cryptonite-0.29: Cryptography Primitives sink
Safe HaskellNone
LanguageHaskell2010

Crypto.PubKey.ECC.Prim

Description

Elliptic Curve Arithmetic.

WARNING: These functions are vulnerable to timing attacks.

Synopsis

Documentation

scalarGenerate :: MonadRandom randomly => Curve -> randomly PrivateNumber #

Generate a valid scalar for a specific Curve

pointAdd :: Curve -> Point -> Point -> Point #

Elliptic Curve point addition.

WARNING: Vulnerable to timing attacks.

pointNegate :: Curve -> Point -> Point #

Elliptic Curve point negation: pointNegate c p returns point q such that pointAdd c p q == PointO.

pointDouble :: Curve -> Point -> Point #

Elliptic Curve point doubling.

WARNING: Vulnerable to timing attacks.

This perform the following calculation: > lambda = (3 * xp ^ 2 + a) / 2 yp > xr = lambda ^ 2 - 2 xp > yr = lambda (xp - xr) - yp

With binary curve: > xp == 0 => P = O > otherwise => > s = xp + (yp / xp) > xr = s ^ 2 + s + a > yr = xp ^ 2 + (s+1) * xr

pointBaseMul :: Curve -> Integer -> Point #

Elliptic curve point multiplication using the base

WARNING: Vulnerable to timing attacks.

pointMul :: Curve -> Integer -> Point -> Point #

Elliptic curve point multiplication (double and add algorithm).

WARNING: Vulnerable to timing attacks.

pointAddTwoMuls :: Curve -> Integer -> Point -> Integer -> Point -> Point #

Elliptic curve double-scalar multiplication (uses Shamir's trick).

pointAddTwoMuls c n1 p1 n2 p2 == pointAdd c (pointMul c n1 p1)
                                            (pointMul c n2 p2)

WARNING: Vulnerable to timing attacks.

isPointAtInfinity :: Point -> Bool #

Check if a point is the point at infinity.

isPointValid :: Curve -> Point -> Bool #

check if a point is on specific curve

This perform three checks:

  • x is not out of range
  • y is not out of range
  • the equation y^2 = x^3 + a*x + b (mod p) holds