github.com/cloudflare/circl@v1.5.0/dh/sidh/internal/p434/params.go (about) 1 package p434 2 3 //go:generate go run ../templates/gen.go P434 4 5 import ( 6 "github.com/cloudflare/circl/dh/sidh/internal/common" 7 "golang.org/x/sys/cpu" 8 ) 9 10 const ( 11 // Number of uint64 limbs used to store field element 12 FpWords = 7 13 ) 14 15 var ( 16 // HasADXandBMI2 signals support for ADX and BMI2 17 HasADXandBMI2 = cpu.X86.HasBMI2 && cpu.X86.HasADX 18 19 // P434 is a prime used by field Fp434 20 P434 = common.Fp{ 21 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFDC1767AE2FFFFFF, 22 0x7BC65C783158AEA3, 0x6CFC5FD681C52056, 0x2341F27177344, 23 } 24 25 // P434x2 = 2*p434 - 1 26 P434x2 = common.Fp{ 27 0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFB82ECF5C5FFFFFF, 28 0xF78CB8F062B15D47, 0xD9F8BFAD038A40AC, 0x4683E4E2EE688, 29 } 30 31 // P434p1 = p434 + 1 32 P434p1 = common.Fp{ 33 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0xFDC1767AE3000000, 34 0x7BC65C783158AEA3, 0x6CFC5FD681C52056, 0x0002341F27177344, 35 } 36 37 // P434R2 = (2^448)^2 mod p 38 P434R2 = common.Fp{ 39 0x28E55B65DCD69B30, 0xACEC7367768798C2, 0xAB27973F8311688D, 0x175CC6AF8D6C7C0B, 40 0xABCD92BF2DDE347E, 0x69E16A61C7686D9A, 0x000025A89BCDD12A, 41 } 42 43 // 1/2 * R mod p 44 half = common.Fp2{ 45 A: common.Fp{ 46 0x0000000000003A16, 0x0000000000000000, 0x0000000000000000, 0x5C87FA027E000000, 47 0x6C00D27DAACFD66A, 0x74992A2A2FBBA086, 0x0000767753DE976D, 48 }, 49 } 50 51 // 1*R mod p 52 one = common.Fp2{ 53 A: common.Fp{ 54 0x000000000000742C, 0x0000000000000000, 0x0000000000000000, 0xB90FF404FC000000, 55 0xD801A4FB559FACD4, 0xE93254545F77410C, 0x0000ECEEA7BD2EDA, 56 }, 57 } 58 59 // 6*R mod p 60 six = common.Fp2{ 61 A: common.Fp{ 62 0x000000000002B90A, 0x0000000000000000, 0x0000000000000000, 0x5ADCCB2822000000, 63 0x187D24F39F0CAFB4, 0x9D353A4D394145A0, 0x00012559A0403298, 64 }, 65 } 66 67 P434p1Zeros = 3 68 69 params = common.SidhParams{ 70 ID: common.Fp434, 71 // SIDH public key byte size. 72 PublicKeySize: 330, 73 // SIDH shared secret byte size. 74 SharedSecretSize: 110, 75 InitCurve: common.ProjectiveCurveParameters{ 76 A: six, 77 C: one, 78 }, 79 A: common.DomainParams{ 80 // The x-coordinate of PA 81 AffineP: common.Fp2{ 82 A: common.Fp{ 83 0x05ADF455C5C345BF, 0x91935C5CC767AC2B, 0xAFE4E879951F0257, 0x70E792DC89FA27B1, 84 0xF797F526BB48C8CD, 0x2181DB6131AF621F, 0x00000A1C08B1ECC4, 85 }, 86 B: common.Fp{ 87 0x74840EB87CDA7788, 0x2971AA0ECF9F9D0B, 0xCB5732BDF41715D5, 0x8CD8E51F7AACFFAA, 88 0xA7F424730D7E419F, 0xD671EB919A179E8C, 0x0000FFA26C5A924A, 89 }, 90 }, 91 // The x-coordinate of QA 92 AffineQ: common.Fp2{ 93 A: common.Fp{ 94 0xFEC6E64588B7273B, 0xD2A626D74CBBF1C6, 0xF8F58F07A78098C7, 0xE23941F470841B03, 95 0x1B63EDA2045538DD, 0x735CFEB0FFD49215, 0x0001C4CB77542876, 96 }, 97 B: common.Fp{ 98 0xADB0F733C17FFDD6, 0x6AFFBD037DA0A050, 0x680EC43DB144E02F, 0x1E2E5D5FF524E374, 99 0xE2DDA115260E2995, 0xA6E4B552E2EDE508, 0x00018ECCDDF4B53E, 100 }, 101 }, 102 103 // The x-coordinate of RA = PA-QA 104 AffineR: common.Fp2{ 105 A: common.Fp{ 106 0x01BA4DB518CD6C7D, 0x2CB0251FE3CC0611, 0x259B0C6949A9121B, 0x60E17AC16D2F82AD, 107 0x3AA41F1CE175D92D, 0x413FBE6A9B9BC4F3, 0x00022A81D8D55643, 108 }, 109 B: common.Fp{ 110 0xB8ADBC70FC82E54A, 0xEF9CDDB0D5FADDED, 0x5820C734C80096A0, 0x7799994BAA96E0E4, 111 0x044961599E379AF8, 0xDB2B94FBF09F27E2, 0x0000B87FC716C0C6, 112 }, 113 }, 114 // Max size of secret key for 2-torsion group, corresponds to 2^e2 - 1 115 SecretBitLen: 216, 116 // SecretBitLen in bytes. 