var (
ErrType = errors.New("group: type mismatch")
ErrUnmarshal = errors.New("group: error unmarshaling")
ErrSelector = errors.New("group: selector must be 0 or 1")
)
func HashToField(u []big.Int, b []byte, e expander.Expander, p *big.Int, L uint)
HashToField generates a set of elements {u1,..., uN} = Hash(b) where each u in GF(p) and L is the security parameter.
Element represents an element of a prime-order group.
type Element interface {
// Returns the group that the element belongs to.
Group() Group
// Set the receiver to x, and returns the receiver.
Set(x Element) Element
// Copy returns a new element equal to the receiver.
Copy() Element
// IsIdentity returns true if the receiver is the identity element of the
// group.
IsIdentity() bool
// IsEqual returns true if the receiver is equal to x.
IsEqual(x Element) bool
// CMov sets the receiver to x if b=1; the receiver is unmodified if b=0;
// otherwise panics if b is not 0 or 1. In all the cases, it returns the
// receiver.
CMov(b int, x Element) Element
// CSelect sets the receiver to x if b=1; sets the receiver to y if b=0;
// otherwise panics if b is not 0 or 1. In all the cases, it returns the
// receiver.
CSelect(b int, x, y Element) Element
// Add sets the receiver to x + y, and returns the receiver.
Add(x, y Element) Element
// Dbl sets the receiver to 2 * x, and returns the receiver.
Dbl(x Element) Element
// Neg sets the receiver to -x, and returns the receiver.
Neg(x Element) Element
// Mul sets the receiver to s * x, and returns the receiver.
Mul(x Element, s Scalar) Element
// MulGen sets the receiver to s * Generator(), and returns the receiver.
MulGen(s Scalar) Element
// BinaryMarshaler returns a byte representation of the element.
encoding.BinaryMarshaler
// BinaryUnmarshaler recovers an element from a byte representation
// produced either by encoding.BinaryMarshaler or MarshalBinaryCompress.
encoding.BinaryUnmarshaler
// MarshalBinaryCompress returns a byte representation of an element in a
// compact form whenever the group supports it; otherwise, returns the
// same byte representation produced by encoding.BinaryMarshaler.
MarshalBinaryCompress() ([]byte, error)
}
Group represents an additive prime-order group based on elliptic curves.
type Group interface {
Params() *Params // Params returns parameters for the group
// Creates an element of the group set to the identity of the group.
NewElement() Element
// Creates a scalar of the group set to zero.
NewScalar() Scalar
// Creates an element of the group set to the identity of the group.
Identity() Element
// Creates an element of the group set to the generator of the group.
Generator() Element
// Returns a scalar set to the group order.
Order() Scalar
// RandomElement creates an element chosen at random (using randomness
// from rnd) from the set of group elements. Use crypto/rand.Reader as
// a cryptographically secure random number generator
RandomElement(rnd io.Reader) Element
// RandomScalar creates a scalar chosen at random (using randomness
// from rnd) from the set of group scalars. Use crypto/rand.Reader as
// a cryptographically secure random number generator
RandomScalar(rnd io.Reader) Scalar
// RandomNonZeroScalar creates a scalar chosen at random (using randomness
// from rnd) from the set of group scalars. Use crypto/rand.Reader as
// a cryptographically secure random number generator. It is guaranteed
// the scalar is not zero.
RandomNonZeroScalar(io.Reader) Scalar
// HashToElement hashes a message (msg) using a domain separation string
// (dst) producing a group element with uniform distribution.
HashToElement(msg, dst []byte) Element
// HashToElementNonUniform hashes a message (msg) using a domain separation
// string (dst) producing a group element with nonuniform distribution.
HashToElementNonUniform(msg, dst []byte) Element
// HashToScalar hashes a message (msg) using a domain separation string
// (dst) producing a group scalar with uniform distribution.
HashToScalar(msg, dst []byte) Scalar
}
var (
// P256 is the group generated by P-256 elliptic curve.
P256 Group = wG{elliptic.P256()}
// P384 is the group generated by P-384 elliptic curve.
P384 Group = wG{p384.P384()}
// P521 is the group generated by P-521 elliptic curve.
P521 Group = wG{elliptic.P521()}
)
Ristretto255 is a quotient group generated from the edwards25519 curve.
var Ristretto255 Group = ristrettoGroup{}
Params stores the size in bytes of elements and scalars.
type Params struct {
ElementLength uint // Length in bytes of an element.
CompressedElementLength uint // Length in bytes of a compressed element.
ScalarLength uint // Length in bytes of a scalar.
}
Scalar represents a scalar of a prime-order group.
type Scalar interface {
// Returns the group that the scalar belongs to.
Group() Group
// Set the receiver to x, and returns the receiver.
Set(x Scalar) Scalar
// Copy returns a new scalar equal to the receiver.
Copy() Scalar
// IsZero returns true if the receiver is equal to zero.
IsZero() bool
// IsEqual returns true if the receiver is equal to x.
IsEqual(x Scalar) bool
// SetUint64 sets the receiver to x, and returns the receiver.
SetUint64(x uint64) Scalar
// SetBigInt sets the receiver to x, and returns the receiver.
// Warning: operations on big.Int are not constant time. Do not use them
// for cryptography unless you're sure it's safe in your use-case.
SetBigInt(b *big.Int) Scalar
// CMov sets the receiver to x if b=1; the receiver is unmodified if b=0;
// otherwise panics if b is not 0 or 1. In all the cases, it returns the
// receiver.
CMov(b int, x Scalar) Scalar
// CSelect sets the receiver to x if b=1; sets the receiver to y if b=0;
// otherwise panics if b is not 0 or 1. In all the cases, it returns the
// receiver.
CSelect(b int, x, y Scalar) Scalar
// Add sets the receiver to x + y, and returns the receiver.
Add(x, y Scalar) Scalar
// Sub sets the receiver to x - y, and returns the receiver.
Sub(x, y Scalar) Scalar
// Mul sets the receiver to x * y, and returns the receiver.
Mul(x, y Scalar) Scalar
// Neg sets the receiver to -x, and returns the receiver.
Neg(x Scalar) Scalar
// Inv sets the receiver to 1/x, and returns the receiver.
Inv(x Scalar) Scalar
// BinaryMarshaler returns a byte representation of the scalar.
encoding.BinaryMarshaler
// BinaryUnmarshaler recovers a scalar from a byte representation produced
// by encoding.BinaryMarshaler.
encoding.BinaryUnmarshaler
}