curve

package
v1.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 25, 2025 License: Apache-2.0 Imports: 9 Imported by: 3

Documentation

Overview

Package curve provides elliptic curve implementations for threshold cryptography.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MakeInt 

func MakeInt(s Scalar) *saferith.Int

MakeInt converts a scalar into an Int.

Types

type BLS12381 added in v1.1.1 

type BLS12381 struct{}

BLS12381 is the BLS12-381 curve used for BLS signatures. This uses G1 for public keys and G2 for signatures.

func (*BLS12381) Name added in v1.1.1 

func (c *BLS12381) Name() string

Name returns the curve name.

func (*BLS12381) NewBasePoint added in v1.1.1 

func (c *BLS12381) NewBasePoint() Point

NewBasePoint creates the generator of G1.

func (*BLS12381) NewPoint added in v1.1.1 

func (c *BLS12381) NewPoint() Point

NewPoint creates a new identity point in G1.

func (*BLS12381) NewScalar added in v1.1.1 

func (c *BLS12381) NewScalar() Scalar

NewScalar creates a zero scalar.

func (*BLS12381) Order added in v1.1.1 

func (c *BLS12381) Order() *saferith.Modulus

Order returns the scalar field order.

func (*BLS12381) SafeScalarBytes added in v1.1.1 

func (c *BLS12381) SafeScalarBytes() int

SafeScalarBytes returns the number of bytes needed to sample a scalar safely.

func (*BLS12381) ScalarBits added in v1.1.1 

func (c *BLS12381) ScalarBits() int

ScalarBits returns the number of bits in a scalar.

type BLS12381Point added in v1.1.1 

type BLS12381Point struct {
	// contains filtered or unexported fields
}

BLS12381Point wraps circl's BLS12-381 G1 point.

func (*BLS12381Point) Add added in v1.1.1 

func (p *BLS12381Point) Add(other Point) Point

Add adds another point.

func (*BLS12381Point) Curve added in v1.1.1 

func (p *BLS12381Point) Curve() Curve

Curve returns the associated curve.

func (*BLS12381Point) Equal added in v1.1.1 

func (p *BLS12381Point) Equal(other Point) bool

Equal checks equality with another point.

func (*BLS12381Point) IsIdentity added in v1.1.1 

func (p *BLS12381Point) IsIdentity() bool

IsIdentity checks if this is the identity element.

func (*BLS12381Point) MarshalBinary added in v1.1.1 

func (p *BLS12381Point) MarshalBinary() ([]byte, error)

MarshalBinary serializes the point.

func (*BLS12381Point) Negate added in v1.1.1 

func (p *BLS12381Point) Negate() Point

Negate returns the negated point.

func (*BLS12381Point) Sub added in v1.1.1 

func (p *BLS12381Point) Sub(other Point) Point

Sub subtracts another point.

func (*BLS12381Point) UnmarshalBinary added in v1.1.1 

func (p *BLS12381Point) UnmarshalBinary(data []byte) error

UnmarshalBinary deserializes the point.

func (*BLS12381Point) XScalar added in v1.1.1 

func (p *BLS12381Point) XScalar() Scalar

XScalar returns the x-coordinate as a scalar (not applicable for BLS).

type BLS12381Scalar added in v1.1.1 

type BLS12381Scalar struct {
	// contains filtered or unexported fields
}

BLS12381Scalar wraps circl's BLS12-381 scalar.

func (*BLS12381Scalar) Act added in v1.1.1 

func (s *BLS12381Scalar) Act(p Point) Point

Act multiplies a point by this scalar.

func (*BLS12381Scalar) ActOnBase added in v1.1.1 

func (s *BLS12381Scalar) ActOnBase() Point

ActOnBase multiplies the generator by this scalar.

func (*BLS12381Scalar) Add added in v1.1.1 

func (s *BLS12381Scalar) Add(other Scalar) Scalar

Add adds another scalar to this one.

func (*BLS12381Scalar) Curve added in v1.1.1 

func (s *BLS12381Scalar) Curve() Curve

Curve returns the associated curve.

