util: initial elligator implementation

author: Pedram Fardzadeh <p.fardzadeh@protonmail.com> 2023-11-05 22:40:31 +0100
committer: Pedram Fardzadeh <p.fardzadeh@protonmail.com> 2024-02-28 16:13:12 +0100
commit: 63c366f4428d2ab31d62650febd28caf774805a9 (patch)
tree: adff614ef0a7eeebc630c11f3a38b25f64995c42 /src/include/gnunet_crypto_lib.h
parent: 93b049ebd15a2658593fdf5d93672719fb51f4dd (diff)
download: gnunet-63c366f4428d2ab31d62650febd28caf774805a9.tar.gz
gnunet-63c366f4428d2ab31d62650febd28caf774805a9.zip
1 files changed, 97 insertions, 0 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 2c7e92fbd..5425a18dd 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -349,6 +349,18 @@ struct GNUNET_CRYPTO_Edx25519Signature
 };
 /**
+ * Elligator representative (always for Curve25519)
+ */
+struct GNUNET_CRYPTO_ElligatorRepresentative
+{
+  /**
+   * Represents an element of Curve25519 finite field.
+   * Always smaller than 2 ^ 254 - 10 -> Needs to be serialized into a random-looking byte stream before transmission.
+   */
+  unsigned char r[256 / 8];
+};
+/**
 * Key type for the generic public key union
 */
 enum GNUNET_CRYPTO_KeyType
@@ -2652,6 +2664,91 @@ GNUNET_CRYPTO_edx25519_public_key_derive (
  size_t seedsize,
  struct GNUNET_CRYPTO_Edx25519PublicKey *result);
+/**
+ * Note: Included in header for testing purposes. GNUNET_CRYPTO_ecdhe_elligator_decoding will be the correct API for the direct map.
+ * TODO: Make static.
+ * @ingroup crypto
+ * Encodes an element of the underlying finite field, so called representative, of Curve25519 to a point on the curve
+ * This transformation is deterministic
+ *
+ * @param representative element of the finite field
+ * @param point destination for the calculated point on the curve
+ * @param high_y destination set to "True" if corresponding y-coordinate is > 2 ^ 254 - 10
+ */
+bool
+GNUNET_CRYPTO_ecdhe_elligator_direct_map (uint8_t *point, bool *high_y,
+                                          uint8_t *representative);
+/**
+ * @ingroup crypto
+ * Clears the most significant bit and second most significant bit to the serialized representaive before applying elligator direct map.
+ *
+ * @param serialized_representative serialized version of an element of Curves25519's finite field
+ * @param point destination for the calculated point on the curve
+ * @param high_y destination set to "True" if corresponding y-coordinate is > 2 ^ 254 - 10
+ */
+bool
+GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
+                                        GNUNET_CRYPTO_EcdhePublicKey *point,
+                                        bool *high_y,
+                                        struct
+                                        GNUNET_CRYPTO_ElligatorRepresentative *
+                                        seriliazed_representative);
+/**
+ * @ingroup crypto
+ * Encodes a point on Curve25519 to a an element of the underlying finite field
+ * This transformation is deterministic
+ *
+ * @param point a point on the curve
+ * @param high_y encodes if y-coordinate is > 2 ^254 - 10, which determines the representative value out of two
+ * @param representative destination for the calculated element of the finite field
+ */
+bool
+GNUNET_CRYPTO_ecdhe_elligator_inverse_map (uint8_t *representative, const
+                                           uint8_t *point,
+                                           bool high_y);
+/**
+* Initializes the elligator library
+* THis function is thread safe
+*/
+void
+GNUNET_CRYPTO_ecdhe_elligator_initialize (void);
+/**
+ * @ingroup crypto
+ * Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
+ *
+ * @param pub valid public key for elligator inverse map
+ * @param pk private key for generating valid public key
+ */
+int
+  GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (unsigned char
+                                                     pub[
+                                                       crypto_scalarmult_SCALARBYTES
+                                                     ],
+                                                     struct
+                                                     GNUNET_CRYPTO_EcdhePrivateKey
+                                                     *pk);
+/**
+ * @ingroup crypto
+ * Generates a private key for Curve25519 and the elligator representative of the corresponding public key
+ *
+ * @param repr representative of the public key
+ * @param pk Curve25519 private key
+ */
+int
+GNUNET_CRYPTO_ecdhe_elligator_key_create (struct
+                                          GNUNET_CRYPTO_ElligatorRepresentative
+                                          *repr,
+                                          struct GNUNET_CRYPTO_EcdhePrivateKey
+                                          *pk);
 /**
 * Output the given MPI value to the given buffer in network
author	Pedram Fardzadeh <p.fardzadeh@protonmail.com>	2023-11-05 22:40:31 +0100
committer	Pedram Fardzadeh <p.fardzadeh@protonmail.com>	2024-02-28 16:13:12 +0100
commit	63c366f4428d2ab31d62650febd28caf774805a9 (patch)
tree	adff614ef0a7eeebc630c11f3a38b25f64995c42 /src/include/gnunet_crypto_lib.h
parent	93b049ebd15a2658593fdf5d93672719fb51f4dd (diff)
download	gnunet-63c366f4428d2ab31d62650febd28caf774805a9.tar.gz gnunet-63c366f4428d2ab31d62650febd28caf774805a9.zip

diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 2c7e92fbd..5425a18dd 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h
@@ -349,6 +349,18 @@ struct GNUNET_CRYPTO_Edx25519Signature
349	};	349	};
350		350
351	/**	351	/**
		352	* Elligator representative (always for Curve25519)
		353	*/
		354	struct GNUNET_CRYPTO_ElligatorRepresentative
		355	{
		356	/**
		357	* Represents an element of Curve25519 finite field.
