Finite Field Arithmetic
Bindings for the crypto_scalarmult_ed25519 and crypto_core_ed25519 API. See the libsodium docs for more information.
Constants
Buffer lengths (integer)
crypto_scalarmult_ed25519_BYTES
crypto_scalarmult_ed25519_SCALARBYTES
crypto_core_ed25519_BYTES
crypto_core_ed25519_UNIFORMBYTES
crypto_core_ed25519_SCALARBYTES
crypto_core_ed25519_NONREDUCEDSCALARBYTES
crypto_core_ed25519_UNIFORMBYTES
String constants (string)
crypto_scalarmult_PRIMITIVE
crypto_core_ed25519_is_valid_point
var bool = sodium.crypto_core_ed25519_is_valid_point(p)
Checks that p
represents a point on the edwards25519 curve, in canonical form, on the main subgroup, and that the point does not have a small order.
p
must be abuffer
of at leastcrypto_core_ed25519_BYTES
bytes
Returns true
or false
.
crypto_core_ed25519_from_uniform
sodium.crypto_core_ed25519_from_uniform(p, r)
Maps a crypto_core_ed25519_UNIFORMBYTES
bytes vector (usually the output of a hash function) to a valid curve point and stores its compressed representation in p
.
The point is guaranteed to be on the main subgroup.
p
must be abuffer
of at leastcrypto_core_ed25519_BYTES
bytesr
must be abuffer
of at leastcrypto_core_ed25519_UNIFORMBYTES
bytes
crypto_scalarmult_ed25519
sodium.crypto_scalarmult_ed25519(q, n, p)
Multiplies point p
by scalar n
and stores its compressed representation in q
.
q
must be abuffer
of at leastcrypto_scalarmult_ed25519_BYTES
bytesn
must be abuffer
of at leastcrypto_scalarmult_ed25519_SCALARBYTES
bytesp
must be abuffer
of at leastcrypto_scalarmult_ed25519_BYTES
bytes
Note this function will throw, if n
is zero or p
is an invalid curve point.
crypto_scalarmult_ed25519_base
sodium.crypto_scalarmult_ed25519_base(q, n)
Multiplies the base point by scalar n
and stores its compressed representation in q
. Note that n
will be clamped.
q
must be abuffer
of at leastcrypto_scalarmult_ed25519_BYTES
bytesn
must be abuffer
of at leastcrypto_scalarmult_ed25519_SCALARBYTES
bytes
Note this function will throw if n
is zero.
crypto_scalarmult_ed25519_noclamp
sodium.crypto_scalarmult_ed25519_noclamp(q, n, p)
Multiplies point p
by scalar n
and stores its compressed representation in q
. This version does not clamp.
q
must be abuffer
of at leastcrypto_scalarmult_ed25519_BYTES
bytesn
must be abuffer
of at leastcrypto_scalarmult_ed25519_SCALARBYTES
bytesp
must be abuffer
of at leastcrypto_scalarmult_ed25519_BYTES
bytes
Note this function will throw, if n
is zero or p
is an invalid curve point.
crypto_scalarmult_ed25519_base_noclamp
sodium.crypto_scalarmult_ed25519_base_noclamp(q, n)
Multiplies the base point by scalar n
and stores its compressed representation in q
. This version does not clamp.
q
must be abuffer
of at leastcrypto_scalarmult_ed25519_BYTES
bytesn
must be abuffer
of at leastcrypto_scalarmult_ed25519_SCALARBYTES
bytes
Note this function will throw, if n
is zero.
crypto_core_ed25519_add
sodium.crypto_core_ed25519_add(r, p, q)
Adds point q
to p
and stores the result in r
.
r
must be abuffer
of at leastcrypto_core_ed25519_BYTES
bytesp
must be abuffer
of at leastcrypto_core_ed25519_BYTES
bytesq
must be abuffer
of at leastcrypto_core_ed25519_BYTES
bytes
Note this function will throw, if p
, q
are not valid curve points
crypto_core_ed25519_sub
sodium.crypto_core_ed25519_sub(r, p, q)
Subtracts point q
to p
and stores the result in r
.
r
must be abuffer
of at leastcrypto_core_ed25519_BYTES
bytesp
must be abuffer
of at leastcrypto_core_ed25519_BYTES
bytesq
must be abuffer
of at leastcrypto_core_ed25519_BYTES
bytes
Note this function will throw, if p
, q
are not valid curve points.
crypto_core_ed25519_scalar_random
sodium.crypto_core_ed25519_scalar_random(r)
Generates random scalar in ]0..L[
and stores the result in r
.
r
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytes
crypto_core_ed25519_scalar_reduce
sodium.crypto_core_ed25519_scalar_reduce(r, s)
Reduces s mod L
and stores the result in r
.
r
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytess
must be abuffer
of at leastcrypto_core_ed25519_NONREDUCEDSCALARBYTES
bytes
crypto_core_ed25519_scalar_invert
sodium.crypto_core_ed25519_scalar_invert(recip, s)
Finds recip
such that s * recip = 1 (mod L)
and stores the result in recip
.
recip
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytess
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytes
crypto_core_ed25519_scalar_negate
sodium.crypto_core_ed25519_scalar_negate(neg, s)
Finds neg
such that s + neg = 0 (mod L)
and stores the result in neg
.
neg
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytess
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytes
crypto_core_ed25519_scalar_complement
sodium.crypto_core_ed25519_scalar_complement(comp, s)
Finds comp
such that s + comp = 1 (mod L)
and stores the result in recip
.
comp
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytess
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytes
crypto_core_ed25519_scalar_add
sodium.crypto_core_ed25519_scalar_add(z, x, y)
Adds x
and y
such that x + y = z (mod L)
and stores the result in z
.
x
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytesy
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytesz
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytes
crypto_core_ed25519_scalar_sub
sodium.crypto_core_ed25519_scalar_sub(z, x, y)
Subtracts x
and y
such that x - y = z (mod L)
and stores the result in z
.
x
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytesy
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytesz
must be abuffer
of at leastcrypto_core_ed25519_SCALARBYTES
bytes