func (*BLS12381Scalar) Equal added in v1.1.1 

func (s *BLS12381Scalar) Equal(other Scalar) bool

Equal checks equality with another scalar.

func (*BLS12381Scalar) Invert added in v1.1.1 

func (s *BLS12381Scalar) Invert() Scalar

Invert computes the multiplicative inverse.

func (*BLS12381Scalar) IsOverHalfOrder added in v1.1.1 

func (s *BLS12381Scalar) IsOverHalfOrder() bool

IsOverHalfOrder checks if the scalar is greater than half the field order.

func (*BLS12381Scalar) IsZero added in v1.1.1 

func (s *BLS12381Scalar) IsZero() bool

IsZero checks if the scalar is zero.

func (*BLS12381Scalar) MarshalBinary added in v1.1.1 

func (s *BLS12381Scalar) MarshalBinary() ([]byte, error)

MarshalBinary serializes the scalar.

func (*BLS12381Scalar) Mul added in v1.1.1 

func (s *BLS12381Scalar) Mul(other Scalar) Scalar

Mul multiplies by another scalar.

func (*BLS12381Scalar) Negate added in v1.1.1 

func (s *BLS12381Scalar) Negate() Scalar

Negate negates the scalar.

func (*BLS12381Scalar) Random added in v1.1.1 

func (s *BLS12381Scalar) Random(r io.Reader) error

Random sets the scalar to a random value.

func (*BLS12381Scalar) Set added in v1.1.1 

func (s *BLS12381Scalar) Set(other Scalar) Scalar

Set copies another scalar's value.

func (*BLS12381Scalar) SetBytes added in v1.1.1 

func (s *BLS12381Scalar) SetBytes(data []byte) *BLS12381Scalar

SetBytes sets the scalar from big-endian bytes.

func (*BLS12381Scalar) SetNat added in v1.1.1 

func (s *BLS12381Scalar) SetNat(n *saferith.Nat) Scalar

SetNat sets the scalar from a saferith.Nat.

func (*BLS12381Scalar) SetOne added in v1.1.1 

func (s *BLS12381Scalar) SetOne() *BLS12381Scalar

SetOne sets the scalar to 1.

func (*BLS12381Scalar) SetUint64 added in v1.1.1 

func (s *BLS12381Scalar) SetUint64(n uint64) *BLS12381Scalar

SetUint64 sets the scalar from a uint64.

func (*BLS12381Scalar) Sub added in v1.1.1 

func (s *BLS12381Scalar) Sub(other Scalar) Scalar

Sub subtracts another scalar from this one.

func (*BLS12381Scalar) UnmarshalBinary added in v1.1.1 

func (s *BLS12381Scalar) UnmarshalBinary(data []byte) error

UnmarshalBinary deserializes the scalar.

type Curve 

type Curve interface {
	// NewPoint creates an identity point.
	NewPoint() Point
	// NewBasePoint creates the generate of this group.
	NewBasePoint() Point
	// NewScalar creates a scalar with the value of 0.
	NewScalar() Scalar
	// Name returns the name of this curve.
	//
	// This should be unique between curves.
	Name() string
	// ScalarBits returns the number of significant bits in a scalar.
	ScalarBits() int
	// SafeScalarBytes returns the number of random bytes need to sample a scalar through modular reduction.
	//
	// Usually, this is going to be the number of bytes in the scalar, plus an extra
	// security parameters worth of bytes, say 32. This is to make sure that the modular
	// reduction doesn't introduce any bias.
	SafeScalarBytes() int
	// Order returns a Modulus holding order of this group.
	Order() *saferith.Modulus
}

Curve represents the starting point for working with an Elliptic Curve group.