		358	* Always smaller than 2 ^ 254 - 10 -> Needs to be serialized into a random-looking byte stream before transmission.
		359	*/
		360	unsigned char r[256 / 8];
		361	};
		362
		363	/**
352	* Key type for the generic public key union	364	* Key type for the generic public key union
353	*/	365	*/
354	enum GNUNET_CRYPTO_KeyType	366	enum GNUNET_CRYPTO_KeyType
@@ -2652,6 +2664,91 @@ GNUNET_CRYPTO_edx25519_public_key_derive (
2652	size_t seedsize,	2664	size_t seedsize,
2653	struct GNUNET_CRYPTO_Edx25519PublicKey *result);	2665	struct GNUNET_CRYPTO_Edx25519PublicKey *result);
2654		2666
		2667	/**
		2668	* Note: Included in header for testing purposes. GNUNET_CRYPTO_ecdhe_elligator_decoding will be the correct API for the direct map.
		2669	* TODO: Make static.
		2670	* @ingroup crypto
		2671	* Encodes an element of the underlying finite field, so called representative, of Curve25519 to a point on the curve
		2672	* This transformation is deterministic
		2673	*
		2674	* @param representative element of the finite field
		2675	* @param point destination for the calculated point on the curve
		2676	* @param high_y destination set to "True" if corresponding y-coordinate is > 2 ^ 254 - 10
		2677	*/
		2678	bool
		2679	GNUNET_CRYPTO_ecdhe_elligator_direct_map (uint8_t point, bool high_y,
		2680	uint8_t *representative);
		2681
		2682
		2683	/**
		2684	* @ingroup crypto
		2685	* Clears the most significant bit and second most significant bit to the serialized representaive before applying elligator direct map.
		2686	*
		2687	* @param serialized_representative serialized version of an element of Curves25519's finite field
		2688	* @param point destination for the calculated point on the curve
		2689	* @param high_y destination set to "True" if corresponding y-coordinate is > 2 ^ 254 - 10
		2690	*/
		2691	bool
		2692	GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
		2693	GNUNET_CRYPTO_EcdhePublicKey *point,
		2694	bool *high_y,
		2695	struct
		2696	GNUNET_CRYPTO_ElligatorRepresentative *
		2697	seriliazed_representative);
		2698
		2699	/**
		2700	* @ingroup crypto
		2701	* Encodes a point on Curve25519 to a an element of the underlying finite field
		2702	* This transformation is deterministic
		2703	*
		2704	* @param point a point on the curve
		2705	* @param high_y encodes if y-coordinate is > 2 ^254 - 10, which determines the representative value out of two
		2706	* @param representative destination for the calculated element of the finite field
		2707	*/
		2708	bool
		2709	GNUNET_CRYPTO_ecdhe_elligator_inverse_map (uint8_t *representative, const
		2710	uint8_t *point,
		2711	bool high_y);
		2712
		2713
		2714	/**
		2715	* Initializes the elligator library
		2716	* THis function is thread safe
		2717	*/
		2718	void
		2719	GNUNET_CRYPTO_ecdhe_elligator_initialize (void);
		2720
		2721	/**
		2722	* @ingroup crypto
		2723	* Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
		2724	*
		2725	* @param pub valid public key for elligator inverse map
		2726	* @param pk private key for generating valid public key
		2727	*/
		2728	int
		2729	GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (unsigned char
		2730	pub[
		2731	crypto_scalarmult_SCALARBYTES
		2732	],
		2733	struct
		2734	GNUNET_CRYPTO_EcdhePrivateKey
		2735	*pk);
		2736
		2737
		2738	/**
		2739	* @ingroup crypto
		2740	* Generates a private key for Curve25519 and the elligator representative of the corresponding public key
		2741	*
		2742	* @param repr representative of the public key
		2743	* @param pk Curve25519 private key
		2744	*/
		2745	int
		2746	GNUNET_CRYPTO_ecdhe_elligator_key_create (struct
		2747	GNUNET_CRYPTO_ElligatorRepresentative
		2748	*repr,
		2749	struct GNUNET_CRYPTO_EcdhePrivateKey
		2750	*pk);
		2751
2655		2752
2656	/**	2753	/**
2657	* Output the given MPI value to the given buffer in network	2754	* Output the given MPI value to the given buffer in network