Package com.google.crypto.tink.internal
Class Field25519
- java.lang.Object
-
- com.google.crypto.tink.internal.Field25519
-
@Alpha public final class Field25519 extends java.lang.Object
Defines field 25519 function based on curve25519-donna C implementation (mostly identical).Field elements are written as an array of signed, 64-bit limbs (an array of longs), least significant first. The value of the field element is:
x[0] + 2^26·x[1] + 2^51·x[2] + 2^77·x[3] + 2^102·x[4] + 2^128·x[5] + 2^153·x[6] + 2^179·x[7] + 2^204·x[8] + 2^230·x[9],
i.e. the limbs are 26, 25, 26, 25, ... bits wide.
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static byte[]contract(long[] inputLimbs)Takes a fully reduced mixed radix form number and contract it into a little-endian, 32-byte array.
-
-
-
Field Detail
-
FIELD_LEN
public static final int FIELD_LEN
During Field25519 computation, the mixed radix representation may be in different forms:- Reduced-size form: the array has size at most 10.
- Non-reduced-size form: the array is not reduced modulo 2^255 - 19 and has size at most 19.
- Clarify ill-defined terminologies.
- The reduction procedure is different from DJB's paper (http://cr.yp.to/ecdh/curve25519-20060209.pdf). The coefficients after reducing degree and reducing coefficients aren't guaranteed to be in range {-2^25, ..., 2^25}. We should check to see what's going on.
- Consider using method mult() everywhere and making product() private.
- See Also:
- Constant Field Values
-
LIMB_CNT
public static final int LIMB_CNT
- See Also:
- Constant Field Values
-
-