github.com/cloudflare/circl@v1.5.0/group/group.go

github.com/cloudflare/circl@v1.5.0/group/group.go (about)

     1  // Package group provides prime-order groups based on elliptic curves.
     2  package group
     3  
     4  import (
     5  	"encoding"
     6  	"errors"
     7  	"io"
     8  	"math/big"
     9  )
    10  
    11  // Params stores the size in bytes of elements and scalars.
    12  type Params struct {
    13  	ElementLength           uint // Length in bytes of an element.
    14  	CompressedElementLength uint // Length in bytes of a compressed element.
    15  	ScalarLength            uint // Length in bytes of a scalar.
    16  }
    17  
    18  // Group represents an additive prime-order group based on elliptic curves.
    19  type Group interface {
    20  	Params() *Params // Params returns parameters for the group
    21  	// Creates an element of the group set to the identity of the group.
    22  	NewElement() Element
    23  	// Creates a scalar of the group set to zero.
    24  	NewScalar() Scalar
    25  	// Creates an element of the group set to the identity of the group.
    26  	Identity() Element
    27  	// Creates an element of the group set to the generator of the group.
    28  	Generator() Element
    29  	// RandomElement creates an element chosen at random (using randomness
    30  	// from rnd) from the set of group elements. Use crypto/rand.Reader as
    31  	// a cryptographically secure random number generator
    32  	RandomElement(rnd io.Reader) Element
    33  	// RandomScalar creates a scalar chosen at random (using randomness
    34  	// from rnd) from the set of group scalars. Use crypto/rand.Reader as
    35  	// a cryptographically secure random number generator
    36  	RandomScalar(rnd io.Reader) Scalar
    37  	// RandomNonZeroScalar creates a scalar chosen at random (using randomness
    38  	// from rnd) from the set of group scalars. Use crypto/rand.Reader as
    39  	// a cryptographically secure random number generator. It is guaranteed
    40  	// the scalar is not zero.
    41  	RandomNonZeroScalar(io.Reader) Scalar
    42  	// HashToElement hashes a message (msg) using a domain separation string
    43  	// (dst) producing a group element with uniform distribution.
    44  	HashToElement(msg, dst []byte) Element
    45  	// HashToElementNonUniform hashes a message (msg) using a domain separation
    46  	// string (dst) producing a group element with nonuniform distribution.
    47  	HashToElementNonUniform(msg, dst []byte) Element
    48  	// HashToScalar hashes a message (msg) using a domain separation string
    49  	// (dst) producing a group scalar with uniform distribution.
    50  	HashToScalar(msg, dst []byte) Scalar
    51  }
    52  
    53  // Element represents an element of a prime-order group.
    54  type Element interface {
    55  	// Returns the group that the element belongs to.
    56  	Group() Group
    57  	// Set the receiver to x, and returns the receiver.
    58  	Set(x Element) Element
    59  	// Copy returns a new element equal to the receiver.
    60  	Copy() Element
    61  	// IsIdentity returns true if the receiver is the identity element of the
    62  	// group.
    63  	IsIdentity() bool
    64  	// IsEqual returns true if the receiver is equal to x.
    65  	IsEqual(x Element) bool
    66  	// CMov sets the receiver to x if b=1; the receiver is unmodified if b=0;
    67  	// otherwise panics if b is not 0 or 1. In all the cases, it returns the
    68  	// receiver.
    69  	CMov(b int, x Element) Element
    70  	// CSelect sets the receiver to x if b=1; sets the receiver to y if b=0;
    71  	// otherwise panics if b is not 0 or 1. In all the cases, it returns the
    72  	// receiver.
    73  	CSelect(b int, x, y Element) Element
    74  	// Add sets the receiver to x + y, and returns the receiver.
    75  	Add(x, y Element) Element
    76  	// Dbl sets the receiver to 2 * x, and returns the receiver.
    77  	Dbl(x Element) Element
    78  	// Neg sets the receiver to -x, and returns the receiver.
    79  	Neg(x Element) Element
    80  	// Mul sets the receiver to s * x, and returns the receiver.
    81  	Mul(x Element, s Scalar) Element
    82  	// MulGen sets the receiver to s * Generator(), and returns the receiver.
    83  	MulGen(s Scalar) Element
    84  	// BinaryMarshaler returns a byte representation of the element.
    85  	encoding.BinaryMarshaler
    86  	// BinaryUnmarshaler recovers an element from a byte representation
    87  	// produced either by encoding.BinaryMarshaler or MarshalBinaryCompress.
    88  	encoding.BinaryUnmarshaler
    89  	// MarshalBinaryCompress returns a byte representation of an element in a
    90  	// compact form whenever the group supports it; otherwise, returns the
    91  	// same byte representation produced by encoding.BinaryMarshaler.
    92  	MarshalBinaryCompress() ([]byte, error)
    93  }
    94  
    95  // Scalar represents a scalar of a prime-order group.
    96  type Scalar interface {
    97  	// Returns the group that the scalar belongs to.
    98  	Group() Group
    99  	// Set the receiver to x, and returns the receiver.
   100  	Set(x Scalar) Scalar
   101  	// Copy returns a new scalar equal to the receiver.
   102  	Copy() Scalar
   103  	// IsZero returns true if the receiver is equal to zero.
   104  	IsZero() bool
   105  	// IsEqual returns true if the receiver is equal to x.
   106  	IsEqual(x Scalar) bool
   107  	// SetUint64 sets the receiver to x, and returns the receiver.
   108  	SetUint64(x uint64) Scalar
   109  	// SetBigInt sets the receiver to x, and returns the receiver.
   110  	// Warning: operations on big.Int are not constant time. Do not use them
   111  	// for cryptography unless you're sure it's safe in your use-case.
   112  	SetBigInt(b *big.Int) Scalar
   113  	// CMov sets the receiver to x if b=1; the receiver is unmodified if b=0;
   114  	// otherwise panics if b is not 0 or 1. In all the cases, it returns the
   115  	// receiver.
   116  	CMov(b int, x Scalar) Scalar
   117  	// CSelect sets the receiver to x if b=1; sets the receiver to y if b=0;
   118  	// otherwise panics if b is not 0 or 1. In all the cases, it returns the
   119  	// receiver.
   120  	CSelect(b int, x, y Scalar) Scalar
   121  	// Add sets the receiver to x + y, and returns the receiver.
   122  	Add(x, y Scalar) Scalar
   123  	// Sub sets the receiver to x - y, and returns the receiver.
   124  	Sub(x, y Scalar) Scalar
   125  	// Mul sets the receiver to x * y, and returns the receiver.
   126  	Mul(x, y Scalar) Scalar
   127  	// Neg sets the receiver to -x, and returns the receiver.
   128  	Neg(x Scalar) Scalar
   129  	// Inv sets the receiver to 1/x, and returns the receiver.
   130  	Inv(x Scalar) Scalar
   131  	// BinaryMarshaler returns a byte representation of the scalar.
   132  	encoding.BinaryMarshaler
   133  	// BinaryUnmarshaler recovers a scalar from a byte representation produced
   134  	// by encoding.BinaryMarshaler.
   135  	encoding.BinaryUnmarshaler
   136  }
   137  
   138  var (
   139  	ErrType      = errors.New("group: type mismatch")
   140  	ErrUnmarshal = errors.New("group: error unmarshaling")
   141  	ErrSelector  = errors.New("group: selector must be 0 or 1")
   142  )