当前位置: 首页>>代码示例>>Golang>>正文


Golang Int.Neg方法代码示例

本文整理汇总了Golang中github.com/dedis/crypto/nist.Int.Neg方法的典型用法代码示例。如果您正苦于以下问题:Golang Int.Neg方法的具体用法?Golang Int.Neg怎么用?Golang Int.Neg使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在github.com/dedis/crypto/nist.Int的用法示例。


在下文中一共展示了Int.Neg方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: decodePoint

// Decode an Edwards curve point into the given x,y coordinates.
// Returns an error if the input does not denote a valid curve point.
// Note that this does NOT check if the point is in the prime-order subgroup:
// an adversary could create an encoding denoting a point
// on the twist of the curve, or in a larger subgroup.
// However, the "safecurves" criteria (http://safecurves.cr.yp.to)
// ensure that none of these other subgroups are small
// other than the tiny ones represented by the cofactor;
// hence Diffie-Hellman exchange can be done without subgroup checking
// without exposing more than the least-significant bits of the scalar.
func (c *curve) decodePoint(bb []byte, x, y *nist.Int) error {

	// Convert from little-endian
	//fmt.Printf("decoding:\n%s\n", hex.Dump(bb))
	b := make([]byte, len(bb))
	util.Reverse(b, bb)

	// Extract the sign of the x-coordinate
	xsign := uint(b[0] >> 7)
	b[0] &^= 0x80

	// Extract the y-coordinate
	y.V.SetBytes(b)
	y.M = &c.P

	// Compute the corresponding x-coordinate
	if !c.solveForX(x, y) {
		return errors.New("invalid elliptic curve point")
	}
	if c.coordSign(x) != xsign {
		x.Neg(x)
	}

	return nil
}
开发者ID:LegoShrimp,项目名称:crypto,代码行数:35,代码来源:curve.go

示例2: HideEncode

// Elligator 2 reverse-map from point to uniform representative.
// Returns nil if point has no uniform representative.
// See section 5.3 of the Elligator paper.
func (el *el2param) HideEncode(P point, rand cipher.Stream) []byte {
	edx, edy := P.getXY()
	var x, y, r, xpA, t1 nist.Int

	// convert Edwards to Montgomery coordinates
	el.ed2mont(&x, &y, edx, edy)

	// condition 1: x != -A
	if x.Equal(&el.negA) {
		return nil // x = -A, no representative
	}

	// condition 2: if y=0, then x=0
	if y.V.Sign() == 0 && x.V.Sign() != 0 {
		return nil // y=0 but x!=0, no representative
	}

	// condition 3: -ux(x+A) is a square
	xpA.Add(&x, &el.A)
	t1.Mul(&el.u, &x).Mul(&t1, &xpA).Neg(&t1)
	if math.Jacobi(&t1.V, t1.M) < 0 {
		return nil // not a square, no representative
	}

	if y.V.Cmp(&el.pm1d2) <= 0 { // y in image of sqrt function
		r.Mul(&xpA, &el.u).Div(&x, &r)
	} else { // y not in image of sqrt function
		r.Mul(&el.u, &x).Div(&xpA, &r)
	}
	r.Neg(&r)
	el.sqrt(&r, &r)

	// Sanity check on result
	if r.V.Cmp(&el.pm1d2) > 0 {
		panic("el2: r too big")
	}

	// Map representative to a byte-string by padding the upper byte.
	// This assumes that the prime c.P is close enough to a power of 2
	// that the adversary will never notice the "missing" values;
	// this is true for the class of curves Elligator1 was designed for.
	rep, _ := r.MarshalBinary()
	padmask := el.padmask()
	if padmask != 0 {
		var pad [1]byte
		rand.XORKeyStream(pad[:], pad[:])
		rep[0] |= pad[0] & padmask
	}
	return rep
}
开发者ID:LegoShrimp,项目名称:crypto,代码行数:53,代码来源:el2.go

