github.com/cloudflare/circl@v1.5.0/dh/sidh/internal/common/types.go (about) 1 package common 2 3 const ( 4 // corresponds to words in P751 5 FpMaxWords = 12 6 // corresponds to byte size of P751 SIDH private key for B 7 MaxSidhPrivateKeyBsz = 48 8 // corresponds to byte size of P751 SIKE private key for B 9 MaxSikePrivateKeyBsz = MaxSidhPrivateKeyBsz + MaxMsgBsz 10 // corresponds to SIKE max length of 'n' (see 1.4 of SIKE spec in NIST PQC round 1) 11 MaxMsgBsz = 40 12 // corresponds to byte size of shared secret generated by SIKEp751 13 MaxSharedSecretBsz = 188 14 // corresponds to by size of the P751 public key 15 MaxPublicKeySz = 3 * FpMaxWords * 64 16 // corresponds to by size of the ciphertext produced by SIKE/P751 17 MaxCiphertextBsz = MaxMsgBsz + MaxPublicKeySz 18 ) 19 20 // Id's correspond to bitlength of the prime field characteristic 21 // Currently Fp751 is the only one supported by this implementation 22 const ( 23 Fp503 uint8 = iota 24 Fp751 25 Fp434 26 ) 27 28 // Representation of an element of the base field F_p. 29 // 30 // No particular meaning is assigned to the representation -- it could represent 31 // an element in Montgomery form, or not. Tracking the meaning of the field 32 // element is left to higher types. 33 type Fp [FpMaxWords]uint64 34 35 // Represents an intermediate product of two elements of the base field F_p. 36 type FpX2 [2 * FpMaxWords]uint64 37 38 // Represents an element of the extended field Fp^2 = Fp(x+i) 39 type Fp2 struct { 40 A Fp 41 B Fp 42 } 43 44 type DomainParams struct { 45 // P, Q and R=P-Q base points 46 AffineP, AffineQ, AffineR Fp2 47 // Size of a computation strategy for x-torsion group 48 IsogenyStrategy []uint32 49 // Max size of secret key for x-torsion group 50 SecretBitLen uint 51 // Max size of secret key for x-torsion group 52 SecretByteLen uint 53 } 54 55 type SidhParams struct { 56 ID uint8 57 // Bytelen of P 58 Bytelen int 59 // The public key size, in bytes. 60 PublicKeySize int 61 // The shared secret size, in bytes. 62 SharedSecretSize int 63 // 2- and 3-torsion group parameter definitions 64 A, B DomainParams 65 // Precomputed identity element in the Fp2 in Montgomery domain 66 OneFp2 Fp2 67 // Precomputed 1/2 in the Fp2 in Montgomery domain 68 HalfFp2 Fp2 69 // Length of SIKE secret message. Must be one of {24,32,40}, 70 // depending on size of prime field used (see [SIKE], 1.4 and 5.1) 71 MsgLen int 72 // Length of SIKE ephemeral KEM key (see [SIKE], 1.4 and 5.1) 73 KemSize int 74 // Byte size of ciphertext that KEM produces 75 CiphertextSize int 76 // Defines A,C constant for starting curve Cy^2 = x^3 + Ax^2 + x 77 InitCurve ProjectiveCurveParameters 78 } 79 80 // Stores curve projective parameters equivalent to A/C. Meaning of the 81 // values depends on the context. When working with isogenies over 82 // subgroup that are powers of: 83 // * three then (A:C) ~ (A+2C:A-2C) 84 // * four then (A:C) ~ (A+2C: 4C) 85 // See Appendix A of SIKE for more details 86 type CurveCoefficientsEquiv struct { 87 A Fp2 88 C Fp2 89 } 90 91 // A point on the projective line P^1(F_{p^2}). 92 // 93 // This represents a point on the Kummer line of a Montgomery curve. The 94 // curve is specified by a ProjectiveCurveParameters struct. 95 type ProjectivePoint struct { 96 X Fp2 97 Z Fp2 98 } 99 100 // A point on the projective line P^1(F_{p^2}). 101 // 102 // This is used to work projectively with the curve coefficients. 103 type ProjectiveCurveParameters struct { 104 A Fp2 105 C Fp2 106 }