarLength returns the byte size of an encoded scalar.
	ScalarLength() int

	// ElementLength returns the byte size of an encoded element.
	ElementLength() int

	// Order returns the order of the canonical group of scalars.
	Order() []byte
}

Group abstracts operations in a prime-order group.

type Scalar 

type Scalar interface {
	// Group returns the group's Identifier.
	Group() byte

	// Zero sets the scalar to 0, and returns it.
	Zero() Scalar

	// One sets the scalar to 1, and returns it.
	One() Scalar

	// MinusOne sets the scalar to order-1, and returns it.
	MinusOne() Scalar

	// Random sets the current scalar to a new random scalar and returns it.
	// The random source is crypto/rand, and this functions is guaranteed to return a non-zero scalar.
	Random() Scalar

	// Add sets the receiver to the sum of the input and the receiver, and returns the receiver.
	Add(s Scalar) Scalar

	// Subtract subtracts the input from the receiver, and returns the receiver.
	Subtract(s Scalar) Scalar

	// Multiply multiplies the receiver with the input, and returns the receiver.
	Multiply(s Scalar) Scalar

	// Pow sets s to s**scalar modulo the group order, and returns s. If scalar is nil, it returns 1.
	Pow(s Scalar) Scalar

	// Invert sets the receiver to the scalar's modular inverse ( 1 / scalar ), and returns it.
	Invert() Scalar

	// Equal returns 1 if the scalars are equal, and 0 otherwise.
	Equal(s Scalar) int

	// LessOrEqual returns 1 if s <= scalar, and 0 otherwise.
	LessOrEqual(s Scalar) int

	// IsZero returns whether the scalar is 0.
	IsZero() bool

	// Set sets the receiver to the value of the argument scalar, and returns the receiver.
	Set(s Scalar) Scalar

	// SetUInt64 sets s to i modulo the field order, and returns an error if one occurs.
	SetUInt64(i uint64) Scalar

	// UInt64 returns the uint64 representation of the scalar,
	// or an error if its value is higher than the authorized limit for uint64.
	UInt64() (uint64, error)

	// Copy returns a copy of the receiver.
	Copy() Scalar

	// Encode returns the compressed byte encoding of the scalar.
	Encode() []byte

	// Decode sets s to a big-endian byte decoding of x.
	// If x is not a canonical encoding of s, Decode returns an error.
	Decode(data []byte) error

	// DecodeWithReduction sets s to x modulo the group order. If x is nil or
	// not of the correct input length, DecodeWithReduction returns an error.
	DecodeWithReduction(x []byte) error

	// Hex returns the fixed-sized hexadecimal encoding of s.
	Hex() string

	// DecodeHex sets s to the decoding of the hex encoded scalar.
	DecodeHex(data string) error
}

Scalar interface abstracts common operations on scalars in a prime-order Group.

Source Files

View all Source files

Directories

Path Synopsis
Package edwards25519 allows simple and abstracted operations in the Edwards25519 group.
 Package edwards25519 allows simple and abstracted operations in the Edwards25519 group.
Package field provides modular operations over very high integers.
 Package field provides modular operations over very high integers.
Package nist allows simple and abstracted operations in the NIST P-256, P-384, and P-521 groups, wrapping filippo.io/nistec.
 Package nist allows simple and abstracted operations in the NIST P-256, P-384, and P-521 groups, wrapping filippo.io/nistec.
fiat
p256
p384
p521
sswu
Package sswu implements the shared constant-time Simplified SWU engine used by the NIST curve wrappers.
 Package sswu implements the shared constant-time Simplified SWU engine used by the NIST curve wrappers.
subtle
Package ristretto provides simple and abstracted operations in the Ristretto255 group.
 Package ristretto provides simple and abstracted operations in the Ristretto255 group.
Package secp256k1 allows simple and abstracted operations in the Secp256k1 group.
 Package secp256k1 allows simple and abstracted operations in the Secp256k1 group.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.