Element of prime-order elliptic curve group. More...
#include <point_255.hxx>
Inheritance diagram for decaf::Ristretto::Point:
Public Types | |
| typedef decaf_255_point_t | Wrapped |
| Wrapped C type. | |
Public Member Functions | |
| Point (const Wrapped &q=decaf_255_point_identity) DECAF_NOEXCEPT | |
| Constructor sets to identity by default. | |
| Point (const Point &q) DECAF_NOEXCEPT | |
| Copy constructor. | |
| Point & | operator= (const Point &q) DECAF_NOEXCEPT |
| Assignment. | |
| ~Point () DECAF_NOEXCEPT | |
| Destructor securely zeorizes the point. | |
| Point (Rng &rng, bool uniform=true) DECAF_NOEXCEPT | |
| Construct from RNG. | |
| Point (const FixedBlock< SER_BYTES > &buffer, bool allow_identity=true) | |
| Initialize from a fixed-length byte string. | |
| decaf_error_t DECAF_WARN_UNUSED | decode (const FixedBlock< SER_BYTES > &buffer, bool allow_identity=true) DECAF_NOEXCEPT |
| Initialize from C++ fixed-length byte string. | |
| decaf_error_t DECAF_WARN_UNUSED | decode_like_eddsa_and_mul_by_ratio_noexcept (const FixedBlock< DECAF_EDDSA_25519_PUBLIC_BYTES > &buffer) DECAF_NOEXCEPT |
| Initialize from C++ fixed-length byte string, like EdDSA. | |
| void | decode_like_eddsa_and_mul_by_ratio (const FixedBlock< DECAF_EDDSA_25519_PUBLIC_BYTES > &buffer) |
| Decode from EDDSA, multiply by EDDSA_DECODE_RATIO, and ignore any remaining cofactor information. | |
| SecureBuffer | mul_by_ratio_and_encode_like_eddsa () const |
| Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA. | |
| void | mul_by_ratio_and_encode_like_eddsa (FixedBuffer< DECAF_EDDSA_25519_PUBLIC_BYTES > &out) const |
| Multiply by EDDSA_ENCODE_RATIO and encode like EdDSA. | |
| SecureBuffer | mul_by_ratio_and_encode_like_ladder () const |
| Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448. | |
| void | mul_by_ratio_and_encode_like_ladder (FixedBuffer< LADDER_BYTES > &out) const |
| Multiply by LADDER_ENCODE_RATIO and encode like X25519/X448. | |
| void | set_to_hash (const Block &s) DECAF_NOEXCEPT |
| Map to the curve from a hash buffer. | |
| operator SecureBuffer () const | |
| Encode to string. | |
| size_t | ser_size () const DECAF_NOEXCEPT |
| Serializable instance. | |
| void | serialize_into (unsigned char *buffer) const DECAF_NOEXCEPT |
| Serializable instance. | |
| Point | operator+ (const Point &q) const DECAF_NOEXCEPT |
| Point add. | |
| Point & | operator+= (const Point &q) DECAF_NOEXCEPT |
| Point add. | |
| Point | operator- (const Point &q) const DECAF_NOEXCEPT |
| Point subtract. | |
| Point & | operator-= (const Point &q) DECAF_NOEXCEPT |
| Point subtract. | |
| Point | operator- () const DECAF_NOEXCEPT |
| Point negate. | |
| Point | times_two () const DECAF_NOEXCEPT |
| Double the point out of place. | |
| Point & | double_in_place () DECAF_NOEXCEPT |
| Double the point in place. | |
| bool | operator!= (const Point &q) const DECAF_NOEXCEPT |
| Constant-time compare. | |
| bool | operator== (const Point &q) const DECAF_NOEXCEPT |
| Constant-time compare. | |
| Point | operator* (const Scalar &s) const DECAF_NOEXCEPT |
| Scalar multiply. | |
| Point & | operator*= (const Scalar &s) DECAF_NOEXCEPT |
| Scalar multiply in place. | |
| Point | operator/ (const Scalar &s) const |
| Multiply by s.inverse(). | |
| Point & | operator/= (const Scalar &s) |
| Multiply by s.inverse(). | |
| bool | validate () const DECAF_NOEXCEPT |
| Validate / sanity check. | |
| void | dual_scalarmul (Point &q1, Point &q2, const Scalar &r1, const Scalar &r2) const DECAF_NOEXCEPT |
| Dual-scalar multiply, equivalent to this*r1, this*r2 but faster. | |
| Point | non_secret_combo_with_base (const Scalar &s, const Scalar &s_base) DECAF_NOEXCEPT |
| Double-scalar multiply: this point by the first scalar and base by the second scalar. | |
| Point | debugging_torque () const DECAF_NOEXCEPT |
| Return a point equal to *this, whose internal data is rotated by a torsion element. | |
| Point | debugging_pscale (const FixedBlock< SER_BYTES > factor) const DECAF_NOEXCEPT |
| Return a point equal to *this, whose internal data has a modified representation. | |
| Point | debugging_pscale (Rng &r) const DECAF_NOEXCEPT |
| Return a point equal to *this, whose internal data has a randomized representation. | |
| decaf_error_t | invert_elligator (Buffer buf, uint32_t hint) const DECAF_NOEXCEPT |
| Modify buffer so that Point::from_hash(Buffer) == *this, and return DECAF_SUCCESS; or leave buf unmodified and return DECAF_FAILURE. | |
| SecureBuffer | steg_encode (Rng &rng) const |
| Steganographically encode this. | |
 Public Member Functions inherited from decaf::Serializable< Point > | |
| size_t | ser_size () const DECAF_NOEXCEPT |
| Return the number of bytes needed to serialize this object. | |
| void | serialize_into (unsigned char *buf) const DECAF_NOEXCEPT |