示例3: sqrt

// Compute the square root function,
// specified in section 5.5 of the Elligator paper.
func (el *el2param) sqrt(r, a *nist.Int) {
	var b, b2 nist.Int
	b.Exp(a, &el.pp3d8) // b = a^((p+3)/8); b in {a,-a}

	b2.Mul(&b, &b) // b^2 = a?
	if !b2.Equal(a) {
		b.Mul(&b, &el.sqrtm1) // b*sqrt(-1)
	}

	if b.V.Cmp(&el.pm1d2) > 0 { // |b|
		b.Neg(&b)
	}

	r.Set(&b)
}
开发者ID:LegoShrimp,项目名称:crypto,代码行数:17,代码来源:el2.go

示例4: HideDecode

// Elligator 2 forward-map from representative to Edwards curve point.
// Currently a straightforward, unoptimized implementation.
// See section 5.2 of the Elligator paper.
func (el *el2param) HideDecode(P point, rep []byte) {
	ec := el.ec
	var r, v, x, y, t1, edx, edy nist.Int

	l := ec.PointLen()
	if len(rep) != l {
		panic("el2Map: wrong representative length")
	}

	// Take the appropriate number of bits from the representative.
	buf := make([]byte, l)
	copy(buf, rep)
	buf[0] &^= el.padmask() // mask off the padding bits
	r.InitBytes(buf, &ec.P)

	// v = -A/(1+ur^2)
	v.Mul(&r, &r).Mul(&el.u, &v).Add(&ec.one, &v).Div(&el.negA, &v)

	// e = Chi(v^3+Av^2+Bv), where B=1 because of ed2mont equivalence
	t1.Add(&v, &el.A).Mul(&t1, &v).Add(&t1, &ec.one).Mul(&t1, &v)
	e := math.Jacobi(&t1.V, t1.M)

	// x = ev-(1-e)A/2
	if e == 1 {
		x.Set(&v)
	} else {
		x.Add(&v, &el.A).Neg(&x)
	}

	// y = -e sqrt(x^3+Ax^2+Bx), where B=1
	y.Add(&x, &el.A).Mul(&y, &x).Add(&y, &ec.one).Mul(&y, &x)
	el.sqrt(&y, &y)
	if e == 1 {
		y.Neg(&y) // -e factor
	}

	// Convert Montgomery to Edwards coordinates
	el.mont2ed(&edx, &edy, &x, &y)

	// Sanity-check
	if !ec.onCurve(&edx, &edy) {
		panic("elligator2 produced invalid point")
	}

	P.initXY(&edx.V, &edy.V, ec.self)
}
开发者ID:LegoShrimp,项目名称:crypto,代码行数:49,代码来源:el2.go

示例5: init

// Initialize a twisted Edwards curve with given parameters.
// Caller passes pointers to null and base point prototypes to be initialized.
func (c *curve) init(self abstract.Group, p *Param, fullGroup bool,
	null, base point) *curve {
	c.self = self
	c.Param = *p
	c.full = fullGroup
	c.null = null

	// Edwards curve parameters as ModInts for convenience
	c.a.Init(&p.A, &p.P)
	c.d.Init(&p.D, &p.P)

	// Cofactor
	c.cofact.Init64(int64(p.R), &c.P)

	// Determine the modulus for scalars on this curve.
	// Note that we do NOT initialize c.order with Init(),
	// as that would normalize to the modulus, resulting in zero.
	// Just to be sure it's never used, we leave c.order.M set to nil.
	// We want it to be in a ModInt so we can pass it to P.Mul(),
	// but the scalar's modulus isn't needed for point multiplication.
	if fullGroup {
		// Scalar modulus is prime-order times the ccofactor
		c.order.V.SetInt64(int64(p.R)).Mul(&c.order.V, &p.Q)
	} else {
		c.order.V.Set(&p.Q) // Prime-order subgroup
	}

	// Useful ModInt constants for this curve
	c.zero.Init64(0, &c.P)
	c.one.Init64(1, &c.P)

	// Identity element is (0,1)
	null.initXY(zero, one, self)

