github.com/cloudflare/circl@v1.5.0/dh/csidh/consts.go (about)

     1  package csidh
     2  
     3  const (
     4  	// pbits is a bitsize of prime p
     5  	pbits = 511
     6  	// primeCount number of Elkies primes used for constructing p
     7  	primeCount = 74
     8  	// (2*5+1)^74 is roughly 2^256
     9  	expMax = int8(5)
    10  	// size of the limbs, pretty much hardcoded to 64-bit words
    11  	limbBitSize = 64
    12  	// size of the limbs in bytes
    13  	limbByteSize = limbBitSize >> 3
    14  	// Number of limbs for a field element
    15  	numWords = 8
    16  	// PrivateKeySize is a size of cSIDH/512 private key in bytes.
    17  	PrivateKeySize = 37
    18  	// PublicKeySize is a size of cSIDH/512 public key in bytes.
    19  	PublicKeySize = 64
    20  	// SharedSecretSize is a size of cSIDH/512 shared secret in bytes.
    21  	SharedSecretSize = 64
    22  )
    23  
    24  var (
    25  	// Elkies primes up to 374 + prime 587
    26  	// p = 4 * product(Elkies primes) - 1
    27  	primes = [primeCount]uint64{
    28  		0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, 0x0017, 0x001D, 0x001F, 0x0025,
    29  		0x0029, 0x002B, 0x002F, 0x0035, 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053,
    30  		0x0059, 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083, 0x0089, 0x008B,
    31  		0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD, 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5,
    32  		0x00C7, 0x00D3, 0x00DF, 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
    33  		0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137, 0x0139, 0x013D, 0x014B,
    34  		0x0151, 0x015B, 0x015D, 0x0161, 0x0167, 0x016F, 0x0175, 0x024B,
    35  	}
    36  
    37  	p = fp{
    38  		0x1B81B90533C6C87B, 0xC2721BF457ACA835,
    39  		0x516730CC1F0B4F25, 0xA7AAC6C567F35507,
    40  		0x5AFBFCC69322C9CD, 0xB42D083AEDC88C42,
    41  		0xFC8AB0D15E3E4C4A, 0x65B48E8F740F89BF,
    42  	}
    43  
    44  	/* Montgomery R = 2^512 mod p */
    45  	one = fp{
    46  		0xC8FC8DF598726F0A, 0x7B1BC81750A6AF95,
    47  		0x5D319E67C1E961B4, 0xB0AA7275301955F1,
    48  		0x4A080672D9BA6C64, 0x97A5EF8A246EE77B,
    49  		0x06EA9E5D4383676A, 0x3496E2E117E0EC80,
    50  	}
    51  
    52  	// 2 in Montgomery domain
    53  	two = fp{
    54  		0x767762E5FD1E1599, 0x33C5743A49A0B6F6,
    55  		0x68FC0C0364C77443, 0xB9AA1E24F83F56DB,
    56  		0x3914101F20520EFB, 0x7B1ED6D95B1542B4,
    57  		0x114A8BE928C8828A, 0x03793732BBB24F40,
    58  	}
    59  
    60  	// -2 in Montgomery domain
    61  	twoNeg = fp{
    62  		0xA50A561F36A8B2E2, 0x8EACA7BA0E0BF13E,
    63  		0xE86B24C8BA43DAE2, 0xEE00A8A06FB3FE2B,
    64  		0x21E7ECA772D0BAD1, 0x390E316192B3498E,
    65  		0xEB4024E83575C9C0, 0x623B575CB85D3A7F,
    66  	}
    67  
    68  	// 4 in Montgomery domain
    69  	four = fp{
    70  		0xECEEC5CBFA3C2B32, 0x678AE87493416DEC,
    71  		0xD1F81806C98EE886, 0x73543C49F07EADB6,
    72  		0x7228203E40A41DF7, 0xF63DADB2B62A8568,
    73  		0x229517D251910514, 0x06F26E6577649E80,
    74  	}
    75  
    76  	// 4 * sqrt(p)
    77  	fourSqrtP = fp{
    78  		0x17895E71E1A20B3F, 0x38D0CD95F8636A56,
    79  		0x142B9541E59682CD, 0x856F1399D91D6592,
    80  		0x0000000000000002,
    81  	}
    82  
    83  	// -p^-1 mod 2^64
    84  	pNegInv = fp{
    85  		0x66c1301f632e294d,
    86  	}
    87  
    88  	// (p-1)/2. Used as exponent, hence not in
    89  	// montgomery domain
    90  	pMin1By2 = fp{
    91  		0x8DC0DC8299E3643D, 0xE1390DFA2BD6541A,
    92  		0xA8B398660F85A792, 0xD3D56362B3F9AA83,
    93  		0x2D7DFE63499164E6, 0x5A16841D76E44621,
    94  		0xFE455868AF1F2625, 0x32DA4747BA07C4DF,
    95  	}
    96  
    97  	// p-1 mod 2^64. Used as exponent, hence not
    98  	// in montgomery domain
    99  	pMin1 = fp{
   100  		0x1B81B90533C6C879, 0xC2721BF457ACA835,
   101  		0x516730CC1F0B4F25, 0xA7AAC6C567F35507,
   102  		0x5AFBFCC69322C9CD, 0xB42D083AEDC88C42,
   103  		0xFC8AB0D15E3E4C4A, 0x65B48E8F740F89BF,
   104  	}
   105  )