doppio icon indicating copy to clipboard operation
doppio copied to clipboard

Published 20 hours ago verified publisher icon dalek-cryptography

Add group ops

Open cathieyun opened this issue 5 years ago • 1 comments

Added skeleton for group ops.

  • Addition formula from section 3.1, a=-1 special case in https://eprint.iacr.org/2008/522.pdf
  • Naive doubling and subtraction formulas

TODO (next PR?):

  • actually get the right value for EDWARDS_D (waiting on field arithmetic code to be implemented)

cathieyun avatar Apr 09 '19 06:04 cathieyun

Eventually we want to have impl From<[u8;32]> for EdwardsPoint and impl Into<[u8;32]> for EdwardsPoint (ie define a serialization format) but for the moment, to do testing, we could add a function that takes a y value and a sign and tries to solve for (x,y) using the sign parameter to distinguish between the two possible solutions (if there are any; if not we should return None). The x-recovery will probably be similar to the Ed25519 case, except that we need to check how to compute square roots of a ratio in the Doppio base field.

Alternately, we could try generating a single point in Sage and hardcoding it (and do the x-coordinate recovery later).

hdevalence avatar May 25 '19 00:05 hdevalence