libdecaf
|
Element of prime-order elliptic curve group. More...
Public Types | |
typedef decaf_255_point_t | Wrapped |
Wrapped C type. | |
Public Member Functions | |
Point (const Wrapped &q=decaf_255_point_identity) DECAF_NOEXCEPT | |
Constructor sets to identity by default. More... | |
Point (const Point &q) DECAF_NOEXCEPT | |
Copy constructor. More... | |
Point & | operator= (const Point &q) DECAF_NOEXCEPT |
Assignment. More... | |
~Point () DECAF_NOEXCEPT | |
Destructor securely zeorizes the point. More... | |
Point (Rng &rng, bool uniform=true) DECAF_NOEXCEPT | |
Construct from RNG. | |
Point (const FixedBlock< SER_BYTES > &buffer, bool allow_identity=true) | |
Initialize from a fixed-length byte string. More... | |
decaf_error_t DECAF_WARN_UNUSED | decode (const FixedBlock< SER_BYTES > &buffer, bool allow_identity=true) DECAF_NOEXCEPT |
Initialize from C++ fixed-length byte string. More... | |
decaf_error_t DECAF_WARN_UNUSED | decode_like_eddsa_and_mul_by_ratio_noexcept (const FixedBlock< DECAF_EDDSA_25519_PUBLIC_BYTES > &buffer) DECAF_NOEXCEPT |
Initialize from C++ fixed-length byte string, like EdDSA. More... | |
void | decode_like_eddsa_and_mul_by_ratio (const FixedBlock< DECAF_EDDSA_25519_PUBLIC_BYTES > &buffer) |
Decode from EDDSA, multiply by EDDSA_DECODE_RATIO, and ignore any remaining cofactor information. More... | |
SecureBuffer | mul_by_ratio_and_encode_like_eddsa () const |
Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA. More... | |
void | mul_by_ratio_and_encode_like_eddsa (FixedBuffer< DECAF_EDDSA_25519_PUBLIC_BYTES > &out) const |
Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA. More... | |
SecureBuffer | mul_by_ratio_and_encode_like_ladder () const |
Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448. More... | |
void | mul_by_ratio_and_encode_like_ladder (FixedBuffer< LADDER_BYTES > &out) const |
Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448. More... | |
void | set_to_hash (const Block &s) DECAF_NOEXCEPT |
Map to the curve from a hash buffer. More... | |
operator SecureBuffer () const | |
Encode to string. More... | |
size_t | ser_size () const DECAF_NOEXCEPT |
Serializable instance. | |
void | serialize_into (unsigned char *buffer) const DECAF_NOEXCEPT |
Serializable instance. | |
Point | operator+ (const Point &q) const DECAF_NOEXCEPT |
Point add. More... | |
Point & | operator+= (const Point &q) DECAF_NOEXCEPT |
Point add. More... | |
Point | operator- (const Point &q) const DECAF_NOEXCEPT |
Point subtract. More... | |
Point & | operator-= (const Point &q) DECAF_NOEXCEPT |
Point subtract. More... | |
Point | operator- () const DECAF_NOEXCEPT |
Point negate. More... | |
Point | times_two () const DECAF_NOEXCEPT |
Double the point out of place. More... | |
Point & | double_in_place () DECAF_NOEXCEPT |
Double the point in place. More... | |
bool | operator!= (const Point &q) const DECAF_NOEXCEPT |
Constant-time compare. More... | |
bool | operator== (const Point &q) const DECAF_NOEXCEPT |
Constant-time compare. More... | |
Point | operator* (const Scalar &s) const DECAF_NOEXCEPT |
Scalar multiply. More... | |
Point & | operator*= (const Scalar &s) DECAF_NOEXCEPT |
Scalar multiply in place. More... | |
Point | operator/ (const Scalar &s) const |
Multiply by s.inverse(). More... | |
Point & | operator/= (const Scalar &s) |
Multiply by s.inverse(). More... | |
bool | validate () const DECAF_NOEXCEPT |
Validate / sanity check. | |
void | dual_scalarmul (Point &q1, Point &q2, const Scalar &r1, const Scalar &r2) const DECAF_NOEXCEPT |
Dual-scalar multiply, equivalent to this*r1, this*r2 but faster. More... | |
Point | non_secret_combo_with_base (const Scalar &s, const Scalar &s_base) DECAF_NOEXCEPT |
Double-scalar multiply: this point by the first scalar and base by the second scalar. More... | |
Point | debugging_torque () const DECAF_NOEXCEPT |
Return a point equal to *this, whose internal data is rotated by a torsion element. More... | |
Point | debugging_pscale (const FixedBlock< SER_BYTES > factor) const DECAF_NOEXCEPT |
Return a point equal to *this, whose internal data has a modified representation. More... | |
Point | debugging_pscale (Rng &r) const DECAF_NOEXCEPT |
Return a point equal to *this, whose internal data has a randomized representation. More... | |
decaf_error_t | invert_elligator (Buffer buf, uint32_t hint) const DECAF_NOEXCEPT |
Modify buffer so that Point::from_hash(Buffer) == *this, and return DECAF_SUCCESS; or leave buf unmodified and return DECAF_FAILURE. | |
SecureBuffer | steg_encode (Rng &rng, size_t size=STEG_BYTES) const |
Steganographically encode this. | |
![]() | |
size_t | ser_size () const DECAF_NOEXCEPT |
Return the number of bytes needed to serialize this object. | |
void | serialize_into (unsigned char *buf) const DECAF_NOEXCEPT |
Serialize this object into a buffer. | |
SecureBuffer | serialize () const |
Serialize this object into a SecureBuffer and return it. | |
