github.com/cloudflare/circl@v1.5.0/dh/sidh/internal/p751/params.go (about) 1 package p751 2 3 //go:generate go run ../templates/gen.go P751 4 5 import ( 6 "github.com/cloudflare/circl/dh/sidh/internal/common" 7 "golang.org/x/sys/cpu" 8 ) 9 10 const ( 11 // Number of uint64 limbs used to store field element 12 FpWords = 12 13 ) 14 15 var ( 16 // HasBMI2 signals support for MULX which is in BMI2 17 HasBMI2 = cpu.X86.HasBMI2 18 // HasADXandBMI2 signals support for ADX and BMI2 19 HasADXandBMI2 = cpu.X86.HasBMI2 && cpu.X86.HasADX 20 // P751 is a prime used by field Fp751 21 P751 = common.Fp{ 22 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 23 0xffffffffffffffff, 0xffffffffffffffff, 0xeeafffffffffffff, 24 0xe3ec968549f878a8, 0xda959b1a13f7cc76, 0x084e9867d6ebe876, 25 0x8562b5045cb25748, 0x0e12909f97badc66, 0x00006fe5d541f71c, 26 } 27 28 // P751x2 = 2*p751 - 1 29 P751x2 = common.Fp{ 30 0xFFFFFFFFFFFFFFFE, 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 31 0xFFFFFFFFFFFFFFFF, 0xFFFFFFFFFFFFFFFF, 0xDD5FFFFFFFFFFFFF, 32 0xC7D92D0A93F0F151, 0xB52B363427EF98ED, 0x109D30CFADD7D0ED, 33 0x0AC56A08B964AE90, 0x1C25213F2F75B8CD, 0x0000DFCBAA83EE38, 34 } 35 36 // P751p1 = p751 + 1 37 P751p1 = common.Fp{ 38 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 39 0x0000000000000000, 0x0000000000000000, 0xeeb0000000000000, 40 0xe3ec968549f878a8, 0xda959b1a13f7cc76, 0x084e9867d6ebe876, 41 0x8562b5045cb25748, 0x0e12909f97badc66, 0x00006fe5d541f71c, 42 } 43 44 // P751R2 = (2^768)^2 mod p 45 P751R2 = common.Fp{ 46 0x233046449DAD4058, 0xDB010161A696452A, 0x5E36941472E3FD8E, 47 0xF40BFE2082A2E706, 0x4932CCA8904F8751, 0x1F735F1F1EE7FC81, 48 0xA24F4D80C1048E18, 0xB56C383CCDB607C5, 0x441DD47B735F9C90, 49 0x5673ED2C6A6AC82A, 0x06C905261132294B, 0x000041AD830F1F35, 50 } 51 52 // P751p1Zeros number of 0 digits in the least significant part of P751+1 53 P751p1Zeros = 5 54 55 // 1*R mod p 56 one = common.Fp2{ 57 A: common.Fp{ 58 0x00000000000249ad, 0x0000000000000000, 0x0000000000000000, 59 0x0000000000000000, 0x0000000000000000, 0x8310000000000000, 60 0x5527b1e4375c6c66, 0x697797bf3f4f24d0, 0xc89db7b2ac5c4e2e, 61 0x4ca4b439d2076956, 0x10f7926c7512c7e9, 0x00002d5b24bce5e2, 62 }, 63 } 64 // 1/2 * R mod p 65 half = common.Fp2{ 66 A: common.Fp{ 67 0x00000000000124D6, 0x0000000000000000, 0x0000000000000000, 68 0x0000000000000000, 0x0000000000000000, 0xB8E0000000000000, 69 0x9C8A2434C0AA7287, 0xA206996CA9A378A3, 0x6876280D41A41B52, 70 0xE903B49F175CE04F, 0x0F8511860666D227, 0x00004EA07CFF6E7F, 71 }, 72 } 73 // 6*R mod p 74 six = common.Fp2{ 75 A: common.Fp{ 76 0x00000000000DBA10, 0x0000000000000000, 0x0000000000000000, 77 0x0000000000000000, 0x0000000000000000, 0x3500000000000000, 78 0x3714FE4EB8399915, 0xC3A2584753EB43F4, 0xA3151D605C520428, 79 0xC116CF5232C7C978, 0x49A84D4B8EFAF6AA, 0x0000305731E97514, 80 }, 81 } 82 83 params = common.SidhParams{ 84 ID: common.Fp751, 85 // SIDH public key byte size. 86 PublicKeySize: 564, 87 // SIDH shared secret byte size. 88 SharedSecretSize: 188, 89 A: common.DomainParams{ 90 // The x-coordinate of PA 91 AffineP: common.Fp2{ 92 A: common.Fp{ 93 0x884F46B74000BAA8, 0xBA52630F939DEC20, 0xC16FB97BA714A04D, 94 0x082536745B1AB3DB, 0x1117157F446F9E82, 0xD2F27D621A018490, 95 0x6B24AB523D544BCD, 0x9307D6AA2EA85C94, 0xE1A096729528F20F, 96 0x896446F868F3255C, 0x2401D996B1BFF8A5, 0x00000EF8786A5C0A, 97 }, 98 B: common.Fp{ 99 0xAEB78B3B96F59394, 0xAB26681E29C90B74, 0xE520AC30FDC4ACF1, 100 0x870AAAE3A4B8111B, 0xF875BDB738D64EFF, 0x50109A7ECD7ED6BC, 101 