Group operations over Edwards25519.
Functions
fn clampedMul(p: Edwards25519, s: [32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519
Multiply an Edwards25519 point by a scalar after “clamping” it. Clamping forces…
Multiply an Edwards25519 point by a scalar after “clamping” it. Clamping forces the scalar to be a multiple of the cofactor in order to prevent small subgroups attacks. This is strongly recommended for DH operations. Return error.WeakPublicKey if the resulting point is the identity element.
fn elligator2(r: Fe) struct { x: Fe, y: Fe, not_square: bool, }
Elligator2 map - Returns Montgomery affine coordinates
fn fromBytes(s: [encoded_length]u8) EncodingError!Edwards25519
Decode an Edwards25519 point from its compressed (Y+sign) coordinates.
fn fromString(comptime random_oracle: bool, ctx: []const u8, s: []const u8) Edwards25519
Hash a context
ctx
and a strings
into an Edwards25519 pointHash a context
ctx
and a strings
into an Edwards25519 pointThis function implements the edwards25519_XMD:SHA-512_ELL2_RO_ and edwards25519_XMD:SHA-512_ELL2_NU_ methods from the “Hashing to Elliptic Curves” standard document.
Although not strictly required by the standard, it is recommended to avoid NUL characters in the context in order to be compatible with other implementations.
fn mul(p: Edwards25519, s: [32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519
Multiply an Edwards25519 point by a scalar without clamping it. Return error.We…
Multiply an Edwards25519 point by a scalar without clamping it. Return error.WeakPublicKey if the base generates a small-order group, and error.IdentityElement if the result is the identity element.
fn mulDoubleBasePublic(p1: Edwards25519, s1: [32]u8, p2: Edwards25519, s2: [32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519
Double-base multiplication of public parameters - Compute (p1s1)+(p2s2) *IN VA…
Double-base multiplication of public parameters - Compute (p1s1)+(p2s2) IN VARIABLE TIME This can be used for signature verification.
fn mulMulti(comptime count: usize, ps: [count]Edwards25519, ss: [count][32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519
Multiscalar multiplication IN VARIABLE TIME for public data Computes ps0*ss0 …
Multiscalar multiplication IN VARIABLE TIME for public data Computes ps0ss0 + ps1ss1 + ps2*ss2… faster than doing many of these operations individually
fn mulPublic(p: Edwards25519, s: [32]u8) IdentityElementError || WeakPublicKeyError!Edwards25519
Multiply an Edwards25519 point by a PUBLIC scalar IN VARIABLE TIME This can…
Multiply an Edwards25519 point by a PUBLIC scalar IN VARIABLE TIME This can be used for signature verification.
fn rejectLowOrder(p: Edwards25519) WeakPublicKeyError!void
Check that the point does not generate a low-order group. Return a `WeakPublicK…
Check that the point does not generate a low-order group. Return a
WeakPublicKey
error if it does.fn rejectNonCanonical(s: [32]u8) NonCanonicalError!void
Check that the encoding of a point is canonical.
Values
basePoint | Edwards25519 | The edwards25519 base point. |
encoded_length | usize | Length in bytes of a compressed representation of a point. |
identityElement | Edwards25519 |