Michael Hamburg
7527e91a56
Breaking changes!
Switch everything over to the Ristretto variant of the Decaf encoding,
for compatibility with https://github.com/isislovecruft/curve25519-dalek
and others. Documentation coming sometime at https://ristretto.group/ .
For now, suffice it to say that Ristretto has the same API and security
properties, but slightly different input and output bytes.
Also close Ticket 9, renaming "mul_by_cofactor_and_encode" functions to
"mul_by_ratio_and_encode" with an appropriate #defined ENCODE_RATIO.
This is because the base points in RFC 7748 and RFC 8032 have different
relationships with the libdecaf base points. With this change,
mul_by_ratio_and_encode'ing the base point will result in
[EDDSA|X25519|X448]_ENCODE_RATIO times the RFC 8032 EdDSA and RFC 7748
X25519|X448 base point.
Merge branch 'ristretto-work'
7 years ago
Michael Hamburg
45eb0e14d3
change the misleading mul_by_cofactor functions to mul_by_ratio, and create ENCODE_RATIO and DECODE_ratio constants to represent this
7 years ago
Michael Hamburg
637bd72662
change HISTORY.txt
7 years ago
Michael Hamburg
0c60af55fe
clear a couple todos. still have to rename the clear cofactor fns
7 years ago
Michael Hamburg
98bfcb0196
IsoE25519 is now better known as Ristretto
7 years ago
Michael Hamburg
4de924c786
Incorporate test vectors from Dalek
7 years ago
Michael Hamburg
70303957e2
toggle elligator sign back to match Dalek
7 years ago
Michael Hamburg
2bcccebd8d
expose mul_by_cofactor_and_encode_like_x, but need to adjust clearing ratios
7 years ago
Michael Hamburg
164342ebfd
inverse elligator works, but at what cost?!?!!?
7 years ago
Michael Hamburg
17347b04a7
test harness to invert elligator by brute force
7 years ago
Michael Hamburg
1a38c25d9d
CFRG crypto back to working, just need to do elligator inversion for identity on x25519
7 years ago
Michael Hamburg
2d04fa7b43
working out sign bugs; then on to invert elligator ristretto
7 years ago
Michael Hamburg
2cc6ebfb67
ed25519 ristretto inverse works except at the identity point
7 years ago
Michael Hamburg
5fc32bf1e9
elligator apparently(?) working for ed448
7 years ago
Michael Hamburg
52ca544962
update ristretto.sage to not crash on div0 for elligator (d-a)/d/u; check that these work
7 years ago
Michael Hamburg
733e67e80d
whoops, bad hex decoder
7 years ago
Michael Hamburg
c82e7ae7a7
add ristretto widget. elligator is correct, but inverse is not yet
7 years ago
Michael Hamburg
263d454903
ristretto patched in, except elligator. still need to test against vectors though
7 years ago
Michael Hamburg
9f8b492e5f
links in the readme
7 years ago
Michael Hamburg
992183a8bf
ristretto work: test that s -> 1/s negates the point iff cofactor == 4 (if cofactor == 8, then invalid)
7 years ago
Michael Hamburg
807a7e67de
fix comments add/subtract
7 years ago
Michael Hamburg
30544252e6
fix comments in generated code too
7 years ago
Michael Hamburg
4a133be2e0
fix comments add/subtract
7 years ago
Michael Hamburg
aa75f28a8a
still need to iron out some sign differences
7 years ago
Michael Hamburg
4fa2c73edf
remove elligator decoding requirement
7 years ago
Michael Hamburg
b9b855f172
passes gang tests. ship it?
7 years ago
Michael Hamburg
307f933f2d
simpler decode if cofactor 4
7 years ago
Michael Hamburg
8f212cceb9
simpler decode if cofactor 4
7 years ago
Michael Hamburg
19aa251968
simpler decode if cofactor 4
7 years ago
Michael Hamburg
b1467a60ae
reasonable decaf encode; try to tweak a little more
7 years ago
Michael Hamburg
abe22e57d5
iso-ed working for cofactor 8, but maybe not for a=-1 isoed25519
7 years ago
Michael Hamburg
5f12ca4582
isogenous encode/decode working in spec, looks doable for opt (at least with cofactor 4)
7 years ago
Michael Hamburg
4a5aad2241
working on ristretto sage files
7 years ago
Michael Hamburg
dc3deb8c81
Don't use vector arithmetic in generic arch_32
7 years ago
Michael Hamburg
b55ac5ebd1
Ristretto for Ed448
7 years ago
Michael Hamburg
03ba02f90d
more ristretto
7 years ago
Michael Hamburg
b295ef7669
rename decaf_sponge_* apis to decaf_sha3_*. Also reverse order on decaf_sponge_hash to make it the same as decaf_shake*_hash and decaf_sha3*_hash
7 years ago
Michael Hamburg
ff1208c269
simpler ristretto
7 years ago
Michael Hamburg
dd193a3ec5
ristretto work
7 years ago
Michael Hamburg
b29565fdfd
fix assertion on x25519/x448(0), thanks Olivier Cheron
7 years ago
Michael Hamburg
1c8b8cb77d
fix warning due to MACRO?4:3 in elligator.c
7 years ago
Michael Hamburg
0a6e968275
Revise LICENSE.txt to reflect current state of source. Still MIT licensed, but I think there is no longer any Stanford code.
7 years ago
Michael Hamburg
3d5962c330
fix two warnings pointed out by Sofia Celi
7 years ago
Michael Hamburg
4e809c79cf
ok so the cpuid problem was an fPIC issue. Hopefully this fixes it...
7 years ago
Michael Hamburg
cdb0ce047d
avoid warning for uninitialized entropy; change asm cpuid to look more like cpuid.h in the vain hope that this will compile better
7 years ago
Michael Hamburg
17a77a5820
replace default -mavx2 -mbmi2 with -march=native
7 years ago
Mike Hamburg
513e646081
restore declaration of deisogenize which was causing build failure in gcc
7 years ago
Michael Hamburg
c6a1cd8db6
better test
7 years ago
Michael Hamburg
a4c02cc759
better test
7 years ago
Michael Hamburg
72484a054f
test to make sure bug is gone
7 years ago