0x4CC64848FF0C56FB, 0xE617CB6C519102C9, 0x9C74B3835921E609, 102 0xC91DDAE4A35A7146, 0x7FC82A155C1B9129, 0x0000214FA6B980B3, 103 }, 104 }, 105 // The x-coordinate of QA 106 AffineQ: common.Fp2{ 107 A: common.Fp{ 108 0x0F93CC38680A8CA9, 0x762E733822E7FED7, 0xE549F005AC0ADB67, 109 0x94A71FDD2C43A4ED, 0xD48645C2B04721C5, 0x432DA1FE4D4CA4DC, 110 0xBC99655FAA7A80E8, 0xB2C6D502BCFD4823, 0xEE92F40CA2EC8BDB, 111 0x7B074132EFB6D16C, 0x3340B46FA38A7633, 0x0000215749657F6C, 112 }, 113 B: common.Fp{ 114 0xECFF375BF3079F4C, 0xFBFE74B043E80EF3, 0x17376CBE3C5C7AD1, 115 0xC06327A7E29CDBF2, 0x2111649C438BF3D4, 0xC1F9298261BA2E97, 116 0x1F9FECE869CFD1C2, 0x01A39B4FC9346D62, 0x147CD1D3E82A3C9F, 117 0xDE84E9D249E533EE, 0x1C48A5ADFB7C578D, 0x000061ACA0B82E1D, 118 }, 119 }, 120 // The x-coordinate of RA = PA-QA 121 AffineR: common.Fp2{ 122 A: common.Fp{ 123 0x1600C525D41059F1, 0xA596899A0A1D83F7, 0x6BFDEED6D2B23F35, 124 0x5C7E707270C23910, 0x276CA1A4E8369411, 0xB193651A602925A0, 125 0x243D239F1CA1F04A, 0x543DC6DA457860AD, 0xCDA590F325181DE9, 126 0xD3AB7ACFDA80B395, 0x6C97468580FDDF7B, 0x0000352A3E5C4C77, 127 }, 128 B: common.Fp{ 129 0x9B794F9FD1CC3EE8, 0xDB32E40A9B2FD23E, 0x26192A2542E42B67, 130 0xA18E94FCA045BCE7, 0x96DC1BC38E7CDA2D, 0x9A1D91B752487DE2, 131 0xCC63763987436DA3, 0x1316717AACCC551D, 0xC4C368A4632AFE72, 132 0x4B6EA85C9CCD5710, 0x7A12CAD582C7BC9A, 0x00001C7E240149BF, 133 }, 134 }, 135 // Max size of secret key for 2-torsion group, corresponds to 2^e2 - 1 136 SecretBitLen: 372, 137 // SecretBitLen in bytes. 138 SecretByteLen: 47, 139 // 2-torsion group computation strategy 140 IsogenyStrategy: []uint32{ 141 0x50, 0x30, 0x1B, 0x0F, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 142 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x07, 143 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x03, 0x02, 0x01, 144 0x01, 0x01, 0x01, 0x0C, 0x07, 0x04, 0x02, 0x01, 0x01, 0x02, 145 0x01, 0x01, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 0x05, 0x03, 146 0x02, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x15, 147 0x0C, 0x07, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x03, 148 0x02, 0x01, 0x01, 0x01, 0x01, 0x05, 0x03, 0x02, 0x01, 0x01, 149 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x09, 0x05, 0x03, 0x02, 150 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x04, 0x02, 151 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x21, 0x14, 0x0C, 0x07, 152 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x03, 0x02, 0x01, 153 0x01, 0x01, 0x01, 0x05, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 154 0x02, 0x01, 0x01, 0x01, 0x08, 0x05, 0x03, 0x02, 0x01, 0x01, 155 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 156 0x02, 0x01, 0x01, 0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x01, 157 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 158 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 159 0x01, 0x01, 0x02, 0x01, 0x01, 160 }, 161 }, 162 B: common.DomainParams{ 163 // The x-coordinate of PB 164 AffineP: common.Fp2{ 165 A: common.Fp{ 166 0x85691AAF4015F88C, 0x7478C5B8C36E9631, 0x7EF2A185DE4DD6E2, 167 0x943BBEE46BEB9DC7, 0x1A3EC62798792D22, 0x791BC4B084B31D69, 168 0x03DBE6522CEA17C4, 0x04749AA65D665D83, 0x3D52B5C45EF450F3, 169 0x0B4219848E36947D, 0xA4CF7070466BDE27, 0x0000334B1FA6D193, 170 }, 171 B: common.Fp{ 172 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 173 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 174 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 175 