b73a7c8249
Calling v.ScalarMult on a receiver v that is not the identity point results in an incorrect operation. This was fixed by setting v to the identity point in ScalarMult. A simple test was added to check this behaviour. |
||
|---|---|---|
| .github/workflows | ||
| edwards25519.go | ||
| edwards25519_test.go | ||
| fe.go | ||
| fe_alias_test.go | ||
| fe_amd64.go | ||
| fe_amd64.s | ||
| fe_arm64.go | ||
| fe_arm64.s | ||
| fe_bench_test.go | ||
| fe_generic.go | ||
| fe_mul_bits.go | ||
| fe_mul_compat.go | ||
| fe_noasm.go | ||
| fe_test.go | ||
| go.mod | ||
| LICENSE | ||
| README.md | ||
| scalar.go | ||
| scalar_alias_test.go | ||
| scalar_test.go | ||
| scalarmult.go | ||
| scalarmult_test.go | ||
| table_constants.go | ||
| tables.go | ||
| tables_test.go | ||
filippo.io/edwards25519
import "filippo.io/edwards25519"
This library implements the edwards25519 elliptic curve, exposing the necessary APIs to build a wide array of higher-level primitives. Read the docs at pkg.go.dev/filippo.io/edwards25519.
The code is originally derived from Adam Langley's internal implementation in the Go standard library, and includes George Tankersley's performance improvements. It was then further developed by Henry de Valence for use in ristretto255.
Most users don't need this package, and should instead use crypto/ed25519 for signatures, golang.org/x/crypto/curve25519 for Diffie-Hellman, or github.com/gtank/ristretto255 for prime order group logic. However, for anyone currently using a fork of crypto/ed25519/internal/edwards25519 or github.com/agl/edwards25519, this package should be a safer, faster, and more powerful alternative.
Since this package is meant to curb proliferation of edwards25519 implementations in the Go ecosystem, it welcomes requests for new APIs or reviewable performance improvements.