1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
/********************************************************************************************
* Supersingular Isogeny Key Encapsulation Library
*
* Abstract: API header file for P434
*********************************************************************************************/
#pragma once
#include "sikep434r3.h"
/*********************** Key encapsulation mechanism API ***********************/
/* Encoding of keys for KEM-based isogeny system "SIKEp434" (wire format):
*
* Elements over GF(p434) are encoded in 55 octets in little endian format (i.e., the least
* significant octet is located in the lowest memory address). Elements (a+b*i) over GF(p434^2),
* where a and b are defined over GF(p434), are encoded as {a, b}, with a in the lowest memory portion.
*
* Private keys sk consist of the concatenation of a 16-byte random value, a value in the range
* [0, 2^217-1] and the public key pk. In the SIKE API, private keys are encoded in 374 octets in
* little endian format. Public keys pk consist of 3 elements in GF(p434^2). In the SIKE API, pk
* is encoded in 330 octets. Ciphertexts ct consist of the concatenation of a public key value
* and a 16-byte value. In the SIKE API, ct is encoded in 330 + 16 = 346 octets. Shared keys ss
* consist of a value of 16 octets. */
/*********************** Ephemeral key exchange API ***********************/
/* SECURITY NOTE: SIDH supports ephemeral Diffie-Hellman key exchange. It is NOT secure to use
* it with static keys. See "On the Security of Supersingular Isogeny Cryptosystems", S.D. Galbraith,
* C. Petit, B. Shani and Y.B. Ti, in ASIACRYPT 2016, 2016. Extended version available at:
* http://eprint.iacr.org/2016/859 */
/* Generation of Bob's secret key
* Outputs random value in [0, 2^Floor(Log(2,3^137)) - 1] to be used as Bob's private key */
#define random_mod_order_B S2N_SIKE_P434_R3_NAMESPACE(random_mod_order_B)
int random_mod_order_B(unsigned char* random_digits);
/* Alice's ephemeral public key generation
* Input: a private key PrivateKeyA in the range [0, 2^216 - 1], stored in 27 bytes.
* Output: the public key PublicKeyA consisting of 3 GF(p434^2) elements encoded in 330 bytes. */
#define EphemeralKeyGeneration_A S2N_SIKE_P434_R3_NAMESPACE(EphemeralKeyGeneration_A)
int EphemeralKeyGeneration_A(const unsigned char* PrivateKeyA, unsigned char* PublicKeyA);
/* Bob's ephemeral key-pair generation
* It produces a private key PrivateKeyB and computes the public key PublicKeyB.
* The private key is an integer in the range [0, 2^Floor(Log(2,3^137)) - 1], stored in 28 bytes.
* The public key consists of 3 GF(p434^2) elements encoded in 330 bytes. */
#define EphemeralKeyGeneration_B S2N_SIKE_P434_R3_NAMESPACE(EphemeralKeyGeneration_B)
int EphemeralKeyGeneration_B(const unsigned char* PrivateKeyB, unsigned char* PublicKeyB);
/* Alice's ephemeral shared secret computation
* It produces a shared secret key SharedSecretA using her secret key PrivateKeyA and Bob's public key PublicKeyB
* Inputs: Alice's PrivateKeyA is an integer in the range [0, 2^216 - 1], stored in 27 bytes.
* Bob's PublicKeyB consists of 3 GF(p434^2) elements encoded in 330 bytes.
* Output: a shared secret SharedSecretA that consists of one element in GF(p434^2) encoded in 110 bytes. */
#define EphemeralSecretAgreement_A S2N_SIKE_P434_R3_NAMESPACE(EphemeralSecretAgreement_A)
int EphemeralSecretAgreement_A(const unsigned char* PrivateKeyA, const unsigned char* PublicKeyB, unsigned char* SharedSecretA);
/* Bob's ephemeral shared secret computation
* It produces a shared secret key SharedSecretB using his secret key PrivateKeyB and Alice's public key PublicKeyA
* Inputs: Bob's PrivateKeyB is an integer in the range [0, 2^Floor(Log(2,3^137)) - 1], stored in 28 bytes.
* Alice's PublicKeyA consists of 3 GF(p434^2) elements encoded in 330 bytes.
* Output: a shared secret SharedSecretB that consists of one element in GF(p434^2) encoded in 110 bytes. */
#define EphemeralSecretAgreement_B S2N_SIKE_P434_R3_NAMESPACE(EphemeralSecretAgreement_B)
int EphemeralSecretAgreement_B(const unsigned char* PrivateKeyB, const unsigned char* PublicKeyA, unsigned char* SharedSecretB);
/* Encoding of keys for KEX-based isogeny system "SIDHp434" (wire format):
*
* Elements over GF(p434) are encoded in 55 octets in little endian format (i.e., the
* least significant octet is located in the lowest memory address). Elements (a+b*i)
* over GF(p434^2), where a and b are defined over GF(p434), are encoded as {a, b}, with
* a in the lowest memory portion.
*
* Private keys PrivateKeyA and PrivateKeyB can have values in the range [0, 2^216-1] and
* [0, 2^Floor(Log(2,3^137)) - 1], resp. In the SIDH API, Alice's and Bob's private keys
* are encoded in 27 and 28 octets, resp., in little endian format. Public keys PublicKeyA
* and PublicKeyB consist of 3 elements in GF(p434^2). In the SIDH API, they are encoded in
* 330 octets. Shared keys SharedSecretA and SharedSecretB consist of one element in GF(p434^2).
* In the SIDH API, they are encoded in 110 octets. */
|
