diff options
| author | vojtechsu | 2023-11-09 13:52:24 +0100 |
|---|---|---|
| committer | vojtechsu | 2023-11-09 13:52:24 +0100 |
| commit | 2e64f22c3c388b4765893c729713fcaf0937f14a (patch) | |
| tree | 555a2617ebba2372d65bcb7853d94f2c8cfebf46 /docs/libraries.rst | |
| parent | 6685b6306d94d99421ca713b41f440324fc3476d (diff) | |
| download | pyecsca-2e64f22c3c388b4765893c729713fcaf0937f14a.tar.gz pyecsca-2e64f22c3c388b4765893c729713fcaf0937f14a.tar.zst pyecsca-2e64f22c3c388b4765893c729713fcaf0937f14a.zip | |
Diffstat (limited to 'docs/libraries.rst')
| -rw-r--r-- | docs/libraries.rst | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/docs/libraries.rst b/docs/libraries.rst index cd38a70..7108478 100644 --- a/docs/libraries.rst +++ b/docs/libraries.rst @@ -899,6 +899,98 @@ SunEC Go == +| Version: ``go1.21.4`` +| Repository: https://github.com/golang/go +| Docs: + +Primitives +---------- + +ECDH, ECDSA over P-224, P-256, P-384 and P-521. +Ed25519, X25519 + +ECDH +^^^^ + +KeyGen: + - `Fixed 4-bit window with precomputation <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/nistec/p224.go#L412>`__ with precomputation (link points to P-224, but others are the same) via ``privateKeyToPublicKey -> ScalarBaseMult`` + - Projective `add-2015-rcb <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/nistec/p224.go#L215>`__ + +Derive: + - `Fixed 4-bit window <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/nistec/p224.go#L342>`__ via ``ecdh -> ScalarMult``. + - Same formulas as in Keygen. + +Also supports constant-time, 64-bit assembly implementation of P256 described in https://eprint.iacr.org/2013/816.pdf + +ECDSA +^^^^^ + +KeyGen: + - Same as ECDH KeyGen via ``ecdsa.go:GenerateKey -> generateNISTEC -> randomPoint -> ScalarBaseMult``. + +Sign: + - Same as KeyGen via ``ecdsa.go:SignASN1 -> signNISTEC -> randomPoint -> ScalarBaseMult``. + +Verify: + - Two separate scalar multiplications ``ScalarBaseMult`` (same as KeyGen) and ``ScalarMult`` (same as ECDH Derive) via ``ecdsa.go:VerifyASN1 -> verifyNISTEC``. + +X25519 +^^^^^^ + +KeyGen: + - `Ladder <https://github.com/golang/go/blob/go1.21.4/src/crypto/ecdh/x25519.go#L54>`__ via ``privateKeyToPublicKey -> x25519ScalarMult``. + - xz with the following formula:: + + t0 = X3-Z3 + t1 = X2-Z2 + X2 = X2+Z2 + Z2 = X3+Z3 + Z3 = t0*X2 + Z2 = Z2*t1 + t0 = t1^2 + t1 = X2^2 + X3 = Z3+Z2 + Z2 = Z3-Z2 + X2 = t1*t0 + t1 = t1-t0 + Z2 = Z2^2 + X3 = X3^2 + t0 = t0+Z3 + Z3 = X1*Z2 + Z2 = t1*t0 + +Derive: + - Same as KeyGen via ``x25519.go:ecdh -> x25519ScalarMult``. + +Ed25519 +^^^^^^^ + +KeyGen: + - Pippenger's signed 4-bit method with precomputation via ``ed25519.go:GenerateKey -> NewKeyFromSeed -> newKeyFromSeed -> ScalarBaseMult``. + - `Extended coordinates <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/edwards25519/edwards25519.go#L28>`__ mixed with `y-x,y+x,2dxy <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/edwards25519/edwards25519.go#L52>`__ coordinates + - `AddAffine <https://github.com/golang/go/blob/go1.21.4/src/crypto/internal/edwards25519/edwards25519.go#L312>`__ (and similar SubAffine):: + + YplusX.Add(&p.y, &p.x) + YminusX.Subtract(&p.y, &p.x) + + PP.Multiply(&YplusX, &q.YplusX) + MM.Multiply(&YminusX, &q.YminusX) + TT2d.Multiply(&p.t, &q.T2d) + + Z2.Add(&p.z, &p.z) + + v.X.Subtract(&PP, &MM) + v.Y.Add(&PP, &MM) + v.Z.Add(&Z2, &TT2d) + v.T.Subtract(&Z2, &TT2d) + +Sign: + - Same as Keygen via ``ed25519.go: Sign -> sign -> ScalarBaseMult``. + +Verify: + - Bos-Coster method via ``ed25519.go: Verify -> verify -> VarTimeDoubleScalarBaseMult``. + - Same coordinates and formulas as in Keygen. + libgcrypt ========= |