Exemple #1
0
// RepresentativeToPublicKey converts a uniform representative value for a
// curve25519 public key, as produced by ScalarBaseMult, to a curve25519 public
// key.
func RepresentativeToPublicKey(publicKey, representative *[32]byte) {
	var rr2, v, e edwards25519.FieldElement
	edwards25519.FeFromBytes(&rr2, representative)

	edwards25519.FeSquare2(&rr2, &rr2)
	rr2[0]++
	edwards25519.FeInvert(&rr2, &rr2)
	edwards25519.FeMul(&v, &edwards25519.A, &rr2)
	edwards25519.FeNeg(&v, &v)

	var v2, v3 edwards25519.FieldElement
	edwards25519.FeSquare(&v2, &v)
	edwards25519.FeMul(&v3, &v, &v2)
	edwards25519.FeAdd(&e, &v3, &v)
	edwards25519.FeMul(&v2, &v2, &edwards25519.A)
	edwards25519.FeAdd(&e, &v2, &e)
	chi(&e, &e)
	var eBytes [32]byte
	edwards25519.FeToBytes(&eBytes, &e)
	// eBytes[1] is either 0 (for e = 1) or 0xff (for e = -1)
	eIsMinus1 := int32(eBytes[1]) & 1
	var negV edwards25519.FieldElement
	edwards25519.FeNeg(&negV, &v)
	edwards25519.FeCMove(&v, &negV, eIsMinus1)

	edwards25519.FeZero(&v2)
	edwards25519.FeCMove(&v2, &edwards25519.A, eIsMinus1)
	edwards25519.FeSub(&v, &v, &v2)

	edwards25519.FeToBytes(publicKey, &v)
}
Exemple #2
0
// IsOnCurve returns bool to say if the point (x,y) is on the curve by
// checking (y^2 - x^2 - 1 - dx^2y^2) % P == 0.
func (curve *TwistedEdwardsCurve) IsOnCurve(x *big.Int, y *big.Int) bool {
	// Convert to field elements.
	xB := BigIntToEncodedBytes(x)
	yB := BigIntToEncodedBytes(y)

	yfe := new(edwards25519.FieldElement)
	xfe := new(edwards25519.FieldElement)
	edwards25519.FeFromBytes(yfe, yB)
	edwards25519.FeFromBytes(xfe, xB)

	x2 := new(edwards25519.FieldElement)
	edwards25519.FeSquare(x2, xfe)
	y2 := new(edwards25519.FieldElement)
	edwards25519.FeSquare(y2, yfe)

	dx2y2 := new(edwards25519.FieldElement)
	edwards25519.FeMul(dx2y2, &fed, x2)
	edwards25519.FeMul(dx2y2, dx2y2, y2)

	enum := new(edwards25519.FieldElement)
	edwards25519.FeSub(enum, y2, x2)
	edwards25519.FeSub(enum, enum, &feOne)
	edwards25519.FeSub(enum, enum, dx2y2)

	enumBig := FieldElementToBigInt(enum)
	enumBig.Mod(enumBig, curve.P)

	if enumBig.Cmp(zero) != 0 {
		return false
	}

	// Check if we're in the cofactor of the curve (8).
	modEight := new(big.Int)
	modEight.Mod(enumBig, eight)
	if modEight.Cmp(zero) != 0 {
		return false
	}

	return true
}
Exemple #3
0
// BigIntPointToEncodedBytes converts an affine point to a compressed
// 32 byte integer representation.
func BigIntPointToEncodedBytes(x *big.Int, y *big.Int) *[32]byte {
	s := BigIntToEncodedBytes(y)
	xB := BigIntToEncodedBytes(x)
	xFE := new(edwards25519.FieldElement)
	edwards25519.FeFromBytes(xFE, xB)
	isNegative := edwards25519.FeIsNegative(xFE) == 1

	if isNegative {
		s[31] |= (1 << 7)
	} else {
		s[31] &^= (1 << 7)
	}

	return s
}
Exemple #4
0
// EncodedBytesToFieldElement converts a 32 byte little endian integer into
// a field element.
func EncodedBytesToFieldElement(s *[32]byte) *edwards25519.FieldElement {
	fe := new(edwards25519.FieldElement)
	edwards25519.FeFromBytes(fe, s)
	return fe
}
Exemple #5
0
// BigIntToFieldElement converts a big little endian integer into its corresponding
// 40 byte field representation.
func BigIntToFieldElement(a *big.Int) *edwards25519.FieldElement {
	aB := BigIntToEncodedBytes(a)
	fe := new(edwards25519.FieldElement)
	edwards25519.FeFromBytes(fe, aB)
	return fe
}