| Serialize this object into a buffer. | |
| SecureBuffer | serialize () const |
| Serialize this object into a SecureBuffer and return it. | |
Static Public Member Functions | |
| static Point | from_hash (const Block &s) DECAF_NOEXCEPT |
| Map uniformly to the curve from a hash buffer. | |
| static Point | double_scalarmul (const Point &q, const Scalar &qs, const Point &r, const Scalar &rs) DECAF_NOEXCEPT |
| Double-scalar multiply, equivalent to q*qs + r*rs but faster. | |
| static Point | double_scalarmul (const Scalar &qs, const Point &q, const Scalar &rs, const Point &r) DECAF_NOEXCEPT |
| Double-scalar multiply, equivalent to q*qs + r*rs but faster. | |
| static const Point | base () DECAF_NOEXCEPT |
| Return the base point of the curve. | |
| static const Point | identity () DECAF_NOEXCEPT |
| Return the identity point of the curve. | |
Public Attributes | |
| Wrapped | p |
| The c-level object. | |
Static Public Attributes | |
| static const size_t | SER_BYTES = DECAF_255_SER_BYTES |
| Size of a serialized element. | |
| static const size_t | HASH_BYTES = DECAF_255_HASH_BYTES |
| Bytes required for hash. | |
| static const size_t | EDDSA_BYTES = DECAF_EDDSA_25519_PUBLIC_BYTES |
| Bytes required for EdDSA encoding. | |
| static const size_t | LADDER_BYTES = DECAF_X25519_PUBLIC_BYTES |
| Bytes required for EdDSA encoding. | |
| static const int | EDDSA_ENCODE_RATIO = DECAF_255_EDDSA_ENCODE_RATIO |
| Ratio due to EdDSA encoding. | |
| static const int | EDDSA_DECODE_RATIO = DECAF_255_EDDSA_DECODE_RATIO |
| Ratio due to EdDSA decoding. | |
| static const int | LADDER_ENCODE_RATIO = DECAF_X25519_ENCODE_RATIO |
| Ratio due to ladder decoding. | |
| static const size_t | STEG_BYTES = HASH_BYTES * 2 |
| Size of a steganographically-encoded curve element. | |
| static const unsigned int | INVERT_ELLIGATOR_WHICH_BITS = DECAF_255_INVERT_ELLIGATOR_WHICH_BITS |
| Number of bits in invert_elligator which are actually used. | |
Detailed Description
Element of prime-order elliptic curve group.
Constructor & Destructor Documentation
◆ Point()
|
inlineexplicit |
Initialize from a fixed-length byte string.
The all-zero string maps to the identity.
- Exceptions
-
CryptoException the string was the wrong length, or wasn't the encoding of a point, or was the identity and allow_identity was DECAF_FALSE.
Member Function Documentation
◆ decode()
|
inline |
Initialize from C++ fixed-length byte string.
The all-zero string maps to the identity.
- Return values
-
DECAF_SUCCESS the string was successfully decoded.
- Returns
- DECAF_FAILURE the string was the wrong length, or wasn't the encoding of a point, or was the identity and allow_identity was DECAF_FALSE. Contents of the buffer are undefined.
◆ decode_like_eddsa_and_mul_by_ratio()
|
inline |
Decode from EDDSA, multiply by EDDSA_DECODE_RATIO, and ignore any remaining cofactor information.
- Exceptions
-
CryptoException if the input point was invalid.
◆ decode_like_eddsa_and_mul_by_ratio_noexcept()
|
inline |
Initialize from C++ fixed-length byte string, like EdDSA.
The all-zero string maps to the identity.
- Return values
-
DECAF_SUCCESS the string was successfully decoded.
- Returns
- DECAF_FAILURE the string was the wrong length, or wasn't the encoding of a point. Contents of the point are undefined.
◆ double_scalarmul()
|
inlinestatic |
Double-scalar multiply, equivalent to q*qs + r*rs but faster.
For those who like their scalars before the point.
◆ from_hash()
Map uniformly to the curve from a hash buffer.
The empty or all-zero string maps to the identity, as does the string "\\x01". If the buffer is shorter than 2*HASH_BYTES, well, it won't be as uniform, but the buffer will be zero-padded on the right.
◆ non_secret_combo_with_base()
|
inline |
Double-scalar multiply: this point by the first scalar and base by the second scalar.
- Warning
- This function takes variable time, and may leak the scalars (or points, but currently it doesn't).
◆ operator SecureBuffer()
|
inline |
Encode to string.
The identity encodes to the all-zero string.
◆ operator/()
Multiply by s.inverse().
If s=0, maps to the identity.
◆ operator/=()
Multiply by s.inverse().
If s=0, maps to the identity.
◆ set_to_hash()
Map to the curve from a hash buffer.
The empty or all-zero string maps to the identity, as does the string "\\x01". If the buffer is shorter than 2*HASH_BYTES, well, it won't be as uniform, but the buffer will be zero-padded on the right.
Member Data Documentation
◆ STEG_BYTES
|
static |
Size of a steganographically-encoded curve element.
If the point is random, the encoding should look statistically close to a uniformly-random sequnece of STEG_BYTES bytes.
The documentation for this class was generated from the following file:
- src/GENERATED/include/decaf/point_255.hxx