	// Base point B
	var bx, by *big.Int
	if !fullGroup {
		bx, by = &p.PBX, &p.PBY
	} else {
		bx, by = &p.FBX, &p.FBY
		base.initXY(&p.FBX, &p.FBY, self)
	}
	if by.Sign() == 0 {
		// No standard base point was defined, so pick one.
		// Find the lowest-numbered y-coordinate that works.
		//println("Picking base point:")
		var x, y nist.Int
		for y.Init64(2, &c.P); ; y.Add(&y, &c.one) {
			if !c.solveForX(&x, &y) {
				continue // try another y
			}
			if c.coordSign(&x) != 0 {
				x.Neg(&x) // try positive x first
			}
			base.initXY(&x.V, &y.V, self)
			if c.validPoint(base) {
				break // got one
			}
			x.Neg(&x) // try -bx
			if c.validPoint(base) {
				break // got one
			}
		}
		//println("BX: "+x.V.String())
		//println("BY: "+y.V.String())
		bx, by = &x.V, &y.V
	}
	base.initXY(bx, by, self)

	// Uniform representation encoding methods,
	// only useful when using the full group.
	// (Points taken from the subgroup would be trivially recognizable.)
	if fullGroup {
		if p.Elligator1s.Sign() != 0 {
			c.hide = new(el1param).init(c, &p.Elligator1s)
		} else if p.Elligator2u.Sign() != 0 {
			c.hide = new(el2param).init(c, &p.Elligator2u)
		}
		// XXX Elligator Squared
	}

	// Sanity checks
	if !c.validPoint(null) {
		panic("invalid identity point " + null.String())
	}
	if !c.validPoint(base) {
		panic("invalid base point " + base.String())
	}

	return c
}
开发者ID:LegoShrimp,项目名称:crypto,代码行数:93,代码来源:curve.go

示例6: pickPoint

// Pick a [pseudo-]random curve point with optional embedded data,
// filling in the point's x,y coordinates
// and returning any remaining data not embedded.
func (c *curve) pickPoint(P point, data []byte, rand cipher.Stream) []byte {

	// How much data to embed?
	dl := c.pickLen()
	if dl > len(data) {
		dl = len(data)
	}

	// Retry until we find a valid point
	var x, y nist.Int
	var Q abstract.Point
	for {
		// Get random bits the size of a compressed Point encoding,
		// in which the topmost bit is reserved for the x-coord sign.
		l := c.PointLen()
		b := make([]byte, l)
		rand.XORKeyStream(b, b) // Interpret as little-endian
		if data != nil {
			b[0] = byte(dl)       // Encode length in low 8 bits
			copy(b[1:1+dl], data) // Copy in data to embed
		}
		util.Reverse(b, b) // Convert to big-endian form

		xsign := b[0] >> 7                    // save x-coordinate sign bit
		b[0] &^= 0xff << uint(c.P.BitLen()&7) // clear high bits

		y.M = &c.P // set y-coordinate
		y.SetBytes(b)

		if !c.solveForX(&x, &y) { // Corresponding x-coordinate?
			continue // none, retry
		}

		// Pick a random sign for the x-coordinate
		if c.coordSign(&x) != uint(xsign) {
			x.Neg(&x)
		}

		// Initialize the point
		P.initXY(&x.V, &y.V, c.self)
		if c.full {
			// If we're using the full group,
			// we just need any point on the curve, so we're done.
			return data[dl:]
		}

		// We're using the prime-order subgroup,
		// so we need to make sure the point is in that subgroup.
		// If we're not trying to embed data,
		// we can convert our point into one in the subgroup
		// simply by multiplying it by the cofactor.
		if data == nil {
			P.Mul(P, &c.cofact) // multiply by cofactor
			if P.Equal(c.null) {
				continue // unlucky; try again
			}
			return data[dl:]
		}

		// Since we need the point's y-coordinate to make sense,
		// we must simply check if the point is in the subgroup
		// and retry point generation until it is.
		if Q == nil {
			Q = c.self.Point()
		}
		Q.Mul(P, &c.order)
		if Q.Equal(c.null) {
			return data[dl:]
		}

		// Keep trying...
	}
}
开发者ID:LegoShrimp,项目名称:crypto,代码行数:76,代码来源:curve.go


注:本文中的github.com/dedis/crypto/nist.Int.Neg方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。