The expectation is that this interface will be implemented by a nominal struct, and use associated types for its Point and Scalar. These types are only expected to work with other members of their type, and not with arbitrary elements satisfying the Point and Scalar interfaces.

func BLS12381G1 added in v1.1.1 

func BLS12381G1() Curve

BLS12381G1 returns the BLS12-381 curve for G1 operations (public keys).

type Point 

type Point interface {
	// You're free to implement the binary marshaling however you'd like.
	//
	// This marshaling should also work with the identity element, ideally,
	// but this isn't strictly necessary.
	encoding.BinaryMarshaler
	encoding.BinaryUnmarshaler
	// Curve returns the Elliptic Curve group associated with this type of Point.
	Curve() Curve
	// Add returns a new Point, by adding another Point to this one.
	//
	// This should not mutate this point.
	Add(Point) Point
	// Sub returns a new Point, by subtracting another Point from this one.
	//
	// This can be implemented with Add and Negate, but can be more efficient.
	//
	// This shouldn't mutate this point.
	Sub(Point) Point
	// Negate returns the negated version of this point.
	//
	// This does not mutate this point.
	Negate() Point
	// Equal checks if this point is equal to another.
	//
	// This check should, ideally, be done in constant time.
	Equal(Point) bool
	// IsIdentity checks if this is the identity element of this group.
	IsIdentity() bool
	// XScalar is an optional method, returning the x coordinate of this Point as a Scalar.
	//
	// This is used in ECDSA, but isn't available on every curve, necessarily.
	//
	// If you choose not to implement this method, simply return nil.
	XScalar() Scalar
}

Point represents an element of our Elliptic Curve group.

The methods on Point are intended to be immutable, never modifying the receiver.

When implementing this interface, you're only expected to make operations work with elements of the same type. It's perfectly fine to cast incoming elements to your concrete type. This interface is not designed to be able to handle different Point types, but we can't encode that in the type system.

type Scalar 

type Scalar interface {
	// This should encode the Scalar as Big Endian bytes, without failure.
	encoding.BinaryMarshaler
	// This should decode the Scalar from Big Endian bytes.
	encoding.BinaryUnmarshaler
	// Curves returns the Curve associated with this kind of Scalar.
	Curve() Curve
	// Add mutates this Scalar, by adding in another.
	Add(Scalar) Scalar
	// Sub mutates this Scalar, by subtracting another.
	//
	// This should be equivalent to .Add(_.Negate()), but may be implemented faster,
	// and won't mutate its input.
	Sub(Scalar) Scalar
	// Negate mutates this Scalar, replacing it with its negation.
	Negate() Scalar
	// Mul mutates this Scalar, replacing it with another.
	Mul(Scalar) Scalar
	// Invert mutates this Scalar, replacing it with its multiplicative inverse.
	Invert() Scalar
	// Equal checks if this Scalar is equal to another.
	//
	// This check should be done in constant time.
	Equal(Scalar) bool
	// IsZero checks if this Scalar is equal to 0.
	//
	// This check should be done in constant time.
	//
	// While this can be accomplished through the Equal method, IsZero may
	// be implemented more efficiently.
	IsZero() bool
	// Set mutates this Scalar, replacing its value with another.
	Set(Scalar) Scalar
	// SetNat mutates this Scalar, replacing it with the value of a number.
	//
	// This number must be interpreted modulo the order of the group.
	SetNat(*saferith.Nat) Scalar
	// Act acts on a Point with this Scalar, returning a new Point.
	//
	// This shouldn't mutate the Scalar, or the Point.
	Act(Point) Point
	// Act acts on the Base Point with this Scalar, returning a new Point.
	//
	// This can be accomplished with Act, but can be made more efficient, in many cases.
	ActOnBase() Point

	IsOverHalfOrder() bool
}

Scalar represents a number modulo the order of some Elliptic Curve group.

Scalars act on points in the group, but should also form a field amongst themselves.

The methods on Scalar are all intended to be mutable, modifying the current scalar, before returning it.

When implementing this interface, you're only expected to make operations work with elements of the same type. It's perfectly fine to cast incoming elements to your concrete type. This interface is not designed to be able to handle different Scalar types, but we can't encode that in the type system.

func FromHash 

func FromHash(group Curve, h []byte) Scalar

FromHash converts a hash value to a Scalar.

There is some disagreement about how this should be done. [NSA] suggests that this is done in the obvious manner, but [SECG] truncates the hash to the bit-length of the curve order first. We follow [SECG] because that's what OpenSSL does. Additionally, OpenSSL right shifts excess bits from the number if the hash is too large and we mirror that too.

