GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → bwesterb → Go Ristretto

bwesterb / Go Ristretto

Licence: mit
Pure Go implementation of the Ristretto prime-order group over Edwards25519

Programming Languages

go
31211 projects - #10 most used programming language
golang
3204 projects

Labels

curve25519

Projects that are alternatives of or similar to Go Ristretto

Sigtool
Ed25519 signing, verification and encryption, decryption for arbitary files; like OpenBSD signifiy but with more functionality and written in Golang - only easier and simpler
Stars: ✭ 49 (-18.33%)
Mutual labels:  curve25519
X25519
Public key cryptography library for Ruby providing the X25519 Diffie-Hellman function
Stars: ✭ 37 (-38.33%)
Mutual labels:  curve25519
Halite
High-level cryptography interface powered by libsodium
Stars: ✭ 933 (+1455%)
Mutual labels:  curve25519
Rage
A simple, secure and modern encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
Stars: ✭ 826 (+1276.67%)
Mutual labels:  curve25519
Sodium compat
Pure PHP polyfill for ext/sodium
Stars: ✭ 736 (+1126.67%)
Mutual labels:  curve25519
Age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
Stars: ✭ 9,409 (+15581.67%)
Mutual labels:  curve25519
Enchive
Encrypted personal archives
Stars: ✭ 527 (+778.33%)
Mutual labels:  curve25519
Nacl
Pure Go implementation of the NaCL set of API's
Stars: ✭ 504 (+740%)
Mutual labels:  curve25519
Curve25519 Dalek
A pure-Rust implementation of group operations on Ristretto and Curve25519
Stars: ✭ 477 (+695%)
Mutual labels:  curve25519
Nginx Autoinstall
Compile Nginx from source with custom modules on Debian and Ubuntu
Stars: ✭ 443 (+638.33%)
Mutual labels:  curve25519
Ed25519 Dalek
Fast and efficient ed25519 signing and verification in Rust.
Stars: ✭ 383 (+538.33%)
Mutual labels:  curve25519
Illustrated Tls13
The Illustrated TLS 1.3 Connection: Every byte explained
Stars: ✭ 372 (+520%)
Mutual labels:  curve25519
WAPI
The WhatsApp API
Stars: ✭ 36 (-40%)
Mutual labels:  curve25519
noble-ed25519
Fastest JS implementation of ed25519, x25519 & ristretto255. Independently audited, high-security, 0-dependency EDDSA signatures and ECDH key agreement
Stars: ✭ 220 (+266.67%)
Mutual labels:  curve25519
Kryptor
A simple, modern, and secure encryption and signing tool that aims to be a better version of age and Minisign.
Stars: ✭ 267 (+345%)
Mutual labels:  curve25519
rfc7748 precomputed
Updated! (Dec2-2019) This is a C-language software library that provides optimized implementations of the Diffie-Hellman functions known as X25519 and X448 (RFC-7748) for 64-bit architectures.
Stars: ✭ 43 (-28.33%)
Mutual labels:  curve25519
Nsec
A modern and easy-to-use cryptographic library for .NET Core based on libsodium
Stars: ✭ 217 (+261.67%)
Mutual labels:  curve25519
X25519 Dalek
X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.
Stars: ✭ 179 (+198.33%)
Mutual labels:  curve25519
Tweetnacl Js
Port of TweetNaCl cryptographic library to JavaScript
Stars: ✭ 1,176 (+1860%)
Mutual labels:  curve25519

go-ristretto

Many cryptographic schemes need a group of prime order. Popular and efficient elliptic curves like (Edwards25519 of ed25519 fame) are rarely of prime order. There is, however, a convenient method to construct a prime order group from such curves, called Ristretto proposed by Mike Hamburg.

This is a pure Go implementation of the group operations on the Ristretto prime-order group built from Edwards25519. Documentation is on godoc.

Example: El'Gamal encryption

// Generate an El'Gamal keypair
var secretKey ristretto.Scalar
var publicKey ristretto.Point

secretKey.Rand() // generate a new secret key
publicKey.ScalarMultBase(&secretKey) // compute public key

// El'Gamal encrypt a random curve point p into a ciphertext-pair (c1,c2)
var p ristretto.Point
var r ristretto.Scalar
var c1 ristretto.Point
var c2 ristretto.Point
p.Rand()
r.Rand()
c2.ScalarMultBase(&r)
c1.PublicScalarMult(&publicKey, &r)
c1.Add(&c1, &p)

// Decrypt (c1,c2) back to p
var blinding, p2 ristretto.Point
blinding.ScalarMult(&c2, &secretKey)
p2.Sub(&c1, &blinding)

fmt.Printf("%v", bytes.Equal(p.Bytes(), p2.Bytes()))
// Output:
// true

Compatibility with ristretto255 RFC draft

An RFC has been proposed to standardise Ristretto over Ed25519. This RFC is compatible with go-ristretto. There is one caveat: one should use Point.DeriveDalek instead of Point.Derive to derive a point from a string.

References

The curve and Ristretto implementation is based on the unpublished PandA library by Chuengsatiansup, Ribarski and Schwabe, see cref/cref.c. The old generic radix 25.5 field operations borrow from Adam Langley's ed25519. The amd64 optimized field arithmetic are from George Tankersley's ed25519 patch, which in turn is based on SUPERCOP's amd64-51-30k by Bernstein, Duif, Lange, Schwabe and Yang. The new generic radix 51 field operations are also based on amd64-51-30k. The variable-time scalar multiplication code is based on that of curve25519-dalek. The Lizard encoding was proposed by Bram Westerbaan. The quick RistrettoElligator inversion for it is joint work with Bram Westerbaan and Mike Hamburg.

other platforms

Changes

1.2.0 (17-02-2021)

  • Add Point.Double(). See issue #21.
  • To align more closely with the RFC, Point.SetBytes() and Point.UnmarshalBinary() will now reject points with non-canonical encodings. See #20.

1.1.1 (24-09-2019)

  • Only use bits.Add64 from Go 1.13 onwards to make sure we're constant-time on non-amd64 platforms. Thanks @Yawning; see issue #17.

1.1.0 (13-05-2019)

  • Add support for the Lizard 16-bytes-to-point-injection. See ristretto.Point.{SetLizard(), Lizard(),LizardInto()}.

  • Add Scalar.DeriveShort() to derive a half-length scalar. (Warning: half-length scalars are unsafe in almost every application.)

  • (internal) Add ExtendedPoint.RistrettoElligator2Inverse() to compute all preimages of a given point up-to Ristretto equivalence of CompletedPoint.SetRistrettoElligator2().

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].