117 SecretByteLen: 28, 118 // 2-torsion group computation strategy 119 IsogenyStrategy: []uint32{ 120 0x30, 0x1C, 0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 121 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 122 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 123 0x02, 0x01, 0x01, 0x0D, 0x07, 0x04, 0x02, 0x01, 0x01, 0x02, 124 0x01, 0x01, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 0x05, 0x04, 125 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 126 0x15, 0x0C, 0x07, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 127 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 0x05, 0x03, 0x02, 0x01, 128 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x09, 0x05, 0x03, 129 0x02, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x04, 130 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 131 }, 132 }, 133 B: common.DomainParams{ 134 // The x-coordinate of PB 135 AffineP: common.Fp2{ 136 A: common.Fp{ 137 0x6E5497556EDD48A3, 0x2A61B501546F1C05, 0xEB919446D049887D, 0x5864A4A69D450C4F, 138 0xB883F276A6490D2B, 0x22CC287022D5F5B9, 0x0001BED4772E551F, 139 }, 140 B: common.Fp{ 141 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 142 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 143 }, 144 }, 145 // The x-coordinate of QB 146 AffineQ: common.Fp2{ 147 A: common.Fp{ 148 0xFAE2A3F93D8B6B8E, 0x494871F51700FE1C, 0xEF1A94228413C27C, 0x498FF4A4AF60BD62, 149 0xB00AD2A708267E8A, 0xF4328294E017837F, 0x000034080181D8AE, 150 }, 151 B: common.Fp{ 152 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 153 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 154 }, 155 }, 156 // The x-coordinate of RB = PB - QB 157 AffineR: common.Fp2{ 158 A: common.Fp{ 159 0x283B34FAFEFDC8E4, 0x9208F44977C3E647, 0x7DEAE962816F4E9A, 0x68A2BA8AA262EC9D, 160 0x8176F112EA43F45B, 0x02106D022634F504, 0x00007E8A50F02E37, 161 }, 162 B: common.Fp{ 163 0xB378B7C1DA22CCB1, 0x6D089C99AD1D9230, 0xEBE15711813E2369, 0x2B35A68239D48A53, 164 0x445F6FD138407C93, 0xBEF93B29A3F6B54B, 0x000173FA910377D3, 165 }, 166 }, 167 // Size of secret key for 3-torsion group, corresponds to log_2(3^e3) - 1. 168 SecretBitLen: 217, 169 // SecretBitLen in bytes. 170 SecretByteLen: 28, 171 // 3-torsion group computation strategy 172 IsogenyStrategy: []uint32{ 173 0x42, 0x21, 0x11, 0x09, 0x05, 0x03, 0x02, 0x01, 0x01, 0x01, 174 0x01, 0x02, 0x01, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x01, 175 0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 176 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x10, 177 0x08, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 178 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 179 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 180 0x01, 0x20, 0x10, 0x08, 0x04, 0x03, 0x01, 0x01, 0x01, 0x01, 181 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 182 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 183 0x01, 0x01, 0x02, 0x01, 0x01, 0x10, 0x08, 0x04, 0x02, 0x01, 184 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 185 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 186 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 187 }, 188 }, 189 OneFp2: one, 190 HalfFp2: half, 191 MsgLen: 16, 192 // SIKEp434 provides 192 bit of classical security ([SIKE], 5.1) 193 KemSize: 16, 194 // ceil(434+7/8) 195 Bytelen: 55, 196 CiphertextSize: 16 + 330, 197 } 198 ) 199 200 func init() { 201 common.Register(common.Fp434, ¶ms) 202 }