Taken from crypto/ecdsa.

type Secp256k1 

type Secp256k1 struct{}

func (Secp256k1) LiftX 

func (Secp256k1) LiftX(data []byte) (*Secp256k1Point, error)

func (Secp256k1) Name 

func (Secp256k1) Name() string

func (Secp256k1) NewBasePoint 

func (Secp256k1) NewBasePoint() Point

func (Secp256k1) NewPoint 

func (Secp256k1) NewPoint() Point

func (Secp256k1) NewScalar 

func (Secp256k1) NewScalar() Scalar

func (Secp256k1) Order 

func (Secp256k1) Order() *saferith.Modulus

func (Secp256k1) SafeScalarBytes 

func (Secp256k1) SafeScalarBytes() int

func (Secp256k1) ScalarBits 

func (Secp256k1) ScalarBits() int

type Secp256k1Point 

type Secp256k1Point struct {
	// contains filtered or unexported fields
}

func (*Secp256k1Point) Add 

func (p *Secp256k1Point) Add(that Point) Point

func (*Secp256k1Point) Curve 

func (*Secp256k1Point) Curve() Curve

func (*Secp256k1Point) Equal 

func (p *Secp256k1Point) Equal(that Point) bool

func (*Secp256k1Point) HasEvenY 

func (p *Secp256k1Point) HasEvenY() bool

func (*Secp256k1Point) IsIdentity 

func (p *Secp256k1Point) IsIdentity() bool

func (*Secp256k1Point) MarshalBinary 

func (p *Secp256k1Point) MarshalBinary() ([]byte, error)

func (*Secp256k1Point) Negate 

func (p *Secp256k1Point) Negate() Point

func (*Secp256k1Point) Set 

func (p *Secp256k1Point) Set(that Point) Point

func (*Secp256k1Point) Sub 

func (p *Secp256k1Point) Sub(that Point) Point

func (*Secp256k1Point) UnmarshalBinary 

func (p *Secp256k1Point) UnmarshalBinary(data []byte) error

func (*Secp256k1Point) XBytes 

func (p *Secp256k1Point) XBytes() []byte

func (*Secp256k1Point) XScalar 

func (p *Secp256k1Point) XScalar() Scalar

type Secp256k1Scalar 

type Secp256k1Scalar struct {
	// contains filtered or unexported fields
}

func (*Secp256k1Scalar) Act 

func (s *Secp256k1Scalar) Act(that Point) Point

func (*Secp256k1Scalar) ActOnBase 

func (s *Secp256k1Scalar) ActOnBase() Point

func (*Secp256k1Scalar) Add 

func (s *Secp256k1Scalar) Add(that Scalar) Scalar

func (*Secp256k1Scalar) Curve 

func (*Secp256k1Scalar) Curve() Curve

func (*Secp256k1Scalar) Equal 

func (s *Secp256k1Scalar) Equal(that Scalar) bool

func (*Secp256k1Scalar) Invert 

func (s *Secp256k1Scalar) Invert() Scalar

func (*Secp256k1Scalar) IsOverHalfOrder 

func (s *Secp256k1Scalar) IsOverHalfOrder() bool

func (*Secp256k1Scalar) IsZero 

func (s *Secp256k1Scalar) IsZero() bool

func (*Secp256k1Scalar) MarshalBinary 

func (s *Secp256k1Scalar) MarshalBinary() ([]byte, error)

func (*Secp256k1Scalar) Mul 

func (s *Secp256k1Scalar) Mul(that Scalar) Scalar

func (*Secp256k1Scalar) Negate 

func (s *Secp256k1Scalar) Negate() Scalar

func (*Secp256k1Scalar) Set 

func (s *Secp256k1Scalar) Set(that Scalar) Scalar

func (*Secp256k1Scalar) SetNat 

func (s *Secp256k1Scalar) SetNat(x *saferith.Nat) Scalar

func (*Secp256k1Scalar) Sub 

func (s *Secp256k1Scalar) Sub(that Scalar) Scalar

func (*Secp256k1Scalar) UnmarshalBinary 

func (s *Secp256k1Scalar) UnmarshalBinary(data []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.