Copyright | (c) Joseph Abrahamson 2013 |
---|---|

License | MIT |

Maintainer | me@jspha.com |

Stability | experimental |

Portability | non-portable |

Safe Haskell | None |

Language | Haskell2010 |

Scalar multiplication: Crypto.Saltine.Core.ScalarMult

The `mult`

function multiplies a group element by an integer of
length `multScalar`

. It returns the resulting group element
of length `mult`

. The `multBase`

function multiplies a
standard group element by an integer of length
`multScalar`

. It returns the resulting group element of
length `mult`

.

The correspondence between strings and group elements depends on
the primitive implemented by `mult`

. The correspondence is not
necessarily injective in either direction, but it is compatible
with scalar multiplication in the group. The correspondence does
not necessarily include all group elements, but it does include all
strings; i.e., every string represents at least one group element.

The correspondence between strings and integers also depends on the
primitive implemented by `mult`

. Every string represents at least
one integer.

`mult`

is designed to be strong as a component of various
well-known "hashed Diffie–Hellman" applications. In particular,
it is designed to make the "computational Diffie–Hellman" problem
(CDH) difficult with respect to the standard base. `mult`

is also
designed to make CDH difficult with respect to other nontrivial
bases. In particular, if a represented group element has small
order, then it is annihilated by all represented scalars. This
feature allows protocols to avoid validating membership in the
subgroup generated by the standard base.

NaCl does not make any promises regarding the "decisional Diffie–Hellman" problem (DDH), the "static Diffie–Hellman" problem (SDH), etc. Users are responsible for hashing group elements.

`mult`

is the function `crypto_scalarmult_curve25519`

specified in
"Cryptography in NaCl", Sections 2, 3, and 4
(http://nacl.cr.yp.to/valid.html). This function is conjectured
to be strong. For background see Bernstein, "Curve25519: new
Diffie-Hellman speed records," Lecture Notes in Computer Science
3958 (2006), 207–228, http://cr.yp.to/papers.html#curve25519.

This is version 2010.08.30 of the scalarmult.html web page.

## Synopsis

- data Scalar
- data GroupElement
- mult :: Scalar -> GroupElement -> GroupElement
- multBase :: Scalar -> GroupElement

# Documentation

A scalar integer.

## Instances

Eq Scalar Source # | |

IsEncoding Scalar Source # | |

Defined in Crypto.Saltine.Core.ScalarMult encode :: Scalar -> ByteString Source # decode :: ByteString -> Maybe Scalar Source # encoded :: (Choice p, Applicative f) => p Scalar (f Scalar) -> p ByteString (f ByteString) Source # |

data GroupElement Source #

A group element.

## Instances

Eq GroupElement Source # | |

Defined in Crypto.Saltine.Core.ScalarMult (==) :: GroupElement -> GroupElement -> Bool # (/=) :: GroupElement -> GroupElement -> Bool # | |

IsEncoding GroupElement Source # | |

Defined in Crypto.Saltine.Core.ScalarMult encode :: GroupElement -> ByteString Source # decode :: ByteString -> Maybe GroupElement Source # encoded :: (Choice p, Applicative f) => p GroupElement (f GroupElement) -> p ByteString (f ByteString) Source # |

mult :: Scalar -> GroupElement -> GroupElement Source #

multBase :: Scalar -> GroupElement Source #