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 176 }, 177 }, 178 // The x-coordinate of QB 179 AffineQ: common.Fp2{ 180 A: common.Fp{ 181 0x8E7CB3FA53211340, 0xD67CE54F7A05EEE0, 0xFDDC2C8BCE46FC38, 182 0x08587FAE3110DF1E, 0xD6B8246FA22B058B, 0x4DAC3ACC905A5DBD, 183 0x51D0BF2FADCED3E8, 0xE5A2406DF6484425, 0x907F177584F671B8, 184 0x4738A2FFCCED051C, 0x2B0067B4177E4853, 0x00002806AC948D3D, 185 }, 186 B: common.Fp{ 187 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 188 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 189 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 190 0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 191 }, 192 }, 193 // The x-coordinate of RB = PB - QB 194 AffineR: common.Fp2{ 195 A: common.Fp{ 196 0xB56457016D1D6D1C, 0x03DECCB38F39C491, 0xDFB910AC8A559452, 197 0xA9D0F17D1FF24883, 0x8562BBAF515C248C, 0x249B2A6DDB1CB67D, 198 0x3131AF96FB46835C, 0xE10258398480C3E1, 0xEAB5E2B872D4FAB1, 199 0xB71E63875FAEB1DF, 0xF8384D4F13757CF6, 0x0000361EC9B09912, 200 }, 201 B: common.Fp{ 202 0x58C967899ED16EF4, 0x81998376DC622A4B, 0x3D1C1DCFE0B12681, 203 0x9347DEBB953E1730, 0x9ABB344D3A82C2D7, 0xE4881BD2820552B2, 204 0x0037247923D90266, 0x2E3156EDB157E5A5, 0xF86A46A7506823F7, 205 0x8FE5523A7B7F1CFC, 0xFA3CFFA38372F67B, 0x0000692DCE85FFBD, 206 }, 207 }, 208 // Size of secret key for 3-torsion group, corresponds to log_2(3^e3) - 1. 209 SecretBitLen: 378, 210 // SecretBitLen in bytes. 211 SecretByteLen: 48, 212 // 3-torsion group computation strategy 213 IsogenyStrategy: []uint32{ 214 0x70, 0x3F, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 215 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 216 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 217 0x01, 0x02, 0x01, 0x01, 0x10, 0x08, 0x04, 0x02, 0x01, 0x01, 218 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 219 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 220 0x01, 0x01, 0x02, 0x01, 0x01, 0x1F, 0x10, 0x08, 0x04, 0x02, 221 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 222 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 223 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x08, 0x04, 224 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 225 0x02, 0x01, 0x01, 0x07, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 226 0x01, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 0x31, 0x1F, 0x10, 227 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 0x02, 228 0x01, 0x01, 0x02, 0x01, 0x01, 0x08, 0x04, 0x02, 0x01, 0x01, 229 0x02, 0x01, 0x01, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 230 0x0F, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x04, 231 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x07, 0x04, 0x02, 0x01, 232 0x01, 0x02, 0x01, 0x01, 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 233 0x15, 0x0C, 0x08, 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 234 0x04, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01, 0x05, 0x03, 0x02, 235 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x09, 0x05, 236 0x03, 0x02, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 237 0x04, 0x02, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 238 }, 239 }, 240 OneFp2: one, 241 HalfFp2: half, 242 243 MsgLen: 32, 244 // SIKEp751 provides 128 bit of classical security ([SIKE], 5.1) 245 KemSize: 32, 246 // ceil(751+7/8) 247 Bytelen: 94, 248 CiphertextSize: 32 + 564, 249 InitCurve: common.ProjectiveCurveParameters{ 250 A: six, 251 C: one, 252 }, 253 } 254 ) 255 256 func init() { 257 common.Register(common.Fp751, ¶ms) 258 }