Static Public Member Functions | |
static Point | from_hash (const Block &s) DECAF_NOEXCEPT |
Map uniformly to the curve from a hash buffer. More... | |
static Point | double_scalarmul (const Point &q, const Scalar &qs, const Point &r, const Scalar &rs) DECAF_NOEXCEPT |
Double-scalar multiply, equivalent to q*qs + r*rs but faster. More... | |
static Point | double_scalarmul (const Scalar &qs, const Point &q, const Scalar &rs, const Point &r) DECAF_NOEXCEPT |
Double-scalar multiply, equivalent to q*qs + r*rs but faster. More... | |
static const Point | base () DECAF_NOEXCEPT |
Return the base point of the curve. More... | |
static const Point | identity () DECAF_NOEXCEPT |
Return the identity point of the curve. More... | |
Public Attributes | |
Wrapped | p |
The c-level object. More... | |
Static Public Attributes | |
static const size_t | SER_BYTES = DECAF_255_SER_BYTES |
Size of a serialized element. | |
static const size_t | HASH_BYTES = DECAF_255_HASH_BYTES |
Bytes required for hash. | |
static const size_t | EDDSA_BYTES = DECAF_EDDSA_25519_PUBLIC_BYTES |
Bytes required for EdDSA encoding. | |
static const size_t | LADDER_BYTES = DECAF_X25519_PUBLIC_BYTES |
Bytes required for EdDSA encoding. | |
static const int | EDDSA_ENCODE_RATIO = DECAF_255_EDDSA_ENCODE_RATIO |
Ratio due to EdDSA encoding. | |
static const int | EDDSA_DECODE_RATIO = DECAF_255_EDDSA_DECODE_RATIO |
Ratio due to EdDSA decoding. | |
static const int | LADDER_ENCODE_RATIO = DECAF_X25519_ENCODE_RATIO |
Ratio due to ladder decoding. | |
static const size_t | STEG_BYTES = HASH_BYTES * 2 |
Size of a steganographically-encoded curve element. More... | |
static const unsigned int | INVERT_ELLIGATOR_WHICH_BITS = DECAF_255_INVERT_ELLIGATOR_WHICH_BITS |
Number of bits in invert_elligator which are actually used. More... | |
Element of prime-order elliptic curve group.
|
inline |
Constructor sets to identity by default.
|
inline |
Copy constructor.
|
inline |
Destructor securely zeorizes the point.
|
inlineexplicit |
Initialize from a fixed-length byte string.
The all-zero string maps to the identity.
CryptoException | the string was the wrong length, or wasn't the encoding of a point, or was the identity and allow_identity was DECAF_FALSE. |
|
inlinestatic |
Return the base point of the curve.
|
inline |
Return a point equal to *this, whose internal data has a modified representation.
Return a point equal to *this, whose internal data has a randomized representation.
|
inline |
Return a point equal to *this, whose internal data is rotated by a torsion element.
|
inline |
Initialize from C++ fixed-length byte string.
The all-zero string maps to the identity.
DECAF_SUCCESS | the string was successfully decoded. |
|
inline |
Decode from EDDSA, multiply by EDDSA_DECODE_RATIO, and ignore any remaining cofactor information.
CryptoException | if the input point was invalid. |
|
inline |
Initialize from C++ fixed-length byte string, like EdDSA.
The all-zero string maps to the identity.
DECAF_SUCCESS | the string was successfully decoded. |
|
inline |
Double the point in place.
|
inlinestatic |
Double-scalar multiply, equivalent to q*qs + r*rs but faster.
|
inlinestatic |
Double-scalar multiply, equivalent to q*qs + r*rs but faster.
For those who like their scalars before the point.
|
inline |
Dual-scalar multiply, equivalent to this*r1, this*r2 but faster.
Map uniformly to the curve from a hash buffer.
The empty or all-zero string maps to the identity, as does the string "\\x01". If the buffer is shorter than 2*HASH_BYTES, well, it won't be as uniform, but the buffer will be zero-padded on the right.
|
inlinestatic |
Return the identity point of the curve.
|
inline |
Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA.
|
inline |
Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA.
|
inline |
Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448.
|
inline |
Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448.
|
inline |
Double-scalar multiply: this point by the first scalar and base by the second scalar.
|
inline |
Encode to string.
The identity encodes to the all-zero string.
|
inline |
Constant-time compare.
Multiply by s.inverse().
If s=0, maps to the identity.
Multiply by s.inverse().
If s=0, maps to the identity.
|
inline |
Constant-time compare.
|
inline |
Map to the curve from a hash buffer.
The empty or all-zero string maps to the identity, as does the string "\\x01". If the buffer is shorter than 2*HASH_BYTES, well, it won't be as uniform, but the buffer will be zero-padded on the right.
|
inline |
Double the point out of place.
|
static |
Number of bits in invert_elligator which are actually used.
Wrapped decaf::Ristretto::Point::p |
The c-level object.
|
static |
Size of a steganographically-encoded curve element.
If the point is random, the encoding should look statistically close to a uniformly-random sequnece of STEG_BYTES bytes.