github.com/cloudflare/circl@v1.5.0/dh/sidh/internal/p503/params.go

github.com/cloudflare/circl@v1.5.0/dh/sidh/internal/p503/params.go (about)

     1  package p503
     2  
     3  //go:generate go run ../templates/gen.go P503
     4  
     5  import (
     6  	"github.com/cloudflare/circl/dh/sidh/internal/common"
     7  	"golang.org/x/sys/cpu"
     8  )
     9  
    10  const (
    11  	// Number of uint64 limbs used to store field element
    12  	FpWords = 8
    13  )
    14  
    15  // P503 is a prime used by field Fp503
    16  var (
    17  	// According to https://github.com/golang/go/issues/28230,
    18  	// variables referred from the assembly must be in the same package.
    19  	// HasBMI2 signals support for MULX which is in BMI2
    20  	HasBMI2 = cpu.X86.HasBMI2
    21  	// HasADXandBMI2 signals support for ADX and BMI2
    22  	HasADXandBMI2 = cpu.X86.HasBMI2 && cpu.X86.HasADX
    23  
    24  	// P503 is a prime used by field Fp503
    25  	P503 = common.Fp{
    26  		0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xABFFFFFFFFFFFFFF,
    27  		0x13085BDA2211E7A0, 0x1B9BF6C87B7E7DAF, 0x6045C6BDDA77A4D0, 0x004066F541811E1E,
    28  	}
    29  
    30  	// P503x2 = 2*p503 - 1
    31  	P503x2 = common.Fp{
    32  		0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0x57FFFFFFFFFFFFFF,
    33  		0x2610B7B44423CF41, 0x3737ED90F6FCFB5E, 0xC08B8D7BB4EF49A0, 0x0080CDEA83023C3C,
    34  	}
    35  
    36  	// P503p1 = p503 + 1
    37  	P503p1 = common.Fp{
    38  		0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0xAC00000000000000,
    39  		0x13085BDA2211E7A0, 0x1B9BF6C87B7E7DAF, 0x6045C6BDDA77A4D0, 0x004066F541811E1E,
    40  	}
    41  
    42  	// P503R2 = (2^512)^2 mod p
    43  	P503R2 = common.Fp{
    44  		0x5289A0CF641D011F, 0x9B88257189FED2B9, 0xA3B365D58DC8F17A, 0x5BC57AB6EFF168EC,
    45  		0x9E51998BD84D4423, 0xBF8999CBAC3B5695, 0x46E9127BCE14CDB6, 0x003F6CFCE8B81771,
    46  	}
    47  
    48  	// P503p1s8 = p503 + 1 left-shifted by 8, assuming little endianness
    49  	P503p1s8 = common.Fp{
    50  		0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
    51  		0x085BDA2211E7A0AC, 0x9BF6C87B7E7DAF13, 0x45C6BDDA77A4D01B, 0x4066F541811E1E60,
    52  	}
    53  
    54  	// P503p1Zeros number of 0 digits in the least significant part of P503+1
    55  	P503p1Zeros = 3
    56  
    57  	// 1*R mod p
    58  	one = common.Fp2{
    59  		A: common.Fp{
    60  			0x00000000000003F9, 0x0000000000000000, 0x0000000000000000, 0xB400000000000000,
    61  			0x63CB1A6EA6DED2B4, 0x51689D8D667EB37D, 0x8ACD77C71AB24142, 0x0026FBAEC60F5953,
    62  		},
    63  	}
    64  	// 1/2 * R mod p
    65  	half = common.Fp2{
    66  		A: common.Fp{
    67  			0x00000000000001FC, 0x0000000000000000, 0x0000000000000000, 0xB000000000000000,
    68  			0x3B69BB2464785D2A, 0x36824A2AF0FE9896, 0xF5899F427A94F309, 0x0033B15203C83BB8,
    69  		},
    70  	}
    71  	// 6*R mod p
    72  	six = common.Fp2{
    73  		A: common.Fp{
    74  			0x00000000000017D8, 0x0000000000000000, 0x0000000000000000, 0xE000000000000000,
    75  			0x30B1E6E3A51520FA, 0xB13BC3BF6FFB3992, 0x8045412EEB3E3DED, 0x0069182E2159DBB8,
    76  		},
    77  	}
    78  
    79  	params = common.SidhParams{
    80  		ID: common.Fp503,
    81  		// SIDH public key byte size.
    82  		PublicKeySize: 378,
    83  		// SIDH shared secret byte size.
