bwesterb / go-ristretto Goto Github PK

@bwesterb Hi，bwesterb. I wanna implement Elgamal encryption with this library, but it confuses me that how to encode message into point on curve. Is there any sample for this usage. I saw the provided example, but it can not answer my need.

Looking forward to your reply.

Would you like MulSub and SetReduced32 in go-ristretto?

MulSub would be identical to MulAdd and would just negate c0-c11

SetRedcued32 would take a 32 byte instead of a 64 byte array that SetReduced takes.

var a, b ristretto.Point
b.Rand()
flag := a.Equals(b)
flag is true.

Currently, all operations are constant-time to prevent secrets being stolen by timing attacks. However, if all values involved are public, using constant-time operations is a waste.

Hey there, I think 0995efa might have broken ScalarMult (at least for me). Please see the following test case (scalar and result generated with curve25519-dalek) which passes before that commit.

func TestBasePoint(t *testing.T) {
	var buf [32]byte
	var s ristretto.Scalar
	var p1, p2, B ristretto.Point
	B.SetBase()

	tmp, _ := base64.StdEncoding.DecodeString("QekHbzmOtwUfRnheuyj1qyt8HN1WPjW4Jy199/2fQQ8=")
	copy(buf[:], tmp)
	s.SetBytes(&buf)

	tmp, _ = base64.StdEncoding.DecodeString("SqbtfZl5+A1RtHVfzN8HJCLUcC0Bz2kdThR7wRCUbCQ=")
	copy(buf[:], tmp)
	p1.SetBytes(&buf)

	p2.ScalarMult(&B, &s)

	if !p1.Equals(&p2) {
		t.Fatalf("[%v]B = %v != %v", s, p2, p1)
	}
}

Could you please help me on converting extended point to a affine point (x: bigInt, y:bigInt)

FieldElement.Mul has a comment like thus: // TODO make sure we only use bits.Add64 if it's constant-time

While "the fallback code is vartime" has thankfully been fixed for Go 1.13 and later, the only platform where bits.Add64 is constant time for Go 1.12 series is amd64. With Go 1.13 the only platforms where both bits.Add64 and bits.Mul64 are fast is limited to amd64, arm64, and ppc64 (for both endian configurations), but at least they are guaranteed to be constant time now.

See:

• https://github.com/golang/go/blob/release-branch.go1.12/src/math/bits/bits.go#L363
• https://github.com/golang/go/blob/release-branch.go1.12/src/cmd/compile/internal/gc/ssa.go#L3500
• https://github.com/golang/go/blob/release-branch.go1.13/src/cmd/compile/internal/gc/ssa.go#L3587

Add(x, x) works, but can probably be improved.

Ideally, all invalid encoding test vectors in the spec should pass.

I just started using this lib and so far it's being an awesome experience! I'd like to ask about Ristretto point compression. Is there anyway of doing it? If not, is there any plans on implementing it? Is there anyway I could help with it? I can even make a pull request with the implementation if that's the case idk.

Instead of

q1.ScalarMult(&p, s1)
q2.ScalarMult(&p, s2)

we might cache the computeScalarWindow5 call with an API like

// p, q1, q2 ristretto.Point;  s1, s2 ristretto.Scalar
var sm ristretto.ScalarMultipleTable
sm.Precompute(&p)  // stores output of, say, computeScalarWindow5
q1.ScalarMultTable(&sm, s1)
q2.ScalarMultTable(&sm, s2)