    84  		SharedSecretSize: 126,
    85  		A: common.DomainParams{
    86  			// The x-coordinate of PA
    87  			AffineP: common.Fp2{
    88  				A: common.Fp{
    89  					0x5D083011589AD893, 0xADFD8D2CB67D0637, 0x330C9AC34FFB6361, 0xF0D47489A2E805A2,
    90  					0x27E2789259C6B8DC, 0x63866A2C121931B9, 0x8D4C65A7137DCF44, 0x003A183AE5967B3F,
    91  				},
    92  				B: common.Fp{
    93  					0x7E3541B8C96D1519, 0xD3ADAEEC0D61A26C, 0xC0A2219CE7703DD9, 0xFF3E46658FCDBC52,
    94  					0xD5B38DEAE6E196FF, 0x1AAC826364956D58, 0xEC9F4875B9A5F27A, 0x001B0B475AB99843,
    95  				},
    96  			},
    97  			// The x-coordinate of QA
    98  			AffineQ: common.Fp2{
    99  				A: common.Fp{
   100  					0x4D83695107D03BAD, 0x221F3299005E2FCF, 0x78E6AE22F30DECF2, 0x6D982DB5111253E4,
   101  					0x504C80A8AB4526A8, 0xEFD0C3AA210BB024, 0xCB77483501DC6FCF, 0x001052544A96BDF3,
   102  				},
   103  				B: common.Fp{
   104  					0x0D74FE3402BCAE47, 0xDF5B8CDA832D8AED, 0xB86BCF06E4BD837E, 0x892A2933A0FA1F63,
   105  					0x9F88FC67B6CCB461, 0x822926EA9DDA3AC8, 0xEAC8DDE5855425ED, 0x000618FE6DA37A80,
   106  				},
   107  			},
   108  
   109  			// The x-coordinate of RA = PA-QA
   110  			AffineR: common.Fp2{
   111  				A: common.Fp{
   112  					0x1D9D32D2DC877C17, 0x5517CD8F71D5B02B, 0x395AFB8F6B60C117, 0x3AE31AC85F9098C8,
   113  					0x5F5341C198450848, 0xF8C609DBEA435C6A, 0xD832BC7EDC7BA5E4, 0x002AD98AA6968BF5,
   114  				},
   115  				B: common.Fp{
   116  					0xC466CAB0F73C2E5B, 0x7B1817148FB2CF9C, 0x873E87C099E470A0, 0xBB17AC6D17A7BAC1,
   117  					0xA146FDCD0F2E2A58, 0x88B311E9CEAB6201, 0x37604CF5C7951757, 0x0006804071C74BF9,
   118  				},
   119  			},
   120  			// Max size of secret key for 2-torsion group, corresponds to 2^e2 - 1
   121  			SecretBitLen: 250,
   122  			// SecretBitLen in bytes.
   123  			SecretByteLen: 32,
   124  			// 2-torsion group computation strategy
   125  			IsogenyStrategy: []uint32{
   126  				0x3D, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01,
   127  				0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02,
   128  				0x01, 0x01, 0x02, 0x01, 0x01, 0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01,
   129  				0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01,
   130  				0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x1D, 0x10, 0x08, 0x04, 0x02, 0x01,
   131  				0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 0x02,
   132  				0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x0D, 0x08,
   133  				0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01,
   134  				0x05, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01,
   135  			},
   136  		},
   137  		B: common.DomainParams{
   138  			// The x-coordinate of PB
   139  			AffineP: common.Fp2{
   140  				A: common.Fp{
   141  					0xDF630FC5FB2468DB, 0xC30C5541C102040E, 0x3CDC9987B76511FC, 0xF54B5A09353D0CDD,
   142  					0x3ADBA8E00703C42F, 0x8253F9303DDC95D0, 0x62D30778763ABFD7, 0x001CD00FB581CD55,
   143  				},
   144  				B: common.Fp{
   145  					0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
   146  					0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
   147  				},
   148  			},
   149  			// The x-coordinate of QB
   150  			AffineQ: common.Fp2{
   151  				A: common.Fp{
   152  					0x2E3457A12B429261, 0x311F94E89627DCF8, 0x5B71C98FD1DB73F6, 0x3671DB7DCFC21541,
   153  					0xB6D1484C9FE0CF4F, 0x19CD110717356E35, 0xF4F9FB00AC9919DF, 0x0035BC124D38A70B,
   154  				},
   155  				B: common.Fp{
   156  					0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
   157  					0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000,
   158  				},
   159  			},
   160  			// The x-coordinate of RB = PB - QB
   161  			AffineR: common.Fp2{
   162  				A: common.Fp{
   163  					0x2E08BB99413D2952, 0xD3021467CD088D72, 0x21017AF859752245, 0x26314ED8FFD9DE5C,
   164  					0x4AF43C73344B6686, 0xCFA1F91149DF0993, 0xF327A95365587A89, 0x000DBF54E03D3906,
   165  				},
   166  				B: common.Fp{
   167  					0x03E03FF342F5F304, 0x993D604D7B4B6E56, 0x80412F4D9280E71F, 0x0FFDC9EF990B3982,
   168  					0xE584E64C51604931, 0x1374F42AC8B0BBD7, 0x07D5BC37DFA41A5F, 0x00396CCFD61FD34C,
   169  				},
   170  			},
   171  			// Size of secret key for 3-torsion group, corresponds to log_2(3^e3) - 1.
   172  			SecretBitLen: 252,
   173  			// SecretBitLen in bytes.
   174  			SecretByteLen: 32,
   175  			// 3-torsion group computation strategy
   176  			IsogenyStrategy: []uint32{
   177  				0x47, 0x26, 0x15, 0x0D, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02,
   178  				0x01, 0x01, 0x02, 0x01, 0x01, 0x05, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x02,
   179  				0x01, 0x01, 0x01, 0x09, 0x05, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01,
   180  				0x01, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x11, 0x09, 0x05, 0x03, 0x02,
   181  				0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02,
   182  				0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01,
   183  				0x01, 0x02, 0x01, 0x01, 0x21, 0x11, 0x09, 0x05, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01,
   184  				0x02, 0x01, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04,
   185  				0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01,
   186  				0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01,
   187  				0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01,
   188  				0x01, 0x02, 0x01, 0x01,
   189  			},
   190  		},
   191  		OneFp2:  one,
   192  		HalfFp2: half,
   193  		MsgLen:  24,
   194  		// SIKEp503 provides 192 bit of classical security ([SIKE], 5.1)
   195  		KemSize: 24,
   196  		// ceil(503+7/8)
   197  		Bytelen:        63,
   198  		CiphertextSize: 24 + 378,
   199  		InitCurve: common.ProjectiveCurveParameters{
   200  			A: six,
   201  			C: one,
   202  		},
   203  	}
   204  )
   205  
   206  func init() {
   207  	common.Register(common.Fp503, &params)
   208  }